Identity and Access Management, Identity Governance

OIC Authentication in OAM OIC is OpenID Connect Protocol for authenticating users which is built on top of the OAuth 2.0 authorization framework. LINK  provides steps to integrate google with OAM Mobile and Social. Oracle provides a case study with a sample Application for integrating with OMSS . Google is not supporting anymore the OpenID protocol. LINK This explains the exception. The OAuth version of Google shall be use instead. OIC authentication is OpenID Connect Authentication. OICScheme  (OIC Scheme) is an Authentication Policy available in OAM as part of the Oracle Mobile and Social. Here is a link explaining OICScheme. OAM Support for OpenID Connect Starting with Oracle Access Management OAM 12c OpenID Connect will be supported. In earlier versions of OAM, 11gR2 11.1.2.2.0 and 11.1.2.3.0 OpenID protocol was only supported (OpenID Connect was not supported in these OAM versions).  Refer Oracle Doc ID 2231977.1

This post provides references and links for Oracle WebLogic integration with SAML protocol for authentication. The primary reference is the WebLogic security architecture. One can integrate Oracle WebLogic server with SAML based federation. Here is official Oracle  documentation that provides details and architecture for Single Sign on (SSO) with WebLogic server. The Use Case is Single Sign on as depicted in the diagram below. SSO Use Case WebLogic Security Framework provides the necessary configuration and infrastructure to support SAML based Single Sign on.  Refer this below diagram that provides the various actors and steps in SAML based authentication and single sign on. This classic diagram is from oasis standards. SP initiated SSO with Redirect and HTTP Post binding Example of SP initiated SSO using PingFederate as an Identity Provider Above diagram shows a practical example (taken from alfresco.com website) with Service Provider initiated SSO with HTTP Post Bind

OAM SDK API for user logout Discussion If the application need to logout user, then it can invoke logoff method on the object of UserSession class. Please check the SDK API doc but you need to invoke this method based on some event. https://docs.oracle.com/cd/E28280_01/dev.1111/e12491/as_api.htm#AIDEV119 OAM Access Manager SDK Java API for Usersession class (logoff) https://docs.oracle.com/cd/E23943_01/apirefs.1111/e22472/oracle/security/am/asdk/UserSession.html logoff public void logoff()             throws AccessException Logs off the authenticated user and terminates the session. Throws : AccessException - If error occurs during operation Invoke the logoff method to terminate the user session of the current authenticated user and thereby logging off the user Retrieve OAM User Session ateam Discussion reference retrieve userid (not answered) ------------------------------------------------------------------------------------------------------------- Develop

Tableau integration with SAML How SAML authentication works with Tableau SAML (Security Assertion Markup Language) is an XML standard that allows secure web domains to exchange user authentication and authorization data. You can configure  Tableau Server  to use an external identity provider (IdP) to authenticate users over SAML 2.0. No user credentials are stored with  Tableau Server , and using SAML enables you to add Tableau to your organization’s single sign-on environment. You can use SAML server wide, or you can configure sites individually. Here’s an overview of those options: Server-wide SAML authentication . A single SAML IdP application handles authentication for all  Tableau Server  users. Use this option if your server has only the Default site. In addition, if you want to use site-specific SAML, you must configure server-wide SAML before you configure individual sites. Server-wide local authentication and site-specific SAML authentication . In a multi-site