Skip to main content

ODBC (odbcqa)

The odbcqa external security questions plugin program retrieves external question and answer information from an ODBC connection, including Oracle and Microsoft SQL Server.

To use this program:

  1. Configure an ODBC connection DSN.

  2. Configure the database server (SQL or Oracle).

  3. Edit the odbcqa.psl file to suit your environment .

  4. Add a NULL target system.

  5. Optionally, add an external question set, and set the External program to odbcqa .

  6. Enable odbcqa as an authentication method.

These steps are detailed below.

Configure an ODBC connection DSN

To configure an ODBC connection DSN:

  1. Open ODBC Data Source Administrator.

    • From a 32-bit Windows server, go to Start > Administrative Tools > Data Sources (ODBC).

    • From a 64-bit Windows server, run C:\windows\SysWOW64\odbcad64.exe to open the 64-bit ODBC Data Source Administrator.

  2. Select the System DSN tab.

  3. Click Add to add a new DSN.

  4. Select one of the listed data sources (SQL Server Native Client, or Oracle client).

If you selected SQL Server Native Client:

  1. Provide the Name of the data source, for example EXTQA_DSN, and select a server from the drop-down list to choose a server to connect to, then click Next .

  2. Select With SQL Server authentication using a login ID and password entered by the user. Provide a valid login for the SQL Server you are connecting to, and click Next .

  3. Click Next to use Default database.

  4. click Next to use default language.

  5. Click Finish to finish adding the data source.

  6. Click Test Data Source to test if the login provided is valid on the database server and then click OK to quit the program.

If you selected Oracle Client:

  1. Provide a Data Source Name (any name), Description (any string), a valid TNS Service Name, and a valid User ID on the database server.

  2. Click Test Connection button to test if the connection to the server with provided credential is valid;

  3. Click OK to finish adding the Data Source.

Configure the database server

To configure the database server (SQL or Oracle):

  1. Create two new tables on the server with the following table name and fields:

    Table name

    Fields

    allowedquestions

    question

    userqa

    profileguid/profilename, question, answer

    • allowedquestions stores all questions that available for the user to authenticate.

    • userqa stores questions and answers for individual users with profileid/profilename specified. Which column, profileguid or profilename, you add to userqa depends on which script you copied over.

  2. Insert the questions into the allowedquestions table.

Edit the odbcqa.psl configuration file

Configure the odbcqa plugin using a file called odbcqa.psl. Copy the odbcqa_guid.psl file or odbcqa_name.psl file from the samples\ directory to the \<instance>\script\ directory, rename it to odbcqa.psl, and edit it to suit your environment.

  • odbcqa_guid.psl uses profileguid to identify user. Profileguid never changes once it is assigned to a user.

  • odbcqa_name.psl uses profilename to identify user. Profilename is more user-friendly but it does not stay constant. You will have to manually change the entries for any user that has had a profilename change

The file is written using the PSLang language. For more information, see the PSLang Manual ( pslang.pdf ) .

The following function must be included in the script:

  • getQuestions Retrieve questions from the database server

  • getQuestionsAndAnswers Retrieve questions and answers from the database server

  • targetid return the target system ID for the ODBC database

  • validateAnswer validate that user’s answer is correct compared with the answer in the database.

Add a NULL target system for odbcqa

Add a target system with the following configuration:

  • Target type: NULL target system

  • Target ID: by default, EXTQATARGET is defined in the odbcqa.psl file

  • Address : same ID as the system DSN ID; for example, EXTQA_DSN

  • List accounts : unselected (disabled);

  • Credentials: The valid database access ID/password provided when creating the system DSN.

The rest of the settings can be left as default.

Add a question set for ODBC authentication

Add an external question set with the following configuration:

  1. Click Manage the system > Policies > Question sets .

  2. Click External questions.

  3. If Bravura Security Fabric displays a list of existing question sets, click Add new… at the bottom of the list.

  4. Set appropriate options for the new question set.

    • External program: odbcqa.exe.

    • External program provides questions along with answers: deselected.

    • Ask user to answer questions from this set: selected.

  5. Click Add.

  6. Click Add new at the bottom of the page

  7. Add questions to the external question set.

Enable authentication via ODBC connection

Enable the authentication method:

  • By adding a security question authentication module to an authentication chain.

    This method provides more flexible configuration options.

    Or,

  • By configuring the default authentication menu (Manage the system > Modules> Front-end (PSF) ):

    • Set PSF EXT to Security questions or User selectable.

    • Ensure that PSFEXT VALUES includes response.pss.

In this section: