Decoding JWT using the API Platform Groovy Policy

Introduction With the explosion of APIs; most of the today’s computing challenges are being driven by it and therefore, new standards had to emerge to make sure that APIs can be used securely, while allowing developers to avoid having to reinvent the wheel every time they implement aspects such as authorization. One good example is […]

OIM Connector for Identity Cloud Service

The IDCS Connector is an OIM REST based connector for Oracle’s Identity Cloud Service (IDCS). In this blog post we will look at use case scenarios for hybrid cloud solutions, that span both the Oracle Public Cloud and an on-premise Oracle identity management deployment.This blog post aims to cover the most common scenarios from an […]

Comparing the SCIM REST and OIG REST APIs

The objective of this post is to show the differences and similarities of the two REST APIs offered by OIM – the SCIM REST API and the OIG REST API. OIM Java APIs have been available in OIM for many versions now (since OIM 9.x or earlier), although each successive version has added new Java […]

Secure Access to Oracle Identity Manager 11g R2 PS3 REST APIs

REST APIs for Oracle Identity Manager (OIM) 11g R2 PS3 were released recently. The availability of REST APIs enables a variety of newer integrations with the product in addition to already available mechanisms using Java APIs. In this article, we discuss various ways of accessing these REST APIs in a secure manner. Please note that […]

Authenticating to the OIG REST API from an OAM-protected web app

The objective of this post is to describe how a web app protected by an OAM WebGate can authenticate to the OIG REST APIs. In a previous blog post, I provided detailed steps to do the same thing for the SCIM REST APIs; now in this blog post I will explain how the same approach […]

Loading Data from Oracle Identity Cloud Service into Oracle BI Cloud Service using REST

Introduction This post details a method of extracting and loading data from Oracle Identity Cloud Service (IDCS) into the Oracle Business Intelligence Cloud Service (BICS). It builds upon the A-team post IDCS Audit Event REST API which details the REST API calls used. One use case for this method is for analyzing trends regarding audit events. […]

Loading Identity Data Into Oracle Identity Cloud Services: A Broad High-level Survey

Introduction Oracle Identity Cloud Services (IDCS) – Oracle’s comprehensive Identity and Access Management platform for the cloud – was released recently. Populating identity data – such as user identities, groups and group memberships – is one of most important tasks that is typically needed initially and on an on-going basis in any identity management system. […]

REST API for OIM 11gR2 PS3 is Available

Starting with Bundle Patch 11.1.2.3.161018 (Patch 24326201), Oracle Identity Gorvernance or OIM, adds a new REST API for self service requests.   The REST Service includes endpoints to invoke self service calls for tasks like Catalog, Requests, Certification, Users, Role, Organization and others.  Documentation and examples are available here. The REST Service has to be installed […]

Cloud Security: Seamless Federated SSO for PaaS and Fusion-based SaaS

Introduction Oracle Fusion-based SaaS Cloud environments can be extended in many ways. While customization is the standard activity to setup a SaaS environment for your business needs, chances are that you want to extend your SaaS for more sophisticated use cases. In general this is not a problem and Oracle Cloud offers a great number […]

Identity and Cloud Security A-Team at Oracle Open World

I just wanted to let everyone know that Kiran and I will be presenting with our good friend John Griffith from Regions Bank at Oracle Open World next week. Our session is Oracle Identity Management Production Readiness: Handling the Last Mile in Your Deployment [CON6972] It will take place on Wednesday, Sep 21, 1:30 p.m. […]

OAM Protected SPAs and Same-Origin Policy

Introduction On a previous post, I described the usage of OAM’s SAML Identity Assertion in the context of SPA (Single Page Applications) and how easy it is to take advantage of it for securely propagating the end user identity from the client to the backend services. However, that post is written with the assumption that […]

Authenticating to OIM SCIM server using an OAM-generated SAML identity assertion

In a previous post previous post I provided a brief introduction to SCIM. In this post I’m going to dive right in and give an example of using the OIM SCIM services and securing them with OAM. Why would you want to use OIM SCIM services? There are many reasons, however I will focus on […]

Exploring OAM’s SAML Identity Assertion

Introduction OAM (Oracle Access Manager) has an interesting feature that often goes unnoticed to a considerable number of people wishing to tackle the problem of identity propagation. It’s OAM’s ability to generate a secure token embedding user information as a result of successful authentication or authorization. My colleagues Rob Otto and Simon Kissane have talked […]

Upgrading to OIM 11.1.2.3: an overview

In this post I’m going to give an overview of the steps involved in upgrading to Oracle Identity Manager 11.1.2.3. This is just a high-level overview, with pointers to the documentation you need to read to get the detailed steps. Classification of OIM environments For the purpose of OIM upgrade, environments can be classified as […]

Cloud Security: Federated SSO for Fusion-based SaaS

Introduction To get you easily started with Oracle Cloud offerings, they come with their own user management. You can create users, assign roles, change passwords, etc. However, real world enterprises already have existing Identity Management solutions and want to avoid to maintain the same information in many places. To avoid duplicate identities and the related […]

OAM 11g Webgate Tuning

INTRODUCTION This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available. People typically are introduced to Webgate tuning in one of two ways, either forced into it because of a crisis or […]

What is SCIM?

SCIM is a standard protocol for accessing identity information (users, roles, etc), including querying, retrieval, create, update and delete. The latest version of SCIM, SCIM 2.0, has been defined in a series of RFCs: RFC 7642, RFC 7643 and RFC 7644. What does SCIM stand for? Originally it was an acronym for “Simplified Cloud Identity […]

Oracle Unified Directory 11gR2PS3 Very Large Static Groups

This post is about OUD and extremely large static groups where membership numbers exceed hundreds of thousands or even millions; yes I said millions.  I have been using Directory Services for over 15 years and the response I typically have for a customer that wants to use very large static groups is don’t do it.  Then I steer […]

Configuring Oracle Public Cloud to Federate with Microsoft Azure Active Directory

Introduction Companies usually have some Identity and Access Management solution deployed on premises to manage users and roles to secure access to their corporate applications. As business move to the cloud, companies will, most likely, want to leverage the investment already made into such IAM solutions and integrate them with the new SaaS or PaaS applications that […]

Working with Oracle Unified Directory 11gR2 Transformation Framework

If you have been using Oracle’s Identity Management software for at least the last few years you will probably be familiar or at least heard of OVD (Oracle Virtual Directory), which was originally acquired back in 2005 from a company called OctetString. OVD provides a vast number of great virtual features used to aggregate multiple […]