Scribd
Upload
62 views

Third Party User Guide

Uploaded by

the.painkiller.lead
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
62 views

Third Party User Guide

Uploaded by

the.painkiller.lead
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 48

Model Bank

Grafana Monitor Tool


TSF-External Authorization Demo (XACML)
Keycloak in UXPB

(R23-AMR Build)

Information in this document is subject to


change without notice.
No part of this document may be reproduced
or transmitted in any form or by any means, for
any purpose, without the express written
permission of TEMENOS HEADQUARTERS
SA.
© 2022 Temenos Headquarters SA -
all rights reserved.
3rd Party Presales Demo Guide

Table of Contents
Document History ............................................................................................................................... 4
1.Grafana Monitor Tool ..................................................................................................................... 5
Introduction……………………………………………………………………………………………………………5
Pre-requisites…………………………………………………………………………………………………………5
1.1 Configuration ................................................................................................................................ 5
1.1.1 SPF…………………………………………………………………………………………...…………………5
1.1.2 TEC.PROFILE……………………………………………………………………………….............………..6
1.1.3 TEC.ITEMS………………………………………………………………...........................…………………6
1.1.4 TAFJ……………………………………………………………………………………………………….........7
1.1.5 DOCKER……………………………………………………………………………………..…………………9
1.1.6 GRAFANA…………………………………………………………………….............………………...……10
1.1.7 TRANSACT BROWSER……………………………………………………………….......................……11
1.2Tracer Implementation of MS in Grafana ....................................................................................... 13
1.3 Keycloak for Single Sign-on (SSO) in UXP Browser ...................................................................... 16
1.3.1 Setting up Keycloak……………………………………………………………………………………….....16
1.4 Configuring UXP Browser setup in Keycloak ................................................................................. 21
1.5 Configuring UXP Components in Transact .................................................................................... 26
1.5.1 Configuring Browser.war………………………………………………………………………………....…26
1.5.2 Updating OIDCSessionHandlingFilter and oidcAuthenticationFilter………………….............................…26
1.5.3 Updating spring-oidc-authenticator.xml…………………………….……………………………………..26
1.6 Configuring Transact ................................................................................................................... 27
1.7 Configuring BRPRuntimeProperties.properties File ....................................................................... 29
1.8 Configuring IRFX ........................................................................................................................ 29
1.8.1 Make Copies of IRFX war for T24Authentication………………………………........................……….30
1.8.2 Header Value Change Authorization in IRF.war Files…………………………………….........……….30
1.8.3 Configuring IRF OIDC for Keycloak………..………………………………………………………………31
1.9 Launch UXP Browser………………………………………………………………………….………………32
1.10 Troubleshooting……………………………………………………………………………..............……….32
2. TSF-External Authorization Demo (XACML)
Introduction………………………………………….........................…………………………………………33
Pre-requisites………………………………………………………………….............……………………..….34
2.1 XACML - RunTime Demo:-………………………………………………………........................……….34
2.1.1 SPF Change…………………………………………………………………………………………..…..34
2.1.2 Use Case 1:-………………………………………………………………………………………...…….34
2.1.3 Use Case 2:-………………………………………………………………………………………...........35
2.1.4 Use Case 3:-……………………………………………………………………………………………....35
2.1.5 Use Case 4:-………………………………………………......…………………………………………..36
2.1.6 Use Case 5:-……………………………………………………………………………….................…..37
2.1.7 Use Case 6:-……………………………………………………….........................................………...40

2
3rd Party Presales Demo Guide

2.1.8 Use Case 7:-……………………………………………………………………………………………....42


2.2 XACML - DesignTime Demo:-………………….............………………………………………………….43
Creation of Policy file using PAP UI:-…………………………………............................………………43
2.2.1 Introduction……………………………………………………………………………………………43
2.2.2 UI Setup and Configuration: -……………………...............………………………………………43
A) Config Steps: -……………………….............……………………………………………………………43
B) Troubleshoot: -…………………………........…………………………………………………………….44
C) PAP UI Browser:-……………………………………………….………………………………………….44
2.2.3 Sample Rule creation:-……………………………………………………………………………………45
A) Use Case 1:-………………………………………………………………………………………………...45
B) Demo using created policy file:-…………………...……………………………………………………47

3
3rd Party Presales Demo Guide

Document History

Author Version Date

Santhosh Kumar V 0.2 18 MAY 2023

Comments:

4
3rd Party Presales Demo Guide

1. Grafana Monitor Tool


Introduction
Following are the steps to guide a TRANSACT User to configure and monitor various Transact
Queues/TAFJ Events dynamically to get the log details with the help of a third party tool Grafana.

