OTP Anywhere is a secondary risk-based challenge solution consisting of a server generated one-time password (OTP) delivered to an end user via a configured out of band channel.
This chapter provides information on implementing OTP and contains the following sections:
Registering SMS Processor to Perform Work for Challenge Type
Configuring OAAM Server to Connect to Multiple UMS Servers to Send OTP
One-Time Password (OTP) is a form of secondary authentication, which is used in addition to standard user name and password credentials to strengthen the existing authentication and authorization process, thereby providing additional security for users. The application sends a one-time password that is only valid for the current session to the user. The system uses this password to challenge the user to verify identity.
Oracle Adaptive Access Manager 11g provides the framework to support One Time Password (OTP) authentication using Oracle User Messaging Service (UMS). This implementation enables an application to use OTP to challenge users with Oracle User Messaging Service (UMS) used as the method to deliver the password.
Benefits of OTP Anywhere are:
It is built on 11g Challenge Processor framework
Out of the box integration with Oracle User Messaging Service
Customizable registration user interface
Optional Opt-Out functionality
Email and SMS supported delivery channels
This section provides key definitions, acronyms, and abbreviations that are related to OTP implementation.
| Term | Description |
|---|---|
|
One Time Password (OTP) |
One Time Password (OTP) is used to authenticate an individual based on a single-use alphanumeric credential. The OTP is delivered to the user's configured delivery method. The user then provides the OTP credential as the response to proceed with the operation. The following are major benefits of using out-of-band OTP:
|
|
Oracle User Messaging Service (UMS) |
The Oracle User Messaging Service is a facility installed in the SOA Domain during installation of the SOA Suite. The Oracle User Messaging Service enables two-way communication between users and deployed applications. The communication can be through various channels, including email, instant messaging (IM or Chat), and SMS. OAAM uses Oracle User Messaging Service as a means of communicating with the user. |
|
Challenge Processor |
A challenge processor is java code that implements the |
|
Challenge Type |
"Channel" refers to the delivery channel used to send an OTP to the user (Email, SMS, or IM). The challenge type is the channel that OTP is using to challenge the user. You can configure a challenge type for any differences in handling for a challenge that is required. Handling of challenge types could be any specifics for that challenge type, from generating the "secret" used for the challenge to delivering the "secret" to the user and finally validating the users input. For each type of challenge these primary processes (Generation, Sending, and Validating) could require slightly different code. |
An example challenge scenario is as follows:
Oracle Adaptive Access Manager Server presents the user with the user name page.
The user submits his user name on the user name page.
Oracle Adaptive Access Manager fingerprints the user device and runs pre-authentication rules to determine if the user should be allowed to proceed to the password page.
The user is allowed to proceed to the password page and he enters his password.
The OAAM policies indicate that the user should be challenged.
The challenge checkpoint is run to determine the type of challenge to use (KBA, Email, SMS, and so on). If SMS challenge is returned, the SMS Challenge Processor is loaded and used to generate and deliver an OTP to the user through SMS.
Once the SMS has been sent, the user is presented with a challenge page indicating that his OTP has been sent to him in an SMS.
User submits correct OTP to continue into application and complete the login flow.
The OTP generated and sent to the user is only valid for one correct submission within a single HTTP session. If the user's HTTP session expires and a new OTP will be generated and sent if he is challenged again in a later session.
OTP using Oracle User Messaging Service (UMS) as a delivery method is a standard feature of the OAAM Server. This section contains an overview of the steps required to implement the feature.
Follow the instructions for customizing the OAAM server interface through adding customized JAR files and other files to an extensions shared library. For information on customizing the OAAM server interface, see Chapter 7, "Using the OAAM Extensions Shared Library to Customize OAAM."
| No. | Tasks |
|---|---|
|
1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
Registering SMS Processor to Perform Work for Challenge Type |
|
13 |
|
|
14 |
|
|
15 |
Configuring OAAM Server to Connect to Multiple UMS Servers to Send OTP |
The Oracle User Messaging Service (UMS) and OTP implementation is integrated into the OAAM Server login, challenge, and registration flows using the OAAM Server challenge processor framework. For information on the login, challenge, and registration flows, see Chapter 2, "Natively Integrating Oracle Adaptive Access Manager."
Ensure that the following prerequisites are met before configuring OTP for your application.
Note:
Ensure you are familiar with deploying custom OAAM extensions.Oracle Adaptive Access Manager is customized through adding customized JAR files and other files to an extensions shared library.
For information on adding customized JAR files and other files, see Chapter 7, "Using the OAAM Extensions Shared Library to Customize OAAM."
Before you can configure the Oracle User Messaging Service (UMS) driver and OTP, you must have installed the SOA Suite 11g, configured the SOA Domain and have the Admin Server and the SOA Server running. You also need access to the Oracle Enterprise Manager Fusion Middleware Control Console.
For information on installing the SOA Suite 11g, see Oracle Fusion Middleware Installation Guide for Oracle SOA Suite and Oracle Business Process Management Suite.
The User Messaging Service comes with some drivers that each handle traffic for a specific channel. The drivers control the channels. You need to configure them for the appropriate delivery server and protocol from which messages are sent. To configure drivers, follow the steps in "Configuring User Messaging Service Drivers" in Oracle Fusion Middleware Administrator's Guide for Oracle SOA Suite and Oracle Business Process Management Suite.
Configure the Email driver to a SMTP server as described in "Configuring the Email Driver" in Oracle Fusion Middleware Administrator's Guide for Oracle SOA Suite and Oracle Business Process Management Suite. You will need to provide parameter values for connecting to the remote gateway.
Table 16-3 Connecting to the SMTP Server
| Parameter | Description |
|---|---|
|
OutgoingMailServer |
Mandatory if email sending is required. For example, |
|
OutgoingMailServerPort |
Port number of SMTP server. |
|
OutgoingMailServerSecurity |
Possible values are TLS and SSL. |
|
OutgoingDefaultFromAddress (optional) |
The email address that is indicated as the sender of the email message. |
|
OutgoingUsername |
The user account from which the email is sent. |
|
OutgoingPassword |
The account's password (stored in encrypted format). |
Press Apply. To have these settings take effect, the driver has to be restarted.
Short Message Peer-to-Peer (SMPP) is one of the most popular GSM SMS protocols. User Messaging Service includes a prebuilt implementation of the SMPP protocol as a driver that is capable of both sending and receiving short messages.
Note:
For SMS, unlike the Email driver that is deployed out-of-the-box, you must deploy the SMPP driver first before modifying the configurations.Configure the SMPP driver as described in "Configuring the SMPP Driver" in Oracle Fusion Middleware Administrator's Guide for Oracle SOA Suite and Oracle Business Process Management Suite. You will need to provide parameter values for connecting to the driver gateway vendor.
