Returns list of challenges available for the user.
post
/authn/v1
Returns information about the challenges available for the user. If there is only one challenge option, the challenge can be initiated automatically.
API call should be made with canonical uniqueUserId along with userId and groups. The user record is fetched using the canonical uniqueUserId. If canonical uniqueUserId is not provided, the combination of userId and groups is used to locate the user.
API call should be made with canonical uniqueUserId along with userId and groups. The user record is fetched using the canonical uniqueUserId. If canonical uniqueUserId is not provided, the combination of userId and groups is used to locate the user.
Request
There are no request parameters for this operation.
Supported Media Types
- application/xml
- application/json
Root Schema : schema
Type:
objectAuthnRequest contains user and context information to fetch challenges and initalize authn
Show Source
-
clientInfo(required): object
ClientInfo
Information about the calling service provider.
-
context(required): object
UserContext
Additional context that can be provided by the caller while calling the preferecences API including assurance level, cookies, header, ip address, resource urls, user agents etc.
-
timeToLiveInSec: integer
duration of the blocking call when initiating blocking call. After the duration, the blocking call will be invalidated. Default to 300 seconds (5 Mins)
-
userInfo: object
UserInfo
User information provided by the caller to identify the user in the system. This is an optional parameter.
Nested Schema : ClientInfo
Type:
objectInformation about the calling service provider.
Show Source
-
clientId(required): string
Identifier of the client that uniquely identify the client
-
clientSecret(required): string
client secret that is used to validate the client
-
ctype: string
Provides the information regarding the mechanism available for user interaction.
Nested Schema : UserContext
Type:
objectAdditional context that can be provided by the caller while calling the preferecences API including assurance level, cookies, header, ip address, resource urls, user agents etc.
Show Source
-
assuranceLevel: object
assuranceLevel
requested assurance level by the end user. The field needs to be populated by service provider based on the requested resource.
-
correlationId: string
transaction id provided by the challenge api if called previously.
-
customContext(required): object
CustomContext
Additional context present in the user request.
Nested Schema : UserInfo
Type:
objectUser information provided by the caller to identify the user in the system. This is an optional parameter.
Show Source
-
groups: array
groups
The groups that user belongs to. OAA supports only one group element in array.
-
locale: string
The current locale of the user which will override preferred locale in user preference.
-
uniqueUserId: string
Canonical ID of the user in the external systems. If this is present, then it takes precedence over userId + groupId combination.
-
userId(required): string
The login id of user.
Nested Schema : assuranceLevel
Type:
objectrequested assurance level by the end user. The field needs to be populated by service provider based on the requested resource.
Nested Schema : CustomContext
Type:
objectAdditional context present in the user request.
Show Source
-
currentauthlevel: integer
current authentication level of the user, if any at the time of making the challenge request.
-
headers: array
headers
Headers, if any, present in the user access request. The content will be provided as input for rule execution.
-
ipAddr(required): string
incoming ip address
-
ipforwarded: string
x-Forwarded-for from the user environment
-
ldapattributes: array
ldapattributes
ldap atrributes of user
-
ldapgroup: array
ldapgroup
ldap groups of the user
-
requestedauthlevel: integer
requested authn level of the user
-
resource: string
Resource requested by the user.
-
userAgent: string
user-agent string from the user request
-
userCookies: array
userCookies
Cookies present in the user access request.
Nested Schema : headers
Type:
arrayHeaders, if any, present in the user access request. The content will be provided as input for rule execution.
Show Source
-
Array of:
object KeyValPair
Key-value pair which can be used generically.
Nested Schema : ldapattributes
Type:
arrayldap atrributes of user
Show Source
-
Array of:
object KeyValPair
Key-value pair which can be used generically.
Nested Schema : userCookies
Type:
arrayCookies present in the user access request.
Show Source
-
Array of:
object KeyValPair
Key-value pair which can be used generically.
Nested Schema : KeyValPair
Type:
objectKey-value pair which can be used generically.
Show Source
-
key(required): string
Key that can be used to fetch the related value.
-
value(required): object
value
associated value.
Nested Schema : value
Type:
objectassociated value.
Nested Schema : groups
Type:
arrayThe groups that user belongs to. OAA supports only one group element in array.
Show Source
Root Schema : schema
Type:
objectAuthnRequest contains user and context information to fetch challenges and initalize authn
Show Source
-
clientInfo(required): object
ClientInfo
Information about the calling service provider.
-
context(required): object
UserContext
Additional context that can be provided by the caller while calling the preferecences API including assurance level, cookies, header, ip address, resource urls, user agents etc.
-
timeToLiveInSec: integer
duration of the blocking call when initiating blocking call. After the duration, the blocking call will be invalidated. Default to 300 seconds (5 Mins)
-
userInfo: object
UserInfo
User information provided by the caller to identify the user in the system. This is an optional parameter.
Nested Schema : ClientInfo
Type:
objectInformation about the calling service provider.
Show Source
-
clientId(required): string
Identifier of the client that uniquely identify the client
-
clientSecret(required): string
client secret that is used to validate the client
-
ctype: string
Provides the information regarding the mechanism available for user interaction.
Nested Schema : UserContext
Type:
objectAdditional context that can be provided by the caller while calling the preferecences API including assurance level, cookies, header, ip address, resource urls, user agents etc.
Show Source
-
assuranceLevel: object
assuranceLevel
requested assurance level by the end user. The field needs to be populated by service provider based on the requested resource.
-
correlationId: string
transaction id provided by the challenge api if called previously.
-
customContext(required): object
CustomContext
Additional context present in the user request.
Nested Schema : UserInfo
Type:
objectUser information provided by the caller to identify the user in the system. This is an optional parameter.
Show Source
-
groups: array
groups
The groups that user belongs to. OAA supports only one group element in array.
-
locale: string
The current locale of the user which will override preferred locale in user preference.
