Oracle® Adaptive Access Manager Developer's Guide Release 10g (10.1.4.5) Part Number E12052-03 |
|
|
View PDF |
Adaptive Strong Authenticator provides end users a secure method to enter sensitive credentials online. Adaptive Strong Authenticator is comprised of multiple secure interfaces. There are many security technologies employed in the Adaptive Strong Authenticator user interfaces.
Each Adaptive Strong Authenticator interface is a Virtual Authentication Device (VAD). Each VAD has its own unique set of security features that make it much more than a mere image on a web page.
Details on the Authenticator properties are provided in this chapter for your reference only. Changes are not supported.
Authenticator uses the files listed below:
authentipad_resource.properties - contains all default Authenticator properties other than KeySets.
authentipad_keyset_enums.properties - contains default KeySet definitions used in the KeyPad and PinPad devices.
bharosa_client.properties - contains configuration properties that are not localized (translated).
client_resource_<locale>.properties - files to be created by the person customizing the application to contain locale-specific properties such as translated displayed messages. The locale identifier consists of at least a language identifier, and a region identifier (if required). For example, the custom properties file for US English is client_resource_en_US.properties.
Note:
Many of the properties related to the authenticators are in resource bundles so that they are capable of being localized. If the default value is in a "resource" file like asa_resource.properties, then the override value should be placed in the client override file for resource bundle values (client_resource_<locale>.properties).The business and security units in your organization should work together with Oracle to determine which Authenticator interfaces should be deployed to your end users. This decision should be based on finding a proper balance between usability and security. For recommendations on which Authenticator interfaces might be best for your organization please consult with your Oracle representative.
The Virtual Authentication Device concept is integral to the Authenticator component and must be preserved in all circumstances. All graphical configurations of Authenticator need to take the VAD concept into account. This document will illustrate some examples to show what may and may not be changed graphically. For the examples in this document we will use the TextPad interface.
Each of the Authenticator "Pad" interfaces (TextPad, PinPad, and so on) has a frame. The frame marks the outer boundary of the Authenticator user interface and delineates the VAD from the rest of the page. The frame must always be apparent regardless of the graphical treatment to preserve the appearance of a device. The frame may not blend into the surrounding elements of an HTML page to the point were it disappears visually. The overall size and aspect of each Pad is fixed and may not be altered. All elements of the interface must be contained within the frame. These elements include buttons, fields, personal phrase and personal image. The individual elements of the Authenticator may not have their size or position altered. A single PNG file contains the branding, frame and button images. Oracle can develop a custom frame for you once your requirements are finalized. All configurations of Authenticator are subject to review by Oracle to ensure proper security, usability and product identity.
The frame may be altered only in the following ways:
Colors may be altered for the outline and fill of the frame
Colors of the buttons on the frame may be altered (enter, back, and so on)
Branding may be altered
Each Authenticator interface has its own unique security features. Some of these features can be enabled or disabled by adding/editing properties. For 10.1.4.5 or later, the properties will need to be added to the client_resource_<locale>.properties file. For versions earlier than 10.1.4.5, the property will need to be added to the bharosa_client.properties file.
TextPad is a personalized device for entering passwords or PIN using a regular keyboard. An example TextPad is shown below.
This section provides information on the visual elements of TextPad.
Phrase (Caption)
bharosa.authentipad.textpad.caption.personalize = true bharosa.authentipad.textpad.caption.x = 14 bharosa.authentipad.textpad.caption.y = 203 bharosa.authentipad.textpad.caption.frame = false bharosa.authentipad.textpad.caption.wrap = false bharosa.authentipad.textpad.caption.width = 130 bharosa.authentipad.textpad.caption.height = 16 bharosa.authentipad.textpad.caption.font.name = Arial bharosa.authentipad.textpad.caption.font.color = 000000 bharosa.authentipad.textpad.caption.font.type= 0 bharosa.authentipad.textpad.caption.font.size = 9
Timestamp
bharosa.authentipad.textpad.timestamp.x = 25 bharosa.authentipad.textpad.timestamp.y = 165 bharosa.authentipad.textpad.timestamp.width = 132 bharosa.authentipad.textpad.timestamp.height = 16 bharosa.authentipad.textpad.timestamp.frame = false bharosa.authentipad.textpad.timestamp.wrap = false bharosa.authentipad.textpad.timestamp.font.name = Arial bharosa.authentipad.textpad.timestamp.font.color = ffffff bharosa.authentipad.textpad.timestamp.font.type= 0 bharosa.authentipad.textpad.timestamp.font.size = 9
Enter Key Hotspot
bharosa.authentipad.textpad.enterkey.x=98 bharosa.authentipad.textpad.enterkey.y=181 bharosa.authentipad.textpad.enterkey.width=45 bharosa.authentipad.textpad.enterkey.height=19 bharosa.authentipad.textpad.enterkey.label=enter bharosa.authentipad.textpad.enterkey.enable=true
bharosa.authentipad.textpad.datafield.maxLength=25
bharosa.authentipad.textpad.background.file=textpad_bg/UIO_BG.jpg
The property to customize the font size for TextPad on an iPhone is shown below:
bharosa.authentipad.textpad.datafield.font.size=12
For 10.1.4.5 or later, the property will need to be added to the client_resource_<locale>.properties file. For versions earlier than 10.1.4.5, the property will need to be added to the bharosa_client.properties file.
