Initialize or validate user challenge
put
/authn/v1
Updates the authentication status in OAA. Returns information about whether the challenge is successful or if further challenge is required. Internally calls validate to verify the challenge data.
Along with correlationId, the API calls can be made with canonical uniqueUserId along with userId and groups. The combination of userId and groups is used to locate the user.
Along with correlationId, the API calls can be made with canonical uniqueUserId along with userId and groups. The combination of userId and groups is used to locate the user.
Request
There are no request parameters for this operation.
Supported Media Types
- application/xml
- application/json
Root Schema : schema
Type:
objectThe object defines the request parametes for update authentication request.
Show Source
-
challengeAnswer: string
answer provided by the user to be passed to factor.
-
challengedata: object
InitChallengeData
Information about the user and user's registration for challenge factor.
-
challengeop(required): string
Requested operation to perform on the challenge API. It can be one of Init/Validate/Finalize. For init nonce is optional. Validate/Finalize nonce is required.
-
challengeResult: string
Result of the challenge. One of Success/Error/Failure. Validate will result in invocation of passive factor api to validate ChallengeAnswer. If the factor is not passive, exception will be thrown. Other result will be passed directly to finalize challenge call.
-
challengeResultReason: string
Reason for challenge result if it is failure. One of wrong_answer/too_many_attempts/channel_comm_error/other_error/unavailable_for_user/user_abandoned/user_timedout.
-
correlationId(required): string
transaction id provided by the challenge api. Also this field contains previous id used within the session to update store.
-
nonce: string
random string to identify the future request. This will change in each response and the lastest nonce is expected in the finalize call.
Nested Schema : InitChallengeData
Type:
objectInformation about the user and user's registration for challenge factor.
Show Source
-
abandonedChallenge: boolean
Flag to indicate if this challenge is abandoned by user.
-
correlationId: string
Co-relation Id for this challenge. Factor implementation should use this in call back to SP/UAS during the finishChallenge call.
-
factorAttributes: array
factorAttributes
-
factorKey: string
the name of the factor that is selected by end user.
-
failureURL: string
Resource where flow should be redirected to in case of failed challenge. Most times this will be URL of the finalizerChallenge.
-
groupId: string
Group Id or app-name as applicable for user.
-
isRetry: boolean
If this is a retry.
-
successURL: string
Resource where flow should be redirected to in case of successful challenge.
-
timeToLiveInSec: integer
duration of the blocking call when initiating blocking call. After the duration, the blocking call will be invalidated.
-
uniqueUserId: string
Canonical ID of the user in the external systems. If this is present, then it takes precedence over userId + groupId combination.
-
userId: string
The login id of user. May be further qualified by groupId.
Nested Schema : factorAttributes
Type:
Show Source
array-
Array of:
object UserFactorAttribute
A map represented as an array of entries.
Nested Schema : UserFactorAttribute
Type:
objectA map represented as an array of entries.
Show Source
-
userAttributeName: string
Name of factor specific attribute for this user.
-
userAttributeValue: string
Value of factor specific attribute for this user.
Root Schema : schema
Type:
objectThe object defines the request parametes for update authentication request.
Show Source
-
challengeAnswer: string
answer provided by the user to be passed to factor.
-
challengedata: object
InitChallengeData
Information about the user and user's registration for challenge factor.
-
challengeop(required): string
Requested operation to perform on the challenge API. It can be one of Init/Validate/Finalize. For init nonce is optional. Validate/Finalize nonce is required.
-
challengeResult: string
Result of the challenge. One of Success/Error/Failure. Validate will result in invocation of passive factor api to validate ChallengeAnswer. If the factor is not passive, exception will be thrown. Other result will be passed directly to finalize challenge call.
-
challengeResultReason: string
Reason for challenge result if it is failure. One of wrong_answer/too_many_attempts/channel_comm_error/other_error/unavailable_for_user/user_abandoned/user_timedout.
-
correlationId(required): string
transaction id provided by the challenge api. Also this field contains previous id used within the session to update store.
-
nonce: string
random string to identify the future request. This will change in each response and the lastest nonce is expected in the finalize call.
Nested Schema : InitChallengeData
Type:
objectInformation about the user and user's registration for challenge factor.