-
uniqueUserId: string
Canonical ID of the user in the external systems. If this is present, then it takes precedence over userId + groupId combination.
-
userId(required): string
The login id of user.
Nested Schema : assuranceLevel
Type:
objectrequested assurance level by the end user. The field needs to be populated by service provider based on the requested resource.
Nested Schema : CustomContext
Type:
objectAdditional context present in the user request.
Show Source
-
currentauthlevel: integer
current authentication level of the user, if any at the time of making the challenge request.
-
headers: array
headers
Headers, if any, present in the user access request. The content will be provided as input for rule execution.
-
ipAddr(required): string
incoming ip address
-
ipforwarded: string
x-Forwarded-for from the user environment
-
ldapattributes: array
ldapattributes
ldap atrributes of user
-
ldapgroup: array
ldapgroup
ldap groups of the user
-
requestedauthlevel: integer
requested authn level of the user
-
resource: string
Resource requested by the user.
-
userAgent: string
user-agent string from the user request
-
userCookies: array
userCookies
Cookies present in the user access request.
Nested Schema : headers
Type:
arrayHeaders, if any, present in the user access request. The content will be provided as input for rule execution.
Show Source
-
Array of:
object KeyValPair
Key-value pair which can be used generically.
Nested Schema : ldapattributes
Type:
arrayldap atrributes of user
Show Source
-
Array of:
object KeyValPair
Key-value pair which can be used generically.
Nested Schema : userCookies
Type:
arrayCookies present in the user access request.
Show Source
-
Array of:
object KeyValPair
Key-value pair which can be used generically.
Nested Schema : KeyValPair
Type:
objectKey-value pair which can be used generically.
Show Source
-
key(required): string
Key that can be used to fetch the related value.
-
value(required): object
value
associated value.
Nested Schema : value
Type:
objectassociated value.
Nested Schema : groups
Type:
arrayThe groups that user belongs to. OAA supports only one group element in array.
Show Source
Response
Supported Media Types
- application/xml
- application/json
200 Response
Success
Root Schema : AuthnResponse
Type:
objectThe object describes the options available to end user for challenge otherwise also return the default challenge mechanism as per service provider.
Show Source
-
apiResponse: object
StatusInfo
Status of the fetch challenge info request. It contains the information required to process the user authentication request.
-
challengecontext: object
InitContext
-
challengeInfo: array
challengeInfo
A user can be challenged in many ways, the object will contain all the possible ways a user can be authenticated. In case the user information is not available in the request, the Default challenge mechanism as per the service provider configuration will be present.
-
challengeselectiontext: string
Message to be displayed to select one of multiple challenges
-
cookies: array
cookies
Cookies present in the user access request.
-
correlationId: string
transaction id provided by the challenge api. Also this field contains previous id used within the session to update store.
-
nonce: string
random string to identify the future request. This will change in each response and the lastest nonce is expected in the finalize call.
-
resource: string
The resource for which the access was requested. This will be returned only when the user is authenticated and no further challenge is needed.
Nested Schema : StatusInfo
Type:
objectStatus of the fetch challenge info request. It contains the information required to process the user authentication request.
Show Source
-
code: integer
Code representing the challenge status.
-
message: string
Error message generated if the server is unable to process the request.
-
status(required): string
status of the fetch challenge info for user request. It will be one of the following authenticated/pending verification/pending identification/failed/error/missing registration/challenge blocked.
Nested Schema : InitContext
Type:
Show Source
object-
factorAttributes: array
factorAttributes
-
factorKey: string
the name of the factor that is selected by end user.
-
failureURL: string
Resource where flow should be redirected to in case of failed challenge. Most times this will be URL of the finalizerChallenge.
-
groupId: string
Group Id or app-name as applicable for user.
-
requestParams: array
requestParams
-
successURL: string
Resource where flow should be redirected to in case of successful challenge.
-
timeToLiveInSec: integer
duration of the blocking call when initiating blocking call. After the duration, the blocking call will be invalidated.
-
uniqueUserId: string
Immutable ID of the user in the external systems. If this is present, then it takes precedence over userId + groupId combination.
-
userId: string
Identifier of the user. May be further qualified by groupId.
Nested Schema : challengeInfo
Type:
arrayA user can be challenged in many ways, the object will contain all the possible ways a user can be authenticated. In case the user information is not available in the request, the Default challenge mechanism as per the service provider configuration will be present.
Show Source
-
Array of:
object FactorChallengeInfo
information required to process user request using the factors available to it will be present in the object.
Nested Schema : factorAttributes
Type:
Show Source
array-
Array of:
object UserFactorAttribute
A map represented as an array of entries.
Nested Schema : requestParams
Type:
Show Source
array-
Array of:
object KeyValPair_2
Key-value pair which can be used generically.
Nested Schema : UserFactorAttribute
Type:
objectA map represented as an array of entries.
Show Source
-
userAttributeName: string
Name of factor specific attribute for this user.
-
userAttributeValue: string
Value of factor specific attribute for this user.
Nested Schema : KeyValPair_2
Type:
objectKey-value pair which can be used generically.
Show Source
-
key(required): string
Key that can be used to fetch the related value.
-
value(required): object
value
Content that needs to be provided.
Nested Schema : value
Type:
objectContent that needs to be provided.
Nested Schema : FactorChallengeInfo
Type:
objectinformation required to process user request using the factors available to it will be present in the object.
Show Source
-
displayOrder(required): integer
The order of display to user when multiple factors are present
-
factorContext(required): object
FactorContext
The context required by factor to process the user authentication request.
-
factorKey: string
key of the factor that can be used for registration.
-
factorName(required): string
name of the factor
-
factorUrl(required): string
URL of the factor
Nested Schema : FactorContext
Type:
objectThe context required by factor to process the user authentication request.
Show Source
-
challengeAttrMap(required): array
challengeAttrMap
-
isSelected(required): boolean
if this is the selected option as per the user preference.
