Developing Custom Challenge Processors 20-3 If no secret code is present in session, generate one. if StringUtil.isEmptyotpCode { if logger.isDebugEnabled logger.debugChallengeEmail generating security code for user: + sessionData.getCustomerId; otpCode = generateCodesessionData; save the code for later reference - validate resend sessionData.setOTPCodeotpCode; } if logger.isDebugEnabled logger.debugOTP code for user + sessionData.getCustomerId + : + otpCode; if StringUtil.isEmptyotpCode { logger.errorEmail Challenge pin generation returned null.; return false; } isRetry flag is turned on if user fails to answer the question if isRetry { return sendCodesessionData; } return true; } Validate user entered answer against value in sessionData param sessionData validate code and return result. param answer answer provided by the user return protected boolean validateAnswerUIOSessionData sessionData, String answer{ need to authenticate OTP Code String otpCode = sessionData.getOTPCode; if otpCode = null otpCode.equalsanswer { Expire OTP Code sessionData.setOTPCodenull; return true; } return false; } Private methods to send secret code to client param sessionData return private boolean sendCodeUIOSessionData sessionData{ String otpCode = sessionData.getOTPCode; try { UIOUtil.getOTPContactInfo fetches the information registered by the user. Refer to ChallengeEmail.requiredInfo in configuration. String toAddr = UIOUtil.getOTPContactInfosessionData, email; 20-4 Oracle Fusion Middleware Developers Guide for Oracle Adaptive Access Manager if StringUtil.isEmptytoAddr { logger.errorNo user email in profile.; return false; } Send secret code to customer using your email provider } catch Exception ex { logger.errorChallengeEmail Error sending code., ex; return false; } return true; } public String checkStatusUIOSessionData sessionData, boolean userWaiting, boolean isRetry { String target = ChallengeProcessorIntf.TARGET_WAIT; user already has code, trying again - send to challenge page if isRetry{ return ChallengeProcessorIntf.TARGET_CHALLENGE; } boolean sendComplete = false; if userWaiting{ if secret code is sent set target to target = ChallengeProcessorIntf.TARGET_CHALLENGE; failed to send target = ChallengeProcessorIntf.TARGET_ERROR; still processing target = ChallengeProcessorIntf.TARGET_WAIT; } return target; } }

20.2.4 Secret PIN Implementation

The AbstractOTPChallengeProcessor class has a default pin generation method, generateCode, that you can override to provide your pin generation logic.

20.3 Define the Delivery Channel Types for the Challenge Processors

This section contains instructions on defining a delivery channel type. Examples are provided for your reference.

20.3.1 Challenge Type Enum

Challenge types are configured by the enum, challenge.type.enum. The actual enum value is shown as follows: bharosa.uio.application. challenge.type.enum.challenge type For example, bharosa.uio.default.challenge.type.enum.ChallengeEmail The challenge type enum is used to associate a challenge type with the java code needed to perform any work related to that challenge type. An example of