1. Administering Oracle Advanced Authentication and Oracle Adaptive Risk Management
  2. Introduction to Oracle Advanced Authentication, Oracle Adaptive Risk Management, and Oracle Universal Authenticator
  3. Introducing Oracle Advanced Authentication
  4. System Architecture and Components

1.3 System Architecture and Components

OAA is composed of micro-services, web applications, platform abstractions, and authentication factor providers, along with an RDBMS used for storing user preferences and service data/metadata.

The components of OAA are as follows:

OAA Runtime and API

This component is the main processing unit of the system and provides REST APIs for managing user challenge flows and orchestrating the flow using challenge factors.

This runtime component integrates with API-based clients, for example, Oracle RADIUS Agent (ORA).

OAA Runtime UI

This component provides User Interface (UI) pages for managing the user challenge flow. For the end-user, it provides the user interface for choosing the challenge factor, and going back and forth with challenge factors during the flow.

This runtime component integrates with clients running browser-based flows, for example, Oracle Access Management (OAM), using OAuth and OpenID Connect (OIDC).

It provides the following UI Pages:

User Challenge Choice Pages: This renders the available challenges for users to choose from. It also provides an option to remember the choice the next time. After the user chooses the challenge, it redirects to the User Challenge Answer Page.

User Challenge Answer Pages for factors: The challenge answer page retrieves the answer from the chosen second factor specified by the user. Based on the type of challenge, the page provides a dialog box to type the answer in, for example, for the email, SMS, TOTP, and Knowledge-Based Authentication factors. If the challenge factor requires an assertion outside the browser, for example FIDO2, Yubikey, or push notifications, the page renders a timed wait. If verification fails it asks for the answer again, or sends the user back to choose another challenge, or times out. If verification succeeds users are redirected back to the agents. For more information about agents, see Understanding Oracle Advanced Authentication.

This page also allows the user to abandon the flow, or go back to the challenge choice page. It also gives users the option to remember the challenge choice for future requests, or allows that choice to be reset.

OAA Administration UI and API

This component provides REST APIs and Administration UI to manage integration agents, assurance levels, rules and groups. Rules are defined for each assurance level. Administrators can configure required challenge outcomes with the REST APIs or UI.

Self-Service Portal UI and API

This component allows the end-user to see and manage their challenge factor registration using the UI or the user-preferences REST APIs.

Challenge Factors

Challenge factors are realized as services or containers that integrate with OAA runtime using REST API or the UI. Challenge factors can be configured using the UI or configuration API.

Persistent Store

This component is used for storing user preferences data and policy metadata. OAA supports database installation external to the Kubernetes cluster and provides the database schema to be imported.

Monitoring

Data monitoring is enabled for OAA service and policy management API.