-
prompts(required): array
prompts
the display prompt will contain one or more prompts that can be further selected by user.
-
promptselectmessage: string
Message to select one of the challenge prompts.
Nested Schema : challengeAttrMap
Type:
Show Source
array-
Array of:
object FactorAttribute
A map represented as an array of entries.
Nested Schema : prompts
Type:
arraythe display prompt will contain one or more prompts that can be further selected by user.
Show Source
-
Array of:
object Prompt
Prompt the can be displayed to end user
Nested Schema : FactorAttribute
Type:
objectA map represented as an array of entries.
Show Source
-
factorAttributeName: string
Name of factor specific attribute.
-
factorAttributeValue: string
Value of factor specific attribute.
-
isValidated: boolean
If the given attribute is validated. Some attributes do not require validation hence this field is optional.
-
isVerified: boolean
is the given attribute is verified. Some attributes does not require verification hence this field is optional.
Nested Schema : Prompt
Type:
objectPrompt the can be displayed to end user
Show Source
-
challengeText: string
Message to be displayed on the challenge screen.
-
name: string
friendly name of the device or the prompt.
-
prompt: string
Masked device info.
-
prompttext: string
Message string that can be displayed to end user for selection.
-
requiredInputType: string
Enumeration of none/text/radio/checkbox/textarea/waitingpage
-
selected: boolean
if this particular prompt is selected.
-
validated: boolean
if the prompt is validated
-
verified: boolean
if the prompt is verified
Nested Schema : KeyValPair
Type:
objectKey-value pair which can be used generically.
Show Source
-
key(required): string
Key that can be used to fetch the related value.
-
value(required): object
value
associated value.
Nested Schema : value
Type:
objectassociated value.
400 Response
if the authn request failed due to validation of parameters.
Examples
The following example shows a sample request and response for retrieving a list of challenges preferred by the user.
cURL Command to Retrieve a List of Challenges in JSON Format
curl --location --request POST '<OAAService>/oaa/runtime/authn/v1' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic <Base64Encoded(<username>:<password>)>' \
--data '{"userInfo": {
"userId": "user1",
"groups": [
"financeapp"
],
"uniqueUserId": "22a29071-16f2-4b69-a94c-73be672e34eb"
},
"clientInfo": {
"ctype": "api",
"clientSecret": "9e32ba0a-fd8f-4e17-a5f3-283198bb758e",
"clientId": "0c13659b-c7f7-4200-8a12-f94f545eb756"
},
"context": {
"assuranceLevel": "AssuranceLevel7",
"customContext": {
"ipAddr": "198.51.100.2"
}
},
"timeToLiveInSec": 300
}'
Sample Response in JSON Format
{
"apiResponse": {
"code": "OAA-40001",
"status": "Pending",
"message": "Authentication Required"
},
"correlationId": "bcd724de-1717-4faa-b7b8-221be5e183fd",
"challengeselectiontext": "Choose a method to login.",
"challengeInfo": [
{
"displayOrder": 1,
"factorName": "Oracle Mobile Authenticator",
"factorKey": "ChallengeOMATOTP",
"factorContext": {
"prompts": [
{
"prompttext": "Enter OTP from registered phone",
"prompt": "ON************LZ",
"challengeText": "Enter OTP from device Device1",
"requiredInputType": "text",
"selected": false,
"name": "Device1",
"verified": true,
"validated": true
}
],
"isSelected": false,
"challengeAttrMap": [
{
"factorAttributeName": "PIN_EXPIRY",
"factorAttributeValue": "300000"
},
{
"factorAttributeName": "retrycount",
"factorAttributeValue": "7"
},
{
"factorAttributeName": "defaultimplementation",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "factorGenerateEndpoint",
"factorAttributeValue": "generateChallenge/v1"
},
{
"factorAttributeName": "otpexpirytimeMs",
"factorAttributeValue": "300000"
},
{
"factorAttributeName": "available",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "pinOnExpiryIncFailureCounter",
"factorAttributeValue": "false"
},
{
"factorAttributeName": "requiredInfo",
"factorAttributeValue": "omatotpsecretkey"
},
{
"factorAttributeName": "type",
"factorAttributeValue": "totp"
},
{
"factorAttributeName": "htmlLabel",
"factorAttributeValue": "OMA TOTP Code"
},
{
"factorAttributeName": "registration.otpEncode",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "isverified",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "otpLength",
"factorAttributeValue": "6"
},
{
"factorAttributeName": "windowSize",
"factorAttributeValue": "3"
},
{
"factorAttributeName": "keyExpiryTimeMinutes",
"factorAttributeValue": "60"
},
{
"factorAttributeName": "OTP_TIME_STEP_SIZE",
"factorAttributeValue": "30"
},
{
"factorAttributeName": "encyptKey",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "runtime.ui.field1.placeholder",
"factorAttributeValue": "Enter OTP"
},
{
"factorAttributeName": "runtime.ui.verifyButtonMessage",
"factorAttributeValue": "Verify"
},
{
"factorAttributeName": "runtime.ui.field1.label",
"factorAttributeValue": "Enter OTP from the registered phone %SelectedPrompt%"
},
{
"factorAttributeName": "maxRegistrations",
"factorAttributeValue": "5"
},
{
"factorAttributeName": "availableforpreferencesui",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "registration.otpexpirytimeMs",
"factorAttributeValue": "300000"
},
{
"factorAttributeName": "isenabled",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "image",
"factorAttributeValue": "js/libs/imcs/images/totp.png"
},
{
"factorAttributeName": "adddesc",
"factorAttributeValue": "Add security key for Oracle Mobile Authenticator"
},
{
"factorAttributeName": "oua.enabled",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "ignoreresync",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "challengeText",
"factorAttributeValue": "Enter OTP from device {1}"
},
{
"factorAttributeName": "addkey",
"factorAttributeValue": "Key"
},
{
"factorAttributeName": "maskregexp",
"factorAttributeValue": "\\w{1,2}(\\w+)\\w{2}"
},
{
"factorAttributeName": "otp",
"factorAttributeValue": "false"
},
{
"factorAttributeName": "otpTimeSkew",
"factorAttributeValue": "5"
},
{
"factorAttributeName": "processor",
"factorAttributeValue": "oracle.security.uas.core.uio.processor.challenge.SMSUMSOTPChallengeProcessor"
},
{
"factorAttributeName": "maskchar",
"factorAttributeValue": "*"
},
{
"factorAttributeName": "registration.url",
"factorAttributeValue": "otpauth://totp/:%ACCOUNT_NAME%?secret=%SECRET_KEY%&issuer=Oracle"
},
{
"factorAttributeName": "runtime.ui.incorrectOtpMessage",
"factorAttributeValue": "Entered OTP is incorrect."
