This topic contains 6 replies, has 3 voices, and was last updated by  Tony 2 months, 2 weeks ago.

  • Author
    Posts
  • Participant
    Tony
    Newbie
    Member since: 13.08.2018
    Number of posts: 10

    We have set up our account with maximum allowed KBA failures = 3 but ESL is allowing seemingly unlimited invalid retries. So, signers never get locked and the KBA_FAILURE and SIGNER_LOCKED emails and callback notifications don’t get sent. I do not see any way to set the max KBA tries through the API. It is set up at the account level in the ESL admin portal, apparently (which I don’t personally have access to but I’m working with somebody who does.)

    Here is an example of our REST request to create and send a signing package in case it is helpful.

    {
    “roles”: [
    {
    “locked”: false,
    “emailMessage”: {
    “content”: “”
    },
    “attachmentRequirements”: [],
    “reassign”: false,
    “specialTypes”: [],
    “id”: “GEORGE_H_MORLAN”,
    “data”: null,
    “type”: “SIGNER”,
    “index”: 0,
    “signers”: [
    {
    “auth”: {
    “challenges”: [
    {
    “answer”: “6789”,
    “question”: “What are the last 4 digits of your SSN or TaxID?”,
    “maskInput”: false
    }
    ],
    “scheme”: “CHALLENGE”
    },
    “company”: “”,
    “firstName”: “GEORGE”,
    “lastName”: “MORLAN”,
    “phone”: “”,
    “email”: “foo@gmail.com”,
    “knowledgeBasedAuthentication”: null,
    “language”: “en”,
    “title”: “”,
    “external”: null,
    “professionalIdentityFields”: [],
    “userCustomFields”: [],
    “delivery”: {
    “email”: true,
    “provider”: false,
    “download”: false
    },
    “group”: null,
    “signature”: null,
    “address”: null,
    “data”: null,
    “name”: “GEORGE H MORLAN”,
    “specialTypes”: [],
    “id”: “GEORGE_H_MORLAN”
    }
    ],
    “name”: “GEORGE H MORLAN”
    }
    ],
    “documents”: [
    {
    “approvals”: [
    {
    “role”: “GEORGE_H_MORLAN”,
    “signed”: null,
    “accepted”: null,
    “data”: null,
    “fields”: [
    {
    “page”: 0,
    “subtype”: “FULLNAME”,
    “width”: 200,
    “binding”: null,
    “extract”: false,
    “extractAnchor”: null,
    “left”: 100,
    “top”: 700,
    “validation”: null,
    “height”: 50,
    “data”: null,
    “type”: “SIGNATURE”,
    “value”: “”
    }
    ],
    “name”: “Approval name”
    }
    ],
    “name”: “Extension Agreement”,
    “fields”: [
    {
    “name”: “Next Due Date”,
    “value”: “9/21/2018”
    },
    {
    “name”: “Document Date”,
    “value”: “8/21/2018”
    },
    {
    “name”: “Borrower Name”,
    “value”: “GEORGE H MORLAN”
    },
    {
    “name”: “Co-Signer Name”,
    “value”: “”
    },
    {
    “name”: “Account Number”,
    “value”: “514671798”
    },
    {
    “name”: “Effective Date”,
    “value”: “9/21/2018”
    },
    {
    “name”: “Months Extended”,
    “value”: “1”
    },
    {
    “name”: “Next Payment Due”,
    “value”: “9/21/2018”
    },
    {
    “name”: “New Maturity Date”,
    “value”: “8/21/2030”
    },
    {
    “name”: “Null Void Date”,
    “value”: “8/25/2018”
    }
    ]
    }
    ],
    “name”: “Extension”,
    “type”: “PACKAGE”,
    “language”: “en”,
    “emailMessage”: “8/25/2018”,
    “description”: “Defines the terms of the Extension agreement”,
    “autoComplete”: true,
    “status”: “SENT”,
    “settings”: {
    “ceremony”: {
    “events”: null,
    “inPerson”: false,
    “declineButton”: false,
    “declineReasons”: [],
    “disableDeclineOther”: false,
    “disableDownloadForUncompletedPackage”: false,
    “disableFirstInPersonAffidavit”: false,
    “disableInPersonAffidavit”: false,
    “disableOptOutOther”: false,
    “disableSecondInPersonAffidavit”: false,
    “documentToolbarOptions”: null,
    “handOver”: null,
    “hideCaptureText”: false,
    “hideLanguageDropdown”: false,
    “hidePackageOwnerInPerson”: false,
    “hideWatermark”: false,
    “maxAuthFailsAllowed”: 0,
    “optOutButton”: false,
    “optOutReasons”: [],
    “style”: null,
    “layout”: null
    }
    },
    “reminders”: {
    “startInDaysDelay”: 1,
    “intervalInDays”: 1,
    “repetitionsCount”: 3
    },
    “due”: “2018-08-25”
    }

