The performance of your core banking system is essential to ensure high-quality service for your customers. More importantly, however, is ensuring that all their information and account access remain fully secure.

Since one of the primary ways to expose your T24 banking services is via APIs, this section covers the key security mechanisms Temenos provides for your IRIS APIs.

Basic Authentication Filter Implementation

In an HTTP transaction, Basic Access Authentication allows a client (such as a web browser) to send a username and password as part of the request.

HTTP Basic Authentication relies on standard header fields, eliminating the need for additional handshakes.

To enable Basic Authentication for IRIS APIs, you must configure the t24SecurityFilter in the applicationContext.xml

<bean id="t24SecurityFilter" class="com.temenos.irf.comms.security.defaultimpl.T24BasicAuthenticationCheck"></bean>

Once the credentials are provided in the request header, the transaction will pass through T24 successfully and return a response.

Token-Based Security Filter Implementation

IRIS Data Services can also act as an intermediary for authenticated requests using JWT or SAML tokens. These tokens serve as authentication and identification mechanisms.

Configuration

To enable JWT-based authentication in IRIS, the following configurations must be applied to the WAR file:

• Enable the classpath resource

  

  
  

• Enable the Spring Security Filter

  

  
  

• Configure spring-jwt-iris-authenticator.xml

  

  
  

• Enable Spring Security in applicationContext.xml

  

  
  

• Adjust clock drift tolerance

  

  
  

• Exclude static resources from JWT validation

  

  
  

• Enable JWT-based authentication for external users

  

  
  

Generate JWT Token

Deploy the irf-auth-token-generation-container.war file in the application server.

Provide Basic Authentication credentials and access the URL shown on screen to generate the token.

Decode the Token

Go to JWT.IO  and decode the generated token.

The issuer should appear as TEMENOS.

Test JWT Token Filter

When the JWT token is included in the request header, the transaction will pass through T24 and return the appropriate response.

XACML Authorization for IRIS

The IRIS Framework uses the Temenos Security Framework to apply attribute-based access control (ABAC) policies at IRIS API endpoints (GET/POST/PUT) before the business function is executed.XACML policies are stored at runtime and enforced before any API is processed by T24.

The PDP (Policy Decision Point) engine evaluates the relevant policy and returns an authorization decision, which IRIS enforces at the API layer, before reaching the business logic.

Configuration

• Enable the XACML bean in applicationContext.xml

  

• Generate the required policy XML files based on the authorization rules for each API endpoint

  

  
  

Test XACML Authorization

The roleId defined in iris-admin-policy.xml must be sent in the request header, for example:roleId: ADMIN

When the roleId is provided correctly, the transaction will pass through T24 and return a response.

Happy Performance Engineering!

#T24 #IRIS #API #Security #Token