Using 3rd-party security virtual appliances in OCI

OCI offers a very robust and high-performance network firewall that’s integrated into the very core of the Virtual Cloud Network (VCN).  For some customers, this is sufficient, while other customers need more from their cloud security than is provided natively with the OCI VCN.  Some environments need application-level inspection (such as URL filtering, malware inspection, […]

Restrict Root Compartment Access with Oracle Cloud Infrastructure Policies

The OCI Administrators group grants manage acess to all resources in all compartments including the root compartment.  So, any member of this group is considered a super user.  Is a normal practice to keep Administrators members to a small number of users and create additional groups/policies to restrict access to specific compartments. If there’s a […]

Under the hood: Oracle Identity Cloud Service Audits

Introduction Audit events enable organization administrators to review the actions performed by members of your organization using details provided by the Audit logs – who performed the action, performed it, and what the action was.  Before getting into the article I want to mention this blog was written by Abhishek Juneja, a Principal Product Manager of Identity & […]

Identity cloud service : Mobile clients and PKCE support

Introduction OAuth 2.0 has become very popular within the mobile development community mainly because it is simple to implement and the tokens are fairly compact. There are various implementation patterns to choose from and it is very important to choose the right one to make sure that the solution is secure. In this blog post I want to describe how […]

Securing Subject Areas in Oracle Analytics Cloud

Introduction This post documents how to secure Oracle Business Intelligence Repository Metadata (RPD) subject areas in Oracle Analytics Cloud (OAC). It uses an example of two subject areas; Financials and Projects. The Projects subject area is secured via application roles and presentation services privileges. Only users with the correct role(s) can view the subject area […]

Eloqua Security Cheatsheet

Many clients who purchase products or suites from our SaaS portfolio haven’t fully thought through their security requirements prior to signing up. As such, it is not untypical to find themselves in a quandary as to what they should provision (for free) versus what additional add-ons they should purchase. This blog post is an attempt […]

Secure Access to Oracle Identity Manager 11g R2 PS3 REST APIs

REST APIs for Oracle Identity Manager (OIM) 11g R2 PS3 were released recently. The availability of REST APIs enables a variety of newer integrations with the product in addition to already available mechanisms using Java APIs. In this article, we discuss various ways of accessing these REST APIs in a secure manner. Please note that […]

Loading Identity Data Into Oracle Identity Cloud Services: A Broad High-level Survey

Introduction Oracle Identity Cloud Services (IDCS) – Oracle’s comprehensive Identity and Access Management platform for the cloud – was released recently. Populating identity data – such as user identities, groups and group memberships – is one of most important tasks that is typically needed initially and on an on-going basis in any identity management system. […]

Identity Cloud Services Audit Event REST API

Introduction This article is to help expand on topics of integration with Oracle’s Cloud Identity Management service called Identity Cloud Services. Identity Cloud Services delivers core essentials around identity and access management through a multi-tenant Cloud platform. As part of the Identity Cloud Services framework, it collects audit events that capture all significant events, changes, […]

Identity Cloud Services OAuth 2.0 and REST API

Introduction This article is to help expand on topics of integration with Oracle’s Cloud Identity Management service called Identity Cloud Services. Identity Cloud Services delivers core essentials around identity and access management through a multi-tenant Cloud platform.  One of the more exciting features of IDCS is that you can interact with it using a REST […]

Configuring HTTPS between Integration Cloud Service and Java Cloud Service

In a previous post, I discussed some general topics relating to the usage of HTTPS and certificates within Oracle Public Cloud. In this follow up piece, I will work through a concrete example and explain how to set up a Java Cloud Service instance in such a way that Integration Cloud Service can consume a […]

Connecting Oracle Data Integrator (ODI) to the Cloud: Web Services and Security Policies

Introduction When you look at the list of Technologies listed in ODI 12.2.1 Topology, you can see a new entry: SOAP Web Services. Prior to having this Technology defined here, developers connecting to Web Services in ODI had to enter all the connectivity details in their packages when they designed the Web Service call. Now […]

Introduction to Fusion Applications Roles Concepts

Introduction   Fusion Applications Security is designed based on Role-Based Access Control (RBAC). It is an approach to restricting access to authorized users. In general, RBAC is defined based on the primary rules as per this wiki page. RBAC normalizes access to functions and data through user roles rather than only users. User access is based on […]

OSB Http Transport Client Certificate Authentication Common Pitfall

I recently worked with a customer to help them resolve some issues they were having with configuring client certificate authentication (2-way SSL) for an Http Business Service in Oracle Service Bus (OSB).  This blog is to discuss a common issue encountered and how to fix it. The customer’s use case was to invoke a service […]

Validating the Fusion Applications Security Components During Installations and Upgrades

Introduction   When installing or upgrading Fusion Applications, it is necessary to validate the security components to ensure that they are functioning correctly. This article provides a list of tasks that can be performed to accomplish this. The order of tasks below follow the dependency that the components have on each other so that if […]

OIM 11g R2 Delegated Administration Model – Sample implementation (Part II)

Introduction This article is the continuation of Part I which describes the architecture of a Solution that addresses the requirements of a Sample Use case described later. In Part I, some key concepts were discussed. Below is a list of topics introduced in Part I of this post: Scoped Administrative Roles Access Policies Disconnected Application […]

How to secure Web Services exposed by OAAM Server (oaam_server)

At the end it turned out very simple but I had spent long time in configuring security (authentication and authorization) for Web Services exposed by OAAM 11gR2, thought about writing a blog post on it. For native integration, OAAM Server (oaam_server) exposes Web Services. For the enterprise deployment, security of Web Services would be mandatory.  […]

ODI: Restricting Visibility of Work Repositories

Introduction When ODI developers connect to the ODI studio, they can edit the connection parameters. In particular, they can manually select the Work Repository that they will connect to. Repository access can be password protected, but for security reasons it is best to not even list repositories that users should not have access to. This […]

Part 1: Kerberos Authentication, RBAC and SAML identity propagation in OAG

Introduction This post is the first one of a series by Andre Correa and Paulo Pereira on OAG (Oracle API Gateway). Throughout the series, we are going to talk about Kerberos authentication, Role Based Access Control (RBAC) and SAML identity propagation in OAG 11g, formerly known as OEG (Oracle Enterprise Gateway). What follows has been […]

Index of Security articles

In-depth information about the Fusion App’s security model, including how to integrate it with existing Identity and Access Management systems. The information found here is intended for on-premise customers. The best practices and operational aspects of the content in this site is a service provided as a part of the Fusion Applications Cloud offering.