},
{
"factorAttributeName": "registration.showSecretKeyText",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "maxAttempts",
"factorAttributeValue": "0"
},
{
"factorAttributeName": "registration.otpChars",
"factorAttributeValue": "1234567890"
},
{
"factorAttributeName": "promptselectmessage",
"factorAttributeValue": "Please select one of following channels"
},
{
"factorAttributeName": "availableforpreferencesuireg",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "authClientType",
"factorAttributeValue": "totp"
},
{
"factorAttributeName": "runtime.ui.clickHereMessage",
"factorAttributeValue": "Click Here"
},
{
"factorAttributeName": "ispreferred",
"factorAttributeValue": "false"
},
{
"factorAttributeName": "keyExpiryEnabled",
"factorAttributeValue": "false"
},
{
"factorAttributeName": "scheme",
"factorAttributeValue": "https"
},
{
"factorAttributeName": "oua.trustLevel",
"factorAttributeValue": "2"
},
{
"factorAttributeName": "displayedInfo",
"factorAttributeValue": "omatotpsecretkey"
},
{
"factorAttributeName": "HMAC",
"factorAttributeValue": "HmacSHA1"
},
{
"factorAttributeName": "runtime.ui.cancelMessage",
"factorAttributeValue": "Return to All Options"
},
{
"factorAttributeName": "OTP_PAIR_SEP",
"factorAttributeValue": "="
},
{
"factorAttributeName": "runtime.ui.formSubmitActionPath",
"factorAttributeValue": "/oaa-totp-factor/login/v1"
},
{
"factorAttributeName": "factorEndpoint",
"factorAttributeValue": "oaa-totp-factor/runtime"
},
{
"factorAttributeName": "enabled",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "challengeCounterExpiryTime",
"factorAttributeValue": "1800000"
},
{
"factorAttributeName": "registration.useUserIdOnDevice",
"factorAttributeValue": "false"
},
{
"factorAttributeName": "default",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "registration.showQrcode",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "runtime.ui.fields",
"factorAttributeValue": "field1"
},
{
"factorAttributeName": "addkeyhint",
"factorAttributeValue": "Enter an alphanumeric key"
},
{
"factorAttributeName": "runtime.ui.factorHeading",
"factorAttributeValue": "TOTP"
},
{
"factorAttributeName": "runtime.ui.field1.fieldType",
"factorAttributeValue": "inputText"
},
{
"factorAttributeName": "promptmessage",
"factorAttributeValue": "Enter OTP from registered phone"
},
{
"factorAttributeName": "registration.otpLength",
"factorAttributeValue": "6"
},
{
"factorAttributeName": "factorBrowserEndpoint",
"factorAttributeValue": "oaa-totp-factor/pages/login.jsp"
},
{
"factorAttributeName": "addheader",
"factorAttributeValue": "Add Oracle Mobile Authenticator"
},
{
"factorAttributeName": "loginpage",
"factorAttributeValue": "rui/index.html"
},
{
"factorAttributeName": "ldapalias.omatotpsecretkey",
"factorAttributeValue": "street"
},
{
"factorAttributeName": "passive",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "factorValidateEndpoint",
"factorAttributeValue": "validateChallenge/v1"
},
{
"factorAttributeName": "runtime.ui.field1.fieldId",
"factorAttributeValue": "otpValue"
},
{
"factorAttributeName": "oua.admin.allowed",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "runtime.ui.signInAsDifferentUserMessage",
"factorAttributeValue": "Not %USERID%?"
