Oracle Adaptive Access Manager Questions & Answers

Oracle Adaptive Access Manager:

Q: What is auto-learning?
A: Auto-learning is a set of functions in OAAM that profiles behavior. The behavior of users, devices and locations themselves are recorded and used to evaluate current behavior. For example, OAAM can profile a user based on login time. If John logs in between 8am – 10am 87% of the time then the risk level is elevated if he is attempting to login at 2am. In other words he is outside of his normal login time profile.

Q: How can OAAM prevent phishing?
A: There are a number of anti-phishing features of OAAM. Phishing attacks are often aimed at credential theft. A Phishing site will usually send the users to the real site once they steal their credentials so the user does not suspect anything has gone wrong. When this happens OAAM can recognize that the user is coming from a referral URL not sanctioned by the bank. When OAAM sees this it can add the user to a “Blacklisted ” group. Users of this group will need to answer security questions while attempting transactions.

Q: What are different keystores used in OAAM?
A: There are 3 keystores, System, Database and SOAP/WebServices. Encryption of SOAP keystore is optional.

  1. System Keystore: Used for encrypting properties and other non-db related data
  2. Database: VCryptPassword and Transaction tables. Containing data such as password, PIN, Transaction data (like credit card #, etc)…
  3. SOAP/WebServices: On the client side to authenticate Web Services request

Q: Can OAM provide SSO access to the OAAM admin console application? 
A: Yes, OAAM Admin is a standard web application and uses container provided Authentication out of the box.

This is pretty much standard integration for OAM that we support for any custom application. This case is simply more special because the custom application turns out to be OAAM.

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

13 comments
Rajeev says October 20, 2010

Hi
Can OAAM provide all the functionality provided by OAM?I understand it provide some additional functionalities like Fraud management and Real time risk assessment.
The objective is-Can i replace OAM with OAAM?

Reply
Atul Kumar says October 20, 2010

@ Rajeev,
No OAAM can’t provide all functionality of OAM. These two provide different functionality however some of functions are common in two.

Reply
Mahendra says October 20, 2010

Rajeev,

As Atul said, you cannot replace OAM with OAAM. This is because OAAM is used for fraud prevention and OAM is used for web access control mechanism. Both are two different leaves altogether.

-Mahendra.

Reply
» Oracle Adaptive Access Manager (OAAM) for beginners Online Apps DBA: One Stop Shop for Apps DBA’s says May 19, 2012

[…] OES, OIF, eSSO, OpenSSO Fedlet, OWSM, and STS ).  To know more about OAAM check Mahendra’s post and for OAAM version 11.1.1.5 my previous post here. For list of all Oracle Identity and Access […]

Reply
Mick says May 21, 2012

Can the case management module in OAAM be made to integrate to OCH, so that customer details (name, address, etc) need not be copied to the OAAM database when a case is created, but instead only accessed via service calls from the case management screens? The customer details are not required for any of the detection rules.

Reply
carmel says February 27, 2014

Hello Mahendra,

I come along your good posts and I need to clarify for the exam preparation one question please:

1z0-459 exam question) To keep a OIM deployment secure you should have a user set for receiving questions and answers , however this behavior need to be changed when you are using OAAM settings. How can you change this behavior in OIM?

Looking forward to hear from you! thanks!

Reply
Mahendra says February 27, 2014

Carmel,

OIM by default provides challenge questions for secure login. You don’t need OAAM. If your OIM web application is accessed by your organization or external users to perform some job (like self service requests etc.,) and you wish to enforce runtime checks such as fingerpriting etc., then you can use OAAM.

HTH.

-Mahendra

Reply
carmel says February 27, 2014

Hi Mahendra,

we want to use OAAM to enforce security for an user , same way like the regular one that uses Q&A’s from OIM.

But how to enforce this security ?
what features/benefits brings OAAM for this enhancement?

Can you share with me also a link with documentation besides your comments ?

Thanks !
Silviu

Reply
carmel says February 28, 2014

Hello Mahendra and Atul,

thank you for comments, really appreciate it since I will write the exam by next month:

I want to know more about integration OPAM with OIA (if I am correct here about OIA or OIM is the integration possible)

what set of tasks must be performed on OPAM when integrate OPAM with OIA?

Thanks and Regards!

Reply
    Atul Kumar says March 1, 2014

    @Carmel,
    You integrate OPAM with provisioning server like OIM or other business applications that uses superusers like EBS, AD etc

    Reply
      Atul Kumar says March 1, 2014

      @Carmel,
      Just to add to previous comment, you can integrate OPAM with OIA to manage OIA system accounts but there are no step by step documented steps.

      Reply
Add Your Reply