Oracle® Fusion Middleware Administrator's Guide for Oracle Adaptive Access Manager Release 11g (11.1.1) E14568-06 August 2011 Oracle Fusion Middleware Administrator's Guide for Oracle Adaptive Access Manager, Release 11g (11.1.1) E14568-06 Copyright © 2010, 2011, Oracle and/or its affiliates. All rights reserved. Primary Author: Priscilla Lee Contributors: Niranjan Ananthapadmanabha, Mandar Bhatkhande, Sree Chitturi, Josh Davis, Jordan Douglas, Philomina Dorai, Daniel Joyce, Mark Karlstrand, Wei Jie Lee, Srinivas Nagandla, Paresh Raote, Jatin Rastogi, Jim Redfield, Nandini Subramani, Elangovan Subramanian, Vidhya Subramanian, Dawn Tyler, Sachin Vanungare, Saphia Yunaeva, and Xiaobin Zheng. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services. Contents Preface.............................................................................................................................................................. xvii Audience.................................................................................................................................................... xvii Documentation Accessibility.................................................................................................................. xvii Related Documents................................................................................................................................. xviii Conventions............................................................................................................................................. xviii What's New in Oracle Adaptive Access Manager 11g Release 1 (11.1.1)?............. xix New Features for Oracle Adaptive Access Manager 11g Release 1 (11.1.1)..................................... xix Feature Comparison Chart - Oracle Adaptive Access Manager 11g vs. Oracle Adaptive Access Man- ager 10g xxii Concepts and Terminology Changes for Oracle Adaptive Access Manager 11g.......................... xxiii Part I Getting Started with Oracle Adaptive Access Manager 1 Introduction to Oracle Adaptive Access Manager 1.1 Benefits of Oracle Adaptive Access Manager......................................................................... 1-2 1.2 Oracle Adaptive Access Manager Features............................................................................ 1-3 1.3 Oracle Adaptive Access Manager Architecture..................................................................... 1-6 1.4 Deployment Options.................................................................................................................. 1-6 2 Setting Up the Oracle Adaptive Access Manager Environment for the First Time 2.1 Installation and Configuration.................................................................................................. 2-1 2.2 Setting Up the Oracle Adaptive Access Manager Base Environment ................................ 2-1 2.3 Setting Up CLI Environment..................................................................................................... 2-2 2.4 Setting Up Encryption and Database Credentials for Oracle Adaptive Access Manager 2-2 2.5 Creating OAAM Users............................................................................................................... 2-7 2.6 Importing the OAAM Snapshot............................................................................................... 2-8 2.7 Importing IP Location Data....................................................................................................... 2-9 2.8 Importing Transaction Definitions........................................................................................ 2-10 2.9 Enabling Components and Features..................................................................................... 2-10 2.10 Setting the Time Zone Used for All Time Stamps in the Administration Console........ 2-10 iii 3 Oracle Adaptive Access Manager Navigation 3.1 Signing In to Oracle Adaptive Access Manager 11g.............................................................. 3-1 3.2 OAAM Admin Console and Controls..................................................................................... 3-2 3.3 Navigation Panel......................................................................................................................... 3-4 3.4 Navigation Tree........................................................................................................................... 3-4 3.5 Policy Tree.................................................................................................................................... 3-8 3.6 Management Pages.................................................................................................................. 3-11 3.7 Dashboard................................................................................................................................. 3-17 3.8 Online Help............................................................................................................................... 3-17 3.9 Search, Create, and Import..................................................................................................... 3-18 3.10 Export to Excel.......................................................................................................................... 3-19 3.11 Access Level to OAAM Admin.............................................................................................. 3-20 Part II Customer Service and Forensics 4 Managing and Supporting CSR Cases 4.1 Introduction and Concepts........................................................................................................ 4-1 4.2 CSR and CSR Manager Role Permissions............................................................................... 4-4 4.3 Getting Started............................................................................................................................. 4-5 4.4 Cases Search Page....................................................................................................................... 4-6 4.5 Case Details Page........................................................................................................................ 4-8 4.6 Viewing Case Activity............................................................................................................. 4-11 4.7 Viewing Customer's Sessions................................................................................................. 4-12 4.8 Creating a CSR Case................................................................................................................ 4-14 4.9 Performing Customer Resets.................................................................................................. 4-17 4.10 Performing Challenge Question Resets................................................................................ 4-22 4.11 Enabling a Temporary Allow................................................................................................. 4-26 4.12 Performing Case Actions........................................................................................................ 4-27 4.13 Configuring Expiry Behavior for CSR Cases....................................................................... 4-33 4.14 Reporting................................................................................................................................... 4-33 4.15 Multitenancy............................................................................................................................. 4-33 4.16 Use Cases................................................................................................................................... 4-37 4.17 Best Practices and Recommendations................................................................................... 4-42 5 Investigation Using Agent Cases 5.1 Introduction and Concepts........................................................................................................ 5-1 5.2 Fraud Investigation Role Permission....................................................................................... 