New Features in Oracle Access Manager OAM 12c PS4
Oracle Access Management (OAM) 12c (12.2.1.4.0) includes the following new features:
(1) Passwordless Login
Passwordless authentication allows you to bypass the standard web form based authentication when using a mobile device. For details, see Using Passwordless Authentication in Administering Oracle Access Management.
(2) Dynamic Client Registration
Dynamic client Registration (DCR) provides a way for the native mobile apps (Android) to dynamically register as clients with the OAuth Server (OAM). For details, see Dynamic Client Registration in Administering Oracle Access Management
(3) OAP over REST
Oracle Access Protocol (OAP) over REST enables the use of HTTP(S) infrastructure to route and load balance requests. This provides security to the communication between WebGates and OAM server. Changing the transport mechanism between WebGate and server has a beneficial impact on reducing operational cost for hybrid deployments where some components are on-premises and others have moved to cloud. OAP provides an additional layer of security by encrypting, by default the messages sent to the server using RESTPayloadEncryption. For details, see About OAP Over Rest Communication in Administering Oracle Access Management.
(4) WebGate using PFS and Approved Cipher Suites for OAP Simple/Cert Mode Communication
When the Simple/Cert Mode communication occurs, WebGate ensure that valid and approved cipher suites defined by the admin are used. For details, see About WebGate TLS validating PFS and Approved Ciphers in Administering Oracle Access Management
(5) HealthCheck Framework
HealthCheck Framework enables health check on servers. These checks can be performed using REST API or by scheduling periodic checks on the server. Each schedule can be associated with a specified set of tests to be run. For details, see Monitoring Server Health with Health Check Framework in Administering Oracle Access Management
(6) Modified UserInfo Response
The format of the UserInfo response for OAuth flows is modified with the following changes:
- Additional new parameters guid and sub are included in the response.
- The parameters Profile, Email, Address, and Phone are returned directly under the root tag instead of seperate containers for each of the parameters.
- The parameters email_verified and phone_number_verified are returned as booleans.
For example,
"guid": "6C9CF210194A11E99FB45DDD0C60B95A",
"sub": "weblogic",
"family_name": "weblogic",
"preferred_username": "weblogic",
"updated_at": "1548740667872",
"email_verified": false,
"phone_number_verified": false
}
To retrieve the user info attributes in the older format (see the following example), set the custom attribute UserInfoScopeCont to true at the domain level.
Sample UserInfo response format when the custom attribute UserInfoScopeCont is set,
{
"guid": "6C9CF210194A11E99FB45DDD0C60B95A",
"sub": "weblogic",
"family_name": "weblogic",
"preferred_username": "weblogic",
"updated_at": "1548743708100"
},
"email": {
"email_verified": false
},
"address": {},
"phone": {
"phone_number_verified": false
}
}
(7) Policy Cache Resiliency
Improved resilience of the managed servers with the ability to read, validate and replace policy cache in a small step within the server, and delegation of cache building to the Admin Server. Introduced distribution of policy cache from Admin to manage servers with write once and read many times and reducing contention between multiple OAM server’s policy cache present in a cluster. Policy cache can be fine-tuned using parameters. For details, see Configuring Policy Cache Parameters in Administering Oracle Access Management.
References
What is new in Oracle Identity and Access Management 12c PS4. Access the link here.
Hi,
ReplyDeleteWould like to connect with you for some IDM & governance project opportunity if interested mail me.
Regards
Thank you for sharing wonderful information.
ReplyDeleteIdentity & Access Management Solution
This is really helpful!
ReplyDeleteOracle IAM
We are Best digital marketing agency in wolverhampton and we can help you take your business to the next level!
ReplyDelete