Show Source
-
abandonedChallenge: boolean
Flag to indicate if this challenge is abandoned by user.
-
correlationId: string
Co-relation Id for this challenge. Factor implementation should use this in call back to SP/UAS during the finishChallenge call.
-
factorAttributes: array
factorAttributes
-
factorKey: string
the name of the factor that is selected by end user.
-
failureURL: string
Resource where flow should be redirected to in case of failed challenge. Most times this will be URL of the finalizerChallenge.
-
groupId: string
Group Id or app-name as applicable for user.
-
isRetry: boolean
If this is a retry.
-
successURL: string
Resource where flow should be redirected to in case of successful challenge.
-
timeToLiveInSec: integer
duration of the blocking call when initiating blocking call. After the duration, the blocking call will be invalidated.
-
uniqueUserId: string
Canonical ID of the user in the external systems. If this is present, then it takes precedence over userId + groupId combination.
-
userId: string
The login id of user. May be further qualified by groupId.
Nested Schema : factorAttributes
Type:
Show Source
array-
Array of:
object UserFactorAttribute
A map represented as an array of entries.
Nested Schema : UserFactorAttribute
Type:
objectA map represented as an array of entries.
Show Source
-
userAttributeName: string
Name of factor specific attribute for this user.
-
userAttributeValue: string
Value of factor specific attribute for this user.
Response
Supported Media Types
- application/xml
- application/json
200 Response
Success
Root Schema : UpdateAuthnResponse
Type:
objectThe update response object.
Show Source
-
apiResponse: object
StatusInfo
Status of the fetch challenge info request. It contains the information required to process the user authentication request.
-
challengecontext: object
InitContext
-
challengeInfo: array
challengeInfo
A user can be challenged in many ways, the object will contain all the possible ways a user can be authenticated. In case the user information is not available in the request, the Default challenge mechanism as per the service provider configuration will be present.
-
challengeselectiontext: string
Message to be displayed to select one of multiple challenges
-
cookies: array
cookies
Cookies present in the user access request.
-
correlationId: string
transaction id provided by the challenge api. Also this field contains previous id used within the session to update store.
-
nonce: string
random string to identify the future request. This will change in each response and the lastest nonce is expected in the finalize call.
Nested Schema : StatusInfo
Type:
objectStatus of the fetch challenge info request. It contains the information required to process the user authentication request.
Show Source
-
code: integer
Code representing the challenge status.
-
message: string
Error message generated if the server is unable to process the request.
-
status(required): string
status of the fetch challenge info for user request. It will be one of the following authenticated/pending verification/pending identification/failed/error/missing registration/challenge blocked.
Nested Schema : InitContext
Type:
Show Source
object-
factorAttributes: array
factorAttributes
-
factorKey: string
the name of the factor that is selected by end user.
-
failureURL: string
Resource where flow should be redirected to in case of failed challenge. Most times this will be URL of the finalizerChallenge.
-
groupId: string
Group Id or app-name as applicable for user.
-
requestParams: array
requestParams
-
successURL: string
Resource where flow should be redirected to in case of successful challenge.
-
timeToLiveInSec: integer
duration of the blocking call when initiating blocking call. After the duration, the blocking call will be invalidated.
-
uniqueUserId: string
Immutable ID of the user in the external systems. If this is present, then it takes precedence over userId + groupId combination.
-
userId: string
Identifier of the user. May be further qualified by groupId.
Nested Schema : challengeInfo
Type:
arrayA user can be challenged in many ways, the object will contain all the possible ways a user can be authenticated. In case the user information is not available in the request, the Default challenge mechanism as per the service provider configuration will be present.
Show Source
-
Array of:
object FactorChallengeInfo
information required to process user request using the factors available to it will be present in the object.
Nested Schema : factorAttributes
Type:
Show Source
array-
Array of:
object UserFactorAttribute
A map represented as an array of entries.
Nested Schema : requestParams
Type:
Show Source
array-
Array of:
object KeyValPair_2
Key-value pair which can be used generically.
Nested Schema : UserFactorAttribute
Type:
objectA map represented as an array of entries.
Show Source
-
userAttributeName: string
Name of factor specific attribute for this user.
