1/72
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in This Guide?
November 2012 Book Refresh
August 2012 Book Refresh
Product Enhancements in Oracle Access Management 11.1.2.0.0
Product and Component Name Changes with 11.1.2
Part I Introduction to Oracle Access Management
1
Introduction to Oracle Access Management
1.1
Introduction to Oracle Access Management
1.1.1
About Oracle Access Management Installation
1.1.2
About Oracle Access Management Post-Installation Tasks
1.2
Introduction to Oracle Access Management Access Manager
1.2.1
Introduction to Access Manager Architecture
1.2.2
Introduction to Access Manager Deployment Types
1.3
Summarizing Oracle Access Management Access Manager 11.1.2
1.3.1
About Access Manager 11.1.2
1.3.2
About Functionality Not Available with Access Manager11g
1.4
Introduction to Oracle Access Management Security Token Service
1.4.1
Security Token Service Key Terms and Concepts
1.4.2
About Security Token Service
1.4.3
About Integrated Oracle Web Services Manager
1.4.4
About Security Token Service Architecture
1.4.5
About Security Token Service Deployments
1.4.5.1
Centralized Token Authority Deployment
1.4.5.2
Tokens Behind a Firewall Deployment
1.4.5.3
Web Services SSO Deployment
1.4.6
About Installation Options
1.4.6.1
Security Token Service Cluster in Single WLS Domain
1.4.6.2
Endpoint Exposure through a Web Server Proxy
1.4.6.3
Interoperability of Requester and Relying Party with Other Oracle WS-Trust based Clients
1.4.6.4
Security Token Service Installation Overview
1.4.6.5
Post-Installation Tasks: Security Token Service
1.4.7
About Security Token Service Administration
1.5
System Requirements and Certification
Part II Using the Console for Common Tasks
2
Getting Started with Oracle Access Management Administration and Navigation
2.1
Prerequisites
2.2
Starting and Stopping Servers in Your Deployment
2.2.1
Starting Node Manager
2.2.2
Starting and Stopping AdminServer
2.2.3
Starting and Stopping OAM Servers
2.3
Introduction to Oracle Access Management Administrators
2.4
Logging In to and Signing Out of Oracle Access Management Console
2.4.1
Logging In to the Oracle Access Management Console
2.4.2
Signing Out of Oracle Access Management Console
2.5
Introduction to the Oracle Access Management Console and Controls
2.5.1
Console Layout and Controls
2.5.1.1
Welcome Page and Shortcuts
2.5.1.2
Function-Level Tabs and Controls
2.5.1.3
Content Pages and Page Controls
2.5.2
Elements on a Page
2.5.3
Selecting Controls in the Console
2.6
Introduction to System Configuration and Policy Configuration Tabs
2.6.1
About the System Configuration Tab
2.6.2
About the Policy Configuration Tab
2.7
Viewing Configuration Details in the Console
2.8
Conducting Searches Using the Console
2.9
Using Online Help
2.10
Command-Line Tools
2.11
Logging, Auditing, Monitoring Performance
3
Managing Common Services and Certificate Validation
3.1
Prerequisites
3.2
Introduction to Common Configuration Elements
3.3
Enabling or Disabling Available Services
3.4
Managing Common Settings
3.4.1
About Common Settings Pages
3.4.2
Managing Common Settings
3.4.3
Viewing Common Coherence Settings
3.5
Managing Global Certificate Validation and Revocation
3.5.1
About Certificate Validation and Revocation
3.5.2
Managing Certificate Revocation Lists (CLRs)
3.5.3
Enabling Certificate Validation
3.5.4
Configuring CRL Distribution Point Extensions (CDP)
4
Managing Data Sources
4.1
Prerequisites
4.2
Introduction to Managing Common Data Sources
4.2.1
About User Identity Stores
4.2.1.1
Multiple Identity Stores
4.2.2
About the Database Store for Policy, Password Management, and Sessions
4.2.3
About the Access Manager Configuration Data File
4.2.4
About Access Manager Security Keys and the Embedded Java Keystore
4.2.5
About Security Token Service Keystores
4.2.5.1
About Oracle WSM Agent Keystore for Security Token Service
4.2.6
Identity Federation Keystore
4.3
Managing User Identity Stores
4.3.1
