Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Identity Federation
11g Release 1 (11.1.1)

Part Number E13400-04
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
View PDF

Index

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  R  S  T  U  W  X 

A

account linking, 1.1.3
administration
common tasks, 4.2
affiliations, 1.2.5
runtime behavior, 6.2
architecture
typical deployment, 2.6.2
architecture considerations, 2.6.1
assertion mapping
examples, 6.16.3
assertion validity, 5.3
Association, 1.1.3
Association Session Types, 5.4.4
Attribute Exchange, 5.4.4
Attribute Exchange (AX), 2.2.2.6
attribute mapping
static, 5.9.1.1.1
Attribute Mapping and Filtering, 5.9.1
Attribute Name Mapping, 5.9.1.1
attribute query, 4.2.8
attribute request, 4.2.8
Attribute Request Message, 5.8.2
Attribute Requeste, 5.8
Attribute Requester
service interface, 5.8.1
Attribute Response Message, 5.8.3
Attribute Sharing, 5.6
components, 5.6.1
Web Services Interface, 5.8
Attribute Value Filtering, 5.9.1.3
configuring, 5.9.2.3
Attribute Value Mapping, 5.9.1.2
configuring, 5.9.2.2
Auditing, 7.4
Authentication Engines, 5.15
Custom, 5.15.10
Database Security, 5.15.5
Database Table, 5.15.6
Federated SSO Proxy, 5.15.8
HTTP Header, 5.15.1
Infocard, 5.15.7
JAAS, 5.15.9
LDAP Directory, 5.15.4
Oracle Access Manager, 5.15.3
Oracle Single Sign-On, 5.15.2
authentication engines, 10.2.1
and authentication flows, 2.3
authentication mechanism
default, 5.14.1.1
Authentication Mechanisms, 5.14
Local, 5.14.2
SAML 1.x, 5.14.4
SAML 2.0, 5.14.3
WS-Federation 1.1, 5.14.5
authentication modes, 2.3.1

B

bilateral authentication, 2.2.2.3
bindings
HTTP Artifact, 1.2.4.2
HTTP POST, 1.2.4.1
HTTP redirect, 1.2.4.4
Business Processing Plug-in, 11
example, 11.5
implementing, 11.1.2
Bypassing User Mapping, 6.19

C

certificate path validation, 6.22
certificate repository, 2.1.3.3
certificate validation, 2.1.3.3
certificates
and trust, 4.1.1.2
certification matrix, 1.2.8
Claimed Identifier, 1.1.3
common domain parameters, 5.3
Configuration Settings
and metadata, 5.1.1
Configuration Settings and Provider Metadata, 5.1.1
Configuring Audience Restrictions, 6.21
Configuring Service Providers, 5.5
Cookie Lifetime, 5.3
Creating a custom authentication engine, 10.3
creating a custom SP Integration Engine, 10.4
Credentials, 4.5
cross-domain trust, 4.1.1.2
Cryptographic Provider, 1.2.6
custom IAM, 10.1

D

data store, 2.4
configuration, 2.4.4, 5.13.4
federation, 2.4.1, 5.13.2
session and message, 2.4.3, 5.13.3
user, 2.4.2, 5.1.2, 5.13.1
data stores
managing, 5.13
deployment
architecture, 2.1
installation requirements, 2.4.4
planning, 4.1.1.3
profiles and bindings, 2.2
protocols, 2.1.4
proxy server, 2.1.2
scenarios, 3.2
security, 2.1.3
server roles, 2.1.1
sizing, 2.6
topology, 2.1.1, 2.6.4
with Oracle HTTP Server, 3.2.1
with Oracle Single Sign-On, 3.2.2
deployment planning, 4.1.1.2
deprovisioning, 5.1.2
destination domain, 1.1.3
Discovery, 1.1.3
DN pattern to attribute responder
case-sensitivity, 5.5.1
domain, 1.1.3

