Back in April I posted a shell script I wrote to implement a dead simple Certificate Authority for testing purposes. I recently revisited that script because I...
Back in April I posted a shell script I wrote to implement a dead simple Certificate Authority for testing purposes. I recently revisited that script because I needed JKS files in addition to the PEM format files it created. Without further ado my new and improved script is available right after the break. #!/bin/bash # a very simple cert authority # now with JKS support! # # Copyright 2011 Oracle # christopher.johnson@oracle.com # # License agreement: # ------------------ #...
Back in April I posted a shell script I wrote to implement a dead simple Certificate Authority for testing purposes. I recently revisited that script because I needed JKS files in addition to the PEM...
I’ve recently helped a customer who wanted to integrate a home-built SAML Identity Provider with a Weblogic Service Provider. After exchanging metadata and...
I’ve recently helped a customer who wanted to integrate a home-built SAML Identity Provider with a Weblogic Service Provider. After exchanging metadata and going through all the necessary configuration on both sides, they came across this error in Weblogic server logs: ####<Aug 15, 2011 4:55:19 PM EDT> <Debug> <SecurityAtn> <server.customer.com> <server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>>...
I’ve recently helped a customer who wanted to integrate a home-built SAML Identity Provider with a Weblogic Service Provider. After exchanging metadata and going through all the...
Introduction Wanted to share an experience I encountered recently configuring the OAM Console. This is specific to OAM 11.1.1.5(PS1). This post is part of a...
Introduction Wanted to share an experience I encountered recently configuring the OAM Console. This is specific to OAM 11.1.1.5(PS1). This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy located here. The Issue When you first install OAM 11g one of the first things a customer will do is to setup a new data store. But first let’s take a look at the default configuration. If you take a look at the ‘UserIdentityStore1’ data...
Introduction Wanted to share an experience I encountered recently configuring the OAM Console. This is specific to OAM 11.1.1.5(PS1). This post is part of a larger series on Oracle Access Manager 11g...
The idea of the User/Role API is to abstract developers from the identity store where users and groups are kept. A developer can basically interact with any...
The idea of the User/Role API is to abstract developers from the identity store where users and groups are kept. A developer can basically interact with any identity provider supported by Weblogic server using the same methods. The javadoc can be found here: http://download.oracle.com/docs/cd/E15523_01/apirefs.1111/e14658/toc.htm In this post I want to alert you about two caveats: 1) User/Role API is able to query data from only one provider. If you want to query multiple...
The idea of the User/Role API is to abstract developers from the identity store where users and groups are kept. A developer can basically interact with any identity provider supported by Weblogic...
Introduction Notifications are one of the multiple features that were improved in OIM 11g release. The previous limitation of sending text based emails...
Introduction Notifications are one of the multiple features that were improved in OIM 11g release. The previous limitation of sending text based emails (out-of-the-box emails) only is gone. Out-of-the-box templates for events like 'Reset Password', 'Create User Self Service', 'User Deleted' are available and custom templates can be defined and used to send notifications out of OIM. OIM provides a notification framework based on events, notification templates and template...
Introduction Notifications are one of the multiple features that were improved in OIM 11g release. The previous limitation of sending text based emails (out-of-the-box emails) only is...
Introduction Every time I talk to someone about Kerberos I need to take a few minutes to go through the concepts. This post is intended to just write down what...
Introduction Every time I talk to someone about Kerberos I need to take a few minutes to go through the concepts. This post is intended to just write down what I usually say and draw with a white board. Main Article If you want to know more about Kerberos there's a metric ton of info out there on the internet. I'll leave it to you to go read up. For those of you that are experts on Kerberos please note that I'm going to simplify some stuff and gloss over a few important...
Introduction Every time I talk to someone about Kerberos I need to take a few minutes to go through the concepts. This post is intended to just write down what I usually say and draw with a white...
Introduction In this post I discuss the available options to work with OWSM (Oracle Web Services Manager) policies in JDeveloper and Enterprise Manager. OWSM is...
Introduction In this post I discuss the available options to work with OWSM (Oracle Web Services Manager) policies in JDeveloper and Enterprise Manager. OWSM is a component available along with the Oracle SOA Suite and provides policy enforcement point (PEP) agents for SOAP-based messages. Typically, a service policy is attached to a service endpoint to enforce some pre-defined rules (like enforcing a SAML token, Kerberos token, message confidentiality, SSL, etc). And a...
Introduction In this post I discuss the available options to work with OWSM (Oracle Web Services Manager) policies in JDeveloper and Enterprise Manager. OWSM is a component available along with...
Introduction Customers often ask about how to give certain people limited access to Enterprise Manager, often they talk about ‘read only’ access. Enterprise...
Introduction Customers often ask about how to give certain people limited access to Enterprise Manager, often they talk about ‘read only’ access. Enterprise Manager does in fact have three roles defined out-of-the-box that provide various levels of access. You can see details of exactly what each can do in the documentation here. Setting up a new user and giving them one of these limited access roles is pretty easy. In this post, I review the steps for setting up...
Introduction Customers often ask about how to give certain people limited access to Enterprise Manager, often they talk about ‘read only’ access. Enterprise Manager does in fact have three roles...
Oracle Identity Manager (OIM) is the Provisioning Solution from Oracle. This page contains an index with references to all OIM related posts in the A-Team...
Oracle Identity Manager (OIM) is the Provisioning Solution from Oracle. This page contains an index with references to all OIM related posts in the A-Team Chronicles blog. The posts included herein are intended to provide OIM's customers and developers with technical information about best practices for implementing OIM based solutions. A wide variety of topics are covered including examples of OIM UI Customizations, Use Case Implementations, and the use of advanced features...
Oracle Identity Manager (OIM) is the Provisioning Solution from Oracle. This page contains an index with references to all OIM related posts in the A-Team Chronicles blog. The posts included herein...
