Loading Data from Oracle Identity Cloud Service into Oracle BI Cloud Service using REST

Introduction This post details a method of extracting and loading data from Oracle Identity Cloud Service (IDCS) into the Oracle Business Intelligence Cloud Service (BICS). It builds upon the A-team post IDCS Audit Event REST API which details the REST API calls used. One use case for this method is for analyzing trends regarding audit events. […]

Loading Identity Data Into Oracle Identity Cloud Services: A Broad High-level Survey

Introduction Oracle Identity Cloud Services (IDCS) – Oracle’s comprehensive Identity and Access Management platform for the cloud – was released recently. Populating identity data – such as user identities, groups and group memberships – is one of most important tasks that is typically needed initially and on an on-going basis in any identity management system. […]

REST API for OIM 11gR2 PS3 is Available

Starting with Bundle Patch 11.1.2.3.161018 (Patch 24326201), Oracle Identity Gorvernance or OIM, adds a new REST API for self service requests.   The REST Service includes endpoints to invoke self service calls for tasks like Catalog, Requests, Certification, Users, Role, Organization and others.  Documentation and examples are available here. The REST Service has to be installed […]

Cloud Security: Seamless Federated SSO for PaaS and Fusion-based SaaS

Introduction Oracle Fusion-based SaaS Cloud environments can be extended in many ways. While customization is the standard activity to setup a SaaS environment for your business needs, chances are that you want to extend your SaaS for more sophisticated use cases. In general this is not a problem and Oracle Cloud offers a great number […]

Identity and Cloud Security A-Team at Oracle Open World

I just wanted to let everyone know that Kiran and I will be presenting with our good friend John Griffith from Regions Bank at Oracle Open World next week. Our session is Oracle Identity Management Production Readiness: Handling the Last Mile in Your Deployment [CON6972] It will take place on Wednesday, Sep 21, 1:30 p.m. […]

OAM Protected SPAs and Same-Origin Policy

Introduction On a previous post, I described the usage of OAM’s SAML Identity Assertion in the context of SPA (Single Page Applications) and how easy it is to take advantage of it for securely propagating the end user identity from the client to the backend services. However, that post is written with the assumption that […]

Authenticating to OIM SCIM server using an OAM-generated SAML identity assertion

In a previous post previous post I provided a brief introduction to SCIM. In this post I’m going to dive right in and give an example of using the OIM SCIM services and securing them with OAM. Why would you want to use OIM SCIM services? There are many reasons, however I will focus on […]

Exploring OAM’s SAML Identity Assertion

Introduction OAM (Oracle Access Manager) has an interesting feature that often goes unnoticed to a considerable number of people wishing to tackle the problem of identity propagation. It’s OAM’s ability to generate a secure token embedding user information as a result of successful authentication or authorization. My colleagues Rob Otto and Simon Kissane have talked […]

Upgrading to OIM 11.1.2.3: an overview

In this post I’m going to give an overview of the steps involved in upgrading to Oracle Identity Manager 11.1.2.3. This is just a high-level overview, with pointers to the documentation you need to read to get the detailed steps. Classification of OIM environments For the purpose of OIM upgrade, environments can be classified as […]

Cloud Security: Federated SSO for Fusion-based SaaS

Introduction To get you easily started with Oracle Cloud offerings, they come with their own user management. You can create users, assign roles, change passwords, etc. However, real world enterprises already have existing Identity Management solutions and want to avoid to maintain the same information in many places. To avoid duplicate identities and the related […]

OAM 11g Webgate Tuning

INTRODUCTION This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available. People typically are introduced to Webgate tuning in one of two ways, either forced into it because of a crisis or […]

What is SCIM?

SCIM is a standard protocol for accessing identity information (users, roles, etc), including querying, retrieval, create, update and delete. The latest version of SCIM, SCIM 2.0, has been defined in a series of RFCs: RFC 7642, RFC 7643 and RFC 7644. What does SCIM stand for? Originally it was an acronym for “Simplified Cloud Identity […]

Oracle Unified Directory 11gR2PS3 Very Large Static Groups

This post is about OUD and extremely large static groups where membership numbers exceed hundreds of thousands or even millions; yes I said millions.  I have been using Directory Services for over 15 years and the response I typically have for a customer that wants to use very large static groups is don’t do it.  Then I steer […]

Configuring Oracle Public Cloud to Federate with Microsoft Azure Active Directory

Introduction Companies usually have some Identity and Access Management solution deployed on premises to manage users and roles to secure access to their corporate applications. As business move to the cloud, companies will, most likely, want to leverage the investment already made into such IAM solutions and integrate them with the new SaaS or PaaS applications that […]

Working with Oracle Unified Directory 11gR2 Transformation Framework

If you have been using Oracle’s Identity Management software for at least the last few years you will probably be familiar or at least heard of OVD (Oracle Virtual Directory), which was originally acquired back in 2005 from a company called OctetString. OVD provides a vast number of great virtual features used to aggregate multiple […]

Improve Oracle Unified Directory 11gR2 Search Performance with Index Entry Limit

Introduction I am always looking for great tips that give big values; this one is no exception. This article is to help you understand how to tweak the index called “Index Entry Limit” to reap some dramatic ldapsearch performance improvements. I explain what this index is about, some of my own test results, how to determine the […]

MDC Switch – Configuring Multi-Data Center Types

INTRODUCTION This post discusses the steps required to configure a “master” data center to a “clone” data center and visa-versa. If you are not familiar with Multi-Data Center (MDC) implementation and Automated Policy Synchronization (APS) please read the following links: http://www.ateam-oracle.com/multi-data-center-implemenation-in-oracle-access-manager/ http://www.ateam-oracle.com/automated-policy-synchronization-aps-for-oam-cloned-environment/ All content listed on this page is the property of Oracle Corp. Redistribution […]

Multiple authentication mechanism chaining in OAM

Authentication mechanism chaining Since the inception of OAM 11g, we have been talking about authentication scheme chaining and being able to invoke multiple authentication schemes in sequence or invoke an authentication scheme based on some condition. This has been made possible since OAM R2PS2 release with the introduction of authentication status. You can PAUSE authentication […]

Retrieving the OAM SessionID for Fun and Profit!

Introduction I recently worked with a customer who needed to do some OAM session manipulation via custom code in order to implement a complex use case. While the focus of this post is not to go into details about a specific implementation, I did want to share some advice on a very necessary building block […]

Implementing OAuth 2 with Oracle Access Manager OAuth Services (Part V)

Introduction This post is part of a series of posts about OAM’s OAuth implementation. Other posts can be found here: Part I – explains the proposed architecture and how to enable and configure OAM OAuth Services. Part II – describes a Business to Business use-case (2-legged flow); Part III  – deals with the Customer to Business use-case […]