Index

A B C D E F G H I L M N O P Q R S T U V W

A

AAA Server

see Access Server

About page, 1.3.5

Access Manager

SDK, configuring, 7.9

Access Manager SDK, 7.9

formerly named Access Server SDK, Preface

Access Server, 1.2.1

AAA Server configuration option

auditing, 9.1

cache flush, caveat, 8.1.1

cache updates, 7.8.6, 7.8.6

changing the security password, 8.7

changing to Cert mode, 8.3.4

changing to Open mode, 8.3.2

changing to Simple mode, 8.3.3

changing transport security modes for, 8.3

configureAAAServer tool, 7.5.5.3, 8.7

file-based auditing for, 11.5

location for user and configuration data, 7.5

logging, 10.1

reconfiguring after setting up Policy Manager, 7.5.5.3

setting up redirect URLs for account locout, 7.8.5.3

SNMP monitoring of, 12.2

transport security for, 8.1.1

Access Server SDK

now named Access Manager SDK, Preface

Access System

changing to Open security mode, 8.3.2

changing to Simple transport security, 8.3.3

changing transport security modes for, 8.3

transport security for, 8.1.1, 8.1.1

AccessGate

changing transport security modes for, 8.3

logging, 10.1

transport security for, 8.1.1

Active Directory, 7.5.6.1

Access Server with LDAP, C.3

ADSI configuration with Oracle Access Manager, B.1

authentication, A.2

authorization, A.2

backward compatibility, A.6

configuring with LDAP, C

credential_mapping plug-in, A.3

defining directory server profiles, A.1.1

deleting a disjoint searchbase, A.1.2.1

deploying with, A

disjoint searchbases for, A.1.2

group-search read operations, A.1.3

increasing the length of the SAM account name, Preface

LDAP authentication with ADSI, C.5

Microsoft Global Catalog, C.1

.NET features, A.7

ObMyGroups action attribute, A.2.3

parent-child authentication, A.2.1

parent-child authorization, A.2.2

Policy Manager setup with LDAP, C.2

required schema modifications, 3.8

setting up profiles and searchbases, A.1

timeouts for LDAP, C.4

troubleshooting, A.8

what's new in this release, Preface

administration

preparing for, 1

administrators

about Identity administrators, 2.1

administrators with access to all attributes, 4.4.8

configuring, 2, 2.2

delegated administration

adding delegated administrators, 2.3.3

configuring, task overview, 2.3.1

models of, 2.3.2

delegated administrators, 2.3

Delegated Identity Administrators, 2.1, 2.1

deleting administrators, 2.2.1

Identity System, 2

Master Administrators, 2.1, 2.1

Master Identity Administrators, 2.1, 2.1

substitute administrators, 2.3.4

assuming another administrator's identity, 2.3.4

temporarily granting your rights to another person, 2.3.4

ADSI, 7.5.6.1

bind mechanisms for the Access Server, B.3.1

bind mechanisms for the Identity Server, B.2.3

configuration files, B.2.4, B.3.2

configuration for Access System, B.3

configuring for, B

configuring for the Access System, B.7

configuring for the Identity System, B.4

mixed ADSI and LDAP configuration, B.2.2

pageSize parameter, B.8

troubleshooting, B.9

Anonymous access, 4.4.4

ANR, D.1

attributes

class attribute, 3.2

selecting, 3.3.1

class attributes for template object classes, 3.3.1

configuring, 3.6.1, 3.8

configuring lists of radio buttons, check boxes, and so on, 3.8.1