QuestionPad is a personalized device for entering answers to challenge questions using a regular keyboard. An example QuestionPad is shown below.
This section provides information on the visual elements of QuestionPad.
Note:
In 10.1.4.5 and above, the QuestionPad is a single line field.Phrase (Caption)
bharosa.authentipad.questionpad.caption.personalize = true bharosa.authentipad.questionpad.caption.x = 14 bharosa.authentipad.questionpad.caption.y = 203 bharosa.authentipad.questionpad.caption.frame = false bharosa.authentipad.questionpad.caption.wrap = false bharosa.authentipad.questionpad.caption.width = 130 bharosa.authentipad.questionpad.caption.height = 16 bharosa.authentipad.questionpad.caption.font.name = Arial bharosa.authentipad.questionpad.caption.font.color = 000000 bharosa.authentipad.questionpad.caption.font.type= 0 bharosa.authentipad.questionpad.caption.font.size = 9
Timestamp
bharosa.authentipad.questionpad.timestamp.x = 25 bharosa.authentipad.questionpad.timestamp.y = 165 bharosa.authentipad.questionpad.timestamp.width = 132 bharosa.authentipad.questionpad.timestamp.height = 16 bharosa.authentipad.questionpad.timestamp.frame = false bharosa.authentipad.questionpad.timestamp.wrap = false bharosa.authentipad.questionpad.timestamp.font.name = Arial bharosa.authentipad.questionpad.timestamp.font.color = ffffff bharosa.authentipad.questionpad.timestamp.font.type= 0 bharosa.authentipad.questionpad.timestamp.font.size = 9
Question Text
bharosa.authentipad.questionpad.question.x = 9 bharosa.authentipad.questionpad.question.y = 32 bharosa.authentipad.questionpad.question.width = 132 bharosa.authentipad.questionpad.question.height = 62 bharosa.authentipad.questionpad.question.frame = false bharosa.authentipad.questionpad.question.wrap = true bharosa.authentipad.questionpad.question.font.name = Arial bharosa.authentipad.questionpad.question.font.color = 000000 bharosa.authentipad.questionpad.question.font.type= 0 bharosa.authentipad.questionpad.question.font.size = 9
Enter Key Hotspot
bharosa.authentipad.questionpad.enterkey.x=98 bharosa.authentipad.questionpad.enterkey.y=181 bharosa.authentipad.questionpad.enterkey.width=45 bharosa.authentipad.questionpad.enterkey.height=19 bharosa.authentipad.questionpad.enterkey.label=enter bharosa.authentipad.questionpad.enterkey.enable=true
Visible Text Input or Password (Non-Visible) Input Setting
The following resource bundle property (client_resource_<locale>.properties) in 10.1.4.5 and above determines whether the QuestionPad is set for visible text input or password (non-visible) input.
bharosa.authentipad.questionpad.datafield.input.type
Valid values are text and password.
The property to customize the font size for QuestionPad on an iPhone is shown below:
bharosa.authentipad.questionpad.datafield.font.size=12
For 10.1.4.5 or later, the property will need to be added to the c client_resource_<locale>.properties file. For versions earlier than 10.1.4.5, the property will need to be added to the bharosa_client.properties file.
KeyPad is a personalized graphics keyboard, which can be used to enter alphanumeric and special character that can be enter using a traditional keyboard. An example KeyPad is shown below.
