Equalsflashcookie

OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager11gRelease1(11.
1.
1)E15480-08August2014OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager,11gRelease1(11.
1.
1)E15480-08Copyright2010,2014,Oracleand/oritsaffiliates.
Allrightsreserved.
PrimaryAuthor:PriscillaLeeContributors:NiranjanAnanthapadmanabha,MandarBhatkhande,SreeChitturi,JoshDavis,JordanDouglas,DanielJoyce,WeiJieLee,PareshRaote,NandiniSubramani,ElangovanSubramanian,VidhyaSubramanian,DawnTyler,SachinVanungare,SaphiaYunaeva,andXiaobinZheng.
Thissoftwareandrelateddocumentationareprovidedunderalicenseagreementcontainingrestrictionsonuseanddisclosureandareprotectedbyintellectualpropertylaws.
Exceptasexpresslypermittedinyourlicenseagreementorallowedbylaw,youmaynotuse,copy,reproduce,translate,broadcast,modify,license,transmit,distribute,exhibit,perform,publish,ordisplayanypart,inanyform,orbyanymeans.
Reverseengineering,disassembly,ordecompilationofthissoftware,unlessrequiredbylawforinteroperability,isprohibited.
Theinformationcontainedhereinissubjecttochangewithoutnoticeandisnotwarrantedtobeerror-free.
Ifyoufindanyerrors,pleasereportthemtousinwriting.
IfthisissoftwareorrelateddocumentationthatisdeliveredtotheU.
S.
GovernmentoranyonelicensingitonbehalfoftheU.
S.
Government,thefollowingnoticeisapplicable:U.
S.
GOVERNMENTENDUSERS:Oracleprograms,includinganyoperatingsystem,integratedsoftware,anyprogramsinstalledonthehardware,and/ordocumentation,deliveredtoU.
S.
Governmentendusersare"commercialcomputersoftware"pursuanttotheapplicableFederalAcquisitionRegulationandagency-specificsupplementalregulations.
Assuch,use,duplication,disclosure,modification,andadaptationoftheprograms,includinganyoperatingsystem,integratedsoftware,anyprogramsinstalledonthehardware,and/ordocumentation,shallbesubjecttolicensetermsandlicenserestrictionsapplicabletotheprograms.
NootherrightsaregrantedtotheU.
S.
Government.
Thissoftwareorhardwareisdevelopedforgeneraluseinavarietyofinformationmanagementapplications.
Itisnotdevelopedorintendedforuseinanyinherentlydangerousapplications,includingapplicationsthatmaycreateariskofpersonalinjury.
Ifyouusethissoftwareorhardwareindangerousapplications,thenyoushallberesponsibletotakeallappropriatefail-safe,backup,redundancy,andothermeasurestoensureitssafeuse.
OracleCorporationanditsaffiliatesdisclaimanyliabilityforanydamagescausedbyuseofthissoftwareorhardwareindangerousapplications.
OracleandJavaareregisteredtrademarksofOracleand/oritsaffiliates.
Othernamesmaybetrademarksoftheirrespectiveowners.
IntelandIntelXeonaretrademarksorregisteredtrademarksofIntelCorporation.
AllSPARCtrademarksareusedunderlicenseandaretrademarksorregisteredtrademarksofSPARCInternational,Inc.
AMD,Opteron,theAMDlogo,andtheAMDOpteronlogoaretrademarksorregisteredtrademarksofAdvancedMicroDevices.
UNIXisaregisteredtrademarkofTheOpenGroup.
Thissoftwareorhardwareanddocumentationmayprovideaccesstoorinformationoncontent,products,andservicesfromthirdparties.
OracleCorporationanditsaffiliatesarenotresponsibleforandexpresslydisclaimallwarrantiesofanykindwithrespecttothird-partycontent,products,andservices.
OracleCorporationanditsaffiliateswillnotberesponsibleforanyloss,costs,ordamagesincurredduetoyouraccesstooruseofthird-partycontent,products,orservices.
iiiContentsAudience.
xvDocumentationAccessibility.
xvRelatedDocumentsxvConventionsxvi1IntroductiontotheDeveloper'sGuide1.
1NativeIntegration.
1-11.
2UniversalInstallationOptionIntegrations1-21.
3CustomizationsandExtensions.
1-21.
4AuthenticationandPasswordManagementIntegration.
1-41.
5MigrationandLifecycleManagement.
1-41.
6CustomDevelopment1-41.
7Troubleshooting/FAQ1-4PartINativeIntegration2NativelyIntegratingwithOracleAdaptiveAccessManager2.
1Overview.
2-12.
1.
1WhatisNativeIntegration2-12.
1.
2UsingSOAPServiceWrapperAPI2-22.
1.
3UsingtheIn-ProcMethod2-22.
1.
4SOAPServiceWrapperAPIvs.
In-ProcMethod2-22.
1.
5Non-NativeIntegration-SOAPServices.
2-22.
1.
6SampleApplicationasaReferenceforIntegration2-32.
1.
6.
1SettingUptheNativeSOAPbasedOAAMSampleApplication2-32.
1.
6.
1.
1Pre-requisites.
2-32.
1.
6.
1.
2InstallingandConfiguringtheSampleApplication.
2-32.
1.
6.
2SettingUptheNativeIn-ProcBasedOAAMSampleApplication.
2-52.
1.
6.
2.
1Pre-requisites.
2-52.
1.
6.
2.
2InstallandConfigure2-52.
2IntegrationOptions.
2-72.
2.
1IntegratingwithVirtualAuthenticationDevicesandKnowledge-BasedAuthentication2-72.
2.
1.
1UserNamePage(c1)2-92.
2.
1.
2DeviceFingerprintFlow(r2)2-9iv2.
2.
1.
3RunPre-AuthenticationRules(r1)2-102.
2.
1.
4RunVirtualAuthenticationDeviceRules(r3)2-102.
2.
1.
4.
1GenerateaGenericTextPad(p1)2-112.
2.
1.
4.
2GenerateaPersonalizedTextPadorKeyPad(p2)2-122.
2.
1.
4.
3DisplayTextPadandKeyPad(s2ands3)2-132.
2.
1.
5DecodeVirtualAuthenticationDeviceInput(p3)2-142.
2.
1.
6ValidateUserandPassword(c2)2-142.
2.
1.
6.
1UpdateAuthenticationStatus(p4)2-152.
2.
1.
6.
2PasswordStatus(c3)2-152.
2.
1.
7RunPost-AuthenticationRules(r4)2-152.
2.
1.
8CheckRegistrationforUser(p5)2-162.
2.
1.
9RunRegistrationRequiredRules(r5)2-162.
2.
1.
10EnterRegistrationFlow(p6)2-172.
2.
1.
11RunChallengeRules(r6)2-172.
2.
1.
12RunAuthenticationRules(r7)2-182.
2.
1.
13ChallengetheUser(p7)2-182.
2.
1.
14CheckAnswerstoChallenge(c4)2-192.
2.
1.
15LockOutPage(c6)2-202.
2.
1.
16LandingorSplashPage(c5)2-202.
2.
2IntegratingwithKnowledge-BasedAuthentication.
2-202.
2.
2.
1User/Password(S1)2-202.
2.
2.
2Stages.
2-213IntegratingNative.
NETApplications3.
1Introduction3-13.
2OracleAdaptiveAccessManager.
NETSDK3-13.
3ConfigurationProperties3-23.
3.
1HowtheAPIUsesProperties3-23.
3.
2EncryptingPropertyValues.
3-33.
3.
3UsingUser-DefinedEnumerationstoDefineElements3-33.
4OracleAdaptiveAccessManagerAPIUsage.
3-43.
4.
1UserDetails.
3-43.
4.
2UserLoginsandTransactions.
3-53.
4.
3RulesEngine.
3-63.
4.
3.
1DeviceID3-63.
4.
3.
2CreatingandUpdatingBulkTransactions3-73.
4.
4ValidatingaUserwithChallengeQuestions3-73.
4.
5ResettingChallengeFailureCounters3-83.
4.
6VirtualAuthenticationDevices3-83.
4.
6.
1CreatingaVirtualAuthenticationDevice3-83.
4.
6.
2EmbeddingaVirtualAuthenticationDeviceinaWebPage.
3-93.
4.
6.
3ValidatingUserInputwithaVirtualAuthenticationDevice.
3-93.
4.
7SpecifyingCredentialstotheOracleAdaptiveAccessManagerSOAPServer3-93.
4.
8TracingMessages.
3-103.
5IntegrationExampleUsingSampleApplications.
3-103.
5.
1ASP.
NETApplications3-103.
5.
2SampleApplicationDetails.
3-10v3.
5.
2.
1SampleWebApp.
3-113.
5.
2.
2SampleWebAppTracker3-113.
5.
2.
3SampleWebAppAuthTracker3-123.
5.
2.
4SampleKBATracker.
3-133.
5.
3SettingUptheEnvironment3-163.
5.
3.
1Modifyingtheweb.
configFile.
3-163.
5.
3.
2SettingPropertiesforImages.
3-163.
5.
3.
3RunningtheApplication.
3-163.
5.
4Example:EnableTransactionLoggingandRuleProcessing3-174IntegratingNativeJavaApplications4.
1AbouttheOracleAdaptiveAccessManagerSharedLibrary4-14.
1.
1OverviewoftheIntegrationProcess.
4-14.
1.
2UsingOracleAdaptiveAccessManagerSharedLibraryinWebApplications.
4-14.
1.
3UsingOracleAdaptiveAccessManagerSharedLibraryinEnterpriseApplications.
.
.
.
.
.
.
4-24.
1.
4Customizing/Extending/OverridingOracleAdaptiveAccessManagerProperties4-24.
2OAAMJavaInProcIntegration4-24.
3OAAMSOAPIntegration4-24.
3.
1SetupSOAPSecurity.
4-34.
3.
2SetSOAPRelatedPropertiesinbharosa_server.
properties.
4-54.
4AboutVCryptResponse4-64.
5OracleAdaptiveAccessManagerAPIs.
4-64.
5.
1addQuestion4-64.
5.
2authenticatePassword4-64.
5.
3authenticateQuestion4-74.
5.
4cancelAllTemporaryAllows4-74.
5.
5clearSafeDeviceList.
4-74.
5.
6createUser4-84.
5.
7createTransaction.
4-84.
5.
8deleteQuestion4-84.
5.
9generateOTP.
4-94.
5.
10getActionCount.
4-94.
5.
11getCaption.
4-94.
5.
12getFinalAuthStatus.
4-104.
5.
13getImage.
4-104.
5.
14getRulesData.
4-104.
5.
15getSecretQuestion.
4-104.
5.
16getSignOnQuestions.
4-104.
5.
17getUserByLoginId.
4-114.
5.
18handleTrackerRequest4-114.
5.
19handleTransactionLog4-124.
5.
20IsDeviceMarkedSafe.
4-134.
5.
21markDeviceSafe4-134.
5.
22processPatternAnalysis.
4-134.
5.
23processRules4-144.
5.
24setCaption4-15vi4.
5.
25setImage4-164.
5.
26setPassword.
4-164.
5.
27setTemporaryAllow.
4-164.
5.
28resetUser.
4-174.
5.
29updateAuthStatus.
4-174.
5.
30updateLog.
4-184.
5.
31updateTransaction.
4-194.
5.
32updateTransactionStatus4-205NativeAPIforOTPChallenge5.
1OTPIntegrationOverview5-15.
1.
1OneTimePassword(OTP)5-15.
1.
2OAAMOTPChallengeFunctionality.
5-25.
1.
3Sample5-25.
2OTPRegistrationandChallengeExperience.
5-25.
3NewUserRegistration.
5-25.
3.
1UserNameEnteredonLoginPage.
5-35.
3.
2PasswordPageisPresentedandUserEntersPassword5-35.
3.
3UserEntersRegistrationFlow5-35.
3.
3.
1Userselectsanauthenticationpadbackgroundimage5-35.
3.
3.
2Userregisterschallengequestions.
5-35.
3.
3.
3UserOptsIntoOTP.
5-35.
3.
3.
4Userregistersprofileinformation.
5-35.
3.
3.
5UserAgreestoTermsandConditions5-45.
3.
4UserContinuesintoApplication.
5-45.
4UserOTPChallenge5-45.
4.
1UserNameEnteredonLoginPage.
5-45.
4.
2PasswordPageisPresentedandUserEntersPassword5-45.
4.
3OAAMRulesDetermineUserShouldBeChallengedviaOTP5-45.
4.
3.
1GenerateOTPCodeandCodeisDeliveredtotheUserthroughCustomImplementation5-55.
4.
3.
2UserPresentedwithChallengePage.
5-55.
4.
3.
3UserEnterstheGeneratedCodeSenttoHimbytheApplicationandisValidatedbyCustomImplementation5-55.
4.
4UserContinuesIntotheApplication.
5-5PartIIUniversalInstallationOption6OracleAdaptiveAccessManagerProxy6.
1Introduction6-26.
1.
1ImportantTerms6-26.
1.
2Architecture6-26.
1.
3References6-36.
2InstallingUIOISAProxy6-46.
2.
1UIOProxyWebPublishingConfiguration6-46.
2.
1.
1WebListenerCreation6-46.
2.
1.
2WebPublishingRuleCreation6-4vii6.
2.
1.
2.
16-56.
2.
1.
2.
2WebPublishingRuleCreationforProtectedWebApplications6-56.
2.
2RegisteringtheUIOISAProxyDLL.
6-66.
2.
3SettingstoControltheUIOProxy.
6-66.
2.
3.
1Configurationfiles.
6-66.
2.
3.
2ConfigurationReload.
6-76.
2.
3.
3SessionIDCookie.
6-76.
2.
3.
4ConfiguringSessionIdCookieattributesviaGlobalVariables6-76.
2.
3.
5SessionInactiveInterval.
6-76.
2.
3.
6SettingsforTroubleshooting.
6-86.
3InstallingUIOApacheProxy6-86.
3.
1UIOProxyFilesforWindowsandLinux.
6-96.
3.
1.
1Windows.
6-96.
3.
1.
2Linux.
6-106.
3.
2ApachehttpdRequirements6-106.
3.
2.
1Windows.
6-106.
3.
2.
2Linux.
6-106.
3.
3CopyingtheUIOApacheProxyandSupportedFilestoApache.
6-116.
3.
3.
1Windows.
6-116.
3.
3.
2Linux.
6-116.
3.
4ConfiguringMemcache(forLinuxonly)6-126.
3.
5Configuringhttpd.
conf.
6-146.
3.
5.
1BasicConfigurationwithoutSSL6-146.
3.
5.
2ConfigurationwithSSL6-156.
3.
6ModifyingtheUIOApacheProxySettings6-156.
3.
6.
1UIO_Settings.
xml.
6-156.
3.
6.
2UIO_log4j.
xml6-186.
3.
6.
3ApplicationconfigurationXMLs6-196.
4SettingUpRulesandUserGroups6-196.
5SettingUpPolicies6-196.
6ConfiguringtheUIOProxy.
6-196.
6.
1ElementsoftheUIOProxyConfigurationFile6-206.
6.
1.
1ComponentsofInterceptors6-206.
6.
1.
2Conditions6-216.
6.
1.
3Filters.
6-246.
6.
1.
4FilterExamples-ProcessString6-276.
6.
1.
5FilterExamples-FormatString.
6-286.
6.
1.
6Actions6-286.
6.
1.
7Variables6-296.
6.
1.
8Application.
6-316.
6.
2InterceptionProcess6-316.
6.
3ConfiguringRedirectiontotheOracleAdaptiveAccessManagerServerInterface6-326.
7ApplicationDiscovery.
6-356.
7.
1ApplicationInformation.
6-356.
7.
2SettingUptheUIOISAProxy6-366.
7.
3SettingUptheUIOApacheProxy6-36viii6.
7.
4Scenarios.
6-376.
8Samples.
6-386.
8.
1DescriptionsforInterceptors.
6-446.
8.
2FlowforBigBankwithoutUIOProxy6-466.
8.
2.
1Login.
6-466.
8.
2.
2Logout6-466.
8.
3FlowforFirst-timeUsertoLogInandLogOutofBigBankwithUIOProxy.
6-476.
9UpgradingtheUIOApacheProxy.
6-566.
9.
1UIOApacheProxyPatchInstallationInstructions.
6-566.
9.
2UIOApacheProxyPatchBackoutInstructions6-576.
10UpgradingtheUIOISAProxyServer6-57PartIIICustomizationandExtensions7OAAMExtensionsandSharedLibrarytoCustomizeOAAM7.
1Overview.
7-17.
2AddCustomizationsUsingtheOAAMExtensionsSharedLibrary.
7-17.
3User-DefinedEnumerations.
7-38CustomizingtheOAAMServer8.
1Architecture8-28.
2TipsforCustomizingtheOAAMServerWebApplication.
8-28.
3OAAMProperties8-38.
3.
1EnumExample.
8-38.
3.
2OverridingExistingUser-DefinedEnums.
8-48.
3.
3DisablingElements.
8-48.
4OverridingExistingUser-DefinedEnums.
8-48.
5DisablingElements8-58.
6CustomizingtheOAAMServerforMultipleApplications8-58.
6.
1DeterminingtheApplicationID.
8-68.
6.
2DeterminingDefaultUserGroups.
8-78.
6.
3ConfiguringApplicationProperties8-78.
6.
4PropertyExtension8-88.
7CustomizingtheAppearanceofOAAMServer.
8-88.
7.
1CustomizingHeadersandFooters.
8-88.
7.
2ModifyingUserInterfaceStyles8-108.
7.
3CustomizingContentandMessaging8-118.
8Questions/AnswersAboutUserInterfaceCustomization8-129CustomizingUserFlowandLayout9.
1UserFlowsandLayout9-19.
1.
1StrutsActions9-19.
1.
1.
1ActionDefinition9-19.
1.
1.
2ActionType9-29.
1.
2BaseLayoutDefinition.
9-29.
1.
3HowStrutsandTilesWorkTogether.
9-3ix9.
2CustomUserFlowsandLayoutExample.
9-49.
2.
1CustomizetheLook-and-Feel.
9-49.
2.
2CustomizetheUserPageFlowsandActions.
9-49.
3tiles-def.
xmlFile.
9-59.
4StrutsConfigurationFile.
9-610UsingVirtualAuthenticationDevices10.
1Terminology.
10-110.
2VirtualAuthenticationDevicesandSetofBackgroundImages.
10-210.
3VirtualAuthenticationTypes.
10-210.
3.
1TextPad.
10-210.
3.
2PinPad10-310.
3.
3QuestionPad10-310.
3.
4Keypad10-410.
4AuthenticatorComposition.
10-510.
5VirtualAuthenticationDeviceProperties.
10-510.
5.
1PropertyFilesUsedintheAuthenticator'sConfiguration.
10-510.
5.
2TextPadAuthenticatorProperties.
10-510.
5.
3PinPadAuthenticatorProperties.
10-610.
5.
4QuestionPadAuthenticatorProperties10-610.
5.
5KeyPadAuthenticatorProperties10-710.
5.
6FrameDesignandElementPositioning.
10-710.
5.
6.
1BackgroundImages.
10-710.
5.
6.
2KeysSets10-710.
5.
6.
3TextPadVisualElements.
10-910.
5.
6.
4PinPadVisualElements.
10-1010.
5.
6.
5QuestionPadVisualElements10-1110.
5.
6.
6KeyPadVisualElements.
10-1210.
5.
7CustomizationSteps.
10-1310.
6DisplayingVirtualAuthenticationDevices.
10-1410.
6.
1SettingUpBeforeCallingthegetMethod.
10-1410.
6.
2GettingtheAuthentiPads.
10-1410.
6.
3SettingPropertiesAfterGettingAuthentipadObject10-1510.
6.
4DisplayingVirtualAuthenticationDevices.
10-1510.
7EnablingAccessibleVersionsofAuthenticators.
10-1510.
8LocalizingVirtualAuthenticationDeviceinOAAM11g10-1610.
8.
1Overview.
10-1610.
8.
2ExampleusingGermanLocale.
10-1611ImplementingOTPAnywhere11.
1AbouttheImplementation11-111.
2ConceptsandTerms.
11-211.
2.
1OneTimePassword(OTP)11-211.
2.
2OracleUserMessagingService(UMS)11-211.
2.
3ChallengeProcessor11-211.
2.
4ChallengeType11-2x11.
3Prerequisites11-311.
3.
1InstallSOASuite.
11-311.
3.
2ConfiguretheUMSDriver11-311.
3.
2.
1EmailDriver11-311.
3.
2.
2SMPPDriver.
11-311.
4OTPSetupOverview.
11-411.
5ConfiguringOTP.
11-511.
5.
1IntegratingUMS.
11-511.
5.
2EnablingOTPChallengeTypes.
11-611.
5.
3EnablingRegistrationandUserPreferences11-611.
6CustomizingOTP.
11-611.
6.
1CustomizingRegistrationFieldsandValidations11-711.
6.
2CustomizingTermsandConditions.
11-811.
6.
3CustomizingRegistrationPageMessaging11-911.
6.
4CustomizingChallengePageMessaging.
11-1011.
6.
5CustomizingOTPMessageText11-1011.
6.
6EnablingOptOutFunctionality11-1011.
7RegisteringSMSProcessortoPerformWorkforChallengeType11-1111.
8ConfiguringtheChallengePadsUsedforChallengeTypes.
11-1111.
9CustomizingOTPAnywhereDataStorage11-1211.
9.
1com.
bharosa.
uio.
manager.
user.
UserDataManagerIntf.
11-1211.
9.
2DefaultImplementation-com.
bharosa.
uio.
manager.
user.
DefaultContactInfoManager11-1211.
9.
3CustomImplementationRecommendations.
11-1411.
9.
4ConfiguringProperties11-1411.
10ExampleConfigurations11-1411.
10.
1AdditionalRegistrationFieldDefinitionsExamples.
11-1411.
10.
1.
1EmailInput.
11-1511.
10.
1.
2PhoneInput11-1511.
10.
1.
3IMInput11-1611.
10.
2AdditionalChallengeMessageExamples.
11-1711.
10.
2.
1CustomizeOTPEmailMessage11-1711.
10.
2.
2CustomizeOTPIMMessage.
11-1711.
10.
2.
3CustomizeOTPVoiceMessage.
11-1711.
10.
3AdditionalProcessorsRegistrationExamples11-1711.
10.
3.
1RegisterEmailChallengeProcessor11-1811.
10.
3.
2RegisterIMChallengeProcessor.
11-1811.
10.
3.
3RegisterVoiceChallengeProcessor.
11-1911.
11ChallengeUseCase11-1912ConfigurableActions12.
1Integration.
12-112.
2ExecutingConfigurableActionsinaParticularOrderandDataSharing12-212.
3HowtoTestConfigurableActionsTriggering.
12-312.
4SampleJUnitCode12-3xi13DeviceRegistration14ExtendingDeviceIdentification14.
1WhentoUseExtendDeviceIdentification14-114.
2Prerequisites14-114.
3DevelopingaCustomDeviceIdentificationPlug-in.
14-214.
3.
1ImplementtheClientSidePlug-in.
14-214.
3.
2AddPropertiesrelatedtoCustomDeviceIdentificationPlug-intoOAAMExtensionsSharedLibrary14-214.
3.
3Extend/ImplementtheDeviceIdentificationPlug-inclass.
14-314.
3.
3.
1getPlugInHTML.
14-314.
3.
4getFingerPrint.
14-314.
3.
5getDigitalCookie14-414.
3.
6getClientDataMap.
14-414.
4OverviewofInteractions14-414.
5Compile,AssembleandDeploy14-514.
6ImportantNoteAboutImplementingthePlug-In.
14-515FlashFingerprinting15.
1DeviceFingerprinting15-115.
2DefinitionsofVariablesandParameters.
15-115.
3Option1.
15-215.
3.
1Option1Flow.
15-215.
3.
2Option1CodeExample.
15-315.
4Option2.
15-315.
4.
1Option2Flow.
15-315.
4.
2Option2CodeExample.
15-415.
5Option3.
15-515.
5.
1Option3Flow.
15-515.
5.
2Option3CodeExample.
15-615.
6CommonUpdate.
15-7PartIVAuthenticationandPasswordManagementIntegration16AccessandPasswordManagementIntegration16.
1BenefitsandFeaturesoftheIntegration.
16-116.
2SecurePasswordCollectionandManagementScenarios.
16-2PartVMigrationandLifecycleManagement17MigratingNativeApplicationstoOAAM11g17.
1PreparingforMigration.
17-117.
2MigratingNativeStaticLinked(InProc)ApplicationstoOAAM11g.
17-117.
2.
1UsetheOAAMSharedLibraryInsteadofStaticLinkingtoOAAMJars.
17-117.
2.
2MoveAllConfigurablePropertiesintobharosa_server.
propertiesFile.
17-1xii17.
3MigratingNativeSOAPApplicationstoOAAM11g.
17-217.
3.
1UseOAAMSharedLibraryInsteadofStaticLinkingtoOAAMJars17-217.
3.
2MoveAllConfigurablePropertiesintothebharosa_server.
propertiesFile.
17-217.
3.
3ConfigureSOAP/WebServicesAccess17-217.
4MigratingNativeApplicationsthatCannotUseOAAMSharedLibrary.
17-217.
4.
1UsetheOAAM11gJarFiles.
17-217.
4.
2CopytheOAAM11gPropertyFiles17-317.
4.
3SpecifytheConfigurablePropertiesinthebharosa_server.
propertiesFile.
17-318HandlingLifecycleManagementChanges18.
1OracleVirtualDirectory(OVD)Host,Port,andSSLEnablementChanges.
18-118.
2OracleIdentityManager(OIM)URLChanges.
18-218.
3OracleAccessManager(OAM)HostandPortChanges18-318.
4OracleInternetDirectory(OID)HostandPortChangesandSSLEnablement18-318.
5DatabaseHostandPortChanges18-418.
6MovingOracleAdaptiveAccessManagertoaNewProductionEnvironment18-418.
7MovingOracleAdaptiveAccessManagertoanExistingProductionEnvironment.
.
.
18-5PartVICustomDevelopment19CreatingOAAMOracleBIPublisherReports19.
1CreateOracleBIPublisherReportsonDataintheOAAMSchema19-119.
1.
1CreateaDataModel.
19-119.
1.
2MapUserDefinedEnumNumericTypeCodestoReadableNames.
19-119.
1.
2.
1ResultsDisplay19-119.
1.
2.
2EnglishOnlyUserDefinedEnumResultDisplay.
19-119.
1.
2.
3InternationalizedUserDefinedEnumResultDisplay19-219.
1.
3AddingListsofValues.
19-319.
1.
3.
1UserDefinedEnumsasListofValuesforFiltering,EnglishOnly.
19-319.
1.
3.
2UserDefinedEnumsasListofValuesforFiltering,Internalized.
19-319.
1.
4AddingGeolocationData.
19-419.
1.
5AddingSessionsandAlerts19-519.
1.
5.
1TypeCodeLookups19-519.
1.
6Example.
19-519.
1.
7AddingLayoutstotheReportDefinition19-619.
2BuildingOAAMTransactionsReports19-619.
2.
1GetEntitiesandTransactionsInformation19-619.
2.
2DiscoverEntityDataMappingInformation.
19-619.
2.
2.
1InformationaboutDataTypes.
19-619.
2.
2.
2DiscoverEntityDataDetailsLikeDataType,RowandColumnMappings.
.
.
19-719.
2.
2.
3BuildEntityDataSQLQueriesandViews.
19-719.
2.
3DiscoverTransactionDataMappingInformation.
19-819.
2.
3.
1DiscoverTransactiondatadetailslikeDataType,RowandColumnmappings.
.
.
.
.
.
.
19-819.
2.
3.
2BuildTransactionDataSQLQueriesandViews.
19-819.
2.
4BuildReports.
19-919.
2.
4.
1BuildingEntityDataReports.
19-9xiii19.
2.
4.
2BuildingTransactionDataReports.
19-1019.
2.
4.
3JoiningEntityDataTablesandTransactiondatatables19-1020DevelopingCustomChallengeProcessors20.
1WhatareChallengeProcessors.
20-120.
2CodeChallengeProcessors20-120.
2.
1Class.
20-120.
2.
2Methods.
20-220.
2.
3Example:EmailChallengeProcessorImplementation20-220.
2.
4Secret(PIN)Implementation20-420.
3DefinetheDeliveryChannelTypesfortheChallengeProcessors.
20-420.
3.
1ChallengeTypeEnum.
20-420.
3.
2Example:DefininganOTPChannelType.
20-520.
4ConfigureUserInputProperties20-620.
4.
1EnableRegistrationandPreferencesInput.
20-620.
4.
2SetContactInformationInputs20-720.
5ConfiguretheChallengePadsUsedforChallengeTypes.
20-721CreatingaViewofaNon-OAAMDatabase21.
1TheOAAM_LOAD_DATA_VIEW21-121.
2SchemaExamples.
21-221.
2.
1OAAMSchema21-221.
2.
2CustomSchemaExample21-222DevelopingaCustomLoaderforOAAMOffline22.
1BaseFramework.
22-122.
1.
1Overview.
22-122.
1.
2ImportantClasses22-222.
1.
3GeneralFrameworkExecution22-322.
2DefaultImplementation.
22-322.
2.
1DefaultLoadImplementation.
22-422.
2.
2DefaultPlaybackImplementation.
22-422.
3ImplementationDetails:OverridingtheLoaderorPlaybackBehavior22-522.
4ImplementRiskAnalyzerDataSource.
22-622.
4.
1ExtendingAbstractJDBCRiskAnalyzerDataSource.
22-622.
4.
2ExtendingAbstractRiskAnalyzerDataSource.
22-722.
4.
3ExtendingAbstractRiskAnalyzerDataSource.
22-822.
5ImplementRunMode22-822.
5.
1ExtendingAbstractLoadLoginsRunMode22-922.
5.
2ExtendingAbstractLoadTransactionsRunMode.
22-922.
5.
3ExtendingPlaybackRunMode22-10PartVIITroubleshootingxiv23FAQ/Troubleshooting23.
1TechniquesforSolvingComplexProblems.
23-123.
1.
1SimpleTechniques.
23-123.
1.
2DivideandConquer.
23-223.
1.
3RigorousAnalysis.
23-223.
1.
4ProcessFlowofAnalysis23-323.
1.
4.
1StatetheProblem.
23-323.
1.
4.
2SpecifytheProblem.
23-323.
1.
4.
3WhatItNeverWorked23-423.
1.
4.
4ISandISNOTbutCOULDBE.
23-423.
1.
4.
5DevelopPossibleCauses23-523.
1.
4.
6TestEachCandidateCauseAgainsttheSpecification.
23-523.
1.
4.
7ConfirmtheCause.
23-523.
1.
4.
8Failures.
23-623.
2TroubleshootingTools23-623.
3OAAMUIOProxy23-923.
4Knowledge-BasedAuthentication.
23-1223.
5VirtualAuthenticationDevices.
23-1223.
6ConfigurableActions.
23-1423.
7One-TimePassword23-1423.
8Localization.
23-1523.
9Man-in-the-Middle/Man-in-the-Browser23-1623.
10FailureCounter23-17PartVIIIGlossaryIndexxvPrefaceTheOracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerprovidesinformationaboutOracleAdaptiveAccessManagerintegrationsandcustomdevelopment.
ThePrefacecoversthefollowingtopics:AudienceDocumentationAccessibilityRelatedDocumentsConventionsAudienceThisguideisintendedforadministratorsanddeveloperswhoareresponsibleforintegratingOracleAdaptiveAccessManager.
ThisguideassumesthatyouarefamiliarwithyourWebservers,OracleAdaptiveAccessManager,.
NETandJava,andtheproductthatyouareintegrating.
DocumentationAccessibilityForinformationaboutOracle'scommitmenttoaccessibility,visittheOracleAccessibilityProgramwebsiteathttp://www.
oracle.
com/pls/topic/lookupctx=acc&id=docacc.
AccesstoOracleSupportOraclecustomershaveaccesstoelectronicsupportthroughMyOracleSupport.
Forinformation,visithttp://www.
oracle.
com/pls/topic/lookupctx=acc&id=infoorvisithttp://www.
oracle.
com/pls/topic/lookupctx=acc&id=trsifyouarehearingimpaired.
RelatedDocumentsFormoreinformation,seethefollowingdocumentsintheOracleFusionMiddleware11gRelease1(11.
1.
1)documentationset:OracleFusionMiddlewareInstallationGuideforOracleIdentityManagementOracleFusionMiddlewareAdministrator'sGuideforOracleAdaptiveAccessManagerxviOracleFusionMiddlewareAdministrator'sGuideforOracleAccessManagerwithOracleSecurityTokenServiceOracleFusionMiddlewareAdministrator'sGuideOracleFusionMiddlewareEnterpriseDeploymentGuideforOracleIdentityManagementOracleFusionMiddlewareHighAvailabilityGuideOracleFusionMiddlewareUpgradePlanningGuideOracleFusionMiddlewareUpgradeGuideforOracleIdentityManagementOracleFusionMiddlewareReferenceforOracleIdentityManagementConventionsThefollowingtextconventionsareusedinthisdocument:ConventionMeaningboldfaceBoldfacetypeindicatesgraphicaluserinterfaceelementsassociatedwithanaction,ortermsdefinedintextortheglossary.
italicItalictypeindicatesbooktitles,emphasis,orplaceholdervariablesforwhichyousupplyparticularvalues.
monospaceMonospacetypeindicatescommandswithinaparagraph,URLs,codeinexamples,textthatappearsonthescreen,ortextthatyouenter.
1IntroductiontotheDeveloper'sGuide1-11IntroductiontotheDeveloper'sGuideOracleAdaptiveAccessManagerprovidesavarietyofmechanismsforintegratingwithcustomapplicationsandcustomdevelopment.
TheOracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerprovidesinformationtohelpdevelopersintegrateandcustomizeOracleAdaptiveAccessManager,migrate10gnativeapplications,andmanageconfigurationchangesinintegrateddeploymentsofOracleAdaptiveAccessManager.
Informationinthisbookisgroupedintothefollowingmainpartstohelpdevelopersquicklylocateinformation:PartI-NativeintegrationPartII-UniversalInstallationOptionProxyPartIII-CustomizationandextensionsPartIV-OracleAdaptiveAccessManager,OracleAccessManager,andOracleIdentityManagerintegrationPartV-MigrationandlifecyclemanagementPartVI-CustomdevelopmentPartVII-Troubleshootingtips/FAQDetailedinformationaboutOracleAdaptiveAccessManagerintegrationwithOracleIdentityManagerandOracleAccessManagerisnotcoveredinthisguide.
RefertotheOracleFusionMiddlewareIntegrationGuideforOracleAccessManagerforin-depthconceptualandproceduralinformation.
1.
1NativeIntegrationApplicationscanintegratenativelywithOracleAdaptiveAccessManagerusingAPIs.
OracleAdaptiveAccessManagerprovidesAPIstofingerprintdevices,collectauthenticationandtransactionlogs,runsecurityandbusinessrules,challengetheusertoprovidecorrectanswerstopre-registeredquestions,andgenerateauthenticationpadssuchasKeyPad,TextPad,orQuestionPad.
Part1containsinformationaboutAPIsusedtointegrateOracleAdaptiveAccessManager.
NativeIntegrationGuidelinesAnintroductiontointegratingaclientapplicationwithOracleAdaptiveAccessManagerispresentedinChapter2,"NativelyIntegratingwithOracleAdaptiveAccessManager.
"Innativeintegration,theapplicationinvokesOracleAdaptiveAccessUniversalInstallationOptionIntegrations1-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerManagerdirectlyandtheapplicationitselfmanagestheauthenticationandchallengeflows.
NativeandWebServicesIntegrationAWebapplicationcancommunicatewithOracleAdaptiveAccessManagerusingtheOAAMNativeClientAPIorthroughWebServices.
Forinformationontheseintegrations,seeChapter3,"IntegratingNative.
NETApplications,"andChapter4,"IntegratingNativeJavaApplications.
"In-ProcIntegrationThenativeintegrationsincludeAPIsthatarewrappersoftheSOAPAPIpublishedbyOAAMandwrittenintheclient'snativeapplicationlanguage.
TheIn-ProcintegrationisanoptionavailableforintegrationsusingjusttheJavalanguage.
Inthisintegration,therearenoSOAPcallstoOAAM,and,instead,theAPIimplementationrunswithintheclientapplicationitself.
ForinformationontheIn-Procintegration,seeChapter4,"IntegratingNativeJavaApplications.
"OTPIntegrationOracleAdaptiveAccessManager'sNativeOTPAPIoffersawaytoaddanotherfactortoatraditionalusername/passwordauthenticationscheme.
ForinformationonOTPintegration,seeChapter5,"NativeAPIforOTPChallenge.
"1.
2UniversalInstallationOptionIntegrationsOracleAdaptiveAccessManager'sUniversalInstallationOption(UIO)reverseproxydeploymentoptionoffersloginrisk-basedmultifactorauthenticationtoWebapplicationswithoutrequiringanychangetotheapplicationcode.
PartIIcontainsconfigurationinstructionsandguidelinesforthereverseproxydeploymentoptioninthefollowingchapter:Chapter6,"OracleAdaptiveAccessManagerProxy"1.
3CustomizationsandExtensionsPartIIIprovidesinstructionsandreferencematerialforthefollowingcustomizingandextendingfeaturesofOracleAdaptiveAccessManager:CustomizingOracleAdaptiveAccessManagerOracleAdaptiveAccessManagercanbecustomizedbyaddingcustomjarsandfilestotheOracleAdaptiveAccessManagerExtensionsSharedLibrary.
ForinformationonusingtheextensionssharedlibraryforcustomizationofOracleAdaptiveAccessManager,seeChapter7,"OAAMExtensionsandSharedLibrarytoCustomizeOAAM.
"CustomizingtheOAAMServerTheuserinterfaceprovidedbytheOAAMServerWebapplicationcanbeeasilycustomizedtoachievethelookandfeelofthecustomerapplications.
YoucanconfigureOAAMServertosupportoneormoreWebapplicationauthenticationanduserregistrationflows.
CustomizationsandExtensionsIntroductiontotheDeveloper'sGuide1-3ForinformationonthecustomizationofOAAMServer,seeChapter8,"CustomizingtheOAAMServer.
"CustomizingUserFlowOAAMsupportsthecustomizationofuserflow.
Forinformation,refertoChapter9,"CustomizingUserFlowandLayout.
"VirtualAuthenticationDevicesOracleAdaptiveAccessManagerincludesuniquefunctionalitytoprotectenduserswhileinteractingwithaprotectedwebapplication.
Thevirtualauthenticationdeviceshardenstheprocessofenteringandtransmittingauthenticationcredentialsandprovideenduserswithverificationtheyareauthenticatingonthevalidapplication.
Eachvirtualauthenticationdevice(VAD)hasitsownuniquesetofsecurityfeaturesthatmakeitmuchmorethanamereimageonawebpage.
Forinformationonthecustomizationofvirtualauthenticationdevices,seeChapter10,"UsingVirtualAuthenticationDevices.
"One-TimePasswordOracleAdaptiveAccessManager11gprovidestheframeworktosupportOneTimePassword(OTP)authenticationwithOracleUserMessagingService(UMS)asamethodofdeliveryoutofthebox.
ForinstructionstoconfigureOTPtoleverageUMSasamethodofdelivery,refertoChapter11,"ImplementingOTPAnywhere.
"ConfigurableActionsOracleAdaptiveAccessManagerprovidesConfigurableActions,afeaturewhichallowsuserstocreatenewsupplementaryactionsthataretriggeredbasedontheresultactionand/orbasedontheriskscoringafteracheckpointexecution.
Chapter12,"ConfigurableActions"describeshowtointegrateaConfigurableActionwiththeOracleAdaptiveAccessManagersoftware.
DeviceRegistrationDeviceregistrationisafeaturethatallowsausertoflagthecomputerheisusingasasafedevice.
InstructionstoenablethefeatureisprovidedinChapter13,"DeviceRegistration.
"DeviceIdentificationFormosttypicaldeployments,theout-of-the-boxdeviceidentificationsatisfiesclientrequirements.
Out-of-the-boxDeviceIdentificationusesdatafrombrowserandOAAMflashmovie.
Thefollowingarethetypicalscenarioswhenyoucouldconsiderextendingdeviceidentification:TheOAAMflashmoviecannotbeusedtoobtainclientdetailsastheclientsidebrowserdoesnotsupportFlash(example:iPhone,iPad,andsoon)Thereisaneedtoextractstrongerdeviceidentificationdatafromtheclientusinganon-flashplug-inthatcanruninsidethebrowserForinformationonhowtoextenddeviceidentificationinatypicaldeploymentrefertoChapter14,"ExtendingDeviceIdentification.
"AuthenticationandPasswordManagementIntegration1-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerFlashFingerprintingOracleAdaptiveAccessManagerusesdevicefingerprintingalongwithmanyothertypesofdatatodeterminetheriskassociatedwithaspecificaccessrequest.
OutlinesofcallsneededtoperformtheflashfingerprintingarepresentedinChapter15,"FlashFingerprinting.
"1.
4AuthenticationandPasswordManagementIntegrationBenefitsoftheOracleAccessManager-OracleAdaptiveAccessManager-OracleIdentityManagerintegrationispresentedinChapter16,"AccessandPasswordManagementIntegration.
"1.
5MigrationandLifecycleManagementBecauseoftheintegrateddeploymentofOracleAdaptiveAccessManagerwithotherapplications,migrationorconfiguration,changesinthoseapplicationsmightberequiredinOracleAdaptiveAccessManager.
Forthestepsinvolvedinmigratinganexistingnativelyintegrated10.
1.
4.
5applicationthatiscurrentlyusingSOAPauthenticationto11g,refertoChapter17,"MigratingNativeApplicationstoOAAM11g.
".
Forexamplesforhandlinglifecycleconfigurationchanges,refertoChapter18,"HandlingLifecycleManagementChanges.
"1.
6CustomDevelopmentCustomdevelopmentinstructionsareinthefollowingchapters:Chapter19,"CreatingOAAMOracleBIPublisherReports"Chapter20,"DevelopingCustomChallengeProcessors"Chapter21,"CreatingaViewofaNon-OAAMDatabase"Chapter22,"DevelopingaCustomLoaderforOAAMOffline"1.
7Troubleshooting/FAQChapter23,"FAQ/Troubleshooting"providestroubleshootingtipsandanswerstofrequentlyaskedquestions.
PartIPartINativeIntegrationPart1containsinformationaboutAPIsusedtointegrateOracleAdaptiveAccessManager.
Itcontainsthefollowingchapters:Chapter2,"NativelyIntegratingwithOracleAdaptiveAccessManager"Chapter3,"IntegratingNative.
NETApplications"Chapter4,"IntegratingNativeJavaApplications"Chapter5,"NativeAPIforOTPChallenge"2NativelyIntegratingwithOracleAdaptiveAccessManager2-12NativelyIntegratingwithOracleAdaptiveAccessManagerNativeapplicationintegrationdeploymentsembedtherulesengineanduserinterfaceflowsintotheclientapplicationsotheOAAMAdministrationConsole,whichcontainsthecustomerserviceandsecureanalystcasemanagementfunctionality,istheonlyadditionalmanagedserveraddedtothedeployment.
Thetypicalprocessflowsfortheauthenticationandchallengescenariosarepresentedinthischapter.
Withintheseflowsections,therearedetailsaboutwhichAPIshouldbecalledateachstage.
ThischaptercontainsguidelinestointegrateOracleAdaptiveAccessManagerintoaclientapplicationusingtheAPIstheserverexposes.
2.
1OverviewOracleAdaptiveAccessManagerprovidesAPIstofingerprintdevices,collectauthenticationandtransactionlogs,runsecurityrules,challengetheusertoanswerpre-registeredquestionscorrectly,andgeneratevirtualauthenticationdevicessuchasKeyPad,TextPad,orQuestionPad.
2.
1.
1WhatisNativeIntegrationNativeOracleAdaptiveAccessManagerintegrationinvolvescustomizingyourapplicationtoincludeOAAMAPIcallsatvariousstagesoftheloginprocess.
Innativeintegration,yourapplicationinvokesOracleAdaptiveAccessManagerdirectlyandtheapplicationitselfmanagestheauthenticationandchallengeflows.
TointegratewithOracleAdaptiveAccessManager,theapplicationcanusethenativeAPI.
ThenativeAPIoptionsare:SOAPservicewrapperAPIforJavaor.
NETapplications.
Inthisscenario,theapplicationcommunicateswithOracleAdaptiveAccessManagerusingtheOracleAdaptiveAccessManagernativeclientAPI(SOAPservicewrapperAPI)orviaWebservices.
Referto"UsingSOAPServiceWrapperAPI".
LinklibrariesstaticallyforJavaapplicationsonlyThisscenarioonlyinvolveslocalAPIcallsandthereforenoremoteserverriskenginecalls(SOAPcalls).
Referto"UsingtheIn-ProcMethod".
Overview2-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager2.
1.
2UsingSOAPServiceWrapperAPITheSOAPservicewrapperAPIenablesyoutocreateSOAPobjectsandinvokeSOAPcallsandabstractstheSOAPWebServiceDefinitionLanguage(WSDL)andotherWebservicesdetailsfromtheapplicationcode.
LibrariesforthisAPIareavailableforthefollowinglanguages:Java,.
NET,andC++.
Thisintegrationrequiresaddinglightweightclientlibraries(JARsorDLLs)totheclientlibrary.
TheapplicationcommunicateswithOracleAdaptiveAccessManagerusingWebservicesandtheserverAPI.
2.
1.
3UsingtheIn-ProcMethodTheintegrationimbedstheprocessingengineforOracleAdaptiveAccessManagerwiththeapplicationandenablesittoleveragetheunderlyingdatabasedirectlyforprocessing.
Inthisscenario,theapplicationmustincludetheserverJARsandconfiguredproperties,asappropriate.
2.
1.
4SOAPServiceWrapperAPIvs.
In-ProcMethodWhencommunicatingwiththerulesengine,youhavetodecidewhethertostaticallyincludeallthe.
jarfileslocallyintheapplicationserver,ortomakeSOAPcallstoadistributedrulesengine(typicallylocatedonthesamehostthatadministerstherulesthemselves).
UsingSOAPServerWrapperAPIisrecommendedovermakingdirectSOAPcalls.
Thereasonsareasfollows:TheclientlibraryconstructstheSOAPobjects,andthedetailsinvolvedinSOAPcallsisabstractedfromtheclientapplication.
ASOAPAPIsignaturechangedoesnotrequireanychangeintheclientcode.
TheAPIprovideshigher-levelutilitymethodstoextractparametersdirectlyfromtheHTTPrequestandHTTPsessionobjects.
Itprovidesmethodstoencodeanddecodefingerprintdata.
EventhoughIn-Procmayprovideslightlybetterperformance,itisnotsuitableforallJavaclients.
In-ProcisrecommendedforclientsdevelopingtheirownapplicationswithOracleAdaptiveAccessManagerbuiltintheirJ2EEorapplication.
In-Procintegrationhasseveraladvantages:TheapplicationmakesnoSOAPcalls,thuseliminatingtheneedtocreateanddeleteTCP/IPconnections.
Itexperiencesnonetworklatencies.
Itdoesnotrequirealoadbalancer.
2.
1.
5Non-NativeIntegration-SOAPServicesUsingdirectSOAPservicesispreferrediftheclientdoesnotwanttoincludeanyoftheOAAMclientJARorDLLfileswithintheirapplication.
However,tousetheadaptivestrongauthenticationfunctionality,youmustusethenativeJavaor.
NETintegration.
OAAMSOAPservicesconsistsoffivemajormodules:VCryptCommoncontainsthecommonAPIs.
OverviewNativelyIntegratingwithOracleAdaptiveAccessManager2-3VCryptTrackercontainstheAPIsforfingerprintingandcollectingauthenticationandtransactionlogs.
VCryptAuthcontainstheAPIsforaccessingtheAuthenticatorandKBAmodules.
VCryptRulesEnginecontainstheAPIsforrunningtherules.
VCryptCCcontainstheAPIsforinvokingcustomer-care-relatedrequests.
2.
1.
6SampleApplicationasaReferenceforIntegrationAsampleapplicationisavailableforyourreference.
BeforeyouintegratetheAPIsintoyourownapplication,besuretodownloadthesampleapplication.
ThesampleapplicationillustrateshowtocalltheproductAPIs.
Itisavailableasaformofdocumentation.
Thesampleapplicationisnotintendedtobeusedasproductioncode.
Forexample,thesampleapplicationdoesnothavepropererrorhandling;itonlyprovidesbasicelementsofAPIusage.
Customersimplementinganativeintegrationshoulddeveloptheirownapplicationusingthesampleapplicationasareferenceonly.
2.
1.
6.
1SettingUptheNativeSOAPbasedOAAMSampleApplicationThissectioncontainsinstructionstosetuptheNativeSOAPbasedOAAMsampleapplication.
2.
1.
6.
1.
1Pre-requisitesBeforeyousetuptheSOAPbasedOAAMsampleapplicationyouneed:OracleAdaptiveAccessManagertobeinstalled,configured,andrunningOracleAdaptiveAccessManagerSOAPservicetobeenabledandreachablefromthehostwherethesampleapplicationisbeingdeployedDetailsaboutthedatabasehost,username,passwordusedbytheOracleAdaptiveAccessManager2.
1.
6.
1.
2InstallingandConfiguringtheSampleApplicationTosetuptheSOAPbasedOAAMsampleapplication:1.
Createaoaam_samplefolder.
2.
Extractoaam_sample_soap.
zipintooaam_sample.
3.
Editthebharosa_server.
propertiesfileunderthe/WEB-INF/classesdirectory:Setthevcrypt.
tracker.
soap.
urlproperty.
vcrypt.
tracker.
soap.
url=http://:/oaam_server/servicesThissettingisthelocationofthewebserviceswithwhichtheapplicationwillcommunicate.
Setthesoapclassvcrypt.
common.
util.
vcryptsoap.
impl.
classnameproperty.
Note:Customapplicationsdevelopedforthesedeploymentsarenotsupporteddirectly.
However,OracleSupportServicescanassistcustomerswithproductissues,suchasifcustomersencounterproblemswhenusingtheprovidedAPIs.
Overview2-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerThissettingspecifiesfortheapplicationwhichlibrariestousewhencreatingSOAPmessagestoexchangewiththeOAAMservices.
Theavailableoptionis:com.
bharosa.
vcrypt.
common.
impl.
VCryptSOAPGenericImplSetbharosa.
image.
dirlisttotheabsolutefolderpathwhereOAAMimagesareavailable.
4.
Setthefollowingproperties:vcrypt.
tracker.
impl.
classname=com.
bharosa.
vcrypt.
tracker.
impl.
VCryptTrackerSOAPImplvcrypt.
user.
image.
dirlist.
property.
name=bharosa.
image.
dirlistbharosa.
config.
impl.
classname=com.
bharosa.
common.
util.
BharosaConfigPropsImplbharosa.
config.
load.
impl.
classname=com.
bharosa.
common.
util.
BharosaConfigLoadPropsImplvcrypt.
tracker.
soap.
useSOAPServer=truevcrypt.
soap.
disable=falsevcrypt.
soap.
auth.
keystoreFile=system_soap.
keystoreIfSOAPAuthenticationisnotenabled,setthefollowingproperty:vcrypt.
soap.
auth=falseIfSOAPAuthenticationisenabled,setthefollowingproperties:vcrypt.
soap.
auth=truevcrypt.
soap.
auth.
keystorePassword=Java-keystore-passwordvcrypt.
soap.
auth.
aliasPassword=Keystore-alias-passwordvcrypt.
soap.
auth.
username=SOAP-User-name5.
IfyouareinstallingthesampleapplicationonthesameWebLogicdomainwhereOAAMServerisrunningthencommentoutthepropertiesnamedbharosa.
cipher.
encryption.
algorithm.
enumrelatedtoencryptionkeys.
Ifyouaredeployingonanon-WebLogicserveroranon-IAMWebLogicdomainthenyouhavetocreatethekeystoressystem_db.
keystoreandsystem_config.
keystoreandsetthevalueforthefollowingproperties:bharosa.
cipher.
encryption.
algorithm.
enum.
DESede_config.
keystorePasswordbharosa.
cipher.
encryption.
algorithm.
enum.
DESede_config.
aliasPassword6.
Updatethesampleapplicationsoitpicksupthechangesmadetothebharosa_server.
propertiesfile.
NavigatetotheWebLogicAdministrationConsole>Deployments>SummaryofDeployments.
ClickNexttosampleapplicationandclicktheUpdatebutton.
ClickFinish.
7.
Startthemanagedserver.
8.
MakechangestoOAAMWebservicessecuritytoallowaccesstotheOAAMSOAPservices.
BydefaulttheyareprotectedbyOWSM(OracleWebServicesManager).
Thestepsareasfollows:a.
LogintoEnterpriseManagerofIDMdomainusingtheURLhttp://weblogic-admin-hostname:port/emandWebLogicAdministratorusername/password.
b.
Locateoaam_server_server1inthelefthandsidemenubyexpandingWebLogicDomainandtheOAAMdomainunderit.
OverviewNativelyIntegratingwithOracleAdaptiveAccessManager2-5c.
Right-clickoaam_server_server1andselecttheWebServicesmenuoption.
d.
ClickAttachPoliciesinthetop-rightareaofthepage.
e.
SelectalltherowsrelatedtoOAAMWebservicesinthenextpageandclicktheNextbutton.
f.
ToenableSOAPAuthenticationselecttheroworacle/wss_http_token_service_policyandclicktheNextbutton.
TodisableSOAPAuthentication,selecttheroworacle/no_authentication_service_policyandoracle/no_authorization_service_policyandclicktheNextbutton.
g.
ClicktheAttachbuttoninthenextpage.
h.
RestarttheOAAMServerifrequired.
9.
NavigatetotheWebLogicAdministrationConsole.
ClickLockandEditandselecttheDeploymentsnode.
OntheSummaryofDeploymentspage,findandselectthesampleapplication.
ClickStart>Servicingallrequests.
ClickYestoconfirm.
10.
LogintotheOAAMAdminapplicationandimportthesnapshot.
11.
NavigatetotheURLhttp://:/oaam_sample.
Youwillseeloginpageofsampleapplication.
12.
Entertheusernameandthenpasswordinthenextpage.
Youaretakenthroughregistration.
2.
1.
6.
2SettingUptheNativeIn-ProcBasedOAAMSampleApplicationThissectioncontainsinstructionstosetuptheNativeIn-ProcbasedOAAMsampleapplication.
2.
1.
6.
2.
1Pre-requisitesBeforeyoucansetupthenativeIn-ProcbasedOAAMsampleapplicationyouneed:OAAMAdmintobeinstalled,configured,andrunningOracleAdaptiveAccessManagerSOAPservicetobeenabledandreachablefromthehostwherethesampleapplicationisbeingdeployedDetailsaboutthedatabasehost,username,passwordusedbytheOracleAdaptiveAccessManager2.
1.
6.
2.
2InstallandConfigureTosetuptheNativeIn-ProcbasedOAAMsampleapplication:1.
Createtheoaam_samplefolder.
2.
Unzipoaam_sample_inproc.
zipintooaam_sample.
3.
StarttheWebLogicServer.
4.
NavigatetoWebLogicAdministrationConsole.
http://:/consoleNote:Thepasswordmustbetestfortheinitiallogin.
Youmustchangethepasswordimmediately.
Overview2-6OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager5.
DeploytheOAAMSharedLibrary$MW_HOME\Oracle_IDM1\oaam\oaam_libs\war\oaam_native_lib.
warasasharedlibrary.
a.
ClickDeploymentsunderIAMDomain(inthenavigationpanel)inSummaryofDeploymentsundertheControltab.
b.
ClicktheInstallbutton.
Inthepathspecify$MW_HOME\Oracle_IDM1\oaam\oaam_libs\warandselectoaam_native_lib.
war.
ClickNext.
c.
SelectInstallthisdeploymentasalibraryradiobutton.
ClickNext.
d.
IntheSelectDeploymentstargetspage,selectthemanagedserverfromthelistofserversandclickNext.
Noticethenameofthesharedlibraryisoracle.
oaam.
libs.
IfthemanagedserverisOAAMServerthenthereisnoneedtocreateaOAAMDataSource.
OtherwisecreateaDatasourcewithJNDInameasjdbc/OAAM_SERVER_DB_DSandpointittotheOAAMschema.
e.
ClickFinish.
6.
DeploythesampleapplicationasanapplicationontothesamemanagedserverwheretheOAAMSharedLibraryisdeployed.
a.
ClickDeploymentsunderIAMDomain(intheleftnavigationpanel)inSummaryofDeploymentsundertheControltab.
b.
ClickInstallbutton.
Inthepath,specifythelocationofthesampleapplication.
ClickNext.
c.
SelectInstallthisdeploymentasanapplicationradiobutton.
ClickNext.
d.
IntheSelectDeploymentstargetspage,selectthemanagedserverfromthelistofserversandclickNext.
e.
ClickFinish.
7.
ClickActivateChangesundertheChangeCenter.
8.
Inthedeploymentdescriptorfile,setthereferencetotheOAAMsharedlibraryoracle.
oaam.
libs.
TousetheOracleAdaptiveAccessManagerSharedLibraryinWebapplications,youmustrefertothesharedlibrarybyaddingthefollowingentrytoyourWebLogicdeploymentdescriptorfile,weblogic.
xml:oracle.
oaam.
libsTousetheOracleAdaptiveAccessManagerSharedLibraryinEnterpriseapplications,youmustrefertothesharedlibrarybyaddingthefollowingentrytoyourWebLogicdeploymentdescriptorfile,weblogic-application.
xml:oracle.
oaam.
libs9.
Startthemanagedserver.
10.
NavigatetotheWebLogicAdministrationConsole.
ClickLockandEditandselecttheDeploymentsnode.
OntheSummaryofDeploymentspage,findandselectthesampleapplication.
ClickStart>Servicingallrequests.
ClickYestoconfirm.
IntegrationOptionsNativelyIntegratingwithOracleAdaptiveAccessManager2-711.
LogintoOAAMAdminapplicationandimportthesnapshot.
12.
NavigatetotheURLhttp://managed_server:port/oaam_sample.
Youwillseeloginpageofthesampleapplication.
13.
Entertheusernameandthenpasswordinthenextpage.
Youaretakenthroughregistration.
2.
2IntegrationOptionsThissectiondescribesthefollowingintegrationoptions:IntegratingwithVirtualAuthenticationDevicesandKnowledge-BasedAuthenticationIntegratingwithKnowledge-BasedAuthentication2.
2.
1IntegratingwithVirtualAuthenticationDevicesandKnowledge-BasedAuthenticationThisintegrationconsolidatesvirtualauthenticationdevicesandknowledge-basedauthentication.
Globalizedvirtualauthenticationdeviceimagefilesincludingregistrationflowsmustbedevelopedbythedeploymentteam.
Figure2–1illustratesanauthenticationflowexamplethatusesthesethreesolutions(virtualauthenticationdevices,knowledge-basedauthentication,One-TimePassword).
Notethattheflowillustratedisanexampleandthatotherauthenticationflowsarepossible.
ThedetailsofthestagesintheFigure2–1areexplainedinthefollowingsections:UserNamePage(c1)DeviceFingerprintFlow(r2)RunPre-AuthenticationRules(r1)RunVirtualAuthenticationDeviceRules(r3)DecodeVirtualAuthenticationDeviceInput(p3)ValidateUserandPassword(c2)RunPost-AuthenticationRules(r4)CheckRegistrationforUser(p5)RunRegistrationRequiredRules(r5)EnterRegistrationFlow(p6)RunChallengeRules(r6)RunAuthenticationRules(r7)ChallengetheUser(p7)CheckAnswerstoChallenge(c4)LockOutPage(c6)Note:Thepasswordmustbetestfortheinitiallogin.
Youmustchangethepasswordimmediately.
IntegrationOptions2-8OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerLandingorSplashPage(c5)Figure2–1VirtualAuthenticationDevices,Knowledge-BasedAuthentication,andOTPScenarioIntegrationOptionsNativelyIntegratingwithOracleAdaptiveAccessManager2-92.
2.
1.
1UserNamePage(c1)Whentheapplicationusesacustomloginpage,theloginpagemustbesplitintotwopages.
TheuserinputstheloginID(username)inthefirstpage,andthisdataisstoredintheHTTPsession.
Thesecondloginpageisatransientpagetocapturetheflashandsecurecookiesandforfingerprintingtheuserdevice.
Figure2–2showsasampleofthefirstpage.
Figure2–2UserNamePage2.
2.
1.
2DeviceFingerprintFlow(r2)Thedevicefingerprintstageinvolvesfingerprintingtheuserdevice.
TheAPIsusedforthispurposearedetailedinTable2–1.
Table2–1DeviceFingerprintingAPIsModuleAPIsDescriptionServerVCryptTracker::updateLog()APIsthatconstructthefingerprintare:VCryptServletUtil.
getBrowserFingerPrint(userAgent,language,country,variant);VCryptServletUtil.
getFlashFingerPrint(client,fpStr);FormethoddetailsonupdateLog(),seeSection4.
5.
30,"updateLog.
"OracleAdaptiveAccessManagerSamplehandleJump.
jspSetstheclient'stimezoneSetsasecurecookieSetsthebrowserfingerprintSetsthestatustopendingCallsthepre-authenticationrules;expects"allow"toallowtheusertoproceedor"block"or"error"tostoptheuserfromcontinuingStoresbharosaSessionForwardstheusertothepassword.
jpspageOracleAdaptiveAccessManagerSamplehandleFlash.
jspSetstheflashCookieifthebrowserisflash-enabledIntegrationOptions2-10OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerCookiesinDeviceIdentificationOracleAdaptiveAccessManagerusestwotypesofcookiestoperformdeviceidentification.
Oneisthebrowsercookie(alsoknownassecurecookie)andtheotheristheflashcookie(alsoknownasdigitalcookie).
Thebrowsercookievalueisconstructedusingthebrowseruseragentstring.
TheflashcookievalueisconstructedusingdatafromtheOAAMflashmovie.
Thefollowingissamplecodetofingerprintthedeviceusingbrowserandflashcookies.
RefertocodeinhandleFlash.
jspfordetails://GetBrowse/SecurecookieStringsecureCookie=getCookie(request,"bharosa");Localelocale=request.
getLocale();StringbrowserFp=VCryptServletUtil.
getBrowserFingerPrint(request.
getHeader("user-agent"),locale.
getLanguage(),locale.
getCountry(),locale.
getVariant());Stringclient=request.
getParameter("client");StringfpStr=request.
getParameter("fp");StringflashFp=bharosaHelper.
constructFlashFingerPrint(client,fpStr);//GettheflashcookieStringflashCookie=request.
getParameter("v");CookieSetcookieSet=bharosaHelper.
fingerPrintFlash(bharosaSession,bharosaSession.
getRemoteIPAddr(),request.
getRemoteHost(),BharosaEnumAuthStatus.
PENDING,secureCookie,browserFp,flashCookie,flashFp);2.
2.
1.
3RunPre-AuthenticationRules(r1)Pre-authenticationrulesarerunbeforetheuserisauthenticated.
Commonvaluesreturnedbythepre-authenticationcheckpointinclude:Allowtoallowtheusertoproceedforward.
Blocktoblocktheuserfromproceedingforward.
TheAPIsusedforpre-authenticationarelistedinTable2–2.
2.
2.
1.
4RunVirtualAuthenticationDeviceRules(r3)Thisstagedeterminesthevirtualauthenticationdevicetouse.
Iftheuserhasnotregisteredanimageandaphrase,therulereturnstheGenericTextPad;otherwise,ifTable2–2Pre-AuthenticationRulesReferenceAPIsModuleAPIsDescriptionServerVCryptRulesEngine::processRules()Formethoddetails,seeSection4.
5.
23,"processRules.
"OracleAdaptiveAccessManagerSamplehandleJump.
jspInvokesthepre-authenticationrules;returns"allow"toproceedforwardtopassword.
jspor"block"or"error"tosignalanerrorStoresbharosaSessionBharosaHelperBharosaHelper::runPreAuthRules()IntegrationOptionsNativelyIntegratingwithOracleAdaptiveAccessManager2-11theuserhasregistered,therulereturnseitherthepersonalizedTextPadorKeyPad.
Commonvaluesreturnedbyvirtualauthenticationdevicesinclude:GenericTextPadtousethedefaultgenericTextPad.
TextPadtouseapersonalizedTextPad.
KeyPadtouseapersonalizedKeyPad.
TheAPIsusedtorunvirtualauthenticationdevicerulesarelistedinTable2–3.
2.
2.
1.
4.
1GenerateaGenericTextPad(p1)Ageneric,non-personalizedTextPadisusedforuserswhohavenotyetregisteredwithOracleAdaptiveAccessManager.
Figure2–3illustratesagenericTextPad.
Figure2–3Generic,Non-PersonalizedTextPadTable2–4liststheAPIsusedtogenerateagenericTextPad.
Table2–3VirtualAuthenticationDeviceRulesAPIsModuleAPIsDescriptionServerVCryptRulesEngine::processRules()Formethoddetails,seeSection4.
5.
23,"processRules.
"OracleAdaptiveAccessManagerSamplepassword.
jspInvokesrulestoidentifytheuser'svirtualauthenticationdevicetypeCreatesthevirtualauthenticationdevice,namesit,andsetsallinitialbackgroundframesInvokeskbimage.
jspasconfiguredForwardstopagehandlePassword.
jspBharosaHelperBharosaHelper::getAuthentiPad()IntegrationOptions2-12OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager2.
2.
1.
4.
2GenerateaPersonalizedTextPadorKeyPad(p2)ApersonalizedTextPadisusedforuserswhohaveregisteredwithOracleAdaptiveAccessManager.
Figure2–4andFigure2–5illustratepersonalizedtextandkeyvirtualauthenticationdevices.
Figure2–4PersonalizedTextPadTable2–4GenerationofaGenericTextPadAPIsModuleAPIsDescriptionServerVCryptAuth::getUserByLoginId()YoucanobtainaninstanceofVCryptAuthbycallingVCryptAuthUtil.
getVCryptAuthInstance().
Formethoddetails,seeSection4.
5.
17,"getUserByLoginId.
"OracleAdaptiveAccessManagerSamplePassword.
jspInvokesrulestoidentifythevirtualauthenticationdevicetypetouse;thedefaultisKeyPadCreatesthevirtualauthenticationdevice,namesit,andsetsallinitialbackgroundframesInvokeskbimage.
jspasconfiguredForwardstopagehandlePassword.
jspBharosaHelperBharosaHelper::createPersonalizedAuthentiPad()BharosaHelper::createAuthentiPad()ClientAuthentiPad::getHTML()IntegrationOptionsNativelyIntegratingwithOracleAdaptiveAccessManager2-13Figure2–5PersonalizedKeyPadTable2–5liststheAPIsusedtogenerateapersonalizedTextPadorKeyPad.
2.
2.
1.
4.
3DisplayTextPadandKeyPad(s2ands3)TheHTMLcodeexampletodisplayTextPadandKeyPadshouldbeembeddedinthepasswordpage.
ThisHTMLrenderstheTextPadorKeyPadusingJavaScript,anditincludesantag,whichmakesaHTTPrequesttotheservertogettheTextPadorKeyPadimage.
Table2–6liststheAPIsusedtodisplayTextPadandKeyPad.
Table2–5GeneratingaPersonalizedTextPadorKeyPadAPIsModuleAPIsDescriptionServerVCryptAuth::getUserByLoginId()Formethoddetails,seeSection4.
5.
17,"getUserByLoginId.
"OracleAdaptiveAccessManagerSamplepassword.
jspInvokesrulestoidentifythevirtualauthenticationdevicetypetouse;thedefaultisKeyPadCreatesthevirtualauthenticationdevice,namesit,andsetsallinitialbackgroundframesForwardstopagehandlePassword.
jspInvokeskbimage.
jspasconfiguredBharosaHelperBharosaHelper::createPersonalizedAuthentiPad()BharosaHelper::createAuthentiPad()ClientAuthentiPad::getHTML()IntegrationOptions2-14OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager2.
2.
1.
5DecodeVirtualAuthenticationDeviceInput(p3)Inthisstage,thechosenvirtualauthenticationdevicedecodesthedatatheusersuppliestoit;thedecodedvalueisinrawtextformat,anditisrecommendedthatitbesavedintheHTTPSession.
Thevirtualauthenticationdeviceobjectisserializedandstoredinthedatabaseorthefilesystem.
Thevirtualauthenticationdeviceisstoredinsessionbecauseitisusedtodecodetheinput.
ThisisneededforvirtualauthenticationdeviceslikePinPadandKeyPadwheretheuserinputisnotcleartext.
Forconsistencyitisperformedforallvirtualauthenticationdevicessincetheyaredesignedtobeabletobeusedinterchangeably.
Table2–7liststheAPIsusedtodecodeuserinput.
2.
2.
1.
6ValidateUserandPassword(c2)Thisstagerepresentstheclient'sexistingprocessinwhichtheclientinvokesthelocalAPItoauthenticatetheuserandtheauthenticationresultispassedontoOAAMServer.
TheAPIusedisdetailedinTable2–8.
Table2–6DisplayingTextPadandKeyPadAPIsModuleAPIsDescriptionServerVCryptAuth::getUserByLoginId()OracleAdaptiveAccessManagerSamplepassword.
jspInvokesrulestoidentifythevirtualauthenticationdevicetypetouse;thedefaultisKeyPadCreatesthevirtualauthenticationdevice,namesit,andsetsallinitialbackgroundframesInvokeskbimage.
jspasconfiguredForwardstopagehandlePassword.
jspOracleAdaptiveAccessManagerSamplekbimage.
jspOutputsthevirtualauthenticationdevice(s)BharosaHelperBharosaHelper::createPersonalizedAuthentiPad()BharosaHelper::createAuthentiPad()BharosaHelper::imageToStream()ClientAuthentiPad::getHTML()KeyPadUtil::encryptImageToStream()Table2–7DecodingVirtualAuthenticationDeviceInputAPIsModuleAPIsDescriptionOracleAdaptiveAccessManagerSamplehandlePassword.
jspRetrievesthepasswordDecodesthepasswordValidatestheuserBharosaHelperBharosaHelper::decodePadInput()RemovesthevirtualauthenticationdeviceobjectfromtheHTTPSession.
ClientKeyPadUtil::decodeKeyPadCodeIntegrationOptionsNativelyIntegratingwithOracleAdaptiveAccessManager2-152.
2.
1.
6.
1UpdateAuthenticationStatus(p4)Aftervalidatingtheuserpassword,thestatusisupdatedwiththeAPIsdetailedinTable2–9.
2.
2.
1.
6.
2PasswordStatus(c3)Dependingonthepasswordauthenticationstatus,theuserisdirectedtotheretrypageortopost-authentication.
2.
2.
1.
7RunPost-AuthenticationRules(r4)Theserulesarerunaftertheuserpasswordhasbeenauthenticated.
Commonactionsreturnedbypost-authenticationinclude:Allowtoallowtheusertoproceedforward.
Blocktoblocktheuserfromproceedingforward.
Challengetochallengetheuser.
TheAPIsusedforpost-authenticationarelistedinTable2–10.
Table2–8ValidatingUserandPasswordAPIModuleAPIDescriptionOracleAdaptiveAccessManagerSamplehandlePassword.
jspRetrievesthepasswordDecodesthepasswordUpdatesthestatusto"success"(ifuserisvalid),orto"invalid,""error,"or"badpassword"(iftheuserisinvalid)Runspost-authenticationrulesandreturnsoneofthefollowingvalues:REGISTER_USER_OPTIONALREGISTER_QUESTIONSREGISTER_USERCHALLENGETable2–9UpdatingAuthenticationStatusAPIsModuleAPIsDescriptionServerVCryptTracker::updateAuthStatus()Formethoddetails,seeSection4.
5.
29,"updateAuthStatus.
"OracleAdaptiveAccessManagerSamplehandlePassword.
jspRetrievesthepasswordDecodesthepasswordValidatestheuserForwardstoregisterImageandPhrase,orchallengesaregistereduserBharosaHelperBharosaHelper::updateStatus()IntegrationOptions2-16OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager2.
2.
1.
8CheckRegistrationforUser(p5)Rulesareruntocheckregistration;iftheuserisnotregistered,heisdirectedtodoso.
2.
2.
1.
9RunRegistrationRequiredRules(r5)Theregistrationisrequireddependingonbusinessandsecurityrequirements,whichspecifywhethertheregistrationismandatoryoroptional.
Valuesreturnedbyregistrationrulesincludethefollowing:Registertorequireuserregistration.
RegistrationOptionaltomakeuserregistrationoptional.
SkipRegistrationtoskipregistrationforthissession.
Table2–11liststheAPIsusedtorunregistrationrules.
Table2–10Post-AuthenticationRulesReferenceAPIsModuleAPIsDescriptionServerVCryptRulesEngine::processRules()Formethoddetails,seeSection4.
5.
23,"processRules.
"OracleAdaptiveAccessManagerSamplehandlePassword.
jspCallsBharosaHelper::runPostAuthRuleswhichreturns:ALLOWBLOCKCHALLENGEIfALLOW:BharosaHelper::runRegistrationRulesreturnsALLOWREGISTER_QUESTIONSREGISTER_USER_INFOREGISTER_USERSYSTEM_ERRORIfCHALLENGE:forward_challengePageBharosaHelperBharosaHelper::runPostAuthRules()IntegrationOptionsNativelyIntegratingwithOracleAdaptiveAccessManager2-172.
2.
1.
10EnterRegistrationFlow(p6)TheRegistrationFlowallowsyoutoregisteranewimageandcaption,questions,andsoonasdescribedinthetablebelow:2.
2.
1.
11RunChallengeRules(r6)Thechallengerulesareinvokedtodeterminewhichtypeofchallengetodisplaytotheuser.
Valuesreturnedbythechallengerulesincludethefollowing:Table2–11RegistrationRequiredRulesReferenceAPIsModuleAPIsDescriptionServerVCryptRulesEngine::processRules()Formethoddetails,seeSection4.
5.
23,"processRules.
"OracleAdaptiveAccessManagerSamplepassword.
jspInvokesrulestoidentifythevirtualauthenticationdevicetypetouse;thedefaultisKeyPadCreatesthevirtualauthenticationdevice,namesit,andsetsallinitialbackgroundframesInvokeskbimage.
jspasconfiguredForwardstopagehandlePassword.
jspBharosaHelperBharosaHelper::getAuthentiPad()Table2–12RegistrationFlowModuleAPIsDescriptionServerVCryptRulesEngine::processRules()Formethoddetails,seeSection4.
5.
23,"processRules.
"OracleAdaptiveAccessManagerSampleregisterImagePhrase.
jspAssignsnewimageandcaptiontouserAssignsnewimageandcaptiontouserForwardstopagehandleRegisterImagePhrase.
jspregisterQuestions.
jspGetsquestionpicksetfortheuserDisplaysquestionselectionuserinterfaceandinputsforanswersForwardstopagehandleRegisterQuestions.
jspregisterContactInfo.
jspPresentsuserwithinputsforOTPregistrationinformationForwardstopagehandleRegisterContactInfo.
jspBharosaHelperBharosaHelper::getAuthentiPad()BharosaHelper::createSampleAuthentiPadBharosaHelper::assignRandomImageAndCaptionBharosaHelper::saveNewImageAndOrCaptionBharosaHelper::getQuestionsBharosaHelper::isDeviceRegisteredBharosaHelper::setContactInfoIntegrationOptions2-18OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerChallengeQuestiontochallengetheuserwithquestion.
ChallengeSMStochallengeuserwithOTPviaSMS,tochallengeuserwithOTPChallengeEmailtochallengeuserwithOTPviaemailBlocktoblocktheuser.
Table2–13liststheAPIsusedtorunthechallengerules.
2.
2.
1.
12RunAuthenticationRules(r7)BharosaHelper::getAuthentiPadisusedtocreateanauthenticationdevice.
ThatmethodinturncallstheAuthenticationDeviceRulestodeterminethedevicetouse.
Iftheuseristobechallengedwithaquestion,therulereturnstheQuestionPad.
IftheuseristobechallengewithanOTP,therulereturnstheTextPad.
2.
2.
1.
13ChallengetheUser(p7)Ifappropriate,theuserischallengedwitheitherKnowledgeBasedAuthentication(KBA)orOTP(OneTimePassword).
KBAisanextensiontoexistingUserID/passwordauthenticationandsecuresanapplicationusingachallenge/responseprocesswhereusersarechallengedwithquestions.
Theusermustanswerthequestioncorrectlytoproceedwithhisrequestedsign-on,transaction,service,andsoon.
OTPisanextensiontoexistingUserID/passwordauthenticationaswellandaddsanextrasecuritylayertoprotectapplications.
OTPisgeneratedafterverifyingtheuserIDandpasswordandthendeliveredtousersviae-mailormobilephoneiftheapplicationdeemsittobenecessary.
UsersthenusetheOTPtosign-intotheapplication.
Table2–14liststheAPIstochallengetheuserwithregisteredquestions.
Table2–13RunChallengeRulesAPIsModuleAPIsDescriptionServerVCryptRulesEngine::processRules()Formethoddetails,seeSection4.
5.
23,"processRules.
"OracleAdaptiveAccessManagerSamplehandleChallenge.
jsphandleChallenge.
jspcallsBharosaHelper::validateAnswerIfthatmethodreturnsBharosaEnumChallengeResult.
SUCCESS,statusisupdatedto"success"andtheuserisallowedtomoveforward;otherwiseifBharosaEnumChallengeResult.
WRONG_ANSWERisreturnedthenchallengerulesarerunagaintodeterminethenextstep.
BharosaHelperBharosaHelper::validateAnswer()IntegrationOptionsNativelyIntegratingwithOracleAdaptiveAccessManager2-192.
2.
1.
14CheckAnswerstoChallenge(c4)Thisstageinvolvesvalidatingtheuser'sinputtothechallenge:ForKBA,callingOracleAdaptiveAccessManagerServertodeterminewhethertheanswertheuserhassuppliedmatchestheregisteredreply.
ForOTP,validatingtheenteredvaluetotheOTPgeneratedandsenttotheuser.
Table2–15liststheAPIsusedtovalidateachallenge.
Table2–14ChallengeUserAPIsModuleAPIsDescriptionServerVCryptAuth::getSecretQuestion()VCryptTracker::generateOTP()OracleAdaptiveAccessManagerSampleChallenge.
jspDeterminetypeofchallengetouse.
BharosaHelper::runChallengeRulesIfchallengetypereturnedisKBA(ChallengeQuestion)thengetuserquestionwithVCryptAuth:getUserQuestionIfchallengetypeisOTP(ChallengeSMS,ChallengeEmail,.
.
.
)thengenerate,store,andsendOTPcode.
BharosaHelper::generateOTPBharosaHelper::sendCodeUseauthenticationpadrulestodetermineauthentipadtodisplaytotheuser.
SeeSection2.
2.
1.
4,"RunVirtualAuthenticationDeviceRules(r3).
".
SubmitstheanswertohandleChallenge.
jpshandleChallenge.
jspcollectsuserinputandcallsBharosaHelper::validateAnswer-usedtovalidateuseranswerforchallenge(sameasquestionchallenge)BharosaHelperBharosaHelper::createPersonalizedAuthentiPad()BharosaHelper::createAuthentiPad()BharosaHelper::generateOTPBharosaHelper::sendCodeBharosaHelper::getUserQuestionClientAuthentiPad::getHTML()IntegrationOptions2-20OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager2.
2.
1.
15LockOutPage(c6)TheLockOutpageisthepagetowhichtheuserisredirectedwhenthepost-authorizationrulesreturnBlock.
2.
2.