Table 16-4 Connecting to the Vendor
| Parameter | Description |
|---|---|
|
SmsAccountId |
The Account Identifier on the SMS-C. This is your vendor account ID which you must get from the vendor. |
|
SmsServerHost |
The name (or IP address) of the SMS-C server. |
|
TransmitterSystemPassword |
The password of the transmitter system. This includes Type of Password (choose from Indirect Password/Create New User, Indirect Password/Use Existing User, and Use Cleartext Password) and Password. This is the password corresponding to your vendor account ID |
|
TransmitterSystemType |
The type of transmitter system. The default is |
|
ReceiverSystemId |
The account ID used to receive messages. |
|
ReceiverSystemType |
The type of receiver system. The default is |
|
ServerTransmitterPort |
The TCP port number of the transmitter server. |
|
ServerReceiverPort |
The TCP port number of the receiver server. |
|
DefaultEncoding |
The default encoding of the SMPP driver. The default is IA5. Choose from the drop-down list: IA5, UCS2, and GSM_DEFAULT. |
|
DefaultSenderAddress |
Default sender address |
After providing the parameter values, press Apply. To have these settings take effect, the driver has to be restarted.
Enable the registration flow and user preferences by setting these properties to true:
Table 16-5 Enable OTP Profile Registration and Preference Setting
| Property | Description |
|---|---|
|
bharosa.uio.default.register.userinfo.enabled |
Setting the property to true enables the profile registration pages if the OTP channel is enabled and requires registration. |
|
bharosa.uio.default.userpreferences.userinfo.enabled |
Setting the property to true enables the user to set preferences if the OTP channel is enabled and allows preference setting. User Preferences is a page that allows the user to change their image/phrase, challenge questions, un-register devices, and update their OTP profile. |
Log in to the OAAM Administration Console.
In the Navigation pane, double-click Properties under the Environment node. The Properties Search page is displayed.
Enter bharosa.uio.default.register.userinfo.enabled in the Name field and click Search.
Click to select the property in the Search Results section, change the value to true, and click Save.
Enter bharosa.uio.default.userpreferences.userinfo.enabled in the Name field and click Search.
Click to select the property in the Search Results section, change the value to true, and click Save.
Enable challenge types by setting the appropriate property to true. By setting the property to true, policies will be able to challenge using OTP through the challenge type (email, SMS, or IM). The user will see the email, SMS, or IM page in the registration flow.
You will need to associate a Challenge Type with the Java code needed to perform any work related to that challenge type. The Challenge Type ID (ChallengeEmail) should match a rule action returned by the rules when that challenge type is to be used.
Table 16-6 Oracle User Messaging Service OTP challenge types
| Property | Default Value | Description |
|---|---|---|
|
bharosa.uio.default.challenge.type.enum.ChallengeEmail.available |
false |
Availability flag for email challenge type |
|
bharosa.uio.default.challenge.type.enum.ChallengeSMS.available |
false |
Availability flag for SMS challenge type |
|
bharosa.uio.default.challenge.type.enum.ChallengeIM.available |
false |
Availability flag for instant message challenge type |
The properties to set for the Oracle User Messaging Service (UMS) server URLs and credentials are listed in Table 16-7. They can be edited using the Property Editor in OAAM Admin. Note: End point is the Web Services URL that OAAM uses to send calls into Oracle User Messaging Service.
Table 16-7 Oracle User Messaging Service Server URLs and Credentials
| Property | Default Value | Description |
|---|---|---|
|
bharosa.uio.default.ums.integration.webservice |
UMS Server Webservice URL
|
|
|
bharosa.uio.default.ums.integration.parlayx.endpoint |
UMS Server ParlayX Endpoint URL
|
|
|
bharosa.uio.default.ums.integration.useParlayX |
false |
Configures the use of webservice or parlayx API. The value is false by default (Webservices recommended) |
|
bharosa.uio.default.ums.integration.userName |
Username for Oracle User Messaging Service server |
|
|
bharosa.uio.default.ums.integration.password |
Password for Oracle User Messaging Service server |
|
|
bharosa.uio.default.ums.integtaion.policies |
Oracle User Messaging Service authentication policies |
|
|
bharosa.uio.default.ums.integration.fromAddress |
demo@oracle.com |
OAAM from address for OTP messages Note: If the OAAM server is not able to get the value of the For example, set the |
|
bharosa.uio.default.ums.integration.message.status.poll.attempts |
3 |
Number of times to attempt status poll each time the wait page is displayed |
|
bharosa.uio.default.ums.integration.message.status.poll.delay |
1000 |
Delay between status polls while the wait page is being displayed |
|
bharosa.uio.default.ums.integration.sleepInterval |
10000 |
|
|
bharosa.uio.default.ums.integration.deliveryPage.delay |
3000 |
After you set up the Oracle User Messaging Service server properties, restart the application.
Setting up the registration page involves the following tasks:
The Opt-Out feature is disabled by default. To enable Opt Out for the user, set the property to true.
Table 16-8 OTP opt-out properties
| Property | Default Value |
|---|---|
|
bharosa.uio.default.otp.optOut.enabled |
false |
|
bharosa.uio.default.otp.optOut.managerClass |
com.bharosa.uio.manager.user.DefaultContactInfoManager |
If you want the user to be able to opt-out of registering an OTP profile, you must enable a Decline button on the OTP registration page by setting the following properties using the Properties Editor:
bharosa.uio.default.register.userinfo.decline.enabled = true
bharosa.uio.default.userpreferences.userinfo.decline.enabled = true
Note:
Even if these are true, the button will not show if the Opt Out property is false.When the Decline button is enabled, the user will have another option on the OTP registration page that will allow him to Opt out of OTP challenges. He will not be asked to register OTP again, and will not receive OTP challenges. However, if a Customer Care OTP Profile reset is performed (or reset all) the user will have the opportunity to register OTP again.
Also, even if the user has opted out of OTP, he can access the OTP page in User Preferences and add information and click Continue. This will remove the OTP out flag and the user will now be registered for OTP.
To configure terms and conditions check boxes and fields in the OTP registration page, add Terms and Conditions properties to oaam_custom.properties.
Table 16-9 Terms and Conditions Checkbox
| Property | Default Value | Description |
|---|---|---|
|
bharosa.uio.default.userinfo.inputs.enum.terms |
4 |
Terms and Conditions enum value |
|
bharosa.uio.default.userinfo.inputs.enum.terms.name |
Terms and Conditions |
Name for Terms and Conditions checkbox |
|
bharosa.uio.default.userinfo.inputs.enum.terms.description |
Terms and Conditions |
Description for Terms and Conditions checkbox |
|
bharosa.uio.default.userinfo.inputs.enum.terms.inputname |
terms |
HTML input name for Terms and Conditions checkbox |
|
bharosa.uio.default.userinfo.inputs.enum.terms.inputtype |
checkbox |
HTML input type for Terms and Conditions checkbox |
|
bharosa.uio.default.userinfo.inputs.enum.terms.values |
true |
Required values for Term and Conditions checkbox during registration and user preferences |
|
bharosa.uio.default.userinfo.inputs.enum.terms.maxlength |
40 |
HTML input max length for Terms and Conditions checkbox |
|
bharosa.uio.default.userinfo.inputs.enum.terms.required |
true |
Required flag for Term and Conditions checkbox during registration and user preferences |
|
bharosa.uio.default.userinfo.inputs.enum.terms.order |
5 |
Order on the page for Terms and Conditions checkbox |
|
bharosa.uio.default.userinfo.inputs.enum.terms.enabled |
true |
Enabled flag for Terms and Conditions enum item |
|
bharosa.uio.default.userinfo.inputs.enum.terms.regex |
.+ |
Regular expression for validation of Terms and Conditions checkbox |
|
bharosa.uio.default.userinfo.inputs.enum.terms.errorCode |
otp.invalid.terms |
Error code to get error message from if validation of Terms and Conditions fails |
|
bharosa.uio.default.userinfo.inputs.enum.terms.managerClass |
com.bharosa.uio.manager.user.DefaultContactInfoManager |
Java class to use to save / retrieve Terms and Conditions from data storage |
Then, add the mobile input registration field properties to oaam_custom.properties.
