Skip Headers
Oracle® Configuration Manager Collection Overview
Release 10.3.5

Part Number E22052-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

24 Oracle Identity Management Collections

As a prerequisite for Oracle Identity Management Collections, the user is required to log on to Fusion Middleware Enterprise Manager Console once before running the configuration collection.

The Oracle Identity Management collections include the following:

24.1 Directory Integration Platform

The configuration categories and their associated configuration items for the Directory Integration Platform target type follow:

24.1.1 Directory Integration Platform Configuration


Oracle Internet Directory Host
Oracle Internet Directory Port
SSL Mode
Refresh Interval

24.1.2 Admin Server Details


Admin Server Host
Admin Server Port
WebLogic Domain Name

24.1.3 WebLogic Application Configuration


Path
Load Order
Type

24.2 Oracle Access Manager


ECM Associations
J2EE Application Config
Target Version

24.3 Oracle Adaptive Access Manager


ECM Associations
J2EE Application Config
Target Version

24.4 Oracle Identity Federation

The configuration categories and their associated configuration items for the Oracle Identity Federation target type follow:

24.4.1 Server Configurations


Server Host Name
Server Port
Port - SSL Enabled
Port - Force SSL
SOAP Port
SOAP Port - SSL Enabled
SOAP Port - Force SSL
SOAP Port - Require Client Certificate
Server Clock Drift (sec)
Session Timeout (sec)
Request Timeout (sec)
Default XML Data Encryption Algorithm
Logout Option - Fail on Error
Logout Option - Return Status
Logout Option - Local Logout Only
Logout Option - Parallel Logout
Maximum SOAP Connections
Maximum SOAP Connections per Server
Proxy Host
Proxy Port
Proxy Username
Non-Proxy Hosts

24.4.2 Data Store Configurations


Federation Store LDAP Connection URL
Federation Store LDAP Bind DN
User Federation Record context
LDAP Container Object Class
Unique Federation ID Attribute
Federation Store LDAP Maximum Connections
Federation Store LDAP Connection Wait Timeout (sec)
Federation Store RDBMS JNDI Name
User Store LDAP Connection URL
User Store LDAP Bind DN
LDAP User ID Attribute
LDAP User Description Attribute
Person Object Class
Base DN
User Store LDAP Maximum Connections
User Store LDAP Connection Wait Timeout (sec)
User Store RDBMS JNDI Name
User Store RDBMS Login Table
RDBMS User ID Attribute
RDBMS User Description Attribute

24.4.3 Identity Provider Configurations


Enable Identity Provider
Provider ID
Assertion Validity (sec)
Re-authenticate After (sec)
Send Signed Assertion
Artifact Timeout (sec)
Enable Common Domain
Common Domain URL
Common Domain Cookie Domain
Common Domain Cookie Lifetime (day)
SSO User Opt-In/Out Mode
Opt-In/Out User Attribute
Opt-In/Out Attribute Value
Re-authenticate when Missing User Session Attributes

24.4.4 Identity Provider SAML 2.0 Assertion Properties


Enabled NameID Formats
Default NameID Format
Get Value from User Session for X.509 Subject Name
Get Value from User Session for Email Address
Get Value from User Session for Windows Domain Qualified Name
Get Value from User Session for Kerberos Principal Name
Get Value from User Session for Unspecified
Get Value from User Session for Custom
User Attribute Mapping for X.509 Subject Name
User Attribute Mapping for Email Address
User Attribute Mapping for Windows Domain Qualified Name
User Attribute Mapping for Kerberos Principal Name
User Attribute Mapping for Kerberos Principal Name
User Attribute Mapping for Custom
Name of the Custom Format
Federation Creation User Consent URL
Force User Consent
Send Encrypted Assertions
Send Encrypted Assertions
Send Encrypted NameID
Send Signed Assertion

