Index

A B C D E F G H I J L M N O P R S T U V W X

A

About

Daylight Savings Time, 7.4

access

policies, 1.6.2

Access Manager API, 1.4.8

Access Manager SDK

formerly named Access Server SDK, Preface

access policy data, 9.2

Access Server

automatic cache flush, 5.6.2

failover, 4.4

failover to directory server, 4.8.2

load balancing, 4.1

manual cache flush, 5.6.3

primary, 2.3.1

recommendation, 2.3.1

recommendations, 1.4.3, 2.3.3.1

secondary, 2.3.1

WebGate ratio, 2.3.3.2

Access Server cluster, 4.2.2

Access Server SDK

now named Access Manager SDK, Preface

Access System

caches, 5.5

capacity planning, 2.3.3

recommendations, 1.6

tuning group evaluation, 3.6.6

AccessGate, 4.2.2

cache, 5.5.4

AccessGates, 1.4.8, 1.4.8

account lockout test case, 2.8.1.4

Active Directory

tuning, 3.1.14

administrative access

schema operations, 1.7.1

administrator

class, 1.6.2

AppDBfailover.xml, 4.8.2

application

tier, 1.1

timeouts, 1.4.7

attacks

cookie reply, 1.6.1

audit

data, 1.4.6

data recommendations, 1.4.6

reports, 1.4.6

audit trails, 1.4.6

authentication

form based, 1.6.5

scheme

default schemes, Preface

Authentication API, 1.4.8

authorization

filters, 1.6.2

rule, 1.6.2

Authorization API, 1.4.8

B

back up

after installing, 9.3.2

after upgrading, 9.3.5

before installing, 9.3.1

before upgrading, 9.3.4

customizations, 9.3.3

LDAP directory instances, 9.3.1

back-end customizations, 1.4.8

backup

full, 9.3

recommendations, 9.2

strategies, 9.1

baseline

performance data test cases, 2.8

performance test, 2.4.4

ratios, 2.4.4

throughput numbers, 2.4.4, 2.7

benchmark analysis, 1.4.9

best practices, 1.8

bundle patch release number, 1.7.1

C

cache

Access Server user cache, 5.6.1

AccessGate, 5.5.4

automatic flush, 5.6.2

configuration with replicated directories, 5.5.3

credential mapping, 5.6.4

definition, 5

flush events, 5.3

flush interval, 3.1.13

group objects, 5.4.2.1

LDAP, 2.6.1

manual flush, 5.6.3, 5.6.3.2

OSD, 5.4.1.1

password, 3.6.1

policy, 2.3.3.1, 5.5.2.1

settings, 1.4.9, 3.1.12

size, 3.1.12

size and life span, 1.4.5

timeout, 5.2.2, 5.5.3.1

timeout and size, 1.7.1

update, 5.5.2

user, 5.5.2.2

user and group caches, 2.3.3.1

user ID, 3.4.4

user, ObSyncRecord, 3.1.13

workflow definition, 3.5.1

cache flush

load balancing, 4.1.1

caches

Access System, 5.5

WebGate, 1.6.4

caching

user credentials, 2.3.3.1

Calculating

Maximum Elements in a Policy Cache, 3.7.1.1

Maximum Elements in the User Cache, 3.7.2.2

Memory Requirements for the Policy Cache Elements, 3.7.1.2

Memory Requirements for User Caches, 3.7.2.3

Policy Cache Timeout, 3.7.1.3

User Cache Timeout, 3.7.2.1

capacity planning, 2

Access System, 2.3.3

catalogs

message, 9.2

parameter, 9.2

D

data

access policy, 9.2

configuration, 9.2

group, 9.2

user, 9.2

workflow, 9.2

data tier, 1.1

daylight savings time, 7.4

default

style, 1.5.1

deliverables

planning, 1.7.1

DenyOnNotProtected flag, 1.6.4

deploying

WebGates on reverse proxies, 1.6.3

deployment

categories, 1.3

category, 1.7.1

cross-over, 1.4.3

extranet, 1.3.1

general recommendations, 1.4

guidelines, 1.8

intranet, 1.3.2

intranet versus extranet, 1.7.1

large scale, 2.5

mid-sized, 2.5

planning, 1.7

planning overview, 1.7

scenarios, 1.2, 1.2, 1.7.1

scenarios, impact on performance, 2.3.3.1

small scale, 2.5

standardization, 1.7.1

type, 1.1, 1.7.1

deployment changes

cache timeout and size, 1.7.1

E

encrypted password, 4.8.1

estimate

number of users, 2.2.2

events

cache flush, 5.3

Extensible Markup Language, 1.5.1

Extensible Style Language, 1.5.1

extranet

deployment, 1.3.1, 1.7.1

F

failover, 1.2, 4.4, 4.5, 4.9

based on number of LDAP connections, 4.9

based on timeouts

guidelines, 4.10.1

configuration data, 4.5, 4.8.1

directory servers, 4.5

heartbeat_enabled parameter, 4.9

heartbeat_ldap_connection_timeout_in_millis parameter, 4.9

LDAPOperationTimeout, 4.10

of WebGate to another Access Server, 4.6

of WebPass to another Identity Server, 4.6

policy data, 4.5, 4.8, 4.8.2

polling interval, 4.9

requirements, 2.5.1

settings recommended by Oracle, 4.9

Sleep For (Seconds) parameter, 4.9

Sleep For interval, 4.9

Time Limit, 4.10

user data, 4.7

when directory server response is slow, 4.10

Failover Threshold, 4.6, 4.7

file

misc.js, 1.5.1

