Skip to content

ForgeRock/OneSpan-Auth-Tree-Nodes

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OneSpan Auth Tree Nodes

OneSpan Intelligent Adaptive Authentication (IAA) helps drive down fraud, improve customer experience, and meet compliance requirements by combining our powerful OneSpan Cloud Authentication (OCA) and Risk Analytics (RA) service. By analyzing vast and disparate data acquired from user actions, device integrity, and transaction data in real time, the end-user can be dynamically presented with the appropriate authentication level for the current session or transaction.

Watch this video to learn how OneSpan intelligent adaptive authentication works.

OneSpan Auth Tree Nodes work in tandem with ForgeRock Access Management (AM) 7.3 and ForgeRock Identity Cloud.

About OneSpan IAA

OneSpan Adaptive Authentication provides hosted solutions to test and build web and mobile applications for login and transaction signing flows.

Integration with OneSpan Adaptive Authentication is incredibly simple and extensible, as it will support future authentication technologies without the need to change anything in your integration code.

OneSpan intelligent Adaptive Authentication uses a 'trusted device' (e.g. a mobile phone using the OneSpan Mobile Security Suite SDKs to provide strong multi-factor authentication whenever the risk associated with an action is high.

OneSpan Adaptive Authentication evaluates the risk related to an end-user request through vast data collected from the devices which is then scored with a sophisticated machine-learning engine. Depending on the risk, OneSpan Adaptive Authentication can dynamically adjust the end-user security requirements by requesting step-up authentication for higher risk transactions using various configurations of device-based, PIN-based, fingerprint-based, or face recognition-based authentication as needed to fully secure transactions.

ScreenShot

About OneSpan OCA

As important components of Adaptive Authentication, OneSpan Cloud Authentication (OCA) and Risk Analytics (RA) can also be leveraged as stand-alone services.

With OCA, OneSpan offers a comprehensive solution for strong authentication in the Cloud, integrating Push Notification and Secure Channel operations.

OneSpan Auth Tree Nodes facilitates developers to integrate with below OCA use cases:

User Authentication

  • With static password
  • With offline one-time password (OTP)
  • Secure Channel-based
  • Push Notification-based
  • FIDO-based

Transaction Data Signing

  • Offline signing
  • Secure Channel-based signing
  • Push Notification-based signing
  • FIDO-based signing (UAF only)

ScreenShot

About OneSpan RA

OneSpan Risk Analytics (RA) leverages the latest machine learning and sophisticated data modeling. It analyzes data in real time to produce a transaction risk score. The risk score can then drive intelligent workflows that trigger immediate action based on pre-defined and/or customer-defined security policies and rules.

ScreenShot

The combination of intelligent automation and risk scoring streamlines processes and helps prevent account takeover, new account fraud, and mobile fraud.

In below sections, we will showcase you how to configure the Risk Analytics Presentation Service where you can monitor and design rules, factors & actions to prevent various types of fraud attack and to manage risks for corporate banking applications across multi-channels.

Installation

Download the current release here.

Copy the jar file to the "../web-container/webapps/openam/WEB-INF/lib" folder where AM is deployed, then restart the AM. The nodes will be available in the tree designer.

Before You Begin

Below sections only give you a brief introduction to get started. For more detailed descriptions, refer to the completed guide.

For OneSpan IAA & RA Users:

  1. Create an OneSpan Developer Community account.

  2. Once logged in the community portal, you'll be able to create an OneSpan IAA Sandbox account.

  3. Set up a mobile application integrated with the Mobile Security Suite. As an easy start up, you can install the OneSpan IAA Demo App on your phone.

  4. Configure the Risk Analytics Presentation Service service.

For OneSpan OCA Users:

  1. Create an OneSpan Developer Community account.

  2. Once logged in the community portal, you'll be able to create an OneSpan IAA Sandbox account.

  3. Install a mobile application which acts as the Digipass authenticator. You can follow either of below two options:

Nodes Overview

The OneSpan Auth Tree Nodes contains 1 Auxiliary Service, 16 nodes, and 4 demo nodes which will only be used for testing purpose.

ScreenShot

Auxiliary Service

The node provides a realm-specific service named "OneSpan Configuration", where allows you to specify the OneSpan IAA common configurations.

ScreenShot

Quick Start

Below sample trees help you to address the most common use cases. Before start, make sure you've followed below steps:

(1) Add the "OneSpan Configuration" service.

(2) Reproduce below sample trees using either of below two methods:

-Manually create a new tree following the design and remain all the settings default.

-Import the JSON files under the "/sample" folder. (3) If you are testing with IAA Sandbox environment, your IAA domain is the same as your tenant name, update it in corresponding journeys and nodes.

1. OneSpan IAA User Register

ScreenShot

2. OneSpan IAA User Login

ScreenShot

3. OneSpan IAA Validate Transaction Event

ScreenShot

4. OneSpan IAA Validate Non-Monetary Event

ScreenShot

5. OneSpan IAA VOTP User Register

ScreenShot

6. OneSpan IAA VOTP User Login

ScreenShot

7. OneSpan OCA Offline User Registration and Digipass Activation

ScreenShot

8. OneSpan OCA User Login with one-time password (OTP)

ScreenShot

9. OneSpan OCA User Login with Challenge/Response (CR)

ScreenShot

10. OneSpan OCA Offline Transaction Data Signing

ScreenShot

11. OneSpan RA Insert Transaction

ScreenShot

Using Authentication

In this section, we will use the OneSpan IAA user register authentication for example and showcase you how the authentication nodes works in action.

To start off the authentication process, hit below link in your browser:

https://{your_instance_url}/am/XUI/?realm=alpha&authIndexType=service&authIndexValue=OneSpan-Adapative-Authentication-User-Register-Sample-Tree

You will be prompt to input the username and password. (Password should include at least one lowercase, one uppercase, one number, 8 digits in length, and doesn't include part of the username for any 3 characters)

ScreenShot

Once the Risk Analytics has accepted the user registration, the IAA service creates a Digipass user account and awaits for a trusted device to activate the license with an activation token, which is rendered as a visual code.

ScreenShot

Launch the AAS Demo App, click the "SCAN" button and use the camera to scan the above visual code. Once the code was detected, the app will prompt you to enter a 6 digits security pin twice. After completion the registration process, the demo app will jump to the user page and the browser will be redirected to the success URL.

ScreenShot

Log onto your IRM system and navigate to SUPERVISE & INVESTIGATE > Latest Events, you will find the user register process has been logged by the system with necessary information.

ScreenShot

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages