Oracle® Fusion Middleware Developer's Guide for Oracle Adaptive Access Manager Release 11g (11.1.1) Part Number E15480-02 |
|
|
View PDF |
OAAM Server provides end users a secure method to enter sensitive credentials online. OAAM Server is comprised of multiple secure interfaces. There are many security technologies employed in the OAAM Server user interfaces.
Each OAAM Server interface is a virtual authentication device (VAD). Each VAD has its own unique set of security features that make it much more than a mere image on a web page.
Details on the virtual authentication device properties are provided in this chapter for your reference.
Virtual authentication devices uses the following files:
bharosa_server.properties - file where custom properties would be added for virtual authentication devices, KeySet definitions used in the KeyPad and PinPad devices, and configuration properties that are not localized (translated).
client_resource_<locale>.properties - files to be created by the administrator customizing the application to contain locale-specific properties such as translated displayed messages. The locale identifier consists of at least a language identifier, and a region identifier (if required). For example, the custom properties file for US English is client_resource_en_US.properties
.
Note:
Many of the properties related to the virtual authentication devices are in resource bundles so that they are capable of being localized. If the default value is in a "resource" file, then the override value should be placed in the client override file for resource bundle values (client_resource.properties
).Virtual authentication devices are provided with Oracle Adaptive Access Manager as samples to use if you choose to. These samples are provided in English only.
A set of sample background images are also shipped with Oracle Adaptive Access Manager. For the images to be displayed, set the following properties:
vcrypt.user.image.dirlist.property.name=bharosa.image.dirlist bharosa.image.dirlist=<imagePath>
If any of the images are to be edited, make sure not to increase the physical dimensions or change the aspect ratio of the sample images because distortions will occur.
Virtual authentication devices are provided with Oracle Adaptive Access Manager as samples to use if you choose to. These samples are provided in English only. Source art and information in this chapter are provided to allow you to develop your own custom virtual authentication device frames, keys, personalization images and phrases.
Alteration of these samples is considered custom development.
The following sections outline the visual elements that are within the virtual authentication device visual display for each device and the unique security features of each authentication device.
Each virtual authentication device has its own unique security features. Some of these features can be enabled and disabled by editing the configuration properties in the bharosa_server.properties
.
For visual display, important terms are:
Enter Key Hotspot - Link area allowing user to submit data entered in the authentication device.
Phrase - Personalized phrase assigned to the user at the time of registration. The phrase allows the user to ensure they are on their intended web site.
Timestamp - Timestamp of when the image was generated, allowing the user to ensure the authentication device is current.
TextPad is a personalized device for entering passwords or PIN using a regular keyboard. Like other virtual authentication devices, the TextPad helps in solving phishing problems. An example TextPad is shown in Figure 7-1.
This section provides information on the visual elements of TextPad.
Phrase (Caption)
bharosa.authentipad.textpad.caption.personalize = true bharosa.authentipad.textpad.caption.x = 14 bharosa.authentipad.textpad.caption.y = 203 bharosa.authentipad.textpad.caption.frame = false bharosa.authentipad.textpad.caption.wrap = false bharosa.authentipad.textpad.caption.width = 130 bharosa.authentipad.textpad.caption.height = 16 bharosa.authentipad.textpad.caption.font.name = Arial bharosa.authentipad.textpad.caption.font.color = 000000 bharosa.authentipad.textpad.caption.font.type= 0 bharosa.authentipad.textpad.caption.font.size = 9
Timestamp
