Task #14060
Change #14058: [CR24003] : BSNeBiz - New API to OCMS Project Server (Single Sign-on)
CR24003_OCMS: SOW01.2 - Login (Authentication)
| Status: | System Integration Test | Start date: | June 26, 2024 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | July 08, 2024 | |
| Assignee: |  Najmi Pasarudin | % Done: | 0% | |
| Category: | - | Spent time: | - | |
| Target version: | - |
Description
I. Log in: OCMS will be sent in Username and Password
- BSNeBiz respond login credential (match or unmatched)
- BSNeBiz respond (CIS + Business registration number (BRN) )
History
#1
Updated by Norhaidah Md Dasuki 3 months ago
28/6 - Penril (Najmi)
For login,
- At verifyUsername, the response parameter otpRequired, is supposed to be mandatory. This means that BSNeBiz API will always return yes or no for OCMS to prompt/hide the OTP field.
- At verifyLogin, BSNeBiz will validate the user type. If it is a Single user or Authorizer, the input OTP is mandatory. Else, like Initiator, is optional.
Need opinion on the OTP, is there any security issue if OCMS wants to bypass the OTP validation?
For BSNeBiz, the OTP is mandatory if the user has access to do monetary transactions.
BSN Updated:-
- Regarding the OTP itself, the concern is more of a redundancy as intention of the SSO integration here is to validate the user credential.
Security wise, the OCMS Merchant App is more administrative and for receiving payment at most.
#2
Updated by Najmi Pasarudin 9 days ago
- Status changed from Development / Work In Progress to System Integration Test