1.
16LandingorSplashPage(c5)Thispageisthepagetowhichtheuserisredirectedafterasuccessfullogin,thatis,whenthepost-authorizationrulesreturnAllow.
2.
2.
2IntegratingwithKnowledge-BasedAuthenticationThisscenarioisasubsetofthescenariodescribedinSection2.
2.
1,"IntegratingwithVirtualAuthenticationDevicesandKnowledge-BasedAuthentication.
"Thisscenariodoesnothaveasplitloginflowanddoesnotincludepersonalizationsorvirtualauthenticationdevices.
2.
2.
2.
1User/Password(S1)TheUser/PasswordPageistheexistingpagecurrentlyusedbytheclient.
Itcontainsthetextboxforboththeusernameandpassword.
Therearenochangesrequiredforthispage;however,thepostfromthispageshoulddisplayatransient(intermediate)refreshpage.
Table2–15ValidateAnswertoaChallengeModuleAPIsDescriptionServerVCryptAuth::authenticateQuestion()VCryptRulesEngine::processRules()VCryptTracker::updateAuthStatus()Formethoddetails,seeSection4.
5.
23,"processRules,"andSection4.
5.
29,"updateAuthStatus.
"OracleAdaptiveAccessManagerSamplehandleChallenge.
jspCallsBharosaHelper::validateAnswerIfthatmethodreturnsBharosaEnumChallengeResult.
SUCCESS,statusisupdatedto"success"andtheuserisallowedtomoveforward;otherwiseifBharosaEnumChallengeResult.
WRONG_ANSWERisreturnedthenchallengerulesarerunagaintodeterminethenextstep.
BharosaHelperBharosaHelper::validateAnswer()IfthetypeofchallengebeingvalidatedisKBA(ChallengeQuestion),thenVCryptAuth::authenticateQuestioniscalledtovalidatetheusersinputagainsttheregisteredanswerforthequestionpresented.
IfthetypeofchallengebeingvalidatedisOTP(ChallengeSMS,ChallengeEmail,andsoon),thentheusersinputiscomparedtothevaluestoredwhenOTPcodewasgenerated.
Iftheansweriscorrect,theOTPchallengecounterisresetbycallingBharosaHelper::resetOTPCounter.
Otherwiseiftheanswerisincorrect,theOTPchallengecounterisincremented(BharosaHelper::incrementOTPCounter).
MethodreturnsaBharosaEnumAuthStatusofeitherBharosaEnumAuthStatus.
SUCCESSorBharosaEnumAuthStatus.
WRONG_ANSWERIntegrationOptionsNativelyIntegratingwithOracleAdaptiveAccessManager2-212.
2.
2.
2StagesForinformationontheotherstages,seethefollowingsections:Section2.
2.
1.
2,"DeviceFingerprintFlow(r2)"Section2.
2.
1.
6,"ValidateUserandPassword(c2)"Section2.
2.
1.
6.
1,"UpdateAuthenticationStatus(p4)"Section2.
2.
1.
6.
2,"PasswordStatus(c3)"Section2.
2.
1.
7,"RunPost-AuthenticationRules(r4)"Section2.
2.
1.
8,"CheckRegistrationforUser(p5)"Section2.
2.
1.
9,"RunRegistrationRequiredRules(r5)"Section2.
2.
1.
13,"ChallengetheUser(p7)"Section2.
2.
1.
15,"LockOutPage(c6)"Section2.
2.
1.
16,"LandingorSplashPage(c5)"IntegrationOptions2-22OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager3IntegratingNative.
NETApplications3-13IntegratingNative.
NETApplicationsThischapterprovidesdetailshowASP.
NETapplicationscanintegratewithOracleAdaptiveAccessManagerusingthe.
NETAPIprovidedbyOracleAdaptiveAccessManager.
DescriptionsarealsoprovidedonthesampleapplicationsusedtoillustratetheintegrationofdifferentOAAMfeatureswithabasicWebapplication.
Thischaptercontainsthefollowingsections:IntroductionOracleAdaptiveAccessManager.
NETSDKConfigurationPropertiesOracleAdaptiveAccessManagerAPIUsageIntegrationExampleUsingSampleApplications3.
1IntroductionASP.
NETisaWebapplicationframeworkthatallowsprogrammerstobuilddynamicWebsites,Webapplications,andWebservices.
OAAMprovidesanOAAM.
NETdevelopmentkit(SDK).
TheOAAM.
NETSDKtouseforintegratingASP.
NETapplicationswithOAAM.
ItincludestheOAAM.
NETAPIsthatareexposedbytheOAAM.
NETlibrary,OAAMsample.
NETapplications,OAAMflashmoviepage,whichisusedtocollectfingerprintindeviceidentification,andotherfilesthatarerequiredfor.
NETNativeIntegration.
ASP.
NETapplications,writteninanyASP.
NETlanguage,canusetheOAAM.
NETAPItocallOracleAdaptiveAccessManager.
TheOAAM.
NETAPIcommunicateswiththeOAAMserverusingSimpleObjectAccessProtocol(SOAP).
SOAPisaprotocolspecificationforexchangingstructuredinformationintheimplementationofWebServicesincomputernetworks.
3.
2OracleAdaptiveAccessManager.
NETSDKTheOracleAdaptiveAccessManager.
NETdevelopmentkit(SDK)ispackagedintheZIPfile,oaam_native_dot_net.
zipin$ORACLE_HOME/oaam/oaam_libs/dotNet/.
Sample.
NETapplicationsthatenableOAAMfeaturesrequiretheintegrationoftheOAAM.
NETAPIsfoundintheSDKpackageoaam_native_dot_net.
zip.
Thecontentofthearchiveneedstobeextractedtotherootdirectoryofthewebapplication:oaam_native_dot_net.
zipcouldbeobtainedfrom${ORACLE_HOME}/oaam/dist/oaam_dist_final/oracle.
oaam.
libs/dotNet.
ConfigurationProperties3-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager3.
3ConfigurationPropertiesTheOracleAdaptiveAccessManager.
NETSDKincludespropertyfilesthatspecifyvaluesforconfigurationusedbytheOracleAdaptiveAccessManagerAPI.
Adevelopercanmodifythesepropertiestospecifyapplication-specificvaluesoraddnewones.
3.
3.
1HowtheAPIUsesPropertiesTheOAAM.
NETAPIusespropertiestoreadconfigurablevaluesatruntime,suchasthelocationofimagesforvirtualauthenticationdevices.
Virtualauthenticationdevicesarecontrolsforuserinputandprovideavirtualkeyboardandpersonalization.
Propertiesarereadandcachedfromalistoffilesatstartupandupdatedwheneveroneofthepropertiesfilesisupdated.
ThesequenceinwhichthepropertiesfilesareloadedbyOracleAdaptiveAccessManager.
NETAPIisasfollows:1.
Thelookup.
propertiesfile,ifpresent,isloadedfirst.
2.
Iftheproperties.
filelistpropertyisdefinedinlookup.
properties,thenallthefileslistedinthatpropertyareaddedtothequeue(inthelistedorder).
3.
Thebharosa_lookup.
propertiesfile,ifpresent,isloaded.
4.
Iftheproperties.
filelistpropertyisdefinedinbharosa_lookup.
properties,thenallthefileslistedinthatpropertyareaddedtothequeue(inthelistedorder)5.
Allfilesinthequeueareloaded.
6.
Whenanyoftheloadedpropertiesfilesischanged,thepropertiesarereloaded.
Thepropertiesfiles,includinglookup.
properties,aresearchedinthefollowingdirectoriesintheorderstatedinTable3–1;thesearchforagivenfilestopswhenthefileisfirstfoundorwhennofileisfound.
Table3–1.
NETPropertyFilesDirectoryExample/c:/Inetpub/wwwroot/MyApp//c:/Windows/System32//c:/Inetpub/wwwroot/MyApp/bin//.
.
/c:/Inetpub/wwwroot/MyApp//c:/Windows/System32//bharosa_properties/c:/Inetpub/wwwroot/MyApp/bharosa_properties//bharosa_properties/c:/Windows/System32/bharosa_properties//bharosa_properties/c:/Inetpub/wwwroot/MyApp/bin/bharosa_properties//.
.
/bharosa_properties/c:/Inetpub/wwwroot/MyApp/bharosa_properties//bharosa_properties/c:/Windows/System32/bharosa_properties/ConfigurationPropertiesIntegratingNative.
NETApplications3-33.
3.
2EncryptingPropertyValuesApropertyvaluespecifiedinapropertiesfilecanbeencryptedusingthecommand-lineutilityBharosaUtils.
exeincludedintheOracleAdaptiveAccessManager.
NETSDK.
Anencryptionkey(arbitrarilyselectedbytheuser)isrequiredtoencryptanddecryptvalues.
ThiskeyisavailabletoOracleAdaptiveAccessManager.
NETAPIthroughthepropertybharosa.
cipher.
client.
key,whichmustbesetinoneoftheapplicationpropertiesfiles.
BharosaUtil.
exepromptstheusertoentertheencryptionkeyandavalue,andtheencryptedvalueisoutputtotheconsole.
Thefollowingrunoftheutilityillustrateshowtoencryptastring:C:\>BharosaUtil.
exe-encEnterkey(min14characterslen):Enterkeyagain:Entertexttobeencrypted:Entertexttobeencryptedagain:vCCKC19d14a39hQSKSirXSiWfgbaVG5SKIg==3.
3.
3UsingUser-DefinedEnumerationstoDefineElementsVisualStudio2005allowsyoutouseenumerationsdefinedinthe.
NETFramework.
Auser-definedenumerationsareacollectionofitems;eachitemisassignedanintegerandmaycontainseveralattributes.
Auser-definedenumerationisspecifiedinapropertiesfile,anditsname,thenamesofitsitems,andthenameoftheitemattributesmustconformtothefollowingrules:Thenameoftheenumerationhasthesuffix.
enumThenameofanitemhasaprefixequalstothenameoftheenumerationThenameofanattributeofanitemhasaprefixequalstothenameoftheitemHereisanexampleofauser-definedenumeration:#Exampleofauser-definedenumerationauth.
status.
enum=Enumerationtodescribeauthenticationstatus#firstitemanditsattributesauth.
status.
enum.
success=0auth.
status.
enum.
success.
name=Successauth.
status.
enum.
success.
description=Successauth.
status.
enum.
success.
success=true#seconditemanditsattributesauth.
status.
enum.
invalid_user=1auth.
status.
enum.
invalid_user.
name=Invaliduserauth.
status.
enum.
invalid_user.
description=InvalidUser#thirditemanditsattributesauth.
status.
enum.
wrong_password=2auth.
status.
enum.
wrong_password.
name=Wrongpasswordauth.
status.
enum.
wrong_password.
description=Wrongpassword#fourthitemanditsattributesauth.
status.
enum.
wrong_pin=3auth.
status.
enum.
wrong_pin.
name=Wrongpinauth.
status.
enum.
wrong_pin.
description=WrongPinOracleAdaptiveAccessManagerAPIUsage3-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager#fifthitemanditsattributesauth.
status.
enum.
session_expired=4auth.
status.
enum.
session_expired.
name=Sessionexpiredauth.
status.
enum.
session_expired.
description=SessionexpiredHereisanexampleoftheuseoftheprevioususer-definedenumerationinapplicationcode:UserDefEnumFactoryfactory=UserDefEnumFactory.
getInstance();UserDefEnumstatusEnum=factory.
getEnum("auth.
status.
enum");intstatusSuccess=statusEnum.
getElementValue("success");intstatusWrongPassword=statusEnum.
getElementValue("wrong_password");3.
4OracleAdaptiveAccessManagerAPIUsageThissectioncontainsdetailsonhowOAAMAPIsareusedtosupportcommonOAAMscenarios.
Youcanalsorefertothesampleapplicationsfordetails.
3.
4.
1UserDetailsOracleAdaptiveAccessManagerstoresuserdetailsinitsdatabaseandusesthisinformationtoperformthefollowingtasks:DeterminetheriskrulestorunforauserFinduser-specificvirtualauthenticationdeviceattributesProposechallengequestionsValidateanswerstochallengequestionsTheclientapplicationisresponsibleforpopulatingtheOracleAdaptiveAccessManagerdatabasewithuserdetailsatruntime.
Forexample,whenauserlogsin,theclientapplicationshouldfirstdeterminewhethertheuserrecordexists.
Iftherecordisnotfound,thentheapplicationshouldcalltheappropriateAPIstocreateauserrecordandsettheuserstatus.
Thefollowingsampleillustratesthecallstocreateauserrecord:stringloginId="testuser";//loginIdoftheuserloggingin//settheproxytoaccesstheSOAPserverthatcommunicateswiththe//OAAMSOAPServerIBharosaProxyproxy=BharosaClientFactory.
getProxyInstance();//findtheuserrecordinOAAMVCryptAuthUseruser=proxy.
getUserByLoginId(loginId);//ifuserrecorddoesnotexist,createoneif(user==null||StringUtil.
IsEmpty(user.
LoginId)){stringcustomerId=loginId;stringuserGroupId="PremiumCustomer";stringpasswordthisvalueisnotusedfornowuser=newVCryptAuthUser(loginId,customerId,userGroupId,password);user=proxy.
createUser(user);//setthestatusofthenewusertoInvalid;oncetheuseris//authenticated,setthestatustoPendingActivation;aftertheOracleAdaptiveAccessManagerAPIUsageIntegratingNative.
NETApplications3-5//usersuccssfullycompletesregistration,setthestatustoValidproxy.
setUserStatus(user.
CustomerId,(int)UserStatus.
Invalid);}//savetheuserrecordinthesessionforlaterreferenceAppSessionDatasessionData=AppSessionData.
GetInstance(Session);sessionData.
CurrentUser=user;Forfurtherdetails,seethesampleapplicationsinSection3.
5.
1,"ASP.
NETApplications.
"3.
4.
2UserLoginsandTransactionsOracleAdaptiveAccessManagerprovidesAPIstocaptureuserlogininformation,userloginstatus,andotherusersessionattributestodeterminedeviceandlocationinformation.
OracleAdaptiveAccessManageralsoprovidesAPIstocollecttransactiondetails.
ThefollowingcodesampleillustratestheuseofthisAPI://recordauserloginattemptinOAAMstringrequestId=sessionData.
RequestId;stringremoteIPAddr=Request.
UserHostAddress;stringremoteHost=Request.
UserHostName;boolisFlashRequest=Request.
Params["client"].
Equals("vfc");stringsecureCookie=(Request.
Cookies["vsc"]!
=null)Request.
Cookies["vsc"].
Value:null;stringdigitalCookie=isFlashRequestRequest.
Params["v"]:null;object[]browserFpInfo=HttpUtil.
GetBrowserFingerPrint();object[]flashFpInfo=HttpUtil.
GetFlashFingerPrint();intbrowserFingerPrintType=browserFpInfo==null0:(int)browserFpInfo[0];stringbrowserFingerPrint=browserFpInfo==null"":(string)browserFpInfo[1];intflashFingerPrintType=flashFpInfo==null0:(int)flashFpInfo[0];stringflashFingerPrint=flashFpInfo==null"":(string)flashFpInfo[1];//ifusernameandpasswordhavebeenvalidatedbynow,setthestatus//totheappropriatevalue,suchassuccess,wrong_password,orinvalid_userintstatus=statusEnum.
getElementValue("success");//ifusernameandpasswordhavenotyetbeenvalidated,setthestatusto//pending;aftervalidationisdonecallupdateLogtoupdatestatusintstatus=statusEnum.
getElementValue("pending");//CallupdateLogtorecordtheuserloginattemptCookieSetcs=proxy.
updateLog(requestId,remoteIPAddr,remoteHost,secureCookie,digitalCookie,user.
CustomerGroupId,user.
CustomerId,user.
LoginId,false,status,ClientTypeEnum.
Normal,"1.
0",browserFingerPrintType,browserFingerPrint,flashFingerPrintType,flashFingerPrint);//UpdatesecurecookieinthebrowserwiththenewvaluefromOAAMif(cs!
=null)OracleAdaptiveAccessManagerAPIUsage3-6OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager{HttpUtil.
UpdateSecureCookie(Response,cs);}3.
4.
3RulesEngineTheRulesEngineisthecomponentofOracleAdaptiveAccessManagerusedtoenforcepolicies.
Basedonacallingcontext,theRulesEngineevaluatespoliciesandprovidestheresultsofthoseevaluations.
Policiesareconfiguredbytheadministrator;fordetailsonpolicyconfiguration,seetheOracleFusionMiddlewareAdministrator'sGuideforOracleAdaptiveAccessManager.
ThefollowingcodesampleillustratestheuseofAPIstoinvoketheRulesEngineafterauserhasbeenauthorizedandtoprocesstheruleevaluationresult:AppSessionDatasessionData=AppSessionData.
GetInstance(Session);IBharosaProxyproxy=BharosaClientFactory.
getProxyInstance();UserDefEnumFactoryfactory=UserDefEnumFactory.
getInstance();UserDefEnumprofileTypeEnum=factory.
getEnum("profile.
type.
enum");stringrequestId=sessionData.
RequestId;BharosaStringListprofileTypes=newBharosaStringList();BharosaStringTablecontextList=newBharosaStringTable();intpostAuthType=profileTypeEnum.
getElementValue("postauth");profileTypes.
Add(postAuthType.
ToString());//RunpostauthrulesVCryptRulesResultres=proxy.
processRules(requestId,profileTypes,contextList);//processtheruleresultif(StringUtil.
EqualsIgnoreCase(res.
Result,"Allow")){//Allowtheuserlogin}elseif(StringUtil.
EqualsIgnoreCase(res.
Result,"Block")){//Blocktheuserlogin}elseif(res.
Result.
StartsWith("Challenge")){//Taketheuserthroughchallengequestionflow}elseif(res.
Result.
StartsWith("RegisterUser")){//Taketheuserthroughregistrationflow}3.
4.
3.
1DeviceIDInadditiontodeliveringtherulesresult,theRulesEnginecanreturnadeviceID,aninternalOracleAdaptiveAccessManageridentifierforthedeviceusedforthisloginsession.
ThefollowingsamplecodeillustrateshowtogetthedeviceID:VCryptRulesResultrulesResult=proxy.
processRules.
.
.
);If(!
rulesResult.
Response.
IsSuccess){OracleAdaptiveAccessManagerAPIUsageIntegratingNative.
NETApplications3-7BharosaTrace.
Error("Errorrunningrules"+rulesResult.
Response.
ErrorMessage);}LongdeviceId=rulesResult.
DeviceId;3.
4.
3.
2CreatingandUpdatingBulkTransactionsTheIBharosaProxy.
createTransactions()methodcanbeusedtocreatebulktransactions,asillustratedinthefollowingcall:VCrypResponse[]createTransactions(TransactionCreateRequestData[]transactionCreateRequestData);TheIBharosaProxy.
updateTransactions()methodcanbeusedtoupdatebulktransactions,asillustratedinthefollowingcall:VCrypResponse[]updateTransactions(TransactionUpdateRequestData[]transactionUpdateRequestData);3.
4.
4ValidatingaUserwithChallengeQuestionsOracleAdaptiveAccessManagercanchallengeauserwithpre-registeredquestionsandmatchuseranswerswithpre-registeredanswersduringhigh-riskorsuspiciousscenarios.
Typically,auserisaskedtochoosequestionsfromagivensetandprovideanswersforthem,allofwhicharethenregistered.
Whentheuserischallengedwithoneofthesequestions,hemustsupplythecorrectanswer,thatis,onethatmatchestheanswerheregistered.
Thefollowingsamplecodeillustratesthecallstoregisterquestionsandanswersandchallengetheuser://Retrieveaquestion-pickset,containinggroupsofquestionsfrom//whichtheuserwouldpickonequestionfromeachgroupfor//registrationVCryptQuestionList[]groups=proxy.
getSignOnQuestions(user.
CustomerId);//Seethesampleapplicationattheendofthischapter//fordetailsondisplayingthequestionsintheUIandprocessingtheuserinput//Here,weassumethattheq'sanda'sareinthequestionobject//RegisterthequestionsandanswerswithOAAMVCryptResponseresponse=proxy.
addQuestions(user.
CustomerId,questions);//RetrivethequestiontochallengetheuserVCryptQuestionsecretQuestion=proxy.
getSecretQuestion(user.
CustomerId);//CreateQuestionPadauthenticatortodisplaythequestiontext.
//Seethesampleapplicationattheendofthischapterfordetails;Important:Thecodeshownassumesthat:YouareusingOracleAdaptiveAccessManager10.
1.
4.
5oraboveYouhavesetthepropertybharosa.
tracker.
send.
deviceIdtotrueinOracleAdaptiveAccessManager:bharosa.
tracker.
send.
deviceId=trueOracleAdaptiveAccessManagerAPIUsage3-8OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager//Here,weassumethattheuserenteredananswerstoredinthestringanswer//ValidatetheuserenteredanswerVCryptAuthResultres=proxy.
authenticateQuestion(customerId,answer);boolisValid=(res!
=null&&res.
ResultCode==0);Forfurtherdetails,seethesampleapplicationsinSection3.
5.
1,"ASP.
NETApplications.
"3.
4.
5ResettingChallengeFailureCountersOracleAdaptiveAccessManagerrecordsthenumberofwronganswerstothequestionsposedtotheuserinthefailurecounters.
Failurecountersareusedtoenforcealock.
TheAPIincludesamethod,resetChallengeFailureCounters(),toresetthefailurecountersforagivenuseroruserandquestioncombination.
IfaQuestionIDisspecified(i.
e.
questionId!
=BharosaGlobals.
LongNull),inthecall,onlythefailurecountersassociatedwiththatquestionarereset;ifnoQuestionIDisspecified,thefailurecountersforallregisteredquestionsoftheuserarereset.
Thefollowingsamplecodeillustratesacalltoresetfailurecounters:VCryptResponseresetChallengeFailureCounters(StringrequestId,StringcustomerId,longquestionId);3.
4.
6VirtualAuthenticationDevicesThissectiondescribesthecreationanduseofvirtualauthenticationdevicesinASP.
NETapplicationsinthefollowingsubsections:CreatingaVirtualAuthenticationDeviceEmbeddingaVirtualAuthenticationDeviceinaWebPageValidatingUserInputwithaVirtualAuthenticationDevice3.
4.
6.
1CreatingaVirtualAuthenticationDeviceTocreateavirtualauthenticationdevice,usethemethod,BharosaClient.
getAuthentiPad(),asillustratedinthefollowingsamplecode:IBharosaClientclient=BharosaClientFactory.
getClientInstance();StringpadName="passwordPad";if(!
IsPostBack){AuthentiPadTypepadType=AuthentiPadType.
TYPE_ALPHANUMERICPAD;StringbgFile=proxy.
getImage(user.
CustomerId);StringcaptionText=proxy.
getCaption(user.
CustomerId);StringframeFile=BharosaConfig.
get("bharosa.
authentipad.
alphanumeric.
frame.
file","alphanumpad_bg/kp_v2_frame_nologo.
png");AuthentiPadauthPad=client.
getAuthentiPad(padType,padName,frameFile,bgFile,captionText,false,true,true);//savetheauthenticatorobjectinsessData:itwillbeneeded//inGetImage.
aspx.
cstogeneratetheauthenticatorimage,andOracleAdaptiveAccessManagerAPIUsageIntegratingNative.
NETApplications3-9//whiledecodingtheuserinputsessionData[padName]=authPad;}3.
4.
6.
2EmbeddingaVirtualAuthenticationDeviceinaWebPageTodisplayavirtualauthenticationdeviceproperly,suchastheonecreatedintheprevioussection,boththe.
ASPXfileandthecode-behindfileneedtobeupdated.
Toupdatethesefiles,proceedasfollows:1.
IncludetheJavaScriptbharosa_web/js/bharosa_pad.
jsintheASPXfile.
2.
CreatealabelintheASPXfilewherethevirtualauthenticationdeviceistobedisplayed:3.
GeneratetheHTMLinthecode-behindfilefromthevirtualauthenticationdeviceobjectandassignittothelabel:this.
authenticator.
Text=client.
getAuthentiPadHTML(authPad,false,false);3.
4.
6.
3ValidatingUserInputwithaVirtualAuthenticationDeviceTheinputthatausersuppliestoavirtualauthenticationdeviceispostedtotheapplicationintheHTTPparameternamedpadName+"DataField".
Thisinputshouldbedecodedusingthevirtualauthenticationdeviceasillustratedinthefollowingsamplecode:if(IsPostBack){AuthentiPadauthPad=sessionData[padName];StringencodedPasswd=Request.
Params[padName+"DataField"];Stringpasswd=authPad.
decodeInput(encodedPasswd);//continuetovalidatethepassword}3.
4.
7SpecifyingCredentialstotheOracleAdaptiveAccessManagerSOAPServerThecredentialstoaccesstheOracleAdaptiveAccessManagerSOAPServercanbespecifiedinoneofthefollowingways:Byaddingthefollowingsettingstoapplicationweb.
configfile:Byaddingthefollowingpropertiestooneoftheapplicationpropertiesfiles:BharosaSOAPUser=soapUserBharosaSOAPPassword=soapUserPasswordBharosaSOAPDomain=soapUserDomainNote:WhenspecifyingSOAPcredentialsinthisway,youcanuseeithercleartextoranencryptedstringforavalue(typically,forthevalueofapassword)IntegrationExampleUsingSampleApplications3-10OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager3.
4.
8TracingMessagesTheOracleAdaptiveAccessManager.
NETAPIallowstoprinttracemessagesofvariouslevelsusingdiagnosticsswitchesinweb.
config.
Thetracemessagescanbesavedtoafilebyconfiguringtheappropriatelisteners.
Thefollowingweb.
configfilesampleshowstheconfigurationofswitchesandalistenerthatwritestracemessagestoafile:3.
5IntegrationExampleUsingSampleApplicationsThissectionshowsyouhowtointegrateanapplicationthroughusingoneofthesampleapplicationsprovidedintheSDK.
3.
5.
1ASP.
NETApplicationsThefollowingfourASP.
NETapplicationsareincludedinthissamplepackagetodemonstrateintegrationofvariousOAAM11gfeaturesinASP.
NETbasedapplications.
3.
5.
2SampleApplicationDetailsDetailsaboutthefourapplicationsareprovidedinthissection.
Table3–2ASP.
NETApplicationsApplicationNameDescriptionSampleWebAppThisisabasicASP.
NETapplicationwithoutOAAMintegration.
ThisapplicationisprovidedsothatthereadercaneasilyseeincrementalchangesrequiredtointegratevariousOAAMfeature,suchas,tracker,authenticator,andKBA.
SampleWebAppTrackerThisapplicationdemonstratesintegrationofOAAMtrackerfunctionalitytoSampleWebApplistedabove.
SampleWebAppAuthTrackerThisapplicationdemonstratesintegrationofOAAMtrackerandauthenticatorfunctionalitiestoSampleWebApplistedabove.
SampleKBATrackerThisapplicationdemonstratesintegrationofOAAMtrackerandKBAfunctionalitiestoSampleWebApplistedabove.
IntegrationExampleUsingSampleApplicationsIntegratingNative.
NETApplications3-113.
5.
2.
1SampleWebAppThisapplicationcontainsthefollowingpagesthatdemonstrateawebapplicationbeforeOAAMintegration.
1.
LoginPage.
aspxCollectstheusernameandpasswordusingasimpleHTMLform.
ValidatestheloginandpasswordinformationDependinguponthevalidationresult,theuserwillberedirectedtoeitherSuccess.
aspxortoLoginPage.
aspxwithappropriateerrormessage2.
Success.
aspxDisplays'Successfullyloggedin'messagewithalinkforlogout3.
LogoutPage.
aspxLogsouttheusersessionandredirectstologinpage3.
5.
2.
2SampleWebAppTrackerThisapplicationcontainsthefollowingpagesthatdemonstrateintegrationofOAAMtrackerfunctionalitytothesampleapplicationlistedabove.
ThisapplicationrequirestheintegrationoftheOAAM.
NETAPIsfoundintheSDKpackageoaam_native_dot_net.
zip.
Thecontentofthearchiveneedstobeextractedtotherootdirectoryofthewebapplication.
1.
LoginPage.
aspxCollectstheusernameandpasswordusingsimpleHTMLformSavestheloginandpasswordinthesessionRedirectstheusertoLoginJumpPage.
aspxtocollecttheflashfingerprintoftheuserdevice2.
LoginJumpPage.
aspxLoadstheuserfromARM(AdaptiveRiskManager)bycallingAppUtil.
InitUser()(AppUtilisincludedintheSDKpackage).
Iftheuserisnotfound,anewuserrecordwillbecreatedReturnsHTMLtoloadflashobjectbharosa_web/flash/bharosa.
swfinthebrowser.
TheflashobjectcallsCookieManager.
aspx(includedintheSDKpackage)withflashfingerprintdetails.
CookieManager.
aspxrecordsthefingerprintinARMandinreturnsetsaflashcookieontheuser'sdeviceAfterabriefwait(toallowtimetogettheflashcookiefromARM),redirectsthebrowsertoLoginHandlerPage.
aspx3.
LoginHandlerPage.
aspxRecordstheuserloginattemptwithARMbycallingAppUtil.
InitTracker()ValidatestheloginandpasswordinformationUpdatesARMwiththepasswordvalidationstatus(success/wronguser/wrongpassword/disableduser,etc)bycallingAppUtil.
UpdateAuthStatus()Ifpasswordvalidationsucceeds,runspost-authenticationrulesbycallingAppUtil.
RunPostAuthRules()IntegrationExampleUsingSampleApplications3-12OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerIfthepost-authenticationrulesreturnblock,blockstheuserloginafterupdatingARMwiththisinformationDependinguponthevalidationresultand/ortherulesresult,redirectstheusertoeitherSuccess.
aspxortoLoginPage.
aspxwithappropriateerrormessage4.
SuccessPageDisplays'Successfullyloggedin'messagewithalinkforlogout5.
LogoutPageLogsouttheusersessionandredirectstologinpage3.
5.
2.
3SampleWebAppAuthTrackerThisapplicationcontainsthefollowingpagesthatdemonstrateintegrationofOAAMauthenticatorandtrackerfunctionalitiestothesampleapplicationlistedabove.
ThisapplicationcollectsthepasswordusingauthenticatorsofferedbyOAAM.
ThisapplicationrequirestheintegrationoftheOAAM.
NETAPIsfoundintheSDKpackageoaam_native_dot_net.
zip.
Thecontentofthearchiveneedstobeextractedtotherootdirectoryofthewebapplication.
1.
LoginPage.
aspxCollectstheusernameusingsimpleHTMLformSavesthelogininthesessionRedirectstheusertoLoginJumpPage.
aspxtocollecttheflashfingerprintoftheuserdevice2.
LoginJumpPage.
aspxLoadstheuserfromARM(AdaptiveRiskManager)bycallingAppUtil.
InitUser()(AppUtilisincludedintheSDKpackage).
Iftheuserisnotfound,anewuserrecordwillbecreatedReturnsHTMLtoloadflashobjectbharosa_web/flash/bharosa.
swfinthebrowser.
TheflashobjectcallsCookieManager.
aspx(includedintheSDKpackage)withflashfingerprintdetails.
CookieManager.
aspxrecordsthefingerprintinARMandinreturnsetsaflashcookieontheuser'sdeviceAfterabriefwait(toallowtimetogettheflashcookiefromARM),redirectsthebrowsertoLoginHandlerPage.
aspx3.
LoginHandlerPage.
aspxRecordstheuserloginattemptwithARMbycallingAppUtil.
InitTracker()RedirectstheusertoPasswordPage.
aspxtocollectthepasswordusingOAAMauthenticator.
4.
PasswordPage.
aspxOnLoad:a.
Setsthesessionauthenticationstatusto'Pending'inARMb.
Runspre-authenticationrulesbycallingtheAppUtil.
RunPreAuthRules()c.
Ifthepre-authenticationrulesreturnblock,blockstheuserloginafterupdatingARMwiththisinformationIntegrationExampleUsingSampleApplicationsIntegratingNative.
NETApplications3-13d.
Ifthepre-authenticationrulesreturnallow,runsanothersetofrulestodeterminetheauthenticatortouseforthisuser,bycallingAppUtil.
RunAuthentiPadRules()e.
CreatesappropriateauthenticatorbycallingAppUtil.
CreateAuthentiPad()andrenderstheauthenticatorintoHTMLbyusingtheAppUtil.
getAuthentiPadHTML().
TheauthenticatorHTMLwouldfetchtheauthenticatorimagebycallingGetImage.
aspx(includedintheSDKpackage)f.
StorestheauthenticatorobjectinthesessionforlateruseduringimagegenerationandpassworddecodeOnPostBack:a.
Decodesthepasswordusingtheauthenticatorobjectstoredinthesessionb.
Validatestheloginandpasswordinformationc.
UpdatesARMwiththepasswordvalidationstatus(success/wronguser/wrongpassword/disableduser,etc)bycallingAppUtil.
UpdateAuthStatus()d.
Ifpasswordvalidationsucceeds,runspost-authenticationrulesbycallingAppUtil.
RunPostAuthRules()e.
Ifthepost-authenticationrulesreturnblock,blockstheuserloginafterupdatingARMwiththisinformationf.
Dependinguponthevalidationresultand/ortherulesresult,redirectstheusertoeitherSuccess.
aspxortoLoginPage.
aspxwithappropriateerrormessage5.
SuccessPageDisplays'Successfullyloggedin'messagewithalinkforlogout6.
LogoutPageLogsouttheusersessionandredirectstologinpage3.
5.
2.
4SampleKBATrackerThisapplicationcontainsthefollowingpagesthatdemonstrateintegrationofOAAMauthenticator,trackerandKBA(KnowledgeBasedAuthentication)functionalitiestothesampleapplicationlistedabove.
ThisapplicationshowsauthenticationmechanismsusingpasswordandKBAauthenticatorsofferedbyOAAM.
ThisapplicationrequirestheintegrationoftheOAAM.
NETAPIsfoundintheSDKpackageoaam_native_dot_net.
zip.
Thecontentofthearchiveneedstobeextractedtotherootdirectoryofthewebapplication.
1.
LoginPage.
aspxCollectstheusernameusingsimpleHTMLformSavesthelogininthesessionRedirectstheusertoLoginJumpPage.
aspxtocollecttheflashfingerprintoftheuserdevice2.
LoginJumpPage.
aspxLoadstheuserfromARM(AdaptiveRiskManager)bycallingAppUtil.
InitUser()(AppUtilisincludedintheSDKpackage).
Iftheuserisnotfound,anewuserrecordwillbecreatedIntegrationExampleUsingSampleApplications3-14OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerReturnsHTMLtoloadflashobjectbharosa_web/flash/bharosa.
swfinthebrowser.
TheflashobjectcallsCookieManager.
aspx(includedintheSDKpackage)withflashfingerprintdetails.
CookieManager.
aspxrecordsthefingerprintinARMandinreturnsetsaflashcookieontheuser'sdeviceAfterabriefwait(toallowtimetogettheflashcookiefromARM),redirectsthebrowsertoLoginHandlerPage.
aspx3.
LoginHandlerPage.
aspxRecordstheuserloginattemptwithARMbycallingAppUtil.
InitTracker()RedirectstheusertoPasswordPage.
aspxtocollectthepasswordusingOAAMauthenticator4.
PasswordPage.
aspxOnLoad:a.
Setsthesessionauthenticationstatusto'Pending'inARMb.
Runspre-authenticationrulesbycallingtheAppUtil.
RunPreAuthRules()c.
Ifthepre-authenticationrulesreturnblock,blockstheuserloginafterupdatingARMwiththisinformationd.
Ifthepre-authenticationrulesreturnallow,runsanothersetofrulestodeterminetheauthenticatortouseforthisuser,bycallingAppUtil.
RunAuthentiPadRules()e.
CreatesappropriateauthenticatorbycallingAppUtil.
CreateAuthentiPad()andrenderstheauthenticatorintoHTMLbyusingtheAppUtil.
getAuthentiPadHTML().
TheauthenticatorHTMLwouldfetchtheauthenticatorimagebycallingGetImage.
aspx(includedintheSDKpackage)f.
StorestheauthenticatorobjectinthesessionforlateruseduringimagegenerationandpassworddecodeOnPostBack:a.
Decodesthepasswordusingtheauthenticatorobjectstoredinthesessionb.
Validatestheloginandpasswordinformationc.
UpdatesARMwiththepasswordvalidationstatus(success/wronguser/wrongpassword/disableduser,etc)bycallingAppUtil.
UpdateAuthStatus()d.
Ifthepasswordvalidationfails,theuserwillberedirectedtoLoginPage.
aspxwithappropriateerrormessagee.
Ifpasswordvalidationsucceeds,runspost-authenticationrulesbycallingAppUtil.
RunPostAuthRules()f.
Theuserwillbetakenthroughdifferentflows,asshownbelow,dependingupontheactionfrompost-authenticatorrulesresult:Post-AuthenticationActionTargetURLBlockLoginPage.
aspxAllowSuccess.
aspxChallengeUserChallengeUser.
aspxRegisterQuestionsRegisterQuestionsPage.
aspxIntegrationExampleUsingSampleApplicationsIntegratingNative.
NETApplications3-155.
PersonalizationPage.
aspxIntroducestheusertodevicepersonalizationexplainingthestepsthatwouldfollowtocreateanewSecurityProfilefortheuserIfthepostauthenticationrulereturnsRegistrationOptional,theuserisallowedtoskiptheregistrationprocessbyclickingthe'Skip'buttontoproceedtotheSuccess.
aspxpagedirectlyIfregistrationisnotoptional,theusermustregisterbyclicking'Continue'toproceedtotheRegisterImagePhrase.
aspxpage6.
RegisterImagePhrase.
aspxAllowstheusertocustomizetherandomlygeneratedbackgroundimage,captionandthetypeofsecuritydeviceusedduringauthenticationAnewbackgroundimageandcaptionisassignedbycallingAppUtil.
AssignNewImageAndCaption()TheuserselectedsecuritydeviceisassignedbycallingAppUtil.
SetAuthMode()7.
RegisterQuestionsPage.
aspxDisplayssetsofquestionswhichtheusercanchooseandregisterthecorrectanswerforeach.
Thesetsofquestionsarefetchedbycallingproxy.
getSignOnQuestions()8.
ChallengeUser.
aspxChallengestheuserbydisplayingaquestion-padwithoneofthequestionsalreadyregisteredbytheuserTheanswerisvalidatedbycallingproxy.
authenticateQuestion()andtheresultisupdatedinARMbycallingAppUtil.
UpdateAuthStatus()Iftheansweriswrong,acalltoAppUtil.
RunChallengeUserRules()ismadeandbasedontheresultofwhich,theuserwilleitherbeallowedtore-entertheanswerorberedirectedtotheblockpageafterupdatingtheblockstatusinARMThenumberofattemptsthatausergetstoansweraquestioncorrectlyissetbytheruleadministratorforARMOnsuccessfullyansweringthequestioncorrectly,theuserisforwardedtotheSuccess.
aspxpage9.
SuccessPageDisplays'Successfullyloggedin'messagewithalinkforlogout10.
LogoutPageLogsouttheusersessionandredirectstologinpageRegisterUserPersonalizationPage.
aspxRegisterUserOptionalPersonalizationPage.
aspxPost-AuthenticationActionTargetURLIntegrationExampleUsingSampleApplications3-16OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager3.
5.
3SettingUptheEnvironmentSourcecodeforeachapplicationisplacedinadirectoryofitsown.
VisualStudioSolutionfilesforeachoftheseapplicationscanbefoundintherootdirectory.
ThefourapplicationscouldeitherberunusingVisualStudio2005orbedeployedonMicrosoftIIS6.
0onWindowsServer2003.
Solutionsfile'SampleWebApps'canbeusedtoloadandviewallapplicationstogetherusingVisualStudio.
Instuctionstosetuptheenvironmenttosuccessfullyrunthesampleapplicationsareprovidedinthissection.
Afterallthefollowinghavebeenapplied,youshouldbeabletorunthesesampleapplicationsandseehowtheyintegrateswithOAAM11gindifferentscenarios.
3.
5.
3.
1Modifyingtheweb.
configFileEnsurethatSoapURLtoaccessOAAMserverissetcorrectlyinweb.
configfileoftheapplication,asperyourdeploymentconfiguration.
Anexampleisshownasfollows:3.
5.
3.
2SettingPropertiesforImagesForsampleapplicationsintegratingwithOAAM11g,setbharosa.
image.
dirlistinbharosa_app.
propertiestothepathwhere"oaam_images"foldercouldbefound.
The"oaam_images"foloderislocatedat:${ORACLE_HOME}/oaam/dist/oaam_dist_final/oracle.
oaam.
oaam_images.
Thefoldernamecouldbechangedbutthenthepathshouldbemodifiedaccordingly.
Forexample,ifallthefilesobtainedfromthepathaboveisstoredinafoldernamedoaam_imagesandthisfolderisputundertherootdirectoryofthewebapplication.
Thepathshouldbe:${Application_HOME}/oaam_images/Makesurelookup.
propertiesiscontainedin/bharosa_properties/folder,whichlistsallthepropertiesfilesthatneedtoberead.
Itcouldbeobtainedfrom:${ORACLE_HOME}/oaam/apps/oaam_native/overrides/conf/bharosa_propertiesFindandcommentoutthebharosa.
authentipad.
image.
urlproperty.
3.
5.
3.
3RunningtheApplicationFordeveloperswhohaveaccesstoMicrosoftVisualStudio2005totestthewebapplications,simplybuildthesolutionaftermakingalltheabovechangesandclick"Debug->StartDebugging"inVisualStudio2005.
Fordeploymentoftheseapplications,herearesometipstofollow:System:WindowsServer2003Applicationservershouldbeinstalledusing->ControlPanel->AddorRemovePrograms->Add/RemoveWindowsComponents.
IISandASP.
NETshouldbeenabled;Create"newwebsite"usingIISmanagerbyrunning"inetmgr"incommandwindow;IntegrationExampleUsingSampleApplicationsIntegratingNative.
NETApplications3-17MakesureASP.
NETversionissettov2.
0throughASP.
NETtabinwebsite's"Properties";MakesurethatASP.
NETv2.
0issetto"allowed"inIISmanager.
IfthereisnoASP.
NETv2.
0extension,addanewwebserviceextensionmanually.
GotoC:\WINDOWS\Microsoft.
NET\Framework,thereshouldbesomefoldernamedv2.
0.
50727orsimilarifASP.
NETv2.
0isinstalled.
Addv2.
0.
50727/aspnet_isapi.
dllasanewwebserviceextension;In"IISManager->LocalComputer->ApplicationPools",open"Properties->Identity",simplyselect"LocalSystem"ontherightof"Predefined"optionifyoucomeacrossprobelmaccessing"C:\WINDOWS\Microsoft.
NET\Framework\v2.
0.
50727\TemporaryASP.
NETFiles"whenopeningwebapplicationpages.
3.
5.
4Example:EnableTransactionLoggingandRuleProcessingThefollowingpagesdemonstratehowtoenabletransactionloggingandruleprocessinginOARMusingtheASP.
NETsampleapplications.
Prerequisites:TransactiondefinitionsinSample_Transaction_Defs.
zipneedtobeavailableinOARM.
Use'Admin>Transactions>ImportTransactions'toimportthetransactiondefinitions.
Transactionmodelsdefinedinmodels.
zipshouldbeavailableinOARMFollowingpropertiesmustexistinbharosa_app.
propertiesattheOARMandthe.
NETclientside:tracker.
transaction.
status.
enum=Enumfortransactionstatustracker.
transaction.
status.
enum.
success=0tracker.
transaction.
status.
enum.
success.
name=Successtracker.
transaction.
status.
enum.
success.
description=Successtracker.
transaction.
status.
enum.
block=1tracker.
transaction.
status.
enum.
block.
name=Blocktracker.
transaction.
status.
enum.
block.
description=Blocktracker.
transaction.
status.
enum.
reject=2tracker.
transaction.
status.
enum.
reject.
name=Rejecttracker.
transaction.
status.
enum.
reject.
description=Rejecttracker.
transaction.
status.
enum.
pending=3tracker.
transaction.
status.
enum.
pending.
name=Pendingtracker.
transaction.
status.
enum.
pending.
description=Pendingprofile.
type.
enum.
pretransaction=70profile.
type.
enum.
pretransaction.
name=PreTransactionprofile.
type.
enum.
pretransaction.
description=PreTransactionprofile.
type.
enum.
pretransaction.
ruleTypes=user,device,location,in_sessionprofile.
type.
enum.
pretransaction.
listTypes=vtusersprofile.
type.
enum.
pretransaction.
finalactionrule=process_results.
ruleprofile.
type.
enum.
pretransaction.
isPreAuth=falseprofile.
type.
enum.
posttransaction=80profile.
type.
enum.
posttransaction.
name=PostTransactionprofile.
type.
enum.
posttransaction.
description=PostTransactionprofile.
type.
enum.
posttransaction.
ruleTypes=user,device,location,in_sessionprofile.
type.
enum.
posttransaction.
listTypes=vtusersprofile.
type.
enum.
posttransaction.
finalactionrule=process_results.
ruleprofile.
type.
enum.
posttransaction.
isPreAuth=falseIntegrationExampleUsingSampleApplications3-18OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerTransactionPageDynamicallygeneratesthetransactiontypeselectionmenubasedontransactionenumsdefinedinpropertyfile'bharosa_common.
properties'Onselectingtransactiontype,dynamicallyrendersthetransactionfieldsbasedonfielddefinitionsdefinedinpropertiesfiles.
EithercreatesatransactionbycallingAppUtil.
createTransaction()orupdatesthetransactionbycallingAppUtil.
updateTransaction()dependingonthecurrentformbeingsubmitted.
RunspreandposttransactionrulesbycallingAppUtil.
RunPreTransactionRules()orAppUtil.
RunPostTransactionRules().
Dependingupontheresult,thebrowserisredirectedtothenextappropriatepage.
4IntegratingNativeJavaApplications4-14IntegratingNativeJavaApplicationsThischapterexplainshowtointegrateJavaapplicationswithOracleAdaptiveAccessManagerServerusingtheOracleAdaptiveAccessManagerJavaAPI.
ThisintegrationissupportedforapplicationswritteninJava1.
4orhigher.
Thissectioncontainsthefollowingsections:AbouttheOracleAdaptiveAccessManagerSharedLibraryAboutVCryptResponseOracleAdaptiveAccessManagerAPIs4.
1AbouttheOracleAdaptiveAccessManagerSharedLibraryTheOracleAdaptiveAccessManagerSharedLibraryistheJavaSDKforintegratingwithOracleAdaptiveAccessManager.
ThishastobedeployedandtargetedintotheWebLogicManagedServerwheretheintegratedapplicationisdeployed.
MakesuretheWebLogicManagedServerispartofthesameWebLogicdomainwhereOAAMisdeployed.
4.
1.
1OverviewoftheIntegrationProcessThehigh-levelstepsoftheintegrationprocessisasfollows:1.
CreateaWeblogicWebapplication(war)orenterpriseapplication(ear).
2.
AddreferencetoOAAMSDKSharedLibrary(oracle.
oaam.
libs)totheWebLogicdeploymentdescriptor3.
ImplementtheapplicationthatcallstheOAAMAPIs.
4.
Addtheapplicationjarsandfiles.
5.
Packagetheapplication,deployitandtestit.
4.
1.
2UsingOracleAdaptiveAccessManagerSharedLibraryinWebApplicationsDeploytheOAAMWebApplicationsSharedlibrary/oaam/oaam_libs/war/oaam_native_lib.
warasalibrary.
TousetheOracleAdaptiveAccessManagerSharedLibraryinWebapplications,youmustrefertothesharedlibrarybyaddingthefollowingentrytoyourWebLogicdeploymentdescriptorfile,weblogic.
xml:oracle.
oaam.
libsOAAMJavaInProcIntegration4-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager4.
1.
3UsingOracleAdaptiveAccessManagerSharedLibraryinEnterpriseApplicationsDeploytheOAAMEnterpriseApplicationsSharedlibrary/oaam/oaam_libs/ear/oaam_native_lib.
earasalibrary.
TousetheOracleAdaptiveAccessManagerSharedLibraryinEnterpriseapplications,youmustrefertothesharedlibrarybyaddingthefollowingentrytoyourWebLogicdeploymentdescriptorfile,weblogic-application.
xml:oracle.
oaam.
libs4.
1.
4Customizing/Extending/OverridingOracleAdaptiveAccessManagerPropertiesTooverrideanyOracleAdaptiveAccessManagerpropertiesorextendOracleAdaptiveAccessManagerenumerations,addthosepropertiesandenumerationstobharosa_server.
propertiesandplacethatfileinWEB-INF\classesfolderofthenativewebapplication.
Forinstructionsoncustomizing,extending,oroverridingOracleAdaptiveAccessManagerproperties,refertoChapter7,"OAAMExtensionsandSharedLibrarytoCustomizeOAAM.
"4.
2OAAMJavaInProcIntegrationThissectioncontainsinstructionstointegrateOAAMusingtheIn-Procmethod.
1.
MakesureyouhavesetthereferencetoOAAMsharedlibrary"oracle.
oaam.
libs".
TousetheOracleAdaptiveAccessManagerSharedLibraryinWebapplications,youmustrefertothesharedlibrarybyaddingthefollowingentrytoyourWebLogicdeploymentdescriptorfile,weblogic.
xml:oracle.
oaam.
libsTousetheOracleAdaptiveAccessManagerSharedLibraryinEnterpriseapplications,youmustrefertothesharedlibrarybyaddingthefollowingentrytoyourWebLogicdeploymentdescriptorfile,weblogic-application.
xml:oracle.
oaam.
libs2.
TooverrideanyOracleAdaptiveAccessManagerpropertiesorextendOracleAdaptiveAccessManagerenumerations,addthosepropertiesandenumerationstobharosa_server.
propertiesandplacethatfileintheWEB-INF\classesfolderofthenativewebapplication.
3.
SetupOAAMDataSourcewiththeJNDInameas"jdbc/OAAM_SERVER_DB_DS"andpointittotheOAAMdatabase.
4.
3OAAMSOAPIntegrationTocalltheOAAMAPIsviaSOAPinsteadofinproc,followthesestepsinthesesections.
OAAMSOAPIntegrationIntegratingNativeJavaApplications4-34.
3.
1SetupSOAPSecuritySOAPprovidesastandardXMLstructureforsendingandreceivingWebservicerequestsandresponsesovertheInternet.
UsersofSOAPservicescanbeauthenticatedbysupplyingcredentialsthroughasecurechannel.
SOAPauthenticationismanagedbyOracleWebServicesManager(OWSM)policiesthroughEnterpriseManager.
CreateaSOAPUserontheWebLogicServerTheSOAPauthenticationisimplementedusingausernameandpassword.
Thisusernameandpasswordmustbeassociatedwithauserthatisaccessibletotheapplicationserver.
InaWebLogicdeployment,thisusercanbestoredandmanagedwithintheWebLogicsecurityrealm.
YouwillcreateaSOAPuserthatwillbeusedforSOAPauthentication,andaddthatuserinthepropergroup,OAAMSOAPServicesGroup.
OAAMclientsareconfiguredtousethisusernameandpasswordwheninvokingwebservicesthroughthefollowingbharosa_server.
propertiesproperties:vcrypt.
soap.
auth.
keystorePassword-Base64encodedPasswordusedtoopenthesystem_soap.
keystorevcrypt.
soap.
auth.
aliasPassword-Base64encodedPasswordusedtoretrievethekeystoredinthekeystorevcrypt.
soap.
auth.
username-UsernameoftheSOAPuservcrypt.
soap.
auth.
keystoreFile-Filenameofthekeystore(shouldbesystem_soap.
keystore)Theparametersareexplainedlaterinthissection.
SetUpOracleWebServicesManager(OWSM)PoliciesOut-of-the-box,OAAMpublishesWebservicesattheURL:/oaam_server/services.
ThisURLisprotectedwithHTTPBasicauthentication.
TheSOAPusercanaccessthisURL.
TosetuptheOWSMPolicytosetHTTPBasicAuthenticationon/oaam_server/servicesfollowthesesteps:1.
LogintoEnterpriseManagerusingtheURLhttp://weblogic-admin-hostname:port/em.
2.
Underweblogic_domain,selectthedomainandselectoaam_server_server1underthatandright-clickandselecttheWebServicesoption.
3.
ClicktheAttachPolicieslinkintoprightarea.
4.
SelectalltherowscorrespondingtoOAAMWebServicesandclicktheNextbutton5.
ToenableSOAPAuthentication:a.
Selecttherow"oracle/wss_http_token_service_policy".
6.
TodisableSOAPAuthentication:a.
Selecttherowsoracle/no_authentication_service_policyandoracle/no_authorization_service_policy.
b.
ClicktheNextbutton.
IfyoudisabletheSOAPWebServiceauthenticationontheserver(whichisbydefaultenabled),theclientcanusethewebservicewithouthavingbeenauthenticated.
OAAMSOAPIntegration4-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager7.
ClicktheAttachbuttoninthenextpage.
8.
RestartOAAMServerifrequired.
ClientSideKeystoretoSecuretheSOAPUserPasswordWebServices/SOAPclientsneedtosendtheusernameandpasswordforsuccessfulcommunicationwithOAAMwebservices.
TosetupsecurityforNativeClientwebservices:1.
Inthe$ORACLE_HOME/oaam/clidirectory,createafile,forexample,soap_key.
file,andentertheHTTPauthenticationuserpasswordinit.
(ThepasswordfromtheuserthatwasaddedtotheOAAMSOAPServicesGrouprole/group).
2.
Copysample.
config_3des_input.
propertiestosoap_3des_input.
properties.
cpsample.
config_3des_input.
propertiessoap_3des_input.
properties3.
Updatesoap_3des_input.
propertieswiththekeystorepassword,thealiaspassword,andpasswordfile.
#Thisisthepasswordforopeningthekeystore.
keystorepasswd=#Thisisthepasswordreadingalias(key)inthekeystorekeystorealiaspasswd=#Filecontainingfromkey.
Pleasenote,keysinAEScouldbebinary.
Alsonotealgorithmslike3DESrequireminimum24charactersinthekey#keyFile=soap_key.
filekeyFile=keystorefilename=system_soap.
keystorekeystorealias=vcrypt.
soap.
call.
passwd4.
SetORACLE_MW_HOMEandJAVA_HOMEandsourcesetCliEnv.
sh.
5.
Generatethekeystore.
ForUnix/Linux,run$JAVA_EXE-Djava.
security.
policy=conf/jmx.
policy-classpath$CLSPTHcom.
bharosa.
vcrypt.
common.
util.
KeyStoreUtilupdateOrCreateKeyStorereadFromFile=soap_3des_input.
propertiesForWindows,rungenkeystore.
cmdsoap_3des_input.
propertiesIftheKeyStorecommandwassuccessful,youwillseeoutputsimilartothefollowing:updateOrCreateKeyStoredone!
Keystorefile:system_soap.
keystore,algorithm=DESedeKeyStorePassword=ZG92ZTEyMzQ=AliasPassword=ZG92ZTEyMw==6.
NotedowntheKeystorepasswordandAliasPasswordprintonthescreen.
Youwillneedtoaddthesetobharosa_server.
properties.
7.
Savethesystem_soap.
keystorefileinyoursourcecodecontrolsystem.
Pleasetakeadequatesecurityprecautionwhilehandlingthisfile.
ThefilecontainscriticalOAAMSOAPIntegrationIntegratingNativeJavaApplications4-5passwordinformation.
Makesurethatonlyauthorizedpersonnelhavereadaccesstothisfile.
Ifyouloseit,OracleAdaptiveAccessManagerwillnotbeabletorecoverdataencrypted.
8.
Copyyoursystem_soap.
keystoreto/WEB-INF/classes(classpathofthenativeclientdeployment).
9.
Deleteboththesoap_key.
fileandsoap_3des_input.
propertiesfiles.
10.
Addthefollowingpropertieswiththeencodedpasswords(fromstep5)andtheauthenticationusernametobharosa_server.
properties.
vcrypt.
soap.
auth.
keystorePassword=vcrypt.
soap.
auth.
aliasPassword=vcrypt.
soap.
auth.
username=vcrypt.
soap.
auth.
keystoreFile=system_soap.
keystore4.
3.
2SetSOAPRelatedPropertiesinbharosa_server.
propertiesSetthefollowingpropertiesinbharosa_server.
propertiesofthenativeapplication:SpecifySOAPClassSetthevcrypt.
common.
util.
vcryptsoap.
impl.
classnameproperty.
ThissettingspecifiesfortheapplicationwhichlibrariestousewhencreatingSOAPmessagestoexchangewiththeOAAMservices.
Theavailableoptionis:com.
bharosa.
vcrypt.
common.
impl.
VCryptSOAPGenericImplSpecifySOAPServerSideURLSetthevcrypt.
tracker.
soap.
urlproperty:vcrypt.
tracker.
soap.
url=http://host-name:port/oaam_server/servicesThissettingisthelocationofthewebserviceswithwhichtheapplicationwillcommunicate.
Forexample,vcrypt.
tracker.
soap.
url=http://localhost:14300/oaam_server/services/SpecifySOAPCallTimeoutSetthevcrypt.
soap.
call.
timeoutpropertyinmilliseconds.
Forexample,vcrypt.
soap.
call.
timeout=10000OtherPropertiesvcrypt.
tracker.
impl.
classname=com.
bharosa.
vcrypt.
tracker.
impl.
VCryptTrackerSOAPImplvcrypt.
user.
image.
dirlist.
property.
name=bharosa.
image.
dirlistbharosa.
config.
impl.
classname=com.
bharosa.
common.
util.
BharosaConfigPropsImplbharosa.
config.
load.
impl.
classname=com.
bharosa.
common.
util.
BharosaConfigLoadPropsImplvcrypt.
tracker.
soap.
useSOAPServer=truevcrypt.
soap.
disable=falseAboutVCryptResponse4-6OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagervcrypt.
soap.
auth.
keystoreFile=system_soap.
keystore#Environmentspecificvaluesneedtobereplacedbelowthislinebharosa.
image.
dirlist=absolute_folder_path_where_oaam_images_are_available#IfSOAPAuthenticationisenabled,thenthefollowinghavetobeset#otherwisejustsetthepropertyvcrypt.
soap.
auth=falsevcrypt.
soap.
auth=truevcrypt.
soap.
auth.
keystorePassword=Java_keystore_passwordvcrypt.
soap.
auth.
aliasPassword=Keystore_alias_passwordvcrypt.
soap.
auth.
username=SOAP_User_name4.
4AboutVCryptResponseVCryptResponsecontainsinformationaboutthestatusoftheprocessing.
Itcontainsusefulinformationifthestatusoftheprocessingwas"Success"(isSuccess).
Iftherewereanerror,italsocontainserrorcodes.
Itcanalsocontainotherpayloadinformationintheformofextendeddatamaps.
YoucanusethesefeaturesofVCryptResponsedependingonyourrequirementsforintegration.
4.
5OracleAdaptiveAccessManagerAPIsOracleAdaptiveAccessManagerprovidesAPIsto:CollectandtrackinformationfromtheclientapplicationCaptureuserlogininformation,userloginstatus,andvariousattributesoftheusersessiontodeterminedeviceandlocationinformationCollecttransactiondetailsFordescriptionsofallauthenticationscenariosandtypicalflows,seeChapter2,"NativelyIntegratingwithOracleAdaptiveAccessManager.
"4.
5.
1addQuestionaddQuestionaddsanewquestionforthespecifieduser.
publicbooleanaddQuestion(java.
lang.
StringloginId,java.
lang.
StringquestionText,java.
lang.
StringanswerText)4.
5.
2authenticatePasswordauthenticatePasswordauthenticatesthepassword.
publicVCryptAuthResultauthenticatePassword(java.
lang.
StringloginId,java.
lang.
Stringpassword,intauthSessionType,intclientType,java.
lang.
StringclientVersion,java.
lang.
StringipAddress,intfingerPrintType,java.
lang.
StringfingerPrint)Table4–1addQuestionParameterDescriptionloginIdTheIDusedbytheusertologininquestionTextNewquestiontobeadded.
Overridesifthesamequestionisalreadysetforthisuser.
ReturnswhethertheoperationwassuccessorfailureanswerTextAnswerforthequestionOracleAdaptiveAccessManagerAPIsIntegratingNativeJavaApplications4-7ReturnsVCryptAuthResultobject4.
5.
3authenticateQuestionauthenticateQuestionauthenticatesquestionoranswer.
publicVCryptAuthResultauthenticateQuestion(java.
lang.
StringloginId,java.
lang.
LongauthSessionId,java.
lang.
Stringanswer,java.
lang.
StringipAddress,intfingerPrintType,java.
lang.
StringfingerPrint)ReturnsVCryptAuthResultdescribingresultofauthenticationattempt.
4.
5.
4cancelAllTemporaryAllowscancelAllTemporaryAllowscancelsalltemporaryallowsthathavebeensetforacustomerID.
publicVCryptResponsecancelAllTemporatyAllows(StringcustomerId);4.
5.
5clearSafeDeviceListclearSafeDeviceListclearstheusersafedevicelistoftheuserassociatedwitharequest.
publicVCryptBooleanResponseclearSafeDeviceList(StringrequestId);Table4–2authenticatePasswordParameterDescriptionloginIdTheIDusedbytheusertologininpasswordNewpasswordtosetclientTypeAnenumerationvalueindicatingtheclienttypeusedforauthenticationclientVersionTheversionoftheclient;optionalauthSessionTypeReasonforauthenticationipAddressIPaddressoftheuserdevicefingerPrintTypeTypeoffingerprintingfingerPrintFingerprintTable4–3authenticateQuestionParameterDescriptionloginIdTheIDusedbytheusertoauthenticateanswerauthSessionIdIdoftheauthsessionanswerTheanswergivenbytheuser.
ipAddressIPaddressoftheuserdevicefingerPrintTypeTypeoffingerprintingfingerPrintFingerprintTable4–4cancelAllTemporaryAllowsParametersParameterDescriptioncustomerIdThecustomerIDOracleAdaptiveAccessManagerAPIs4-8OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager4.
5.
6createUsercreateUsercreatesanuserintheauthenticationdatabase.
publicVCryptAuthUsercreateUser(VCryptAuthUseruser)4.
5.
7createTransactioncreateTransactioncreatesanewtransaction.
publicVCryptResponsecreateTransaction(TransactionCreateRequestDatatransactionCreateRequestData);4.
5.
8deleteQuestiondeleteQuestiondeletesthequestionforthespecifieduser.
publicbooleandeleteQuestion(java.
lang.
StringloginId,java.
lang.
Stringquestion)Table4–5clearSafeDeviceListParametersParameterDescriptionrequestIdTheIDfortheloginsession.
ThesameIDshouldbeusedforallthecallstoBharosaAPIfortheloginsession.
Table4–6createUserParameterDescriptionUserAuthuser.
ReturnsthenewlycreatedAuthUser.
Table4–7createTransactionParameterandReturnedValueParameterDescriptionTransactionCreateRequestDataTheobjecttocreateanewtransaction;itthrowstheexceptionBharosaExceptionifitfailsvalidation.
Thestructureofthisobjectisasfollows:requestIdidentifiestheusersession;requiredrequestTimeisthetimeoftherequest;canbenull;ifnull,theserverusesthecurrenttimetransactionKeyisthekeytothetransactiondefinition;usedtocreateatransactiondefinition;requiredexternalTransactionIdisusedtocorrelatetheapplicationtransactionwiththecorrespondingOAAMTransaction.
Itcanalsobeusedtoupdatethetransaction.
statusisthetransactionstatus;canbenull.
Thecorrespondingenumnameistracker.
transaction.
status.
enum.
contextMapisthemapofkey-valuepairs.
KeysofthismapshouldexactlymatchtheInternalIDoftherelatedSourceDataoftheTransactionDefinition.
ThevalueshouldbealwaysajavaStringvalue.
IfthevalueisaDatevaluethenitshouldbeintheformatyyyy-MM-dd'T'HH:mm:ss.
SSSz"VCryptResponseTheresponseobject;makesuretocheckisSuccess()beforeobtainingthetransactionIDwiththemethodgetTransactionResponse()OracleAdaptiveAccessManagerAPIsIntegratingNativeJavaApplications4-94.
5.
9generateOTPVcryptTrackerImpl::generateOTPreturnsOTPcodebasedonthefollowingproperties(todeterminelengthofcodereturnedandcharacterstouseincreatingOTPcode)bharosa.
uio.
default.
otp.
generate.
code.
lengthbharosa.
uio.
default.
otp.
generate.
code.
charactersExamplecodeforAPIuseisintheOAAMexampleapplicationavailableonOraclebyExample.
(StringrequestId,StringchallengeType,StringappId)4.
5.
10getActionCountgetActionCountgetsthenumberofactionsforagivenactionEnumIdfromtheconfiguredactionenumerations.
publicVCryptIntResponsegetActionCount(StringrequestId,StingcustomerId,IntegeractionEnumId);4.
5.
11getCaptiongetCaptiongetsacaptionfortheuser.
publicjava.
lang.
StringgetCaption(java.
lang.
StringloginId)Table4–8deleteQuestionParameterDescriptionloginIdTheuserloginIDquestionThequestiontobedeleted.
Returnswhethertheoperationwassuccessorfailure.
Table4–9generateOTPParameterDescriptionrequestIdOAAMRequestIDchallengeTypeOAAMChallengeTypeconfiguredbytheuserdefinedenum:bharosa.
uio.
default.
challenge.
type.
enum.
Formoreinformation,refertoSection11.
7,"RegisteringSMSProcessortoPerformWorkforChallengeType.
"appIdAnapplicationidentifierusedtolookuppropertiesbasedonapplication.
Ifnoapplicationspecificpropertiesarerequired,anemptystring,null,or"default"canbepassed.
Table4–10getActionCountParametersParameterDescriptionrequestIdTherequestID(usedinloggingandtracingclientrequestsincaseoferror)customerIdThecustomerIDactionEnumIdAnintegeridentifyinganactionEnum;required.
Thecorrespondingenumnameisrule.
action.
enum.
Note:ForthisAPItowork,thecorrespondingactionincrementCacheCounterenumpropertyneedstobesettotrue.
OracleAdaptiveAccessManagerAPIs4-10OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager4.
5.
12getFinalAuthStatusgetFinalAuthStatusreturnsthefinalauthenticationstatusofauser.
Thestatuscanbenomorethan30-dayold.
publicVCryptIntResponsegetFinalAuthStatus(StringrequestId,StringuserId);4.
5.
13getImagegetImagegetstheimagePathfortheuser.
publicjava.
lang.
StringgetImage(java.
lang.
StringloginId)4.
5.
14getRulesDatagetRulesDatareturnsallrulesexecutedforthegivensessionIDandprovidesinformationabouttherulesthatweretriggered.
publicVCryptSessionRuleDatagetRulesData(StringrequestId);4.
5.
15getSecretQuestiongetSecretQuestiongetsasecretquestionfortheuser.
publicVCryptQuestiongetSecretQuestion(java.
lang.
StringloginId)4.
5.
16getSignOnQuestionsgetSignOnQuestionsgetsallthesecretquestionsavailablefortheuser.
publicVCryptQuestiongetSignOnQuestions(java.
lang.
StringloginId)Table4–11getCaptionParameterDescriptionloginIdTheloginidoftheuser.
ReturnscaptionstringTable4–12getFinalAuthStatusParametersParameterDescriptionrequestIdTherequestID(usedinloggingandtracingclientrequestsincaseoferror)userIdTheIDuniquelyidentifyingtheuser;cannotbenullTable4–13getImageParameterDescriptionloginIdTheloginidoftheuser.
ReturnspathtotheimageTable4–14getRulesDataParametersParameterDescriptionrequestIdTherequestID(usedinloggingandtracingclientrequestsincaseoferror)Table4–15getSecretQuestionParameterDescriptionloginIdTheloginidoftheusertoauthenticate.
ReturnsobjectcontainingthequestiontoaskOracleAdaptiveAccessManagerAPIsIntegratingNativeJavaApplications4-114.
5.
17getUserByLoginIdgetUserByLoginIdreturnstheuserdetailswithoutthepasswordandpinforthegivencustomerandgroup.
publicVCryptAuthUsergetUserByLoginId(StringloginId,StringgroupName);4.
5.
18handleTrackerRequesthandleTrackerRequestcapturesfingerprintdetailsandidentifiesthedevice;itmayalsocapturefingerprintdetailsforagivenrequesttime,whichcanbeinthepast.
publicCookieSethandleTrackerRequest(StringrequestId,StringremoteIPAddr,StringremoteHost,StringsecureCookie,intsecureClientType,StringsecureClientVersion,StringdigitalCookie,intdigitalClientType,StringdigitalClientVersion,intfingerPrintType,StringfingerPrint,intfingerPrintType2,StringfingerPrint2);publicCookieSethandleTrackerRequest(StringrequestId,DaterequestTime,StringremoteIPAddr,StringremoteHost,StringsecureCookie,intsecureClientType,StringsecureClientVersion,StringdigitalSigCookie,intdigitalClientType,StringdigitalClientVersion,intfingerPrintType,StringfingerPrint,intfingerPrintType2,StringfingerPrint2);Thereturnedobjecthasfunctionstoaccessitscontents.
Theyare:publicStringgetFlashCookie()publicStringgetSecureCookie()publicStringgetRequestId()publicVCryptResponsegetVCryptResponse()Table4–16getSignOnQuestionsParameterDescriptionloginIdTheloginidoftheusertoauthenticate.
ReturnsThe2-Darrayobjectcontainingthequestionstoask.
Firstdimensiondenotesthenumberof(configurable)questionpicksetstodisplaytouserandtheseconddimensiondenotesthenumberofquestionsineachpickset.
Table4–17getUserByLoginIdParameterDescriptionloginIdTheIDusedbytheusertologiningroupNameThegroupnameOracleAdaptiveAccessManagerAPIs4-12OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager4.
5.
19handleTransactionLoghandleTransactionLogcapturestransactiondetails.
publicVCryptResponsehandleTransactionLog(StringrequestId,Map[]contextMap);publicVCryptResponsehandleTransactionLog(StringrequestId,DaterequestTime,Map[]contextMap);publicVCryptResponsehandleTransactionLog(StringrequestId,DaterequestTime,Integerstatus,Map[]contextMap);Table4–18handleTrackerRequestParametersParameterDescriptionrequestIdTheloginsessionID;thisistheIDthatshouldbeusedinallAPIcallsfortheloginsessionremoteIPAddrTheIPfromwheretherequestcame;extractedfromtheHTTPrequestremoteHostThehostnamefromthemachinewheretherequestcame;optionalsecureCookieThesecurecookie;passedonlyifitisreceivedfromabrowsersecureClientTypeAnenumerationvaluethatidentifiesthetypeofclientusedforauthentication.
Thecorrespondingenumnameisauth.
client.
type.
enum.
secureClientVersionTheversionoftheclient;optionaldigitalCookieThedigitalsignaturecookie;itcanbetheflashcookie;itispassedonlyifitissentbyabrowserdigitalClientTypeThedigitalclienttypethatspecifiesthetypeofflashclientused;ifnotavailable,usethevalue0digitalClientVersionTheversionofthedigitalclient;itcanbetheversionoftheflashclientfingerPrintTypeRefertotheOAAMenumvcrypt.
fingerprint.
type.
enumforalistofvalidvalues.
Currentlytheenumhasfollowingvalues:browser=1flash=2Itisrecommendedtouse1(forbrowser)asthevalueoffingerPrintTypeasthisparametercorrespondstothebrowserfingerprinttypefingerPrintThefingerprint;ifitdescribesbrowsercharacteristics,thentheheaderisparsedintothisstring;itrepresentsthebrowserheaderinformationfingerPrintType2Usedincasethesamerequesthasmultiplefingerprints;itisdefinedinthepropertiesfile;optionalfingerPrint2Thesecondfingerprintvalue;optionalrequestTimeThetimeatwhichtherequestwasmadeNote:Deprecatedasof10.
1.
4.
5.
1;instead,usethemethodcreateTransaction.
OracleAdaptiveAccessManagerAPIsIntegratingNativeJavaApplications4-134.
5.
20IsDeviceMarkedSafeIsDeviceMarkedSafereturnsavalueindicatingwhethertheuserdeviceassociatedwitharequestissafe.
publicVCryptBooleanResponseIsDeviceMarkedSafe(StringrequestId);4.
5.
21markDeviceSafemarkDeviceSafemarkstheuserdeviceassafe.
publicbooleanmarkDeviceSafe(StringrequestId,booleanisSafe);4.
5.
22processPatternAnalysisprocessPatternAnalysistriggersthedatapatternprocessing.
publicVCryptResponseprocessPatternAnalysis(StringrequestId,longtransactionId,intstatus,StringtransactionType);Table4–19handleTransactionLogParametersParameterDescriptionrequestIdTheloginsessionID;thisistheIDthatshouldbeusedinallAPIcallsfortheloginsessionrequestTimeThetimeatwhichtherequestwasmadecontextMapAnarrayofcontextMaps;multipletransactionscanbecreatedwithasinglecall;itexpectstofindatransactionTypekeyineachcontextmapofthearraystatusThetransactionstatusTable4–20IsDeviceMarkedSafeParametersParameterDescriptionrequestIdTheloginsessionID;thisistheIDthatshouldbeusedinallAPIcallsfortheloginsessionTable4–21markDeviceSafeParametersParameterDescriptionrequestIdTheloginsessionID;thisistheIDthatshouldbeusedinallAPIcallsfortheloginsessionisSafeIndicateswhetherthisuserdeviceissafeTable4–22processPatternAnalysisParametersParameterDescriptionrequestIdTheloginsessionID;thisistheIDthatshouldbeusedinallAPIcallsfortheloginsessionOracleAdaptiveAccessManagerAPIs4-14OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager4.
5.
23processRulesprocessRulesprocessespolicysetsforthepassedcheckpoints.
publicVCryptRulesResultprocessRules(StringrequestId,ListruntimeTypes,MapcontextMap);publicVCryptRulesResultprocessRules(StringrequestId,DaterequestTime,ListruntimeTypes,MapcontextMap);processRulescallsthemethodsrelatedtotheRulesEngine,getsaninstanceoftheRulesEnginebycallingthemethodVCryptTrackerUtil.
getVCryptRulesEngineInstance().
InformationaboutexecutionofmultiplecheckpointsintheprocessRules()method1.
TheorderofcheckpointevaluationisbasedontheorderofthoseintheList.
TheOAAMRulesEngineiteratesoverthelistofcheckpointsandevaluatesonecheckpointatatime.
2.
TheresultofeachcheckpointevaluationisstoredintoResultMapwithCheckPointIdasthekeyandVCryptRulesResultasthevalue.
3.
TheResultMapisthensetontoVCryptRulesResult.
4.
VCryptRulesResultisreturnedastheresultofprocessRules()method.
5.
Ifthereisafailureinexecutionofanycheckpoint,thecorrespondingVCryptRulesResultinResultMapwillcapturethatinformation,butthetransactionIdTheidentifierofthetransaction.
Forauthenticationtypeofdatathisisignored.
(Itcanbepassedinas"null").
Forpatternprocessingoftransactiondatathisparameterisrequired.
statusAvalueoftheuser-definedenumerationauth.
status.
enum.
IfthevalueofthestatusisthevaluecorrespondingtoaSuccessvalueintheenum,patternanalysiswillbeperformed;otherwise,itwillnotbeperformed.
transactionTypeIndicatesthetypeofthetransaction;mustbe"auth"forauthenticationtransactions;othertransactiontypevalues,suchas"bill_payment",canbecustomized.
Table4–23processRulesParametersParameterDescriptionrequestIdTheloginsessionID;thisistheIDthatshouldbeusedinallAPIcallsfortheloginsessionruntimeTypesThelistofcheckpointstobeevaluated;eachcheckpointinthislistisevaluated.
TheruntimeTypesisasingletonlistofIntegertype.
Refertothe"InformationaboutexecutionofmultiplecheckpointsintheprocessRules()method"sectionbelow.
Forexample,torunapre-authenticationcheckpoint,createthefollowinglist:ListPRE_AUTH_RUNTIME_LIST=Collections.
singletonList(newInteger(1));requestTimeThetimeatwhichtherequestwasmadecontextMapAlistofkey-valuepairsidentifyingthecontextdata;rulesinpoliciescanmakedecisionsbasedonthisdataTable4–22(Cont.
)processPatternAnalysisParametersParameterDescriptionOracleAdaptiveAccessManagerAPIsIntegratingNativeJavaApplications4-15executionofothercheckpointsisnotimpacted.
However,ifthereisasystemfailure,thentheresultofprocessRules()itselfwillhavethedetailsoftheerror.
ItisrecommendedtotestthesuccessstatusofresultfromprocessRules()methodbeforethecallertriestofetchresultofeachcheckpointexecution.
GettingDeviceIDInadditiontoruleresults,theRulesEnginecanreturnadeviceID,aninternalidentifieridenticaltotheusersession.
ThefollowingcodesampleillustrateshowtogetadeviceID:VCryptRulesResultrulesResult=newVCryptRulesEngineImpl().
processRules();If(!
rulesResult.
getVCryptResponse().
isSuccess()){Logger.
error("Errorrunningrules"+rulesResult.
getVCryptResponse().
getErrorMessage());}LongdeviceId=rulesResult.
getDeviceId();WhengettingadeviceID,makesurethat:TheOracleAdaptiveAccessManagerversionis10.
1.
4.
5oraboveThepropertybharosa.
tracker.
send.
devideIdissettotrue,sothedeviceIDcanbecaptured:bharosa.
tracker.
send.
deviceId=trueValidCheckpointsForlistofvalidcheckpoints,refertotheOAAMenumerationprofile.
type.
enum.
Forexampleprofile.
type.
enum.
preauth=1indicatesthatthePre-Authenticationcheckpointisindicatedusingthenumericvalue1.
LocationandDeviceDataWithpropertybharosa.
tracker.
sendLocationData=trueset,location(city,state,countrynames)anddevicedataisreturnedwhenprocessRulesAPIiscalled.
VCryptRulesResultrulesResult=processRules(/*params*/);VCryptResponseresponse=rulesResult.
getVCryptResponse();If(response.
isSuccess()){StringipAddress=response.
getExtendedMap(VCryptResponse.
DATA_REMOTE_IP_ADDRESS);StringdeviceId=response.
getExtendedMap(VCryptResponse.
DATA_DEVICE_ID);//ifinterestedincity,state,countryStringcity=response.
getExtendedMap(VCryptResponse.
DATA_CITY_NAME);Stringstate=response.
getExtendedMap(VCryptResponse.
DATA_STATE_NAME;Stringcountry=response.
getExtendedMap(VCryptResponse.
DATA_COUNTRY_NAME);}4.
5.
24setCaptionsetCaptionsetsanewcaptionforthespecifieduser.
OracleAdaptiveAccessManagerAPIs4-16OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerpublicbooleansetCaption(java.
lang.
StringloginId,java.
lang.
Stringcaption)4.
5.
25setImagesetImagesetsanewimagefortheuser.
publicbooleansetImage(java.
lang.
StringloginId,java.
lang.
StringimagePath)Returnswhethertheoperationwassuccessorfailure4.
5.
26setPasswordsetPasswordsetsanewpasswordforthespecifieduser.
publicbooleansetPassword(java.
lang.
StringloginId,java.
lang.
Stringpassword,intpasswordStatus)Returnswhethertheoperationwassuccessorfailure4.
5.
27setTemporaryAllowsetTemporaryAllowsetsatemporaryallowforauser.
Atemporaryallowcanoverridethefinalruleaction.
publicVCryptResponsesetTemporaryAllow(StringcustomerId,inttempAllowType,DateexpirationDate);Table4–24setCaptionParameterDescriptionloginIdTheloginidoftheuser.
captionNewcaptiontoset.
