14-4 Oracle Fusion Middleware Developers Guide for Oracle Adaptive Access Manager As mentioned in the previous section, client plug-in would send list of data points as single string as the value of fp request parameter. This class should tokenize this string to determine the list of datapoints and their values.

14.3.5 getDigitalCookie

public String getDigitalCookie; Implementation should return the digital cookie sent by the client plug-in. It is the responsibility of the client and server to designate an Http parameter that indicates the digital cookie. This method should call the UIOContext.getCurrentInstance.getRequest to get handle to HttpServletRequest object to read the data sent by the client plug-in.

14.3.6 getClientDataMap

public Map getClientDataMapHttpServletRequest request; Implementation should read the data from request and store it into a map that can be used for logging or auditing purposes.

14.4 Overview of Interactions

Following is the overview of how the device identification plug-in works and interacts with OAAM Server: 1. The user navigates to the OAAM user login page on the OAAM Server. 2. The OAAM Server uses the device identification configuration and appropriately instantiates the device identification plug-in class. It then asks the plug-in class for the HTML that needs to be embedded in the user login page. The OAAM Server returns the user login page with the device identification plug-in HTML. 3. Once the login page is rendered, the client based plug-in is activated and collects information about the device. 4. The client plug-in then submits the collected data to the device identification URL on the OAAM Server. 5. The OAAM Server then calls the device identification plug-in to obtain the fingerprint based on collected data from the client plug-in. 6. It then checks if the fingerprint corresponds to an existing device. If not, then it creates a new device and associates the fingerprint to that device. 7. The OAAM Server then calls the device identification plug-in to get the digital cookie. If digital cookie does not exist then a new one is created. 8. The digital cookie is returned to the client plug-in so that it is stored on the client machine. 9. Once the User ID is entered, using the digital cookie or browser cookie or both, the user request is associated to the device. 10. After the authentication successfailure, the user request is updated with the authentication result. Extending Device Identification 14-5 11. If the same device is used for future logins, the digital cookie can be used to look up the device without having to fingerprint.

14.5 Compile, Assemble and Deploy

Compile the custom device identification plug-in class and assemble the OAAM Extensions Shared library. Refer to Chapter 7, Customizing Oracle Adaptive Access Manager for instructions.

14.6 Important Note About Implementing the Plug-In

When implementing the plug-in, keep the following points in mind: ■ Make sure the custom device identification class outputs a valid HTML required to activate the client side plug-in. ■ Make sure the client side plug-in posts the data to OAAM Server using the existing HTTP Session.