Contents

List of Figures

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Conventions

1 Installation and Configuration Overview

• 1.1 Oracle Adaptive Access Manager
• 1.2 Oracle Adaptive Access Manager Integrations
  • 1.2.1 Native Integration
  • 1.2.2 Universal Installation Option Integration
  • 1.2.3 Access Management Integration
  • 1.2.4 SAML Integration
• 1.3 What Web Applications to Deploy?
• 1.4 Oracle Adaptive Access Manager Architecture
  • 1.4.1 Simple Architectural Scenario for Deployment
  • 1.4.2 Recommended Architectural Scenario for Deployment
  • 1.4.3 Adaptive Risk Manager Offline
• 1.5 Installation Checklist
• 1.6 Validation Checklist

2 Preparing for the Installation

• 2.1 Getting Started
  • 2.1.1 Package Contents
  • 2.1.2 Supported Configurations
• 2.2 Prerequisites and Dependencies
  • 2.2.1 Adaptive Risk Manager Online and Offline
  • 2.2.2 Adaptive Strong Authenticator

3 Creating an Oracle Database Schema

• 3.1 Installation Steps Overview
• 3.2 Database Character Set
• 3.3 Oracle Initialization Parameters
• 3.4 Running the Scripts
  • 3.4.1 Windows
  • 3.4.2 UNIX
• 3.5 Setup Prompts
• 3.6 Scripts
  • 3.6.1 db_setup.sql
  • 3.6.2 cr_vcrypt_tbs.sql
  • 3.6.3 cr_vcrypt_usr.sql
  • 3.6.4 cr_vcrypt_obj.sql
  • 3.6.5 Seed Data Initialization Steps
    • 3.6.5.1 oracle_user_init.sql
    • 3.6.5.2 oracle_policy_init.sql
    • 3.6.5.3 oracle_default_locales.sql
    • 3.6.5.4 oracle_answerhints.sql
    • 3.6.5.5 oracle_bharosaconfig.sql
    • 3.6.5.6 oracle_scoringpolicy.sql
    • 3.6.5.7 oracle_validations.sql
• 3.7 Partition Reference
  • 3.7.1 Tables
    • 3.7.1.1 Static Partition Tables
    • 3.7.1.2 Transactional Partition Tables
  • 3.7.2 Partition Maintenance Scripts
    • 3.7.2.1 Add_Monthly_Partition_tables.sql
    • 3.7.2.2 Add_Weekly_Partition_tables.sql
    • 3.7.2.3 Drop_Monthly_Partition_tables.sql
    • 3.7.2.4 Drop_Weekly_Partition_tables.sql

4 Creating a SQL Server Schema

• 4.1 Prerequisites
• 4.2 Installation Steps
• 4.3 Scripts
  • 4.3.1 Create Database
  • 4.3.2 Create Login
  • 4.3.3 Load Initialization Data
• 4.4 Database Properties

5 Loading IP Location Data

6 Installing Adaptive Risk Manager

• 6.1 Creating Groups/Roles
• 6.2 Deployment on the Application and Web Servers
  • 6.2.1 WebLogic
  • 6.2.2 Tomcat
  • 6.2.3 WebSphere

7 Installing the Adaptive Strong Authenticator

• 7.1 Deploying Adaptive Strong Authenticator
  • 7.1.1 WebLogic Application Server
  • 7.1.2 Tomcat Web Server
  • 7.1.3 IBM WebSphere Application Server
• 7.2 Accessing Adaptive Strong Authenticator

8 Installing and Configuring Adaptive Access Manager Offline

• 8.1 Installation Checklist for Adaptive Risk Manager Offline
• 8.2 The Offline Database
  • 8.2.1 Database Server with Good I/O capability
  • 8.2.2 Proper Database Server Configuration
  • 8.2.3 Database Indexes
• 8.3 What to Do After Installing Adaptive Risk Manager Offline

9 Installing the Proxy

10 Setting Up Encryption

• 10.1 Creating a Keystore for Encrypting Configuration Values
• 10.2 Creating a Keystore for Encrypting Database Data
• 10.3 Other Procedures

11 Configuring SOAP/Web Services Access

• 11.1 Adaptive Risk Manager SOAP/Web Services Set Up
• 11.2 Adaptive Strong Authenticator/Native Client SOAP/Web Services Set Up
• 11.3 Security Recommendations
• 11.4 How to Disable HTTP Authentication for Web Services
• 11.5 Other Procedures

12 Configuring Server Properties

• 12.1 Updating the bharosa_server.properties File
• 12.2 Sample Code

13 Configuring Database Connectivity

• 13.1 Configuring sessions.xml for JDBC
  • 13.1.1 sessions.xml Tags for JDBC
  • 13.1.2 sessions.xml File Sample for JDBC
• 13.2 Configuring sessions.xml for JNDI
  • 13.2.1 sessions.xml Tags for JNDI
  • 13.2.2 sessions.xml File Sample for JNDI
• 13.3 TopLink platform-class
  • 13.3.1 Oracle
  • 13.3.2 Microsoft