files

configuration, 9.2

flush

Access Server caches automatically, 5.6.2

Access Server caches manually, 5.6.3

policy cache manually, 5.6.3.2

footprint

reference server, 2.5

form-based authentication, 1.6.5

full backup, 9.3

G

globalparams.xml, 4.9

GMT, 2.2.1.2

Greenwich Mean Time, see also GMT, 2.2.1.2

group

data, 9.2

dynamic, 1.6.2

management, 1.6.2

group cache, 2.3.3.1

Group Manager

tuning, 3.4.3

group membership, 3.6.6

group object class

changing, 6.1

groups, 3.6.6

excluding member roles, 3.4.2.2

expanding automatically, 3.4.1.1

nested, 3.4.1.3

nested group evaluation, 3.4.1.3

performance of, 3.4.1.1, 3.6.6.1

tuning the Group Manager, 3.4.3

growth

system usage, 2.2.2

guidelines

deployment, 1.8

H

hardware

large deployments, 2.5.2

small to mid-size deployments, 2.5.1

heartbeat, 4.9

heartbeat_enabled parameter, 4.9

heartbeat_ldap_connection_timeout_in_millis parameter, 4.9

historical data, 2.2

I

Identity Event API, 1.4.8

Identity Server

failover, 4.4

load balancing, 4.1

primary, 2.3.1

recommendation, 2.3.1

recommendations, 1.4.3

recycle instance name, 1.5.2

secondary, 2.3.1

Identity System

deployment, 1.1

performance, 3.4

pooling, 3.3.3

pooling Identity Servers, 3.3.3

recommendations, 1.5

style sheets, tuning, 3.3.4

tuning search, 3.3.1

IdentityXML, 1.4.8, 3.4.1.3

Initial Connections, 4.2, 4.3.3

installation, Preface

preparation worksheets, 1.7.1

integrated baseline performance test case, 2.8.3

integration with third-party products, Preface

intranet

deployment, 1.3.2, 1.7.1

intranet versus extranet deployment, 1.7.1

IP addresses

reverse proxy, 1.6.3

IP validation, 1.6.1, 1.6.3

J

JavaScript code, 1.5.1

joint Identity and Access System deployment, 1.1

L

large scale deployment, 2.5

hardware, 2.5.2

LDAP

directory considerations, 2.6

directory recommendations, 1.4.5

directory server, 1.4.5

LDAP bind password

changing, 6.3

LDAP cache, 2.6.1

LDAP data

load balancing, 4.1.1

LDAP directory

and cache size, 1.4.5

server requirements, large deployments, 2.6.2

server requirements, small to medium deployments, 2.6.1

LDAP replica, 2.6

LDAP replication

load balancing, 4.1.1

LDAP tools

LDAPMODIFY, 3.2.2

LDAPSEARCH, 3.2.1.1

view LDIFs, 3.2.1

LDAPOperationTimeout parameter, 4.10

library files, 9.2

load

balancing, 1.2

combined, 2.3.1

test, 1.4.9

load balancing, 4.1

configuration data, 4.3.2

directory servers, 4.3

policy data, 4.3.2, 4.3.2

user data, 4.3.1

loginNavi test case, 2.8.2.2

lost password test case, 2.8.1.2

M

management

groups, 1.6.2

Maximum Active Servers, 4.3.1, 4.3.2, 4.3.2

Maximum Connections, 4.2, 4.3.2, 4.3.2, 4.3.3

medium-sized deployment, 2.5

memory sizing

LDAP server, 2.6

meta-data

load balancing, 4.1.1

misc.js file, 1.5.1

multi-mastered directories, 4.1.1

N

name changes, Preface

names, new, Preface

nested groups, 3.6.6.3

NetPoint

now named Oracle Access Manager, Preface

NetPoint SAML Services

now named Oracle Identity Federation, Preface

network traffic, 2.2

O

ObCredValidationByAS, 3.6.1.1

obencrypt tool, 4.8.1

oblix tree, 9.1, 9.2, 9.3

ObMyGroup, 3.6.6.4

Oracle Access Manager

formerly NetPoint or COREid, Preface

integration with third-party products, Preface

Oracle Application Server Best Practices Guide, 1.8

Oracle Identity Federation, Preface

formerly SHAREid, Preface

Oracle Internet Directory

load balancing, 4.1.1

overview

deployment planning, 1.7

P

parameter catalogs, 9.2

password caching, 3.6.1

patch set release number, 1.7.1

peak load, 2.1, 2.2.2

perfomance tuning

group evaluation in the Access System, 3.6.6

performance

access control policies for groups, 3.4.2.2

and cache settings, 1.4.9

and Identity System style sheets, 3.3.4

baseline test cases, 2.8

directory server profile tuning, 3.3.1.3

LDAP search, tuning, 3.3.1, 3.3.1.3

ObMyGroup configuration, 3.6.6.4

ObMyGroups evaluation, 3.6.6.5

of dynamic vs static groups, 3.4.1.1, 3.6.6.1

of nested groups, 3.6.6.3

of the Identity System, 3.4

restricting the operators used in a search, 3.3.1.1

test, baseline, 2.4.4

thread-safe applications, 3.3.2

tuning My Groups pages, 3.4.3.1

tuning the Group Manager, 3.4.3

WebGate impact on Web server, 2.3.3.3

performance tuning

Access Server

reducing instability, 3.6.4

Access Server password validation, 3.6.1

