Overview of OneSpan Authentication Trees and Nodes
  • 08 Nov 2024
  • 5 Minutes to read
  • Dark
    Light

Overview of OneSpan Authentication Trees and Nodes

  • Dark
    Light

Article summary

This article provides a list of available OneSpan authentication trees and tree nodes. For detailed information about and instructions to work with the Access Manager, see the ForgeRock product documentation.

OneSpan authentication trees

You can inspect and modify the authentication trees provided by OneSpan in the ForgeRock Access Manager console in the top level realm under Authentication > Trees.

OneSpanEventValidationTree

This authentication tree covers the validation workflow for non-monetary events.

Related demo workflow: Use case scenario: Event validation

OneSpanTransactionValidationTree

This authentication tree covers the validation workflow for monetary events and transactions. If the transaction is evaluated as being risky, a step-up authentication is required.

Related demo workflow: Use case scenario: Transaction validation

OneSpanUserLoginTree

This authentication tree covers user login workflows. It collects user data or CDDC data depending on the current session state. This data is evaluated by a custom node to calculate the risk and initiate a step-up login if required.

Related demo workflows: Use case scenario: Login and Use case scenario: Login step-up authentication

OneSpanUserRegistrationTree

This authentication tree covers the user registration workflow. It refers the users to the OneSpan TID IAA Mobile Demo App download page and provides a sign-up form to gather user information required for the TID user registration process. It initiates the registration process, retrieves Cronto images to get activation data, and processes the activation result.

Related demo workflow: Use case scenario: Registration

OneSpan tree nodes

OneSpan Auth Activate Device

This node is specifically for OCA use cases.

In a provisioning process, after scanning the second activation password, the authenticator will return the first OTP. This node prompts for that signature and finalizes the activation process.

See node reference (OCA).

OneSpan Auth Add Device

This node is specifically for OCA use cases.

In a provisioning process, after scanning the activation password, the authenticator will return its device code. This node prompts for that device code and continues the process.

See node reference (OCA).

OneSpan Auth Check Activation

This node exposes the OneSpan TID Check Activation Status API, i.e. /registrations/check-status. It can be polled to determine if an authenticator has completed activation.

See node reference (OCA) and node reference (IAA).

OneSpan Auth Check Session Status

This node exposes the OneSpan TID Check Session Status API, i.e. /sessions/{requestID}. It can be used to determine if an authentication process has been completed.

See node reference (OCA) and node reference (IAA).

OneSpan Auth Generate Challenge

This node is specifically for OCA Challenge/Response authentications.

It requests a random challenge that will be presented to the user later in the process. The user types it in the authenticator and enters the response in the authentication page.

See node reference (OCA).

OneSpan Auth Hide Visual Code

This node provides the capability to hide visual codes from the UI if the OneSpan Auth Visual Code node was used in a UI flow before.

See node reference (OCA) and node reference (IAA).

OneSpan Auth User Login

This node can be used for Intelligent Adaptive Authentication and OneSpan Cloud Authentication (OCA) use cases.

It invokes the User Login API (/users/{userID@domain}/login) to validate the end user’s login request. It then returns the result of the authentication attempt.

For Intelligent Adaptive Authentication use cases, the request will further be validated by the Risk Analytics system. If Risk Analytics requires an extra challenge, a multi-factor authentication flow needs to be designed to continue along the Step Up outcome path.

See node reference (OCA) and node reference (IAA).

OneSpan Auth User Register

This node can be used for Intelligent Adaptive Authentication and OneSpan Cloud Authentication (OCA) use cases.

It invokes the User Register API (/users/register) and User Unregister API (/users/{userID@domain}/unregister), which validate and process the registration/unregistration of a user.

See node reference (OCA) and node reference (IAA).

OneSpan Auth Validate Event

This node invokes the Event Validation API (/users/{userID@domain}/events/validate), which validates a non-monetary event against the Risk Analytics service and the Authentication service. It then returns the validation result.

If Risk Analytics requires an extra challenge, a multi-factor authentication flow has to be designed to continue along the Step Up outcome path.

See node reference (OCA) and node reference (IAA).

OneSpan Auth Validate Transaction

This node can be used for Intelligent Adaptive Authentication and OneSpan Cloud Authentication (OCA) use cases.

It invokes the Transaction Service API (/users/{userID@domain}/transactions/validate), which validates monetary transaction requests against the Authentication service and returns the result.

For Intelligent Adaptive Authentication use cases, it further validates the request against the Risk Analytics system. If Risk Analytics requires an extra challenge, a multi-factor authentication flow needs to be designed to continue along the Step Up outcome path.

See node reference (OCA) and node reference (IAA).

OneSpan Auth Visual Code

This node reads the visual code message from the sharedState object and renders it as a visual code. The end users can scan the image with a mobile app integrated with the Mobile Security Suite SDKs or authenticators with Cronto image support.

The node can be part of a page node or be leveraged independently of the UI flow.

See node reference (OCA) and node reference (IAA).

OneSpan Risk Analytics Send Transaction

This node invokes the Risk Analytics Transaction Insertion API (/users/{userID@domain}/transactions/validate), which validates monetary transaction requests against the Risk Analytics system without sending the adaptive authentication request.

OneSpan Risk CDDC

This node uses the Client Device Data Collector (CDDC) library to collect the end user’s device fingerprint and browser data. It stores the data in the sharedState object. This information is used later by Risk Analytics to assess the risk of the web session context.

See node reference (OCA) and node reference (IAA).

OneSpan Sample Attributes Collector

For demo purposes only. You should not use this node in production environments, but replace it with your own node implementation to obtain the specific attributes in your environment.

This node is used to collect some attributes required for demo transaction workflows.

OneSpan Sample Error Display

For demo purposes only. You should not use this node in production environments, but replace it with your own node implementation to handle the errors in your specific environment.

This node parses the OneSpan Trusted Identity platform (TID) API response when an error is received and allows it to be easily displayed in the workflow.

OneSpan Sample Store Command

For demo purposes only. You should not use this node in production environments, but replace it with your own node implementation.

This node stores the data that is retrieved after a step-up event (login, transaction or event validation) has been identified. The command string is a very large string returned by the OneSpan Trusted Identity platform (TID) event validation API. This string must be sent to the client authentication device.

In the workflows defined in this demo, the string is stored in a database (specified in this node) and referenced by the session or request ID. The session or request ID is then passed to the next node, which should be the OneSpan Auth Visual Code node in this case. The mobile app is designed to send a request to the database added here by default to look up the command string in the data of the Cronto image.

OneSpan Sample Transaction Collector

For demo purposes only. You should not use this node in production environments, but replace it with your own node implementation.

When creating a OneSpan TID Transaction Event, the details of the transaction need to be collected. This node generates a form to collect specific values that are used by the OneSpan Risk Analytics Send Transaction node.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, our interactive help assistant