14 Setting Up Background Images

• 14.1 Setting Up the Images for Authentication Devices
• 14.2 Sample Code

15 Configuring Client Properties

• 15.1 Modifying the bharosa_client.properties File
• 15.2 Properties

16 Setting Up Logging

• 16.1 Pre-requisites for Email Alerts
• 16.2 Create a Log Directory
• 16.3 Editing the Log4j.xml Parameters
• 16.4 Commonly Edited log4j.xml Parameters
• 16.5 Levels of Alert
• 16.6 Fraud Detection
• 16.7 Levels of Alert
• 16.8 Best Practices

17 Globalization Support

• 17.1 Configuring Language Defaults for Oracle Adaptive Access Manager
  • 17.1.1 Example 1
  • 17.1.2 Example 2
  • 17.1.3 Example 3
• 17.2 Adding to the Abbreviation File
• 17.3 Adding Registration Questions
• 17.4 Configuring Words Used in the Authenticator Caption
• 17.5 Configuring "Enter" on the Authenticator Forgot Password Page
• 17.6 Configuring Tooltip for TextPad's "Enter" Button

18 BI Publisher Reports

• 18.1 Prerequisites
• 18.2 Installation
  • 18.2.1 Unzip oaam_bipreports_oradb.zip
  • 18.2.2 Stop the BI Publisher Server
  • 18.2.3 Copy the Oracle Adaptive Access Manager Report Files
  • 18.2.4 Copy properties.xml to the Oracle BI Publisher Server's File System
  • 18.2.5 Start the BI Publisher Server
  • 18.2.6 Configure JDBC Data Source
  • 18.2.7 Configure AdminProperties Data Source
  • 18.2.8 Test the Reports

19 Multi-Tenant Support

• 19.1 Configuring Access Control for Customer Care Uses

20 What to Do Next

• 20.1 Starting the Database and Application Server
• 20.2 Logging in to Adaptive Risk Manager Online
• 20.3 Logging in to Adaptive Risk Manager Offline
• 20.4 Logging in to Adaptive Strong Authenticator
• 20.5 Using Adaptive Access Manager

21 Troubleshooting Adaptive Risk Manager

• 21.1 Oracle Adaptive Access Manager is Slow to Respond
• 21.2 Initialization Parameters Do Not Change When Altering
• 21.3 Tables Are Not Built After Running db_setup.sql
• 21.4 Jar Command Not Found
• 21.5 Background Images Are Not Displayed in Adaptive Strong Authenticator
• 21.6 Log4j
• 21.7 SOAP Service Calls Throws Exceptions
• 21.8 Adaptive Risk Manager Online Is Not Accessible
• 21.9 Rule Execution Logs Do Not Appear In Session Details
• 21.10 Unable to Login Into Adaptive Risk Manager
• 21.11 Adaptive Risk Manager Online Is Accessible But Queries Return Database Errors
• 21.12 Adaptive Risk Manager Online Application Throws Timeout Errors
• 21.13 Unable To See All The Menus In Adaptive Risk Manager Online
• 21.14 Import Fails in Adaptive Risk Manager Deployed in WebLogic
• 21.15 Rule Conditions Import Causes weblogic.jdbc.wrapper.Clob_oracle_sql_CLOB Exception
• 21.16 Unable To Reset All User Information From Adaptive Risk Manager Online Customer Care
• 21.17 The Adaptive Risk Manager Online Sample Webapp Deployed To Latest WebSphere 6.1 Throws An Error
• 21.18 SunJCE Error
• 21.19 Adaptive Risk Manager Offline Application Server Fails with OutOfMemory Error During Data Load
• 21.20 Encounter Errors While Trying To Connect To Oracle Database
• 21.21 Operating System Becomes Unresponsive

22 Troubleshooting Adaptive Strong Authenticator

• 22.1 Server, URL, and Port Problems
• 22.2 Adaptive Strong Authenticator Key Pad Troubleshooting
• 22.3 Change Password Feature Does Not Work
• 22.4 Authorization Failure for SOAP Request by Adaptive Strong Authenticator

A Adaptive Risk Manager User Groups

• A.1 Group #1 - CSR
• A.2 Group #2 - CSR Manager
• A.3 Group #3 - CSR Investigator and Investigator
• A.4 Group #4 - Investigation Manager
• A.5 Group #5 - Rule Administrator
• A.6 Group #6 - Environment Administrator
• A.7 Group #7 - SOAP Services

