6 Integrating OAA with Other Products

6.1 User Control Flow for OAA Integration with OAM and ORA

OAA allows integration with other products to support Multi-factor Authentication (MFA) either through REST APIs or browser-based flows.

OAA can be integrated with clients supporting browser-based user flows, for example Oracle Access Management (OAM) or REST API based user flows, for example Oracle Radius Agent (ORA).

The following section provides an overview of the user interaction flow for OAA-OAM integration through browser-based flow and OAA-ORA integration through REST APIs.

OAA Interaction with OAM to Provide Multi Factor Authentication

  1. User accesses the OAM (Webgate) protected resource through the browser.
  2. User is redirected to OAM for authentication
  3. OAM presents the Login Screen to the user and after authentication redirects the flow to OAA with the TAP Token for multi-factor authentication.

    Note:

    OAA integrates with OAM using the OAAAuthnPlugin and by registering OAA as a TAP partner.
  4. OAA presents the user with the additional challenge pages with factors for authentication.
  5. After the challenge flow is complete, user is redirected back to OAM with success or failure messages.
  6. User is granted access to the resource if the multi-factor authentication was successful.

OAA Interaction with ORA to Provide Multi Factor Authentication

A. User logs in into the Database with a DB Client (sqlplus) and the user credentials (username/password) are verified

B. After authentication, the database invokes ORA for the second factor authentication.

C. ORA invokes API to determine user challenge and presents challenge prompt for the user.
  1. OAA provides challenge prompt information
  2. User is shown prompt and asked for answer by ORA

D. ORA redirects to OAA and it validates the answer provided by ORA.

E. ORA redirects back for resuming the database login session.

F. User is granted access to the database if the challenge validation was successful.

6.2 Integrating OAA with OAM

OAA can be integrated with OAM using OAAAuthnPlugin and registering OAA as a TAP partner.

6.3 Integrating OAA with ORA

OAA can be integrated with Oracle Radius Agent using REST APIs.

For details about integrating OAA with ORA, see the tutorials Use Oracle Radius Agent with Oracle Advanced Authentication for Multi-Factor Authentication