Posts

Showing posts from September, 2015

Error starting opmnctl services in OID

OID Notification:16 [OIDMON]  host: host_name   [pid: 33121] [tid:0] Guardina [oidmon]: Unable to connect to database will retry again after 10 sec This error typically indicates that Database has not been started or is unavailable.

Integrating ADFS 2.0/3/0 IdP with OIF SPDamien Carru blog

Image
Integrating ADFS 2.0/3.0 IdP with OIF SP By Damien Carru-Oracle on  Apr 07, 2014 As a continuation of my previous article, I will today describe how to integrate ADFS 2.0/3.0 as an IdP and OIF as an SP. Be sure to have read my  previous entry covering the pre-requisites . The SAML 2.0 integration will be based on: Email address will be used as the NameID format The NameID value will contain the user’s email address The HTTP POST binding will be used to send the SAML Assertion to the SP Users will exist in both systems, with each user having the same email address so that it can be used as the common user attribute. ADFS 2.0 is available in Windows 2008 R2, while ADFS 3.0 is available in Windows 2012 R2. The articles will showcase screenshots for ADFS 3.0, while the documented steps will apply to both versions. ADFS Setup To add OIF as an SP in ADFS IdP, perform execute the following steps: Go to the machine where ADFS 2.0 is deployed If ADFS 2.0 is ...

ADFS with OIF Pre_requisites Damien Carru blog

Image
Integrating ADFS 2.0/3.0 with OIF: Pre-Requisites By Damien Carru-Oracle on  Apr 04, 2014 In the next three articles, I will describe how to integrate OIF (11.1.2.2.0 or later) with ADFS 2.0/3.0 for Federation SSO using the SAML 2.0 protocol. The integration will cover: Pre-requisites (this article) ADFS 2.0 /3.0  as the IdP and OIF as the SP (read  article here ) ADFS 2.0 /3.0  as the SP and OIF as the IdP (read  article here ) The SAML 2.0 integration will be based on: Email address will be used as the NameID format The NameID value will contain the user’s email address The HTTP POST binding will be used to send the SAML Assertion to the SP Users will exist in both systems, with each user having the same email address so that it can be used as the common user attribute. ADFS 2.0 is available in Windows 2008 R2, while ADFS 3.0 is available in Windows 2012 R2. The articles will showcase screenshots for ADFS 3.0, while the documented step...

Change security questions in OIM

Default install of OIM comes with 3 standard questions for forget user password. You can change these questions by customizing the Challenge questions The default install of OIM comes with Oracle branded logo, follow below link to customize the logo, add custom buttons and links etc Customizing User Interface (11gR2 11.1.2.2)   Link http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uicust.htm See following sections 30.3.3 Changing Branding and Logo 30.4.6 Adding a Link or Button  - for adding button 30.8 Customizing Challenge Questions  - you can change security questions here In addition look into system properties for OIM as well, where you can set how many questions are to be presented to the user (like number 3 or 4 or 5 etc)

Oracle Identity Manager OIM 11.1.2.2 Create user only in OIM and not in LDAP Directory when ldap sync is enabled

Create user in OIM only and not in LDAP when ldap sync is enabled When ldap sync is enabled, user created in OIM will be synched over LDAP, like OID server. A new user created in OIM will be provisioned to the OID when "ldap sync" is enabled. This is the default behavior. However there may be business requirement when you only want the user to be created in OIM- this user should not be synced over to OID. In order to do this, follow steps in the given OIM document. LINK to doc  http://docs.oracle.com/cd/E40329_01/integration.1112/e27123/app_oid_oim.htm Follow steps in below section E.4  Creating Users in Oracle Identity Manager and Not in LDAP When LDAP Synchronization is Enabled When LDAP synchronization is enabled, you can configure the filter parameter 'excludeEntityFilter' in the LDAPUser.xml file to filter out user entries to be created in LDAP, but that can only reside in Oracle Identity Manager. Based on any Oracle Identity Manager attribute ...

OAM 11g Single sign-on

Image
OAM 11g Single sign-on  (from http://fusionsecurity.blogspot.com/2011/03/oracle-access-manager-academy-from.html) This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy.  An index to the entire series with links to each of the separate posts is available . Our compatriot Eric Leach over at the  Oracle Access Management Blog  wrote a post describing  how SSO works in OAM 11g . It's a great post and fills in all sorts of details about the cookies used, how they're named and how all of the parts fit together. OAM 11g supports a few different PEPs - OSSO, OAM 10g and OAM 11g and Eric discusses them all. but... I find a pretty picture much more understandable than a great big blob of text. Part of it is that I'm more of a visual person and part of it is that I tend to get distracted easily. Plus if you're already familiar with OSSO or OAM 10g you probably already know what their cookies look like. So for the...