Cloud Security: User Provisioning to Fusion Applications Cloud

Introduction The notion of a user is the most common reason for misunderstanding and confusion. When we mention a user, we often think of the person who is allowed to use an application. However, nearly every application has a different user structure implemented. The challenge is to find a common ground for these differing user […]

Part 3: Automate Requests against Identity Cloud Service using Newman

Introduction In Part 1: Automate getting an Identity Cloud Service Access Token in Postman I covered using a Pre-request script to automate getting an Access Token from Identity Cloud Service in order to successfully be authorized to send REST API requests. Then in Part 2: Using Postman Runner with Identity Cloud Service I built on […]

Part 2: Using Postman Runner with Identity Cloud Service

Introduction In the last article, Part 1: Automate getting an Identity Cloud Service Access Token in Postman, I explained how using a Pre-request Script can automate getting an access token so when a request is sent to Identity Cloud Service it just works, a big time saver. In this article I am going build on […]

Part 1: Automate getting an Identity Cloud Service Access Token in Postman

Introduction If you have spent enough time working with web services you have probably heard of Postman. If not, then let me say it is a great tool to test REST APIs against Identity Cloud Service (IDCS) among other things. When using Postman with web services you quickly learn an OAuth2 Access Token is required […]

Oracle Identity Cloud Service: Long Lived OAuth Tokens

One of the responsibilities of Oracle Identity Cloud Service (IDCS) is to serve as an OAuth 2.0 Authorization Server. As an Authorization Server, IDCS issues access and refresh tokens to OAuth Clients. OAuth Clients use these tokens to access various resources on Resource Servers on-behalf of Resource Owners. OAuth Clients are things like web or […]

Restrict Root Compartment Access with Oracle Cloud Infrastructure Policies

The OCI Administrators group grants manage acess to all resources in all compartments including the root compartment.  So, any member of this group is considered a super user.  Is a normal practice to keep Administrators members to a small number of users and create additional groups/policies to restrict access to specific compartments. If there’s a […]

Under the hood: Oracle Identity Cloud Service Audits

Introduction Audit events enable organization administrators to review the actions performed by members of your organization using details provided by the Audit logs – who performed the action, performed it, and what the action was.  Before getting into the article I want to mention this blog was written by Abhishek Juneja, a Principal Product Manager of Identity & […]

Restrict access to IDCS UI using Sign-On Policies

Introduction The purpose of this blog post is to describe how to use Sign-On Policies to restrict access to the OOTB Oracle Identity Cloud Service UI. One use-case could be that End-Users should not be able to view and update their own profile details using the OOTB UI. All content listed on this page is […]

IDCS Integrations Series Part III: Integrating on-prem applications to IDCS

Overview As more and more customers move Identity to the cloud, we will run into applications that cannot be migrated in short term or cannot be migrated at all to cloud for various reasons including security. That leads to the question, how do we integrate those on-prem applications to cloud Identity solution? There are a […]

IDCS Integrations Series Part II:Integrating Fusion Application with IDCS

Overview Last year at OOW, I conducted Hands On Lab on Fusion integration with IDCS. We had a full room of audience with loads of questions. That inspired me to write this blog. One of the most common requirements as Fusion is deployed in OPC is, how to centrally manage users and implement Single Sign-On […]

The Ultimate Apache/OHS11g Tuning Guide for OAM11g WebGate

Introduction OK, maybe “Ultimate” could be stretching it, but it caught your eye so you can be the judge. This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available here. Though OAM11g is […]

Identity cloud service : Mobile clients and PKCE support

Introduction OAuth 2.0 has become very popular within the mobile development community mainly because it is simple to implement and the tokens are fairly compact. There are various implementation patterns to choose from and it is very important to choose the right one to make sure that the solution is secure. In this blog post I want to describe how […]

IDCS Integrations Series Part I: Integrating WebLogic Hosted Application with IDCS

Overview As you implement IDCS (Oracle IDentity Cloud Service) use cases, you would have started thinking, “how do you integration application X with IDCS?”, Specially the applications running on-premise or running somewhere other than Oracle public cloud. This blog talks about integration of weblogic hosted applications with IDCS running on-premise or running somewhere other than Oracle […]

Implement Social Login with Oracle Identity Cloud Service

Overview Social login is an important use case for B2C applications be it marketing or eCommerce. It is a form of sign-in/login where a user uses social network services like Facebook, Twitter or Google to login to the service/application. Social login services like Facebook act as Identity Provider and the service that the user wanted to […]

Invoking Oracle Identity Cloud Service REST API from PL/SQL

This post shows a way to make REST API calls to Oracle Identity Cloud Service from an Oracle Database using PL/SQL.  The idea is that a PL/SQL application can manage and search for user and group entities directly in Identity Cloud Service. In the sample code we’ll see how to obtain an access token from Identity Cloud […]

Secure Access to Oracle Identity Manager 11g R2 PS3 REST APIs

REST APIs for Oracle Identity Manager (OIM) 11g R2 PS3 were released recently. The availability of REST APIs enables a variety of newer integrations with the product in addition to already available mechanisms using Java APIs. In this article, we discuss various ways of accessing these REST APIs in a secure manner. Please note that […]

REST API for OIM 11gR2 PS3 is Available

Starting with Bundle Patch 11.1.2.3.161018 (Patch 24326201), Oracle Identity Gorvernance or OIM, adds a new REST API for self service requests.   The REST Service includes endpoints to invoke self service calls for tasks like Catalog, Requests, Certification, Users, Role, Organization and others.  Documentation and examples are available here. The REST Service has to be installed […]

Cloud Security: Seamless Federated SSO for PaaS and Fusion-based SaaS

Introduction Oracle Fusion-based SaaS Cloud environments can be extended in many ways. While customization is the standard activity to setup a SaaS environment for your business needs, chances are that you want to extend your SaaS for more sophisticated use cases. In general this is not a problem and Oracle Cloud offers a great number […]

Cloud Security: Using Fusion Application Web Services with Message Protection

Introduction Oracle Fusion Applications offers a number of WebServices to allow other applications to incorporate the Fusion Applications functionality. To prevent data leakage, these WebServices follow a common security pattern that requires access authentication and message protection using message signing and/or message encryption. To use such a WebService, the WSDL of each service provides all […]

Cloud Security: Federated SSO for Fusion-based SaaS

Introduction To get you easily started with Oracle Cloud offerings, they come with their own user management. You can create users, assign roles, change passwords, etc. However, real world enterprises already have existing Identity Management solutions and want to avoid to maintain the same information in many places. To avoid duplicate identities and the related […]