Once the PKSA receives the authentication request from the HAS, it should display it to the user and ask for approval or denial.