Go to main content
1/38
Contents
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
1
Introduction to the Developer's Guide
Part I Native Integration
2
Natively Integrating Oracle Adaptive Access Manager
2.1
About OAAM Native Integration
2.1.1
What is Native Integration?
2.1.2
About SOAP Service Wrapper API Integration
2.1.3
About In-Proc Integration
2.1.4
SOAP Service Wrapper API vs. In-Proc Method
2.1.5
About Non-Native Integration - SOAP Services
2.2
Getting Started with Native Integration
2.2.1
Downloading the OAAM Sample Application
2.2.2
Performing Native SOAP Integration
2.2.2.1
Notes about Native SOAP Integration
2.2.2.2
Pre-requisites for Setting Up OAAM Sample
2.2.2.3
Installing and Configuring the OAAM Sample Application
2.2.3
Performing Native In-Proc Integration
2.2.3.1
Important Notes about Native In-Proc Integration
2.2.3.2
Pre-requisites for Setting Up OAAM Sample
2.2.3.3
Installing and Configuring the OAAM Sample Application
2.3
Integrating Virtual Authentication Devices, Knowledge-Based Authentication, and One-Time Password
2.3.1
Presenting the User Name Page (c1)
2.3.2
Entering the Device Fingerprint Flow (r2)
2.3.3
Running the Pre-Authentication Rules (r1)
2.3.4
Running the Virtual Authentication Device Rules (r3)
2.3.5
Generating a Generic TextPad (p1)
2.3.6
Generating a Personalized TextPad or KeyPad (p2)
2.3.7
Displaying the TextPad and KeyPad (s2 and s3)
2.3.8
Decoding the Virtual Authentication Device Input (p3)
2.3.9
Validating the User and Password (c2)
2.3.10
Updating the Authentication Status (p4)
2.3.11
Checking the Password Status (c3)
2.3.12
Running the Post-Authentication Rules (r4)
2.3.13
Checking the Registration for User (p5)
2.3.14
Running the Registration Required Rules (r5)
2.3.15
Entering the Registration Flow (p6)
2.3.16
Running Challenge Rules (r6)
2.3.17
Running Authentication Rules (r7)
2.3.18
Challenging the User (p7)
2.3.19
Checking Answers to a Challenge (c4)
2.3.20
Redirecting the User to the Lock Out Page (c6)
2.3.21
Redirecting the User to the Landing or Splash Page (c5)
3
Integrating Native .NET Applications
3.1
Introduction to Native .NET Integration
3.2
Oracle Adaptive Access Manager .NET SDK
3.3
Understanding Configuration Properties in .NET Integration
3.3.1
Understanding How the OAAM .NET API Uses Properties
3.3.2
Understanding Encrypting Property Values
3.3.3
Using User-Defined Enumerations to Define Elements
3.4
Using the Oracle Adaptive Access Manager APIs
3.4.1
User Details
3.4.2
User Logins and Transactions
3.4.3
Rules Engine
3.4.3.1
Obtaining the Device ID
3.4.3.2
Creating and Updating Bulk Transactions
3.4.4
Validating a User with Challenge Questions
3.4.5
Resetting the Challenge Failure Counters
3.4.6
Creating and Using Virtual Authentication Devices
3.4.6.1
Creating a Virtual Authentication Device
3.4.6.2
Embedding a Virtual Authentication Device in a Web Page
3.4.6.3
Validating User Input with a Virtual Authentication Device
3.4.7
Specifying Credentials to the Oracle Adaptive Access Manager SOAP Server
3.4.8
Writing Trace Messages
3.4.9
About .NET API Support for X.509 SSL Certificate Configuration
3.5
Using OAAM Sample Applications as Reference for Integration
