Index
A B C D E F H I K L M N O P R S T U W X
A
- Access Manager domain
-
- adding, 6.5.11
- account linking, 1.1.3
- administration console, 6.2
-
- server configuration tab, 6.3.1
- administrator password, 5.1.4
- affiliation descriptor, 6.3.8.1
- affiliations, 1.2.5, 6.3.8.1
-
- configuring, 6.3.8.3
- display, 6.3.8.5
- runtime behavior, 6.3.8.4, 7.2
- anonymous user, 6.3.3.4, 7.4
- architecture
-
- typical deployment, 2.6.2
- architecture considerations, 2.6.1
- assertion profile
-
- adding, 6.5.5
- Assertion Validity, 6.3.4.1, 6.3.4.3
- assertion validity, 6.3.3.1, 6.3.4.6
- AssertionIDRequest, 7.13
- attribute mapping, 6.8
-
- configuring, 6.8.2
- attribute name mapping, 6.8.1.1
- Attribute Requester Service interface, 6.7.4
- attribute responder, 6.3.4.6
- attribute sharing
-
- components, 6.6.1
- attribute value filtering, 6.8.1.3
- attribute value mapping, 6.8.1.2
- Authentication Engine, 4.2.6.1.1
- authentication modes, 2.3.1
- AuthnQuery, 7.12
- auto account linking, 6.3.4.6
B
- bilateral authentication, 2.2.2.3
- binding parameters, 6.3.4.1, 6.3.4.3, 6.3.4.6
- bindings
-
- HTTP Artifact, 1.2.4.2
- HTTP POST, 1.2.4.1
- HTTP redirect, 1.2.4.4
- bulk load utility, 9.2.1
-
- example, 9.2.1.4
- syntax, 9.2.1.4
C
- certificate
-
- self-signed
-
- exporting to SP, 7.3
- certificate repository, 2.1.4.3
- certificate validation, 2.1.4.3
- certificates
-
- and trust, 5.1.1.1
- certification matrix, 1.2.8
- Circle of Trust, 1.1.3
-
- and metadata signing support, 6.3.7.1.1
- configuring, 5.2.1
- command-line tools, 9.2
-
- basic auth, 6.11.2.2
- bulk federation, 9.2.1
- change transient data store, 9.2.2
- delete federation records, 9.2.4
- common domain parameters, 6.3.3.1, 6.3.3.4
- configuration assistants, 9.1
- Configuration Settings
-
- and metadata, 6.1.1
- configuring
-
- Access Manager access policy, 6.6.4.3
- Access Manager plugins, 6.6.3
- Access Manager schemes and policies, 6.6.4
- as an IdP attribute responder, 6.6.6
- as SP attribute requester, 6.6.5
- assertion profiles, 6.5.4
- attribute sharing, 6.6
- attribute sharing authentication, 6.6.4.1
- attribute sharing authorization, 6.6.4.2
- Attributes in SSO Assertions, 7.5.4
- audits and logs, 6.5.3
- certificate store, 6.5.1
- certificate validation store, 6.3.9
- circle of trust, 6.3.7
- connections, 9.3.1
- COT trusted provider, 6.3.7.2
- COT trusted provider attributes, 6.3.7.3
- COT trusted provider NameID formats, 6.3.7.6
- destination mappings, 6.5.8
- domains, 6.5.9
- F5 load balancer, 9.5
- federation data store, 6.4.1
- federation users, 5.2.3
- federations for a provider, 5.2.2
- federations for a user, 5.2.4
- global IdP properties, 6.3.3.1, 6.3.4.1, 6.3.4.6
- global server properties, 6.3.3
- global SP properties, 6.3.3.4, 6.3.5.1
- identity federations, 5.2
- IdM data stores, 6.4
- Liberty 1.1
-
- IdP profiles, 6.3.4.2
- SP properties, 6.3.5.1
- Liberty 1.1 IdP properties, 6.3.4.1
- Liberty 1.2
-
- IdP NameID formats, 6.3.4.5
- IdP properties, 6.3.4.3
- Liberty 1.2 IdP profiles, 6.3.4.4
- Liberty 1.2 SP profiles, 6.3.5.4
- Liberty 1.2 SP properties, 6.3.5.3
- MyDomain, 6.5.10
- Name ID Formats, 7.5
- Name ID formats for specific provider, 7.5.3
