Generate OTP with Oracle User Messaging Service

Introduction

One Time Password (OTP) is used to authenticate an individual based on a single-use alphanumeric credential. The OTP is delivered to the user’s configured delivery method. The user then provides the OTP credential as the response to proceed with the operation. The following are major benefits of using out-of-band OTP

• If the end user’s browser/internet is compromised, the authentication can safely take place in another band of communication separate from the browser
• The user does not require any proprietary hardware or client software of any kind.

Implementing OTP Anywhere 

OTP Anywhere allows end users to authenticate themselves by entering a server generated one-time-password (OTP). When the OTP is sent via SMS, the user’s cell phone serves as a physical second factor that the user has in their possession. As well, the authentication is being sent out-of-band to increase the level of assurance that only the valid user has access to the one-time password.

Benefits of OTP Anywhere are:

• It is built on 11g Challenge Processor framework
• Out of the box integration with Oracle User Messaging Service
• Customizable registration user interface
• Optional Opt-Out functionality
• Email and SMS supported delivery channels

About the Implementation Of- OTP

One-Time Password (OTP) is a form of secondary authentication, which is used in addition to standard user name and password credentials to strengthen the existing authentication and authorization process, thereby providing additional security for users. The application sends a one-time password that is only valid for the current session to the user. This password is used to challenge the user to verify the user’s identity.

Oracle Adaptive Access Manager 11g provides the framework to support One Time Password (OTP) authentication using Oracle User Messaging Service (UMS).

This implementation enables an application to use OTP to challenge users with Oracle User Messaging Service (UMS) used as the method to deliver the password.

The high-level integration tasks consist of:

• Prerequisites
• Configuring OTP
• Customizing OTP
• Registering SMS Processor to Perform Work for Challenge Type
• Configuring the Challenge Pads Used for Challenge Types
• Customizing OTP Anywhere Data Storage

Prerequisites and Required Softwares

Ensure that the following prerequisites are met before configuring OTP for your application.

• Ensure you are familiar with deploying custom OAAM extensions.
• Oracle Adaptive Access Manager is customized through adding customized jars and files to extensions shared library.

1 )   Install SOA Suite

Oracle SOA Suite must be installed outside of the OAAM domains. UMS is a part of SOA.

2)  Configure the UMS Driver

UMS must be configured for appropriate delivery gateways on the SOA that the OAAM Server is configured to send messages through.

UMS Drivers connect UMS to the messaging gateways, adapting content to the various protocols supported by UMS. Drivers can be deployed or un deployed independently of one another depending on what messaging channels are available in a given installation.

3) Email Driver

Configure the Email driver to an SMTP server

4) SMPP Driver

Short Message Peer-to-Peer (SMPP) is one of the most popular GSM SMS protocols. User Messaging Service includes a prebuilt implementation of the SMPP protocol as a driver that is capable of both sending and receiving short messages.

 Below are the Main types of OTP Password Message

1) Customize OTP Email Message

OTP Email message properties are shown below.

2) Customize OTP IM Message

OTP IM message properties are shown below. (HTML input name for instant message field)

3) Customize OTP Voice Message

OTP Voice message properties are shown below.

Customizing OTP Anywhere Data Storage

The default implementation expands on the interface to break every get and set into two items: UserDataValue and UserDataFlag. The UserDataFlag is used by OAAM to track that a value has been set, or soft reset a value. When rules are used to check if a user is registered for a given item, the UserDataFlag will be checked in the OAAM database. The UserDataValue is the actual data element entered by the user. In the default implementation, this is also stored in the OAAM database, but by extending the DefaultContactInfoManager class and overriding the user data value methods (getUserDataValue and setUserDataValue) the data can be stored in an external location if required. 

Method

Conclusion

One-time password systems provide a mechanism for logging on to a network or service using a unique password which can only be used once which provides high security to transactions and detecting the real credentials.

About Author

Ramya Manoharan, Oracle Certified Techincal consultant of 4i Apps Solutions, an Oracle Platinum Partner company helping customers in Enterprise application implementation and maintenance services with valuable support. She is a technology enthusiast and always delighted to explore Oracle technologies to deliver the best in class solution to the customer.

Source / Reference Links

https://docs.oracle.com/cd/E23943_01/dev.1111/e15480/umsotp1.htm#AADEV6521

https://docs.oracle.com/html/E27206_01/umsotp1.htm