3.5.1
Downloading the Sample Package
3.5.2
About the ASP.NET Applications
3.5.3
About the OAAM Sample Applications
3.5.3.1
SampleWebApp
3.5.3.2
SampleWebAppTracker
3.5.3.3
SampleWebAppAuthTracker
3.5.3.4
SampleKBATracker
3.5.4
Setting Up the OAAM Environment
3.5.4.1
Modifying the web.config File
3.5.4.2
Setting Properties for Images
3.5.4.3
Running the Application
3.5.5
Example: Enable Transaction Logging and Rule Processing
3.5.6
About the OAAM .NET API
4
Natively Integrating Java Applications
4.1
About the Oracle Adaptive Access Manager Shared Library
4.1.1
Using Oracle Adaptive Access Manager Shared Library in Web Applications
4.1.2
Using Oracle Adaptive Access Manager Shared Library in Enterprise Applications
4.2
Natively Integrating OAAM Web Application
4.3
Performing OAAM Java In-Proc Integration
4.4
Performing OAAM SOAP Integration
4.4.1
Enabling Web Services Authentication
4.4.2
Creating User and Group
4.4.3
Configuring Web Services Authorization
4.4.4
Setting Up Client Side Keystore to Secure the SOAP User Password
4.4.5
Setting SOAP Related Properties in oaam_custom.properties for SOAP Integration
4.4.6
Disabling SOAP Service Authentication on the Server
4.4.7
Setting Up the Base Environment in OAAM Native SOAP Integration
4.5
About VCryptResponse
4.6
About the Oracle Adaptive Access Manager APIs
4.6.1
addQuestion
4.6.2
authenticatePassword
4.6.3
authenticateQuestion
4.6.4
cancelAllTemporaryAllows
4.6.5
clearSafeDeviceList
4.6.6
createOAAMSession
4.6.7
createOrUpdateEntities
4.6.8
createTransaction
4.6.9
createUser
4.6.10
deleteQuestion
4.6.11
getActionCount
4.6.12
getCaption
4.6.13
getOTPCode
4.6.14
getUserDevices
4.6.15
getFinalAuthStatus
4.6.16
getImage
4.6.17
getRulesData
4.6.18
getSecretQuestion
4.6.19
getSignOnQuestions
4.6.20
getUserByLoginId
4.6.21
handleTrackerRequest
4.6.22
handleTransactionLog
4.6.23
IsDeviceMarkedSafe
4.6.24
markDeviceSafe
4.6.25
processPatternAnalysis
4.6.26
processRules
4.6.27
resetUser
4.6.28
searchEntityByKey
4.6.29
setCaption
4.6.30
setImage
4.6.31
setPassword
4.6.32
setTemporaryAllow
4.6.33
setUserDevices
4.6.34
updateAuthStatus
4.6.35
updateLog
4.6.36
updateTransaction
4.6.37
updateTransactionStatus
5
Creating, Updating, and Searching for Entities Using the Entity API
5.1
About the Entity APIs
5.1.1
Entity Tasks
5.1.2
Processing Status
5.1.3
Create or Update Entities
5.1.4
Replace or Merge Attributes
5.1.5
Search Entity By Key
5.2
Creating Entities and Mapping Attributes
5.2.1
Entity Data Map
5.2.2
Complex Entity
5.2.3
Creating a Simple Entity
5.2.4
Updating Attributes of an Existing Entity
5.2.5
Erasing the Value of Attributes of an Existing Entity
5.2.6
Creating an Entity that has Related Entities with Complete Data of Both Top-Level Entity and Related Entities
5.2.7
Creating an Entity that has Related Entities (with Multiple Instances of a Single Entity) with Complete Data of Both Top-Level Entity and Related Entities
5.2.8
Creating an Entity that has Related Entities with Complete Data of Top-level Entity and Entity Ids of One or More Related Entities
5.2.9
Updating Related Entities of an Entity with Entity Ids of Related Entities
5.2.10
Unlinking Linked Entities.
