Introduction I recently worked with a customer who needed to do some OAM session manipulation via custom code in order to implement a complex use case. While...
Introduction I recently worked with a customer who needed to do some OAM session manipulation via custom code in order to implement a complex use case. While the focus of this post is not to go into details about a specific implementation, I did want to share some advice on a very necessary building block needed to do "out of band" session manipulation: retrieving the OAM Session ID. What is the Session ID (used for)? OAM 11g supports the concept of a server-side session...
Introduction I recently worked with a customer who needed to do some OAM session manipulation via custom code in order to implement a complex use case. While the focus of this post is not to go...
Introduction This post is part of a series of posts about OAM's OAuth implementation. Other posts can be found here: Part I - explains the proposed architecture...
Introduction This post is part of a series of posts about OAM's OAuth implementation. Other posts can be found here: Part I - explains the proposed architecture and how to enable and configure OAM OAuth Services. Part II - describes a Business to Business use-case (2-legged flow); Part III - deals with the Customer to Business use-case (3-legged flow), when the client code is running in the application server; Part IV - describes the Customer to Business use-case (3-legged...
Introduction This post is part of a series of posts about OAM's OAuth implementation. Other posts can be found here: Part I - explains the proposed architecture and how to enable and configure OAM...
Introduction This post is part IV of a series of posts about OAM's OAuth implementation. Other posts can be found here: Part I - explains the proposed...
Introduction This post is part IV of a series of posts about OAM's OAuth implementation. Other posts can be found here: Part I - explains the proposed architecture and how to enable and configure OAM OAuth Services. Part II - describes a Business to Business use-case (2-legged flow); Part III - deals with the Customer to Business use-case (3-legged flow), when the client code is running in the application server; Part IV - describes the Customer to Business use-case...
Introduction This post is part IV of a series of posts about OAM's OAuth implementation. Other posts can be found here: Part I - explains the proposed architecture and how to enable and configure OAM...
Introduction Our teammate Jack Desai published an article last year about Fusion Application Roles Concept. It gives you a great overview about the design to...
Introduction Our teammate Jack Desai published an article last year about Fusion Application Roles Concept. It gives you a great overview about the design to grant access to certain functionalities to specific users. His article familiarizes you with the concepts of Abstract Roles, Duty Roles, Job Roles or Data Roles and how they are used in a Role Based Access (RBAC) model in Fusion Applications. Starting with the current Fusion Apps Release 10 further improvements in the...
Introduction Our teammate Jack Desai published an article last year about Fusion Application Roles Concept. It gives you a great overview about the design to grant access to certain functionalities to...
Introduction This post is part III of a serie of posts about OAM's OAuth implementation. Other posts can be found here: Part I - explains the proposed...
Introduction This post is part III of a serie of posts about OAM's OAuth implementation. Other posts can be found here: Part I - explains the proposed architecture and how to enable and configure OAM OAuth Services. Part II - describes a Business to Business use-case (2-legged flow); Part III - deals with the Customer to Business use-case (3-legged flow), when the client code is running in the application server; Part IV - describes the Customer to Business use-case...
Introduction This post is part III of a serie of posts about OAM's OAuth implementation. Other posts can be found here: Part I - explains the proposed architecture and how to enable and configure OAM...
Introduction This post is part II of a series of posts about OAM's OAuth implementation. Other posts can be found here: Part I - explains the proposed...
Introduction This post is part II of a series of posts about OAM's OAuth implementation. Other posts can be found here: Part I - explains the proposed architecture and how to enable and configure OAM OAuth Services. Part II - describes a Business to Business use-case (2-legged flow); Part III - deals with the Customer to Business use-case (3-legged flow), when the client code is running in the application server; Part IV - describes the Customer to Business use-case...
Introduction This post is part II of a series of posts about OAM's OAuth implementation. Other posts can be found here: Part I - explains the proposed architecture and how to enable and configure OAM...
Introduction This post will explain the basics of OAuth 2.0 and how it can be used to protect resources by implementing some of the most common OAuth use cases....
Introduction This post will explain the basics of OAuth 2.0 and how it can be used to protect resources by implementing some of the most common OAuth use cases. OAM provides out of the box OAuth Services, which allows a Client Application to access protected resources that belong to an end-user (that is, the Resource Owner). Before going further in this post, check out the OAuth2 specification, to understand the basic OAuth concepts, as it won’t be covered in this post. This...
Introduction This post will explain the basics of OAuth 2.0 and how it can be used to protect resources by implementing some of the most common OAuth use cases. OAM provides out of the box...
In a previous post I gave steps for performing a loopback test with SAML. This is where we configure OAM Federation to talk to itself, to act as both IdP and...
In a previous post I gave steps for performing a loopback test with SAML. This is where we configure OAM Federation to talk to itself, to act as both IdP and SP. This is useful in development and test environments to confirm OAM Federation is working without requiring an external server to talk to at the other end. So in this post, I want to do the same for WS-Federation (WS-Fed). SAML vs WS-Fed Support for WS-Federation (WS-Fed), and specifically the WS-Fed Passive Requestor...
In a previous post I gave steps for performing a loopback test with SAML. This is where we configure OAM Federation to talk to itself, to act as both IdP and SP. This is useful in development and...
SAML is an extensible protocol. Since it is based on XML, through the use of XML namespaces, custom elements and attributes can be inserted into the SAML...
SAML is an extensible protocol. Since it is based on XML, through the use of XML namespaces, custom elements and attributes can be inserted into the SAML messages at the appropriate places. Sometimes third party or custom SAML implementations will require particular custom elements or attributes to function. In this example, we will suppose an IdP requires a custom <CompanyInfo> element included in the SAML extensions to provide the name of the company issuing the SAML...
SAML is an extensible protocol. Since it is based on XML, through the use of XML namespaces, custom elements and attributes can be inserted into the SAML messages at the appropriate places. Sometimes...