bharosa.authentipad.textpad.timestamp.x = 25 bharosa.authentipad.textpad.timestamp.y = 165 bharosa.authentipad.textpad.timestamp.width = 132 bharosa.authentipad.textpad.timestamp.height = 16 bharosa.authentipad.textpad.timestamp.frame = false bharosa.authentipad.textpad.timestamp.wrap = false bharosa.authentipad.textpad.timestamp.font.name = Arial bharosa.authentipad.textpad.timestamp.font.color = ffffff bharosa.authentipad.textpad.timestamp.font.type= 0 bharosa.authentipad.textpad.timestamp.font.size = 9
Enter Key Hotspot
bharosa.authentipad.textpad.enterkey.x=98 bharosa.authentipad.textpad.enterkey.y=181 bharosa.authentipad.textpad.enterkey.width=45 bharosa.authentipad.textpad.enterkey.height=19 bharosa.authentipad.textpad.enterkey.label=enter bharosa.authentipad.textpad.enterkey.enable=true
Table 7-1 lists the TextPad Authenticator Properties
Table 7-1 TextPad Authenticator Properties
Feature | Property |
---|---|
Default BG (Can be application specific) |
bharosa.uio.<appId>.DeviceTextPad.default.image = textpad_bg/UIO_BG.jpg |
Password Frame File (Can be application specific) |
bharosa.uio.<appId>.password.DeviceTextPad.frame = |
Challenge Frame File (Can be application specific) |
bharosa.uio.<appId>.<challengeType>.DeviceTextPad.frame = Note: Challenge type can be any configured challenge type (ChallengeQuestion, ChallengeEmail, and others) |
Registration Frame File (Can be application specific) |
bharosa.uio.<appId>.register.DeviceTextPad.frame = textpad_bg/TP_O_preview.png |
User Preferences Frame File (Can be application specific) |
bharosa.uio.<appId>.userpreferences.DeviceTextPad.frame = textpad_bg/TP_O_preview.png |
QuestionPad is a personalized device for entering answers to challenge questions using a regular keyboard. The QuestionPad is capable of incorporating the challenge question into the Question image. Like other Adaptive Strong Authentication devices, QuestionPad also helps in solving the phishing problem. An example QuestionPad is shown in Figure 7-2.
This section provides information on the visual elements of QuestionPad.
Note:
In 10.1.4.5 and above, the QuestionPad is a single line field.Phrase (Caption)
bharosa.authentipad.questionpad.caption.personalize = true bharosa.authentipad.questionpad.caption.x = 14 bharosa.authentipad.questionpad.caption.y = 203 bharosa.authentipad.questionpad.caption.frame = false bharosa.authentipad.questionpad.caption.wrap = false bharosa.authentipad.questionpad.caption.width = 130 bharosa.authentipad.questionpad.caption.height = 16 bharosa.authentipad.questionpad.caption.font.name = Arial bharosa.authentipad.questionpad.caption.font.color = 000000 bharosa.authentipad.questionpad.caption.font.type= 0 bharosa.authentipad.questionpad.caption.font.size = 9
Timestamp
bharosa.authentipad.questionpad.timestamp.x = 25 bharosa.authentipad.questionpad.timestamp.y = 165 bharosa.authentipad.questionpad.timestamp.width = 132 bharosa.authentipad.questionpad.timestamp.height = 16 bharosa.authentipad.questionpad.timestamp.frame = false bharosa.authentipad.questionpad.timestamp.wrap = false bharosa.authentipad.questionpad.timestamp.font.name = Arial bharosa.authentipad.questionpad.timestamp.font.color = ffffff bharosa.authentipad.questionpad.timestamp.font.type= 0 bharosa.authentipad.questionpad.timestamp.font.size = 9
Question Text
bharosa.authentipad.questionpad.question.x = 9 bharosa.authentipad.questionpad.question.y = 32 bharosa.authentipad.questionpad.question.width = 132 bharosa.authentipad.questionpad.question.height = 62 bharosa.authentipad.questionpad.question.frame = false bharosa.authentipad.questionpad.question.wrap = true bharosa.authentipad.questionpad.question.font.name = Arial bharosa.authentipad.questionpad.question.font.color = 000000 bharosa.authentipad.questionpad.question.font.type= 0 bharosa.authentipad.questionpad.question.font.size = 9
Enter Key Hotspot
bharosa.authentipad.questionpad.enterkey.x=98 bharosa.authentipad.questionpad.enterkey.y=181 bharosa.authentipad.questionpad.enterkey.width=45 bharosa.authentipad.questionpad.enterkey.height=19 bharosa.authentipad.questionpad.enterkey.label=enter bharosa.authentipad.questionpad.enterkey.enable=true
Visible Text Input or Password (Non-Visible) Input Setting
The following property in client_resource_<locale>.properties
determines whether the QuestionPad is set for visible text input or password (non-visible) input.
bharosa.authentipad.questionpad.datafield.input.type
Valid values are text and password.
