| Oracle® Adaptive Access Manager Administrator's Guide Release 10g (10.1.4.5) Part Number E12055-03 |
|
|
View PDF |
| Oracle® Adaptive Access Manager Administrator's Guide Release 10g (10.1.4.5) Part Number E12055-03 |
|
|
View PDF |
A Runtime is a specified point in a session when Adaptive Access Manager collects and evaluates security data using the rules engine.
New Runtimes can be added and existing Runtime properties can be modified using Enumerations Editor Interface.
This chapter describes how to create and configure a new Runtime and how to modify an existing Runtime.
To create a new Runtime, follow the instructions below.
Log in to Adaptive Risk Manager as a system administrator.
Enter "profile.type.enum" in the Enumeration field to search for the available Runtimes.
The available Runtimes are shown in the Element box.
Click the Add New button located under the Element box.
An Add Element box appears.
Enter a value for the Runtime ID.
The ID value must be a unique identifier for the Runtime. For example, "cancelOrder."
Enter a value for the Runtime.
The value must unique number. Make sure no other Runtime uses the identifier. This ID is like a primary key in database terminology. For example, "1001."
Enter a name for the Runtime.
The name must be user-presentable and meaningful. The name will be used in Adaptive Risk Manager Online. For example, "Cancel Order."
Enter a description for the Runtime.
Click Create.
If the Runtime creation is successful, add the appropriate properties by clicking the Add New button under the Properties box.
The required properties are:
finalactionrule=process_results.rule
The "finalactionrule" property specifies the Rule file that decides the final action. When the Rules Engine processes the policies for the Runtime, it determines the score and a list of actions. The rule file is consulted to see what action should be given as final action. If you are not sure, set the value as in the other Runtimes.The out-of-the-box "process_results.rule" file is sufficient for most actions.
listTypes= vtusers
Always set listTypes to "vtusers."
The models can be linked to only usergroups.
ruleTypes= user,device,location,in_session
The "ruleTypes" property defines the list of rule types supported during the Runtime. Depending on the context of the Runtime, possible values are "user," "device," "location," and "in_session." Use commas to separate multiple values. All Rules of the comma separated types can be used in this Runtime.
For example if ruleTypes is set to "user,location," the Rules of the type "user" and "location" can be used in this Runtime, and the user and location information will be available for this Runtime.
Another example, for the "Cancel Order" Runtime, if "user,device,location" are specified for ruleTypes, the "user" Rule type expects that the user information will be available during the "Cancel Order" Runtime. If the user information is not available at the time of the "Cancel Order" Runtime, "user" should not be included in the list.
Other properties you may add are:
isPreAuth
True indicates that this Runtime is a pre-authentication Runtime. Adaptive Risk Manager will update the user details with the pre-auth score and pre-auth action. The default for isPreAuth is "false." Note that there cannot be two Runtimes with this flag set to "true." Also the same Runtime cannot be marked as postAuth and preAuth.
isPostAuth
True indicates that this Runtime is a post-authentication Runtime. Adaptive Risk Manager will update the user details with the post-auth score and post-auth action. The default for isPostAuth is "false." Note that there cannot be two Runtimes with this flag set to "true." Also the same Runtime cannot be marked as postAuth and preAuth.
Restart the server.
To modify properties of a Runtime, follow the instructions below:
Log in to Adaptive Risk Manager as a system administrator.
Enter "profile.type.enum" in the Enumeration field to search for the available Runtimes.
The available Runtimes are shown in the Element box.
Choose the Runtime you want to edit from the Element box.
Choose the Property you want to edit from the Properties box.
Change the value in the Property Details box.
Restart the server.
The procedure for creating the "addressChange" Runtime is provided below.
Log in to Adaptive Risk Manager as a system administrator.
Enter "profile.type.enum" in the Enumeration field to search for the available Runtimes.
The available Runtimes are shown in the Element box.
Click the Add New button located under the Element box.
An Add Element box appears.
Enter "addressChange" for the Runtime ID.
Enter "88" for the Runtime value.
Enter "Address Change" for the Runtime name.
Enter "Address Change Runtime" for the Runtime description.
Click Create.
Select "profile.type.enum.addressChange" in the Element box.
For finalactionrule, enter "process_results.rule" and click Save.
The Final Action for a given Runtime during rules evaluation is determined by this rule file. File process_results.rule is supplied out-of-the-box and no additional steps are required.
For isPreAuth, enter "true" and click Save.
For listType, enter "vtusers" and click Save.
For ruleType, "enter user,device,location" and click Save.
Restart the server.
The enumeration for the Address Change Runtime is shown below for your reference.
profile.type.enum.addressChange=88 profile.type.enum.addressChange.name=Address Change profile.type.enum.addressChange.description=Address Change Runtime profile.type.enum.addressChange.ruleTypes=user,device,location profile.type.enum.addressChange.listTypes=vtusers profile.type.enum.addressChange.finalactionrule=process_results.rule profile.type.enum.addressChange.isPreAuth=true
|
 Copyright © 2008, 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
