Identity and Access Management, Identity Governance

Steps to configure SAML SSO with ADFS (as IDP) and Weblogic Server (as SP) By:  Puneeth Prakash   |  Principal Software Engineer (https://blogs.oracle.com/blogbypuneeth/steps-to-configure-saml-sso-with-adfs-as-idp-and-weblogic-server-as-sp) Steps to integrate ADFS with Ping Identity  (https://technet.microsoft.com/en-us/library/adfs2-federation-with-ping-identity-ping-federate(v=ws.10).aspx) Below are the steps to configure SAML 2.0 SSO using ADFS as Identity Provider and WLS as Service Provider. In this example I am using ADFS 2.0 on Windows Server 2008R2. Let's have a look at the ADFS IDP configuration first : Step 1 : Download and install ADFS 2.0 - Create a Federation Server  Step 2 : - Create a self signed certificate and configure SSL on IIS  Step 3 : - Start ADFS 2.0 Management / Configuration Wizard  - Create a new Federation Service  - Select the self-signed certificate you created using IIS from the drop down menu.  -

Certification Matrix for Oracle Identity and Access Management Download spreadsheet For version 11.1.2.2  Oracle IAM 11.1.2.2 Download spreadsheet  For version 11.1.2.3  Oracle IAM 11.1.2.3 Support for Oracle database in Oracle Identity Management suite - only Oracle database is supported officially.  (has url for certification matrix as well) Oracle Fusion Middleware supported System configurations Technetwork link for Oracle Identity Management Oracle 10g download page

For 11gR2/R3 versions - Installing and Configuring 11g WebGate for OAM (Apache) follow the steps here. https://docs.oracle.com/cd/E52734_01/core/WGINS/webgate_apache.htm#WGINS76147 There are two ways of registering and configuring WebGate in 11gR2/R3 versions, one is via OAM GUI console and the other via command line with rreg tool. Note: Since 12c version there is no need for installing WebGate separately since WebGate comes pre-bundled with OHS 12c server. For registering WebGate in 12c version, refer this guide . https://docs.oracle.com/en/middleware/idm/access-manager/12.2.1.3/aiaag/registering-and-managing-oam-11g-agents.html#GUID-5C2D8AD8-7A7E-4E87-9D99-F4D6E385959A How to install Webgate via command console - Link to Oracle discussion OAM with webgate  Basics of OAM and webgate architecture

This post will go over the Start and Finish Dates that can be set in the Microsoft Project application. The Baseline Start/Finish and the Actual Start/Finish dates are different. See the note below that clarifies the difference and what each Start and Finish dates are and how to view in the Microsoft Project application. 1.  After you completely plan your project with complete task, resource, and assignment information, the Start and Finish fields contain the original "planned" dates for every task in your project.  At this point, you should click Tools > Tracking > Set Baseline to save a baseline for your project. When you save a baseline, Microsoft Project 2007 captures the current Duration, Start date, Finish date, Work, and Cost for every task in the project in a corresponding set of Baseline fields.  The software also captures the Work and Cost information for every resource, and captures the time phased Work and Cost information you can see in either the Task U

Question : How can we unlink an account from OIM to AD without deleting or disabling.? Is there a way? Answer Soft revoke. Set the ost_key in the OIU table to the value of revoked and the ORC_STATUS value to X in the ORC table. Example: update oiu set ost_key = (select ost_key from ost where obj_key in ( select obj_key from obj where obj_name like 'AD User' ) and ost_status like 'Revoked') where ORC_KEY = '7825'; commit; update orc set orc_status='X' where orc_key = '7825'; commit;

OIC Authentication in OAM OIC is OpenID Connect Protocol for authenticating users which is built on top of the OAuth 2.0 authorization framework. LINK  provides steps to integrate google with OAM Mobile and Social. Oracle provides a case study with a sample Application for integrating with OMSS . Google is not supporting anymore the OpenID protocol. LINK This explains the exception. The OAuth version of Google shall be use instead. OIC authentication is OpenID Connect Authentication. OICScheme  (OIC Scheme) is an Authentication Policy available in OAM as part of the Oracle Mobile and Social. Here is a link explaining OICScheme. OAM Support for OpenID Connect Starting with Oracle Access Management OAM 12c OpenID Connect will be supported. In earlier versions of OAM, 11gR2 11.1.2.2.0 and 11.1.2.3.0 OpenID protocol was only supported (OpenID Connect was not supported in these OAM versions).  Refer Oracle Doc ID 2231977.1

This post provides references and links for Oracle WebLogic integration with SAML protocol for authentication. The primary reference is the WebLogic security architecture. One can integrate Oracle WebLogic server with SAML based federation. Here is official Oracle  documentation that provides details and architecture for Single Sign on (SSO) with WebLogic server. The Use Case is Single Sign on as depicted in the diagram below. SSO Use Case WebLogic Security Framework provides the necessary configuration and infrastructure to support SAML based Single Sign on.  Refer this below diagram that provides the various actors and steps in SAML based authentication and single sign on. This classic diagram is from oasis standards. SP initiated SSO with Redirect and HTTP Post binding Example of SP initiated SSO using PingFederate as an Identity Provider Above diagram shows a practical example (taken from alfresco.com website) with Service Provider initiated SSO with HTTP Post Bind