This chapter describes the initial steps needed to log in and navigate around the OAAM Administration Console. All tasks presume that Oracle Adaptive Access Manager 11.1.2 is deployed as described in Installation Guide for Oracle Identity and Access Management.
This chapter contains the following sections:
To help in the understanding of the various startup and shutdown commands, Figure 3-1 illustrates the distribution of Oracle Adaptive Access Manager components on WebLogic Servers.
The Oracle WebLogic Server Domain contains an Administration Server, two Managed Servers, and an Oracle instance. The WebLogic Administration Console and Fusion Middleware Control reside on the WebLogic Administration Server. The WebLogic Managed Server hosts the OAAM Administration Server and OAAM Run-time Servers. The Oracle database contains all the schemas required for all of the Oracle Fusion Middleware software components that require a schema.
Figure 3-1 Oracle Adaptive Access Manager Component Distribution
Note:
If batch processing is used, there is another Managed Server in addition to the ones shown in the illustration, which is the OAAM Offline server.The following procedure describes starting the database and Admin and managed servers.
Start the database.
Set the ORACLE_HOME
environment variable to the Oracle home for the database.
Set the ORACLE_SID
environment variable to the SID for the database.
Start the Net Listener:
ORACLE_HOME/bin/lsnrctl start
Start the database instance:
ORACLE_HOME/bin/sqlplus /nolog
SQL> connect SYS as SYSDBA
SQL> startup
Start the WebLogic Administration Server.
DOMAIN_HOME/bin/startWeblogic.sh
Start the managed server hosting OAAM Admin Server.
DOMAIN_HOME/bin/startManagedWeblogic.sh oaam_admin_server1
Start the online and offline servers.
DOMAIN_HOME/bin/startManagedWeblogic.sh server_name
The following procedure describes stopping the OAAM Administration Console and online and offline servers. You will be stopping the components in the opposite sequence.
Stop the OAAM managed, offline, and OAAM Admin servers. For example:
DOMAIN_HOME/bin/stopManagedWeblogic.sh oaam_admin_server1 DOMAIN_HOME/bin/stopManagedWeblogic.sh oaam_server_server1 DOMAIN_HOME/bin/stopManagedWeblogic.sh oaam_offline_server1
Stop the WebLogic Administration Server.
DOMAIN_HOME/bin/stopWeblogic.sh
Stop the database.
Stop the database instance:
ORACLE_HOME/bin/sqlplus /nolog
SQL> connect SYS as SYSDBA
SQL> shutdown
SQL> quit
Stop the Net Listener:
ORACLE_HOME/bin/lsnrctl stop
OAAM Admin provides functions for security investigators and customer service representatives (CSRs), security administrators, and system administrators. The functions and navigation that are available depend on the roles. For information, see Appendix G, "OAAM Access Roles."
OAAM Users will be needed to be able to use Oracle Adaptive Access Manager. If you are using an embedded LDAP store, you can create new users and assign the relevant Oracle Adaptive Access Manager roles in your WebLogic administration domain by using the Oracle WebLogic Administration Console. If you are using an external LDAP store, you will add a number of OAAM roles to the store, create users, and assign these users to these roles. Best practices is to refrain from assigning multiple roles to a single user. If a user has multiple roles assigned to him, the user will have all of the permissions from the different groups. For information, see Section 2.5, "Creating OAAM Users."
This section describes how to sign in to OAAM Admin.
The features available when you sign in are based according to roles and business requirements.
An Oracle Adaptive Access Manager Sign In page is shown in Figure 3-2.
Figure 3-2 Oracle Adaptive Access Manager Sign In
To sign in to OAAM Admin, follow these steps:
In a browser window, enter the URL to the Oracle Adaptive Access Manager 11g Sign In page.
http://host:port/oaam_admin/
where
host
refers to the Oracle Adaptive Access Manager managed Admin Server
port
refers to the OAAM Admin managed server port
/oaam_admin/
refers to the OAAM Admin Sign In page
On the Sign In page, enter your credentials.
Click the Sign In button.
If you have logged in successfully, the Fraud Prevention tab appears on the left with an expanded navigation tree.
To sign out, select the Sign Out link in the upper-right corner of OAAM Admin.
Upon a successful sign in, Oracle Adaptive Access Manager displays the OAAM Administration Console (OAAM Admin).
OAAM Admin is divided into the following areas: navigation panel on the left containing a navigation tree and a menu and tool bar above the navigation tree, and the main, active page on the right.
The navigation panel helps users access OAAM environment, configuration, and dashboard features. Named nodes in the panel identifies these items.
Initially when you log in, the OAAM Administration Console does not show any open pages on the right side. You must open a node first before a page can appear.
Figure 3-3 shows OAAM Admin with an active Policies search page.
