Skip Headers
Oracle® Fusion Middleware Developer's Guide for Oracle Adaptive Access Manager
Release 11
g
(11.1.1)
E15480-02
Index
Next
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
1
Introduction to the Developer's Guide
1.1
Native Integration
1.2
Universal Installation Option Integrations
1.3
Features Integration
1.4
Customizations and Extension
1.5
Authentication and Password Management Integration
1.6
Lifecycle Management
1.7
Troubleshooting/FAQ
Part I Native Integration
2
Natively Integrating with Oracle Adaptive Access Manager
2.1
Overview
2.1.1
Using Web Services and SOAP API
2.1.2
Using Static Linking
2.2
Integration Options
2.2.1
Integrating with Virtual Authentication Devices and Knowledge-Based Authentication
2.2.1.1
User Name Page (S1)
2.2.1.2
Device Fingerprint Flow (F2)
2.2.1.3
Running Pre-Authentication Rules (R1)
2.2.1.4
Running Virtual Authentication Device Rules (R2)
2.2.1.5
Generating a Generic TextPad (P2)
2.2.1.6
Generating a Personalized TextPad or KeyPad (P3)
2.2.1.7
Displaying TextPad and KeyPad (S4 and S5)
2.2.1.8
Decoding Virtual Authentication Device Input (P4)
2.2.1.9
Validate User and Password (CP1)
2.2.1.10
Update Authentication Status (P5)
2.2.1.11
Password Status (C1)
2.2.1.12
Post-Authentication Rules (R3)
2.2.1.13
Check Question Registration for User (C2)
2.2.1.14
Registration Required Rules (R4)
2.2.1.15
Challenging the User with QuestionPad (S6)
2.2.1.16
Checking Answers to Challenge Questions (C3)
2.2.1.17
Run Challenge Rules (R5)
2.2.1.18
Lock Out Page (S2)
2.2.1.19
Landing or Splash Page (S3)
2.2.2
Integrating with Knowledge-Based Authentication
3
Integrating Native .NET Applications
3.1
Overview
3.2
Installing Oracle Adaptive Access Manager .NET SDK
3.3
Application Configuration
3.4
Properties
3.5
User-Defined Enumerations
3.6
User Details
3.7
User Logins and Transactions
3.8
Rules Engine
3.8.1
Device ID
3.8.2
Creating and Updating Bulk Transactions
3.9
Validating a User with Challenge Questions
3.10
Resetting Challenge Failure Counters
3.11
Virtual Authentication Devices
3.11.1
Creating a Virtual Authentication Device
3.11.2
Embedding a Virtual Authentication Device in a Web Page
3.11.3
Validating User Input with a Virtual Authentication Device
3.12
Specifying Credentials to the Oracle Adaptive Access Manager SOAP Server
3.13
Encrypting Property Values
3.14
Tracing Messages
3.15
ASP.NET Sample Applications
3.15.1
SampleWebApp
3.15.2
SampleWebAppWithTracker
3.15.3
SampleWebAppWithAuthTracker
3.15.4
SampleWebAppWithKBATracker
4
Integrating Native Java Applications
4.1
About the Oracle Adaptive Access Manager Shared Library
4.1.1
Using Oracle Adaptive Access Manager Shared Library in Applications
4.1.2
Customizing/Extending/Overriding Oracle Adaptive Access Manager Properties
4.2
About VCryptResponse
4.3
Oracle Adaptive Access Manager APIs
4.3.1
handleTrackerRequest
4.3.2
createTransaction
4.3.3
updateTransaction
4.3.4
handleTransactionLog
4.3.5
updateTransactionStatus
4.3.6
updateLog
4.3.7
getUserByLoginId
4.3.8
updateAuthStatus
4.3.9
processPatternAnalysis
4.3.10
markDeviceSafe
4.3.11
IsDeviceMarkedSafe
4.3.12
clearSafeDeviceList
4.4
Rules Engine
4.4.1
processRules
4.5
Customer Care
4.5.1
getFinalAuthStatus
4.5.2
setTemporaryAllow
4.5.3
cancelAllTemporaryAllows
4.5.4
resetUser
4.5.5
getRulesData
4.5.6
getActionCount
Part II Universal Installation Option and Related Integrations
5
Oracle Adaptive Access Manager Proxy
5.1
Introduction
5.1.1
Important Terms
5.1.2
Architecture
5.1.3
References
5.2
Installing Oracle Adaptive Access Manager Proxy for Microsoft ISA
5.2.1
Proxy Web Publishing Configuration
5.2.1.1
Web Listener Creation
5.2.1.2
Web Publishing Rule Creation
5.2.2
Registering the Oracle Adaptive Access Manager Proxy for Microsoft ISA DLL
5.2.3
Settings to Control the Proxy
5.2.3.1
Configuration files
5.2.3.2
Configuration Reload
5.2.3.3
Session ID Cookie
5.2.3.4
Configuring Session Id Cookie attributes via Global Variables
5.2.3.5
Session Inactive Interval
5.2.3.6
Settings for Troubleshooting
5.3
Installing Oracle Adaptive Access Manager Proxy for Apache
5.3.1
Proxy Files for Windows and Linux
5.3.1.1
Windows
5.3.1.2
Linux
5.3.2
Apache httpd Requirements
5.3.2.1
Windows
5.3.2.2
Linux
5.3.3
Copying the Oracle Adaptive Access Manager Proxy for Apache and Supported Files to Apache
5.3.3.1
Windows
5.3.3.2
Linux
5.3.4
Configuring Memcache (for Linux only)
5.3.5
Configuring httpd.conf
5.3.5.1
Basic Configuration without SSL
5.3.5.2