Table 7-2 lists the QuestionPad Authenticator Properties
Table 7-2 QuestionPad Authenticator Properties
Feature | Property |
---|---|
Default BG (Can be application specific) |
bharosa.uio.<appId>.DeviceQuestionPad.default.image = textpad_bg/UIO_BG.jpg |
Challenge Frame File (Can be application specific) |
bharosa.uio.<appId>.<challengeType>.DeviceQuestionPad.frame = Note: Challenge type can be any configured challenge type (ChallengeQuestion, ChallengeEmail, and others) |
KeyPad is a personalized graphics keyboard, which can be used to enter alphanumeric and special character that can be enter using a traditional keyboard. KeyPad is ideal for entering passwords and other sensitive data. For example, credit card numbers can be entered. An example KeyPad is shown in Figure 7-3.
This section provides information on the visual elements of KeyPad.
bharosa.authentipad.keypad.caption.personalize = true bharosa.authentipad.keypad.caption.x = 240 bharosa.authentipad.keypad.caption.y = 206 bharosa.authentipad.keypad.caption.frame = false bharosa.authentipad.keypad.caption.wrap = false bharosa.authentipad.keypad.caption.width = 130 bharosa.authentipad.keypad.caption.height = 16 bharosa.authentipad.keypad.caption.font.name = Arial bharosa.authentipad.keypad.caption.font.color = 000000 bharosa.authentipad.keypad.caption.font.type= 0 bharosa.authentipad.keypad.caption.font.size = 9
Timestamp
bharosa.authentipad.keypad.timestamp.x = 110 bharosa.authentipad.keypad.timestamp.y = 202 bharosa.authentipad.keypad.timestamp.width = 132 bharosa.authentipad.keypad.timestamp.height = 16 bharosa.authentipad.keypad.timestamp.frame = false bharosa.authentipad.keypad.timestamp.wrap = false bharosa.authentipad.keypad.timestamp.font.name = Arial bharosa.authentipad.keypad.timestamp.font.color = ffffff bharosa.authentipad.keypad.timestamp.font.type= 0 bharosa.authentipad.keypad.timestamp.font.size = 9
Enter Key Hotspot
bharosa.authentipad.keypad.enterkey.x=292 bharosa.authentipad.keypad.enterkey.y=8 bharosa.authentipad.keypad.enterkey.width=50 bharosa.authentipad.keypad.enterkey.height=20 bharosa.authentipad.keypad.enterkey.label=enter bharosa.authentipad.keypad.enterkey.enable=true
Backspace Key Hotspot
bharosa.authentipad.keypad.backspace.x=164 bharosa.authentipad.keypad.backspace.y=8 bharosa.authentipad.keypad.backspace.width=20 bharosa.authentipad.keypad.backspace.height=20 bharosa.authentipad.keypad.backspace.enable=true
Caps States
bharosa.authentipad.keypad.capslock.x=188 bharosa.authentipad.keypad.capslock.y=0 bharosa.authentipad.keypad.capslock.width=43 bharosa.authentipad.keypad.capslock.height=29 bharosa.authentipad.keypad.capslock.capsonimg=kp_v2_all_caps.jpg bharosa.authentipad.keypad.capslock.capsshiftimg=kp_v2_first_caps.jpg
Table 7-3 lists the KeyPad Authenticator Properties
Table 7-3 KeyPad Authenticator Properties
Feature | Property |
---|---|
Default BG (Can be application specific) |
bharosa.uio.<appId>.DeviceKeyPadFull.default.image = keypad_bg/UIO_BG.jpg |
Password Frame File (Can be application specific) |
bharosa.uio.<appId>.password.DeviceKeyPadFull.frame = |
Challenge Frame File (Can be application specific) |
bharosa.uio.<appId>.<challengeType>.DeviceKeyPadFull.frame = Note: Challenge type can be any configured challenge type (ChallengeQuestion, ChallengeEmail, and others) |
Registration Frame File (Can be application specific) |
bharosa.uio.<appId>.register.DeviceKeyPadFull.frame = alphapad_bg/kp_O_preview.png |
User Preferences Frame File (Can be application specific) |
bharosa.uio.<appId>.userpreferences.DeviceKeyPadFull.frame = alphapad_bg/kp_O_preview.png |
PinPad is a lightweight authentication device for entering a numeric PIN. An example PinPad is shown in Figure 7-4.