configuring lists of values using directory queries (filters), 3.8.1

data types, 3.6.2

binary, 3.6.2

distinguished name, 3.6.2

integer, 3.6.2

postal address, 3.6.2

string, 3.6.2

telephone, 3.6.2

derived

about, 3.9

adding to a User Manager tab, 3.9.2

caveats, 3.9

example of, 3.9.1

display names, localing, 3.8.2

display types, 3.6.4

boolean, 3.6.4

check box, 3.6.4

date, 3.6.4

email, 3.6.4

filter builder, 3.6.4

GIF image, 3.6.4

GIF image URL, 3.6.4

location, 3.6.4

media, 3.6.4

multi-line text, 3.6.4

None, 3.6.4

numeric string, 3.6.4

object selector, 3.6.4

postal address, 3.6.4

radio button, 3.6.4

selection menu, 3.6.4

single line text, 3.6.4

S/MIME certificate, 3.6.4

filters to use with searches, 3.8.4

giving users access to the class attribute, 3.3.1

how used in Identity applications, 3.1

lists, defining, 3.8.1.2

localizing, 3.8.2

password, 3.6.3.5

provisioning (template) attributes, 3.1.5

rules for static lists of attributes, defining, 3.8.1.1

attribute used as the key in searches, 3.2

based on finding the same value in different attributes, 3.9

dynamic, 3.8.7.5

dynamic with multiple values, 3.8.7.7

dynamic with wild cards, 3.8.7.6

returning results that match an attribute on a profile page, 3.8.7.5

returning targets that match the DN of the logged-in user, 3.8.7.4

search key (class) attribute, 3.2

selecting what can be searched, 4.2.4

selection keys, 4.4.10

semantic types, 3.6.3

challenge, 3.6.3.5

defined during setup, 3.6.3.1

DN prefix, 3.6.3.1

full name, 3.6.3.1, 3.6.3.2

Group Dynamic Member, 3.6.3.3

Group Owner, 3.6.3.3

Group Static Member, 3.6.3.3

location coordinates, 3.6.3.4

lost passwords, attributes for managing, 3.6.3.5

map, 3.6.3.6

none, 3.6.3.6

password, 3.6.3.1

photo, 3.6.3.2

preferred email address, 3.6.3.6

response, 3.6.3.5

title, 3.6.3.2

used in Group Manager, 3.6.3.3

used in profile pages, 3.6.3.2

template attributes, 3.1.5

viewing, 3.7

auditing, 11

about, 11.1

actions Identity applications, 4.7

audit database, about, 11.4.5

audit database, creating, 11.6.2.2

audit database, setting up, 11.6.2

audit reports, setting up, 11.7, 11.7

authentication events, 7.8.2.2

connecting Access and Identity Servers to the database, 11.6.2.4

Crystal Reports, 11.2.4

Crystal Reports templates, using, 11.7

Crystal repository, 11.4.6

database auditing architecture, 11.4

database auditing requirements, 11.3.1

database auditing, setting up, 11.6

diagnostics, 11.2.6

diagnostics, on-screen, 11.2.6

dynamic, 11.2.4

enabling for Access Servers, 11.2.6

enabling on Identity Servers, 11.2.6

file vs database auditing, 11.2

file-based, setting up, 11.5

formatting, 11.2.6

Global User Access Privilege Report, 11.2.6

GUI location for auditing functions, 11.2.6

Identity events to be audited, 11.2.6

master audit rule, 11.2.6

new features, Preface

OCI connection type, 11.4.4.2

ODBC data source definitions, 11.4.2

ODBC drivers, 11.4.3

Oracle Database as the audit repository, Preface

output type and amount, 11.2.5

performance considerations, 11.2.2

policy information, 11.2.3

profile information, 11.2.3

RDBMS profile configuration, 11.4.4

RDBMS profiles for, 11.2.6