- protocol-specific IdP properties, 6.3.4
- protocol-specific SP properties, 6.3.5
- SAML 1.x properties, 6.5
- SAML 2.0
-
- IdP properties, 6.3.4.6
- SAML 2.0 IdP profiles, 6.3.4.7
- SAML 2.0 SP attribute requester, 6.3.6
- SAML 2.0 SP NameID formats, 6.3.5.7
- SAML 2.0 SP profiles, 6.3.5.6
- SAML 2.0 SP properties, 6.3.5.5
- server, 6.3
- server configuration tab, 6.3.1
- server properties, 6.3.2
- SSL, 6.6.7, 6.10
- trusted providers, 5.2.1
- user data store, 6.4.2
- WebGate, 4.2.8
- connection limits, 9.3.1
- Cookie Lifetime, 6.3.3.1
- Creating a custom authentication engine, 4.2.6.2
- creating a custom SP Integration Engine, 4.2.6.3
- Cryptographic Provider, 1.2.6
- custom IAM, 4.2.6
D
- data store
-
- eTrust SiteMinder, 4.2.3.4
- IBM TDS, 4.2.5
- deconfig tool, 5.4.3
- default IdP, 6.3.3.4
-
- removing from CoT, 6.3.7.1
- deinstallation, 5.4
- deployment
-
- architecture, 2.1
- profiles and bindings, 2.2
- protocols, 2.1.5
- proxy server, 2.1.3
- security, 2.1.4
- server roles, 2.1.1
- topology, 2.1.2
- deployment planning, 5.1.1.1
- deprovisioning, 6.1.2
- Descriptor Validity, 6.3.3.1, 6.3.3.4
- destination domain, 1.1.3
- destination mappings, 6.5.7
-
- modifying, 6.5.8
- Documentation Updates, Preface
- domain, 1.1.3
E
- encryption key, 6.5.2
- encryption parameters, 6.3.4.6
- eTrust SiteMinder
-
- deploying as data store, 4.2.3
F
- F5 load balancer
-
- configuring, 9.5
- federated identity management, 1.1.1
-
- account linking, 1.1.3
- benefits, 1.1.1
- concepts, 1.1.3
- event flow, 1.2.7
- evolution, 1.1.4.2
- use cases, 1.1.2
- federation data
-
- deleting, 5.3.4
- federation data store, 2.4.1
-
- changing, 5.3.1
- connection example, 4.2.1
- federation profiles, 1.2.4
-
- artifact, 1.2.4.2
- federation termination, 1.2.4.8
- global logout, 1.2.4.9
- name identifier, 1.2.4.5
- federation protocols, 1.1.4
- federation record
-
- structure, 6.1.2
- uniqueness, 6.1.2
- federation termination, 6.3.4.1, 6.3.4.3, 6.3.4.6, 6.3.5.1
-
- profiles, 1.2.4.8
- federations for provider
-
- configuring, 5.2.2
- Force SSL, 6.3.2
- forcing reauthentication
-
- not supported with Oracle Single Sign-On, 4.2.1
H
- high availability, 2.6.1.6, 9.4
- HTTP Basic Authentication, 2.3.6, 6.11.2
- HTTP basic authentication, 4.2.7
- HTTPS mode, 6.3.2
I
- IBM TDS
-
- as data store, 4.2.5
- Identity Federation Engine, 4.2.6.1.1
- identity federations
-
- configuring, 5.2
- identity management
-
- challenges, 1.1.1
- federated, 1.1.1
- identity provider, 1.1.3
-
- selecting at run-time, 6.3.3.4
- IdMBridge, 1.2.2
- IdP
-
- Liberty 1.1, 6.3.4.1
- Liberty 1.2, 6.3.4.3
- IdP mode
-
- protocols, 6.3.3.1
- signed messages, 6.3.3.1
- implementation checklist, 2.7
- Infrastructure
-
- changing, 3.6.1
- installation
-
- advanced, 3.4
- basic, 3.3, 3.3
- overview, 3.2
- ports, 3.3
- prerequisites, 3.1
K
- keystore, 5.1.1.1
L
- LD_ASSUME_KERNEL, A.1.4.3
- Liberty 1.1
-
- IdP profiles, 6.3.4.2
- SP properties, 6.3.5.1
- Liberty 1.2
-
- IdP profiles, 6.3.4.3, 6.3.4.4
- IdP properties, 6.3.4.3
- Liberty Alliance, 1.1.4
- Liberty ID-FF, 1.1.4
-
- 1.1, 1.1.4.4
- 1.2, 1.1.4.5
- Liberty protocol, 1.1.3
- load balancer, 9.5
-