5.2.11
Searching for an Entity on the Basis of Entity ID or Key Data
5.3
Data Storage
5.3.1
Data Model
5.3.2
Metadata
5.3.3
Expiry of Records
5.3.4
Transaction-Entity Mapping
5.3.5
Storing Entity Relationships in Transaction Create/Update
5.4
Common Entity Scenario
Part II Universal Installation Option
6
Configuring the Oracle Adaptive Access Manager Proxy
6.1
Introduction to the UIO Proxy
6.1.1
Important UIO-Related Terms
6.1.2
Architecture of a Typical UIO Proxy
6.1.3
References
6.2
Installing UIO Apache Proxy
6.2.1
Before You Begin - UIO Proxy Files for Windows and Linux
6.2.1.1
Windows
6.2.1.2
Linux
6.2.2
Downloading or Building the Apache httpd
6.2.2.1
Windows
6.2.2.2
Linux
6.2.3
Copying the UIO Apache Proxy and Supported Files to Apache
6.2.3.1
Windows
6.2.3.2
Linux
6.2.4
Configuring Memcache (for Linux only)
6.2.5
Configuring httpd.conf
6.2.5.1
Basic Configuration without SSL
6.2.5.2
Configuration with SSL
6.2.6
Modifying the UIO Apache Proxy Settings
6.2.6.1
UIO_Settings.xml
6.2.6.2
UIO_log4j.xml
6.2.6.3
Application configuration XMLs
6.3
Setting Up Rules and User Groups
6.4
Setting Up Policies
6.5
Configuring the UIO Proxy
6.5.1
Elements of the UIO Proxy Configuration File
6.5.1.1
Components of Interceptors
6.5.1.2
Conditions
6.5.1.3
Filters
6.5.1.4
Filter Examples - ProcessString
6.5.1.5
ProcessString Encoding/Decoding Schemes for Special Characters URL Encoded in OAAM Change Password
6.5.1.6
Filter Examples - FormatString
6.5.1.7
Actions
6.5.1.8
Variables
6.5.1.9
Application
6.5.2
Interception Process
6.5.3
Configuring Redirection to the Oracle Adaptive Access Manager Server Interface
6.6
Configuring Application Discovery
6.6.1
Application Information
6.6.2
Setting Up the UIO Apache Proxy
6.6.3
Scenarios
6.7
OAAM Sample Application
6.7.1
Descriptions for Interceptors
6.7.2
Flow for BigBank without UIO Proxy
6.7.2.1
Login
6.7.2.2
Logout
6.7.3
Flow for First-time User to Log In and Log Out of BigBank with UIO Proxy
6.8
Upgrading the UIO Apache Proxy
6.8.1
UIO Apache Proxy Patch Installation Instructions
6.8.2
Patch Unsuccessful
Part III OAAM Customizations
7
Using the OAAM Extensions Shared Library to Customize OAAM
7.1
About the OAAM Extensions Shared Library
7.2
About Customizing or Extending OAAM By Editing Enums
7.3
Adding Customizations Using the OAAM Extensions Shared Library
7.3.1
Note About Access Manager and OAAM Integration and Customization
7.3.2
Step 1 Extract the OAAM Extensions Shared Library
7.3.3
Step 2 Create a MANIFEST.MF File
7.3.4
Step 3 Compile Custom Java Classes
7.3.5
Step 4 Add Custom Files
7.3.6
Step 5 Repackage the OAAM Extensions Shared Library Into a New WAR File
7.3.7
Step 6 Verify If the Repackaged WAR File Contains the Custom JAR Files
7.3.8
Step 7 Stop All Managed Servers
7.3.9
Step 8 Start the WebLogic Administration Server
7.3.10
Step 9 Log In to the WebLogic Administration Console
7.3.11
Step 10 Deploy the New OAAM Extensions Shared Library
7.3.12
Step 11 Test the Functionality
8
Customizing OAAM Server Web Application Pages
8.1
About Customizing the OAAM Server for Multiple Applications
8.2
About Configuring and Customizing OAAM Server for Multiple Applications
8.2.1
Determining the Application ID of Each Application to Secure
8.2.2
Assigning Default User Groups for Each Application to Secure
8.2.3
Configuring OAAM Server Application Properties
8.2.4
Configuring OAAM Server Properties Several Applications Have In Common
8.3
About Managing the Appearance and Behavior of OAAM Using User-Defined Enumerations
8.3.1
Enum Example
8.3.2
Overriding Existing User-Defined Enums
8.3.3
Disabling Elements
8.4
Customizing the OAAM Server Pages
8.4.1
Tips for Customizing the OAAM Web Application Pages
8.4.2
Adding User-Defined Headers and Footers
8.4.3
Customizing User Interface Styles
8.4.4
Adding User-Defined Messages
8.4.5