24.4.5 Identity Provider SAML 2.0 Protocol Properties


Enable SAML 2.0 Protocol
Enable Register NameID Protocol
Enable Federation Termination Protocol
Enable Attribute Query Responder
User Identity Federation for Attribute Response
Enable Authentication Query Responder
Enable Assertion ID Responder
Enable Protocol Bindings
Default Binding
Default SSO Response Binding
Authentication Request message to Require Signed
Request | XML/HTTP Post message to Require Signed
Request | URL/HTTP Redirect message to Require Signed
Request | XML/SOAP message to Require Signed
Response | XML/HTTP Post message to Require Signed
Response | URL/HTTP Redirect message to Require Signed
Response | XML/SOAP message to Require Signed
Request | XML/HTTP Post message to Send Signed
Request | URL/HTTP Redirect message to Send Signed
Request | XML/SOAP message to Send Signed
Response | XML/HTTP Post message to Send Signed
Response | URL/HTTP Redirect message to Send Signed
Response | XML/SOAP message to Send Signed
Response (Assertion) | XML/HTTP Post message to Send Signed
Response (Assertion) | XML/SOAP message to Send Signed

24.4.6 Identity Provider SAML 1.0 Assertion and Protocol Properties


Enabled NameID Formats
Default NameID Format
Get Value from User Session for X.509 Subject Name
Get Value from User Session for Email Address
Get Value from User Session for Windows Domain Qualified Name
Get Value from User Session for Unspecified
Get Value from User Session for Custom
User Attribute Mapping for X.509 Subject Name
User Attribute Mapping for Email Address
User Attribute Mapping for Windows Domain Qualified Name
User Attribute Mapping for Unspecified
User Attribute Mapping for Custom
Name of the Custom Format
Send Signed Assertion
Enable SAML 1.1 Protocol
Enable SAML 1.0 Protocol
Enable Attribute Query Responder
Enable Authentication Query Responder
Enable Assertion ID Responder
SSO Response Binding
Request | XML/SOAP message to Require Signed
Response (Assertion) | XML/HTTP Post message to Send Signed
Response (Assertion) | XML/SOAP message to Send Signed

24.4.7 Identity Provider WSFed 1.1 Properties


Enable WS-Federation 1.1 Protocol
SSO Token Type
Use Microsoft Web Browser Federated SSO Profile

24.4.8 Service Provider Configurations


Service Provider Configurations
Provider ID
Enable Map Assertion to User Account
Anonymous User ID
Ignore Unknown Conditions
Require Signed Assertions
Default SSO Identity Provider
Enable IdP Discovery Service URL
IdP Discovery Service URL
Enable Common Domain Service
Common Domain Service URL
Enable Attribute Requester Service
Default Attribute Authority
DN Pattern | Identity Provider
Authentication Mechanism | Identity Provider

24.4.9 Service Provider SAML 2.0 Assertion Properties


Map User via Federated Identity
Enable Auto Account Linking
Map User via Attribute Query
Attribute Query
Map User via NameID
Enabled NameID Formats
User Attribute Mapping for X.509 Subject Name
User Attribute Mapping for Email Address
User Attribute Mapping for Windows Domain Qualified Name
User Attribute Mapping for Kerberos Principal Name
User Attribute Mapping for Unspecified
User Attribute Mapping for Custom
Name of the Custom Format
Error when User Mapping Fails
Error when User Mapping Fails
Required Signed Assertion

24.4.10 Service Provider SAML 2.0 Protocol Properties


Enable SAML 2.0 Protocol Enabled
Enable Register NameID Protocol
Enable Federation Termination Protocol
Send Encrypted NameIDs
Send Encrypted Attributes
Allow Federation Creation
User Consent URL
Force User Consent
Enable Protocol Bindings
Default Binding
Default SSO Request Binding
Default SSO Response Binding
Default Authentication Request NameID Format
Request Authentication Context Mechanism
Request Authentication Context Comparison
Request Authentication Context Comparison
Request | XML/HTTP Post message to Send Signed
Request | URL/HTTP Redirect message to Send Signed
Request | XML/SOAP message to Send Signed
Response | XML/HTTP Post message to Send Signed
Response | URL/HTTP Redirect message to Send Signed
Response | XML/SOAP message to Send Signed
Request | XML/HTTP Post message to Require Signed
Request | URL/HTTP Redirect message to Require Signed
Request | XML/SOAP message to Require Signed
Response | XML/HTTP Post message to Require Signed
Response | URL/HTTP Redirect message to Require Signed
Response | XML/SOAP message to Require Signed
Response (Assertion) | XML/HTTP Post message to Require Signed
Response (Assertion) | XML/SOAP message to Require Signed