Table 16-10 Mobile Input - Properties File
| Property | Default Value | Description |
|---|---|---|
|
bharosa.uio.default.userinfo.inputs.enum.mobile |
0 |
Mobile phone enum value |
|
bharosa.uio.default.userinfo.inputs.enum.mobile.name |
Mobile Phone |
Name for mobile phone field |
|
bharosa.uio.default.userinfo.inputs.enum.mobile.description |
Mobile Phone |
Description for mobile phone field |
|
bharosa.uio.default.userinfo.inputs.enum.mobile.inputname |
cell number |
HTML input name for mobile phone field |
|
bharosa.uio.default.userinfo.inputs.enum.mobile.inputtype |
text |
HTML input type for mobile phone field |
|
bharosa.uio.default.userinfo.inputs.enum.mobile.maxlength |
15 |
HTML input max length for mobile phone field |
|
bharosa.uio.default.userinfo.inputs.enum.mobile.required |
true |
Required flag for mobile phone field during registration and user preferences |
|
bharosa.uio.default.userinfo.inputs.enum.mobile.order |
1 |
Order on the page for mobile phone field |
|
bharosa.uio.default.userinfo.inputs.enum.mobile.enabled |
true |
Enabled flag for mobile phone enum item |
|
bharosa.uio.default.userinfo.inputs.enum.mobile.regex |
If configuring through properties:
\\D?(\\d{3})\\D?\\D?(\\d{3})\\D?(\\d{4})
If configuring through OAAM Admin:
\D?(\d{3})\D?\D?(\d{3})\D?(\d{4})
|
Regular expression for validation of mobile phone field |
|
bharosa.uio.default.userinfo.inputs.enum.mobile.errorCode |
otp.invalid.mobile |
Error code to get error message from if validation of mobile phone entry fails |
|
bharosa.uio.default.userinfo.inputs.enum.mobile.managerClass |
com.bharosa.uio.manager.user.DefaultContactInfoManager |
Java class to use to save / retrieve mobile phone from data storage |
Policies in the Challenge checkpoint determine the type of challenge to present the user.
To configure a policy with a rule that OTP-challenge users for specific scenarios, perform the following steps:
Log in to the OAAM Administration Console.
Double-click Policies in the Navigation pane.
In the Policies Search page, click New Policy.
The New Policy page appears. In the Summary tab, create a post-authentication security policy.
For Policy Name, enter a name for the policy.
For Description, enter a description for the policy.
For Checkpoint, select Post-Authentication.
Modify the policy status, scoring engine, and weight according to your requirements.
Click Apply.
Click OK to dismiss the confirmation dialog.
Click the Rules tab.
Add general summary information about the rule.
On the conditions tab, add User: Check OTP failures condition or other OTP-related condition.
On the Results tab, specify OAAM challenge as the Action group.
Link the policy to all users.
This section contains the following topics:
To customizing the name of the mobile field and description, add the following properties to client_resource_locale.properties.
To customize Terms and Conditions, add the following properties with values to client_resource_locale.properties. Default messaging for Terms and Conditions is configured through the values in client_resource_locale.properties.
Table 16-12 Messaging of Terms and Conditions
| Property | Descriptions |
|---|---|
|
bharosa.uio.default.userinfo.inputs.enum.terms.name |
I agree to the [ENTER COMPANY OR SERVICE NAME HERE] terms & conditions. Click to view full <a href="javascript:infoWindow('terms');">Terms & Conditions</a> and <a href="javascript:infoWindow('privacy');">Privacy Policy</a>. |
|
bharosa.uio.default.userinfo.inputs.enum.terms.description |
Message and Data Rates May Apply. <br/>For help or information on this program send "HELP" to [ENTER SHORT/LONG CODE HERE]. <br/>To cancel your plan, send "STOP" to [ENTER SHORT/LONG CODE HERE] at anytime.<br/><br/>For additional information on this service please go to <a href="" target="_blank">[ENTER INFORMATIONAL URL HERE]</a>.<br/><br/><b>Supported Carriers:</b><br/>AT&T, Sprint, Nextel, Boost, Verizon Wireless, U.S. Cellular®, T-Mobile®, Cellular One Dobson, Cincinnati Bell, Alltel, Virgin Mobile USA, Cellular South, Unicel, Centennial and Ntelos |
The value for bharosa.uio.default.userinfo.inputs.enum.terms.name includes placeholder links that use OAAM Server popup messaging for "Terms & Conditions" and "Privacy Policy". The property and resource keys for the contents of the popups are listed as follows.
Table 16-13 Terms & Conditions and Privacy Policy Popup Messaging
| Property | Descriptions |
|---|---|
|
bharosa.uio.default.messages.enum.terms.name |
Terms and Conditions |
|
bharosa.uio.default.messages.enum.terms.description |
PLACEHOLDER TEXT FOR TERMS AND CONDITIONS |
|
bharosa.uio.default.messages.enum.privacy.name |
Privacy Policy |
|
bharosa.uio.default.messages.enum.privacy.description |
PLACEHOLDER TEXT FOR PRIVACY POLICY |
To customize registration page message text, add these properties to client_resource_locale.properties.
Table 16-14 Customize Registration Page Message Text
| Property | Default Value |
|---|---|
|
bharosa.uio.default.register.userinfo.title |
OTP Anywhere Registration |
|
bharosa.uio.default.register.userinfo.message |
For your protection please enter your mobile telephone number so we may use it to verify your identity in the future. Please ensure that you have text messaging enabled on your phone. |
|
bharosa.uio.default.register.userinfo.registerdevice.message |
Check to register the device that you are currently using as a safe device: |
|
bharosa.uio.default.register.userinfo.continue.button |
Continue |
|
bharosa.uio.default.register.userinfo.decline.message |
If you decline you will not be asked to register again. |
|
bharosa.uio.default.register.userinfo.decline.button |
Decline |
To customize challenge page message text, add these properties to client_resource_locale.properties.
Table 16-15 Customize Challenge Page Message Text
| Property | Default Value |
|---|---|
|
bharosa.uio.default.ChallengeSMS.message |
For your protection please enter the code we just sent to your mobile telephone. If you did not receive a code please ensure that text messaging is enabled on your phone and click the resend link below. |
|
bharosa.uio.default.ChallengeSMS.registerdevice.message |
Check to register the device that you are currently using as a safe device: |
|
bharosa.uio.default.ChallengeSMS.continue.button |
Continue |
To customize OTP message text, add these properties to client_resource_locale.properties.