Customizing the Text in the OAAM Login, Password, and VAD Pages
8.4.6
Adding Forgot Username Link
8.4.7
Changing the Invalid Characters Check on the Login Page
8.4.8
Configuring OAAM Server for Localization
8.4.8.1
Turning Off Localization
8.4.8.2
Overriding Localized Properties
8.4.8.3
Configuring Language Defaults for Oracle Adaptive Access Manager
8.4.8.4
Customizing Abbreviations and Equivalences for Locales
8.5
Configuring a Single Login Page
8.5.1
OAAM Single Login Page Flows
8.5.2
Setting Properties to Enable the OAAM Single Login Page
8.5.3
Configuring Single Login Page to Use the OAAM HTML Pad
8.5.4
Customizing the OAAM Single Login Page Using the Shared Extensions Library
8.5.5
Properties for Customizing Messages, Links, and Credential Inputs on the Single Login Page
8.6
Questions/Answers About OAAM Server Customizations
9
Customizing Virtual Authentication Devices
9.1
About Virtual Authentication Devices
9.1.1
Virtual Authentication Device Terminology
9.1.2
Virtual Authentication Device Types
9.1.2.1
TextPad
9.1.2.2
PinPad and KeyPad
9.1.2.3
QuestionPad
9.2
Virtual Authentication Device Composition
9.3
Virtual Authentication Device Configuration Files and Properties
9.3.1
Files Used in Virtual Authentication Device Configuration
9.3.2
Virtual Authentication Device Property Construction
9.4
Customizing Elements of the Authenticator
9.4.1
Adding Personalized Image
9.4.2
Changing Authenticator Frames
9.4.2.1
TextPad Authenticator Frame Properties
9.4.2.2
PinPad Authenticator Frame Properties
9.4.2.3
QuestionPad Authenticator Frame Properties
9.4.2.4
KeyPad Authenticator Frame Properties
9.4.3
Changing Position, Dimensions, and Color for Enter Key, Personalized Phrase, and Time Stamp
9.4.3.1
TextPad Visual Elements
9.4.3.2
PinPad Visual Elements
9.4.3.3
QuestionPad Visual Elements
9.4.3.4
KeyPad Visual Elements
9.4.3.5
Configuring Text Size for Apple iPhone
9.4.4
Changing Keys Sets
9.4.5
Simple Configuration Example
9.4.5.1
Designing the Frame
9.4.5.2
Positioning the Elements
9.5
Customization Steps
9.6
Displaying Virtual Authentication Devices
9.6.1
Setting Up Before Calling the get<pad_type> Method
9.6.2
Getting the Virtual Authentication Device
9.6.3
Setting Timestamp and Time Zone
9.6.4
Displaying Virtual Authentication Devices
9.7
Enabling Accessible Versions of Authenticators
9.8
Adding Randomization and Jitter
9.8.1
TextPad Randomization and Jitter Properties
9.8.2
KeyPad Randomization and Jitter Properties
9.8.3
PinPad Randomization and Jitter Properties
9.8.4
QuestionPad Randomization and Jitter Properties
9.9
Changing the Limit of Characters for Passwords
9.10
Localizing Virtual Authentication Device in OAAM 11
g
9.10.1
Overview
9.10.2
Modifying KeyPad for the German Locale Example
9.11
KeyPad Scenario
10
Customizing User Flow and Layout
10.1
User Flows and Layout
10.1.1
Struts Actions
10.1.1.1
Action Definition
10.1.1.2
Action Type
10.1.2
Base Layout Definition
10.1.3
How Struts and Tiles Work Together
10.2
Custom User Flows and Layout Example
10.2.1
Customize the Look-and-Feel
10.2.2
Customize the User Page Flows and Actions
10.3
Tile Definition File
10.4
Struts Configuration File
11
Setting Up Custom Fingerprinting
11.1
About Out of the Box Fingerprint Types
11.2
Setting Up Custom Fingerprinting
12
Flash Fingerprinting in Native Integration
12.1
Device Fingerprinting
12.2
Definitions of Variables and Parameters
12.3
Implementations of Flash Fingerprinting
12.3.1
Option 1
12.3.1.1
Option 1 Flow
12.3.1.2
Option 1 Code Example
12.3.2
Option 2
12.3.2.1
Option 2 Flow
12.3.2.2
Option 2 Code Example
12.3.3
Option 3
12.3.3.1
Option 3 Flow
12.3.3.2
Option 3 Code Example
12.3.3.3
Common Update
12.4
Flash Fingerprinting Included in Web Application with Native Integration
13
Extending Device Identification
13.1
When to Extend Device Identification
13.2
