INTRODUCTION This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to...
INTRODUCTION This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available. I recently was working on one of my virtual environments that had three servers, which included OAM 11gR2PS2, though this could happen with pretty much any version of OAM. It started with my browser requesting a protected resource, and I was presented with the login page as...
INTRODUCTION This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts...
Introduction Recently while working with a customer to help with an upgrade from OIM 11gR1 to 11gR2PS2, one interesting request came up regarding OIM GUI...
Introduction Recently while working with a customer to help with an upgrade from OIM 11gR1 to 11gR2PS2, one interesting request came up regarding OIM GUI customization. The requirement was to expose some User System Attributes that in R1 were directly available in the GUI customization data but in R2 are not exposed in the GUI Customization options. There is a way in R2 to easily expose the data using a custom Managed Bean along with some GUI tweaks. The process for...
Introduction Recently while working with a customer to help with an upgrade from OIM 11gR1 to 11gR2PS2, one interesting request came up regarding OIM GUI customization. The requirement was to expose...
Does your environment have demanding performance requirements? High volume, customer-facing applications such as eCommerce or Internet banking, with business...
Does your environment have demanding performance requirements? High volume, customer-facing applications such as eCommerce or Internet banking, with business critical requirements for low response time? Then having last login tracking enabled in OID (orclpwdtracklogin=1 in your password policy) can have a substantial performance cost. It converts every login, every bind/compare against an OID entry, into a modify of that OID entry to update the last login time attribute....
Does your environment have demanding performance requirements? High volume, customer-facing applications such as eCommerce or Internet banking, with business critical requirements for low response...
Introduction This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to...
Introduction This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available. The Detached Credential Collector (DCC) feature was introduced with the release of OAM 11gR2 --- 11.1.2.0.0. DCC brought some very interesting changes in the authentication model that in my opinion are very welcome; more on that later. There is already Oracle documentation...
Introduction This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts...
Introduction Sometimes, using OSB, it may be necessary to attach credentials, such as username and password, on an outbound SOAP request to a remote server for...
Introduction Sometimes, using OSB, it may be necessary to attach credentials, such as username and password, on an outbound SOAP request to a remote server for authentication. While the OWSM policy store available with WebLogic Server provides policies that can inject username and password (e.g. “oracle/wss_username_token_over_ssl_client_policy”), OSB causes OWSM policies to be enforced on the outbound request message as well as the inbound response. This article will...
Introduction Sometimes, using OSB, it may be necessary to attach credentials, such as username and password, on an outbound SOAP request to a remote server for authentication. While the OWSM policy...
INTRODUCTION This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links...
INTRODUCTION This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available. Logging is extremely helpful when trying to troubleshoot issues and normally when you see instructions to log in OAM 11g there is documentation on using WLST commands with several steps or Enterprise Manager that can be used to set various log levels, but in both cases this...
INTRODUCTION This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is...
Introduction Oracle Fusion Applications (FA) uses Oracle Identity Management (IDM) capabilities to implement the “change password” and “forgot password”...
Introduction Oracle Fusion Applications (FA) uses Oracle Identity Management (IDM) capabilities to implement the “change password” and “forgot password” functions. These functions, in turn, are enabled using capabilities provided by Oracle Access Management (OAM) and Oracle Identity Management (OIM). Frequently, in development and test environments, for the sake of convenience, the change password and forgot password functions are seen as redundant due to the non-production...
Introduction Oracle Fusion Applications (FA) uses Oracle Identity Management (IDM) capabilities to implement the “change password” and “forgot password” functions. These functions, in turn,...
Introduction Doing a default database installation will install a feature that all passwords will expire after 180 days. Not being aware of that can cause...
Introduction Doing a default database installation will install a feature that all passwords will expire after 180 days. Not being aware of that can cause problems in applications as they cannot connect to the database after that time period. Especially if you are working in test or development environment you will mostly not care about security concerns. That will mean that there is no real need that passwords should expire automatically. The purpose of this post is to show...
Introduction Doing a default database installation will install a feature that all passwords will expire after 180 days. Not being aware of that can cause problems in applications as they...
Introduction Fusion Applications Security is designed based on Role-Based Access Control (RBAC). It is an approach to restricting access to authorized users....
Introduction Fusion Applications Security is designed based on Role-Based Access Control (RBAC). It is an approach to restricting access to authorized users. In general, RBAC is defined based on the primary rules as per this wiki page. RBAC normalizes access to functions and data through user roles rather than only users. User access is based on the definition of the roles provisioned to the user. RBAC secures access in a "Who can do what on which functions or sets of data...
Introduction Fusion Applications Security is designed based on Role-Based Access Control (RBAC). It is an approach to restricting access to authorized users. In general, RBAC is defined based on the...
