What's New in Oracle Access Manager

This section describes new features of the Oracle Access Manager release 10.1.4. This includes details for 10g (10.1.4.0.1), 10g (10.1.4.2.0), and 10g (10.1.4.3).

The following sections are included:

• Product and Component Name Changes

• Enhancements Available in 10g (10.1.4.3)

• Updates to Specific Chapters with 10g (10.1.4.2.0)

• New Features in Oracle Access Manager 10g (10.1.4.0.1)

Note: For a comprehensive list of all new features and functions in Oracle Access Manager 10.1.4, and a description of where each is documented, see the chapter on what's new in the Oracle Access Manager Introduction.

Product and Component Name Changes

The original product name, Oblix NetPoint, has changed to Oracle Access Manager. Most component names remain the same. However, there are several important changes that you should know about, as shown in the following table:

Item	Was	Is
Product Name	Oblix NetPoint Oracle COREid	Oracle Access Manager
Product Name	Oblix SHAREid NetPoint SAML Services	Oracle Identity Federation
Product Name	OctetString Virtual Directory Engine (VDE)	Oracle Virtual Directory
Product Name	BEA WebLogic Application Server BEA WebLogic Portal Server	Oracle WebLogic Server Oracle WebLogic Portal
Product Release	Oracle COREid 7.0.4	Also available as part of Oracle Application Server 10g Release 2 (10.1.2).
Directory Name	COREid Data Anywhere	Data Anywhere
Component Name	COREid Server	Identity Server
Component Name	Access Manager	Policy Manager
Console Name	COREid System Console	Identity System Console
Identity System Transport Security Protocol	NetPoint Identity Protocol	Oracle Identity Protocol
Access System Transport Protocol	NetPoint Access Protocol	Oracle Access Protocol
Administrator	NetPoint Administrator COREid Administrator	Master Administrator
Directory Tree	Oblix tree	Configuration tree
Data	Oblix data	Configuration data
Software Developer Kit	Access Server SDK ASDK	Access Manager SDK
API	Access Server API Access API	Access Manager API
API	Access Management API Access Manager API	Policy Manager API
Default Policy Domains	NetPoint Identity Domain COREid Identity Domain	Identity Domain
Default Policy Domains	NetPoint Access Manager COREid Access Manager	Access Domain
Default Authentication Schemes	NetPoint None Authentication COREid None Authentication	Anonymous
Default Authentication Schemes	NetPoint Basic Over LDAP COREid Basic Over LDAP	Oracle Access and Identity Basic Over LDAP
Default Authentication Schemes	NetPoint Basic Over LDAP for AD Forest COREid Basic Over LDAP for AD Forest	Oracle Access and Identity for AD Forest Basic Over LDAP
Access System Service	AM Service State Policy Manager API Support Mode	Access Management Service Note: Policy Manager API Support Mode and Access Management Service are used interchangeably.

All legacy references in the product or documentation should be understood to connote the new names.

Enhancements Available in 10g (10.1.4.3)

Included in this release are new enhancements and bug fixes for 10g (10.1.4.3) in addition to all fixes and enhancements from 10g (10.1.4.2.0) bundle patches through BP07. The following topics describe 10g (10.1.4.3) enhancements described in this book:

• 10g (10.1.4.3) Installers, Patches, Bundle Patches, and Newly Certified Agents

• Access Manager SDK Support for .NET

• Multi-Language Deployments and English Only Messages

• Native POSIX Thread Library (NPTL) for Linux

• Oracle Internet Directory

• Oracle Virtual Directory

• Platform Support

• Security-Enhanced Linux (SELinux)

• Troubleshooting Tip for Novell eDirectory Issue

• Troubleshooting Tip for Sun One Directory Server v5 with SSL Enabled

• Troubleshooting Tip for Sun Java Directory Server 6.0

• Troubleshooting Tip for Sun One Directory Server v6.3

See Also: Oracle Access Manager Introduction for a list of all new features and functions

10g (10.1.4.3) Installers, Patches, Bundle Patches, and Newly Certified Agents

New information is provided on Oracle Access Manager 10g (10.1.4.3) packages, as follows:

Installation Packages: 10g (10.1.4.3) component installers that you can use for a fresh installation only are delivered on media and Oracle Technology Network. However, you cannot use 10g (10.1.4.3) installers to upgrade an earlier Oracle Access Manager installation.

See Also: "Full Installers" "Obtaining the Latest Installers"

Patch Set Packages: A new topic has been added for patch sets. 10g (10.1.4.3) patch set packages will be provided on My Oracle Support (formerly MetaLink).

See Also: "Patch Sets" "Obtaining the Latest Patch Set"

Bundle Patches: A new topic has been added to explain bundle patches and their use.

See Also: "Bundle Patches" "Obtaining the Latest Bundle Patch"

Newly Certified Agents: A new topic has been added to explain newly certified agents and how to get these.