E

error types, 6.13.3
Exchange User Identities, 4.1.1.2

F

features, new
release 11g (11.1.1), Preface
federated identity management, 1.1.1
event flow, 1.2.7
Federated SSO Proxy
authentication engines, 5.15.8
federation
account linking, 1.1.3
benefits, 1.1.1
concepts, 1.1.3
evolution of standards, 1.1.4.2
use cases, 1.1.2
federation data store, 2.4.1, 5.13.2.1, 6.14
federation profiles, 1.2.4
artifact, 1.2.4.2
federation termination, 1.2.4.8
global logout, 1.2.4.9
name identifier, 1.2.4.5
federation protocols, 1.1.4
federation record
structure, 5.1.2
uniqueness, 5.1.2
federation termination
profiles, 1.2.4.8
Force SSL, 5.2.1, 5.2.1
forcing reauthentication
not supported with Oracle Single Sign-On, 3.2.2

G

Global Logout
On-Demand, 6.8.3

H

high availability, 2.6.1.6
Host Connection Properties, 5.2.1
HTTP Basic Authentication, 2.3.6
HTTP Header Attributes, 5.15.1
HTTPS mode, 5.2.1, 5.2.1

I

ICAM
OpenID, 2.2.2.6
Identities
Federations, 4.4.2
search options, 4.4.4
Users, 4.4.3
Identity Federation Engine, 10.2.1
identity management
challenges, 1.1.1
federated, 1.1.1
Identity Provider
sending attributes in SSO Assertions, 5.7
identity provider, 1.1.3
Identity Providers - Common Properties, 5.3
Identity Providers - Protocol-Specific Properties, 5.4
IdP Properties
OpenID, 5.4.4
SAML 1.x, 5.4.2
SAML 2.0, 5.4.1
WS-Federation, 5.4.3
implementation checklist, 2.7

J

JAAS
authentication engines, 5.15.9
JCE Policy Files, 8.3

K

keystore, 4.1.1.2
password, 8.2.1

L

LD_ASSUME_KERNEL, C.1.4.3
LDAP Directory
authentication engines, 5.15.4
log files, 4.1.3
Logging, 7.3
login table
for RDBMS authentication engine, 5.15.6.1
logout, 4.2.5

M

mapping
authentication mechanisms to authentication engines, 5.14.1.2
methods to authentication mechanisms, 5.14.1.2
Mapping and Filtering
configuration, 5.9.2
MBeans
configuration data, A
Data-store Configuration, A.3
Provider-specific Configuration, A.2
Server-wide Configuration, A.1
Message Data Store, 5.13.3
Metadata, 5.1.1
properties that affect, 5.1.1
protocol URLs, 5.1.1
re-publishing, 5.1.1
metadata, 4.1.1.2
affected properties, 5.1.1
properties that affect, 5.1.1
Monitoring, 7.1

N

NameID
using UserID for, 5.4.2
NameID lookup
disabling, 6.14
new features
release 11g (11.1.1), Preface

O

OASIS, 1.1.4.1
On-Demand Global Logout, 6.8.3
OpenID, 2.2.1.3
association, 1.1.3
attribute exchange, 2.2.2.6
claimed identifier, 1.1.3
Diffie-Hellman parameters, 5.5.5
discovery, 1.1.3
Generic Service Provider, 5.4.4
ICAM, 2.2.2.6
PAPE, 2.2.2.6
PAPE 1.0, 5.5.5
processing flow, 2.2.2.6
Profiles and Extensions, 1.2.4.10
profiles and extensions, 2.2.2.6
Provider, 1.1.3
Relying Party, 1.1.3
SP Properties, 5.5.5
OpenID IdP, 5.4.4
OpenID Provider, 1.1.3
OpenID SP, 5.5.5
Oracle Access Manager
authenticating with, 2.3.4
authentication engines, 5.15.3
configuring plug-ins, 5.6.3
deploying with, 3.2.3
schemes and policies, 5.6.4
Oracle Access Manager 11g, 3.2.4
Oracle Directory Server Enterprise Edition
deploying with, 3.2.6
Oracle HTTP Server
as proxy, B.1
deploying with, 3.2.1.1
Oracle Identity Federation, 1.2
administration, 4.1.2
administration tools, 4.1.2
and PKI, 4.1.1.2
architecture, 1.2.2, 10.2.1
as IdP Attribute Responder, 5.6.6
as SP Attribute Requester, 5.6.5
as SSL client, 8.1.2
as SSL server, 8.1.1
basic administration, 4.1
benefits, 1.2.1
configuring, 5
data maintained by, 5.1
deployed with Oracle Access Manager, 3.2.3
deployed with Oracle HTTP Server, 3.2.1
deployed with Oracle Single Sign-On, 3.2.2
federated identities, 4.4.1
Federations, 4.3
Home Page, 7.1.1
installation requirements, 2.5
log files, 4.1.3
managing credentials for, 4.5
modules and flow, 10.2.1
proxy for, B
schema, 5.13.5
SSL for, 8.1
with Oracle Directory Server Enterprise Edition, 3.2.6
WLST
list of commands, 9.2
WLST for, 9
Oracle Identity Federation/SP
authenticating to OAM, 3.2.5
Oracle Single Sign-On
authenticating with, 2.3.5
authentication engines, 5.15.2
deploying with, 3.2.2
testing deployment, 3.2.2.6
Oracle Universal Federation Framework, 1.1.3
Outbound Connection Properties, 5.2.2
Overriding NameID Mapping, 6.20