5-3 5.3 Opening the Case Search Page.................................................................................................. 5-4 5.4 Searching for Cases..................................................................................................................... 5-4 5.5 Viewing, Editing, and Creating Cases..................................................................................... 5-6 5.6 Editing Agent Cases................................................................................................................ 5-12 5.7 Linking and Unlinking Suspected Sessions to a Case........................................................ 5-16 5.8 Agent Case Feedback.............................................................................................................. 5-19 5.9 Configuring Agent Case Access............................................................................................ 5-20 5.10 Configuring Expiry/Overdue Behavior for Agent Cases.................................................. 5-20 5.11 Agent Use Cases....................................................................................................................... 5-20 iv 5.12 Best Practices and Recommendations................................................................................... 5-42 6 Viewing Additional Details for Investigation 6.1 Details Pages Overview............................................................................................................. 6-1 6.2 Details Page Structure................................................................................................................ 6-1 6.3 Prerequisites................................................................................................................................ 6-2 6.4 Searching for Sessions................................................................................................................ 6-2 6.5 Export Sessions to Excel............................................................................................................. 6-5 6.6 Add to Group.............................................................................................................................. 6-5 6.7 Session Details Page................................................................................................................... 6-9 6.8 Looking at Events from a Higher Level with Session Details........................................... 6-10 6.9 Investigation and the Importance of Details Pages............................................................ 6-14 6.10 Viewing Alerts.......................................................................................................................... 6-17 6.11 User Details Page..................................................................................................................... 6-17 6.12 IP or Locations (Country, State, or City) Details Page........................................................ 6-34 6.13 Device Details Page................................................................................................................. 6-45 6.14 Browser or Flash Fingerprint Details ................................................................................... 6-54 6.15 Alert Details Page.................................................................................................................... 6-63 6.16 Uses Cases................................................................................................................................. 6-73 Part III Managing KBA and OTP 7 Managing Knowledge-Based Authentication 7.1 Introduction and Concepts........................................................................................................ 7-1 7.2 Setting Up KBA Overview......................................................................................................... 7-9 7.3 Setting Up the System to Use Challenge Questions........................................................... 7-12 7.4 Accessing Configurations in KBA Administration............................................................. 7-13 7.5 Managing Challenge Questions............................................................................................. 7-13 7.6 Setting Up Validations for Answer Registration................................................................. 7-20 7.7 Managing Categories............................................................................................................... 7-24 7.8 Configuring the Registration Logic....................................................................................... 7-27 7.9 Adjusting Answer Logic......................................................................................................... 7-28 7.10 Customizing English Abbreviations and Equivalences..................................................... 7-33 7.11 Customizing Abbreviations and Equivalences for Locales............................................... 7-35 7.12 Use Cases................................................................................................................................... 7-35 7.13 KBA Guidelines and Recommended Requirements........................................................... 7-38 8 Enabling Challenge Questions 8.1 What is KBA?............................................................................................................................... 8-1 8.2 Phased Approach for Registration........................................................................................... 8-1 8.3 Checklist for Enabling Challenge Questions.......................................................................... 8-3 8.4 Ensure Policies are Available.................................................................................................... 8-3 8.5 Ensuring KBA Properties/Default Properties are Set........................................................... 8-3 8.6 Ensure Challenge Questions are Available............................................................................. 8-3 8.7 Enabling Policies......................................................................................................................... 8-4 8.8 Configuring Rules for Policies.................................................................................................. 8-4 v 8.9 Configuring the Challenge Question Answer Validation..................................................... 8-4 8.10 Configuring the Answer Logic ................................................................................................ 8-5 9 Setting Up OTP Anywhere 9.1 Introduction and Concepts........................................................................................................ 9-1 9.2 Challenge Type............................................................................................................................ 9-2 9.3 KBA vs. OTP................................................................................................................................ 9-3 9.4 Quick Start................................................................................................................................... 9-3 9.5 Setting Up OTP Anywhere........................................................................................................ 9-4 9.6 Use Cases................................................................................................................................... 9-17 Part IV Managing Policy Configuration 10 Managing Policies, Rules, and Conditions 10.1 Introduction to Policies, Rules, and Conditions.................................................................. 10-1 10.2 Planning Policies...................................................................................................................... 10-7 10.3 Overview of Creating a Policy............................................................................................... 