Prerequisites to Extending Device Identification
13.3
Developing a Custom Device Identification Extension
13.3.1
Implementing the Client Side Extension
13.3.2
Adding Properties Related to Custom Device Identification Extension to OAAM Extensions Shared Library
13.3.3
Extending/Implementing the DeviceIdentification Extension Class
13.3.3.1
getPlugInHTML
13.3.3.2
getFingerPrint
13.3.3.3
getDigitalCookie
13.3.3.4
getClientDataMap
13.4
Overview of Interactions
13.5
Compiling, Assembling and Deploying
13.6
Important Note About Implementing the Extension
14
Enabling Device Registration
14.1
Enabling Device Registration in Native Integration
14.2
Enabling Device Registration Out-of-the-Box
14.3
Creating Policies to Use Device Information
14.4
CSR Resetting Device Registration
Part IV Integrating OAAM
15
Integrating Client Applications with OAAM for Transactions
15.1
Transaction Example
15.2
About the Transaction Flow
15.3
About the High-Level Steps Required to Integrate Native Client Applications with OAAM
15.4
Setting Up and Configuring OAAM for Transactions
15.4.1
Setting Up Transaction Definitions
15.4.2
Setting Up Policies and Rules
15.4.3
Sizing and Capacity Requirements
15.5
Integrating Client Applications with OAAM
15.6
About Entity and Transaction APIs
15.6.1
Understanding the Sequence of API Calls
15.6.2
About the Out-of-the-Box Checkpoints
15.6.2.1
Pre-Transaction Checkpoint
15.6.2.2
Post - Transaction Checkpoint
15.6.3
Entities API List
15.6.3.1
create OrUpdateEntities
15.6.3.2
SearchEntityByKey
15.7
Understanding Run-time Data Analysis
15.7.1
Investigation Transaction Search, Comparison, and Utility Panel
15.7.2
BIP Reports
15.8
Targeted Purging of Transaction and Entity Data
16
Implementing OTP Anywhere
16.1
About the One-Time Password Implementation
16.2
OTP Concepts and Terms
16.3
OTP Anywhere Challenge Flow
16.4
OTP Setup Roadmap
16.5
Prerequisites for Configuring OTP
16.5.1
Installing SOA Suite
16.5.2
Configuring the Oracle User Messaging Service Driver
16.5.2.1
Email Driver
16.5.2.2
SMPP Driver
16.6
Enabling Registration and User Preferences
16.7
Enabling OTP Challenge Types
16.8
Integrating Oracle User Messaging Service
16.9
Setting Up the Registration Page
16.9.1
Enabling Opt-Out for OTP Registration and Challenge
16.9.2
Configuring Terms and Conditions Check Boxes and Fields in the Registration Pages
16.10
Configuring Policies and Rules to Use OTP Challenge
16.11
Customizing OTP
16.11.1
Customizing Registration Fields and Validations
16.11.2
Customizing Terms and Conditions
16.11.3
Customizing OTP Registration Page Messaging
16.11.4
Customizing Challenge Page Messaging
16.11.5
Customizing OTP Message Text
16.12
Customizing One-Time Password Generation
16.13
Customizing One-Time Password Expiry Time
16.14
Configuring the Challenge Devices Used for Challenge Types
16.15
Registering SMS Processor to Perform Work for Challenge Type
16.16
Customizing OTP Anywhere Data Storage
16.16.1
com.bharosa.uio.manager.user.UserDataManagerIntf
16.16.2
Default Implementation - com.bharosa.uio.manager.user.DefaultContactInfoManager
16.16.3
Custom Implementation Recommendations
16.16.4
Configuring DefaultContactInfoManager
16.17
Configuring Challenge Choice
16.17.1
Configuring Challenge Choice Messaging
16.17.2
Customizing Challenge Choice Messaging
16.17.3
Configuring Challenge Choice Display
16.17.4
Configuring Other Challenge Choice Properties
16.17.5
Configuring Policies for Challenge Choice
16.18
Configuring OAAM Server to Connect to Multiple UMS Servers to Send OTP
16.18.1
Specifying a Comma-Separated List for Multiple User Messaging Service URLs
16.18.2
Adding User-Defined Enums for Multiple User Messaging Service URLs
16.19
Example Configurations
16.19.1
Additional Registration Field Definitions Examples
16.19.1.1
Email Input
16.19.1.2
Phone Input
16.19.1.3
