Natively Integrating with Oracle Adaptive Access Manager 2-9 Figure 2–4 Generic, Non-Personalized TextPad Table 2–4 lists the APIs used to generate a generic TextPad.

2.2.1.4.2 Generate a Personalized TextPad or KeyPad P3 A personalized TextPad is used

for users who have registered with Oracle Adaptive Access Manager. Figure 2–5 and Figure 2–6 illustrate personalized text and key virtual authentication devices. Table 2–4 Generation of a Generic TextPad APIs Module APIs Description Server VCryptAuth::getUserByLoginId You can obtain an instance of VCryptAuth by calling VCryptAuthUtil.getVCryptAuthInstance. For method details, see Section 4.5.7, getUserByLoginId. Oracle Adaptive Access Manager Sample Password.jsp Invokes rules to identify the virtual authentication device type to use; the default is KeyPad Creates the virtual authentication device, names it, and sets all initial background frames Invokes kbimage.jsp as configured Forwards to page handlePassword.jsp BharosaHelper BharosaHelper:: createPersonalizedAuthentiPad BharosaHelper::createAuthentiPad Client AuthentiPad::getHTML 2-10 Oracle Fusion Middleware Developers Guide for Oracle Adaptive Access Manager Figure 2–5 Personalized TextPad Figure 2–6 Personalized KeyPad Table 2–5 lists the APIs used to generate a personalized TextPad or KeyPad. Table 2–5 Generating a Personalized TextPad or KeyPad APIs Module APIs Description Server VCryptAuth::getUserByLoginId For method details, see Section 4.5.7, getUserByLoginId. Oracle Adaptive Access Manager Sample password.jsp Invokes rules to identify the virtual authentication device type to use; the default is KeyPad Creates the virtual authentication device, names it, and sets all initial background frames Forwards to page handlePassword.jsp Invokes kbimage.jsp as configured BharosaHelper BharosaHelper:: createPersonalizedAuthentiPad BharosaHelper::createAuthentiPad Client AuthentiPad::getHTML Natively Integrating with Oracle Adaptive Access Manager 2-11

2.2.1.4.3 Display TextPad and KeyPad S4 and S5 The HTML code example to display

TextPad and KeyPad should be embedded in the password page. This HTML renders the TextPad or KeyPad using JavaScript, and it includes an img tag, which makes a HTTP request to the server to get the TextPad or KeyPad image. Table 2–6 lists the APIs used to display TextPad and KeyPad.

2.2.1.5 Decode Virtual Authentication Device Input P4

In this stage, the chosen virtual authentication device decodes the data the user supplies to it; the decoded value is in raw text format, and it is recommended that it be saved in the HTTP Session. The virtual authentication device object is serialized and stored in the database or the file system. The virtual authentication device is stored in session because it is used to decode the input. This is needed for virtual authentication devices like PinPad and KeyPad where the user input is not clear text. For consistency it is performed for all virtual authentication devices since they are designed to be able to be used interchangeably. Table 2–7 lists the APIs used to decode user input. Table 2–6 Displaying TextPad and KeyPad APIs Module APIs Description Server VCryptAuth::getUserByLoginId Oracle Adaptive Access Manager Sample password.jsp Invokes rules to identify the virtual authentication device type to use; the default is KeyPad Creates the virtual authentication device, names it, and sets all initial background frames Invokes kbimage.jsp as configured Forwards to page handlePassword.jsp Oracle Adaptive Access Manager Sample kbimage.jsp Outputs the virtual authentication devices BharosaHelper BharosaHelper:: createPersonalizedAuthentiPad BharosaHelper::createAuthentiPad BharosaHelper::imageToStream Client AuthentiPad::getHTML KeyPadUtil::encryptImageToStream Table 2–7 Decoding Virtual Authentication Device Input APIs Module APIs Description Oracle Adaptive Access Manager Sample handlePassword.jsp Retrieves the password Decodes the password Validates the user BharosaHelper BharosaHelper::decodePadInput Removes the virtual authentication device object from the HTTP Session. Client KeyPadUtil::decodeKeyPadCode 2-12 Oracle Fusion Middleware Developers Guide for Oracle Adaptive Access Manager

2.2.1.6 Validate User and Password CP1

This stage represents the clients existing process in which the client invokes the local API to authenticate the user and the authentication result is passed on to OAAM Server. The API used is detailed in Table 2–8 .

2.2.1.6.1 Update Authentication Status P5 After validating the user password, the status

is updated with the APIs detailed in Table 2–9 .

2.2.1.6.2 Password Status C1 Depending on the password authentication status, the

user is directed to the retry page or to post-authentication.

2.2.1.7 Run Post-Authentication Rules R3

These rules are run after the user password has been authenticated. Common actions returned by post-authentication include: ■ Allow to allow the user to proceed forward. ■ Block to block the user from proceeding forward. ■ Challenge to challenge the user. The APIs used for post-authentication are listed in Table 2–10 . Table 2–8 Validating User and Password API Module API Description Oracle Adaptive Access Manager Sample handlePassword.jsp Retrieves the password Decodes the password Updates the status to success if user is valid, or to invalid, error, or bad password if the user is invalid Runs post-authentication rules and returns one of the following values: REGISTER_USER_OPTIONAL REGISTER_QUESTIONS REGISTER_USER CHALLENGE Table 2–9 Updating Authentication Status APIs Module APIs Description Server VCryptTracker::updateAuthStatus For method details, see Section 4.5.9, updateAuthStatus. Oracle Adaptive Access Manager Sample handlePassword.jsp Retrieves the password Decodes the password Validates the user Forwards to registerImageandPhrase, or challenges a registered user BharosaHelper BharosaHelper::updateStatus