I’d better do it now, otherwise I will forget the details. Quite some people think that all an IdP-initiated flow requires is the target application URL in the...
I’d better do it now, otherwise I will forget the details. Quite some people think that all an IdP-initiated flow requires is the target application URL in the consumer side. This is actually nothing more than a SP-initiated flow. In this way, you’ll hit the Service Provider with no SAML Assertion, will be redirected back to the IdP for the SAML assertion and then sent back to the Service Provider. An IdP-initiated flow actually first needs to get a hold of a SAML assertion...
I’d better do it now, otherwise I will forget the details. Quite some people think that all an IdP-initiated flow requires is the target application URL in the consumer side. This is actually nothing...
Introduction SAML is a way to convey identity information across systems. It is an industry-accepted standard and especially interesting when you need to...
Introduction SAML is a way to convey identity information across systems. It is an industry-accepted standard and especially interesting when you need to propagate user information between different security domains, because it can overcome the HTTP cookie limitations in cross-domain scenarios (although there are ways to solve that with OAM today) and implement the concept of transient federation (also known as virtual users), where the user base is not shared between...
Introduction SAML is a way to convey identity information across systems. It is an industry-accepted standard and especially interesting when you need to propagate user information between different...
Last year I wrote an article on OAM and ADF Applications with Anonymous access. This week I did some work with another A-Team guy building on that previous...
Last year I wrote an article on OAM and ADF Applications with Anonymous access. This week I did some work with another A-Team guy building on that previous work. The new requirement was that the customer wanted two different portions of the app to be protected by different login pages. In other words a user would start on an unprotected page and then choose to go to "A" or "B". If you click on "A" you see one login page and then (after logging in) you see page A. If you click...
Last year I wrote an article on OAM and ADF Applications with Anonymous access. This week I did some work with another A-Team guy building on that previous work. The new requirement was that...
Introduction Over a year ago I wrote a couple important posts about the domain architectures used in Oracle Identity Management deployments. You can find these...
Introduction Over a year ago I wrote a couple important posts about the domain architectures used in Oracle Identity Management deployments. You can find these posts here and here. These posts have been very popular. I’ve received lots of positive feedback on them but also a fair number of questions. So, I thought that it would be worth revisiting the topic now. Main Article Let’s Review My First Post So, the central premise of my first post was that it is a good idea to...
Introduction Over a year ago I wrote a couple important posts about the domain architectures used in Oracle Identity Management deployments. You can find these posts here and here. These posts have...
Introduction Here is a post that integrates OAM 11g with IPM. This integration is implemented on top of the OAM/UCM integration I did back in December. Main...
Introduction Here is a post that integrates OAM 11g with IPM. This integration is implemented on top of the OAM/UCM integration I did back in December. Main Article Prerequisites Install, configure and integrate UCM with OAM. Click here for the post I did for OAM/UCM. Install and configure IPM with the same OHS proxy used to proxy the UCM application. High Level Steps/Checklist Configure an OHS server to proxy all request to IPM (/imaging). Register a webgate with the...
Introduction Here is a post that integrates OAM 11g with IPM. This integration is implemented on top of the OAM/UCM integration I did back in December. Main Article Prerequisites Install,...
Introduction GTC based connector is one of the most used approaches for reconciling data into OIM, specially through the use of flat files. A common issue is...
Introduction GTC based connector is one of the most used approaches for reconciling data into OIM, specially through the use of flat files. A common issue is that some customers do not allow direct communication between OIM and the HR system (for different reasons like outsourced HR system, security constraints and others), hence a flat file is made available to OIM so that it reconcile users. Very often, there is a need to manipulate the data to be reconciled in OIM through...
Introduction GTC based connector is one of the most used approaches for reconciling data into OIM, specially through the use of flat files. A common issue is that some customers do not allow...
In a previous post I talked a little about protecting only a part of an application with OAM. I included this bit of text describing the use case: But what if...
In a previous post I talked a little about protecting only a part of an application with OAM. I included this bit of text describing the use case: But what if you want to let users access part of the app anonymously, but require them to log in to access some of the apps features? I don't know what anyone else calls this sort of flow, but I call it the shopping cart model (browse around tossing stuff in your card, then sign in to check out). That post talked about how to...
In a previous post I talked a little about protecting only a part of an application with OAM. I included this bit of text describing the use case: But what if you want to let users access part of...
Introduction In this post I walk you through how to validate an Oracle Identity Management build out containing OID, OVD, OIM, and OAM. This post was motivated...
Introduction In this post I walk you through how to validate an Oracle Identity Management build out containing OID, OVD, OIM, and OAM. This post was motivated by work I have done with Fusion Apps. It is important to validate the IDM build out for Fusion Apps before you move on to the provisioning of Fusion Apps itself. Problems detected during the IDM build out are much easier to diagnose and fix than problems detected during FA provisioning, FA functional setup or FA...
Introduction In this post I walk you through how to validate an Oracle Identity Management build out containing OID, OVD, OIM, and OAM. This post was motivated by work I have done with Fusion Apps. It...
On the internal mailing lists there's often a question that goes something like: I want to deploy OAM like this: Is this supported? The answer is "If you really...
On the internal mailing lists there's often a question that goes something like: I want to deploy OAM like this: Is this supported? The answer is "If you really want to do that then yes. But you probably shouldn't do it that way." Read on for why. The first thing to think about is how you are going to deploy OAM "for real". Consider a company like Oracle who uses OAM to protect basically everything. If you go to http://support.oracle.com/ to open or look at a support case, or...
On the internal mailing lists there's often a question that goes something like: I want to deploy OAM like this: Is this supported? The answer is "If you really want to do that then yes. But...