Configuration with SSL
5.3.6
Modifying the Oracle Adaptive Access Manager Proxy for Apache Settings
5.3.6.1
UIO_Settings.xml
5.3.6.2
UIO_log4j.xml
5.3.6.3
Application configuration XMLs
5.4
Setting Up Rules and User Groups
5.5
Setting Up Policies
5.6
Configuring the Oracle Adaptive Access Manager Proxy
5.6.1
Elements of the Proxy Configuration File
5.6.1.1
Components of Interceptors
5.6.1.2
Conditions
5.6.1.3
Filters
5.6.1.4
Filter Examples - ProcessString
5.6.1.5
Filter Examples - FormatString
5.6.1.6
Actions
5.6.1.7
Variables
5.6.1.8
Application
5.6.2
Interception Process
5.6.3
Configuring Redirection to the Oracle Adaptive Access Manager Server Interface
5.7
Application Discovery
5.7.1
Application Information
5.7.2
Setting Up the Oracle Adaptive Access Manager Proxy for Microsoft ISA
5.7.3
Setting Up the Oracle Adaptive Access Manager Proxy for Apache
5.7.4
Scenarios
5.8
Samples
6
Configuring OAAM Server
6.1
Architecture
6.2
OAAM Server Settings
6.3
Determining Application ID and User Group
6.3.1
Determining the Application ID
6.3.2
Determining Default User Groups
6.4
Customizing User Interface Branding
6.4.1
Custom Header / Footer
6.4.2
Custom CSS
6.4.3
Custom Content and Messaging
6.5
Configuring Application Properties
6.5.1
Property Extension
6.5.2
User-Defined Enums
6.5.3
Overriding Existing User-Defined Enums
6.5.4
Disabling Elements
7
Virtual Authentication Device Properties
7.1
Property Files
7.2
Authentication Devices and Background Images
7.3
Display and Security Feature Properties
7.3.1
TextPad
7.3.1.1
TextPad Visual Elements
7.3.1.2
TextPad Authenticator Properties
7.3.2
QuestionPad
7.3.2.1
QuestionPad Visual Elements
7.3.2.2
QuestionPad Authenticator Properties
7.3.3
Keypad
7.3.3.1
KeyPad Visual Elements
7.3.3.2
KeyPad Authenticator Properties
7.3.4
PinPad
7.3.4.1
PinPad Visual Elements
7.3.4.2
PinPad Authenticator Properties
7.4
Accessibility
7.5
KeysSets
7.5.1
User Defined Enums Overview
7.5.2
KeySet Definition
7.6
Localization
7.6.1
Enabling Localization
7.6.2
Configuring Words Used in the Authenticator Caption
7.6.3
Localizing the KeyPad
7.6.4
Configuring Enter on the Authenticator Forgot Password Page
7.6.5
Configuring Tooltip for TextPad's Enter Button
Part III Features Integrations
8
Configurable Actions
8.1
Integration
8.2
Executing Configurable Actions in a Particular Order and Data Sharing
8.3
How to Test Configurable Actions Triggering
8.4
Sample JUnit Code
9
OTP Anywhere
9.1
OTP Integration
9.2
Implementing Challenge Processors
9.2.1
Create a Challenge Processor
9.2.2
Configure Custom Challenge Processor as Challenge Type with Required Profile Data
9.3
Configuring the Challenge Pad Used for Challenge
9.4
Configuring User Information Properties
9.4.1
Configuration Settings for Information Registration and Preferences and PIN Generation
9.4.2
Set Contact Information Inputs
9.4.3
SMS Configuration to Receive OTP via SMS
9.4.3.1
Enable Registration and Preference Setting
9.4.3.2
Set Input Information
10
Flash Fingerprinting
10.1
Device Fingerprinting
10.2
Definitions of Variables and Parameters
10.3
Option 1
10.3.1
Option 1 Flow
10.3.2
Option 1 Code Example
10.4
Option 2
10.4.1
Option 2 Flow
10.4.2
Option 2 Code Example
10.5
Option 3
10.5.1
Option 3 Flow
10.5.2
Option 3 Code Example
10.6
Common Update
11
Device Registration
Part IV Customizing Oracle Adaptive Access Manager
12
Customizing Oracle Adaptive Access Manager
12.1
Overview
12.2
Add Customizations Using Oracle Adaptive Access Manager Extensions Shared Library
Part V Authentication and Password Management Integration
13
Access and Password Management Integration
13.1
Benefits and Features of the Integration
13.2
Secure Password Collection and Management Scenarios
Part VI Lifecycle Management
14
Handling Lifecycle Management Changes
14.1
Oracle Virtual Directory (OVD) Host, Port, and SSL Enablement Changes
14.2
Oracle Identity Manager (OIM) URL Changes
14.3
Oracle Access Manager (OAM) Host and Port Changes
14.4
Oracle Internet Directory (OID) Host and Port Changes and SSL Enablement
14.5
Database Host and Port Changes
14.6
Moving Oracle Adaptive Access Manager to a New Production Environment
14.7
Moving Oracle Adaptive Access Manager to an Existing Production Environment
Part VII Troubleshooting
15
FAQ/Troubleshooting
15.1
Universal Installation Option Proxy
15.2
Virtual Authentication Devices
15.3
Configurable Actions
15.4
One-Time Password
15.5
Localization
15.6
Man-in-the-Middle/Man-in-the-Browser
Index