Identity cloud service : Mobile clients and PKCE support

Introduction OAuth 2.0 has become very popular within the mobile development community mainly because it is simple to implement and the tokens are fairly compact. There are various implementation patterns to choose from and it is very important to choose the right one to make sure that the solution is secure. In this blog post I want to describe how […]

Securing Subject Areas in Oracle Analytics Cloud

Introduction This post documents how to secure Oracle Business Intelligence Repository Metadata (RPD) subject areas in Oracle Analytics Cloud (OAC). It uses an example of two subject areas; Financials and Projects. The Projects subject area is secured via application roles and presentation services privileges. Only users with the correct role(s) can view the subject area […]

Eloqua Security Cheatsheet

Many clients who purchase products or suites from our SaaS portfolio haven’t fully thought through their security requirements prior to signing up. As such, it is not untypical to find themselves in a quandary as to what they should provision (for free) versus what additional add-ons they should purchase. This blog post is an attempt […]

Secure Access to Oracle Identity Manager 11g R2 PS3 REST APIs

REST APIs for Oracle Identity Manager (OIM) 11g R2 PS3 were released recently. The availability of REST APIs enables a variety of newer integrations with the product in addition to already available mechanisms using Java APIs. In this article, we discuss various ways of accessing these REST APIs in a secure manner. Please note that […]

Loading Identity Data Into Oracle Identity Cloud Services: A Broad High-level Survey

Introduction Oracle Identity Cloud Services (IDCS) – Oracle’s comprehensive Identity and Access Management platform for the cloud – was released recently. Populating identity data – such as user identities, groups and group memberships – is one of most important tasks that is typically needed initially and on an on-going basis in any identity management system. […]

Identity Cloud Services Audit Event REST API

Introduction This article is to help expand on topics of integration with Oracle’s Cloud Identity Management service called Identity Cloud Services. Identity Cloud Services delivers core essentials around identity and access management through a multi-tenant Cloud platform. As part of the Identity Cloud Services framework, it collects audit events that capture all significant events, changes, […]

Identity Cloud Services OAuth 2.0 and REST API

Introduction This article is to help expand on topics of integration with Oracle’s Cloud Identity Management service called Identity Cloud Services. Identity Cloud Services delivers core essentials around identity and access management through a multi-tenant Cloud platform.  One of the more exciting features of IDCS is that you can interact with it using a REST […]

Configuring HTTPS between Integration Cloud Service and Java Cloud Service

In a previous post, I discussed some general topics relating to the usage of HTTPS and certificates within Oracle Public Cloud. In this follow up piece, I will work through a concrete example and explain how to set up a Java Cloud Service instance in such a way that Integration Cloud Service can consume a […]

Connecting Oracle Data Integrator (ODI) to the Cloud: Web Services and Security Policies

Introduction When you look at the list of Technologies listed in ODI 12.2.1 Topology, you can see a new entry: SOAP Web Services. Prior to having this Technology defined here, developers connecting to Web Services in ODI had to enter all the connectivity details in their packages when they designed the Web Service call. Now […]

Introduction to Fusion Applications Roles Concepts

Introduction   Fusion Applications Security is designed based on Role-Based Access Control (RBAC). It is an approach to restricting access to authorized users. In general, RBAC is defined based on the primary rules as per this wiki page. RBAC normalizes access to functions and data through user roles rather than only users. User access is based on […]

OSB Http Transport Client Certificate Authentication Common Pitfall

I recently worked with a customer to help them resolve some issues they were having with configuring client certificate authentication (2-way SSL) for an Http Business Service in Oracle Service Bus (OSB).  This blog is to discuss a common issue encountered and how to fix it. The customer’s use case was to invoke a service […]

Validating the Fusion Applications Security Components During Installations and Upgrades

Introduction   When installing or upgrading Fusion Applications, it is necessary to validate the security components to ensure that they are functioning correctly. This article provides a list of tasks that can be performed to accomplish this. The order of tasks below follow the dependency that the components have on each other so that if […]

OIM 11g R2 Delegated Administration Model – Sample implementation (Part II)

Introduction This article is the continuation of Part I which describes the architecture of a Solution that addresses the requirements of a Sample Use case described later. In Part I, some key concepts were discussed. Below is a list of topics introduced in Part I of this post: Scoped Administrative Roles Access Policies Disconnected Application […]

How to secure Web Services exposed by OAAM Server (oaam_server)

At the end it turned out very simple but I had spent long time in configuring security (authentication and authorization) for Web Services exposed by OAAM 11gR2, thought about writing a blog post on it. For native integration, OAAM Server (oaam_server) exposes Web Services. For the enterprise deployment, security of Web Services would be mandatory.  […]

ODI: Restricting Visibility of Work Repositories

Introduction When ODI developers connect to the ODI studio, they can edit the connection parameters. In particular, they can manually select the Work Repository that they will connect to. Repository access can be password protected, but for security reasons it is best to not even list repositories that users should not have access to. This […]

Part 1: Kerberos Authentication, RBAC and SAML identity propagation in OAG

Introduction This post is the first one of a series by Andre Correa and Paulo Pereira on OAG (Oracle API Gateway). Throughout the series, we are going to talk about Kerberos authentication, Role Based Access Control (RBAC) and SAML identity propagation in OAG 11g, formerly known as OEG (Oracle Enterprise Gateway). What follows has been […]

Index of Security articles

In-depth information about the Fusion App’s security model, including how to integrate it with existing Identity and Access Management systems. The information found here is intended for on-premise customers. The best practices and operational aspects of the content in this site is a service provided as a part of the Fusion Applications Cloud offering.

OAM and OIM Config changes for Split Profile ( Split Profile Configuration -Part 2)

In my previous post i have discussed split profile set up scenario with AD and OID in Fusion Applications IDM Environment and how to create Adapters in OVD  for consolidating the two directory servers AD and OID.Adapters configuration alone is not…

Identity Management

As members of the IDM and Security A-Team, we get exposed to a wide range of challenging technical issues around security and Oracle Fusion Middleware. We’re using this site to answer common questions and provide interesting solutions to the real-world scenarios that our customers encounter every day. Products and Technologies Access Management > Discussions on […]

Part 3: OAM11g WNA Identity Store Considerations and Configurations

Introduction This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available. This is the final post of a three part series.  In “Part 1: Under the Covers of OAM11g WNA integration […]