Oracle® Adaptive Access Manager Administrator's Guide Release 10g (10.1.4.5) Part Number E12055-03 |
|
|
View PDF |
Oracle Adaptive Access Manager provides Configurable Actions, a feature which allows users to create new supplementary actions that are triggered based on the result action and/or based on the risk scoring after a Runtime execution.
This chapter provides an overview on configuring a Configurable Action and instructions on how to define, view, edit, and delete a Configurable Action, and on how to associate Configurable Actions to a Runtime.
To use the Configurable Actions feature, ensure that the dynamicactions.enabled property is set to true.
Configuration of Configurable Actions involves the following tasks:
Determining what Configurable Actions have to be added to which Runtime and the pre-conditions for executing those Configurable Actions.
An example of a Configurable Action is when an email is sent to a user whenever a Runtime execution returns "block" as an action in the result. In this case, "Send Email" is the Configurable Action and "block" is the pre-condition. Similarly, there could be Configurable Actions that can be based on a "risk score" as the pre-condition.
Making sure the Configurable Action definitions are configured in the Adaptive Risk Manager database.
A user can see the list of available Configurable Actions before adding a new one. The Configurable Action definition would have been added into the database when the user created the definition using the "Define New Action Template" screen.
Developing and deploying custom Configurable Actions if the existing Configurable Actions are not sufficient. See the Oracle Adaptive Access Manager Developer's Guide for details on developing a Configurable Action.
Although some Configurable Actions are provided with the product, you may have to develop custom Configurable Actions for your particular requirements.
Using Adaptive Risk Manager to associate the Configurable Actions to the Runtime.
On the Admin menu, point to Configurable Actions, click Action Templates, and choose Action Templates.
In the Action Name field, enter a name for the action.
In the Java Class Name field, enter the fully qualified classpath of the Configurable Action.
You will have created the Java Class during the creation of the Configurable Action. For information on creating a Configurable Action, refer to the Oracle Adaptive Access Manager Developer's Guide.
An example of a Java Class is com.bharosa.vcrypt.tracker.dynamicactions.EmailAction.
Click Load Parameters.
Oracle Adaptive Risk Manager obtains the list of parameters and displays the names, labels, types, and values.
Examples of parameters are shown in the table below.
Name | Label | Type | Value |
---|---|---|---|
Recipient Email Address | To: | String | <value> |
Sender Name | Name: | String | <value> |
Sender Email Address | From: | String | <value> |
Reply-to Email Address | Reply-to: | String | <value> |
Mail Subject | Subject: | String | <value> |
Mail Body | Subject: | String | <value> |
Enter values for the parameters.
In the Description field, enter a description of the action.
In the Notes field, enter any notes you want.
Click Save.
To add a Configurable Action to a Runtime:
From the Configurable Action item of the Admin menu, select Configured Actions, and then Create Action Instances to associate Configurable Actions to the Runtime.
Choose the Runtime to associate the Configurable Actions to.
Click Load Actions.
Choose the required Configurable Action from the list.
Choose the execution type: "Synchronous" or "Asynchronous."
Synchronous actions are executed in the order of their priority in the ascending order. For example, if the user wants to create an agent case and then send an email with the case ID, he would choose synchronous actions. Synchronous actions will trigger/execute immediately.
Synchronous actions can also be used to pass/share data across the configurable actions. This is useful when developing custom configurable actions. Please refer to "Configurable Actions" in the Oracle Adaptive Access Manager Developer's Guide for details.
Asynchronous actions are queued for execution and will be executed based on their priority but not in any particular sequence. For example, if the user wants to send an email or perform some action and does not care about executing it immediately and is not interested in any order of execution, he would choose asynchronous actions.
Enter values for all the parameters related to the action.
Enter the values for the pre-conditions.
A pre-condition could be either a score or an action or both. These will be compared against the values returned by the Rule Engine for the selected Runtime while defining configurable action. For example, the pre-condition may be that if the Rules Engine returns "Allow" as the action, the Configurable Action will be executed. Another example would be, if the Rules Engine returns a score between "x" and "y," the Configurable Action will be executed.