ReturnswhethertheoperationwassuccessorfailureTable4–25setImageParameterDescriptionloginIdTheloginidoftheuser.
imagePathPathtotheimagefile.
Table4–26setPasswordParameterDescriptionloginIdTheloginidoftheuser.
passwordNewpasswordtosetpasswordStatusStatusofthePasswordTable4–27setTemporaryAllowParametersParameterDescriptioncustomerIdThecustomerIDtempAllowTypeThetypeofthetemporaryallow;theuser-definedenumerationforthistypeiscustomercare.
case.
tempallow.
level.
enumexpirationDateTheexpirationdate,ifthetempAllowTypeis"userset";otherwisenulloremptyOracleAdaptiveAccessManagerAPIsIntegratingNativeJavaApplications4-174.
5.
28resetUserresetUserresetsalltheprofilesthathavebeensetforacustomer,includingregistration,questions,images,andphrases.
publicVCryptResponseresetUser(StringcustomerId);4.
5.
29updateAuthStatusupdateAuthStatusupdatestheuserauthenticationstatusand,ifappropriate,ittriggerspatterndataprocessing.
Thismethodmustbecalledwhenthereisachangeintheuserauthenticationstatus;makesurethat,beforecallingupdateAuthStatus,theapplicationcallsupdateLog.
Thelistofauthenticationstatusvaluesarespecifiedintheuser-definedenumerationauth.
status.
enum;youcanaddorremoveitemstothisenumeration,asappropriatetoyourapplication,butonlyvaluesofthisenumerationcanbeusedtoidentifyanauthenticationstatus.
Thefollowingscenariosdescribealternativewaystohandleupdatingauserlogin(authentication)status:PasstheloginstatusintheupdateLogcall;thisscenarioavoidscallingupdateAuthStatusaltogether.
Allowtheusertologinbeforesettingtheloginstatus;inthisscenario,firstpassstatuspendingintheupdateLogcall,thenprocessthelogindata,andthenpasstheappropriatestatusintheupdateAuthStatuscall.
Ifyourapplicationflowincludeschallengingtheuser,thenfirstsetthestatustopending,thenposethechallengequestions,andthen,dependingontheanswers,resetthestatustosuccessorwrong_answer.
Typically,thereisnoneedtocallupdateAuthStatusafterinvokingtherulesengine,sincethisengineincludessettingtheauthenticationstatusaspartofrunningtherules.
publicVCryptResponseupdateAuthStatus(StringrequestID,intresultStatus,intclientType,StringclientVersion);publicVCryptResponseupdateAuthStatus(StringrequestID,DaterequestTime,intresultStatus,intclientType,StringclientVersion);publicVCryptResponseupdateAuthStatus(StringrequestID,intresultStatus,intclientType,StringclientVersion,booleananalyzePatterns);publicVCryptResponseupdateAuthStatus(StringrequestID,DaterequestTime,intresultStatus,Table4–28resetUserParametersParameterDescriptioncustomerIdThecustomerIDOracleAdaptiveAccessManagerAPIs4-18OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerintclientType,StringclientVersionbooleananalyzePatterns);4.
5.
30updateLogupdateLogupdatestheuserlogand,ifrequired,createsaCookieSet.
publicCookieSetupdateLog(StringrequestId,StringremoteIPAddr,StringremoteHost,StringsecureCookie,StringdigitalCookie,StringgroupId,StringuserId,StringloginId,booleanisSecure,intresult,intclientType,StringclientVersion,intfingerPrintType,StringfingerPrint,intdigFingerPrintType,StringdigFingerPrint);publicCookieSetupdateLog(StringrequestId,DaterequestTime,StringremoteIPAddr,StringremoteHost,StringsecureCookie,StringdigitalCookie,StringgroupId,StringuserId,StringloginId,booleanisSecure,intresult,intclientType,StringclientVersion,intfingerPrintType,StringfingerPrint,intfingerPrintType2,StringfingerPrint2);Table4–29updateAuthStatusParametersParameterDescriptionrequestIdTheloginsessionID;thisistheIDthatshouldbeusedinallAPIcallsfortheloginsessionrequestTimeThetimeatwhichtherequestwasmaderesultStatusAvalueoftheuser-definedenumerationauth.
status.
enumclientTypeAnenumerationvalueindicatingtheclienttypeusedforauthenticationclientVersionTheversionoftheclient;optionalanalyzePatternsBooleantoindicateifpatternprocessingshouldbeperformed.
Whenthevalueispassedinas"true,"thepatternprocessingisperformedforthetransactionifthe"resultStatus"valueis"success.
"OracleAdaptiveAccessManagerAPIsIntegratingNativeJavaApplications4-194.
5.
31updateTransactionupdateTransactionupdatesapreviouslycreatedtransaction.
publicVCryptResponseupdateTransaction(TransactionUpdateRequestDatatransactionUpdateRequestData);Table4–30updateLogParametersParameterDescriptionrequestIdTheloginsessionID;thisistheIDthatshouldbeusedinallAPIcallsfortheloginsessionremoteIPAddrTheIPfromwheretherequestcame;extractedfromtheHTTPrequestremoteHostThehostnamefromwheretherequestcame;optionalsecureCookieThesecurecookie;passedonlyifitisreceivedfromabrowserdigitalCookieThedigitalsignaturecookie;canbetheflashcookie;passedonlyifitissentbyabrowsergroupIdTheIDofthegroupthisuserbelongstouserIdTheuserID;thisistheprimaryIDkeyfortheuser;forinvalidusers,itisnullloginIdTheIDusedbytheusertologinin;requiredisSecureABooleanindicatingwhetherthisnodeissecureandcanberegistered;italsoindicatesthattheloginisfromasecureorregistereddevice;ifthereisnoconceptofdevice,thensettofalseresultAvalueoftheuser-definedenumerationauth.
status.
enumclientTypeAnenumerationvalueindicatingtheclienttypeusedforauthentication.
Thecorrespondingenumnameisauth.
client.
type.
enum.
clientVersionTheversionoftheclient;optionalfingerPrintTypeRefertotheOAAMenumvcrypt.
fingerprint.
type.
enumforalistofvalidvalues.
Currentlytheenumhasfollowingvalues:browser=1flash=2Itisrecommendedtouse1(forbrowser)asthevalueoffingerPrintTypeasthisparametercorrespondstobrowserfingerprinttype.
fingerPrintThefingerprint;ifitdescribesbrowsercharacteristics,thentheheaderisparsedintothisstring;itrepresentsthebrowserheaderinformationdigFingerPrintTypeRefertotheOAAMenumvcrypt.
fingerprint.
type.
enumforlistofvalidvalues.
Currentlytheenumhasfollowingvalues:browser=1flash=2Itisrecommendedtouse2(forflash)asthevalueofdigFingerPrintType,asthisparametercorrespondstoflashfingerprinttype.
digFingerPrintThedigitalfingerprintrequestTimeThetimeatwhichtherequestwasmadefingerPrintType2Usedincasethesamerequesthasmultiplefingerprints;definedinthepropertiesfile;optionalfingerPrint2Thesecondfingerprintvalue;optionalOracleAdaptiveAccessManagerAPIs4-20OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager4.
5.
32updateTransactionStatusupdateTransactionStatusupdatesatransactionstatusand,ifappropriate,triggersthedatapatternprocessing.
publicVCryptResponseupdateTransactionStatus(StringrequestId,longtransactionId,intstatus);publicVCryptResponseupdateTransactionStatus(StringrequestId,DaterequestTime,longtransactionId,intstatus);publicVCryptResponseupdateTransactionStatus(StringrequestId,longtransactionId,intstatus,Map[]contextMap);publicVCryptResponseupdateTransactionStatus(StringrequestId,DaterequestTime,longtransactionId,intstatus,Map[]contextMap);publicVCryptResponseupdateTransactionStatus(StringrequestId,longtransactionId,intstatus,booleananalyzePatterns);publicVCryptResponseupdateTransactionStatus(StringrequestId,DaterequestTime,longtransactionId,intstatus,Map[]contextMap,booleananalyzePatterns);Table4–31updateTransactionParameterandReturnedValueParameterDescriptionTransactionUpdateRequestDataTheobjecttoupdateatransaction;ahandletothetransactiontobeupdatediseitherthetransactionIDreturnedbythemethodcreateTransaction,ortheexternaltransactionIDpassedtothemethodcreateTransaction.
itthrowstheexceptionBharosaExceptionifitfailsvalidation.
Thestructureofthisobjectisasfollows:requestId,identifiestheusersession;requiredrequestTime,thetimeoftherequest;canbenull;ifnull,theserverusesthecurrenttimetransactionIdID,theIDreturnedbyapreviouscalltocreateTransactionstatus,thetransactionstatusanalyzePatterns,Booleantoindicateifpatternprocessingshouldbeperformed.
Whenthevalueispassedinas"true,"thepatternprocessingisperformedforthetransactionifthe"resultStatus"valueis"success.
"externalTransactionIdisusedtocorrelatetheapplicationtransactionwiththecorrespondingOAAMTransaction.
Itcanalsobeusedtoupdatethetransaction.
contextMapisamapofkey-valuepairs.
Keysofthismapshouldexactlymatchthe"InternalID"oftherelated"SourceData"oftheTransactionDefinition.
ThevalueshouldbealwaysajavaStringvalue.
IfthevalueisaDatevaluethenitshouldbeintheformat"yyyy-MM-dd'T'HH:mm:ss.
SSSz".
VCryptResponseTheresponseobject;makesuretocheckisSuccess()beforeobtainingthetransactionIDwiththemethodgetTransactionResponse()Note:Deprecatedasof10.
1.
4.
5.
1;instead,usethemethodupdateTransaction.
OracleAdaptiveAccessManagerAPIsIntegratingNativeJavaApplications4-21Table4–32updateTransactionStatusParametersParameterDescriptionrequestIdTheloginsessionID;thisistheIDthatshouldbeusedinallAPIcallsfortheloginsessionrequestTimeThetimeatwhichtherequestwasmadecontextMapAnarrayofcontextMaps;multipletransactionscanbecreatedwithasinglecall;itexpectstofindatransactionTypekeyineachcontextmapofthearrayStatusThetransactionstatustransactionIdTheIDofthetransactionwithstatustoupdate;ifnull,itusesthelasttransactioninthegivensessionanalyzePatternsBooleantoindicateifpatternprocessingshouldbeperformed.
Whenthevalueispassedinas"true,"thepatternprocessingisperformedforthetransactionifthe"resultStatus"valueis"success.
"OracleAdaptiveAccessManagerAPIs4-22OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager5NativeAPIforOTPChallenge5-15NativeAPIforOTPChallengeOracleAdaptiveAccessManager'sNativeOTPAPIoffersawaytoaddanotherfactortoatraditionalusername/passwordauthenticationscheme.
Thischaptercontainsthefollowinginformation:OTPIntegrationOverviewOTPRegistrationandChallengeExperienceNewUserRegistrationUserOTPChallenge5.
1OTPIntegrationOverviewNativeOTPChallengeintegrationenablesstrongauthenticationforaccesstoapplications.
Theflowofinteractionisasfollows:WhentheUserIDandpasswordaresuccessfullyverified,iftheapplicationdeemsittobenecessary,aonetimepasswordissenttotheuser'smailboxormobilephone.
Thisonetimepasswordwillbeverifiedandonlythenwilltheuserbeauthenticatedtotheapplication.
5.
1.
1OneTimePassword(OTP)OneTimePassword(OTP)isarandomsingleuseauthenticationcredential.
TheOTPmaybeeithernumericoralphanumericandanylengthandtherandomizationalgorithmispluggable.
Thefollowingaremajorbenefitsofusingout-of-bandOTP:Theonetimepasswordisdeliveredtothevaliduserthroughoneoftheconfiguredchannels.
ThesecanincludeSMS,IM,emailorvoice.
Theuserdoesnotrequireanyproprietaryhardwareorclientsoftwareofanykind.
Note:ForinformationaboutadministrativetasksyoucanperformforOTPsuchasresettingOTPprofiles,unlockingusers,viewingOTPcasedetails,andviewingOTPperformancedata,seetheOracleFusionMiddlewareAdministrator'sGuideforOracleAdaptiveAccessManager.
Note:TheapplicationauthenticatestheOTPcodegivenbytheuserthroughcustomimplementation.
OTPRegistrationandChallengeExperience5-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager5.
1.
2OAAMOTPChallengeFunctionalityOAAMOTPchallengefunctionalityallowstheendusertoregisterprofileinformationforuseasacommunicationchannelsubsequentlytochallengetheuserifappropriate.
TheuserissentanemailorSMSwithageneratedonetimeusepasswordandpresentedwithachallengepageinwhichhecanenterthegeneratedcode.
OracleAdaptiveAccessManageroffersanOTPcodegenerationAPIthatcanbeusedbynativeintegrationAPIs.
5.
1.
3SampleAsampleapplication,OAAMSample,isavailableasaformofdocumentationtoillustrateanativeimplementationofanOracleAdaptiveAccessManagerintegration.
ItincludesregistrationandemailchallengerelatedflowsthatprovideintegratorswithanexampleofhowtousetheOTPAPIsforgeneratingOTPcode,incrementingtheOTPchallengecounter,andclearingtheOTPchallengecounter.
OAAMSampleimplementsexampleflowsusingJSPstobothdisplaypagesgeneratecode,andhandletheuserinputofpages,backedbytheBharosaHelperutilityclasstomakecallsintotheOAAMAPIsfortrackinguserdetailsandchallengestatistics.
5.
2OTPRegistrationandChallengeExperienceOAAMOTPchallengeallowstheendusertoregisterprofileinformationsuchasanemailaddressoramobilephonenumberorbothforuseascommunicationchanneltochallengethem.
TheuserissentanemailorSMSwithageneratedonetimeusepasswordandpresentedwithachallengepageinwhichtheycanenterthegeneratedcode.
TheregistrationandchallengeflowsarepresentedinSection5.
3,"NewUserRegistration"andSection5.
4,"UserOTPChallenge.
"5.
3NewUserRegistrationRegistrationistheenrollmentprocess,theopeningofanewaccount,orothereventwhereinformationisobtainedfromtheuser.
DuringtheRegistrationprocess,theuserisaskedtoregisterforquestions,image,phraseandOTP(email,phone,andsoon)ifthedeploymentsupportsOTP.
Oncesuccessfullyregistered,OTPcanbeusedasasecondaryauthenticationtochallengetheuser.
Theloginprocessbeginswithenteringstandardusernameandpasswordcredentials.
Duringasession,iftheuserisOTP-challenged,asingle-usepasswordisdeliveredtotheuserthroughtheconfigureddeliverychannelheselected.
Theuserretrievestheone-timepassword,thenentersit.
InanewregistrationflowwhichincludeOTP:UserNameEnteredonLoginPagePasswordPageisPresentedandUserEntersPasswordUserEntersRegistrationFlowNote:OracleAdaptiveAccessManagershipswith"oaam_native_lib.
war"whichmustbedeployedtorunOAAMSample.
NewUserRegistrationNativeAPIforOTPChallenge5-3UserContinuesintoApplication5.
3.
1UserNameEnteredonLoginPageTheuserispresentedwithapageinwhichheisaskedtosubmithisusername.
Theusername(loginID)isacceptedfromthefirstpageandstoredintheHTTPsession.
Theusernamepageisfollowedbyatransientpageforcapturingtheflashandsecurecookiesandforfingerprintingthedevice.
ForinformationontheJSPs,BharosaHelperutilityclass,andOAAMAPIsusedinthisflow,refertothefollowingsections:UserNamePage(c1)DeviceFingerprintFlow(r2)RunPre-AuthenticationRules(r1)5.
3.
2PasswordPageisPresentedandUserEntersPasswordThepasswordpageisdisplayed.
TheuserfillsinthepasswordandclickstheEnterbuttononthedevice.
OracleAdaptiveAccessManagerverifiestheuser'spassword.
ForinformationontheJSPs,BharosaHelperutilityclass,andOAAMAPIsusedinthisflow,refertothefollowingsections:RunVirtualAuthenticationDeviceRules(r3)DecodeVirtualAuthenticationDeviceInput(p3)ValidateUserandPassword(c2)RunPost-AuthenticationRules(r4)CheckRegistrationforUser(p5)RunRegistrationRequiredRules(r5)EnterRegistrationFlow(p6)5.
3.
3UserEntersRegistrationFlowTheuserwillcontinuethroughtheregistrationprocess.
5.
3.
3.
1UserselectsanauthenticationpadbackgroundimageTheuserselectsananti-phishingimageandphrase.
5.
3.
3.
2UserregisterschallengequestionsTheuserselectschallengequestionsandenterstheanswerstothosequestions.
5.
3.
3.
3UserOptsIntoOTPHeagreestoregisterhisprofileforOTPchallenge5.
3.
3.
4UserregistersprofileinformationTheuserentershisprofileinformationinprofileregistrationpage.
Theuser'scontactinformation,suchasmobilephonenumberandemailaddress,isregistered.
UserOTPChallenge5-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager5.
3.
3.
5UserAgreestoTermsandConditionsUseragreestothetermsandconditionspresentedontheregistrationpage.
5.
3.
4UserContinuesintoApplicationTheusercontinuesontotheapplication.
5.
4UserOTPChallengeAnOTPchallengeiswhentheuserisaskedtoprovidetheOTPasaformofauthenticationforrisksituationsbaseduponconfiguredpolicies.
TheusermustenterthecorrectOTPintotheWebinterfacetoproceedwiththeoperation.
InthechallengeflowwhichincludesOTP:UserNameEnteredonLoginPagePasswordPageisPresentedandUserEntersPasswordOAAMRulesDetermineUserShouldBeChallengedviaOTPUserContinuesIntotheApplication5.
4.
1UserNameEnteredonLoginPageTheuserispresentedwithapageinwhichheisaskedtosubmithisusername.
Theusername(loginID)isacceptedfromthefirstpageandstoredintheHTTPsession.
Theusernamepageisfollowedbyatransientpageforcapturingtheflashandsecurecookiesandforfingerprintingthedevice.
ForinformationontheJSPs,BharosaHelperutilityclass,andOAAMAPIsusedinthisflow,refertothefollowingsections:UserNamePage(c1)DeviceFingerprintFlow(r2)RunPre-AuthenticationRules(r1)5.
4.
2PasswordPageisPresentedandUserEntersPasswordThepasswordpageisdisplayed.
TheuserfillsinthepasswordandclickstheEnterbuttononthedevice.
OracleAdaptiveAccessManagerverifiestheuser'spassword.
ForinformationontheJSPs,BharosaHelperutilityclass,andOAAMAPIsusedinthisflow,refertothefollowingsections:RunVirtualAuthenticationDeviceRules(r3)DecodeVirtualAuthenticationDeviceInput(p3)ValidateUserandPassword(c2)5.
4.
3OAAMRulesDetermineUserShouldBeChallengedviaOTPThecustompoliciesreturns"Challenge"asanaction,andtheChallengecheckpointdeterminesthatOTPisthetypeofchallengetobeused.
ForinformationontheJSPs,BharosaHelperutilityclass,andOAAMAPIsusedinthisflow,refertothefollowingsections:UserOTPChallengeNativeAPIforOTPChallenge5-5RunPost-AuthenticationRules(r4)RunChallengeRules(r6)RunAuthenticationRules(r7)ChallengetheUser(p7)CheckAnswerstoChallenge(c4)5.
4.
3.
1GenerateOTPCodeandCodeisDeliveredtotheUserthroughCustomImplementationThesystemgeneratestheOTPcodeandthroughcustomimplementationthecodeisdeliveredtotheuser.
ThegenerateOTPAPIisusedtogenerateOTPcode.
ForinformationonthisAPI,refertoSection4.
5.
9,"generateOTP.
"5.
4.
3.
2UserPresentedwithChallengePageTheuserispresentedwiththechallengepage.
TheOTPChallengedevicesaredeterminedbytheAuthenticationPadcheckpoint.
ThedefaultdeviceisTextPad.
ForinformationontheAuthenticationPadcheckpoint,refertoSection2.
2.
1.
12,"RunAuthenticationRules(r7).
"5.
4.
3.
3UserEnterstheGeneratedCodeSenttoHimbytheApplicationandisValidatedbyCustomImplementationTheuserentersthegeneratedcodesenttohimbytheapplicationandisvalidatedbycustomimplementation.
5.
4.
4UserContinuesIntotheApplicationTheusercontinuesintotheapplication.
UserOTPChallenge5-6OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerPartIIPartIIUniversalInstallationOptionPartIIcontainsthefollowingchapter:Chapter6,"OracleAdaptiveAccessManagerProxy"6OracleAdaptiveAccessManagerProxy6-16OracleAdaptiveAccessManagerProxyOracleAdaptiveAccessManagerUniversalInstallationOption(UIO)reverseproxydeploymentoptionoffersloginrisk-basedmultifactorauthenticationtoWebapplicationswithoutrequiringanychangetotheapplicationcode.
Theproxy'smainfunctionistoredirectusertrafficfromtheapplicationloginflowtotheOracleAdaptiveAccessManagerloginflow.
TheUIOProxyisavailablefortheApacheWebserverandMicrosoftInternetSecurityandAcceleration(ISA)Server.
InthischaptertheOracleAdaptiveAccessManagerProxyforApachewillbereferredtoastheUIOApacheProxy;andtheOracleAdaptiveAccessManagerProxyforMicrosoftISAwillbereferredtoastheUIOISAProxy.
Thischapter:ExplainstheuseandconfigurationoftheUIOProxy.
ProvidesinstructionsforbothMicrosoftInternetSecurityandAcceleration(ISA)ServerandApacheWebserverimplementations.
TheintendedaudienceisforintegratorswhoconfiguretheUIOProxytoaddmultifactorauthenticationtoWebapplications.
AnunderstandingofHTTPrequest/responseparadigmisrequiredtounderstandthematerialpresentedinthisdocument.
Thechaptercontainsthefollowingsections:IntroductionInstallingUIOISAProxyInstallingUIOApacheProxySettingUpRulesandUserGroupsSettingUpPoliciesConfiguringtheUIOProxyInterceptionProcessConfiguringRedirectiontotheOracleAdaptiveAccessManagerServerInterfaceApplicationDiscoverySamplesForinformationonconfiguringOAAMServer,theclient-facingmultifactorauthenticationWebapplicationspecifictotheUIOProxydeployment,refertoChapter8,"CustomizingtheOAAMServer.
"Introduction6-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager6.
1IntroductionTheIntroductionsectionofthischaptercontainsthefollowingtopics:ImportantTermsArchitectureReferences6.
1.
1ImportantTermsForyourreference,importanttermsaredefinedinthissection.
MicrosoftISAFromtheMicrosoftWebsite:"theInternetSecurityandAcceleration(ISA)ServeristheintegratededgesecuritygatewaythathelpsprotectITenvironmentsfromInternet-basedthreatswhileprovidinguserswithfastandsecureremoteaccesstoapplicationsanddata.
"UniversalInstallationOptionTheUniversalInstallationOptionistheOracleAdaptiveAccessManagerintegrationstrategythatdoesnotrequireanycodemodificationtotheprotectedWebapplications.
TheUniversalInstallationOptioninvolvesplacingtheUIOProxyinfrontoftheprotectedWebapplicationsProxyAproxyisaserverthatservicestherequestsofitsclientsbyforwardingrequeststootherservers.
ThischapterisconcernedwiththeWebproxy,wheretheproxyhandlesWebProtocols,mainlyHTTP.
ForwardProxyAforwardproxyisanintermediateserverthatsitsbetweentheclientandtheoriginserver.
Togetcontentfromtheoriginserver,theclientsendsarequesttotheproxynamingtheoriginserverasthetarget,andtheproxythenrequeststhecontentfromtheoriginserverandreturnsittotheclient.
Theclientmustbespeciallyconfiguredtousetheforwardproxytoaccessothersites.
ReverseProxyAreverseproxyappearstotheclientjustlikeanordinaryWebserver.
Nospecialconfigurationontheclientisnecessary.
Theclientmakesordinaryrequestsforcontentinthename-spaceofthereverseproxy.
Thereverseproxythendecideswheretosendthoserequestsandreturnsthecontentasifitwereitselftheorigin.
TheUIOProxyrunningintheMicrosoftInternetSecurityandAcceleration(ISA)Serverisanexampleofareverseproxy.
OAAMServerOAAMServeristheWebapplicationcomponentofOracleAdaptiveAccessManager.
TheUIOProxyredirectstheclientbrowsertoOAAMServerfortrackingandauthenticationpurposesasdefinedbytheUIOProxyXMLconfiguration.
6.
1.
2ArchitectureThefollowingdiagramsshowatypicalUIOProxydeployment.
IntroductionOracleAdaptiveAccessManagerProxy6-3ThefirstdiagramshowsaWebapplicationbeforetheUIOProxyisdeployedtoprovidemultifactorauthentication.
Figure6–1BeforetheOracleAdaptiveAccessUIOProxyTheseconddiagramshowsvariouscomponentsaddedaftertheUIOProxydeployment.
Figure6–2AfterUIOProxyDeploymentTheUIOProxyinterceptstheHTTPtrafficbetweentheclient(browser)andtheserver(Webapplication)andperformstheappropriateactions,suchasredirectingthetraffictoOAAMServer,toprovidemultifactorauthenticationandauthorization.
OAAMServer,inturn,communicateswithOAAMAdmintoassesstherisk,andthentakestheappropriateactions,suchaspermittingthelogin,challengingtheuser,blockingtheuser,andotheractions.
6.
1.
3ReferencesForinformationoninstallingandconfiguringtheMicrosoftISAserver,refertotherefertotherelevantMicrosoftdocumentationonMicrosoftISAServersetup.
Webpublishingrulecreationandlistenercreationareexplainedfurtherinthisdocument.
InstallingUIOISAProxy6-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerFormoreinformationabouttheApacheHTTPServer,refertotheApacheHTTPServer2.
2documentationat:http://httpd.
apache.
org/docs/2.
26.
2InstallingUIOISAProxyTheUIOISAProxyusestheAPIprovidedbyMicrosoftISAServertomonitortheHTTPtrafficandperformvariousactions.
RefertotheMicrosoftISAServersetupdocumentationforthedetailsoninstallingandconfiguringtheISAserver.
ForasuccessfulinstallationoftheUIOProxy,a.
NETframework2.
0orbettershouldtobeinstalled.
InstallalltherecommendedupdatesfromMicrosoftonthemachine.
InstallMicrosoftISAServer2006StandardEditionandcreateWebpublishingrulesfortheWebapplicationsbeforeinstallingtheUIOProxy.
Thissectionprovides:InformationoncreatingWebpublishingrulesandlistenerssothatWebapplicationsandOAAMServercanbeaccessiblefromtheInternet.
–Section6.
2.
1,"UIOProxyWebPublishingConfiguration.
"InstructionsoninstallationandprogramminginformationfortheUIOISAProxy.
–Section6.
2.
2,"RegisteringtheUIOISAProxyDLL.
"–Section6.
2.
3,"SettingstoControltheUIOProxy.
"6.
2.
1UIOProxyWebPublishingConfigurationThepurposeofthissectionistoexplainthecreationofWebpublishingrulesandlistenersinMicrosoftISAforAdaptiveAccessManagerapplications.
ItisintendedforintegratorswhoinstallandconfigureMicrosoftISAtosupportmultipleWebapplications.
6.
2.
1.
1WebListenerCreationFordetailsoncreatingaWeblistener,refertotherelevantMicrosoftdocumentation.
Thissectionprovidesanoutline.
1.
FortheWebListenerName,enterBharosaProxyListener.
2.
SelectSSLsecureconnectionasthetypeofconnectiontheWeblistenerestablisheswithclients.
3.
FortheWebListenerIPAddresses,chooseexternal,internal,andlocalhost.
4.
ChooseasinglecertificatefortheWebListenerandselectthecertificate.
5.
Specifythatyoudonotwantauthenticationforhowclientsvalidatetheircredentials.
6.
2.
1.
2WebPublishingRuleCreationInatypicaldeployment,WebapplicationsandOAAMServerrunonmachinesinaninternalnetworkandarenotdirectlyaccessiblefromtheInternet.
InthecaseoftheUIOISAProxy,onlytheUIOProxymachine,whichrunsMicrosoftISAServer,isaccessiblefromtheInternet.
PublishthefollowingviaWebpublishingrulesintheMicrosoftISAServer:OAAMServerInstallingUIOISAProxyOracleAdaptiveAccessManagerProxy6-5WebapplicationsYouneedtosettwo(atleast)rules:oneforthemainapplicationandanotherforOAAMServer.
Fordetailedinstructionsonpublishingrules,refertotherelevantMicrosoftdocumentation.
Thefollowingtipsareprovidedforyourreference.
6.
2.
1.
2.
1WebPublishingRuleCreationforOAAMServerTocreateanewWebpublishingruleforOAAMServeryoumustaccessMicrosoftISAServer'sWebpublishingrulewizardandfollowtheon-screeninstructions.
1.
Forthenameoftherule,enteranamesuchasBharosaOAAMServer.
2.
Choosetoallowincomingrequestsmatchingtheruleconditions.
3.
ChoosetopublishasingleWebsiteoraloadbalancerinfrontofseveralservers.
4.
ChooseSSLasaconnectionoptioniftheWebapplicationislisteningonSSL;otherwise,choosethenon-securedconnectionoption.
5.
Fortheinternalsitename,providethemachinenamewheretheWebserverruns.
Translatethepublicnameintotheinternalname.
6.
IftheIPaddressorthemachinenameoftheWebapplicationtobepublishedisknown,selecttheoptiontousethecomputernameorIPaddressandprovidethatinformation.
7.
Ifyouwanttoincludeallfilesandsubfolderswithinafolder,enter/*forthenameofthefileorfolderyouwanttopublish.
Ifyouneedtopublishmorethanonefileorfolder,enteronlythefirstfile/folderinstead.
Theremainingfilescanbeenteredlaterbyeditingtherule.
Lateryouenterthepathyouenteredhereforyourpublicdetails.
8.
ForyourWeblistener,selectBharosaProxyListener.
9.
Forauthenticationdelegation,selectnodelegationandthatclientcannotauthenticatedirectly.
10.
Makesureyouareabletoapplytheruletorequestsfromallusers.
Checkthepropertiesforyournewlycreatedrulebyaccessingtheruleproperties.
1.
Ifmorethanonefileorfoldersneedtobepublished,addallpaths.
2.
Ifyouhavemorethanonedomainnametoaccesstheapplication,addallthedomainnames.
6.
2.
1.
2.
2WebPublishingRuleCreationforProtectedWebApplicationsTocreateanewWebpublishingruleforWebapplications,youmustaccessMicrosoftISAServer'sWebpublishingrulewizardandfollowtheonscreeninstructions.
1.
Forthenameoftherule,enteranamesuchasOnlineBankingApplication.
2.
Choosetoallowincomingrequestsmatchingtheruleconditions.
3.
ChoosetopublishasingleWebsiteoraloadbalancerinfrontofseveralservers.
4.
ChooseSSLasaconnectionoptioniftheWebapplicationislisteningonSSL;otherwise,choosethenon-securedconnectionoption.
5.
Fortheinternalsitename,providethemachinenamewheretheWebserverruns.
InstallingUIOISAProxy6-6OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager6.
IftheIPaddressorthemachinenameoftheWebapplicationtobepublishedisknown,selecttheoptiontousethecomputernameorIPaddressandprovidethatinformation.
7.
Ifyouwanttoincludeallfilesandsubfolderswithinafolder,enter/*forthenameofthefileorfolderyouwanttopublish.
Ifyouneedtopublishmorethanonefileorfolder,enteronlythefirstfile/folderinstead.
Theremainingfilescanbeenteredlaterbyeditingtherule.
Lateryouenterthepathyouenteredhereforyourpublicdetails.
8.
ForyourWeblistener,selectBharosaProxyListener.
9.
Forauthenticationdelegation,selectnodelegationandthatclientcannotauthenticatedirectly.
10.
Makesureyouareabletoapplytheruletorequestsfromallusers.
Checkthepropertiesforyournewlycreatedrulebyaccessingtheruleproperties.
1.
Ifmorethanonefileorfoldersneedtobepublished,addallpaths.
2.
Ifyouhavemorethanonedomainnametoaccesstheapplication,addallthedomainnames.
6.
2.
2RegisteringtheUIOISAProxyDLLTheUIOISAProxyisinstalledasaWebfilterinMicrosoftISAServer.
ToinstalltheUIOISAProxy,followthesesteps:1.
CopytheBharosaProxy.
dlltotheMicrosoftISAServerinstallationdirectory,whichisbydefault,%ProgramFiles%\MicrosoftISAServer.
2.
OpenthecommandpromptandnavigatetotheMicrosoftISAServerinstallationdirectory3.
RegistertheBharosaProxy.
dllwiththefollowingcommand:regsvr32.
\BharosaProxy.
dll6.
2.
3SettingstoControltheUIOProxyVariousaspectsoftheUIOISAProxycanbecontrolledusingtheregistryvalues.
AllUIOISAProxysettingsarestoredunderHKLM\SOFTWARE\Bharosa\Proxykey.
ChangestomostoftheregistryvaluesarepickedupbytheUIOProxyimmediatelywithoutrequiringaproxyrestart.
6.
2.
3.
1ConfigurationfilesDuringstartup(andduringconfigreload),theproxyloadstheconfigurationfromthefileslistedundertheHKLM\SOFTWARE\Bharosa\Proxy\ConfigFileskey.
ThetypeofeachvalueunderthiskeyshouldbeREG_DWORD.
ThenameofeachvalueunderthiskeyshouldbethefilenamecontainingtheUIOProxyconfiguration.
ThefilenamecaneitherbefullyqualifiedorrelativetothelocationoftheBharosaProxy.
dll.
Theproxyloadsaconfigurationfileonlyifthedatahasanonzerovalue.
Thiscanbeusedtodynamicallyloadandunloadproxyconfigurationfiles.
Thefilesisloadedinthelexicographicorderofthefilenamesintheregistry.
InstallingUIOISAProxyOracleAdaptiveAccessManagerProxy6-7ChangesundertheConfigFileskeyarenoteffectiveuntileithertheproxyisrestartedorHKLM\SOFTWARE\Bharosa\Proxy\ReloadConfigissetto1.
6.
2.
3.
2ConfigurationReloadTheproxyconfigurationcandynamicallybechangedwhiletheproxyisrunning;newconfigurationfilescanbeaddedandcurrentlyloadedfilescanbeupdatedorremoved.
ThesechangesarenotapplieduntiltheReloadConfigregistryvalueissettoanonzerovalue.
WhensettingReloadConfigtoanonzerovalue,theproxyloadsconfigurationfiles.
Afterloadingthefiles,theproxyresetstheReloadConfigvalueto0.
Notethatthenewconfigurationisusedonlyfornewclient(browser)connections.
Clientsalreadyconnectedcontinuetousethepreviousconfiguration.
6.
2.
3.
3SessionIDCookieTheUIOISAProxyusesacookietoassociatemultiplerequestsfromaclient.
Thenameofthiscookiecanbeconfiguredintheregistryvalue,SessionIdCookieName(oftypeREG_SZ).
Ifthisvalueisnotpresentorempty,theUIOISAProxyusesthecookiename,BharosaProxy_SessionId.
6.
2.
3.
4ConfiguringSessionIdCookieattributesviaGlobalVariablesTheattributesoftheSessionIdCookiecanbeconfiguredusingglobalvariableslistedinTable6–1.
6.
2.
3.
5SessionInactiveIntervalSessionsintheUIOISAProxyareremovedafteracertainperiodofinactivity.
Thisperiod,inseconds,isspecifiedintheMaxSessionInactiveIntervalregistryvalue.
Ifthisvalueisnotspecified,theUIOISAProxyremovesasessionafter1200seconds(30minutes)ofinactivity.
ThisvalueshouldbesettoatleastafewsecondshigherthantheWebapplicationsessiontimeoutvalue.
Table6–1SessionIdCookieAttributesviaGlobalVariablesCookieAttributeGlobalVariableNameDescriptionexpiresSessionCookie_ExpiryInMinutesexpiresattributeisaddedtothesessioncookieifthisglobalvariableissettovaluegreaterthan0.
Thisvariablespecifiesthenumberofminutesthesessioncookieshouldbepersistedbytheclientbrowser.
HttpOnlySessionCookie_IsHttpOnlyHttpOnlyattributeisaddedtothesessioncookieifthisglobalvariableissettovaluegreaterthan0secureSessionCookie_IsSecuresecureattributeisaddedtothesessioncookieifthisglobalvariableissettovaluegreaterthan0.
domainSessionCookie_DomainLevelCountdomainattributeisaddedtothesessioncookieifthisglobalvariableisset.
Forexample,tosetthecookiedomainas.
mydomain.
comforanapplicationattest.
myserver.
mydomain.
com,setthisglobalvariableto2.
Thevalueshouldbegreaterthan1.
Ifalowervalueisspecified,theproxyuses2asthevalue.
InstallingUIOApacheProxy6-8OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager6.
2.
3.
6SettingsforTroubleshootingTracemessagesfromtheUIOISAProxycanbeusedfortroubleshootinganyissueswiththeproxyconfigurationandoperation.
Tracesettings,liketracelevelanddestinations,canbecontrolledusingtheregistryvaluesunderHKLM\SOFTWARE\Bharosa\Proxy.
RegistryvaluesareshowninTable6–2.
6.
3InstallingUIOApacheProxyToinstalltheUIOApacheProxy,anewApacheHypertextTransferProtocolDaemon(httpd)hastobeinstalledintowhichtheUIOApacheProxyisinstalled.
ThisApachehttpdusesthemod_proxy,amodulethatimplementstheproxy/gateway/cache,toreverse-proxy(proxyonbehalfofthebackendapplicationthathastobeprotected).
TheInstallationsectioncontainsinformationforinstallingtheUIOApacheProxyforWindowsandLinuxplatforms.
Theinstallationprocedureinvolves:EnsuringthattheApachehttpdrequirementsaremetSeeSection6.
3.
2,"ApachehttpdRequirements.
"CopyingtheUIOProxydllsandsupporteddllstospecificdirectoriesinApacheTable6–2SettingsforTroubleshootingNameTypeDescriptionTraceFilenameREG_SZFullpathtothefileinwhichthetracemessagesshouldbewrittentoTraceFileMaxLengthREG_DWORDMaximumlengthofthetracefileinbytes.
Oncethetracefilereachesthissize,theproxyrenamesthefilebyaddingthetimestamptothefilenameandcreateanewtracefiletowritesubsequenttracemessages.
TraceToFileREG_DWORDTracemessagesarewrittentofileonlyifthisvalueisnonzero.
TraceToDebugTerminalREG_DWORDTracemessagesarewrittentodebugtheterminalonlyifthisvalueisnonzero.
ToolslikeDbgViewcanbeusedtoviewthesetracemessagesinrealtime.
TraceLevelREG_DWORDEachtracelevel(debug,info,warning,error)hasanintegervalueassociated.
Theregistryvalueshouldbesettothesumofdesiredthetracelevelvalues.
FATAL0x1,ERROR0x2,WARN0x4INFO0x8,DEBUG0x10,HTML0x80,FLOW0x80000IgnoreUrlMappingsREG_DWORDIfthisvalueisnonzero,theproxyignoresalltheinterceptorsdefinedintheUIOProxyconfiguration.
EssentiallythisplacestheUIOISAProxyinpass-throughmode.
CaptureTrafficREG_DWORDTheproxydoesnothandle(save,inspect)theHTTPtrafficforURLsthatdon'thaveinterceptorsdefinedintheconfiguration.
Butduringapplicationdiscoveryprocess,itisnecessarybackupofalltheHTTPtrafficthroughtheproxy.
Onsuchoccasion,thisregistryvalueshouldbesettononzero.
InstallingUIOApacheProxyOracleAdaptiveAccessManagerProxy6-9SeeSection6.
3.
3,"CopyingtheUIOApacheProxyandSupportedFilestoApache.
"Configuringmemcache(forLinuxonly)SeeSection6.
3.
4,"ConfiguringMemcache(forLinuxonly).
"Editingthehttpd.
conftoactivatetheUIOProxySeeSection6.
3.
5,"Configuringhttpd.
conf.
"Aspartofthissection,informationisalsoprovideonoptionallyinstallingthemod_proxy_html,whichisneededtorewritetheHTMLlinksinaproxysituation,toensurethatlinksworkfortheusersoutsidetheproxyModifyingthesettingsoftheUIOProxyusingapplicationconfigurationXMLfilesSection6.
3.
6,"ModifyingtheUIOApacheProxySettings.
"Thepost-installationproceduresinvolve:Section6.
4,"SettingUpRulesandUserGroups.
"CreatinganewusertoruntheUIOApacheProxyprocess(onLinuxonly)Section6.
5,"SettingUpPolicies.
"6.
3.
1UIOProxyFilesforWindowsandLinuxTheUIOApacheProxybinariesforWindowsandLinuxaredifferent.
SincetheUIOProxyisinC/C++,thesamebinarydonotworkondifferentplatforms(unlikeJava).
Thefilesarelocatedunder$ORACLE_HOME/oaam/oaam_proxyplatform_specific_file.
6.
3.
1.
1WindowsForWindows,thebinaryfilesarelistedinTable6–3.
ThedatafilesarelistedinTable6–4.
Table6–3WindowsBinaryFilesNameDescriptionmod_uio.
soUIOApacheProxymodulelog4cxx.
dllApacheLog4cxxlibrarylibxml2.
dllXML/HTMLParserapr_memcache.
dllAPRMemcacheclientlibrary.
Table6–4WindowsDatafilesNameDescriptionUIO_Settings.
xmlUIOApacheProxySettingsXMLfileUIO_log4j.
xmlUIOApacheProxyLog4j(log4cxx)configurationXMLfileTestConfig.
xmlUIOApacheProxySampleapplicationconfigurationfileUIO_Settings.
rngRelaxNGgrammarforUIO_Settings.
xmlUIO_Config.
rngRelaxNGgrammarforapplicationconfigurationXMLfilesInstallingUIOApacheProxy6-10OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager6.
3.
1.
2LinuxForLinux,thebinaryfilesarelistedinTable6–5.
ThedatafilesarelistedinTable6–6.
6.
3.
2ApachehttpdRequirementsThepre-installationstepsinvolvedfordownloadingorbuildingtheApachehttpd,dependontheplatform,WindowsorLinux,andonwhethercertainrequirementsaremet.
6.
3.
2.
1WindowsYoucandownloadthelatestApachehttpd(2.
2.
8)buildforWindowsfromtheApacheWebsite.
Ensurethat:theApachehttpd(2.
2.
8)buildisversion2.
2.
8themod_proxysupportisenabled(thestandardinstallationcontainsthemod_proxy)themod_sslsupportisenabled6.
3.
2.
2LinuxInstructionstobuildtheApachehttpdareavailableontheApacheWebsite.
WhenyoubuildApache,ensurethattheApachehttpd(2.
2.
8)buildisversion2.
2.
8themod_soisenabled(fordynamicallyloadingmodules)themod_proxyisenabledthemod_sslsupportisenabledTable6–5LinuxBinaryFilesNameDescriptionmod_uio.
soUIOApacheProxymoduleliblog4cxx.
so.
0.
10.
0.
0ApacheLog4cxxlibrarylibxml2.
so.
2.
6.
32XML/HTMLparserlibapr_memcache.
so.
0.
0.
1APRMemcacheclientlibrary.
Table6–6LinuxDataFilesNameDescriptionUIO_Settings.
xmlUIOApacheProxySettingsXMLfileUIO_log4j.
xmlUIOApacheProxySampleLog4j(log4cxx)configurationXMLfileTestConfig.
xmlUIOApacheProxySampleapplicationconfigurationfilesUIO_Settings.
rngRelaxNGgrammarforUIO_Settings.
xmlUIO_Config.
rngRelaxNGgrammarforapplicationconfigurationXMLfilesInstallingUIOApacheProxyOracleAdaptiveAccessManagerProxy6-116.
3.
3CopyingtheUIOApacheProxyandSupportedFilestoApacheInstructionsareprovidedinthissectionforcopyingtheUIOApacheProxyandsupportfilestospecificdirectoriesinApacheforbothWindowsandLinuxplatforms.
6.
3.
3.
1WindowsTable6–7summarizes:ThedirectoriesyouhavetocopytheUIOApacheProxyfilestoafterinstallationThetreestructureoftheUIOApacheProxylibrariesandconfigurationfiles,assumingthatyouinstalledthefilesinC:\Apache2.
2ThedirectoriestheUIOApacheProxybinaryfilesgointoarelistedinTable6–7.
ThedatafilesareputinthedirectoriessummarizedinTable6–8.
Ifyouwanttochangethelocationofthevariousconfigurationfiles,refertothe"Configuringhttpd.
conf"section.
6.
3.
3.
2LinuxAftertheinstallationoftheApachehttpd,youmustcopytheUIOApacheProxybinaryfilesinto(assumingApachehttpdisinstalledin/usr/local/apache2)thedirectoriesshowninTable6–9.
Table6–7DirectoriesforWindowsUIOProxyBinaryFilesDirectoriesFileDescriptionsC:\Apache2.
2\modules\mod_uio.
soUIOApacheProxymoduleC:\Apache2.
2\bin\log4cxx.
dllApacheLog4cxxlibraryC:\Apache2.
2\bin\libxml2.
dllXML/HTMLParserC:\Apache2.
2\bin\apr_memcache.
dllAPRMemcachelibrary.
Table6–8DirectoriesforWindowsUIOProxyDataFilesDirectoriesFileDescriptionsC:\OAAMUIO\UIO_Settings.
xmlUIOApacheProxysettingsXMLfileC:\OAAMUIO\UIO_log4j.
xmlUIOApacheProxyLog4j(log4cxx)configurationXMLfileC:\OAAMUIO\TestConfig.
xmlUIOApacheProxyapplicationconfigurationfiles(anynumber)C:\OAAMUIO\UIO_Settings.
rngRelaxNGgrammarforUIO_Settings.
xmlC:\OAAMUIO\UIO_Config.
rngRelaxNGgrammarforapplicationconfigurationXMLfilesC:\OAAMUIO\logs\uio.
logUIOApacheProxylogTable6–9DirectoriesforLinuxUIOProxyBinaryFilesDirectoriesDescription/usr/local/apache2/modules/mod_uio.
soUIOApacheProxyModule/usr/local/apache2/lib/liblog4cxx.
so.
0.
10.
0.
0ApacheLog4cxxLibrary/usr/local/apache2/lib/libxml2.
so.
2.
6.
32XML/HTMLParserInstallingUIOApacheProxy6-12OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerThen,createsoftlinkstothelibrariesasfollows:cd/usr/local/apache2/libln-sliblog4cxx.
so.
10.
0.
0liblog4cxx.
so.
10ln-slibxml2.
so.
2.
6.
32libxml2.
so.
2ln-slibapr_memcache.
so.
0.
0.
1libapr_memcache.
so.
0Also,ensurethatthebinaryfileshaveexecutablepermission.
Apachehttpdistypicallyrunasrootsothatitcreatesaparentprocessthatlistensonport80,anditspawnshandlerprocessesthatrunastheusergivenintheUserdirectiveinhttpd.
conf.
Forthisreason,createausercalledoaamuiothatisthecheckpointuserfortheUIOApacheProxy.
Theproxyconfigurationandlogfilesareaccessiblebythisuser.
Ensurethatonlythisusercanaccessthelogfiles.
Assuming/home/oaamuioisthehomedirectoryforthisuser,thedirectorystructurelooksliketheonepresentedinTable6–10.
TheUIOApacheProxydatafilesshouldfollowthedirectorystructureshowninTable6–10.
Ifyouwanttochangethelocationofthevariousconfigurationfiles,refertothe"Configuringhttpd.
conf"section.
Therun-timeuserofhttpdshouldhavetheappropriatepermissionstoaccessallthesefiles.
6.
3.
4ConfiguringMemcache(forLinuxonly)ThisisanoptionalconfigurationthatmaybeneededforLinuxdeploymentofUIOApacheProxy.
TheUIOApacheProxymaintainsasessionfortheuserwhereitkeepslocalstatesuchassessionlevelvariablesfortheuser.
OnWindows,thereisalwaysasingleprocessforApachehttpdserverrunningandsothissessioninformationislocaltotheprocess.
OnLinux,youcouldhavemultipleApachehttpdserverprocessesrunningwhichmeansthesessioninformationcannotbekeptlocaltotheprocessbutneedstobecentralized.
Inthiscase,memcachedisusedtoholdthesession/usr/local/apache2/lib/libapr_memcache.
so.
0.
0.
1APRMemcacheclientlibrary.
Table6–10DirectoriesforLinuxUIOProxyDataFilesDirectoriesDescription/home/oaamuio/uio/UIO_Settings.
xmlUIOApacheProxysettingsXMLfile/home/oaamuio/uio/UIO_log4j.
xmlUIOApacheProxyLog4j(log4cxx)configurationXMLfile/home/oaamuio/uio/TestConfig.
xmlUIOApacheProxyapplicationconfigurationfiles(anynumber)/home/oaamuio/uio/UIO_Settings.
rngRelaxNGgrammarforUIO_Settings.
xml/home/oaamuio/uio/UIO_Config.
rngRelaxNGgrammarforapplicationconfigurationXMLfiles/home/oaamuio/uio/logs/uio.
logUIOApacheProxylogTable6–9(Cont.
)DirectoriesforLinuxUIOProxyBinaryFilesDirectoriesDescriptionInstallingUIOApacheProxyOracleAdaptiveAccessManagerProxy6-13information.
ThefollowingdescriptionistoidentifywhenyoumustusememcachedtoholdtheUIOApacheProxysessioninformation.
ApachehttpdshipswithaselectionofMulti-ProcessingModules(MPMs)whichareresponsibleforbindingtonetworkportsonthemachine,acceptingrequests,anddispatchingchildrentohandletherequests.
OnLinux:httpdcanrunwithtwodifferentMPMs:httpdwithpreforkMPM(single-threaded)orwithworkerMPM(multi-threaded).
TheMPMisbuiltintothehttpdandisnotarun-timeoption.
WithpreforkMPM,httpdmaintainsapoolofsingle-threadedprocesses,whereeachrequestishandledbyasingleprocess.
Inthiscase,youmustconfigureUIOApacheProxytousememcached.
WithworkerMPM,httpdmaintainsapoolofmultithreadedprocesses,whereeveryprocesscouldbehandlingmultiplerequestsatatime.
Inthiscase,youcanconfigureApachehttpdtolaunchasingleprocessandavoidusingmemcached.
However,thedefaultconfigurationlaunchesmultipleprocessesandifyouwanttokeepthatunchanged,thenyoumustconfigureUIOApacheProxytousememcached.
Hereisanexampleofhttpd.
confexamplethatcanbeusedtoconfigureaworkerMPMtolaunchasingleprocess.
#FollowingforcesworkerMPMtorun1process(makesuremod_cgidis#notloaded,otherwiseitstartsonemorehttpdprocess).
#BasicallyThreadLimit=MinSpareThreads=MaxSpareThreads=MaxClients=ThreadsPerChild#andStartServers=1.
SettingMaxRequestsPerChildto0ensuresthattheprocessisnot#bounced.
ThreadLimit150StartServers1MinSpareThreads150MaxSpareThreads150MaxClients150ThreadsPerChild150MaxRequestsPerChild0OnWindows,httpdMPMisalwaysinmulti-threadingmodewithasingleprocess.
OnLinux,inthecasewherethehttpdrunsmultipleprocess(irrespectiveofsingleormultithreaded),theUIOApacheProxysessiondatamustbemaintainedinacommonstore(databaseorcache)sothatmultipleprocessescanaccessthesessiondata.
TheUIOProxyusesmemcache(amemorybasedveryfastcache)tostorethesessiondata.
Atstartup,theUIOProxyautodetectswhetherhttpdisrunningwithasingleprocessormultipleprocesses.
Ifhttpdisrunningwithmultipleprocesses(whichisthecasewithpreforkorworkermpmonLinux),ittriestoconnecttothememcachedaemonusingdefaultconnectionparameters(thataredefinedinSection6.
3.
6.
1,"UIO_Settings.
xml").
OnWindows,bydefault,theUIOProxyuseslocalsessions.
Itdoesnotconnecttothememcachedaemon;howeveritcanalsobeconfiguredtomaintainsessiondatainthememcachedaemon(explainedinSection6.
3.
6.
1,"UIO_Settings.
xml").
ForthescenarioswheretheUIOApacheProxyisconnectingtomemcachedaemon,youmustinstallmemcacheonyoursystemusingtheinstructionsfromthememcacheWebsiteandrunthememcachedaemon(s)beforerunningtheApachehttpd.
Installmemcacheusinginstructionsat:InstallingUIOApacheProxy6-14OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerhttp://www.
danga.
com/memcachedYoumayalreadyhaveabinaryinstallationavailablefromyourLinuxdistribution.
TheUIOApacheProxyhasbeentestedwithversion1.
2.
5ofmemcache.
6.
3.
5Configuringhttpd.
confThissectionprovidesinformationonhowtoeditthehttpd.
conffiletoactivatetheUIOApacheProxy.
Thehttpd.
conffileisthemainconfigurationfileusedbytheApacheHTTPServer.
6.
3.
5.
1BasicConfigurationwithoutSSLInthesampleinstallation,theApachehttpdhasbeeninstalledinc:\ProgramFiles\Apache2.
2or/usr/local/apache2.
Toensurethathttp.
confiscorrectlysetupinyourenvironment,followthesesteps:1.
Ensurethatthefollowinglinesareuncommentedtoenablemod_proxy.
LoadModuleproxy_modulemodules/mod_proxy.
soLoadModuleproxy_http_modulemodules/mod_proxy_http.
so2.
AddthefollowinglinetotheendoftheLoadModulegroupoflinestoactivatetheUIOApacheProxy.
LoadModuleuio_modulemodules/mod_uio.
so3.
AddalinetopointtotheUIO_Settings.
xmlfilethathasthesettingsfortheUIOApacheProxy.
OnWindows(allpathsshouldbewithforwardslashes),UioProxySettingsFilec:/OAAMUIO/UIO_Settings.
xmlOnLinux,UioProxySettingsFile/home/oaamuio/uio/UIO_Settings.
xml4.
Disablemod_proxy'sforward-proxyingcapabilitysinceitisnotneeded.
ProxyRequestsOffOrderdeny,allowAllowfromall5.
Enablethemod_proxyconfigurationtoreverse-proxytooaam_serverandthetargetapplicationisbeingprotectedbyOAAM.
ProxyPass/oaam_server/http://:/oaam_server/ProxyPassReverse/oaam_server/http://:/oaam_server/ProxyPass//http://://ProxyPassReverse//http://:/6.
Settheuser/groupofhttpdusingUserandGroupdirectivestooaamuio.
Theactualsettingsfor#4and#5areinstallation-specific.
Theyareonlyexamplesofthesettingsyoumustset.
Forinformationonsettingdetails,refertotheApacheWebsite.
WiththechangesdescribedandbyproperlysettingupUIO_Settings.
xml,youshouldbeabletoaccessOAAMServer(oaam_server)andtargetapplicationandrunPhaseOnescenarios.
TheURLforthetargetapplicationis:http://:/Sofarinthischapter,theconfigurationtotheproxyhasbeenperformedwithoutusingSSL.
6.
3.
5.
2ConfigurationwithSSLToenableSSL,refertotheApacheWebsiteforTomcatandforApacheprocedures.
NotethattheUIOApacheProxyrequiresmod_ssltobepartofhttpd.
ThisensuresthattheOpenSSLlibraryislinkedinandisproperlyconfiguredfortheUIOApacheProxytogeneratesessionids.
Youneedtoensurethatmod_sslisloadedandyoudonotneedtoperformanyconfigurationifyouarenotusingSSL.
mod_proxy_htmlmodule(optional)Optionally,youmayneedtoinstallthemod_proxy_html(http://apache.
webthing.
com/mod_proxy_html/)Apachemodule.
ThismoduleisneededonlyiftheprotectedapplicationhasWebpagesthathavehard-codedURLlinkstoitself.
IftheapplicationhasrelativeURLs,youdonotneedthismodule.
FromtheirWebsite,theexecutivesummaryofthismoduleisasfollows:mod_proxy_htmlisanoutputfiltertorewriteHTMLlinksinaproxysituation,toensurethatlinksworkforusersoutsidetheproxy.
ItservesthesamepurposeasApache'sProxyPassReversedirectivedoesforHTTPheaders,andisanessentialcomponentofareverseproxy.
Forexample,ifacompanyhasanapplicationserveratappserver.
example.
comthatisonlyvisiblefromwithinthecompany'sinternalnetwork,andapublicWebserverwww.
example.
com,theymaywishtoprovideagatewaytotheapplicationserverathttp://www.
example.
com/appserver/.
Whentheapplicationserverlinkstoitself,thoselinksneedtoberewrittentoworkthroughthegateway.
mod_proxy_htmlservestorewritefoobartofoobarmakingitaccessiblefromoutside.
"6.
3.
6ModifyingtheUIOApacheProxySettings6.
3.
6.
1UIO_Settings.
xmlInstallingUIOApacheProxy6-16OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerLog4jPropertiesSetthelocationoflog4j.
xmlfilethatdefinestheloggingconfigurationfortheUIOApacheProxy.
Thelocationshouldbeanabsolutepath;itcannotbeServerRootrelative.
OnLinux,youhavetoensurethatthehttpdprocesscanaccessthedirectory.
Whenusinghttpdinamultiprocessingmode,donotuseFileAppender;useSocketAppenderinsteadtologthelogsfromthedifferentprocesses.
Refertothelog4jdocumentationontheInternetformoreinformation.
GlobalVariableGlobalVariableisaglobalvariablethatisusedintheapplicationconfiguration.
Youcanhaveanynumberofsuchname-valuepairs.
ConfigFileConfigFileistheabsolutepathtoanapplicationconfiguration.
Youcanhaveanynumberofsuchconfigurations.
Again,youneedtomakesure,onLinux,thatthehttpdprocesshasthepermissionstoaccessthesefiles.
Referto"ConfiguringtheUIOProxy"tounderstandhowtoperformaconfigurationforanapplication.
MemcacheMemcachehastheIPaddressandportofamemcacheserver.
YoucanhavemultipleMemcacheelementsinthesettingsfileifyouhavemultiplememcacheserversInstallingUIOApacheProxyOracleAdaptiveAccessManagerProxy6-17running.
Ifyouhaveasinglelocalmemcacherunning,youdonotneedtohavethiselementatall.
Bydefault,theUIOApacheProxytriestoconnecttomemcacheonIPaddress127.
0.
0.
1andport11211.
SettingsTheseareflagstocontrolthebehavioroftheUIOApacheProxy.
VarioussettingsarelistedinTable6–11.
Table6–11OAAMUIOProxySettings.
FlagsDescriptionMaxSessionInactiveInterval_secUIOApacheProxymaintainsasessionforeveryuserpassesthroughtheproxy.
Thissettingsetstheexpirytimeofthissessionaftertheuserbecomesinactive.
Itisinseconds(defaultis30minutes)Forexample,GarbageCollectorInterval_msIntervalforrunningsessionexpirythread(default=5minutes)Forexample,FileWatcherInterval_msIntervalforcheckingifthesettingsoranyconfigfilehaschanged(default=1minute)Forexample,(AftermodifyingtheconfigurationXMLfile,eventhoughtheproxyupdatestheconfigurationonthefly,itisadvisabletorestartthehttpdserver.
)SessionIdCookieName_strNameofthecookieusedbyUIOApacheProxytomaintainitssession(default=OAAM_UIOProxy_SessionIdForexample,SessionCookie_DomainLevelCountDomainlevelfortheUIOApacheProxysessioncookie.
Doesnotaffectanyothercookie.
Forexample,SessionCookie_ExpiryInMinutesThevalueofthissettingisusedtocomputetheexpirytimethatisputintheexpiresattributeoftheSet-CookieheaderoftheUIOApacheProxysessioncookie.
Defaultiszerowhichmeanstheexpiresattributeisnotadded.
SessionCookie_IsHttpOnlyIfsetto1,theUIOApacheProxysessioncookieismarkedasHTTPonlyintheSet-CookieHeader.
Affectsonlythiscookie.
DefaultisnottomarkthecookieasHTTPonly.
Onasupportedbrowser,aHttpOnlycookieisonlyusedwhentransmittingHTTP(orHTTPS)requests,butthecookievalueisnotavailabletoclientsidescript,hencemitigatethethreatofcookietheftviaCross-sitescripting.
SessionCookie_IsSecureIfsetto1,UIOApacheProxysessioncookieismarkedassecureintheSet-Cookieheader.
Itdoesnotaffectanyothercookie.
Thedefaultisnottomarkthecookieassecure.
AsecurecookieisonlyusedwhenabrowserisvisitingaserverviaHTTPS,thatwillmakesurethatcookieisalwaysencryptedwhentransmittingfromclienttoserver,andthereforelesslikelytobeexposedtocookietheftviaeavesdropping.
InstallingUIOApacheProxy6-18OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager6.
3.
6.
2UIO_log4j.
xmlForactuallog4jformatdetails,refertolog4jmanualavailableontheInternet.
Apache::log4cxxisaC++implementationofthelog4jframeworkandtheXMLfileformatiscommontolog4cxxandlog4j.
AvailableUIOApacheProxyLog4jloggersarelistedbelow.
IgnoreUrlMappingsIgnoretheapplicationconfigurationXMLfiles;theproxybehavesasaflow-throughproxyForexample,.
Thevalueof0disablesthismodeandthevalueof1enablescapturetrafficmode.
Thevalueof1willmaketheproxyactasflow-throughandthevalueof0willenabletheconfigurationXMLinterceptors.
CaptureTrafficCapturetheHTTPtraffic-headersandcontentinthelogfiles.
Thismodeisfordebuggingpurpose.
Notethatitcapturestheheadersandcontentsasisandcouldcontaincustomer'spersonaldata.
Usethismodewithcautionandonlyfordebugging/test.
Forexample,.
Valueof1enablescapturetrafficand0disablesit.
MaxReqBodyBytesMaximumrequestbodythatcanbeprocessedbytheproxyandrequestbodybiggerthanthisvaluewillbetruncated.
ThisisnecessarywhentheapplicationhasPOSTswithbigfilesgettinguploaded.
Forexample,UseMemcacheForcetheuseofmemcacheevenwhenhttpdisrunninginsingleprocessmode.
Hasnoeffectwhenrunninginmultipleprocessmode.
Appliesatstartupandrequiresrestartinghttpdforchangetoapply.
Forexample,".
Valueof1enablesuseofmemcacheforasingleprocesshttpd.
Valueof0isignored.
CachedConfigExpiry_secExpirytimeforunusedconfigXMLdatainmemory,ifmultipleconfigXMLconfigurationshavebeenloadedintomemory.
ThishappenswhenconfigXMLfilesareautomaticallyloadedwhentheyaremodified.
(Default=60minutes).
Forexample,AutoLoadConfigSetto1toenableauto-loadingofconfigXMLfileswhentheyaremodifiedbyuser.
Setto0toturnthisfeatureoff.
Youcanenablethisfeaturewhenusingsingle-processmodeofhttpd.
Donotenablethisfeatureformultipleprocessmodeofhttpdforproductionuse,sinceindividualprocessescouldhavedifferentversionsoftheconfigXMLfiles.
Forexample,.
Valueof1enablesauto-loadand0disablesit.
SettingnameEnablesinternalprofilingforvariousoperationssuchasperinterceptionphaseandprintsthatoutinthelogsinmicroseconds.
Itshouldbeusedonlyfordebuggingandprofilinginnon-productionenvironmentsasthismayimpactperformance.
ThelogsappearatINFOlevelandalsoatTRACElevelTable6–12UIOApacheProxyLog4jLoggersLoggersDescriptionconfig.
readerTheUIO_ConfigXMLfileloadingrelatedclassesusethislogger.
settings.
readerTheUIO_SettingsXMLfileloadingclassesusethislogger.
config.
datastoreTheUIO_ConfigXMLfileloadingrelatedclassesusethislogger.
Table6–11(Cont.
)OAAMUIOProxySettings.
FlagsDescriptionConfiguringtheUIOProxyOracleAdaptiveAccessManagerProxy6-196.
3.
6.
3ApplicationconfigurationXMLsTheseXMLfilesaretheapplicationconfigurationfilesthataredefinedintheConfigFileelementofUIO_Settings.
xmlfile.
6.
4SettingUpRulesandUserGroupsForinformationonsettinguprulesandusergroups,refertotheOracleFusionMiddlewareInstallationGuideforOracleIdentityManagement.
6.
5SettingUpPoliciesTosetuppoliciesfortheUIOProxy,importtheout-of-the-boxpolicies.
InformationaboutimportingpoliciesisavailableintheOracleFusionMiddlewareAdministrator'sGuideforOracleAdaptiveAccessManager.
6.
6ConfiguringtheUIOProxyTheproxyinterceptsallHTTPtrafficbetweentheclientbrowserandtheWebapplicationandperformsactionsspecifiedintheconfigurationfiles.
TheUIOISAProxyusestheXMLSchemaDefinitionwhichisdescribedintheBharosaProxy.
xsdandtheUIOApacheProxyusestheXMLRelaxNGdefinitionwhichisintheUIO_Config.
rngfileintheproxydistribution.
configTheUIO_ConfigXMLfileloadingrelatedclassesusethislogger.
config.
reader.
populatorTheUIO_ConfigXMLfileloadingrelatedclassesusethislogger.
conditionAllconditionsdefinedinUIO_Config.
xmlusethislogger.
filterAllfiltersdefinedinUIO_Config.
xmlusethislogger.
actionAllactionsdefinedinUIO_Config.
xmlusethislogger.
interceptorAllactionsdefinedinUIO_Config.
xmlusethislogger.
requestcontextHTTPrequestprocessingisperformedbyclassesthatusethislogger.
proxyHTTPrequestprocessingisperformedbyclassesthatusethislogger.
htmlpageHTMLpagerelatedprocessingisperformedbyclassesthatusethislogger.
httpreqimplHTTPrequestprocessingisperformedbyclassesthatusethislogger.
containerHTTPrequestprocessingisperformedbyclassesthatusethislogger.
sessionsUIOProxysessionmanagementrelatedclassesusethislogger.
httpLoggerthatisusedtologallHTTPtrafficwhenCaptureTrafficsettingisturnedon.
distsessionsUIOProxysessionmanagementrelatedclassesusethislogger.
Note:Theloggerdocumentationisprovidedforcompletenessandtoenablethedeploymentengineertomakebettersenseofthelogs.
TypicallyforadebuggingscenarioturnonthelogleveltoDEBUGanddonottrytofilterbyanyloggers.
Table6–12(Cont.
)UIOApacheProxyLog4jLoggersLoggersDescriptionConfiguringtheUIOProxy6-20OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager6.
6.
1ElementsoftheUIOProxyConfigurationFileThefollowingsectionsdescribevariouselementsoftheproxyconfigurationfile.
6.
6.
1.
1ComponentsofInterceptorsInterceptorsarethemostimportantelementsintheproxyconfiguration.
Authoringtheproxyconfigurationfiledealsmostlywithdefininginterceptors.
Therearetwotypesofinterceptors:requestinterceptorsandresponseinterceptors.
Asthenamessuggest,requestinterceptorsareusedwhentheproxyreceivesHTTPrequestsfromtheclientbrowserandresponseinterceptorsareusedwhentheproxyreceivesHTTPresponsefromtheserver,forexample,WebapplicationorOAAMServer.
Therearefourcomponentstoaninterceptorandallofthemareoptional.
1.
ListofURLs-theinterceptorwillbeevaluatediftheinterceptorURLlistcontainsthecurrentrequestURLoriftheURLlistisempty.
TheURLsmustbeanexactmatch;thereisnosupportforregularexpressions.
Forarequestinterceptor,thisisthesetofURLsforwhichtherequestinterceptorwillbeexecutedintherequestportionoftheHTTPrequest,forexample,onthewayfromtheclienttotheserver.
Foraresponseinterceptor,theURListhatoftheHTTPrequest;theresponseinterceptorwillbeexecutedintheresponseportionoftheHTTPrequest,forexample,whilegettingtheresponsefromtheservertotheclient.
IftheURLhasqueryparameters,thentheyshouldnotbelisted.
Youcanuseconditionstocheckforanyqueryparameters.
2.
Listofconditions-conditionscaninspecttherequest/responsecontents,suchascheckingforthepresenceofanHTTPheader/parameter/cookie,andsoon,ortestingwhetheraheader/parameter/cookiehasaspecificvalueornot.
Filtersandactiondefinedintheinterceptorwillbeexecutedonlyifalltheconditionsspecifiedaremetorifnoconditionisspecified.
3.
Listoffilters-filtersperformanactionthatmightmodifytherequest/responsecontentsormodifysomestateinformationintheproxy.
Forexample,afiltercanadd/removeHTTPheaders,saveHTTPheader/parameter/cookievalueinaproxyvariable,andsoon.
4.
Action-afterexecutingthefilterstheinterceptorwillperformtheaction,ifoneisspecified.
Actionscanbeoneofthefollowing:a.
aredirecttheclienttoadifferentURLb.
sendasavedresponsetotheclientc.
performaHTTPgetonserverd.
performaHTTPpostonservere.
sendasavedrequesttotheserverConfiguringtheUIOProxyOracleAdaptiveAccessManagerProxy6-216.
6.
1.
2ConditionsConditionsareusedintheproxytoinspectHTTPrequest/responseorthestateinformationsavedintheproxy(variables).
Eachconditionevaluatestoeithertrueorfalse.
Conditionsareevaluatedintheordertheyarelistedintheconfigurationfileuntilaconditionevaluatestofalseorallconditionsareevaluated.
Table6–14listsconditionsthatcanbedefinedinaninterceptor.
Table6–13ComponentsofInterceptorsInterceptorAttributesDescriptionRequestInterceptorid,desc,post-exec-action,isGlobal,enabledRequestInterceptordefinesaninterceptorthatwillberunduringtherequestphase.
Ithasanid,description.
Optionallyithasapost-exec-actionthattakesthevaluescontinue,stop-intercept,stop-phase-intercept;thedefaultiscontinue.
OptionallyithasisGlobalwhichtakesthevaluestrueorfalseandisfalsebydefault.
Italsotakestheenabledattributewhichisalsooptionalandistruebydefault.
ResponseInterceptorid,desc,post-exec-action,isGlobal,enabledResponseInterceptordefinesaninterceptorthatisrunduringtheresponsephaseoftheHTTPrequest.
TheattributesofthiselementaresimilartothatofRequestInterceptor.
ThiselementcontainszeroormoreRequestUrlelements,zeroormoreconditionselements,zeroormorefilterelements,zerooronetargetelement.
TheRequestUrlelementhasasingleURLelementforwhichthisinterceptorwillexecute.
TheURlmustbeanexactmatch.
ThereisnoregularexpressionorpatternsupportfortheURL.
InsteadoftheRequestUrlelementthereisaResponseUrlelementwhichhassimilarmeaning.
AllelseissimilartotheRequestInterceptor.
Table6–14ConditionsDefinedinanInterceptorConditionnameAttributesDescriptionHeaderPresentenabled,nameChecksthepresenceofthespecifiedheaderinrequest/response.
Theheadernameshouldbeterminatedbyacolon(":").
Example:ParamPresentenabled,nameChecksthepresenceofthespecifiedparameterintherequest.
Example:QueryParamPresentenabled,nameChecksthepresenceofthespecifiedqueryparameterintheURL.
Example:ConfiguringtheUIOProxy6-22OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerVariablePresentenabled,nameCheckswhetherthespecifiedproxyvariablehasbeenset.
Example:RequestCookiePresentenabled,nameChecksthepresenceofthespecifiedcookieintherequestExample:ResponseCookiePresentenabled,nameChecksthepresenceofthespecifiedcookieintheresponseExample:HeaderValueenabled,name,value,mode,ignore-caseCheckswhetherthespecifiedrequest/responseheadervaluematchesthegivenvalue.
Theheadernameshouldbeterminatedbyacolon(":").
Example:ParamValueenabled,name,value,mode,ignore-caseCheckswhetherthespecifiedrequestparametervaluematchesthegivenvalue.
Example:QueryParamValueenabled,name,value,mode,ignore-caseCheckswhetherthespecifiedURLqueryparametervaluematchesthegivenvalue.
Example:VariableValueenabled,name,value,mode,ignore-caseCheckswhetherthespecifiedproxyvariablevaluematchesthegivenvalue.
Example:RequestCookieValueenabled,name,value,mode,ignore-caseCheckswhetherthespecifiedrequestcookievaluematchesthegivenvalue.
Example:Table6–14(Cont.
)ConditionsDefinedinanInterceptorConditionnameAttributesDescriptionConfiguringtheUIOProxyOracleAdaptiveAccessManagerProxy6-23ResponseCookieValueenabled,name,value,mode,ignore-caseCheckswhetherthespecifiedresponsecookievaluematchesthegivenvalue.
Example:HttpStatusenabled,statusCheckswhetherthestatuscodeoftheresponsematchesthegivenvalue.
Example:HtmlElementPresentenabled,name,attrib-name1,attrib-value1,attrib-name2,attrib-value2,…attrib-name9,attrib-value9,Checkspresenceofahtmlelementtomatchthespecifiedconditions:Example:PageContainsTextenabled,textCheckswhethertheresponsecontainsthegiventext.
Example:NotVariableValueenabled,name,value,mode,ignore-caseCheckswhetherthespecifiedproxyvariablevaluedoesnotmatchthegivenvalue.
Example:Table6–14(Cont.
)ConditionsDefinedinanInterceptorConditionnameAttributesDescriptionConfiguringtheUIOProxy6-24OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerAttributeidisoptionalandisusedonlyintracemessages.
Ifnovalueisspecified,theconditionname(likeHeaderPresent)willbeused.
Attributeenabledisoptionalandthedefaultvalueistrue.
Thisattributecanbeusedtoenable/disableacondition.
Thevalueofthisattributecanbesettothenameofaglobalvariable;insuchcase,theconditionwillbeenabledordisabledaccordingtothevalueoftheglobalvariable.
Attributevaluecanbesettothenameofaproxyvariable.
Insuchacase,theproxywillevaluatethevariableatcheckpointandusethatvalueinthecondition.
Attributemodecanbesettooneofthefollowing:begins-with,ends-with,contains.
Attributeignore-casecanbesettooneofthefollowing:true,false.
6.
6.
1.
3FiltersFiltersareusedintheproxytomodifyHTTPrequest/responsecontentsormodifythestateinformationsavedintheproxy(variables).
Filtersareexecutedintheordertheyarelistedintheconfigurationfile.
Table6–15listsfiltersthatcanbedefinedinaninterceptor.
AndenabledEvaluatestotrueonlyifallthechildconditionsevaluatetotrue.
Example:OrenabledEvaluatestotrueifoneofthechildconditionsevaluatestotrue.
Example:NotenabledReversestheresultofthechildcondition(s).
Example:Table6–14(Cont.
)ConditionsDefinedinanInterceptorConditionnameAttributesDescriptionConfiguringtheUIOProxyOracleAdaptiveAccessManagerProxy6-25Table6–15FiltersDefinedinanInterceptorFilternameAttributesDescriptionAddHeaderenabled,name,valueAddsthespecifiedheaderwithagivenvaluetorequest/response.
Theheadernameshouldbeterminatedbyacolon(":").
Example:SaveHeaderenabled,name,variableSavesthespecifiedrequest/responseheadervalueinthegivenproxyvariable.
Theheadernameshouldbeterminatedbyacolon(":").
Example:RemoveHeaderenabled,nameRemovesthespecifiedheaderfromrequest/response.
Theheadernameshouldbeterminatedbyacolon(":").
Example:AddParamenabled,name,valueAddsarequestparameterwithaspecifiednameandvalue.
Example:SaveParamenabled,name,variableSavesthespecifiedrequestparametervalueintothegivenproxyvariable.
Example:AddRequestCookieenabled,name,valueAddsthespecifiedcookiewithagivenvaluetorequestExample:SaveRequestCookieenabled,nameSavesthespecifiedrequestcookievalueinthegivenproxyvariableAddResponseCookieenabled,nameAddsthespecifiedcookiewithagivenvaluetoresponseExample:SaveResponseCookieenabled,nameSavesthespecifiedresponsecookievalueinthegivenproxyvariable.
Example:ConfiguringtheUIOProxy6-26OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerSaveHiddenFieldsenabled,form,variable,save-submit-fieldsSavesallthehidden,submitfieldsvalue,inthegivenformiftheformnameisspecifiedtothegivenproxyvariable.
Tonotsavesubmitfields,setsave-submit-fieldsattributetofalse.
Example:AddHiddenFieldsParamsenabled,variableAddsrequestparametersforeachhiddenfieldsavedinthevariable.
Example:SetVariableenabled,name,valueSetstheproxyvariablewiththegivennametothespecifiedvalue.
Example:UnsetVariableenabled,nameRemovestheproxyvariablewiththegivenname.
Example:ClearSessionenabled,nameRemovesallsessionvariablesinthecurrentsession.
Example:SaveQueryParamenabled,name,variableSavesthespecifiedqueryparameterinthegivenproxyvariable.
Example:SaveRequestenabled,variableSavestheentirerequestcontentinthegivenproxyvariable.
Thisincludesallheadersandthebody,ifpresent.
Example:SaveResponseenabled,variableSavestheentireresponsecontentinthegivenproxyvariable.
Thisincludesallheadersandbody,ifpresent.
Example:Table6–15(Cont.
)FiltersDefinedinanInterceptorFilternameAttributesDescriptionConfiguringtheUIOProxyOracleAdaptiveAccessManagerProxy6-276.
6.
1.
4FilterExamples-ProcessStringFindthesub-stringbetweenthegivenstart-tagandend-taginthesourcestring,extractthesub-stringfoundandsaveextractedsub-stringinthegivenvariable.
Theactionof'extract'willextractthefirstmatchingstart-tagandend-tagpair.
Findthegivensearch-stringinthesourcestring,replaceitwiththereplacestringandsavetheupdatedstringinthegivenvariable.
Youcanalsousethecountattributetospecifybehaviorincasetherearemultiplematches.
Theattribute'count'cantakevaluesall,onceoranumber.
ProcessStringenabled,source,find,action,count,search-str,start-tag,end-tag,ignore-case,replace,encodingThisfiltercanbeusedtoextractasub-stringfromastring(suchasrequest,responsecontents)andsaveittoaproxyvariable.
Thisfiltercanalsobeusedtodynamicallyformatstrings.
Thefindattributehastwovalues:stringandsub-string.
Itdefinesthefindmodeasapplyingtotheentirestringortosub-string.
Thesub-stringisdefinedbythestart-tagandend-tag.
Ifthefindvalueissub-string,thenonlystart-tagandend-tagvaluesareused;otherwise,theyareignored.
Theactionattributehas3values:extract,replaceandeval.
Thevalueof'extract'meansitwillcopythecontentbracketedbystart-tagandend-tagovertothevariable.
Thevalueofreplaceisusedtoperformafindandreplaceoperation.
evalisusedtofindandevaluatethevariableinline.
Theattributeencodingisoptionalandcantakeavalueofbase64ifyouwanttheresultingstringtobebase64encoded.
ThisattributeissupportedonlyonUIOApacheProxy.
SeethefollowingexamplesinSection6.
6.
1.
4,"FilterExamples-ProcessString"onhowtousethisfilter.
FormatStringenabled,variable,format-str,encoder,param-0,param-1,…,param-nThisfilterprovidesfunctionalitysimilartothesprintf()Clibraryfunction:tostoreaformattedstringinavariable.
