Use One Touch to Report Fraud

This guide describes how to create a One Touch action to report a fraud to for example Help-desk staff via SMS and Email.

Requirements

  • One Touch configured
  • Message Gateway configured
  • SMTP configured

Step 1 - Authentication - HTTP

Add the following configuration to “Authentication - HTTP” 

{
	"alias": "otfraud",
	"id": "otfraud",
	"name": "Registration",
	"configuration": {
		"stages": [
			{
				"pipeid": "otfraud-start",
				"template": "otfraud-start",
				"sessionValues": [
					"pki_user"
				],
				"translation": [
					"login.messages.heading",
					"login.messages.information.body",
					"login.messages.username",
					"login.assignment.labels.continue"
				]
			},
			{
				"pipeid": "otfraud-sendmessage",
				"template": "otfraud-sendmessage",
				"translation": [
					"otfraud.messages.title",
					"otfraud.messages.givenname",
					"otfraud.messages.snname",
					"otfraud.messages.username",
					"otfraud.messages.mobile",
					"otfraud.messages.report",
					"otfraud.messages.cancel"
				],
				"sessionValues": [
					"pki_user",
					"givenname",
					"sn",
					"mobile"
				]
			},
			{
				"pipeid": "otfraud-complete",
				"template": "otfraud-complete",
				"sessionValues": [],
				"translation": [
					"otfraud.messages.pwdchanged",
					"otfraud.messages.clickcontinue"
				]
			}
		]
	}
}

Step 2 - Modules

Add action

Find the "com.phenixidentity~phenix-pki" created by the One Touch scenario. 

Add the following action configuration after the following row : "guide_id": "guides.onetouch",

"actions_url": "replace-actions_url",
"actions": [
		{
			"type": "open",
			"url": "replace-action-url/otfraud/authenticate/otfraud",
			"authentication": "jwt",
			"title": "Report fraud",
			"text": "Report fraud"
		}
	]

Example configuration

{
	"name": "com.phenixidentity~phenix-pki",
	"enabled": "true",
	"config": {
		"issuer": "PhenixID",
		"ca_ref": "c4ed4b3c-712f-471e-aaaf-4fe818324a5b",
		"ca_profile": "c1667788-a453-420e-b0c8-15f1cc43da6c",
		"client_key_algorithm": "RSA",
		"client_key_size": "2048",
		"url_prefix": "https://demo.phenixid.net:8443",
		"http_configuration_ref": "0c5f7df1-2db2-42b9-8545-92a66d2fd821",
		"guide_ref": "efe738ed-5b03-4dd5-afad-5d736a59557a",
		"guide_id": "guides.onetouch",
		"actions_url": "https://demo.phenixid.net:8443",
		"actions": [
			{
				"type": "open",
				"url": "https://demo.phenixid.net/otfraud/authenticate/otfraud",
				"authentication": "jwt",
				"title": "Report Fraud",
				"text": "Report Fraud"
			}
		]
	},
	"id": "114b63b7-f07a-4222-ad5b-3ca86f6e0ed4"
}

Replace the following

Replace "Replace-actions_url" to your action url, example https://demo.phenixid.net:8443

Replace "Replace-url" to your url, example  "https://demo.phenixid.net/otfraud/authenticate/otfraud"

Change the following parameter, if needed, to your requirements 

"title": "Report Fraud"

"text": "Report Fraud"

Add module

Add the following new module

{
	"name": "com.phenixidentity~phenix-replay-cache",
	"singleton": "true",
	"config": {},
	"id": "replay"
}

Step 3 - NODE_GROUPS

Add the module “replay” to module_refs in “NODE_GROUPS” , see example below.

example

"module_refs":"replay,d55205cc-e067-4490-9e2b-dbc98459e501,f4660046-9003-4131-ae4b-3710c6b1d147,b7f370d7-f9ec-41f7-982c-408b9cbfc5a3,d802bda5-623e-4afe-b740-f318ee5683dd"

Step 4 - Pipes

Add the following configuration to “Pipes”