},
{
"factorAttributeName": "runtime.ui.field1.required",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "autogeneratefields",
"factorAttributeValue": "omatotpsecretkey"
},
{
"factorAttributeName": "htmlInputType",
"factorAttributeValue": "text"
},
{
"factorAttributeName": "OTP_SEP",
"factorAttributeValue": ";"
},
{
"factorAttributeName": "registration.oma.config",
"factorAttributeValue": "oraclemobileauthenticator://settings?ServiceName::=%deviceName%&ServiceType::=SharedSecret&SharedSecretAuthServerType::=HTTPBasicAuthentication&LoginURL::=%totpRegistrationEndpoint%/oaa/rui/totpPreferences/v1"
}
]
}
},
{
"displayOrder": 2,
"factorName": "Email Challenge",
"factorKey": "ChallengeEmail",
"factorContext": {
"prompts": [
{
"prompttext": "Enter OTP sent to us***@*******.com",
"prompt": "us***@*******.com",
"challengeText": "Enter OTP sent to us***@*******.com.",
"requiredInputType": "text",
"selected": false,
"name": "Device1",
"verified": true,
"validated": true
}
],
"isSelected": false,
"challengeAttrMap": [
{
"factorAttributeName": "factorGenerateEndpoint",
"factorAttributeValue": "generateChallenge/v1"
},
{
"factorAttributeName": "otpChars",
"factorAttributeValue": "1234567890"
},
{
"factorAttributeName": "msgIPTemplate",
"factorAttributeValue": "IP Address:"
},
{
"factorAttributeName": "otpexpirytimeMs",
"factorAttributeValue": "300000"
},
{
"factorAttributeName": "available",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "umsPolicyStr",
"factorAttributeValue": ""
},
{
"factorAttributeName": "runtime.ui.expiredCancelMessage",
"factorAttributeValue": "Retry authentication"
},
{
"factorAttributeName": "requiredInfo",
"factorAttributeValue": "email"
},
{
"factorAttributeName": "umsClientURL",
"factorAttributeValue": "http://100.94.12.121:7003/ucs/messaging/webservice"
},
{
"factorAttributeName": "type",
"factorAttributeValue": "email"
},
{
"factorAttributeName": "htmlLabel",
"factorAttributeValue": "Email Code"
},
{
"factorAttributeName": "isverified",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "otpLength",
"factorAttributeValue": "6"
},
{
"factorAttributeName": "customizedProvider",
"factorAttributeValue": ""
},
{
"factorAttributeName": "msgSubject",
"factorAttributeValue": "One Time Pin: OAA"
},
{
"factorAttributeName": "resendotponvalidationfailure",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "runtime.ui.field1.placeholder",
"factorAttributeValue": "Enter OTP"
},
{
"factorAttributeName": "fromName",
"factorAttributeValue": "OAA"
},
{
"factorAttributeName": "runtime.ui.verifyButtonMessage",
"factorAttributeValue": "Verify"
},
{
"factorAttributeName": "maxRegistrations",
"factorAttributeValue": "5"
},
{
"factorAttributeName": "runtime.ui.field1.label",
"factorAttributeValue": "Enter OTP from the registered email %SelectedPrompt%"
},
{
"factorAttributeName": "availableforpreferencesui",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "isenabled",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "image",
"factorAttributeValue": "js/libs/imcs/images/email.png"
},
{
"factorAttributeName": "adddesc",
"factorAttributeValue": "Add email factor"
},
{
"factorAttributeName": "ignoreresync",
"factorAttributeValue": "false"
},
{
"factorAttributeName": "challengeText",
"factorAttributeValue": "Enter OTP sent to {0}."
},
{
"factorAttributeName": "maskregexp",
"factorAttributeValue": ".{1,2}(.*)@([a-zA-Z_]+)\\.[a-zA-Z]{2,3}"
},
{
"factorAttributeName": "otp",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "processor",
"factorAttributeValue": "oracle.security.uas.core.uio.processor.challenge.EmailUMSOTPChallengeProcessor"
},
{
"factorAttributeName": "maskchar",
"factorAttributeValue": "*"
},
{
"factorAttributeName": "runtime.ui.incorrectOtpMessage",
"factorAttributeValue": "Entered OTP is incorrect."
},
{
"factorAttributeName": "ldapalias.email",
"factorAttributeValue": "mail"
},
{
"factorAttributeName": "addemail",
"factorAttributeValue": "Email"
},
{
"factorAttributeName": "availableforpreferencesuireg",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "promptselectmessage",
"factorAttributeValue": "Please select one of following addresses to receive OTP."
},
{
"factorAttributeName": "msgPinTemplate",
"factorAttributeValue": "Please use following one time pin to login to protected resource:"
},
{
"factorAttributeName": "authClientType",
"factorAttributeValue": "email"
},
{
"factorAttributeName": "runtime.ui.expiredOtpMessage",
"factorAttributeValue": "OTP expired."
},
{
"factorAttributeName": "addResourceURL",
"factorAttributeValue": "false"
},
{
"factorAttributeName": "ispreferred",
"factorAttributeValue": "false"
},
{
"factorAttributeName": "runtime.ui.clickHereMessage",
"factorAttributeValue": "Click Here"
},
{
"factorAttributeName": "msgTimeTemplate",
"factorAttributeValue": "Time of Access:"
},
{
"factorAttributeName": "msgType",
"factorAttributeValue": "text/plain; charset=UTF-8"
},
{
"factorAttributeName": "scheme",
"factorAttributeValue": "https"
},
{
"factorAttributeName": "oua.trustLevel",
"factorAttributeValue": "3"
},
{
"factorAttributeName": "msgResourceURLTemplate",
"factorAttributeValue": "Resource URL Access:"
},
{
"factorAttributeName": "displayedInfo",
"factorAttributeValue": "email"
},
{
"factorAttributeName": "runtime.ui.cancelMessage",
"factorAttributeValue": "Return to All Options"
},
{
"factorAttributeName": "senderSpecificProperties",
"factorAttributeValue": "otpexpirytimeMs,msgSubject,msgType,msgPinTemplate,msgTimeTemplate,msgIPTemplate,msgResourceURLTemplate,fromName,appName"
},
{
"factorAttributeName": "runtime.ui.formSubmitActionPath",
"factorAttributeValue": "/oaa-email-factor/login/v1/index.html"
},
{
"factorAttributeName": "enabled",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "challengeCounterExpiryTime",
"factorAttributeValue": "1800000"
},
{
"factorAttributeName": "factorEndpoint",
"factorAttributeValue": "oaa-email-factor/runtime"
},
{
"factorAttributeName": "default",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "runtime.ui.fields",
"factorAttributeValue": "field1"
},
{
"factorAttributeName": "fromAddress",
"factorAttributeValue": "oaa@oracle.com"
},
{
"factorAttributeName": "runtime.ui.factorHeading",
"factorAttributeValue": "Email"
},
{
"factorAttributeName": "runtime.ui.field1.fieldType",
"factorAttributeValue": "inputText"
},
{
"factorAttributeName": "promptmessage",
"factorAttributeValue": "Enter OTP sent to {0}"
},
{
"factorAttributeName": "addemailhint",
"factorAttributeValue": "Enter an email"
},
{
"factorAttributeName": "msgPinPlaceHolder",
"factorAttributeValue": "@@"
},
{
"factorAttributeName": "factorBrowserEndpoint",
"factorAttributeValue": "oaa-email-factor/pages/login.jsp"
},
{
"factorAttributeName": "appName",
"factorAttributeValue": "OAA"
},
{
"factorAttributeName": "addheader",
"factorAttributeValue": "Add Email"
},
{
"factorAttributeName": "loginpage",
"factorAttributeValue": "rui/index.html"
},
{
"factorAttributeName": "umsAvailable",
"factorAttributeValue": "false"
},
{
"factorAttributeName": "passive",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "factorValidateEndpoint",
"factorAttributeValue": "validateChallenge/v1"
},
{
"factorAttributeName": "umsClientPass",
"factorAttributeValue": "Welcome1"
},
{
"factorAttributeName": "runtime.ui.field1.fieldId",
"factorAttributeValue": "otpValue"
},
{
"factorAttributeName": "runtime.ui.signInAsDifferentUserMessage",
"factorAttributeValue": "Not %USERID%?"