- and monitoring console, 9.5.2
- and SAML 1.x, 9.5.1
- and WS-Federation, 9.5.1
- log files, 5.1.5
- logout
-
- non-fail-on-error for Liberty 1.x /SAML 2.0, 7.10.1
- status, 7.11
- logout service, 6.9
M
- message binding parameters, 6.3.3.1, 6.3.3.4
- Metadata, 6.1.1
-
- properties that affect, 6.1.1
- protocol URLs, 6.1.1
- re-publishing, 6.1.1
- metadata, 5.1.1.1
-
- affected properties, 6.1.1
- Metadata Signing Support, 6.3.7.1.1
- metrics, 8.1.1
- Microsoft Active Directory Federation Services, 7.9
-
- configuring as IdP, 7.9.2
- configuring as SP, 7.9.3
- monitoring
-
- components, 8.1.2
- data flow, 8.1.3
- features, 8.1
- IdP statistics, 8.2.3
- SP statistics, 8.2.7
- Monitoring Agent, 8.1.2
-
- home page, 8.2.2
- Monitoring Console, 8.2
-
- logging in, 8.2.1
- monitoring console, 8.2
- MyDomain, 6.5.10
N
- Name ID Formats, 7.5
- NameID formats
-
- determined by IdP, 7.6
- Liberty 1.2, 6.3.4.3
- Liberty 1.2 IdP, 6.3.4.5
- NameID registration, 6.3.4.1, 6.3.4.3
- New Features, Preface
- no-fail-on-error, 7.10.1
- Non-Oracle Identity Federation domain, 6.5.12
O
- OASIS, 1.1.4
- Oracle Access Manager
-
- authenticating with, 2.3.4
- changing instance, 5.3.5
- deleting policy objects, 5.3.6
- deploying with, 4.2.2
- Oracle HTTP Server
-
- as proxy server, 9.6
- Oracle HTTP Sever
-
- tuning, 9.3.3
- Oracle Identity Federation, 1.2
-
- administration console, 6.2
-
- logging in, 5.1.2
- architecture, 1.2.2
- benefits, 1.2.1
- installation requirements, 2.5
- log files, 5.1.5
- start and stop server, 5.1.3
- uninstallation, 5.4
- Oracle Single Sign-On
-
- authenticating with, 2.3.5
- deploying with, 4.2.1
- testing deployment, 4.2.1.1
P
- password
-
- administrator, changing, 5.1.4
- performance
-
- and assertion security, 2.6.1.4
- and connection tuning, 2.6.1.5
- and JDBC connection settings, 9.3.2
- and Oracle HTTP Server settings, 9.3.3
- and profiles, 2.6.1.1
- and repositories, 2.6.1.2
- and server tuning, 2.6.1.7
- tuning, 2.6, 9.3
- PKI, 5.1.1.1
- principal, 1.1.3
- profiles
-
- artifact
-
- request processing, 2.2.2.1
- security, 2.2.2.3
- using, 2.2.2.1
- with proxy, 2.2.2.1
- attribute sharing, 1.2.4.6
-
- using, 2.2.2.4
- choosing, 2.2.2
- federation termination, 1.2.4.8
- HTTP redirect, 1.2.4.4
- logout, 1.2.4.9
- passive requester, 1.2.4.7
- POST, 1.2.4.1
-
- request processing, 2.2.2.2
- security, 2.2.2.3
- using, 2.2.2.2
- with proxy, 2.2.2.2
- WS-Federation
-
- using, 2.2.2.5
- Provider ID, 6.3.3.4
- proxy server
-
- and Oracle Access Manager, 9.6
- and Oracle Single Sign-On, 9.6, 9.6
- setting up, 9.6
R
- reassociation, 3.6.1, 5.3
- reauthentication, 6.3.3.1, 6.3.4.3, 6.3.4.6
-
- forcing not supported for Oracle Single Sign-On, 4.2.1
- redundant LDAP servers, 9.4.3.1
- reference footprint, 2.6.3
- reinstallation, 5.4.6
- requireSSLCert, 6.10.4
S
- SAML, 1.1.4
-
- assertions, 1.1.4.1
- authentication example, 1.1.4.6
- profiles, 1.1.4.1
- protocol bindings, 1.1.4.1
- request and response cycle, 1.1.4.1
- request-response cycle, 1.1.4.1
- SAML 1.x
-
- service URLs, 6.5.13
- SAML 2.0, 1.1.4.6
-
- auto account linking, 6.3.4.6
- binding parameters, 6.3.4.6
- encryption parameters, 6.3.4.6