Example - OTP Registration Page to Display Values for Entry of an Email Address Instead of a Mobile Phone
16.19.1.4
IM Input
16.19.2
Additional Challenge Message Examples
16.19.2.1
Customize OTP Email Message
16.19.2.2
Customize OTP IM Message
16.19.3
Additional Processors Registration Examples
16.19.3.1
Register Email Challenge Processor
16.19.3.2
Register IM Challenge Processor
17
Integrating Mobile Applications with OAAM
17.1
Overview for Integrating Mobile Applications with OAAM
17.2
Determining the Mobile Device Fingerprint
17.3
Developing/Enhancing Client Server Interfaces to Handle OAAM-Specific Data
17.4
Out-of-the-box Mobile Device Identification Policy
17.4.1
Identifying the Device by Mobile Cookie
17.4.2
Understanding When Device is Treated as New Device
17.5
Reviewing Out-of-the-Box Security Policies and Developing Custom Policies If Required
17.6
Detecting Lost or Stolen Devices
17.7
Managing Black Listed Devices
17.8
Handling Mobile Specific Rule Outcomes
17.9
Customizing User Interface for Mobile Devices
17.10
Adding a Custom Mobile CSS File to OAAM Extensions
18
Integrating Juniper Networks Secure Access (SA) and OAAM
18.1
Introduction to Integrating Juniper Network Secure Access and OAAM
18.2
Authentication and Forgot Password Flows
18.2.1
Authentication Flow
18.2.2
Forgot Password Flow
18.3
Integrating Security and Authentication
18.3.1
Integration Roadmap
18.3.2
Pre-requisites
18.3.3
Configuring the Authentication Provider
18.3.4
Configuring Oracle Platform Security Services (OPSS) for Integration
18.3.5
Importing the SAML Configuration-Related Server Properties Using the OAAM Administration Console
18.3.6
Setting Up Certificate for Signing the Assertion
18.3.6.1
Creating Private Key for Certificate
18.3.6.2
Creating a Certificate Request
18.3.6.3
Submitting the Certificate Signing Request (CSR) to a Certificate Authority
18.3.6.4
Acting as Your Own Certificate Authority
18.3.6.5
Importing the Certificate into Your Keystore
18.3.7
Modifying Integration Properties Using the OAAM Administration Console
18.3.8
Configuring Juniper Networks Secure Access (SA)
18.3.8.1
Creating SAML 1.1 Authentication Server
18.3.8.2
Creating a User Realm for SAML
18.3.8.3
Creating Sign-In Policy
18.4
Verifying the Integration
18.5
Debugging the Integration
18.6
Troubleshooting Common Problems
18.6.1
Juniper SA and OAAM Clock Synchronization
18.6.2
Absence of a Correct Certificate on Juniper
18.6.3
Signing Failure in SAML Response
18.6.4
Entry Point URL for OAAM
19
Java Message Service Queue (JMSQ) Integration
19.1
About JMS Definitions
19.2
Installing the Asynchronous Integration Option
19.2.1
Pre-requisites
19.2.2
Installing the Asynchronous Integration Option
19.2.3
Updating the OAAM Extensions Library
19.2.4
Setting Up JMS Queues
19.2.5
Updating the OAAM Database
19.3
Integrating JMS
19.3.1
Web Services API
19.3.2
Overview of JMS Integration with OAAM
19.3.3
Registering the JMS Listener
19.3.4
Configuring Message Processor
19.4
Configuring JMS Messages
19.4.1
JMS Message Examples
19.4.1.1
VCryptTracker.updateLog
19.4.1.2
VCryptTracker.updateEntity
19.4.1.3
VCryptTracker.createTransaction
19.4.1.4
VCryptRulesEngine.processRules
19.4.1.5
MessageList
19.4.2
XML Schema Example for Message Formats
19.4.3
Sending a Message to a JMS Queue
19.5
Database Views for Entities and Transactions
19.5.1
Generating SQL Script File
19.5.2
Entity View Details
19.5.3
Transaction View Details
19.5.4
Identifiers
19.6
Python Rule Condition
19.6.1
Python Expression
19.6.2
Objects Available in Python
19.6.3
Examples
20
Integrating OAM 10
g
, Access Manager 11
g
, and OAAM 11
g
20.1
Integrating OAAM 11
g
with Oracle Access Manager 10
g
20.1.1
Resource Protection Flow
20.1.2
Roadmap for OAAM 11
g
Integration with Oracle Access Manager 10
g
20.1.3
Prerequisites to OAAM 11g Integration with Oracle Access Manager 10g