-
userAttributeValue: string
Value of factor specific attribute for this user.
Nested Schema : KeyValPair_2
Type:
objectKey-value pair which can be used generically.
Show Source
-
key(required): string
Key that can be used to fetch the related value.
-
value(required): object
value
Content that needs to be provided.
Nested Schema : value
Type:
objectContent that needs to be provided.
Nested Schema : FactorChallengeInfo
Type:
objectinformation required to process user request using the factors available to it will be present in the object.
Show Source
-
displayOrder(required): integer
The order of display to user when multiple factors are present
-
factorContext(required): object
FactorContext
The context required by factor to process the user authentication request.
-
factorKey: string
key of the factor that can be used for registration.
-
factorName(required): string
name of the factor
-
factorUrl(required): string
URL of the factor
Nested Schema : FactorContext
Type:
objectThe context required by factor to process the user authentication request.
Show Source
-
challengeAttrMap(required): array
challengeAttrMap
-
isSelected(required): boolean
if this is the selected option as per the user preference.
-
prompts(required): array
prompts
the display prompt will contain one or more prompts that can be further selected by user.
-
promptselectmessage: string
Message to select one of the challenge prompts.
Nested Schema : challengeAttrMap
Type:
Show Source
array-
Array of:
object FactorAttribute
A map represented as an array of entries.
Nested Schema : prompts
Type:
arraythe display prompt will contain one or more prompts that can be further selected by user.
Show Source
-
Array of:
object Prompt
Prompt the can be displayed to end user
Nested Schema : FactorAttribute
Type:
objectA map represented as an array of entries.
Show Source
-
factorAttributeName: string
Name of factor specific attribute.
-
factorAttributeValue: string
Value of factor specific attribute.
-
isValidated: boolean
If the given attribute is validated. Some attributes do not require validation hence this field is optional.
-
isVerified: boolean
is the given attribute is verified. Some attributes does not require verification hence this field is optional.
Nested Schema : Prompt
Type:
objectPrompt the can be displayed to end user
Show Source
-
challengeText: string
Message to be displayed on the challenge screen.
-
name: string
friendly name of the device or the prompt.
-
prompt: string
Masked device info.
-
prompttext: string
Message string that can be displayed to end user for selection.
-
requiredInputType: string
Enumeration of none/text/radio/checkbox/textarea/waitingpage
-
selected: boolean
if this particular prompt is selected.
-
validated: boolean
if the prompt is validated
-
verified: boolean
if the prompt is verified
Nested Schema : KeyValPair
Type:
objectKey-value pair which can be used generically.
Show Source
-
key(required): string
Key that can be used to fetch the related value.
-
value(required): object
value
associated value.
Nested Schema : value
Type:
objectassociated value.
400 Response
if the update authn failed due to validation of parameters.
Examples
The following example shows a sample request and response for updating the authentication status within UAS.
cURL Command to Update the Authentication Status within UAS in JSON Format
curl --location --request PUT '<OAAService>/oaa/runtime/authn/v1' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic <Base64Encoded(<username>:<password>)>' \
--data '{
"correlationId": "7e704d80-01d1-4916-8736-7aaf8241373c",
"challengeop": "Init",
"challengedata": {
