Introduction When it comes to defining a strategy for web API security, OAG (Oracle API Gateway) and OES (Oracle Entitlements Server) together present a very...
Introduction When it comes to defining a strategy for web API security, OAG (Oracle API Gateway) and OES (Oracle Entitlements Server) together present a very interesting choice and are a very powerful combination indeed. In this post we're going to take a look at what each component brings in (the skin) and then get our hands on actually describing the integration in detail (the guts). OAG is designed to inspect and act on various types of messages that are delivered to it or...
Introduction When it comes to defining a strategy for web API security, OAG (Oracle API Gateway) and OES (Oracle Entitlements Server) together present a very interesting choice and are a very powerful...
I recently worked with a customer to help them resolve some issues they were having with configuring client certificate authentication (2-way SSL) for an Http...
I recently worked with a customer to help them resolve some issues they were having with configuring client certificate authentication (2-way SSL) for an Http Business Service in Oracle Service Bus (OSB). This blog is to discuss a common issue encountered and how to fix it. The customer's use case was to invoke a service provided by an external provider that required 2-way SSL. The provider issued a client certificate to the customer to be used as its client credentials...
I recently worked with a customer to help them resolve some issues they were having with configuring client certificate authentication (2-way SSL) for an Http Business Service in Oracle Service...
Introduction This post describes the necessary configuration for propagating an end user identity from OAG (Oracle API Gateway) to REST APIs protected by OWSM...
Introduction This post describes the necessary configuration for propagating an end user identity from OAG (Oracle API Gateway) to REST APIs protected by OWSM (Oracle Web Services Manager). The requirements are: 1) Have a Java Subject established in the REST API implementation. 2) Prevent direct access to the REST API, i.e., only OAG should be able to successfully invoke it. A recurrent question is how OWSM protects REST APIs and which types of tokens it supports when doing...
Introduction This post describes the necessary configuration for propagating an end user identity from OAG (Oracle API Gateway) to REST APIs protected by OWSM (Oracle Web Services Manager)....
I have been asked several times over the years if there is a way to customize the following error message a User is presented in their Internet browser when the...
I have been asked several times over the years if there is a way to customize the following error message a User is presented in their Internet browser when the WebGate fails to contact any of the Access Servers. Oracle Access Manager Operation Error The WebGate plug-in is unable to contact any Access Servers. Contact your website administrator to remedy this problem. Though this error is without a doubt accurate, many clients would rather display something a little more...
I have been asked several times over the years if there is a way to customize the following error message a User is presented in their Internet browser when the WebGate fails to contact any of...
Introduction With the recent IDM 11gR2PS2 release Oracle has developed a new deployment tool that aims to automate and reduce the time required to install and...
Introduction With the recent IDM 11gR2PS2 release Oracle has developed a new deployment tool that aims to automate and reduce the time required to install and configure Oracle Identity and Access Management Components. In this post we are going to present the benefits, supported topologies and components and key points to keep in mind to conduct a successful IDM deployment. Architecture and Components Currently the Deployment Wizard Supports two types of topologies: Single...
Introduction With the recent IDM 11gR2PS2 release Oracle has developed a new deployment tool that aims to automate and reduce the time required to install and configure Oracle Identity and Access...
Oracle Metadata Services (MDS) is an XML configuration store used by Oracle Identity Manager (OIM), as well as several other Oracle Middleware products. OIM...
Oracle Metadata Services (MDS) is an XML configuration store used by Oracle Identity Manager (OIM), as well as several other Oracle Middleware products. OIM first adopted MDS with the release of 11gR1. Prior to MDS, many Oracle Middleware products used files on the filesystem as configuration stores, in various formats (XML, Java properties files, etc.). One of the purposes of MDS to create a standard configuration store across the Middleware stack. Not all configuration in...
Oracle Metadata Services (MDS) is an XML configuration store used by Oracle Identity Manager (OIM), as well as several other Oracle Middleware products. OIM first adopted MDS with the release...
Oracle Identity Manager 11g incorporates several clustering technologies in order to ensure high-availability across its different components. Several of these...
Oracle Identity Manager 11g incorporates several clustering technologies in order to ensure high-availability across its different components. Several of these technologies use multicast to discover other cluster nodes on the same subnet. For testing and development purposes, it is common to have multiple distinct OIM environments co-existing on the same subnet. In that scenario, it is essential that the distinct environments utilise separate multicast addresses, so that they...
Oracle Identity Manager 11g incorporates several clustering technologies in order to ensure high-availability across its different components. Several of these technologies use multicast to discover...
Introduction Every WebLogic Server installation comes with SSL support. But for some reason many installations get this interesting error message at startup:...
Introduction Every WebLogic Server installation comes with SSL support. But for some reason many installations get this interesting error message at startup: Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the...
Introduction Every WebLogic Server installation comes with SSL support. But for some reason many installations get this interesting error message at startup: Ignoring the trusted CA certificate...
Introduction In “Part 1: How To Load Test OAM11g using Apache JMeter” I talked about an example plan that could be used to load test OAM11g, which included some...
Introduction In “Part 1: How To Load Test OAM11g using Apache JMeter” I talked about an example plan that could be used to load test OAM11g, which included some common configuration elements, some samplers for login, authorization, logout, and some listeners that provided result analysis. In Part 2, I wanted to expand on an option to make JMeter send random logins and I will explain why, and then cover how to leverage JMeter to load test an LDAP server like OUD, OID, ODSE,...
Introduction In “Part 1: How To Load Test OAM11g using Apache JMeter” I talked about an example plan that could be used to load test OAM11g, which included some common configuration elements, some...
