Access and Authentication

IBM Verify: Displaying Custom Transaction Data

Share this post:

The release of IBM Verify v2.1.1 (iOS) and v2.1.0 (Android) brings new functionality enhancing the user experience when approving or denying a transaction.  In this article I’ll show you how to configure your ISAM mapping rule to send additional transaction information to IBM Verify.

Getting Started

Open the ISAM administration web console in the browser

  1. Click Secure Access Control > Authentication
  2. Click the Advanced tab
  3. Select the mapping rule that triggers your MFA flow, click Edit

I’m using the MMFA Cookbook, so the mapping rule I’m editing is called DemoTransferAmount, shown below:

importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils);
// this has to be an attribute name, and appear in the advanced configuration property
// attributeCollection.authenticationContextAttributes so that it is made available
// from CBA authorization policy
var param = context.get(Scope.SESSION, "urn:ibm:security:asf:cba:attribute", "transferAmount");
IDMappingExtUtils.traceString("Received a transfer amount of: " + param);

if(param != null && param != "")
{
  var message = "You have a pending transaction amount of: $" + param;
  success.setValue(true);
  context.set(Scope.SESSION, "urn:ibm:security:asf:demo", "prompt", message);
  context.set(Scope.SESSION, "urn:ibm:security:asf:mmfa", "extras", '{"type": "transaction"}');
}

 

I’m going to add to a static address so that it appears in IBM Verify when a transaction is displayed.  Here is the updated Javascript code:

importClass(Packages.com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils);
// this has to be an attribute name, and appear in the advanced configuration property
// attributeCollection.authenticationContextAttributes so that it is made available
// from CBA authorization policy
var param = context.get(Scope.SESSION, "urn:ibm:security:asf:cba:attribute", "transferAmount");
IDMappingExtUtils.traceString("Received a transfer amount of: " + param);


// Callout to a location service to determine the address.
var location = function()
{
  return "Franklin Barbecue, 900 E 11th St, Austin, TX 78702, USA";
}

if(param != null && param != "")
{
  var message = "You have a pending transaction amount of: $" + param;
  success.setValue(true);
  context.set(Scope.SESSION, "urn:ibm:security:asf:demo", "prompt", message);
  context.set(Scope.SESSION, "urn:ibm:security:asf:mmfa", "extras", '{"type": "transaction", "originLocation" : "' + location() + '"}');
}

While the example above used a static address location, you can get creative to determine where an event originated, typically based on an IP address.

 

Transaction Output

In addition to originLocation, you can add other transaction attributes which get displayed at the top of the view, such asoriginIpAddress and originUserAgent.  Other custom attributes (including emojies 🤠) are also passed to IBM Verify, but they are displayed at the bottom of the view.

 

Click here to rate this article

Rate this article :

More Access and Authentication stories