Setting B2C Environment

The B2C environment offers a secure architecture for exposing digital journeys to unauthenticated users. The B2C environment is comprised of the following components:

  • FintechOS Back Office applications (Portal and Innovation Studio)
  • FintechOS B2C Application. It is a copy of the back-office Portal with the following appSettings in web.config
    • Copy 
    <configuration>
        <appSettings>
            ...
            <add key="feature-b2c-userjourneys" value="1" />
            <add key="feature-b2c-userjourneys-impersonated-user" value="the username" />
            <add key="feature-b2c-userjourneys-api-key" value="feature-b2c-userjourneys-api-key" />
         </appSettings>
         ...
    </configuration>
  • IMPORTANT!
    • The impersonated user (feature-b2c-userjourneys-impersonated-user) cannot be host or admin.
    • The Security Roles for the impersonated user must include only read access to the related dictionary entities (entities referenced by lookup attributes used in the journey).
    • Since the impersonated user has limited access to the journey's data model, make sure that you do not use data manipulation functions (such as ebs.getByID, ebs.getByIdAsync.htm, ebs.getByQuery.htm, etc.) in the journey's client-side code. Instead, use server-side scripts which you can access through functions such as ebs.callActionByNameAsync.htm or ebs.callActionByName.htm.
    • NOTE To expose multiple user journeys to a B2C portal, the user journeys API keys in the web.config file, separated by comma:
    Copy
    <configuration>
        <appSettings>
        ...
        <add key="feature-b2c-userjourneys-api-key" value="feature-b2c-userjourneys-api-key, feature-b2c-userjourneys-api-key" />
        </appSettings>
        ...
    </configuration>
  • FTOS Reverse Proxy application which ensure secure routing of HTTP requests from internet to FintechOS apps.

How to set up the B2C environment

This section walks you through the steps that for setting up a B2C environment:

STEP 1. Install the FTOS Reverse Proxy

  1. Install .NET Core Sdk.
  2. Install .NET Core 2.2 Runtime and Hosting Bundle for Windows.
  3. Copy the FTOS Reverse Proxy files in a folder of your choice.
  4. Create application in IIS:
    1. Create the application pool (.NET CLR=No Managed Code | Managed pipeline mode=Intergated | Identity=NetworkService)
    2. Create a web application in IIS using the Application Pool you have just created and having the Physical path the folder where you copied the FTOS Reverse Proxy files.

STEP 2. Configure the FTOS Reverse Proxy

In the FTOS Reverse Proxy installation folder, find the proxy/proxy.config.js file and make the necessary changes:

Copy 
//the output refers to the __FintechOS B2C Application__
output.scheme = "http";
output.port = 80;
output.host = "192.168.15.15";
output.application = "FintechOS_B2C";// if there is no application (FintechOS B2C runs as a root site in IIS) use output.application = null

Configure your routes following the example from the file.

Make sure that you set the B2C header with the value from the web.config file of the FintechOS B2C application, appSetting feature-b2c-userjourneys-api-key:

output.requestHeaders.set("B2C", "feature-b2c-userjourneys-api-key");

FTOS Reverse Proxy Configuration
Copy
filter.setup(function (input, output)
 {
    /* LOCAL TEST */
    output.scheme = "http";
    output.port = 60130;
    output.host = "localhost";
    output.application = null;
    /* -----------------------------------------
    // mandatory for Fintech, mapping # to Main#
    // -----------------------------------------
    */
    if (output.path.match(/^#/)) {
                output.path = "Main" + output.path;
                return output.redirect();
                }
    if (output.path === "/rca")
                {
                if (output.query.match(/\bsessionId=/i))
                    {
                    output.path = "/Main";
                    output.query += "#/entity/claimNotification/edit/newEntry/data form/b2cUJ/pageno/1";
                    }
                else
                    {
                    output.path = "/Main";
                    output.query += "#/userjourney/claimNotification/insert/data form/b2cUJ";
                    }
                 
       return output.redirect();
       }
                 
       output.requestHeaders.set("B2C", "feature-b2c-userjourneys-api-key");
                 
       return output.go();
});

When configuring routes use the following templates:

  • Insert Link: #/userjourney/{entityName}/insert/data form/_{formName}_
  • Edit Link: #/entity/{entityName}/edit/old/data form/{formName}/pageno/{pageNo}

STEP 3. Enable journey to be accessible through the reverse proxy

Prerequisite: Make sure that the digital journey that you want to expose to unauthenticated users has the wizard mode active.