This section provides information on the visual elements of PinPad.
Phrase (Caption)
bharosa.authentipad.pinpad.caption.personalize = true bharosa.authentipad.pinpad.caption.x = 5 bharosa.authentipad.pinpad.caption.y = 206 bharosa.authentipad.pinpad.caption.frame = false bharosa.authentipad.pinpad.caption.wrap = false bharosa.authentipad.pinpad.caption.width = 130 bharosa.authentipad.pinpad.caption.height = 16 bharosa.authentipad.pinpad.caption.font.name = Arial bharosa.authentipad.pinpad.caption.font.color = 000000 bharosa.authentipad.pinpad.caption.font.type= 0 bharosa.authentipad.pinpad.caption.font.size = 9
Timestamp
bharosa.authentipad.pinpad.timestamp.x = 15 bharosa.authentipad.pinpad.timestamp.y = 165 bharosa.authentipad.pinpad.timestamp.width = 132 bharosa.authentipad.pinpad.timestamp.height = 16 bharosa.authentipad.pinpad.timestamp.frame = false bharosa.authentipad.pinpad.timestamp.wrap = false bharosa.authentipad.pinpad.timestamp.font.name = Arial bharosa.authentipad.pinpad.timestamp.font.color = ffffff bharosa.authentipad.pinpad.timestamp.font.type= 0 bharosa.authentipad.pinpad.timestamp.font.size = 9
Enter Key Hotspot
bharosa.authentipad.pinpad.enterkey.x=78 bharosa.authentipad.pinpad.enterkey.y=182 bharosa.authentipad.pinpad.enterkey.width=49 bharosa.authentipad.pinpad.enterkey.height=20 bharosa.authentipad.pinpad.enterkey.label=enter bharosa.authentipad.pinpad.enterkey.enable=true
Backspace Key Hotspot
bharosa.authentipad.pinpad.backspace.x=86 bharosa.authentipad.pinpad.backspace.y=8 bharosa.authentipad.pinpad.backspace.width=20 bharosa.authentipad.pinpad.backspace.height=20 bharosa.authentipad.pinpad.backspace.label=< bharosa.authentipad.pinpad.backspace.enable=true
Table 7-4 lists the PinPad Authenticator Properties
Table 7-4 PinPad Authenticator Properties
Feature | Property |
---|---|
Default BG (Can be application specific) |
bharosa.uio.default.DevicePinPad.default.image = pinpad_bg/UIO_BG.jpg |
Password Frame File (Can be application specific) |
bharosa.uio.<appId>.password.DevicePinPad.frame = |
Challenge Frame File (Can be application specific) |
bharosa.uio.<appId>.<challengeType>.DevicePinPad.frame = Note: Challenge type can be any configured challenge type (ChallengeQuestion, ChallengeEmail, and others) |
Registration Frame File (Can be application specific) |
bharosa.uio.<appId>.register.DevicePinPad.frame = pinpad_bg/PP_v02_frame_preview.png |
User Preferences Frame File (Can be application specific) |
bharosa.uio.<appId>.userpreferences.DevicePinPad.frame = pinpad_bg/PP_v02_frame_preview.png |
Users who access using assistive techniques will need to use the accessible versions of the virtual authentication devices. Accessible versions of the TextPad, QuestionPad, KeyPad and PinPad are not enabled by default. If accessible versions are needed in a deployment, they can be enabled via properties.
The accessible versions of the pads contain tabbing, directions and ALT text necessary for navigation via screen reader and other assistive technologies.
To enable these versions, set the is ADA compliant
flag to true.