You can configure the one-time password generation through properties edits. The following properties are used to generate the OTP:
# OTP pin generation config bharosa.uio.default.otp.generate.code.length = 5 bharosa.uio.default.otp.generate.code.characters = 1234567890
The default OTP codes will be 5 characters made up of the numbers 0-9 (for example: 44569).
bharosa.uio.default.otp.generate.code.length designates the length of the OTP.
bharosa.uio.default.otp.generate.code.characters designates the characters to use when generating the OTP.
An example is shown below for generating a 4 character OTP code with numbers 0-9 and letters a-d (for example: 0c6a):
bharosa.uio.default.otp.generate.code.length = 4 bharosa.uio.default.otp.generate.code.characters = 1234567890abcd
You can configure the one-time password expiry time through properties edits.
To set up OTP SMS password expiry time, add the following property:
bharosa.uio.default.challenge.type.enum.ChallengeSMS.otpexpirytimeMs
To set up OTP email password expiry time, add the following property:
bharosa.uio.default.challenge.type.enum.ChallengeEmail.otpexpirytimeMs to oaam_custom.properties
The time is in milliseconds. If the expiration time you want to set is not in milliseconds, you will have to perform a conversion. For example, if you want to set the expiration time for OTP to be 7 minutes, then you must set the property to 420000 (7 minutes).
By default, challenge devices that will be used are configured through rules. The rules are under the AuthentiPad checkpoint where you can specify the type of device to use based on the purpose of the device.
To create/update policies to use the challenge type:
Add a new rule action, MyChallenge, with the enum, rule.action.enum.
Create policy to return newly created action, MyChallenge, to use the challenge method.
Alternatively, to configure challenge devices using properties, you can bypass the AuthentiPad checkpoint by setting bharosa.uio.default.use.authentipad.checkpoint to false.
Devices to use for the challenge type can be added.
bharosa.uio.application.challengeType.authenticator.device=<value>
The examples shown use the challenge type key, ChallengeEmail and ChallengeSMS to construct the property name.
bharosa.uio.default.ChallengeSMS.authenticator.device=DevicePinPad bharosa.uio.default.ChallengeEmail.authenticator.device=DevicePinPad
Available challenge device values are DeviceKeyPadFull, DeviceKeyPadAlpha, DeviceTextPad, DeviceQuestionPad, DevicePinPad, and DeviceHTMLControl.
Table 16-17 Authentication Device Type
| Property | Description |
|---|---|
|
None |
No HTML page or authentication pad |
|
DeviceKeyPadFull |
Challenge user using KeyPad. |
|
DeviceKeyPadAlpha |
Challenge user with the alphanumeric KeyPad (numbers and letters only, no special characters) |
|
DeviceTextPad |
Challenge user using TextPad. |
|
DeviceQuestionPad |
Challenge user using QuestionPad. |
|
DevicePinPad |
Challenge user using PinPad. |
|
DeviceHTMLControl |
Challenge user using HTML page instead of an authentication pad. |
You use the challenge type enum to associate a Challenge Type with the Java code needed to perform any work related to that challenge type. The Challenge Type ID (ChallengeEmail) should match a rule action returned by the rules when that challenge type is going to be used. "Channel" typically refers to the delivery channel used to send an OTP to the user (Email, SMS, or IM).
Table 16-18 Challenge type enums
| Property | Description |
|---|---|
|
available |
if the challenge type is available for use (service ready and configured). To enable/disable an OTP challenge type, the available flag should be set. |
|
processor |
java class for handling challenges of this type. |
|
requiredInfo |
comma separated list of inputs from the registration input enum |
The properties to register the SMS challenge processor and mark service as available (or unavailable) are listed in Table 16-19.
Table 16-19 Properties to register the SMS challenge processor
| Property | Default Value | Description |
|---|---|---|
|
bharosa.uio.default.challenge.type.enum.ChallengeSMS |
2 |
SMS Challenge enum value |
|
bharosa.uio.default.challenge.type.enum.ChallengeSMS.name |
SMS Challenge |
Name of SMS challenge type |
|
bharosa.uio.default.challenge.type.enum.ChallengeSMS.description |
SMS Challenge |
Description of SMS challenge type |
|
bharosa.uio.default.challenge.type.enum.ChallengeSMS.processor |
com.bharosa.uio.processor.challenge.SMSUMSOTPChallengeProcessor |
Processor class for SMS challenge type Specifies the java class for handling challenges of this type. The challenge mechanism is customizable through Java classes. |
|
bharosa.uio.default.challenge.type.enum.ChallengeSMS.requiredInfo |
mobile,terms |
Required fields to challenge user with SMS challenge type A comma separated list of inputs from registration input enum |
|
bharosa.uio.default.challenge.type.enum.ChallengeSMS.displayedInfo |
mobile |
|
|
bharosa.uio.default.challenge.type.enum.ChallengeSMS.available |
false |
Availability flag for SMS challenge type Specifies if the challenge type is available for use (service ready and configured). To enable/disable an OTP challenge type, the available flag should be set. |
|
bharosa.uio.default.challenge.type.enum.ChallengeSMS.otp |
true |
OTP flag for SMS challenge type |
|
bharosa.uio.default.challenge.type.enum.ChallengeSMS.otpexpirytimeMs |
300000 |
Sets up OTP SMS password expiry time. The time is in milliseconds. If the value is not in milliseconds, you will have to perform a conversion. For example, if you want to set the expiration time for OTP to be 7 minutes, then you must set the property to 420000 (7 minutes) |
|
bharosa.uio.default.challenge.type.enum.ChallengeSMS.htmlLabel |
SMS Code |
Label used when HTML (not authentipad) is used for user input. Resource bundle value. |
|
bharosa.uio.default.challenge.type.enum.ChallengeSMS.htmlInputType |
text |
Type of input used when HTML (not authentipad) is used for user input. Possible values are "text" or "password". |
This section describes how to customize data storage for OTP Anywhere. You can customize OTP Anywhere by implementing the com.bharosa.uio.manager.user.UserDataManagerIntf interface.