10-8 10.4 Navigating to the Policies Search Page................................................................................. 10-9 10.5 Searching for a Policy............................................................................................................ 10-10 10.6 Viewing a Policy or a List of Policies.................................................................................. 10-11 10.7 Viewing Policy Details.......................................................................................................... 10-11 10.8 Creating Policies..................................................................................................................... 10-12 10.9 Linking Policy to All Users or a User ID Group................................................................ 10-14 10.10 Editing a Policy's General Information............................................................................... 10-15 10.11 Activate/Disable Policies..................................................................................................... 10-17 10.12 Adding a New Rule............................................................................................................... 10-17 10.13 Working with Trigger Combinations ................................................................................. 10-20 10.14 Deleting Policies..................................................................................................................... 10-24 10.15 Copying a Rule to a Policy.................................................................................................... 10-25 10.16 Copying a Policy to Another Checkpoint.......................................................................... 10-25 10.17 Exporting and Importing a Policy....................................................................................... 10-26 10.18 Navigating to the Rules Search Page.................................................................................. 10-27 10.19 Searching for Rules................................................................................................................ 10-28 10.20 Viewing Rule Details............................................................................................................. 10-29 10.21 Editing Rules........................................................................................................................... 10-30 10.22 Working with Scores and Weights...................................................................................... 10-34 10.23 Activate/Disable Rule........................................................................................................... 10-34 10.24 Deleting Rules......................................................................................................................... 10-35 10.25 Searching Conditions............................................................................................................ 10-35 10.26 Importing Conditions............................................................................................................ 10-36 10.27 Adding Conditions to a Rule............................................................................................... 10-36 10.28 Viewing the Condition Details of a Rule............................................................................ 10-39 10.29 Exporting a Condition........................................................................................................... 10-39 10.30 Editing Conditions................................................................................................................. 10-39 10.31 Changing the Order of Conditions in a Rule..................................................................... 10-40 10.32 Deleting Conditions............................................................................................................... 10-40 vi 10.33 Deleting Conditions from a Rule......................................................................................... 10-40 10.34 Use Cases................................................................................................................................. 10-41 10.35 Best Practices.......................................................................................................................... 10-57 11 OAAM Security and Autolearning Policies 11.1 Authentication Flow................................................................................................................ 11-1 11.2 Forgot Password Flow............................................................................................................. 11-2 11.3 Reset Password (KBA-Challenge) Flow............................................................................... 11-3 11.4 OAAM Checkpoints and Responsibilities............................................................................ 11-4 11.5 Out-of-the-Box OAAM Policies............................................................................................. 11-4 11.6 Use Cases................................................................................................................................. 11-28 12 Managing Groups 12.1 About Groups........................................................................................................................... 12-1 12.2 Group Types............................................................................................................................. 12-1 12.3 Group Usage............................................................................................................................. 12-3 12.4 User Flows................................................................................................................................. 12-3 12.5 Navigating to the Groups Search Page................................................................................. 12-4 12.6 Searching for a Group............................................................................................................. 12-5 12.7 Viewing Details about a Group............................................................................................. 12-6 12.8 Adding an Entity to a Group.................................................................................................. 12-7 12.9 Group Characteristics.............................................................................................................. 12-7 12.10 Creating a Group..................................................................................................................... 12-8 12.11 Creating a New Element/Member to Add to the Group (No Search and Filter Options)...... 12-11 12.12 Filtering an Existing List to Select an Element to Add to the Group (No Creation of a New Element) 12-12 12.13 Searching for and Adding Existing Elements or Creating and Adding a New Element ........ 12-13 12.14 Adding Alerts to a Group..................................................................................................... 12-17 12.15 Searching for and Adding Existing Elements.................................................................... 12-18 12.16 Editing a Member of a Group.............................................................................................. 12-20 12.17 Removing Members of a Group.......................................................................................... 12-21 12.18 Removing a User from a User Group................................................................................. 12-22 12.19 Exporting and Importing a Group...................................................................................... 12-22 12.20 Deleting Groups..................................................................................................................... 12-23 12.21 Updating a Group Directly................................................................................................... 12-24 12.22 Use Cases................................................................................................................................. 