"userId": "user7",
"groupId": "Default",
"factorKey": "ChallengeOMATOTP",
"successURL": "https://www.oracle.com/index.html",
"failureURL": "https://www.google.com"
}
}'
Sample Response in JSON Format
{
"apiResponse": {
"code": "OAA-40001",
"status": "Pending",
"message": "Authentication Required"
},
"correlationId": "7e704d80-01d1-4916-8736-7aaf8241373c",
"nonce": "0a8e3757-fe72-4ceb-8a39-35269bfcf4bb",
"challengecontext": {
"factorKey": "ChallengeOMATOTP",
"successURL": "https://www.oracle.com/index.html",
"failureURL": "https://www.google.com",
"timeToLiveInSec": 300,
"factorAttributes": [
{
"userAttributeName": "PIN_EXPIRY",
"userAttributeValue": "300000"
},
{
"userAttributeName": "retrycount",
"userAttributeValue": "7"
},
{
"userAttributeName": "defaultimplementation",
"userAttributeValue": "true"
},
{
"userAttributeName": "factorGenerateEndpoint",
"userAttributeValue": "generateChallenge/v1"
},
{
"userAttributeName": "otpexpirytimeMs",
"userAttributeValue": "300000"
},
{
"userAttributeName": "available",
"userAttributeValue": "true"
},
{
"userAttributeName": "pinOnExpiryIncFailureCounter",
"userAttributeValue": "false"
},
{
"userAttributeName": "requiredInfo",
"userAttributeValue": "omatotpsecretkey"
},
{
"userAttributeName": "type",
"userAttributeValue": "totp"
},
{
"userAttributeName": "htmlLabel",
"userAttributeValue": "OMA TOTP Code"
},
{
"userAttributeName": "registration.otpEncode",
"userAttributeValue": "true"
},
{
"userAttributeName": "isverified",
"userAttributeValue": "true"
},
{
"userAttributeName": "otpLength",
"userAttributeValue": "6"
},
{
"userAttributeName": "windowSize",
"userAttributeValue": "3"
},
{
"userAttributeName": "keyExpiryTimeMinutes",
"userAttributeValue": "60"
},
{
"userAttributeName": "OTP_TIME_STEP_SIZE",
"userAttributeValue": "30"
},
{
"userAttributeName": "encyptKey",
"userAttributeValue": "true"
},
{
"userAttributeName": "runtime.ui.field1.placeholder",
"userAttributeValue": "Enter OTP"
},
{
"userAttributeName": "runtime.ui.verifyButtonMessage",
"userAttributeValue": "Verify"
},
{
"userAttributeName": "runtime.ui.field1.label",
"userAttributeValue": "Enter OTP from the registered phone %SelectedPrompt%"
},
{
"userAttributeName": "maxRegistrations",
"userAttributeValue": "5"
},
{
"userAttributeName": "availableforpreferencesui",
"userAttributeValue": "true"
},
{
"userAttributeName": "registration.otpexpirytimeMs",
"userAttributeValue": "300000"
},
{
"userAttributeName": "isenabled",
"userAttributeValue": "true"
},
{
"userAttributeName": "image",
"userAttributeValue": "images/totp.png"
},
{
"userAttributeName": "adddesc",
"userAttributeValue": "Add security key for Oracle Mobile Authenticator"
},
{
"userAttributeName": "oua.enabled",
"userAttributeValue": "true"
},
{
"userAttributeName": "ignoreresync",
"userAttributeValue": "true"
},
{
"userAttributeName": "challengeText",
"userAttributeValue": "Enter OTP from device {1}"
},
{
"userAttributeName": "addkey",
"userAttributeValue": "Key"
},
{
"userAttributeName": "maskregexp",
"userAttributeValue": "\\w{1,2}(\\w+)\\w{2}"
},
{
"userAttributeName": "otp",
"userAttributeValue": "false"
},
{
"userAttributeName": "otpTimeSkew",
"userAttributeValue": "5"
},
{
"userAttributeName": "processor",
"userAttributeValue": "oracle.security.uas.core.uio.processor.challenge.SMSUMSOTPChallengeProcessor"
},
{
"userAttributeName": "maskchar",
"userAttributeValue": "*"
},
{
"userAttributeName": "registration.url",
"userAttributeValue": "otpauth://totp/:%ACCOUNT_NAME%?secret=%SECRET_KEY%&issuer=Oracle"
},
{
"userAttributeName": "runtime.ui.incorrectOtpMessage",
"userAttributeValue": "Entered OTP is incorrect."