RDMBS profiles for, 11.2.6

reports, types of, 11.4.6.1

security considerations, 11.2.1

SQL Server, installing, 11.6.2.1

static reports, 11.2.3

success and failure of Identity System actions, 11.2.6

authentication, Preface

auditing authentication events, 7.8.2.2, 11.4.6.1

Fast Bind for, 7.5.6.1

for ADSI, B.7, C.5

for transport security, 7.4.2, 7.7.2

monitoring authentication actions, 12.3.3

monitoring authentication plug-ins, 12.3.3, 12.3.3

not required for self-registration, 5.10

plug-in APIs, Preface

reports on authentication attempts, 9.1.2

scheme

default schemes, Preface

scheme for disjoint searchbases, 7.5.8

schemes, modifying to include a password policy, 7.8.4.1

with Active Directory, A.2

authorization, Preface, Preface

auditing authorization events, 11.4.6.1

authorization plug-ins MIB objects, 12.3.3

AzMan plug-in, D.8

for ADSI, C.5

monitoring authorization events, 12.3.3

monitoring authorization plug-ins, 12.3.3

plug-in APIs, Preface

with Active Directory, A.2

auxiliary object classes

adding to a tab, 4.2.6

B

backURL, 7.8.5.1, 7.8.5.2

C

CA certificates

importing multiple, 8.6

security

CA certificates, 8.1.2

cache

Access cache flush, caveat, 8.1.1

Access Server cache updates, 7.8.6

managing Identity Server caches, 7.3.4

Cert mode

about, 8.1

changing the Access System to, 8.3.4

installing a certificate for, 8.2.3

cert7.db, 8.1

cert8.db, 8.1

certificates

installing, 8.2.3

challenge attribute, 7.8.3.5

challenge phrase

deleting, 7.8.3.5

change attribute workflow, 5.1.6

cloning, 7.10

components

copying, 7.10

configuration data

pointing to a new directory server, 7.5.6

profile for storing, 7.5.1

configureAAAServer command, 8.3.2, 8.3.3

configureAAAServer tool, 8.1

configureAccessGate, 8.3.3

COREid

now named Oracle Access Manager, Preface

create group workflow, 5.1.6

create object workflow, 5.1.6

create user workflow, 5.1.6

D

data types, 3.6.2

binary, 3.6.2

distinguished name, 3.6.2

integer, 3.6.2

postal address, 3.6.2

string, 3.6.2

telephone, 3.6.2

data, exporting

see exporting data

database instance

adding, 7.5.6

configuring, 7.5.6.1

deleting, 7.5.7

for an LDAP profile, 7.5.6

for an RDBMS profile, 7.5.6

deactivate user workflow, 5.1.6

delegated administration

adding delegated administrators, 2.3.3

ASP model, 2.3.2.3

extranet model, 2.3.2.1

intranet model, 2.3.2.2

models of, 2.3.2

what can be delegated, 2.3.1

Delegated Identity Administrators

E

setting addresses for user feedback, 7.3.2

exporting data

F

failover, 7.6.1

Fast Bind, 7.5.6.1

features

new, Preface

filters

see LDAP filters

static LDAP, 3.8.7.1

static with wild cards, 3.8.7.2

usage, 3.8.7

full name, 3.6.3.2

G

genCert utility, 8.1.2, 8.3.3

GIF

data type, 3.6.2

display type, 3.6.2, 3.6.4

for photos, 4.5.1.1

display type, configuring, 3.8.8

files in the Chystal Repository database, 11.4.2

image, referencing in a file system, 4.5.1.2

image, used in a location map in a workflow, 5.11

images used in the Identity System u.i., 7.1

location coordinates semantic type, 3.6.3.4

semantic type, 3.6.3.2

semantic type for, 3.6.3.6

tab image, 4.2.1

title image, 4.3.4

globalization

H