12-24 12.23 Best Practices.......................................................................................................................... 12-30 13 Managing the Policy Set 13.1 Introduction and Concepts..................................................................................................... 13-1 13.2 Navigating to the Policy Set Details Page............................................................................ 13-2 13.3 Viewing Policy Set Details...................................................................................................... 13-2 13.4 Adding or Editing a Score Override..................................................................................... 13-3 13.5 Adding or Editing an Action Override................................................................................. 13-3 vii 13.6 Editing a Policy Set.................................................................................................................. 13-4 13.7 Use Cases................................................................................................................................... 13-4 13.8 Best Practices for the Policy Set.............................................................................................. 13-6 14 Using the Scoring Engine 14.1 Concept of Scores..................................................................................................................... 14-1 14.2 How Does Risk Scoring Work?.............................................................................................. 14-3 14.3 Score Calculations.................................................................................................................... 14-6 14.4 Best Practices............................................................................................................................ 14-7 15 Creating Checkpoints 15.1 Creating a New Checkpoint................................................................................................... 15-1 15.2 Creating a Checkpoint Example............................................................................................ 15-2 16 Managing System Snapshots 16.1 Concepts.................................................................................................................................... 16-1 16.2 Navigating to the System Snapshot Search Page................................................................ 16-3 16.3 Searching for a Snapshot......................................................................................................... 16-3 16.4 Viewing Details of a Snapshot............................................................................................... 16-4 16.5 Creating a Backup.................................................................................................................... 16-5 16.6 Restoring a Snapshot............................................................................................................... 16-6 16.7 Importing a Snapshot.............................................................................................................. 16-8 16.8 Deleting a Snapshot................................................................................................................. 16-8 16.9 Limitations of Snapshots......................................................................................................... 16-8 16.10 Diagnostics................................................................................................................................ 16-8 16.11 Use Cases................................................................................................................................... 16-8 16.12 Best Practices for Snapshots................................................................................................... 16-9 Part V Autolearning 17 Managing Autolearning 17.1 Introduction and Concepts..................................................................................................... 17-1 17.2 Quick Start for Enabling Autolearning for Your System................................................... 17-8 17.3 Before You Begin to Use Autolearning................................................................................. 17-9 17.4 User Flows............................................................................................................................... 17-10 17.5 Navigating to the Patterns Search Page.............................................................................. 17-11 17.6 Searching for a Pattern.......................................................................................................... 17-11 17.7 Navigating to the Patterns Details Page............................................................................. 17-14 17.8 Viewing Pattern Details........................................................................................................ 17-14 17.9 Creating and Editing Patterns.............................................................................................. 17-14 17.10 Importing and Exporting Patterns...................................................................................... 17-22 17.11 Deleting Patterns.................................................................................................................... 17-23 17.12 Using Autolearning Data/Profiling Data.......................................................................... 17-23 17.13 Use Cases................................................................................................................................. 17-24 17.14 Autolearning Properties........................................................................................................ 17-34 17.15 Checking if Autolearning Pattern Analysis Functioning................................................. 17-37 viii 17.16 Checking if Autolearning Rules are Functioning.............................................................. 17-38 17.17 Autolearning Classes and Logging..................................................................................... 17-38 17.18 Pattern Attributes Reference................................................................................................ 17-38 17.19 Pattern Attributes Operators Reference............................................................................. 17-43 18 Managing Configurable Actions 18.1 Introduction and Concepts..................................................................................................... 18-1 18.2 Creating Configurable Actions.............................................................................................. 18-3 18.3 Navigating to the Action Templates Search Page............................................................... 18-4 18.4 Searching for Action Templates............................................................................................. 18-4 18.5 Viewing Action Template Details.......................................................................................... 18-4 18.6 Creating a New Action Template.......................................................................................... 18-5 18.7 Navigating to the Action Instances Search Page................................................................. 18-6 18.8 Searching for Action Instances............................................................................................... 18-6 18.9 Creating an Action Instance and Adding it to a Checkpoint............................................ 18-7 18.10 Creating a Custom Action Instance....................................................................................... 18-9 18.11 Editing an Action Template.................................................................................................. 18-10 18.12 Exporting Action Templates................................................................................................. 18-10 18.13 Importing Action Templates................................................................................................ 18-10 18.14 Moving an Action Template from a Test Environment................................................... 