When you open a node, a new tab opens with the corresponding search or details page. The active page generally enables you to search, create, view, and modify items.
You can open up to ten pages simultaneously, which enables multitasking.
Note:
If you try to open more than ten tabs, an error occurs with the message that only ten tabs are allowed to be kept open. You can manually close one or more tabs and then open the new tab.When multiple pages are open, only the active page and named tabs of other open pages are visible. You can click a named tab to return to the corresponding page.
The following sections provide more information about OAAM Admin:
OAAM Admin provides navigators for easy access to features of Oracle Adaptive Access Manager.
The Navigation panel in OAAM Admin contains the following trees:
The Navigation tree, illustrated in Figure 3-4, is a collapsible and expandable tree that provides quick and visible access to features of Oracle Adaptive Access Manager.
The Navigation tree includes named nodes that identify the individual features and groups of items within the Oracle Adaptive Access Manager product on which you can take action.
Note:
Oracle Adaptive Access Manager users can access functionality based on the roles they are assigned. For details on nodes displayed to user roles, see Appendix G, "OAAM Access Roles." For example, Dashboard and Sessions nodes are not displayed for a CSR Manager.Figure 3-4 illustrates the Navigation tree.
Depending on your access level, the Navigation tree can display the nodes described in Table 3-1.
Table 3-1 OAAM Navigation Tree
Features | Function |
---|---|
Dashboard |
Provides a view of activity via aggregates and trending. |
Sessions |
Search and view the details (forensic record) of user activity. |
Cases |
Provides tools to track and solve customer service issues and investigate fraud. Cases are not available offline. |
Policy Set |
Contains the scoring engine and action/score overrides. |
Policies |
Contains security and autolearning rules and configurations used to evaluate the level of risk at each checkpoint. |
Rules |
Search and view rules outside the context of the policies that contain them. Rules are a collection of conditions used to evaluate user activity. |
Conditions |
Search and view the rule conditions available in OAAM. Conditions are the basic building blocks for security and autolearning policies. |
Groups |
Provides a set of tools for creating and managing groups. A group is a collection of like items. |
Patterns |
Search, create and manage patterns that profile behaviors. Rules evaluate the patterns to assess risk levels. |
Entities |
User-defined data structure, that can be re-used across different transactions. |
Transactions |
Defines the data structure and mapping to support application event/transaction analytics. |
Configurable Actions |
Create custom actions. |
KBA |
Framework to manage tasks that impact challenge questions, validations and levels of logic algorithms used for answers, question categories, and levels of logic algorithms used for registration. |
Questions |
Search, edit and create the KBA questions. |
Validations |
Search, edit and create the answer validation used in the KBA question registration and challenge process. |
Categories |
Search, edit and create the KBA question categories. |
Registration Logic |
Edit the configuration of logic that governs the KBA registration process. |
Answer Logic |
Edit the configuration of logic that governs the KBA challenge response process. This includes tuning of how exact user answers must be to their registered answers to be valid. |
Environment |
Tools for the configuration system properties and snapshots. Not shown in Figure 3-4. |
System snapshots |
Back up and restore entire system configuration. Not shown in Figure 3-4. |
Properties |
View and edit system configuration properties. Not shown in Figure 3-4. |
Scheduler |
Manage jobs. Not shown in Figure 3-4. |
A menu and toolbar appears above the Navigation tree. As shown Figure 3-4, menus provide commands that you can use to act on the item you have selected in the Navigation tree. Many menu commands are also provided as command buttons in the toolbar for quick access.
Create New opens the corresponding create page of the selected node. Create New is available only for certain nodes where applicable. See Table 3-2, "Create New Pages of Selected Nodes" for a list of pages that can be opened by clicking Create New.
Table 3-2 Create New Pages of Selected Nodes
Node | Subnode | Create Page or Dialog |
---|---|---|
Dashboard |
N/A |
|
Sessions |
Not available |
|
Cases |
Create Case |
|
Policy Sets |
Not available |
|
Policies |
New Policy |
|
Rules |
Not available |
|
Conditions |
Not available |
|
Groups |
Create Group |
|
Patterns |
New Pattern |
|
Entities |
New Entity |
|
Transactions |
New Transaction |
|
Configurable Actions |
||
Action Templates |
New Action Template |
|
Action Instances |
New Action Instance |
|
KBA |
Not available |
|
Questions |
New Questions |
|
Validations |
Not Available |
|
Categories |
New Category |
|
Registration Logic |
Not available |
|
Answer Logic |
Not available |
|
Scheduler |
Not available |
|
Jobs |
Jobs search |
|
Job Queue |
Job Queue |
|
Environment |
Not available |
|
System Snapshots |
Not available |
|
Properties |
New Property |
Open opens the corresponding page for the node you have selected.
Import opens the Import dialog for the node you have selected.