Optionally,thestringstoredinthevariablecanbeencodedinbase64format.
RefertotheexampleinSection6.
6.
1.
5,"FilterExamples-FormatString"onusingthisfiltertocreateaHTTPBasicAuthenticationheader.
FormatStringisnotsupportedintheUIOApacheProxy.
AsitProcessStringprovidesalltherequiredfunctionality.
Table6–15(Cont.
)FiltersDefinedinanInterceptorFilternameAttributesDescriptionConfiguringtheUIOProxy6-28OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManageraction="replace"replace="$TRACE_ID"variable="%POST_URL"/>Findthesub-stringbetweenthegivenstart-tagandend-taginthesourcestring,replaceit(includingthestartandendtags)withtheevaluatedvalueofthesubstringfoundandsavetheupdatedstringinthegivenvariable.
Youcanusetheattributecounttospecifythebehaviorincaseofmultiplematches.
Thisattributecantakethevalueof'all','once'oranumber.
Youcanspecifytheattributeignore-caseastrueorfalseanditcanbeappliedtoanyoftheaboveexamplesandaccordinglythesearchoperationwillbecasesensitiveornot.
Youcanspecifyencodingattributeoptionallyanditwillencodetheresultingstringbeforestoringintothevariable.
Thisattributecantakeonlybase64value.
Ifyoudonotspecifythisattributethentheresultingstringisstoredasis.
TheencodingattributeissupportedonlyonUIOApacheProxy.
OnUIOISAProxyyouwillhavetouseFormatStringifyouwanttoencodetheresultinbase64.
6.
6.
1.
5FilterExamples-FormatStringHereisanexampletocreateaHTTPBasicAuthenticationresponseheaderinvariable$AuthHeaderValue,usingtheusername/passwordinvariables%useridand%password:6.
6.
1.
6ActionsAninterceptorcanoptionallyperformoneofthefollowingactionsafterexecutingallthefilters.
Nofurtherinterceptorswillbeattemptedafterexecutinganaction.
redirect-clientOftentheproxywouldneedtoredirecttheclienttoloadanotherURL;redirect-clientistheactiontouseinsuchcases.
Theproxywillsenda302HTTPresponsetorequesttheclienttoloadthespecifiedURL.
Ittakeshas2attributes:urlwhichcontainstheURLtowhichtheproxyshouldre-directtheuseranddisplay-urlwhichisoptional.
Ifthedisplay-urlattributeisspecifiedintheinterceptor,theproxywillsendaHTTP302responsetothebrowsertoloadtheURLspecifiedindisplay-urlattribute.
Whentheproxyreceivesthisrequest,itwillperformaHTTP-GETontheservertogettheURLspecifiedintheurlattribute.
ConfiguringtheUIOProxyOracleAdaptiveAccessManagerProxy6-29send-to-clientOftenaresponsefromtheserverwouldhavetobesavedintheproxyandsenttotheclientlaterafterperformingafewotherHTTPrequests;send-to-clientistheactiontouseinsuchcases.
Theproxywillsendtheclientthecontentsofspecifiedvariable.
Ithastwoattributes:htmlwhichcontainsthevariablethathasthesavedcontentthatyouwantsendbacktotheuserandoptionalattributedisplay-url.
Ifthedisplay-urlattributeisspecifiedintheinterceptor,theproxywillsendaHTTP302responsetothebrowsertoloadtheURLspecifiedindisplay-urlattribute.
Whentheproxyreceivesthisrequest,itwillsendtheresponsespecifiedintheinterceptor.
get-serverSometimestheproxywouldneedtogetaURLfromtheserver;get-serveristheactiontouseinsuchcases.
TheproxywillsendaHTTP-GETrequestforthespecifiedURLtotheserver.
Ithastwoattributes:urlwhichistheURLtoperformthegetonandthedisplay-urlwhichisoptional.
Ifthedisplay-urlattributeisspecifiedintheinterceptororifthisactionisspecifiedinaresponseinterceptor,theproxywillsendaHTTP302responsetothebrowser.
WhentheproxyreceivesthisrequestitwillperformaHTTP-GETontheservertogettheURLspecifiedintheurlattribute.
post-serverSometimestheproxywouldneedtoposttoaURLintheserver;post-serveristheactiontouseinsuchcases.
TheproxywillsendaHTTP-POSTrequestforthespecifiedURLtotheserver.
Ithastwoattributes:urlthathastheURLtowhichthepostneedstobesentandoptionaldisplay-url.
Ifdisplay-urlattributeisspecifiedintheinterceptororifthisactionisspecifiedinaresponseinterceptor,theproxywillsendaHTTP302responsetothebrowser.
WhentheproxyreceivesthisrequestitwillperformaHTTP-POSTtotheservertotheURLspecifiedintheurlattribute.
send-to-serverIncertainsituationstherequestfromtheclientneedstobesavedintheproxyandsenttotheserverlaterafterperformingafewotherHTTPrequests;send-to-serveristheactiontouseinsuchcases.
Theproxywillsendthecontentsofthespecifiedvariabletotheserver.
Ithastwoattributes:htmlwhichcontainsthevariablethathasthesavedcontentandtheoptionaldisplay-urlattribute.
Ifthedisplay-urlattributeisspecifiedintheinterceptor,thentheproxywillsendoutaHTTP302redirectresponsetothebrowser.
Thiswillcausethebrowsertorequestforthedisplay-urlandthentheproxywillsendoutthesavedrequesttotheserver.
Ifyouusethisactioninaresponseinterceptor,thendisplay-urlismandatory;withoutthis,theactionwillfail.
6.
6.
1.
7VariablesTheproxyvariablescanstorestringdataintheproxymemory.
Variablescanbeusedinconditions,filtersandactions.
Forexample,SaveHeaderfiltercanbeusedtosavethevalueaspecificheaderinthegivenproxyvariable.
Thisvariablevaluecouldlaterbeused,forexample,toaddaparametertotherequest.
Variablescanalsobeusedinconditionstodeterminewhethertoexecuteaninterceptorornot.
ConfiguringtheUIOProxy6-30OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerTheproxyvariablesareof3types,dependinguponthelifespanofthevariable.
Thetypeofvariableisdeterminedbythefirstletterofthevariablename,whichcanbeoneof:AlltypesofvariablescanbesetusingfilterslikeSetVariable,SaveHeader,SaveParam,SaveResponse,andotherfilters.
Alltypesofvariablescanbeunset/deletedbytheUnsetVariablefilter.
TheClearSessionfiltercanbeusedtoremoveallsessionvariables.
RequestvariablesRequestvariables:thesevariablenamesstartwith%.
Thesevariablesareassociatedwiththecurrentrequestandaredeletedatthecompletionofthecurrentrequest.
Requestvariablesareusedwherethevalueisnotneededacrossrequests.
SessionvariablesSessionvariables:thesevariablenamesstartwith$.
Thesevariablesareassociatedwiththecurrentproxysessionandaredeletedwhentheproxysessioniscleanedup.
Sessionvariablesareusedwherethevalueshouldbepreservedacrossrequestsfromaclient.
GlobalvariablesGlobalvariables:thesevariablenamesstartwith@.
Thesevariablesareassociatedwiththecurrentproxyconfigurationandaredeletedwhentheproxyconfigurationisunloaded.
Globalvariablesareusedwherethevalueneedstobepreservedacrossrequestsandacrossclients.
GlobalvariablescanbesetattheproxyconfigurationloadtimeusingSetGlobalintheconfigurationfile.
IntheUIOISAProxy,globalvariablescanalsobesetbyaddingregistryvaluesunderkeyHKLM\Software\Bharosa\Proxy\Globals.
Thenameofeachentryunderthiskeyshouldbethevariablename,startingwith@.
Andthedataoftheentryshouldbethevalueofthevariable.
Theregistry-typeofthevaluecanbeREG_DWORD,REG_SZorREG_EXPAND_SZ.
Pre-definedvariablesTheUIOProxysupportsthefollowingpre-definedrequestvariables:Table6–16Pre-definedVariablesSupportedbytheUIOProxyVariablenameDescription%RESPONSE_CONTENTThisvariablecontainsthecontentsoftheentireresponsefromtheWebserverforthecurrentrequest.
FortheUIOApacheProxy,%RESPONSE_CONTENThasbeendeprecated.
PleaseuseSaveResponse,SaveHeader,SaveResponseCookie,andReplaceTextfiltersinstead.
%REQUEST_CONTENTThisvariablecontainsthecontentsoftheentirerequestfromtheclient.
FortheUIOApacheProxy,%REQUEST_CONTENThasbeendeprecated.
YoucanuseSaveRequest,SaveHeader,andSaveRequestCookiefiltersinstead.
%QUERY_STRINGThisvariablecontainsthequerystring,startingwith,forthecurrentrequestURL.
%REQUEST_METHODHTTPmethodverbfortherequest:GET,POST,andsoon.
%REMOTE_HOSTHostnameoftheclientoragentoftheclient.
(FortheUIOApacheProxy,youneedtoenablethehostnamelookupbyusingtheApachedirective'HostnameLookupsOn'.
)ConfiguringtheUIOProxyOracleAdaptiveAccessManagerProxy6-316.
6.
1.
8ApplicationAsingleproxyinstallationcanbeusedtoprovidemultifactorauthenticationformultipleWebapplicationthatruninoneormoreWebservers.
IntheUIOProxyconfiguration,anapplicationisagroupingofinterceptorsdefinedforasingleWebapplication.
Requestandresponseinterceptorscanbedefinedoutsideofanapplicationintheproxyconfigurationfile.
Theseinterceptorsarecalled"global"interceptorsandwillbeevaluatedandexecutedpriortotheinterceptorsdefinedintheapplications.
6.
6.
2InterceptionProcessAnHTTPmessagesconsistofrequestsfromtheclienttoserverandresponsesfromtheservertoclient.
HTTPistransactionoriented.
Arequestfromclienttoserverwillhaveasingleresponsefromtheservertoclient.
Therequesthasasetofheadersfollowedby,optionally,arequestbody.
Similarlytheresponsehasheadersand,optionally,abody.
Sincetheproxyissittinginbetweentheclientandthetargetapplication,itcanmodifytherequestheaders,bodyandresponseheadersandbodyofanyHTTPrequest,usingtheconfigurationXML.
Notethataresponsecouldbeanormal200OKresponseoritcouldbearedirectresponse302oranyotherHTTPstatusresponse.
Inallthesecases,theresponseisforthatrequestandwilltriggertheresponseinterceptorsforthesamerequest.
Anexample,iftherequestisfortheURL/doLogin.
do,andtheresponseisaredirect(302)withthelocationof/loginPage.
jspthenalltherequestandresponseinterceptorswillbetriggeredfortheURL/doLogin.
do.
ThenextHTTPrequestisaHTTPGETon/loginPage.
jspandthiswillcausealltherequestandresponseinterceptorsfor/loginPage.
jsptobetriggered.
Whenarequestarrives,theproxyevaluatesrequestinterceptorsdefinedfortheURLintheordertheyaredefinedintheconfigurationfile.
SimilarlywhenonreceivingresponsefromtheWebserver,theproxyevaluatesresponseinterceptorsdefinedfortheURLoftheHTTPrequestintheorderdefinedintheconfigurationfile.
Iftheconditionsinaninterceptorevaluatetotrue,theproxywillexecutethatinterceptori.
e.
executethefiltersandaction.
Afterexecutinganinterceptor,theproxywillcontinuewiththenextinterceptoronlyifthefollowingconditionsaremet:noactionisspecifiedforthecurrentinterceptorpost-exec-actionattributeforthecurrentinterceptoriscontinueItishighlyrecommendedthatthepost-exec-actionattributebespecifiedforinterceptorsthatdonotdefineanaction.
Forglobalinterceptors(forexample,theinterceptorsdefinedoutsideofanyapplication),thedefaultvalueofpost-exec-actionattributeiscontinue.
Thestop-phase-interceptvalueofpost-exec-actiononarequestinterceptorstopstherequestinterceptionbutcontinueswithresponseinterceptionwhilestop-interceptstopstheinterceptioncompletelyforthatrequest.
Fornon-globalinterceptors,thedefaultvalueiscontinueifnoactionisspecifiedandstop-phase-interceptifanactionisspecified.
%REMOTE_ADDRIPaddressoftheclientoragentoftheclient.
%HTTP_HOSTThecontentofHTTPHostheader%URLURLforthecurrentrequestTable6–16(Cont.
)Pre-definedVariablesSupportedbytheUIOProxyVariablenameDescriptionConfiguringtheUIOProxy6-32OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerAsmentionedearliertheproxyconfigurationcancontainmultipleapplications.
WhilefindingthelistofinterceptorstoevaluateforaURL,onlythefollowinginterceptorsareconsidered:globalinterceptorsthataredefinedoutsideofanyapplicationinterceptorsdefinedintheapplicationassociatedwiththecurrentsessionEachsessionwillbeassociatedwithatmostoneapplication.
Ifnoapplicationisassociatedwiththecurrentsession(yet)whentheproxyfindsaninterceptorinanapplicationfortheURL,itwillassociatetheapplicationwiththecurrentsession.
Ifthecurrentsessionalreadyhasanapplicationassociated,andifnointerceptorisfoundinthatapplicationfortheURL,theproxywillthenlookforinterceptsinotherapplications.
IfaninterceptorisfoundinanotherapplicationfortheURL,anewsessionwillbecreatedandtherequestwillbeassociatedwiththenewsession.
6.
6.
3ConfiguringRedirectiontotheOracleAdaptiveAccessManagerServerInterfaceTheUIOProxyredirectstheusertoOAAMServerpagesatappropriatetimes,forexampletocollectthepasswordusingOAAMServer,torunriskrules.
HTTPheadersareusedtoexchangedatabetweentheUIOProxyandOAAMServer.
ThefollowingtablelistsOAAMServerpagesreferencedintheproxyconfigurationalongwiththedetailsofHTTPheadersusedtopassdata.
Italsoliststheexpectedactiontobetakenbytheproxyonthegivenconditions.
Table6–17OAAMServerInterfaceURLConditionActionAnyrequesttoOAAMServerpageOnreceivingrequestSetheader"BharosaAppId".
OAAMServerwillusethisheadervaluetoselectappropriatecustomizations(UI,rules,andelements).
loginPage.
jsporlogin.
doOnreceivingrequesttoapplicationloginpageRedirecttothisURLtousetheOracleAdaptiveAccessManagerloginpageinsteadoftheapplication'sloginpage.
password.
doResponsecontainsheadersuserid,password(couldbemoredependingupontheapplication)SavethecredentialsfromtheresponseheadersandposttotheapplicationToputanURLwithan"&"intoatargetactionsothatthexmlparserdoesnothaveanerror,youmustescapeit:&login.
doPhase-1only:Aftervalidatingthecredentialsenteredbytheuser.
RedirecttothisURLtoupdatethestatusinOracleAdaptiveAccessManagerandrunappropriateriskrules.
ConfiguringtheUIOProxyOracleAdaptiveAccessManagerProxy6-33login.
doPhase-1only:Onreceivingtherequest.
Set"userid"headertotheuseridenteredbytheuser.
Set"Login-Status"headertooneofthefollowing:success,wrong_password,invalid_user,user_disabled,system_error.
Setthe"OAAMServerPhase"headerto"one".
A""isacceptedinaURLspecifiedinatargetaction.
InatargetactionURL,youwouldhavethe""andanyparametersafteritSetting"Login-Status"tosuccesswillupdatethesessionstatusfortheuserinOAAMtosuccessandrunpost-authenticationrules.
wrong_password,invalid_user,user_disabled,system_errorwillupdatethesessionstatusinOAAMtothestatuspassedandtheuserwillbetakentotheloginpagewiththeappropriateerrormessagingupdateLoginStatus.
doPhase-2only:Aftervalidatingthecredentialsenteredbytheuser.
RedirecttothisURLtoupdatethestatusinOracleAdaptiveAccessManagerandrunappropriateriskrulesupdateLoginStatus.
doPhase-2only:OnreceivingrequestSet"Login-Status"headertooneofthefollowing:success,wrong_password,invalid_user,user_disabled,system_errorSetting"Login-Status"tosuccesswillupdatethesessionstatusfortheuserinOracleAdaptiveAccessManagertosuccessandrunpost-authenticationrules.
wrong_password,invalid_user,user_disabled,system_errorwillupdatesessionstatusinOracleAdaptiveAccessManagertothestatuspassedandtheuserwillbetakentotheloginpagewithappropriateerrormessagingupdateLoginStatus.
dochallengeUser.
doregisterQuestions.
douserPreferencesDone.
doResponseheader"Rules-Result"hasvalue"allow"TheOracleAdaptiveAccessManagerrulesevaluatedtopermitthelogin.
TheproxycanpermitaccesstotheprotectedapplicationURLsafterthispoint.
Table6–17(Cont.
)OAAMServerInterfaceURLConditionActionConfiguringtheUIOProxy6-34OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerregisterQuestions.
doResponseheader"Rules-Result"hasvalue"block"EithertheapplicationdidnotacceptthelogincredentialsortheOracleAdaptiveAccessManagerrulesevaluatedtoblockthelogin.
Theproxyshouldlogoffthesessionintheapplication,ifloginwassuccessful.
ThenaLoginBlockedmessageshouldbesenttothebrowser.
changePassword.
doResponsecontainsheaders"password","newpassword"and"confirmpassword"SavethepasswordsfromtheresponseheadersandposttotheapplicationloginFail.
doTodisplayerrormessageinOAAMServerpage,liketodisplayloginblockedmessageRedirecttothisURLwithappropriate"action"queryparameter,likeloginFail.
doaction=blockInmostcasescontrolisnotgiventotheproxyviaaresponseheaderinablocksituation.
Instead,theuseristakentothefollowingURLwithaqueryparameter"action"settotheerrorcode"block".
ThispresentstheuserwiththeOAAMServerloginpagewithamessagestatingthereasontheyarethere.
/error.
doaction=blockAlternativelyitispossibletogetthesameresultwiththefollowingURLs.
/loginFail.
doaction=block/loginPage.
jspaction=blocklogout.
doOncompletionofapplicationsessionlogoutRedirecttothisURLtologouttheOAAMServersessionlogout.
doOnreceivingresponseRedirecttoapplicationlogoutURLtologofftheapplicationsession,ifitisnotalreadyoffresetPassword.
doResponsecontainsheaders"newpassword"and"confirmpassword"SavethepasswordsfromtheresponseheadersandposttotheapplicationgetUserInput.
doResponsecontainsheaders"BH_UserInput"Savetheuserinputandtakeappropriateaction(likeposttoapplication,etc.
)changeUserId.
doOnreceivingrequestAdd"newUserId"headerchangeUserId.
doOnreceivingresponseRedirecttotheappropriateapplicationpageorsendbackthesavedapplicationresponseupdateForgotPasswordStatus.
doPhase-2only:Aftervalidatingtheforgot-password-credentialsenteredbytheuser.
RedirecttothisURLtoupdatethestatusinOracleAdaptiveAccessManagerandrunappropriateriskrules.
updateForgotPasswordStatus.
doPhase-2only:OnreceivingrequestSet"BH_FP-Status"headertooneofthefollowing:success,wrong_password,invalid_user,user_disabled,system_error.
Table6–17(Cont.
)OAAMServerInterfaceURLConditionActionApplicationDiscoveryOracleAdaptiveAccessManagerProxy6-356.
7ApplicationDiscoveryTwoflagsinthesettingsareusedforapplicationdiscovery.
OneflaginstructstheproxytoignoreitsconfigurationXMLandactasareverse-proxyonly.
TheotherflaginstructstheproxytocapturealltheHTTPtrafficandprintittothelogs.
ThefirstflagisusedforapplicationdiscoverytocapturetheHTTPtrafficandanalyzeit.
ThesecondflagwouldbekeptonduringtheconfigurationXMLdevelopmentphasetodebugtheconfigurationXMLitself.
ApplicationdiscoveryistheprocessofstudyinganexistingWebapplicationtoauthortheproxyconfigurationtoaddmultifactorauthenticationusingtheUIOProxy.
AfewloginsattemptstotheapplicationwouldbemadeviatheproxytocapturetheHTTPtrafficineachattempt.
ThecapturedHTTPtrafficwouldthenbeanalyzedtoauthortheproxyconfiguration.
TheUIOProxyshouldbesetuptodumpalltheHTTPtraffictoafile.
Thenafewlogins/loginattemptstotheapplicationshouldbemadeviatheproxy.
ThecapturedHTTPtrafficshouldthenbeanalyzedtoauthortheproxyconfiguration.
6.
7.
1ApplicationInformationFortheapplicationdiscoveryprocessitispreferabletoworkwiththeWebapplicationinthecustomer'stestenvironment,ratherthantheproductionapplicationbeingusedbyusers.
Ifthetestenvironmentisnotavailable,theliveapplicationcanbeused.
Thefollowinginformationisneededfromtheclientfortheapplicationdiscoveryprocess:1.
URLtologintotheapplication.
2.
Testuseraccountcredentials,includingthedatarequiredintheforgotpasswordscenario.
Itwillbebesttogetasmanytestaccountsaspossible,preferablyatleastfiveaccounts,foruninterrupteddiscoveryandtesting.
Notethatduringthediscoveryprocesssomeaccountscouldbecomedisabled,duetomultipleinvalidloginattempts.
updateForgotPasswordStatus.
dochallengeForgotPasswordUser.
doResponseheader"BH_FP-Rules-Result"hasvalue"allow"TheOracleAdaptiveAccessManagerrulesevaluatedtopermittheforgot-passwordflow.
Theproxycanpermitcontinuationtotheforgot-passwordflowtoresetthepasswordorallowtheuserlogin,dependingontheapplication.
updateForgotPasswordStatus.
dochallengeForgotPasswordUser.
doResponseheader"BH_FP-Rules-Result"hasvalue"block"Eithertheapplicationdidnotaccepttheforgot-passwordcredentialsortheOracleAdaptiveAccessManagerrulesevaluatedtoblocktheforgot-passwordflow.
Aloginblockedmessageshouldbesenttothebrowser.
AnyrequesttoOAAMServerpageIftheproxyneedstogetapropertyvaluefromOAAMServer.
Onreceivingrequest"BH_PropKeys"requestheadershouldbesettolistofpropertynames(separatedbyacomma).
OAAMServerwillreturnthevaluesinmultipleresponseheaders,oneforeachproperty.
Thereturnresponseheadernameswillbeofformat:"BH_Property-"Table6–17(Cont.
)OAAMServerInterfaceURLConditionActionApplicationDiscovery6-36OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager3.
Contact(phone,email)toenable/resettestaccounts6.
7.
2SettingUptheUIOISAProxyTheMicrosoftISAservershouldbesetuptopublishtheWebapplicationunderdiscovery,forexample,creatingaWebsitepublishingrulewithappropriateparameters.
Duringtheapplicationdiscoveryprocess,theapplicationwillbeaccessedviaMicrosoftISA,whichhoststheUIOISAProxy.
RefertotheMicrosoftISAconfigurationdocumentfordetailsofsettingupMicrosoftISA.
TheUIOISAProxysettings(registryvaluesunderHKLM\SOFTWARE\Bharosa\Proxykey)shouldbesetasgiveninTable6–18fortheproxytocapturetheHTTPtraffictothespecifiedfile.
ThisHTTPtrafficcapturedwilllaterbeusedforanalysistoauthortheproxyconfiguration.
ItmightbeusefultocapturetheHTTPtrafficforeachscenario(forexample,successfulloginattempt,wrongpassword,wrongusername,disableduser,andotherscenarios)inseparatefiles.
TraceFilenamesettingshouldbeupdatedtothedesiredfilenamebeforethestartofthescenario.
Afterapplicationdiscoveryisperformed,theproxysettingsshouldbesetasgiveninTable6–19torestorethedefaultUIOISAProxybehavior.
6.
7.
3SettingUptheUIOApacheProxyForapplicationdiscovery,theHTTPtrafficneedstobecapturedthroughtheproxy.
Table6–20showsthesettings(inUIO_Settings.
xml)toenablethismodeofoperation.
Table6–18SettinguptheproxySettingValueIgnoreUrlMappings1CaptureTraffic1TraceFilenameTraceLevel0x87TraceToFile1Table6–19ProxysettingsafterapplicationdiscoverySettingValueIgnoreUrlMappings0CaptureTraffic0TraceFilenameTraceLevel0x7TraceToFile1Table6–20SettingsforCapturingHTTPSettingsValueIgnoreUrlMappings1CaptureTraffic1ApplicationDiscoveryOracleAdaptiveAccessManagerProxy6-37TheIgnoreUrlMappingssettingisusedtodisableURLinterceptionoftheHTTPtrafficthroughtheproxy.
TheCaptureTrafficsettingcapturestheHTTPtrafficthroughtheloggernameHTTPsettologlevelofinfo.
ItmightbeusefultocapturetheHTTPtrafficforeachscenario(likesuccessfulloginattempt,wrongpassword,wrongusername,disableduser,andsoon)inseparatefiles.
Thelogfilenamesettingshouldbeupdatedtothedesiredfilenamebeforethestartofthescenario.
Afterapplicationdiscoveryisperformed,theproxysettingsshouldbeset,asshowninTable6–21,torestorethedefaultUIOApacheProxybehavior.
6.
7.
4ScenariosCollectinformationforthefollowingscenariosduringthediscoveryprocess.
YoumustcreateinterceptorsintheTestConfig.
xmlfilethatlookforcertainURLsandconditionsintheHTTPtraffic.
TheproxylistenstotheHTTPtrafficandwhenitseesaURLthatmatchesaURLinitsTestConfig.
xmlfile,itevaluatestheinterceptorsthathaveaURLmatchanditevaluatestheconditionsblockintheinterceptor.
Iftheymatch,theUIOProxyexecutesthefilterblockandconditionblock.
Login1.
URLthatstartstheloginprocess2.
URLthatcontainstheloginform3.
Namesoftheinputfieldslikeusername,passwordusedtosubmitthecredentials4.
URLtowhichtheloginformsubmitsthecredentials5.
Identifyingsuccessfullogin.
TheHTTPtrafficdumpneedstobestudiedcarefullytoderivethisinformation.
Herearefewwaysapplicationsrespondonsuccessfullogin:a.
bysettingaspecificcookieinthecredentialsubmitresponseb.
byredirectingtoaspecificURL(likeaccountsummary,Welcomepage,andsoon)c.
byrespondingwithspecifictext6.
Identifyingfailureloginwiththereasonforfailure.
Thiswouldoftenbederivedbylookingforcertaintextintheresponsetocredentialsubmitrequest.
Logout1.
URLthatstartsthelogoutprocess2.
URLthatcompletesthelogoutprocess.
InmostcasesthelogoutcompletesonreceivingtheresponsetothelogoutstartURL.
Changepassword1.
URLthatstartsthechangepasswordprocessTable6–21SettingstorestoredefaultproxybehaviorSettingsValueIgnoreUrlMappings0CaptureTraffic0Samples6-38OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager2.
URLthatcontainsthechangepasswordform3.
Namesoftheinputfieldslikepassword,new-password,confirm-passwordusedtosubmitthechangepasswordrequest4.
URLtowhichthechangepasswordformsubmitsthepasswords5.
Identifyingthestatus(success/failure)ofthechangepasswordrequest.
Thiswouldoftenbederivedbylookingforcertaintextintheresponse.
ResetpasswordFollowsthesameprocessasChangepassword.
ChangeLoginId1.
URLtowhichthelogin-idchangeispostedtotheapplication2.
Namesoftheinputfieldslikenew-loginusedtosubmitthechangepasswordrequest.
3.
Identifyingthestatus(success/failure)ofthechangelogin-idrequest.
Onsuccessfulchangelogin-idrequest,thechangeUserId.
dopageinOAAMServershouldbecalledtoupdatethelogin-idintheOracleAdaptiveAccessManagerdatabase.
ForgotpasswordForgot-passwordoptionsprovidedbytheapplicationmustbereviewedforunderstanding.
Mostapplicationsaskforalternatewaystoidentitytheuser(accountnumber/PIN,SSN/PIN,question/answer,andotherways);someapplicationsprovidemorethanoneoption.
Someapplicationslettheuserresetthepasswordaftersuccessfullyenteringalternatecredentials;otherssendanewpasswordtotheuserbymail/email;andsomeotherapplicationswouldrequiretheusertocallcustomercare.
Foreachofthesupportedscenarios,thefollowingdatashouldbecaptured:1.
URLthatstartstheforgot-passwordprocess2.
URLthatcontainstheforgot-passwordform3.
NamesoftheinputfieldsandURLstosubmittheforgot-passwordrequest4.
Identifyingthestatus(success/failure)oftheforgot-passwordrequest.
6.
8SamplesTheproxyconfigurationtoaddmultifactorauthenticationtotheBigBankWebapplicationisshownbelow.
TheBigBankwebapplicationisasampleapplicationwhichshowsaloginflow.
TheexamplewilldemonstratetheintegrationoftheUIOProxyintotheloginflowofanapplication.
ForISAproxyuse:ForApacheproxyuse:Samples6-40OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerSamplesOracleAdaptiveAccessManagerProxy6-41SamplesOracleAdaptiveAccessManagerProxy6-43Samples6-44OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager6.
8.
1DescriptionsforInterceptorsDescriptionsofthevariousinterceptorsthataredefinedinthesampleconfigurationaresummarizedinTable6–22.
SamplesOracleAdaptiveAccessManagerProxy6-45Table6–22SampleConfigurationInterceptorsInterceptorIDTypeExplanationAddAppIdTobharosauioRequests-BigBankRequestSetheadersforallrequestsforOAAMServer.
InvokedbyanyrequesttoOAAMServer.
Phase1BigBankLoginPostRequestRequestGetloginIDfrompostparameters,setPhaseOne,saveuserID.
Invokedbyrequestfor/bigbank/login.
dowhenPhaseoneisenabled.
Phase2RedirectBigBankLoginPageRequestRequestRedirectloginpagefromapplicationtoOAAMServer.
InvokedwhenPhaseTwoisenabledandapplicationloginpageisrequestedPhase2BharosaLoginPageRequestRequestSetPhaseTwoandsavevariables.
InvokedbyrequestforOAAMServerlogin.
doPhase2PasswordPageResponseResponseSaveID/Passwordinheader,redirectclienttoBigBankloginpage.
InvokedbyresponsefromOAAMServer'spassword.
do.
GetBigBankLoginPageResponseResponseSaveallhiddenfieldsvalues,thenpostlogincredentialtoBigBank.
Invokedbyresponsefrom/bigbank/GetLoginPage.
InvalidLoginResponseResponseActionstotakewhengettinginvalidloginresponsefromBigBank.
WrongPasswordResponseResponseActionstotakewhengettingwrongpasswordresponsefromBigBank.
LoginSuccessResponseResponseActionstotakewhengettingloginsuccessresponsefromBigBank.
Phase1UpdateLoginStatusPageRequestRequestSetPhaseOneandaddheaders.
InvokedbyrequestforOAAMServertoupdatestatusaftergettingloginresponsefromBigBank.
Phase2UpdateLoginStatusPageRequestRequestAddheaderandupdateOAAMServerwithloginstatus.
Invokedbyrequestforoaam_server/updateLoginStatusPage.
AllowLoginResponseResponseSetvariablesanddirectclienttothenextpagetocontinuewiththelogin.
InvokedwhenreceivingloginsuccessresponsefromOAAMServer.
Phase1FailLoginResponseResponseSetloginstatusanddirectclienttonextpage.
InvokedinPhaseOnewhenBigBankfailedtheloginandtheresponsesentbackfromOAAMServer.
FailLoginResponseResponseSetloginstatusandredirectclienttotheOAAMloginblockpage.
InvokedwhenBigBankfailedtheloginandPhaseOneisnotenabled.
BlockLoginResponseResponseSetBlockstatusandredirectclienttoBigBankloginblockedpage.
InvokedwhenBigBankpassedloginbutOAAMServerdecidedtoblock.
LoginBlockedPageRequestRequestRedirectclienttoBigBanklogoutpage.
InvokedbyrequestforBigBankLoginBlockedpage.
Phase1LoginBlockedPageResponseResponseClearsessionandredirectclienttotheOAAMLoginBlockedpage,thenstopintercept.
UsedinPhaseOne,invokedbyresponsefromBigBankLoginBlockedpage.
Phase2LoginBlockedPageResponseResponseClearsessionandredirectclienttoOAAMLoginBlockedpage.
UsedwhenPhaseOneisnotenabled,invokedbyresponsefromBigBankLoginBlockedpage.
Samples6-46OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager6.
8.
2FlowforBigBankwithoutUIOProxyThefollowingistheflowoftheBigBankapplicationwithouttheUIOProxyforloginandlogout.
6.
8.
2.
1LoginTheLoginwithoutUIOProxyflowisshownbelow.
Figure6–3LoginFlow-WithoutUIOProxy6.
8.
2.
2LogoutTheLogoutwithoutUIOProxyflowisshownbelow.
LogoutPageResponseResponseRedirectclienttoBigBanklogoutpage.
InvokedbyresponsefromOAAMlogoutpage.
Phase1LogoffPageResponseResponseClearsessionwhengettingresponsefromBigBanklogoutpage.
UsedwhenPhaseOneenabled.
Phase2LogoffPageResponseResponseClearsessionwhengettingresponsefromBigBanklogoutpage.
UsedwhenPhaseTwoenabled.
Table6–22(Cont.
)SampleConfigurationInterceptorsInterceptorIDTypeExplanationSamplesOracleAdaptiveAccessManagerProxy6-47Figure6–4Logout-WithoutUIOProxy6.
8.
3FlowforFirst-timeUsertoLogInandLogOutofBigBankwithUIOProxyThissectionprovidesdetailsfortheflowsforfirsttimeuserswhologintotheBigBankapplicationthroughtheUIOProxy.
Theregularflow,includingtheloginphase,registrationphase/skipregistrationphase,andlogoutphase,andthedeviationflow(blocklogin)arecovered.
InterceptorsdefinedinConfigurexmlthatareusedineachstepintheflowwillbelisted.
Note:Fortheproxy,theonlymessagesshownareoneswhentheinterceptorsmatchrequest/response.
NormalmessagesthattheproxypassesbetweentheclientandOracleAdaptiveAccessManager/applicationareskippedtosimplifythescenario.
Theregularflow(fourphases)consistsofthelogin,registration,skipregistration,andlogoutphases.
Loginphase:Samples6-48OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerFigure6–5FlowforGettingLoginPage1.
ClientrequestsLoginpagefortheapplication(http://proxyhost:port/bigbank).
2.
Theproxyinterceptstherequest,andsetstheheaders.
Then,theproxyredirectstheclienttooaam_server/login.
do.
Therequestisinterceptedbytwointerceptors:AddAppIdTobharosauioRequests-BigBankandPhase2RedirectBigBankLoginPageRequest.
Note:AddAppIdTobharosauioRequests-BigBanksetstheHTTPheadersandvariables.
ItwillinterceptanyrequestfortheOAAMServerandtheproxywilltryotherinterceptorstoseeiftherearemorematchesafterthisinterceptor.
Phase2RedirectBigBankLoginPageRequestredirectstheclientfromtheBigBankLoginpagetooaam_server/login.
do.
3.
Theclientrequeststogetlogin.
doattheOAAMServer(http://proxyhost:port/oaam_server/login.
do).
4.
OAAMServerredirectstoJumppagetofingerprinttheclientdevice.
5.
OAAMServergetsfingerprintingfromtheclientbrowser.
6.
OAAMServerrespondsaftergettingthefingerprintwiththeLoginpage.
SamplesOracleAdaptiveAccessManagerProxy6-49Figure6–6OAAMServerrespondsaftergettingthefingerprintwiththeLoginpage7.
TheclientpoststheusernametotheOAAMServer(http://proxyhost:port/oaam_server/login.
do).
OtherthantheAddAppIdTobharosauioRequests-BigBankinterceptor,therequestisinterceptedattheproxybythePhase2BharosaLoginPageRequestinterceptor.
TheproxysetsWebUIOPhasetotwo.
8.
TheOAAMServerresponds.
9.
TheOAAMServergetsfingerprints.
10.
TheOAAMServerrespondsaftergettingfingerprints,withthePasswordCollectionpagewhichhasastrongauthenticationdevice.
Samples6-50OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerFigure6–7Fingerprintandpasswordcollection11.
TheclientsubmitsthepasswordtotheOAAMServer(http://proxyhost:port/oaam_server/password.
do)12.
TheOAAMServerresponds.
TheresponseisinterceptedbyPhase2PasswordPageResponse.
TheproxysavestheheaderswhichcontaintheLoginIDandthepasswordthathavebeencollectedbytheOAAMServersofarandredirectstheclientto/bigbank/GetLoginPage.
13.
TheproxyredirectstheclienttoGetLoginPage.
SamplesOracleAdaptiveAccessManagerProxy6-5114.
TheclientsendsarequesttoBigBankforGetLoginPage(http://proxyhost:port/bigbank/GetLoginPage).
15.
BigBanksendsbackaresponse.
TheresponseisinterceptedattheproxybyGetBigBankLoginPageResponse.
TheproxysavestheparametersandperformsaPost-serveractionfor/bigbank/login.
do.
ThisisthenormalauthenticationflowfortheBigBankapplication.
16.
Theproxyqueuestheinterceptorandredirectsclienttobigbank/login.
do.
17.
Theclientrequestsforlogin.
do(http://proxyhost:port/bigbank/login.
do).
18.
Therequestisinterceptedbytheproxy.
Theproxyexecutesthequeuedinterceptor(GetBigBankLoginPageResponse)andchangestherequestmethodfromGETtoPOST.
19.
BigBankresponds,redirecttheclienttoactivity.
do.
ThisisthenormalauthenticationflowfortheBigBankapplication.
20.
Theclientrequestsforactivity.
do(http://proxyhost:port/bigbank/activity.
do).
21.
BigBanksendsaloginsuccessresponse.
TheresponseisinterceptedattheproxybyLoginSuccessResponse.
Theproxysetstheloginstatustosuccessandperformsagetserveractionfor/oaam_server/updateLoginStatus.
do22.
TheproxyredirectstheclienttoupdateLoginStatus.
do.
23.
TheclientsendsarequesttoOAAMServertoupdatethestatushttp://proxyhost:port/oaam_server/updateLoginStatus.
do).
24.
OAAMServerdoesapostauthenticationcheckandreturnstheresult.
TheresponseisinterceptedattheproxybyAllowLoginResponse.
25.
Theproxytakesthesend-to-clientaction.
Itsetsthedisplay-urlvariablesothattheclientwillrequestthisURLafterreceivingtheresponse.
26.
TheclientsendsarequesttoOAAMServerforthefirst-timeusertogettheRegistrationpage(http://proxyhost:port/oaam_server/registerQuestions.
do).
27.
TheResponsepagehastwooptionsfortheusers:skipandregister.
RegistrationFlow(clientchoosestoregister):Samples6-52OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerFigure6–8Flowforfirst-timeusertoregisterquestions/answerswithOAAMServer28.
Theclientchoosestoregister(Posttohttp://proxyhost:port/oaam_server/registerQuestions.
do).
29.
OAAMServerrespondswithinstructions.
30.
TheclientclicksContinueontheinstructionpage.
(http://proxyhost:port/oaam_server/registerQuestions.
do).
31.
OAAMServerrespondswiththeQuestionpage.
32.
TheclientselectsQuestions/AnswersandsubmitsthemtotheOAAMServer(http://proxyhost:port/oaam_server/registerQuestions.
do).
33.
OAAMServerupdatestheinformationandresponds.
34.
Theproxyperformsasend-to-clienttotheNextpage.
TheresponseisinterceptedattheproxybytheAllowLoginResponseinterceptor.
TheproxytakesthesendstoClientactionbyspecifyingtheNextpageaftersuccessfulauthentication.
Theclientwillthenberedirectedtotheapplicationpageonthenextstep.
35.
TheclientrequeststheNextpagethroughtheproxy(http://proxyhost:port/bigbank/activity.
do).
36.
Theapplicationpage(activity.
do)issentbacktotheclientthroughtheproxy.
Thisiswheretheloginprocessends.
LogoutPhase:SamplesOracleAdaptiveAccessManagerProxy6-53Figure6–9FlowforuserstologoutofBigBank37.
TheclientclicksLogout(http://proxyhost:port/bigbank/logout.
do).
38.
Theapplicationsendsbackaresponseandredirectstheclienttobigbank/loginPage.
jsp.
TheresponseisinterceptedbyPhase2LogoffPageResponse,whichclearsthesessionvariables.
39.
TheclientrequestsfortheBigBankLoginpage(http://proxyhost:port/bigbank/loginPage.
jsp).
40.
TheproxyinterceptstherequestandredirectstheclienttoOAAMServer.
41.
TheclientmakesarequesttoOAAMServerforlogin.
do(http://proxyhost:port/oaam_server/login.
do).
42.
OAAMServerredirectstotheJumppagetofingerprinttheclientdevice.
43.
OAAMServerfingerprintstheclientbrowser.
44.
OAAMServerrespondsafterfingerprintingwiththeLoginpage.
SkipRegistrationphase:Clientchoosestoskipregistrationofquestions.
ThisphasehappensafterLoginphaseinregularflow.
Samples6-54OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerFigure6–10FlowoccursafteruserchoosestoskipregistrationwithOAAMServer45.
Theclientchoosestoskiptheregistration(Posttohttp://proxyhost:port/oaam_server/registerQuestions.
do).
46.
OAAMServerresponds.
47.
Theproxyinterceptstheresponseandredirectstheclient.
TheresponseisinterceptedbyAllowLoginResponse.
Theproxyusessend-to-clienttospecifythenextstepfortheclient.
48.
Theclientrequestsforthepagespecifiedbytheproxy(http://proxyhost:port/bigbank/activity.
do).
49.
TheBigBankapplicationsendsbackaresponse.
Deviationflow-Blocklogin:happenswhenOAAMServerdecidestoblockclientafterpostauthenticationcheck.
Thisflowreplacesstep15-19inloginphaseofregularflow.
SamplesOracleAdaptiveAccessManagerProxy6-55Figure6–11Deviationflow:userblockedbyOAAMServer50.
OAAMServerdecidestoblocktheuserafterpostauthenticationcheck.
TheresponseisaninterceptorbytheBlockLoginResponseinterceptor.
ThisinterceptorredirectstheclienttotheapplicationBlockpage:/bigbank/BlockLoginPage51.
TheproxyredirectstheclienttologinBlockPageofBigBank.
52.
TheclientrequestsforBigBankBlockLoginPage(http://proxyhost:port/bigbank/loginPage.
jspaction=block).
53.
TherequestisinterceptedbyLoginBlockedPageRequestbytheproxy.
Theproxyacceptstheget-serveractionfortheLogoutpage:/bigbank/logout.
do.
ThisactionendsthesessionatBigBank.
54.
Theapplicationresponds.
TheresponseisinterceptedbyPhase2LoginBlockedPageResponse.
TheproxyclearsthesessionandredirectstheclienttotheOAAMLoginBlockpage.
55.
TheproxyredirectstheclienttotheOAAMLoginBlockpage.
56.
TheclientrequeststheBlockpagefromOAAMServer(http://proxyhost:port/oaam_server/loginPage.
jspaction=block).
UpgradingtheUIOApacheProxy6-56OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager57.
OAAMServerrespondswithBlockedpage6.
9UpgradingtheUIOApacheProxyOracleAdaptiveAccessManagerpatchesmaycontainupdatesfortheUIOApacheProxyforMicrosoftWindowsandLinux(rhel4).
Followtheinstructionsinthischaptertoreplacethemod_uio.
soandrelated.
dlls(onMSWindows)and.
so(onLinux)librarieswiththosereleasedaspartofthispatchrelease.
6.
9.
1UIOApacheProxyPatchInstallationInstructionsInstallationofapatchissimilartoinstallingtheUIOProxypackage.
Apatchwillcontainonlythemodifiedfiles.
Itisgoodpracticetobackupallyourexistingfilessincethepatchwilloverwritesomeorallofthefiles.
Generalinstructionsaregivenbelow.
Apatchcontainsonlythemodifiedfiles;soifafileisnotavailableinthepatch,skipthatstep.
Thestepsaretobeperformedmanuallybythepatchinstaller.
ForbothMSWindowsandLinux:1.
ShutdowntheinstanceofApachethatyouareupdating2.
Backupexistingfiles:binary,.
rngand.
xmlfiles3.
Unzippatch_oaam_win_apache_uio.
zip(forWindows)orpatch_oaam_rhel4_apache_uio.
zip(forLinux),whicharelocatedintheoaam_uiodirectory.
4.
Copythebinaryfilesfromthepatch(additionallyonLinux,youneedtosetsoft-linksto.
sofilesappropriately).
5.
CopyUIO_Settings.
rngandUIO_Config.
rngfilesfromthepatch.
6.
CompareyourexistingUIO_Settings.
xmlandUIO_log4j.
xmlfileswiththosegiveninthepatchandverifythatyouhavethecorrectsettings.
Refertothesectionsthatapplytothispatchandensurethatyouhavethecorrectsettings.
ThesamealsoappliestoyourconfigurationXMLfiles.
7.
StartApacheandrunyoursanitytestsForWindows,–Thebinaryfilesare:mod_uio.
so,log4cxx.
dll,libxml2.
dll,apr_memcache.
dll(apr_memcache.
dllwasintroducedin10.
1.
4.
5.
bp1)–Theconfigurationfilesare:UIO_Settings.
rng,UIO_Config.
rng,UIO_Settings.
xml,UIO_log4j.
xmlandapplicationconfigurationXMLfilesForLinux,–Thebinaryfilesare:mod_uio.
so,liblog4cxx.
so.
0.
10.
0.
0,libxml2.
so.
2.
6.
32,libapr_memcache.
so.
0.
0.
1–Thebinaryconfigurationfilesare:UIO_Settings.
rng,UIO_Config.
rng,UIO_Settings.
xml,UIO_log4j.
xmlandapplicationconfigurationXMLfilesNote:EnsurethatyouareusingApachehttpd,version2.
2.
8withmod_ssl.
UpgradingtheUIOISAProxyServerOracleAdaptiveAccessManagerProxy6-576.
9.
2UIOApacheProxyPatchBackoutInstructionsRestorethefilesthatyouhadbackedupbeforeyouinstalledthepatch.
6.
10UpgradingtheUIOISAProxyServerToupgradetheUIOISAProxyServer:1.
StoptheMicrosoftISAServerwiththefollowingcommand:netstopfwsrv2.
BackupthecurrentUIOISAProxyServerDLL.
TheDLLshouldusuallybeat:%ProgramFiles%\MicrosoftISAServer\BharosaProxy.
dll.
3.
OverwritetheexistingDLLwiththeonefromthepatch.
4.
StartMicrosoftISAServerwiththefollowingcommand:netstartfwsrvUpgradingtheUIOISAProxyServer6-58OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerPartIIIPartIIICustomizationandExtensionsPartIIIcontainsthefollowingchapters:Chapter7,"OAAMExtensionsandSharedLibrarytoCustomizeOAAM"Chapter8,"CustomizingtheOAAMServer"Chapter9,"CustomizingUserFlowandLayout"Chapter10,"UsingVirtualAuthenticationDevices"Chapter11,"ImplementingOTPAnywhere"Chapter12,"ConfigurableActions"Chapter13,"DeviceRegistration"Chapter14,"ExtendingDeviceIdentification"Chapter15,"FlashFingerprinting"7OAAMExtensionsandSharedLibrarytoCustomizeOAAM7-17OAAMExtensionsandSharedLibrarytoCustomizeOAAMThechapterprovidesinformationonhowtocustomizeOracleAdaptiveAccessManagerbyusingtheOAAMExtensionsSharedLibrary.
Itcontainsthefollowingsections:OverviewAddCustomizationsUsingtheOAAMExtensionsSharedLibraryUser-DefinedEnumerations7.
1OverviewSharedlibrariesarecollectionsofprogramminganddatathatcanbeusedbymultipleapplications.
Theycanpermitapplicationstousememoryefficientlybysharingcommonprogrammingandresources.
YoucancustomizeOracleAdaptiveAccessManagerbyaddingcustomjarsandfilestotheOAAMExtensionsSharedLibrary.
TheOAAMExtensionsSharedLibrary,oracle.
oaam.
extensions.
war,islocatedinIAM_Home/oaam/oaam_extensions/generic.
ItisdeployedinboththeOAAMServerandOAAMAdminservers.
Bydefaultoracle.
oaam.
extensions.
warcontainstheMANIFEST.
MF,whichhasthedefinitionoftheOAAMExtensionsSharedLibrary.
7.
2AddCustomizationsUsingtheOAAMExtensionsSharedLibraryFollowthesestepstoaddcustomizationstoOracleAdaptiveAccessManager:1.
Ensurethepropertybharosa.
uio.
proxy.
mode.
flagissetasappropriate.
Thedefaultforthepropertybharosa.
uio.
proxy.
mode.
flagisfalse.
IfyouareusinganUIOproxydeployment,thepropertyshouldbesettotrue.
ToconfigurecustombrandingformultitenancywiththeOAAMProxy,thepropertybharosa.
uio.
proxy.
mode.
flagmustbesettotrue.
2.
Createaworkfoldercalledoaam_extensions.
Thefoldercanbecreatedanywhereaslongasitisoutsidetheinstallationfolder.
3.
Unziptheoracle.
oaam.
extensions.
warintotheworkfolder.
4.
Intheoaam_extensionsfolder,createthefollowingsubfolders:META-INFWEB-INFAddCustomizationsUsingtheOAAMExtensionsSharedLibrary7-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerWEB-INF\libWEB-INF\classes5.
IntheMETA-INFfolder,createafilenamedMANIFEST.
MFandensureitcontainsthefollowinglines:Extension-Name:oracle.
oaam.
extensionsSpecification-Version:99.
9.
9.
9.
9Implementation-Version:99.
9.
9.
9.
9Thespecificationversionandimplementationversionmustbemorethantheversionsinthefilecurrently.
Forexample,iftheimplementationversioninthefileis11.
1.
1.
3.
0,youcouldchangeitto99.
9.
9.
9.
9.
Errorsarethrowniftheverionisnotincremented.
6.
CompilecustomjavaclassesthatextendorimplementOracleAdaptiveAccessManagerclasses,addingthejarsfromthe$ORACLE_IDM_HOME\oaam\cli\libfoldertothebuildclasspath.
7.
AddthecustomJARfilestotheoaam_extensions\WEB-INF\libfolder.
Forexample,oaam_core.
jar.
8.
Addcustompropertiestoafilenamedbharosa_server.
propertiesandsaveitintheoaam_extensions\WEB-INF\classes\bharosa_propertiesdirectory.
InformationaboutenumsareprovidedinSection7.
3,"User-DefinedEnumerations.
"9.
AddcustomJSPstotheoaam_extensionsfolder.
10.
Rejaroracle.
oaam.
extensions.
warfromtheparentfolderofoaam_extensionsusingthecommand:jar-cvfmoracle.
oaam.
extensions.
waroaam_extensions\META-INF\MANIFEST.
MF-Coaam_extensions/.
11.
Stopallmanagedserversiftheyarerunning:MW_HOME/user_projects/domains/domain_name/bin/stopManagedWeblogic.
shoaam_admin_server1MW_HOME/user_projects/domains/domain_name/bin/stopManagedWeblogic.
shoaam_server_server112.
StarttheWebLogicServerwhereOracleAdaptiveAccessManagerisdeployedandlogintotheWebLogicAdministrationConsole.
13.
Deploytheneworacle.
oaam.
extensions.
warfileasasharedlibrarywithoaam_server_server1andoaam_admin_server1astargetapplications.
a.
NavigatetoDomainEnvironment>Deploymentsandlocktheconsole.
b.
ClicktheInstallbutton.
c.
Browsetothelocationoftheoracle.
oaam.
extensions.
warfileandselectitbyclickingtheoptionnexttotheWARfileandclickingNext.
d.
EnsureInstallthisdeploymentasalibraryisselectedandclickNext.
e.
Selectdeploymenttargets,oaam_admin_server1andoaam_server_server1.
f.
ClickNextagaintoacceptthedefaultsinthisnextpageandthenclickFinish.
User-DefinedEnumerationsOAAMExtensionsandSharedLibrarytoCustomizeOAAM7-3g.
ClicktheSavebuttonandthenActivateChanges.
h.
StarttheOAAMAdminandOAAMmanagedservers.
MW_HOME/user_projects/domains/domain_name/bin/startManagedWeblogic.
shoaam_admin_server1MW_HOME/user_projects/domains/domain_name/bin/startManagedWeblogic.
shoaam_server_server114.
Testthecustomfunctionalityandmakesurefilesaddedtooracle.
oaam.
extensions.
warareusedbyOracleAdaptiveAccessManagerapplications.
7.
3User-DefinedEnumerationsTooverrideanyOracleAdaptiveAccessManagerpropertiesorextendOracleAdaptiveAccessManager,addthosepropertiesandenumerationstobharosa_server.
propertiesandclient_resource_.
propertieswhenappropriate.
User-definedenumsareacollectionofpropertiesthatrepresentalistofitems.
Eachelementinthelistmaycontainseveraldifferentattributes.
Thedefinitionofauser-definedenumbeginswithapropertyendinginthekeyword".
enum"andhasavaluedescribingtheuseoftheuser-definedenum.
Eachelementdefinitionthenstartswiththesamepropertynameastheenum,andaddsonanelementnameandhasavalueofauniqueintegerasanID.
Theattributesoftheelementfollowthesamepattern,beginningwiththepropertynameoftheelement,followedbytheattributename,withtheappropriatevalueforthatattribute.
ThefollowingisanexampleofanenumdefiningcredentialsdisplayedontheloginscreenofanOAAMServerimplementation:bharosa.
uio.
default.
credentials.
enum=EnumforLoginCredentialsbharosa.
uio.
default.
credentials.
enum.
companyid=0bharosa.
uio.
default.
credentials.
enum.
companyid.
name=CompanyIDbharosa.
uio.
default.
credentials.
enum.
companyid.
description=CompanyIDbharosa.
uio.
default.
credentials.
enum.
companyid.
inputname=comapanyidbharosa.
uio.
default.
credentials.
enum.
companyid.
maxlength=24bharosa.
uio.
default.
credentials.
enum.
companyid.
order=0bharosa.
uio.
default.
credentials.
enum.
username=1bharosa.
uio.
default.
credentials.
enum.
username.
name=Usernamebharosa.
uio.
default.
credentials.
enum.
username.
description=Usernamebharosa.
uio.
default.
credentials.
enum.
username.
inputname=useridbharosa.
uio.
default.
credentials.
enum.
username.
maxlength=18bharosa.
uio.
default.
credentials.
enum.
username.
order=1User-DefinedEnumerations7-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager8CustomizingtheOAAMServer8-18CustomizingtheOAAMServerThischapterprovidesinformationoncustomizingtheclient-facingOAAMServerWebapplication.
TheOAAMUIOProxyoffersmultifactorauthenticationtoWebapplicationswithoutrequiringanychangetotheapplicationcode.
TheOAAMServerconfigurationisspecifictotheUIOProxydeployment.
Refertothearchitecturaldiagram(Figure8–1)forthecomponentsinvolved.
TheuserinterfaceprovidedbytheOAAMServerWebapplicationcanbeeasilycustomizedtoachievethelookandfeelofthecustomerapplications.
ThischapterisintendedforintegratorswhoinstallandconfigureOAAMServertosupportoneormoreWebapplicationauthenticationanduserregistrationflows.
Thischaptercontainsthefollowingsections:ArchitectureTipsforCustomizingtheOAAMServerWebApplicationOAAMPropertiesOverridingExistingUser-DefinedEnumsDisablingElementsCustomizingtheOAAMServerforMultipleApplicationsCustomizingtheAppearanceofOAAMServerQuestions/AnswersAboutUserInterfaceCustomizationArchitecture8-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager8.
1ArchitectureFigure8–1showstheUIOProxydeployment.
Figure8–1UniversalInstallationDeploymentTheOAAMServerproxyinterceptstheHTTPtrafficbetweentheclient(browser)andtheserver(Webapplication)andperformsappropriateactions,suchasredirectingtoOAAMServer,toprovidemultifactorauthenticationandauthorization.
OAAMServerinturncommunicateswithOAAMAdmintoassesstheriskandtakestheappropriateactions,suchaspermittingthelogin,challengingtheuser,blockingtheuser,andotheractions.
8.
2TipsforCustomizingtheOAAMServerWebApplicationAsyouplantocustomizethewebuserinterface,keepthefollowingpointsinmind:Whencustomizing,youoftencopyfilesthatareinstalledwithOAAMintoadirectoryinwhichyoucanmodifythem.
Bymodifyingfilesinthisdirectory,youpreventyourmodificationsfrombeingoverwrittenwhenthesoftwareisupgraded.
Whenconfiguringthewebapplication,usebharosa_server.
properties.
Thefileshouldcontain:–Client-configuredproperties(anypropertiesthathavebeencustomizedforaspecificdeployment)–UIOProxysystem/deviceconfigurations.
Thesepropertiesdealwiththestructuralchangesintheoverallapplication.
Itiswheretheheader,footer,andCSSpropertiesarelocated.
OAAMPropertiesCustomizingtheOAAMServer8-3Inthedeployedapplication,thebharosa_server.
propertiesfileislocatedintheweb-inf/classesdirectory.
WhenadaptingtheOAAMdeploymenttoaparticularlanguage,useclient_resource_.
propertieswhereisthelocalestringforwhichyouwishtousethecustomvalues(en,es,andothers).
Thefileshouldcontain–Client-configuredpropertiesthatareconfigurableforeachlocalebeingsupported.
isthelocalestringforwhichyouwishtousethecustomvalues(en,es,andothers).
–UIOProxymessagingandpagecontentconfiguration.
Forexample,pagetitles,linksatthebottomofthepages,pagemessages,errormessage,andconfirmationmessages.
Theclient_resource_.
propertiesiscreatedbytheadministratorcustomizingtheapplicationtocontainlocale-specificproperties.
Forinstructionsoncustomizing,extending,oroverridingOracleAdaptiveAccessManagerproperties,refertoChapter7,"OAAMExtensionsandSharedLibrarytoCustomizeOAAM.
"8.
3OAAMPropertiesYoucanmanagetheappearanceandbehaviorofOAAMusinguser-definedenumerations.
User-definedenumerationsareacollectionofpropertiesthatrepresentalistofitems.
Eachelementinthelistmaycontainseveraldifferentattributes.
Thedefinitionofauser-definedenumbeginswithapropertyendinginthekeyword".
enum"andhasavaluedescribingtheuseoftheuser-definedenum.
Eachelementdefinitionthenstartswiththesamepropertynameastheenum,andaddsonanelementnameandhasavalueofauniqueintegerasanID.
Theattributesoftheelementfollowthesamepattern,beginningwiththepropertynameoftheelement,followedbytheattributename,withtheappropriatevalueforthatattribute.
8.
3.
1EnumExampleThefollowingisanexampleofanenumdefiningcredentialsdisplayedontheloginscreenofanOAAMServerimplementation:bharosa.
uio.
default.
credentials.
enum=EnumforLoginCredentialsbharosa.
uio.
default.
credentials.
enum.
companyid=0bharosa.
uio.
default.
credentials.
enum.
companyid.
name=CompanyIDbharosa.
uio.
default.
credentials.
enum.
companyid.
description=CompanyIDbharosa.
uio.
default.
credentials.
enum.
companyid.
inputname=comapanyidbharosa.
uio.
default.
credentials.
enum.
companyid.
maxlength=24bharosa.
uio.
default.
credentials.
enum.
companyid.
order=0bharosa.
uio.
default.
credentials.
enum.
username=1bharosa.
uio.
default.
credentials.
enum.
username.
name=Usernamebharosa.
uio.
default.
credentials.
enum.
username.
description=Usernamebharosa.
uio.
default.
credentials.
enum.
username.
inputname=useridbharosa.
uio.
default.
credentials.
enum.
username.
maxlength=18bharosa.
uio.
default.
credentials.
enum.
username.
order=1Thissetofpropertiesdefinesoneuser-definedenumthatcontainstwoelements,eachofwhichwithfiveattributes.
The"name"and"description"attributesarerequiredtodefineanyuser-definedenum,otherattributesaredefinedandusedasneededbyeachindividualuseofauser-definedenum.
OverridingExistingUser-DefinedEnums8-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager8.
3.
2OverridingExistingUser-DefinedEnumsOverridingexistinguser-definedenumshassomespecialcases.
Youmayoverrideanyexistingenumelement'sattributevalueofthedefaultapplicationIDjustasyouwouldanyotherproperty,buttochangethevalueofanelement'sattributeinasingleapplicationusinganappId,youmustcreatetheentireenuminthatapplicationusingtheappropriateappId.
Forexample,usingtheUserDefinedEnumdefinedinSection8.
3.
1,"EnumExample,"ifyouwantedtochange"CompanyID"to"ProfileID"foronlyoneapplication(appId1),youwouldneedtomodifytheenum:bharosa.
uio.
appId1.
credentials.
enum=EnumforLoginCredentialsbharosa.
uio.
appId1.
credentials.
enum.
profileid=0bharosa.
uio.
appId1.
credentials.
enum.
profileid.
name=ProfileIDbharosa.
uio.
appId1.
credentials.
enum.
profileid.
description=ProfileIDbharosa.
uio.
appId1.
credentials.
enum.
profileid.
inputname=profileidbharosa.
uio.
appId1.
credentials.
enum.
profileid.
maxlength=20bharosa.
uio.
appId1.
credentials.
enum.
profileid.
order=0bharosa.
uio.
appId1.
credentials.
enum.
username=1bharosa.
uio.
appId1.
credentials.
enum.
username.
name=Usernamebharosa.
uio.
appId1.
credentials.
enum.
username.
description=Usernamebharosa.
uio.
appId1.
credentials.
enum.
username.
inputname=useridbharosa.
uio.
appId1.
credentials.
enum.
username.
maxlength=18bharosa.
uio.
appId1.
credentials.
enum.
username.
order=1Forinstructionsoncustomizing,extending,oroverridingOracleAdaptiveAccessManagerpropertiesorenums,refertoChapter7,"OAAMExtensionsandSharedLibrarytoCustomizeOAAM.
"8.
3.
3DisablingElementsTodisableanyalreadydefinedelementinauser-definedenum,simplyaddan"enabled"attributewithavalueof"false".
UsingtheappId1credentialsenumfromSection8.
4,"OverridingExistingUser-DefinedEnums,"youwouldaddthefollowinglinetoremove"ProfileID"fromtheelementsusedbytheapplication:bharosa.
uio.
appId1.
credentials.
enum.
profileid.
enabled=false8.
4OverridingExistingUser-DefinedEnumsOverridingexistinguser-definedenumshassomespecialcases.
Youmayoverrideanyexistingenumelement'sattributevalueofthedefaultapplicationIDjustasyouwouldanyotherproperty,buttochangethevalueofanelement'sattributeinasingleapplicationusinganappId,youmustcreatetheentireenuminthatapplicationusingtheappropriateappId.
Forexample,usingtheUserDefinedEnumdefinedinSection8.
3.
1,"EnumExample,"ifyouwantedtochange"CompanyID"to"ProfileID"foronlyoneapplication(appId1),youwouldneedtomodifytheenum:bharosa.
uio.
appId1.
credentials.
enum=EnumforLoginCredentialsbharosa.
uio.
appId1.
credentials.
enum.
profileid=0bharosa.
uio.
appId1.
credentials.
enum.
profileid.
name=ProfileIDbharosa.
uio.
appId1.
credentials.
enum.
profileid.
description=ProfileIDbharosa.
uio.
appId1.
credentials.
enum.
profileid.
inputname=profileidbharosa.
uio.
appId1.
credentials.
enum.
profileid.
maxlength=20bharosa.
uio.
appId1.
credentials.
enum.
profileid.
order=0bharosa.
uio.
appId1.
credentials.
enum.
username=1CustomizingtheOAAMServerforMultipleApplicationsCustomizingtheOAAMServer8-5bharosa.
uio.
appId1.
credentials.
enum.
username.
name=Usernamebharosa.
uio.
appId1.
credentials.
enum.
username.
description=Usernamebharosa.
uio.
appId1.
credentials.
enum.
username.
inputname=useridbharosa.
uio.
appId1.
credentials.
enum.
username.
maxlength=18bharosa.
uio.
appId1.
credentials.
enum.
username.
order=1Forinstructionsoncustomizing,extending,oroverridingOracleAdaptiveAccessManagerpropertiesorenums,refertoChapter7,"OAAMExtensionsandSharedLibrarytoCustomizeOAAM.
"8.
5DisablingElementsTodisableanyalreadydefinedelementinauser-definedenum,simplyaddan"enabled"attributewithavalueof"false".
UsingtheappId1credentialsenumfromSection8.
4,"OverridingExistingUser-DefinedEnums,"youwouldaddthefollowinglinetoremove"ProfileID"fromtheelementsusedbytheapplication:bharosa.
uio.
appId1.
credentials.
enum.
profileid.
enabled=false8.
6CustomizingtheOAAMServerforMultipleApplicationsMultitenancyreferstoaprincipleinsoftwarearchitecturewhereasingleinstanceofthesoftwarerunsonaserver,servingmultipleclientorganizations.
Withamultitenantarchitecture,eachclientorganizationfeelsasiftheyareworkingwithaseparatecustomizedapplicationinstance.
YoucanconfiguretheOAAMServertosupportoneormoreWebapplicationauthenticationanduserregistrationflows.
TheOAAMServerconfigurationisspecifictotheUIOProxydeployment.
TheOAAMUIOProxyoffersmultifactorauthenticationtoWebapplicationswithoutrequiringanychangetotheapplicationcode.
TheOAAMServerproxyinterceptstheHTTPtrafficbetweentheclient(browser)andtheserver(Webapplication)andperformsappropriateactions,suchasredirectingtoOAAMServer,toprovidemultifactorauthenticationandauthorization.
OAAMServerinturncommunicateswithOAAMAdmintoassesstheriskandtakestheappropriateactions,suchaspermittingthelogin,challengingtheuser,blockingtheuser,andotheractions.
CustomizingtheOAAMServerforMultipleApplications8-6OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerFigure8–2UniversalInstallationDeploymentTheUIOProxycanbeplacedinfrontofmultipleapplicationsandcustomizedtoworkwitheachoneasrequired.
Toensurethatacustomer'sdataisuniquefromthatofothercustomers,anApplicationIDfortheclientapplicationismappedtoanOrganizationID.
AnOrganizationIDidentifieswhattenantapplicationsauserutilizes.
TheinitialstepstoconfigureandcustomizeOAAMServerare:1.
DeterminetheapplicationIDofeachapplicationbeingsecured.
2.
Assigndefaultusergroupsforeachapplicationbeingsecured.
8.
6.
1DeterminingtheApplicationIDDeterminehowmanyapplicationsaretobeconfiguredandassigneachapplicationanApplicationID.
ThisApplicationIDisthesameoneusedtoconfiguretheProxy(seeChapter6,"OracleAdaptiveAccessManagerProxy").
Inmanycasesapplicationsarereferredtointernallybysomenameorabbreviation,soanintegratorconfiguringOAAMServermightwanttousethatname.
Foranexample,iftheclienthastwoapplications,onewholesalebankingapplicationandoneretailbankingapplication,theintegratormightchoosetousewholesaleandretailastheApplicationIDsforthetwoapplications.
ThisApplicationIDisthesameoneusedtoconfiguretheProxy(seeChapter6,"OracleAdaptiveAccessManagerProxy").
TheProxywillsendtheAppIdtoOAAMServerasneededviaanHTTPheader.
ThisAppIdisthenusedtodeterminewhichconfigurationisusedwhendisplayingpagestotheclient.
OAAMServerisconfiguredbyasetofpropertieswhichwillbediscussedinmoredetaillater.
CustomizingtheOAAMServerforMultipleApplicationsCustomizingtheOAAMServer8-7AnexampleofhowAppIdisusedtodefineapropertyintheOAAMserverisshown:bharosa.
uio.
appId1.
default.
user.
group=app1GroupThebold"appId1"isthelocationinthepropertywheretheAppIdisusedtoconfigureapplicationspecificvalues.
8.
6.
2DeterminingDefaultUserGroupsEachapplicationcanbeconfiguredtohaveauniquedefaultusergroup.
ThisisthegroupthatauserofthatapplicationwillbeassociatedwithastheirOrganizationIDwhentheuserisfirstcreatedintheOracleAdaptiveAccessManagerdatabase.
TheOrganizationIDisusedwhenauserattemptstologintotheapplicationanduserdataisloadedfromthedatabase.
AnexampleofhowOrganizationIDisusedinapropertydefinitionisshownasfollows:bharosa.
uio.
appId1.
default.
user.
group=app1Groupbharosa.
uio.
appId2.
default.
user.
group=app2GroupIntheexample,twoOrganizationIDsaredefinedtotwodifferentapplications.
TheapplicationwithanAppIdof"appId1"hasbeenassignedtheOrganizationIDof"app1Group"andtheapplicationwithanAppIdof"appId2"hasbeenassignedtheOrganizationIDof"app2Group".
8.
6.
3ConfiguringApplicationPropertiesAnapplicationinOAAMServerismadeupofagroupingorsetofproperties.
YoucanconfigureOAAMServerpropertiesonaglobalorapplicationspecificlevel.
OAAMServerpropertynamesareprefixedwithbharosa.
uio.
TheyarefollowedbytheApplicationIDordefaultifthesettingisglobal.
Propertydefinitionsthatstartwithbharosa.
uio.
defaultapplytoallApplicationIDsunlessoverriddenbyamorespecificvalue.
Inthefollowingexample,defaultisusedinsteadoftheappIdtodesignatethepropertyasaglobaldefault.
ThepropertyisusedacrossallapplicationsoftheOAAMServerinstallationunlessaspecificapplicationhasanotherlocationspecified.
bharosa.
uio.
default.
header=/globalcustomHeader.
jspbharosa.
uio.
default.
footer=/globalcustomFooter.
jspThedefaultpropertiesforthepathtothecustomheaderandfooterare:bharosa.
uio.
default.
header=path_to_custom_header.
jspbharosa.
uio.
default.
footer=path_to_custom_footer.
jspAnapplication-levelpropertyisonethatonlyeffectsasingleapplicationwhentherearemorethanoneapplicationdefinedintheproperties.
Inthefollowingexample,app1usesanapplication-leveldefinedheaderandfooterfile,butapp2usesanapplication-leveldefinedfooterbutaglobalordefaultdefinedheaderfile.
bharosa.
uio.
default.
header=/globalcustomHeader.
jspbharosa.
uio.
default.
footer=/globalcustomFooter.
jspbharosa.
uio.
app1.
header=/app1customHeader.
jspbharosa.
uio.
app1.
footer=/app1customFooter.
jspbharosa.
uio.
app2.
footer=/app2customFooter.
jspCustomizingtheAppearanceofOAAMServer8-8OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager8.
6.
4PropertyExtensionInadditiontoconfiguringpropertiesforeachapplication,youcanconfigureasetofpropertiesthatseveralapplicationshaveincommon.
Youcanthenextendthatsettocustomizetheparametersthatdifferbetweenthesetofapplications.
Ifyouweretoconfigurethreeapplicationsthatalluseasinglefooter,buteachhasauniqueheader,youcanincludethefollowingproperties:bharosa.
uio.
myAppGroup.
footer=/myAppGroup/customFooter.
jspbharosa.
uio.
appId1.
extends=myAppGroupbharosa.
uio.
appId1.
header=/client/app1/customHeader.
jspbharosa.
uio.
appId2.
extends=myAppGroupbharosa.
uio.
appId2.
header==/client/app2/customHeader.
jspbharosa.
uio.
appId3.
extends=myAppGroupbharosa.
uio.
appId3.
header==/client/app3/customHeader.
jsp8.
7CustomizingtheAppearanceofOAAMServerThissectiondescribeshowtocustomizetheappearanceoftheOAAMuserinterfaceinaWebbrowser.
TheOAAMServeruserinterfacebrandingiscustomizedinseveralways.
Customheader/footerfilesCustomCSSfileCustompropertiesforpagecontentandmessaging8.
7.
1CustomizingHeadersandFootersYoucancreatecustomheaderandfooterfilesfortheapplicationsbeingsecured.
TheheaderandfooterfilesareJSPfilesandcancontainanyHTMLorJSPcoderequiredtoreplicatethelookoftheapplicationbeingsecured.
1.
Createaworkfoldercalledoaam_extensions.
(Thefoldercanbecreatedanywhereifitisoutsidetheinstallationfolder.
)2.
Locateoracle.
oaam.
extensions.
warinthefollowingdirectory:IAM_Home/oaam/oaam_extensions/generic3.
Extractoracle.
oaam.
extensions.
warintheoaam_extensionsfolder.
4.
Intheoaam_extensionsfolder,createthefollowingsubfolders:/client/app1//client/app1/images/5.
CreateacustomHeader.
jspandcustomFooter.
jspinsidetheclient/app1/folder.
Theheader(customHeader.
jsp)andfooter(customFooter.
jsp)filesshouldcontainonlycontentHTML,allpagerelatedtags(,,,andsoon)arealreadyprovidedbyOAAMServer.
Asasimpleexample,aheaderandfooterarecreatedthatcontainasingleimageeach,tobeusedastheheaderandfooterofanapplicationcalled"appId1".
CopythefollowingcodeintocustomHeader.
jspfortheheader.
CustomizingtheAppearanceofOAAMServerCustomizingtheOAAMServer8-9/client/app1/customHeader.
jspCopythefollowingcodeintocustomFooter.
jspforthefooter.
/client/app1/customFooter.
jspThesefileswillbedeployedinthe"/client/app1/"directorywithintheWebapplication.
6.
Addassociatedfilestotheclient/app1folderasneeded.
Forexample,thecustomHeader.
jpgandcustomFooter.
jpgimagefilesreferencedbycustomHeader.
jspandcustomFooter.
jsp.
/client/app1/images/customHeader.
jpg/client/app1/images/customFooter.
jpg7.
Openthebharosa_server.
propertiesfileintheWEB-INF/classes/bharosa_propertiesdirectoryoftheoracle.
oaam.
extensions.
warfile.
8.
Toassociatetheseheaderandfooterfileswiththeapplication,addthefollowingpropertiestobharosa_server.
propertiesandsaveittooaam_extensions/WEB-INF/classes/bharosa_properties.
bharosa.
uio.
appId1.
header=/client/app1/customHeader.
jspbharosa.
uio.
appId1.
footer=/client/app1/customFooter.
jsp9.
Repackageoracle.
oaam.
extensions.
warfromtheparentfolderofoaam_extensionsusingthecommand:jar-cvfmoracle.
oaam.
extensions.
waroaam_extensions/META-INF\MANIFEST.
MF-Coaam_extensions/.
ThiscommandrecreatestheWARfilewiththeMANIFEST.
MFfile.
ThenewJSPfiles,referencedimages,andaddedpropertiesinbharosa_server.
propertiesareincludedinthenewWARfile.
10.
ShutdowntheOAAMAdminandOAAMServermanagedservers.
11.
StarttheWebLogicServerwhereOracleAdaptiveAccessManagerisdeployedandlogintotheWebLogicAdministrationConsole.
12.
NavigatetoDomainEnvironment>Deploymentsandlocktheconsole.
13.
ClicktheInstallbutton.
14.
Browsetothelocationoftheoracle.
oaam.
extensions.
warfileandselectitbyclickingtheradiobuttonnexttothe.
warfileandclickingNext.
15.
EnsureInstallthisdeploymentasalibraryisselectedandclickNext.
16.
SelectOAAMAdminandOAAMServerserversasdeploymenttargets.
17.
ClickNextagaintoacceptthedefaultsinthisnextpageandthenclickFinish.
18.
ClicktheSavebuttonandthenActivateChanges.
19.
StarttheOAAMAdminandOAAMServermanagedservers.
Note:Notethatthereisadotattheendofthecommand.
CustomizingtheAppearanceofOAAMServer8-10OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager8.
7.
2ModifyingUserInterfaceStylesYoucancreateacustomCascadingStyleSheet(CSS)tocreateacustomuserinterface.
TheCSSfileprovidescontroloverbackgrounds,fontcolorsandsizes,andsoon.
ThedefaultCSSfile,oaam_uio.
css,islocatedinthecssdirectory.
YoucanoverridethestylesinthisCSSfileusingacustomCSSfile.
Usethefileforanapplicationoratagloballevel.
RefertoSection8.
6.
3,"ConfiguringApplicationProperties.
"Forexample,tooverridethefont-familyofthedefaultbodystyledefinition:1.
Createaworkfoldercalledoaam_extensions.
Thefoldercanbecreatedanywhereifitisoutsidetheinstallationfolder.
2.
Locateoracle.
oaam.
extensions.
war,whichislocatedintheIAM_Home/oaam/oaam_extensions/genericdirectory.
3.
Explodeoracle.
oaam.
extensions.
warintotheoaam_extensionsfolder.
4.
Createtheclient/app1/cssdirectory.
5.
Createanapp1.
cssfile.
6.
Addthefollowingcodetotheapp1.
cssfile.
body{background-color:#ffffff;font-size:12px;color:#000000;font-family:arial,helvetica,sans-serif;margin:0px0px0px0px}7.
ChangeHelveticatotheprimaryfont-familyyouwanttouseforyourappId1application.
8.
Addthefiletothe/client/app1/cssdirectory.
9.
Openthebharosa_server.
propertiesfileintheWEB-INF/classes/bharosa_propertiesdirectoryoftheoracle.
oaam.
extensions.
warfile.
10.
Tousethenewlycreatedfile,setthefollowingpropertyinbharosa_server.
properties:bharosa.
uio.
appId1.
custom.
css=/client/app1/css/app1.
css11.
Repackageoracle.
oaam.
extensions.
warfromtheparentfolderofoaam_extensionsusingthecommand:jar-cvfmoracle.
oaam.
extensions.
waroaam_extensions/META-INF/MANIFEST.
MF-Coaam_extensions/.
12.
ShutdowntheOAAMAdminandOAAMServermanagedservers.
13.
StarttheWebLogicServerwhereOracleAdaptiveAccessManagerisdeployedandlogintotheOracleWebLogicAdministrationConsole.
14.
NavigatetoDomainEnvironment>Deploymentsandlocktheconsole.
15.
ClicktheInstallbutton.
16.
Browsetothelocationoftheoracle.
oaam.
extensions.
warfileandselectitbyclickingtheoptionnexttotheWARfileandclickingNext.
17.
EnsureInstallthisdeploymentasalibraryisselectedandclickNext.
CustomizingtheAppearanceofOAAMServerCustomizingtheOAAMServer8-1118.
SelectOAAMAdminandOAAMServerserversasdeploymenttargets.
19.
ClickNextagaintoacceptthedefaultsinthisnextpageandthenclickFinish.
20.
ClicktheSavebuttonandthenActivateChanges.
21.
StarttheOAAMAdminandOAAMServermanagedservers.
Anystyledefinedintheoaam_uio.
cssintheOAAMServerearfilecanbeoverriddeninthismannerifrequired.
8.
7.
3CustomizingContentandMessagingYoucancustomizecontentandmessagingoftheOAAMserverpagesbyaddingpropertiestotheclient_resource_locale.
propertiesfile.
Somecustomizableitems,likepagetitleandmessage,areapplicableforeachpage.
Whileotheritems,likeloginblockedmessage,arespecifictoaparticularpage.
Tocustomizecontentandmessaging:1.
Createaworkfoldercalledoaam_extensions.
(Thefoldercanbecreatedanywhereifitisoutsidetheinstallationfolder.
)2.
Locateoracle.
oaam.
extensions.
war,whichislocatedintheIAM_Home/oaam/oaam_extensions/genericdirectory.
3.