Pre-requisites
• UTP Model Bank installation 202108 or above to be installed
• Application server started.
• Docker needs to installed and started.

1.1 Configuration
Shown below is the configuration done for triggering events from t24 to the external monitoring tool
: Grafana via platform framework function TecEvent. The EXT can be set in SPF record for
triggering events in Grafana and list of events to trigger are taken from TEC.PROFILE. Adding the
docker set up and configuration for sending the information from T24 to ElasticSearch and Logstash
to display in Grafana.

1.1.1 SPF
• A new option field EXT is introduced in MAINT.TEC.OUTPUT field in SPF table for enabling
the events to Grafana

• MAINT.TEC.OUTPUT field should be set to EXT in SPF for triggering various events from
T24 to Grafana.
• Once the new option field is set to EXT in SPF, the events are triggered and sent to platform
framework function TecEvent from T24.

5
3rd Party Presales Demo Guide

1.1.2 TEC.PROFILE

Below are the list of events which will be triggered from T24 system to the external monitoring tool.
Set the list of Items which in TEC.PROFILE tOP table for which the events should be triggering in
Grafana Monitor. The list of items should have an entry in TEC.ITEMS table with defined threshold.

1.1.3 TEC.ITEMS
Reduce the Threshold values as shown below. Commit and authorize.

TEC.ITEMS, I TXN.METRICS.COMMIT

6
3rd Party Presales Demo Guide

Verify the TEC.PROFILE by clicking play button. Restart the server

1.1.4 TAFJ
• Enable the below property in tafj.properties file under
Temenos\RXX\Env\Slot01\Products\TAFJ\Default\conf

Property : temn.tafj.runtime.enable.jbc.meter=true
temn.tafj.runtime.meter.category=PERFORMANCE,PRODUCTION

7
3rd Party Presales Demo Guide

• Uncomment the following from TAFJTrace.properties under


Temenos\RXX\Env\Slot01\Products\TAFJ\Default\conf

appender.monitoring.host can be set to localhost or the system IP Address.

• Comment below properties in TAFJTrace.properties under

Temenos\RXX\Env\Slot01\Products\TAFJ\Default\conf

• Add the following line in TAFJTrace.properties under ..TAFJ/conf

8
3rd Party Presales Demo Guide

Property: log4j.logger.LOCKING=INFO,locking

• Restart the server after the above changes are done.

1.1.5 DOCKER
The docker needs to installed in local system to run various containers which sends the
information from T24 to Grafana.
The docker set up is downloaded from the following link and installed in the local
environment. https://docs.docker.com/docker-for-windows/release-notes/#docker-desktop-
community-2304 \

• Execute the following commands from TAFJ/TemnMonitor path as


shown.
o launch-monitoring.bat build
o launch-monitoring.bat up

9
3rd Party Presales Demo Guide

• The docker dashboard after installation and running the above


commands is as below:-

1.1.6 GRAFANA
• Launch Grafana Dashboard from Web Browser by using the link : http://localhost:3000
• The default username and password to login into Grafana is admin/admin.
• Skip change password in case you want to use the default password

• Upon clicking Save & Test , if the success message “Index OK. Time field name OK” is displayed,
the elastic search is in-lined with t24 and data is emitted from transact.

10
3rd Party Presales Demo Guide

1.1.7 TRANSACT BROWSER


Make a transaction(EX:CUSTOMER,ACCOUNT,FT) in Transact browser and authorize. Data get
reflected as shown below

Make a transaction(EX:PO, I F3) in Transact browser and authorize. Data get reflected as shown
below

11
3rd Party Presales Demo Guide

12
3rd Party Presales Demo Guide

1.2 Tracer Implementation of MS in Grafana


Pre-Requisite:

• UTP Model Bank installation 202212 or above to be installed


• Application server started.
• Docker needs to installed and started .
• Follow the Microservice Holdings Document in
C:\Temenos\RXX\Env\Slot0X\Docs\Technology to start the DES upto mongo DB
setup

Add the entries in holdingsMongo.yml in


C:\Temenos\RXX\Env\Slot0X\Products\Xtras\MicroServices\ms-holdings-package-docker-R22.0.0
(3)\ms-holdings-package-docker-RXX.0.0\Holdings-Docker to monitor MS in Grafana Dashboard.