{
	"id": "otfraud-start",
	"valves": [
		{
			"name": "SessionLoadValve",
			"config": {
				"id": "{{request.session_id}}"
			}
		},
		{
			"name": "OTTokenVerifierValve",
			"enabled": "true",
			"config": {}
		},
		{
			"name": "FlowFailValve",
			"config": {
				"message": "Session to old",
				"exec_if_expr": "flow.items().isEmpty()"
			}
		},
		{
			"name": "SessionPropertyAddValve",
			"config": {
				"name": "pki_user",
				"value": "{{item.subject}}"
			}
		},
		{
			"name": "LDAPSearchValve",
			"config": {
				"connection_ref": "replace-connection_ref",
				"base_dn": "replace-base_dn",
				"scope": "SUB",
				"size_limit": "0",
				"filter_template": "sAMAccountName={{session.pki_user}}",
				"attributes": "givenname,sn,mobile,ipPhone,mail"
			}
		},
		{
			"name": "ItemMergeValve",
			"enabled": "true",
			"config": {
				"dest_id": "{{session.pki_user}}"
			}
		},
		{
			"name": "SessionPropertyAddValve",
			"config": {
				"dest_id": "{{session.pki_user}}",
				"name": "givenname",
				"value": "{{item.givenName}}"
			}
		},
		{
			"name": "SessionPropertyAddValve",
			"config": {
				"name": "sn",
				"value": "{{item.sn}}"
			}
		},
		{
			"name": "SessionPropertyAddValve",
			"config": {
				"name": "mobile",
				"value": "{{item.mobile}}"
			}
		},
		{
			"name": "SessionPropertyAddValve",
			"config": {
				"name": "fraudreportnr",
				"value": "{{item.ipPhone}}"
			}
		},
		{
			"name": "SessionPropertyAddValve",
			"config": {
				"name": "fraudmailaddress",
				"value": "{{item.mail}}"
			}
		},
		{
			"name": "SessionPropertyAddValve",
			"config": {
				"name": "message",
				"value": "User : {{session.pki_user}} \n\nName: {{item.givenName}} {{item.sn}} \n\nPhoneNr : {{item.mobile}} \n\nReported fra.. !"
			}
		 },
		{
			"name": "SessionPersistValve",
			"config": {}
		}
	]
},
{
	"id": "otfraud-sendmessage",
	"valves": [
		{
			"name": "SessionLoadValve",
			"config": {
				"id": "{{request.session_id}}"
			}
		},
		{
			"name": "SMSValve",
			"config": {
				"gw_username": "replace-gw_username",
				"gw_password": "replace-gw_password",
				"recipient_param_name": "{{session.fraudreportnr}}",
				"message": "{{session.message}}",
				"use_flash": "false"
			}
		},
		{
			"name": "SMTPValve",
			"config": {
				"smtp_settings": "replace-smtp_settings",
				"smtp_username": "replace-smtp_username",
				"smtp_password": "replace-smtp_password",
				"mail_param_name": "{{session.fraudmailaddress}}",
				"message_subject": "replace-message_subject",
				"message_body": "{{session.message}}"
			}
		},
		{
			"name": "SessionPersistValve",
			"config": {}
		}
	]
},
{
	"id": "otfraud-complete",
	"valves": [
		{
			"name": "SessionLoadValve",
			"config": {
				"id": "{{request.session_id}}"
			}
		},
		{
			"name": "SessionRemoveValve",
			"config": {}
		}
	]
}

Replace the following Pipe settings:

"replace-connection_ref" with your connection ID, example "9b8628b4-d0fb-4efa-a52e-30d0b6f14727"

"replace-base_dn" with your “base_dn”, example “DC=phenixid,DC=local”

"replace-gw_username" replace with your PhenixID Message Gateway user account

"replace-gw_password" replace with your PhenixID Message Gateway password

"replace-smtp_settings" replace with your SMTP connection ID, example "7b8625b4-d0fb-4efa-a52e-30d0b6f14817"

"replace-smtp_username" replace with your SMTP username, example "[email protected]"

"replace-smtp_password" replace with your SMTP password

"replace-message_subject" replace with the subject that you wants, example "Report Fraud !"

Step 5 - Template

Request the templates from PhenixID support

Copy the otfraud templates to the  template folder of authentication

For example "C:\Program Files\PhenixID\Server\mods\com.phenixidentity~auth-http~2.6\templates"

Step 6 - Translation

Add the following to the english translation file "server installation root folder"\mods\com.phenixidentity~auth-http~2.6\web\res\lang\en\strings.xml

Example path "C:\Program Files\PhenixID\Server\mods\com.phenixidentity~auth-http~2.6\web\res\lang\en\strings.xml"

<!-- OTFraud Report -->
   <string name="otfraud.messages.title">Report Fraud</string>
	<string name="otfraud.messages.givenname">Givenname</string>
	<string name="otfraud.messages.snname">Surname</string>
	<string name="otfraud.messages.username">Username</string>
	<string name="otfraud.messages.mobile">Mobile</string>
	<string name="otfraud.messages.report">Report Fraud</string>
	<string name="otfraud.messages.continue">Report Fraud</string>
	<string name="otfraud.messages.cancel">Cancel</string>

Add an other language or replace translations to fit your requirements