Oracle Access Manager OAM 12c release - 12.2.1.3.0

Latest Release of OAM is now 12.2.1.4.0
In 12c release, Oracle suite for Identity and Access Management is now called as Oracle Identity Management 12c. The latest 12c release is now 12.2.1.4.0 also called as 12c PS4.
The latest release of 12c is now 12c PS4 available for download here
The certification matrix is available here
Enterprise Deployment Guide for Oracle Identity and Access Management is available here
Integration Guide for Oracle Identity Management Suite is here
High Availability and Multi Datacenter deployment guides references are here and here

 The 12c release is now 12c PS4 i.e 12.2.1.4.0. The previous release was 12c PS3 , i.e 12.2.1.3.0 (The earlier version were 11gR2 PS3 or 11.1.2.3 from the 11gR2 series/versions  - 11gR1, 11gR2 PS1, 11gR2 PS2 and 11gR2 PS3.)

The 12c release, 12c PS4 and PS3, comprises of the 3 main components
  1. Identity Governance
  2. Access Manager
  3. Directory Services

(1) Identity Governance (OIG) is Identity Management, Provisioning, Deprovisioing, Workflows component.
For Oracle Identity Governance 12c, 12.2.1.3.0 - Here is the FAQ link

(2) Access Manager is the Authentication and Single Sign-on component

 (3) Directory Services is the OUD and OID servers aka LDAP directory servers

  • Both OUD and OID directories are part of the 12c release. (OUD 12cPS3 12.2.1.3.0 and OID 12cPS3 12.2.1.3.0
For OAM 12c, 12.2.1.4.0, OAP (Oracle Access Protocol) is now over REST Communication. OAP over REST enables the HTTP(S) transport mechanism between WebGate and OAM server. This transport mechanism reduces the operational cost for both cloud and hybrid deployments, where some components are on-premises and others are moved to cloud. With this 12.2.1.4.0 release of Oracle Access Management, OAP over REST is the default way of communication.
OAP provides an additional layer of security by encrypting, by default the messages sent to the server using RESTPayloadEncryption.

For OAM 12c, 12.2.1.3.0 - Here are some of the most important features in this release

  • It uses Weblogic 12c (not the Weblogic 10.3.6)
  • It uses Java 8
  • OAM 12c now supports OpenID Connect Authentication protocol (Earlier version of OAM 11gR2, 11.1.2.2.0, 11.1.2.3.0 did not support OpenID Connect. It only supported Openid 2.0.
  • OAM supports TLS 1.2 when web traffic is terminated at Load Balancer, Web Server or Weblogic server
  • OAM 12c Webgates support TLS 1.2 (SSL communication between them will use TLSv1.2 protocol and SHA-2 certificates)
  • All the simple mode certificates that are generated out-of-the-box for WebGate SSL communication are upgraded to SHA-2
  • Only supported path to 12c upgrade is from 11gR2 PS3 11.1.2.3.0. (If you are not using the 11.1.2.3.0 version of Oracle Identity and Access Management, you must upgrade to 11.1.2.3.0 before you move to 12c (12.2.1.3.0).) 
  • LDAP Sync is not supported in 12c release   (you need to use LDAP connector instead. Here is download link for LDAP connector for 12c. (scroll down to OID connector under OIM 12c connectors)
  • Both OUD and OID directories are part of the 12c release. (OUD 12cPS3 12.2.1.3.0 and OID 12cPS3 12.2.1.3.0)


Reference
OAP is now over REST in 12c PS4. See Link here.

Comments

Post a Comment

Popular posts from this blog

VMware fix for Invalid manifest and ova file import failed errors

Image
Recently we got a OVA file for a virtual machine. The vendor instructions were to import the ova file in vmware Workstation, Player for Windows/Linux, Fusion for Mac, and VirtualBox as well.  The instructions were to take the available package and launch the VM with VMware workstation. The package contained  Module.mf, Module.ovf and Module-disk.vmdk and a Module.ova file. The .mf and .ovf file were 2 KB each whereas the vmdk was several gigs. The package also contained a Module.ova file which was several gigs as well. OVF           Open Virtualization Format MF             Manifest file VMDK       Virtual Machine Disk OVA           Open Virtualization Appliance The ovf file is a xml file that contains metadata for the ovf package The mf file contains the SHA1 hash codes of all files in the package The vmdk file is the disk image of the virtual machine,  VMware Workstation or VirtualBox. (vmdk format was originally developed by VMware and is an open format now). All of
Read more

SOAPUI - import certificate

Image
Note: SoapUI has two versions, one is open source and second Professional version. The open source can be download here . (confirmed link 12/19/2018). SSL Handshake issue:   There is an Issue in SoapUI version 5.3.0 (and 5.2.0 version) with SSL handshake error. It was resolved by updating below in vmoptions file ( refer here ). However, the error that shows up while trying to load wsdl is "Error loading WSDL" as below The fix is to Enable TLS 1.2 protocol for SOAP/REST calls in SoapUI, by ammending the vmoptions file to add the directive for TLS as (-Dsoapui.https.protocols=TLSv1.2). Refer here . Update: Version 5.5.0 does not have this issue. If you are on 5.3.0 better upgrade to 5.5.0 which is available now (Feb 2019). I had above issue as well as another issue reaching to https endpoint. Upgrade to 5.5.0 resolved issue. Select "Check for updates" under the Help menu and you will get option for upgrade. Select upgrade current version and accept all defaul
Read more

Centrally Managed Users (CMU) - New Feature in Oracle Database 18c

Image
Centrally Managed Users (CMU) Centrally Managed Users or CMU is a new feature introduced since Oracle DB 18c which allows simplified database user management through integration with Microsoft Active Directory (AD). Beginning with Oracle Database release 18c, version 18.1 and later supports direct integration with Microsoft Active Directory (AD) using the new centrally managed users capability. CMU allows the Oracle database to perform user authentication and authorization directly against AD. Benefits of CMU With centrally managed users, users accessing the database can be centrally managed to improve an organization's security posture. An enterprise user (a user in Microsoft Active Directory) can be exclusively mapped to a database account, or many enterprise users (in an Microsoft Active Directory group) can be mapped to a shared account in the database. Microsoft Active Directory groups can also be mapped to a database global role, which provides users with additional privilege
Read more