See Also: "Newly Certified Agent Packages" "Obtaining the Latest Certified Agent Packages"

Access Manager SDK Support for .NET

As in earlier releases, Oracle Access Manager 10g (10.1.4.3) provides an SDK for Windows that supports .NET Framework 1.1 and Microsoft Visual Studio 2002. The installer is available on Oracle Technology Network.

Additionally, a new SDK for Windows is available for AccessGate development. This new SDK provides .NET 2 support and uses Microsoft Development Environment (MSDE) 2005, including NET Framework 2 and MSDE Visual Studio 2005.

See Also: "Obtaining the Latest Installers"

Multi-Language Deployments and English Only Messages

Oracle Access Manager 10g (10.1.4.3) provides new Language Pack installers. 10g (10.1.4.3) Language Packs are required in any 10g (10.1.4.3) deployment, whether it is a fresh installation or an upgraded and patched deployment.

See Also: Multi-language environments in Chapter 2, "Preparing for Installation", under "General Guidelines" Chapter 3, "About Multi-Language Environments" Chapter 12, "Installing Language Packs Independently"

Messages added for minor releases (10g (10.1.4.2.0) and 10g (10.1.4.3) as a result of new functionality might not be translated and can appear in only English.

Native POSIX Thread Library (NPTL) for Linux

Earlier releases of Oracle Access Manager for Linux used the LinuxThreads library only. Using LinuxThreads required that you set the environment variable LD_ASSUME_KERNEL, which is used by the dynamic linker to decide what implementation of libraries is used. When you set LD_ASSUME_KERNEL to 2.4.19 the libraries in /lib/i686 are used dynamically.

RedHat Linux v5 and later releases support only Native POSIX Thread Library (NPTL), not LinuxThreads. To accommodate this change, Oracle Access Manager 10g (10.1.4.3) is compliant with NPTL specifications. However, LinuxThreads is used by default for all except Oracle Access Manager Web components for Oracle HTTP Server 11g.

Note: On Linux, Oracle Access Manager Web components for OHS 11g use only NPTL; you cannot use the LinuxThreads library. In this case, do not set the environment variable LD_ASSUME_KERNEL to 2.4.19.

See Also: Linux details in Chapter 2, "Preparing for Installation" "NPTL Requirements and Post-Installation Tasks" "Oracle Access Manager Components and Command-line Tools Might Fail with LinuxThreads" "Oracle HTTP Server Fails to Start with LinuxThreads" "Oracle HTTP Server WebGate Fails to Initialize On Linux Red Hat 4"

Oracle Internet Directory

Tuning for Oracle Internet Directory has been expanded for various Oracle Internet Directory releases.

See Also: "Tuning for Oracle Internet Directory"

Oracle Internet Directory schema for the orclrole objectclass does not follow RFC 2256. As a result, when Oracle Access Manager is configured with Oracle Internet Directory, this schema discrepancy in Oracle Internet Directory causes issues in the objectclass configuration of Oracle Access Manager.

Also, Oracle Internet Directory LDAP tools have been modified to disable the less secure options -w password and -P password when the environment variable LDAP_PASSWORD_PROMPTONLY is set to TRUE or 1.

See Also: "Oracle Internet Directory Schema"

Oracle Virtual Directory

inetOrgPerson and groupOfUniqueNames for user and group object classes are required when Oracle Access Manager is configured for Oracle Virtual Directory.

See Also: Chapter 10, "Setting Up Oracle Access Manager with Oracle Virtual Directory"

The LDIF that is created using obmigrateDN is stored in a different path.

See Also: Table 10-9, "Contents of the DN Conversion Toolkit for Oracle Access Manager"

Platform Support

Oracle continually certifies Oracle Access Manager support with various third-party platforms, Web server releases, directory server releases, and applications. For the latest support details, see the certification matrix that is available at:

http://www.oracle.com/technology/products/id_mgmt/coreid_acc/pdf/oracle_access_manager_certification_10.1.4_r3_matrix.xls

See Also: "Confirming Certification Requirements"

Certain Oracle Access Manager Web server-specific packages will not be available with the initial release of 10g (10.1.4.3).

See Also: "Web Server-Specific Packages"

Security-Enhanced Linux (SELinux)

SELinux is delivered with Oracle Enterprise Linux. SELinux modifications provide a variety of security policies through the use of Linux Security Modules (LSM) within the Linux kernel. SELinux requires performing additional steps after installing Oracle Access Manager Web components and before starting the associated Web server. This applies to all supported Linux versions that have SELinux.

See Also: Topics on SELinux in Chapter 2, "Preparing for Installation" and Appendix E, "Troubleshooting Installation Issues"

Troubleshooting Tip for Novell eDirectory Issue

When setting the searchbase to "dc=nc" during browser-based Identity System setup with Novell eDirectory, you must define the CONTAINMENT object under which the "o=Oblix" (oblixconfig) objectclass can exist.

