OneSpan Auth Validate Transaction (Node)
- 25 Oct 2024
- 3 Minutes à lire
- SombreLumière
OneSpan Auth Validate Transaction (Node)
- Mis à jour le 25 Oct 2024
- 3 Minutes à lire
- SombreLumière
The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article
Avez-vous trouvé ce résumé utile ?
Merci pour vos commentaires
Availability: OneSpan Authentication for ForgeRock 1.1.0 and later
This node can be used for Intelligent Adaptive Authentication and OneSpan Cloud Authentication (OCA) use cases.
It invokes the Transaction Service API (/users/{userID@domain}/transactions/validate), which validates monetary transaction requests against the Authentication service and returns the result.
For Intelligent Adaptive Authentication use cases, it further validates the request against the Risk Analytics system. If Risk Analytics requires an extra challenge, a multi-factor authentication flow needs to be designed to continue along the Step Up outcome path.
Outcome paths:
Accept
Decline
Step Up
Error
Properties
Property name | Data type | Description |
|---|---|---|
Object Type | Enum | Specifies the event type. Possible values:
Default value: AdaptiveTransactionValidationInput |
User Name In SharedState | String | Specifies the key name in the sharedState object to use as the IAA/OCA user name. Default value: username |
Data To Sign | Enum | Specifies the kind of data to validate and sign. Possible values:
Default value: transactionMessage |
Standard Data Fields | List<String> | If Data To Sign is set to standard, the signature is generated for a sorted list of data fields stored in the sharedState object. This list specifies the key names. Default value: ["sourceAccount","destinationAccount","amountToTransfer"] |
Signature In SharedState | String | If Data To Sign is set to standard or secureChannel, the users are prompted for a signature generated by their authenticators. You need to store the generated signature in the sharedState object. This property specifies the key name. Default value: signature |
Fido Attributes | Map<String,String> | If Data To Sign is set to fido, users are prompted for the FIDO protocol (fidoProtocol), i.e. UAF11 or FIDO2, and the authenticator response (authenticationResponse). You need to store these values in the sharedState object. This map contains key/value pairs, where the key specifies the JSON attribute name and the value specifies the shared state attribute name. Default value:
|
Adaptive Attributes | Map<String,String> | If Data To Sign is set to transactionMessage, this map contains additional mandatory attributes, e.g. accountRef, amount, currency, transactionType, etc. This map contains key/value pairs, where the key specifies the API field names and the value specifies the shared state attribute names used to store the actual values. Default value:
|
Adaptive Data Fields | Map<String,String> | If Data To Sign is set to transactionMessage, you can pass additional data to be displayed in the mobile app. This map contains key/value pairs, where the key specifies the API field names and the value specifies the shared state attribute names used to store the actual values. Default value: <empty> |
Optional Attributes | Map<String,String> | Specifies a key/value map to keep additional optional attributes like user email, user phone number, etc. The key represents the key name in the sharedState object. The value represents the key that will be additionally added to the API payload. For example, for a key/value pair "emailAddressInSharedState":"emailAddress", the node will look for the emailAddressInSharedState key in the sharedState object and add "emailAddress":"valueInSharedState" to the API payload. Default value: <empty> |
Orchestration Delivery | Enum | Specifies whether a push notification should be sent, and/or if the orchestration command should be included in the response requestMessage. Possible values:
Default value: both |
Validation Timeout | int | Specify the event validation timeout in seconds. The priority is as follows:
Make sure the ForgeRock session expiry and the OneSpan Intelligent Adaptive Authentication/OneSpan Cloud Authentication session expiry are not shorter than the value specified here. Default value: 60 |
Visual Code Message | Enum | Specifies which visual code message will be used to render the visual code. For more information about using your own customized message format, refer to the Message Options property of the OneSpan Auth Visual Code node (see OneSpan Auth Visual Code properties). Possible values:
Default value: sessionID |
Data flow
Attribute name | Source | Description |
|---|---|---|
As specified in property | Shared state | User name |
ostid_cddc_json | Shared state | CDDC JSON |
ostid_cddc_hash | Shared state | CDDC hash value |
ostid_cddc_ip | Shared state | CDDC client IP address |
As specified in property | Shared state | Optional. Standard data fields. |
As specified in property | Shared state | Optional. Generated signature. |
As specified in property | Shared state | Optional. FIDO attributes. |
As specified in property | Shared state | Optional. Adaptive attributes. |
As specified in property | Shared state | Optional. Adaptive data fields. |
As specified in property | Shared state | Optional. Other attributes. |
ostid_session_id | Shared state | Optional. The IAA session ID. |
Attribute name | Storage | Description |
|---|---|---|
ostid_cronto_msg | Shared state | Visual code message |
ostid_session_id | Shared state | The session ID |
ostid_request_id | Shared state | The request ID |
ostid_irm_response | Shared state | The OneSpan Risk Analytics response. |
ostid_command | Shared state | The command |
ostid_event_expiry_date | Shared state | The validation expiration date. |
OneSpan Auth Validate Transaction outbound data (Error case) | ||
Attribute name | Storage | Description |
|---|---|---|
ostid_error_message | Shared state | The error message |
API references
Cet article vous a-t-il été utile ?