Typical actions returned by the Rules Engine are "Allow," "Block," "PasswordTextpad," and others.
A typical score returned by the Rules Engine is a numeric value between 0 and 1000.
Add any other required Configurable Actions to the Runtime by repeating steps 4 to 7.
Administrators can specify one or more Configurable Actions for a Runtime.
Save the changes.
From the Configurable Action item of the Admin menu, select Configured Actions, and then List Action Instances to see the list of Configurable Actions available.
Select a Runtime to see all the Configurable Actions for that Runtime or select All to see all Configurable Actions for the Runtimes.
View details of the Configurable Action you want and make sure the parameters are properly defined and that the Java class is valid.
To delete an action:
On the Admin menu, point to Configurable Action, click Action Templates, and then Action Templates.
Click an existing action definition.
Click Delete.
If an action is associated with a Runtime, you will not be able to delete it.
The following configurable actions are available out of the box:
CaseCreationAction - Can be used to create a case
EmailAction - Can be used to send an email
Before these configurable actions can be configured for Runtimes, the definitions of these should be added.
Note:
To use system provided configurable actions, you must import the configurable action definition from the oaam_init directory.Log in as a Rule Administrator.
On the Admin menu, point to Configurable Actions, click Action Templates, and choose Action Templates.
In the Action Name field, enter a name for CaseCreationAction.
Enter the java class name as
com.bharosa.vcrypt.tracker.dynamicactions.impl.CaseCreationAction
In the Description field, enter a description for CaseCreationAction.
In the Notes field, enter any notes you want.
Click Load Parameters.
For the "Case Type" parameter, enter 1 for "CSR Case", 2 for "Agent Case".
For the "Severity" parameter, enter 1 for "Low", 2 for "Medium", 3 for "High."
Enter a value for the "Case Description" that should be set while creating the case.
Enter the userId for "Case Creator UserId". Make sure that userId has a proper role and access permissions for creating the case.
Make sure the java mail library related jars are in the WEB-INF\lib directory of the Adaptive Risk Manager application.
Make sure the following properties are properly set in the Adaptive Risk Manager application.
mail.smtp.host > SMTP Host Address
mail.smtp.user > SMTP UserId
mail.smtp.password > SMTP password
mail.smtp.auth > true if SMTP server requires authentication, false otherwise
Log in as a Rule Administrator.
On the Admin menu, point to Configurable Actions, click Action Templates, and choose Action Templates.
Enter the action name for EmailAction.
Enter the java class name as
com.bharosa.vcrypt.tracker.dynamicactions.impl.EmailAction
In the Description field, enter a description for EmailAction.
In the Notes field, enter any notes you want.
Click Load Parameters.
Enter appropriate values for the parameters:
Recipient Email Address
Sender Name
Sender Email Address
Reply-to Email Address
Mail Subject
Mail Body
To define "Add Item" to List Action:
Log in as a Rule Administrator.
On the Admin menu, point to Configurable Actions, click Action Templates, and choose Action Templates.
In the Action Name field, enter a name for AddItem To Watch List.
Enter the java class name as com.bharosa.vcrypt.tracker.dynamicactions.impl.AddItemToWatchListAction
In the Description field, enter a description for the action.
In the Notes field, enter any notes you want.
Click Load Parameters.
For the "Item Type" parameter, enter any one of the following:
vtusers - If UserId of current session has to be added to the Watch List
devices - If DeviceId of current session has to be added to the Watch List
ips - If IP Address of current session has to be added to the Watch List
countries - If Country Id of current session has to be added to the Watch List
states - If State Id of current session has to be added to the Watch List
cities - If City Id of current session has to be added to the Watch List
userLogin - If LoginId of current session has to be added to the Watch List
For the "Watch-List Name" parameter, enter the name of the Watch List. Make sure there is a group with the same name.
For the "White-List Name" parameter, enter the name of the White List. Make sure there is a group with the same name. Action will check this list before adding an item to Watch List.
For the "Black-List Name" parameter, enter the name of the Watch List. Make sure there is a group with the same name. Action will check this list before adding an item to Watch List