Using the IDCS’ OAuth Device Flow for Fun and Profit

Introduction If you’ve been on the internet recently you’ve probably used OAuth and more specifically the “Authorization Code” grant type (or “AZ Code” if, like The Dude, you are into the whole brevity thing). For example if you’ve ever clicked a “Sign on with Facebook” button or used a Facebook app you’ve used OAuth’s AZ […]

Cloud Security: User Provisioning to Fusion Applications Cloud

Introduction The notion of a user is the most common reason for misunderstanding and confusion. When we mention a user, we often think of the person who is allowed to use an application. However, nearly every application has a different user structure implemented. The challenge is to find a common ground for these differing user […]

Silently federate from your SAML IdP or OpenID Connect Provider to IDCS

Introduction As you may know IDCS can operate as both a SAML IdP and a SAML SP at the same time – a use case known as an IdP Proxy or IdP Chaining. This is useful in a bunch of situations, but the most common is when you want users to login to your on […]

Part 3: Automate Requests against Identity Cloud Service using Newman

Introduction In Part 1: Automate getting an Identity Cloud Service Access Token in Postman I covered using a Pre-request script to automate getting an Access Token from Identity Cloud Service in order to successfully be authorized to send REST API requests. Then in Part 2: Using Postman Runner with Identity Cloud Service I built on […]

Part 2: Using Postman Runner with Identity Cloud Service

Introduction In the last article, Part 1: Automate getting an Identity Cloud Service Access Token in Postman, I explained how using a Pre-request Script can automate getting an access token so when a request is sent to Identity Cloud Service it just works, a big time saver. In this article I am going build on […]

Part 1: Automate getting an Identity Cloud Service Access Token in Postman

Introduction If you have spent enough time working with web services you have probably heard of Postman. If not, then let me say it is a great tool to test REST APIs against Identity Cloud Service (IDCS) among other things. When using Postman with web services you quickly learn an OAuth2 Access Token is required […]

Using SSSD with Kerberos and Active Directory to Terminal into an OCI Linux Machine

Introduction OCI or Oracle Cloud Infrastructure, is Oracle’s latest cloud infrastructure that is replacing the older Oracle Cloud Infrastructure Classic. One feature it has is built-in Identity Management Governance. For example, you can add and manage users to grant who can access OCI resources among other features, please refer to this link for more information https://cloud.oracle.com/governance. […]

Under the hood: Oracle Identity Cloud Service Audits

Introduction Audit events enable organization administrators to review the actions performed by members of your organization using details provided by the Audit logs – who performed the action, performed it, and what the action was.  Before getting into the article I want to mention this blog was written by Abhishek Juneja, a Principal Product Manager of Identity & […]

How to Configure Oracle Identity Manager to use Unicast

As of version 11gR2PS1 (11.1.2.1.0), OIM relies on JGROUPS to implement cache coordination among all it’s cluster nodes.  Out of the box OIM is configured to use Multicast (one to many) for JGroups for cluster messaging.  This could be a showstopper when deploying OIM in datacenter where Multicast is blocked or unsupported, which is the case in […]

IDCS Integrations Series Part III: Integrating on-prem applications to IDCS

Overview As more and more customers move Identity to the cloud, we will run into applications that cannot be migrated in short term or cannot be migrated at all to cloud for various reasons including security. That leads to the question, how do we integrate those on-prem applications to cloud Identity solution? There are a […]

IDCS Integrations Series Part II:Integrating Fusion Application with IDCS

Overview Last year at OOW, I conducted Hands On Lab on Fusion integration with IDCS. We had a full room of audience with loads of questions. That inspired me to write this blog. One of the most common requirements as Fusion is deployed in OPC is, how to centrally manage users and implement Single Sign-On […]

Part 4 of 4 – SSSD Authentication: Known Problems and Troubleshooting Tips

Introduction In Part 3 of 4 – SSSD Linux Authentication: Implementation Step-by-Step Guideline I covered all the necessary step-by-step details on deploying SSSD, but nothing ever seems to go perfect the first time does it.  This is why I have included a final Part 4 that covers known problems I came across, though there could […]

Part 3 of 4 – SSSD Linux Authentication: Implementation Step-by-Step Guideline

Introduction In Part 2 of 4 – SSSD Linux Authentication: LDAP Identity Store Requirements all the aspects of the LDAP Identity Store requirements were covered. And before that in article Part 1 of 2 – SSSD Linux Authentication: Introduction and Architecture I covered an introduction and high-level architecture of SSSD, which will be very important […]

Part 2 of 4 – SSSD Linux Authentication: LDAP Identity Store Requirements

Introduction In Part 1 of 4 – SSSD Linux Authentication: Introduction and Architecture I covered an introduction on SSSD and an architecture overview with details on the flow of how it all works.  In this part I am going to cover the LDAP Identity Store details required for SSSD.   LDAP Identity Store Schema Requirements […]

Part 1 of 4 – SSSD Linux Authentication: Introduction and Architecture

Introduction This article provides the details needed to solve a real use case used to allow a user to authenticate to an Oracle Public Cloud Linux server in SaaS using a single or multiple LDAP Identity store that could be Active Directory 2012R2 (AD) or better, Oracle Internet Directory (OID), Oracle Unified Directory (OUD), Oracle […]

The Ultimate Apache/OHS11g Tuning Guide for OAM11g WebGate

Introduction OK, maybe “Ultimate” could be stretching it, but it caught your eye so you can be the judge. This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available here. Though OAM11g is […]

OIM Connector for Identity Cloud Service

The IDCS Connector is an OIM REST based connector for Oracle’s Identity Cloud Service (IDCS). In this blog post we will look at use case scenarios for hybrid cloud solutions, that span both the Oracle Public Cloud and an on-premise Oracle identity management deployment.This blog post aims to cover the most common scenarios from an […]

Comparing the SCIM REST and OIG REST APIs

The objective of this post is to show the differences and similarities of the two REST APIs offered by OIM – the SCIM REST API and the OIG REST API. OIM Java APIs have been available in OIM for many versions now (since OIM 9.x or earlier), although each successive version has added new Java […]

Secure Access to Oracle Identity Manager 11g R2 PS3 REST APIs

REST APIs for Oracle Identity Manager (OIM) 11g R2 PS3 were released recently. The availability of REST APIs enables a variety of newer integrations with the product in addition to already available mechanisms using Java APIs. In this article, we discuss various ways of accessing these REST APIs in a secure manner. Please note that […]