Oracle Adaptive Access Manager: Administration

Rapid growth in online commerce has brought increasing sophistication of Internet fraud. Threats from phishing, pharming, trojans, key logging, and proxy attacks, combined with regulations and mandates governing online data privacy, place online security at a premium. Customers must feel protected for online business channels to grow. Oracle Adaptive Access Manager 10g(version 10.1.4) provides superior protection for businesses and their customers through strong yet easy-to-deploy multifactor authentication using two components: front-end Adaptive Strong Authenticator and back-end Adaptive Risk Manager. Adaptive Strong Authenticator's pure Web-based "virtual" authentication devices are graphical challenge/entry forms that enable online three-factor authentication, making applications safe from phishing, trojans, proxy attacks, and other threats. Adaptive Risk Manager offers proactive, real-time fraud prevention using risk analysis with scores and weights that trigger real-time alerts. Students install and configure the two components of Oracle Adaptive Access Manager: Adaptive Risk Manager (both Online and Offline) and Adaptive Strong Authenticator, integrating them with middleware environments.

In this course students configure rules for follow-up actions to prevent fraudulent transactions. Students schedule and run reports analyzing and describing the level of security for Web applications.

Learn To:

• Install the Adaptive Risk Manager and the Adaptive Strong Authenticator in an Application Server OC4J environment
• Group and list blacklisted and whitelisted originating locations
• Administer policies, models, and rules to control login behavior
• Discuss native static versus SOAP integration of Adaptive Strong Authentication and Adaptive Risk Management
• Integrate Oracle Adaptive Access Manager with Oracle Access Manager (OAM)
• Integrate Oracle Adaptive Access Manager with an LDAP server

Audience

• Security Administrators
• Web Administrator
• Security Compliance Professionals
• Security Compliance Auditors
• Administrator

Course Topics Identity Management Arena

• Hacking/phishing: problem and solution
• Trojan: problem and solution
• "Inside job": problem and solution
• Psychology of strong authentication
• Passwords versus challenges
• Knowledge base of questions
• Publicly available information
• Compare and contrast OAAM within suite of ID Mgmt products

Installation Preparation

• Minimum hardware and software prerequisites
• Operating system prerequisites
• Software prerequisites Application Server
• Software prerequisites Web Server
• Software prerequisites Database
• OAAM options: OAM
• OAAM options: LDAP, firewalls, certificate managers
• Pre-populating the database

Installing Oracle Adaptive Risk Manager and Oracle Adaptive Strong Authenticator

• Directory structures
• Directory considerations on multiple host platforms
• Directory considerations on multiple tenant hosts
• Deploying .war files
• Editing the six Oracle Adaptive Access Manager configuration files
• Locate/clone Adaptive Strong Authenticator device bitmap images
• Configuring Database connections and userID/passwords
• Configuring Logging options

Groups

• Describe how groups are used in Oracle Adaptive Risk Manager
• Listing the different kinds of groups
• Creating groups
• Insert, update, and delete members of a group
• Querying and reporting lists of groups
• Populate Geolocation Data to support location groups

Policies, Models, and Rules

• Relationship of policies, models, rules, and groups
• Policies and Models: security, business, workflow, third party
• Runtimes: pre-authorization, post-authorization, in-session
• Creating your own rules
• Linking groups to models
• Scores and weights (calculating the “risk”)
• Configuring Actions and Alerts
• Importing and exporting groups, rules, and models

OAM Integration

• OAM architecture
• Configuring WebGates for Oracle Access Manager and Oracle Adaptive Access Manager integration
• Configuring bharosa properties files for Oracle Access Manager and Oracle Adaptive Access Manager integration
• Programming Oracle Adaptive Access Manager APIs
• Installing third party libraries: ASDK (Access Server Software Developer Kit)

SOAP Integration

• How SOAP messages flow
• The APIs available to programmers
• Installing the sample SOAP client/server application
• Configuring Adaptive Risk Manager files to support SOAP integration
• Deploying the BigBank SOAP application

Reports

• Using Dashboard reports
• Scheduling reports
• Roles and groups in LDAP
• Offline Oracle Adaptive Risk Manager
• Customer care cases
• Challenge question/knowledge base administration

Course Objectives

• Group and list blacklisted and whitelisted originating locations
• Administer policies, models, and rules to control login behavior
• Discuss native static versus SOAP integration of Adaptive Strong Authenticator and Adaptive Risk Manager
• Integrate Oracle Adaptive Access Manager with Oracle Access Manager (OAM)
• Integrate Oracle Adaptive Access Manager with an LDAP server
• Describe today’s authentication challenges and Oracle’s solutions
• Identify Oracle Adaptive Access Manager’s strengths within Oracle’s complementary Identity Management E-Business Suite
• Install the Adaptive Risk Manager and the Adaptive Strong Authenticator in an Application Server OC4J environment