},
{
"factorAttributeName": "runtime.ui.field1.required",
"factorAttributeValue": "true"
},
{
"factorAttributeName": "umsClientName",
"factorAttributeValue": "umsuser"
},
{
"factorAttributeName": "htmlInputType",
"factorAttributeValue": "text"
}
]
}
}
],
"cookies": [
{
"key": "secure",
"value": "8744bf30-65ee-41c5-8721-f642b718f75d"
},
{
"key": "digital",
"value": "e93e4dc0-5cdb-45a0-a950-1cef83bfed36"
}
]
}
cURL Command to Update the User Preferences in XML Format
curl --location --request POST '<OAAService>/oaa/runtime/authn/v1' \
--header 'Content-Type: application/xml' \
--header 'Accept: application/xml' \
--header 'Authorization: Basic <Base64Encoded(<username>:<password>)>' \
--data '<?xml version="1.0" encoding="UTF-8" ?><AuthnRequest>
<userInfo>
<userId>user1</userId>
<groups>financeapp</groups>
<uniqueUserId>22a29071-16f2-4b69-a94c-73be672e34eb</uniqueUserId>
</userInfo>
<clientInfo>
<ctype>api</ctype>
<clientSecret>9e32ba0a-fd8f-4e17-a5f3-283198bb758e</clientSecret>
<clientId>0c13659b-c7f7-4200-8a12-f94f545eb756</clientId>
</clientInfo>
<context>
<assuranceLevel>AssuranceLevel7</assuranceLevel>
<customContext>
<ipAddr>198.51.100.2</ipAddr>
</customContext>
</context>
<timeToLiveInSec>300</timeToLiveInSec>
</AuthnRequest>
'
Sample Response in XML Format
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AuthnResponse>
<correlationId>570e3c32-c970-4789-ad5a-b9a23ea703d7</correlationId>
<apiResponse>
<code>OAA-40001</code>
<status>Pending</status>
<message>Authentication Required</message>
</apiResponse>
<challengeselectiontext>Choose a method to login.</challengeselectiontext>
<challengeInfo>
<displayOrder>1</displayOrder>
<factorName>Oracle Mobile Authenticator</factorName>
<factorKey>ChallengeOMATOTP</factorKey>
<factorContext>
<prompts>
<prompttext>Enter OTP from registered phone</prompttext>
<prompt>ON************LZ</prompt>
<challengeText>Enter OTP from device Device1</challengeText>
<requiredInputType>text</requiredInputType>
<selected>false</selected>
<name>Device1</name>
<verified>true</verified>
<validated>true</validated>
</prompts>
<isSelected>false</isSelected>
<challengeAttrMap>
<factorAttributeName>PIN_EXPIRY</factorAttributeName>
<factorAttributeValue>300000</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>retrycount</factorAttributeName>
<factorAttributeValue>7</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>defaultimplementation</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>factorGenerateEndpoint</factorAttributeName>
<factorAttributeValue>generateChallenge/v1</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>otpexpirytimeMs</factorAttributeName>
<factorAttributeValue>300000</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>available</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>pinOnExpiryIncFailureCounter</factorAttributeName>
<factorAttributeValue>false</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>requiredInfo</factorAttributeName>
<factorAttributeValue>omatotpsecretkey</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>type</factorAttributeName>
<factorAttributeValue>totp</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>htmlLabel</factorAttributeName>
<factorAttributeValue>OMA TOTP Code</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>registration.otpEncode</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>isverified</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>otpLength</factorAttributeName>
<factorAttributeValue>6</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>windowSize</factorAttributeName>
<factorAttributeValue>3</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>keyExpiryTimeMinutes</factorAttributeName>
<factorAttributeValue>60</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>OTP_TIME_STEP_SIZE</factorAttributeName>
<factorAttributeValue>30</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>encyptKey</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.field1.placeholder</factorAttributeName>
<factorAttributeValue>Enter OTP</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.verifyButtonMessage</factorAttributeName>
<factorAttributeValue>Verify</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.field1.label</factorAttributeName>
<factorAttributeValue>Enter OTP from the registered phone %SelectedPrompt%</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>maxRegistrations</factorAttributeName>
<factorAttributeValue>5</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>availableforpreferencesui</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>registration.otpexpirytimeMs</factorAttributeName>
<factorAttributeValue>300000</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>isenabled</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>image</factorAttributeName>
<factorAttributeValue>js/libs/imcs/images/totp.png</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>adddesc</factorAttributeName>
<factorAttributeValue>Add security key for Oracle Mobile Authenticator</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>oua.enabled</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>ignoreresync</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>challengeText</factorAttributeName>
<factorAttributeValue>Enter OTP from device {1}</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>addkey</factorAttributeName>
<factorAttributeValue>Key</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>maskregexp</factorAttributeName>
<factorAttributeValue>\w{1,2}(\w+)\w{2}</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>otp</factorAttributeName>
<factorAttributeValue>false</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>otpTimeSkew</factorAttributeName>
<factorAttributeValue>5</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>processor</factorAttributeName>
<factorAttributeValue>oracle.security.uas.core.uio.processor.challenge.SMSUMSOTPChallengeProcessor</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>maskchar</factorAttributeName>
<factorAttributeValue>*</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>registration.url</factorAttributeName>
<factorAttributeValue>otpauth://totp/:%ACCOUNT_NAME%?secret=%SECRET_KEY%&issuer=Oracle</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.incorrectOtpMessage</factorAttributeName>
<factorAttributeValue>Entered OTP is incorrect.</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>registration.showSecretKeyText</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>maxAttempts</factorAttributeName>
<factorAttributeValue>0</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>registration.otpChars</factorAttributeName>
<factorAttributeValue>1234567890</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>promptselectmessage</factorAttributeName>
<factorAttributeValue>Please select one of following channels</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>availableforpreferencesuireg</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>authClientType</factorAttributeName>
<factorAttributeValue>totp</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.clickHereMessage</factorAttributeName>
<factorAttributeValue>Click Here</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>ispreferred</factorAttributeName>