Uncomment the opentelemetry-collector in docker-compose-monitoring.yml in


C:\Temenos\RXX\Env\Slot0X\Products\TAFJ\Default\TemnMonitor

13
3rd Party Presales Demo Guide

After completing the Microservice holdings Document, Execute the following commands from
TAFJ/TemnMonitor.

1. launch-monitoring.bat build
2. launch-monitoring.bat up

Launch Grafana Dashboard from Web Browser by using the link : http://localhost:3000

Data Get Reflected in Microservice_Metrics.

14
3rd Party Presales Demo Guide

Data Get Reflected in Microservice Monitor.

15
3rd Party Presales Demo Guide

1.3 Keycloak for Single Sign-on (SSO) in UXP Browser

1.3.1 Setting up Keycloak


This section guides you in setting up Keycloak in the UXP browser for Single Sign-On (SSO).
Procedure:
1. Download the keycloak server.

2. Extract the downloaded zip file into the location Temenos\RXX\Env\Slot01\Products\Xtras\Tools

3. Open Command Prompt window from \keycloak-15.0.2\bin folder and Run the standalone.bat to start
the keycloak server using the below command
Standalone.bat –b 0.0.0.0

16
3rd Party Presales Demo Guide

4. Launch the below Keycloak console url and Click on “Administration console”. Create a below credentials
to login in to Keycloak server.

http://localhost:8080/auth/
Username or email: admin
Password: admin

Keycloak window is displayed.

17
3rd Party Presales Demo Guide

5. Expand Master dropdown and click Add realm to create a new realm named transact.

Enter the value as “transact” and click on create button

18
3rd Party Presales Demo Guide

Enter the value as shown in below screen and click on save button

6. Click Users from the left pane to create a new administrator for the transact realm.

7. Click Add user to create a new user.

19
3rd Party Presales Demo Guide

8. Enter all the required details and click Save button.

Note: Please click Save button at every screen.

9. Go to User > Role Mappings, select “realm-management” from the client Roles dropdown .Under
Available Roles select all the roles and click Add Selected. The roles are displayed under Assigned
Role

20
3rd Party Presales Demo Guide

10. Click On Credentials to setup a new password for transact realm administrator.

After resetting the password for transact realm, logoff and login as admin using the following
URL:

http://localhost:8080/auth/admin/transact/console/

1.4 Configuring UXP Browser setup in Keycloak


This section guides you in configuring the UXP browser for Single Sign-On (SSO).

Procedure:

1. On Transact realm, go to Clients > Settings and define the ClientId as uxpbrowser. Enter the
details as shown below. Click on Save button.

21
3rd Party Presales Demo Guide

2. Click Mappers to setup mapping for principalClaim.

3. Click Create to specify the mapping.

4. Create a user called INPUTT on transact realm as shown below

22
3rd Party Presales Demo Guide

5. Click Add user to gain access to user creation screen.

After creating the user, the following screen is displayed:

23
3rd Party Presales Demo Guide

6.Go to Credentials tab and create password for the user and click on Reset password button.

Click on save button

7 Click the Attributes tab and create attributes as shown below:

8 Create a new attribute called t24son and Sign on Name as it’s Value which is INPUTT.
9. Go to Transact Realm Settings > Keys.

24
3rd Party Presales Demo Guide

6. Click Public Key of rsa-generated, the following screen is displayed:

7. Copy the above RSA Public key and follow the steps :
a.Go to utilities online.

Paste the copied RSA Public key into the left pane and click encode.
On the right pane, base64 encoded key is generated.

25
3rd Party Presales Demo Guide

b.Copy the encoded base64 key into a notepad to provide for pkEncode tag on spring-oidc-
authenticator.xml files.

1.5 Configuring UXP Components in Transact


This section guides you in configuring the UXP components in Keycloak.

1.5.1 Configuring Browser.war


You must enable the OIDCSessionHandlingFilter, oidcAuthenticationFilter in web.xml, configure
the spring-oidc-authenticator.xml and Transact as given below to configure the Browser.war.