Explodeoracle.
oaam.
extensions.
warintotheoaam_extensionsfolder.
4.
Createaclient_resource_locale.
propertiesfileinoaam_extensions\WEB-INF\classes.
5.
Addthecustomizedmessagetothisfile.
Forexample,tochangethepagetitleontheloginpagefortheappId1application,addthefollowinglinetoclient_resource_locale.
properties:bharosa.
uio.
appId1.
signon.
page.
title=WelcometoApp1,pleasesignin.
Forexample,tocustomizetheerrormessagedisplayedwhenauserhasbeenblockedbysecurityrules,addthefollowinglinetoclient_resource_locale.
properties:bharosa.
uio.
appId1.
login.
user.
blocked=Youarenotauthorizedtologin.
Pleasecontactcustomerserviceat1-888-555-1234.
6.
Repackageoracle.
oaam.
extensions.
warfromtheparentfolderofoaam_extensionsusingthecommand:jar-cvfmoracle.
oaam.
extensions.
waroaam_extensions/META-INF/MANIFEST.
MF-Coaam_extensions/.
7.
Shutdownallmanagedservers.
8.
StarttheWebLogicServerwhereOracleAdaptiveAccessManagerisdeployedandlogintotheOracleWebLogicAdministrationConsole.
9.
NavigatetoDomainEnvironment>Deploymentsandlocktheconsole.
10.
ClicktheInstallbutton.
11.
Browsetothelocationoftheoracle.
oaam.
extensions.
warfileandselectitbyclickingtheoptionnexttotheWARfileandclickingNext.
12.
EnsureInstallthisdeploymentasalibraryisselectedandclickNext.
Questions/AnswersAboutUserInterfaceCustomization8-12OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager13.
SelectOAAMAdminandOAAMServerserversasdeploymenttargets.
14.
ClickNextagaintoacceptthedefaultsinthisnextpageandthenclickFinish.
15.
ClicktheSavebuttonandthenActivateChanges.
16.
StarttheOAAMAdminandOAAMServermanagedservers.
8.
8Questions/AnswersAboutUserInterfaceCustomizationAfewtroubleshootingtipsforuserinterfacecustomizationareprovidedbelow:Question:Ihaveaddedthefollowingentriestobharosa_server.
propertiesintheOAAMextensionssharedlibrary:bharosa.
uio.
default.
header=/customHeader.
jspbharosa.
uio.
default.
footer=/customFooter.
jspOAAMserverispickingupthedefaultheaderandfooterandnottheoneIspecifiedintheextensionslibrary.
Answer:Thecustomheader/footerfilesshouldhaveauniquenameasOAAMServerpullsfromthewebapplicationfirst.
Forexample,customHeader.
jspandcustomFooter.
jsp.
Question:WhyistheOAAMServernotpickingupthecsschangesinOAAMextensionssharedlibraryAnswer:Theproperty"bharosa.
uio.
default.
custom.
css"shouldbesettoacssfilethatisaddedtotheextensionslibrary.
ThatcssfilecanoverrideanyexistingCSSdefinitionsinthebaseapplication(definedbyoaam_uio.
css).
Question:Howdostruts_config_extension.
xmlandtiles-def-extension.
xmlworkincustomizationAnswer:TheOAAMextensionssharedlibraryhasastruts-config-extension.
xmlandtiles-def-extension.
xmlintheWEB-INFdirectory.
Anyvaluesaddedtothesewillaugmentoroverridetheonesalreadydefinedbystruts-config.
xmlandtiles-def.
xmlintheapplication.
Forexample,touseacustomizedjsp(customUserPreferences.
jsp)inplaceofthebasefile(userPreferences.
jsp),addthefollowingtotiles-def-extension.
xml:9CustomizingUserFlowandLayout9-19CustomizingUserFlowandLayoutTheStruts/TilesframeworkisusedbyOAAMtocreateacommonlookandfeelforanapplication.
9.
1UserFlowsandLayoutTheStrutsconfigurationfilestruts-config.
xmllocatedintheWEB-INFdirectorydefinesallthenavigationrulesintheformofactiondefinitions.
TheTileslayoutfiletiles-def.
xmllocatedintheWEB-INFdirectorycontainsdefinitionsforvariouspages.
TocustomizetheOAAMuserinterfaceflowandthelayoutoftheJavaServerPages(JSPs),youmustoverridetheOAAMServerJSPandstrutsactiontargetsusingtheOAAMExtensionsSharedlibrary(oracle.
oaam.
extensions.
war).
TheExtensionsSharedLibrarycontainsthefollowingtwofilestobeusedforthecustomizations:WEB-INF/struts-config-extension.
xmlWEB-INF/tiles-def-extension.
xml9.
1.
1StrutsActionsThissectionprovidesinformationaboutstrutsactiondefinitionswhichareusedtodrivetheuserflow.
OAAMactiontypeclassesarealsosummarized.
9.
1.
1.
1ActionDefinitionActiondefinitionstypicallycontainpath,type,andparameterattributes.
ThepathdefineswhattheURLwillbe.
Manydefinitionsalsocontainoneormoreforwardelementsthatindicatewhichpageshouldbedisplayednext.
Theloginpageexampleisshown.
Note:CustomizationsshouldonlybedoneintheOAAMExtensionsSharedLibrary.
Donotmodifythestruts-config.
xmlandtiles-def.
xmlfiles.
ModifyingthestrutstemplateisnotrecommendedandwouldinvolvechangestoboththetemplateandtheoaamLoginPage.
jspfile.
UserFlowsandLayout9-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager9.
1.
1.
2ActionTypeInloginpageexample,theURLishttp:///oaam_server/login.
do.
Thelogin.
docomesfromthepathdefinitionof"/login.
"Thetypeparameterdefinestheclassthatperformstheaction.
Thefollowingclassesareprovidedwiththesampleuserpages.
9.
1.
2BaseLayoutDefinitionUserinterfacepagesareconstructedusingtilesintheStrutsapplication.
Anexternalconfigurationfile(/WEB-INF/tiles-def.
xml)containsdefinitionsforvariouspages.
Thebaselayout"bharosa.
uio.
baseLayout"isdefinedtocontainvarioussections.
TheheaderregionisoccupiedbythecustomHeader.
jsppage,thefooterpartisoccupiedbythecustomFooter.
jsppage,andthebodypartbycontent.
Thefollowingcodeshowsthebaselayout.
Table9–1ActionTypeClassesClassNameDescriptioncom.
bharosa.
uio.
actions.
LoginActionUpdatestheloginstatusand,ifappropriate,challengestheuser.
com.
bharosa.
uio.
actions.
LoginFailActionDisplayserrormessageinOAAMServerpage.
Forexample,thepagecoulddisplayaloginblockedmessage.
com.
bharosa.
uio.
actions.
ActivityActionDisplaystheconfirmationmessageinOAAMServerpage.
com.
bharosa.
uio.
actions.
PasswordActionUpdatesthepasswordstatus.
com.
bharosa.
uio.
actions.
UpdateAuthStatusActionUpdatestheuserauthenticationstatusand,ifappropriate,ittriggerspatterndataprocessing.
com.
bharosa.
uio.
actions.
ValidateTrxActionValidatesthetransactioncom.
bharosa.
uio.
actions.
FlashFingerprintActionFingerprintsthedevice.
com.
bharosa.
uio.
actions.
LogoutActionLogsouttheusersessionandredirectstologinpagecom.
bharosa.
uio.
actions.
SignOnActionSignstheuserincom.
bharosa.
uio.
actions.
RegisterQuestionsActionDisplayssetsofquestionswhichtheusercanchooseandregisterthecorrectanswerforeach.
com.
bharosa.
uio.
actions.
ChangePasswordActionDisplaysChangePasswordlinkcom.
bharosa.
uio.
actions.
ForgotPasswordActionDisplaysForgotPasswordlinkcom.
bharosa.
uio.
actions.
UserInputActionDisplaysinputfieldscom.
bharosa.
uio.
actions.
UserPreferencesDoneActionDisplaysmessagethatusercompletedpreferenceregistrationcom.
bharosa.
uio.
actions.
ChallengeUserActionChallengestheuserbydisplayingaquestion-padwithoneofthequestionsalreadyregisteredbytheusercom.
bharosa.
uio.
actions.
ChangeUserNameActionChangestheusername.
com.
bharosa.
uio.
actions.
MessageActionDisplaysamessagetotheusercom.
bharosa.
uio.
actions.
ExitActionExitstheuserfromtheresourcecom.
bharosa.
uio.
actions.
ErrorActionErroroccursUserFlowsandLayoutCustomizingUserFlowandLayout9-3Toconstructuserinterfacepages,youdefinewhichJSPpageshouldfillinthebaselayoutinthetiles-def-extension.
xmlconfigurationfile.
ThefollowingexampleextendsthebaseLayoutdefinitionandusesaJSPnamedregisterQuestionsHTML.
jsptorenderthecontenttile:TiledefinitionhastheabilitytoextendanotherTiledefinition.
Inthetiles-def.
xmlfile,youcanseethatonlythebodyregionchangesintheuserflow.
9.
1.
3HowStrutsandTilesWorkTogetherTouseTilesintheStrutsapplication,thefollowingdefinitionwasaddedtothestruts-config.
xmlfile.
Actionforwardentriesareinthestruts-config.
xmlfile.
WhenanactionisforwardedtotheTiledefinitionbaseLayout,thenthebaseLayoutjsppagewillbedisplayedwithcorrespondingjsppagesintheTiledefinition.
Forexample:ThepathattributeholdthevalueoftheTiledefinitiontoforward.
Whenthepathvalueis"/registerQuestions.
do"thebaselayoutjsppageisdisplayedwithregisterQuestionsHTML.
jspasthebodyasspecifiedintiles-def.
xml.
CustomUserFlowsandLayoutExample9-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager9.
2CustomUserFlowsandLayoutExampleAnexampleonhowtocustomizetheuserflowandthelook-and-feelofthegraphicaluserinterfaceispresentedbelow.
9.
2.
1CustomizetheLook-and-FeelTocustomizethelookandfeelpresentedinthegraphicaluserinterface(GUI),addthecustomJSPfilestotheOAAMExtensionssharedlibraryandthenaddthedefinitionstothetiles-def-extension.
xmlfile.
Thefollowingexampleshowsthedefinitionforthepasswordpage,asdefinedintiles-defs.
xml:AtruntimethepasswordpagedynamicallydisplaysallnecessaryGUIelementsfortheusertoentertherequiredcredential.
Ifthefollowingdefinitionisaddedtothetiles-def-extensionfile,thenewcustomPassword.
jspisusedanywherethatOAAMServerattemptstodisplaythe"password"page.
Theexamplebelowshowsthedefinitionofacustompasswordpagethatcanbeaddedtotiles-def-extension.
xml:9.
2.
2CustomizetheUserPageFlowsandActionsTocustomizetheuserflowsandactions,overridethestrutsactionclassesandtheirmappingsinthestruts-config-extension.
xmlfile.
Thefollowingexampleshowsthedefinitionfortheloginaction,asdefinedinstruts-config.
xml:Thefollowingexampleshowsthepossiblevaluesyoucouldusetooverridetheloginactionusingstruts-config-extension.
xml:tiles-def.
xmlFileCustomizingUserFlowandLayout9-59.
3tiles-def.
xmlFileThissectionshowsatiles-def.
xmlfile.
StrutsConfigurationFile9-6OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager9.
4StrutsConfigurationFileThissectionshowsastruts-config.
xmlfile.
GlobalForwardDefinitionsStrutsConfigurationFileCustomizingUserFlowandLayout9-7ActionMappingDefinitionsStrutsConfigurationFileCustomizingUserFlowandLayout9-9StrutsConfigurationFile9-10OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerStrutsConfigurationFileCustomizingUserFlowandLayout9-11StrutsConfigurationFile9-12OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager10UsingVirtualAuthenticationDevices10-110UsingVirtualAuthenticationDevicesOracleAdaptiveAccessManagerincludesuniquefunctionalitytoprotectenduserswhileinteractingwithaprotectedwebapplication.
Thevirtualauthenticationdevicesareusedtoprotectusersduringtheprocessofenteringandtransmittingauthenticationcredentialsandprovidethemwithverificationtheyareauthenticatingonthevalidapplication.
Eachvirtualauthenticationdevice(VAD)hasitsownuniquesetofsecurityfeaturesthatmakeitmuchmorethanamereimageonawebpage.
Thischaptercontainsthefollowingsections:TerminologyVirtualAuthenticationDevicesandSetofBackgroundImagesVirtualAuthenticationTypesAuthenticatorCompositionVirtualAuthenticationDevicePropertiesDisplayingVirtualAuthenticationDevicesEnablingAccessibleVersionsofAuthenticatorsLocalizingVirtualAuthenticationDeviceinOAAM11g10.
1TerminologyThissectiondefinestermsusedinthischapter.
Table10–1VADTerminologyTermDescriptionAuthenticator/AuthentipadAcontrolforuserinputincludedinOAAMthatprovidesakeyboardandenablespersonalization.
PersonalizationAssigninganimageandgeneratedphraseduringregistration.
Thephraseandimageprovideenduserswithverificationtheyareauthenticatingonthevalidapplication.
VirtualKeypad/KeyboardAmethodforuserinputwheretheuserclicksscreenkeysinsteadofanexternalkeyboard.
JitterTheactofmovingkeylocationslightlyoneachtimetheauthenticatorisgenerated.
OffsetTheactofmovingawholekeysetonscreen.
KeyRandomizationTheactofrandomizingthekeyorder.
TimestampAstringgeneratedfromthecurrentsystemtimeorclientsidetime.
MaskingReplacingcharactersinanHTMLinputfield.
VirtualAuthenticationDevicesandSetofBackgroundImages10-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager10.
2VirtualAuthenticationDevicesandSetofBackgroundImagesVirtualauthenticationdevicesareprovidedwithOracleAdaptiveAccessManagerassamplestouseifyouchooseto.
ThesesamplesareprovidedinEnglishonly.
Sourceartandinformationinthischapterareprovidedtoallowyoutodevelopyourowncustomvirtualauthenticationdeviceframes,keys,personalizationimagesandphrases.
Alterationofthesesamplesisconsideredcustomdevelopment.
10.
3VirtualAuthenticationTypesThefollowingauthenticationdevicesaredescribedinthissection:TextPadPinPadQuestionPadKeypad10.
3.
1TextPadTextPadisapersonalizeddeviceforenteringapasswordorPINusingaregularkeyboard.
Thismethodofdataentryhelpstodefendagainstphishingprimarily.
TextPadisoftendeployedasthedefaultforallusersinalargedeployment.
Then,eachuserindividuallycanupgradetoanotherdeviceifhewishes.
Thepersonalimageandphraseauserregistersandseeseverytimehelogsintothevalidsiteservesasasharedsecretbetweentheuserandserver.
Ifthissharedsecretisnotpresentedorpresentedincorrectly,theuserswillnotice.
AnexampleTextPadisshowninFigure10–1.
Figure10–1TextPadVirtualAuthenticationTypesUsingVirtualAuthenticationDevices10-310.
3.
2PinPadPinPadisalightweightauthenticationdeviceforenteringanumericPIN.
AnexamplePinPadisshowninFigure10–2.
Figure10–2PinPad10.
3.
3QuestionPadQuestionPadisapersonalizeddeviceforenteringanswerstochallengequestionsusingaregularkeyboard.
TheQuestionPadiscapableofincorporatingthechallengequestionintotheQuestionimage.
LikeotherAdaptiveStrongAuthenticationdevices,QuestionPadalsohelpsinsolvingthephishingproblem.
AnexampleQuestionPadisshowninFigure10–3.
VirtualAuthenticationTypes10-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerFigure10–3QuestionPad10.
3.
4KeypadKeyPadisapersonalizedgraphicskeyboard,whichcanbeusedtoenteralphanumericandspecialcharacterthatcanbeenterusingatraditionalkeyboard.
KeyPadisidealforenteringpasswordsandothersensitivedata.
Forexample,creditcardnumberscanbeentered.
AnexampleKeyPadisshowninFigure10–4.
Figure10–4KeyPadVirtualAuthenticationDevicePropertiesUsingVirtualAuthenticationDevices10-510.
4AuthenticatorCompositionAnauthenticatoriscomprisedofanumberofelements.
TheseelementsarecombinedatruntimetoproducetheAuthenticatorfordisplayontheclientside.
10.
5VirtualAuthenticationDevicePropertiesDetailsonthevirtualauthenticationdevicepropertiesareprovidedinthischapterforyourreference.
10.
5.
1PropertyFilesUsedintheAuthenticator'sConfigurationVirtualauthenticationdevicesusesthefollowingfiles:bharosa_server.
properties-filewherecustompropertieswouldbeaddedforvirtualauthenticationdevices,KeySetdefinitionsusedintheKeyPadandPinPaddevices,andconfigurationpropertiesthatarenotlocalized(translated).
client_resource_.
properties-filestobecreatedbytheadministratorcustomizingtheapplicationtocontainlocale-specificpropertiessuchastranslateddisplayedmessages.
Thelocaleidentifierconsistsofatleastalanguageidentifier,andaregionidentifier(ifrequired).
Forexample,thecustompropertiesfileforUSEnglishisclient_resource_en_US.
properties.
10.
5.
2TextPadAuthenticatorPropertiesTable10–3liststheTextPadAuthenticatorPropertiesTable10–2ElementsofanauthenticatorElementDescriptionPersonalizedImageAnimageselectedbytheuserduringregistration.
ThisisstoredintheuserrepositoryinOAAM.
AuthenticatorFrameAnimagethatformstheframeoftheauthenticator.
Itcontainsgraphicstorepresentusercontrols.
Timestamp,PhraseandKeysetImageelementsthataregeneratedtobuildthepersonalizationoftheauthenticator.
HTMLControlsAsetofJavaScriptcontrolledHTMLelementsfordataentryandsubmissionofdata.
Note:Manyofthepropertiesrelatedtothevirtualauthenticationdevicesareinresourcebundlessothattheyarecapableofbeinglocalized.
Ifthedefaultvalueisina"resource"file,thentheoverridevalueshouldbeplacedintheclientoverridefileforresourcebundlevalues(client_resource.
properties).
VirtualAuthenticationDeviceProperties10-6OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager10.
5.
3PinPadAuthenticatorPropertiesTable10–4liststhePinPadAuthenticatorProperties10.
5.
4QuestionPadAuthenticatorPropertiesTable10–5liststheQuestionPadAuthenticatorPropertiesTable10–3TextPadAuthenticatorPropertiesFeaturePropertyDefaultBG(Canbeapplicationspecific)bharosa.
uio.
.
DeviceTextPad.
default.
image=textpad_bg/UIO_BG.
jpgPasswordFrameFile(Canbeapplicationspecific)bharosa.
uio.
.
password.
DeviceTextPad.
frame=ChallengeFrameFile(Canbeapplicationspecific)bharosa.
uio.
.
.
DeviceTextPad.
frame=Note:Challengetypecanbeanyconfiguredchallengetype(ChallengeQuestion,ChallengeEmail,andothers)RegistrationFrameFile(Canbeapplicationspecific)bharosa.
uio.
.
register.
DeviceTextPad.
frame=textpad_bg/TP_O_preview.
pngUserPreferencesFrameFile(Canbeapplicationspecific)bharosa.
uio.
.
userpreferences.
DeviceTextPad.
frame=textpad_bg/TP_O_preview.
pngTable10–4PinPadAuthenticatorPropertiesFeaturePropertyDefaultBG(Canbeapplicationspecific)bharosa.
uio.
default.
DevicePinPad.
default.
image=pinpad_bg/UIO_BG.
jpgPasswordFrameFile(Canbeapplicationspecific)bharosa.
uio.
.
password.
DevicePinPad.
frame=ChallengeFrameFile(Canbeapplicationspecific)bharosa.
uio.
.
.
DevicePinPad.
frame=Note:Challengetypecanbeanyconfiguredchallengetype(ChallengeQuestion,ChallengeEmail,andothers)RegistrationFrameFile((Canbeapplicationspecific)bharosa.
uio.
.
register.
DevicePinPad.
frame=pinpad_bg/PP_v02_frame_preview.
pngUserPreferencesFrameFile(Canbeapplicationspecific)bharosa.
uio.
.
userpreferences.
DevicePinPad.
frame=pinpad_bg/PP_v02_frame_preview.
pngTable10–5QuestionPadAuthenticatorPropertiesFeaturePropertyDefaultBG(Canbeapplicationspecific)bharosa.
uio.
.
DeviceQuestionPad.
default.
image=textpad_bg/UIO_BG.
jpgChallengeFrameFile(Canbeapplicationspecific)bharosa.
uio.
.
.
DeviceQuestionPad.
frame=Note:Challengetypecanbeanyconfiguredchallengetype(ChallengeQuestion,ChallengeEmail,andothers)VirtualAuthenticationDevicePropertiesUsingVirtualAuthenticationDevices10-710.
5.
5KeyPadAuthenticatorPropertiesTable10–6liststheKeyPadAuthenticatorProperties10.
5.
6FrameDesignandElementPositioningThefollowingsectionsoutlinethevisualelementsthatarewithinthevirtualauthenticationdevicevisualdisplayforeachdeviceandtheuniquesecurityfeaturesofeachauthenticationdevice.
Eachvirtualauthenticationdevicehasitsownuniquesecurityfeatures.
Someofthesefeaturescanbeenabledanddisabledbyeditingtheconfigurationpropertiesinthebharosa_server.
properties.
Forvisualdisplay,importanttermsare:EnterKeyHotspot-Linkareaallowingusertosubmitdataenteredintheauthenticationdevice.
Phrase-Personalizedphraseassignedtotheuseratthetimeofregistration.
Thephraseallowstheusertoensuretheyareontheirintendedwebsite.
Timestamp-Timestampofwhentheimagewasgenerated,allowingtheusertoensuretheauthenticationdeviceiscurrent.
10.
5.
6.
1BackgroundImagesForthebackgroundimagestobedisplayedinthevirtualauthenticationdevice,setthefollowingproperty:vcrypt.
user.
image.
dirlist.
property.
name=bharosa.
image.
dirlistbharosa.
image.
dirlist=Ifanyoftheimagesaretobeedited,makesurenottoincreasethephysicaldimensionsorchangetheaspectratioofthesampleimagesbecausedistortionswilloccur.
10.
5.
6.
2KeysSetsAKeySetistheconfigurationthatdefineswhatcharacterkeysarepresentonthevirtualauthenticationdevice.
KeySetsareusedbytheKeyPadandPinPadvirtualauthenticationdevices.
Table10–6KeyPadAuthenticatorPropertiesFeaturePropertyDefaultBG(Canbeapplicationspecific)bharosa.
uio.
.
DeviceKeyPadFull.
default.
image=keypad_bg/UIO_BG.
jpgPasswordFrameFile(Canbeapplicationspecific)bharosa.
uio.
.
password.
DeviceKeyPadFull.
frame=ChallengeFrameFile(Canbeapplicationspecific)bharosa.
uio.
.
.
DeviceKeyPadFull.
frame=Note:Challengetypecanbeanyconfiguredchallengetype(ChallengeQuestion,ChallengeEmail,andothers)RegistrationFrameFile((Canbeapplicationspecific)bharosa.
uio.
.
register.
DeviceKeyPadFull.
frame=alphapad_bg/kp_O_preview.
pngUserPreferencesFrameFile(Canbeapplicationspecific)bharosa.
uio.
.
userpreferences.
DeviceKeyPadFull.
frame=alphapad_bg/kp_O_preview.
pngVirtualAuthenticationDeviceProperties10-8OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerKeySetsaredefinedbyaseriesuserdefinedenums.
ThefirstenumdefinestherowsoftheKeySetandpointstoanotherenumdescribingthekeyspresentinthatrow.
Forexample,thefollowingenumdefinestherowsofkeysinaPinPad:bharosa.
authentipad.
pinpad.
default.
keyset.
enum=DefaultPinPadKeysetEnumbharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row1=0bharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row1.
name=DefaultPinPadKeysetRow1bharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row1.
description=DefaultPinPadKeysetRow1bharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row1.
keys=bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enumbharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row1.
order=1bharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row2=1bharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row2.
name=DefaultPinPadKeysetRow2bharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row2.
description=DefaultPinPadKeysetRow2bharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row2.
keys=bharosa.
authentipad.
pinpad.
default.
keyset.
row2.
enumbharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row2.
order=2bharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row3=2bharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row3.
name=DefaultPinPadKeysetRow3bharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row3.
description=DefaultPinPadKeysetRow3bharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row3.
keys=bharosa.
authentipad.
pinpad.
default.
keyset.
row3.
enumbharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row3.
order=3bharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row4=3bharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row4.
name=DefaultPinPadKeysetRow4bharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row4.
description=DefaultPinPadKeysetRow4bharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row4.
keys=bharosa.
authentipad.
pinpad.
default.
keyset.
row4.
enumbharosa.
authentipad.
pinpad.
default.
keyset.
enum.
row4.
order=4Eachrowismadeofthefollowingproperties:Inthiscase,therow1enumisdefinedasfollows:bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum=DefaultPinpadKeysetRow1bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key1=0bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key1.
name=1Table10–7PropertiesofRowsPropertyDescriptionnameNameoftherow.
descriptionDescriptionoftherow.
keysEnumidentifieroftheenumthatdefinesthekeysintherow.
orderTheorderthekeyresidesintherowofkeys.
VirtualAuthenticationDevicePropertiesUsingVirtualAuthenticationDevices10-9bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key1.
description=1bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key1.
value=1bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key1.
shiftvalue=1bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key1.
image=kp_v2_1.
pngbharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key1.
order=1bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key2=1bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key2.
name=2bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key2.
description=2bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key2.
value=2bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key2.
shiftvalue=2bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key2.
image=kp_v2_2.
pngbharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key2.
order=2bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key3=2bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key3.
name=3bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key3.
description=3bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key3.
value=3bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key3.
shiftvalue=3bharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key3.
image=kp_v2_3.
pngbharosa.
authentipad.
pinpad.
default.
keyset.
row1.
enum.
key3.
order=3Eachkeyismadeofthefollowingproperties:10.
5.
6.
3TextPadVisualElementsThissectionprovidesinformationonthevisualelementsofTextPad.
Phrase(Caption)bharosa.
authentipad.
textpad.
caption.
personalize=truebharosa.
authentipad.
textpad.
caption.
x=14bharosa.
authentipad.
textpad.
caption.
y=203bharosa.
authentipad.
textpad.
caption.
frame=falsebharosa.
authentipad.
textpad.
caption.
wrap=falsebharosa.
authentipad.
textpad.
caption.
width=130bharosa.
authentipad.
textpad.
caption.
height=16bharosa.
authentipad.
textpad.
caption.
font.
name=Arialbharosa.
authentipad.
textpad.
caption.
font.
color=000000bharosa.
authentipad.
textpad.
caption.
font.
type=0bharosa.
authentipad.
textpad.
caption.
font.
size=9Timestampbharosa.
authentipad.
textpad.
timestamp.
x=25bharosa.
authentipad.
textpad.
timestamp.
y=165bharosa.
authentipad.
textpad.
timestamp.
width=132Table10–8PropertiesofEachKeyPropertyDescriptionnameNameofthekey.
descriptionDescriptionofthekey.
valueThecharactervaluethekeyrepresentswhenclicked.
shiftvalueThecharactervaluethekeyrepresentswhenincapsmode.
imageTheimagefilenamethatwillbeusedtodisplaythevisualrepresentationofthekey.
orderTheorderthekeyresidesintherowofkeys.
VirtualAuthenticationDeviceProperties10-10OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerbharosa.
authentipad.
textpad.
timestamp.
height=16bharosa.
authentipad.
textpad.
timestamp.
frame=falsebharosa.
authentipad.
textpad.
timestamp.
wrap=falsebharosa.
authentipad.
textpad.
timestamp.
font.
name=Arialbharosa.
authentipad.
textpad.
timestamp.
font.
color=ffffffbharosa.
authentipad.
textpad.
timestamp.
font.
type=0bharosa.
authentipad.
textpad.
timestamp.
font.
size=9EnterKeyHotspotbharosa.
authentipad.
textpad.
enterkey.
x=98bharosa.
authentipad.
textpad.
enterkey.
y=181bharosa.
authentipad.
textpad.
enterkey.
width=45bharosa.
authentipad.
textpad.
enterkey.
height=19bharosa.
authentipad.
textpad.
enterkey.
label=enterbharosa.
authentipad.
textpad.
enterkey.
enable=true10.
5.
6.
4PinPadVisualElementsThissectionprovidesinformationonthevisualelementsofPinPad.
Phrase(Caption)bharosa.
authentipad.
pinpad.
caption.
personalize=truebharosa.
authentipad.
pinpad.
caption.
x=5bharosa.
authentipad.
pinpad.
caption.
y=206bharosa.
authentipad.
pinpad.
caption.
frame=falsebharosa.
authentipad.
pinpad.
caption.
wrap=falsebharosa.
authentipad.
pinpad.
caption.
width=130bharosa.
authentipad.
pinpad.
caption.
height=16bharosa.
authentipad.
pinpad.
caption.
font.
name=Arialbharosa.
authentipad.
pinpad.
caption.
font.
color=000000bharosa.
authentipad.
pinpad.
caption.
font.
type=0bharosa.
authentipad.
pinpad.
caption.
font.
size=9Timestampbharosa.
authentipad.
pinpad.
timestamp.
x=15bharosa.
authentipad.
pinpad.
timestamp.
y=165bharosa.
authentipad.
pinpad.
timestamp.
width=132bharosa.
authentipad.
pinpad.
timestamp.
height=16bharosa.
authentipad.
pinpad.
timestamp.
frame=falsebharosa.
authentipad.
pinpad.
timestamp.
wrap=falsebharosa.
authentipad.
pinpad.
timestamp.
font.
name=Arialbharosa.
authentipad.
pinpad.
timestamp.
font.
color=ffffffbharosa.
authentipad.
pinpad.
timestamp.
font.
type=0bharosa.
authentipad.
pinpad.
timestamp.
font.
size=9EnterKeyHotspotbharosa.
authentipad.
pinpad.
enterkey.
x=78bharosa.
authentipad.
pinpad.
enterkey.
y=182bharosa.
authentipad.
pinpad.
enterkey.
width=49bharosa.
authentipad.
pinpad.
enterkey.
height=20bharosa.
authentipad.
pinpad.
enterkey.
label=enterbharosa.
authentipad.
pinpad.
enterkey.
enable=trueBackspaceKeyHotspotbharosa.
authentipad.
pinpad.
backspace.
x=86bharosa.
authentipad.
pinpad.
backspace.
y=8bharosa.
authentipad.
pinpad.
backspace.
width=20bharosa.
authentipad.
pinpad.
backspace.
height=20VirtualAuthenticationDevicePropertiesUsingVirtualAuthenticationDevices10-11bharosa.
authentipad.
pinpad.
backspace.
label=<bharosa.
authentipad.
pinpad.
backspace.
enable=true10.
5.
6.
5QuestionPadVisualElementsThissectionprovidesinformationonthevisualelementsofQuestionPad.
Phrase(Caption)bharosa.
authentipad.
questionpad.
caption.
personalize=truebharosa.
authentipad.
questionpad.
caption.
x=14bharosa.
authentipad.
questionpad.
caption.
y=203bharosa.
authentipad.
questionpad.
caption.
frame=falsebharosa.
authentipad.
questionpad.
caption.
wrap=falsebharosa.
authentipad.
questionpad.
caption.
width=130bharosa.
authentipad.
questionpad.
caption.
height=16bharosa.
authentipad.
questionpad.
caption.
font.
name=Arialbharosa.
authentipad.
questionpad.
caption.
font.
color=000000bharosa.
authentipad.
questionpad.
caption.
font.
type=0bharosa.
authentipad.
questionpad.
caption.
font.
size=9Timestampbharosa.
authentipad.
questionpad.
timestamp.
x=25bharosa.
authentipad.
questionpad.
timestamp.
y=165bharosa.
authentipad.
questionpad.
timestamp.
width=132bharosa.
authentipad.
questionpad.
timestamp.
height=16bharosa.
authentipad.
questionpad.
timestamp.
frame=falsebharosa.
authentipad.
questionpad.
timestamp.
wrap=falsebharosa.
authentipad.
questionpad.
timestamp.
font.
name=Arialbharosa.
authentipad.
questionpad.
timestamp.
font.
color=ffffffbharosa.
authentipad.
questionpad.
timestamp.
font.
type=0bharosa.
authentipad.
questionpad.
timestamp.
font.
size=9QuestionTextbharosa.
authentipad.
questionpad.
question.
x=9bharosa.
authentipad.
questionpad.
question.
y=32bharosa.
authentipad.
questionpad.
question.
width=132bharosa.
authentipad.
questionpad.
question.
height=62bharosa.
authentipad.
questionpad.
question.
frame=falsebharosa.
authentipad.
questionpad.
question.
wrap=truebharosa.
authentipad.
questionpad.
question.
font.
name=Arialbharosa.
authentipad.
questionpad.
question.
font.
color=000000bharosa.
authentipad.
questionpad.
question.
font.
type=0bharosa.
authentipad.
questionpad.
question.
font.
size=9EnterKeyHotspotbharosa.
authentipad.
questionpad.
enterkey.
x=98bharosa.
authentipad.
questionpad.
enterkey.
y=181bharosa.
authentipad.
questionpad.
enterkey.
width=45bharosa.
authentipad.
questionpad.
enterkey.
height=19bharosa.
authentipad.
questionpad.
enterkey.
label=enterbharosa.
authentipad.
questionpad.
enterkey.
enable=trueNote:In10.
1.
4.
5andabove,theQuestionPadisasinglelinefield.
VirtualAuthenticationDeviceProperties10-12OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerVisibleTextInputorPassword(Non-Visible)InputSettingThefollowingpropertyinclient_resource_.
propertiesdetermineswhethertheQuestionPadissetforvisibletextinputorpassword(non-visible)input.
bharosa.
authentipad.
questionpad.
datafield.
input.
typeValidvaluesaretextandpassword.
10.
5.
6.
6KeyPadVisualElementsThissectionprovidesinformationonthevisualelementsofKeyPad.
Phrase(Caption)bharosa.
authentipad.
keypad.
caption.
personalize=truebharosa.
authentipad.
keypad.
caption.
x=240bharosa.
authentipad.
keypad.
caption.
y=206bharosa.
authentipad.
keypad.
caption.
frame=falsebharosa.
authentipad.
keypad.
caption.
wrap=falsebharosa.
authentipad.
keypad.
caption.
width=130bharosa.
authentipad.
keypad.
caption.
height=16bharosa.
authentipad.
keypad.
caption.
font.
name=Arialbharosa.
authentipad.
keypad.
caption.
font.
color=000000bharosa.
authentipad.
keypad.
caption.
font.
type=0bharosa.
authentipad.
keypad.
caption.
font.
size=9Timestampbharosa.
authentipad.
keypad.
timestamp.
x=110bharosa.
authentipad.
keypad.
timestamp.
y=202bharosa.
authentipad.
keypad.
timestamp.
width=132bharosa.
authentipad.
keypad.
timestamp.
height=16bharosa.
authentipad.
keypad.
timestamp.
frame=falsebharosa.
authentipad.
keypad.
timestamp.
wrap=falsebharosa.
authentipad.
keypad.
timestamp.
font.
name=Arialbharosa.
authentipad.
keypad.
timestamp.
font.
color=ffffffbharosa.
authentipad.
keypad.
timestamp.
font.
type=0bharosa.
authentipad.
keypad.
timestamp.
font.
size=9EnterKeyHotspotbharosa.
authentipad.
keypad.
enterkey.
x=292bharosa.
authentipad.
keypad.
enterkey.
y=8bharosa.
authentipad.
keypad.
enterkey.
width=50bharosa.
authentipad.
keypad.
enterkey.
height=20bharosa.
authentipad.
keypad.
enterkey.
label=enterbharosa.
authentipad.
keypad.
enterkey.
enable=trueBackspaceKeyHotspotbharosa.
authentipad.
keypad.
backspace.
x=164bharosa.
authentipad.
keypad.
backspace.
y=8bharosa.
authentipad.
keypad.
backspace.
width=20bharosa.
authentipad.
keypad.
backspace.
height=20bharosa.
authentipad.
keypad.
backspace.
enable=trueCapsStatesbharosa.
authentipad.
keypad.
capslock.
x=188bharosa.
authentipad.
keypad.
capslock.
y=0bharosa.
authentipad.
keypad.
capslock.
width=43bharosa.
authentipad.
keypad.
capslock.
height=29bharosa.
authentipad.
keypad.
capslock.
capsonimg=kp_v2_all_caps.
jpgVirtualAuthenticationDevicePropertiesUsingVirtualAuthenticationDevices10-13bharosa.
authentipad.
keypad.
capslock.
capsshiftimg=kp_v2_first_caps.
jpg10.
5.
7CustomizationStepsTheprocessisasfollows:1.
AddvirtualauthenticationdevicerelatedpropertiesandcustomKeySetrelatedenumpropertiestobharosa_server.
propertiesandsaveitinthe/WEB-INF/classesfolder.
Refertotherestofthechapterformoreinformationondefiningkeysetsandothervirtualauthenticationdeviceproperties.
2.
Addcustomresourcebundlevaluestoafilenamedclient_resource_locale.
properties(wherelocaleisreplacedwithrelevantlocale,suchas"en")andsaveitinthe\WEB-INF\classesfolder.
Userfacingtextisalsoconsideredresourcebundlevaluesandyoushouldaddthesetothefile.
TherearesomeadditionalitemsinOAAMServersuchasimagepathsandregularexpressionpropertiesthatcanbecustomizedbasedonlocaleaswell.
Forexample,bharosa.
uio.
default.
register.
DeviceTextPad.
frame=textpad_bg/TP_nologo_frame_01.
pngandbharosa.
uio.
default.
DeviceTextPad.
default.
image=textpad_bg/BG_003.
jpgcanbeaddedtothisfile.
3.
Addkeyimagefilesto/WEB-INF/classes/bharosa_properties/_skins.
4.
AddFrameImageFiles://WEB-INF/classes/bharosa_properties/_bg.
5.
DeploythecustomOAAMExtensionsSharedLibraryintoboththeOAAMManagedServers(OAAMAdminandOAAMServer).
a.
Re-Jarthewarusingthecommand:jar-cvfmoracle.
oaam.
extensions.
war/META-INF/MANIFEST.
MF-C/.
b.
Re-deploytheupdatedoracle.
oaam.
extensions.
warasasharedlibrarywithtargetsasoaam_serverandoaam_admin.
c.
Stopallmanagedserversiftheyarerunning.
d.
StarttheWebLogicAdministrationServer.
e.
StarttheOracleWebLogicServerwhereOracleAdaptiveAccessManagerisdeployedandlogintotheOracleWebLogicAdministrationConsole.
f.
Removetheoracle.
oaam.
extensions.
warcurrentlydeployed.
g.
Deploytheneworacle.
oaam.
extensions.
warfileasasharedlibrarywithoaam_serverandoaam_adminastargetapplications.
Youmayneedtotargetoaam_offlineaswellifitisdeployedinthesamedomain.
Note:MakesureoriginalMANIFEST.
MFremainssameasthatcontainssharedlibraryinformation.
DisplayingVirtualAuthenticationDevices10-14OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerh.
Startallmanagedserversthataretobeused.
i.
Testthecustomfunctionalityandmakesurefilesaddedtooracle.
oaam.
extensions.
warareusedbyOracleAdaptiveAccessManagerapplications.
10.
6DisplayingVirtualAuthenticationDevicesThissectiondescribestheflowtorendervirtualauthenticationdevices.
Itcontainsthefollowingtopics:SettingUpBeforeCallingthegetMethodGettingtheAuthentiPadsSettingPropertiesAfterGettingAuthentipadObjectDisplayingVirtualAuthenticationDevices10.
6.
1SettingUpBeforeCallingthegetMethodInordertogetthebgFile,youneedtoobtainitfromtheuserbyperforming:StringbgFile=(String)authUser.
getSecurityPreferences().
get("imagePath");10.
6.
2GettingtheAuthentiPadsThemainAPIthathandlesauthentipadgenerationisBharosaClientImpl.
getInstance().
get.
ThefollowingmethodscanbeusedtogetcommonlyusedAuthentiPads:BharosaClientImpl.
getInstance().
getFullKeyPad(.
.
.
)BharosaClientImpl.
getInstance().
getAlphaNumericKeyPad(.
.
.
)BharosaClientImpl.
getInstance().
getTextPad(.
.
.
)BharosaClientImpl.
getInstance().
getQuestionPad(.
.
.
)BharosaClientImpl.
getInstance().
getPinPad(.
.
.
)Eachmethodtakesthesamesetofparameters:Table10–9Authentipad:MethodParametersParameterDescriptionStringpadNameIdentifieroftheAuthentiPad,usedintheHTMLasthebasenameofinputfieldsandJavaScriptvariables.
StringframeFileImagepathtousefortheframe.
StringbackgroundFileImagepathtouseforthebackgroundimage.
IfusingOAAMassignmentAPIs,OAAMstorestheusersassignedimageintheVCryptAuthUserobject:(String)authUser.
getSecurityPreferences().
get("imagePath")VCryptLocalizedStringcaptionTextAlocalizedstringtodisplayasthecaptionontheAuthentiPadVCryptLocalizedString(String,VCryptLocale)VCryptLocalizedString(String,Locale)VCryptLocalizedString(String)EnablingAccessibleVersionsofAuthenticatorsUsingVirtualAuthenticationDevices10-1510.
6.
3SettingPropertiesAfterGettingAuthentipadObjectYouneedtosettimestamp,timezoneanddisplayonlypropertytotheauthentipadobjectthatwasobtained.
ThefollowingtableshowsfieldsthatmayneedtobesetontheAuthentiPadonceitiscreated:10.
6.
4DisplayingVirtualAuthenticationDevicesVADsarerenderedinanHTMLpage.
AnypagethatistorenderaVADmustincludethebharosa_pad.
jsJavaScriptfile.
Thebharosa_pad.
jsfileisaJavaScriptlibraryforrenderingVADsandhandlinguserinteraction.
TogettheHTML/JavaScriptrenderstringtobeplacedintoanHTMLpage,callauthentiPad.
getHTML().
Theoutputofthismethod,willbeanHTMLstringcontainingrequiredimagemapsandJavaScriptconstructorsrequiredtodisplaytheVAD.
Oncerendered,theVADwillmakearequestfortheimagetobedisplayed.
TheURLusedtorendertheimageisconfiguredbytheproperty:bharosa.
authentipad.
image.
url.
10.
7EnablingAccessibleVersionsofAuthenticatorsUserswhoaccessusingassistivetechniqueswillneedtousetheaccessibleversionsofthevirtualauthenticationdevices.
AccessibleversionsoftheTextPad,QuestionPad,KeyPadandPinPadarenotenabledbydefault.
Ifaccessibleversionsareneededinadeployment,theycanbeenabledviaproperties.
Theaccessibleversionsofthepadscontaintabbing,directionsandALTtextnecessaryfornavigationviascreenreaderandotherassistivetechnologies.
Toenabletheseversions,settheisADAcompliantflagtotrue.
FornativeintegrationthepropertytocontrolthepadsisbooleanisADACompliantFlagtodesignateiftheAuthentiPadshouldberenderedwithextratextandlinksforscreenreaders.
booleanhasJSFlagtodesignateiftheuserhasJavaScriptenabled.
booleanhasImagesFlagtodesignateiftheuserhasimagesenabled.
Table10–10Authentipad:SettingAdditionalFieldsParameterDescriptionauthentiPad.
setTimeStamp(DatetimeStamp)Setsthetimestamptodisplayonthepad.
authentiPad.
setTimeZone(TimeZonetimeZone)Setsthetimezonetodisplayonthepad.
authentiPad.
setDisplayOnly(booleandisplayOnly)Flagtodesignateifthepadshouldberenderedwithoutinteractivefieldsandlinks.
Commonlyusedtoduringimageregistration.
authentiPad.
setQuestionText(VCryptLocalizedStringquestionText)UsedtodisplayquestiononaQuestionPad.
Table10–9(Cont.
)Authentipad:MethodParametersParameterDescriptionLocalizingVirtualAuthenticationDeviceinOAAM11g10-16OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerdesertref.
authentipad.
isADACompliantForUIO,thepropertytocontrolthepadsisbharosa.
uio.
default.
authentipad.
is_ada_compliant10.
8LocalizingVirtualAuthenticationDeviceinOAAM11gThissectioncontainsthefollowingtopics:OverviewExampleusingGermanLocale10.
8.
1OverviewTheprocessisasfollows:1.
Createtheclient_resource_.
propertiesfilewithvirtualauthenticationdevicerelatedpropertiesandsaveitinthe/WEB-INF/classesfolder.
2.
Addthecustomkeysetrelatedenumpropertiestobharosa_server.
propertiesandsaveitinthe/WEB-INF/classesfolder.
Refertotherestofthechapterformoreinformationondefiningkeysetsandothervirtualauthenticationdeviceproperties.
3.
Addkeyimagefilesto/WEB-INF/classes/bharosa_properties/alphapad_skins_.
4.
AddFrameImageFiles://WEB-INF/classes/bharosa_properties/alphapad_bg.
5.
CreateOAAMExtensionsSharedLibraryusingclient_resource_.
propertiesandbharosa_server.
properties.
6.
DeploythecustomOAAMExtensionsSharedLibraryintoboththeOAAMManagedServers(OAAMAdminandOAAMServer).
7.
Testthelocalizedkeypads.
10.
8.
2ExampleusingGermanLocaleAnexampleoflocalizingthepadsinGermanisshownbelow:1.
UnziptheOAAMExtensionssharedlibrarywarfileintoatempdirectory.
2.
Createclient_resource_de.
propertiesin/WEB-INF/classes/ifnotalreadypresent3.
Addtheseinclient_resource_de.
properties#KeysettouseforGermanlocalebharosa.
authentipad.
keypad.
default.
keyset=german#CaptionCoordinatesfornewGermanPadbharosa.
authentipad.
keypad.
caption.
y=330bharosa.
authentipad.
keypad.
caption.
frame=falsebharosa.
authentipad.
keypad.
caption.
wrap=falsebharosa.
authentipad.
keypad.
caption.
width=130bharosa.
authentipad.
keypad.
caption.
height=16bharosa.
authentipad.
keypad.
caption.
font.
name=ArialLocalizingVirtualAuthenticationDeviceinOAAM11gUsingVirtualAuthenticationDevices10-17bharosa.
authentipad.
keypad.
caption.
font.
color=000000bharosa.
authentipad.
keypad.
caption.
font.
type=0bharosa.
authentipad.
keypad.
caption.
font.
size=9#FramefilestousefornewGermanPadbharosa.
authentipad.
keypad.
frame.
file=alphapad_bg/kp_frame_O3.
pngbharosa.
authentipad.
keypad.
sample.
frame.
file=alphapad_bg/kp_frame_O3.
pngbharosa.
uio.
default.
register.
DeviceKeyPadFull.
frame=alphapad_bg/kp_frame_O3.
pngbharosa.
uio.
default.
userpreferences.
DeviceKeyPadFull.
frame=alphapad_bg/kp_frame_O3.
png#SkinsdirectorycontainingGermankeyimagesbharosa.
authentipad.
keypad.
skins.
dirlist=alphapad_skins_de/square#TimestampCoordinatesfornewGermanPadbharosa.
authentipad.
keypad.
timestamp.
y=330bharosa.
authentipad.
keypad.
timestamp.
width=132bharosa.
authentipad.
keypad.
timestamp.
height=16bharosa.
authentipad.
keypad.
timestamp.
frame=falsebharosa.
authentipad.
keypad.
timestamp.
wrap=falsebharosa.
authentipad.
keypad.
timestamp.
font.
name=Arialbharosa.
authentipad.
keypad.
timestamp.
font.
color=ffffffbharosa.
authentipad.
keypad.
timestamp.
font.
type=0bharosa.
authentipad.
keypad.
timestamp.
font.
size=94.
Createbharosa_server.
propertiesin/WEB-INF/classesifnotalreadypresent.
GermanFullKeypadKeysetbharosa.
authentipad.
keypad.
german.
keyset.
enum=GermanKeyPadKeysetEnumbharosa.
authentipad.
keypad.
german.
keyset.
enum.
row1=0bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row1.
name=GermanKeyPadKeysetRow1bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row1.
description=GermanKeyPadKeysetRow1bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row1.
keys=bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enumbharosa.
authentipad.
keypad.
german.
keyset.
enum.
row1.
order=1bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row2=1bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row2.
name=GermanKeyPadKeysetRow2bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row2.
description=GermanKeyPadKeysetRow2bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row2.
keys=bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enumbharosa.
authentipad.
keypad.
german.
keyset.
enum.
row2.
order=2bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row3=2bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row3.
name=GermanKeyPadKeysetRow3bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row3.
description=GermanKeyPadKeysetRow3bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row3.
keys=bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enumbharosa.
authentipad.
keypad.
german.
keyset.
enum.
row3.
order=3LocalizingVirtualAuthenticationDeviceinOAAM11g10-18OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerbharosa.
authentipad.
keypad.
german.
keyset.
enum.
row4=3bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row4.
name=GermanKeyPadKeysetRow4bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row4.
description=GermanKeyPadKeysetRow4bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row4.
keys=bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enumbharosa.
authentipad.
keypad.
german.
keyset.
enum.
row4.
order=4bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row5=4bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row5.
name=GermanKeyPadKeysetRow5bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row5.
description=GermanKeyPadKeysetRow5bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row5.
keys=bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enumbharosa.
authentipad.
keypad.
german.
keyset.
enum.
row5.
order=5u00C0to\u00FFKeysetbharosa.
authentipad.
keypad.
german.
keyset.
enum=GermanKeyPadKeysetEnumbharosa.
authentipad.
keypad.
german.
keyset.
enum.
row6=5bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row6.
name=GermanKeyPadKeysetRow6bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row6.
description=GermanKeyPadKeysetRow6bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row6.
keys=bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enumbharosa.
authentipad.
keypad.
german.
keyset.
enum.
row6.
order=6bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row7=6bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row7.
name=GermanKeyPadKeysetRow7bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row7.
description=GermanKeyPadKeysetRow7bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row7.
keys=bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enumbharosa.
authentipad.
keypad.
german.
keyset.
enum.
row7.
order=7bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row8=7bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row8.
name=GermanKeyPadKeysetRow8bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row8.
description=GermanKeyPadKeysetRow8bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row8.
keys=bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enumbharosa.
authentipad.
keypad.
german.
keyset.
enum.
row8.
order=8bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row9=8bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row9.
name=GermanKeyPadKeysetRow9bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row9.
description=GermanKeyPadKeysetRow9bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row9.
keys=bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enumbharosa.
authentipad.
keypad.
german.
keyset.
enum.
row9.
order=9bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row10=9bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row10.
name=GermanKeyPadKeysetLocalizingVirtualAuthenticationDeviceinOAAM11gUsingVirtualAuthenticationDevices10-19Row10bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row10.
description=GermanKeyPadKeysetRow10bharosa.
authentipad.
keypad.
german.
keyset.
enum.
row10.
keys=bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enumbharosa.
authentipad.
keypad.
german.
keyset.
enum.
row10.
order=10bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum=GermanKeyPadKeysetRow1bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key1=0bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key1.
name=!
bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key1.
description=!
bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key1.
value=!
bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key1.
shiftvalue=!
bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key1.
image=kp_v2_exclaim.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key1.
order=1bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key2=1bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key2.
name=@bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key2.
description=@bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key2.
value=@bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key2.
shiftvalue=@bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key2.
image=kp_v2_rate.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key2.
order=2bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key3=2bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key3.
name=#bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key3.
description=#bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key3.
value=#bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key3.
shiftvalue=#bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key3.
image=kp_v2_hash.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key3.
order=3bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key4=3bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key4.
name=$bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key4.
description=$bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key4.
value=$bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key4.
shiftvalue=$bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key4.
image=kp_v2_dollar.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key4.
order=4bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key5=4bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key5.
name=%bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key5.
description=%bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key5.
value=%bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key5.
shiftvalue=%bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key5.
image=kp_v2_percent.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key5.
order=5bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key6=5bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key6.
name=^bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key6.
description=^bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key6.
value=^bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key6.
shiftvalue=^bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key6.
image=kp_v2_carat.
pngLocalizingVirtualAuthenticationDeviceinOAAM11g10-20OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerbharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key6.
order=6bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key7=6bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key7.
name=&bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key7.
description=&bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key7.
value=&bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key7.
shiftvalue=&bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key7.
image=kp_v2_and.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key7.
order=7bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key8=7bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key8.
name=*bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key8.
description=*bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key8.
value=*bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key8.
shiftvalue=*bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key8.
image=kp_v2_asterisk.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key8.
order=8bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key9=8bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key9.
name=(bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key9.
description=(bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key9.
value=(bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key9.
shiftvalue=(bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key9.
image=kp_v2_leftbraces.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key9.
order=9bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key10=9bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key10.
name=)bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key10.
description=)bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key10.
value=)bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key10.
shiftvalue=)bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key10.
image=kp_v2_rightbraces.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key10.
order=10bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key11=10bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key11.
name=_bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key11.
description=_bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key11.
value=_bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key11.
shiftvalue=_bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key11.
image=kp_v2_underscore.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key11.
order=11bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key12=11bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key12.
name=+bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key12.
description=+bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key12.
value=+bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key12.
shiftvalue=+bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key12.
image=kp_v2_plus.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key12.
order=12bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key13=12bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key13.
name=~bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key13.
description=~bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key13.
value=~bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key13.
shiftvalue=~bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key13.
image=kp_v2_tilda.
pngLocalizingVirtualAuthenticationDeviceinOAAM11gUsingVirtualAuthenticationDevices10-21bharosa.
authentipad.
keypad.
german.
keyset.
row1.
enum.
key13.
order=13bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum=GermanKeyPadKeysetRow2bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key1=0bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key1.
name=1bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key1.
description=1bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key1.
value=1bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key1.
shiftvalue=1bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key1.
image=kp_v2_1.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key1.
order=1bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key2=1bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key2.
name=2bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key2.
description=2bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key2.
value=2bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key2.
shiftvalue=2bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key2.
image=kp_v2_2.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key2.
order=2bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key3=2bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key3.
name=3bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key3.
description=3bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key3.
value=3bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key3.
shiftvalue=3bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key3.
image=kp_v2_3.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key3.
order=3bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key4=3bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key4.
name=4bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key4.
description=4bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key4.
value=4bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key4.
shiftvalue=4bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key4.
image=kp_v2_4.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key4.
order=4bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key5=4bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key5.
name=5bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key5.
description=5bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key5.
value=5bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key5.
shiftvalue=5bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key5.
image=kp_v2_5.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key5.
order=5bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key6=5bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key6.
name=6bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key6.
description=6bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key6.
value=6bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key6.
shiftvalue=6bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key6.
image=kp_v2_6.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key6.
order=6bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key7=6bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key7.
name=7bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key7.
description=7bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key7.
value=7bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key7.
shiftvalue=7bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key7.
image=kp_v2_7.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key7.
order=7LocalizingVirtualAuthenticationDeviceinOAAM11g10-22OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerbharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key8=7bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key8.
name=8bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key8.
description=8bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key8.
value=8bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key8.
shiftvalue=8bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key8.
image=kp_v2_8.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key8.
order=8bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key9=8bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key9.
name=9bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key9.
description=9bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key9.
value=9bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key9.
shiftvalue=9bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key9.
image=kp_v2_9.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key9.
order=9bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key10=9bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key10.
name=0bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key10.
description=0bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key10.
value=0bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key10.
shiftvalue=0bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key10.
image=kp_v2_0.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key10.
order=10bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key11=10bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key11.
name=-bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key11.
description=-bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key11.
value=-bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key11.
shiftvalue=-bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key11.
image=kp_v2_hyphen.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key11.
order=11bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key12=11bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key12.
name==bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key12.
description==bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key12.
value==bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key12.
shiftvalue==bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key12.
image=kp_v2_equals.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key12.
order=12bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key13=12bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key13.
name=`bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key13.
description=`bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key13.
value=`bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key13.
shiftvalue=`bharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key13.
image=kp_v2_apost.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row2.
enum.
key13.
order=13bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum=GermanKeyPadKeysetRow3bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key1=0bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key1.
name=qbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key1.
description=qbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key1.
value=qbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key1.
shiftvalue=Qbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key1.
image=kp_v2_Q.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key1.
order=1bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key2=1bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key2.
name=wbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key2.
description=wLocalizingVirtualAuthenticationDeviceinOAAM11gUsingVirtualAuthenticationDevices10-23bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key2.
value=wbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key2.
shiftvalue=Wbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key2.
image=kp_v2_W.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key2.
order=2bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key3=2bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key3.
name=ebharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key3.
description=ebharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key3.
value=ebharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key3.
shiftvalue=Ebharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key3.
image=kp_v2_E.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key3.
order=3bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key4=3bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key4.
name=rbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key4.
description=rbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key4.
value=rbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key4.
shiftvalue=Rbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key4.
image=kp_v2_R.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key4.
order=4bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key5=4bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key5.
name=tbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key5.
description=tbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key5.
value=tbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key5.
shiftvalue=Tbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key5.
image=kp_v2_T.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key5.
order=5bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key6=5bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key6.
name=ybharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key6.
description=ybharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key6.
value=ybharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key6.
shiftvalue=Ybharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key6.
image=kp_v2_Y.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key6.
order=6bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key7=6bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key7.
name=ubharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key7.
description=ubharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key7.
value=ubharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key7.
shiftvalue=Ubharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key7.
image=kp_v2_U.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key7.
order=7bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key8=7bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key8.
name=ibharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key8.
description=ibharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key8.
value=ibharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key8.
shiftvalue=Ibharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key8.
image=kp_v2_I.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key8.
order=8bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key9=8bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key9.
name=obharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key9.
description=obharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key9.
value=obharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key9.
shiftvalue=Obharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key9.
image=kp_v2_O.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key9.
order=9LocalizingVirtualAuthenticationDeviceinOAAM11g10-24OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key10=9bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key10.
name=pbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key10.
description=pbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key10.
value=pbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key10.
shiftvalue=Pbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key10.
image=kp_v2_P.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key10.
order=10bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key11=10bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key11.
name={bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key11.
description={bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key11.
value={bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key11.
shiftvalue={bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key11.
image=kp_v2_leftcurlybraces.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key11.
order=11bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key12=11bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key12.
name=}bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key12.
description=}bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key12.
value=}bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key12.
shiftvalue=}bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key12.
image=kp_v2_rightcurlybraces.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key12.
order=12bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key13=12bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key13.
name="bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key13.
description="bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key13.
value="bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key13.
shiftvalue="bharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key13.
image=kp_v2_quotes.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row3.
enum.
key13.
order=13bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum=GermanKeyPadKeysetRow4bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key1=0bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key1.
name=abharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key1.
description=abharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key1.
value=abharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key1.
shiftvalue=Abharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key1.
image=kp_v2_A.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key1.
order=1bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key2=1bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key2.
name=sbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key2.
description=sbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key2.
value=sbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key2.
shiftvalue=Sbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key2.
image=kp_v2_S.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key2.
order=2bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key3=2bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key3.
name=dbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key3.
description=dbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key3.
value=dbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key3.
shiftvalue=Dbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key3.
image=kp_v2_D.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key3.
order=3LocalizingVirtualAuthenticationDeviceinOAAM11gUsingVirtualAuthenticationDevices10-25bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key4=3bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key4.
name=fbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key4.
description=fbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key4.
value=fbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key4.
shiftvalue=Fbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key4.
image=kp_v2_F.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key4.
order=4bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key5=4bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key5.
name=gbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key5.
description=gbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key5.
value=gbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key5.
shiftvalue=Gbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key5.
image=kp_v2_G.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key5.
order=5bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key6=5bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key6.
name=hbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key6.
description=hbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key6.
value=hbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key6.
shiftvalue=Hbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key6.
image=kp_v2_H.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key6.
order=6bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key7=6bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key7.
name=jbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key7.
description=jbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key7.
value=jbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key7.
shiftvalue=Jbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key7.
image=kp_v2_J.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key7.
order=7bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key8=7bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key8.
name=kbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key8.
description=kbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key8.
value=kbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key8.
shiftvalue=Kbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key8.
image=kp_v2_K.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key8.
order=8bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key9=8bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key9.
name=lbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key9.
description=lbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key9.
value=lbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key9.
shiftvalue=Lbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key9.
image=kp_v2_L.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key9.
order=9bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key10=9bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key10.
name=:bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key10.
description=:bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key10.
value=:bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key10.
shiftvalue=:bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key10.
image=kp_v2_colon.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key10.
order=10bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key11=10bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key11.
name=;bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key11.
description=;LocalizingVirtualAuthenticationDeviceinOAAM11g10-26OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key11.
value=;bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key11.
shiftvalue=;bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key11.
image=kp_v2_semicolon.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key11.
order=11bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key12=11bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key12.
name=\\bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key12.
description=\\bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key12.
value=\\bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key12.
shiftvalue=\\bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key12.
image=kp_v2_backslash.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key12.
order=12bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key13=12bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key13.
name='bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key13.
description='bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key13.
value='bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key13.
shiftvalue='bharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key13.
image=kp_v2_quote.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row4.
enum.
key13.
order=13bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum=GermanKeyPadKeysetRow5bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key1=0bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key1.
name=zbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key1.
description=zbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key1.
value=zbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key1.
shiftvalue=Zbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key1.
image=kp_v2_Z.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key1.
order=1bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key2=1bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key2.
name=xbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key2.
description=xbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key2.
value=xbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key2.
shiftvalue=Xbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key2.
image=kp_v2_X.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key2.
order=2bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key3=2bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key3.
name=cbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key3.
description=cbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key3.
value=cbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key3.
shiftvalue=Cbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key3.
image=kp_v2_C.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key3.
order=3bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key4=3bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key4.
name=vbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key4.
description=vbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key4.
value=vbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key4.
shiftvalue=Vbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key4.
image=kp_v2_V.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key4.
order=4bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key5=4bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key5.
name=bbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key5.
description=bbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key5.
value=bLocalizingVirtualAuthenticationDeviceinOAAM11gUsingVirtualAuthenticationDevices10-27bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key5.
shiftvalue=Bbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key5.
image=kp_v2_B.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key5.
order=5bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key6=5bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key6.
name=nbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key6.
description=nbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key6.
value=nbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key6.
shiftvalue=Nbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key6.
image=kp_v2_N.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key6.
order=6bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key7=6bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key7.
name=mbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key7.
description=mbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key7.
value=mbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key7.
shiftvalue=Mbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key7.
image=kp_v2_M.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key7.
order=7bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key8=7bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key8.
name=bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key9.
description=>bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key9.
value=>bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key9.
shiftvalue=>bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key9.
image=kp_v2_greaterthan.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key9.
order=9bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key10=9bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key10.
name=,bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key10.
description=,bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key10.
value=,bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key10.
shiftvalue=,bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key10.
image=kp_v2_comma.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key10.
order=10bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key11=10bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key11.
name=.
bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key11.
description=.
bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key11.
value=.
bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key11.
shiftvalue=.
bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key11.
image=kp_v2_period.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key11.
order=11bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key12=11bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key12.
name=/bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key12.
description=/bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key12.
value=/bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key12.
shiftvalue=/bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key12.
image=kp_v2_LocalizingVirtualAuthenticationDeviceinOAAM11g10-28OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerforwardslash.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key12.
order=12bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key13=12bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key13.
name=bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key13.
description=bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key13.
value=bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key13.
shiftvalue=bharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key13.
image=kp_v2_questionmark.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row5.
enum.
key13.
order=13AlternateKeypadKeysetbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum=GermanKeyPadKeysetRow6bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key1=0bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key1.
name=\u00C0bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key1.
description=\u00C0bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key1.
value=\u00C0bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key1.
shiftvalue=\u00C0bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key1.
image=kp_v01_00C0.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key1.
order=1bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key2=1bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key2.
name=\u00C1bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key2.
description=\u00C1bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key2.
value=\u00C1bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key2.
shiftvalue=\u00C1bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key2.
image=kp_v01_00C1.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key2.
order=2bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key3=2bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key3.
name=\u00C2bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key3.
description=\u00C2bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key3.
value=\u00C2bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key3.
shiftvalue=\u00C2bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key3.
image=kp_v01_00C2.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key3.
order=3bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key4=3bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key4.
name=\u00C3bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key4.
description=\u00C3bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key4.
value=\u00C3bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key4.
shiftvalue=\u00C3bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key4.
image=kp_v01_00C3.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key4.
order=4bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key5=4bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key5.
name=\u00C4bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key5.
description=\u00C4bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key5.
value=\u00C4bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key5.
shiftvalue=\u00C4bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key5.
image=kp_v01_00C4.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key5.
order=5LocalizingVirtualAuthenticationDeviceinOAAM11gUsingVirtualAuthenticationDevices10-29bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key6=5bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key6.
name=\u00C5bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key6.
description=\u00C5bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key6.
value=\u00C5bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key6.
shiftvalue=\u00C5bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key6.
image=kp_v01_00C5.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key6.
order=6bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key7=6bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key7.
name=\u00C6bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key7.
description=\u00C6bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key7.
value=\u00C6bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key7.
shiftvalue=\u00C6bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key7.
image=kp_v01_00C6.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key7.
order=7bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key8=7bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key8.
name=\u00C7bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key8.
description=\u00C7bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key8.
value=\u00C7bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key8.
shiftvalue=\u00C7bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key8.
image=kp_v01_00C7.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key8.
order=8bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key9=8bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key9.
name=\u00C8bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key9.
description=\u00C8bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key9.
value=\u00C8bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key9.
shiftvalue=\u00C8bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key9.
image=kp_v01_00C8.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key9.
order=9bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key10=9bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key10.
name=\u00C9bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key10.
description=\u00C9bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key10.
value=\u00C9bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key10.
shiftvalue=\u00C9bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key10.
image=kp_v01_00C9.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key10.
order=10bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key11=10bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key11.
name=\u00CAbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key11.
description=\u00CAbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key11.
value=\u00CAbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key11.
shiftvalue=\u00CAbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key11.
image=kp_v01_00CA.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key11.
order=11bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key12=11bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key12.
name=\u00CBbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key12.
description=\u00CBbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key12.
value=\u00CBbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key12.
shiftvalue=\u00CBbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key12.
image=kp_v01_00CB.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key12.
order=12bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key13=12bharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key13.
name=\u00CCbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key13.
description=\u00CCLocalizingVirtualAuthenticationDeviceinOAAM11g10-30OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key13.
value=\u00CCbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key13.
shiftvalue=\u00CCbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key13.
image=kp_v01_00CC.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row6.
enum.
key13.
order=13bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum=GermanKeyPadKeysetRow7bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key1=0bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key1.
name=\u00CDbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key1.
description=\u00CDbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key1.
value=\u00CDbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key1.
shiftvalue=\u00CDbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key1.
image=kp_v01_00CD.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key1.
order=1bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key2=1bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key2.
name=\u00CEbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key2.
description=\u00CEbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key2.
value=\u00CEbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key2.
shiftvalue=\u00CEbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key2.
image=kp_v01_00CE.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key2.
order=2bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key3=2bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key3.
name=\u00CFbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key3.
description=\u00CFbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key3.
value=\u00CFbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key3.
shiftvalue=\u00CFbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key3.
image=kp_v01_00CF.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key3.
order=3bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key4=3bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key4.
name=\u00D0bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key4.
description=\u00D0bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key4.
value=\u00D0bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key4.
shiftvalue=\u00D0bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key4.
image=kp_v01_00D0.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key4.
order=4bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key5=4bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key5.
name=\u00D1bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key5.
description=\u00D1bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key5.
value=\u00D1bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key5.
shiftvalue=\u00D1bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key5.
image=kp_v01_00D1.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key5.
order=5bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key6=5bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key6.
name=\u00D2bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key6.
description=\u00D2bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key6.
value=\u00D2bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key6.
shiftvalue=\u00D2bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key6.
image=kp_v01_00D2.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key6.
order=6bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key7=6bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key7.
name=\u00D3bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key7.
description=\u00D3LocalizingVirtualAuthenticationDeviceinOAAM11gUsingVirtualAuthenticationDevices10-31bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key7.
value=\u00D3bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key7.
shiftvalue=\u00D3bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key7.
image=kp_v01_00D3.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key7.
order=7bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key8=7bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key8.
name=\u00D4bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key8.
description=\u00D4bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key8.
value=\u00D4bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key8.
shiftvalue=\u00D4bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key8.
image=kp_v01_00D4.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key8.
order=8bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key9=8bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key9.
name=\u00D5bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key9.
description=\u00D5bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key9.
value=\u00D5bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key9.
shiftvalue=\u00D5bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key9.
image=kp_v01_00D5.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key9.
order=9bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key10=9bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key10.
name=\u00D6bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key10.
description=\u00D6bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key10.
value=\u00D6bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key10.
shiftvalue=\u00D6bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key10.
image=kp_v01_00D6.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key10.
order=10bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key11=10bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key11.
name=\u00D7bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key11.
description=\u00D7bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key11.
value=\u00D7bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key11.
shiftvalue=\u00D7bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key11.
image=kp_v01_00D7.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key11.
order=11bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key12=11bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key12.
name=\u00D8bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key12.
description=\u00D8bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key12.
value=\u00D8bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key12.
shiftvalue=\u00D8bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key12.
image=kp_v01_00D8.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key12.
order=12bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key13=12bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key13.
name=\u00D9bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key13.
description=\u00D9bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key13.
value=\u00D9bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key13.
shiftvalue=\u00D9bharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key13.
image=kp_v01_00D9.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row7.
enum.
key13.
order=13bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum=GermanKeyPadKeysetRow8bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key1=0bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key1.
name=\u00DAbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key1.
description=\u00DALocalizingVirtualAuthenticationDeviceinOAAM11g10-32OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key1.
value=\u00DAbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key1.
shiftvalue=\u00DAbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key1.
image=kp_v01_00DA.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key1.
order=1bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key2=1bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key2.
name=\u00DBbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key2.
description=\u00DBbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key2.
value=\u00DBbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key2.
shiftvalue=\u00DBbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key2.
image=kp_v01_00DB.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key2.
order=2bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key3=2bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key3.
name=\u00DCbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key3.
description=\u00DCbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key3.
value=\u00DCbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key3.
shiftvalue=\u00DCbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key3.
image=kp_v01_00DC.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key3.
order=3bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key4=3bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key4.
name=\u00DDbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key4.
description=\u00DDbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key4.
value=\u00DDbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key4.
shiftvalue=\u00DDbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key4.
image=kp_v01_00DD.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key4.
order=4bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key5=4bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key5.
name=\u00DEbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key5.
description=\u00DEbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key5.
value=\u00DEbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key5.
shiftvalue=\u00DEbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key5.
image=kp_v01_00DE.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key5.
order=5bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key6=5bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key6.
name=\u00DFbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key6.
description=\u00DFbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key6.
value=\u00DFbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key6.
shiftvalue=\u00DFbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key6.
image=kp_v01_00DF.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key6.
order=6bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key7=6bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key7.
name=\u00E0bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key7.
description=\u00E0bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key7.
value=\u00E0bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key7.
shiftvalue=\u00E0bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key7.
image=kp_v01_00E0.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key7.
order=7bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key8=7bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key8.
name=\u00E1bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key8.
description=\u00E1bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key8.
value=\u00E1bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key8.
shiftvalue=\u00E1bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key8.
image=kp_v01_00E1.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key8.
order=8LocalizingVirtualAuthenticationDeviceinOAAM11gUsingVirtualAuthenticationDevices10-33bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key9=8bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key9.
name=\u00E2bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key9.
description=\u00E2bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key9.
value=\u00E2bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key9.
shiftvalue=\u00E2bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key9.
image=kp_v01_00E2.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key9.
order=9bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key10=9bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key10.
name=\u00E3bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key10.
description=\u00E3bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key10.
value=\u00E3bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key10.
shiftvalue=\u00E3bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key10.
image=kp_v01_00E3.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key10.
order=10bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key11=10bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key11.
name=\u00E4bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key11.
description=\u00E4bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key11.
value=\u00E4bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key11.
shiftvalue=\u00E4bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key11.
image=kp_v01_00E4.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key11.
order=11bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key12=11bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key12.
name=\u00E5bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key12.
description=\u00E5bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key12.
value=\u00E5bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key12.
shiftvalue=\u00E5bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key12.
image=kp_v01_00E5.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key12.
order=12bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key13=12bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key13.
name=\u00E6bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key13.
description=\u00E6bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key13.
value=\u00E6bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key13.
shiftvalue=\u00E6bharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key13.
image=kp_v01_00E6.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row8.
enum.
key13.
order=13bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum=GermanKeyPadKeysetrow9bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key1=0bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key1.
name=\u00E7bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key1.
description=\u00E7bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key1.
value=\u00E7bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key1.
shiftvalue=\u00E7bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key1.
image=kp_v01_00E7.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key1.
order=1bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key2=1bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key2.
name=\u00E8bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key2.
description=\u00E8bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key2.
value=\u00E8bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key2.
shiftvalue=\u00E8bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key2.
image=kp_v01_00E8.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key2.
order=2LocalizingVirtualAuthenticationDeviceinOAAM11g10-34OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key3=2bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key3.
name=\u00E9bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key3.
description=\u00E9bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key3.
value=\u00E9bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key3.
shiftvalue=\u00E9bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key3.
image=kp_v01_00E9.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key3.
order=3bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key4=3bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key4.
name=\u00EAbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key4.
description=\u00EAbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key4.
value=\u00EAbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key4.
shiftvalue=\u00EAbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key4.
image=kp_v01_00EA.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key4.
order=4bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key5=4bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key5.
name=\u00EBbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key5.
description=\u00EBbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key5.
value=\u00EBbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key5.
shiftvalue=\u00EBbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key5.
image=kp_v01_00EB.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key5.
order=5bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key6=5bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key6.
name=\u00ECbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key6.
description=\u00ECbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key6.
value=\u00ECbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key6.
shiftvalue=\u00ECbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key6.
image=kp_v01_00EC.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key6.
order=6bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key7=6bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key7.
name=\u00EDbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key7.
description=\u00EDbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key7.
value=\u00EDbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key7.
shiftvalue=\u00EDbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key7.
image=kp_v01_00ED.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key7.
order=7bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key8=7bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key8.
name=\u00EEbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key8.
description=\u00EEbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key8.
value=\u00EEbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key8.
shiftvalue=\u00EEbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key8.
image=kp_v01_00EE.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key8.
order=8bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key9=8bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key9.
name=\u00EFbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key9.
description=\u00EFbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key9.
value=\u00EFbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key9.
shiftvalue=\u00EFbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key9.
image=kp_v01_00EF.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key9.
order=9bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key10=9bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key10.
name=\u00F0bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key10.
description=\u00F0bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key10.
value=\u00F0LocalizingVirtualAuthenticationDeviceinOAAM11gUsingVirtualAuthenticationDevices10-35bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key10.
shiftvalue=\u00F0bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key10.
image=kp_v01_00F0.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key10.
order=10bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key11=10bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key11.
name=\u00F1bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key11.
description=\u00F1bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key11.
value=\u00F1bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key11.
shiftvalue=\u00F1bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key11.
image=kp_v01_00F1.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key11.
order=11bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key12=11bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key12.
name=\u00F2bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key12.
description=\u00F2bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key12.
value=\u00F2bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key12.
shiftvalue=\u00F2bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key12.
image=kp_v01_00F2.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key12.
order=12bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key13=12bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key13.
name=\u00F3bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key13.
description=\u00F3bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key13.
value=\u00F3bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key13.
shiftvalue=\u00F3bharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key13.
image=kp_v01_00F3.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row9.
enum.
key13.
order=13bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum=GermanKeyPadKeysetrow10bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key1=0bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key1.
name=\u00F4bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key1.
description=\u00F4bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key1.
value=\u00F4bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key1.
shiftvalue=\u00F4bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key1.
image=kp_v01_00F4.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key1.
order=1bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key2=1bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key2.
name=\u00F5bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key2.
description=\u00F5bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key2.
value=\u00EF5bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key2.
shiftvalue=\u00F5bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key2.
image=kp_v01_00F5.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key2.
order=2bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key3=2bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key3.
name=\u00F6bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key3.
description=\u00F6bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key3.
value=\u00F6bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key3.
shiftvalue=\u00F6bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key3.
image=kp_v01_00F6.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key3.
order=3bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key4=3bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key4.
name=\u00F7bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key4.
description=\u00F7bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key4.
value=\u00F7bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key4.
shiftvalue=\u00F7LocalizingVirtualAuthenticationDeviceinOAAM11g10-36OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key4.
image=kp_v01_00F7.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key4.
order=4bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key5=4bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key5.
name=\u00F8bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key5.
description=\u00F8bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key5.
value=\u00F8bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key5.
shiftvalue=\u00F8bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key5.
image=kp_v01_00F8.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key5.
order=5bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key6=5bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key6.
name=\u00F9bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key6.
description=\u00F9bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key6.
value=\u00F9bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key6.
shiftvalue=\u00F9bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key6.
image=kp_v01_00F9.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key6.
order=6bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key7=6bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key7.
name=\u00FAbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key7.
description=\u00FAbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key7.
value=\u00FAbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key7.
shiftvalue=\u00FAbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key7.
image=kp_v01_00FA.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key7.
order=7bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key8=7bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key8.
name=\u00FBbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key8.
description=\u00FBbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key8.
value=\u00FBbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key8.
shiftvalue=\u00FBbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key8.
image=kp_v01_00FB.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key8.
order=8bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key9=8bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key9.
name=\u00FCbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key9.
description=\u00FCbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key9.
value=\u00FCbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key9.
shiftvalue=\u00FCbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key9.
image=kp_v01_00FC.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key9.
order=9bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key10=9bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key10.
name=\u00FDbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key10.
description=\u00FDbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key10.
value=\u00FDbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key10.
shiftvalue=\u00FDbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key10.
image=kp_v01_00FD.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key10.
order=10bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key11=10bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key11.
name=\u00FEbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key11.
description=\u00FEbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key11.
value=\u00FEbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key11.
shiftvalue=\u00FEbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key11.
image=kp_v01_00FE.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key11.
order=11bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key12=11LocalizingVirtualAuthenticationDeviceinOAAM11gUsingVirtualAuthenticationDevices10-37bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key12.
name=\u00FFbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key12.
description=\u00FFbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key12.
value=\u00FFbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key12.
shiftvalue=\u00FFbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key12.
image=kp_v01_00FF.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key12.
order=12bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key13=12bharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key13.
name=\u00FFbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key13.
description=\u00FFbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key13.
value=\u00FFbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key13.
shiftvalue=\u00FFbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key13.
image=kp_v01_00FF.
pngbharosa.
authentipad.
keypad.
german.
keyset.
row10.
enum.
key13.
order=135.
Addframeandkeyimagefilestofollowingdirectories:KeyImageFiles:/WEB-INF/classes/bharosa_properties/alphapad_skins_de.
FrameImageFiles://WEB-INF/classes/bharosa_properties/alphapad_bg.
6.
Re-Jarthewarusingthecommand:jar-cvfmoracle.
oaam.
extensions.
war/META-INF/MANIFEST.
MF-C7.
Re-deploytheupdatedoracle.
oaam.
extensions.
warasasharedlibrarywithtargetsasoaam_serverandoaam_admin8.
RestartOAAMServersandvalidateyourchangesbyaccessingapplicationwithbrowsersettoGermanlocale.
Note:MakesureoriginalMANIFEST.
MFremainssameasthatcontainssharedlibraryinformation.