    Keymaster
    Duo_Liang
    Guru
    Member since: 14.06.2018
    Number of posts: 469

    Score

    1

    Hi Tony,

    First I want to confirm with you, you are talking about KBA or QA authentication? Because from your JSON, I only saw content in “auth” rather than “knowledgeBasedAuthentication”.

       "auth":{
          "challenges":[
             {
                "answer":"6789",
                "question":"What are the last 4 digits of your SSN or TaxID?",
                "maskInput":false
             }
          ],
          "scheme":"CHALLENGE"
       },
       "knowledgeBasedAuthentication":null
    

    So if you were meaning QA, you can assign the max failure time in your package setting, you can also find this attribute in your JSON:

    {
       "settings":{
          "ceremony":{
             "maxAuthFailsAllowed":3
          }
       }
    }

    Hope this could help you!
    Duo


    Duo Liang
    OneSpan Junior Technical Evangelist
    • This reply was modified 2 months, 2 weeks ago by  Duo_Liang.
    • This reply was modified 2 months, 2 weeks ago by  Duo_Liang.
    Participant
    Tony
    Newbie
    Member since: 13.08.2018
    Number of posts: 10

    Score

    0

    Thank you, Duo. I was misusing the term KBA. You are correct that I really meant QA. I will try setting maxAuthFailsAllowed in my API request and see if this resolves my issue. Is the KBA_Failure notification specific to KBA authentication? Or will it also be sent when the signer inputs an invalid QA answer?

    Keymaster
    Duo_Liang
    Guru
    Member since: 14.06.2018
    Number of posts: 469

    Score

    1

    Hi Tony,

    The KBA_Failure notification sticks to KBA authentication, so I’m afraid the only callback event related to QA is the “Recipent Locked”.

    Duo


    Duo Liang
    OneSpan Junior Technical Evangelist
    Attachments:
    You must be logged in to view attached files.
    Participant
    roneddy
    Newbie
    Member since: 15.09.2017
    Number of posts: 5

    Score

    0

    Hello,

    I have been working with Tony on this integration and one important aspect to note is that we are using our own on-premise instance of the OneSpan Sign 6.2 platform with ESL 11.3. When I go into backoffice and look at his account settings I have it set to lockout:

    Max Signer Authentication Attempts: 3

    So I am a bit confused as to why it will not lock out the signer, given that we seem to have everything setup correctly. Is there a backoffice setting I might be missing?

    Thanks,

    Ron

    Keymaster
    Duo_Liang
    Guru
    Member since: 14.06.2018
    Number of posts: 469

    Score

    0

    Hi Ron,

    If you are talking about the JSON Tony posted on the first floor, that could because that there’s a package level setting “maxAuthFailsAllowed”: 0 which overrides the account level setting Max Signer Authentication Attempts: 3. If this attribute is not specifically assigned, it should be the same with the number in account level and the setting should take effect from my test.

    So after the code has been modified, it still doesn’t work properly?

    Duo


    Duo Liang
    OneSpan Junior Technical Evangelist
    Participant
    Tony
    Newbie
    Member since: 13.08.2018
    Number of posts: 10

    Score

    0

    Adding maxAuthFailsAllowed to my REST request resolved the issue. It’s now locking out the signer after the defined max tries and sending a SIGNER_LOCKED callback message. Also, it emailed a notification to the business line’s shared email box. We are good. Thank you!

You must be logged in to reply to this topic.