To ensure that transaction approvals can only be performed by valid delegating entities (e.g. the e-banking system) the delegating entity must be authenticated by configuring an "Authenticator" and a "request Credential Policy" in the transaction approval module:
- ●Request Credential Policy: defines how credentials are extracted from the request (e.g. BasicAuth header or client certificate)
- ●Authenticator: authenticates the system by checking the credentials (e.g. check a password)
Logging
The delegating entity (e.g. e-banking system) executes actions in the name of the user. The logs are prefixed with "Transaction Approval by 'entity name': ", where 'entity name' is the name of the authenticated delegating entity.
Example Log Transaction Approval
2018-11-09 16:29:24,443 INFO [TRC - auth - transaction-approval - SID: 818812557146449435 - RID: 991480948611470148] | 001 UserTrailLogger: uid:jdoe - Transaction Approval by ebankwebsrv1: Successful username check for user 'jdoe'. 2018-11-09 16:37:48,701 INFO [TRC - auth - transaction-approval - SID: 818812557146449435 - RID: 211156898333224989] | 001 UserTrailLogger: uid:jdoe - Transaction Approval by ebankwebsrv1: Sending mTAN OTP for user 'jdoe' to mobile number '+41765403428'