My Oracle Support Banner

How to Configure OAM for Second Factor Authentication Using a Google Cloud Messaging (GCM) Push Notification to an Android Device (Doc ID 2308621.1)

Last updated on AUGUST 24, 2023

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Oracle Mobile and Social - Version 11.1.2.3.0 and later
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note.

Goal

How to configure OAM second factor authentication (SFA) such that a push notification is delivered to an Android device where the end-user has to either allow or deny the login attempt. The push notification is delivered to the Oracle Mobile Authenticator application (OMA) which then communicates with the OAM server to grant or deny the end-user access to the protected resource.

The steps below are ONLY for configuring push notifications to Android devices. While the setup would be very similar for push notifications to Apple devices there are considerable differences in the setup that are not covered in this document.

Note that this note covers the use of SFA to send a push notification only. While the configuration of a one-time password with the OMA application covers some of the same pieces (such as OMA and the AdaptiveAuthentication scheme) that setup is covered in note 2307570.1.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
 Configure the OAM managed servers settings from within the Weblogic console
 Configure the OAM server settings from within the OAM console
 Configure change in the oam-config.xml file manually
 Create an authentication policy to protect a resource that contains a post-authentication rule to switch to the AdaptiveAuthentication scheme
 Create a Google firebase project enabled for Google Cloud Messaging (GCM)
 Set the GCM API key within the OAM credential store
 Install the Google CA files into an OAM keystore
 Install the OMA application onto the mobile device
 Register the user account within the OMA application
 Test SFA via push notification
 Troubleshooting / Debugging
 Push notification is never received on the mobile device
 User not found in the LDAP directory
 The 'Use JSEE SSL' option has not been checked
 The Google certificate authority files have not been loaded
 Expected/Good log output for normal push notification
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.