New Features in Oracle Access Manager OAM 12c PS4

Oracle Access Management (OAM) 12c (12.2.1.4.0) includes the following new features:

The most important feature now available in OAM 12c PS4 is the OAP protocol is over REST communication by default. This enables the use of HTTP(S) infrastructure to route and load balance requests. Also the Health Checks can use the REST API to run the preconfigured tests on the servers. (see details for the new features in OAM listed below)

(1) Passwordless Login

Passwordless authentication allows you to bypass the standard web form based authentication when using a mobile device. For details, see Using Passwordless Authentication in Administering Oracle Access Management.

(2) Dynamic Client Registration

Dynamic client Registration (DCR) provides a way for the native mobile apps (Android) to dynamically register as clients with the OAuth Server (OAM). For details, see Dynamic Client Registration in Administering Oracle Access Management

(3) OAP over REST

Oracle Access Protocol (OAP) over REST enables the use of HTTP(S) infrastructure to route and load balance requests. This provides security to the communication between WebGates and OAM server. Changing the transport mechanism between WebGate and server has a beneficial impact on reducing operational cost for hybrid deployments where some components are on-premises and others have moved to cloud. OAP provides an additional layer of security by encrypting, by default the messages sent to the server using RESTPayloadEncryption. For details, see About OAP Over Rest Communication in Administering Oracle Access Management.

(4) WebGate using PFS and Approved Cipher Suites for OAP Simple/Cert Mode Communication

When the Simple/Cert Mode communication occurs, WebGate ensure that valid and approved cipher suites defined by the admin are used. For details, see About WebGate TLS validating PFS and Approved Ciphers in Administering Oracle Access Management

(5) HealthCheck Framework

HealthCheck Framework enables health check on servers. These checks can be performed using REST API or by scheduling periodic checks on the server. Each schedule can be associated with a specified set of tests to be run. For details, see Monitoring Server Health with Health Check Framework in Administering Oracle Access Management

(6) Modified UserInfo Response

The format of the UserInfo response for OAuth flows is modified with the following changes:

  • Additional new parameters guid and sub are included in the response.
  • The parameters Profile, Email, Address, and Phone are returned directly under the root tag instead of seperate containers for each of the parameters.
  • The parameters email_verified and phone_number_verified are returned as booleans.

For example,

{
           "guid": "6C9CF210194A11E99FB45DDD0C60B95A",
           "sub": "weblogic",
           "family_name": "weblogic",
           "preferred_username": "weblogic",
           "updated_at": "1548740667872",
           "email_verified": false,
           "phone_number_verified": false
}

To retrieve the user info attributes in the older format (see the following example), set the custom attribute UserInfoScopeCont to true at the domain level.

Sample UserInfo response format when the custom attribute UserInfoScopeCont is set,

{

     "profile": {
                "guid": "6C9CF210194A11E99FB45DDD0C60B95A",
                 "sub": "weblogic",
                 "family_name": "weblogic",
                 "preferred_username": "weblogic",
                "updated_at": "1548743708100"
     },
     "email": {
                "email_verified": false
     },
     "address": {},
     "phone": {
                "phone_number_verified": false
     }

}

(7) Policy Cache Resiliency

Improved resilience of the managed servers with the ability to read, validate and replace policy cache in a small step within the server, and delegation of cache building to the Admin Server. Introduced distribution of policy cache from Admin to manage servers with write once and read many times and reducing contention between multiple OAM server’s policy cache present in a cluster. Policy cache can be fine-tuned using parameters. For details, see Configuring Policy Cache Parameters in Administering Oracle Access Management.

References

What is new in Oracle Identity and Access Management 12c PS4. Access the link here.


Comments

  1. IrfanDecember 19, 2020 at 3:12 PM

    Hi,

    Would like to connect with you for some IDM & governance project opportunity if interested mail me.

    Regards

    ReplyDelete
  2. CloudNowJuly 28, 2021 at 11:17 PM

    Thank you for sharing wonderful information.
    Identity & Access Management Solution

    ReplyDelete
  3. SophiaSeptember 28, 2021 at 1:23 AM

    This is really helpful!
    Oracle IAM

    ReplyDelete
  4. 5RV DigitalFebruary 24, 2023 at 4:20 AM

    We are Best digital marketing agency in wolverhampton and we can help you take your business to the next level!

    ReplyDelete

Post a Comment

Popular posts from this blog

VMware fix for Invalid manifest and ova file import failed errors

Image
Recently we got a OVA file for a virtual machine. The vendor instructions were to import the ova file in vmware Workstation, Player for Windows/Linux, Fusion for Mac, and VirtualBox as well.  The instructions were to take the available package and launch the VM with VMware workstation. The package contained  Module.mf, Module.ovf and Module-disk.vmdk and a Module.ova file. The .mf and .ovf file were 2 KB each whereas the vmdk was several gigs. The package also contained a Module.ova file which was several gigs as well. OVF           Open Virtualization Format MF             Manifest file VMDK       Virtual Machine Disk OVA           Open Virtualization Appliance The ovf file is a xml file that contains metadata for the ovf package The mf file contains the SHA1 hash codes of all files in the package The vmdk file is the disk image of the virtual machine,  VMware Workstation or VirtualBox. (vmdk format was originally developed by VMware and is an open format now). All of
Read more

SOAPUI - import certificate

Image
Note: SoapUI has two versions, one is open source and second Professional version. The open source can be download here . (confirmed link 12/19/2018). SSL Handshake issue:   There is an Issue in SoapUI version 5.3.0 (and 5.2.0 version) with SSL handshake error. It was resolved by updating below in vmoptions file ( refer here ). However, the error that shows up while trying to load wsdl is "Error loading WSDL" as below The fix is to Enable TLS 1.2 protocol for SOAP/REST calls in SoapUI, by ammending the vmoptions file to add the directive for TLS as (-Dsoapui.https.protocols=TLSv1.2). Refer here . Update: Version 5.5.0 does not have this issue. If you are on 5.3.0 better upgrade to 5.5.0 which is available now (Feb 2019). I had above issue as well as another issue reaching to https endpoint. Upgrade to 5.5.0 resolved issue. Select "Check for updates" under the Help menu and you will get option for upgrade. Select upgrade current version and accept all defaul
Read more

Centrally Managed Users (CMU) - New Feature in Oracle Database 18c

Image
Centrally Managed Users (CMU) Centrally Managed Users or CMU is a new feature introduced since Oracle DB 18c which allows simplified database user management through integration with Microsoft Active Directory (AD). Beginning with Oracle Database release 18c, version 18.1 and later supports direct integration with Microsoft Active Directory (AD) using the new centrally managed users capability. CMU allows the Oracle database to perform user authentication and authorization directly against AD. Benefits of CMU With centrally managed users, users accessing the database can be centrally managed to improve an organization's security posture. An enterprise user (a user in Microsoft Active Directory) can be exclusively mapped to a database account, or many enterprise users (in an Microsoft Active Directory group) can be mapped to a shared account in the database. Microsoft Active Directory groups can also be mapped to a database global role, which provides users with additional privilege
Read more