For native integration the property to control the pads is
desertref.authentipad.isADACompliant
For UIO, the property to control the pads is
bharosa.uio.default.authentipad.is_ada_compliant
A KeySet is the configuration that defines what character keys are present on the virtual authentication device. KeySets are used by the KeyPad and PinPad virtual authentication devices.
KeySets are defined by a series user defined enums.
User-defined enums are a collection of properties that represent a list of items. Each element in the list may contain several different attributes. The definition of a user-defined enum begins with a property ending in the keyword ".enum" and has a value describing the use of the user-defined enum. Each element definition then starts with the same property name as the enum, and adds on an element name and has a value of a unique integer as an ID. The attributes of the element follow the same pattern, beginning with the property name of the element, followed by the attribute name, with the appropriate value for that attribute.
The following is an example of an enum defining credentials displayed on the login screen of an OAAM Server implementation:
bharosa.uio.default.credentials.enum = Enum for Login Credentials bharosa.uio.default.credentials.enum.companyid=0 bharosa.uio.default.credentials.enum.companyid.name=CompanyID bharosa.uio.default.credentials.enum.companyid.description=Company ID bharosa.uio.default.credentials.enum.companyid.inputname=comapanyid bharosa.uio.default.credentials.enum.companyid.maxlength=24 bharosa.uio.default.credentials.enum.companyid.order=0 bharosa.uio.default.credentials.enum.username=1 bharosa.uio.default.credentials.enum.username.name=Username bharosa.uio.default.credentials.enum.username.description=Username bharosa.uio.default.credentials.enum.username.inputname=userid bharosa.uio.default.credentials.enum.username.maxlength=18 bharosa.uio.default.credentials.enum.username.order=1
This set of properties defines one user-defined enum that contains two elements, each of which with five attributes. The "name" and "description" attributes are required to define any user-defined enum, other attributes are defined and used as needed by each individual use of a user-defined enum.
The first enum defines the rows of the KeySet and points to an another enum describing the keys present in that row.
For example, the following enum defines the rows of keys in a PinPad:
bharosa.authentipad.pinpad.default.keyset.enum=Default PinPad Keyset Enum bharosa.authentipad.pinpad.default.keyset.enum.row1=0 bharosa.authentipad.pinpad.default.keyset.enum.row1.name=Default PinPad Keyset Row 1 bharosa.authentipad.pinpad.default.keyset.enum.row1.description=Default PinPad Keyset Row 1 bharosa.authentipad.pinpad.default.keyset.enum.row1.keys=bharosa.authentipad.pinpad.default.keyset.row1.enum bharosa.authentipad.pinpad.default.keyset.enum.row1.order=1 bharosa.authentipad.pinpad.default.keyset.enum.row2=1 bharosa.authentipad.pinpad.default.keyset.enum.row2.name=Default PinPad Keyset Row 2 bharosa.authentipad.pinpad.default.keyset.enum.row2.description=Default PinPad Keyset Row 2 bharosa.authentipad.pinpad.default.keyset.enum.row2.keys=bharosa.authentipad.pinpad.default.keyset.row2.enum bharosa.authentipad.pinpad.default.keyset.enum.row2.order=2 bharosa.authentipad.pinpad.default.keyset.enum.row3=2 bharosa.authentipad.pinpad.default.keyset.enum.row3.name=Default PinPad Keyset Row 3 bharosa.authentipad.pinpad.default.keyset.enum.row3.description=Default PinPad Keyset Row 3 bharosa.authentipad.pinpad.default.keyset.enum.row3.keys=bharosa.authentipad.pinpad.default.keyset.row3.enum bharosa.authentipad.pinpad.default.keyset.enum.row3.order=3 bharosa.authentipad.pinpad.default.keyset.enum.row4=3 bharosa.authentipad.pinpad.default.keyset.enum.row4.name=Default PinPad Keyset Row 4 bharosa.authentipad.pinpad.default.keyset.enum.row4.description=Default PinPad Keyset Row 4 bharosa.authentipad.pinpad.default.keyset.enum.row4.keys=bharosa.authentipad.pinpad.default.keyset.row4.enum bharosa.authentipad.pinpad.default.keyset.enum.row4.order=4
Each row is made of the following properties:
Table 7-5 Properties of Rows
Property | Description |
---|---|
name |
