Skip to main content

Authentication using Third-Party / Custom / Two Factor methods

If you are planning to authenticate user credentials by using your own validations bypassing the Oracle validations, say SSO/FND, then you can achieve this by following the below steps.

  • Set the profile “XXAS: Use Two-factor Authentication“ to Yes. This determines whether two-factor authentication is in use or not. By default, the value for this profile option is No (N). If it is set to 'Yes' a new field will appear in the mobile login screen marked 'Token'. The user can enter any text into this which will be pass-through for custom authentication. 
  • Set the profile “XXAS: Custom Authentication Class” – with the value of a new custom java class (say: xxas.oracle.apps.xxas.com.XxasCustomAuth) that implements the CustomAuth interface. This custom class will be written by you and calls your custom authentication method, which may be a web service callout to a different system. 

The custom java class will then be called by the mobile EmployeeCenter apps when logging in. If the custom authentication returns success, the user will be logged in. If the custom authentication returns a failure, then standard Oracle login authentication will be made. If this returns success, the user will be logged in, otherwise, they will receive a final error message. 

Details of CustomAuth:

As part of seeded files, the CustomAuth interface is delivered with the following signatures:

      /**

       * Determines whether authentication provided here replaces (suppresses)

       * standard authentication validated or compliments it.

       * <p>

       * When true, no other validation of credentials will be performed following

       * a call to validate().  When false, validate() is called first followed

       * by standard authentication checking.

       *

       * @return      Whether standard credential validation is suppressed or not

      */

                  public boolean supressStandardAuth();

 

      /**

       * Validates the given user credentials and returns true if they pass

       * validation or false if they fail.

       * <p>

       * When supressStandardAuth is false it is not necessary to validate

       * the user, pass and token; just the token alone may be validated

       * allowing the standard authentication to validate the user and pass.

       *

       * @param  user  The user's username

       * @param  pass  The user's password in clear text - DO NOT LOG

       * @param  token The user's authentication token, if any

      */

                  public boolean validate(String user, String pass, String token);

Example of a custom java file: xxasCustomAuth.java

      package xxas.oracle.apps.xxas.com;

      import xxas.oracle.apps.xxas.com.CustomAuth;

      public class XxasCustomAuth implements CustomAuth

     {

        public XxasCustomAuth() {}

                public boolean supressStandardAuth()

                                     {

            /*return the boolean value based on the requirement */

                                      }

        public boolean validate(String user, String pass, String token)

                                     {  

            /*return the boolean value based on the validation - do all custom validation here*/             }

      }

Sections in this article