- 25 Oct 2024
- 2 Minutes to read
- DarkLight
OneSpan Auth User Login (Node)
- Updated on 25 Oct 2024
- 2 Minutes to read
- DarkLight
Availability: OneSpan Authentication for ForgeRock 1.1.0 and later
This node can be used for Intelligent Adaptive Authentication and OneSpan Cloud Authentication (OCA) use cases.
It invokes the User Login API (/users/{userID@domain}/login) to validate the end user’s login request. It then returns the result of the authentication attempt.
For Intelligent Adaptive Authentication use cases, the request will further be validated by the risk analysis system. If the risk analysis requires an extra challenge, a multi-factor authentication flow needs to be designed to continue along the Step Up outcome path.
Outcome paths:
Accept
Decline
Step Up
Error
Properties
Property name | Data type | Description |
---|---|---|
Object Type | Enum | Specifies the use case type. Possible values:
Default value: AdaptiveLoginInput |
Credentials Type | Enum | Only required if Object Type is set to LoginInput. Possible values:
Default value: none |
User Name In SharedState | String | Specifies the key name in the sharedState object to use as the IAA/OCA user name. Default value: username |
Password In TransientState | String | Specifies the key name in the transientState object to use as the IAA/OCA user password. Default value: password |
Optional Attributes | Map<String,String> | Specifies a key/value map to keep additional optional attributes like user email, user phone number, etc. The key represents the key name in the sharedState object. The value represents the key that will be additionally added to the API payload. For example, for a key/value pair "emailAddressInSharedState":"emailAddress", the node will look for the emailAddressInSharedState key in the sharedState object and add "emailAddress":"valueInSharedState" to the API payload. Default value: <empty> |
Orchestration Delivery | Enum | Specifies whether a push notification should be sent, and/or if the orchestration command should be included in the response requestMessage. Possible values:
Default value: both |
Login Timeout | int | Specify the event expiration timeout in seconds. The priority is as follows:
Make sure the ForgeRock session expiry and the OneSpan Intelligent Adaptive Authentication/OneSpan Cloud Authentication session expiry are not shorter than the value specified here. Default value: 60 |
Visual Code Message | Enum | Specifies which visual code message will be used to render the visual code. For more information about using your own customized message format, refer to the Message Options property of the OneSpan Auth Visual Code node (see OneSpan Auth Visual Code properties). Possible values:
Default value: sessionID |
Data flow
Attribute name | Source | Description |
---|---|---|
As specified in property | Shared state | User name |
As specified in property | Shared state | Optional. Other attributes. |
ostid_cddc_json | Shared state | CDDC JSON |
ostid_cddc_hash | Shared state | CDDC hash value |
ostid_cddc_ip | Shared state | CDDC client IP address |
ostid_session_id | Shared state | Optional. The IAA session ID. |
authenticationResponse | Shared state | Optional. The authentication response from the respective FIDO protocol. |
fidoProtocol | Shared state | Optional. The FIDO protocol used in the operation. |
OTP | Shared state | Optional. The one-time password (OTP) generated by the authenticator. |
As specified in property | Transient state | Password |
Attribute name | Storage | Description |
---|---|---|
ostid_cronto_msg | Shared state | Visual code message |
ostid_session_id | Shared state | The session ID |
ostid_request_id | Shared state | The request ID |
ostid_irm_response | Shared state | The OneSpan Risk Analytics response. |
ostid_command | Shared state | The command |
ostid_event_expiry_date | Shared state | The event expiration date. |
Attribute name | Storage | Description |
---|---|---|
ostid_error_message | Shared state | The error message |