Identity and Access Management, Identity Governance

Oracle Universal Installer in Silent Mode Silent installation option for OAM or OIM is an automated hands free method of installing where you need not monitor the installation steps and click or respond to input dialog boxes, radio buttons etc. However, it is good practice to run through the installation steps via the Graphical User Interface or GUI. This will not only help you understand the various dialog boxes and radio button options etc that will be needed during the install process but also help in creating the Response file. Silent mode installation is a great option if you have multiple installs to be done and you can automate the install process saving time and avoid errors with manual installation. Silent installation of OAM, OIM 12.2.1.3 , read here .  You can follow the above Silent Install steps for any of the Oracle Fusion Middleware components, e.g. Oracle Identity Governance 12.2.1.3, OIM or Oracle Access Manager (OAM). The Silent install provides installation to be do

This post will go over all the steps require to create or generate a CSR.  CSR is Certificate Signing Request . CSR is actually a text file (encoded text file) which is used in the process of creating a Certificate, e.g, SSL Certificate ( SSL is now phased out and the current standard used is TLS . However we continue to use the term SSL as it is more commonly used term ) or a Digital Certificate. This encoded text file contains the information about the server, device or domain for which you need a Digital Certificate. One generates a CSR locally and sends the request as a file to a Certificate Authority (CA). The Certificate Authority upon receiving the Certificate Signing Request (CSR) confirms the identity of the applicant and upon confirmation signs the CSR, and generates a Certificate ( SSL Certificate or a Digital Certificate) for the identity of the entity, Non Person Entity or a Person Entity. This Certificate can now be trusted by a third party since it was signed by a trust

OpendID Connect provides ability for an application to make use of cached tokens for authenticating when the application is offline. Here is the OpenID Connect specifications for offline access . Link to discussion in Oracle forum    Here is an interesting discussion on offline and OAuth in stackoverflow

Tokenization - for passing tokens across multiple parties on internet or a network. Common examples are passing tokens in credit card or user Personal Account Information. The idea of tokenization is to send a token to a remote party instead of actual credentials. Once credentials have been accepted by a verifying party, from there on tokens are sent between remote parties. Token is a random but unique identifier for a particular session between various parties. A new token is used for another session so that it cannot be replayed back. The key advantage here is that the transactions to the remote party uses this token instead of revealing the actual Account No of a user (Privacy). This not only protects the user's identity but also minimizes the risk of transmitting a user credential over unsecure channel or eavesdropping (Security).  Example Use Case : Pay via Tokenization without giving your personal card/credit card number to the merchant. Token transferred from Devi

Issue: Cannot use VMware image If you cannot import or use a VMware image with following error "The configuration file xxx.vmx was created by a VMware product that is incompatible with this version of VMware Player or Workstation and cannot be used. Cannot open the configuration file xxx.vmx" Typically you may get this error if you are importing a vmware image provided by a vendor or got from another PC. This could be due the vmware image created by a different version of vmware player/workstation and the one that you are currently trying to run or import (in your current/local PC) Resolution: Edit the vmx file and check the property "virtualHW.version=x". Replace the number x with your current version of VMware that you are using to open or import the image.

HSTS stands for HTTP Strict Transport Security. In essence it is actually a mitigation technique for SSL-Stripping attack. In practice one may encounter message when accessing websites (see below details) Various attacks attempt to remove the use of Secure Socket Layer/Transport Layer Security (SSL/TLS) altogether by modifying unencrypted protocols that request the use of TLS, specifically modifying HTTP traffic and HTML pages as they pass on the wire. These attacks are known collectively as " SSL Stripping " (a form of the more generic "downgrade attack") and were first introduced by Moxie Marlinspike [SSL-Stripping].  In the context of Web traffic, these attacks are only effective if the client initially accesses a Web server using HTTP.  A commonly used mitigation is HTTP Strict Transport Security (HSTS) [RFC6797]. HSTS is now supported in all leading browsers - Chrome, Firefox, Safari, Edge, IE. One of the several new features in Chrome is the addition o

This (original) article has been taken from OAuth protocol website. (https://oauth.net/articles/authentication/) and highlighted text has been added for better explanation and clarity. It provides information on the OAuth protocol which deals with only delegated authorization. Often it is assumed and misused to include authentication. OAuth protocol does not include authentication .  And to complete the stack, OpenID Connect has been built on top of OAuth which provides for authentication (however, OpenID Connect is not the focus of this post. It was mentioned to bring the relationship between these two protocols) User Authentication with OAuth 2.0 The  OAuth 2.0  specification defines a  delegation  protocol that is useful for conveying  authorization decisions  across a network of web-enabled applications and APIs. ( This means that OAuth is a HTTP based protocol ) OAuth is used in a wide variety of applications, including providing mechanisms for user authentication. This ha