Integrating Okta as Identity Provider to IDCS

IDCS (IDentity Cloud Service) is Oracle’s next-gen Identity solution built in the cloud for the cloud. It is fully standards compliant and implements various standards like SAML (Security Assertion Markup Language), OAuth, OIDC (OpenID Connect), etc. Those standards help customers integrate with other products implementing those same standard. One use case that I came across, […]

Using the OCI CLI with a federated user from a Docker container (or over ssh)

The OCI team just announced the ability for federated users to use the CLI. The TL;DR description of the feature is that users don’t have to create a key pair and upload it into OCI. Instead you can just run “oci session authenticate” and the CLI will open your browser and push you through a […]

Pages: 1 2

3 Steps to kick-start OCI monitoring in CASB

Introduction Oracle CASB Cloud Service is used for security monitoring the cloud footprint of SaaS, PaaS and IaaS components. CASB, when configured to monitor Oracle Cloud Infrastructure (OCI), can detect risk, anomalies and potential security violations. In OCI, the target of CASB monitoring is a compartment. Once an OCI compartment is configured in CASB, out-of-box […]

Creating a 3-legged OAuth Application in IDCS

Where is the simple “shake ‘n’ bake” / step by step guide to creating a 3-legged, Authorization Code flow OAuth client in IDCS? Right here. All content listed on this page is the property of Oracle Corp. Redistribution not allowed without written permission

IP Address Whitelisting in Oracle Identity Cloud Service

Introduction Oracle IDCS (Identity Cloud Service) supports restricting access to applications based on the user IP address. Such applications can be the IDCS Console or any application registered by customers in IDCS. At first sight, restricting access based on the user IP address may lead to the belief that IDCS can only blacklist a set […]

Restricting Access to Oracle Analytics Cloud by IP Range

For other A-Team articles by Richard, click here Introduction Customers may want to restrict access to their Oracle Cloud Services to a set of IP ranges, for instance to only allow connections coming from their corporate office.  That type of restriction is not possible within Oracle Analytics Cloud itself, but it possible to set up using […]

Trigger OIC Integration Using OAuth

As businesses move to the cloud there is a high demand for securing/protecting their HTTP resources from unauthorized access. There are several approaches to protecting these resources which include SAML for SOAP service, OAuth for REST services, HTTP basic for both, and sometimes home grown proprietary mechanisms. It may not be widely known yet, but […]

Using the IDCS’ OAuth Device Flow for Fun and Profit

Introduction If you’ve been on the internet recently you’ve probably used OAuth and more specifically the “Authorization Code” grant type (or “AZ Code” if, like The Dude, you are into the whole brevity thing). For example if you’ve ever clicked a “Sign on with Facebook” button or used a Facebook app you’ve used OAuth’s AZ […]

Authorize access to Oracle Fusion Cloud Application API’s by using OAuth tokens

Introduction Nowadays OAuth is the method of choice to authorize access to Cloud resources for third-party systems. There are several ways how to define trust between systems and getting a valid access token. This blog talks about the most common ways for Oracle Fusion Cloud Applications (hereinafter referred to in this article as “Fusion Apps”) […]

Cloud Security: User Provisioning to Fusion Applications Cloud

Introduction The notion of a user is the most common reason for misunderstanding and confusion. When we mention a user, we often think of the person who is allowed to use an application. However, nearly every application has a different user structure implemented. The challenge is to find a common ground for these differing user […]

Mobile App Development with OAuth 2.0 and IDCS: A High Level Approach

Introduction IDCS is used by enterprises and organizations to allow secure access to their applications.  IDCS uses various open standards such as OAuth 2.0, SAML etc. to protect these applications.  One of the many features of IDCS is to facilitate client applications accessing backend (REST) APIs using OAuth 2.0 (https://tools.ietf.org/html/rfc6749).  Client applications come in different […]

Silently federate from your SAML IdP or OpenID Connect Provider to IDCS

Introduction As you may know IDCS can operate as both a SAML IdP and a SAML SP at the same time – a use case known as an IdP Proxy or IdP Chaining. This is useful in a bunch of situations, but the most common is when you want users to login to your on […]

Part 3: Automate Requests against Identity Cloud Service using Newman

Introduction In Part 1: Automate getting an Identity Cloud Service Access Token in Postman I covered using a Pre-request script to automate getting an Access Token from Identity Cloud Service in order to successfully be authorized to send REST API requests. Then in Part 2: Using Postman Runner with Identity Cloud Service I built on […]

Part 2: Using Postman Runner with Identity Cloud Service

Introduction In the last article, Part 1: Automate getting an Identity Cloud Service Access Token in Postman, I explained how using a Pre-request Script can automate getting an access token so when a request is sent to Identity Cloud Service it just works, a big time saver. In this article I am going build on […]

Part 1: Automate getting an Identity Cloud Service Access Token in Postman

Introduction If you have spent enough time working with web services you have probably heard of Postman. If not, then let me say it is a great tool to test REST APIs against Identity Cloud Service (IDCS) among other things. When using Postman with web services you quickly learn an OAuth2 Access Token is required […]

Oracle GoldenGate: Passive-Alias Extract

Introduction The Oracle GoldenGate (OGG) Passive-Alias Extract may be used for data replication between source databases located on servers in untrusted security zones and target database servers in trusted security zones. In this article we’ll configure Alias Extracts on a trusted zone OGG instance that will interact with Passive Extracts on untrusted zone OGG instances […]

Oracle Identity Cloud Service: Long Lived OAuth Tokens

One of the responsibilities of Oracle Identity Cloud Service (IDCS) is to serve as an OAuth 2.0 Authorization Server. As an Authorization Server, IDCS issues access and refresh tokens to OAuth Clients. OAuth Clients use these tokens to access various resources on Resource Servers on-behalf of Resource Owners. OAuth Clients are things like web or […]

API Gateway SSL configuration in Production

Introduction This blog provides steps to configure SSL certificate in Oracle API Gateway node’s trust store. It becomes necessary when API gateway in installed in “production” mode. Without SSL certificate you won’t able to deploy an API to gateway node, because in production mode gateway must communicate with APIP management tier over SSL. Another use-case […]

Introduction to Secure Java Coding

Secure Java coding is a vast topic; therefore, this article is just an introduction to it. I will discuss the most frequent attacks, mitigations, and some traps that developers usually fall into either because of partial or complete lack of familiarity with Java security.  Basic Coding Practices Before dealing with specific security attacks, let’s review […]