2-14 Oracle Fusion Middleware Developers Guide for Oracle Adaptive Access Manager

2.2.1.10 Enter Registration Flow P6

The Registration Flow allows you to register a new image and caption, questions, and so on as described in the table below:

2.2.1.11 Run Challenge Rules R5

The challenge rules are invoked to determine which type of challenge to display to the user. Values returned by the challenge rules include the following: Table 2–11 Registration Required Rules Reference APIs Module APIs Description Server VCryptRulesEngine::processRules For method details, see Section 4.6.1, processRules. Oracle Adaptive Access Manager Sample password.jsp Invokes rules to identify the virtual authentication device type to use; the default is KeyPad Creates the virtual authentication device, names it, and sets all initial background frames Invokes kbimage.jsp as configured Forwards to page handlePassword.jsp BharosaHelper BharosaHelper::getAuthentiPad Table 2–12 Registration Flow Module APIs Description Server VCryptRulesEngine::processRules For method details, see Section 4.6.1, processRules. Oracle Adaptive Access Manager Sample registerImagePhrase.jsp Assigns new image and caption to user Assigns new image and caption to user Forwards to page handleRegisterImagePhrase.jsp registerQuestions.jsp Gets question pick set for the user Displays question selection user interface and inputs for answers Forwards to page handleRegisterQuestions.jsp registerContactInfo.jsp Presents user with inputs for OTP registration information Forwards to page handleRegisterContactInfo.jsp BharosaHelper BharosaHelper::getAuthentiPad BharosaHelper::createSampleAuthentiPad BharosaHelper::assignRandomImageAndCaption BharosaHelper::saveNewImageAndOrCaption BharosaHelper::getQuestions BharosaHelper::isDeviceRegistered BharosaHelper::setContactInfo Natively Integrating with Oracle Adaptive Access Manager 2-15 ■ ChallengeQuestion to challenge the user with question. ■ ChallengeSMS to challenge user with OTP via SMS, to challenge user with OTP ■ ChallengeEmail to challenge user with OTP via email ■ Block to block the user. Table 2–13 lists the APIs used to run the challenge rules.

2.2.1.12 Run Authentication Rules R6

BharosaHelper::getAuthentiPad is used to create an authentication device. That method in turn calls the Authentication Device Rules to determine the device to use. If the user is to be challenged with a question, the rule returns the QuestionPad. If the user is to be challenge with an OTP, the rule returns the TextPad.

2.2.1.13 Challenge the User S6

If appropriate, the user is challenged with either Knowledge Based Authentication KBA or OTP One Time Password. KBA is an extension to existing User IDpassword authentication and secures an application using a challengeresponse process where users are challenged with questions. The user must answer the question correctly to proceed with his requested sign-on, transaction, service, and so on. OTP is an extension to existing User IDpassword authentication as well and adds an extra security layer to protect applications. OTP is generated after verifying the user ID and password and then delivered to users via e-mail or mobile phone if the application deems it to be necessary. Users then use the OTP to sign-in to the application. Table 2–14 lists the APIs to challenge the user with registered questions. Table 2–13 Run Challenge Rules APIs Module APIs Description Server VCryptRulesEngine::processRules For method details, see Section 4.6.1, processRules. Oracle Adaptive Access Manager Sample handleChallenge.jsp handleChallenge.jsp calls BharosaHelper::validateAnswer If that method returns BharosaEnumChallengeResult.SUCC ESS, status is updated to success and the user is allowed to move forward; otherwise if BharosaEnumChallengeResult.WRO NG_ANSWER is returned then challenge rules are run again to determine the next step. BharosaHelper BharosaHelper::validateAnswer