18-10 18.15 Deleting Action Templates................................................................................................... 18-11 18.16 Viewing a List of Configurable Action Instances.............................................................. 18-11 18.17 Viewing the Details of an Action Instance......................................................................... 18-11 18.18 Editing an Action Instance.................................................................................................... 18-12 18.19 Deleting an Existing Action Instance.................................................................................. 18-12 18.20 Out-of-the-Box Configurable Actions................................................................................. 18-12 18.21 Use Cases................................................................................................................................. 18-14 19 Predictive Analysis 19.1 Important Terms...................................................................................................................... 19-1 19.2 Prerequisites............................................................................................................................. 19-2 19.3 Initial Setup............................................................................................................................... 19-3 19.4 Rebuild the ODM Models to Provide Feedback and Update Training Data.................. 19-4 19.5 Policy Evaluation..................................................................................................................... 19-5 19.6 Tuning the Predictive Analysis Rule Conditions................................................................ 19-5 19.7 Adding Custom Database Views........................................................................................... 19-6 19.8 Adding Custom Grants........................................................................................................... 19-6 19.9 Adding New ODM Models.................................................................................................... 19-6 19.10 Adding Custom Input Data Mappings................................................................................. 19-7 Part VI Managing Transactions 20 Creating and Managing Entities 20.1 Introduction and Concepts..................................................................................................... 20-1 20.2 Navigating to the Entities Search Page................................................................................. 20-2 20.3 Searching for Entities............................................................................................................... 20-3 ix 20.4 Creating an Entity.................................................................................................................... 20-4 20.5 Viewing Details of a Specific Entity...................................................................................... 20-9 20.6 Editing the Entity................................................................................................................... 20-10 20.7 Exporting Entities.................................................................................................................. 20-10 20.8 Importing Entities.................................................................................................................. 20-11 20.9 Activating Entities.................................................................................................................. 20-11 20.10 Deactivating Entities.............................................................................................................. 20-11 20.11 Deleting Entities..................................................................................................................... 20-12 20.12 Re-ordering the Rows in the ID Scheme and Display tabs.............................................. 20-12 20.13 Best Practices.......................................................................................................................... 20-12 21 Managing Transactions 21.1 Introduction and Concepts..................................................................................................... 21-1 21.2 Overview of Defining and Using Transaction Definition.................................................. 21-2 21.3 Navigating to the Transactions Search Page........................................................................ 21-4 21.4 Searching for a Transaction Definition................................................................................. 21-5 21.5 Viewing Transaction Definitions........................................................................................... 21-5 21.6 Prerequisites for Using Transactions.................................................................................... 21-5 21.7 Creating the Transaction Definition ..................................................................................... 21-6 21.8 Adding an Existing Entity to the Transaction..................................................................... 21-6 21.9 Creating a New Entity and Adding It to the Transaction.................................................. 21-7 21.10 Defining Transaction Data for the Transaction at the Oracle Adaptive Access Manager End 21-7 21.11 Defining Parameters for the Transaction from the Client's End....................................... 21-8 21.12 Mapping the Source Data....................................................................................................... 21-9 21.13 Activating the Transaction Definition................................................................................ 21-10 21.14 Editing a Transaction Definition.......................................................................................... 21-11 21.15 Exporting Transaction Definitions...................................................................................... 21-11 21.16 Importing Transaction Definition........................................................................................ 21-12 21.17 Activating a Transaction Definition.................................................................................... 21-12 21.18 Deactivating a Transaction Definition................................................................................ 21-12 21.19 Deleting Transaction Definitions......................................................................................... 21-13 21.20 Use Cases................................................................................................................................. 21-13 Part VII OAAM Offline Environment 22 OAAM Offline 22.1 Concepts.................................................................................................................................... 22-1 22.2 Access Control.......................................................................................................................... 22-6 22.3 Installation and Configuration of OAAM Offline System................................................. 22-6 22.4 Scheduling Jobs........................................................................................................................ 22-9 22.5 Testing Policies and Rules...................................................................................................... 22-9 22.6 What to Expect in OAAM Offline....................................................................................... 22-10 22.7 Monitoring OAAM Offline................................................................................................... 22-11 22.8 Creating a View for Offline Loader For Non-OAAM Database..................................... 22-12 22.9 Loading from Non-Oracle or Non-Microsoft Server SQL Server Database.................. 22-12 22.10 Changing the Checkpoints to Run...................................................................................... 22-13 x
Description: