For other A-Team articles by Richard, click here Introduction Customers may want to restrict access to their Oracle Cloud Services to a set of IP ranges, for...
For other A-Team articles by Richard, click here Introduction Customers may want to restrict access to their Oracle Cloud Services to a set of IP ranges, for instance to only allow connections coming from their corporate office. That type of restriction is not possible within Oracle Analytics Cloud itself, but it possible to set up using the Identity Cloud Service. This functionality requires the 'Foundation' level for Identity Cloud Service. For more information on the...
For other A-Team articles by Richard, click here Introduction Customers may want to restrict access to their Oracle Cloud Services to a set of IP ranges, for instance to only allow connections coming...
Introduction The purpose of this blog post is to describe how to do the Integration of APEX(on-premise) with Oracle Identity Cloud Service(IDCS). The...
Introduction The purpose of this blog post is to describe how to do the Integration of APEX(on-premise) with Oracle Identity Cloud Service(IDCS). The integration described in this Post relies on APEX using the Oracle Rest Data Services(ORDS) deployed on Weblogic. [caption id="attachment_46133" align="alignnone" width="712"] Login flow when APEX is integrated with IDCS[/caption] Request a protected resource on WLS (No previous WLS session) WLS will initiate a federation flow...
Introduction The purpose of this blog post is to describe how to do the Integration of APEX(on-premise) with Oracle Identity Cloud Service(IDCS). The integration described in this Post relies on APEX...
Introduction Companies usually have some Identity and Access Management solution deployed on premises to manage users and roles to secure access to their...
Introduction Companies usually have some Identity and Access Management solution deployed on premises to manage users and roles to secure access to their corporate applications. As business move to the cloud, companies will, most likely, want to leverage the investment already made into such IAM solutions and integrate them with the new SaaS or PaaS applications that are being added to their portfolio. Oracle Public Cloud and its Shared Identity Management services (SIM)...
Introduction Companies usually have some Identity and Access Management solution deployed on premises to manage users and roles to secure access to their corporate applications. As business move to...
The OPSS User and Role API (oracle.security.idm) provides an application with access to identity data (users and roles), without the application having to know...
The OPSS User and Role API (oracle.security.idm) provides an application with access to identity data (users and roles), without the application having to know anything about the underlying identity store (such as LDAP connection details). For new development, we no longer recommend the use of the OPSS User and Role API - use the Identity Governance Framework (IGF) APIs instead. However, if you already have code which uses the User and Role API, that code is still supported...
The OPSS User and Role API (oracle.security.idm) provides an application with access to identity data (users and roles), without the application having to know anything about the underlying identity...
Introduction Every WebLogic Server installation comes with SSL support. But for some reason many installations get this interesting error message at startup:...
Introduction Every WebLogic Server installation comes with SSL support. But for some reason many installations get this interesting error message at startup: Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the...
Introduction Every WebLogic Server installation comes with SSL support. But for some reason many installations get this interesting error message at startup: Ignoring the trusted CA certificate...
Introduction You have deployed Oracle BPM and decided to run some load tests against it. You're concerned, among other things, about the behavior of your...
Introduction You have deployed Oracle BPM and decided to run some load tests against it. You're concerned, among other things, about the behavior of your backend LDAP server under peak times, whether it's going to be able to handle the load or not. You check the security providers settings in Weblogic Server and see you have an LDAP Authenticator (or some specialization, like OVD Authenticator, for instance) with an ldap pool size set to 50 connections. But your test reveals...
Introduction You have deployed Oracle BPM and decided to run some load tests against it. You're concerned, among other things, about the behavior of your backend LDAP server under peak times,...
Introduction Recently a customer asked me how to import his private key and certificate into an Oracle HTTP Server Wallet. The customer generated a CSR outside...
Introduction Recently a customer asked me how to import his private key and certificate into an Oracle HTTP Server Wallet. The customer generated a CSR outside the OHS Wallet Manager, using Open SSL, and sent it to a CA to get his certificates issued by them. Unfortunately, the Wallet Manager only allows you to import certificates which were created for a CSR generated by the Wallet itself. Despite this minor limitation, there is a workaround to get your private key,...
Introduction Recently a customer asked me how to import his private key and certificate into an Oracle HTTP Server Wallet. The customer generated a CSR outside the OHS Wallet Manager, using Open SSL,...
Introduction I've recently came across a question in one of our internal mailing lists where a person was under the impression that he would have to write code...
Introduction I've recently came across a question in one of our internal mailing lists where a person was under the impression that he would have to write code to propagate the identity when making a web service call using OWSM policies. My answer was something like: "depending on the type of your client you may have to write some very small piece of code to attach a policy, but you should not write code at all to either retrieve the executing client identity or to do the...
Introduction I've recently came across a question in one of our internal mailing lists where a person was under the impression that he would have to write code to propagate the identity when making...
Introduction In my last post I wrote about the complicated and timely process of determining all of a user’s group memberships when an LDAP namespace includes...
Introduction In my last post I wrote about the complicated and timely process of determining all of a user’s group memberships when an LDAP namespace includes nested and dynamic group memberships. I wrote about how you can simplify and speed up getting a user’s group memberships through the use of a dynamic “member of” attribute and specifically the orclMemberOf attribute in OID. Today I’d like to extend this discussion to WebLogic server authentications. A Review of LDAP...
Introduction In my last post I wrote about the complicated and timely process of determining all of a user’s group memberships when an LDAP namespace includes nested and dynamic group memberships. I...