header panels, 4.3.2

help, 1.3.4

I

Identity applications

see User Manager

about, 1.2.1.2

configuration, examples of, 4.5

configuring

see objects and attributes

example of configuring, 4.5

purpose of, 1.2.1.2

tabs, 4.2, 4.2.1

modifying, 4.2.1

Identity Server

adding, 7.4.2

auditing, 9.1

auditing, configuration, 11.6.3

cache flush caveat, 8.1.1

caches, 7.3.4

configuration, 7.3

definition, 1.2.1

deleting parameters, 7.4.4

email address for feedback, setting, 7.3.2

Group Manager application, 1.2.1

installation, 1.2.1.1

logging, 10.1

mail server alerts, configuring, 7.3.3

managing, 7.4

managing from the command line, 7.4.5

modifying, 7.4.3

modifying settings, 7.3

multiple, setting up, 7.4.1

Organization Manager application, 1.2.1

session timeout setting, 7.3.1

settings, configuring, 7.3

SNMP monitoring of, 12.2

transport security

changing, 8.2

User Manager application, 1.2.1

viewing, 7.4.3

viewing settings, 7.3

WebPass plug-in, 1.2.1

who configures, 2.1

Identity System

administration, about, 1.2

administrators, 2

ADSI configuration, B.2

components, 1.2.1

configuration, about, 1.2

configuration, overview, 1.2.1.2

configuring, Preface

configuring the Access Manager SDK, 7.9

configuring, about, 1.2.1.2

Identity Server, 1.2.1

installation summary, 1.2.1.1

managing, about, 1.2.1.3

transport security

changing, 8.2

transport security for, 8.1.1, 8.1.1

WebPass, 1.2.1

impersonation

enabling, D.4

installation, 7.10

L

languages

see localization

LDAP

data

configuring for Oracle Access Manager, 3

process overview, 3.1.2

read and write access to, 4.4.8

viewing on a profile page, 3.1

filters

advanced, 4.4.7

for searches, 4.4.6

query builder, 4.4.6

objects in a workflow, 5.1.7

objects, on a panel, 4.3.1

profiles, 7.5.1

redirecting client requests, 7.5.6.1

referrals, 7.5.6.1, 7.5.6.1

lists

about, 3.8.1

defining, 3.8.1.2

localization, 3.8.2

about, 7.2

attribute display names, 4.3.8

enabling languages, 7.3.5

language evaluation order, 7.2.2

managing multiple languages, 7.3.5

of administrative pages, 7.2.1

of panels, 4.3.4

of search results, 4.2.5

overview, 7.2

panel display names, 4.3.7

reports, 4.8.2

tabs, 4.2.2

log out

from the Identity System, 1.3.6.1

logging

about, 10.1

automatic updates, Preface, Preface, Preface, Preface, Preface, Preface, Preface, Preface

autosync, 10.5

Buffer_Size, 10.6

configuration file, 10.2

comments in, 10.2.3.1

modifying, 10.2.3

names, 10.2.2

order of elements, 10.4.1

order of evaluation of entries, 10.5.1

parameters, 10.6

structure, 10.4

configuring in the Identity System Console, 10.7

default configuration file, 10.2.3.1

File_Name, 10.6

levels, 10.5

ListName, 10.6

log levels, about, 10.1

log levels, table of, 10.1.1

log output destinations, 10.3

log writers, 10.3

Log_Level, 10.6

Log_Status, 10.5, 10.6

Log_Threshold_Level, 10.5

Log_Writer, 10.6

Max_Rotation_Size, 10.6

Max_Rotation_Time, 10.6

new features in this release, Preface, Preface, Preface, Preface

order of elements in the configuration file, 10.4.1

output, where sent, 10.3

SNMP, 12.7

sychronizing the configuration file and the Identity System Console settings, 10.5

