Symantec Access Management

We have a rule on Risk Authentication, that looks at additional information sent from the channel.

From the additional information we would like to see the item that was blocked verses the allowed items

Current scenario:

The channel has a capability to pay more than one beneficiary within one transaction.

We would like to block the second beneficiary without impacting the entire transactions.

With that being so, we would like the eval call out to give us a response that will tell the channel which transaction out of the 2 was bad.

The current eval callout just gives a True or False response, it does not show which item(beneficiary) was bad on the transaction. 

Regards,

Kele

ntokozo.mkhonza

You can set Annotation on response ( evalResp.setAnnotation() ) to return required information.

Example Code Snippet

-----------------------------------------------

/*
* This function populates the response structure as per the requirement.
*/
public static EvalCalloutResponseDocument populateEvalCalloutResponse(EvalCalloutDocument evalDoc){
XmlOptions xmlOpt = new XmlOptions();
xmlOpt.setUseDefaultNamespace();
EvalCalloutResponseDocument evalRespDoc = EvalCalloutResponseDocument.Factory.newInstance(xmlOpt);
//evalRespDoc.schemaType().
EvalCalloutResponse evalResp = EvalCalloutResponse.Factory.newInstance(xmlOpt);
evalResp.setDocVersion(evalDoc.getEvalCallout().getDocVersion());
evalResp.setAnnotation("Annotation By Sample Callout Server");
byte ch = 'Y';
evalResp.setIsMatched(ch);
evalResp.setModifier(evalDoc.getEvalCallout().getTransactionID());
evalRespDoc.setEvalCalloutResponse(evalResp);
return evalRespDoc;
}

Hi,

I have created a sample callout that calculates the distance covered from AdditionalInput entered in GPS latitude and longitude coordinates, so I am able to discriminate if a person from a Mobile traveled too fast since last transaction, and then raise an INCREASEAUTH message.

It would be nice to give back some information like the actual speed observed, for that I did add a setAnnotation as follows:

evalResp.setAnnotation("TRAVELED WAY TOO FAST: "+actualSpeed+" meters per second");

I can see that in the callout log (EvalCalloutResponse) and in the table ARRFSYSAUDITLOG (in field eval_callout_annotation) but not on the SOAP response nor in REST response.

Can I retrieve this message from the client end?

You can see this sample war file (RiskCalloutGPS.war - Box ) , attached, to use it follow the instruction in manual to deploy sample callouts ( Working with the Sample Callout - CA Advanced Authentication - 9.0 - CA Technologies Documentation  ) the  callout for CA Risk Authentication is able to calculate distance from GPS data (not inferred from IP geolocation) entered in the payload of the REST or SOAP call to evaluate. A sample SOAP callout would be:

POST http://authserver:7778/services/RiskFortEvaluateRiskSvc

with this in the request:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:wsdl="http://ws.arcot.com/RiskFortEvaluateRiskAPI/3.0/wsdl">

   <soapenv:Header>

               <INFO>

                 <userID>superuser</userID>

                 <orgName>defaultorg</orgName>

                 <credential>CAdemo123!</credential>

               </INFO>

   </soapenv:Header>

   <soapenv:Body>

      <wsdl:EvaluateRiskRequest>

       <wsdl:deviceContext>          

            <!--Optional:-->

            <wsdl:deviceIDs>

               <!--Zero or more repetitions:-->

               <wsdl:deviceIDItem>

                  <wsdl:deviceIDType>DEVICEID.HTTP</wsdl:deviceIDType>

                  <wsdl:deviceIDValue>KBkeuoCMf1qoZ+e/CLtfGl2IELruxSCj3CUozhPGL/1HMpwBfbRi9w==</wsdl:deviceIDValue>

               </wsdl:deviceIDItem>

            </wsdl:deviceIDs>

            <!--Optional:-->          

         </wsdl:deviceContext>

       <wsdl:userContext>

            <!--Optional:-->

            <wsdl:orgName>defaultorg</wsdl:orgName>

            <wsdl:userName>jordi</wsdl:userName>

         </wsdl:userContext>    

            <wsdl:additionalInput>

            <wsdl:name>latGPS</wsdl:name>

            <wsdl:value>30</wsdl:value>

         </wsdl:additionalInput>

            <wsdl:additionalInput>

            <wsdl:name>longGPS</wsdl:name>

            <wsdl:value>12</wsdl:value>

         </wsdl:additionalInput>  

      </wsdl:EvaluateRiskRequest>

   </soapenv:Body>

</soapenv:Envelope>

You can also use the REST interface with a POST http://<authserver>:8080/aa-restapi/ca/advancedauth/v1/org/DEFAULTORG/user/jordi/risk/evaluate/:

with body as example:

{
"deviceSignature": "{\"VERSION\":\"2.1.2\",\"MFP\":{\"Browser\":{\"UserAgent\":\"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0\",\"Vendor\":\"\",\"VendorSubID\":\"\",\"BuildID\":\"20170518000419\",\"CookieEnabled\":true},\"IEPlugins\":{},\"NetscapePlugins\":{\"Shockwave Flash\":\"26.0.0.126\"},\"Screen\":{\"FullHeight\":1080,\"AvlHeight\":1080,\"FullWidth\":1920,\"AvlWidth\":1858,\"ColorDepth\":24,\"PixelDepth\":24},\"System\":{\"Platform\":\"Win32\",\"OSCPU\":\"Windows NT 6.1; WOW64\",\"systemLanguage\":\"en-US\",\"Timezone\":-330}},\"ExternalIP\":\"10.132.153.180\",\"MESC\":{\"mesc\":\"mi=2;cd=150;id=30;mesc=552119;mesc=641431\"},\"Flash Attributes\":{}}",
"deviceId": {
"type": "HTTP_COOKIE",
"value": "VZcjLVJA6kkqmPgJqZyKLII5qrU5/yXGfvduc0MjkftCsdtKybqo5g=="
},
"ipAddress": "130.119.150.150",
"userContext": {
"orgName": "DEFAULTORG",
"userName": "jordi"
},
"action": "POST",
"additionalInputs": [
{
"name": "latGPS",
"value": "3"
},
{
"name": "longGPS",
"value": "13"
}
],
"transactionId": "string112",
"secondaryAuthenticationStatus": false,
"pss": "string"
}

This version relies on a jdbc datasource on the application server that needs to be called jdbc:/arcotDataSource, timezone of App server is GMT and has a harcoded “suspicious speed” of 20 meters per second (70km/h), the source code in java is included so you can modify to any value.

As I did not know how to retrieve the annotation the sample war attaches also publishes a Web Service accessible with GET https://<authserver>:8443/RiskCalloutGPS/api/v1/speed/<nameofuser>  that gives back the last observed speed in meters per second.

thanks