P

PAPE
OpenID, 2.2.2.6
PAPE 1.0, 5.4.4
performance, 6.14
and assertion security, 2.6.1.4
and connection tuning, 2.6.1.5
and profiles, 2.6.1.1
and repositories, 2.6.1.2
and server tuning, 2.6.1.7
tuning, 2.6
Performance Summary, 7.1.2
PKI, 4.1.1.2
principal, 1.1.3
profiles
artifact
request processing, 2.2.2.1
security, 2.2.2.3
using, 2.2.2.1
with proxy, 2.2.2.1
attribute sharing
using, 2.2.2.4
choosing, 2.2.2
federation termination, 1.2.4.8
HTTP redirect, 1.2.4.4
logout, 1.2.4.9
OpenID, 2.2.2.6
passive requester, 1.2.4.7
POST, 1.2.4.1
request processing, 2.2.2.2
security, 2.2.2.3
using, 2.2.2.2
with proxy, 2.2.2.2
WS-Federation
using, 2.2.2.5
proxy server, 2.1.2, B

R

RCU
and schema creation, 5.13.5
reauthentication, 5.3
forcing not supported for Oracle Single Sign-On, 3.2.2
reference footprint, 2.6.3
Relying Party, 1.1.3
roles
FederationAdmin, 4.1.1.1

S

SAML, 1.1.4.1
assertions, 1.1.4.1
authentication example, 1.1.4.4
profiles, 1.1.4.1
protocol bindings, 1.1.4.1
request and response cycle, 1.1.4.1
request-response cycle, 1.1.4.1
SAML 1.x, 1.1.4.3
IdP Properties, 5.4.2
SP, 5.5.3
SAML 2.0, 1.1.4.4
IdP NameID formats, 5.4.1
IdP Properties, 5.4.1
SP, 5.5.2
SAML security considerations, 2.2.2.3
schema
creating, 5.13.5
validation, 6.13.4
schema validation, 6.13.4
Security and Trust
configuring, 5.10
Provider Metadata, 5.10.2
Trusted CAs and CRLs, 5.10.3
Wallet, 5.10.1
security considerations, 2.2.2.3
server certificates, 4.2.2
Server Clock Drift, 5.2.1
Server Configuration Data, 5.1.1
Server Hostname, 5.2.1
server metadata, 4.2.1
Server Port, 5.2.1
Service Provider
Common Properties, 5.5.1
OpenID, 5.5.5
SAML 1.x, 5.5.3
SAML 2.0, 5.5.2
WS-Federation 1.1, 5.5.4
service provider, 1.1.3
session
active period, 5.2.1
Session Data Store, 5.13.3
Session Timeout, 5.2.1
Session Types, 5.4.4
setConfigProperty
for DN pattern matching, 5.5.1
signature verification, 4.2.6
Signing and Encryption Wallets, 8.2
Single Sign-On
for SAML 1.x and WS-Federation, 4.3.5
for User Opt-In and Opt-Out, 6.18
schema validation, 6.13.4
single sign-on, 1.1
sizing guidelines, 2.6
SOAP Port, 5.2.1
SP integration engine
custom, 10.4
SP Properties
OpenID, 5.5.5
SSL, 8.1
and PKI, 4.1.1.2
configuration, 8.1.1
configuring for Oracle Identity Federation, 8.1
enabling for server, 5.2.1, 5.2.1
Signing and Encryption Wallets, 8.2
static attribute mapping, 5.9.1.1.1
Supported Standards and Applications, 1.2.8

