Restricting Access to Oracle Analytics Cloud by IP Range

For other A-Team articles by Richard, click here Introduction Customers may want to restrict access to their Oracle Cloud Services to a set of IP ranges, for instance to only allow connections coming from their corporate office.  That type of restriction is not possible within Oracle Analytics Cloud itself, but it possible to set up using […]

Trigger OIC Integration Using OAuth

As businesses move to the cloud there is a high demand for securing/protecting their HTTP resources from unauthorized access. There are several approaches to protecting these resources which include SAML for SOAP service, OAuth for REST services, HTTP basic for both, and sometimes home grown proprietary mechanisms. It may not be widely known yet, but […]

Using the IDCS’ OAuth Device Flow for Fun and Profit

Introduction If you’ve been on the internet recently you’ve probably used OAuth and more specifically the “Authorization Code” grant type (or “AZ Code” if, like The Dude, you are into the whole brevity thing). For example if you’ve ever clicked a “Sign on with Facebook” button or used a Facebook app you’ve used OAuth’s AZ […]

Cloud Security: User Provisioning to Fusion Applications Cloud

Introduction The notion of a user is the most common reason for misunderstanding and confusion. When we mention a user, we often think of the person who is allowed to use an application. However, nearly every application has a different user structure implemented. The challenge is to find a common ground for these differing user […]

Mobile App Development with OAuth 2.0 and IDCS: A High Level Approach

Introduction IDCS is used by enterprises and organizations to allow secure access to their applications.  IDCS uses various open standards such as OAuth 2.0, SAML etc. to protect these applications.  One of the many features of IDCS is to facilitate client applications accessing backend (REST) APIs using OAuth 2.0 (https://tools.ietf.org/html/rfc6749).  Client applications come in different […]

Silently federate from your SAML IdP or OpenID Connect Provider to IDCS

Introduction As you may know IDCS can operate as both a SAML IdP and a SAML SP at the same time – a use case known as an IdP Proxy or IdP Chaining. This is useful in a bunch of situations, but the most common is when you want users to login to your on […]

Oracle GoldenGate: Passive-Alias Extract

Introduction The Oracle GoldenGate (OGG) Passive-Alias Extract may be used for data replication between source databases located on servers in untrusted security zones and target database servers in trusted security zones. In this article we’ll configure Alias Extracts on a trusted zone OGG instance that will interact with Passive Extracts on untrusted zone OGG instances […]

Oracle Identity Cloud Service: Long Lived OAuth Tokens

One of the responsibilities of Oracle Identity Cloud Service (IDCS) is to serve as an OAuth 2.0 Authorization Server. As an Authorization Server, IDCS issues access and refresh tokens to OAuth Clients. OAuth Clients use these tokens to access various resources on Resource Servers on-behalf of Resource Owners. OAuth Clients are things like web or […]

Oracle GoldenGate Microservices Architecture: Using Self-signed Certificates

Introduction Oracle GoldenGate Microservices Architecture (OGG-MA) provides functionality for securing Rest API calls and communications channels between the Distribution and Receiver Servers over Transport Layer Security (TLS). In order to activate this security protocol a SSL Certificate must be obtained from a Certificate Authority (CA) and installed on the server prior to creating the OGG-MA […]

Restrict Root Compartment Access with Oracle Cloud Infrastructure Policies

The OCI Administrators group grants manage acess to all resources in all compartments including the root compartment.  So, any member of this group is considered a super user.  Is a normal practice to keep Administrators members to a small number of users and create additional groups/policies to restrict access to specific compartments. If there’s a […]

Restrict access to IDCS UI using Sign-On Policies

Introduction The purpose of this blog post is to describe how to use Sign-On Policies to restrict access to the OOTB Oracle Identity Cloud Service UI. One use-case could be that End-Users should not be able to view and update their own profile details using the OOTB UI. All content listed on this page is […]

Oracle GoldenGate Big Data Adapter: Establishing Secure Connections to Apache Kafka

Introduction When publishing data to Apache Kafka via the Oracle GoldenGate Big Data Kafka Handler, it is a good practice to establish secure connections in order to protect sensitive data from un-authorized snooping. The Oracle Big Data Kafka Handler leverages encryption and authentication features built-in to Apache Kafka. In this article we shall detail the Oracle […]

IDCS Integrations Series Part III: Integrating on-prem applications to IDCS

Overview As more and more customers move Identity to the cloud, we will run into applications that cannot be migrated in short term or cannot be migrated at all to cloud for various reasons including security. That leads to the question, how do we integrate those on-prem applications to cloud Identity solution? There are a […]

IDCS Integrations Series Part II:Integrating Fusion Application with IDCS

Overview Last year at OOW, I conducted Hands On Lab on Fusion integration with IDCS. We had a full room of audience with loads of questions. That inspired me to write this blog. One of the most common requirements as Fusion is deployed in OPC is, how to centrally manage users and implement Single Sign-On […]

Identity cloud service : Mobile clients and PKCE support

Introduction OAuth 2.0 has become very popular within the mobile development community mainly because it is simple to implement and the tokens are fairly compact. There are various implementation patterns to choose from and it is very important to choose the right one to make sure that the solution is secure. In this blog post I want to describe how […]

Oracle GoldenGate: Security Best Practices

Introduction Securing platforms, applications, and data from unauthorized access is of great importance to IT organizations. In this article we shall detail the product features and best practices for securing your Oracle GoldenGate environment. The concepts presented in this article are for educational purposes only. Before applying any changes presented in this article to your environment, […]

IDCS Integrations Series Part I: Integrating WebLogic Hosted Application with IDCS

Overview As you implement IDCS (Oracle IDentity Cloud Service) use cases, you would have started thinking, “how do you integration application X with IDCS?”, Specially the applications running on-premise or running somewhere other than Oracle public cloud. This blog talks about integration of weblogic hosted applications with IDCS running on-premise or running somewhere other than Oracle […]

Transport Layer Security (TLS) and Web Service Connections in SaaS Integrations

A Checklist for Success with TLS Why We Need This Despite the full feature sets and capabilities that Oracle builds into their software-as-a-service (SaaS) cloud applications, there are still going to be occasional customers with business requirements that cannot be satisfied solely with a single SaaS subscription.  In these cases, it is possible to extend […]

Integrating APEX with Oracle Identity Cloud Service

Introduction The purpose of this blog post is to describe how to do the Integration of APEX(on-premise) with Oracle Identity Cloud Service(IDCS). The integration described in this Post relies on APEX using the Oracle Rest Data Services(ORDS) deployed on Weblogic. Request a protected resource on WLS (No previous WLS session) WLS will initiate a federation […]

Implement Social Login with Oracle Identity Cloud Service

Overview Social login is an important use case for B2C applications be it marketing or eCommerce. It is a form of sign-in/login where a user uses social network services like Facebook, Twitter or Google to login to the service/application. Social login services like Facebook act as Identity Provider and the service that the user wanted to […]