OAM Federation 11.1.2.3: Performing a loopback test with WS-Federation

In a previous post I gave steps for performing a loopback test with SAML. This is where we configure OAM Federation to talk to itself, to act as both IdP and SP. This is useful in development and test environments to confirm OAM Federation is working without requiring an external server to talk to at […]

OAM Federation 11.1.2.3: Example Message Processing Plugin

SAML is an extensible protocol. Since it is based on XML, through the use of XML namespaces, custom elements and attributes can be inserted into the SAML messages at the appropriate places. Sometimes third party or custom SAML implementations will require particular custom elements or attributes to function. In this example, we will suppose an […]

OAM Federation 11.1.2.3: Performing a Loopback Test

In this blog post I will share steps for performing a loopback test of OAM Federation 11.1.2.3. In a loopback test, we configure OAM’s SP to point to OAM’s IdP. This enables you to confirm the basic functionality of OAM Federation without requiring any external partner server. I also find it useful in plugin development […]

OAM Federation: Identity Provider & Service Provider Management

In this blog post I want to clarify a point of initial confusion some people experience with OAM Federation 11.1.2.3. If we go to the “Federation” tab of the OAM Console, we see: Now the two main objects you manage in your OAM Fed configuration are your IdP Partner definitions and your SP Partner definitions. […]

Avoiding LibOVD Connection Leaks When Using OPSS User and Role API

The OPSS User and Role API (oracle.security.idm) provides an application with access to identity data (users and roles), without the application having to know anything about the underlying identity store (such as LDAP connection details). For new development, we no longer recommend the use of the OPSS User and Role API – use the Identity […]

Oracle Unified Directory 11gR2 (11.1.2.2.0) Installation Cheat-sheet

This is a cheat-sheet for installing Oracle Unified Directory (OUD) including the graphical administration tool (Oracle Directory Services Manager – ODSM). While the core of OUD does not require an application server such as WebLogic, ODSM does, so you need to install that too (unless you want to do all administration from the command line). All […]

Managing the performance impact of OID last login tracking

Does your environment have demanding performance requirements? High volume, customer-facing applications such as eCommerce or Internet banking, with business critical requirements for low response time? Then having last login tracking enabled in OID (orclpwdtracklogin=1 in your password policy) can have a substantial performance cost. It converts every login, every bind/compare against an OID entry, into a modify of that OID entry to update […]

How Oracle Identity Manager Uses MDS

Oracle Metadata Services (MDS) is an XML configuration store used by Oracle Identity Manager (OIM), as well as several other Oracle Middleware products. OIM first adopted MDS with the release of 11gR1. Prior to MDS, many Oracle Middleware products used  files on the filesystem as configuration stores, in various formats (XML, Java properties files, etc.). […]

OIM Clustering: Keeping separate environments separate

Oracle Identity Manager 11g incorporates several clustering technologies in order to ensure high-availability across its different components. Several of these technologies use multicast to discover other cluster nodes on the same subnet. For testing and development purposes, it is common to have multiple distinct OIM environments co-existing on the same subnet. In that scenario, it […]