To enable a specific digital journey to be accessible through the reverse proxy, In Innovation Studio follow these steps:

  1. From the menu, click Digital Frontends > Anonymous Frontends Configurations. The Anonymous Frontends Configurations List page appears.
  2. At the top-right corner of the page, click the Insert icon. The Add Anonymous Frontends Configuration page appears.
  3. In the Name field, fill-in the name of the B2C domain and in the API Key field, provide the feature-b2c-userjourneys-api-key value:
  4. At the top-right corner of the page, click the Save and reload icon. The page refreshes the Edit Anonymous Frontends Configuration page appears. The Published Form Driven Flows and Published Custom Flows sections will be unlocked. You can expose both data form driven and custom flows to unauthenticated users, as follows:

    5. Exposing data form driven flows

    Prerequisite: In order to expose a form driven flow to unauthenticated users, you should have created the journey. For information on how to create a form driven flow, see Creating Form Driven Flows.

    1. From the Published Form Driven Flows section, click the Insert existing button. A pop-up appears listing all existing standard user journeys.
    2. Double-click on the desired form driven flow that you’d like to expose to unauthenticated users. The pop-up closes and the selected record will be displayed in the Published Form Driven Flows section.
    3. Save the settings by clicking the Save and close icon.

    Exposing custom flows

    Prerequisite: In order to expose a custom flow to unauthenticated users, you should have created the custom flow. For information on how to create a custom flow, see Creating Custom Flows.

    1. From the Published Custom Flows section, click the Insert existing button. A pop-up appears listing all existing custom flows.
    2. Double-click on the desired custom flow that you’d like to expose to unauthenticated users. The pop-up closes and the selected record will be displayed in the Published Custom Flows section.
      3. If you want to expose more custom flows to the current B2C frontend domain, add them in this section; otherwise, they will not be visible to unauthenticated users.
    3. Save the settings by clicking the Save and close icon.

Once unauthenticated users will complete a digital journey, records are logged in. To see the audit logs of anonymous frontends, from the menu, click Security > Anonymous Journey Access Logs. The Anonymous Journey Access Logs List page appears. To see the B2C frontend domain from where the digital journey has been exposed to unauthenticated users (automatically displayed in the B2C FrontEnd Domain non-editable field) and also change the external process status, double-click on the desired record in the list.

STEP 4. Override default Save on the journey with an endpoint

Now that you've set up the B2C environment and you exposed journeys to unauthenticated users, you need to override the default save on the digital journey. For information on how to do that, see How to Override Save With an Endpoint.

STEP 5. Create and use your own styles sheets (optional)

The B2C journeys have by default poor styles, so you might want to create and use your own styles sheets. For more information, see Manage Style Sheets for B2C User Journeys.

STEP 6. Set anonymous frontends to serve in a specific language (optional)

An anonymous frontend can serve in a specific language. For information on how to set anonymous frontends to serve in a specific language, see Serving User Journeys in a Specific Language.

Step 7. Reset an anonymous frontend session

Resetting an anonymous frontend session is useful when running multiple instances of an anonymous frontend to ensure that if customers go back to a previous step, they don’t lose the data that has already been saved in previous steps.

There is an anonymous frontend for loan application comprised of various steps. In one of the steps, the customer is asked to provide the monthly income based on which the loan value is calculated in a different step.

To register the customer loan application without altering the data based on which the loan amount was calculated, reset the anonymous frontend session by using the ftos.core.resetB2CSession() function in the last step (Advanced tab> After Section Save tab) of the loan application digital journey.

To reset an anonymous frontend session:

  1. In Innovation Studio, log in the Developer mode.
  2. Go to the configuration page of the digital journey exposed to anonymous users.
  3. Click the Steps tab and in the Entity Form Steps section, double-click the last step of the digital journey (the step with the highest order index).
  4. In the step configuration page, click the Advanced tab.
  5. Click the After Section Save tab and in the JavaScript field, type the function ftos.core.resetB2CSession();
  6. At the top right corner of the page, click the Save and close icon to save the step.