The Ultimate Apache/OHS11g Tuning Guide for OAM11g WebGate

Introduction OK, maybe “Ultimate” could be stretching it, but it caught your eye so you can be the judge. This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available here. Though OAM11g is […]

Authenticating to the OIG REST API from an OAM-protected web app

The objective of this post is to describe how a web app protected by an OAM WebGate can authenticate to the OIG REST APIs. In a previous blog post, I provided detailed steps to do the same thing for the SCIM REST APIs; now in this blog post I will explain how the same approach […]

Identity and Cloud Security A-Team at Oracle Open World

I just wanted to let everyone know that Kiran and I will be presenting with our good friend John Griffith from Regions Bank at Oracle Open World next week. Our session is Oracle Identity Management Production Readiness: Handling the Last Mile in Your Deployment [CON6972] It will take place on Wednesday, Sep 21, 1:30 p.m. […]

OAM Protected SPAs and Same-Origin Policy

Introduction On a previous post, I described the usage of OAM’s SAML Identity Assertion in the context of SPA (Single Page Applications) and how easy it is to take advantage of it for securely propagating the end user identity from the client to the backend services. However, that post is written with the assumption that […]

Exploring OAM’s SAML Identity Assertion

Introduction OAM (Oracle Access Manager) has an interesting feature that often goes unnoticed to a considerable number of people wishing to tackle the problem of identity propagation. It’s OAM’s ability to generate a secure token embedding user information as a result of successful authentication or authorization. My colleagues Rob Otto and Simon Kissane have talked […]

Multiple authentication mechanism chaining in OAM

Authentication mechanism chaining Since the inception of OAM 11g, we have been talking about authentication scheme chaining and being able to invoke multiple authentication schemes in sequence or invoke an authentication scheme based on some condition. This has been made possible since OAM R2PS2 release with the introduction of authentication status. You can PAUSE authentication […]

Retrieving the OAM SessionID for Fun and Profit!

Introduction I recently worked with a customer who needed to do some OAM session manipulation via custom code in order to implement a complex use case. While the focus of this post is not to go into details about a specific implementation, I did want to share some advice on a very necessary building block […]

Implementing OAuth 2 with Oracle Access Manager OAuth Services (Part V)

Introduction This post is part of a series of posts about OAM’s OAuth implementation. Other posts can be found here: Part I – explains the proposed architecture and how to enable and configure OAM OAuth Services. Part II – describes a Business to Business use-case (2-legged flow); Part III  – deals with the Customer to Business use-case […]

Implementing OAuth 2 with Oracle Access Manager OAuth Services (Part IV)

Introduction This post is part IV of a series of posts about OAM’s OAuth implementation. Other posts can be found here: Part I – explains the proposed architecture and how to enable and configure OAM OAuth Services. Part II – describes a Business to Business use-case (2-legged flow); Part III  – deals with the Customer to Business […]

Implementing OAuth 2 with Oracle Access Manager OAuth Services (Part III)

Introduction This post is part III of a serie of posts about OAM’s OAuth implementation. Other posts can be found here: Part I – explains the proposed architecture and how to enable and configure OAM OAuth Services. Part II – describes a Business to Business use-case (2-legged flow); Part III  – deals with the Customer to Business […]

Implementing OAuth 2 with Oracle Access Manager OAuth Services (Part II)

Introduction This post is part II of a series of posts about OAM’s OAuth implementation. Other posts can be found here: Part I – explains the proposed architecture and how to enable and configure OAM OAuth Services. Part II – describes a Business to Business use-case (2-legged flow); Part III  – deals with the Customer to Business […]

Implementing OAuth 2 with Oracle Access Manager OAuth Services (Part I)

Introduction This post will explain the basics of OAuth 2.0 and how it can be used to protect resources by implementing some of the most common OAuth use cases. OAM provides out of the box OAuth Services, which allows a Client Application to access protected resources that belong to an end-user (that is, the Resource Owner). Before […]

OAM Federation 11.1.2.3: Performing a loopback test with WS-Federation

In a previous post I gave steps for performing a loopback test with SAML. This is where we configure OAM Federation to talk to itself, to act as both IdP and SP. This is useful in development and test environments to confirm OAM Federation is working without requiring an external server to talk to at […]

Using OAAM Risk Evaluation in OAM Authorization Policies

We recently encountered an interesting requirement about taking decision within OAM Authorization policy based on the Risk-evaluation performed by OAAM during Authentication flow. Considering the interesting nature of the requirement / use-case, I thought to share details about the implementation approach through this blog post. All content listed on this page is the property of […]

Configuring OAM SSO for ATG BCC and Endeca XM

Introduction Single sign-on, or “SSO” as it’s commonly referred to, is an authentication method that allows a user access to multiple applications through a single, secure, point of entry. Rather than authenticate separately for each application, users authenticate once through a centralized service. The benefits of SSO to end users are obvious, but there are […]

Mass Reset Password -part2 – using OIM Apis

Introduction Back in November, I wrote a blog about Mass Rest Password using OID. As mentioned there, and expected for this month, Oracle is now providing the same password change feature, but now using Java OIM API. Main Article In this case, for develoment and test environments customers usually want something that they can control […]

Mass Reset Password-part1 OID

Introduction One of the great features that customers need to be aware of and it could be used, as post-process, on many different situations such as: P2T, T2P and clone is the ability to reset multiple passwords simultaneously. Imagine the customer is scaling out their environment because they need an additional UAT environment. This customer […]

Automated Policy Synchronization (APS) for OAM Cloned Environment

Introduction Since the introduction of MDC support in OAM 11g, Customers have been asking for Automated Synchronization between Master and Clone OAM Environments. It is supported in OAM R2PS2. Thanks to the development team! Before R2PS2, It required T2P process to keep all the data centers in synch which is manual process or customer had to […]

Social Federation with OAM Mobile & Social in Native iOS Applications

Introduction I’ve already posted an article about Social Federation with Mobile & Social (M&S) for web applications protected by Oracle Access Manager (OAM), showing users being authenticated against social network providers, like Google and Linkedin. My coworker Chris Johnson also blogged about using Mobile & Social in a native iOS application. In his post, user […]