LocalizingVirtualAuthenticationDeviceinOAAM11g10-38OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager11ImplementingOTPAnywhere11-111ImplementingOTPAnywhereThischapterexplainshowtoimplementOTPAnywhere.
OTPAnywhereallowsenduserstoauthenticatethemselvesbyenteringaservergeneratedone-time-password(OTP).
WhentheOTPissentviaSMS,theuser'scellphoneservesasaphysicalsecondfactorthattheuserhasintheirpossession.
Aswell,theauthenticationisbeingsentout-of-bandtoincreasethelevelofassurancethatonlythevaliduserhasaccesstotheone-timepassword.
BenefitsofOTPAnywhereare:Itisbuilton11gChallengeProcessorframeworkOutoftheboxintegrationwithOracleUserMessagingServiceCustomizableregistrationuserinterfaceOptionalOpt-OutfunctionalityEmailandSMSsupporteddeliverychannelsThischaptercontainsthesesections:AbouttheImplementationConceptsandTermsPrerequisitesOTPSetupOverviewConfiguringOTPCustomizingOTPRegisteringSMSProcessortoPerformWorkforChallengeTypeConfiguringtheChallengePadsUsedforChallengeTypesCustomizingOTPAnywhereDataStorageExampleConfigurationsChallengeUseCase11.
1AbouttheImplementationOne-TimePassword(OTP)isaformofsecondaryauthentication,whichisusedinadditiontostandardusernameandpasswordcredentialstostrengthentheexistingauthenticationandauthorizationprocess,therebyprovidingadditionalsecurityforusers.
Theapplicationsendsaone-timepasswordthatisonlyvalidforthecurrentConceptsandTerms11-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagersessiontotheuser.
Thispasswordisusedtochallengetheusertoverifytheuser'sidentity.
OracleAdaptiveAccessManager11gprovidestheframeworktosupportOneTimePassword(OTP)authenticationusingOracleUserMessagingService(UMS).
ThisimplementationenablesanapplicationtouseOTPtochallengeuserswithOracleUserMessagingService(UMS)usedasthemethodtodeliverthepassword.
Thehigh-levelintegrationtasksconsistof:PrerequisitesConfiguringOTPCustomizingOTPRegisteringSMSProcessortoPerformWorkforChallengeTypeConfiguringtheChallengePadsUsedforChallengeTypesCustomizingOTPAnywhereDataStorage11.
2ConceptsandTermsThissectionprovidesthetermsthatarehelpfultoknowasyouimplementOTPAnywhere.
11.
2.
1OneTimePassword(OTP)OneTimePassword(OTP)isusedtoauthenticateanindividualbasedonasingle-usealphanumericcredential.
TheOTPisdeliveredtotheuser'sconfigureddeliverymethod.
TheuserthenprovidestheOTPcredentialastheresponsetoproceedwiththeoperation.
Thefollowingaremajorbenefitsofusingout-of-bandOTP:Iftheenduser'sbrowser/internetiscompromised,theauthenticationcansafelytakeplaceinanotherbandofcommunicationseparatefromthebrowserTheuserdoesnotrequireanyproprietaryhardwareorclientsoftwareofanykind.
11.
2.
2OracleUserMessagingService(UMS)TheUMSServerorchestratesmessageflowsbetweenapplicationsandusers.
OAAMusesUMStosendemail,SMS,IM,orvoicemessagetotheuser.
11.
2.
3ChallengeProcessorAchallengeprocessorisjavacodethatimplementstheChallengeProcessorIntfinterfaceorextendstheAbstractChallengeProcessorclass.
Customchallengeprocessorscanbecreatedtogenerateachallenge,validatethechallengeanswerfromtheuser,andcheckservicedeliveryandavailabilitystatuses.
BydefaultOAAMhassupport(orchallengeprocessorimplementations)forKBAquestionchallengesandOTPchallengesviaSMSandemailthroughUMSdelivery.
11.
2.
4ChallengeType"Channel"referstothedeliverychannelusedtosendanOTPtotheuser(Email,SMS,orIM).
ThechallengetypeisthechannelthatOTPisusingtochallengetheuser.
Achallengetypecanbeconfiguredforanydifferencesinhandlingforachallengethatisrequired.
Handlingofchallengetypescouldbeanyspecificsforthatchallengetype,fromgeneratingthe"secret"usedforthechallengetodeliveringthe"secret"totheuserPrerequisitesImplementingOTPAnywhere11-3andfinallyvalidatingtheusersinput.
Foreachtypeofchallengetheseprimaryprocesses(Generation,Sending,andValidating)couldrequireslightlydifferentcode.
11.
3PrerequisitesEnsurethatthefollowingprerequisitesaremetbeforeconfiguringOTPforyourapplication.
11.
3.
1InstallSOASuiteOracleSOASuitemustbeinstalledoutsideoftheOAAMdomains.
UMSisapartofSOA.
Forinformation,refertotheOracleFusionMiddlewareInstallationGuideforOracleSOASuiteandOracleBusinessProcessManagementSuite.
11.
3.
2ConfiguretheUMSDriverUMSmustbeconfiguredforappropriatedeliverygatewaysontheSOAthattheOAAMServerisconfiguredtosendmessagesthrough.
UMSDriversconnectUMStothemessaginggateways,adaptingcontenttothevariousprotocolssupportedbyUMS.
Driverscanbedeployedorundeployedindependentlyofoneanotherdependingonwhatmessagingchannelsareavailableinagiveninstallation.
11.
3.
2.
1EmailDriverConfiguretheEmaildrivertoaSMTPserver.
Seethe"ConfiguringtheEmailDriver"sectionofOracleFusionMiddlewareAdministrator'sGuideforOracleSOASuiteandOracleBusinessProcessManagementSuiteforhowtoconfiguretheEmaildriver.
11.
3.
2.
2SMPPDriverShortMessagePeer-to-Peer(SMPP)isoneofthemostpopularGSMSMSprotocols.
UserMessagingServiceincludesaprebuiltimplementationoftheSMPPprotocolasadriverthatiscapableofbothsendingandreceivingshortmessages.
ConfiguretheSMPPdriverasdescribedinthe"ConfiguringtheSMPPDriver"sectionoftheOracleFusionMiddlewareAdministrator'sGuideforOracleSOASuiteandOracleBusinessProcessManagementSuite.
Youwillneedtoprovideparametervaluesforconnectingtothedrivergatewayvendor.
Note:EnsureyouarefamiliarwithdeployingcustomOAAMextensions.
OracleAdaptiveAccessManageriscustomizedthroughaddingcustomizedjarsandfilestoanextensionssharedlibrary.
Forinformation,refertoChapter7,"OAAMExtensionsandSharedLibrarytoCustomizeOAAM.
".
Note:ForSMS,unliketheEmaildriverthatisdeployedout-of-the-box,youneedtodeploytheSMPPdriverfirstbeforemodifyingtheconfigurations.
OTPSetupOverview11-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager11.
4OTPSetupOverviewOTPusingUMSasadeliverymethodisastandardfeatureoftheOAAMServer.
Thissectioncontainsanoverviewofthestepsrequiredtoimplementthefeature.
FollowtheinstructionsforcustomizingtheOAAMserverinterfacethroughaddingcustomizedjarsandfilestoanextensionssharedlibrary.
Forinformation,refertoChapter7,"OAAMExtensionsandSharedLibrarytoCustomizeOAAM.
".
Table11–1ConnectingtotheVendorParameterDescriptionSmsAccountIdTheAccountIdentifierontheSMS-C.
ThisisyourvendoraccountIDwhichyouneedtogetfromthevendor.
SmsServerHostThename(orIPaddress)oftheSMS-Cserver.
TransmitterSystemIdTransmitterSystemPasswordThepasswordofthetransmittersystem.
ThisincludesTypeofPassword(choosefromIndirectPassword/CreateNewUser,IndirectPassword/UseExistingUser,andUseCleartextPassword)andPassword.
ThisisthepasswordcorrespondingtoyourvendoraccountIDTransmitterSystemTypeThetypeoftransmittersystem.
ThedefaultisLogica.
ReceiverSystemIdTheaccountIDthatisusedtoreceivemessages.
ReceiverSystemPasswordReceiverSystemTypeThetypeofreceiversystem.
ThedefaultisLogica.
ServerTransmitterPortTheTCPportnumberofthetransmitterserver.
ServerReceiverPortTheTCPportnumberofthereceiverserver.
DefaultEncodingThedefaultencodingoftheSMPPdriver.
ThedefaultisIA5.
Choosefromthedrop-downlist:IA5,UCS2,andGSM_DEFAULT.
DefaultSenderAddressDefaultsenderaddressTable11–2TasksintheOTPSetupTaskDescriptionConfigureConfigurationinvolvesTasks1through3.
OTPChallengeisnotenabledbydefault.
Ithastobeenabledbysettingtheseproperties.
Task1-IntegrateUMS.
SetupUMSURLsandcredentialssothatOAAMcancommunicatewiththeUMSserver.
Task2-MakeChallengeTypesavailable.
MakeitpossibleforthepoliciestochallengeusingOTPviathechallengetype.
Task3-EnableRegistrationandUserPreferences.
Enableregistrationanduserpreferences.
TheuserwillusethepagesforprofileregistrationandresettingOTPprofile.
CustomizeCustomizationsinvolvesTasks4through7.
Task4-Setuptheuserregistrationfieldsandvalidations.
Setuptheregistrationandpreferencespageinputfieldsfortheuser.
Inputpropertiesincludesmaximumlengthfortheemailaddresstheusercanenter,validationfortheemailaddressfield(expression),andsoon.
Note:Anyuserfacingstringswillneedtobeduplicatedintoresourcebundle.
Task5-SetupTermsandConditionfields.
AdditionalfieldstosetupareTermsofService,PrivacyPolicy,andsoon.
ConfiguringOTPImplementingOTPAnywhere11-5TheUMSOTPimplementationisintegratedintotheOAAMServerlogin,challenge,andregistrationflowsusingtheOAAMServerchallengeprocessorframework.
Forinformationonthelogin,challenge,andregistrationflows,refertoChapter2,"NativelyIntegratingwithOracleAdaptiveAccessManager.
"11.
5ConfiguringOTPThissectioncontainsthefollowingtopics:IntegratingUMSEnablingOTPChallengeTypesEnablingRegistrationandUserPreferences11.
5.
1IntegratingUMSThepropertiestosetfortheUMSserverURLsandcredentialsarelistedbelow.
TheycanbeeditedusingthePropertyEditorinOAAMAdmin.
Note:EndpointistheWebServicesURLthatOAAMusestosendcallsintoUMS.
Task6-SetupregistrationandchallengepagemessagingCustomizethemessagingthatappearontheregistrationandchallengepages.
Task7-CustomizeOTPmessagetext.
CustomizethemessagecontainingtheOneTimePasswordTask8-RegisterProcessorsThechallengetypeenumisusedtoassociateaChallengeTypewiththejavacodeneededtoperformanyworkrelatedtothatchallengetype.
Task9-Configurechallengepadsforchallengetypes.
Specifythetypeofdevicetousebasedonthepurposeofthedevice.
Table11–3UMSServerURLsandCredentialsPropertyDefaultValueDescriptionbharosa.
uio.
default.
ums.
integration.
webserviceUMSServerWebserviceURLhttp://:/ucs/messaging/webservicebharosa.
uio.
default.
ums.
integration.
parlayx.
endpointUMSServerParlayXEndpointURLhttp://:/sdpmessaging/parlayx/SendMessageServicebharosa.
uio.
default.
ums.
integration.
useParlayXfalseConfigurestheuseofwebserviceorparlayxAPI.
Thevalueisfalsebydefault(Webservicesrecommended)bharosa.
uio.
default.
ums.
integration.
userNameUsernameforUMSserverbharosa.
uio.
default.
ums.
integration.
passwordPasswordforUMSserverbharosa.
uio.
default.
ums.
integtaion.
policiesUMSauthenticationpoliciesbharosa.
uio.
default.
ums.
integration.
fromAddressdemo@oracle.
comOAAMfromaddressforOTPmessagesbharosa.
uio.
default.
ums.
integration.
message.
status.
poll.
attempts3NumberoftimestoattemptstatuspolleachtimethewaitpageisdisplayedTable11–2(Cont.
)TasksintheOTPSetupTaskDescriptionCustomizingOTP11-6OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerAfteryousetuptheUMSserverproperties,restarttheapplication.
11.
5.
2EnablingOTPChallengeTypesEnablechallengetypesbysettingtheappropriatepropertytotrue.
Bysettingthepropertytotrue,policieswillbeabletochallengeusingOTPviathechallengetype(email,SMS,IM,orVoice).
Theuserwillseetheemail,SMS,IM,orVoicepageinregistrationflow.
ThechallengetypeenumisusedtoassociateaChallengeTypewiththejavacodeneededtoperformanyworkrelatedtothatchallengetype.
TheChallengeTypeID(ChallengeEmail)shouldmatcharuleactionreturnedbytheruleswhenthatchallengetypeisgoingtobeused.
11.
5.
3EnablingRegistrationandUserPreferencesEnabletheregistrationflowanduserpreferencesbysettingthesepropertiestotrue:11.
6CustomizingOTPThissectioncontainsthefollowingtopics:CustomizingRegistrationFieldsandValidationsbharosa.
uio.
default.
ums.
integration.
message.
status.
poll.
delay1000Delaybetweenstatuspollswhilethewaitpageisbeingdisplayedbharosa.
uio.
default.
ums.
integration.
sleepInterval10000bharosa.
uio.
default.
ums.
integration.
deliveryPage.
delay3000Table11–4UMSOTPchallengetypesPropertyDefaultValueDescriptionbharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmail.
availablefalseAvailabilityflagforemailchallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeSMS.
availablefalseAvailabilityflagforSMSchallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeIM.
availablefalseAvailabilityflagforinstantmessagechallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeVoice.
availablefalseAvailabilityflagforvoicechallengetypeTable11–5EnableOTPProfileRegistrationandPreferenceSettingPropertyDescriptionbharosa.
uio.
default.
register.
userinfo.
enabledSettingthepropertytotrueenablestheprofileregistrationpagesiftheOTPchannelisenabledandrequiresregistration.
bharosa.
uio.
default.
userpreferences.
userinfo.
enabledSettingthepropertytotrueenablestheusertosetpreferencesiftheOTPchannelisenabledandallowspreferencesetting.
UserPreferencesisapagethatallowstheusertochangetheirimage/phrase,challengequestions,un-registerdevices,andupdatetheirOTPprofile.
Table11–3(Cont.
)UMSServerURLsandCredentialsPropertyDefaultValueDescriptionCustomizingOTPImplementingOTPAnywhere11-7CustomizingTermsandConditionsCustomizingRegistrationPageMessagingCustomizingChallengePageMessagingCustomizingOTPMessageTextEnablingOptOutFunctionality11.
6.
1CustomizingRegistrationFieldsandValidationsMobileregistrationfielddefinitionsandvalidationsfortheOTPregistrationpageareshownbelow.
AddMobileInputRegistrationFieldPropertiestobharosa_server.
propertiesThesepropertiesshouldbeaddedtobharosa_server.
properties.
AddMobileInputRegistrationFieldPropertiestoclient_resource.
propertiesThesepropertiesshouldbeaddedtotheresourcebundle.
Table11–6MobileInput-PropertiesFilePropertyDefaultValueDescriptionbharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile0Mobilephoneenumvaluebharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
nameMobilePhoneNameformobilephonefieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
descriptionMobilePhoneDescriptionformobilephonefieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
inputnamecellnumberHTMLinputnameformobilephonefieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
inputtypetextHTMLinputtypeformobilephonefieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
maxlength15HTMLinputmaxlengthformobilephonefieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
requiredtrueRequiredflagformobilephonefieldduringregistrationanduserpreferencesbharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
order1Orderonthepageformobilephonefieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
enabledtrueEnabledflagformobilephoneenumitembharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
regex\\D(\\d{3})\\D\\D(\\d{3})\\D(\\d{4})Regularexpressionforvalidationofmobilephonefieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
errorCodeotp.
invalid.
mobileErrorcodetogeterrormessagefromifvalidationofmobilephoneentryfailsbharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
managerClasscom.
bharosa.
uio.
manager.
user.
DefaultContactInfoManagerJavaclasstousetosave/retrievemobilephonefromdatastorageTable11–7MobileInput-ResourceBundlePropertyDefaultValueDescriptionbharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
nameMobilePhoneNameformobilephonefieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
descriptionMobilePhoneDescriptionformobilephonefieldCustomizingOTP11-8OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager11.
6.
2CustomizingTermsandConditionsThefollowingexamplesshowtermandconditionsdefinitionsfortheOTPregistrationpage.
AddTermsandConditionsDefinitionstobharosa_server.
propertiesThesepropertiesshouldbeaddedtobharosa_server.
properties.
AddTermsandConditionsDefinitionstoclient_resource.
propertiesDefaultmessagingforTermsandConditionsisdefinedbytheseresourcebundlevalues:Table11–8TermsandConditionsCheckboxPropertyDefaultValueDescriptionbharosa.
uio.
default.
userinfo.
inputs.
enum.
terms4TermsandConditionsenumvaluebharosa.
uio.
default.
userinfo.
inputs.
enum.
terms.
nameTermsandConditionsNameforTermsandConditionscheckboxbharosa.
uio.
default.
userinfo.
inputs.
enum.
terms.
descriptionTermsandConditionsDescriptionforTermsandConditionscheckboxbharosa.
uio.
default.
userinfo.
inputs.
enum.
terms.
inputnametermsHTMLinputnameforTermsandConditionscheckboxbharosa.
uio.
default.
userinfo.
inputs.
enum.
terms.
inputtypecheckboxHTMLinputtypeforTermsandConditionscheckboxbharosa.
uio.
default.
userinfo.
inputs.
enum.
terms.
valuestrueRequiredvaluesforTermandConditionscheckboxduringregistrationanduserpreferencesbharosa.
uio.
default.
userinfo.
inputs.
enum.
terms.
maxlength40HTMLinputmaxlengthforTermsandConditionscheckboxbharosa.
uio.
default.
userinfo.
inputs.
enum.
terms.
requiredtrueRequiredflagforTermandConditionscheckboxduringregistrationanduserpreferencesbharosa.
uio.
default.
userinfo.
inputs.
enum.
terms.
order5OrderonthepageforTermsandConditionscheckboxbharosa.
uio.
default.
userinfo.
inputs.
enum.
terms.
enabledtrueEnabledflagforTermsandConditionsenumitembharosa.
uio.
default.
userinfo.
inputs.
enum.
terms.
regex.
+RegularexpressionforvalidationofTermsandConditionscheckboxbharosa.
uio.
default.
userinfo.
inputs.
enum.
terms.
errorCodeotp.
invalid.
termsErrorcodetogeterrormessagefromifvalidationofTermsandConditionsfailsbharosa.
uio.
default.
userinfo.
inputs.
enum.
terms.
managerClasscom.
bharosa.
uio.
manager.
user.
DefaultContactInfoManagerJavaclasstousetosave/retrieveTermsandConditionsfromdatastorageCustomizingOTPImplementingOTPAnywhere11-9Thevalueforbharosa.
uio.
default.
userinfo.
inputs.
enum.
terms.
nameincludesplaceholderlinksthatuseOAAMServerpopupmessagingfor"Terms&Conditions"and"PrivacyPolicy".
Thepropertyandresourcekeysforthecontentsofthepop-upsarelistedasfollows.
11.
6.
3CustomizingRegistrationPageMessagingAddregistrationpropertiestoclient_resource.
properties.
DeclineButtonTocontrolthepresenceoftheDeclinebuttonontheprofileregistrationpages,setthefollowingproperties:bharosa.
uio.
default.
register.
userinfo.
decline.
enabled=trueTable11–9MessagingofTermsandConditionsPropertyDescriptionsbharosa.
uio.
default.
userinfo.
inputs.
enum.
terms.
nameIagreetothe[ENTERCOMPANYORSERVICENAMEHERE]terms&conditions.
ClicktoviewfullTerms&ConditionsandPrivacyPolicy.
bharosa.
uio.
default.
userinfo.
inputs.
enum.
terms.
descriptionMessageandDataRatesMayApply.
Forhelporinformationonthisprogramsend"HELP"to[ENTERSHORT/LONGCODEHERE].
Tocancelyourplan,send"STOP"to[ENTERSHORT/LONGCODEHERE]atanytime.
Foradditionalinformationonthisservicepleasegoto[ENTERINFORMATIONALURLHERE].
SupportedCarriers:AT&T,Sprint,Nextel,Boost,VerizonWireless,U.
S.
Cellular®,T-Mobile®,CellularOneDobson,CincinnatiBell,Alltel,VirginMobileUSA,CellularSouth,Unicel,CentennialandNtelosTable11–10Terms&ConditionsandPrivacyPolicyPopupMessagingPropertyDescriptionsbharosa.
uio.
default.
messages.
enum.
terms.
nameTermsandConditionsbharosa.
uio.
default.
messages.
enum.
terms.
descriptionPLACEHOLDERTEXTFORTERMSANDCONDITIONSbharosa.
uio.
default.
messages.
enum.
privacy.
namePrivacyPolicybharosa.
uio.
default.
messages.
enum.
privacy.
descriptionPLACEHOLDERTEXTFORPRIVACYPOLICYTable11–11RegistrationResourceBundlePropertyDefaultValuebharosa.
uio.
default.
register.
userinfo.
titleOTPAnywhereRegistrationbharosa.
uio.
default.
register.
userinfo.
messageForyourprotectionpleaseenteryourmobiletelephonenumbersowemayuseittoverifyyouridentityinthefuture.
Pleaseensurethatyouhavetextmessagingenabledonyourphone.
bharosa.
uio.
default.
register.
userinfo.
registerdevice.
messageChecktoregisterthedevicethatyouarecurrentlyusingasasafedevice:bharosa.
uio.
default.
register.
userinfo.
continue.
buttonContinuebharosa.
uio.
default.
register.
userinfo.
decline.
messageIfyoudeclineyouwillnotbeaskedtoregisteragain.
bharosa.
uio.
default.
register.
userinfo.
decline.
buttonDeclineCustomizingOTP11-10OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerbharosa.
uio.
default.
userpreferences.
userinfo.
decline.
enabled=trueWhentheDeclinebuttonisenabled,theuserwillhaveanotheroptionontheOTPregistrationpagethatwillallowhimtoOptoutofOTPchallenges.
HewillnotbeaskedtoregisterOTPagain,andwillnotreceiveOTPchallenges.
However,ifaCustomerCareOTPProfileresetisperformed(orresetall)theuserwillhavetheopportunitytoregisterOTPagain.
Also,eveniftheuserhasoptedoutofOTP,hecanaccesstheOTPpageinUserPreferencesandaddinformationandclickContinue.
ThiswillremovetheOTPoutflagandtheuserwillnowberegisteredforOTP.
11.
6.
4CustomizingChallengePageMessagingAddchallengetypefieldstoclient_resource.
properties.
11.
6.
5CustomizingOTPMessageTextAddOTPmessagefieldstoclient_resource.
properties.
11.
6.
6EnablingOptOutFunctionalityThisfeatureisdisabledbydefault.
ToenableOptOutfortheuser,setthepropertytotrue.
Note:Evenifthesearetrue,thebuttonwillnotshowiftheOptOutpropertyisfalse.
Table11–12ChallengeTypeResourceBundleItemsPropertyDefaultValuebharosa.
uio.
default.
ChallengeSMS.
messageForyourprotectionpleaseenterthecodewejustsenttoyourmobiletelephone.
Ifyoudidnotreceiveacodepleaseensurethattextmessagingisenabledonyourphoneandclicktheresendlinkbelow.
bharosa.
uio.
default.
ChallengeSMS.
registerdevice.
messageChecktoregisterthedevicethatyouarecurrentlyusingasasafedevice:bharosa.
uio.
default.
ChallengeSMS.
continue.
buttonContinueTable11–13ChallengeTypeResourceBundleItemsPropertyDefaultValuebharosa.
uio.
default.
ChallengeSMS.
incorrect.
messageIncorrectOTP.
Pleasetryagain.
bharosa.
uio.
default.
ChallengeSMS.
message.
subjectOracleOTPCodebharosa.
uio.
default.
ChallengeSMS.
message.
bodyYourOracleSMSOTPCodeis:{0}Table11–14OTPopt-outpropertiesPropertyDefaultValuebharosa.
uio.
default.
otp.
optOut.
enabledfalsebharosa.
uio.
default.
otp.
optOut.
managerClasscom.
bharosa.
uio.
manager.
user.
DefaultContactInfoManagerConfiguringtheChallengePadsUsedforChallengeTypesImplementingOTPAnywhere11-1111.
7RegisteringSMSProcessortoPerformWorkforChallengeTypeThechallengetypeenumisusedtoassociateaChallengeTypewiththejavacodeneededtoperformanyworkrelatedtothatchallengetype.
TheChallengeTypeID(ChallengeEmail)shouldmatcharuleactionreturnedbytheruleswhenthatchallengetypeisgoingtobeused.
"Channel"normallyreferstothedeliverychannelusedtosendanOTPtotheuser(Email,SMS,orIM).
ThepropertiestoregistertheSMSchallengeprocessorandmarkserviceasavailable(orunavailable)arelistedbelow.
11.
8ConfiguringtheChallengePadsUsedforChallengeTypesBydefault,challengedevicesthatwillbeusedareconfiguredthroughrules.
TherulesareundertheAuthentiPadcheckpointwhereyoucanspecifythetypeofdevicetousebasedonthepurposeofthedevice.
Tocreate/updatepoliciestousethechallengetype:1.
Addanewruleaction,MyChallenge,withtheenum,rule.
action.
enum.
2.
Createpolicytoreturnnewlycreatedaction,MyChallenge,tousethechallengemethod.
Alternatively,ifyouwanttoconfigurechallengedevicesusingproperties,youcanbypasstheAuthentiPadcheckpointbysettingbharosa.
uio.
default.
use.
authentipad.
checkpointtofalse.
Devicestouseforthechallengetypecanbeadded.
bharosa.
uio.
.
.
authenticator.
device=Theexamplesshownusethechallengetypekey,ChallengeEmailandChallengeSMStoconstructthepropertyname.
Table11–15ChallengetypeenumsPropertyDescriptionavailableifthechallengetypeisavailableforuse(servicereadyandconfigured).
Toenable/disableanOTPchallengetype,theavailableflagshouldbeset.
processorjavaclassforhandlingchallengesofthistype.
requiredInfocommaseparatedlistofinputsfromtheregistrationinputenumTable11–16PropertiestoregistertheSMSchallengeprocessorPropertyDefaultValueDescriptionbharosa.
uio.
default.
challenge.
type.
enum.
ChallengeSMS2SMSChallengeenumvaluebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeSMS.
nameSMSChallengeNameofSMSchallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeSMS.
descriptionSMSChallengeDescriptionofSMSchallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeSMS.
processorcom.
bharosa.
uio.
processor.
challenge.
ChallengeSMSProcessorProcessorclassforSMSchallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeSMS.
requiredInfomobileRequiredfieldstochallengeuserwithSMSchallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeSMS.
availablefalseAvailabilityflagforSMSchallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeSMS.
otptrueOTPflagforSMSchallengetypeCustomizingOTPAnywhereDataStorage11-12OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerbharosa.
uio.
default.
ChallengeSMS.
authenticator.
device=DevicePinPadbharosa.
uio.
default.
ChallengeEmail.
authenticator.
device=DevicePinPadAvailablechallengedevicevaluesareDeviceKeyPadFull,DeviceKeyPadAlpha,DeviceTextPad,DeviceQuestionPad,DevicePinPad,andDeviceHTMLControl.
11.
9CustomizingOTPAnywhereDataStorageThissectiondescribeshowtocustomizedatastorageforOTPAnywhere.
YoucancustomizeOTPAnywherebyimplementingthecom.
bharosa.
uio.
manager.
user.
UserDataManagerIntfinterface.
11.
9.
1com.
bharosa.
uio.
manager.
user.
UserDataManagerIntfThemethodsusedincustomizationare:publicStringgetUserData(UIOSessionDatasessionData,Stringkey);publicvoidsetUserData(UIOSessionDatasessionData,Stringkey,Stringvalue);11.
9.
2DefaultImplementation-com.
bharosa.
uio.
manager.
user.
DefaultContactInfoManagerThedefaultimplementationexpandsontheinterfacetobreakeverygetandsetintotwoitems:UserDataValueandUserDataFlag.
TheUserDataFlagisusedbyOAAMtotrackthatavaluehasbeenset,orsoftresetavalue.
Whenrulesareusedtocheckifauserisregisteredforagivenitem,theUserDataFlagwillbecheckedintheOAAMdatabase.
TheUserDataValueistheactualdataelemententeredbytheuser.
InthedefaultimplementationthisisalsostoredintheOAAMdatabase,butbyextendingtheDefaultContactInfoManagerclassandoverridingtheUserDataValuemethods(getUserDataValueandsetUserDataValue)thedatacanbestoredinanexternallocationifrequired.
MethodspublicclassDefaultContactInfoManagerimplementsUserDataManagerIntf{publicStringgetUserData(UIOSessionDatasessionData,Stringkey){if(getUserDataFlag(sessionData,key)){returngetUserDataValue(sessionData,key);Table11–17AuthenticationDeviceTypePropertyDescriptionNoneNoHTMLpageorauthenticationpadDeviceKeyPadFullChallengeuserusingKeyPad.
DeviceKeyPadAlphaChallengeuserwiththealphanumericKeyPad(numbersandlettersonly,nospecialcharacters)DeviceTextPadChallengeuserusingTextPad.
DeviceQuestionPadChallengeuserusingQuestionPad.
DevicePinPadChallengeuserusingPinPad.
DeviceHTMLControlChallengeuserusingHTMLpageinsteadofanauthenticationpad.
CustomizingOTPAnywhereDataStorageImplementingOTPAnywhere11-13}returnnull;}publicvoidsetUserData(UIOSessionDatasessionData,Stringkey,Stringvalue){setUserDataValue(sessionData,key,value);setUserDataFlag(sessionData,key,value);}protectedvoidsetUserDataValue(UIOSessionDatasessionData,Stringkey,Stringvalue){VCryptAuthUserclientUser=sessionData.
getClientAuthUser();if(clientUser!
=null){clientUser.
setUserData(BharosaConfig.
get("oaam.
otp.
contact.
info.
prefix","otpContactInfo_")+key,value);}}protectedStringgetUserDataValue(UIOSessionDatasessionData,Stringkey){VCryptAuthUserclientUser=sessionData.
getClientAuthUser();if(clientUser!
=null){returnclientUser.
getUserData(BharosaConfig.
get("oaam.
otp.
contact.
info.
prefix","otpContactInfo_")+key);}returnnull;}protectedvoidsetUserDataFlag(UIOSessionDatasessionData,Stringkey,Stringvalue){VCryptAuthUserclientUser=sessionData.
getClientAuthUser();if(clientUser!
=null){if(StringUtil.
isEmpty(value)){clientUser.
setUserData(BharosaConfig.
get("oaam.
otp.
contact.
info.
flag.
prefix","otpContactInfoFlag_")+key,null);}else{clientUser.
setUserData(BharosaConfig.
get("oaam.
otp.
contact.
info.
flag.
prefix","otpContactInfoFlag_")+key,"true");}}}protectedbooleangetUserDataFlag(UIOSessionDatasessionData,Stringkey){VCryptAuthUserclientUser=sessionData.
getClientAuthUser();if(clientUser!
=null){returnBoolean.
valueOf(clientUser.
getUserData(BharosaConfig.
get("oaam.
otp.
contact.
info.
flag.
prefix","otpContactInfoFlag_")+key));}returnfalse;}}ExampleConfigurations11-14OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager11.
9.
3CustomImplementationRecommendationsExtendthebaseimplementationclassDefaultContactInfoManager,andoverridethe"setUserDataValue"and"getUserDataValue"methodstostorethedatavalueswhereappropriateforyouimplementation.
Leavethedefaultimplementationof"setUserDataFlag"and"getUserDataFlag"inplaceinorderforOAAMtoproperlytrackwhichdatahasbeensetfortheuser.
11.
9.
4ConfiguringPropertiesOTPAnywhereregistrationfieldsaredefinedbytheuserdefinedenum:bharosa.
uio.
default.
userinfo.
inputs.
enum.
Eachelementhasa"managerClass"propertythatdesignateswhichclasswillbeusedtostoretheregistrationdata.
Forexample,thedefaultmobilephoneelementisasfollows:bharosa.
uio.
default.
userinfo.
inputs.
enum=EnumforContactinformationbharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile=0bharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
name=MobilePhonebharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
description=MobilePhonebharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
inputname=cellnumberbharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
inputtype=textbharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
maxlength=16bharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
required=truebharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
order=4bharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
enabled=truebharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
regex=\\d{1}\\D(\\d{3})\\D\\D(\\d{3})\\D(\\d{4})bharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
errorCode=otp.
invalid.
mobilebharosa.
uio.
default.
userinfo.
inputs.
enum.
mobile.
managerClass=com.
bharosa.
uio.
manager.
user.
DefaultContactInfoManagerAsshown,thedefaultmobilephonedefinitionusestheDefaultContactInfoManagerclasstomanagethedata.
Ifacustomimplementationisdesired,thevalueofthemanagerClassattributecanbeupdatedinOAAMAdmin(orthroughOAAMExtensionsharedlibrary)touseacustomclass.
11.
10ExampleConfigurationsThissectioncontainsthefollowingtopics:AdditionalRegistrationFieldDefinitionsExamplesAdditionalChallengeMessageExamplesAdditionalProcessorsRegistrationExamples11.
10.
1AdditionalRegistrationFieldDefinitionsExamplesAdditionalregistrationfielddefinitionsareshownbelow.
ExampleConfigurationsImplementingOTPAnywhere11-1511.
10.
1.
1EmailInputThefollowingisanexampleofanenumdefiningemailregistrationontheOTPregistrationpageofanauthenticator:11.
10.
1.
2PhoneInputThefollowingisanexampleofanenumdefiningphoneregistrationontheOTPregistrationpageofanauthenticator:Table11–18ContactInformationInputsPropertyDescriptioninputnameNameusedfortheinputfieldintheHTMLforminputtypeSetfortextorpasswordinputmaxlengthMaximumlengthofuserinputrequiredSetifthefieldisrequiredontheregistrationpageorderTheorderdisplayedintheuserinterfaceregexRegularexpressionusedtovalidateuserinputforthisfielderrorCodeErrorcodeusedtolookupvalidationerrormessage(bharosa.
uio.
.
error.
)managerClassjavaclassthatimplementscom.
bharosa.
uio.
manager.
user.
UserDataManagerIntf(ifdataistobestoredinOracleAdaptiveAccessManagerdatabasethispropertyshouldbesettocom.
bharosa.
uio.
manager.
user.
DefaultContactInfoManager)Table11–19EmailInputPropertyDefaultValueDescriptionbharosa.
uio.
default.
userinfo.
inputs.
enum.
email1Emailaddressenumvaluebharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
nameEmailAddressNameforemailaddressfieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
descriptionEmailAddressDescriptionforemailaddressfieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
inputnameemailHTMLinputnameforemailaddressfieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
inputtypetextHTMLinputtypeforemailaddressfieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
maxlength40HTMLinputmaxlengthforemailaddressfieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
requiredtrueRequiredflagforemailaddressfieldduringregistrationanduserpreferencesbharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
order2Orderonthepageforemailaddressfieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
enabledfalseEnabledflagforemailaddressenumitembharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
regex.
+@[a-zA-Z_]+\\.
[a-zA-Z]{2,3}Regularexpressionforvalidationofemailaddressfieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
errorCodeotp.
invalid.
emailErrorcodetogeterrormessagefromifvalidationofemailaddressentryfailsbharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
managerClasscom.
bharosa.
uio.
manager.
user.
DefaultContactInfoManagerJavaclasstousetosave/retrieveemailaddressfromdatastorageExampleConfigurations11-16OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager11.
10.
1.
3IMInputThefollowingisanexampleofanenumdefiningIMregistrationontheOTPregistrationpageofanauthenticator:Table11–20PhoneInputPropertyDefaultValueDescriptionbharosa.
uio.
default.
userinfo.
inputs.
enum.
phone2Phonenumberenumvaluebharosa.
uio.
default.
userinfo.
inputs.
enum.
phone.
namePhoneNumberNameforphonenumberfieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
phone.
descriptionPhoneNumberDescriptionforphonenumberfieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
phone.
inputnamephoneHTMLinputnameforphonenumberfieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
phone.
inputtypetextHTMLinputtypeforphonenumberfieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
phone.
maxlength15HTMLinputmaxlengthforphonenumberfieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
phone.
requiredtrueRequiredflagforphonenumberfieldduringregistrationanduserpreferencesbharosa.
uio.
default.
userinfo.
inputs.
enum.
phone.
order3Orderonthepageforphonenumberfieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
phone.
enabledfalseEnabledflagforphonenumberenumitembharosa.
uio.
default.
userinfo.
inputs.
enum.
phone.
regex\\D(\\d{3})\\D\\D(\\d{3})\\D(\\d{4})Regularexpressionforvalidationofphonenumberfieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
phone.
errorCodeotp.
invalid.
phoneErrorcodetogeterrormessagefromifvalidationofphonenumberentryfailsbharosa.
uio.
default.
userinfo.
inputs.
enum.
phone.
managerClasscom.
bharosa.
uio.
manager.
user.
DefaultContactInfoManagerJavaclasstousetosave/retrievephonenumberfromdatastorageTable11–21IMInputPropertyDefaultValueDescriptionbharosa.
uio.
default.
userinfo.
inputs.
enum.
im3Instantmessageenumvaluebharosa.
uio.
default.
userinfo.
inputs.
enum.
im.
nameInstantMessagingNameforinstantmessagefieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
im.
descriptionInstantMessagingDescriptionforinstantmessagefieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
im.
inputnameimHTMLinputnameforinstantmessagefieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
im.
inputtypetextHTMLinputtypeforinstantmessagefieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
im.
maxlength15HTMLinputmaxlengthforinstantmessagefieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
im.
requiredtrueRequiredflagforinstantmessagefieldduringregistrationanduserpreferencesbharosa.
uio.
default.
userinfo.
inputs.
enum.
im.
order4Orderonthepageforinstantmessagefieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
im.
enabledfalseEnabledflagforinstantmessageenumitemExampleConfigurationsImplementingOTPAnywhere11-1711.
10.
2AdditionalChallengeMessageExamplesOtherexamplesofchallengemessageresourcebundlesareshownbelow.
11.
10.
2.
1CustomizeOTPEmailMessageOTPEmailmessagepropertiesareshownbelow.
11.
10.
2.
2CustomizeOTPIMMessageOTPIMmessagepropertiesareshownbelow.
11.
10.
2.
3CustomizeOTPVoiceMessageOTPVoicemessagepropertiesareshownbelow.
11.
10.
3AdditionalProcessorsRegistrationExamplesAdditionalprocessorregistrationpropertiesarelistedbelow.
bharosa.
uio.
default.
userinfo.
inputs.
enum.
im.
regexTBDRegularexpressionforvalidationofinstantmessagefieldbharosa.
uio.
default.
userinfo.
inputs.
enum.
im.
errorCodeotp.
invalid.
imErrorcodetogeterrormessagefromifvalidationofinstantmessageentryfailsbharosa.
uio.
default.
userinfo.
inputs.
enum.
im.
managerClasscom.
bharosa.
uio.
manager.
user.
DefaultContactInfoManagerJavaclasstousetosave/retrieveinstantmessagefromdatastorageTable11–22CustomizeOTPEmailMessagePropertyDefaultValueDescriptionbharosa.
uio.
default.
ChallengeEmail.
message.
from.
nameOracleASATestEmailmessagefromaddressbharosa.
uio.
default.
ChallengeEmail.
message.
subjectOracleOTPCodeEmailmessagesubjectbharosa.
uio.
default.
ChallengeEmail.
message.
bodyYourOracleEmailOTPCodeis:{0}EmailmessagebodyTable11–23CustomizeOTPIMMessagePropertyDefaultValueDescriptionbharosa.
uio.
default.
ChallengeIM.
message.
from.
nameOracleASATestIMmessagefromnamebharosa.
uio.
default.
ChallengeIM.
message.
subjectOracleOTPCodeIMmessagesubjectbharosa.
uio.
default.
ChallengeIM.
message.
bodyYourOracleIMOTPCodeis:{0}IMmessagebodyTable11–24CustomizeOTPVoiceMessagePropertyDefaultValueDescriptionbharosa.
uio.
default.
ChallengeVoice.
message.
subjectOracleOTPCodeVoicemessagesubjectbharosa.
uio.
default.
ChallengeVoice.
message.
bodyYourOracleVoiceOTPCodeis:{0}VoicemessagebodyTable11–21(Cont.
)IMInputPropertyDefaultValueDescriptionExampleConfigurations11-18OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager11.
10.
3.
1RegisterEmailChallengeProcessorThepropertiestoregistertheemailchallengeprocessorandmarkserviceasavailable(orunavailable)arelistedbelow.
11.
10.
3.
2RegisterIMChallengeProcessorThepropertiestoregistertheIMchallengeprocessorandmarkserviceasavailable(orunavailable)arelistedbelow.
Table11–25ChallengetypeenumsPropertyDescriptionavailableifthechallengetypeisavailableforuse(servicereadyandconfigured).
Toenable/disableanOTPchallengetype,theavailableflagshouldbeset.
processorjavaclassforhandlingchallengesofthistype.
requiredInfocommaseparatedlistofinputsfromtheregistrationinputenumTable11–26PropertiestoregistertheemailchallengeprocessorPropertyDefaultValueDescriptionbharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmail1EmailChallengeenumvaluebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmail.
nameEmailChallengeNameofemailchallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmail.
descriptionEmailChallengeDescriptionofemailchallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmail.
processorcom.
bharosa.
uio.
processor.
challenge.
ChallengeEmailProcessorProcessorclassforemailchallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmail.
requiredInfoemailRequiredfieldstochallengeuserwithemailchallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmail.
availablefalseAvailabilityflagforemailchallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmail.
otptrueOTPflagforemailchallengetypeTable11–27PropertiestoregistertheIMchallengeprocessorPropertyDefaultValueDescriptionbharosa.
uio.
default.
challenge.
type.
enum.
ChallengeIM3InstantmessageChallengeenumvaluebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeIM.
nameIMChallengeNameofinstantmessagechallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeIM.
descriptionInstantMessageChallengeDescriptionofinstantmessagechallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeIM.
processorcom.
bharosa.
uio.
processor.
challenge.
ChallengeIMProcessorProcessorclassforinstantmessagechallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeIM.
requiredInfomobileRequiredfieldstochallengeuserwithinstantmessagechallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeIM.
availablefalseAvailabilityflagforinstantmessagechallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeIM.
otptrueOTPflagforinstantmessagechallengetypeChallengeUseCaseImplementingOTPAnywhere11-1911.
10.
3.
3RegisterVoiceChallengeProcessorThepropertiestoregistertheVoicechallengeprocessorandmarkserviceasavailable(orunavailable)arelistedbelow.
11.
11ChallengeUseCaseAnexamplechallengescenarioispresentedbelow.
1.
OracleAdaptiveAccessManagerServerpresentstheuserwiththeusernamepage.
2.
Theusersubmitshisusernameontheusernamepage.
3.
OracleAdaptiveAccessManagerfingerprintstheuserdeviceandrunspre-authenticationrulestodetermineiftheusershouldbeallowedtoproceedtothepasswordpage.
4.
Theuserisallowedtoproceedtothepasswordpageandheentershispassword.
5.
TheOAAMpoliciesindicatethattheusershouldbechallenged.
6.
Thechallengecheckpointisruntodeterminethetypeofchallengetouse(KBA,Email,SMS,andsoon).
IfSMSchallengeisreturned,theSMSChallengeProcessorisloadedandusedtogenerateanddeliveranOTPtotheuserviaSMS.
7.
OncetheSMShasbeensent,theuserispresentedwithachallengepageindicatingthathisOTPhasbeensenttohiminanSMS.
8.
UsersubmitscorrectOTPtocontinueintoapplicationandcompletetheloginflow.
TheOTPgeneratedandsenttotheuserisonlyvalidforonecorrectsubmissionwithinasingleHTTPsession.
Iftheuser'sHTTPsessionexpiresandanewOTPwillbegeneratedandsentifheischallengedagaininalatersession.
Table11–28PropertiestoregistertheVoicechallengeprocessorPropertyDefaultValueDescriptionbharosa.
uio.
default.
challenge.
type.
enum.
ChallengeVoice4VoiceChallengeenumvaluebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeVoice.
nameVoiceChallengeNameofvoicechallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeVoice.
descriptionVoiceChallengeDescriptionofvoicechallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeVoice.
processorcom.
bharosa.
uio.
processor.
challenge.
ChallengeVoiceProcessorProcessorclassforvoicechallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeVoice.
requiredInfophoneRequiredfieldstochallengeuserwithvoicechallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeVoice.
availablefalseAvailabilityflagforvoicechallengetypebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeVoice.
otptrueOTPflagforvoicechallengetypeChallengeUseCase11-20OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager12ConfigurableActions12-112ConfigurableActionsOracleAdaptiveAccessManagerprovidesConfigurableActions,afeaturewhichallowsuserstocreatenewsupplementaryactionsthataretriggeredbasedontheresultactionand/orbasedontheriskscoringafteracheckpointexecution.
ThissectiondescribeshowtointegrateaConfigurableActionwiththeOracleAdaptiveAccessManagersoftware.
12.
1IntegrationToaddanewConfigurableAction,performthefollowingtasks:1.
DeveloptheConfigurableActionbyimplementingthecom.
bharosa.
vcrypt.
tracker.
dynamicactions.
intf.
DynamicActionjavainterface.
Whileimplementingthecom.
bharosa.
vcrypt.
tracker.
dynamicactions.
intf.
DynamicActionjavainterface,thefollowingtwomethodshavetobecoded:getParameters()-Inthismethod,thecodehastobewrittenthatreturnstheparametersusedbytheConfigurableAction.
Makesurethatthesizeoftheparametersarrayreturnedisthesameasthenumberofparameters.
LookatthesampleconfigurableactionsjavacodeinOracleAdaptiveAccessManagerSampleapplication.
execute()-Inthismethod,codehastobewrittenthatperformsthelogicrequiredbytheConfigurableAction.
ConfigurableActionparametervaluesarepassedinactionParamValueMapwheretheparameternameisthekeyandtheRuntimActionParamValueobjectisthevalue.
UsetheappropriategetXXXValue()methodtogettheparametervalue.
2.
CompileyourcustomjavaclassesthatextendorimplementOracleAdaptiveAccessManagerclassesbyaddingthejarsfrom$ORACLE_IDM_HOME\oaam\cli\libfoldertothebuildclasspath.
3.
TesttheimplementationoftheConfigurableActionthoroughly.
SinceConfigurableActionsarestandalonejavaclasses,theycanbetestedwithUnitTestingMethodologyusingJUnitframework.
ForsampleJUnitcodefortestingconfigurableactions,refertothe"SampleJUnitCode"section.
Note:Inthisstep,implementingmeanswritingjavacodebasedonthecontractspecifiedbytheJavainterfacecom.
bharosa.
vcrypt.
tracker.
dynamicactions.
intf.
DynamicAction.
ExecutingConfigurableActionsinaParticularOrderandDataSharing12-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager4.
Compilethejavaclassandcreateajarfileofthecompiledclassfiles.
5.
Extend/customizeOracleAdaptiveAccessManagertoaddthecustomjar.
RefertoSection4.
1.
4,"Customizing/Extending/OverridingOracleAdaptiveAccessManagerProperties"forstepsforaddingthecustomjartoOracleAdaptiveAccessManager.
6.
RestartOAAMServerandtheOAAMAdminServer.
7.
LogintoOAAMAdminandcreateanactiondefinitionentryforthenewlydeployedConfigurableAction.
8.
MakesurealltheparametersrequiredfortheConfigurableActionaredisplayedintheuserinterface.
9.
UsethenewlyavailableConfigurableActionbyaddingittotherequiredcheckpoints.
FormoreinformationonconfiguringConfigurableActions,refertotheOracleFusionMiddlewareAdministrator'sGuideforOracleAdaptiveAccessManager.
12.
2ExecutingConfigurableActionsinaParticularOrderandDataSharingConfigurableActionscanbeusedtoimplementchaininginsuchawaythattheyexecuteinaparticularorderdatacanbesharedacrosstheseactionsTobeabletoexecuteConfigurableActionsinaparticularorderandsharedata:1.
ConfigureConfigurableActionsassynchronousactionswiththerequiredorderofexecutioninascendingorder.
2.
Tosharedata,insertthedataintotheactionContextMapparameteroftheConfigurableAction'sexecute()method.
SincetheactionContextMapisaMap,itrequiresakeyandvaluepairthatrepresentsthedatatobeshared.
3.
EnsurethatthecodecanhandlethecasewherethekeyisnotpresentintheactionContextMap.
ThisstepmustbeperformedtoavoiderrorsorNullPointerExceptionwhentheotheractiondonotinsertthevalueintotheactionContextMap.
Note:SharingdataacrossConfigurableActionsinvolveswritingjavacodeandrequiresmoreeffortthanjustaconfigurationtask.
Note:AConfigurableActionisexecutedonlyifthetriggercriteriaismet;therefore,makesurethetriggercriteriaiscorrect.
Note:itistheimplementer'sresponsibilitytoensurethattheduplicatekeysarenotusedwhileinsertingdatathesamekeyisusedwhentryingtoaccessthisshareddatafromanotherConfigurableAction.
SampleJUnitCodeConfigurableActions12-312.
3HowtoTestConfigurableActionsTriggeringTotestifconfigurableactionstriggering:1.
MakesurethereisawaytoidentifyifthecodeintheConfigurableActionisexecuted.
Thiscouldbeassimpleasanentryinlogfileoranentryindatabase.
2.
Enabledebuglevelloggingfororacle.
oaamloggerinOAAMServer.
3.
CreateanactiontemplateforthegivenConfigurableAction.
4.
AddtheactiontoaPre-Authenticationcheckpointwithtriggercriteriaasscorebetween0and1000.
5.
TryloggingintoOAAMServerasauser.
6.
CheckOAAMServerlogsfortheentryEnter:executeAction():ExecutingActionInstance.
7.
IfthereisnoerrorthenyouwillseearelatedlogstatementlikeExit:executeAction():ActionInstance.
8.
Ifthereisanerror,youwillseealogstatementlikeError:executeAction().
9.
Apartfromthese,checkforalogentryoradatabaseentrythatiscreatedbytheConfigurableActionitself12.
4SampleJUnitCodeThefollowingisansampleJUnitcodefortestingdynamicaction:publicclassTestDynamicActionsExecutionextendsTestCase{staticLoggerlogger=Logger.
getLogger(TestDynamicActionsExecution.
class);privateDynamicActioncaseCreationAction=null;publicvoidsetUp()throwsException{caseCreationAction=newCaseCreationAction();}publicvoidtestDynamicAction(){//RequestIdStringrequestId="testRequest";//RequestTimeDaterequestTime=newDate();//Mapthatcontainsvaluespassedtotherule/modelexecutionMapruleContextMap=newHashMap();//ResultfromruleexecutionVCryptRulesResultImplrulesResult=newVCryptRulesResultImpl();rulesResult.
setResult("Allow");rulesResult.
setRuntimeType(newInteger(1));//Configurableaction'sparametervaluesMapactionParamValueMap=newHashMap();RuntimeActionParamValuecaseTypeParamValue=newRuntimeActionParamValue();caseTypeParamValue.
setIntValue(CaseConstants.
CASE_AGENT_TYPE);SampleJUnitCode12-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerRuntimeActionParamValuecaseSeverityParamValue=newRuntimeActionParamValue();caseSeverityParamValue.
setIntValue(1);RuntimeActionParamValuecaseDescriptionParamValue=newRuntimeActionParamValue();caseDescriptionParamValue.
setStringValue("TestingCaseCreationAction");//ActionContextMapforpassingdatato/fromthedynamicactionexecutionMapactionContextMap=newHashMap();//Executetheactiontry{caseCreationAction.
execute(requestId,requestTime,ruleContextMap,rulesResult,actionParamValueMap,actionContextMap);}catch(Exceptione){Assert.
fail("Exceptionoccurredwhileexecutingdynamicaction");logger.
error("Exceptionocccurredwhileexecutingdynamicaction",e);}//Writeappropriateassertstocheckiftheconfigurableactionhasexecutedproperly}publicvoidtearDown()throwsException{}}13DeviceRegistration13-113DeviceRegistrationDeviceregistrationallowsausertoflagthecomputer,PDA,mobilephone,orotherdevicesheislogginginwithasasafedevice.
Thedeviceisaddedtotheuser'sprofileasaregistereddevice.
EnablingDeviceRegistrationinNativeIntegrationInnativeintegration,toenabledeviceregistration:1.
Setbharosa.
tracker.
send.
devideIdtotrue,sothedeviceIDcanbecaptured.
2.
CalltheseAPIsdirectly:handleTrackerRequestupdateLogmarkDeviceSafeIsDeviceMarkedSafeclearSafeDeviceListprocessRulesEnablingDeviceRegistrationOut-of-the-BoxInOracleAdaptiveAccessManagerout-of-the-box,toenabledeviceregistrationforallapplications:1.
Addthefollowingpropertiestobharosa_server.
properties:#Addsdeviceregistrationtothechallengequestionregistrationpagebharosa.
uio.
default.
register.
questions.
registerdevice.
enabled=true#AddsdeviceregistrationtotheContactInformationregistrationpagebharosa.
uio.
default.
register.
userinfo.
registerdevice.
enabled=true#Enablesdeviceregistrationbharosa.
uio.
default.
registerdevice.
enabled=true#Enablesusertobeabletounregistercurrentdeviceinuserpreferencesbharosa.
uio.
default.
userpreferences.
unregister.
this.
enabled=true#Enablesusertobeabletounregisteralldevicesinuserpreferencesbharosa.
uio.
default.
userpreferences.
unregister.
all.
enabled=trueToenablethefeaturesonanapplication-specificbases,"default"canbereplacedwiththeappropriateappIdineachofthepriorpropertynames.
13-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager2.
FollowtheinstructionsinChapter7,"OAAMExtensionsandSharedLibrarytoCustomizeOAAM"toaddthecustomizationstoOracleAdaptiveAccessManager.
CreatePoliciestoUseDeviceInformationOncethefeatureisenabled,informationaboutthedeviceiscollectedforthatuser.
Ifyouwanttomakeuseoftheinformationyouarecollecting,youmustcreatepoliciesandconfigurethemproperly.
Forexample,youcancreateapolicywithrulestochallengeauserthatisnotlogginginfromoneoftheregistereddevices.
ResettingRegistrationAcustomerresetactiontounregisteralldevicesforauserisavailableinCSRtypecases.
The"UnregisterDevices"actionwilldeleteallregistereddevicesfromtheuser'sprofile.
14ExtendingDeviceIdentification14-114ExtendingDeviceIdentificationThischapterdescribeshowtoextenddeviceidentificationinatypicaldeployment.
Itincludesthefollowingtopics:WhentoUseExtendDeviceIdentificationPrerequisitesDevelopingaCustomDeviceIdentificationPlug-inOverviewofInteractionsCompile,AssembleandDeployImportantNoteAboutImplementingthePlug-In14.
1WhentoUseExtendDeviceIdentificationFormosttypicaldeployments,theout-of-the-boxdeviceidentificationsatisfiesclientrequirements.
Out-of-the-boxdeviceidentificationusesdatafromthebrowserandOAAMflashmovie.
Thefollowingarethetypicalscenarioswhenyoucouldconsiderextendingdeviceidentification:TheOAAMflashmoviecannotbeusedtoobtainclientdetailsastheclientsidebrowserdoesnotsupportFlash(example:iPhone,iPad,andsoon)Thereisaneedtoextractstrongerdeviceidentificationdatafromtheclientusinganon-flashplug-inthatcanruninsidethebrowser14.
2PrerequisitesTheprerequisitesforperformingtaskstoextenddeviceidentificationinOracleAdaptiveAccessManagerareprovidedinthefollowinglist:YouhaveknowledgeofJavaprogramminglanguagesinceacustomdeviceidentificationplug-inhastobedevelopedusingJava.
Youhavedeterminedwhatpiecesofinformationaboutclientdevicehavetobecollectedandwhattechnologywillbeusedtocollectthat.
Typicaltechnologiesyoucanconsiderareapplets,JavaScript,andsoon.
YouunderstandtheprocessofdevelopinganddeployingtheOAAMExtensionsSharedLibrary.
DevelopingaCustomDeviceIdentificationPlug-in14-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager14.
3DevelopingaCustomDeviceIdentificationPlug-inThecustomdeviceidentificationplug-inissoftwarethatextendstheout-of-the-boxdeviceidentificationprovidedbyOracleAdaptiveAccessManager.
14.
3.
1ImplementtheClientSidePlug-inImplementtheclientsideplug-inthatcanrunintheclientbrowser.
Thisinvolvescodingtheclientsideplug-inusingtheappropriatetechnology.
Theclientsideplug-inshouldsatisfythefollowingrequirements:Itcanrunontheclientsidebrowserwithoutalteringthewebpage.
Itisinvisibleanddoesnotalterusercontrolflow.
ItcancommunicatewithOAAMServerandpostdatausingtheHTTPprotocol.
VeryImportant:ItcanusetheexistingOAAM"HTTPSession"whilepostingthedata.
Thisisveryimportantforthedeviceidentificationtoworkproperly.
Thelistofdata/valuesthatarecollectedbytheplug-inuniquelyidentifiesaclientdevice.
Theplug-incanretrieveandstoreacookieequivalentontheclientmachine.
Plug-incansubmitthefollowingparameterstoflashFingerprint.
doURLonOAAMServerusingHTTPPost:14.
3.
2AddPropertiesrelatedtoCustomDeviceIdentificationPlug-intoOAAMExtensionsSharedLibraryAddthefollowingpropertiesasenumelementtovcrypt.
fingerprint.
type.
enumtobharosa_server.
propertiesoftheOAAMExtensionsSharedLibrarywar.
Note:Replacewithastringthatrepresentsyourplug-in.
Donotusethestrings'flash','browser'astheyarealreadyusedbytheOAAMproduct.
Table14–1ParameterstoflashFingerprint.
doURLNameoftheparameterDescriptionclientNameoftheclientplug-in.
Aconstantvaluethatindicatestheplug-intype.
fpConcatenatedstringthathasallthename-valuepairsthatidentifytheclientside.
Name-valuepairsisconcatenatedusing"&"andname-valueisseparatedusing"=".
Example:Ifos_nameandos_versionarecollectedbyplug-inthenthefpstringvaluelookslike"os_name=windows&os_version=7Sendthecookieequivalentvaluestored/maintainedbytheclientplug-in.
Table14–2vcrypt.
fingerprint.
type.
enumelementsPropertyNameValueDescriptionvcrypt.
fingerprint.
type.
enum.
Integervalueabove100vcrypt.
fingerprint.
type.
enum.
.
nameNamethatrepresentstheplug-invcrypt.
fingerprint.
type.
enum.
.
descriptionDescriptionoftheplug-inDevelopingaCustomDeviceIdentificationPlug-inExtendingDeviceIdentification14-314.
3.
3Extend/ImplementtheDeviceIdentificationPlug-inclassExtendtheDeviceIdentificationplug-inclass:com.
bharosa.
uio.
processor.
device.
DeviceIdentificationProcessorBaseandimplementthefollowingmethods:14.
3.
3.
1getPlugInHTMLpublicStringgetPlugInHTML();Implementationshouldreturnavalidplug-inHTMLthatcanbeembeddedintologinpages.
TheHTMLshouldtakecareofhandlingexceptionslikeifthesupportingtechnologyisnotavailableordisabledontheclient.
Anexampleforplug-inHTMLisshownbelow:Note:ThismethodiscalledbytheoaamLoginPage.
jspwhentheusernavigatestologinpage.
14.
3.
4getFingerPrintpublicStringgetFingerPrint();Thismethodshouldimplementlogicthatcreatesauniquefingerprintthatidentifiestheclientdeviceusingthedatasentbytheplug-in.
Thismethodiscalledwhentheclientsideplug-insubmitsdeviceidentificationdatatoOAAMServer.
ThismethodshouldcalltheUIOContext.
getCurrentInstance().
getRequesttogethandletoHttpServletRequestobjecttoreadthedatasentbytheclientplug-in.
vcrypt.
fingerprint.
type.
enum.
.
processorFullyqualifiedjavaclassnameoftheprocessorclassthatimplementsdeviceidentificationlogicontheserverside.
Seenextsectionfordetailsonhowtoimplementthisclass.
vcrypt.
fingerprint.
type.
enum.
.
header_listCommaseparatedlistofdatathatiscollectedbytheclientsideplug-in.
vcrypt.
fingerprint.
type.
enum.
.
header_name_nvCommaseparatedlistofdataandreadablenameofthosedata.
vcrypt.
fingerprint.
type.
enum.
.
header_value_nvCommaseparatedlistofmappingsofvaluetoreadablestringofthosevaluesbharosa.
uio.
default.
device.
identification.
schemeNote:ThisisveryimportantforOAAMtousethecustomdeviceidentificationTable14–2(Cont.
)vcrypt.
fingerprint.
type.
enumelementsPropertyNameValueDescriptionOverviewofInteractions14-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerAsmentionedintheprevioussection,clientplug-inwouldsendlistofdatapointsassinglestringasthevalueof"fp"requestparameter.
Thisclassshould"tokenize"thisstringtodeterminethelistofdatapointsandtheirvalues.
14.
3.
5getDigitalCookiepublicStringgetDigitalCookie();Implementationshouldreturnthedigitalcookiesentbytheclientplug-in.
ItistheresponsibilityoftheclientandservertodesignateanHttpparameterthatindicatesthedigitalcookie.
ThismethodshouldcalltheUIOContext.
getCurrentInstance().
getRequesttogethandletoHttpServletRequestobjecttoreadthedatasentbytheclientplug-in.
14.
3.
6getClientDataMappublicMapgetClientDataMap(HttpServletRequestrequest);Implementationshouldreadthedatafromrequestandstoreitintoamapthatcanbeusedforloggingorauditingpurposes.
14.
4OverviewofInteractionsFollowingistheoverviewofhowthedeviceidentificationplug-inworksandinteractswithOAAMServer:1.
TheusernavigatestotheOAAMuserloginpageontheOAAMServer.
2.
TheOAAMServerusesthedeviceidentificationconfigurationandappropriatelyinstantiatesthedeviceidentificationplug-inclass.
Itthenaskstheplug-inclassfortheHTMLthatneedstobeembeddedintheuserloginpage.
TheOAAMServerreturnstheuserloginpagewiththedeviceidentificationplug-inHTML.
3.
Oncetheloginpageisrendered,theclientbasedplug-inisactivatedandcollectsinformationaboutthedevice.
4.
Theclientplug-inthensubmitsthecollecteddatatothedeviceidentificationURLontheOAAMServer.
5.
TheOAAMServerthencallsthedeviceidentificationplug-intoobtainthefingerprintbasedoncollecteddatafromtheclientplug-in.
6.
Itthenchecksifthefingerprintcorrespondstoanexistingdevice.
Ifnot,thenitcreatesanewdeviceandassociatesthefingerprinttothatdevice.
7.
TheOAAMServerthencallsthedeviceidentificationplug-intogetthedigitalcookie.
Ifdigitalcookiedoesnotexistthenanewoneiscreated.
8.
Thedigitalcookieisreturnedtotheclientplug-insothatitisstoredontheclientmachine.
9.
OncetheUserIDisentered,usingthedigitalcookieorbrowsercookieorboth,theuserrequestisassociatedtothedevice.
10.
Aftertheauthentication(success/failure),theuserrequestisupdatedwiththeauthenticationresult.
ImportantNoteAboutImplementingthePlug-InExtendingDeviceIdentification14-511.
Ifthesamedeviceisusedforfuturelogins,thedigitalcookiecanbeusedtolookupthedevicewithouthavingtofingerprint.
14.
5Compile,AssembleandDeployCompilethecustomdeviceidentificationplug-inclassandassembletheOAAMExtensionsSharedlibrary.
RefertoChapter7,"OAAMExtensionsandSharedLibrarytoCustomizeOAAM"forinstructions.
14.
6ImportantNoteAboutImplementingthePlug-InWhenimplementingtheplug-in,keepthefollowingpointsinmind:MakesurethecustomdeviceidentificationclassoutputsavalidHTMLrequiredtoactivatetheclientsideplug-in.
Makesuretheclientsideplug-inpoststhedatatoOAAMServerusingthe"existingHTTPSession".
ImportantNoteAboutImplementingthePlug-In14-6OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager15FlashFingerprinting15-115FlashFingerprintingThischapterfocusesonthespecificsofFlashFingerprintingwithinanOracleAdaptiveAccessManagernativeintegration.
Allcodeexamplesincludedinthechapterareoutlinesofcallsneededtoperformthetasks.
Theyshouldnotbeconsideredcompleteimplementations.
15.
1DeviceFingerprintingOracleAdaptiveAccessManagercapturesinformationaboutthedevicesthatauserutilizeswhenaccessingprotectedapplications.
Thisinformationconsistsofmanydifferentdatapointsgatheredthroughavarietyofmeans.
Thedatacollectedisencodedintoauniquefingerprintforthedevice.
Whenadeviceisusedforanaccessrequest,OracleAdaptiveAccessManagerinterrogatesthedeviceforthefingerprintandusesitalongwithmanyothertypesofdatatodeterminetheriskassociatedwiththespecificaccessrequest.
SomeofthetechnologyusedtogatherfingerprintdataincludeHTTPheader,securecookie,sharedflashobjectandbehaviorprofiling.
15.
2DefinitionsofVariablesandParametersTable15–1liststheparameterandresponsevariableintheinteractionbetweentheflashmovieandtheapplication.
Note:ThischapterassumesthatthereaderisfamiliarwithOracleAdaptiveAccessManagernativeintegrationsandAPIs.
Table15–1FlashmovieParametersandResponseVariablesParameter/ResponseVariableUsagevUsedasanHTTPrequestparametersentfromtheflashmovietotheapplication.
Itcontainsthegenerated"cookie"stringthatisusedasingletimebytheuser.
ThisvalueisalsoreturnedintheHTTPresponsetotheflashmovieas"&v=".
clientUsedasanHTTPrequestparametersentfromtheflashmovietotheapplication.
Thisindicatesthetypeofclientperformingthefingerprinting(inthiscase,flash).
Theexpectedvaluefromtheflashmovieis"vfc".
fpUsedasanHTTPrequestparametersentfromtheflashmovietotheapplication.
Itcontainsinformationabouttheclientcomputeraccessibletotheflashplayer.
Option115-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager15.
3Option1Option1isthetraditionalimplementationusinga"JumpPage"toincludetheflashmoviethatisusedforfingerprinting.
InOption1,theflashmoviesendstheuser'scurrentflashcookievaluetotheserverandtheserverrespondswithanewvalueinasingletransaction.
15.
3.
1Option1FlowFigure15–1showstheflowofOption1.
Figure15–1Option11.
Theuserispresentedwiththeusernamepage2.
Theusersubmitstheusernamea.
Theapplicationloadstheuserb.
TheapplicationcallsVCryptTracker.
updateLogwiththeUserandHTTPCookieinformation3.
Theuseristakentothejumppagecontainingtheembeddedflashmoviea.
TheflashmoviemakesanHTTPrequesttriggeringflashfingerprinthandlingi.
TheserverretrievestheHTTPrequestparameter"v"andstoresitinsessionii.
TheserverretrievestheHTTPrequestparameter"client"iii.
TheserverretrievestheHTTPrequestparameter"fp"iv.
ParsefpwithVCryptServletUtil.
getFlashFingerprint(client,fp)v.
CallsVCryptTracker.
updateLogwiththeUser,HTTPCookie,andFlashinformationvi.
ThenewflashcookiereturnedinCookieSetfromupdateLogisreturnedtotheflashmovieintheHTTPresponse("&v="+cookieSet.
getFlashCookie())4.
Theuseristakentopasswordpageafterjumppagewaitperioda.
RunthePre-AuthenticationRules5.
TheusersubmitsthepasswordOption2FlashFingerprinting15-3a.
Theapplicationverifiesthepasswordb.
RunPost-AuthenticationRulesc.
CallsVCryptTracker.
updateAuthStatuswithauthenticationresult15.
3.
2Option1CodeExampleThissectionprovidesacodeexampleforOption1.
publicStringflashFingerPrint(HttpServletRequestrequest){HttpSessionsession=request.
getSession(true);try{StringdigitalCookie=request.
getParameter("v");StringfpStr=request.
getParameter("fp");Stringclient=request.
getParameter("client");StringflashFingerprint=VCryptServletUtil.
getFlashFingerPrint(client,fpStr);session.
setAttribute("v",digitalCookie);session.
setAttribute("fp",flashFingerprint);VCryptAuthUserclientUser=(VCryptAuthUser)session.
getAttribute("clientUser");if(clientUser==null){//Usernotfoundinsessionreturn"";}StringloginId=clientUser.
getLoginId();StringcustomerId=clientUser.
getCustomerId();StringgroupId=clientUser.
getCustomerGroupId();intclientType=UserDefEnum.
getElementValue(IBharosaConstants.
ENUM_CLIENT_TYPE_ID,FLASH_CLIENT_ENUM);cookieSet=updateLog(request,loginId,customerId,groupId,clientType,authResult);session.
setAttrubute("cookieSet");returncookieSet.
getFlashCookie();}catch(Exceptione){//Handlefingerprintingerror}return"";}//flashFingerPrint15.
4Option2Option2isanewer,morestreamlineduserexperiencethateliminatesthe"JumpPage"fromtheuserexperience.
Todothis,theflashmovieisincludedinboththeusernamepageandthepasswordpage.
15.
4.
1Option2FlowFigure15–2showstheflowofOption2.
Option215-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerFigure15–2Option21.
Theuserispresentedwiththeusernamepagewiththeembeddedflashmoviea.
TheflashmoviemakesanHTTPrequesttriggeringtheflashfingerprinthandlingi.
TheserverretrievestheHTTPrequestparameter"v"andstoresitinsessionii.
TheserverretrievesHTTPrequestparameter"client"iii.
TheserverretrievesHTTPrequestparameter"fp"iv.
ParsefpwithVCryptServletUtil.
getFlashFingerprint(client,fp)andstoreresultinusersession.
v.
Thevalueof"v"receivedisreturnedtotheflashmovieintheHTTPresponse("&v="+cookieSet.
getFlashCookie())2.
Theusersubmitstheusernamea.
Theapplicationloadstheuserb.
RunPre-AuthenticationRulesc.
CallsVCryptTracker.
updateLogwiththeUser,HTTPCookieandFlashvalue3.
Theuseristakentothepasswordpagewiththeembeddedflashmoviea.
TheflashmoviemakesanHTTPrequesttriggeringtheflashfingerprinthandlingi.
Theserveralreadyhasthevaluefromthepreviousflashrequestii.
ThenewvaluegeneratedbyUpdateLogcallisreturnedtoflashmovie4.
Theusersubmitsthepassworda.
Theapplicationverifiesthepasswordb.
RunthePost-AuthenticationRulesc.
CallsVCryptTracker.
updateAuthStatuswiththeauthenticationresult15.
4.
2Option2CodeExampleThissectionprovidesacodeexampleforOption2.
Option3FlashFingerprinting15-5publicStringflashFingerPrint(HttpServletRequestrequest){HttpSessionsession=request.
getSession(true);try{CookieSetcookieSet=(CookieSet)session.
getAttribute("cookieSet");if(cookieSet==null){StringdigitalCookie=request.
getParameter("v");StringfpStr=request.
getParameter("fp");Stringclient=request.
getParameter("client");StringflashFingerprint=VCryptServletUtil.
getFlashFingerPrint(client,fpStr);session.
setAttribute("v",digitalCookie);session.
setAttribute("fp",flashFingerprint);}else{//fingerprintingalreadyhappened,usingpreviouslygeneratedcookieset}returncookieSet.
getFlashCookie();}catch(Exceptione){//Handlefingerprintingerror}return"";}//flashFingerPrint15.
5Option3Option3isanimplementationusingasinglepageforusernameandpassword(notusingvirtualauthenticationdevices),andusesa"JumpPage"toincludetheflashmovieusedforfingerprinting.
Inthiscase,theflashmoviewillsendtheservertheuser'scurrentflashcookievalueandtheserverwillrespondwithanewvalueinasingletransaction.
15.
5.
1Option3FlowFigure15–3showstheflowofOption3.
Figure15–3Option3FlowOption315-6OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager1.
Theuserispresentedwithasingleusernameandpasswordpage2.
Theusersubmitstheusernameandpassworda.
Theapplicationloadsuserb.
Theapplicationverifiespasswordc.
CallsVCryptTracker.
updateLogwithUser,authenticationresultandHTTPCookieinformation3.
Theuseristakentothejumppagecontainingtheembeddedflashmoviea.
TheflashmoviemakesanHTTPrequesttriggeringtheflashfingerprinthandlingi.
TheserverretrievestheHTTPrequestparameter"v"andstoresitinsessionii.
TheserverretrievestheHTTPrequestparameter"client"iii.
TheserverretrievesHTTPrequestparameter"fp"iv.
ParsefpwithVCryptServletUtil.
getFlashFingerprint(client,fp).
v.
CallsVCryptTracker.
updateLogwithUser,HTTPCookie,andFlashinformationvi.
ThenewflashcookiereturnedinCookieSetfromupdateLogisreturnedtotheflashmovieintheHTTPresponse("&v="+cookieSet.
getFlashCookie())4.
Theusercontinuesontotheapplicationafterthejumppagewaitperioda.
RunPost-AuthenticationRulesb.
CallsVCryptTracker.
updateAuthStatuswithauthenticationresult15.
5.
2Option3CodeExampleThissectionprovidesacodeexampleforOption3.
publicStringflashFingerPrint(HttpServletRequestrequest){HttpSessionsession=request.
getSession(true);try{StringdigitalCookie=request.
getParameter("v");StringfpStr=request.
getParameter("fp");Stringclient=request.
getParameter("client");StringflashFingerprint=VCryptServletUtil.
getFlashFingerPrint(client,fpStr);session.
setAttribute("v",digitalCookie);session.
setAttribute("fp",flashFingerprint);VCryptAuthUserclientUser=(VCryptAuthUser)session.
getAttribute("clientUser");if(clientUser==null){//Usernotfoundinsessionreturn"";}StringloginId=clientUser.
getLoginId();StringcustomerId=clientUser.
getCustomerId();StringgroupId=clientUser.
getCustomerGroupId();intclientType=UserDefEnum.
getElementValue(IBharosaConstants.
ENUM_CLIENT_TYPE_ID,FLASH_CLIENT_ENUM);CommonUpdateFlashFingerprinting15-7cookieSet=updateLog(request,loginId,customerId,groupId,clientType,authResult);session.
setAttrubute("cookieSet");returncookieSet.
getFlashCookie();}catch(Exceptione){//Handlefingerprintingerror}return"";}//flashFingerPrint15.
6CommonUpdateTheimplementationswoulduseamethodsimilartothefollowingformakingupdateLogcalls:protectedCookieSetupdateLog(HttpServletRequestrequest,StringloginId,StringuserId,StringgroupId,intclientType,intauthStatus)throwsBharosaProxyException{HttpSessionsession=request.
getSession(tru);StringrequestId=(String)session.
getAttribute("requestId");StringremoteIPAddr=request.
getRemoteAddress();StringremoteHost=request.
getRemoteHost();StringsecureCookie=VCryptServletTrackerUtil.
getSecureCookie(request);StringsecureClientVersion="1.
0";Object[]fingerPrintInfo=VCryptServletUtil.
getBrowserFingerPrint(request);intfingerPrintType=fingerPrintInfo==null0:((Integer)fingerPrintInfo[0]).
intValue();StringfingerPrint=fingerPrintInfo==null"":(String)fingerPrintInfo[1];intfingerPrintType2=VCryptServletUtil.
flashFPType.
intValue();StringfingerPrint2=(String)session.
getAttribute("fp");StringdigitalCookie=(String)session.
getAttribute("v");CookieSetcookieSet=(CookieSet)session.
getAttribute("cookieSet");if(secureCookie==null&&cookieSet!
=null){secureCookie=cookieSet.
getSecureCookie();}if(digitalCookie==null&&cookieSet!
=null){digitalCookie=cookieSet.
getFlashCookie();}booleanisSecure=false;VCryptTrackervTracker=VCryptTrackerUtil.
getVCryptTrackerInstance();cookieSet=vTracker.
updateLog(requestId,remoteIPAddr,remoteHost,secureCookie,digitalCookie,groupId,userId,loginId,CommonUpdate15-8OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerisSecure,authStatus,clientType,secureClientVersion,fingerPrintType,fingerPrint,fingerPrintType2,fingerPrint2);returncookieSet;}PartIVPartIVAuthenticationandPasswordManagementIntegrationPartIVcontainsachapteronOracleAdaptiveAccessManager,OracleAccessManager,andOracleIdentityManagerintegration.
16AccessandPasswordManagementIntegration16-116AccessandPasswordManagementIntegrationThischapterprovidesanoverviewofthebenefitsandalistofscenariosofOracleAccessManagerwithOracleIdentityManagerandOracleAdaptiveAccessManager.
DetailedconceptualandproceduralinformationisprovidedintheOracleFusionMiddlewareAdministrator'sGuideforOracleAccessManagerwithOracleSecurityTokenService.
16.
1BenefitsandFeaturesoftheIntegrationIntegratingOracleAccessManager,OracleAdaptiveAccessManager,andOracleIdentityManagerprovidesthesefeatures:PasswordentryprotectionthroughpersonalizedvirtualauthenticationdevicesKBAchallengequestionsforsecondaryloginauthenticationbasedonriskOTPchallengeforsecondaryloginauthenticationbasedonriskRegistrationflowstosupportpasswordprotectionandKBAandOTPchallengefunctionalityUserpreferencesflowstosupportpasswordprotectionandKBAandOTPchallengefunctionalityPasswordmanagementflowsOracleAdaptiveAccessManagerOracleAdaptiveAccessManagerisresponsiblefor:RunningfraudrulesbeforeandafterauthenticationNavigatingtheuserthroughOracleAdaptiveAccessManagerflowsbasedontheoutcomeoffraudrulesOracleIdentityManagerOracleIdentityManagerisresponsiblefor:Provisioningusers(add/modify,deleteusers)Managingpasswords(reset/changepassword)OracleAccessManagerOracleAccessManagerisresponsiblefor:SecurePasswordCollectionandManagementScenarios16-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerAuthenticatingandauthorizingusersProvidingstatusessuchasResetPassword,PasswordExpired,UserLocked,andothers16.
2SecurePasswordCollectionandManagementScenariosInthisintegration,OracleAccessManagerredirectsuserstoOracleAdaptiveAccessManagerwhenatriggerconditionforpasswordmanagementisineffect.
The"triggercondition"istheauthenticationschemeusedinOracleAccessManager.
OracleAdaptiveAccessManagerinteractswiththeuserbasedonlifecyclepoliciesretrievedfromOracleAccessManager,andwhentheconditionisresolved,notifiesOracleAccessManagersothattheuserisredirectedtotheprotectedresource.
Inthisintegration,OracleIdentityManagerservestoprovidepasswordpolicyenforcement.
ChallengeRegistrationFlowTheChallengeRegistrationflowallowstheusertoregisterchallengequestionsandanswers.
Theuserissuccessfullyauthenticatedbutisrequiredtoregisterchallengequestions.
Hecannotskiptheregistration.