The methods used in customizations are:
public String getUserData(UIOSessionData sessionData, String key);
public void setUserData(UIOSessionData sessionData, String key, String value);
The default implementation expands on the interface to break every get and set into two items: UserDataValue and UserDataFlag. The UserDataFlag is used by OAAM to track that a value has been set, or soft reset a value. OAAM uses rules to check if a user is registered for a given item and to check the UserDataFlag in the OAAM database. The UserDataValue is the actual data element entered by the user. In the default implementation this is also stored in the OAAM database, but by extending the DefaultContactInfoManager class and overriding the UserDataValue methods (getUserDataValue and setUserDataValue) the data can be stored in an external location if required.
public class DefaultContactInfoManager implements UserDataManagerIntf {
public String getUserData(UIOSessionData sessionData, String key){
if (getUserDataFlag(sessionData, key)){
return getUserDataValue(sessionData, key);
}
return null;
}
public void setUserData(UIOSessionData sessionData, String key, String value){
setUserDataValue(sessionData, key, value);
setUserDataFlag(sessionData, key, value);
}
protected void setUserDataValue(UIOSessionData sessionData,
String key, String value){
VCryptAuthUser clientUser = sessionData.getClientAuthUser();
if (clientUser != null) {
clientUser.setUserData(BharosaConfig.get("oaam.otp.contact.info.prefix",
"otpContactInfo_") + key, value);
}
}
protected String getUserDataValue(UIOSessionData sessionData, String key) {
VCryptAuthUser clientUser = sessionData.getClientAuthUser();
if (clientUser != null) {
return
clientUser.getUserData(BharosaConfig.get("oaam.otp.contact.info.prefix",
"otpContactInfo_") + key);
}
return null;
}
protected void setUserDataFlag(UIOSessionData sessionData,
String key, String value){
VCryptAuthUser clientUser = sessionData.getClientAuthUser();
if (clientUser != null) {
if (StringUtil.isEmpty(value)) {
clientUser.setUserData(BharosaConfig.get("oaam.otp.contact.info.flag.prefix",
"otpContactInfoFlag_") + key, null);
} else {
clientUser.setUserData(BharosaConfig.get("oaam.otp.contact.info.flag.prefix",
"otpContactInfoFlag_") + key, "true");
}
}
}
protected boolean getUserDataFlag(UIOSessionData sessionData, String key) {
VCryptAuthUser clientUser = sessionData.getClientAuthUser();
if (clientUser != null) {
return
Boolean.valueOf(clientUser.getUserData(BharosaConfig.get
("oaam.otp.contact.info.flag.prefix",
"otpContactInfoFlag_") + key));
}
return false;
}
}
Extend the base implementation class DefaultContactInfoManager, and override the setUserDataValue and getUserDataValue methods to store the data values where appropriate for you implementation.
Leave the default implementation of setUserDataFlag and getUserDataFlag in place in order for OAAM to properly track which data has been set for the user.
OTP Anywhere registration fields are defined by the user defined enum: bharosa.uio.default.userinfo.inputs.enum.
Each element has a managerClass property that designates which class will be used to store the registration data.
For example, the default mobile phone element is as follows:
bharosa.uio.default.userinfo.inputs.enum=Enum for Contact information
bharosa.uio.default.userinfo.inputs.enum.mobile=0
bharosa.uio.default.userinfo.inputs.enum.mobile.name=Mobile Phone
bharosa.uio.default.userinfo.inputs.enum.mobile.description=Mobile Phone
bharosa.uio.default.userinfo.inputs.enum.mobile.inputname=cellnumber
bharosa.uio.default.userinfo.inputs.enum.mobile.inputtype=text
bharosa.uio.default.userinfo.inputs.enum.mobile.maxlength=16
bharosa.uio.default.userinfo.inputs.enum.mobile.required=true
bharosa.uio.default.userinfo.inputs.enum.mobile.order=4
bharosa.uio.default.userinfo.inputs.enum.mobile.enabled=true
bharosa.uio.default.userinfo.inputs.enum.mobile.regex=
\\d{1}\\D?(\\d{3})\\D?\\D?(\\d{3})\\D?(\\d{4})
bharosa.uio.default.userinfo.inputs.enum.mobile.errorCode=otp.invalid.mobile
bharosa.uio.default.userinfo.inputs.enum.mobile.managerClass=
com.bharosa.uio.manager.user.DefaultContactInfoManager
As shown, the default mobile phone definition uses the DefaultContactInfoManager class to manage the data. If a custom implementation is desired, the value of the managerClass attribute can be updated in OAAM Admin (or through OAAM Extension shared library) to use a custom class.
OAAM can be enabled to let the end-user decide by what means the user wishes to authenticate if the user is registered for OTP via SMS and also registered for OTP via Email.
The Challenge checkpoint determines which mechanism to use to challenge the user. When "ChallengeChoice" and at least one other challenge type (ChallengeEmail, ChallengeSMS, and so on) is configured in the result of the Challenge checkpoint the user will be given a choice of the challenge type.
The challenge choice page includes a description of the challenge type and any data present in the display list for that challenge type. The data will be masked according to the mask regex defined for the user info element in the enum.
Once the user selects a challenge type he will be challenged with that type. He will also be provided a link on the challenge page to return to the challenge choice selection page. However if the user reaches his challenge counter limit for any particular type of challenge he will be logged out and taken to the login/error page indicating the error.
To configure challenge choice messaging, add the following properties to oaam_uio.properties:
Table 16-20 Challenge Choice Type Messaging Configuration
| Property | Default Value |
|---|---|
|
bharosa.uio.default.ChallengeChoice.title |
Title for Challenge Choice page. |
|
bharosa.uio.default.ChallengeChoice.message |
Select how you would prefer to receive OTP code. |
|
bharosa.uio.default.ChallengeChoice.continue.message |
Continue message. |
|
bharosa.uio.default.ChallengeChoice.continue.button |
Continue |
|
bharosa.uio.default.ChallengeChoice.invalid_choice.message |
You have entered an invalid choice. Please check your selection and try again. |
|
bharosa.uio.default.ChallengeChoice.not_available.message |
Selected challenge type is not available. Please select again. |
|
bharosa.uio.default.ChallengeChoice.continue.enabled |
true |
To configure challenge type links, add the following properties to oaam_uio.properties:
Table 16-21 Challenge Choice Page Links
| Property | Default Value |
|---|---|
|
bharosa.uio.default.ChallengeQuestion.links.enum.choice |
4 |
|
bharosa.uio.default.ChallengeQuestion.links.enum.choice.name |
Change choice |
|
bharosa.uio.default.ChallengeQuestion.links.enum.choice.description |
Choose different challenge method. |
|
bharosa.uio.default.ChallengeQuestion.links.enum.choice.url |
javascript:newChoice(); |
|
bharosa.uio.default.ChallengeQuestion.links.enum.choice.personalization |
false |
|
bharosa.uio.default.ChallengeQuestion.links.enum.choice.challengechoice |
true |
|
bharosa.uio.default.ChallengeQuestion.links.enum.choice.order |
4 |
|
bharosa.uio.default.ChallengeQuestion.links.enum.choice.enabled |
true |
|
bharosa.uio.default.ChallengeEmail.links.enum.choice |
4 |
|
bharosa.uio.default.ChallengeEmail.links.enum.choice.name |
Change choice |
|
bharosa.uio.default.ChallengeEmail.links.enum.choice.description |
Choose different delivery method. |
|
bharosa.uio.default.ChallengeEmail.links.enum.choice.url |
javascript:newChoice(); |
|
bharosa.uio.default.ChallengeEmail.links.enum.choice.personalization |
false |
|
