Natively Integrating with Oracle Adaptive Access Manager 2-17

2.2.1.15 Lock Out Page S2

The Lock Out page is the page to which the user is redirected when the post-authorization rules return Block.

2.2.1.16 Landing or Splash Page S3

This page is the page to which the user is redirected after a successful login, that is, when the post-authorization rules return Allow.

2.2.2 Integrating with Knowledge-Based Authentication

This scenario is a subset of the scenario described in Section 2.2.1, Integrating with Virtual Authentication Devices and Knowledge-Based Authentication. This scenario does not have a split login flow and does not include personalizations or virtual authentication devices. Figure 2–7 illustrates a flow of authentication that uses this solution. For details about the stages of this flow, see the following sections:

2.2.2.1 UserPassword S1

The UserPassword Page is the existing page currently used by the client. It contains the text box for both the username and password. There are no changes required for Table 2–15 Validate Answer to a Challenge Module APIs Description Server VCryptAuth::authenticateQuestion VCryptRulesEngine::processRules VCryptTracker::updateAuthStatus For method details, see Section 4.6.1, processRules, and Section 4.5.9, updateAuthStatus. Oracle Adaptive Access Manager Sample handleChallenge.jsp Calls BharosaHelper::validateAnswer If that method returns BharosaEnumChallengeResult.SUCCESS, status is updated to success and the user is allowed to move forward; otherwise if BharosaEnumChallengeResult.WRONG_ ANSWER is returned then challenge rules are run again to determine the next step. BharosaHelper BharosaHelper:: validateAnswer If the type of challenge being validated is KBA ChallengeQuestion, then VCryptAuth::authenticateQuestion is called to validate the users input against the registered answer for the question presented. If the type of challenge being validated is OTP ChallengeSMS, ChallengeEmail, and so on, then the users input is compared to the value stored when OTP code was generated. If the answer is correct, the OTP challenge counter is reset by calling BharosaHelper::resetOTPCounter. Otherwise if the answer is incorrect, the OTP challenge counter is incremented BharosaHelper::incrementOTPCounter. Method returns a BharosaEnumAuthStatus of either BharosaEnumAuthStatus.SUCCESS or BharosaEnumAuthStatus.WRONG_ANSWER 2-18 Oracle Fusion Middleware Developers Guide for Oracle Adaptive Access Manager this page; however, the post from this page should display a transient intermediate refresh page.

2.2.2.2 Stages

For information on the other stages, see the following sections: ■ Section 2.2.1.2, Device Fingerprint Flow F1 ■ Section 2.2.1.6, Validate User and Password CP1 ■ Section 2.2.1.6.1, Update Authentication Status P5 ■ Section 2.2.1.6.2, Password Status C1 ■ Section 2.2.1.7, Run Post-Authentication Rules R3 ■ Section 2.2.1.8, Check Registration for User C2 ■ Section 2.2.1.9, Run Registration Required Rules R4 ■ Section 2.2.1.13, Challenge the User S6 ■ Section 2.2.1.15, Lock Out Page S2