Figure 3-6, "View Menu" shows the View menu and commands available from the navigation tree toolbar. Menu items that cannot be used on the selection in the Navigation tree appear in gray.
Figure 3-6 describes the View menu commands.
Command | Description |
---|---|
Collapse |
Immediately closes the node. |
Expand All Below |
Immediately reveals all items below the selection. |
Collapse All Below |
Immediately closes the node and all items below the selection. |
Expand All |
Immediately reveals all the nodes and subnodes along with their leaf nodes in the Navigation tree. |
Collapse All |
Immediately closes all the nodes and subnodes along with their leaf nodes in the Navigation tree. |
Scroll to First |
Scrolls to the first node |
Scroll to Last |
Scrolls to the last node |
Figure 3-7 shows the Actions menu, which provides appropriate commands for the selected item in the navigation tree. For instance, if you have Policies selected in the Navigation tree, the command New Policy... is available in the Actions menu. The New Policy command enables you to open the New Policy page for creating a new policy.
Table 3-4 shows Action menu commands which may be available when you select an item from the Navigation tree. The commands may vary depending on the node selected.
The Policy tree, as shown in Figure 3-8, gives a visual representation of the policy hierarchy and the relationship between policies, user groups, and the checkpoints.
Double-clicking an item in the Policy tree opens a dynamic tab for that item. This enables administrators to view and edit the configurations in context.
You can expand the Policy tree to view the details about the user groups and policies under each checkpoint.
For example the OAAM Registration Policy is under the Registration Checkpoint and All Users are assigned to the policy.
Policy is the last level in the Policy tree. You cannot drill down further except to see nested policies.
Table 3-5 provides a legend for the icons which appear on the Policy tree.
Icon | Definition | Description |
---|---|---|
Checkpoint |
The checkpoint is a decision and enforcement point when policies are call to run their rules. |
|
Policy |
The policies available in the system. Disabled policies are grayed out. Policies linked to multiple user groups are bold and highlighted. To open the Policy Details page of a policy, double-click the Policy node. The Policy Details page can also be opened by clicking Open Selected from the context menu. To view nested policies, expand the policy node. |
|
All Users |
Policy is linked to All Users. |
|
User Groups |
Policy is linked to Users. |
|
No user group |
No users are associated with the policy. |
|
Trigger combination |
Trigger combinations exist in the policy. |
|
More... |
Summary information is available about the policy. |
From the Policy tree, you can click the More icon for summary information on the policy.
Figure 3-9 shows an example of the summary information that is presented when More is clicked.
The individual features and groups of items are organized on the Navigation tree. To open a component, double-click its node in the Navigation tree. The details of that node or a search page opens in a new tab on the right side of the console. A named tab identifies each open page, like the tabs on manila folders.
Only the active page is visible, with as many named tabs of other open pages that can fit on one line. You can click a named tab to return to the corresponding page.
The nodes and their corresponding pages are listed in Table 3-6.
Node | Subnode | Pages |
---|---|---|
Dashboard |
Dashboard |
|
Sessions |
Sessions |
|
Cases |
Cases search page |
|
Policy Sets |
Policy Sets page |
|
Policies |
Policies search page |
|
Rules |
Rules search page |
|
Conditions |
Conditions search page |
|
Groups |
Groups search page |
|
Patterns |
Pattern search page |
|
Entities |
Entity Definition Search page |
|
Transactions |
Transactions search page |
|
Configurable Actions |
Not available |
|
Action Templates |
Action Templates search page |
|
Action Instances |
Action Instance search page |
|
KBA |
Not available |
|
Note: KBA is not available in offline mode. |
||
Questions |
Questions search page |
|
Validations |
Validations search page |
|
Categories |
Categories search page |
|
Registration Logic |
Registration Logic page |
|
Answer Logic |
Answer Logic page |
|
Environment |
Not available |
|
System Snapshot |
Snapshots search page |
|
Properties |
Properties search page |
|
Scheduler |
||
Jobs |
New Job |
|
Job Queue |
The search page is the starting place for managing the environment, adaptive strong authentication, and adaptive risk management features, and groups of like items.
You can open a search page by:
Double-clicking a node in the Navigation tree
Right-clicking a node in the Navigation tree and selecting the List command from the context menu that appears
Selecting the node in the Navigation tree and then choosing the List command from the Actions menu
When a search page first appears, you see a search filter and a Search Results table. The Search Results table is initially empty. You must click the Search button to see a list of items.
To search for items:
Select the criteria to search from the dropdown lists. The lists of available criteria varies according to the feature.
Enter strings to match in the text boxes.
Select or specify filters to narrow the search scope.
Click the Search button to trigger the search and to display the results in the Search Results table.
The search returns all items that match the specified criteria; leave the fields empty to obtain the list of all items of the type.