Theuserisnotauthorizedtoaccessprotectedresourcesuntilthechallengesquestionshavebeenregistered.
ForgotPasswordFlowTheForgotPasswordflowallowstheusertoresetthepasswordaftersuccessfullyansweringallchallengequestions.
A"ForgotYourPassword"linkismadeavailablefromtheOracleAdaptiveAccessManagerpasswordpagefortheuser.
ResetPasswordFlowTheResetPasswordflowallowstheusertoresetthepassword.
Theuserissuccessfullyauthenticated.
The"Changeyourpassword"linkisavailabletotheuserattheOracleAdaptiveAccessManagerpasswordpage.
ChallengeResetFlowTheChallengeResetflowallowstheusertoresetchallengeregistration.
Theuserissuccessfullyauthenticated.
The"Resetyourchallengequestions"linkisavailableintheOracleAdaptiveAccessManagerpasswordpage.
Note:WhenaddingOracleAdaptiveAccessManagertoexistingOracleIdentityManagerdeployments,youwillneedtoforegoalltheexistingquestionsandanswersthatareregisteredinOracleIdentityManager.
Instead,usersareaskedtoregisterthechallengequestionsagaininOracleAdaptiveAccessManageronthenextlogin.
PartVPartVMigrationandLifecycleManagementPartVcontainsthefollowingchapters:Chapter17,"MigratingNativeApplicationstoOAAM11g"Chapter18,"HandlingLifecycleManagementChanges"17MigratingNativeApplicationstoOAAM11g17-117MigratingNativeApplicationstoOAAM11gThischaptercoversthetasksinvolvedinmigratinganexistingnativelyintegrated10.
1.
4.
5applicationthatiscurrentlyusingSOAPauthenticationto11g.
17.
1PreparingforMigrationPre-requisitesareasfollowsformigrationofyourexistingnativelyintegratedapplication:ClientshouldbeusingOAAMSharedLibraryforNativeIntegrationusingSOAPClientshouldspecifytheconfigurablepropertiesinbharosa_server.
propertiesandthisfileshouldbeintheJavaClasspathoftheclientapplicationSeeSection17.
4,"MigratingNativeApplicationsthatCannotUseOAAMSharedLibrary"iftheNativeApplicationcannotusetheOAAMSharedLibrary17.
2MigratingNativeStaticLinked(InProc)ApplicationstoOAAM11gThisnativeintegrationinvolvesonlylocalAPIcallsandthereforenoremoteserverriskenginecalls.
TheintegrationembedstheprocessingengineforOAAMwiththeapplicationandenablesittoleveragetheunderlyingdatabasedirectlyforprocessing.
TomigratethenativelyintegratedinprocapplicationtoOAAM11g,proceedasfollows:17.
2.
1UsetheOAAMSharedLibraryInsteadofStaticLinkingtoOAAMJarsTousetheOracleAdaptiveAccessManagerSharedLibrary,youmustrefertothesharedlibrarybyaddingthefollowingentrytoyourWebLogicdeploymentdescriptorfile,weblogic.
xml:oracle.
oaam.
libs17.
2.
2MoveAllConfigurablePropertiesintobharosa_server.
propertiesFileAspartofmigratingtheapplication,youmustperformthesesteps:1.
Movealltheconfigurablepropertiestobharosa_server.
properties.
2.
Remove/deleteallotherOAAMpropertyfilesfromthenativeapplication.
MigratingNativeSOAPApplicationstoOAAM11g17-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager3.
Remove/deletealloldOAAMjarfiles.
17.
3MigratingNativeSOAPApplicationstoOAAM11gThewebapplicationcommunicateswithOAAMviaWebServices.
FollowtheproceduresinthissectiontomigrateyournativeSOAPapplicationtoOAAM11g.
17.
3.
1UseOAAMSharedLibraryInsteadofStaticLinkingtoOAAMJarsTousetheOracleAdaptiveAccessManagerSharedLibrary,youmustrefertothesharedlibrarybyaddingthefollowingentrytoyourWebLogicdeploymentdescriptorfile,weblogic.
xml:oracle.
oaam.
libs17.
3.
2MoveAllConfigurablePropertiesintothebharosa_server.
propertiesFileAspartofmigratingtheapplication,youmustperformthesesteps:1.
Movealltheconfigurablepropertiestobharosa_server.
properties.
2.
Makesurethefollowingpropertiesaresetinbharosa_server.
properties:vcrypt.
tracker.
soap.
useSOAPServer=truevcrypt.
soap.
disable=falsebharosa.
config.
impl.
classname=com.
bharosa.
common.
util.
BharosaConfigPropsImplbharosa.
config.
load.
impl.
classname=com.
bharosa.
common.
util.
BharosaConfigLoadPropsImpl3.
Remove/deleteallotherOAAMpropertyfilesfromthenativeapplication4.
Remove/deletealloldOAAMjarfiles17.
3.
3ConfigureSOAP/WebServicesAccessFordetailsonconfiguringSOAP/WebServicesAccess,referto"ConfiguringSOAPWebServicesAccess"intheOracleFusionMiddlewareAdministrator'sGuideforOracleAdaptiveAccessManager.
17.
4MigratingNativeApplicationsthatCannotUseOAAMSharedLibraryTheprocessbelowcoversmigratingyourexisting10.
1.
4.
5NativelyIntegratedapplicationthatiscurrentlyusingSOAPauthenticationto11g.
17.
4.
1UsetheOAAM11gJarFilesAfterthosefilesarecopied,youcancopytheoaam_core.
jarfilefromthe$ORACLE_HOME/oaam/cli/libfolderintoyourapplicationslibrarydirectory.
$ORACLE_HOMEisusuallytheORACLE_IDM1folderintheMiddlewareHome.
MigratingNativeApplicationsthatCannotUseOAAMSharedLibraryMigratingNativeApplicationstoOAAM11g17-317.
4.
2CopytheOAAM11gPropertyFilesAllupdatedpropertyfilesandlibrariesarelocatedinthe$ORACLE_HOME/oaam/clifolder.
Theconf/bharosa_propertiesfoldercontainstheupdatedproperties,andthelibfoldercontainstheupdatedlibraries.
Toupgradeyourexistingnativelyintegratedapplication,youcanstartbyremovingthecontentsofyourexistingbharosa_propertiesfolder,andreplacingthemwiththecontentsofthe$ORACLE_HOME/oaam/cli/conf/bharosa_propertiesdirectory.
17.
4.
3SpecifytheConfigurablePropertiesinthebharosa_server.
propertiesFileIn10gallclientspecificconfigurationoverrideswerecreatedinthebharosa_client.
propertiesfile,nowthoseoverridesneedtobecreatedinthebharosa_server.
propertiesfile.
Thiswastypicallythefilemodifiedontheserversideforthesamepurpose.
Abharosa_server.
propertiesfilethatcontainsthecontentsofyouroldbharosa_client.
propertieswiththeadditionofthefollowingnewpropertiesneedstobecreatedinyourapplication'sbharosa_propertiesfolderthatcontainsthefollowinginformation:#NewPropertiesvcrypt.
tracker.
soap.
useSOAPServer=truevcrypt.
soap.
disable=falsebharosa.
config.
impl.
classname=com.
bharosa.
common.
util.
BharosaConfigPropsImplbharosa.
config.
load.
impl.
classname=com.
bharosa.
common.
util.
BharosaConfigLoadPropsImplThesenewpropertieswilltellthenewlibrariestousetheGenericSOAPimplementationclassesforcommunicatingwiththeOAAMServercomponent,andinsteadoflookingtotheOAAMdatabasetoreadthepropertiestypicallyretrievedfromtheBharosaConfigclasstoretrievethemfromthelocalpropertyfiles.
Itisnotedabovethatthesepropertiesaretobeusedinadditiontotheexistingcontentsofyourbharosa_client.
propertiesfilewhichshouldincludeyoursoapusername,andsoapkeystoreinformation.
Note:IfyoudidnothaveSOAPauthenticationsetupin10g,youwillneedtoreferto"SettingUpEncryption"inthe10.
1.
4.
5OracleAdaptiveAccessManagerInstallationandConfigurationGuideforcreatingaSOAPkeystoreforusewiththenew11genvironment.
MigratingNativeApplicationsthatCannotUseOAAMSharedLibrary17-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager18HandlingLifecycleManagementChanges18-118HandlingLifecycleManagementChangesBecauseofintegrateddeploymentofOracleAdaptiveAccessManagerwithotherapplications,OracleVirtualDirectory,OracleIdentityManager,OracleAccessManager,OracleInternetDirectory,andconfigurationchangesinthoseapplications,variousconfigurationchangesmightberequiredinOracleAdaptiveAccessManager.
Instructionsforhandlingsuchtypesofconfigurationchangesaredescribedinthischapter:OracleVirtualDirectory(OVD)Host,Port,andSSLEnablementChangesOracleIdentityManager(OIM)URLChangesOracleAccessManager(OAM)HostandPortChangesOracleInternetDirectory(OID)HostandPortChangesandSSLEnablementDatabaseHostandPortChangesReferencesarealsoprovidedformovingOracleAdaptiveAccessManagerfromatestenvironmenttoaproductionenvironment:MovingOracleAdaptiveAccessManagertoaNewProductionEnvironmentMovingOracleAdaptiveAccessManagertoanExistingProductionEnvironment18.
1OracleVirtualDirectory(OVD)Host,Port,andSSLEnablementChangesTochangetheOracleVirtualDirectoryhost,port,andSSLenablement:1.
StarttheOracleAdaptiveAccessManagerserver-relatedmanagedserver.
2.
GotoOAAMAdminathttp://:/oaam_admin.
3.
LoginasauserwithaccesstothePropertiesEditor.
4.
OpentheOracleAdaptiveAccessManagerPropertyEditortomodifyparametersto:ChangethepasswordauthenticationprovidertoLDAPRewireexistingOracleAdaptiveAccessManagerforOracleVirtualDirectoryhostnameRewireexistingOracleAdaptiveAccessManagerforOracleVirtualDirectoryportchangesOracleIdentityManager(OIM)URLChanges18-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerRewireexistingOracleAdaptiveAccessManagerforSSLEnablementofOracleVirtualDirectory(ChangePlainTextCommunicationtoSSLforwiringbetweenOracleAdaptiveAccessManagerandOracleVirtualDirectory)ForinformationonsettingpropertiesinOracleAdaptiveAccessManager,see"UsingthePropertyEditor"inOracleFusionMiddlewareAdministrator'sGuideforOracleAdaptiveAccessManager.
5.
RestarttheOracleAdaptiveAccessManagerserver-relatedmanagedserver.
18.
2OracleIdentityManager(OIM)URLChangesFollowthesestepstorewireanexistingdeploymentofOracleAdaptiveAccessManagerwithOracleIdentityManager:1.
StarttheOracleAdaptiveAccessManagerserver-relatedmanagedserver.
2.
GotoOAAMAdminathttp://:/oaam_admin.
3.
LoginasauserwithaccesstothePropertiesEditor.
4.
OpentheOracleAdaptiveAccessManagerPropertyEditortomodifyparametersto:RewireexistingOracleAdaptiveAccessManagerforpasswordflowRewireexistingOracleAdaptiveAccessManagerforotherredirectionTable18–1ConfiguringOracleDirectoryManagerPropertyValuesPropertyNamePropertyValuesbharosa.
uio.
default.
password.
auth.
provider.
classnamecom.
bharosa.
vcrypt.
services.
LDAPOAAMAuthProvideroaam.
uio.
ldap.
hostForexample,host.
oracle.
comoaam.
uio.
ldap.
portoaam.
uio.
ldap.
userdn.
templateForexample,uid={USER_ID},cn=user,dc=us,dc=oracle,dc=com.
oaam.
uio.
ldap.
isSSLfalseOracleInternetDirectory(OID)HostandPortChangesandSSLEnablementHandlingLifecycleManagementChanges18-3ForinformationonsettingpropertiesinOracleAdaptiveAccessManager,see"UsingthePropertyEditor"inOracleFusionMiddlewareAdministrator'sGuideforOracleAdaptiveAccessManager.
5.
RestarttheOracleAdaptiveAccessManagerserver-relatedmanagedserver.
18.
3OracleAccessManager(OAM)HostandPortChangesForinformationonrewiringOracleAccessManagerforOracleAdaptiveAccessManagerhostnameandportchanges,refertotheOracleFusionMiddlewareAdministrator'sGuideforOracleAccessManagerwithOracleSecurityTokenService.
18.
4OracleInternetDirectory(OID)HostandPortChangesandSSLEnablementFollowthesestepstochangetheOracleInternetDirectoryHost,PortandSSLenablementinanexistingdeploymentofOracleAdaptiveAccessManager:1.
StarttheOracleAdaptiveAccessManagerserver-relatedmanagedserver.
2.
GotoOAAMAdminathttp://:/oaam_admin.
3.
LoginasauserwithaccesstothePropertiesEditor.
4.
OpentheOracleAdaptiveAccessManagerPropertyEditortomodifyparametersto:ChangethepasswordauthenticationprovidertoLDAPTable18–2ConfiguringOracleIdentityManagerPropertyValuesPropertyNamePropertyValuesoaam.
oim.
urlt3://:Forexample,t3://host.
oracle.
com:14000bharosa.
uio.
default.
signon.
links.
enum.
selfregistration.
urlhttp://:/oim/faces/pages/USelf.
jspxE_TYPE=USELF&OP_TYPE=SELF_REGISTRATION&backUrl=whereishttp://:/oim/faces/pages/Self.
jspxor(incaseofIDMDOMAINAgent)ishttp://:/oim/faces/pages/Self.
jspxOHSsetupwasperformedduringtheintegrationbetweenOracleAccessManagerandOracleIdentityManager.
bharosa.
uio.
default.
signon.
links.
enum.
trackregistration.
urlhttp://:/oim/faces/pages/USelf.
jspxE_TYPE=USELF&OP_TYPE=UNAUTH_TRACK_REQUEST&backUrl=whereishttp://:/oim/faces/pages/Self.
jspxor(incaseofIDMDOMAINAgent)ishttp://:/oim/faces/pages/Self.
jspx.
OHSsetupwasperformedduringtheintegrationbetweenOracleAccessManagerandOracleIdentityManager.
DatabaseHostandPortChanges18-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerRewireexistingOracleAdaptiveAccessManagerforOracleInternetDirectoryhostnameRewireexistingOracleAdaptiveAccessManagerforOracleInternetDirectoryportchangesRewireexistingOracleAdaptiveAccessManagerforSSLEnablementofOracleInternetDirectory(ChangePlainTextCommunicationtoSSLforwiringbetweenOracleAdaptiveAccessManagerandOracleInternetDirectory)ForinformationonsettingpropertiesinOracleAdaptiveAccessManager,see"UsingthePropertyEditor"inOracleFusionMiddlewareAdministrator'sGuideforOracleAdaptiveAccessManager.
5.
RestarttheOracleAdaptiveAccessManagerserver-relatedmanagedserver.
18.
5DatabaseHostandPortChangesAfterinstallingOracleAdaptiveAccessManager,ifthereareanychangesinthedatabasehostorportnumber,followtheseinstructions:1.
GototheORACLE_HOMEofthedatabase.
2.
ChangetheportnumberinORACLE_HOME/network/admin/listener.
ora.
3.
StopandthenrestarttheOraclelistener.
4.
ChangethedatabasepointerinthedatasourcesscreenintheWeblogicAdministrationConsoleTochangesthedatasource:1.
IntheWebLogicAdministrativeConsole,navigatetoServices,selectJDBC,selectDataSources,andthenoaamDS.
2.
ClickoaamDSandedititforhostname/portorusername/password.
18.
6MovingOracleAdaptiveAccessManagertoaNewProductionEnvironmentForinformationonmovingOracleAdaptiveAccessManagertoanewproductionenvironment,see"MovingIdentityManagementtoaNewProductionEnvironment"inOracleFusionMiddlewareAdministrator'sGuide.
Table18–3ConfiguringOracleDirectoryManagerPropertyValuesPropertyNamePropertyValuesbharosa.
uio.
default.
password.
auth.
provider.
classnamecom.
bharosa.
vcrypt.
services.
LDAPOAAMAuthProvideroaam.
uio.
ldap.
hostForexample,host.
oracle.
comoaam.
uio.
ldap.
portoaam.
uio.
ldap.
userdn.
templateForexample,uid={USER_ID},cn=user,dc=us,dc=oracle,dc=com.
oaam.
uio.
ldap.
isSSLfalseMovingOracleAdaptiveAccessManagertoanExistingProductionEnvironmentHandlingLifecycleManagementChanges18-518.
7MovingOracleAdaptiveAccessManagertoanExistingProductionEnvironmentForinformationonmovingOracleAdaptiveAccessManagertoanexistingproductionenvironment,see"MovingIdentityManagementtoanExistingProductionEnvironment"inOracleFusionMiddlewareAdministrator'sGuide.
MovingOracleAdaptiveAccessManagertoanExistingProductionEnvironment18-6OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerPartVIPartVICustomDevelopmentPartVIcontainsthefollowingchapter:Chapter19,"CreatingOAAMOracleBIPublisherReports"Chapter20,"DevelopingCustomChallengeProcessors"Chapter21,"CreatingaViewofaNon-OAAMDatabase"Chapter22,"DevelopingaCustomLoaderforOAAMOffline"19CreatingOAAMOracleBIPublisherReports19-119CreatingOAAMOracleBIPublisherReportsThischaptercontainsinstructionsoncreatingOracleBIPublisherreportsondataintheOAAMschema.
19.
1CreateOracleBIPublisherReportsonDataintheOAAMSchemaRefertothefollowingsectionstocreateOAAMreportsfromtheOracleAdaptiveAccessManagerdatabase.
IncodelistingsOAAMtableandfieldnamesareboldanditalic.
19.
1.
1CreateaDataModelTocreateadatamodel,seetheOracleBIPublisherdocumentationfordetails.
19.
1.
2MapUserDefinedEnumNumericTypeCodestoReadableNamesSeveralfieldsinmanytablesarenumerictypecodes,whichcorrespondtoOAAMUserDefinedEnums.
RefertoChapter7,"OAAMExtensionsandSharedLibrarytoCustomizeOAAM"formoreinformationaboutOAAMUserDefinedEnums.
Informationonhowtomapthosetypecodestoreadablenamesispresentedinthissection.
Therearetwomethodsforresolvingthesenames,andtheonetochoosedependsonwhetheryouneedtodisplayEnglishonlyoryouneedtodisplayinternationalizedstrings.
19.
1.
2.
1ResultsDisplayTodisplayareadablestringratherthanatypecodevalueinthereportoutput,thereportwriterwillneedtoaddajointothetablesthatholdtheUserDefinedEnums,andthenaddthefieldtotheselectclause.
19.
1.
2.
2EnglishOnlyUserDefinedEnumResultDisplayThefollowingSQLcodeshowshowtoaddthejoincriteriatothequery:SELECT…FROM…LEFTOUTERJOIN(SELECTenumElement.
num_value,enumElement.
labelFROMv_b_enumenumINNERJOINv_b_enum_elmntenumElementONonenum.
enum_id=enum_element.
enum_idWHEREenum.
prop_name='enumname')aliasONtable.
type_field=alias.
num_valueCreateOracleBIPublisherReportsonDataintheOAAMSchema19-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager…Inthiscode,table.
type_fieldisthefieldcontainingatypecodevaluethatyouwanttoreplacewithastring.
Aliasisthenameyouaregivingtheinnerselectclause.
Finally,enum_nameisthepropertynameoftheUserDefinedEnum.
Todisplayinthereport,youneedtoaddalias.
labeltotheselectclause.
19.
1.
2.
3InternationalizedUserDefinedEnumResultDisplayThefollowingSQLcodeshowshowtoaddthejoincriteriatothequery:SELECT…FROM…LEFTOUTERJOIN(SELECTt0.
config_value,element.
num_valueFROMv_b_config_rbt0INNERJOIN(SELECTenum_element.
num_value,enum_element.
str_value,enum.
prop_nameFROMv_b_enumenumINNERJOINv_b_enum_elmntenum_elementONenum.
enum_id=enum_element.
enum_idWHEREenum.
prop_name='enumname')elementONt0.
config_name=element.
prop_nameelement.
str_value||'.
name'WHEREt0.
locale_id=(SELECTlocale_idFROMv_b_localeWHERElanguage=substr(:xdo_user_ui_locale,1,2)ANDcountry=substr(:xdo_user_ui_locale,4,2)AND(substr(:xdo_user_ui_locale,1,2)in('de','en','es','fr','it','ja','ko')OR(substr(:xdo_user_ui_locale,1,2)='pt'ANDsubstr(:xdo_user_ui_locale,4,2)='BR')OR(substr(:xdo_user_ui_locale,1,2)='zh'ANDsubstr(:xdo_user_ui_locale,4,2)IN('CN','TW')))UNIONSELECTlocale_idFROMv_b_localeWHERElanguage=substr(:xdo_user_ui_locale,1,2)ANDNOTEXISTS(SELECTlocale_idFROMv_b_localeWHERElanguage=substr(:xdo_user_ui_locale,1,2)ANDcountry=substr(:xdo_user_ui_locale,4,2))ANDcountryISNULLAND(substr(:xdo_user_ui_locale,1,2)in('de','en','es','fr','it','ja','ko')OR(substr(:xdo_user_ui_locale,1,2)='pt'ANDsubstr(:xdo_user_ui_locale,4,2)='BR')OR(substr(:xdo_user_ui_locale,1,2)='zh'ANDsubstr(:xdo_user_ui_locale,4,2)IN('CN','TW')))UNIONSELECTlocale_idFROMv_b_localeWHERElanguage='en'ANDNOT(substr(:xdo_user_ui_locale,1,2)in('de','en','es','fr','it','ja','ko')OR(substr(:xdo_user_ui_locale,1,2)='pt'ANDsubstr(:xdo_user_ui_locale,4,2)='BR')OR(substr(:xdo_user_ui_locale,1,2)='zh'ANDsubstr(:xdo_user_ui_locale,4,2)IN('CN','TW'))))ORDERBYt0.
config_name)aliasONtable.
type_field=alias.
num_value…CreateOracleBIPublisherReportsonDataintheOAAMSchemaCreatingOAAMOracleBIPublisherReports19-3Inthiscode,table.
type_fieldisthefieldcontainingatypecodevaluethatyouwanttoreplacewithastring.
Aliasisthenameyouwanttogivetheinnerselectclause.
Finally,enum_nameisthepropertynameoftheUserDefinedEnum.
Todisplayinthereport,youneedtoaddalias.
config_valuetotheselectclause.
19.
1.
3AddingListsofValuesAddparameterstoyourreportdefinitiontoenableyouruserstointeractwiththereportandspecifythedataofinterestfromthedataset.
Toallowausertoselectfromalistofreadablestringsrepresentingtypecodes,thereportwriterwillneedtocreateaListofValues(LOV)fromaqueryontheUserDefinedEnumstables,filteredbytheenumname.
19.
1.
3.
1UserDefinedEnumsasListofValuesforFiltering,EnglishOnlyThefollowinglistingshowshowtowritethequerytopopulatethelistofvalues.
SELECTenumElement.
label,enumElement.
num_valueFROMv_b_enumenumINNERJOINv_b_enum_elmntenumElementONonenum.
enum_id=enumElement.
enum_idWHEREenum.
prop_name='enumname'ORDERBYenumElement.
labelThefollowinglistingshowshowtofilterthereportbasedonthisLOV.
WHERE…AND(:parameterISNULLOR:parameter=table.
type_field)Intheselistings,enum_nameisthepropertynameoftheUserDefinedEnum,table.
type_fieldisthefieldcontainingatypecodevaluethatyouwanttoreplacewithastring,andparameteristhenamedparameter.
SeetheOracleBIPublisherdocumentationforinformationaboutcreatingandsettingupreportparameters.
19.
1.
3.
2UserDefinedEnumsasListofValuesforFiltering,InternalizedThefollowinglistingshowshowtowritethequerytopopulatethelistofvalues.
SELECTt0.
config_value,element.
num_valueFROMv_b_config_rbt0INNERJOIN(SELECTenum_element.
num_value,enum_element.
str_value,enum.
prop_nameFROMv_b_enumenumINNERJOINv_b_enum_elmntenum_elementONenum.
enum_id=enum_element.
enum_idWHEREenum.
prop_name='enumname')elementONt0.
config_name=element.
prop_nameelement.
str_value||'.
name'WHEREt0.
locale_id=(SELECTlocale_idFROMv_b_localeWHERElanguage=substr(:xdo_user_ui_locale,1,2)ANDcountry=substr(:xdo_user_ui_locale,4,2)AND(substr(:xdo_user_ui_locale,1,2)in('de','en','es','fr','it','ja','ko')OR(substr(:xdo_user_ui_locale,1,2)='pt'ANDsubstr(:xdo_user_ui_locale,4,2)='BR')OR(substr(:xdo_user_ui_locale,1,2)='zh'ANDsubstr(:xdo_user_ui_locale,4,2)IN('CN','TW')))UNIONSELECTlocale_idFROMv_b_localeWHERElanguage=substr(:xdo_user_ui_locale,1,2)CreateOracleBIPublisherReportsonDataintheOAAMSchema19-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerANDNOTEXISTS(SELECTlocale_idFROMv_b_localeWHERElanguage=substr(:xdo_user_ui_locale,1,2)ANDcountry=substr(:xdo_user_ui_locale,4,2))ANDcountryISNULLAND(substr(:xdo_user_ui_locale,1,2)in('de','en','es','fr','it','ja','ko')OR(substr(:xdo_user_ui_locale,1,2)='pt'ANDsubstr(:xdo_user_ui_locale,4,2)='BR')OR(substr(:xdo_user_ui_locale,1,2)='zh'ANDsubstr(:xdo_user_ui_locale,4,2)IN('CN','TW')))UNIONSELECTlocale_idFROMv_b_localeWHERElanguage='en'ANDNOT(substr(:xdo_user_ui_locale,1,2)in('de','en','es','fr','it','ja','ko')OR(substr(:xdo_user_ui_locale,1,2)='pt'ANDsubstr(:xdo_user_ui_locale,4,2)='BR')OR(substr(:xdo_user_ui_locale,1,2)='zh'ANDsubstr(:xdo_user_ui_locale,4,2)IN('CN','TW'))))ORDERBYt0.
config_nameThefilteringisperformedinthesamemannerastheEnglishOnlyversion.
19.
1.
4AddingGeolocationDataTheOAAMschemaincludestablesthatmapIPaddressrangestolocationdataincludingcity,state,andcountry.
TherelevanttablesareVCRYPT_IP_LOCATION_MAP,VCRYPT_CITY,VCRYPT_STATE,andVCRYPT_COUNTRY.
ManytablescontainIPaddresses,andVCRYPT_IP_LOCATION_MAPcontainsforeignkeystoeachofVCRYPT_CITY,VCRYPT_STATE,andVCRYPT_COUNTRY.
InOAAM,IPaddressesarestoredaslongnumerals.
ThefollowinglistingshowshowjoinatablecontaininganIPaddresstotheVCRYPT_IP_LOCATION_MAP.
SELECT.
.
.
FROMvcrypt_tracker_usernode_logslogsINNERJOINvcrypt_ip_location_maplocON(logs.
remote_ip_addr>=loc.
from_ip_addrANDlogs.
remote_ip_addr=:fromDate)Table19–1VCRYPT_TRACKER_USERNODE_LOGSFieldNameUserDefinedEnumNameAUTH_STATUSauth.
status.
enumAUTH_CLIENT_TYPE_CODEauth.
client.
type.
enumTable19–2VCRYPT_ALERTFieldNameUserDefinedEnumNameALERT_LEVELalert.
level.
enumALERT_TYPEalert.
type.
enumALERT_STATUSalert.
status.
enumRUNTIME_TYPEprofile.
type.
enumBuildingOAAMTransactionsReports19-6OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerAND(:toDateISNULLORs.
create_timeANDstatus=1))ORDERBYdata_rowASC,data_colASC;19.
2.
2.
3BuildEntityDataSQLQueriesandViewsTheaboveSQLquerygivesalistofdatafieldsoftheentitywithdatatypeandrow,columnposition.
Usingthatinformation,buildaSQLquerybasedonthefollowinginformationthatrepresentsdataofthegivenentity.
Itisalsorecommendedtocreate/buildaviewbasedonthisSQLquerythatrepresentsdataofthegivenentity.
SELECTent.
ENTITY_ID,ent.
EXT_ENTITY_ID,ent.
ENTITYNAME,ent.
ENTITY_KEY,ent.
ENTITY_TYPE,EntityRowN.
DATA,(EntityRowN.
NUM_DATA/1000.
0),to_timestamp_tz(EntityRowN.
DATA,'YYYY-MM-DDHH24:MI:SSTZH:TZM'),ent.
CREATE_TIME,ent.
UPDATE_TIME,ent.
EXPIRY_TIME,ent.
RENEW_TIMEFROMVT_ENTITY_DEFentDef,VT_ENTITY_ONEentLEFTOUTERJOINVT_ENTITY_ONE_PROFILEEntityRowNNote:EntityRowNrepresentsanentitydatarow.
Ifyourentityhas3distinctdata_rowvaluesfromtheabovequerythenyouwouldhave3EntityRows,namethealiasesasEntityRow1,EntityRow2,andsoon,andsimilarlytakecareofthecorrespondingjoinsasshownbelow.
BuildingOAAMTransactionsReports19-8OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerON(EntityRowN.
ENTITY_ID=ent.
ENTITY_IDANDEntityRowN.
ROW_ORDER=ANDEntityRowN.
EXPIRE_TIMEISNULL)LEFTOUTERJOINVT_ENTITY_ONE_PROFILEEntityRowN+1ON(EntityRowN+1.
ENTITY_ID=ent.
ENTITY_IDANDEntityRowN+1.
ROW_ORDER=ANDrow1.
EXPIRE_TIMEISNULL)WHEREent.
ENTITY_DEF_ID=entDef.
ENTITY_DEF_IDandentDef.
ENTITY_DEF_KEY=19.
2.
3DiscoverTransactionDataMappingInformationTodiscovertransactiondatamappinginformationthatyouwillneedtocreateyourreport,followtheproceduresinthissection.
19.
2.
3.
1DiscoverTransactiondatadetailslikeDataType,RowandColumnmappingsTogetentitydatadetailsyouwillneedtoconstructyourreport,followthesesteps:1.
GetlistoftransactiontoentitydefinitionmappingIdsusingthefollowingSQL:SELECTmap_idFROMvt_trx_ent_defs_map,vt_trx_defWHEREvt_trx_ent_defs_map.
trx_def_id=vt_trx_def.
trx_def_idANDvt_trx_def.
trx_def_key=2.
UsethefollowingSQLquerytogetdetailsofalltransactiondatafields,theirdatatypeandtheirrow,columnmapping:SELECTlabel,data_row,data_col,data_typeFROMvt_data_def_elemWHEREstatus=1ANDdata_def_id=(SELECTdata_def_idFROMvt_data_def_mapWHERErelation_type='data'ANDparent_obj_type=1ANDparent_object_idIN(SELECTtrx_def_idFROMvt_trx_defWHEREtrx_def_key='mayo_pat_rec_acc'ANDstatus=1))ORDERBYdata_rowASC,data_colASC;19.
2.
3.
2BuildTransactionDataSQLQueriesandViewsUsetheinformationfromtheprevioussectionandbuildaSQLquerythatrepresentstransactiondatabasedonthefollowing:BuildingOAAMTransactionsReportsCreatingOAAMOracleBIPublisherReports19-9Note:ItisrecommendedtobuildaviewbasedonthisQuerysothatitiseasiertobuildreportsSELECTtrx.
LOG_ID,trx.
USER_ID,trx.
REQUEST_ID,trx.
EXT_TRX_ID,trx.
TRX_TYPE,trx.
STATUS,trx.
SCORE,trx.
RULE_ACTION,trx.
TRX_FLAG,trx.
POST_PROCESS_STATUS,trx.
POST_PROCESS_RESULT,TxnDataRowN.
DATA,(TxnDataRowN.
NUM_DATA/1000.
0),to_timestamp_tz(TxnDataRowN.
DATA,'YYYY-MM-DDHH24:MI:SSTZH:TZM'),(SELECTentTrxMap.
MAP_OBJ_IDFROMVT_ENT_TRX_MAPentTrxMapWHEREentTrxMap.
DEF_MAP_ID=ANDentTrxMap.
TRX_ID=trx.
LOG_ID),(SELECTentTrxMap.
MAP_OBJ_IDFROMVT_ENT_TRX_MAPentTrxMapWHEREentTrxMap.
DEF_MAP_ID=ANDentTrxMap.
TRX_ID=trx.
LOG_ID),trx.
CREATE_TIME,trx.
UPDATE_TIME,TRUNC(trx.
create_time,'HH24')created_hour,TRUNC(trx.
create_time,'DDD')created_day,TRUNC(trx.
create_time,'DAY')created_week,TRUNC(trx.
create_time,'MM')created_month,TRUNC(trx.
create_time,'YYYY')created_yearFROMVT_TRX_DEFtrxDef,VT_TRX_LOGStrxLEFTOUTERJOINVT_TRX_DATATransactionDataRowNON(TransactionDataRowN.
TRX_ID=trx.
LOG_IDANDTransactionDataRowN.
ROW_ORDER=)LEFTOUTERJOINVT_TRX_DATATransactionDataRowN+1ON(TransactionDataRowN+1.
TRX_ID=trx.
LOG_IDANDTransactionDataRowN+1.
ROW_ORDER=)WHEREtrx.
TRX_DEF_ID=trxDef.
TRX_DEF_IDandtrxDef.
TRX_DEF_KEY=19.
2.
4BuildReportsFollowtheinstructionsinthissectiontobuildreportsforentitiesandtransactions.
19.
2.
4.
1BuildingEntityDataReportsUsetheSQLQueriesorViewsbuiltusingtheinformationmentionedinSection19.
2.
2.
3,"BuildEntityDataSQLQueriesandViews.
"BuildingOAAMTransactionsReports19-10OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager19.
2.
4.
2BuildingTransactionDataReportsUsetheSQLQueriesorViewsbuiltusingtheinformationmentionedinSection19.
2.
3.
2,"BuildTransactionDataSQLQueriesandViews.
"19.
2.
4.
3JoiningEntityDataTablesandTransactiondatatablesYoucanjointhetransactiondataviewsyoubuiltwithentitydataviewusingVT_ENT_TRX_MAP.
MAP_OBJ_IDwhichisindicatedusingthepseudocolumn.
20DevelopingCustomChallengeProcessors20-120DevelopingCustomChallengeProcessorsTheOAAMServerprovidesachallengeprocessorframeworkthatallowsforcustomimplementationsofchallengemechanisms.
Thischaptercontainsthefollowingsections:WhatareChallengeProcessorsCodeChallengeProcessorsDefinetheDeliveryChannelTypesfortheChallengeProcessorsConfigureUserInputPropertiesConfiguretheChallengePadsUsedforChallengeTypes20.
1WhatareChallengeProcessorsAchallengeprocessorisjavacodethatimplementstheChallengeProcessorIntfinterfaceorextendstheAbstractChallengeProcessorclass.
Challengeprocessorscanbecreatedtoperformthefollowingtasksforachallenge:Generatechallengesecret(password)tosendtotheuser.
ValidatetheuseranswerControldeliverywaitpage(ifneeded)Checkifdeliveryserviceisavailable(ifneeded)Forexample,touseSMS,youmustimplementamethodforgeneratingthesecretPINandcheckingthestatusofthesendandtheclassthatiscalledforbyachallengetype.
20.
2CodeChallengeProcessorsThissectioncontainsinformationonthechallengeprocessorclassandmethodstoimplement.
Animplementationexampleisalsoprovidedforyourreference.
20.
2.
1ClassToimplementachallengeprocessor,youwillneedtoextendthefollowingclass:com.
bharosa.
uio.
processor.
challenge.
AbstractChallengeProcessorLater,youwillcompilethecodebyaddingoaam.
jarfrom$ORACLE_IDM_HOME\oaam\cli\libfoldertothebuildclasspath.
CodeChallengeProcessors20-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerForinstructionsoncustomizing,extending,oroverridingOracleAdaptiveAccessManagerproperties,refertoChapter7,"OAAMExtensionsandSharedLibrarytoCustomizeOAAM.
"20.
2.
2MethodsThemethodsusedinachallengeprocessorarelistedinthesectionsfollowing.
20.
2.
3Example:EmailChallengeProcessorImplementationAnimplementationoftheemailchallengeprocessorisshownasfollows:packageoracle.
oaam.
challenge.
processor.
challenge;importcom.
bharosa.
common.
util.
*;importcom.
bharosa.
uio.
util.
UIOUtil;importcom.
bharosa.
uio.
util.
UIOSessionData;importcom.
bharosa.
common.
logger.
Logger;importjava.
io.
Serializable;/***EmailChallengeProcessor-providesOTPCodegeneration,deliveryandvalidation*/publicclassEmailChallengeProcessorextendscom.
bharosa.
uio.
processor.
challenge.
AbstractOTPChallengeProcessorimplementsSerializable{staticLoggerlogger=Logger.
getLogger(EmailChallengeProcessor.
class);publicEmailChallengeProcessor(){}/***GeneratesOTPCodeandstoresitinsessionData**@paramsessionDatadataobjectavailableforthesession*@paramisRetrybooleanvalueifmethodwascalledasaresultofafailedanswerattempt*@return*/protectedbooleangenerateSecret(UIOSessionDatasessionData,booleanisRety){StringotpCode=sessionData.
getOTPCode();Table20–1ChallengeProcessorMethodsMethodsDescriptionprotectedbooleangenerateSecret(UIOSessionDatasessionData,booleanisRetry)ThismethodisusedtogeneratecodetosendtoclientprotectedbooleanvalidateAnswer(UIOSessionDatasessionData,Stringanswer)Thismethodisusedtovalidatetheuseranswer.
publicStringcheckDeliveryStatus(UIOSessionDatasessionData,booleanuserWaiting,booleanisRetry)Thismethodisusedifyouwanttoprovideawaituntilmessageissent.
publicbooleanisServiceAvailable(UIOSessionDatasessionData)Thismethodisusedtocheckifexternalserviceisavailable.
CodeChallengeProcessorsDevelopingCustomChallengeProcessors20-3//Ifnosecretcodeispresentinsession,generateone.
if(StringUtil.
isEmpty(otpCode)){if(logger.
isDebugEnabled())logger.
debug("ChallengeEmailgeneratingsecuritycodeforuser:"+sessionData.
getCustomerId());otpCode=generateCode(sessionData);//savethecodeforlaterreference-validate/resendsessionData.
setOTPCode(otpCode);}if(logger.
isDebugEnabled())logger.
debug("OTPcodeforuser"+sessionData.
getCustomerId(otpCode);if(StringUtil.
isEmpty(otpCode)){logger.
error("EmailChallengepingenerationreturnednull.
");returnfalse;}//isRetryflagisturnedonifuserfailstoanswerthequestionif(!
isRetry){returnsendCode(sessionData);}returntrue;}/***ValidateuserenteredansweragainstvalueinsessionData**@paramsessionDatavalidatecodeandreturnresult.
*@paramansweranswerprovidedbytheuser*@return*/protectedbooleanvalidateAnswer(UIOSessionDatasessionData,Stringanswer){//needtoauthenticateOTPCodeStringotpCode=sessionData.
getOTPCode();if(otpCode!
=null&&otpCode.
equals(answer)){//ExpireOTPCodesessionData.
setOTPCode(null);returntrue;}returnfalse;}/***Privatemethodstosendsecretcodetoclient**@paramsessionData*@return*/privatebooleansendCode(UIOSessionDatasessionData){StringotpCode=sessionData.
getOTPCode();try{//UIOUtil.
getOTPContactInfofetchestheinformationregisteredbytheuser.
RefertoChallengeEmail.
requiredInfoinconfiguration.
StringtoAddr=UIOUtil.
getOTPContactInfo(sessionData,"email");DefinetheDeliveryChannelTypesfortheChallengeProcessors20-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerif(StringUtil.
isEmpty(toAddr)){logger.
error("Nouseremailinprofile.
");returnfalse;}//Sendsecretcodetocustomerusingyouremailprovider}catch(Exceptionex){logger.
error("ChallengeEmailErrorsendingcode.
",ex);returnfalse;}returntrue;}publicStringcheckStatus(UIOSessionDatasessionData,booleanuserWaiting,booleanisRetry){Stringtarget=ChallengeProcessorIntf.
TARGET_WAIT;//useralreadyhascode,tryingagain-sendtochallengepageif(isRetry){returnChallengeProcessorIntf.
TARGET_CHALLENGE;}booleansendComplete=false;if(userWaiting){//ifsecretcodeissentsettargettotarget=ChallengeProcessorIntf.
TARGET_CHALLENGE;//failedtosendtarget=ChallengeProcessorIntf.
TARGET_ERROR;//stillprocessingtarget=ChallengeProcessorIntf.
TARGET_WAIT;}returntarget;}}20.
2.
4Secret(PIN)ImplementationTheAbstractOTPChallengeProcessorclasshasadefaultpingenerationmethod,generateCode,thatyoucanoverridetoprovideyourpingenerationlogic.
20.
3DefinetheDeliveryChannelTypesfortheChallengeProcessorsThissectioncontainsinstructionsondefiningadeliverychanneltype.
Examplesareprovidedforyourreference.
20.
3.
1ChallengeTypeEnumChallengetypesareconfiguredbytheenum,challenge.
type.
enum.
Theactualenumvalueisshownasfollows:bharosa.
uio.
.
challenge.
type.
enum.
Forexample,bharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmailThechallengetypeenumisusedtoassociateachallengetypewiththejavacodeneededtoperformanyworkrelatedtothatchallengetype.
AnexampleofimplementinganemailchallengeprocessorisshowninSection20.
2.
3,"Example:DefinetheDeliveryChannelTypesfortheChallengeProcessorsDevelopingCustomChallengeProcessors20-5EmailChallengeProcessorImplementation.
"TheChallengeTypeID(forexample,ChallengeEmail)shouldmatcharuleactionreturnedbytheruleswhenthatchallengetypeisused.
TheruleactionforChallengeEmailisrule.
action.
enum.
ChallengeEmail.
Theruleactionistochallengetheuserusingemailusingtheemaildeliverychannel.
"Channel"normallyreferstothedeliverychannelusedtosendtotheuser.
20.
3.
2Example:DefininganOTPChannelTypeTodefineachallengetype,usethefollowingproperty:bharosa.
uio.
default.
challenge.
type.
enum.
MyChallengeIntheproperty,defaultistheUIOapplicationname,andMyChallengeistheChallengeTypebeingadded.
Forexample,ChallengeEmailistheChallengeTypeintheexamplebelow.
bharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmailTheruleactionistochallengetheuserwithemailusingtheemaildeliverychannel.
rule.
action.
enum.
ChallengeEmailToenable/disableachallengetype,theavailableflagshouldbeset:bharosa.
uio.
default.
challenge.
type.
enum.
MyChallenge.
available=falseSettingtheavailableflagandsettingtheenabledflagaredifferent.
Theenabledflagwouldremoveitfromlist.
ExampleforDefiningaChannelTypeAttributesbharosa.
uio.
default.
challenge.
type.
enumwithexamplevaluesareshownasfollows:bharosa.
uio.
default.
challenge.
type.
enum.
MyChallenge=1//uniquevaluetoidentifyChallengeEmailinbharosa.
uio.
default.
challenge.
type.
enumbharosa.
uio.
default.
challenge.
type.
enum.
MyChallenge.
name=MyChallenge//uniquestringtoidentifyChallengeEmailinbharosa.
uio.
default.
challenge.
type.
enum,nospacesbharosa.
uio.
default.
challenge.
type.
enum.
MyChallenge.
description=EmailChallenge//descriptivenamebharosa.
uio.
default.
challenge.
type.
enum.
MyChallenge.
processor=oracle.
oaam.
challenge.
processor.
challenge.
EmailChallengeProcessor//Processorusedforsendingemailsinstanceofcom.
bharosa.
uio.
processor.
challenge.
ChallengeProcessorIntfTable20–2ChallengetypeFlagsPropertyDescriptionavailableifthechallengetypeisavailableforuse(servicereadyandconfigured).
Toenable/disableanOTPchallengetype,theavailableflagshouldbeset.
processorjavaclassforhandlingchallengesofthistype.
requiredInfocommaseparatedlistofinputsfromtheregistrationinputenumConfigureUserInputProperties20-6OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerbharosa.
uio.
default.
challenge.
type.
enum.
MyChallenge.
requiredInfo=email//commaseparatedfieldnames,Userregistrationflowcapturesthesedatafields,checkContactinformationInputssectiontodefinethisenumbharosa.
uio.
default.
challenge.
type.
enum.
MyChallenge.
available=false//toturnoffthisservicebharosa.
uio.
default.
challenge.
type.
enum.
MyChallenge.
otp=true//indicatesthischallengeisusedforOTP,setittotrueEmailExamplebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmail=1bharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmail.
name=EmailChallengebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmail.
description=EmailChallengebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmail.
processor=com.
bharosa.
uio.
processor.
challenge.
EmailChallengeProcessorbharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmail.
requiredInfo=mobilebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmail.
available=truebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeEmail.
enabled=trueSMSExamplebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeSMS=2bharosa.
uio.
default.
challenge.
type.
enum.
ChallengeSMS.
name=SMSChallengebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeSMS.
description=SMSChallengebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeSMS.
processor=com.
bharosa.
uio.
processor.
challenge.
SmsChallengeProcessorbharosa.
uio.
default.
challenge.
type.
enum.
ChallengeSMS.
requiredInfo=mobilebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeSMS.
available=truebharosa.
uio.
default.
challenge.
type.
enum.
ChallengeSMS.
enabled=true20.
4ConfigureUserInputPropertiesInstructionstoconfigureuserinformationpropertiesareinthefollowingsections:EnableRegistrationandPreferencesInputSetContactInformationInputsForinstructionsoncustomizing,extending,oroverridingOracleAdaptiveAccessManagerproperties,refertoChapter7,"OAAMExtensionsandSharedLibrarytoCustomizeOAAM.
"20.
4.
1EnableRegistrationandPreferencesInputDefaultconfigurationsforenablingforregistrationandpreferenceinputarelistedasfollows:Contactinformationregistrationbharosa.
uio.
default.
register.
userinfo.
enabled=falseContactinformationpreferencesbharosa.
uio.
default.
userpreferences.
userinfo.
enabled=falseConfiguretheChallengePadsUsedforChallengeTypesDevelopingCustomChallengeProcessors20-720.
4.
2SetContactInformationInputsIfuserinformationregistrationanduserpreferencesaretrue,configureinputinformation.
Contactinformationinputsaredefinedinuserinfo.
inputs.
enum.
Theenumelementis:bharosa.
uio.
.
userinfo.
inputs.
enum.
EmailInputExamplebharosa.
uio.
default.
userinfo.
inputs.
enum.
email=1bharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
name=EmailAddressbharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
description=EmailAddressbharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
inputname=emailbharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
inputtype=textbharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
maxlength=40bharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
required=truebharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
order=2bharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
enabled=truebharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
regex=.
+@[a-zA-Z_]+\\.
[a-zA-Z]{2,3}bharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
errorCode=otp.
invalid.
emailbharosa.
uio.
default.
userinfo.
inputs.
enum.
email.
managerClass=com.
bharosa.
uio.
manager.
user.
DefaultContactInfoManager20.
5ConfiguretheChallengePadsUsedforChallengeTypesBydefault,challengedevicesthatwillbeusedareconfiguredthroughrules.
TherulesareundertheAuthentiPadcheckpointwhereyoucanspecifythetypeofdevicetousebasedonthepurposeofthedevice.
Tocreate/updatepoliciestousethechallengetype:1.
Addanewruleaction,MyChallenge,withtheenum,rule.
action.
enum.
2.
Createpolicytoreturnnewlycreatedaction,MyChallenge,tousethechallengemethod.
Table20–3PropertiesforContactInputPropertyDescriptioninputnameNameusedfortheinputfieldintheHTMLforminputtypeSetfortextorpasswordinputmaxlengthMaximumlengthofuserinputrequiredSetifthefieldisrequiredontheregistrationpageorderTheorderdisplayedintheuserinterfaceregexRegularexpressionusedtovalidateuserinputforthisfielderrorCodeErrorcodeusedtolookupvalidationerrormessage(bharosa.
uio.
.
error.
)managerClassjavaclassthatimplementscom.
bharosa.
uio.
manager.
user.
UserDataManagerIntf(ifdataistobestoredinOracleAdaptiveAccessManagerdatabasethispropertyshouldbesettocom.
bharosa.
uio.
manager.
user.
DefaultContactInfoManager)ConfiguretheChallengePadsUsedforChallengeTypes20-8OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerAlternatively,ifyouwanttoconfigurechallengedevicesusingproperties,youcanbypasstheAuthentiPadcheckpointbysettingbharosa.
uio.
default.
use.
authentipad.
checkpointtofalse.
Devicestouseforthechallengetypecanbeadded.
bharosa.
uio.
.
.
authenticator.
device=Theexamplesshownusethechallengetypekey,ChallengeEmailandChallengeSMStoconstructthepropertyname.
bharosa.
uio.
default.
ChallengeSMS.
authenticator.
device=DevicePinPadbharosa.
uio.
default.
ChallengeEmail.
authenticator.
device=DevicePinPadAvailablechallengedevicevaluesareDeviceKeyPadFull,DeviceKeyPadAlpha,DeviceTextPad,DeviceQuestionPad,DevicePinPad,andDeviceHTMLControl.
Table20–4AuthenticationDeviceTypePropertyDescriptionNoneNoHTMLpageorauthenticationpadDeviceKeyPadFullChallengeuserusingKeyPad.
DeviceKeyPadAlphaChallengeuserwiththealphanumericKeyPad(numbersandlettersonly,nospecialcharacters)DeviceTextPadChallengeuserusingTextPad.
DeviceQuestionPadChallengeuserusingQuestionPad.
DevicePinPadChallengeuserusingPinPad.
DeviceHTMLControlChallengeuserusingHTMLpageinsteadofanauthenticationpad.
21CreatingaViewofaNon-OAAMDatabase21-121CreatingaViewofaNon-OAAMDatabaseUserswhowanttoloadfromanon-OAAMdatabasewillneedtocreateaviewintheirremotedatasource.
Thisdocumentexplainshowtocreatethisview.
21.
1TheOAAM_LOAD_DATA_VIEWTheOut-of-the-BoxLoaderforOAAMOfflinerequiresatableorviewwithaspecificnameandstructuretoexistintheloaddatasource.
Thestructureisgiveninthefollowingtable.
Table21–1OAAM_LOAD_DATA_VIEWFieldNameDataTypeDescriptionLOGIN_TIMESTAMPDate/TimeThelogintime.
SESSION_IDCharacterUniquelyidentifiesaloginrecord.
USER_IDCharacterTheuser'sUserID.
LOGIN_IDCharacterTheuser'sLoginID.
ThismaybethesameastheUSER_IDiftheloaddatasourcedoesnotdistinguishbetweenUserIDandLoginID.
DEVICE_IDCharacterIdentifiestheuser'sdevice.
GROUP_IDCharacterTheuser'sprimaryusergroup,oranapplicationID.
IP_ADDRESSIntegerTheIPaddress,intheformofalonginteger.
AUTH_STATUSIntegerTheauthstatus.
Ifloadingfromanon-OAAMschema,thisfieldshouldbeadecodefunctionthatconvertstheremotedatasource'sauthenticationstatusintoanOAAMauthenticationstatus,definedbytheuserdefinedenumauth.
status.
enum.
Iftheremoteschemahasnoconceptofauthstatus,thenthisvalueshouldbe-1.
CLIENT_TYPEIntegerTheclienttype.
Whenloadingfromanon-OAAMschema,thisshouldbe-1.
USER_AGENTCharacterTheuseragentstringfromthebrowser.
FLASH_FINGERPRINTCharacterThisfieldrepresentsthedigitalfingerprint.
Itmaybenullifnotsupportedbytheloaddatasource.
DIGITAL_COOKIECharacterThisfieldrepresentsthedigitalcookiesetbyOAAM.
Whenloadingfromanon-OAAMschema,thisshouldbenull.
SchemaExamples21-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager21.
2SchemaExamplesTheOAAMSchemaandcustomschemaareshownbelow.
21.
2.
1OAAMSchemaThefollowingexampleshowstheSQLfortheOAAM_LOAD_DATA_VIEWthatshipswithOAAM.
CREATEORREPLACEFORCEVIEWOAAM_LOAD_DATA_VIEW(LOGIN_TIMESTAMP,SESSION_ID,USER_ID,LOGIN_ID,DEVICE_ID,GROUP_ID,IP_ADDRESS,AUTH_STATUS,CLIENT_TYPE,USER_AGENT,FLASH_FINGERPRINT,DIGITAL_COOKIE,EXP_DIGITAL_COOKIE,SECURE_COOKIE,EXP_SECURE_COOKIE)ASSELECTl.
create_timeLOGIN_TIMESTAMP,l.
request_idSESSION_ID,l.
user_idUSER_ID,l.
user_login_idLOGIN_ID,l.
node_idDEVICE_ID,l.
user_group_idGROUP_ID,l.
remote_ip_addrIP_ADDRESS,l.
auth_statusAUTH_STATUS,l.
auth_client_type_codeCLIENT_TYPE,(SELECTt1.
data_valueFROMv_fprintst1WHEREt1.
fprint_id=l.
fprint_id)USER_AGENT,(SELECTt2.
data_valueFROMv_fprintst2WHEREt2.
fprint_id=l.
digital_fp_id)FLASH_FINGERPRINT,l.
sent_dig_sig_cookieDIGITAL_COOKIE,l.
expected_dig_sig_cookieEXP_DIGITAL_COOKIE,l.
sent_secure_cookieSECURE_COOKIE,l.
expected_secure_cookieEXP_SECURE_COOKIEFROMvcrypt_tracker_usernode_logsl;Fordiscussionpurposes,considerthisstatementintwoparts.
ThefirstpartstartsatthebeginningandendsbeforetheSelect.
Thispartisrequiredandcannotbemodified.
ThesecondpartstartswiththeSelectandcontinuestotheendofthestatement.
Ifloadingfromanon-OAAMschema,thispartwouldbecustomizedtoselectdatafromthatschema.
21.
2.
2CustomSchemaExampleInthisexample,youwouldwanttoloadfromatablethatlookslikethefollowing.
Youwouldwanttohave"Banking"asyourprimarygrouporApplicationID,andyouwouldnotwanttoloadtestdata.
EXP_DIGITAL_COOKIECharacterThisfieldrepresentstheexpecteddigitalcookiesetbyOAAM.
Whenloadingfromanon-OAAMschema,thisshouldbenull.
SECURE_COOKIECharacterThisfieldrepresentsthesecurecookiesetbyOAAM.
Whenloadingfromanon-OAAMschema,thisshouldbenull.
EXP_SECURE_COOKIECharacterThisfieldrepresentstheexpectedsecurecookiesetbyOAAM.
Whenloadingfromanon-OAAMschema,thisshouldbenull.
Table21–2LOGINSFieldNameDataTypeDescriptionLOGIN_TIMEDate/TimeThelogintime.
LOGIN_IDIntegerPrimaryKeyUSER_NAMECharacterTheuser'sLoginID.
Table21–1(Cont.
)OAAM_LOAD_DATA_VIEWFieldNameDataTypeDescriptionSchemaExamplesCreatingaViewofaNon-OAAMDatabase21-3Inthiscase,adecodestatementisneededtoconvertthecustomauthenticationstatustoanOAAMauthenticationstatus,andtheIPaddressneedstobeparsedtoconvertitintoalonginteger.
Aviewmustbecreatedthatlookslikethefollowing.
CREATEORREPLACEFORCEVIEWOAAM_LOAD_DATA_VIEW(LOGIN_TIMESTAMP,SESSION_ID,USER_ID,LOGIN_ID,DEVICE_ID,GROUP_ID,IP_ADDRESS,AUTH_STATUS,CLIENT_TYPE,USER_AGENT,FLASH_FINGERPRINT,DIGITAL_COOKIE,EXP_DIGITAL_COOKIE,SECURE_COOKIE,EXP_SECURE_COOKIE)ASSELECTl.
login_timeLOGIN_TIMESTAMP,cast(l.
login_idASvarchar2(256))SESSION_ID,l.
user_nameUSER_ID,l.
user_name,LOGIN_ID,l.
device_idDEVICE_ID,'Banking'GROUP_ID,to_number(substr(l.
ip_address,1,instr(l.
ip_address,'.
')-1))*16777216to_number(substr(l.
ip_address,instr(l.
ip_address,'.
',1,1)+1,instr(l.
ip_address,'.
',1,2)-instr(l.
ip_address,'.
',1,1)-1))*65536to_number(substr(l.
ip_address,instr(l.
ip_address,'.
',1,2)+1,instr(l.
ip_address,'.
',1,3)-instr(l.
ip_address,'.
',1,2)-1))*256to_number(substr(l.
ip_address,instr(l.
ip_address,'.
',1,3)+1))IP_ADDRESS,decode(l.
auth_status,'S',0,'I',1,'F',2,-1)AUTH_STATUS,-1CLIENT_TYPE,l.
user_agentUSER_AGENT,nullFLASH_FINGERPRINT,nullDIGITAL_COOKIE,nullEXP_DIGITAL_COOKIE,nullSECURE_COOKIE,nullEXP_SECURE_COOKIEFROMloginslWHEREl.
is_test=0Here,youmapyouruser_nametoUSER_IDandLOGIN_ID,youmapaliteralstring"Banking"toGROUP_ID,youparseyourip_addressstringandconvertittoalonginteger,youuseadecodestatementtoconvertyourauth_status,youmap-1toCLIENT_TYPE,andyoumapliteralnulltoFLASH_FINGERPRINT,DIGITAL_COOKIE,EXP_DIGITAL_COOKIE,SECURE_COOKIE,andEXP_SECURE_COOKIE.
DEVICE_IDCharacterIdentifiestheuser'sdevice.
IP_ADDRESSCharacterTheIPaddress,indotnotation.
AUTH_STATUSCharacter'S'=Success,'I'=InvalidUser,'F'=WrongPassword.
USER_AGENTCharacterTheuseragentstringfromthebrowser.
IS_TESTInteger0=RealData,1=TestdataTable21–2(Cont.
)LOGINSFieldNameDataTypeDescriptionSchemaExamples21-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager22DevelopingaCustomLoaderforOAAMOffline22-122DevelopingaCustomLoaderforOAAMOfflineThischapterdescribestheoveralldataloaderframeworkforOAAMOffline:BasicframeworkandthedefaultimplementationHowtooverridethedefaultfunctionalityThisdocumentassumesthatyouarefamiliarwiththeconceptsofOAAMOffline.
22.
1BaseFrameworkAcustomloaderisrequiredonlyifthedatafromsourcesotherthanadatabase,dataotherthanlogin,orcomplexdataisneededfortheOAAMOfflinetask.
22.
1.
1OverviewTheOAAMOfflinecustomloaderconsistsofthefollowingkeyparts:loadableobjectdatasourceloaderrunmodesBaseFramework22-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerFigure22–1BasicFrameworkofaCustomLoaderTheloadableobjectrepresentsanindividualdatarecord.
Thedatasourcerepresentstheentirestoreofdatarecordsandtheloaderprocessestherecords.
Therearetwotypesofrunmode:loadandplayback.
TherunmodesencapsulatethedifferencesbetweenloadingaSessionSetandrunningaSessionSet.
22.
1.
2ImportantClassesTable22–1providesasummaryofthedifferentdataloaderclasses.
DefaultImplementationDevelopingaCustomLoaderforOAAMOffline22-322.
1.
3GeneralFrameworkExecutionThefollowingpseudocodeshowsthegeneralframeworkexecution.
AbstractRiskAnalyzerLoaderloader=runMode.
buildObjectLoader();RiskAnalyzerDataSourcedataSource=runMode.
acquireDataSource();try{while(dataSource.
hasMoreRecords()){AbstractTransactionRecordeachRecord=dataSource.
nextRecord();loader.
process(eachRecord);}}finally{dataSource.
close();}22.
2DefaultImplementationThedefaultimplementationfortheRiskAnalyzerdataloaderframeworkworksasfollows:Loadmode:Wheninloadmode,itusesanydatabaseasadatasource,itexpectslogindata,anditperformsdevicefingerprinting.
Playbackmode:Wheninplaybackmode,itusestheVCRYPT_TRACKER_USERNODE_LOGSandV_FPRINTStablesasitsdatasource,anditrunseachrecordthroughallactivemodels.
Table22–1DataLoaderClassesClassDescriptionRunModeTherearetwobasictypesofRunMode:loadandplayback.
LoadrunmodesareresponsibleforimportingsessionsetdataintotheOAAMOfflinesystem,andtheplaybackrunmodeisresponsibleforprocessingpreloadedsessionsetdata.
Eachrunmodeisresponsibleforconstructingdatasourceandloader.
Anadditionalresponsibilityisdetermininghowtostartwhereapreviousjobended,inthecasesofrecurringschedulesofautoincrementingsessionsetsorpausedandresumedrunsessions.
AbstractLoadRunModeandAbstractPlaybackRunModeeachhaveafactorymethodnamedgetInstance().
Thesemethodsverifyifthedefaultrunmodeshavebeenoverridden.
RiskAnalyzerDataSourceTheRiskAnalyzerDataSourceisresponsibleforacquiringthedataanditeratingthroughit.
RiskAnalyzerDataSourcehastwoabstractimplementors:AbstractJDBCRiskAnalyzerDataSourceandAbstractTextFile-RiskAnalyzerDataSource.
TheAbstractJDBCRiskAnalyzerDataSourceimplementsthebasefunctionalityforiteratingthroughaJDBCresultset,andtheAbstractTextFileRiskAnalyzerDataSourceimplementsthebasefunctionalityforiteratingthroughatextfile.
AbstractTransactionRecordTheAbstractTransactionRecordclassonlycontainsthestateandbehaviorrequiredtomanagetheoverallriskanalysisprocess.
Subclasseswilladdadditionalstateandbehaviortosatisfyclientrequirements.
AbstractRiskAnalyzerLoaderTheAbstractRiskAnalyzerLoaderisthebaseimplementationofObjectLoaderfortheRiskAnalyzerprocess.
Itprovidesbasicexceptionhandling,butotherwiseleavestheimplementationuptoitssubclasses.
DefaultImplementation22-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager22.
2.
1DefaultLoadImplementationThedefaultloadimplementationissummarizedbelow.
Figure22–2DefaultLoadImplementation22.
2.
2DefaultPlaybackImplementationThedefaultplaybackimplementationissummarizedbelow.
Table22–2DefaultImplementationComponentsDescriptionLoadRunModeThedefaultLoadRunModeclassinstantiatesaDatabaseRiskAnalyzerDatasourceasitsdatasourceandaAuthFingerprintLoaderasitsloader.
DatabaseRiskAnalyzerDatasourceTheDatabaseRiskAnalyzerDatasourcecreatesLoginRecordsfromaJDBCdatasource.
ItusesasetofconfigurationpropertiestotellithowtoconnecttotheJDBCdatasourceandtotellithowtobuildaLoginRecordfromthetablesandfieldsintheremotedatabase.
ThedefaultvaluesforthesepropertiesmaptothetablesinanOAAMdatabase.
LoginRecordTheloginrecordcontainsalloftheavailablefieldsrequiredtocallthemethodsfordevicefingerprintingontheTrackerAPIUtilclass.
AuthFingerprintLoaderTheAuthFingerprintLoaderusesthedataintheLoginRecordtosimulatealogin.
Thiscausesthesystemtoperformdevicefingerprinting,rundeviceidentificationtimerules,andstoretheusernodelogandfingerprintdataintheOAAMOfflinedatabase.
ImplementationDetails:OverridingtheLoaderorPlaybackBehaviorDevelopingaCustomLoaderforOAAMOffline22-5Figure22–3DefaultPlaybackImplementation22.
3ImplementationDetails:OverridingtheLoaderorPlaybackBehaviorThereareseveralcasesthatwouldrequirethedefaultbehaviortobeoverridden.
Youwouldneedtooverridethedefaultloadingbehaviortoloaddatafromasourceotherthanadatabaseortoloadtransactionaldataintothesystem.
Youwouldneedtooverridethedefaultplaybackbehaviorifyouneededtoperformaprocedureotherthanrulesprocessing.
Table22–3DefaultPlaybackImplementationComponentsDescriptionPlaybackRunModeThedefaultPlaybackRunModeclassinstantiatesaUserNodeLogsRiskAnalyzerDataSourceasitsdatasourceandaRunRulesLoaderasitsloader.
UserNodeLogsRiskAnalyzerDatasourceTheUserNodeLogsRiskAnalyzerDatasourcecreatesLoginRecordsfromtheVCRYPT_TRACKER_USERNODE_LOGSandV_FPRINTStablesintheOAAMOfflinedatabase.
LoginRecordTheloginrecordcontainsallofthefieldsrequiredtocallthemethodsforrulesprocessingontheTrackerAPIUtilclass.
RunRulesLoaderTheRunRulesLoaderprocessespre-authrulesonallLoginRecords,andprocessespost-authrulesonallLoginRecordswithasuccessfulauthenticationstatus.
ImplementRiskAnalyzerDataSource22-6OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerFigure22–4OverridingtheLoaderorPlaybackBehavior22.
4ImplementRiskAnalyzerDataSourceIfyouareloadinglogindatafromadatasourceotherthanaJDBCdatabase,orifyouareloadingtransactionaldata,thenyouwillneedtocreateyourownsubclassofRiskAnalyzerDataSource.
Thereareacoupleofwaystodothis:extendingAbstractJDBCRiskAnalyzerDataSourceorextendingAbstractRiskAnalyzerDataSource.
22.
4.
1ExtendingAbstractJDBCRiskAnalyzerDataSourceThisistheappropriatechoiceifyouareloadinganysortofdatathroughaJDBCconnection.
ItincludesdefaultbehaviorforopeningaJCBCconnection,issuingasubclassspecifiedSQLquerytobuildaJDBCresultset,andqueryingthedatabaseforacountofthetotalnumberofrecords.
Therearethreeabstractmethodsthatyoumustimplement.
buildBaseSelect()returnstheSQLqueryyouwillusetoreadthedata.
Itshouldnotincludeanyorderbystatement.
ThesuperclasswilluseyourimplementationofgetOrderByField()toaddtheorderbystatement.
getOrderByField()returnsthenameofthedatabasefieldthatyourqueryshouldbesortedon.
Thisisusuallythedatefield.
ImplementRiskAnalyzerDataSourceDevelopingaCustomLoaderforOAAMOffline22-7buildNextRecord()turnsoneormorerecordsfromtheJDBCresultsetintoyourloadabledatarecord.
Thereareprotectedfieldsinthesuperclassavailableforyouruse,andyouwillneedthemwhenyouimplementtheabstractmethods.
ThemostimportantisresultSet,whichreferstoyourJDBCresultset.
WhenhasMoreRecords()hasbeencalledandreturnstrue,youareguaranteedthatresultSetisinavalidstateandpointingatthecurrentrecord.
Inaddition,whenyouimplementbuildNextRecord(),youcansafelyassumethatresultSetisinavalidstateandpointingatthecurrentrecord.
Otherfieldsyoumightneedtoknowaboutareconnectionandcontroller.
connectionreferstoyourJDBCtotheremotedatabase.
controllerisaninstanceofRiskAnalyzerandcontainscontextinformationaboutyourcurrentOAAMOfflinejob.
OthermethodsthatyoucanoverrideifthedefaultbehaviorisnotwhatyouneedarebuildConnection(),buildSelectCountStatement(),getTotalNumberToProcess(),andbuildSelectStatement().
YouwouldoverridebuildConnection()ifyouwantedtochangehowyouinstantiatetheremoteJDBCconnection.
YouwouldoverridebuildSelectCountStatement()ifyouwantedtochangetheSQLusedtocountthenumberofrecordstobereadin.
YouwouldoverridegetTotalNumberToProcess()ifyouwantedtoreplacethealgorithmthatreturnsthenumberofrecordstobereadin.
YouwouldonlydothisifoverridingbuildSelectCountStatement()wasnotenoughtogiveyouthebehavioryouneed.
Finally,youwouldoverridebuildSelectStatement()ifyouwantedtomakechangestotheSQLusedtoreadtherecordsfromtheremotedatabases,suchaschanginghowtheorderbyclauseisapplied.
22.
4.
2ExtendingAbstractRiskAnalyzerDataSourceIfAbstractJDBCRiskAnalyzerDataSourceisisnotappropriate,thenyouwillneedtoextendAbstractRiskAnalyzerDataSourceinstead.
Forexample,ifyouarereadingfromabinaryfileorifyouareimplementingadatasourceforacustomplaybackmodeandusingTopLinktoreadfromtheOAAMOfflinedatabase.
Theconstructorshouldputyourclassintoastatesothatyouarereadytoiteratethroughthedata.
Therearefourabstractmethodsyouwillhavetoimplement.
getTotalNumberToProcess()willreturnthetotalnumberofrecordsinthedatasourcethatsatisfytheconditionsthatdefineagivenSessionSet.
hasMoreRecords()willreturntrueiftherearemorerecordstobeprocessed,andwillmoveanysortofrecordpointertothenextavailablerecordifrequired.
ThereisaflagnamednextRecordIsReadythatisnecessaryforsignalinghere.
Thesuperclasssetsthisflagtofalsewhenithasmadeuseofthenextavailablerecord.
YourimplementationofhasMoreRecords()shouldcheckthevalueofthenextRecordIsReadyflag,movethepointertothenextrecordonlyiftheflag'svalueisfalse,andchangetheflag'svaluetotruewhenyousuccessfullymovethepointertoanewrecord.
Ifyouarefollowingthisparadigm,thenifyourimplementationofhasMoreRecords()iscalledwhilenextRecordIsReadyistrue,thenyoushouldreturntruewithoutchangingthestateofanyrecordpointers.
buildNextRecord()willreturnanewinstanceoftherequiredsubclassofAbstractTransactionRecord.
ImplementRunMode22-8OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerclose()iscalledwhenyouhavefinishedprocessingalloftherecords.
Anyrequiredclean-upshouldbeperformedhere.
LoadingfromaTextFileIfafilebasedcustomloaderhastobeused,extendtheAbstractRiskAnalyzerDataSourceandimplementthecustomclassbyseeingwhatAbstractTextFileRiskAnalyzerDataSourcedoesandcopyingthecodefromAbstractTextFileRiskAnalyzerDataSource.
22.
4.
3ExtendingAbstractRiskAnalyzerDataSourceIfneitherAbstractJDBCRiskAnalyzerDataSourcenorAbstractTextFile-RiskAnalyzerDataSourceisappropriate,thenyouwillneedtoextendAbstractRiskAnalyzerDataSourceinstead.
YoumightfindyourselfinthissituationifyouarereadingfromabinaryfileorifyouareimplementingadatasourceforacustomplaybackmodeandusingTopLinktoreadfromtheOAAMOfflinedatabase.
Theconstructorshouldputyourclassintoastatesothatyouarereadytoiteratethroughthedata.
Therearefourabstractmethodsyouwillhavetoimplement.
getTotalNumberToProcess()willreturnthetotalnumberofrecordsinthedatasourcethatsatisfytheconditionsthatdefineagivenSessionSet.
hasMoreRecords()willreturntrueiftherearemorerecordstobeprocessed,andwillmoveanysortofrecordpointertothenextavailablerecordifrequired.
ThereisaflagnamednextRecordIsReadythatshouldbeusedforsignalinghere.
Thesuperclasssetsthisflagtofalsewhenithasmadeuseofthenextavailablerecord.
YourimplementationofhasMoreRecords()shouldcheckthevalueofthenextRecordIsReadyflag,movethepointertothenextrecordonlyiftheflag'svalueisfalse,andchangetheflag'svaluetotruewhenyousuccessfullymovethepointertoanewrecord.
Ifyouarefollowingthisparadigm,thenifyourimplementationofhasMoreRecords()iscalledwhilenextRecordIsReadyistrue,thenyoushouldreturntruewithoutchangingthestateofanyrecordpointers.
buildNextRecord()willreturnanewinstanceoftherequiredsubclassofAbstractTransactionRecord.
close()iscalledwhenyouhavefinishedprocessingalloftherecords.
Anyrequiredclean-upshouldbeperformedhere.
22.
5ImplementRunModeIfyouhavecreatedanycustomizedclassesfortheloadorplaybackbehavior,youarerequiredtocreateacustomizedsubclassofAbstractLoadLoginsRunMode,AbstractLoadTransactionsRunMode,orPlaybackRunMode,dependingonyourrequirements.
ThemostimportantRunModemethodsareacquireDataSourceandbuildObjectLoader.
acquireDataSource(RiskAnalyzer)returnsaninstanceoftheRiskAnalyzerDataSourcerequiredtorunyourprocess.
TheRiskAnalyzerparametercontainscontextinformationthattheRunModecanusetoinstantiatethedatasourceobject.
buildObjectLoader(RiskAnalyzer)returnsaninstanceoftheAbstractRiskAnalyzerLoaderrequiredtorunyourprocess.
TheRiskAnalyzerImplementRunModeDevelopingaCustomLoaderforOAAMOffline22-9parametercontainscontextinformationthattheRunModecanusetoinstantiatetheobjectloader.
WhenimplementingRunMode,itiscriticalthatyourobjectloaderanddatasourcearecompatible,meaningthatthedatasourceyoureturnproducesthespecifictypeofloadableobjectthatyourobjectloaderexpects.
ThechooseStartDateRange(VCryptDataAccessMgr,RunSession)methodisusedtodeterminethestartdaterangeforyourOAAMOfflinejob.
AllofyourimplementorsofRunModehaveadefaultimplementationofthismethod.
Thedefaultbehaviorisasfollows.
Ifthisisthefirsttimethejobhasrun,youreturnthestartdatefromtherunsession'ssessionsetifany,oranarbitrarydateguaranteedtobeearlierthantheearliestdateinyourdatasourceifyoursessionsethasnobegindate.
Ifthisisaresumedjob,thenyoudetermine,inanimplementationspecificway,whichrecordyoumuststartfromwhenthejobisresumed.
22.
5.
1ExtendingAbstractLoadLoginsRunModeThisistheappropriatechoiceifyouareloadinglogindata,andyouneedacustomdatasource.
YoumustimplementtheacquireDataSource(RiskAnalyzer)method,andreturnanewinstanceofyourcustomdatasource.
IfyouneedacustomimplementationofAbstractRiskAnalyzerLoader,youcanoverridebuildObjectLoader(RiskAnalyzer)toreturnit.
AbstractLoadLoginsRunModeimplementsthelogictodeterminethelogindateatwhichtoresumeasfollows.
ThesuperclassmethodretrieveLowerBoundDateFromQuerycallsanabstractmethodbuildQueryToRetrieveLowerBound,whichreturnsaBharosaDBQuery.
TheimplementationofbuildQueryToRetrieveLowerBoundinthisclassselectsthemostrecentVCryptTrackerUserNodeLog.
createTime.
Dependingonyourrequirements,youmightneedtooverridethatbehavior.
YoucouldoverridebuildQueryToRetrieveLowerBoundtoaddadditionalcriteriatothequeryorreplacetheentirequery.
TheonlyrequirementisthatthequeryreturnasingleDatetyperesult.
YoucouldinsteadoverridetheretrieveLowerBoundDateFromQueryorchooseStartDateRangemethods,toreplaceorextendthealgorithm.
22.
5.
2ExtendingAbstractLoadTransactionsRunModeThisistheappropriatechoiceifyouareloadingtransactionaldata,becauseyouwillneedacustomdatasource.
YoumustimplementtheacquireDataSource(RiskAnalyzer)method,andreturnanewinstanceofyourcustomdatasource.
IfyouneedacustomimplementationofAbstractRiskAnalyzerLoader,youcanoverridebuildObjectLoader(RiskAnalyzer)toreturnit.
AbstractLoadTransactionsRunModeimplementsthelogictodeterminethelogindateatwhichtoresumeasfollows.
ThesuperclassmethodretrieveLowerBoundDateFromQuerycallsanabstractmethodbuildQueryToRetrieveLowerBound,whichreturnsaBharosaDBQuery.
TheimplementationofbuildQueryToRetrieveLowerBoundinthisclassselectsthemostrecentVTransactionLog.
createTime.
Dependingonyourrequirements,youmightneedtooverridethatbehavior.
YoucouldoverridebuildQueryToRetrieveLowerBoundtoaddadditionalcriteriatothequeryorreplacetheentirequery.
TheonlyrequirementisthatthequeryreturnasingleDatetyperesult.
YoucouldinsteadoverridetheImplementRunMode22-10OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerretrieveLowerBoundDateFromQueryorchooseStartDateRangemethods,toreplaceorextendthealgorithm.
22.
5.
3ExtendingPlaybackRunModeThisistheappropriatechoiceifyouhaverequirementsthatmakeitnecessarytoreplacethedefaultplaybackdatasourceorprocessingbehavior.
Therearenoabstractmethodstobeimplemented,butyoucanoverridesuperclassmethodstofulfillyourrequirements.
Ifyouneedacustomdatasource,youcanoverrideacquireDataSource(RiskAnalyzer)toreturnit.
IfyouneedacustomimplementationofAbstractRiskAnalyzerLoader,youcanoverridebuildObjectLoader(RiskAnalyzer)toreturnit.
PlaybackRunModeimplementsthelogictodeterminethelogindateatwhichtoresumeasfollows.
ThechooseStartDateRangemethodpicksthemostrecentdateoutofthefollowingchoices,thesessionset'sstartdateifnotnull,therunsession'slastprocesseddateifnotnull,andarbitrarydateguaranteedtobeearlierthantheearliestdateinyourdatasource.
Thethirdoptionwillonlybechosenifthefirsttwoarenull.
PartVIIPartVIITroubleshootingPartVIIcontainsthefollowingchapter:Chapter23,"FAQ/Troubleshooting"23FAQ/Troubleshooting23-123FAQ/TroubleshootingThischapterprovidestroubleshootingtipsandanswerstofrequentlyaskedquestions.
Itcontainsthefollowingsections:TechniquesforSolvingComplexProblemsTroubleshootingToolsOAAMUIOProxyVirtualAuthenticationDevicesConfigurableActionsOne-TimePasswordLocalizationMan-in-the-Middle/Man-in-the-Browser23.
1TechniquesforSolvingComplexProblemsThissectiondescribeaprocesstoenableyoutomoreeasilysolveacomplexproblem.
Itcontainsthefollowingtopics:SimpleTechniquesDivideandConquerRigorousAnalysisProcessFlowofAnalysis23.
1.
1SimpleTechniquesYoucanworkyourwaythroughsomesimpletroubleshootingtechniquestotrytosolveaproblem.
StepsDescriptionExperienceYouhaveseenthisproblembeforeoritissimplysomethingyouknowtheanswerto.
PosttotheForumThisisnotthefirststep.
Onlyvalidoncebasicshavebeenappliedandasecondopinionisneeded.
Appropriateduringrigorousanalysis,butnotbefore.
TechniquesforSolvingComplexProblems23-2OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager23.
1.
2DivideandConquerStepstoreducetheproblemtoamanageableissuearelistedinthissection.
23.
1.
3RigorousAnalysisAllorpartoftheprocessshouldbeappliedif:aproblemiscomplexaproblemishighlyescalatedaproblemwasnotsolvedwiththefirstattemptsIntuitiveleap(orguess)Theproblemjustinspiresaguessatacause.
Youhaveafeelfortheproblemorratheritscause.