<factorAttributeValue>false</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>keyExpiryEnabled</factorAttributeName>
<factorAttributeValue>false</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>scheme</factorAttributeName>
<factorAttributeValue>https</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>oua.trustLevel</factorAttributeName>
<factorAttributeValue>2</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>displayedInfo</factorAttributeName>
<factorAttributeValue>omatotpsecretkey</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>HMAC</factorAttributeName>
<factorAttributeValue>HmacSHA1</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.cancelMessage</factorAttributeName>
<factorAttributeValue>Return to All Options</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>OTP_PAIR_SEP</factorAttributeName>
<factorAttributeValue>=</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.formSubmitActionPath</factorAttributeName>
<factorAttributeValue>/oaa-totp-factor/login/v1</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>factorEndpoint</factorAttributeName>
<factorAttributeValue>oaa-totp-factor/runtime</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>enabled</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>challengeCounterExpiryTime</factorAttributeName>
<factorAttributeValue>1800000</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>registration.useUserIdOnDevice</factorAttributeName>
<factorAttributeValue>false</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>default</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>registration.showQrcode</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.fields</factorAttributeName>
<factorAttributeValue>field1</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>addkeyhint</factorAttributeName>
<factorAttributeValue>Enter an alphanumeric key</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.factorHeading</factorAttributeName>
<factorAttributeValue>TOTP</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.field1.fieldType</factorAttributeName>
<factorAttributeValue>inputText</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>promptmessage</factorAttributeName>
<factorAttributeValue>Enter OTP from registered phone</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>registration.otpLength</factorAttributeName>
<factorAttributeValue>6</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>factorBrowserEndpoint</factorAttributeName>
<factorAttributeValue>oaa-totp-factor/pages/login.jsp</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>addheader</factorAttributeName>
<factorAttributeValue>Add Oracle Mobile Authenticator</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>loginpage</factorAttributeName>
<factorAttributeValue>rui/index.html</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>ldapalias.omatotpsecretkey</factorAttributeName>
<factorAttributeValue>street</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>passive</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>factorValidateEndpoint</factorAttributeName>
<factorAttributeValue>validateChallenge/v1</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.field1.fieldId</factorAttributeName>
<factorAttributeValue>otpValue</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>oua.admin.allowed</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.signInAsDifferentUserMessage</factorAttributeName>
<factorAttributeValue>Not %USERID%?</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.field1.required</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>autogeneratefields</factorAttributeName>
<factorAttributeValue>omatotpsecretkey</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>htmlInputType</factorAttributeName>
<factorAttributeValue>text</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>OTP_SEP</factorAttributeName>
<factorAttributeValue>;</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>registration.oma.config</factorAttributeName>
<factorAttributeValue>oraclemobileauthenticator://settings?ServiceName::=%deviceName%&ServiceType::=SharedSecret&SharedSecretAuthServerType::=HTTPBasicAuthentication&LoginURL::=%totpRegistrationEndpoint%/oaa/rui/totpPreferences/v1</factorAttributeValue>
</challengeAttrMap>
</factorContext>
</challengeInfo>
<challengeInfo>
<displayOrder>2</displayOrder>
<factorName>Email Challenge</factorName>
<factorKey>ChallengeEmail</factorKey>
<factorContext>
<prompts>
<prompttext>Enter OTP sent to us***@*******.com</prompttext>
<prompt>us***@*******.com</prompt>
<challengeText>Enter OTP sent to us***@*******.com.</challengeText>
<requiredInputType>text</requiredInputType>
<selected>false</selected>
<name>Device1</name>
<verified>true</verified>
<validated>true</validated>
</prompts>
<isSelected>false</isSelected>
<challengeAttrMap>
<factorAttributeName>factorGenerateEndpoint</factorAttributeName>
<factorAttributeValue>generateChallenge/v1</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>otpChars</factorAttributeName>
<factorAttributeValue>1234567890</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>msgIPTemplate</factorAttributeName>
<factorAttributeValue>IP Address:</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>otpexpirytimeMs</factorAttributeName>
<factorAttributeValue>300000</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>available</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>umsPolicyStr</factorAttributeName>
<factorAttributeValue></factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.expiredCancelMessage</factorAttributeName>
<factorAttributeValue>Retry authentication</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>requiredInfo</factorAttributeName>
<factorAttributeValue>email</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>umsClientURL</factorAttributeName>
<factorAttributeValue>http://100.94.12.121:7003/ucs/messaging/webservice</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>type</factorAttributeName>
<factorAttributeValue>email</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>htmlLabel</factorAttributeName>
<factorAttributeValue>Email Code</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>isverified</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>otpLength</factorAttributeName>
<factorAttributeValue>6</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>customizedProvider</factorAttributeName>
<factorAttributeValue></factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>msgSubject</factorAttributeName>
<factorAttributeValue>One Time Pin: OAA</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>resendotponvalidationfailure</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.field1.placeholder</factorAttributeName>
<factorAttributeValue>Enter OTP</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>fromName</factorAttributeName>
<factorAttributeValue>OAA</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.verifyButtonMessage</factorAttributeName>
<factorAttributeValue>Verify</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>maxRegistrations</factorAttributeName>
<factorAttributeValue>5</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.field1.label</factorAttributeName>
