Cloud Security: User Provisioning to Fusion Applications Cloud

Introduction The notion of a user is the most common reason for misunderstanding and confusion. When we mention a user, we often think of the person who is allowed to use an application. However, nearly every application has a different user structure implemented. The challenge is to find a common ground for these differing user […]

Mobile App Development with OAuth 2.0 and IDCS: A High Level Approach

Introduction IDCS is used by enterprises and organizations to allow secure access to their applications.  IDCS uses various open standards such as OAuth 2.0, SAML etc. to protect these applications.  One of the many features of IDCS is to facilitate client applications accessing backend (REST) APIs using OAuth 2.0 (https://tools.ietf.org/html/rfc6749).  Client applications come in different […]

Restrict access to IDCS UI using Sign-On Policies

Introduction The purpose of this blog post is to describe how to use Sign-On Policies to restrict access to the OOTB Oracle Identity Cloud Service UI. One use-case could be that End-Users should not be able to view and update their own profile details using the OOTB UI. All content listed on this page is […]

IDCS Integrations Series Part II:Integrating Fusion Application with IDCS

Overview Last year at OOW, I conducted Hands On Lab on Fusion integration with IDCS. We had a full room of audience with loads of questions. That inspired me to write this blog. One of the most common requirements as Fusion is deployed in OPC is, how to centrally manage users and implement Single Sign-On […]

IDCS Integrations Series Part I: Integrating WebLogic Hosted Application with IDCS

Overview As you implement IDCS (Oracle IDentity Cloud Service) use cases, you would have started thinking, “how do you integration application X with IDCS?”, Specially the applications running on-premise or running somewhere other than Oracle public cloud. This blog talks about integration of weblogic hosted applications with IDCS running on-premise or running somewhere other than Oracle […]

Integrating APEX with Oracle Identity Cloud Service

Introduction The purpose of this blog post is to describe how to do the Integration of APEX(on-premise) with Oracle Identity Cloud Service(IDCS). The integration described in this Post relies on APEX using the Oracle Rest Data Services(ORDS) deployed on Weblogic. Request a protected resource on WLS (No previous WLS session) WLS will initiate a federation […]

Cloud Security: Seamless Federated SSO for PaaS and Fusion-based SaaS

Introduction Oracle Fusion-based SaaS Cloud environments can be extended in many ways. While customization is the standard activity to setup a SaaS environment for your business needs, chances are that you want to extend your SaaS for more sophisticated use cases. In general this is not a problem and Oracle Cloud offers a great number […]

A Work-around for the Session Overwrite Problem in WebLogic SAML SSO

Introduction While working on my previous post “Configure SAML 2 for SSO with Oracle BAM Dashboard“, I noticed an issue. After SSO to BAM happens from mywebapp1, if I reload the mywebapp1 page, I get prompted for login again. A little debugging pointed me to the session overwrite issue, in which I will get into […]

Configure SAML 2 for SSO with Oracle BAM Dashboard

Introduction In a recent customer POC, there is requirement for SSO between an OBIEE dashboard and an Oracle BAM dashboard. SAML is a potential candidate for this kind of point to point SSO. After some googling, I was able to find blogs on configuring SAML1.1 SSO by Vikrant Sawant and SAML 2.0 SSO by Puneeth, but nothing […]

Cloud Security: Federated SSO for Fusion-based SaaS

Introduction To get you easily started with Oracle Cloud offerings, they come with their own user management. You can create users, assign roles, change passwords, etc. However, real world enterprises already have existing Identity Management solutions and want to avoid to maintain the same information in many places. To avoid duplicate identities and the related […]

Improve SSL Support for Your WebLogic Domains

Introduction Every WebLogic Server installation comes with SSL support. But for some reason many installations get this interesting error message at startup: Ignoring the trusted CA certificate “CN=Entrust Root Certification Authority – G2,OU=(c) 2009 Entrust, Inc. – for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust, Inc.,C=US”. The loading of the trusted certificate list raised a certificate parsing exception […]

5 Minutes or less: Kerberos

Every time I talk to someone about Kerberos I need to take a few minutes to go through the concepts. This post is intended to just write down what I usually say and draw with a white board. If you want to know more about Kerberos there’s a metric ton …

OAM 11g Logout Part One (of two)

This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available. In my last two posts on OAM I discussed OAM 11g login and cook…

Single Sign On for WebCenter Interaction

I have spent a little time recently setting up single sign on for WebCenter Interaction. My environment is WebCenter Interaction 10.3 running on Oracle WebLogic Server 10.3 on Windows 2003 Server, with an Oracle HTTP Server (Apache 1.3) HTTP Proxy, … Continue reading