This section provides information on the visual elements of KeyPad.
bharosa.authentipad.keypad.caption.personalize = true bharosa.authentipad.keypad.caption.x = 240 bharosa.authentipad.keypad.caption.y = 206 bharosa.authentipad.keypad.caption.frame = false bharosa.authentipad.keypad.caption.wrap = false bharosa.authentipad.keypad.caption.width = 130 bharosa.authentipad.keypad.caption.height = 16 bharosa.authentipad.keypad.caption.font.name = Arial bharosa.authentipad.keypad.caption.font.color = 000000 bharosa.authentipad.keypad.caption.font.type= 0 bharosa.authentipad.keypad.caption.font.size = 9 bharosa.authentipad.full.caption.font.color = 000000
Timestamp
bharosa.authentipad.keypad.timestamp.x = 110 bharosa.authentipad.keypad.timestamp.y = 202 bharosa.authentipad.keypad.timestamp.width = 132 bharosa.authentipad.keypad.timestamp.height = 16 bharosa.authentipad.keypad.timestamp.frame = false bharosa.authentipad.keypad.timestamp.wrap = false bharosa.authentipad.keypad.timestamp.font.name = Arial bharosa.authentipad.keypad.timestamp.font.color = ffffff bharosa.authentipad.keypad.timestamp.font.type= 0 bharosa.authentipad.keypad.timestamp.font.size = 9 bharosa.authentipad.full.timestamp.font.color = ffffff
Enter Key Hotspot
bharosa.authentipad.keypad.enterkey.x=292 bharosa.authentipad.keypad.enterkey.y=8 bharosa.authentipad.keypad.enterkey.width=50 bharosa.authentipad.keypad.enterkey.height=20 bharosa.authentipad.keypad.enterkey.label=enter bharosa.authentipad.keypad.enterkey.enable=true
Backspace Key Hotspot
bharosa.authentipad.keypad.backspace.x=164 bharosa.authentipad.keypad.backspace.y=8 bharosa.authentipad.keypad.backspace.width=20 bharosa.authentipad.keypad.backspace.height=20 bharosa.authentipad.keypad.backspace.enable=true
Caps States
bharosa.authentipad.keypad.capslock.x=188 bharosa.authentipad.keypad.capslock.y=0 bharosa.authentipad.keypad.capslock.width=43 bharosa.authentipad.keypad.capslock.height=29 bharosa.authentipad.keypad.capslock.capsonimg=kp_v2_all_caps.jpg bharosa.authentipad.keypad.capslock.capsshiftimg=kp_v2_first_caps.jpg
bharosa.authentipad.full.datafield.maxLength=8
bharosa.authentipad.full.encrypt.jitter=true
bharosa.authentipad.full.keyWidthJitter=0 bharosa.authentipad.full.keyHeightJitter=0
Scramble
bharosa.authentipad.full.randomizeKeys=false
bharosa.authentipad.full.skins.dirlist=alphapad_skins/square
Default Background
bharosa.authentipad.full.background.file=alphapad_bg/UIO_BG.jpg
PinPad is a lightweight authentication device for entering a numeric PIN. An example PinPad is shown below.
This section provides information on the visual elements of PinPad.
Phrase (Caption)
bharosa.authentipad.pinpad.caption.personalize = true bharosa.authentipad.pinpad.caption.x = 5 bharosa.authentipad.pinpad.caption.y = 206 bharosa.authentipad.pinpad.caption.frame = false bharosa.authentipad.pinpad.caption.wrap = false bharosa.authentipad.pinpad.caption.width = 130 bharosa.authentipad.pinpad.caption.height = 16 bharosa.authentipad.pinpad.caption.font.name = Arial bharosa.authentipad.pinpad.caption.font.color = 000000 bharosa.authentipad.pinpad.caption.font.type= 0 bharosa.authentipad.pinpad.caption.font.size = 9 bharosa.authentipad.numeric.caption.font.color = 000000
Timestamp
bharosa.authentipad.pinpad.timestamp.x = 15 bharosa.authentipad.pinpad.timestamp.y = 165 bharosa.authentipad.pinpad.timestamp.width = 132 bharosa.authentipad.pinpad.timestamp.height = 16 bharosa.authentipad.pinpad.timestamp.frame = false bharosa.authentipad.pinpad.timestamp.wrap = false bharosa.authentipad.pinpad.timestamp.font.name = Arial bharosa.authentipad.pinpad.timestamp.font.color = ffffff bharosa.authentipad.pinpad.timestamp.font.type= 0 bharosa.authentipad.pinpad.timestamp.font.size = 9 bharosa.authentipad.numeric.timestamp.font.color = ffffff
Enter Key Hotspot
bharosa.authentipad.pinpad.enterkey.x=78 bharosa.authentipad.pinpad.enterkey.y=182 bharosa.authentipad.pinpad.enterkey.width=49 bharosa.authentipad.pinpad.enterkey.height=20 bharosa.authentipad.pinpad.enterkey.label=enter bharosa.authentipad.pinpad.enterkey.enable=true
