Symantec Access Management

 View Only
Expand all | Collapse all

New channel in CA Risk Authentication / CA Advanced Authentication / CA RiskMinder / CA RiskFort

Jump to Best Answer
  • 1.  New channel in CA Risk Authentication / CA Advanced Authentication / CA RiskMinder / CA RiskFort

    Broadcom Employee
    Posted Feb 28, 2018 05:44 AM

    How to add one more channel to the current three OOTB channels in the CA Risk Authentication product (DEFALULT, 3DSecure, MOBILE)? White the documentation states it is possible (with caution), the steps are not provided there. Any ideas?



  • 2.  Re: New channel in CA Risk Authentication / CA Advanced Authentication / CA RiskMinder / CA RiskFort
    Best Answer

    Posted Feb 28, 2018 10:01 AM

    See the draft of a procedure attached. It was not created by me. I was going to create in the previous version that only had the "default", but with the upgrade appeared the "mobile" channel that it needed.
    If didn't work, or need an "official" procedure, open a "case" with the CA support.

     

    Regards,

     

    This procedure explains the steps involved in adding new Actions and Channels to RiskMinder, as we don’t have built –in UI support to add actions and channels from admin console, this is based on the DB scripts that are provided along with the product.

     

    Thought this document and ‘arcot-db-config-for-custom-channel-3.1.01.sql’ is based on Microsoft SQL Server database.

     

    1. DB Script arcot-db-config-for-custom-channel-3.1.01.sql’, have several sections and each section was explained adding new channels section.
    2. This script is based on the “DEFAULT” channel available in RiskMinder and will create channel similar to “DEFAULT” channel (new channel will have same actions, txn elements and their operators as DEFAULT channel).
    3. If we want to add new actions and channel, it is suggested to add actions first and then update channel creation script with new action details.

     

    • In case there are rule specific to a channel, those rules will be evaluated only when channel name is mentioned in the risk evaluation request.
    • In case there are rules specific to channel, action, those rules will be evaluated only channel name and action details are available in the risk evaluation request.

    Adding New Actions to RiskMinder

    • In order to have new actions for a channel, we need to have txn type available in ARRFTXNTYPE table.
      • Insert new txn type into ARRFTXNTYPE, below insert statement
      • Link the new txn type to channel.(This can be done during channel creation)
      • We also need to define (create) channel txn type elements for this channel and action type.

    1. Available ‘Actions’ in RiskFort Rule Builder

       

    The following statement will insert new Transaction type 'TEST'.

      1. Note: update sequenceid, Txntypeid and other details before you insert new txn type.

        INSERT INTO ARRFTXNTYPE

                   (SEQUENCEID

                   ,ORGNAME

                   ,Txntypeid

                   ,TXNTYPENAME

                   ,Displayname)

             VALUES

                   (5,null,5,'TEST','txt.risk.txntype.t5.display')

      Link new txn type to channel. This can be done during the channel creation, in the channel creation sql script there are 4 insert statements for the table ‘ARRFCHANNELTXNTYPE’, add one more insert statement with the new That looks similar to the one shown below,

        1. Note: Update SEQID, CHANNELID, TXNTYPEID and other details.

          INSERT INTO ARRFCHANNELTXNTYPE

                     (SEQID

                     ,ORGNAME

                     ,CHANNELID

                     ,TXNTYPEID)

               VALUES

                     (8,null,3,5);

          We need to update ARRFCHANNELTXNTYPEELEMENTS table with transaction elements that supports this action

           

          Sample script:

                  Note: Update CHANNELID and TXNTYPEID for your case

          DECLARE @temp_var_ChannelTxnTypeElemSeq INT;

          EXEC @temp_var_ChannelTxnTypeElemSeq = nextVal 'ARRFCHANNELTXTYPEELEMSEQ';

          INSERT INTO ARRFCHANNELTXNTYPEELEMENTS (SEQID,ORGNAME,CHANNELID,TXNTYPEID,ELEMNAME) VALUES (@temp_var_ChannelTxnTypeElemSeq,null,3,5,'USERNAME');

           

        • The above insert uses ‘USERNAME’ element which is already available, if new elements are added,
          • These new elements need to be linked to channel in “ARRFCHANNELELEMENTS” table.
          • Those operators corresponding to new elements needs to be updated in ‘ARRFELEMOPREGIONMAP’ table.
        • Refresh the server cache, and then this action will be available for that channel.

         

        Adding new channel to RiskMinder

        We can add new channels in riskminder by making changes in the database. We can define rules specific to a channel and those rules will be evaluated only if request specifies the channel name,

        The script “arcot-db-config-for-custom-channel-3.1.01.sql“has all the required database changes to add a new channel, this script can be used as reference to add new channels.

