Introduction As any other enterprise application, OIM 11g provides localization features: it detects user's browser language configuration and presents the UI...
Introduction As any other enterprise application, OIM 11g provides localization features: it detects user's browser language configuration and presents the UI to the end user accordingly to the configured language. Customers can plug a lot of custom code and objects in OIM 11g in order to achieve their business requirements. While some customers don't care about localization, some of them do care, and this post gives tips on how to localize some pieces of OIM. It is important...
Introduction As any other enterprise application, OIM 11g provides localization features: it detects user's browser language configuration and presents the UI to the end user accordingly to the...
Introduction One of the main strengths of SAML is the ability to communicate identity information across security domains that do not necessarily share the same...
Introduction One of the main strengths of SAML is the ability to communicate identity information across security domains that do not necessarily share the same user base. In other words, the authenticated user in one security domain does not necessarily exist in the target security domain providing the service. Such concept is supported in all major Oracle products that consume SAML tokens: OIF, Weblogic Server and OWSM. The sole purpose of this post is to show how to...
Introduction One of the main strengths of SAML is the ability to communicate identity information across security domains that do not necessarily share the same user base. In other words,...
Introduction This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to...
Introduction This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available. I've been working on a post about plugging your own code into Oracle Access Manager (OAM) to "do" user authentication. Before I get to that post I thought it would be a good idea to explain all of stuff between when OAM collects a credential (for example a username and password...
Introduction This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts...
Introduction Sometimes you need an LDAP directory for testing but don't need a heavy duty directory like OID, DSEE or OUD. In those cases OpenLDAP suits your...
Introduction Sometimes you need an LDAP directory for testing but don't need a heavy duty directory like OID, DSEE or OUD. In those cases OpenLDAP suits your needs and it's a quick and easy install. Main Article Last night someone pinged me and asked for help doing just that. I set it up, took some notes and thought I'd share them here. [root@dogwoodvm ~]# yum install openldap-servers Loaded plugins: rhnplugin, security<br />This system is not registered with ULN. ULN support...
Introduction Sometimes you need an LDAP directory for testing but don't need a heavy duty directory like OID, DSEE or OUD. In those cases OpenLDAP suits your needs and it's a quick and easy...
This post shows an example of a post process event handler in OIM. The example is simple and it shows how the user profile can be updated from the event handler...
This post shows an example of a post process event handler in OIM. The example is simple and it shows how the user profile can be updated from the event handler based on the information that is provided by OIM to the event handler. Use case description: a UDF is created in the user profile and it will hold the user's 'Director'. To simplify the use case, the 'Director' will be the 'manager's manager'. In other words, the UDF will be populated with the information from two...
This post shows an example of a post process event handler in OIM. The example is simple and it shows how the user profile can be updated from the event handler based on the information that...
This short post follows up Couple of things you need to know about the User/Role API. Now imagine that your LDAP identity provider is SSL enabled in 1-way mode...
This short post follows up Couple of things you need to know about the User/Role API. Now imagine that your LDAP identity provider is SSL enabled in 1-way mode (the server authenticates to the client, but the client does not authenticate to the server). Now you need to tell Weblogic server how to validate the LDAP server certificate. And this is accomplished by adding the LDAP server CA certificate to the configured Weblogic trust store. If we’re talking about a self-signed...
This short post follows up Couple of things you need to know about the User/Role API. Now imagine that your LDAP identity provider is SSL enabled in 1-way mode (the server authenticates to the...
Introduction Most of the technical people I work with know what SAML is and how it works and how the federation protocols for SAML work (SP initiated, IdP...
Introduction Most of the technical people I work with know what SAML is and how it works and how the federation protocols for SAML work (SP initiated, IdP initiated, Browser Artifact, Browser POST). OpenID is much less well known. Main Article So here's what you need to know about OpenID in five minutes or less. In OpenID there are three parties: The user and their browser. The Relying Party (sometimes abbreviated to RP) is the web site that's asking the user to authenticate....
Introduction Most of the technical people I work with know what SAML is and how it works and how the federation protocols for SAML work (SP initiated, IdP initiated, Browser Artifact, Browser...
Introduction While working on today's research project I also needed to test with curl. Sadly in my environment curl was built with NSS support which caused me...
Introduction While working on today's research project I also needed to test with curl. Sadly in my environment curl was built with NSS support which caused me some grief. I had never used NSS-enabled apps before and didn't know how to deal with their certificate and private key database. I do now. I installed the NSS command line tools via yum ("yum install nss-tools"). Main Article This is how I created the certificate database and imported the CA's certificate, marking it...
Introduction While working on today's research project I also needed to test with curl. Sadly in my environment curl was built with NSS support which caused me some grief. I had never used NSS-enabled...
Today's adventure was a question about limiting SSL connections. The customer's problem statement was along the lines of I want to make SSL connections, using...
Today's adventure was a question about limiting SSL connections. The customer's problem statement was along the lines of I want to make SSL connections, using client certificate auth (i.e. two-way ssl) and have the server accept only one certificate. Can I put the one cert I want in the "trusted CA list" to do that? I thought the answer was "no, that's not how you do that" but I wasn't 100% sure so off I went on a research project... I checked the relevant RFC (2246 for TLS)...
Today's adventure was a question about limiting SSL connections. The customer's problem statement was along the lines of I want to make SSL connections, using client certificate auth (i.e....