Backspace Key Hotspot
bharosa.authentipad.pinpad.backspace.x=86 bharosa.authentipad.pinpad.backspace.y=8 bharosa.authentipad.pinpad.backspace.width=20 bharosa.authentipad.pinpad.backspace.height=20 bharosa.authentipad.pinpad.backspace.label=< bharosa.authentipad.pinpad.backspace.enable=true
bharosa.authentipad.numeric.datafield.maxLength=8
bharosa.authentipad.numeric.encrypt.jitter =true
bharosa.authentipad.numeric.keyWidthJitter=50 bharosa.authentipad.numeric.keyHeightJitter=15
bharosa.authentipad.numeric.randomizeKeys=false
bharosa.authentipad.numeric.skins.dirlist=pinpad_skins/square,pinpad_skins/oval,pinpad_skins/hexa
bharosa.authentipad.numeric.background.file=pinpad_bg/UIO_BG.jpg
Each Authenticator interface has its own specifications.
Interface | Phrase Max | Question Max | Field Max | Size (pixels) |
---|---|---|---|---|
TextPad | 21 | NA | 21 (visible) | 148 X 223 |
KeyPad | 21 | NA | 18 (visible) | 368 X 223 |
PinPad | 21 | NA | 8 (visible) | 128 X 223 |
QuestionPad | 21 | 55 | 33 (visible) | 148 X 223 |
End users who access using assistive techniques will need to use the accessible versions of the virtual authentication devices. Accessible versions of the TextPad, QuestionPad, KeyPad and PinPad are not enabled by default. If accessible versions will be needed in a deployment, they can be enabled via properties.
To enable these versions, set the "is ADA compliant" flag to true.
For native integration the property to control the pads is desertref.authentipad.isADACompliant.
The accessible versions of the pads contain tabbing, directions and alt text necessary for navigation via screen reader and other assistive technologies.
A KeySet is the configuration that defines what character keys are present on the authenticator. KeySets are used by the KeyPad and PinPad authenticators.
KeySets are defined by a series user defined enums.
User-defined enums are a collection of properties that represent a list of items. Each element in the list may contain several different attributes. The definition of a user-defined enum begins with a property ending in the keyword ".enum" and has a value describing the use of the user-defined enum. Each element definition then starts with the same property name as the enum, and adds on an element name and has a value of a unique integer as an ID. The attributes of the element follow the same pattern, beginning with the property name of the element, followed by the attribute name, with the appropriate value for that attribute.
The following is an example of an enum defining credentials displayed on the login screen of an Adaptive Strong Authenticator implementation:
bharosa.uio.default.credentials.enum = Enum for Login Credentials bharosa.uio.default.credentials.enum.companyid=0 bharosa.uio.default.credentials.enum.companyid.name=CompanyID bharosa.uio.default.credentials.enum.companyid.description=Company ID bharosa.uio.default.credentials.enum.companyid.inputname=comapanyid bharosa.uio.default.credentials.enum.companyid.maxlength=24 bharosa.uio.default.credentials.enum.companyid.order=0 bharosa.uio.default.credentials.enum.username=1 bharosa.uio.default.credentials.enum.username.name=Username bharosa.uio.default.credentials.enum.username.description=Username bharosa.uio.default.credentials.enum.username.inputname=userid bharosa.uio.default.credentials.enum.username.maxlength=18 bharosa.uio.default.credentials.enum.username.order=1
This set of properties defines one user-defined enum that contains two elements, each of which with five attributes. The "name" and "description" attributes are required to define any user-defined enum, other attributes are defined and used as needed by each individual use of a user-defined enum.
The first enum defines the rows of the KeySet and points to an another enum describing the keys present in that row.