},
{
"userAttributeName": "registration.showSecretKeyText",
"userAttributeValue": "true"
},
{
"userAttributeName": "maxAttempts",
"userAttributeValue": "0"
},
{
"userAttributeName": "registration.otpChars",
"userAttributeValue": "1234567890"
},
{
"userAttributeName": "promptselectmessage",
"userAttributeValue": "Please select one of following channels"
},
{
"userAttributeName": "availableforpreferencesuireg",
"userAttributeValue": "true"
},
{
"userAttributeName": "authClientType",
"userAttributeValue": "totp"
},
{
"userAttributeName": "runtime.ui.clickHereMessage",
"userAttributeValue": "Click Here"
},
{
"userAttributeName": "ispreferred",
"userAttributeValue": "false"
},
{
"userAttributeName": "keyExpiryEnabled",
"userAttributeValue": "false"
},
{
"userAttributeName": "scheme",
"userAttributeValue": "https"
},
{
"userAttributeName": "oua.trustLevel",
"userAttributeValue": "2"
},
{
"userAttributeName": "displayedInfo",
"userAttributeValue": "omatotpsecretkey"
},
{
"userAttributeName": "HMAC",
"userAttributeValue": "HmacSHA1"
},
{
"userAttributeName": "runtime.ui.cancelMessage",
"userAttributeValue": "Return to All Options"
},
{
"userAttributeName": "OTP_PAIR_SEP",
"userAttributeValue": "="
},
{
"userAttributeName": "runtime.ui.formSubmitActionPath",
"userAttributeValue": "/oaa-totp-factor/login/v1"
},
{
"userAttributeName": "factorEndpoint",
"userAttributeValue": "oaa-totp-factor/runtime"
},
{
"userAttributeName": "enabled",
"userAttributeValue": "true"
},
{
"userAttributeName": "challengeCounterExpiryTime",
"userAttributeValue": "1800000"
},
{
"userAttributeName": "registration.useUserIdOnDevice",
"userAttributeValue": "false"
},
{
"userAttributeName": "default",
"userAttributeValue": "true"
},
{
"userAttributeName": "registration.showQrcode",
"userAttributeValue": "true"
},
{
"userAttributeName": "runtime.ui.fields",
"userAttributeValue": "field1"
},
{
"userAttributeName": "addkeyhint",
"userAttributeValue": "Enter an alphanumeric key"
},
{
"userAttributeName": "runtime.ui.factorHeading",
"userAttributeValue": "TOTP"
},
{
"userAttributeName": "runtime.ui.field1.fieldType",
"userAttributeValue": "inputText"
},
{
"userAttributeName": "promptmessage",
"userAttributeValue": "Enter OTP from registered phone"
},
{
"userAttributeName": "registration.otpLength",
"userAttributeValue": "6"
},
{
"userAttributeName": "factorBrowserEndpoint",
"userAttributeValue": "oaa-totp-factor/pages/login.jsp"
},
{
"userAttributeName": "addheader",
"userAttributeValue": "Add Oracle Mobile Authenticator"
},
{
"userAttributeName": "loginpage",
"userAttributeValue": "rui/index.html"
},
{
"userAttributeName": "ldapalias.omatotpsecretkey",
"userAttributeValue": "street"
},
{
"userAttributeName": "passive",
"userAttributeValue": "true"
},
{
"userAttributeName": "factorValidateEndpoint",
"userAttributeValue": "validateChallenge/v1"
},
{
"userAttributeName": "runtime.ui.field1.fieldId",
"userAttributeValue": "otpValue"
},
{
"userAttributeName": "oua.admin.allowed",
"userAttributeValue": "true"
},
{
"userAttributeName": "runtime.ui.signInAsDifferentUserMessage",
"userAttributeValue": "Not %USERID%?"