See Also: "Novell eDirectory Issues"

Troubleshooting Tip for Sun One Directory Server v5 with SSL Enabled

The Sun One Directory Server v5.1 and v5.2 hang when there are more than 60 open SSL connections. You can apply patches to the directory server to eliminate the problem.

See Also: "Sun One Directory Server v5 SSL Issues"

Troubleshooting Tip for Sun Java Directory Server 6.0

Installing an Identity Server with Sun Java Directory Server 6.0 could result in an error when you are defining directory details.

See Also: "Sun Java System Directory Server 6.0 and Installation of Identity Server"

Troubleshooting Tip for Sun One Directory Server v6.3

An error occurs when you attempt to load the iPlanet5_oblix_index_add.ldif to a Sun One directory server version 6.3 because the structure of the node changed with v6.3.

See Also: "Sun One Directory Server 6.3: No such object error"

Updates to Specific Chapters with 10g (10.1.4.2.0)

General product and naming changes have been made throughout this book, as described in "Product and Component Name Changes".

Platform support details have been removed from this book and are now located on Oracle Technology Network (OTN), as described in "Confirming Certification Requirements".

Other updates and changes to specific chapters include the following:

• Chapter 1, "About the Installation Task, Options, and Methods" has been streamlined and includes a section about the packages that you can use for installation.

• Chapter 2, "Preparing for Installation" includes new component installation considerations. Installation considerations that formerly resided in individual component installation chapters were consolidated in this preparation chapter to eliminate redundancy and group related details together. Multi-language environment details have moved to a separate chapter.

• Chapter 3, "About Multi-Language Environments" contains new information about preparing for installation in multi-language environments as well as updated details about installing Oracle-provided Language Packs.

• Chapter 4, "Installing the Identity Server", has been updated and installation considerations moved to Chapter 2, "Preparing for Installation"

• Chapter 5, "Installing WebPass" installation considerations moved to Chapter 2, "Preparing for Installation"

• Chapter 7, "Installing the Policy Manager" has been updated and installation considerations moved to Chapter 2, "Preparing for Installation"

• Chapter 8, "Installing the Access Server"  has been updated and installation considerations moved to Chapter 2, "Preparing for Installation"

• Chapter 9, "Installing the WebGate" has been updated and installation considerations moved to Chapter 2, "Preparing for Installation"

• Chapter 10, "Setting Up Oracle Access Manager with Oracle Virtual Directory" following the acquisition of OctetString by Oracle, this chapter moved from the Oracle Access Manager Integration Guide and includes minor changes for clarification, new information to describe graphics, and an updated table for the DN Conversion tool.

• Chapter 13, "About Installing Audit-to-Database Components" provides an introduction to this feature. Complete details are in the Oracle Access Manager Identity and Common Administration Guide.

• Chapter 14, "About the Software Developer Kit" has been added to provide a brief introduction to the independent installation of the Software Developer Kit (SDK). Complete details are provided in the Oracle Access Manager Developer Guide.

• Chapter 15, "Replicating Components" has been updated to include new syntax and commands.

• Chapter 16, "Configuring Apache v1.3-based Web Servers for Oracle Access Manager" has been updated to include details about OHS and new information about WebGate performance.

• Chapter 17, "Configuring Web Components for Apache v2-based Web Servers" has been updated to include information about OHS and new information about Apache-based Web servers.

• Chapter 21, "Important Notes" has been added to provide details that were previously included in a file called importantnotes.txt.

• Chapter 22, "Removing Oracle Access Manager" is a new chapter that provides details about uninstalling components, including Language Packs, as well as removing schema objects and Web server configuration details

• Appendix B, "Installing Oracle Access Manager with ADAM" has been updated to reflect the requirement for a manual schema update.

• Appendix E, "Troubleshooting Installation Issues" is continuously updated with new information in a single appendix.

New Features in Oracle Access Manager 10g (10.1.4.0.1)

The features covered in this manual include:

• WebGate support for Microsoft ISA Server is described in Chapter 20.

• Globalization

  This manual focuses on installing Oracle Access Manager and includes information needed to install on computers with non-English (AMERICAN) operating systems and as well as details about installing Oracle-provided Language Packs

  
  

  See Also: Chapter 3, "About Multi-Language Environments" Prerequisites in installation chapters for each component

  
  

• Oracle HTTP Server support is provided for WebPass, Access Manager, and WebGate components

  
  

  See Also: Chapter 16, "Configuring Apache v1.3-based Web Servers for Oracle Access Manager"

  
  

• Oracle Internet Directory Support is included.

  
  

  See Also: Chapter 2, "Preparing for Installation", Chapter 4, "Installing the Identity Server", and Chapter 15, "Replicating Components"