Posts

OIC Authentication in OAM

OIC Authentication in OAM OIC is OpenID Connect Protocol for authenticating users which is built on top of the OAuth 2.0 authorization framework. LINK  provides steps to integrate google with OAM Mobile and Social. Oracle provides a case study with a sample Application for integrating with OMSS . Google is not supporting anymore the OpenID protocol. LINK This explains the exception. The OAuth version of Google shall be use instead. OIC authentication is OpenID Connect Authentication. OICScheme  (OIC Scheme) is an Authentication Policy available in OAM as part of the Oracle Mobile and Social. Here is a link explaining OICScheme. OAM Support for OpenID Connect Starting with Oracle Access Management OAM 12c OpenID Connect will be supported. In earlier versions of OAM, 11gR2 11.1.2.2.0 and 11.1.2.3.0 OpenID protocol was only supported (OpenID Connect was not supported in these OAM versions).  Refer Oracle Doc ID 2231977.1

SAML webservices

Image
This post provides references and links for Oracle WebLogic integration with SAML protocol for authentication. The primary reference is the WebLogic security architecture. One can integrate Oracle WebLogic server with SAML based federation. Here is official Oracle  documentation that provides details and architecture for Single Sign on (SSO) with WebLogic server. The Use Case is Single Sign on as depicted in the diagram below. SSO Use Case WebLogic Security Framework provides the necessary configuration and infrastructure to support SAML based Single Sign on.  Refer this below diagram that provides the various actors and steps in SAML based authentication and single sign on. This classic diagram is from oasis standards. SP initiated SSO with Redirect and HTTP Post binding Example of SP initiated SSO using PingFederate as an Identity Provider Above diagram shows a practical example (taken from alfresco.com website) with Service Provider initiated SSO with HTTP ...

Oracle Access Manager OAM SDK API user logout

Image
OAM SDK API for user logout Discussion If the application need to logout user, then it can invoke logoff method on the object of UserSession class. Please check the SDK API doc but you need to invoke this method based on some event. https://docs.oracle.com/cd/E28280_01/dev.1111/e12491/as_api.htm#AIDEV119 OAM Access Manager SDK Java API for Usersession class (logoff) https://docs.oracle.com/cd/E23943_01/apirefs.1111/e22472/oracle/security/am/asdk/UserSession.html logoff public void logoff()             throws AccessException Logs off the authenticated user and terminates the session. Throws : AccessException - If error occurs during operation Invoke the logoff method to terminate the user session of the current authenticated user and thereby logging off the user Retrieve OAM User Session ateam Discussion reference retrieve userid (not answered) ----------------------------------------------------------------------------------------------...

Tableau server SAML authentication

Image
Tableau integration with SAML How SAML authentication works with Tableau SAML (Security Assertion Markup Language) is an XML standard that allows secure web domains to exchange user authentication and authorization data. You can configure  Tableau Server  to use an external identity provider (IdP) to authenticate users over SAML 2.0. No user credentials are stored with  Tableau Server , and using SAML enables you to add Tableau to your organization’s single sign-on environment. You can use SAML server wide, or you can configure sites individually. Here’s an overview of those options: Server-wide SAML authentication . A single SAML IdP application handles authentication for all  Tableau Server  users. Use this option if your server has only the Default site. In addition, if you want to use site-specific SAML, you must configure server-wide SAML before you configure individual sites. Server-wide local authentication and site-specific...

Oracle Fusion Middleware Patch Set Notes for Oracle Identity and Access Management 11gR2 PS3 11.1.2.3

Patch set is a complete install which contains all the bug fixes and new features. It can be used as fresh or new install as well upgrade from a previous supported version. For example 11gR2 PS3 can be used to upgrade from previous 11gR2 releases PS1, PS2 Skip Headers Oracle® Fusion Middleware Patch Set Notes for Oracle Identity and Access Management    11 g  Release 2  (11.1.2.3)   Oracle® Fusion Middleware Patch Set Notes for Oracle Identity and Access Management 11 g  Release 2 (11.1.2.3) April 2015 This document accompanies Oracle Identity and Access Management 11 g  Release 2 (11.1.2.3). This document contains the following sections: Section 1, "What is a Patch Set?" Section 2, "About This Patch Set" Section 3, "Patch Set Documentation" Section 4, "Documentation Accessibility" 1  What is a Patch Set? Patch sets are a mechanism for delivering fully tested and integrated product fixes, as well as product impr...

Reuse a deleted userid (user account) in OIM

To reuse UserIDs: http://idm-oracle.blogspot.in/2009/06/delete-related-to-oim-users.html - Open the Design Console - Goto the Administration - System Configuration form - Search for the Keyword " XL.UserIDReuse " and set the value to TRUE XL.UserIDReuse which determines whether a deleted user account can be reused --------------------------------------------------------------------------------------------------- Oracle Discussion Hard delete user from OIM If you want to reuse a deleted userid in OIM http://idm-dineshkumar.blogspot.com/2011/07/creation-of-multiple-user-ids-in-oim.html https://community.oracle.com/message/4598074#4598074  How to delete users from OIM 11g database  (has script example) https://community.oracle.com/message/8458481#8458481  Script to delete user from OIM and https://community.oracle.com/message/9160451#9160451 and https://community.oracle.com/message/9718014#9718014  delete user via OIM API

Oracle Identity Management

Oracle e-Business Employee Reconciliation and Oracle e-Business User Management Is it possible to use OIM LDAP sync with OID connector    (Refer OracleDoc ID 2130010.1 - Use of both ldapsync and OIM OID Connector for same target is not supported) OIM OAM Integration How OAM-OIM Integration     How to test successful integration and steps Certification matrix for Oracle Identity and Access Management For 11.1.2.2       For 11.1.2.3 Upgrade OAM or OIM vs install new instance of OAM or OIM OAM Performance metrics  (links for metrics with OAM console and OEM) New name for OID User Target Recon  [ OID Connector User Search Reconciliation ] Upgrade of OIM ateam oracle High Availability for Oracle Identity and Access Management Maximum number of entries, users, or groups in OID How to configure SSL between OIM and AD How to configure Oracle HCM Module as trusted Resoure for OIM  Using \  (backslash) in username for OAM/OVD/O...

Identity Proofing

Image
What is HSPD-12 HSPD-12 Homeland Security Presidential Directive Mandates all Federal Agencies issue ID credentials using FIPS-201 identity proofing procedures begining 10/05 Mandates all Federal Agencies begin issuing Smart Cards with medium assurance digital certificates by 10/06 Authorization remains a local prerogative within each participating agency http://csrc.nist.gov/news_events/HIPAA-May2011_workshop/presentations/day1_HIPAA-conference2011-Identity-Healthcare.pdf (original pdf) Identity Proofing and NIST SP  800-63:  Applications in Healthcare May 10, 2011 © 2010 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified, or distributed in any form or manner without the p...