},
{
"userAttributeName": "runtime.ui.field1.required",
"userAttributeValue": "true"
},
{
"userAttributeName": "autogeneratefields",
"userAttributeValue": "omatotpsecretkey"
},
{
"userAttributeName": "htmlInputType",
"userAttributeValue": "text"
},
{
"userAttributeName": "OTP_SEP",
"userAttributeValue": ";"
},
{
"userAttributeName": "registration.oma.config",
"userAttributeValue": "oraclemobileauthenticator://settings?ServiceName::=%deviceName%&ServiceType::=SharedSecret&SharedSecretAuthServerType::=HTTPBasicAuthentication&LoginURL::=%totpRegistrationEndpoint%/oaa/rui/totpPreferences/v1"
},
{
"userAttributeName": "generatedChallenge",
"userAttributeValue": "052565"
},
{
"userAttributeName": "validationToken",
"userAttributeValue": "user717292455860307e704d80-01d1-4916-8736-7aaf8241373c"
}
],
"userId": "user7",
"groupId": "Default"
}
}
cURL Command to Update the Authentication Status within UAS in XML Format
curl --location --request PUT '<OAAService>/oaa/runtime/authn/v1' \
--header 'Content-Type: application/xml' \
--header 'Accept: application/xml' \
--header 'Authorization: Basic <Base64Encoded(<username>:<password>)>' \
--data '<?xml version="1.0" encoding="UTF-8" ?>
<UpdateAuthnRequest>
<correlationId>7e704d80-01d1-4916-8736-7aaf8241373c</correlationId>
<challengeop>Init</challengeop>
<challengedata>
<userId>user7</userId>
<groupId>Default</groupId>
<factorKey>ChallengeOMATOTP</factorKey>
<successURL>https://www.oracle.com/index.html</successURL>
<failureURL>https://www.google.com</failureURL>
</challengedata>
</UpdateAuthnRequest>'Sample Response in XML Format
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<UpdateAuthnResponse>
<correlationId>7e704d80-01d1-4916-8736-7aaf8241373c</correlationId>
<apiResponse>
<code>OAA-40001</code>
<status>Pending</status>
<message>Authentication Required</message>
</apiResponse>
<nonce>d707e720-62d6-4961-90ae-c348b81eb69d</nonce>
<challengecontext>
<factorKey>ChallengeOMATOTP</factorKey>
<successURL>https://www.oracle.com/index.html</successURL>
<failureURL>https://www.google.com</failureURL>
<timeToLiveInSec>300</timeToLiveInSec>
<factorAttributes>
<userAttributeName>PIN_EXPIRY</userAttributeName>
<userAttributeValue>300000</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>retrycount</userAttributeName>
<userAttributeValue>7</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>defaultimplementation</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>factorGenerateEndpoint</userAttributeName>
<userAttributeValue>generateChallenge/v1</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>otpexpirytimeMs</userAttributeName>
<userAttributeValue>300000</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>available</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>pinOnExpiryIncFailureCounter</userAttributeName>
<userAttributeValue>false</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>requiredInfo</userAttributeName>
<userAttributeValue>omatotpsecretkey</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>type</userAttributeName>
<userAttributeValue>totp</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>htmlLabel</userAttributeName>
<userAttributeValue>OMA TOTP Code</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>registration.otpEncode</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>isverified</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>otpLength</userAttributeName>
<userAttributeValue>6</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>windowSize</userAttributeName>
<userAttributeValue>3</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>keyExpiryTimeMinutes</userAttributeName>
<userAttributeValue>60</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>OTP_TIME_STEP_SIZE</userAttributeName>
<userAttributeValue>30</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>encyptKey</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>runtime.ui.field1.placeholder</userAttributeName>
<userAttributeValue>Enter OTP</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>runtime.ui.verifyButtonMessage</userAttributeName>
<userAttributeValue>Verify</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>runtime.ui.field1.label</userAttributeName>
<userAttributeValue>Enter OTP from the registered phone %SelectedPrompt%</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>maxRegistrations</userAttributeName>
<userAttributeValue>5</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>availableforpreferencesui</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>registration.otpexpirytimeMs</userAttributeName>
<userAttributeValue>300000</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>isenabled</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>image</userAttributeName>
<userAttributeValue>images/totp.png</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>adddesc</userAttributeName>
<userAttributeValue>Add security key for Oracle Mobile Authenticator</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>oua.enabled</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>ignoreresync</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>challengeText</userAttributeName>
<userAttributeValue>Enter OTP from device {1}</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>addkey</userAttributeName>
<userAttributeValue>Key</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>maskregexp</userAttributeName>
<userAttributeValue>\w{1,2}(\w+)\w{2}</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>otp</userAttributeName>
<userAttributeValue>false</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>otpTimeSkew</userAttributeName>
<userAttributeValue>5</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>processor</userAttributeName>
<userAttributeValue>oracle.security.uas.core.uio.processor.challenge.SMSUMSOTPChallengeProcessor</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>maskchar</userAttributeName>