bharosa.uio.default.ChallengeEmail.links.enum.choice.challengechoice |
true |
|
bharosa.uio.default.ChallengeEmail.links.enum.choice.order |
4 |
|
bharosa.uio.default.ChallengeEmail.links.enum.choice.enabled |
true |
|
bharosa.uio.default.ChallengeSMS.links.enum.choice |
4 |
|
bharosa.uio.default.ChallengeSMS.links.enum.choice.name |
Change choice |
|
bharosa.uio.default.ChallengeSMS.links.enum.choice.description |
Choose different delivery method. |
|
bharosa.uio.default.ChallengeSMS.links.enum.choice.url |
javascript:newChoice(); |
|
bharosa.uio.default.ChallengeSMS.links.enum.choice.personalization |
false |
|
bharosa.uio.default.ChallengeSMS.links.enum.choice.challengechoice |
true |
|
bharosa.uio.default.ChallengeSMS.links.enum.choice.order |
4 |
|
bharosa.uio.default.ChallengeSMS.links.enum.choice.enabled |
true |
|
bharosa.uio.default.ChallengeIM.links.enum.choice |
4 |
|
bharosa.uio.default.ChallengeIM.links.enum.choice.name |
Change choice |
|
bharosa.uio.default.ChallengeIM.links.enum.choice.description |
Choose different delivery method. |
|
bharosa.uio.default.ChallengeIM.links.enum.choice.url |
javascript:newChoice(); |
|
bharosa.uio.default.ChallengeIM.links.enum.choice.personalization |
false |
|
bharosa.uio.default.ChallengeIM.links.enum.choice.challengechoice |
true |
|
bharosa.uio.default.ChallengeIM.links.enum.choice.order |
4 |
|
bharosa.uio.default.ChallengeIM.links.enum.choice.enabled |
true |
|
bharosa.uio.default.ChallengeVoice.links.enum.choice |
4 |
|
bharosa.uio.default.ChallengeVoice.links.enum.choice.name |
Change choice |
|
bharosa.uio.default.ChallengeVoice.links.enum.choice.description |
Choose different delivery method. |
|
bharosa.uio.default.ChallengeVoice.links.enum.choice.url |
javascript:newChoice(); |
|
bharosa.uio.default.ChallengeVoice.links.enum.choice.personalization |
false |
|
bharosa.uio.default.ChallengeVoice.links.enum.choice.challengechoice |
true |
|
bharosa.uio.default.ChallengeVoice.links.enum.choice.order |
4 |
|
bharosa.uio.default.ChallengeVoice.links.enum.choice.enabled |
true |
To customize challenge choice messaging, add the following properties to asa_msg_resource.properties:
Table 16-22 Customize Challenge Choice Type Messaging
| Property | Default Value |
|---|---|
|
bharosa.uio.default.ChallengeChoice.title |
Title for Challenge Choice page. |
|
bharosa.uio.default.ChallengeChoice.message |
Select how you would prefer to receive OTP code. |
|
bharosa.uio.default.ChallengeChoice.continue.message |
Continue message. |
|
bharosa.uio.default.ChallengeChoice.continue.button |
Continue |
|
bharosa.uio.default.ChallengeChoice.invalid_choice.message |
You have entered an invalid choice. Please check your selection and try again. |
|
bharosa.uio.default.ChallengeChoice.not_available.message |
Selected challenge type is not available. Please select again. |
To configure challenge choice display, add the following properties to oaam_core.properties:
Table 16-23 Configure Challenge Choice Display
| Property | Default Value |
|---|---|
|
bharosa.uio.default.challenge.type.enum.ChallengeQuestion.displayedInfo |
|
|
bharosa.uio.default.challenge.type.enum.ChallengeEmail.displayedInfo |
|
|
bharosa.uio.default.challenge.type.enum.ChallengeSMS.displayedInfo |
mobile |
|
bharosa.uio.default.challenge.type.enum.ChallengeIM.displayedInfo |
im |
|
bharosa.uio.default.challenge.type.enum.ChallengeVoice.displayedInf |
phone |
You can configure the minimum number of actions to trigger the challenge choice, the delimiter for contact information, and the replacement character in data masking with the following properties in oaam_uio.properties.
Use this property to set the minimum number of actions in action list to trigger challenge choice:
bharosa.uio.default.ChallengeChoice.actionlist.threshold=3
Use this property to set the delimiter for contact information displayed in the Challenge Choice page:
bharosa.uio.default.ChallengeChoice.contactInfo.delim= -
Use this property to set the replacement character for masking for contact information displayed in the Challenge Choice page:
bharosa.uio.default.ChallengeChoice.contactInfo.mask=*
The Challenge Choice action is already configured as a trigger combination in the Challenge Policy. When Email and SMS are both available and not locked, the policy returns the OAAM Challenge Choice action group. The OAAM Challenge Choice action group contains the actions: ChallengeChoice, ChallengeEmail, and ChallengeSMS.
To ensure that the Challenge Choice action is configured:
Log in to the OAAM Administration Console.
Double-click Policies in the Navigation pane.
The Policies Search page displays.
In the Policies Search page, search for the OAAM Challenge Policy.
Click OAAM Challenge Policy and then the Trigger Combination tab.
Ensure that Trigger Combination #4 (If user has active email and SMS then provide him with option to choose challenge channel) is configured as follows:
Table 16-24 Challenge Choice Trigger Combination
| Description | Combination Details | Result |
|---|---|---|
|
If user is registered for OTP via SMS and is also registered for OTP via Email then give him the option to choose which channel he wants to get his OTP. |
Check for High Risk Score = TRUE Questions Active = ANY Challenge Email Available = TRUE Challenge SMS Available = TRUE Max failed Question Attempts = ANY Max failed Email Attempts = FALSE Max failed SMS Attempts = FALSE |
Policy = NONE Action = OAAM Challenge Choice Alert = NONE Score = 0 |
OAAM Server can be configured to connect to multiple UMS servers individually or via load-balancing to send OTP through. If one UMS server fails, OAAM can still send messages through another UMS server. The order in which OAAM Server tries the UMS server URLs is based on configuration.
You can specify connection to multiple UMS servers and the order in which they are checked through configuration:
If the UMS servers use the same credentials, you can specify a comma-separated list of UMS servers (SOA servers) for existing UMS Web Service or UMS Web Service Endpoint URL properties using the OAAM Properties Editor in the OAAM Administration Console. By default, the UMS server properties are typically left empty.
OAAM server attempts to send OTP using UMS server URLs in the order they appear in the list. UMS URL1 is checked first as it appears first in the property, and if it is available, UMS URL1 is used for sending OTP.
If OAAM tries to send a message, and the first UMS server fails or the URL is invalid, OAAM server tries to send the message using the second URL. If the second UMS server fails or the URL is invalid, OAAM server checks the third URL, and so on down the line. OAAM server keeps trying to send the messages until the message is sent successfully.
When multiple UMS servers use different credentials or policies are needed for each UMS server, you can add enumerations to the oaam_custom.properties file in the OAAM Extensions Shared Library to specify multiple user messaging server URLs.
A value must be specified for UMS Web Service Endpoint URL property for the enum to be used. Recommended workaround is to supply the primary UMS server in existing properties and any backups in the enum.
OAAM Server requires a restart after you edit or add the enums.
OAAM server attempts to send OTP using URLs in the order specified by their order attribute.
If both enums (added to the OAAM Extensions Shared Library) and properties (configured with the Properties Editor) are used together, attempts to send OTP will try the property based URLs first and then the user-defined enums.