20.1.4
Configuring OAM AccessGate for OAAM Web Server
20.1.5
Configuring OAM Authentication Scheme
20.1.6
Configuring Oracle Access Manager Connection (Optional)
20.1.7
Setting Up WebGate for OAAM Web Server
20.1.8
Configuring OAM Domain to Use OAAM Authentication
20.1.9
Configuring Oracle HTTP Server (OHS)
20.1.10
Configuring OAAM Properties for Oracle Access Manager
20.1.10.1
Setting OAAM Properties for Oracle Access Manager
20.1.10.2
Setting Oracle Access Manager Credentials in Credential Store Framework
20.1.11
Turning Off IP Validation
20.1.12
Testing Oracle Adaptive Access Manager and Oracle Access Manager Integration
20.2
Integrating OAAM 11
g
with Access Manager 11
g
and OAM 10
g
20.2.1
OAAM 11
g
with Access Manager 11
g
and OAM 10
g
Integration Flow
20.2.1.1
Accessing Resource Protected by OAM 10
g
and Then Accessing Resource Protected by Access Manager 11
g
20.2.1.2
Accessing Resource Protected by Access Manager 11
g
and Then Accessing Resource Protected by Oracle Access Manager 10
g
20.2.2
Configuring the OAAM Server for OAM 10
g
and Access Manager 11
g
and OAAM Integration
20.2.3
Configuring Step-Up Authentication in an Oracle Access Manager 10g and OAAM 11
g
Integrated Environment
20.3
Configuring Load-Balancing in an OAM 10
g
, Access Manager 11
g
, and OAAM 11
g
Integrated Environment
20.3.1
Configuring OAAM to Read the Host Name and Path in Load-Balanced Scenario
20.3.2
Specifying OAM Servers as Primary Servers for Load-Balancing
20.3.3
Enabling Load-Balanced URL for Redirection and Real-Host URL for Authentication to be Read Separately
20.3.4
Enabling DN Attribute to be Read from Cookie
Part V Custom Development
21
Integrating Task Processors
21.1
Introduction
21.2
OAAM Sample Framework as a Reference for Integration
21.3
Session Management
21.4
Task Processors
21.4.1
Interface and Abstract Class
21.4.1.1
TaskProcessorIntf
21.4.1.2
AbstractTaskProcessor
21.4.1.3
Task Parameters
21.4.1.4
Default Classes
21.4.2
Task Processor Registration
21.5
Challenge Processors
21.5.1
What are Challenge Processors
21.5.2
How to Create Challenge Processors
21.5.2.1
Class
21.5.2.2
Methods
21.5.2.3
Example: Email Challenge Processor Implementation
21.5.2.4
Secret (PIN) Implementation
21.5.3
Defining the Delivery Channel Types for the Challenge Processors
21.5.3.1
Challenge Type Enum
21.5.3.2
Example: Defining an OTP Channel Type
21.5.4
Configuring User Input Properties
21.5.4.1
Enabling Registration and Preferences Input
21.5.4.2
Setting Contact Information Inputs
21.5.5
Configuring the Challenge Pads Used for Challenge Types
21.6
Checkpoint Processor
21.7
Rules Results Processor
21.8
Integration Processors
21.8.1
IntegrationProcessorIntf Interface
21.8.2
Common User Flows
21.8.3
Integration Processor Parameters
21.8.3.1
Check for Integration ID
21.8.3.2
Integration Processor Registration
21.8.3.3
Oracle Access Management Access Manager Specific Integration Properties for Authentication Levels
21.9
Provider Registration
21.9.1
Authentication Manager
21.9.2
Password Manager
21.9.3
User Data Manager
21.10
Legacy Rules Result Processors
22
Developing a Custom Loader for OAAM Offline
22.1
Developing a Custom Loader for OAAM Offline
22.2
Understanding the Base Framework
22.2.1
Overview of the OAAM Offline Custom Loader
22.2.2
Important Data Loader Classes
22.2.3
General Framework Execution
22.3
Default Implementation for the Risk Analyzer Data Loader Framework
22.3.1
Default Load Implementation
22.3.2
Default Playback Implementation
22.4
Implementation Details: Overriding the Loader or Playback Behavior
22.5
Implement RiskAnalyzerDataSource
22.5.1
Extending AbstractJDBCRiskAnalyzerDataSource
22.5.2
Extending AbstractRiskAnalyzerDataSource
22.6
Implementing RunMode
22.6.1
Extending AbstractLoadLoginsRunMode
22.6.2
Extending AbstractLoadTransactionsRunMode