what's new in this release, Preface, Preface, Preface

when a server restart is needed, 10.5.1.1

where log data is sent, 10.3

xmlns, 10.6

to the Access System, 1.3.1.2

to the Identity System, 1.3.1.1

logout, 1.3.6

lost password management

about, 7.8.3

challenge phrases and responses, 7.8

configuring, 7.8.3.5

deleting challenge phrases, 7.8.3.5

enabling, 7.8.3.5

new features in this release, Preface

overview of configuring, 7.8.3

presenting multiple challenges phrases, 7.8.3.2

redirection to a password reset page, 7.8.5.1

redirection URL, 7.8.2.2

semantic types for challenge and response, 3.6.3.5

style sheets for lost password management, 7.8.2.3

style sheets for password reset pages, 7.8

URL, syntax, 7.8.3.1

viewing policies for, 7.8.3.5

M

managing subscriptions, 4.6.5

Master Administrator

definition, 2.1

tasks performed by, 2.1

Master Identity Administrators

definition, 2.1

tasks performed by, 2.1

monitoring

see SNMP

MTHML, 7.3.3

My Groups, 4.2.8

N

name changes, Preface

names, new, Preface

.NET, A.7

about, D

adding attributes dynamically, D.2.1

adding attributes for a group, D.2.2

ambiguous names, resolving, D.1

ANR, D.1

dynamically linked auxiliary classes, D.2

enabling Fast Bind, D.3

enabling impersonation, D.4

Integrated Windows Authentication, D.5

integrating the Security Connector for ASP.NET, D.10

integration with AzMan, D.8

integration with Smart Card authentication, D.9

managed code and helper classes, D.7

Microsoft Resources, D.12

troubleshooting, D.11

with Access System password management, D.6

NetPoint

now named Oracle Access Manager, Preface

NetPoint SAML Services

now named Oracle Identity Federation, Preface

new features

auditing to Oracle Database, Preface

logging, Preface, Preface, Preface, Preface

new features in this release, Preface, Preface

Novell Directory Server

requirements for configuration, 3.8

O

object class kind, 3.2

object class type, 3.2

Object Class(es) field, 4.2.1

object classes

about, 3.1

auxiliary, 3.1.4

structural, 3.1.4

template object classes, 3.1.5

Object Selector display type

search filters for, 3.8.3

object templates

P

panels, 4.3.4

about, 4.3

adding, 4.3.4

deleting, 4.3.4

group type panels, 4.3.6

adding, localizing, modifying , deleting, 4.3.7

modifying, 4.3.4

ordering, 4.3.5

using objects on a panel, 4.3.1

viewing, 4.3.3

parameter files, E

about, E

password policies

see passwords

passwords, 3.6.4

Q

Query Builder

about, 4.4.6

advanced filters, 4.4.7

QuickStart tool, 5.2, 5.2

example, 5.2.1

R

RDBMS profile

adding, 7.6.1, 7.6.1

database instance for, 7.6.2

database instance for, adding, 7.6.2

modifying, 7.6.1

reactivate user workflow, 5.1.6

read permission, 4.4

realms, 7.5.8

reporting, 9

S

SAMAccountName, Preface, A.6

schema data

configuring, 3.1.2

search, 1.3.2.2

T

Tab Filter field, 4.2.1

tabs, 1.3.2.1, 3.1.4

adding auxiliary and template object classes, 4.2.6

adding to Org. Manager, 4.2.3

configuring, 4.2

deleting, 4.2.9

localizing, 4.2.2

modifying, 4.2.1

Object Class(es) configuration field, 4.2.1

ordering, 4.2.10

panels, configuring, 4.3

profile pages, configuring, 4.3

searching, 4.2.4

tab filter field, 4.2.1

viewing, 4.2.1

Task overview

Assigning dynamic participants to a workflow step, 5.5.3.6

Configuring ADSI for the Access System, B.7

Configuring ADSI for the Identity System, B.4

Configuring multi-language functionality, 7.2

Creating a plug-in or application to select dynamic participants, 5.5.3.6

Creating a workflow definition, 5.1.5

Defining a Create Location workflow, 5.11

Defining a workflow using the workflow applet, 5.3

Delegating administrators, 2.3.1

Displaying information on an application, 4.1

Enabling database auditing, 11.6

Enabling Location functionality, 4.5.2

Enabling Location functionality and users, 5.11

Enabling Oracle Access Manager servers to connect to the audit database, 11.6.2.4

