One of the responsibilities of Oracle Identity Cloud Service (IDCS) is to serve as an OAuth 2.0 Authorization Server. As an Authorization Server, IDCS issues...
One of the responsibilities of Oracle Identity Cloud Service (IDCS) is to serve as an OAuth 2.0 Authorization Server. As an Authorization Server, IDCS issues access and refresh tokens to OAuth Clients. OAuth Clients use these tokens to access various resources on Resource Servers on-behalf of Resource Owners. OAuth Clients are things like web or mobile applications and Resource Owners are users who use those applications for various purposes. This goal of this article is to...
One of the responsibilities of Oracle Identity Cloud Service (IDCS) is to serve as an OAuth 2.0 Authorization Server. As an Authorization Server, IDCS issues access and refresh tokens to OAuth...
Introduction This blog provides steps to configure SSL certificate in Oracle API Gateway node's trust store. It becomes necessary when API gateway in installed...
Introduction This blog provides steps to configure SSL certificate in Oracle API Gateway node's trust store. It becomes necessary when API gateway in installed in "production" mode. Without SSL certificate you won't able to deploy an API to gateway node, because in production mode gateway must communicate with APIP management tier over SSL. Another use-case is when backend service is SSL enabled. We will discuss both the scenarios in this blog. 1. Configure certificate in...
Introduction This blog provides steps to configure SSL certificate in Oracle API Gateway node's trust store. It becomes necessary when API gateway in installed in "production" mode. Without...
Introduction Identity Cloud Services (IDCS) 18.2.4 introduced an all new authentication API that allows customers to build their own login application. Those...
Introduction Identity Cloud Services (IDCS) 18.2.4 introduced an all new authentication API that allows customers to build their own login application. Those new APIs allow you to do username and password authentication, federation, social login and multi factor authentication. The API is implemented as a state machine that steps through the initial authentication and then proceeds through Multi-factor Authentication (MFA) if needed. The state machine also handles enrolling...
Introduction Identity Cloud Services (IDCS) 18.2.4 introduced an all new authentication API that allows customers to build their own login application. Those new APIs allow you to do username...
Secure Java coding is a vast topic; therefore, this article is just an introduction to it. I will discuss the most frequent attacks, mitigations, and some traps...
Secure Java coding is a vast topic; therefore, this article is just an introduction to it. I will discuss the most frequent attacks, mitigations, and some traps that developers usually fall into either because of partial or complete lack of familiarity with Java security. Basic Coding Practices Before dealing with specific security attacks, let's review some basic coding practices that should be used in all programming languages: Input validation Insufficient input...
Secure Java coding is a vast topic; therefore, this article is just an introduction to it. I will discuss the most frequent attacks, mitigations, and some traps that developers usually fall...
The OCI Administrators group grants manage acess to all resources in all compartments including the root compartment. So, any member of this group is...
The OCI Administrators group grants manage acess to all resources in all compartments including the root compartment. So, any member of this group is considered a super user. Is a normal practice to keep Administrators members to a small number of users and create additional groups/policies to restrict access to specific compartments. If there's a requirement to have policies at the root level that grant specific permissions to all compartments except the root compartment...
The OCI Administrators group grants manage acess to all resources in all compartments including the root compartment. So, any member of this group is considered a super user. Is a normal practice to...
Introduction OCI or Oracle Cloud Infrastructure, is Oracle’s latest cloud infrastructure that is replacing the older Oracle Cloud Infrastructure Classic. One...
Introduction OCI or Oracle Cloud Infrastructure, is Oracle’s latest cloud infrastructure that is replacing the older Oracle Cloud Infrastructure Classic. One feature it has is built-in Identity Management Governance. For example, you can add and manage users to grant who can access OCI resources among other features, please refer to this link for more information https://cloud.oracle.com/governance. This article is focused on customers who want to use their existing identity...
Introduction OCI or Oracle Cloud Infrastructure, is Oracle’s latest cloud infrastructure that is replacing the older Oracle Cloud Infrastructure Classic. One feature it has is built-in...
Introduction Audit events enable organization administrators to review the actions performed by members of your organization using details provided by the Audit...
Introduction Audit events enable organization administrators to review the actions performed by members of your organization using details provided by the Audit logs - who performed the action, performed it, and what the action was. Before getting into the article I want to mention this blog was written by Abhishek Juneja, a Principal Product Manager of Identity & FA Security - Cloud. This blog helps expand on some blogs I wrote on IDCS Audit --- Identity Cloud Services...
Introduction Audit events enable organization administrators to review the actions performed by members of your organization using details provided by the Audit logs - who performed the...
Introduction During provisioning of a new FA instance the passwords for FA AppIDUsers like FUSION_APPS_PROV_PATCH_APPID or similar users will expire after 120...
Introduction During provisioning of a new FA instance the passwords for FA AppIDUsers like FUSION_APPS_PROV_PATCH_APPID or similar users will expire after 120 days which is the standard value for normal OID users. This article is intended to describe how you can apply the no password expiry policy to all FA AppIDUsers in a newly provisioned R12 instance. Background The FA start/stop script fails and during the failed startup you observe error messages in the AdminServer.out...
Introduction During provisioning of a new FA instance the passwords for FA AppIDUsers like FUSION_APPS_PROV_PATCH_APPID or similar users will expire after 120 days which is the standard value for...
Introduction The purpose of this blog post is to describe how to use Sign-On Policies to restrict access to the OOTB Oracle Identity Cloud Service UI. One...
Introduction The purpose of this blog post is to describe how to use Sign-On Policies to restrict access to the OOTB Oracle Identity Cloud Service UI. One use-case could be that End-Users should not be able to view and update their own profile details using the OOTB UI. Overview IDCS comes with a Default Sign-On Policy that contains one Default Sign-On Rule which basically allows any authenticated user access to the IDCS "myconsole" application. We will update this policy to...
Introduction The purpose of this blog post is to describe how to use Sign-On Policies to restrict access to the OOTB Oracle Identity Cloud Service UI. One use-case could be that End-Users should...