T

test SP engine, 3.2.7
third-party IAM solutions, 10.1
timeout parameters, 5.3
topology, 2.6.4
transient data store, 2.4.3
troubleshooting
AccessGate permission error, C.1.4.1
back-ends with same cookie domain, C.1.4.4
bookmarked login page, C.1.3.2
bookmarked resource, C.1.6.1
file descriptor error, C.1.5.1
incorrect login page, C.1.3.1
LD_ASSUME_KERNEL, C.1.4.3
non-ASCII AccessGate ID, C.1.4.2
Operating System configuration, C.1.5
Oracle Access Manager configuration, C.1.4
Oracle Identity Federation configuration, C.1.2
Oracle Single Sign-On configuration, C.1.3
runtime SSO issues, C.1.6
trusted provider
adding, 4.3.2
delete, 4.3.4
for SSO, 4.3.5
searching, 4.3.1
update, 4.3.3

U

User Consent, 5.4.1
example page, 5.4.1
user data store, 2.4.2
configuring none, 5.13.1.5
connection data, 2.4.2
User Federation Data, 5.1.2
User Federation Record Context, 2.4.1
User Opt-In and Opt-Out
for Single Sign-On, 6.18
user records
basic data, 5.1.2
deprovisioning, 5.1.2
federation data, 5.1.2
synchronizing, 5.1.2

W

web access management (WAM) system, 1.2.3
Web Proxy
configuring behind, 3.2.6.3
WLST, 9
addConfigListEntryInMap, 9.2.1
addConfigMapEntryInMap, 9.2.2
addConfigPropertyListEntry, 9.2.3
addConfigPropertyMapEntry, 9.2.4
addFederationListEntryInMap, 9.2.7
addFederationMapEntryInMap, 9.2.8
addFederationPropertyMapEntry, 9.2.10
changePeerProviderDescription, 9.2.16
changeSessionStore, 9.2.17
createConfigPropertyList, 9.2.18
createConfigPropertyListInMap, 9.2.19
createConfigPropertyMap, 9.2.20
createConfigPropertyMapInMap, 9.2.21
createFederationPropertyList, 9.2.22
createFederationPropertyListInMap, 9.2.23
createFederationPropertyMap, 9.2.24
createFederationPropertyMapInMap, 9.2.25
createPeerProviderEntry, 9.2.26
deleteCustomAuthnEngine, 9.2.11
deleteCustomSPEngine, 9.2.12
deleteUserFederations, 9.2.14
environment setup, 9.1.1
executing commands, 9.1.2
extractproviderprops, 9.2.36
getConfigListValueInMap, 9.2.27
getConfigMapEntryInMap, 9.2.28
getConfigProperty, 9.2.29
getConfigPropertyList, 9.2.30
getConfigPropertyMapEntry, 9.2.31
getFederationListValueInMap, 9.2.32
getFederationMapEntryInMap, 9.2.33
getFederationProperty, 9.2.34
getFederationPropertyList, 9.2.35
getFederationPropertyMapEntry, 9.2.38
listCustomAuthnEngines, 9.2.39
listCustomSPEngines, 9.2.40
loadMetadata, 9.2.41, 9.2.42
removeConfigListInMap, 9.2.43
removeConfigMapEntryInMap, 9.2.44
removeConfigMapInMap, 9.2.45
removeConfigProperty, 9.2.46
removeConfigPropertyList, 9.2.47
removeConfigPropertyMap, 9.2.48
removeConfigPropertyMapEntry, 9.2.49
removeFederationListInMap, 9.2.50
removeFederationMapEntryInMap, 9.2.52
removeFederationMapInMap, 9.2.51
removeFederationProperty, 9.2.53
removeFederationPropertyList, 9.2.54
removeFederationPropertyMap, 9.2.55
removeFederationPropertyMapEntry, 9.2.56
removePeerProviderEntry, 9.2.57
setConfigProperty, 9.2.58
setCustomAuthnEngine, 9.2.59
setCustomSPEngine, 9.2.60
setFederationProperty, 9.2.61
setproviderprops, 9.2.37
WS-Federation, 1.1.4.5
IdP Properties, 5.4.3
WS-Federation 1.1
SP, 5.5.4

X

X.509 certificates, 4.1.1.2