This section describes the elements in the search forms.
You can search for items using the attribute search criteria fields.
The Reset button enables you to reset the search criteria.
You can create saved searches that persist for the duration of your session. Enter the search criteria, then click the Save button to open the Personalize Saved Search dialog, as shown in Figure 3-10. The Personalize Saved Search dialog is used to specify how you want to save the search criteria you entered. You can name the search, for example, myspecialsearch, so that it displays in the Saved Search list.
Figure 3-10 Personalize Saved Search Dialog
The Search Results table shows at most the first 200 matches found by the search.
You can sort the results by using the Sort Ascending and Sort Descending buttons next to the column name.
If the description of an item is too long to be fully shown, positioning the cursor over the visible text displays the entire description, as shown in Figure 3-11.
Once an item is selected in the Search Results table, an action can be performed on it by clicking one of the icons on the toolbar or by selecting a command from the Actions menu.
If you want to see more details, click the available link for the item.
A menu and toolbar appears above the Search Results table. Figure 3-12 shows the Search Results Menu and Toolbar from the Patterns Search page with the New Pattern, Open Selected, Delete Selected, Deactivate Selected, Select All, Deselect All, and Export Selected commands available.
The Actions menu and command buttons provide appropriate commands for the selection in the Navigation tree and Search Results table.
Table 3-7 shows command buttons that may be available, depending on the selection.
Table 3-7 Results Menu and Toolbar
Button | Definition | Description |
---|---|---|
Create |
Opens a new page, which you can fill in to add a new item of the selected type. The new page opens as the active page on the right side of the Navigation tree. |
|
Delete |
Removes the selected item. |
|
Create Like |
Creates a new item that is similar— or "like"—the existing one. |
|
Activate |
Activates the selected item. |
|
Deactivate |
Deactivates the selected item. |
|
Detach |
Detaches the Results table. |
You can select all the results to perform actions on by clicking the header of the Row column in the upper-left corner of the Search Results table.
Generally, buttons to create new items or import items are in the upper-right corner of the console.
You can view details of a specific item by opening its details page.
A Case Details page is shown in Figure 3-17.
The dashboard presents a real-time view of activity via aggregates and trending.
The dashboard is divided into three sections:
The performance panel (Section 1) presents real-time data. It shows the performance of the traffic that is entering the system. A trending graph is shown of the types of data based on performance.
The summary panel (Section 2) presents aggregate data based on time range and data types.
The dashboard panel (Section 3) presents historical data. The detailed dashboards are used for trending data over time ranges.
To access online help documentation, on the upper right corner of any window, click Help to start the help window. A help topic for the relevant top-level search or details page is displayed. These help topics contain links to information in an online version of Administering Oracle Adaptive Access Manager.
Selecting Managing Oracle Adaptive Access Manager 11g Online Help displays several topics in the online documentation.
Topics that are displayed by selecting Help appear in only English and Japanese languages. Online Help is not translated into the nine Admin languages.
Figure 3-18 shows an example of an online help window.
Figure 3-18 Managing Oracle Adaptive Access Manager 11g Online Help
Oracle Adaptive Access Manager provides more than one way to search, create, and import.
Depending on the selection, you can open a Search page by:
Double-clicking the node in the Navigation tree.
Right-clicking the node in the Navigation tree and selecting List item from the context menu.
Selecting the node in the Navigation tree and then choosing List item from the Actions menu.
Clicking the List item button in the Navigation tree toolbar.
Depending on the selection, you can open a Create page by:
Clicking the New item button in the upper right of the console.
Right-clicking the node in the Navigation tree and selecting New item from the context menu.
Selecting the node in the Navigation tree and then choosing New item from the Actions menu.
Clicking the Create new items button in the Navigation tree toolbar.
Selecting the Create New item button from the Search Results toolbar.
Selecting New item from the Actions menu in Search Results.
Depending on the selection, you can open a Import page by:
Clicking the Import item button in the upper right of the console.
Right-clicking the node in the Navigation tree and selecting Import item from the context menu.
Selecting the node in the Navigation tree and then choosing Import item from the Actions menu.
Clicking the Import items button in the Navigation tree toolbar.
You can generate a report of the results from the Search pages for policies, questions, validations, snapshots, properties, entities, transactions, conditions, groups, patterns, and so on.
To export results to a Microsoft Excel spreadsheet:
Ensure the oaam.export.max.rows.allowed
property is configured so that you are able to export all the rows needed. This property limits the maximum row selection.
In a search page, select rows the rows of interest from the search results.
Click the Export To Excel button.
When the export confirmation dialog is shown, you can view the selected list. The export table with the selected rows shows the ID number and display name columns, so that you can easily identity and verify the selected rows before the export.
Click Export to export the rows to a Microsoft Excel spreadsheet.