Another common question on the internal mailing list: Why do we need an OID authenticator when I have the OAM Asserter enabled? The user has already been...
Another common question on the internal mailing list: Why do we need an OID authenticator when I have the OAM Asserter enabled? The user has already been authenticated when the request gets to WebLogic. The short answer is that all an Identity Asserter does is says "the request is authenticated and the username is Chris". WebLogic then needs to know how to find "Chris" and to do that it needs an Authenticator. The longer answer is available on the net already... it's just a...
Another common question on the internal mailing list: Why do we need an OID authenticator when I have the OAM Asserter enabled? The user has already been authenticated when the request gets...
Introduction Since Fusion Middleware 11.1.1.4, OPSS (Oracle Platform Security Services) support 3 types of security stores: file, OID (Oracle Internet...
Introduction Since Fusion Middleware 11.1.1.4, OPSS (Oracle Platform Security Services) support 3 types of security stores: file, OID (Oracle Internet Directory) and Oracle database. When a Weblogic server domain is first created, OPSS is “associated” to a file-based security store by default, which is ok for development purposes. But for production, that is not recommended (Please check Multiple Nodes Servers Environments section in OPSS docs). That would be ok if your whole...
Introduction Since Fusion Middleware 11.1.1.4, OPSS (Oracle Platform Security Services) support 3 types of security stores: file, OID (Oracle Internet Directory) and Oracle database. When a Weblogic...
Introduction As any other enterprise application, OIM 11g provides localization features: it detects user's browser language configuration and presents the UI...
Introduction As any other enterprise application, OIM 11g provides localization features: it detects user's browser language configuration and presents the UI to the end user accordingly to the configured language. Customers can plug a lot of custom code and objects in OIM 11g in order to achieve their business requirements. While some customers don't care about localization, some of them do care, and this post gives tips on how to localize some pieces of OIM. It is important...
Introduction As any other enterprise application, OIM 11g provides localization features: it detects user's browser language configuration and presents the UI to the end user accordingly to the...
Introduction One of the main strengths of SAML is the ability to communicate identity information across security domains that do not necessarily share the same...
Introduction One of the main strengths of SAML is the ability to communicate identity information across security domains that do not necessarily share the same user base. In other words, the authenticated user in one security domain does not necessarily exist in the target security domain providing the service. Such concept is supported in all major Oracle products that consume SAML tokens: OIF, Weblogic Server and OWSM. The sole purpose of this post is to show how to...
Introduction One of the main strengths of SAML is the ability to communicate identity information across security domains that do not necessarily share the same user base. In other words,...
Introduction This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to...
Introduction This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available. I've been working on a post about plugging your own code into Oracle Access Manager (OAM) to "do" user authentication. Before I get to that post I thought it would be a good idea to explain all of stuff between when OAM collects a credential (for example a username and password...
Introduction This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts...
Introduction Sometimes you need an LDAP directory for testing but don't need a heavy duty directory like OID, DSEE or OUD. In those cases OpenLDAP suits your...
Introduction Sometimes you need an LDAP directory for testing but don't need a heavy duty directory like OID, DSEE or OUD. In those cases OpenLDAP suits your needs and it's a quick and easy install. Main Article Last night someone pinged me and asked for help doing just that. I set it up, took some notes and thought I'd share them here. [root@dogwoodvm ~]# yum install openldap-servers Loaded plugins: rhnplugin, security<br />This system is not registered with ULN. ULN support...
Introduction Sometimes you need an LDAP directory for testing but don't need a heavy duty directory like OID, DSEE or OUD. In those cases OpenLDAP suits your needs and it's a quick and easy...
This post shows an example of a post process event handler in OIM. The example is simple and it shows how the user profile can be updated from the event handler...
This post shows an example of a post process event handler in OIM. The example is simple and it shows how the user profile can be updated from the event handler based on the information that is provided by OIM to the event handler. Use case description: a UDF is created in the user profile and it will hold the user's 'Director'. To simplify the use case, the 'Director' will be the 'manager's manager'. In other words, the UDF will be populated with the information from two...
This post shows an example of a post process event handler in OIM. The example is simple and it shows how the user profile can be updated from the event handler based on the information that...
This short post follows up Couple of things you need to know about the User/Role API. Now imagine that your LDAP identity provider is SSL enabled in 1-way mode...
This short post follows up Couple of things you need to know about the User/Role API. Now imagine that your LDAP identity provider is SSL enabled in 1-way mode (the server authenticates to the client, but the client does not authenticate to the server). Now you need to tell Weblogic server how to validate the LDAP server certificate. And this is accomplished by adding the LDAP server CA certificate to the configured Weblogic trust store. If we’re talking about a self-signed...
This short post follows up Couple of things you need to know about the User/Role API. Now imagine that your LDAP identity provider is SSL enabled in 1-way mode (the server authenticates to the...
Introduction Most of the technical people I work with know what SAML is and how it works and how the federation protocols for SAML work (SP initiated, IdP...
Introduction Most of the technical people I work with know what SAML is and how it works and how the federation protocols for SAML work (SP initiated, IdP initiated, Browser Artifact, Browser POST). OpenID is much less well known. Main Article So here's what you need to know about OpenID in five minutes or less. In OpenID there are three parties: The user and their browser. The Relying Party (sometimes abbreviated to RP) is the web site that's asking the user to authenticate....
Introduction Most of the technical people I work with know what SAML is and how it works and how the federation protocols for SAML work (SP initiated, IdP initiated, Browser Artifact, Browser...
