Identity and Access Management, Identity Governance

Here is the original blog for single sign-on with OAM Link http://oracleaccessmanagement.blogspot.com/2011/03/here-at-oracle-access-management-pm.html How SSO works in OAM 11g Here at Oracle, the access management PM team gets asked a lot of questions about how  Oracle Access Manager 11g  works, especially about the overall SSO model, what cookies are created and what they do, and processing flows between components, and how specific component interactions work to achieve authentication and SSO. In this post, we will explore the OAM 11g SSO model. It’s quite a bit different from the OAM 10g model, especially since we now support things like server side credential collection, server-based session management, and application scoped sessions. Before we get started, it’s worth noting that OAM 11g supports the use of both OAM 10g and 11g Webgates as well as mod_osso plug-ins for Oracle HTTP Server (OHS). We support this through what we call the Protocol Compatibility Framework, w

tcp_keepalive_probes - the number of probes that are sent before the client considers the connection broken and notifies the application layer tcp_keepalive_time - the interval between the last data packet sent and the first keepalive probe tcp_keepalive_intvl - the interval between subsequent keepalive probes tcp_retries2 - max number of times a packet is retransmitted before giving up Operating directory where these parameters are stored  /proc/sys/net/ipv4/ /proc/sys/net/ipv4/tcp_keepalive_time Values are expressed in seconds. Example tcp_keepalive_time of 7200 would mean 2 hours In order to retain your value after system restart, these need to be added to /etc/sysctl.conf The total time before Operating system will give up on a connection is tcp_keepalive_time + tcp_keepalive_intvl*tcp_keepalive_probes Reference to tcp keepalive Link http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/

Oracle Identity and Access Managment 11gR2 PS2 provides Federation capability. If you are using OAM as the Service Provider then you need to configure a trusted Identity Provider. Below are the steps to configure a trusted Identity Provider. Go to the Service Provider screen and click on Identity Provider. Choose to create a new Identity Provider- provide a name, for example TestADFS or adfs2 etc. Once created you can see icon with your Identity Provider. Click on this icon to open the screen for configuring this Identity Provider. Under General section, name is already populated, ensure to check the "Enable Partner" and "Default Identity Provider" if this is your only identity provider. If you have multiple then do not check this box. Under Service information, you can either load metadata from a file or enter it manually. Preferred method is load metadata via file which is sent from your trusted Identity Provider. You have to contact your Identity Provider be

nginx package is available for RHEL, CentOS and Fedora distributions. Also available for Ubuntu. However you first need to download the package First you need to get the nginx shown as below and then run  yum install nginx service nginx start   (you can use stop, reload as well) You can find the index html file under /usr/share/nginx/html directory. This is for the base install. For RHEL/Oracle Linux  version 5 rpm -Uvh http://nginx.org/packages/rhel/5/noarch/RPMS/nginx-release-rhel-5-0.el5.ngx.noarch.rpm yum install nginx For RHEL/Oracle Linux  version 6 rpm -Uvh http://nginx.org/packages/rhel/6/noarch/RPMS/nginx-release-rhel-6-0.el6.ngx.noarch.rpm yum install nginx For Centos 5 rpm -Uvh  http://nginx.org/packages/centos/5/noarch/RPMS/nginx-release-centos-5-0.el5.ngx.noarch.rpm yum install nginx For Centos 6 rpm -Uvh  http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm yum install nginx

OAM Architecture Components Oracle Access Manager is a typical 3 component model that consists of Enforcement point (10g and 11g Webgate, 10g mod_osso, OpenSSO and other custom access gates based on Access SDK) that intercepts all the requests going to protected application and allows authenticated and authorized users to access the application. In addition to that enforcement points can, based on configuration, enhance the request being sent to protected application by adding HTTP Headers containing user information which can be consumed by the protected application. Service point (Oracle Access Manager Server) - provides the various services that can be consumed by enforcement points, end users (e.g. federation, social), applications (e.g. Security Token Service, mobile) Administration point (Oracle Access Administrator Server, wlst scripts, command line tools like rreg) - primarily a ADF based web application that is used to configure and manage the application.

Oracle Identity and Access Management Search this site Home Oracle Access Manager Architecture Managing Web Single Sign on Operations Application on-boarding Archive and purge Infrastructure Changes Install Oracle Access Manager Before you begin OAM Server Webgate Patching Starting and Stopping Servers Security Token Service Oracle Identity Manager Sitemap This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License . Links Thoughts on Identity and Access Management Oracle Identity and Access Management Thoughts in general Google+ Home ‎ > ‎ Oracle Access Manager ‎ > ‎ Operations ‎ > ‎ Install Oracle Access Manager ‎ > ‎ Before you begin Contents 1  Downloads 2  Setting up Oracle Enterprise Linux 3  Redhat Enterprise Linux (5.3) on