<factorAttributeValue>Enter OTP from the registered email %SelectedPrompt%</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>availableforpreferencesui</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>isenabled</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>image</factorAttributeName>
<factorAttributeValue>js/libs/imcs/images/email.png</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>adddesc</factorAttributeName>
<factorAttributeValue>Add email factor</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>ignoreresync</factorAttributeName>
<factorAttributeValue>false</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>challengeText</factorAttributeName>
<factorAttributeValue>Enter OTP sent to {0}.</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>maskregexp</factorAttributeName>
<factorAttributeValue>.{1,2}(.*)@([a-zA-Z_]+)\.[a-zA-Z]{2,3}</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>otp</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>processor</factorAttributeName>
<factorAttributeValue>oracle.security.uas.core.uio.processor.challenge.EmailUMSOTPChallengeProcessor</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>maskchar</factorAttributeName>
<factorAttributeValue>*</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.incorrectOtpMessage</factorAttributeName>
<factorAttributeValue>Entered OTP is incorrect.</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>ldapalias.email</factorAttributeName>
<factorAttributeValue>mail</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>addemail</factorAttributeName>
<factorAttributeValue>Email</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>availableforpreferencesuireg</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>promptselectmessage</factorAttributeName>
<factorAttributeValue>Please select one of following addresses to receive OTP.</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>msgPinTemplate</factorAttributeName>
<factorAttributeValue>Please use following one time pin to login to protected resource:</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>authClientType</factorAttributeName>
<factorAttributeValue>email</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.expiredOtpMessage</factorAttributeName>
<factorAttributeValue>OTP expired.</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>addResourceURL</factorAttributeName>
<factorAttributeValue>false</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>ispreferred</factorAttributeName>
<factorAttributeValue>false</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.clickHereMessage</factorAttributeName>
<factorAttributeValue>Click Here</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>msgTimeTemplate</factorAttributeName>
<factorAttributeValue>Time of Access:</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>msgType</factorAttributeName>
<factorAttributeValue>text/plain; charset=UTF-8</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>scheme</factorAttributeName>
<factorAttributeValue>https</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>oua.trustLevel</factorAttributeName>
<factorAttributeValue>3</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>msgResourceURLTemplate</factorAttributeName>
<factorAttributeValue>Resource URL Access:</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>displayedInfo</factorAttributeName>
<factorAttributeValue>email</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.cancelMessage</factorAttributeName>
<factorAttributeValue>Return to All Options</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>senderSpecificProperties</factorAttributeName>
<factorAttributeValue>otpexpirytimeMs,msgSubject,msgType,msgPinTemplate,msgTimeTemplate,msgIPTemplate,msgResourceURLTemplate,fromName,appName</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.formSubmitActionPath</factorAttributeName>
<factorAttributeValue>/oaa-email-factor/login/v1/index.html</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>enabled</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>challengeCounterExpiryTime</factorAttributeName>
<factorAttributeValue>1800000</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>factorEndpoint</factorAttributeName>
<factorAttributeValue>oaa-email-factor/runtime</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>default</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.fields</factorAttributeName>
<factorAttributeValue>field1</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>fromAddress</factorAttributeName>
<factorAttributeValue>oaa@oracle.com</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.factorHeading</factorAttributeName>
<factorAttributeValue>Email</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.field1.fieldType</factorAttributeName>
<factorAttributeValue>inputText</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>promptmessage</factorAttributeName>
<factorAttributeValue>Enter OTP sent to {0}</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>addemailhint</factorAttributeName>
<factorAttributeValue>Enter an email</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>msgPinPlaceHolder</factorAttributeName>
<factorAttributeValue>@@</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>factorBrowserEndpoint</factorAttributeName>
<factorAttributeValue>oaa-email-factor/pages/login.jsp</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>appName</factorAttributeName>
<factorAttributeValue>OAA</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>addheader</factorAttributeName>
<factorAttributeValue>Add Email</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>loginpage</factorAttributeName>
<factorAttributeValue>rui/index.html</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>umsAvailable</factorAttributeName>
<factorAttributeValue>false</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>passive</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>factorValidateEndpoint</factorAttributeName>
<factorAttributeValue>validateChallenge/v1</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>umsClientPass</factorAttributeName>
<factorAttributeValue>Welcome1</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.field1.fieldId</factorAttributeName>
<factorAttributeValue>otpValue</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.signInAsDifferentUserMessage</factorAttributeName>
<factorAttributeValue>Not %USERID%?</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>runtime.ui.field1.required</factorAttributeName>
<factorAttributeValue>true</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>umsClientName</factorAttributeName>
<factorAttributeValue>umsuser</factorAttributeValue>
</challengeAttrMap>
<challengeAttrMap>
<factorAttributeName>htmlInputType</factorAttributeName>
<factorAttributeValue>text</factorAttributeValue>
</challengeAttrMap>
</factorContext>
</challengeInfo>
<cookies>
<key>secure</key>
<value xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">87164f8b-ea19-4a08-9d65-5e49f6fae37d</value>
</cookies>
<cookies>
<key>digital</key>
<value xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">7482adee-ad66-474f-ae54-9dcb8e1d47c0</value>
</cookies>
</AuthnResponse>