1.5.2 Updating OIDCSessionHandlingFilter and oidcAuthenticationFilter


You must enable the OIDCSessionHandlingFilter and oidcAuthenticationFilter by uncommenting the
xml lines as given below.
File Location: Browser.war\WEB-INF\web.xml
Sample reference xml:

web.xml

1.5.3 Updating spring-oidc-authenticator.xml

The following configuration establishes the communication between Keycloak and Browser.war.
File Location: Browser.war\WEB-INF\classes\META-INF\spring-oidc-authenticator.xml

26
3rd Party Presales Demo Guide

Sample reference xml:

spring-oidc-authentic
ator.xml

Where,
 transact in the url is the actual realm being configured in Keycloak.
 t24son is the user attribute being configured in Keycloak.
 uxpbrowser is the client name that is configured in Keycloak.
Read the Configuring UXP Browser section, to get the pkEncoded value.

1.6 Configuring Transact

The following configuration is required for any external authentication.


 You must add the PREAUTHENTICATED attribute at each user level or OFS.SOURCE level.
 If you want to add PREAUTHENTICATED at OFS.SOURCE level, for Authenticator it is
recommended to use OFS.RECORD by copying the existing OFS.SOURCE>GCS record and then
adding the preauthenticated attribute.
Please add the Attributes as shown below and commit it.

27
3rd Party Presales Demo Guide

28
3rd Party Presales Demo Guide

1.7 Configuring BRPRuntimeProperties.properties File

You must configure the BRPRuntimeProperties.properties to use the irf-rp-services-T24.war and irf-
t24catalog-services- T24.war files.
Add the below entries in properties file

 browser.options.dynamicIRIS.rpServiceAlt=http://localhost:9089/irf-rp-services-T24
 browser.options.god.catalogServiceAlt=http://localhost:9089/irf-t24catalog-services-T24

1.8 Configuring IRFX

29
3rd Party Presales Demo Guide

For T24Authentication, you must take a backup of the IRFX war file.

1.8.1 Make Copies of IRFX war for T24Authentication


1. Take a backup of existing irf-rp-services.war and irf-t24catalog-services.war files.
2. Rename the backed-up files as irf-rp-services-T24.war and irf-t24catalog-services-T24.war.

3. Change the root context in the irf-rp-services-T24.war and irf-rp-services-T24.war files as below.
File Location:
 irf-rp-services-T24.war\WEB-INF\jboss-web.xml
 irf-t24catalog-services-T24.war\WEB-INF\jboss-web.xml

NOTE: After modifying the root context, no other changes are required in the irf-rp-services-
T24.war and irf- t24catalog-services-T24.war files.

1.8.2 Header Value Change Authorization in IRF.war Files

Change the authentication header values given in irf-rp-services.war and irf-t24catalog-


services.war files as below:
File Location:
 irf-t24catalog-services.war\WEB-INF\web.xml
 irf-rp-services.war\WEB-INF\web.xml

30
3rd Party Presales Demo Guide

1.8.3 Configuring IRF OIDC for Keycloak


As IRF OIDC contains only the validation portion, configure the following in spring-oidc-
authenticator.xml.
File Location:
 irf-rp-services.war\WEB-INF\classes\META-INF\spring-oidc-authenticator.xml
 irf-t24catalog-services.war\WEB-INF\classes\META-INF\spring-oidc-authenticator.xml
Sample reference xml:

spring-oidc-authentic
ator.xml

31
3rd Party Presales Demo Guide

1.9 Launch UXP Browser


1. Launch the below UXP Browser url and it will redirect to the Keycloak sign on page.

http://127.0.0.1:9089/Browser/

2. Enter the Login credentials INPUTT and Transact home page will appear

1.10 Troubleshooting
1. If user get the below error due to properties setup and please follow the below steps for the workaround.

32
3rd Party Presales Demo Guide

2. Add the below properties in SetupProducts.bat from <\Temenos\RXX\Env\Slot01\Products\Scripts>


-Dbrowser.options.dynamicIRIS.rpServiceAlt=http://localhost:9089/irf-rp-services-T24
-Dbrowser.options.god.catalogServiceAlt=http://localhost:9089/irf-t24catalog-services-T24

3. Restart the jboss to reflect the changes.

2. TSF-External Authorization Demo


(XACML)
Introduction
XACML stands for eXtensible Access Control Markup Language.

XACML stands for "eXtensible Access Control Markup Language". The standard defines a
declarative fine-grained, attribute-based access control policy language, an architecture, and a
processing model describing how to evaluate access requests according to the rules defined in
policies.

Using XACML, restrictions can be applied at User level, whereby they will be given access only to
applications required.