Access System, 3.6

AccessGates, 3.6.5

administrator permissions, 3.1.7

applying search constraints, 3.1.9

archiving workflows, 3.1.6

authorization queries, 3.6.3

cache settings, 3.1.12

cache, number of elements, 3.7.5

caches, 3.7

deleting workflows, 3.1.6

directory connection pool size, 3.1.2

directory content, changing, 3.1.11

directory performance, 3.1.1

directory-to-Access Server connections, 3.1.5

for Active Directory, 3.1.14

group authorization, 3.6.6

Group Expansion Page, 3.4.3.3

Group Manager, 3.4.3

groups

dynamic versus static, 3.4.1.1

large static groups, 3.4.2

groups in the Access System, 3.6.6

Identity Server file system, 3.3.4

Identity Server virtual address space, 3.3.5

Identity System groups, 3.4

Identity System search, 3.3.1

Identity System tuning, 3.3

Identity System-to-directory connections, 3.1.10

indexing attributes, 3.1.4

Internal DBAgent Cache, 3.7.6

LDAP tools for, 3.2

LDAPMODIFY, 3.2.2

My Groups Page, 3.4.3.1

network tuning, 3.8

ObMyGroups, 3.6.6

passwords, 3.9.3

plug-ins, 3.9.4

resource-intensive operations, 3.9

searchbase configuration, 3.1.8

storing of workflow tickets, 3.1.3

threads and queues, 3.6.2

URL prefix cache, 3.7.3

user cache, 3.7.2

user ID cache, 3.4.4

View Members Page, 3.4.3.2

WebGate cache, 3.7.4

workflows, 3.5

person object class

changing, 6.1

pitfall, 1.6.3

planning, 1.7

considerations for extranet and intranet deployments, 1.3

deliverables, 1.7.1

overview, 1.7

plug-ins, 1.4.8, 1.4.8

performance of, 3.3.2

policies

access, 1.6.2

protect all documents on a Web server, 1.6.4

policy cache, 2.3.3.1, 5.5.2.1

manual flush, 5.6.3.2

policy data, 4.3

failover, 4.5, 4.8, 4.8.2

load balancing, 4.1.1, 4.3.2

policy domain

default, Preface

Policy Manager, 1.6.3

failover, 4.4

Policy Manager API, Preface

policy tree, 4.3

polling interval, 4.9

preparation

installation worksheets, 1.7.1

presentation

tier, 1.1

PresentationXML, 1.4.8, 1.5.1, 1.5.1

primary

Access Server, 2.3.1

Identity Server, 2.3.1

primary versus secondary servers, 4.4.1

Procedure

Backing up

To back up critical details after installation, 9.3.2

To back up critical information before installing Oracle Access Manager, 9.3.1

To back up customizations, 9.3.3

Certification details, 1.4

Connection pooling

To adjust directory connection pooling from the directory profile, 4.3.3

To adjust directory connection pooling using the ConfigureAAAServer tool, 4.3.3

Credential Mapping Cache

To set the obEnableCredentialCache parameter, 5.6.4

Failover

To add a failover directory server using the ConfigureAAAServer tool, 4.8.2

To configure Access Server failover for configuration and policy data, 4.8.2

To configure directory failover for user data, 4.7

To configure failover for Web component requests, 4.6

To configure Identity Server directory failover for configuration data, 4.8.1

To configure Policy Manager failover, 4.8.2

To create failover.xml, 4.8.1

To create the encrypted password for the bind DN, 4.8.1

Group Cache

To configure group cache parameters, 5.4.2.1

Load balancing

To configure load balancing for user data, 4.3.1

To configure simple round-robin load balancing, 4.2.1

To configure weighted round-robin load balancing of Web component requests, 4.2.2

MetaLink

To locate knowledge base articles on MetaLink, 7.4

Peak Load

To base your estimate on the peak load for the deployment, 2.2.1.1

To estimate the peak load based on the number of logged-in users, 2.2.1.2

Recovery

To recovery critical information after installing Oracle Access Manager, 9.4.1

Sizing

To determine the load and sizing for Access and Identity Servers, 2.4.4

To avoid creating tickets for every workflow step, 3.1.3.1

To change the number of request queues, 3.6.2.3

To configure the amount of time to wait for a response before failing over, 4.10.2

To delete or archive a workflow, 3.1.6

To eliminate greater than and less than search operations, 3.3.1.1

To increase the connection pool size for user data, 3.1.2.2

To modify results for a policy or policy domain name search, 3.1.11.1

To modify the evaluation of a large static group, 3.4.2.3

To reconfigure the TurnOffNewAlgorithmForObmyGroups parameter, 3.6.6.5

To require the user to enter a minimum number of characters in a search field, 3.3.1.2