About the User Identity Store Registration Page
4.3.2
Registering a New User Identity Store
4.3.3
Viewing or Editing a User Identity Store Registration
4.3.4
Deleting a User Identity Store Registration
4.4
Setting the Default Store and System Store
4.4.1
About Setting the Default Store and System Store
4.4.2
Defining a Default Store and System Store
4.5
Managing the Administrators Role
4.5.1
About Managing the Administrator Role
4.5.2
Managing Administrator Roles
4.6
Managing the Policy and Session Database
4.6.1
About Database Deployment
4.6.2
Configuring a Separate Database for Access Manager Sessions
5
Managing Server Registration
5.1
Prerequisites
5.2
Introduction to OAM Servers, Registration, and Management
5.2.1
About Individual OAM Server Registrations
5.2.2
About the Embedded Proxy Server and Backward Compatibility
5.2.3
About 11g SSO, Legacy 10g SSO in Combination with OSSO 10g
5.2.4
About Communication Between OAM Servers and Webgates
5.2.5
About Restarting Servers After Configuration Changes
5.3
Managing Individual OAM Server Registrations
5.3.1
About the OAM Server Registration Page
5.3.1.1
OAM Proxy Page
5.3.1.2
Coherence Page for Individual Servers
5.3.2
Registering a Fresh OAM Server Instance
5.3.3
Viewing or Editing Individual OAM Server and Proxy Settings
5.3.4
Deleting an Individual Server Registration
Part III Common Logging, Auditing, Performance Monitoring and Tuning
6
Logging Component Event Messages
6.1
Prerequisites
6.2
Introduction to Logging Component Event Messages
6.2.1
About Component Loggers
6.2.2
Sample Logger and Log Handler Definition
6.2.3
About Logging Levels
6.3
Configuring Logging for Access Manager
6.3.1
Modifying the Logger Level for Access Manager
6.3.2
Adding an Access Manager-Specific Logger and Log Handler
6.4
Configuring Logging for Security Token Service and Identity Federation
6.4.1
Configuring Logging for Security Token Service or Identity Federation
6.4.2
Defining Log Level and Log Details for Security Token Service or Identity Federation
6.5
Validating Run-time Event Logging Configuration
7
Logging Webgate Event Messages
7.1
About Logging, Log Levels, and Log Output
7.1.1
About Log Levels
7.1.2
About Log Output
7.2
About Log Configuration File Paths and Contents
7.2.1
Log Configuration File Paths and Names
7.2.2
Log Configuration File Contents
7.2.2.1
When Changes to the File Take Effect
7.2.2.2
About Comments in the Log File
7.3
About Directing Log Output to a File or the System File
7.4
Structure and Parameters of the Log Configuration File
7.4.1
The Log Configuration File Header
7.4.2
The Initial Compound List
7.4.3
The Simple List and Logging Threshold
7.4.4
The Second Compound List and Log Handlers
7.4.5
The List for Per-Module Logging
7.4.6
The Filter List
7.4.7
About XML Element Order
7.5
About Activating and Suppressing Logging Levels
7.5.1
About Log Handler Precedence
7.6
Mandatory Log-Handler Configuration Parameters
7.6.1
Settings in the Default Log Configuration File
7.6.1.1
Description of the Settings in the Default Log Configuration File
7.7
Configuring Different Threshold Levels for Different Types of Data
7.7.1
About the MODULE_CONFIG Section
7.7.1.1
Location of the Per-Module Logging Section in the Log Configuration File
7.7.1.2
List of Modules That Can Be Logged
7.7.2
Configuring a Log Level Threshold for a Function or Module
7.8
Filtering Sensitive Attributes
8
Auditing Administrative and Run-time Events
8.1
Prerequisites
8.2
Introduction to Auditing
8.2.1
About Oracle Access Management Auditing Configuration
8.2.2
About Audit Record Storage
8.2.3
About Audit Reports and Oracle Business Intelligence Publisher
8.2.4
About the Audit Log and Data
8.3
Access Manager Events You Can Audit
8.3.1
Access Manager Administrative Events You Can Audit
8.3.2
Access Manager Run-time Events You Can Audit
8.3.3
About Authentication Event Auditing
8.4
Identity Federation Events You Can Audit
8.4.1