B Upgrading from 10.1.4.3 to 10.1.4.5

• B.1 Upgrading the Oracle Adaptive Access Manager Application Layer
  • B.1.1 Export Existing Models
  • B.1.2 Shut Down and Clean Up Logs
  • B.1.3 Back Up the Existing Web Applications
  • B.1.4 Deploy and Configure the Web Applications
• B.2 Upgrading the Oracle Adaptive Access Manager Database Repository
  • B.2.1 Part A - Upgrading the Oracle Database Repository
    • B.2.1.1 Step 1 Stop the Application Servers
    • B.2.1.2 Step 2 Back Up Database Repository
    • B.2.1.3 Step 3 Run the Setup Scripts
    • B.2.1.4 Step 4 Migrate Character Set (Optional)
  • B.2.2 Part B - Upgrading the SQL Server Database Repository
    • B.2.2.1 Step 1 Stop Servers
    • B.2.2.2 Step 2 Back Up Database Repository
    • B.2.2.3 Step 3 Run the Setup Scripts
• B.3 Validating the Upgrade Process
• B.4 Upgrading Rule Templates and Pre-Existing Models
• B.5 Backing Out or Rolling Back the Upgrade Process

C Upgrading from 3.5 to 10.1.4.3

• C.1 Upgrading the Oracle Adaptive Access Manager Application Layer
  • C.1.1 Shut Down and Clean Up Logs
  • C.1.2 Back Up the Existing Web Applications
  • C.1.3 Deploy and Configure the Web Applications
• C.2 Upgrading the Oracle Adaptive Access Manager Database Repository
  • C.2.1 Upgrading the Oracle Database Repository
    • C.2.1.1 Backing Up the Oracle Adaptive Access Manager Repository
    • C.2.1.2 Running the Set Up Scripts
    • C.2.1.3 Setup Scripts
  • C.2.2 Upgrading the SQL Server Database Repository
    • C.2.2.1 Backing Up the Oracle Adaptive Access Manager Repository
    • C.2.2.2 Running the Setup Scripts
    • C.2.2.3 Setup Script Reference
• C.3 Validating the Upgrade Process
• C.4 Backing Out or Rolling Back the Upgrade Process

D Encryption Reference

• D.1 Encryption Scheme Definition
• D.2 How the Schemes are Used
• D.3 Example of Defining a New Encryption Scheme and Using It
• D.4 Creating a Keystore
• D.5 Secret Key

E Archive and Purge

• E.1 Overview
  • E.1.1 Purge Process
  • E.1.2 Archive Process
  • E.1.3 Archive and Purge Data Classification
    • E.1.3.1 Device Fingerprinting
    • E.1.3.2 Transaction In-Session Based Data
    • E.1.3.3 Auto-learning Profile Data
    • E.1.3.4 Rule Log Data
• E.2 Archive and Purge
  • E.2.1 Setting Up for Archive and Purge
    • E.2.1.1 Setting Up for Archive and Purge for the Oracle Database
    • E.2.1.2 Setting Up for Archive and Purge for the SQL Server Database
  • E.2.2 Performing Archive and Purge
    • E.2.2.1 Oracle Databases
    • E.2.2.2 SQL Server Database
• E.3 Validating Archive and Purge
• E.4 Restoring Archived Data
• E.5 List of Tables and the Corresponding Archived Tables
  • E.5.1 Device Fingerprint Tables and Corresponding Archived Tables
  • E.5.2 Auto-learning Transactional Tables and Corresponding Archive Tables
  • E.5.3 Transaction Tables and Corresponding Archived Tables
  • E.5.4 Rule Logs Tables and Corresponding Archived Tables
• E.6 Scripts to Set Up Archive and Purge
  • E.6.1 Scripts for the Oracle Database
    • E.6.1.1 create_purge_proc.sql
  • E.6.2 Scripts for the SQL Server Database
    • E.6.2.1 cr_vcrypt_purge_tables.sql
    • E.6.2.2 cr_sp_arch_purge_tracker_data.sql
    • E.6.2.3 cr_sp_arch_purge_txn_logs.sql
    • E.6.2.4 cr_sp_arch_purge_workflow_data.sql
    • E.6.2.5 cr_sp_arch_purge_profile_data.sql
    • E.6.2.6 cr_sp_arch_purge_rules_log.sql
• E.7 Scripts to Execute Archive and Purge
  • E.7.1 exec_sp_purge_tracker_data.sql
  • E.7.2 exec_sp_purge_txn_log.sql
  • E.7.3 exec_sp_purge_workflow_data.sql
  • E.7.4 exec_sp_purge_profile_data.sql
  • E.7.5 exec_sp_purge_rule_log.sql
• E.8 Purging Guidelines
  • E.8.1 When to Perform Archive and Purge
  • E.8.2 Minimum Data Retention Policy
    • E.8.2.1 Device Fingerprinting Data
    • E.8.2.2 In-session Transactional Tables
    • E.8.2.3 Auto-learning and Workflow Tables
    • E.8.2.4 Rule Log Data
  • E.8.3 Special Requirements
  • E.8.4 Purging Validation

F Rule Logging

• F.1 Configuration Controls
• F.2 Scenario
  • F.2.1 How It Works
  • F.2.2 Cases
  • F.2.3 Main Point of Scenario
• F.3 How to Control What Rules Are Logged:
• F.4 Examples

G 10.1.4.3 vs. 10.1.4.5 Features

Index