Enabling surrogates, 5.5.4

Preparing for the audit database, 11.6.2

Preparing to use ANR during searches, D.1.2

Setting up an RDBMS profile, 11.6.2.4

Setting up for dynamix auxiliary classes, D.2

Setting up IWA authentication, D.5

Setting up multiple Identity Servers, 7.4.1

To configure auditing, 11.6.3

To connect Crystal Reports to the Oracle Repository, 11.7

To create a secondary RDBMS instance, 11.6.2.4

To set up audit reports, 11.7

Uploading the audit schema, 11.6.2.3

template attributes

in a workflow, 5.1.7

template objects

about, 3.1.1

classes

adding to a tab, 4.2.6

how viewed in the Identity System, 6.5.2

note about modifying, 6.2

used in workflows, 6.4

used on a panel, 4.3.1

To delete a password policy, 7.8.2.5

To set the globalparams.xml file, 4.9.2

transport security

about, 8.1

changing for the Access Server, 8.3

changing for the AccessGate, 8.3

changing for the Identity Server, 8.2

changing for the WebPass, 8.2

changing to Cert for the Access System, 8.3.4

changing to Cert mode, 8.2.3

changing to Open mode for the Access System, 8.3.2

changing to Simple for the Access System, 8.3.3

changing to Simple mode, 8.2.2

passwords, 8.5

PEM files, 8.1.2

setting between components, 8.1.1

specifying during installation, 8.1

troubleshooting, F, F

typical problems in Oracle Access Manager, F

U

user data

profile for storing, 7.5.1

user interface, 1.3.2

customizing, 7.1

navigation elements, 1.3.2

styles

V

VDS, 7.5.2

View Member Profiles, 4.2.8

W

WebGate

and session timeouts, 7.3.1

certificate request for, 8.1.2

changing to Cert mode, 8.3.4

changing to Open mode, 8.3.2

changing to Simple mode, 8.3.3

logging, 10.1

WebPass

adding, 7.7.2

associating with an Identity Server, 7.7.5

configuring, 7.7

definition, 1.2.1

deleting, 7.7.3

disassociating from an Identity Server, 7.7.6

install after the Identity Server, 7.7

logging, 10.1

modifying, 7.7.2

modifying from the command line, 7.7.4

setup_webpass command, 7.7.4

transport security

changing, 8.2

viewing, 7.7.1

viewing associations with Identity Servers, 7.7.5.1

who configures, 2.1

what's new in this release, Preface, Preface

workflows

about, 5.1

actions

change attribute, 5.1.10, 5.1.10, 5.1.10

create group, 5.1.10

create object, 5.1.10

create user, 5.1.10

delete group, 5.1.10

delete object, 5.1.10

delete user, 5.1.10, 5.1.10

reactivate user, 5.1.10

actions you can perform in a step, 5.1.11

actions, about, 5.1.8, 5.1.9

adding roles to, 5.9.4

Anyone role, 5.9.4

application for selecting participants, 5.5.3.6

archiving requests, 5.7.6

asynchronous operations, 5.6

committing data via, 5.3.6

copying, 5.8.2

creating a location workflow, 5.11

deactivating and reactivating users, 5.7.3

defining, 5.3.1

defining a target, 5.3.2

deleting, 5.8.4

dynamic participants, 5.1.3, 5.5.3, 5.5.3.3

overview of assigning, 5.5.3.6

dynamically assigning users to locations in the DIT, Preface

enabling, 5.3.7

end use of, 5.7

entry conditions, 5.1.9

escallation of, 5.5.5

example of, 5.1.12

example of creating, 5.3.8

example of defining, 5.3.9

examples of, 5.1.2

exporting, 5.8.5

external actions, 5.9.2

finding and processing a ticket, 5.7.2

how users access workflows, 5.1.6

illustration of create user workflow, 5.1.4

invoking, 5.7.1

localizing, 5.8.8

locking a ticket, 5.7.8

mail server for ticket processing, 7.3.3

modifying the appearance of workflow panels, 5.8.7

monitoring, 5.7.5

notifications, 5.1.9

notifying step participants, 5.5.2

Out of Office attribute, 5.5.4

out of office flag, 5.5.4

overview of creating, 5.1.5

participants, 5.1.9

performance of, 5.8.9

picking a DIT location for the object being created, 5.3.2

plug-ins for selecting participants, 5.5.3.6

pre- and post- actions, 5.9.1

pre and post processing, 5.1.9

QuickStart tool, 5.2

self-registration, 5.2.1

mail notification, 5.1.11

self-registration, creating, 5.10

sending workflow data to back-end systems, 3.1.5

starting a defintion, 5.3.1

static participants, 5.5.3.1, 5.5.3.4

step actions, 5.1.10

step actions, about, 5.1.9

steps, 5.3.5

attributes, 5.3.4

committing, 5.3.6

steps, about, 5.1.8, 5.1.9

subflows, 5.4

subflows, about, 5.1.3, 5.1.12

subflows, approving, 5.4.2

subflows, associating with a workflow step, 5.4.1

summary reports, exporting, 5.8.1

summary reports, viewing, 5.8.1

surrogate participants, 5.1.3

surrogate participants, about, 5.5.4

surrogates in, 5.5.4

target, 5.3.2

targets, 5.1.9

template objects in, 3.1.5

testing, 5.3.8

ticket routing, 5.5.3.2

tickets, about, 5.1.6.1

tickets, advanced routing, 5.5

time-based escallation, 5.5.5

type of workflows, 5.1.8

types

change attribute, 5.1.6

create group, 5.1.6

create object, 5.1.6

create user, 5.1.6

deactivate user, 5.1.6

delete group, 5.1.6

delete object, 5.1.6

reactivate user, 5.1.6

self-registration, 5.1.6

types of, 5.1.4

use of template objects in, 6.3

using the workflow applet, 5.3

viewing workflow panel settings, 5.8.6

who initiates, 5.1.1

write permission, 4.4