Introduction There are several types of administrative passwords that can be changed periodically based upon an organizations security requirements and standard...
Introduction There are several types of administrative passwords that can be changed periodically based upon an organizations security requirements and standard operating procedures. The scope of this document is to reflect how password changes in external components such as databases, Identity Management Systems (IDMs), etc., impacts the Fusion Applications tier and how to reconfigure them. This document covers critical password changes such as Fusion Applications...
Introduction There are several types of administrative passwords that can be changed periodically based upon an organizations security requirements and standard operating procedures. The scope of this...
I’ve written this short post as just a note to myself quite some time back. Since I had to rely on it quite a couple of times, I thought it would be worth...
I’ve written this short post as just a note to myself quite some time back. Since I had to rely on it quite a couple of times, I thought it would be worth sharing it with our readers. It may be too basic to some people, but I am sure others out there had, are having or will have issues when running searches with LDAP filters against OID (Oracle Internet Directory), especially if those filters refer to custom attributes. The information presented here is certainly available in...
I’ve written this short post as just a note to myself quite some time back. Since I had to rely on it quite a couple of times, I thought it would be worth sharing it with our readers. It may be too...
I’d better do it now, otherwise I will forget the details. Quite some people think that all an IdP-initiated flow requires is the target application URL in the...
I’d better do it now, otherwise I will forget the details. Quite some people think that all an IdP-initiated flow requires is the target application URL in the consumer side. This is actually nothing more than a SP-initiated flow. In this way, you’ll hit the Service Provider with no SAML Assertion, will be redirected back to the IdP for the SAML assertion and then sent back to the Service Provider. An IdP-initiated flow actually first needs to get a hold of a SAML assertion...
I’d better do it now, otherwise I will forget the details. Quite some people think that all an IdP-initiated flow requires is the target application URL in the consumer side. This is actually nothing...
Introduction SAML is a way to convey identity information across systems. It is an industry-accepted standard and especially interesting when you need to...
Introduction SAML is a way to convey identity information across systems. It is an industry-accepted standard and especially interesting when you need to propagate user information between different security domains, because it can overcome the HTTP cookie limitations in cross-domain scenarios (although there are ways to solve that with OAM today) and implement the concept of transient federation (also known as virtual users), where the user base is not shared between...
Introduction SAML is a way to convey identity information across systems. It is an industry-accepted standard and especially interesting when you need to propagate user information between different...
Last year I wrote an article on OAM and ADF Applications with Anonymous access. This week I did some work with another A-Team guy building on that previous...
Last year I wrote an article on OAM and ADF Applications with Anonymous access. This week I did some work with another A-Team guy building on that previous work. The new requirement was that the customer wanted two different portions of the app to be protected by different login pages. In other words a user would start on an unprotected page and then choose to go to "A" or "B". If you click on "A" you see one login page and then (after logging in) you see page A. If you click...
Last year I wrote an article on OAM and ADF Applications with Anonymous access. This week I did some work with another A-Team guy building on that previous work. The new requirement was that...
Introduction Over a year ago I wrote a couple important posts about the domain architectures used in Oracle Identity Management deployments. You can find these...
Introduction Over a year ago I wrote a couple important posts about the domain architectures used in Oracle Identity Management deployments. You can find these posts here and here. These posts have been very popular. I’ve received lots of positive feedback on them but also a fair number of questions. So, I thought that it would be worth revisiting the topic now. Main Article Let’s Review My First Post So, the central premise of my first post was that it is a good idea to...
Introduction Over a year ago I wrote a couple important posts about the domain architectures used in Oracle Identity Management deployments. You can find these posts here and here. These posts have...
Introduction Here is a post that integrates OAM 11g with IPM. This integration is implemented on top of the OAM/UCM integration I did back in December. Main...
Introduction Here is a post that integrates OAM 11g with IPM. This integration is implemented on top of the OAM/UCM integration I did back in December. Main Article Prerequisites Install, configure and integrate UCM with OAM. Click here for the post I did for OAM/UCM. Install and configure IPM with the same OHS proxy used to proxy the UCM application. High Level Steps/Checklist Configure an OHS server to proxy all request to IPM (/imaging). Register a webgate with the...
Introduction Here is a post that integrates OAM 11g with IPM. This integration is implemented on top of the OAM/UCM integration I did back in December. Main Article Prerequisites Install,...
Introduction GTC based connector is one of the most used approaches for reconciling data into OIM, specially through the use of flat files. A common issue is...
Introduction GTC based connector is one of the most used approaches for reconciling data into OIM, specially through the use of flat files. A common issue is that some customers do not allow direct communication between OIM and the HR system (for different reasons like outsourced HR system, security constraints and others), hence a flat file is made available to OIM so that it reconcile users. Very often, there is a need to manipulate the data to be reconciled in OIM through...
Introduction GTC based connector is one of the most used approaches for reconciling data into OIM, specially through the use of flat files. A common issue is that some customers do not allow...
In a previous post I talked a little about protecting only a part of an application with OAM. I included this bit of text describing the use case: But what if...
In a previous post I talked a little about protecting only a part of an application with OAM. I included this bit of text describing the use case: But what if you want to let users access part of the app anonymously, but require them to log in to access some of the apps features? I don't know what anyone else calls this sort of flow, but I call it the shopping cart model (browse around tossing stuff in your card, then sign in to check out). That post talked about how to...
In a previous post I talked a little about protecting only a part of an application with OAM. I included this bit of text describing the use case: But what if you want to let users access part of...
