Prior to IBM Security Access Manager version 9.0.6.0, when a new transaction was generated in a mobile multifactor authentication scenario there was a single message generated and associated with the new transaction. The attribute was named “contextMessage” and was used for a dual purpose:
- A push notification informing the user that they have a pending transaction.
- A transaction specific message informing the user of what the actual transaction is.
The administrator was then tasked with crafting this message such that it could fit the dual purpose without being too specific for either purpose.
IBM Security Access Manager version 9.0.6.0 added support to split the context message into 2 separate messages:
- A push message that gets sent as part of the push notification.
- A transaction message that gets sent in the pending transactions. This still uses the original attribute name “contextMessage”.
Note that this change does not require any changes to the IBM Verify application. The same push notification message variable is still being used. It is just now being populated from a different configuration property.
This article is going to show how the new push notification message can be configured.
Procedure
1. Open the Local Management Interface and navigate to the authentication policies page:
Secure Access Control —> Authentication —> Policies
2. If the policy to update already exists select it and click edit otherwise create a new policy and add the MMFA authenticator to the list of workflow steps.
3. Click the modify parameters button alongside the MMFA authenticator.
4. Check the “Pass” checkbox for the pushMessage parameter to ensure that it gets passed.
5. Set the value of the pushMessage as a hardcoded value, a session attribute or a request attribute.
6. Click OK to exit the modify parameters dialog.
7. Click Save to store the new settings.
8. Deploy the changes.
9. At this stage when a new push notification is generated for this policy it will include the new push notification message.
#ISAM