For example, UMS URL1 is checked first as it appears first in the property and if it is available, UMS URL1 is used for sending OTP. If UMS URL1 is unavailable or invalid, the second entry in the property is checked and so on. If after checking all the property-based URLs and if all are unavailable or invalid, OAAM server checks the enum-based URLs. If the enum-based URL is valid, that UMS service is accessed.
To specify multiple UMS Server URLs:
Log in to the OAAM Administration Console.
In the Navigation pane, double-click Properties under the Environment node. The Properties Search page is displayed.
Enter the following in the Name field and click Search.
bharosa.uio.default.ums.integration.useParlayX
Click to select the property in the Search Results section, specify True or False, and click Save.
This configures the use of Web service or parlayx API. Value is false by default (preferred).
Enter the following in the Name field and click Search.
bharosa.uio.default.ums.integration.webservice
or
bharosa.uio.default.ums.integration.parlayx.endpoint
Click to select the property in the Search Results section, add UMS URL1, URL2, URL3, and so on, in a comma separated list, and click Save.
For example:
http://UMS_server1:UMS-port1/ucs/messaging/webservice, http://UMS_server2:UMS-port2/ucs/messaging/webservice, http://UMS_server3:UMS-port3/ucs/messaging/webservice
For each UMS Server URLs and credentials, you will need to add an enum. For example, add the following enums:
bharosa.uio.default.ums.integration.server.enum.primary=1 bharosa.uio.default.ums.integration.server.enum.primary.name=Primary UMS Server bharosa.uio.default.ums.integration.server.enum.primary.description=Primary UMS Server bharosa.uio.default.ums.integration.server.enum.primary.url=URL1 bharosa.uio.default.ums.integration.server.enum.primary.username=USERNAME1 bharosa.uio.default.ums.integration.server.enum.primary.password=PASSWORD1 bharosa.uio.default.ums.integration.server.enum.primary.policies= bharosa.uio.default.ums.integration.server.enum.primary.useparlayx=false bharosa.uio.default.ums.integration.server.enum.primary.order=1 bharosa.uio.default.ums.integration.server.enum.primary.enabled=true bharosa.uio.default.ums.integration.server.enum.secondary=2 bharosa.uio.default.ums.integration.server.enum.secondary.name=Secondary UMS Server bharosa.uio.default.ums.integration.server.enum.secondary.description=Secondary UMS Server bharosa.uio.default.ums.integration.server.enum.secondary.url=URL2 bharosa.uio.default.ums.integration.server.enum.secondary.username=USERNAME2 bharosa.uio.default.ums.integration.server.enum.secondary.password=PASSWORD2 bharosa.uio.default.ums.integration.server.enum.secondary.policies= bharosa.uio.default.ums.integration.server.enum.secondary.useparlayx=false bharosa.uio.default.ums.integration.server.enum.secondary.order=2 bharosa.uio.default.ums.integration.server.enum.secondary.enabled=true
This section contains the following topics:
Additional registration field definitions are shown in Table 16-25.
Table 16-25 Contact Information Inputs
| Property | Description |
|---|---|
|
inputname |
Name used for the input field in the HTML form |
|
inputtype |
Set for text or password input |
|
maxlength |
Maximum length of user input |
|
required |
Set if the field is required on the registration page |
|
order |
The order displayed in the user interface |
|
regex |
Regular expression used to validate user input for this field |
|
errorCode |
Error code used to look up validation error message ( |
|
managerClass |
java class that implements com.bharosa.uio.manager.user.UserDataManagerIntf (if data is to be stored in Oracle Adaptive Access Manager database this property should be set to com.bharosa.uio.manager.user.DefaultContactInfoManager) |
The following is an example of an enum defining email registration on the OTP registration page of an authenticator:
| Property | Default Value | Description |
|---|---|---|
|
bharosa.uio.default.userinfo.inputs.enum.email |
1 |
Email address enum value |
|
bharosa.uio.default.userinfo.inputs.enum.email.name |
Email Address |
Name for email address field |
|
bharosa.uio.default.userinfo.inputs.enum.email.description |
Email Address |
Description for email address field |
|
bharosa.uio.default.userinfo.inputs.enum.email.inputname |
|
HTML input name for email address field |
|
bharosa.uio.default.userinfo.inputs.enum.email.inputtype |
text |
HTML input type for email address field |
|
bharosa.uio.default.userinfo.inputs.enum.email.maxlength |
40 |
HTML input max length for email address field |
|
bharosa.uio.default.userinfo.inputs.enum.email.required |
true |
Required flag for email address field during registration and user preferences |
|
bharosa.uio.default.userinfo.inputs.enum.email.order |
2 |
Order on the page for email address field |
|
bharosa.uio.default.userinfo.inputs.enum.email.enabled |
false |
Enabled flag for email address enum item |
|
bharosa.uio.default.userinfo.inputs.enum.email.regex |
If configuring through properties:
.+@[a-zA-Z_]+?\\.[a-zA-Z]{2,3}
If configuring through OAAM Admin:
.+@[a-zA-Z_]+?\.[a-zA-Z]{2,3}
|
Regular expression for validation of email address field |
|
bharosa.uio.default.userinfo.inputs.enum.email.errorCode |
otp.invalid.email |
Error code to get error message from if validation of email address entry fails |
|
bharosa.uio.default.userinfo.inputs.enum.email.managerClass |
com.bharosa.uio.manager.user.DefaultContactInfoManager |
Java class to use to save / retrieve email address from data storage |
The following is an example of an enum defining phone registration on the OTP registration page of an authenticator:
| Property | Default Value | Description |
|---|---|---|
|
bharosa.uio.default.userinfo.inputs.enum.phone |
2 |
Phone number enum value |
|
bharosa.uio.default.userinfo.inputs.enum.phone.name |
Phone Number |
Name for phone number field |
|
bharosa.uio.default.userinfo.inputs.enum.phone.description |
Phone Number |
Description for phone number field |
|
bharosa.uio.default.userinfo.inputs.enum.phone.inputname |
phone |
HTML input name for phone number field |
|
bharosa.uio.default.userinfo.inputs.enum.phone.inputtype |
text |
HTML input type for phone number field |
|
bharosa.uio.default.userinfo.inputs.enum.phone.maxlength |
15 |
HTML input max length for phone number field |
|
bharosa.uio.default.userinfo.inputs.enum.phone.required |
true |
Required flag for phone number field during registration and user preferences |
|
bharosa.uio.default.userinfo.inputs.enum.phone.order |
3 |
Order on the page for phone number field |
|
bharosa.uio.default.userinfo.inputs.enum.phone.enabled |
false |
Enabled flag for phone number enum item |
|
bharosa.uio.default.userinfo.inputs.enum.phone.regex |
\\D?(\\d{3})\\D?\\D?(\\d{3})\\D?(\\d{4}) |
Regular expression for validation of phone number field |
|
bharosa.uio.default.userinfo.inputs.enum.phone.errorCode |
otp.invalid.phone |
Error code to get error message from if validation of phone number entry fails |
|
bharosa.uio.default.userinfo.inputs.enum.phone.managerClass |
com.bharosa.uio.manager.user.DefaultContactInfoManager |
Java class to use to save / retrieve phone number from data storage |
To display only entry information for email and disable entry information for mobile phone for registration, set
bharosa.uio.default.userinfo.inputs.enum.email.enabled=true bharosa.uio.default.userinfo.inputs.enum.mobile.enabled=false
Enabling the email field will require a server restart.
