Skip to main content

Authentication using Third-Party / Custom / Two Factor methods

If you are planning to authenticate user credentials by using your own validations bypassing the Oracle validations, say SSO/FND, then you can achieve this by following the below steps.

  • Set the profile “XXAS: Use Two-factor Authentication“ to Yes. This determines whether two-factor authentication is in use or not. By default, the value for this profile option is No (N). If it is set to 'Yes,' a new field marked' Token' will appear on the mobile login screen. The user can enter any text into this, which will be passed through for custom authentication. 
  • Set the profile “XXAS: Custom Authentication Class” – with the value of a new custom java class (say: xxas.oracle.apps.xxas.com.XxasCustomAuth) that implements the CustomAuth interface. This custom class will be written by you and calls your custom authentication method, which may be a web service callout to a different system. 

The mobile EmployeeCenter apps will then call the custom Java class when logging in. If the custom authentication returns success, the user will be logged in. If the custom authentication returns a failure, standard Oracle login authentication will be made. If this returns success, the user will be logged in; otherwise, they will receive a final error message. 

Details of CustomAuth:

As part of seeded files, the CustomAuth interface is delivered with the following signatures:

      /**

       * Determines whether authentication provided here replaces (suppresses)

       * standard authentication validated or complements it.

       * <p>

       * When true, no other validation of credentials will be performed following

       * a call to validate().  When false, validate() is called first, followed

       * by standard authentication checking.

       *

       * @return      Whether standard credential validation is suppressed or not

      */

                  public boolean supressStandardAuth();

 

      /**

       * Validates the given user credentials and returns true if they pass

       * validation or false if they fail.

       * <p>

       * When supressStandardAuth is false, it is not necessary to validate

       * the user, pass and token; just the token alone may be validated

       * allowing the standard authentication to validate the user and pass.

       *

       * @param  user  The user's username

       * @param  pass  The user's password in clear text - DO NOT LOG

       * @param  token The user's authentication token, if any

      */

                  public boolean validate(String user, String pass, String token);

Example of a custom java file: xxasCustomAuth.java

      package xxas.oracle.apps.xxas.com;

      import xxas.oracle.apps.xxas.com.CustomAuth;

      public class XxasCustomAuth implements CustomAuth

     {

        public XxasCustomAuth() {}

                public boolean supressStandardAuth()

                                     {

            /*return the boolean value based on the requirement */

                                      }

        public boolean validate(String user, String pass, String token)

                                     {  

            /*return the boolean value based on the validation - do all custom validation here*/             }

      }

Sections in this article