1. Help Reference for Oracle Access Management Consoles
  2. Application Security Help
  3. Access Manager Help
  4. Create Authentication Scheme

3.4 Create Authentication Scheme

Use the Create Authentication Scheme page to create a new Authentication scheme that defines the challenge mechanism required to authenticate a user.

The following table describes the elements on the Create Authentication Scheme page:

Element Description

Name

Type a unique name for this scheme, this appears in the navigation tree.

Description

Type a short description that explains the use of this scheme, you can enter up to 200 characters.

Authentication Level

Enter the trust level of the authentication scheme, the trust level is expressed as an integer value between 0 (no trust) and 99 (highest level of trust).

This reflects the challenge method and degree of trust used to protect transport of credentials from the user.

Note:

  • Level 0 is unprotected. Only unprotected resources can be added to an Authentication Policy that uses an authentication scheme at protection level 0.

  • After a user is authenticated for a resource at a specified level, the user is automatically authenticated for other resources in the same Application Domain or in different Application Domains, if the resources have the same or a lower trust level as the original resource.

Default

A non-editable box that is checked when the Set as Default button is clicked.

Challenge Method

Select any Challenge Method from the following options in the drop-down menu:

  • FORM

  • BASIC

  • X509

  • WNA

  • NONE

  • DAP

Challenge URL

This URL is associated with the selected Challenge Method.

  • FORM Challenge Method —Out of the box authentication scheme (LDAPScheme and LDAPNoPasswordValidationScheme), Challenge URL is "/pages/login.jsp". The context type and context values are used to build the final URL.

  • X509 Challenge Method— The Challenge URL takes the form: https://managed_server_host:managed_server_ssl_port/oam/CredCollectServlet/X509.

Note: The default Challenge URL is based on the credential collector embedded with the OAM Server (ECC).

Context Type

This field is displayed only for Schemes using Challenge Method FORM, X509, or DAP.

This is used to build the final URL for the Embedded Credential Collector (ECC only, DCC does not use this) based on the following possible values:

  • default - The Context value to construct the final URL to forward to credential collection.

    For Example: With a challenge URL of "/pages/login.jsp", and a context value of /oam, the server forwards to "/oam/pages/login.jsp" for credential collection by the ECC.

  • customWar - Use this Context Type, if a customized credential collector page "customlogin.jsp" is deployed in a WAR file (with context root, "custom") within the same domain, it should be used to collect credentials. Then set the following values to have server forward to the WEB application page "/custom/customlogin.jsp" to collect credentials:

    • challenge_url = "/customlogin.jsp"

    • contextType = "customWar"

    • contextValue = "/contextroot of custom application"

  • external- If the login page is external, the file can be placed in a location that is accessible to the application. Set the following values to have the server redirect to the challenge URL for credential collection. The username and password are collected by the external form (HTML or jsp) and submitted to the OAM Server:

    • challenge_url = "http://host:port/externallogin

    • contextType = "external"

    • contextValue = Not applicable

Context Value

Used to build the final URL for the credential collector. The default value is /oam.

Challenge Redirect URL

This URL declares the endpoint referencing the Credential Collector (ECC or DCC).

For Example:

ECC: /oam/server

DCC: http: //<doc-host:port>/

Authentication Module

Identifies the pre-configured authentication module to be used to challenge the user for credentials. Following modules or plug-ins specified identifies the exact user identity store to be used:

  • FederationMTPlugin

  • FederationPlugin

  • KerberosPlugin (Authentication Modules and Custom Authentication Modules)

  • MTLDAPBasic

  • MTLDAPPlugin

  • OIFMTLDAPPlugin

  • Password Policy Validation Module

  • TAPModule

  • x509Plugin (under the X509 Authentication Modules node)

Challenge Parameters

Type short text strings that are consumed and interpreted by Webgates and Credential Collector modules to operate in the manner indicated by those values.

The syntax for specifying any challenge parameter is:

<parametername> = <value>

Note: This syntax is not specific to any Webgate release. Authentication schemes are independent of Webgate release.

Set as Default

Click Set as Defaultbutton to select the non-editable Default check box.

Apply

Click to submit this Authentication Scheme.

Search Authentication Schemes

Use the Search Authentication Schemes page to perform an advanced search for a specific Authentication Scheme. The following table describes the elements in the Search section of the Authentication Scheme page:

Element Description

Name

Enter a name of the Authentication Scheme (or a partial name with wild card (*)).

Search

Click Search to initiate the search and populate results in the Search Results table.

Reset

Click Reset to reset the search criteria.

Create Authentication Scheme

Click to create a new Authentication Scheme using theCreate Authentication Scheme page.

Search Results

Search results are the Authentication Schemes that met the conditions specified in the search fields. The following table describes the elements in the Search Results section of the Authentication Scheme page:

Element Description

Actions

Choose options from the menu to perform the following operations:

  • Create - Select Create to create a new Authentication Scheme using the Create Authentication Scheme page.

  • Duplicate - Select a row in the table and choose Duplicate to open the existing record in edit mode, user can make changes and save the record.

  • Edit - Select a row in the table and choose Edit to open the record in edit mode. After edit, click OKto save the changes or Cancel to cancel the changes.

  • Delete - Select a row in the table and choose Delete, in the confirm pop-up click Yes to remove the row, or click No to retain the row.

View

Choose commands from the View menu to control how the columns are displayed:

  • Columns - Click a column header name to quickly show or hide a single column.

  • Detach - Click to open the table in a larger window.

  • Reorder Columns - Click to open a dialog that lets you change the order of the table columns.

Create

Click to create a new Authentication Scheme using theCreate Authentication Scheme page.

Duplicate

Click to create a copy of the existing record.

Select a row and click Duplicate to open the existing record in edit mode, user can make changes and save the record.

Edit

Select a row in the table and click Edit to open the record in edit mode. After edit, click OK to save the changes or Cancel to cancel the changes.

Delete

Select a row in the table and click Delete, in the confirm pop-up click Yes to remove the row, or click No to retain the row.

Detach

Click to expand the Search Results table to a full page.

Row

Displays the row number.

Name

Displays the searched Authentication Scheme names.

Description

Displays the descriptions for the Authentication Scheme searched.

Sort Ascending

Click to sort the items in the column in ascending order.

Sort Descending

Click to sort the items in the column in descending order.

Related Topics

Managing Authentication and Shared Policy Components in Administrator's Guide for Oracle Access Management