Mapping of Transact SMS functionality with XACML Policy File definition:-

XACML T24 SMS Authentication


1 Policy Set EB.USER.ROLES/USER.SMS.GROUP Record

33
3rd Party Presales Demo Guide

1.1 Policy Application, Version, Enquiry Name


1.1.1 Rule Field level conditions inside the application/version
1.1.2 Obligation Field level condition attached to the application that will be utilised while
executing the enquiry

Pre-requisites
• UTP Model Bank installation 202108 or above to be installed
• Application server started.
• Java 1.8 or above.

2.1 XACML - RunTime Demo:-


2.1.1 SPF Change
1. Start jBOSS completely.
2. Login to Transact Browser using INPUTT / 123456.
3. Navigate to Admin Menu ->System Administration->Security Management System->System
Users Management->External Authorisation->Access control.
4. Check the External Security Framework box to enable it

Note:- Restart jBOSS post SPF changes

2.1.2 Use Case 1:-

1. Login as CSAGENT.
2. Create a PAYMENT.ORDER
3. Enter the PAYMENT.AMOUNT greater than 10000
4. Validate & commit the record.

34
3rd Party Presales Demo Guide

2.1.3 Use Case 2:-

1. Login to CSAGENT.
2. Navigate to Customer Onboarding (Ind.)
3. Pass the first Screen (Verification of customer documents)
4. On the second screen, validate the following:-
a. Nationality -> Enter BH (Bahrain) ->Commit and Validate -> Error message thrown
b. Residence ->Enter BH (Bahrain) ->Commit and Validate -> Error message thrown.
Only Non-Bahrain residents and / or Nationalities can be onboarded.

Note:- Both the conditions must be satisfied for the record to be committed.

If either of the conditions isn’t satisfied, the record does not get validated.

2.1.4 Use Case 3:-

1. Login as CSAGENT
2. From the command line launch ENQ CUSTOMER.SCV.
3. Click on FIND.
4. Search returns only CUSTOMERS that have Nationality and Residence other
than BH.

35
3rd Party Presales Demo Guide

5. As an alternate-check, search for any customer whose Nationality or


Residence is BH.

2.1.5 Use Case 4:-


1. Login as COMPUSER.
2. From the command line launch ACCOUNT application and enter the respective account number to
audit.

3. Click on ‘Perform Action’ button.


4. Click on ‘Review’ button for perform audit and the audit details will updated.

36
3rd Party Presales Demo Guide

5. As an alternate-check, edit any of the account using COMPUSER.

2.1.6 Use Case 5:-


1. Login to INPUTT. Create the below role in Transact and map to RMUSER.

37
3rd Party Presales Demo Guide

Note: If SPF External Security Framework is enabled already, then no need to create a record in
EB.USER.ROLES as it will throw the error message that external authorization is enabled. Directly add the
Role in the User record and proceed.

Note: As we are creating Role based access remove the user level access already given for PWMRM User
and then commit & authorise the record.

38
3rd Party Presales Demo Guide

2. Create new EB.API record with ID ‘AdvisorRole’ as below.

3. Create EB.EXT.SMS.EXTENSION with below values.

4. Login as RMUSER
5. RMUSER will list only his department accounts.

39
3rd Party Presales Demo Guide

Note: Verify and give the Account Id whose Account Officer is 74.

6. As an alternate-check, search for any Account whose account officer is other than 74.

2.1.7 Use Case 6:-

1. Login to INPUTT.
2. Create the below records in EB.API

40
3rd Party Presales Demo Guide

3. Also create EB.EXT.SMS.EXTENSION with below values.

4. Login to CSAGENT

1. Navigate to Customer Onboarding (Ind.)


2. Pass the first Screen (Verification of customer documents)
3. On the second screen, enter valid details.

5. Validate & commit the record.

41
3rd Party Presales Demo Guide

System will throw the error message if any transaction is done in the weekend, since weekend Saturday (6)
and Sunday (7) mentioned in policy file.

2.1.8 Use Case 7:-


1. Login as CSAGENT.
2. From the command line launch ENQ %ACCOUNT.
3. Click on FIND.
4. Search returns only ACCOUNTS that have Currency as USD.