<userAttributeValue>*</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>registration.url</userAttributeName>
<userAttributeValue>otpauth://totp/:%ACCOUNT_NAME%?secret=%SECRET_KEY%&issuer=Oracle</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>runtime.ui.incorrectOtpMessage</userAttributeName>
<userAttributeValue>Entered OTP is incorrect.</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>registration.showSecretKeyText</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>maxAttempts</userAttributeName>
<userAttributeValue>0</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>registration.otpChars</userAttributeName>
<userAttributeValue>1234567890</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>promptselectmessage</userAttributeName>
<userAttributeValue>Please select one of following channels</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>availableforpreferencesuireg</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>authClientType</userAttributeName>
<userAttributeValue>totp</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>runtime.ui.clickHereMessage</userAttributeName>
<userAttributeValue>Click Here</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>ispreferred</userAttributeName>
<userAttributeValue>false</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>keyExpiryEnabled</userAttributeName>
<userAttributeValue>false</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>scheme</userAttributeName>
<userAttributeValue>https</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>oua.trustLevel</userAttributeName>
<userAttributeValue>2</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>displayedInfo</userAttributeName>
<userAttributeValue>omatotpsecretkey</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>HMAC</userAttributeName>
<userAttributeValue>HmacSHA1</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>runtime.ui.cancelMessage</userAttributeName>
<userAttributeValue>Return to All Options</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>OTP_PAIR_SEP</userAttributeName>
<userAttributeValue>=</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>runtime.ui.formSubmitActionPath</userAttributeName>
<userAttributeValue>/oaa-totp-factor/login/v1</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>factorEndpoint</userAttributeName>
<userAttributeValue>oaa-totp-factor/runtime</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>enabled</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>challengeCounterExpiryTime</userAttributeName>
<userAttributeValue>1800000</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>registration.useUserIdOnDevice</userAttributeName>
<userAttributeValue>false</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>default</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>registration.showQrcode</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>runtime.ui.fields</userAttributeName>
<userAttributeValue>field1</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>addkeyhint</userAttributeName>
<userAttributeValue>Enter an alphanumeric key</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>runtime.ui.factorHeading</userAttributeName>
<userAttributeValue>TOTP</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>runtime.ui.field1.fieldType</userAttributeName>
<userAttributeValue>inputText</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>promptmessage</userAttributeName>
<userAttributeValue>Enter OTP from registered phone</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>registration.otpLength</userAttributeName>
<userAttributeValue>6</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>factorBrowserEndpoint</userAttributeName>
<userAttributeValue>oaa-totp-factor/pages/login.jsp</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>addheader</userAttributeName>
<userAttributeValue>Add Oracle Mobile Authenticator</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>loginpage</userAttributeName>
<userAttributeValue>rui/index.html</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>ldapalias.omatotpsecretkey</userAttributeName>
<userAttributeValue>street</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>passive</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>factorValidateEndpoint</userAttributeName>
<userAttributeValue>validateChallenge/v1</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>runtime.ui.field1.fieldId</userAttributeName>
<userAttributeValue>otpValue</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>oua.admin.allowed</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>runtime.ui.signInAsDifferentUserMessage</userAttributeName>
<userAttributeValue>Not %USERID%?</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>runtime.ui.field1.required</userAttributeName>
<userAttributeValue>true</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>autogeneratefields</userAttributeName>
<userAttributeValue>omatotpsecretkey</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>htmlInputType</userAttributeName>
<userAttributeValue>text</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>OTP_SEP</userAttributeName>
<userAttributeValue>;</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>registration.oma.config</userAttributeName>
<userAttributeValue>oraclemobileauthenticator://settings?ServiceName::=%deviceName%&ServiceType::=SharedSecret&SharedSecretAuthServerType::=HTTPBasicAuthentication&LoginURL::=%totpRegistrationEndpoint%/oaa/rui/totpPreferences/v1</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>generatedChallenge</userAttributeName>
<userAttributeValue>289042</userAttributeValue>
</factorAttributes>
<factorAttributes>
<userAttributeName>validationToken</userAttributeName>
<userAttributeValue>user717296343082387e704d80-01d1-4916-8736-7aaf8241373c</userAttributeValue>
</factorAttributes>
<userId>user7</userId>
<groupId>Default</groupId>
</challengecontext>
</UpdateAuthnResponse>