Skip to main content
Version: 7.2405.x.x LTS

nevisAuth

The nevisDetect AuthState sends authentication data to nevisDetect during the login process, as shown in Technical architecture. The following figures illustrates this.

The next figure shows the typical workflow of a login process:

Typical login workflow

It is possible to influence the above login workflow with nevisDetect. The integration of nevisDetect in such a login workflow takes place by invoking a nevisDetect AuthState before the LoginDoneState AuthState. This ensures that only data of an authenticated user is passed on to nevisDetect. The next figure shows the above workflow enhanced by the nevisDetect AuthState ch.nevis.detect.authstate.CollectAndSendAuthState or, shorter, CollectAndSendAuthState.

Typical login workflow enriched by nevisDetect

The CollectAndSendAuthState AuthState returns a result condition (ResultCondition) based on the response from nevisDetect. The result condition influences how the login workflow will proceed. The next table shows the various possible result conditions:

ResultConditionResponse receivedPolicy matchedDescription
timeoutReadingResponsenoNAThe AuthState has stopped waiting for a response from nevisDetect.
errorno/yesAn error has happened either during the request processing within nevisDetect or within the nevisDetect AuthState.
noDataFoundyesnonevisDetect could not determine any risk score, due to an untrained user or missing data.
okyesnoNo policy has matched.
additionalAuthRequiredyesyes (see Action plug-ins for details)A policy with the action STEPUP has matched.
blockyesyes (see Action plug-ins for details)A policy with the action DENY has matched.

If you set the configuration property validateResponse of the CollectAndSendAuthState AuthState to "false", the AuthState does not wait for any response from nevisDetect but immediately returns the result condition "ok".

This behavior is similar to the asynchronous communication mode for HTTP requests. Section Communication mode explains this communication mode and its counterpart, the synchronous communication mode.

The following table lists all configuration properties of the CollectAndSendAuthState AuthState:

NameType/unitDefaultExampleDescription
validateResponsebooleanfalsetrueIf set to "false", the AuthState does not wait for any response from nevisDetect but immediately returns the result condition "ok". "false" is the default setting.
brokerUristringfailover: ssl://nevisrdf1.zh.
adnovum.ch:8282
The JMS broker URL.Configuring the prefix failover is recommended to enable re-connecting to the broker.
keyStoreReffile/var/opt/nevisauth/
default/nevisdetect/certs/
nevisdetect_keystore.jks
The Java keystore file used for establishing the TLS connection to the JMS broker.
keyStorePasswordstringThe passphrase for the keystore.
trustStoreReffile/var/opt/nevisauth/
default/nevisdetect/certs/
nevisdetect_truststore.jks
The Java truststore file used for establishing the TLS connection to the JMS broker.
trustStorePasswordstringThe passphrase for the truststore.