Introduction In order to have the ability to audit at all layers of your multi-tier architecture, it is important to have a Subject’s identity tied to all...
Introduction In order to have the ability to audit at all layers of your multi-tier architecture, it is important to have a Subject’s identity tied to all transactions. Many apps leverage JDBC connection pooling however, so a Subject’s identity is lost at the data layer, as everything appears to be coming from the system user configured in the connection pool. What isn’t well known is that the ability to propagate identity from an app container to the data tier is available...
Introduction In order to have the ability to audit at all layers of your multi-tier architecture, it is important to have a Subject’s identity tied to all transactions. Many apps leverage...
Introduction This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to...
Introduction This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available. In the last post here we pointed to Olaf's blog on integrating your ADF app with OAM. That post covers taking an ADF app that was protected with Forms auth and switching it over to be protected in its entirety by OAM. In other words to access any part of the app you have to log...
Introduction This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts...
Introduction Connecting to an LDAP ID store in OAM 11g over SSL (LDAPS) is a common scenario that many customers may need to implement. Unfortunately the...
Introduction Connecting to an LDAP ID store in OAM 11g over SSL (LDAPS) is a common scenario that many customers may need to implement. Unfortunately the documentation on this subject is scant and can be misleading. So as part of the OAM 11g Academy series, I'd like to discuss this commom scenario. To view the first post on the OAM 11g policy model, as well as the index to the entire OAM 11g Academy series, click here. The Issue The documentation to manage data sources can be...
Introduction Connecting to an LDAP ID store in OAM 11g over SSL (LDAPS) is a common scenario that many customers may need to implement. Unfortunately the documentation on this subject is scant and can...
Introduction I've been doing a LOT of writing recently. Unfortunately, or perhaps fortunately depending on how you feel about my writing, it's all been by email...
Introduction I've been doing a LOT of writing recently. Unfortunately, or perhaps fortunately depending on how you feel about my writing, it's all been by email to folks inside Oracle and directly with customers. One thing I wrote that is probably interesting for readers of this blog was an answer to a customer's questions about the crypto acceleration capabilities of the Sparc processor. This is a slight rewrite of that doc... The crypto acceleration of Sparc and Solaris...
Introduction I've been doing a LOT of writing recently. Unfortunately, or perhaps fortunately depending on how you feel about my writing, it's all been by email to folks inside Oracle and directly...
Introduction Hi everyone, this is my first posting so I wanted to first introduce myself. My name is Vinay Kalra and I'm also part of the A-team at Oracle. I...
Introduction Hi everyone, this is my first posting so I wanted to first introduce myself. My name is Vinay Kalra and I'm also part of the A-team at Oracle. I came to Oracle in 2005 as part of the Oblix acquisition that brought with it Oracle Access Manager (OAM).From Brian: Welcome Vinay! I'm adding this post to the OAM 11g Academy Series. To view the first post in the series which will be updated throughout to contain links to the entire series, click...
Introduction Hi everyone, this is my first posting so I wanted to first introduce myself. My name is Vinay Kalra and I'm also part of the A-team at Oracle. I came to Oracle in 2005 as part of the...
I got hit with an IM out of the blue this morning that kicked off a bunch of conversations about how Kerberos works with HTTP. As I was working my way around...
I got hit with an IM out of the blue this morning that kicked off a bunch of conversations about how Kerberos works with HTTP. As I was working my way around the org it became clear that lots of people say "and Kerberos happens here" and move on, but most didn't have a good understanding of how it actually worked "on the wire". If you want my description read on. If you want to see more authoritative info you should check out Wikipedia's page on SPNEGO. First a quick...
I got hit with an IM out of the blue this morning that kicked off a bunch of conversations about how Kerberos works with HTTP. As I was working my way around the org it became clear that lots of...
A question came in on one of the Oracle internal mailing lists with the following question: One of their partners achieves a single sign-on with them by means...
A question came in on one of the Oracle internal mailing lists with the following question: One of their partners achieves a single sign-on with them by means of our CoreId/web gate product. Do we have a CoreID/web gate product that works with Microsoft .Net 4.0? The short answer is that you don't need a .NET WebGate so no, there isn't one. The long answer is a bit more complicated. When people talk about .NET in the web world they're usually talking about ASP.NET which runs...
A question came in on one of the Oracle internal mailing lists with the following question: One of their partners achieves a single sign-on with them by means of our CoreId/web gate product. Do...
Introduction This article is about development of Custom plug-ins for OVD for a very specific use case. Main Article I'm back, rested and I've had some time to...
Introduction This article is about development of Custom plug-ins for OVD for a very specific use case. Main Article I'm back, rested and I've had some time to think about the crazy (clever?) OVD adapter I wrote for last week's PoC. You know, the one that lets you do a search for certdn= the user's certificate DN and it makes a SOAP call over to OIF to get the user info? I've talked to a few people internally about how this thing works and at first everyone has had the same...
Introduction This article is about development of Custom plug-ins for OVD for a very specific use case. Main Article I'm back, rested and I've had some time to think about the crazy (clever?)...
Introduction Development of Custom OVD plug-ins is necessary at times and this article is about one such use case. Main Article For a PoC I have been working on...
Introduction Development of Custom OVD plug-ins is necessary at times and this article is about one such use case. Main Article For a PoC I have been working on I wrote a (demo quality) OVD adapter that I thought might be interesting for others. In my PoC I had OIF, OAM, OVD and DSEE and OES. In the main use case a user can come along to the SP with an x.509 certificate issued by an issuer known to the SP. The SP is expected to do the normal certificate authentication "stuff"...
Introduction Development of Custom OVD plug-ins is necessary at times and this article is about one such use case. Main Article For a PoC I have been working on I wrote a (demo quality) OVD...