For example, the following enum defines the rows of keys in a PinPad:
bharosa.authentipad.pinpad.default.keyset.enum=Default PinPad Keyset Enum bharosa.authentipad.pinpad.default.keyset.enum.row1=0 bharosa.authentipad.pinpad.default.keyset.enum.row1.name=Default PinPad Keyset Row 1 bharosa.authentipad.pinpad.default.keyset.enum.row1.description=Default PinPad Keyset Row 1 bharosa.authentipad.pinpad.default.keyset.enum.row1.keys=bharosa.authentipad.pinpad.default.keyset.row1.enum bharosa.authentipad.pinpad.default.keyset.enum.row1.order=1 bharosa.authentipad.pinpad.default.keyset.enum.row2=1 bharosa.authentipad.pinpad.default.keyset.enum.row2.name=Default PinPad Keyset Row 2 bharosa.authentipad.pinpad.default.keyset.enum.row2.description=Default PinPad Keyset Row 2 bharosa.authentipad.pinpad.default.keyset.enum.row2.keys=bharosa.authentipad.pinpad.default.keyset.row2.enum bharosa.authentipad.pinpad.default.keyset.enum.row2.order=2 bharosa.authentipad.pinpad.default.keyset.enum.row3=2 bharosa.authentipad.pinpad.default.keyset.enum.row3.name=Default PinPad Keyset Row 3 bharosa.authentipad.pinpad.default.keyset.enum.row3.description=Default PinPad Keyset Row 3 bharosa.authentipad.pinpad.default.keyset.enum.row3.keys=bharosa.authentipad.pinpad.default.keyset.row3.enum bharosa.authentipad.pinpad.default.keyset.enum.row3.order=3 bharosa.authentipad.pinpad.default.keyset.enum.row4=3 bharosa.authentipad.pinpad.default.keyset.enum.row4.name=Default PinPad Keyset Row 4 bharosa.authentipad.pinpad.default.keyset.enum.row4.description=Default PinPad Keyset Row 4 bharosa.authentipad.pinpad.default.keyset.enum.row4.keys=bharosa.authentipad.pinpad.default.keyset.row4.enum bharosa.authentipad.pinpad.default.keyset.enum.row4.order=4
Each row is made of the following properties:
Table 7-1 Properties of Rows
Property | Description |
---|---|
name |
Name of the row. |
description |
Description of the row. |
keys |
Enum identifier of the enum that defines the keys in the row. |
order |
The order the key resides in the row of keys. |
In this case, the row1 enum is defined as follows:
bharosa.authentipad.pinpad.default.keyset.row1.enum=Default Pinpad Keyset Row 1 bharosa.authentipad.pinpad.default.keyset.row1.enum.key1=0 bharosa.authentipad.pinpad.default.keyset.row1.enum.key1.name=1 bharosa.authentipad.pinpad.default.keyset.row1.enum.key1.description=1 bharosa.authentipad.pinpad.default.keyset.row1.enum.key1.value=1 bharosa.authentipad.pinpad.default.keyset.row1.enum.key1.shiftvalue=1 bharosa.authentipad.pinpad.default.keyset.row1.enum.key1.image=kp_v2_1.png bharosa.authentipad.pinpad.default.keyset.row1.enum.key1.order=1 bharosa.authentipad.pinpad.default.keyset.row1.enum.key2=1 bharosa.authentipad.pinpad.default.keyset.row1.enum.key2.name=2 bharosa.authentipad.pinpad.default.keyset.row1.enum.key2.description=2 bharosa.authentipad.pinpad.default.keyset.row1.enum.key2.value=2 bharosa.authentipad.pinpad.default.keyset.row1.enum.key2.shiftvalue=2 bharosa.authentipad.pinpad.default.keyset.row1.enum.key2.image=kp_v2_2.png bharosa.authentipad.pinpad.default.keyset.row1.enum.key2.order=2 bharosa.authentipad.pinpad.default.keyset.row1.enum.key3=2 bharosa.authentipad.pinpad.default.keyset.row1.enum.key3.name=3 bharosa.authentipad.pinpad.default.keyset.row1.enum.key3.description=3 bharosa.authentipad.pinpad.default.keyset.row1.enum.key3.value=3 bharosa.authentipad.pinpad.default.keyset.row1.enum.key3.shiftvalue=3 bharosa.authentipad.pinpad.default.keyset.row1.enum.key3.image=kp_v2_3.png bharosa.authentipad.pinpad.default.keyset.row1.enum.key3.order=3
Each key is made of the following properties:
Table 7-2 Properties of Each Key
Property | Description |
---|---|
name |
Name of the key. |
description |
Description of the key. |
value |
The character value the key represents when clicked. |
shiftvalue |
The character value the key represents when in caps mode. |
image |
The image file name that will be used to display the visual representation of the key. |
order |
The order the key resides in the row of keys. |