To restrict the number of entries returned on a search, 3.3.1.3

To set a minimum number of search characters, 3.1.4.5

To set the GroupCacheMaxElement, 3.6.6.6.2

To set the GroupCacheTimeout, 3.6.6.6.1

To set the polling interval in the Access System, 4.9

To set the polling interval in the Identity System, 4.9

To set the time limit for establishing a connnection to the directory, 4.9

To test for the optimal LDAPOperationTimeout value, 4.10.3

To tune the number of user entries in the user information cache, 3.4.4

To tune the performance of the My Groups page, 3.4.3.1

To turn off dynamic group evaluation for the Access System, 3.6.6.2

To turn off dynamic group evaluation for the Identity Server, 3.4.1.2

To turn off dynamic group evaluation in the Identity System, 3.4.1.2

To turn off nested group evaluation for the Access System, 3.6.6.3

To turn off nested group evaluation for the Identity Server, 3.4.1.3

To turn off nested group evaluation within the Identity System, 3.4.1.3

To turn the heartbeat mechanism on or off, 4.9

To use gsc_myprofile_simple.xsl, 3.4.3.1

Process overview

When using Access Server password validation, 3.6.1

projections, 2.2

protect

all documents on a Web server, 1.6.4

proxy, 1.6.3

pitfall, 1.6.3

processes, 1.6.3

servers, 1.6.3

R

ratio

Access Servers to WebGates, 2.3.3.2

recommendation

Access Server, 2.3.1, 2.3.3.1

Identity Server, 2.3.1

recommendations

Access Server, 1.4.3

Access System, 1.6

back up, 9.2

general, 1.4

Identity Server, 1.4.3

Identity System, 1.5

LDAP directory, 1.4.5

security, 1.4.1

standardization, 1.4.2

upgrading customizations and plug-ins, 1.4.8

Web server, 1.4.4

recovery, 9.4.2

strategies, 9.1, 9.1, 9.4.2

recycle

Identity Server instance name, 1.5.2

reference server footprint, 2.5

referential integrity, 4.3

replica

LDAP Directory, 2.6

replicated directory, 1.2

requests per second, 2.2.2

requirements

failover, 2.5.1

restore

LDAP directory instances, 9.4.1

re-use

Identity Server instance name, 1.5.2

reverse proxy, 1.6.1

pitfall, 1.6.3

topology, 1.6.1

WebGates, 1.6.3

revert changes, 9.1

roll back

changes, 9.1

round robin configuration

load balancing, 4.1.1

round-robin

load balancing, 4.3

round-robin configuration

load balancing, 4.2.1

S

sample deployment

medium to large scale, 2.7

sample failover.xml, 4.8.1

sample_failover.xml template, 4.8.1

Sarbanes-Oxley, 6.3

scale out, 2.4.2

scale up, 2.4.1

scaleability characteristics, 2.1

scenario

deployment, 1.7.1

scenarios

deployment, 1.2

schema, 9.2

schema operations

administrative access, 1.7.1

guidelines for tuning, 3.3.1

limiting the number of entries returned on a search, 3.3.1.3

search bar, tuning, 3.3.1.1

setting the minimum number of characters, 3.3.1.2

tuning, 3.3.1.2

secondary

Access Server, 2.3.1

Identity Server, 2.3.1

secure cookies, 1.6.1

security

recommendations, 1.4.1

risk

WebGate IP validation off, 1.6.3