The following is an example of an enum defining IM registration on the OTP registration page of an authenticator:
| Property | Default Value | Description |
|---|---|---|
|
bharosa.uio.default.userinfo.inputs.enum.im |
3 |
Instant message enum value |
|
bharosa.uio.default.userinfo.inputs.enum.im.name |
Instant Messaging |
Name for instant message field |
|
bharosa.uio.default.userinfo.inputs.enum.im.description |
Instant Messaging |
Description for instant message field |
|
bharosa.uio.default.userinfo.inputs.enum.im.inputname |
im |
HTML input name for instant message field |
|
bharosa.uio.default.userinfo.inputs.enum.im.inputtype |
text |
HTML input type for instant message field |
|
bharosa.uio.default.userinfo.inputs.enum.im.maxlength |
15 |
HTML input max length for instant message field |
|
bharosa.uio.default.userinfo.inputs.enum.im.required |
true |
Required flag for instant message field during registration and user preferences |
|
bharosa.uio.default.userinfo.inputs.enum.im.order |
4 |
Order on the page for instant message field |
|
bharosa.uio.default.userinfo.inputs.enum.im.enabled |
false |
Enabled flag for instant message enum item |
|
bharosa.uio.default.userinfo.inputs.enum.im.regex |
Regular expression for validation of instant message field |
|
|
bharosa.uio.default.userinfo.inputs.enum.im.errorCode |
otp.invalid.im |
Error code to get error message from if validation of instant message entry fails |
|
bharosa.uio.default.userinfo.inputs.enum.im.managerClass |
com.bharosa.uio.manager.user.DefaultContactInfoManager |
Java class to use to save / retrieve instant message from data storage |
Other examples of challenge message customizations are in the sections following. These properties must be added to client_resource_locale.properties.
OTP Email message properties are shown in Table 16-29. Customized OTP email message properties bharosa.uio.default.ChallengeEmail.message.subject and bharosa.uio.default.ChallengeEmail.message.body must be added to client_resource.properties. The property bharosa.uio.default.ChallengeEmail.message.from.address must be added to oaam_custom.properties.
Table 16-29 Customize OTP Email Message
| Property | Default Value | Description |
|---|---|---|
|
bharosa.uio.default.ChallengeEmail.message.from.name |
Oracle ASA Test |
Email message from address |
|
bharosa.uio.default.ChallengeEmail.message.subject |
Oracle OTP Code |
Email message subject |
|
bharosa.uio.default.ChallengeEmail.message.body |
Your Oracle Email OTP Code is: {0} |
Email message body |
OTP IM message properties are shown in Table 16-30.
Table 16-30 Customize OTP IM Message
| Property | Default Value | Description |
|---|---|---|
|
bharosa.uio.default.ChallengeIM.message.from.name |
Oracle ASA Test |
IM message from name |
|
bharosa.uio.default.ChallengeIM.message.subject |
Oracle OTP Code |
IM message subject |
|
bharosa.uio.default.ChallengeIM.message.body |
Your Oracle IM OTP Code is: {0} |
IM message body |
Additional processor registration properties are listed in Table 16-31.
Table 16-31 Challenge type enums
| Property | Description |
|---|---|
|
available |
if the challenge type is available for use (service ready and configured). To enable/disable an OTP challenge type, the available flag should be set. |
|
processor |
java class for handling challenges of this type. |
|
requiredInfo |
comma separated list of inputs from the registration input enum |
The properties to register the email challenge processor and mark service as available (or unavailable) are listed in Table 16-32.
Table 16-32 Properties to register the email challenge processor
| Property | Default Value | Description |
|---|---|---|
|
bharosa.uio.default.challenge.type.enum.ChallengeEmail |
1 |
Email Challenge enum value |
|
bharosa.uio.default.challenge.type.enum.ChallengeEmail.name |
Email Challenge |
Name of e-mail challenge type |
|
bharosa.uio.default.challenge.type.enum.ChallengeEmail.description |
Email Challenge |
Description of e-mail challenge type |
|
bharosa.uio.default.challenge.type.enum.ChallengeEmail.processor |
com.bharosa.uio.processor.challenge.EmailUMSOTPChallengeProcessor |
Processor class for e-mail challenge type Specifies the java class for handling challenges of this type. The challenge mechanism is customizable through Java classes. |
|
bharosa.uio.default.challenge.type.enum.ChallengeEmail.requiredInfo |
|
Required fields to challenge user with e-mail challenge type A comma separated list of inputs from registration input enum |
|
bharosa.uio.default.challenge.type.enum.ChallengeEmail.displayedInfo |
|
|
|
bharosa.uio.default.challenge.type.enum.ChallengeEmail.available |
false |
Availability flag for e-mail challenge type Specifies if the challenge type is available for use (service ready and configured). To enable/disable an OTP challenge type, the available flag should be set. |
|
bharosa.uio.default.challenge.type.enum.ChallengeEmail.enabled |
true |
|
|
bharosa.uio.default.challenge.type.enum.ChallengeEmail.otp |
true |
OTP flag for e-mail challenge type |
|
bharosa.uio.default.challenge.type.enum.ChallengeEmail.otpexpirytimeMs |
300000 |
Sets up OTP Email password expiry time. The time is in milliseconds. If the value is not in milliseconds, you will have to perform a conversion. For example, if you want to set the expiration time for OTP to be 7 minutes, then you must set the property to 420000 (7 minutes) |
|
bharosa.uio.default.challenge.type.enum.ChallengeEmail.htmlLabel |
Email Code |
Label used when HTML (not authentipad) is used for user input. Resource bundle value. |
|
bharosa.uio.default.challenge.type.enum.ChallengeEmail.htmlInputType |
text |
Type of input used when HTML (not authentipad) is used for user input. Possible values are "text" or "password". |
The properties to register the IM challenge processor and mark service as available (or unavailable) are listed in Table 16-33.
Table 16-33 Properties to register the IM challenge processor
| Property | Default Value | Description |
|---|---|---|
|
bharosa.uio.default.challenge.type.enum.ChallengeIM |
3 |
Instant message Challenge enum value |
|
bharosa.uio.default.challenge.type.enum.ChallengeIM.name |
IM Challenge |
Name of instant message challenge type |
|
bharosa.uio.default.challenge.type.enum.ChallengeIM.description |
Instant Message Challenge |
Description of instant message challenge type |
|
bharosa.uio.default.challenge.type.enum.ChallengeIM.processor |
com.bharosa.uio.processor.challenge.ChallengeIMProcessor |
Processor class for instant message challenge type |
|
bharosa.uio.default.challenge.type.enum.ChallengeIM.requiredInfo |
mobile |
Required fields to challenge user with instant message challenge type |
|
bharosa.uio.default.challenge.type.enum.ChallengeIM.available |
false |
Availability flag for instant message challenge type |
|
bharosa.uio.default.challenge.type.enum.ChallengeIM.otp |
true |
OTP flag for instant message challenge type |