Session Management Events for Identity Federation
8.4.2
Protocol Flow Events for Identity Federation
8.4.3
Server Configuration Events for Identity Federation
8.4.4
Security Events for Identity Federation
8.5
Security Token Service Events You Can Audit
8.5.1
About Audit Record Content Common to All Events
8.5.2
Security Token Service Administrative Events You Can Audit
8.5.3
Security Token Service Run-time Events You Can Audit
8.6
Setting Up Auditing for Oracle Access Management
8.6.1
Setting Up the Audit Database Store
8.6.2
Preparing Oracle Business Intelligence Publisher EE
8.6.3
About Auditing Configuration Using Oracle Access Management Console
8.6.4
Adding, Viewing, or Editing Audit Settings
8.7
Validating Auditing and Reports
9
Monitoring Performance by Using Oracle Access Management Console
9.1
Introduction to Performance Monitoring
9.2
Reviewing DMS Metric Tables
9.3
Monitoring Server Metrics Using Oracle Access Management Console
9.3.1
Monitoring Server Instance Performance
9.3.2
Reviewing Server Metrics Using Oracle Access Management Console
9.4
Monitoring SSO Agent Metrics Using Oracle Access Management Console
9.4.1
Monitoring Agent Metrics Using Oracle Access Management Console
9.4.2
Reviewing OAM Agent Metrics
9.4.3
Reviewing OSSO Agent Metrics
9.5
Introduction to OAM Proxy Metrics and Tuning
9.5.1
About OAM Proxy Metrics
9.5.2
OAM Proxy Server Tuning Parameters
9.6
Reviewing OpenSSO Metrics in the DMS Console
9.6.1
OpenSSO Proxy Events and Metrics: Server
9.6.2
OpenSSO Proxy Metrics: Agent
9.6.3
Reviewing OpenSSO Metrics Using the DMS Console
10
Monitoring Performance and Logs with Fusion Middleware Control
10.1
Prerequisites
10.2
Introduction to Fusion Middleware Control
10.3
Logging In to and Out of Fusion Middleware Control
10.3.1
About the Login Page for Fusion Middleware Control
10.3.2
Logging In To Fusion Middleware Control
10.3.3
Logging Out of Fusion Middleware Control
10.4
Displaying Menus and Pages in Fusion Middleware Control
10.4.1
About the Farm Page in Fusion Middleware Control
10.4.2
About Context Menus and Pages in Fusion Middleware Control
10.4.3
Displaying Context Menus and Target Details in Fusion Middleware Control
10.5
Viewing Performance in Fusion Middleware Control
10.5.1
About Performance Overview Pages in Fusion Middleware Control
10.5.1.1
Access Manager Component Pages
10.5.1.2
Security Token Service Component Pages
10.5.2
About the Metrics Palette and the Performance Summary Page
10.5.3
Displaying Performance Metrics in Fusion Middleware Control
10.5.4
Displaying Component-Specific Performance Details
10.6
Managing Log Level Changes in Fusion Middleware Control
10.6.1
About Dynamic Log Level Changes
10.6.2
Setting Log Levels Dynamically Using Fusion Middleware Control
10.7
Managing Log File Configuration from Fusion Middleware Control
10.7.1
About Log File Configuration
10.7.2
Managing Log File Configuration by Using Fusion Middleware Control
10.8
Viewing Log Messages in Fusion Middleware Control
10.8.1
About Finding, Viewing, and Exporting Log Messages
10.8.2
Viewing Logged Messages With Fusion Middleware Control
10.9
Displaying MBeans in Fusion Middleware Control
10.9.1
About the System MBean Browser
10.9.2
Managing Mbeans
10.10
Displaying Farm Routing Topology in Fusion Middleware Control
10.10.1
About the Routing Topology
10.10.2
Viewing the Routing Topology using Fusion Middleware Control
Part IV Managing Access Manager Settings and Agents
11
Configuring Access Manager Settings
11.1
Prerequisites
11.2
Introduction to Access Manager Settings
11.3
Managing Load Balancing
11.3.1
About Common Load Balancing Settings
11.3.2
Managing OAM Server Load Balancing
11.4
Managing Secure Error Modes
11.4.1
About OAM Server Error Modes
11.4.2
Managing OAM Server Secure Error Modes
11.5
Managing SSO Tokens and IP Validation
11.5.1
About Access Manager SSO Tokens and IP Validation Settings
11.5.2
Managing SSO Tokens and IP Validation
11.6