22.6.3
Extending PlaybackRunMode
23
Creating OAAM Oracle BI Publisher Reports
23.1
Creating Oracle BI Publisher Reports on Data in the OAAM Database Schema
23.1.1
Creating a Data Model
23.1.2
Mapping User Defined Enum Numeric Type Codes to Readable Names
23.1.2.1
Results Display
23.1.2.2
English Only User Defined Enum Result Display
23.1.2.3
Internationalized User Defined Enum Result Display
23.1.3
Adding Lists of Values
23.1.3.1
User Defined Enums as List of Values for Filtering, English Only
23.1.3.2
User Defined Enums as List of Values for Filtering, Internalized
23.1.4
Adding Geolocation Data
23.1.5
Adding Sessions and Alerts
23.1.5.1
Type Code Lookups
23.1.6
Example
23.1.7
Adding Layouts to the Report Definition
23.2
Building OAAM Transactions Reports
23.2.1
Obtaining Entities and Transactions Information
23.2.2
Discovering Entity Data Mapping Information
23.2.2.1
Information about Data Types
23.2.2.2
Discovering Entity Data Details Like Data Type, Row and Column Mappings
23.2.2.3
Building Entity Data SQL Queries and Views
23.2.3
Discovering Transaction Data Mapping Information
23.2.3.1
Discovering Transaction Data Details Like Data Type, Row and Column Mappings
23.2.3.2
Building Transaction Data SQL Queries and Views
23.2.4
Building Reports
23.2.4.1
Building Entity Data Reports
23.2.4.2
Building Transaction Data Reports
23.2.4.3
Joining Entity Data Tables and Transaction data tables
23.2.5
Generating a Database View of Entities and Transactions
23.2.5.1
Generating the SQL Script File
23.2.5.2
Creating the Database Views for Entities and Transactions
23.2.5.3
Entity View Details
23.2.5.4
Transaction View Details
23.2.5.5
Identifiers
23.2.5.6
Example of SQL Query to Create a View
24
Developing Configurable Actions
24.1
Adding a New Configurable Action
24.2
Executing Configurable Actions in a Particular Order and Data Sharing
24.3
Testing Configurable Actions Triggering
24.4
Sample JUnit Code
24.5
Sample Java Code for Configuration Action
25
Creating Checkpoints and Final Actions
25.1
Creating a New Checkpoint
25.2
New Checkpoint Example
25.3
New Action
25.4
Final Action
Part VI Lifecycle Management
26
Handling Lifecycle Management Changes
26.1
Changing Oracle Virtual Directory (OVD) Host, Port, and SSL Enablement
26.2
Changing Oracle Identity Manager (OIM) URL
26.3
Changing Oracle Access Management Access Manager Host and Port
26.4
Changing Oracle Internet Directory (OID) Host and Port and Enabling SSL
26.5
Changing Database Host and Port
26.6
Moving Oracle Adaptive Access Manager to a New Production Environment
26.7
Moving Oracle Adaptive Access Manager to an Existing Production Environment
Part VII Troubleshooting
27
FAQ/Troubleshooting
27.1
Using My Oracle Support for Additional Troubleshooting Information
27.2
Techniques for Solving Complex Problems
27.2.1
Using Simple Troubleshooting Techniques
27.2.2
Reducing the Problem to a Manageable Issue
27.2.3
Using Rigorous Analysis
27.2.4
Process Flow of Analysis
27.2.4.1
Stating the Problem
27.2.4.2
Specifying the Problem
27.2.4.3
What It Never Worked
27.2.4.4
IS and IS NOT but COULD BE
27.2.4.5
Developing Possible Causes
27.2.4.6
Testing Each Candidate Cause Against the Specification
27.2.4.7
Confirming the Cause
27.2.4.8
Failures
27.3
Troubleshooting Tools
27.4
Configurable Actions
27.5
Device Fingerprinting
27.6
Device Registration
27.7
Failure Counter
27.8
Knowledge-Based Authentication
27.9
Localization
27.10
Man-in-the-Middle/Man-in-the-Browser
27.11
One-Time Password
27.12
OAAM UIO Proxy
27.13
Virtual Authentication Devices
27.14
Custom Locale Used in OAAM .NET API
27.15
OAAM 11g Soap Timeout Exception Handling
27.16
OAAM Sessions are Not Recorded When IP Address from Header is an Invalid IP Address
Glossary
Scripting on this page enhances content navigation, but does not change the content in any way.