Using OAAM Risk Evaluation in OAM Authorization Policies

Using OAAM Risk Evaluation in OAM Authorization Policies

dentity Context (shared between OAM and OAAM) allows context-aware policy management and authorization capabilities built into the Oracle Access Management platform. The Identity Context feature is helpful in securing access to resources using traditional security controls (such as roles and groups) as well as dynamic data established during authentication and authorization (such as authentication strength, risk levels, device trust and the like).
The solution approach is as follows:

– OAAM policy will set risk score (in Post Authentication Checkpoint) based on client’s geo location. i.e. If the client’s geo location is matching with policy/rule configuration, OAAM will set risk level/score to some specific number.
– OAAM will then pass the score (generated from Post Authentication Checkpoint) as an Identity Context to OAM.
– OAM will get the Identity Context (set by OAAM) and it will set an authentication response session attribute according to the Identity Context. i.e. As Authentication Response in OAM, values from IdentityContext will be stored in session attributes. The session attributes can be checked by — OAM Authorization policies.
– OAM Authorization policy will take decision (allow or deny) based on the rule/condition configured to check risk score available from session attributes (set by OAM Authentication response)

Read more at – Using OAAM Risk Evaluation in OAM Authorization Policies

Tags: , ,