Introduction A Sales Consultant asked for my opinion in a scenario where a customer wants to propagate end user credentials all the way from OAM (Oracle Access...
Introduction A Sales Consultant asked for my opinion in a scenario where a customer wants to propagate end user credentials all the way from OAM (Oracle Access Manager) to web services responsible for executing business logic. In the customer flow, after being authenticated by OAM, the end user is redirected to a portal UI. The UI makes calls to OSB (Oracle Service Bus) which in turn invokes web services deployed on WebLogic Server. One of use case driving requirements is...
Introduction A Sales Consultant asked for my opinion in a scenario where a customer wants to propagate end user credentials all the way from OAM (Oracle Access Manager) to web services responsible for...
The other day I blogged about database 11g's default password policies and how to disable them for your test environment. Today my passwords for OID expired and...
The other day I blogged about database 11g's default password policies and how to disable them for your test environment. Today my passwords for OID expired and I thought I'd pass along the same information for OID in case anyone anyone needs that information too. The first thing you should know is that there is no oidadmin in OID 11g. I'm going to ignore the GUI tools here and just document how to disable the policies via ldapmodify. First find your default password policy...
The other day I blogged about database 11g's default password policies and how to disable them for your test environment. Today my passwords for OID expired and I thought I'd pass along the...
I recently booted a VM that I hadn't used in some time and found this error appeared when I fired up sqlplus ORA-28002: the password will expire within 7 days...
I recently booted a VM that I hadn't used in some time and found this error appeared when I fired up sqlplus ORA-28002: the password will expire within 7 days From what I've been able to gather Oracle database 11g sets up a password expiration policy by default. This isn't usually a problem for me since I usually create a VM, work on it for a week or six before moving on to another project. But this VM is special - it's my combined IAM stack demo VM from OpenWorld and I need...
I recently booted a VM that I hadn't used in some time and found this error appeared when I fired up sqlplus ORA-28002: the password will expire within 7 days From what I've been able to gather...
Introduction The month of Kerberos continues I got a frantic call late last week asking for help getting WebLogic and Kerberos working. WebLogic would be...
Introduction The month of Kerberos continues I got a frantic call late last week asking for help getting WebLogic and Kerberos working. WebLogic would be deployed on Windows but, unlike in my previous post, this customer wanted IE to talk directly to WebLogic with no IIS server in between. Easy enough, right? It is, but there are some nuances. There are official docs available from download.oracle.com, but some people find them confusing. These are a bit simplified and are...
Introduction The month of Kerberos continues I got a frantic call late last week asking for help getting WebLogic and Kerberos working. WebLogic would be deployed on Windows but, unlike in my previous...
Seems like it's the month of Kerberos. We often see customers wanting authenticate users to Oracle Access Manager (OAM) with Kerberos, and fall back to HTML...
Seems like it's the month of Kerberos. We often see customers wanting authenticate users to Oracle Access Manager (OAM) with Kerberos, and fall back to HTML forms if the Kerberos authentication fails. There's an easy way to set this up, but it's not obvious how to do it. I'm just going to describe the flow here, but that should be enough to help you figure out how to do the actual knob turning yourself. If you run into trouble feel free to ask a question here. user...
Seems like it's the month of Kerberos. We often see customers wanting authenticate users to Oracle Access Manager (OAM) with Kerberos, and fall back to HTML forms if the Kerberos authentication fails....
...or how Josh stole my idea for a post in one paragraph. In a recent post Josh said There is another approach that, unfortunately, is rather common - use a Web...
...or how Josh stole my idea for a post in one paragraph. In a recent post Josh said There is another approach that, unfortunately, is rather common - use a Web Gate in front of WebLogic Server and use a very weak identity asserter or no SSPI connector at all. I'd started writing this post before Josh wrote that and figured I'd post this anyway in hopes that my longer and more detailed write up is helpful to someone unfamiliar with what all of the terms and acronyms mean....
...or how Josh stole my idea for a post in one paragraph. In a recent post Josh said There is another approach that, unfortunately, is rather common - use a Web Gate in front of WebLogic Server and...
How do you enable Discovery Mode in Oracle Entitlements Server? from the documentation: The ASI Authorization and ASI Role Mapping providers support a Discovery...
How do you enable Discovery Mode in Oracle Entitlements Server? from the documentation: The ASI Authorization and ASI Role Mapping providers support a Discovery mode that helps make this task easier. Typically, these providers answer questions about security, but when in Discovery mode, the providers record information about those questions to build your policy (for example, what privileges and resources must be granted to view a particular web page). To use Discovery mode,...
How do you enable Discovery Mode in Oracle Entitlements Server? from the documentation: The ASI Authorization and ASI Role Mapping providers support a Discovery mode that helps make this task easier....
I've been meaning to write this down for quite a while and never had the time to do the subject justice. I'm not sure that I have the time now, or that I've...
I've been meaning to write this down for quite a while and never had the time to do the subject justice. I'm not sure that I have the time now, or that I've done the subject justice, but this is my attempt to describe the most common mistakes made by new users of OES. Creating policies in OES is easy. Creating a manageable set of policies is easy too, but it usually requires a bit of forethought. When you write a Authorization policy in OES you pick from a menu of options to...
I've been meaning to write this down for quite a while and never had the time to do the subject justice. I'm not sure that I have the time now, or that I've done the subject justice, but this is...
The below is not officially supported by Oracle yet, but I've been happily running OES under WebLogic 11gR1 and thought it might be useful information for...
The below is not officially supported by Oracle yet, but I've been happily running OES under WebLogic 11gR1 and thought it might be useful information for others. WebLogic Server 10.3 is the most recent version certified for use with OES is 10.1.4.3. If you want to run OES with WebLogic 11gR1 (also known as WebLogic 10.3.1) you will need to take a few extra steps. 1) install WebLogic 11gR1 2) run the DBConfig tool to create the database for OES 3) install OES 10.1.4.3 Admin...
The below is not officially supported by Oracle yet, but I've been happily running OES under WebLogic 11gR1 and thought it might be useful information for others. WebLogic Server 10.3 is the...