24.4.11 Service Provider SAML 1.x Assertion and Protocol Properties


Map User via Attribute Query
Map User via Attribute Query
Map User via NameID
Enabled NameID Formats
User Attribute Mapping for X.509 Subject Name
User Attribute Mapping for Email Address
User Attribute Mapping for Windows Domain Qualified Name
User Attribute Mapping for Unspecified
User Attribute Mapping for Custom
Name of the Custom Format
Error when User Mapping Fails
Ignore Unknown Condition
Required Signed Assertion
Enable SAML 1.0 Protocol
Enable SAML 1.1 Protocol
Enable Protocol Binding
Enable Protocol Binding
Response (Assertion) | XML/HTTP Post message to Require Signed
Response (Assertion) | XML/SOAP message to Require Signed

24.4.12 Service Provider WSFed 1.1 Properties


Enable WD-Federation 1.1 Protocol

24.4.13 Admin Server Details


Admin Server Host
Admin Server Port
WebLogic Domain Name

24.4.14 WebLogic Application Configuration


Path
Load Order
Type

24.5 Oracle Identity Manager


ECM Associations
J2EE Application Config
Target Version

24.6 Oracle Internet Directory

The configuration categories and their associated configuration items for the Oracle Internet Directory target type follow:

24.6.1 Oracle Internet Directory General Configurations


Server Mode
Max number of entries returned by search
Max time allowed for a search to complete
Anonymous Bind
SDump Flag
SSL Interop Mode

24.6.2 Oracle Internet Directory Performance Configurations


Number of OID LDAP Server Processes
Number of DB Connections per Server Process
Enable Entry Cache
Maximum Entries in Entry Cache
Maximum Entry Size in Cache (byte)
Maximum Entry Cache Size (bytes)
Number of users in privilege Group membership Cache
LDAP Idle Connection Timeout (sec)
OID Server Network Read/Write Retry Timeout (sec)
Maximum number of LDAP connections per Server Process
Max Time for Server process to respond to Dispatcher process (sec)
Number of Dispatcher Threads per Server Process
Number of Plugin Threads per Server Process<
Enable Change Log Generation
Enable Group Cache

24.6.3 Oracle Internet Directory SASL Configurations


Authentication Mode
Cipher Choice
External SASL Authentication
Authentication Mechanism

24.6.4 Oracle Internet Directory Statistics Configurations


Stats Flag
Stats Frequency (min)
Security Event Tracking
User Statistics Collection
Event Levels

24.6.5 Oracle Internet Directory Log Configurations


Debug Level
Operations Enabled for Debug
Maximum Log File Size
Maximum Files in Rotation

24.6.6 Admin Server Details


Admin Server Host
Admin Server Port
WebLogic Domain Name

24.7 Oracle Virtual Directory

The configuration categories and their associated configuration items for the Oracle Virtual Directory target type follow:

24.7.1 Server Configuration


ACL Check
DoS Active
DoS Rate Period
Exempt IP Addresses
Exempt Subjects
Maximum inactive connection timeouts
Maximum Connections
Maximum Connections per IP
Maximum Connections per Subject
Maximum Operations per Connection
Schema Check

24.7.2 Search Configuration


Anonymous Search Limit
Authenticated Search Limit
Persistent Search

24.7.3 Schema Locations


Schema Locations

24.7.4 Listener Configuration


Listener Name
Listener Type
Listener Version
Listener Active
Listener Host
Listener Port
Threads
Group URL
SSL Enabled
SSL Authentication Type
SSL Trust Store
SSL Key Store
SSL Protocol
SSL Ciphers

24.7.5 Administration Server Details


Admin Server Host
Admin Server Port
WebLogic Domain Name