- IdP NameID formats, 6.3.4.8
- IdP profiles, 6.3.4.6, 6.3.4.7
- IdP properties, 6.3.4.6, 6.3.4.6
- NameID formats, 6.3.4.6
- timeout parameters, 6.3.4.6
- SAML 2.0 Assertion ID Request, 7.13
- SAML 2.0 Authentication Query Response, 7.12
- SAML attribute sharing profile, 6.6
- SAML security considerations, 2.2.2.3
- security considerations, 2.2.2.3
- Server Clock Drift, 6.3.3.1, 6.3.3.4, 6.3.4.1, 6.3.4.3, 6.3.4.6
- Server Hostname, 6.3.2
- Server Port, 6.3.2
- service provider, 1.1.3
- service URLs, 6.5.13
- session
-
- active period, 6.3.2
- Session Data Cleanup Interval, 6.3.2
- Session Timeout, 6.3.2
- single sign-on, 1.1
- sizing guidelines, 2.6
- SmartMarks, 6.5.10
- SOAP Port, 6.3.2
- SOAP port
-
- protecting, 6.10.4
- SOAP URL
-
- and HTTP basic authentication, 6.11.2.1
- connecting to a protected, 6.11.2.2
- SP
-
- Liberty 1.1, 6.3.5.1
- SP mode
-
- protocols, 6.3.3.4
- signed messages, 6.3.3.4
- SP-initiated IdP discovery, 6.5.10
- SSL
-
- and attribute requesters, 6.6.3
- and PKI, 5.1.1.1
- certificate authentication, 6.10.3
- configuring for server, 3.4.1, 6.10
- connections to remote providers, 6.10.1
- enabling for server, 6.3.2
- SSL Client Authentication, 6.11.1
- SSL servers
-
- authenticating to, 6.10.2
- configuring on Oracle Identity Federation, 6.10.3
- connecting to, 6.10.1
- staticports.ini, 3.4
- Sun Java System Web Server
-
- deploying Oracle Identity Federation with, 4.2.4
- Supported Standards and Applications, 1.2.8
T
- Terminology Changes, Preface
- timeout parameters, 6.3.3.1, 6.3.4.1, 6.3.4.6
- timeout properties, 6.3.4.3
- topology, 2.6.4
- transient data store, 2.4.3
-
- RDBMS
-
- changing, 5.3.3
- JDBC connection settings, 9.3.2
- sharing RDBMS, 3.4
- transient/one-time identifier, 7.4
- troubleshooting
-
- 404 error, A.1.6.1
- AccessGate permission error, A.1.4.1
- back-ends with same cookie domain, A.1.4.4
- bookmarked login page, A.1.3.2
- bookmarked resource, A.1.6.3
- changed IdP, A.1.6.2
- crash with Oracle Access Manager back-end, A.1.4.3
- file descriptor error, A.1.5.1
- incorrect login page, A.1.3.1
- LD_ASSUME_KERNEL, A.1.4.3
- logout displays last page visited, A.1.2.5
- No JSESSIONID cookie error, A.1.2.6
- non-ASCII AccessGate ID, A.1.4.2
- Operating System configuration, A.1.5
- Oracle Access Manager configuration, A.1.4
- Oracle Identity Federation configuration, A.1.2
- Oracle Single Sign-On configuration, A.1.3
- reissue SAML 1.x URL after timeout, A.1.3.3
- runtime SSO issues, A.1.6
- search fails against Microsoft Active Directory, A.1.5.2
- unable to log into console, A.1.7.1
- unknown requester error, A.1.2.4
U
- uninstall tool, 9.2.3
- Unknown Conditions, 6.3.3.4
- unsolicited relay state, 6.3.7.2
- User Consent, 6.3.3.1, 6.3.3.4
-
- example, 6.3.3.4, 6.3.7.2
- example page, 6.3.3.1
- user data store, 2.4.2
-
- changing, 5.3.2
- connection data, 2.4.2
- connection example, 4.2.1
- user records
-
- basic data, 6.1.2
- deprovisioning, 6.1.2
- federation data, 6.1.2
- synchronizing, 6.1.2
- users, 5.2.3
W
- WebGate
-
- integration, 4.2.8
- WSDL
-
- Attribute Requester Service, 6.7.4
- WS-Federation, 1.1.4.7
-
- service URLs, 6.5.13
X
- X.509 certificates, 5.1.1.1