Natively Integrating with Oracle Adaptive Access Manager 2-15 ■ ChallengeQuestion to challenge the user with question. ■ ChallengeSMS to challenge user with OTP via SMS, to challenge user with OTP ■ ChallengeEmail to challenge user with OTP via email ■ Block to block the user. Table 2–13 lists the APIs used to run the challenge rules.

2.2.1.12 Run Authentication Rules R6

BharosaHelper::getAuthentiPad is used to create an authentication device. That method in turn calls the Authentication Device Rules to determine the device to use. If the user is to be challenged with a question, the rule returns the QuestionPad. If the user is to be challenge with an OTP, the rule returns the TextPad.

2.2.1.13 Challenge the User S6

If appropriate, the user is challenged with either Knowledge Based Authentication KBA or OTP One Time Password. KBA is an extension to existing User IDpassword authentication and secures an application using a challengeresponse process where users are challenged with questions. The user must answer the question correctly to proceed with his requested sign-on, transaction, service, and so on. OTP is an extension to existing User IDpassword authentication as well and adds an extra security layer to protect applications. OTP is generated after verifying the user ID and password and then delivered to users via e-mail or mobile phone if the application deems it to be necessary. Users then use the OTP to sign-in to the application. Table 2–14 lists the APIs to challenge the user with registered questions. Table 2–13 Run Challenge Rules APIs Module APIs Description Server VCryptRulesEngine::processRules For method details, see Section 4.6.1, processRules. Oracle Adaptive Access Manager Sample handleChallenge.jsp handleChallenge.jsp calls BharosaHelper::validateAnswer If that method returns BharosaEnumChallengeResult.SUCC ESS, status is updated to success and the user is allowed to move forward; otherwise if BharosaEnumChallengeResult.WRO NG_ANSWER is returned then challenge rules are run again to determine the next step. BharosaHelper BharosaHelper::validateAnswer 2-16 Oracle Fusion Middleware Developers Guide for Oracle Adaptive Access Manager

2.2.1.14 Check Answers to Challenge C3

This stage involves validating the users input to the challenge: ■ For KBA, calling Oracle Adaptive Access Manager Server to determine whether the answer the user has supplied matches the registered reply. ■ For OTP, validating the entered value to the OTP generated and sent to the user. Table 2–15 lists the APIs used to validate a challenge. Table 2–14 Challenge User APIs Module APIs Description Server VCryptAuth::getSecretQuestion VCryptTracker::generateOTP Oracle Adaptive Access Manager Sample Challenge.jsp Determine type of challenge to use. BharosaHelper::runChallengeRules If challenge type returned is KBA ChallengeQuestion then get user question with VCryptAuth:getUserQuestion If challenge type is OTP ChallengeSMS, ChallengeEmail, ... then generate, store, and send OTP code. ■ BharosaHelper::generateOTP ■ BharosaHelper::sendCode Use authentication pad rules to determine authentipad to display to the user. See Section 2.2.1.4, Run Virtual Authentication Device Rules R2. . Submits the answer to handleChallenge.jps handleChallenge.jsp collects user input and calls BharosaHelper::validateAnswer - used to validate user answer for challenge same as question challenge BharosaHelper BharosaHelper:: createPersonalizedAuthentiPad BharosaHelper::createAuthentiPad BharosaHelper::generateOTP BharosaHelper::sendCode BharosaHelper::getUserQuestion Client AuthentiPad::getHTML