Identity and Access Management, Identity Governance

http://massivegaze.blogspot.com.au/p/oim-decrypted-password.html package com . massiveGaze . password ; import Thor.API.Security.XLClientSecurityAssociation ; import com.massiveGaze.connection.OIMConnection ; import com.thortech.xl.dataaccess.tcDataBaseClient ; import com.thortech.xl.dataaccess.tcDataProvider ; import com.thortech.xl.dataaccess.tcDataSet ; import com.thortech.xl.dataaccess.tcDataSetException ; import java.util.Hashtable ; import java.util.logging.Level ; import java.util.logging.Logger ; import javax.security.auth.login.LoginException ; /** * This class gets the OIM Client and uses that to establish a * connection to the OIM Schema. You can query the USR table and * get the password in plain text. * NOTE: The administrator credential must be used for the OIM Client. */ public class DecryptedOIMPassword { public static void main ( String [] args ) { tcDataProvider dbProvider = null ; try ...

original url  https://abhirockzz.wordpress.com/2015/03/03/approval-specific-web-services-in-oracle-idm/ Approval specific web services in Oracle IDM Posted on   March 3, 2015 by   Abhishek This is quick post with regards to the web service endpoints which are leveraged by OIM and SOA in the context of an approval related scenario –  basic stuff, but can be useful for beginners . Oracle IDM integrates with and leverages the SOA suite for approval related features (SOA is quite rich to be honest and is utilized as the back bone for Web Services connector as well). SOA is not just for namesake – SOA suite does in fact rely on the concept of loosely coupled and independent services. The approval engine makes use of three such web services Request web service : this is deployed on the OIM server Request Callback web service : this is deployed on SOA server Provisioning Callback web service : this too is deployed on OIM and used in context of approvals...

OID Notification:16 [OIDMON]  host: host_name   [pid: 33121] [tid:0] Guardina [oidmon]: Unable to connect to database will retry again after 10 sec This error typically indicates that Database has not been started or is unavailable.

Integrating ADFS 2.0/3.0 IdP with OIF SP By Damien Carru-Oracle on  Apr 07, 2014 As a continuation of my previous article, I will today describe how to integrate ADFS 2.0/3.0 as an IdP and OIF as an SP. Be sure to have read my  previous entry covering the pre-requisites . The SAML 2.0 integration will be based on: Email address will be used as the NameID format The NameID value will contain the user’s email address The HTTP POST binding will be used to send the SAML Assertion to the SP Users will exist in both systems, with each user having the same email address so that it can be used as the common user attribute. ADFS 2.0 is available in Windows 2008 R2, while ADFS 3.0 is available in Windows 2012 R2. The articles will showcase screenshots for ADFS 3.0, while the documented steps will apply to both versions. ADFS Setup To add OIF as an SP in ADFS IdP, perform execute the following steps: Go to the machine where ADFS 2.0 is deployed If ADFS 2.0 is ...

Integrating ADFS 2.0/3.0 with OIF: Pre-Requisites By Damien Carru-Oracle on  Apr 04, 2014 In the next three articles, I will describe how to integrate OIF (11.1.2.2.0 or later) with ADFS 2.0/3.0 for Federation SSO using the SAML 2.0 protocol. The integration will cover: Pre-requisites (this article) ADFS 2.0 /3.0  as the IdP and OIF as the SP (read  article here ) ADFS 2.0 /3.0  as the SP and OIF as the IdP (read  article here ) The SAML 2.0 integration will be based on: Email address will be used as the NameID format The NameID value will contain the user’s email address The HTTP POST binding will be used to send the SAML Assertion to the SP Users will exist in both systems, with each user having the same email address so that it can be used as the common user attribute. ADFS 2.0 is available in Windows 2008 R2, while ADFS 3.0 is available in Windows 2012 R2. The articles will showcase screenshots for ADFS 3.0, while the documented step...

Default install of OIM comes with 3 standard questions for forget user password. You can change these questions by customizing the Challenge questions The default install of OIM comes with Oracle branded logo, follow below link to customize the logo, add custom buttons and links etc Customizing User Interface (11gR2 11.1.2.2)   Link http://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uicust.htm See following sections 30.3.3 Changing Branding and Logo 30.4.6 Adding a Link or Button  - for adding button 30.8 Customizing Challenge Questions  - you can change security questions here In addition look into system properties for OIM as well, where you can set how many questions are to be presented to the user (like number 3 or 4 or 5 etc)

Create user in OIM only and not in LDAP when ldap sync is enabled When ldap sync is enabled, user created in OIM will be synched over LDAP, like OID server. A new user created in OIM will be provisioned to the OID when "ldap sync" is enabled. This is the default behavior. However there may be business requirement when you only want the user to be created in OIM- this user should not be synced over to OID. In order to do this, follow steps in the given OIM document. LINK to doc  http://docs.oracle.com/cd/E40329_01/integration.1112/e27123/app_oid_oim.htm Follow steps in below section E.4  Creating Users in Oracle Identity Manager and Not in LDAP When LDAP Synchronization is Enabled When LDAP synchronization is enabled, you can configure the filter parameter 'excludeEntityFilter' in the LDAPUser.xml file to filter out user entries to be created in LDAP, but that can only reside in Oracle Identity Manager. Based on any Oracle Identity Manager attribute ...

OAM 11g Single sign-on  (from http://fusionsecurity.blogspot.com/2011/03/oracle-access-manager-academy-from.html) This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy.  An index to the entire series with links to each of the separate posts is available . Our compatriot Eric Leach over at the  Oracle Access Management Blog  wrote a post describing  how SSO works in OAM 11g . It's a great post and fills in all sorts of details about the cookies used, how they're named and how all of the parts fit together. OAM 11g supports a few different PEPs - OSSO, OAM 10g and OAM 11g and Eric discusses them all. but... I find a pretty picture much more understandable than a great big blob of text. Part of it is that I'm more of a visual person and part of it is that I tend to get distracted easily. Plus if you're already familiar with OSSO or OAM 10g you probably already know what their cookies look like. So for the...