Name of the row. |
description |
Description of the row. |
keys |
Enum identifier of the enum that defines the keys in the row. |
order |
The order the key resides in the row of keys. |
In this case, the row1 enum is defined as follows:
bharosa.authentipad.pinpad.default.keyset.row1.enum=Default Pinpad Keyset Row 1 bharosa.authentipad.pinpad.default.keyset.row1.enum.key1=0 bharosa.authentipad.pinpad.default.keyset.row1.enum.key1.name=1 bharosa.authentipad.pinpad.default.keyset.row1.enum.key1.description=1 bharosa.authentipad.pinpad.default.keyset.row1.enum.key1.value=1 bharosa.authentipad.pinpad.default.keyset.row1.enum.key1.shiftvalue=1 bharosa.authentipad.pinpad.default.keyset.row1.enum.key1.image=kp_v2_1.png bharosa.authentipad.pinpad.default.keyset.row1.enum.key1.order=1 bharosa.authentipad.pinpad.default.keyset.row1.enum.key2=1 bharosa.authentipad.pinpad.default.keyset.row1.enum.key2.name=2 bharosa.authentipad.pinpad.default.keyset.row1.enum.key2.description=2 bharosa.authentipad.pinpad.default.keyset.row1.enum.key2.value=2 bharosa.authentipad.pinpad.default.keyset.row1.enum.key2.shiftvalue=2 bharosa.authentipad.pinpad.default.keyset.row1.enum.key2.image=kp_v2_2.png bharosa.authentipad.pinpad.default.keyset.row1.enum.key2.order=2 bharosa.authentipad.pinpad.default.keyset.row1.enum.key3=2 bharosa.authentipad.pinpad.default.keyset.row1.enum.key3.name=3 bharosa.authentipad.pinpad.default.keyset.row1.enum.key3.description=3 bharosa.authentipad.pinpad.default.keyset.row1.enum.key3.value=3 bharosa.authentipad.pinpad.default.keyset.row1.enum.key3.shiftvalue=3 bharosa.authentipad.pinpad.default.keyset.row1.enum.key3.image=kp_v2_3.png bharosa.authentipad.pinpad.default.keyset.row1.enum.key3.order=3
Each key is made of the following properties:
Table 7-6 Properties of Each Key
Property | Description |
---|---|
name |
Name of the key. |
description |
Description of the key. |
value |
The character value the key represents when clicked. |
shiftvalue |
The character value the key represents when in caps mode. |
image |
The image file name that will be used to display the visual representation of the key. |
order |
The order the key resides in the row of keys. |
This section contains information on customizing the application/virtual devices to contain locale-specific properties.
To enable locale-specific customizations, you must perform the following steps:
Create a client resource override file, client_resource_<locale>.properties
file. <locale>
is the locale for which you wish to use the custom values (en
, es
, and others)
Using the Properties Editor, set the value of bharosa.config.resourcebundle.clientoverride
to client_resource_<locale>.properties
.
The default value of this property is client_resource
.
The client_resource_<locale>.properties
file should contain:
Client-configured properties that are configurable for each locale being supported.
Messaging and page content configuration for the UIO system. For example, page titles, links at the bottom of the pages, page messages, error message, and confirmation messages.
During initial registration a user is assigned a word:word
pair for his KeyPad that is generated randomly from word list properties. In English the word:word
pairs are in the form, adjective:noun
.
In the English version of Oracle Adaptive Access Manager, there are several hundred values in the word lists. In all other languages it is necessary for the installer to enhance the brief word lists provided.
To add words to the word lists, in client_resource_fr.properties
, modify the bharosa.user.caption.word1.list
and bharosa.user.caption.word2.list
properties.
Localization of the KeyPad may have issues since not all languages have the same number of characters. Portuguese for example has special characters not found in English. The key layout may be a bit different when these character keys are added. When adding keys to the layout it is vital that there is still enough free space around the keys to allow the "jitter" to function. General best practice is a space at least as large as a single key all the way around the bank of keys when they are positioned in the center of the jitter area. The source art contains notes with the pixel sizes for this area.