Working with Oracle Unified Directory 11gR2 Transformation Framework

If you have been using Oracle’s Identity Management software for at least the last few years you will probably be familiar or at least heard of OVD (Oracle Virtual Directory), which was originally acquired back in 2005 from a company called OctetString. OVD provides a vast number of great virtual features used to aggregate multiple […]

Improve Oracle Unified Directory 11gR2 Search Performance with Index Entry Limit

Introduction I am always looking for great tips that give big values; this one is no exception. This article is to help you understand how to tweak the index called “Index Entry Limit” to reap some dramatic ldapsearch performance improvements. I explain what this index is about, some of my own test results, how to determine the […]

MDC Switch – Configuring Multi-Data Center Types

INTRODUCTION This post discusses the steps required to configure a “master” data center to a “clone” data center and visa-versa. If you are not familiar with Multi-Data Center (MDC) implementation and Automated Policy Synchronization (APS) please read the following links: http://www.ateam-oracle.com/multi-data-center-implemenation-in-oracle-access-manager/ http://www.ateam-oracle.com/automated-policy-synchronization-aps-for-oam-cloned-environment/ All content listed on this page is the property of Oracle Corp. Redistribution […]

Multiple authentication mechanism chaining in OAM

Authentication mechanism chaining Since the inception of OAM 11g, we have been talking about authentication scheme chaining and being able to invoke multiple authentication schemes in sequence or invoke an authentication scheme based on some condition. This has been made possible since OAM R2PS2 release with the introduction of authentication status. You can PAUSE authentication […]

Retrieving the OAM SessionID for Fun and Profit!

Introduction I recently worked with a customer who needed to do some OAM session manipulation via custom code in order to implement a complex use case. While the focus of this post is not to go into details about a specific implementation, I did want to share some advice on a very necessary building block […]

Implementing OAuth 2 with Oracle Access Manager OAuth Services (Part V)

Introduction This post is part of a series of posts about OAM’s OAuth implementation. Other posts can be found here: Part I – explains the proposed architecture and how to enable and configure OAM OAuth Services. Part II – describes a Business to Business use-case (2-legged flow); Part III  – deals with the Customer to Business use-case […]

Implementing OAuth 2 with Oracle Access Manager OAuth Services (Part IV)

Introduction This post is part IV of a series of posts about OAM’s OAuth implementation. Other posts can be found here: Part I – explains the proposed architecture and how to enable and configure OAM OAuth Services. Part II – describes a Business to Business use-case (2-legged flow); Part III  – deals with the Customer to Business […]

Simplified Role Hierarchy in R10

Introduction Our teammate Jack Desai published an article last year about Fusion Application Roles Concept. It gives you a great overview about the design to grant access to certain functionalities to specific users. His article familiarizes you with the concepts of Abstract Roles, Duty Roles, Job Roles or Data Roles and how they are used in […]

Implementing OAuth 2 with Oracle Access Manager OAuth Services (Part III)

Introduction This post is part III of a serie of posts about OAM’s OAuth implementation. Other posts can be found here: Part I – explains the proposed architecture and how to enable and configure OAM OAuth Services. Part II – describes a Business to Business use-case (2-legged flow); Part III  – deals with the Customer to Business […]

Implementing OAuth 2 with Oracle Access Manager OAuth Services (Part II)

Introduction This post is part II of a series of posts about OAM’s OAuth implementation. Other posts can be found here: Part I – explains the proposed architecture and how to enable and configure OAM OAuth Services. Part II – describes a Business to Business use-case (2-legged flow); Part III  – deals with the Customer to Business […]

Implementing OAuth 2 with Oracle Access Manager OAuth Services (Part I)

Introduction This post will explain the basics of OAuth 2.0 and how it can be used to protect resources by implementing some of the most common OAuth use cases. OAM provides out of the box OAuth Services, which allows a Client Application to access protected resources that belong to an end-user (that is, the Resource Owner). Before […]

OAM Federation 11.1.2.3: Performing a loopback test with WS-Federation

In a previous post I gave steps for performing a loopback test with SAML. This is where we configure OAM Federation to talk to itself, to act as both IdP and SP. This is useful in development and test environments to confirm OAM Federation is working without requiring an external server to talk to at […]

OAM Federation 11.1.2.3: Example Message Processing Plugin

SAML is an extensible protocol. Since it is based on XML, through the use of XML namespaces, custom elements and attributes can be inserted into the SAML messages at the appropriate places. Sometimes third party or custom SAML implementations will require particular custom elements or attributes to function. In this example, we will suppose an […]

OAM Federation 11.1.2.3: Performing a Loopback Test

In this blog post I will share steps for performing a loopback test of OAM Federation 11.1.2.3. In a loopback test, we configure OAM’s SP to point to OAM’s IdP. This enables you to confirm the basic functionality of OAM Federation without requiring any external partner server. I also find it useful in plugin development […]

OAM Federation: Identity Provider & Service Provider Management

In this blog post I want to clarify a point of initial confusion some people experience with OAM Federation 11.1.2.3. If we go to the “Federation” tab of the OAM Console, we see: Now the two main objects you manage in your OAM Fed configuration are your IdP Partner definitions and your SP Partner definitions. […]

Java Flight Recorder

Overview Performance issues are some of the most difficult and expensive issues to diagnose and fix.  For JAVA applications there is a great tool called the Java Flight Recorder (JFR) that can be used to both proactively to find potential performance issues during testing before they become apparent through external metrics and reactively to troubleshoot […]

OAAM_SAMPLE with different integration and/or deployment options

Multiple times in past, I have encountered questions/issues about OAAM_SAMPLE. So, thought to write a small post explaining how it can be used/configured to test (try out) different native integration options for OAAM. The OAAM Sample application is for demonstration purposes to familiarize yourself with OAAM APIs. It is not intended to be used as […]

Using OAAM Risk Evaluation in OAM Authorization Policies

We recently encountered an interesting requirement about taking decision within OAM Authorization policy based on the Risk-evaluation performed by OAAM during Authentication flow. Considering the interesting nature of the requirement / use-case, I thought to share details about the implementation approach through this blog post. All content listed on this page is the property of […]

Avoiding LibOVD Connection Leaks When Using OPSS User and Role API

The OPSS User and Role API (oracle.security.idm) provides an application with access to identity data (users and roles), without the application having to know anything about the underlying identity store (such as LDAP connection details). For new development, we no longer recommend the use of the OPSS User and Role API – use the Identity […]

Configuring your Oracle Database for Kerberos authentication

Introduction I have two goals with this post. To show how to setup Kerberos authentication for the Oracle Database and also demonstrate that the use/configuration of Kerberos is pretty straightforward. At least with the versions and OS I have used for this setup. The Kerberos functionality is provided by the Advanced Security Option of the […]