self registration test case, 2.8.1.1

server

capacity, 2.3.1

sizing, 2.2

sizing, small to mid-sized deployment, 2.5.1

utilization, 2.3.1

service thread, 4.3.3

settings

cache, 3.1.12

setup

re-running, 6.2

SHAREid

now named Oracle Identity Federation, Preface

single idle timeout, 1.4.7

single sign-on

Web server SSL, 1.6.1

sizing, 2.1

LDAP disk space, 2.6

LDAP server memory, 2.6

Sleep For, 4.7

Sleep For (Seconds) parameter, 4.9

Sleep For Interval, 4.6

Sleep For interval, 4.9

small scale deployment, 2.5

Software developer kit (SDK), 9.2

SSL

Web server, 1.6.1

standard deviation, 2.2.1.2

standardization, 1.4.2

deployment, 1.7.1

stateless system, 2.2

strategies, 9.4.2

backup, 9.1

recovery, 9.1

style, 1.4.8

default, 1.5.1

style sheets, 3.3.4

style0, 1.5.1

stylesheets, 1.5.1, 9.2

support information, 1.4

system

capacity requirements, 2.2.1.1

configuration

impact on performance, 2.3.3.1

usage growth, 2.2.2

system load, 2.1

system reconfiguration, 6

T

Task overview

Configuring directory failover for configuration and policy data, 4.8

Configuring Identity Server failover for Configuration data, 4.8.1

Developing your planning deliverables, 1.7.1

Planning for the upgrade, 1.7

test cases

baseline performance data, 2.8

third-party products, Preface

thread safe applications, 3.3.2

throughput

numbers, baseline, 2.4.4

ratio tests, 2.4.3

tier

application, 1.1

data, 1.1

presentation, 1.1

Time Limit parameter, 4.10

time management, 7.4

timeout

application, 1.4.7

Timeout Threshold, 4.6

topology, 1.6.1

total maximum users, 2.2.2

transaction throughput, 2.2

transactions-per-second, 2.2.2

type

deployment, 1.7.1

U

UidInfoCache.maxNumElems, 3.4.4

unauthorized clients, 1.6.1

Universal Time Coordinated, see also UTC, 2.2.1.2

Update Cache, 5.5.2

upgrade, 8

upgrading, 1.4.8

back up after, 9.3.5

back up before, 9.3.4

URL Prefix Reload Period field, 3.7.3, 3.7.3

user

data, 9.2

user cache, 2.3.3.1, 5.5.2.2

Access Server, 5.6.1

user credential caching, 2.3.3.1

user data, 4.5

failover, 4.5, 4.7

load balancing, 4.1.1, 4.3.1

users

estimate the number of, 2.2.2

total maximum, 2.2.2

UTC, 2.2.1.2

utilization, 2.3.1

V

viewGroupMembers, 3.4.1.3

virtual hosts intercept requests sent to reverse proxy, 1.6.3

W

Web components

load balancing, 4.2

Web server

performance due to WebGate, 2.3.3.3

recommendations, 1.4.4

SSL and single sing-on, 1.6.1

Web server configuration, 9.2

WebGate

Access Server ratio, 2.3.3.2

failover, 4.4, 4.6

impact on Web server performance, 2.3.3.3

load balancing, 4.1

WebPass

failover, 4.4, 4.6

load balancing, 4.1, 4.2.1

WebResrcDBfailoverxml, 4.8.2

weighted round-robin

load balancing, 4.2.2

WfDefCacheMaxNoOfElements, 3.5.1

WfDefMaxNumStepDefFiltersPerSearch, 3.5.1

workflow data, 9.2

workflow definition cache, 3.5.1

worksheets

installation, 1.7.1

World Time, see also GMT, 2.2.1.2

X

XML files, 4.3

XMLSpy, 1.5.1

XSL programming, 1.5.1