        Note: Make sure that you update script with the name of the channel, i.e, replace” <CHANNEL_NAME>” with the new channel name. Also use name in UPPER CASE or LOWER case (in case of labels like: txt.risk.channel.<CHANNEL_NAME>.category.basic) where ever applicable. Also update channel short name for <CHNL>.

        The DB scriptarcot-db-config-for-custom-channel-3.1.01.sql’ will cover the following DB changes.

        1. We need two extra tables for each channel, one is for sys audit log and other is for case transactions.
          1. Typically sys audit log table be named as “ARRFSYSAUDITLOG_<CHANNEL_NAME>”
          2. Case txn table can be named as ARRF_CASE_TXN_<CHANNEL_NAME>

        Where <CHANNEL_NAME> represents the name of the new channel.

                        Note:  make sure to change the PRIMARY KEY CONSTRAINT names in both create statements.

        2.   We need to update the following

        1. ARRFCHANNEL
          1. New channel specific data will be inserted.
        2. ARRFCHANNELDETAILCATEGORY
          1. Channel category details will be updated.
        3. ARRFCHANNELELEMENTS
          1. Linking transaction elements to channel.
        4. ARRFELEMOPREGIONMAP
          1. Linking operators to transaction elements, channel.
        5. ARRFCHANNELMSGPROPERTIES
          1. Updating message/label properties
        6. ARRFCHANNELTXNTYPE
          1. Linking transaction types to channel.
        7. ARRFCHANNELTXNTYPEELEMENTS
          1. Binding txn type, transaction elements to channel.

        Update index names to include channel name.

        Once we update these tables, restart the Riskfort service and admin console application.

        Steps to enable channel in admin console

        1. Login to admin console for your organization and go to ‘Organizations’ tab.
        2. Search for your organization and click on your organization.
        3. Go to ‘Riskfort Configuration’ tab.
        4. Select the checkbox corresponding to your channel under ‘Select Channels to Associate’ column.
        5. Click on ‘Save’ to save the configuration.
        6. Refresh cache:
          1. Go to ‘Services and Server Configurations’
          2. Select ‘Administration Console’
          3. Select ‘Refresh System Configuration’ and ‘Refresh Organization Configuration’
          4. Click ‘Ok’.

         

        1. See that the channel you have added is available.
        2. Select the channel to associate with this organization.
        3. Save the settings.

        Creating new rule with new channel details

        1. Login to admin console for your organization and go to ‘Organizations’ tab.
        2. Search for the organization and click on your organization.
        3. Go to ‘RiskFort Configuration’ tab.
        4. Click on “Rules and Scoring Management” under ‘Rules Management’.
        5. Select Ruleset that is active for your organization from the ‘Select the Ruleset’ dropdown.
        6. Click on ‘Add a new rule’ link.
        7. Channel details:
          1.    Fill Name, Mnemonic and Description for the rule.
          2.    Deselect “All Channels” checkbox and select the channel applicable for this Rule.
          3.    Update the rule fragment(s) and click ‘Add’ to save them to ‘Saved Rules’.
          4.    Click on ‘Create’ to create the rule.

           h. Once the rule is added, update its Risk Score and Priority and Enable it. Increase the priority for this rule and put it before any rule that is applicable for ‘All Channels’, So that this will be evaluated once the channel in the request is matched.

        i . Save the setting by clicking on ‘Save’ button.

        j. Migrate to production:

        1. Click on “Migrate to Production” link in ‘Migrate to Production’ section.
        2. Select the ruleset that you have updated and click on ‘Migrate’ button, in the next confirm the migration.

        Once the ‘Migrate to production’ is done, Refresh the server cache (refer ‘Refresh cache’ in ‘Steps to enable channel in admin console section).

        Now we have a custom rule which is applicable for a specific channel, pass channel name also in the risk evaluation request

        Rule builder:

         

        1. Name of the rule
        2. Mnemonic for the rule
        3. Description
        4. Deselect “All Channels”.
        5. Select the channel newly created.
        6. Deselect “All Actions”.
        7. Select the channel applicable.
        8. Select Transaction element.
        9. Select the operator
        10. Add the rule
        11. Click on ‘Create’ to create the rule.


      1. 3.  Re: New channel in CA Risk Authentication / CA Advanced Authentication / CA RiskMinder / CA RiskFort

        Broadcom Employee
        Posted Mar 01, 2018 04:35 AM

        Great, thank you!

         

        DM