This is somewhat related to what Brian describes in WLS Session Cookie Overriding in an OAM/SSO Enabled Environment. Here, I want to quickly point one potential...
This is somewhat related to what Brian describes in WLS Session Cookie Overriding in an OAM/SSO Enabled Environment. Here, I want to quickly point one potential issue if you plan to implement Web SSO using Weblogic server as a SAML2.0 Service Provider (SP). When configuring a Weblogic server instance for SAML2.0 services, you have to fill in a property called “Published Site URL”. When this instance is an SP, this property tell the partner IdP (Identity Provider) where to...
This is somewhat related to what Brian describes in WLS Session Cookie Overriding in an OAM/SSO Enabled Environment. Here, I want to quickly point one potential issue if you plan to implement Web SSO...
Introduction This is Part Two of the article describing a potential implementation of Request Based LDAP Group Membership provisioning. Part One can be accessed...
Introduction This is Part Two of the article describing a potential implementation of Request Based LDAP Group Membership provisioning. Part One can be accessed here. Continuing with the implementation after disabling the default approval policies at the Request and Operation Levels, the next step is to configure OIM to enable the modification of a provisioned resource via a request. The datasets associated to the Create and Modify operations of the resource in questions (OID...
Introduction This is Part Two of the article describing a potential implementation of Request Based LDAP Group Membership provisioning. Part One can be accessed here. Continuing with the...
Introduction In recent days, I was assigned the task to implement a use case that I am sure many customers of Oracle have in mind but are not sure how to...
Introduction In recent days, I was assigned the task to implement a use case that I am sure many customers of Oracle have in mind but are not sure how to implement in OIM 11g. I even saw some thread inquiring about this very topic with no answer. Well, after some time I was able to put together an implementation of a Custom Approval process and a Custom UI based on ADF to request entitlements for users which in turn will be converted to Group memberships in OID (this also...
Introduction In recent days, I was assigned the task to implement a use case that I am sure many customers of Oracle have in mind but are not sure how to implement in OIM 11g. I even saw some...
Introduction In this post I want to introduce our readers to the Oracle Secure Token Service (OSTS) product, Oracle’s solution for providing standards-based...
Introduction In this post I want to introduce our readers to the Oracle Secure Token Service (OSTS) product, Oracle’s solution for providing standards-based mechanisms for trust brokerage across different identity domains. I won’t cover the gory details in this first post, but I expect to give you a good overview on what the product is, the typical usage scenarios and a basic understanding of its main concepts. OSTS facilitates secure communications between web services...
Introduction In this post I want to introduce our readers to the Oracle Secure Token Service (OSTS) product, Oracle’s solution for providing standards-based mechanisms for trust brokerage...
Another common question on the internal mailing list: Why do we need an OID authenticator when I have the OAM Asserter enabled? The user has already been...
Another common question on the internal mailing list: Why do we need an OID authenticator when I have the OAM Asserter enabled? The user has already been authenticated when the request gets to WebLogic. The short answer is that all an Identity Asserter does is says "the request is authenticated and the username is Chris". WebLogic then needs to know how to find "Chris" and to do that it needs an Authenticator. The longer answer is available on the net already... it's just a...
Another common question on the internal mailing list: Why do we need an OID authenticator when I have the OAM Asserter enabled? The user has already been authenticated when the request gets...
Introduction Since Fusion Middleware 11.1.1.4, OPSS (Oracle Platform Security Services) support 3 types of security stores: file, OID (Oracle Internet...
Introduction Since Fusion Middleware 11.1.1.4, OPSS (Oracle Platform Security Services) support 3 types of security stores: file, OID (Oracle Internet Directory) and Oracle database. When a Weblogic server domain is first created, OPSS is “associated” to a file-based security store by default, which is ok for development purposes. But for production, that is not recommended (Please check Multiple Nodes Servers Environments section in OPSS docs). That would be ok if your whole...
Introduction Since Fusion Middleware 11.1.1.4, OPSS (Oracle Platform Security Services) support 3 types of security stores: file, OID (Oracle Internet Directory) and Oracle database. When a Weblogic...
Introduction As any other enterprise application, OIM 11g provides localization features: it detects user's browser language configuration and presents the UI...
Introduction As any other enterprise application, OIM 11g provides localization features: it detects user's browser language configuration and presents the UI to the end user accordingly to the configured language. Customers can plug a lot of custom code and objects in OIM 11g in order to achieve their business requirements. While some customers don't care about localization, some of them do care, and this post gives tips on how to localize some pieces of OIM. It is important...
Introduction As any other enterprise application, OIM 11g provides localization features: it detects user's browser language configuration and presents the UI to the end user accordingly to the...
Introduction One of the main strengths of SAML is the ability to communicate identity information across security domains that do not necessarily share the same...
Introduction One of the main strengths of SAML is the ability to communicate identity information across security domains that do not necessarily share the same user base. In other words, the authenticated user in one security domain does not necessarily exist in the target security domain providing the service. Such concept is supported in all major Oracle products that consume SAML tokens: OIF, Weblogic Server and OWSM. The sole purpose of this post is to show how to...
Introduction One of the main strengths of SAML is the ability to communicate identity information across security domains that do not necessarily share the same user base. In other words,...
Introduction This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to...
Introduction This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available. I've been working on a post about plugging your own code into Oracle Access Manager (OAM) to "do" user authentication. Before I get to that post I thought it would be a good idea to explain all of stuff between when OAM collects a credential (for example a username and password...
Introduction This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts...
