Explain Incoming and Outgoing DeviceID with respect to Risk Evaluation in CA Risk Authentication

What is the difference between HTTPDEVICEID and DEVICEIDOUT in ARRFSYSAUDITLOG table ?

CA Risk Authentication

Essentially HTTPDEVICEID and DEVICEIDOUT correspond to Incoming Device ID and Outgoing Device Id respectively on the Risk Evaluation Report (one can export this report using the CA Arcot Admin UI)

Here is an example:

1. With RiskFort Sample Application say do a Risk Evaluation for user GUSER2 using a Chrome Browser (not in InCognito Mode). In this case the Device ID can be obtained from Browser Cookie. So one will see the Incoming DeviceID and Outgoing Device ID populated as the same that was obtained from the Browser Cookie. 

2. Close the browsers and open a new browser in InCognito mode. Observe that the first time around post a Risk Evaluate for GUSER2 the "Incoming DeviceID" that is "HTTPDEVICEID" will be Null and "Outgoing Device ID" that is DEVICEIDOUT will be generated and populated in the ARRFSYSAUDITLOG table. 

3. Subsequent Risk Evaluate request for this user GUSER2 both "HTTPDEVICEID" and "DEVICEIDOUT" will be saved as same.

 

None.