Two‑Factor Authentication
NMS applications can, optionally, use two-factor authentication to further enhance security Email, SMS messages, or third party providers can be configured. Two-factor authentication is configured by modifying Multifactor.xml and the dialog DLG_MULTIFACTOR.xml.
The product version of Multifactor.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!-- Configuration file for sending Multifactor authentication emails. -->
<multifactor>
<config digits-to-send="6" max-attempts="3" expiration‑seconds="600" max-requests="3"/>
<provider type="Email" class="com.splwg.oms.common.ejbaccess.EmailMultifactorAuthenticator">
<!-- The following is a select statement that returns the email address send the code to
The default value assumes that the full_name contains the email address of the user -->
<!-- another possible value is: "select ? || '@example.com' from dual" -->
<to sql="select full_name from ces_user where user_name= ? and active = 'Y'"/>
<from>nobody@[domain].com</from>
<subject>Requested Oracle NMS Validation Code</subject>
<body type="text/plain">Here is the requested Oracle NMS Validate Code: ${CODE}</body>
</provider>
<provider type="SMS" class="com.splwg.oms.common.ejbaccess.EmailMultifactorAuthenticator">
<!-- The following is a select statement that returns the email address of the gateway to send the code to -->
<to sql="select ? || '@smsgateway.[domain].com' from dual"/>
<from>nobody@[domain].com</from>
<body type="text/plain">The requested Oracle NMS Code: ${CODE}</body>
</provider>
</multifactor>
Two‑factor authentication is enabled by assigning users to the NmsMultifactor role. Users in the nms-twofactor group will have two‑factor authentication enabled by default.
Third party providers can be configured by extending com.splwg.oms.common.ejbaccess;.MultifactorAuthenticator. Then, add a configuration section for the new class in Multifactor.xml. The provider type should match the value of the combo box in the dialog.