Thiscanbeveryeffectiveandresultinaquickresolution,butwithoutproperconfirmation,itoftenleadstothesymptombeingfixedandnottherealcausebeingresolved.
ReviewbasicdiagnosticsCheckthelogsforerrorsandtheflow.
Checkflow(HTTPheaders,networkpackettrace,SQLtrace,strace).
Runthroughanddocumenttheflow.
Crosscheckwithconfigurationdetailstoensureflowisexpected.
ReadtheerrormessageReadingtheerrorandtheflowinformationwillgiveabigclue.
Takentogetherwithsomeknowledgeofthewaythecomponentworks,thiscangivealotofinsight.
Alwayscheckknowledge(Oracleandsearchengine)formatches.
Performanydiagnosticsneededtoestablishiftheerroriskey.
Withmultipleerrors,looktoseewhichislikelythecauseandwhicharejustconsequences.
CompareComparethelogsandflowswithaworkingsystem.
Performatestcase.
Ifithappensonlyatacertainsite,thencomparethedifferences.
DivideBreaktheproblemdownProcessDescriptionSimplifytheproblemMakeaproblemassimpleaspossible.
RemovecomponentsthatarenotneededMostproblemsinvolvecomplexcomponentsandconnectionsbetweenthem.
Mostinvolvethirdpartycomponents.
Sowhereeverpossible,eliminatethirdpartycomponentsfirstandthenasmanycomponentsandcustomcomponentsaspossible(forexample,commandlinenotapplication,SQLPLUSisnotanapplication.
)ReducecomplexityTesttoseeifasimplerversionoftheproblemexistswiththesamesymptoms.
(forexample,removecomponentsofacomplexSelect,orasearchfilter,checkifasinglerequestorfewrequestswillsuffice).
LikefixinganundergroundpipewithaleakImagineacomplexconfigurationasbeingaundergroundhosepipewithaleak.
Youknowsomethingiswrong,thereisaleaksomeplace,butnotwhereitis.
ListthecomponentsDrawaboxforeachcomponentsandalinewhereitisconnectedtothenext.
Notetheprotocolsusedtojointhem.
CheckbothendsWhatgoesinshouldcomeoutthesame.
Ifyouseedatainandoutresultsinaproblemthenitisoneoftheendsthatiswrong.
Iftheflowisnotasexpectedtheproblemisinbetween.
LazyYTestpointsintheconfigurationtofindwherethedeviationoccurs.
Onceestablished(beyonddoubt)thatapieceoftheconfigurationbehavesasexpecteditcanbeignored.
RepeatRepeatthislooptocloseinontheproblemHelpWhen3rdpartycomponentsareinvolvedintheissue,gethelpfromtheothersandworkontheissuetogether.
StepsDescriptionTechniquesforSolvingComplexProblemsFAQ/Troubleshooting23-3aproblemisgettingoutofcontrolaproblemhaspotentialforgettingoutofcontrol23.
1.
4ProcessFlowofAnalysisTheprocessflowofanalysisispresentedbelow:1.
Statetheproblem.
2.
Specifytheproblem.
Developpossiblecausesfrom:a.
Knowledgeandexperienceb.
Distinctionsandchanges3.
Testpossiblecausesagainstthespecification.
4.
Determinemostprobablecause.
5.
Verifythesolution.
23.
1.
4.
1StatetheProblemStatingtheproblemisthemostimportantsteptosolvingtheissue.
23.
1.
4.
2SpecifytheProblemDescribeproblemsindetailandaskfocusedquestionstogatherpertinentinformation.
StepDescriptionEnsureaclearandconciseproblemstatementStatingtheproblemisthemostimportantstep.
Itisthemostcommonlyignoredoratleasttheproblemstatementisassumed.
Itispointlesstryingtosolveaproblemuntiltheproblemstatementisstated.
OtherwisewhatareyouactuallytryingtofixIfyoudonotknowwhatitisyouarefixinghowcanyoufixitConsideriftheproblemstatedcanbeexplainedIfso,thenitisnottheproblemstatement--Iftheproblemstatementcanbeexplainedthenbackupandtryandgetamorecorrectproblemstatement.
Thisisacasetostartcommunicatingifyouarehelpingsomeonesolvehisproblem.
Eitherasksomedirectquestionstonarrowdowntheissueorjustpickupthetelephoneandtalktothepersontoclarifytherealissue.
Iftherearelotsofissuesthenstartnotingthemdownasseparateissues.
DonotsettleforavaguestatementVagueproblemstatements,like"badperformance","somethingcrashes"areofnouseandcommonlyarethecauseforissuestobelongrunningandoutofcontrol.
NevercombineproblemsinasinglestatementEnsurethereisonlyoneproblembeingdealtwith.
Donotacceptcombinedproblems.
Thecombinedproblemiseithermultipledistinctproblemsorsomeoftheproblemsareactuallysymptoms.
StepDescriptionSpecifytheproblemThesearesymptomsoftheproblem.
StartbyaskingquestionsAskquestionssuchasWhat,Where,When,andtowhatExtentWhatWhattendstobetheobviousquestionandismostlyalistoffactsandsymptoms;whatdeviatedfromtheexpectationWhereWheremayormaynotberelevant,butisworthaskingasitisoftensignificantandoftenoverlooked.
TechniquesforSolvingComplexProblems23-4OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager23.
1.
4.
3WhatItNeverWorkedIfthecomponentdidnotworkbefore,performingthesesteps:23.
1.
4.
4ISandISNOTbutCOULDBEConsiderwhattheproblemis,whatitisn't,andwhatitcouldbe.
WhenWhenisveryimportantastimelineshelpsidentifypatternsandestablishwhatchangetriggeredtheproblem.
ExtentExtentorhowmanyisparticularlyusefulinestablishingprobablecauses.
Ifitisallthesystemsforexamplethencheckifitaffectsallsystemsortryatestcase.
Howoftenisalsoimportant.
Onceaweekisquitedifferentfrommanytimeseverysecondandtellsusmuchaboutthetypeofissuetolookfor.
ListthesymptomsandfactsListthesymptomsandfactsandhowtheyaresignificantWhatchangedSomethingchangedthatiscertainunlesstheproblemhasalwaysbeenthere.
Thisisaspecialcase.
AssumptionsVerifythedataprovidedandcheckforconflictsandcontradictions.
Alwayscheckforanyassumptions.
Becarefultoidentifyanyinformationthatisnotverifiedandthusisonlyassumed.
Infactthisisparticularlyamistakemadebyanalyststhathavemoretechnicalexperience.
Thoughalsooccursalotwheninexperiencedanalystsaregivendetailsfrompeopletheyperceiveashavingmoreknowledge.
Howevertrivialanassumptionseems,alwayslookforproofandconfirmation.
ConsiderationsDescriptionConsiderbehaviorandexpectationifperformanceissueForcaseswhentheissueisaboutsomethingthatneverworkedcorrectlythefirstissueistoestablishwhatcorrectbehaviorreallyisandifitisreasonableThisalsoallowsustosetproperexpectationsfromtheoutset.
Thisisespeciallytrueforperformanceissues.
ConfirmthatthereisnomisunderstandingEstablishthattherequirementisreasonable.
DonotcompareAppleswithOrangesAgreeonaspecificgoal.
Focusonthatissueonly.
ConsiderallcomponentsinvolvedConsiderallcomponentsinvolved:NotjustthesoftwareHardwareisfastenoughConsiderifthesolutionsisjusttochangeperceptionWhatcanyouseethatcausesyoutothinkthere'saproblemHumanfactorsPerceptionStepDescriptionISandISNOTbutCOULDBEForeveryfactorsymptomaskthisquestion:ISandISNOTbutCOULDBEStepDescriptionTechniquesforSolvingComplexProblemsFAQ/Troubleshooting23-523.
1.
4.
5DevelopPossibleCausesProblemsolvinginvolvesdevelopingpossiblecauses.
23.
1.
4.
6TestEachCandidateCauseAgainsttheSpecificationTesteachcandidatecauseagainstthespecification:EachpossiblecausemustfitalltheitemsinthespecificationIfyouendupwithnocausesthengobackandrefinetheprocessCausesmustexplainboththeISandtheISnotbutCOULDbeDeterminethemostprobablecauseDonotdiscountanycausesthatfit23.
1.
4.
7ConfirmtheCauseConfirmthecausesothatyoucandeviseanactionplan.
Youcan:DevisewaystotestthepossiblecausesObserveTestassumptionsProvidecomparisonAtestcaseoftenisthekeytoestablishingsomethingtocomparetheproblemwith.
Ifitreproducestheissuethenitdoesnothelptheproblemanalysisassuch,butitisextremelyusefulwhenpassingtheproblemtothenextteamtoworkonthefix.
Italsoallowsquickertestingofpotentialfixesandsolutions(workarounds),nottomentionyouwouldbegainingexperience.
Ifthereisnocomparison,createatestcaseIfitdoesnotreproducethenitprovidessomethingtocomparetheproblemsystemwithandperhapsevenapossibleworkaround.
DevelopmentDescriptionKnowledgeandexperienceYoucanuseyourknowledgeandexperiencetorecognizepossiblecausesSeenbeforeSeenitinthedocumentationSupportnoteorthroughsearchengineDistinctionsandchangesYoucanmakealistofdistinctionsandchangestonarrowdowncauses:OnlyatthissiteorononeplatformJustafterupgradeWhenloadincreasedOnlyonThursdaysExamineeachofthesymptomsandcomparisonsConsidereachofthefactsandensurethattheyarerelevantandthattheyarenotconflictingStepDescriptionTroubleshootingTools23-6OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerExperimentTestsolutionandmonitorThemainpointhereistodeviseactionplanstoproveordisprovethetheories.
Itisimportanttocommunicatethereasonforeachactionplan.
Especiallywhenaskingforanegativetest,i.
e.
atestthatistoprovesomethingisnottrue.
Peoplemightassumeallactionplansareattemptstosolvetheproblemandresistanythingtheythinkisnotdirectedinthedirection.
23.
1.
4.
8FailuresWhenonesolutionfails,juststartbackatthebeginningandapplytheapproachonceagain,updatedwiththenewresults.
Reallycomplexproblemswilloftentakeseveraliterations.
Theprocessisnotinfallible.
Maincausesoffailureare:PoororincorrectproblemstatementInaccurateorvagueinformationMissingthekeydistinctionsinISvs.
ISNOTAllowingassumptionstodistortjudgmentNotinvolvingabroadersetofskills23.
2TroubleshootingToolsThissectioncontainsinformationabouttoolsandprocessesyoucanusetoinvestigateandtroubleshootissueswithyoursystem.
Table23–1liststhegeneralandOAAM-specifictoolsyoucanusefortroubleshootingproblems.
Table23–2providesitemstocheckforwhentroubleshootingthesystem.
Table23–1TroubleshootingToolsCategoryDescriptionGeneralToolsMiddlewareEnterpriseManagerDatabaseEnterpriseManagerMonitorDatainDMSAuditDataPing/NetworkCheckToolsOAAMSpecificToolsDashboardMonitorDataLogfilesTroubleshootingToolsFAQ/Troubleshooting23-7Table23–3summarizesproblemsandthechecksyoucanperformtotroubleshootandsolvetheproblem.
Table23–2TroubleshootingTipsTipsReasonChecktheoperatingsystemSomeissuesmaybeplatformspecific.
Forexample,Javakeystorescreatedonnon-IBMplatformswillnotworkonIBMplatformsCheckWebLogicServerversionMakesureOAAMisinstalledonaWebLogicservercertifiedfor11gChecktheJDK(SunorJRockit)MakesuretheJDKiscertifiedfortheIdentityManagement11gSuiteChangeloggingconfigurationthroughEnterpriseManagerMakesuretheloglevelischangedappropriatelybeforetracinganddebuggingSearchforlogmessagesthroughEnterpriseManagerLogmessagesrecordinformationyoudeemusefulorimportanttoknowabouthowascriptexecutes.
UsetheExecutionContextIDtosearchforlogmessagesTheECIDisauniqueidentifierthatcanbeusedtocorrelateindividualeventsasbeingpartofthesamerequestexecutionflow.
UsetheWebLogicConsoletomonitordatabaseconnectionpoolCheckthehealthoftheconnectionpoolthroughtheWebLogicConsole.
TroubleshootingTools23-8OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerTable23–3ProblemsandTipsProblemChecksYouCanPerformCommonTroubleshootingUseCasesMostoftheoperationsareslowServeristhrowingoutofmemoryexceptionsServeristhrowingencryptionrelatedexceptionsConnectionpoolrelatederrorsoccurwhenstartingtheserverErrorswhilestartingmanagedserversafterupgradefrom11.
1.
1.
4to11.
1.
1.
5OAAMCLIscriptissuesSOAPcallissuesNativeintegrationissuesMostoftheOperationsareSlowCheckperformanceofOAAMpolicies–Usethedashboardtoseetheperformanceoftherules–TunerulesortheirparameterdifnecessaryCheckthedatabaseusingEnterpriseManagerandseeifthereareanyqueriesthatareslow.
FollowEnterpriseManagerrecommendationtoaddsuggestedindexesCheckiftheapplicationserverCPUishighTakeathreaddumpifpossibleChecktheconnectivityandnetworkspeedbetweenapplicationserveranddatabaseUsetheIPofthedatabasemachineindatasourcesettingsServerisThrowingOutofMemoryExceptionsChecktheconfigurationoftheOAAMWebLogicDomainSeeifalltheOAAMwebapplicationsaredeployedonthesamemanagedserversIncreasetheheapsizeofthemanagedserverConnectionPoolErrorsMakesurethedatabaselistenerisrunningUseIPaddressratherthannameinJDBCURLMakesurethedatabaseservicenameiscorrectMakesuretheconnectionpoolisnottoo"large"CheckiftherearetoomanymanagedserversaccessingthesamedatabaseErrorsWhileStartingtheManagedServerAfterUpgradeMakesureencryptionkeysareproperlycopiedMakesureallmanualstepsarefollowedthatareintheupgradedocumentationChecktheWebLogicConsoleandmakesureallwebapplicationsaretargetedproperlytotheirmanagedserversOAAMUIOProxyFAQ/Troubleshooting23-923.
3OAAMUIOProxyUIOISAProxyTotroubleshoottheOAAMUIOProxyWebpublishingissues:Ensurethatthe.
NET2.
0frameworkisinstalledandenabledtosuccessfullyregistertheBharosaProxyDLL.
EnsurethedatabaseaccesscredentialsarecorrectwhenthefirewallloggingpropertiesinMicrosoftISAusetheSQLDatabaseasthelogstorageformat.
IPexceptionsaredefinedfortrustedIPs(likeRouterIP)whenfloodmitigationsettingsareenabledtomitigatefloodattacksandwormpropagation.
EnsurethatthedefaultinboundandoutboundrulesallowHTTP/HTTPStraffictobeforwardedto/fromOAAMServer.
Checktheorder(precedence)oftherulestoensurethatthedefaultrule,deny,isnotatahigherorder;otherwise,itblocksallrules.
Iftheruleislastinprecedence,allrulesareexecuted.
IntheOAAMServerruleyoumustensurethat:–TheexternalIP/nameismappedtotheinternalIP/nameOAAMCLIScriptIssuesMakesuretheJAVA_HOMEenvironmentvariableissettotheJDKcertifiedfortheIdentityManagementSuitefor11gMakesureCLIrelatedpropertiesaresetintheoaam_cli.
propertiesfile.
SOAPCallIssuesKnownissuesexistwithtime-outsinSOAPGenericImplOWSMisenabledbydefault,soyouneedtosetOWSMpolicybeforeusingSOAPMakesuretheSOAPserverURLincludingtheportnumberisvalidNativeIntegrationIssuesMakesuretheappropriateversionoftheOAAMExtensionsSharedLibraryisused(theWARshouldusethewarversionandEARshouldusetheearversionMakesuretheOAAMdatasourceiscreatedandtheJNDInameiscorrect(itshouldmatchtheJNDInameoftheOAAMServer)MakesurethenativeapplicationisusingthesamekeysthatareusedbytheOAAMAdminandOAAMserverIssueswiththeencryptionkeys–MakesureallthemanagedserversareonthesameWebLogicdomainorcopythekeysacrossthedomains–Ifusingnon-11gservers,usetheJavakeystoresSharedlibraryusagebymanyapplicationsonthesameserverCurrentlytheOAAMExtensionsSharedLibrarycannotbeusedbymorethanoneapplicationonthesamemanagedserverTable23–3(Cont.
)ProblemsandTipsProblemChecksYouCanPerformOAAMUIOProxy23-10OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManager–TheexternalportismappedtotheinternalportwhereOAAMServerislistening–The/OAAMServerpathispublishedTotroubleshootproblemsexperiencedwhileconfiguringtheUIOProxy,enabletracingtoafileandsetthetracelevelto0x8008f.
Doingsowilprintdetailedinterceptorevaluationandexecutioninformationtothelogfile.
UIOApacheProxyTipstotroubleshootproblemswiththeUIOApacheProxyarelistedinthissection.
Onlaunchinghttpd,anerrorforloadingmod_uio.
sooccurs.
Ensurethatmod_uio.
soandallthelibrariesareplacedintheproperdirectories.
OnLinux,usethelddcommandtoconfirmthatmod_uio.
socanloadallthedynamiclibrariesthatitdependsupon.
OnWindows,useDependencyWalkertofindoutanymissingDLLsandinsomecases,youmayhavetoinstalltheMicrosoftVisualC++2005RedistributablePackagefromtheMicrosoftWebsite,ifyourserverdoesnothavetheselibrariespre-installed.
Ifnothingisworking-nologsandsoon,ensurethattheuserofhttpdhaspermissionstoreadtheuiodirectory.
Typicallyhttpdisrunasadaemonuser.
Ensurethedaemonuserhaswritepermissionsforthelogsdirectory.
IncaseofaparsingerrorinUIO_Settings.
xmloranyconfigurationXML,anerrorlogwillbecreatedinhttpd'slogsdirectorywiththenameUIO_Settings.
xml.
log.
Forerrors,lookinuio.
log.
Uselogleveloferrorforproductionuse;infoformoredetails;debugfordebuggingissuesandtraceforverboselogs.
EnsurethattheconfigXMLandsettingsXMLareconformingtotheRNGschema.
YoucanusetheUIO_Settings.
rngandUIO_Config.
rnginanyXMLeditortoedittheUIO_Settings.
xmlandapplicationconfigurationXMLfiles.
YoucanchangetheApachehttpdlogleveltodebugfortesting,orkeepitatinfotoreducelogfilesize.
TheApachehttpdlogisseparatefromUIOApacheProxylog.
WhenmigratingISAconfigurationXMLtobeusedwiththeUIOApacheProxy,youneedtodothefollowing:1.
ChangetheheaderoftheXMLfiletouse2.
RunyourconfigXMLfilethroughlibxml2'sxmllintutility.
ForWindows,downloadthelatestlibxml2-2.
x.
x.
win32.
zipfilefromhttp://www.
zlatkovic.
com/libxml.
en.
htmlandunzipit.
ForLinux,ifyouhavelibxml2installedthenxmllintcommandshouldbeavailable,orcheckwithyourLinuxSystemAdministrator.
CopytheUIO_Config.
rngfilefromtheUIOApacheProxydistributionandrunfollowingcommand:xmllint--noout--relaxngUIO_Config.
rngAndfixanyerrorsthatarereported.
OAAMUIOProxyFAQ/Troubleshooting23-11TheUIOApacheProxyisnotworkingorinterceptingrequest.
Problem:Thefollowingerrorappears:Failedtocreatesessioninmemcached,err=70015(Couldnotfindspecifiedsocketinpolllist.
)proxy-Failedtocreatesession,cannotprocessthisrequestdistsessions-memcacheserverlocalhostcreatefailed111PossibleSolutions:Makesure"memcache"isinstalledandconfigured.
Makesure"memcache"processisupandrunningbeforecreatingthesession.
OracleAdaptiveAccessManagerDebugModeIndebugmode,thevalueofanyvariable--username,password,andanyotherinformation--isnotdisplayed.
Incapturemode,theHTTPtrafficisshown.
Therefore,capturemodeisnotrecommendedinproduction.
In-Session/TransactionAnalysisTheUIOProxyisasolutionforloginsecurityonly.
Itdoesnotsupportin-sessioncapabilities.
Optionsareprovidedbelowbasedonpossiblerequirements:Ifyouareusingapackagedapplicationyoudonothaveaccesstoalter/integratewith,theUIOProxyorOracleAccessManagerareoptionsforreal-time/in-lineusecaseslikeanti-malware,anti-phishing,risk-basedauthenticationintheloginflow.
Ifyouhavetheabilitytointegratewiththeapplicationandrequirein-session/transactionalusecases,thenconsidernativeintegration.
Thisisthemostflexibleoptionforthiscase.
Ifyouwantin-session/transactionalusecasesbutdonothavetheabilitytointegratewiththeapplication,acustomoptioncouldpotentiallybepossibleusingeitherOracleAdaptiveAccessManageroffline10gorOracleAdaptiveAccessManagerwithalistener.
NoChangesinProxyin11gQuestion/Problem:Aretherechangesbetween10gand11gfortheUIOProxyAnswer/Solution:Therehasbeennochangesintheproxybetween10gand11g.
ThereisnodependencyonOHSetc.
TheuserhastouseApache2.
2.
8only.
AddingappidtoHTTPHeadersQuestion/Problem:InTestConfig.
xml,shouldwebeaddingappidtoHTTPheadersforboththePSFTURLsandthe/asa/URLSAnswer/Solution:No,justtothe/asa/URLs.
Itshouldbeaddingtheapp-idtoonlythe/asa/URLs,notneededforPSFTurls.
ContainsMatchQuestion/Problem:Shouldaconditionwith"contains"matchifthereisanexactmatchAnswer/Solution:Yes.
RequestURLQuestion/Problem:CanrequestURLbeapartialURL(SuchasjustfirstpartofURL)Knowledge-BasedAuthentication23-12OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerAnswer/Solution:No,URLmustbeanexactmatchandqueryparameters,suchasanythingaftera""arenotconsideredpartoftheURL,sotheywouldhavetobetrappedwithacondition,andnotincludedaspartoftheURL.
23.
4Knowledge-BasedAuthenticationPromptaUserwithTwoChallengeQuestionsQuestion/Problem:Iwouldliketopromptauserwithtwochallengequestionswhentheyattempttologonfromanewdevice.
Howcanthisbeachievedgiventhatthequestionsarerandomlypicked,raisingthepossibilitythatthesamequestionmaybedisplayedtwiceAnswer/Solution:TheOAAM"onequestionatatime"flowisbydesign.
Itisbettersecuritypracticetopresentonequestionandonlyshowthenextquestiononcetheuserhassuccessfullyansweredthechallenge.
Thisprotectsthequestionsfrombeingharvestedforuseinaphishingexercise.
Aswell,OAAMallowsuserstohavemultipleattemptsataquestionwhichentailskeepingtrackofhowmanywronganswerstheyhaveentered.
Ifthereweremorethanonequestiondisplayedatatimeitwouldbedifficulttomaintainandpossiblyconfusingtoendusers.
Ifyouwanttochallengeauserwithmorethanonequestionyoushoulddosobypresentingtheminseparatesequentialscreens.
OAAMdoesnotsupportauthenticationofmorethanonequestionatatime.
23.
5VirtualAuthenticationDevicesAccessibleVersionsoftheVirtualAuthenticationDevicesQuestion/Problem:Userswhoaccessusingassistivetechniquesneedtousetheaccessibleversionsofthevirtualauthenticationdevices.
HowdoIenabletheseversionsAnswer/Solution:AccessibleversionsoftheTextPad,QuestionPad,KeyPadandPinPadarenotenabledbydefault.
Ifaccessibleversionsareneededinadeployment,theycanbeenabledusingthePropertiesEditorinOAAMAdminorusingtheOracleAdaptiveAccessManagerextensionssharedlibrary.
Theaccessibleversionsofthevirtualauthenticationdevicescontaintabbing,directionsandALTtextnecessaryfornavigationviathescreenreaderandotherassistivetechnologies.
Youwillneedtomodifybharosa_server.
properties.
Toenabletheseversions,setthe"isADAcompliant"flagtotrue.
Fornativeintegrationthepropertytocontrolthevirtualauthenticationdeviceisdesertref.
authentipad.
isADACompliantForOracleAdaptiveAccessManagerout-of-the-box,thepropertytocontrolthevirtualauthenticationdeviceisbharosa.
uio.
default.
authentipad.
is_ada_compliantVisibleTextInputorPassword(Non-Visible)InputSettingQuestion/Problem:HowcanIconfigureQuestionPadsothatchallengeanswerscanbeenterasnon-visibletextVirtualAuthenticationDevicesFAQ/Troubleshooting23-13Answer/Solution:Addthefollowingpropertytobharosa_server.
properties.
ThispropertydetermineswhethertheQuestionPadissetforvisibletextinputorpassword(non-visible)input.
bharosa.
authentipad.
questionpad.
datafield.
input.
typeValidvaluesaretextandpassword.
CanOAAMRestricttheNumberofDevicesusedbyaUserQuestion/Problem:Isthereanywaytoconfigurethelimitforausertousefewernumberofdevices,suchas5or6andblockanyaccessfromthedeviceswhicharenotintheconfiguredlistforspecifcuserAnswer/Solution:ForusabilityandsecurityreasonsOAAMdoesnotsupportlimitingausertoasetnumberofdevices.
Aswell,thisbehaviorisnotrequiredforpropersecuritycoveragesinceOAAMprofilesthebehaviorofusersincludingthedevicestheyuse.
Thetotalnumberofdevicesisnotagoodmeasureofriskassomeendusersmayutilizemanydevicesaspartoftheirnormalbehavior.
InsteadOAAMkeepstrackofhowoftenauserutilizesaspecificdevice,whoelsehasusedthatsamedeviceinthepastandwithwhatfrequency.
Theseevaluationscanbetterassessthelevelofriskassociatedwithanaccessrequest.
KeyPadorPinPadforKBAchallengesQuestion/Problem:CanIuseKeyPadorPinPadforKBAchallengesAnswer/Solution:KBAisdesignedforusewithQuestionPadorplainHTML.
UsingKeyPadorPinPadisnotrecommendedbecauseKBAquestionsarenotpresentedinthatscenario.
HowcanthevirtualauthenticationdevicesprotectusersfromscreencapturemalwareQuestion/Problem:HowcanvirtualauthenticationdevicesprotectusersfromscreencapturemalwareAnswer/Solution:Theseattackscurrentlyrequireamanualprocess.
AnindividualmustlookatthevideoorimagescapturedtofigureoutthePINorpassword.
Thevirtualdevicesareprimarilyaimedatpreventingautomatedattacksthataffectlargenumbersofcustomers.
IftheTrojandidincludeOCRtechnology,findingthecharactersclickedonKeyPadandPinPadwouldbemoredifficulttoreadthanothertypesofonscreenkeyboardssinceOracleAdaptiveAccessManagerkeysaretranslucentsothatbackgroundimagecanbeseenandthefontandkeyshapescanberandomizedeachsession.
Also,thejitterwouldcomplicatethetask.
Thevirtualauthenticationdevicesareagoodmixofsecurityandusabilityforlargescaledeploymentsthatwanttokeeptheauthenticationalreadyusedandlayermoresecurityontopofit.
Evenifthereweremalwaredevelopedthatiscapableofdecipheringthepassword,itdoesnotnecessarilycausefraudtooccur.
Thevirtualauthenticationdevicesareonlyonecomponentofthefullsolution.
EvenifafraudsterhasthePINorpassword,hewillhavetopassthereal-timebehavioral/event/transactionalanalysisandsecondaryauthentication.
OracleAdaptiveAccessManagertracks,profilesandevaluatesusers/devices/locationsactivityinreal-timeregardlessofauthentication.
OracleAdaptiveAccessManagertakesproactiveactiontopreventfraudwhenitdetectshighrisksituations.
Inthisway,fraudcouldbepreventedevenifthestandardformofauthentication(password/PINoranotherform.
)isremovedfromtheapplicationsConfigurableActions23-14OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerKeyPadTroubleshootingQuestion/Problem:IamhavingtroublewithKeyPad.
HowshouldItroubleshoottheproblemAnswer/Solution:Refertothefollowinglist:KeyPaddoesnotdisplay.
Checkthepropertyintobharosa_server.
properties:bharosa.
authentipad.
image.
url=kbimageaction=kbimage&Makecertainthattheclientapplicationispointingtothecorrectserverapplication.
Buttonsstopjittering.
SomeonehaschangedtheKeyPadsettings.
Checkwithyourserverpersonnelregardingpropertymodificationstheymayhavemade.
Sameimagedisplayedtoallusers.
Checkthepropertiesfiletomakesurethatthebackgroundsdirectorysettingiscorrect.
Noimagedisplayedinpadbackground.
Usermayhaveimagesdisabledinthebrowser.
Usersimagemayhavebeendeletedfromthebackgroundsdirectory.
Checkthepropertiesfiletomakesurethatthebackgroundsdirectorysettingiscorrect.
Checkthatthesystemisconfiguredtoassignimagesforpersonalization.
23.
6ConfigurableActionsMovingConfigurableActionfromtestingenvironmenttoaproductionenvironmentQuestion/Problem:IdefinedacustomconfigurableactioninthetestenvironmentandnowIwanttomovethecustomactiontemplatefromtestandtoproduction.
Answer/Solution:Todothis:1.
UsetheOracleAdaptiveAccessManagerextensionssharedlibrarytopackagethejar.
2.
Addthejarto"oaam-extensions\WEB-INF\lib"folder.
3.
Rejaroracle.
oaam.
extensions.
war.
4.
Deploythejar.
RefertoChapter7,"OAAMExtensionsandSharedLibrarytoCustomizeOAAM.
"23.
7One-TimePasswordArenumeric/alphanumericandpluggablerandomalgorithmssupportedQuestion/Problem:Arenumeric/alphanumericandpluggablerandomalgorithmssupportedinOTPAnswer/Solution:OTPisconfigurablewithasetoftwoproperties:LocalizationFAQ/Troubleshooting23-15#LengthofthePinbharosa.
uio.
otp.
generate.
code.
length=5#CharacterstousewhengeneratingthePinbharosa.
uio.
otp.
generate.
code.
characters=1234567890Thepingenerationmethodisinthebaseclass(AbstractOTPChallengeProcessor),allowingintegratorstooverridethegenerateCodemethod.
23.
8LocalizationCustomizeandlocalizethevirtualdevicesQuestion/Problem:CanImakecustomizationsandlocalizethevirtualauthenticationdevicesAnswer/Solution:Thevirtualauthenticationdevicesareprovidedas"samples"touseifyouchooseto.
ThesesamplesareprovidedinEnglishonly.
Sourceartanddocumentationareprovidedtoallowyoutodevelopyourowncustomvirtualauthenticationdeviceframes,keys,personalizationimagesandphrases.
Localizationisincludedinthesecustomizations.
Customdevelopmentisnotsupported.
LocalizationoftheKeyPadmayhaveissuessincenotalllanguageshavethesamenumberofcharacters.
PortugueseforexamplehasspecialcharactersnotfoundinEnglish.
Thekeylayoutmaybeabitdifferentwhenthesecharacterkeysareadded.
Whenaddingkeystothelayoutitisvitalthatthereisstillenoughfreespacearoundthekeystoallowthe"jitter"tofunction.
Generalbestpracticeisaspaceatleastaslargeasasinglekeyallthewayaroundthebankofkeyswhentheyarepositionedinthecenterofthejitterarea.
Thesourceartcontainsnoteswiththepixelsizesforthisarea.
Alterationofthesesamplesisconsideredcustomdevelopment.
The"Pad"frameandkeyimagesTheframeandkeysamplesareprovidedinEnglishonly.
Masterfilesforthevirtualauthenticationdeviceframesandkeysalongwithdescriptionsofthepartsareprovidedonrequest.
Youmaycreateyourowncustomframeandkeyimagesanddeploythemusingproductdocumentation.
Anyandallalterationstotheseimagesorthepropertiesthatcorrespondtothemareconsideredcustomdevelopment.
Someissuestobecarefulofherearetext,hotspot,keysizes.
Itisnotrecommendedthatthesebemadesmallerthantheprovidedsamples.
BackgroundimagesandphrasetextAsetofsampleimagesareshippedwithOracleAdaptiveAccessManager.
Theseimagesareforuseinthevirtualauthenticationdevicesonly.
Forsecurityreasonstheyshouldneverbeavailabletoendusersoutsidethecontextofthevirtualauthenticationdevices.
Thecontent,filesizes,andotherattributeswereoptimizedforabroadrangeofuserpopulationsandfastdownloadspeed.
Thesamplephrasetextforeachsupportedlanguageisprovidedwiththepackage.
Anyandallalterationstotheseimagesortextisconsideredcustomdevelopment.
Iftheimagesaretobeedited,makesurenottoincreasethephysicaldimensionsorchangetheaspectratioofthesampleimagesbecausedistortionswilloccur.
Also,theremustbeanidenticallynamedversionofeachimageforeachvirtualauthenticationdeviceusedinyourdeployment.
ImagesdisplayedduringregistrationQuestion/Problem:TheimagesdisplayedinthepagebeforeuserregistrationappearinEnglishinsteadofthelocalelanguage.
Man-in-the-Middle/Man-in-the-Browser23-16OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerAnswer/Solution:Globalizedvirtualauthenticationdeviceimagefilesincludingtheauthenticationregistrationflowsarenotprovided.
Thedeploymentteamdevelopthese.
23.
9Man-in-the-Middle/Man-in-the-BrowserQuestion/Problem:IusemobiletransactionauthenticationnumbertosigneachtransactionusinganOTPviaSMS.
SMScostsarehigh.
HowcanOracleAdaptiveAccessManagerhelpInaddition,IwantasolutionthatprotectsagainstMan-in-the-Middle(MiTM)/Man-in-the-Browser(MiTB)attacks.
Answer/Solution:1.
UseOracleAdaptiveAccessManagertoassessriskandbasetheuseofsecondaryauthenticationsuchasmTANonrisk.
Then,SMScanbesentfortransactionsthataremediumtohighriskinsteadofalltransactions.
2.
OneofthebestwaystoprotectagainstMiTMandMiTBistoperformtransactionalriskanalysis.
Forexample,checktoseeifthetargetaccounthaseverbeenusedbythisuserbeforeoriftheuserhaseverperformedatransferoversetdollaramountthresholds.
Toperformtransactionalanalysisinreal-timetodayrequiresnativeintegrationwiththeWebapplication.
3.
UsePinPadtoinputthetargetaccountnumber.
Thisensuresthattheaccountnumberenteredbytheusercannotbeeasilychangedinasessionhijackingsituation.
TheaccountnumberisnotsentoverthewireandcannotbeeasilyalteredbyaMiTM/MiTB.
4.
ItisrecommendedthatKeyPadandPinPadvirtualauthenticationdevicesalwaysbeusedoverHTTPS.
Thevirtualauthenticationdevicessendtheonetimerandomdatageneratedontheend-user'smachine(mouseclickcoordinates)totheserverFailureCounterFAQ/Troubleshooting23-17tobedecodedandHTTPSprovidesthetraditionalencryptioninaddition.
Noclientsoftwareorlogicresidesontheend-user'smachinetobecompromised.
5.
WithOracleAdaptiveAccessManagerextremelyhighrisktransferscanbeblockedalltogether.
Blockinghighrisktransfersreducesthefraudregardlessoftheauthenticationmethodsused.
23.
10FailureCounterFortheautofailurecounterincrementtowork,ClientTypeforupdateAuthStatusmustbesetto9(Question/Answer).
FailureCounter23-18OracleFusionMiddlewareDeveloper'sGuideforOracleAdaptiveAccessManagerPartVIIIPartVIIIGlossaryThispartcontainstheglossary.
Glossary-1GlossaryAccessAuthenticationInthecontextofanHTTPtransaction,thebasicaccessauthenticationisamethoddesignedtoallowawebbrowser,orotherclientprogram,toprovidecredentials–intheformofausernameandpassword–whenmakingarequest.
ActionRuleresultwhichcanimpactuserssuchforcingthemtoregisterasecurityprofile,KBA-challengingthem,blockingaccess,askingthemforPINorpassword,andsoon.
AdaptiveRiskManagerAcategoryofOracleAdaptiveAccessManagerfeatures.
Businessandriskanalytics,fraudinvestigationandcustomerservicetoolsfallundertheAdaptiveRiskManagercategory.
AdaptiveStrongAuthenticatorAcategoryofOracleAdaptiveAccessManagerfeatures.
Alltheend-userfacinginterfaces,flows,andauthenticationmethodsfallundertheAdaptiveStrongAuthenticatorcategory.
AlertRuleresultscontainingmessagestargetedtospecifictypesofOracleAdaptiveAccessManagerusers.
APIAnApplicationProgrammingInterfacedefineshowtoaccessasoftware-basedservice.
OracleAdaptiveAccessManagerprovidesAPIstofingerprintdevices,collectauthenticationandtransactionlogs,runsecurityrules,challengetheusertoanswerpre-registeredquestionscorrectly,andgeneratevirtualauthenticationdevicessuchasKeyPad,TextPad,orQuestionPad.
AttributeAttributesaretheparticularpiecesofinformationassociatedwiththeactivitybeingtracked.
Anexampleisthetimeofdayforalogin.
Patternscollectdataaboutmembers.
IfthemembertypeisUser,thepatternwillcollectdataaboutusers.
AuthenticationTheprocessofverifyingaperson's,device's,application'sidentity.
Authenticationdealswiththequestion"Whoistryingtoaccessmyservices"AuthenticationStatusGlossary-2AuthenticationStatusAuthenticationStatusisthestatusofthesession(eachlogin/transactionattemptcreatesanewsession).
Examplesarelistedbelow:Ifauserlogsinforthefirsttimeandhegoesthroughtheregistrationprocess,butdecidesnottocompletetheregistrationprocessandlogsout,theauthenticationstatusforthisusersessionissetas"PendingActivation.
"Ifauserlogsinfromadifferentdevice/location,heischallenged.
Heanswersthechallengequestionsincorrectlyinallthethreeattempts,theauthenticationstatusforthissessionissetas"WrongPassword.
"Ifauserlogsinandistakentothefinaltransactionpageorsuccesspage,theauthenticationstatusfortheparticularsessionissetas"Success.
"Iftheuserisafraudandisblocked,thestatusforthesessionissetas"Block.
"AuthorizationAuthorizationregardsthequestion"Whocanaccesswhatresourcesofferedbywhichcomponents"AutolearningAutolearningisasetoffeaturesinOracleAdaptiveAccessManagerthatdynamicallyprofilebehaviorinreal-time.
Thebehaviorofusers,devicesandlocationsarerecordedandusedtoevaluatetheriskofcurrentbehavior.
BlackListAgivenlistofusers,devices,IPaddresses,networks,countries,andsoonthatareblocked.
Anattackfromagivenmembercanshowuponareportandbemanuallyaddedtoablacklistattheadministrator'sdiscretion.
BlockedIfauseris"Blocked,"itisbecauseapolicyhasfoundcertainconditionstobe"true"andissetuptorespondtotheseconditionswitha"BlockAction.
"Ifthoseconditionschange,theusermaynolongerbe"Blocked.
"The"Blocked"statusisnotnecessarilypermanentandthereforemayormaynotrequireanadministratoractiontoresolve.
Forexample,iftheuserwasblockedbecausehewaslogginginfromablockedcountry,butheisnolongerinthatcountry,hemaynolongerbe"Blocked.
"BotsSoftwareapplicationsthatrunautomatedororchestratedtasksoncompromisedPCsovertheinternet.
Anorganizationofbotsisknownasabotnetorzombienetwork.
BrowserFingerprintingWhentheuseraccessesthesystem,OAAMcollectsinformationaboutthecomputer.
Bycombiningallthatdata,thesitecreatesafingerprintoftheuser'sbrowser.
Thisfingerprintcouldpotentiallyuniquelyidentifytheuser.
Informationgatheredthatmakesupthebrowserfingerprintincludethebrowsertypeused,plug-insinstalled,systemfonts,andtheconfigurationandversioninformationfromtheoperatingsystem,andwhetherornotthecomputeracceptscookies.
Thebrowserandflashfingerprintsaretrackedseparately.
Thefingerprintsareavailableinthesessionlistinganddetailspagesandyoucangetfurtherdetailsaboutthefingerprintbyopeningtherespectivedetailspages.
Hence,youcanhavebothConditionGlossary-3fingerprintsavailable,butiftheuserhasnotinstalledflashthenthedigitalfingerprint(flash)issettonull.
CacheDataInformationabouthistoricaldataduringaspecifiedtimeframeCaseCasesprovidetoolstotrackandsolvecustomerserviceissues.
AcaseisarecordofalltheactionsperformedbytheCSRtoassistthecustomeraswellasvariousaccountactivitiesofthecustomer.
Eachcaseisallocatedacasenumber,auniquecaseidentificationnumber.
ChallengeQuestionsChallengeQuestionsareafinitelistofquestionsusedforsecondaryauthentication.
Duringregistration,usersarepresentedwithseveralquestionmenus.
Forexample,hemaybepresentedwiththreequestionmenus.
Ausermustselectonequestionfromeachmenuandenteranswersforthemduringregistration.
Onlyonequestionfromeachquestionmenucanberegistered.
Thesequestionsbecometheuser's"registeredquestions.
"WhenrulesinOAAMAdmintriggerchallengequestions,OAAMServerdisplaysthechallengequestionsandacceptstheanswersinasecurewayforusers.
ThequestionscanbepresentedintheQuestionPad,TextPad,andotherpads,wherethechallengequestionisembeddedintotheimageoftheauthenticator,orsimpleHTML.
ChallengeTypeConfigurationofatypeofchallenge(ChallengeEmail,ChallengeSMS,ChallengeQuestion)CheckpointAcheckpointisaspecifiedpointinasessionwhenOracleAdaptiveAccessManagercollectsandevaluatessecuritydatausingtherulesengine.
Examplesofcheckpointsare:Pre-authentication-Rulesarerunbeforeausercompletestheauthenticationprocess.
Post-authentication-Rulesarerunafterauserissuccessfullyauthenticated.
ConfigurableActionsConfigurableActionsallowausertocreatenewsupplementaryactionsthatoccuraftertherunningofrules.
CompletedRegistrationStatusoftheuserthathascompletedregistration.
Toberegisteredausermayneedtocompleteallofthefollowingtasks:Personalization(imageandphrase),registeringchallengequestions/answersandemail/cellphone.
ConditionConditionsareconfigurableevaluationstatementsusedintheevaluationofhistoricalandruntimedata.
CookieGlossary-4CookieAcookieisasmallstringoftextordatastoredonauser'scomputer.
OracleAdaptiveAccessManagerusestwotypesofcookiestoperformdeviceidentification.
Oneisthebrowsercookie(alsoknownassecurecookie)andtheotheristheflashcookie(alsoknownasdigitalcookie).
Thebrowsercookievalueisconstructedusingthebrowseruseragentstring.
TheflashcookievalueisconstructedusingdatafromtheOAAMflashmovie.
CSRCustomerservicerepresentativesresolvelowriskcustomerissuesoriginatingfromcustomercalls.
CSRshaslimitedaccesstoOAAMAdminViewthereasonwhyaloginortransactionwasblockedViewaseverityflagwithalertstatustoassistinescalationCompleteactionssuchasissuingtemporaryallowforacustomerCSRManagerACSRManagerisinchargeofoverallmanagementofCSRtypecases.
CSRManagershavealltheaccessandresponsibilitiesofaCSRplusaccesstomoresensitiveoperations.
DashboardProvidesareal-timeviewofactivityviaaggregatesandtrending.
DataMiningDataminingisthepracticeofautomaticallysearchinglargestoresofdatatodiscoverpatternsandtrendsthatgobeyondsimpleanalysis.
Dataminingusessophisticatedmathematicalalgorithmstosegmentthedataandevaluatetheprobabilityoffutureevents.
DataminingisalsoknownasKnowledgeDiscoveryinData(KDD).
Dataminingcananswerquestionsthatcannotbeaddressedthroughsimplequeryandreportingtechniques.
DataTypeAnattributeofdatathatrepresentsthekindandstructureofthedata.
Forexample,String.
DeliveryChannelDeliverymechanismusedtosendtheOTPtotheuser.
Email,SMS,IM,andsoonaredeliverychannels.
DeviceAcomputer,PDA,cellphone,kiosk,etcusedbyauserDeviceFingerprintingDevicefingerprintingcollectsinformationaboutthedevicesuchasbrowsertype,browserheaders,operatingsystemtype,locale,andsoon.
Fingerprintdatarepresentsthedatacollectedforadeviceduringtheloginprocessthatisrequiredtoidentifythedevicewheneveritisusedtologin.
Thefingerprintingprocessproducesafingerprintthatisuniquetotheuseranddesignedtoprotectagainstthe"replayattacks"andthe"cookiebasedregistrationbypass"process.
Thefingerprintdetailshelpinidentifyingadevice,checkwhetheritissecure,anddeterminetherisklevelfortheauthenticationortransaction.
ExecutionTypesGlossary-5Acustomertypicallyusesthesedevicestologin:desktopcomputer,laptopcomputer,PDA,cellphone,kiosk,orotherwebenableddevice.
DeviceIdentificationDuringtheregistrationprocess,theuserisgivenanoptiontoregisterhisdevicetothesystem.
Ifausertriestologinfromaregistereddevice,theapplicationknowsthatitisasafeandsecuredeviceandallowstheusertoproceedwithhistransactions.
Thisprocessisalsocalleddeviceidentification.
DeviceRegistrationDeviceregistrationisafeaturethatallowsausertoflagthedevice(computer,mobile,PDA,andothers)beingusedasasafedevice.
Thecustomercanthenconfiguretherulestochallengeauserthatisnotcomingfromoneoftheregistereddevices.
Oncethefeatureisenabled,informationaboutthedeviceiscollectedforthatuser.
Tomakeuseoftheinformationbeingcollected,policiesmustbecreatedandconfigured.
Forexample,apolicycouldbecreatedwithrulestochallengeauserwhoisnotlogginginfromoneoftheregistereddevices.
encryptedInformationthatismadeunreadabletoanyoneexceptthosepossessingspecialknowledgeEntitiesEditorAtooltoeditentities,auser-definedstructurethatcanbereusedacrossdifferenttransactions.
OnlyappropriateandrelatedfieldsshouldbegroupedintoanEntity.
EntityAnentityisauser-defineddatastructurethatcanbere-usedacrossdifferenttransactions.
EnvironmentToolsfortheconfigurationsystempropertiesandsnapshotsExpirationDateDatewhenCSRcaseexpires.
Bydefault,thelengthoftimebeforeacaseexpiresis24hours.
After24hours,thestatuschangesfromthecurrentstatustoExpired.
Thecasecouldbeinpending,escalatedstatuseswhenitexpires.
Afterthecaseexpires,theuserwillnotbeabletoopenthecaseanymore,buttheCSRManagercan.
Thelengthoftimebeforeacaseexpiresisconfigurable.
ExecutionTypesTwoexecutiontypesforconfigurableactionsarelisted:Synchronous-Synchronousactionsareexecutedintheorderoftheirpriorityinascendingorder.
Forexample,iftheuserwantstocreateacaseandthensendanemailwiththeCaseID,theuserwouldchoosesynchronousactions.
Synchronousactionswilltrigger/executeimmediately.
Iftheactionsareexecutinginsequentialorderandoneoftheactionsinthesequencedoesnottrigger,theotheractionswillstilltrigger.
Asynchronousactionsarequeuedforexecutionbutnotinanyparticularsequence.
Forexample,ifyouwanttosendanemailorperformsomeactionanddonotcareaboutexecutingitimmediatelyandarenotinterestedinanyorderofexecution,youwouldchooseasynchronousactions.
EnumerationsGlossary-6EnumerationsUser-definedenumsareacollectionofpropertiesthatrepresentalistofitems.
Eachelementinthelistmaycontainseveraldifferentattributes.
Thedefinitionofauser-definedenumbeginswithapropertyendinginthekeyword".
enum"andhasavaluedescribingtheuseoftheuser-definedenum.
Eachelementdefinitionthenstartswiththesamepropertynameastheenum,andaddsonanelementnameandhasavalueofauniqueintegerasanID.
Theattributesoftheelementfollowthesamepattern,beginningwiththepropertynameoftheelement,followedbytheattributename,withtheappropriatevalueforthatattribute.
ThefollowingisanexampleofanenumdefiningcredentialsdisplayedontheloginscreenofanOAAMServerimplementation:bharosa.
uio.
default.
credentials.
enum=EnumforLoginCredentialsbharosa.
uio.
default.
credentials.
enum.
companyid=0bharosa.
uio.
default.
credentials.
enum.
companyid.
name=CompanyIDbharosa.
uio.
default.
credentials.
enum.
companyid.
description=CompanyIDbharosa.
uio.
default.
credentials.
enum.
companyid.
inputname=comapanyidbharosa.
uio.
default.
credentials.
enum.
companyid.
maxlength=24bharosa.
uio.
default.
credentials.
enum.
companyid.
order=0bharosa.
uio.
default.
credentials.
enum.
username=1bharosa.
uio.
default.
credentials.
enum.
username.
name=Usernamebharosa.
uio.
default.
credentials.
enum.
username.
description=Usernamebharosa.
uio.
default.
credentials.
enum.
username.
inputname=useridbharosa.
uio.
default.
credentials.
enum.
username.
maxlength=18bharosa.
uio.
default.
credentials.
enum.
username.
order=1FatFingeringThisalgorithmhandlesAnswerswithtyposduetotheproximityofkeysonastandardkeyboard.
FlashFingerprintingFlashfingerprintingissimilartobrowserfingerprintingbutaflashmovieisusedbytheservertosetorretrieveacookiefromtheuser'smachinesoaspecificsetofinformationiscollectedfromthebrowserandfromflash.
Theflashfingerprintisonlyinformationifflashisinstalledontheclientmachine.
Thefingerprintsaretrackedseparately.
Thefingerprintsareavailableinthesessionlistinganddetailspagesandyoucangetfurtherdetailsaboutthefingerprintbyopeningtherespectivedetailspages.
Hence,youcanhavebothfingerprintsavailable,butiftheuserhasnotinstalledflashthenthedigitalfingerprint(flash)issettonull.
FraudInvestigatorAFraudInvestigatorprimarilylooksintosuspicioussituationseitherescalatedfromcustomerserviceordirectlyfromOracleAdaptiveAccessManageralerts.
AgentshaveaccesstoallofthecustomercarefunctionalityaswellasreadonlyrightstosecurityadministrationandBIPublisherreporting.
FraudInvestigationManagerAFraudInvestigationManagerhasalloftheaccessanddutiesofaninvestigatorplustheresponsibilitytomanageallcases.
AnInvestigationManagermustroutinelysearchforexpiredcasestomakesurenonearepending.
FraudScenarioAfraudscenarioisapotentialoractualdeceptivesituationinvolvingmaliciousactivitydirectedatacompany'sonlineapplication.
LockedGlossary-7Forexample,youhavejustarrivedattheofficeonMondayandloggedintoOAAMAdmin.
Younoticethatthereareahighnumberofloginswiththestatus"WrongPassword"and"InvalidUser"cominginfromafewusers.
Someappeartobecominginfromdifferentcountries,andsomeappeartobelocal.
Youreceiveacallfromthefraudteamnotifyingyouthatsomeaccountshavebeencompromised.
Youmustcomeupwithasetofrulesthatcanidentifyandblockthesetransactions.
GroupsCollectionoflikeitems.
GroupsarefoundinthefollowingsituationsGroupsareusedinruleconditionsGroupsthatlinkpolicytousergroupsActionandalertgroupsHTTPHypertextTransferProtocolIPaddressInternetProtocol(IP)addressJobAjobisacollectionoftasksthatcanberunbyOAAM.
Youcanperformavarietyofjobssuchasloaddata,runriskevaluation,rollupmonitordata,andotherjobs.
KBAPhoneChallengeUserscanbeauthenticatedoverthephoneusingtheirregisteredchallengequestions.
ThisoptionisnotavailableforunregisteredusersorindeploymentsnotusingKBA.
KeyPadVirtualkeyboardforentryofpasswords,creditcardnumber,andon.
TheKeyPadprotectsagainstTrojanorkeylogging.
KeystrokeLoggersSoftwarethatcapturesauser'skeystrokes.
Keyloggingsoftwarecanbeusedtogathersensitivedataenteredonauser'scomputer.
KnowledgeBasedAuthentication(KBA)OAAMknowledgebasedauthentication(KBA)isauserchallengeinfrastructurebasedonregisteredchallengequestions.
IthandlesRegistrationLogic,challengelogic,andAnswerLogic.
LocationAcity,state,country,IP,NetworkID,etcfromwhichtransactionrequestsoriginate.
Locked"Locked"isthestatusthatOracleAdaptiveAccessManagersetsiftheuserfailsaKBAorOTPchallenge.
The"Locked"statusisonlyusediftheKBAorOneTime-Password(OTP)facilityisinuse.
OTP:OTPsendsaone-timePINorpasswordtotheuserthroughaconfigureddeliverymethod,andiftheuserexceedsthenumberofretrieswhenattemptingtoprovidetheOTPcode,theaccountbecomes"Locked.
"MalwareGlossary-8KBA:Foronlinechallenges,acustomerislockedoutofthesessionwhentheOnlineCounterreachesthemaximumnumberoffailures.
Forphonechallenges,acustomerislockedoutwhenthemaximumnumberoffailuresisreachedandnochallengequestionsareleft.
Afterthelockout,aCustomerServiceRepresentativemustresetthestatusto"Unlocked"beforetheaccountcanbeusedtoenterthesystem.
MalwareMalwareissoftwaredesignedtoinfiltrateordamageacomputersystemwithouttheowner'sinformedconsent.
Malwaremaycontainkeyloggersorothertypesofmaliciouscode.
Man-In-The-Middle-Attack(ProxyAttacks)Anattackinwhichafraudsterisabletoread,insertandmodifyatwill,messagesbetweentwopartieswithouteitherpartyknowingthatthelinkbetweenthemhasbeencompromisedMultifactorAuthenticationMultifactorauthentication(MFA)isasecuritysysteminwhichmorethanoneformofauthenticationisimplementedtoverifythelegitimacyofatransaction.
Incontrast,singlefactorauthentication(SFA)involvesonlyaUserIDandpassword.
MultiprocessingModules(MPMs)ApachehttpdshipswithaselectionofMulti-ProcessingModules(MPMs)whichareresponsibleforbindingtonetworkportsonthemachine,acceptingrequests,anddispatchingchildrentohandletherequests.
MutualAuthenticationMutualauthenticationortwo-wayauthentication(sometimeswrittenas2WAYauthentication)referstotwopartiesauthenticatingeachothersuitably.
Intechnologyterms,itreferstoaclientoruserauthenticatinghimselftoaserverandthatserverauthenticatingitselftotheuserinsuchawaythatbothpartiesareassuredoftheothers'identity.
NativeIntegrationNativeintegrationinvolvescustomizingtheapplicationtoincludeOAAMAPIcallsatvariousstagesoftheloginprocess.
TheapplicationinvokesOracleAdaptiveAccessManagerdirectlyandtheapplicationitselfmanagestheauthenticationandchallengeflows.
SOAPservicewrapperAPI:TheapplicationcommunicateswithOracleAdaptiveAccessManagerusingtheOracleAdaptiveAccessManagernativeclientAPI(SOAPservicewrapperAPI)orviaWebservices.
TheapplicationmakesSOAPcallstointeractwithOracleAdaptiveAccessManager.
Staticlinking:TheprocessingengineforOracleAdaptiveAccessManager(OAAMLibrary)isimbeddedwiththeapplication.
Itleveragestheunderlyingdatabasedirectlyforprocessing.
OAAMAdminAdministrationWebapplicationforallenvironmentandAdaptiveRiskManagerandAdaptiveStrongAuthenticatorfeatures.
PersonalizationActiveGlossary-9OAAMServerAdaptiveRiskManagerandAdaptiveStrongAuthenticatorfeatures,Webservices,LDAPintegrationanduserWebapplicationusedinalldeploymenttypesexceptnativeintegrationOneTimePassword(OTP)OneTimePassword(OTP)isaformofoutofbandauthenticationthatisusedasasecondarycredentialandgeneratedatpre-configuredcheckpointsbasedonthepoliciesconfigured.
OTPAnywhereOTPAnywhereisarisk-basedchallengesolutionconsistingofaservergeneratedonetimepassworddeliveredtoanenduserviaaconfiguredoutofbandchannel.
SupportedOTPdeliverychannelsincludeshortmessageservice(SMS),eMail,instantmessagingandvoice.
OTPAnywherecanbeusedtocomplimentKBAchallengeorinsteadofKBA.
AswellbothOTPAnywhereandKBAcanbeusedalongsidepracticallyanyotherauthenticationtyperequiredinadeployment.
OracleAdaptiveAccessManageralsoprovidesachallengeprocessorframework.
Thisframeworkcanbeusedtoimplementcustomrisk-basedchallengesolutionscombiningthirdpartyauthenticationproductsorserviceswithOAAMreal-timeriskevaluations.
OracleAdaptiveAccessManagerAproducttoprotecttheenterpriseanditscustomersonline.
OracleAdaptiveAccessManagerprovidesmultifactorauthenticationsecurityevaluatesmultipledatatypestodetermineriskinreal-timeaidsinresearchanddevelopmentoffraudpoliciesinofflineenvironmentintegrateswithaccessmanagementapplicationsOracleAdaptiveAccessManageriscomposedoftwoprimarycomponents:OAAMServerandOAAMAdmin.
OracleDataMining(ODM)OracleDataMiningisanoptiontotheOracleDatabaseEE,providespowerfuldataminingfunctionalityOrganizationIDTheuniqueIDfortheorganizationtheuserbelongsinOutOfBandAuthenticationTheuseoftwoseparatenetworksworkingsimultaneouslytoauthenticateauser.
Forexample:email,SMS,phone,andsoon.
PatternPatternsareconfiguredbyanadministratorandrecordthebehavioroftheusers,deviceandlocationsaccessingthesystembycreatingadigestoftheaccessdata.
Thedigestorprofileinformationisthenstoredinahistoricaldatatable.
Rulesevaluatethepatternstodynamicallyassessrisklevels.
PersonalizationActiveStatusoftheuserwhohasanimage,aphraseandquestionsactive.
Personalizationconsistsofapersonalbackgroundimageandphrase.
ThetimestampisgeneratedbyPharmingGlossary-10theserverandembeddedinthesingle-useimagetopreventreuse.
EachAuthenticatorinterfaceisasingleimageserveduptotheuserforasingleuse.
PharmingPharming(pronouncedfarming)isanattackaimingtoredirectaWebsite'straffictoanother,bogusWebsite.
PhishingAcriminalactivityutilizingsocialengineeringtechniquestotrickusersintovisitingtheircounterfeitWebapplication.
Phishersattempttofraudulentlyacquiresensitiveinformation,suchasusernames,passwordsandcreditcarddetails,bymasqueradingasatrustworthyentity.
Oftenaphishingexercisestartswithanemailaimedtolureingullibleusers.
PinPadAuthenticationentrydeviceusedtoenteranumericPIN.
Plug-inAplug-inconsistsofacomputerprogramthatinteractswithahostapplication(awebbrowseroranemailclient,forexample)toprovideacertain,usuallyveryspecific,function"ondemand".
PolicyPoliciescontainsecurityrulesandconfigurationsusedtoevaluatethelevelofriskateachcheckpoint.
PolicySetApolicysetisthecollectionofallthecurrentlyconfiguredpoliciesusedtoevaluatetraffictoidentifypossiblerisks.
Thepolicysetcontainsthescoringengineandaction/scoreoverrides.
PolicyStatusPolicyhasthreestatuswhichdefinesthestateoftheobjectoritsavailabilityforbusinessprocesses.
ActiveDisabledDeletedDeletedisnotused.
Whenapolicyisdeleted,itispermanentlydeletedfromthedatabase.
ByDefaulteverynewpolicycreatedhasstatusas"Active.
"Everycopiedpolicyhasadefaultstatusas"Disabled.
"Post-AuthenticationRulesarerunaftertheuserpasswordhasbeenauthenticated.
Commonactionsreturnedbypost-authenticationcheckpointinclude:Allowtoallowtheusertoproceedforward.
Blocktoblocktheuserfromproceedingforward.
Challengetochallengetheuser.
ScoringEngineGlossary-11Pre-AuthenticationRulesarerunbeforetheuserisauthenticated.
Commonvaluesreturnedbythepre-authenticationcheckpointinclude:Allowtoallowtheusertoproceedforward.
Blocktoblocktheuserfromproceedingforward.
PredictiveAnalysisPredictiveanalyticsencompassesavarietyoftechniquesfromstatistics,dataminingandgametheorythatanalyzecurrentandhistoricalfactstomakepredictionsaboutfutureevents.
QuestionsActiveStatusoftheuserwhohascompletedregistrationandquestionsexistsbywhichhecanbechallenged.
QuestionSetThetotalnumberofquestionsacustomercanchoosefromwhenregisteringchallengequestions.
QuestionPadDevicethatpresentschallengequestionsforuserstoanswerbeforetheycanperformsensitivetasks.
Thismethodofdataentryhelpstodefendagainstsessionhijacking.
RegistrationAnenrollmentprocesswhereinthecustomerregisterschallengequestions,secretimages,textphrases,one-timepasswords,andsoonforanotherlayerofsecurityinadditiontotheloginprocess.
RegisteredQuestionsAcustomer'sregisteredquestionsarethequestionsthatheselectedandansweredduringregistrationorreset.
Onlyonequestionfromeachquestionmenucanberegistered.
RegistrationLogicTheconfigurationoflogicthatgovernstheKBAregistrationprocess.
RiskScoreThenumericrisklevelassociatedwithacheckpoint.
RuleConditionsConditionsarethebasicbuildingblocksforsecuritypolicies.
RulesRulesareacollectionofconditionsusedtoevaluateuseractivity.
ScoresScorereferstothenumericscoringusedtoevaluatetherisklevelassociatedwithaspecificsituation.
Apolicyresultsinascore.
ScoringEngineOracleAdaptiveAccessManagerusesscoringenginestocalculatetheriskassociatedwithaccessrequests,events,andtransaction.
SecurityTokenGlossary-12Scoringenginesareusedatthepolicyandpolicysetlevels.
ThePolicyScoringEngineisusedtocalculatethescoreproducedbythedifferentrulesinapolicy.
ThePolicySetScoringEngineisusedtocalculatethefinalscorebasedonthescoresofpolicies.
Wheretherearenumerousinputs,scoringisaabletosummarizeallthesevariouspointsintoascorethatdecisionscanbebasedon.
SecurityTokenSecuritytokens(orsometimesahardwaretoken,hardtoken,authenticationtoken,USBtoken,cryptographictoken)areusedtoproveone'sidentityelectronically(asinthecaseofacustomertryingtoaccesstheirbankaccount).
Thetokenisusedinadditiontoorinplaceofapasswordtoprovethatthecustomeriswhotheyclaimtobe.
Thetokenactslikeanelectronickeytoaccesssomething.
SeverityLevelAmarkertocommunicatetocasepersonnelhowseverethiscaseis.
Theseveritylevelissetbywhomevercreatesthecase.
TheavailableseveritylevelsareHigh,Medium,andLow.
Ifacustomersuspectsfraud,thentheseveritylevelassignedis"High.
"Forexample,ifthecustomerwantsadifferentimage,thentheseveritylevelassignedis"Low.
"Severitylevelsofacasecanbeescalatedordeescalatedasnecessary.
SessionHijackingThetermSessionHijackingreferstotheexploitationofavalidcomputersession-sometimesalsocalledasessionkey-togainunauthorizedaccesstoinformationorservicesinacomputersystemSnapshotAsnapshotisazipfilethatcontainsOracleAdaptiveAccesspolicies,dependentcomponentsandconfigurationsforbackup,disasterrecoveryandmigration.
Snapshotscanbesavedtothedatabaseforfastrecoveryortoafileformigrationbetweenenvironmentsandbackup.
Restoringasnapshotisaprocessthatincludesvisibilityintoexactlywhatthedeltaisandwhatactionswillbetakentoresolveconflicts.
SOAPSOAP,originallydefinedasSimpleObjectAccessProtocol,isaprotocolspecificationforexchangingstructuredinformationintheimplementationofWebServicesincomputernetworks.
ItreliesonExtensibleMarkupLanguage(XML)asitsmessageformat,andusuallyreliesonotherApplicationLayerprotocols(mostnotablyRemoteProcedureCall(RPC)andHTTP)formessagenegotiationandtransmission.
SOAPcanformthefoundationlayerofawebservicesprotocolstack,providingabasicmessagingframeworkuponwhichwebservicescanbebuilt.
SocialEngineeringSocialengineeringisacollectionoftechniquesusedtomanipulatepeopleintoperformingactionsordivulgingconfidentialinformationtoafraudulententity.
SpoofingAttackInthecontextofnetworksecurity,aspoofingattackisasituationinwhichonepersonorprogramsuccessfullymasqueradesasanotherbyfalsifyingdataandtherebygaininganillegitimateadvantage.
TransactionTypeGlossary-13SpywareSpywareiscomputersoftwarethatisinstalledsurreptitiouslyonapersonalcomputertointerceptortakepartialcontrolovertheuser'sinteractionwiththecomputer,withouttheuser'sinformedconsent.
StrongAuthenticationAnauthenticationfactorisapieceofinformationandprocessusedtoauthenticateorverifytheidentityofapersonorotherentityrequestingaccessundersecurityconstraints.
Two-factorauthentication(T-FA)isasystemwhereintwodifferentfactorsareusedinconjunctiontoauthenticate.
Usingtwofactorsasopposedtoonefactorgenerallydeliversahigherlevelofauthenticationassurance.
Usingmorethanonefactorissometimescalledstrongauthentication.
TemporaryAllowTemporaryaccountaccessthatisgrantedtoacustomerwhoisbeingblockedfromlogginginorperformingatransaction.
TextPadPersonalizeddeviceforenteringapasswordorPINusingaregularkeyboard.
Thismethodofdataentryhelpstodefendagainstphishing.
TextPadisoftendeployedasthedefaultforallusersinalargedeploymenttheneachuserindividuallycanupgradetoanotherdeviceiftheywish.
Thepersonalimageandphraseauserregistersandseeseverytimetheylogintothevalidsiteservesasasharedsecretbetweenuserandserver.
TransactionAtransactiondefinesthedatastructureandmappingtosupportapplicationevent/transactionanalytics.
TransactionDataDatathatisanabstractitemorthatdoesnothaveanyattributesbyitself,doesnotfitintoanyentity,whichexistsorisuniquebyitselfisdefinedastransactiondata.
Itemsthatcannotfallintoanentityareclassifiedasstandalonedata.
Aclassicexampleisamountorcode.
TransactionDefinitionApplicationdataismappedusingthetransactiondefinitionbeforetransactionmonitoringandprofilingcanbegin.
EachtypeoftransactionOracleAdaptiveAccessManagerdealswithshouldhaveaseparatetransactiondefinition.
TransactionKeyThiskeyvalueisusedtomaptheclient/externaltransactiondatatotransactionsintheOracleAdaptiveAccessManagerServer.
TriggerAruleevaluatingtotrue.
TransactionTypeTheTransactionDefinitionsthathavebeenconfiguredinthisspecificinstallationsuchasauthentication,billpay,wiretransfer,andothers.
Trojan/TrojanHorseGlossary-14Trojan/TrojanHorseAprogramthatinstallsmalicioussoftwarewhileundertheguiseofdoingsomethingelse.
UserAbusiness,person,creditcard,etcthatisauthorizedtoconducttransactions.
ValidationsAnswervalidationusedintheKBAquestionregistrationandchallengeprocessVirtualAuthenticationDevicesApersonalizeddeviceforenteringapasswordorPINoranauthenticationcredentialentrydevice.
Thevirtualauthenticationdeviceshardentheprocessofenteringandtransmittingauthenticationcredentialsandprovideenduserswithverificationtheyareauthenticatingonthevalidapplication.
Index-1IndexAAbstractChallengeProcessor,11-2accessandpasswordmanagementIntegration,16-1ApplicationID,8-6ASP.
NETapplicationsintegration,3-1authenticateQuestion,2-20Authenticator/Authentipad,10-1authenticatorframe,10-5autolearning,Glossary-2BBackspaceKeyHotspotKeyPad,10-12PinPad,10-10bharosa_pad.
js,3-9bharosa_server.
properties,8-2,10-5bharosa.
cipher.
client.
key,3-3BharosaClient.
getAuthentiPad(),3-8BharosaUtil.
exe,3-3BharosaUtils.
exe,3-3bulktransactions,creatingandupdating,3-7CcancelAllTemporaryAllows,4-7CapsStatesKeyPad,10-12challengefailurecounters,reset,3-8challengeprocessor,11-2challengequestions,validatinguser,3-7ChallengetheUser(S6),2-18KBA,2-18OTP,2-18challengetype,11-2Challenge.
jsp,2-19ChallengeProcessorIntf,11-2CheckAnswerstoChallenge(C3)forKBA,2-19forOTP,2-19checkregistrationforuser,2-16clearSafeDeviceList,4-7client_resource_locale.
properties,8-3client_resource.
properties,10-5com.
bharosa.
vcrypt.
tracker.
dynamicactions.
intf.
DynamicActionjavainterface,12-1ConfigurableActionsexecutinginorderanddatasharing,12-2integration,12-1JUnitcodeexample,12-3cookiesindeviceidentification,2-10createAuthentiPad,2-12,2-13,2-14,2-19createPersonalizedAuthentiPad,2-12,2-13,2-14,2-19createTransaction,4-8customchallengeprocessors,developing,20-1customloaderforOAAMOffline,developing,22-1customloginpage,2-9CustomizingOracleAdaptiveAccessManager,7-1DDecodeVirtualAuthenticationDeviceInputflow(P4),2-14decodeKeyPadCode,2-14decodePadInput,2-14DefaultUserGroups,determining,8-7Developer'sGuide,introduction,1-1DeviceFingerprintflow(F2),2-9DeviceFingerprinting,15-1deviceID,RulesEnginereturn,3-6deviceidentificationclientsideplug-in,14-2deviceidentificationplug-in,developing,14-2deviceidentification,extending,14-1deviceregistration,enable,13-1deviceregistration,enabling,1-3DisplayTextPadorKeyPadflows(S4andS5),2-13EencryptImageToStream,2-14EnterKeyHotspotKeyPad,10-12PinPad,10-10QuestionPad,10-11TextPad,10-10EnterRegistrationFlow(P6),2-17enumerationdefinition,3-3ExtensionsSharedLibrary,7-1Index-2FFAQ/troubleshooting,23-1configurableactions,23-14localization,23-15Man-in-the-Middle/Man-in-the-Browser,23-16One-TimePassword,23-14UniversalInstallationOptionProxy,23-9virtualauthenticationdevices,23-12fingerprintingdevice,2-9flashfingerprinting,15-1definitionsofvariablesandparameters,15-1forwardproxy,6-2GGenerateNon-PersonalizedTextPadflow(P2),2-11GeneratePersonalizedTextPadorKeyPadflow(P3),2-12generateOTP,4-9GenericTextPad,2-11getActionCount,4-9getAuthentiPad,2-11,2-17getFinalAuthStatus,4-10getHTML,2-12,2-13,2-14,2-19getRulesData,4-10getSecretQuestions,2-19getUserByLoginId,2-12,2-13,2-14,4-11HhandleChallenge.
jsp,2-18,2-20handleFlash.
jsp,2-9handleJump.
jsp,2-9,2-10handlePassword.
jsp,2-14,2-15,2-16handleTransactionLog,4-12HTMLcontrols,10-5IIBharosaProxy.
createTransactions(),3-7IBharosaProxy.
updateTransactions(),3-7imageToStream,2-14integrationnative,2-1nativeandwebservices,1-2staticlinked,1-2integrationoptionsAdaptiveRiskManagerandKBAScenario,2-20virtualauthenticationdevicesandKBAscenario,2-7IsDeviceMarkedSafe,4-13JJitter,10-1Kkbimage.
jsp,2-11,2-14KeyRandomization,10-1KeyPad,2-12,10-4KeyPadauthenticatorproperties,10-7KeyPadvisualelements,10-12LLandingorSplashPage,2-20LifecycleManagementChanges,18-1LockOutpage,2-20MmarkDeviceSafe,4-13masking,10-1memcache,configuring,6-12migratingaativeapplicationsthatcannotuseOAAMsharedlibrary,17-2MigratingnativeapplicationstoOAAM11g,17-1migratingnativeSOAPapplicationstoOAAM11g,17-2migratingnativestaticlinked(InProc)applicationstoOAAM11g,17-1multi-factorauthenticator,adding,6-38multitenancy,8-5Nnativeandwebservicesintegration,1-2NativeAPIforOTPchallenge,5-1nativeintegration,2-1Java,4-1.
NET,4-1.
NETapplications,3-1SOAPservicewrapperAPI,2-2nativeintegration.
NETconfigurationpropertyfiles,3-2encryptingpropertyvalues,3-3installingSDK,3-1RulesEngine,3-6troubleshooting,3-10virtualauthenticationdevices,3-8nativeintegrationoptions,2-7.
NETAPI,4-1.
NETAPI,tracingmessages,3-10.
NETAPI,using,3-1OOAAMOracleBIPublisherreports,creating,19-1OAAMServer,6-2customizinguserinterfacebranding,8-8determiningdefaultusergroups,8-7properties,customizing,8-7OAAMServerinterface,proxy,6-32OAAMServerWebapplication,1-2OAAMServerWebapplication,customizing,8-1OAAMTransactionsreports,building,19-6OAAM_LOAD_DATA_VIEW,21-1oaam_native_dot_net.
zip,3-1Offset,10-1OneTimePassword(OTP),5-1,11-2Index-3OneTimePassword(OTP)authenticationwithOracleUserMessagingService(UMS),11-2OracleAccessManager,16-1OracleAdaptiveAccessManagerAPIs,4-6OracleAdaptiveAccessManager'sUniversalInstallationOption,6-1OracleIdentityManager,16-1OracleUserMessagingService(UMS),11-2OrganizationID,8-7OTPconfigureUMSserverURLsandcredentials,11-5configuringthechallengepads,11-11customizeOTPemailmessage,11-17customizeOTPIMmessage,11-17customizeOTPvoicemessage,11-17customizingOTPAnywheredatastorage,11-12definingemailinput,11-15definingIMinput,11-16definingOptOut,11-10definingphoneinput,11-15emailregistration,11-15,11-16enableprofileregistration,11-6registeremailchallengeprocessor,11-18registerIMchallengeprocessor,11-18registerprocessorstoperformworkforchallengetype,11-11registervoicechallengeprocessor,11-19TermsandConditions,11-8OTPchallengeAPI,5-1OTPIntegration,20-1OTPUserInformationProperties,20-6OTPusingUMSasadeliverymethod,11-4PPasswordStatusflow(C1),2-15password.
jsp,2-11,2-13,2-14,2-17Personalization,10-1personalizedimage,10-5personalizedKeyPad,2-12personalizedTextPad,2-12Phrase(Caption)KeyPad,10-12PinPad,10-10QuestionPad,10-11TextPad,10-9PinPad,10-3PinPadauthenticatorproperties,10-6PinPadvisualelements,10-10Pre-Authenticationrules,2-10Pre-AuthenticationRulesflow(R1),2-10processPatternAnalysis,4-13processRules,2-10,2-11,2-16,2-17,2-18,2-20,4-14propertiesinapplications,extend,8-8proxyapplicationdiscovery,6-35get-serveraction,6-29globalvariables,6-30interceptionprocess,6-31OAAMServerinterface,6-32post-serveraction,6-29pre-definedrequestvariables,6-30redirect-clientaction,6-28requestvariables,6-30scenarios,6-37send-to-clientaction,6-29send-to-serveraction,6-29sessionvariables,6-30proxyconditions,6-21proxyconfiguration,6-19proxyfilters,6-24ProxyforApache,6-8ConfigFile,6-16configuringhttpd.
conf,6-14GlobalVariable,6-16httpdrequirements,6-10log4j.
xml,6-16Memcache,6-16UIO_log4j.
xml,6-18UIO_Settings.
xml,6-15ProxyforApachesettings,6-17ProxyforMicrosoftISAconfigurationfilessettings,6-6configurationreloadsettings,6-7proxyWebpublishingconfiguration,6-4registeringforMicrosoftISADLL,6-6sessionIDcookiesettings,6-7sessioninactiveintervalsettings,6-7troubleshootingsettings,6-8ProxyforMicrosoftISAinstallation,6-4proxyinterceptors,6-20proxyvariables,6-29QQuestionTextQuestionPad,10-11QuestionPad,10-3QuestionPadauthenticatorproperties,10-6QuestionPadvisualelements,10-11RresetChallengeFailureCounters(),3-8resetUser,4-17reverseproxy,6-2RunAuthenticationRules(R6),2-18RunChallengeRules(R5),2-17RunChallengeRulesflow(R5),2-17RunPost-AuthenticationRules(R3),2-15RunRegistrationRequiredRules(R4),2-16RunVirtualAuthenticationRulesflow(R2),2-10runPostAuthRules,2-16runPreAuthRules,2-10Sscoringengine,Glossary-11setTemporaryAllow,4-16SOAPcredentials,3-9SOAPservicewrapperAPI(forJavaor.
NETIndex-4applications),2-1SOAPServices,2-2soap_key.
file,4-4staticlinkedintegration,1-2static-linkedlibraryforJavaapplications,2-1system_soap.
keystore,4-4TTextPad,2-12,10-2TextPadauthenticatorproperties,10-5TextPadvisualelements,10-9TimestampKeyPad,10-12PinPad,10-10QuestionPad,10-11TextPad,10-9timestamp,10-1timestamp,phraseandkeyset,10-5transactiondetailscollectionAPI,3-5transientpage,2-9UUniversalInstallationOption,6-2UpdateAuthenticationStatusflow(P5),2-15updateAuthStatus,2-15,2-20,4-17updateLog,2-9,4-18updateStatus,2-15updateTransaction,4-19userdetailsinitsdatabase,storing,3-4UserGroup,8-6userinterfacebranding,customizing,8-8userlogininformation,capturing,3-5userloginstatus,capturing,3-5UserNamePage(S1)flow,2-9usersessionattributes,capturing,3-5User/PasswordPage(S1.
1),2-20VValidateUserandPasswordflow(CP1),2-14validateAnswer,2-18,2-20VCryptAuth,2-3VCryptCC,2-3VCryptCommon,2-2VCryptResponse,4-6VCryptRulesEngine,2-3VCryptTracker,2-3viewofanon-OAAMdatabase,creating,21-1virtualauthenticationdeviceaccessibleversions,10-15backgroundimages,10-7customizationsteps,10-13displaying,10-14exampleusingGermanlocale,10-16framedesignandelementpositioning,10-7KeySet,10-7localizing,10-16types,10-2validatinguser,3-9visibletextinputorpassword(non-visible)inputsetting,10-12VirtualAuthenticationDevicedisplayconfiguration,10-7VirtualAuthenticationDeviceproperties,10-5VirtualAuthenticationDevicepropertyfiles,10-5virtualauthenticationdevice,embedding,3-9virtualauthenticationdevicesbackgroundimages,10-2composition,10-5creating,3-8embeddinginaWebpage,3-9KeyPad,10-4PinPad,10-3QuestionPad,10-3TextPad,10-2virtualauthenticationdevices,inASP.
NETapplications,3-8VirtualKeypad/Keyboard,10-1WWebListenercreation,6-4WebpublishingrulecreationforOAAMServer,6-5forprotectedWebapplications,6-5Webpublishingrulesandlisteners,6-4Webpublishingrulescreation,6-4web.
configfile,3-9