Developer

Transaction Authentication/Electronic Signature Support

The purpose of transaction authentication is to validate that an authorized user is the one that entered the information captured by the transaction being authenticated. This functionality is also implemented to support electronic signatures in environments where audit trails are a requirement.

Transaction authentication is defined within the transaction itself and can be set as always required or conditionally required based on the Boolean return value of a rule definition. During transaction authentication on the Client the user is required to enter the user ID and password with which they logged into the device. Additional information may also be captured as a part of the authentication process where needed.

Any transaction defined within the application project can also be defined to include transaction authentication. Data captured during the authentication process is accessible during the synchronization of the transaction during transmit. There are different definitions involved in the transaction authentication processing, including:
  • Object definition to store authentication data on the Client
  • Screen set definition to display and capture data during the authentication processing on the Client
  • Step definition to process the authentication information during transmit and data synchronization
  • Rule definition (optional) to determine when the user should be required to authenticate

Authentication Object

The object definition displayed in the screen set during transaction authentication, termed the “authentication object,” should contain properties for each of the pieces of information to be captured from users during the authentication processing on the Client. This typically includes both the user ID and password values. It can also include additional information from the users as may be required for the specific environment. This data is accessible tot he step definitions of the transaction during transmit.

Authentication Screen Set

The screen set definition displaying the authentication object during transaction authentication, termed the “authentication screen set,” should be defined to display the object definition. Unlike other object screen sets, however, when displaying the authentication object the screen set is displayed as a wizard screen set. It should contain only detail screens and the fields of those screens are defined to captured the desired authentication information from the user.

Step

A step definition can be defined to specifically process the authentication data, or this processing can be included in a step definition that processes the data of the transaction. Either format is acceptable and depends on the overall nature of the synchronization processing performed for the transaction. The step can access the values of the authentication object using data tags within the SDML. The following syntax is the manner in which these values are accessed:
<<transaction.<authenticationObject>.<propertyName>>>
The value authenticationObject must be replaced with the name of the object definition being used. propertyName is replaced with the name of the property definition to be accessed. In a JVM system connection Java steplet, the values are accessed using the “getter” methods provided in the TransactionSession class. The property names are passed in as:
authenticationObject.propertyName

As with the SDML tags, the object definition name and property definition name are substituted in the above syntax.

Rules (Conditional Authentication)

As a part of the definition of the transaction authentication processing it is possible to define a rule definition to be evaluated prior to presenting the authentication screen set. This rule is evaluated in a Boolean context. A true return will result in the user being required to authenticate; a false return will not require authentication.

Transaction Authentication Behavior

The overall behavior of the transaction authentication begins on the Client. When a transaction is instantiated for which authentication has been defined, the transaction is processed as normal on the client up to the point just before it is to be applied. At this point, if the transaction is to require authentication, the authentication screen set is displayed. The user then enters the user ID, password, and any other information required. The password is validated against the password for that user to lo into the Client. If this validation fails, the user is presented with an error message and the authentication screen set is then displayed again. Once the authentication is successful, the transaction is applied on the Client.

During the next transmit, the pending transaction is sent to the Server and includes the information captured in the authentication object. The transaction’s server data state and server update steps have access to all properties within the authentication object. The specifics of how these values are processed depends entirely on the requirements of the back end system. The step definitions that process the authentication information can be defined to perform whatever processing is required and supported by the back end.