1-2 Oracle Fusion Middleware Developers Guide for Oracle Adaptive Access Manager Manager directly and the application itself manages the authentication and challenge flows. Native and Web Services Integration A Web application can communicate with Oracle Adaptive Access Manager using the OAAM Native Client API or through Web Services. For information on these integrations, see Chapter 3, Integrating Native .NET Applications, and Chapter 4, Integrating Native Java Applications. Static Linked Integration The native integrations include APIs that are wrappers of the SOAP API published by OAAM and written in the clients native application language. The static linked integration is an option available for integrations using just the Java language. In this integration, there are no SOAP calls to OAAM, and, instead, the API implementation runs within the client application itself. For information on the static linked integration, see Chapter 4, Integrating Native Java Applications. OTP Integration Oracle Adaptive Access Managers Native OTP API offers a way to add another factor to a traditional user namepassword authentication scheme. For information on OTP integration, see Chapter 5, Native API for OTP Challenge.

1.2 Universal Installation Option Integrations

Oracle Adaptive Access Managers Universal Installation Option UIO reverse proxy deployment option offers login risk-based multifactor authentication to Web applications without requiring any change to the application code. Part II contains configuration instructions and guidelines for the reverse proxy deployment option in the following chapter: ■ Chapter 6, Oracle Adaptive Access Manager Proxy

1.3 Customizations and Extensions

Part III provides instructions and reference material for the following customizing and extending features of Oracle Adaptive Access Manager: Customizing Oracle Adaptive Access Manager Oracle Adaptive Access Manager can be customized by adding custom jars and files to the Oracle Adaptive Access Manager Extensions Shared Library. For information on using the extensions shared library for customization of Oracle Adaptive Access Manager, see Chapter 7, Customizing Oracle Adaptive Access Manager. Customizing the OAAM Server The user interface provided by the OAAM Server Web application can be easily customized to achieve the look and feel of the customer applications. You can configure OAAM Server to support one or more Web application authentication and user registration flows. Introduction to the Developers Guide 1-3 For information on the customization of OAAM Server, see Chapter 8, Customizing the OAAM Server. Customizing User Flow OAAM supports the customization of user flow. For information, refer to Chapter 9, Customizing User Flow. Virtual Authentication Devices Oracle Adaptive Access Manager includes unique functionality to protect end users while interacting with a protected web application. The virtual authentication devices hardens the process of entering and transmitting authentication credentials and provide end users with verification they are authenticating on the valid application. Each virtual authentication device VAD has its own unique set of security features that make it much more than a mere image on a web page. For information on the customization of virtual authentication devices, see Chapter 10, Using Virtual Authentication Devices. One-Time Password Oracle Adaptive Access Manager 11g provides the framework to support One Time Password OTP authentication with Oracle User Messaging Service UMS as a method of delivery out of the box. For instructions to configure OTP to leverage UMS as a method of delivery, refer to Chapter 11, Implementing OTP Anywhere. Configurable Actions Oracle Adaptive Access Manager provides Configurable Actions, a feature which allows users to create new supplementary actions that are triggered based on the result action andor based on the risk scoring after a checkpoint execution. Chapter 12, Configurable Actions describes how to integrate a Configurable Action with the Oracle Adaptive Access Manager software. Device Registration Device registration is a feature that allows a user to flag the computer he is using as a safe device. Instructions to enable the feature is provided in Chapter 13, Device Registration. Device Identification For most typical deployments, the out-of-the-box device identification satisfies client requirements. Out-of-the-box Device Identification uses data from browser and OAAM flash movie. The following are the typical scenarios when you could consider extending device identification: ■ The OAAM flash movie cannot be used to obtain client details as the client side browser does not support Flash example: iPhone, iPad, and so on ■ There is a need to extract stronger device identification data from the client using a non-flash plug-in that can run inside the browser For information on how to extend device identification in a typical deployment refer to Chapter 14, Extending Device Identification. 1-4 Oracle Fusion Middleware Developers Guide for Oracle Adaptive Access Manager Flash Fingerprinting Oracle Adaptive Access Manager uses device fingerprinting along with many other types of data to determine the risk associated with a specific access request. Outlines of calls needed to perform the flash fingerprinting are presented in Chapter 15, Flash Fingerprinting.

1.4 Authentication and Password Management Integration