5. As an alternate check, find any other Account record whose currency is not equal to USD.

42
3rd Party Presales Demo Guide

2.2 XACML - DesignTime Demo:-


Creation of Policy file using PAP UI:-
2.2.1 Introduction
This demo helps a Transact user to create a policy file using PAP UI and how to integrate it with Transact.
1. PAP-UI stands for Policy Administration Point User Interface.
2. PAP UI allows the security policy administrator to create the XACML policies with interactive GUI
and gives the ability to create and download the XACML policy files.
3. Security Policy administrator can create the policies without any technical knowledge on XML,
JSON etc.,

2.2.2 UI Setup and Configuration: -


A) Config Steps: -
 Ensure the below WAR files are present in the deployments folder.
 papui.war
 irf-provider-container.war

 Start Application server and ensure the war files are deployed.

 Creation of PAPRUNTIME folder:-


 Navigate to chrome and enter the given URL to download the artifacts
http://localhost:9089/irf-provider-container/api/v1.0.0/meta/apis/response/download
 The PAPRUNTIME folder gets created at
“Temenos\RXX\Infra\AppServer\JBoss\Default\papRuntime”, by default. (The entire process
takes 5-10 mins depending on the data inside the DB)

 After completion of the download, status success will be displayed.

 Once the download gets over, Ensure the below :-


 The papRuntime folder consist of the attributes, resources, roles, xacml.

43
3rd Party Presales Demo Guide

 The purpose of each folder is as follows :


 Resources – The existing Transact resources will be present.
 Attributes – Transact corresponding fields for the defined Transact resources.
 Roles – Default json policy files will be present.
 Xacml – The xacml file, which is converted from the downloaded json file will be
present here.
 Json – This folder will get created under papRuntime folder, when we download the
policy files from papui.

B) Troubleshoot: -
If any error related to 404 found while fetching the download API’s ensure the followings step.
• Open the papui war -> env.js in editable mode and check the value

window.__env.config = {
apiUrl: {
seal: true,
value: 'http://localhost:9089/irf-provider-container/api/v1.0.0'
}
};
Note: If the application server is running in any port other than 9089, then update the correct url in env.js file
and then re-deploy the war file.

• Open the papui war -> index.html and check the value
<base href=”/papui/”>

C) PAP UI Browser:-
Open the browser and enter the URL http://localhost:9089/papui/

44
3rd Party Presales Demo Guide

• The new policy creation UI page will be displayed.


• Go to the Product drop down in the policy editor and choose the Product and
Resources(from drop down) respectively.
• In the left panel, the list of Default Roles which is fetched from papRuntime/roles folder will
be present. You can drag and drop it into the Policy editor also.
• Create the Policy file and click the download button.
• The Policy has been downloaded to papRuntime/json folder for JSON file,
papRuntime/xacml folder for XACML file.

Note: Only the json policy files under the papRuntime/roles folder will get displayed in the Roles panel.

2.2.3 Sample Rule creation:-


A) Use Case 1:-
CUSTOMER creation via BRANCHMANAGER will not allow Nationality as “AF” and/or SECTOR as “1000”

Policy File creation: -


• Launch PAPUI.
• Click on +NEW from the right top TAB.
• Enter the details as follows: -

45
3rd Party Presales Demo Guide

 Click on “DOWNLOAD”
• The generated policy file gets downloaded to
“Temenos\RXX\Infra\AppServer\JBoss\Default\papRuntime\xacml”
• Copy the same to “Temenos\RXX\Env\Slot01\Products\XACML\lib\xacml”
• Update the pdp-config.xml and the root-policy.xml files under
“Temenos\RXX\Env\Slot01\Products\XACML\lib\xacml” as follows

46
3rd Party Presales Demo Guide

Note: - To add the created policy file as part of the PAPUI interface, move the created .json file from
“Temenos\RXX\Infra\AppServer\JBoss\Default\papRuntime\json” to
“Temenos\RXX\Infra\AppServer\JBoss\Default\papRuntime\roles”. Refresh the PAPUI to spot the file in
the right tab.

B) Demo using created policy file:-


Note: - The USER record for the below scenarios have been configured to read the properties from the Policy
File.

SPF Change: -
• Start jBOSS completely.
• Login to Transact Browser using INPUTT / 123456.
• Navigate to Admin Menu->System Administration->Security Management
System->System Users Management->External Authorisation->Access control.
• Check the External Security Framework box to enable it and then commit the record.

USER record Change: -


 Map the policy created to the BRANCHMANAGER User record as follows.

47
3rd Party Presales Demo Guide

Demo: -
• Login to UXP Browser as
BRANCHMANAGER/123456. Try creating a
customer using CUSTOMER I F3.
• Enter the Nationality as “AF” (and / or) Sector as
“1000”.
• Validate.

Transact throws proper error message:-


ss

48

You might also like