Managing the Access Protocol for OAM Proxy Simple and Cert Mode Security
11.6.1
About Simple and Cert Mode Transport Security
11.6.2
About the Common OAM Proxy Page for Secure Server Communications
11.6.3
Viewing or Editing Simple or Cert Settings for OAM Proxy
11.7
Managing Run Time Policy Evaluation Caches
11.7.1
About Run Time Policy Evaluation Caches
11.7.2
Managing Run Time Policy Evaluation Caches
12
Introduction to Agents and Registration
12.1
Introduction to Policy Enforcement Agents
12.1.1
About Agent Types and Runtime Processing
12.1.2
About 11g Webgate Configured as a Detached Credential Collector
12.1.3
About 11g Webgate Functionality for Mobile and Social
12.1.4
About the Pre-Registered 10g Webgate IAMSuiteAgent
12.2
Introduction to Agent Registration
12.2.1
About Agent Registration, Keys, and Policies
12.2.2
About File System Changes and Artifacts for Registered Agents
12.3
Introduction to Remote Registration
12.3.1
About Performing In-Band Remote Registration
12.3.2
About Performing Out-of-Band Remote Registration
12.3.3
About Updated Agent Configuration Files
13
Registering and Managing OAM 11g Agents
13.1
Prerequisites
13.2
Understanding OAM Agent Registration Parameters in the Console
13.2.1
About Create OAM Webgate Page and Parameters
13.2.2
About User-Defined Webgate Parameters
13.2.3
About IP Address Validation for Webgates
13.3
Registering an OAM Agent Using the Console
13.4
Configuring and Managing Registered OAM Agents Using the Console
13.4.1
Understanding Registered OAM Agent Configuration Parameters in the Console
13.4.2
Searching for an OAM Agent Registration
13.4.3
Viewing or Editing an OAM Agent Registration Page in the Console
13.4.4
Deleting OAM Agent Registration Using the Console
13.5
Understanding the Remote Registration Tool, Modes, and Process
13.5.1
About Remote Registration Command Arguments and Modes
13.5.2
Common Elements within Remote Registration Request Templates
13.5.3
About Key Use, Generation, Provisioning, and Storage
13.6
Understanding Remote Registration Templates: OAM Agents
13.6.1
OAM Agent Parameters for Remote Registration
13.7
Performing Remote Registration for OAM Agents
13.7.1
Acquiring and Setting Up the Remote Registration Tool
13.7.2
Creating Your Remote Registration Request
13.7.3
Performing In-Band Remote Registration
13.7.4
Performing Out-of-Band Remote Registration
13.8
Introduction to Updating Agents Remotely
13.8.1
About Remote Agent Update Modes
13.8.2
About Remote 11g OAM Agent Updates Template
13.9
Updating Agents Remotely
13.9.1
Updating Agents Remotely
13.9.2
Performing Remote Agent Validation
13.9.3
Performing Remote Agent Removal
13.10
Validating Remote Registration and Resource Protection
13.10.1
Validating Remote Registration
13.10.1.1
Validating Agent Registration using the Oracle Access Management Console
13.10.1.2
Validating Authentication and Access After Remote Registration
14
Managing Sessions
14.1
Prerequisites
14.2
Introduction to Sessions and Session Management
14.2.1
About Access Manager Session Security
14.2.1.1
Secure HTTPS Protocol
14.2.1.2
Oracle Coherence
14.2.1.3
Database Persistence
14.2.2
About the Session Lifecycle
14.2.3
About Timeout with Multiple-Agent Types: OSSO and OAM Agents
14.2.4
About OpenSSO Agents
14.2.5
About Oracle Coherence and Session Management
14.3
Configuring Session Lifecycle Settings
14.3.1
About Common Session Lifecycle Setting Page
14.3.2
Viewing or Modifying Common Session Lifecycle Settings
14.4
Managing Active Sessions
14.4.1
About the Session Management Page
14.4.2
Managing Active Sessions
14.5
Verifying Session Operations
Part V Managing Access Manager SSO, Policies, and Testing
15
Introduction to Single Sign-On with Access Manager
15.1
Introduction to Access Manager Single Sign-On
15.1.1
About Multiple Network Domain SSO
15.1.2
About Application SSO and Access Manager
15.1.3
About Multiple WebLogic Server Domain SSO
15.1.4
About Reverse-Proxy SSO
15.2
Understanding the Access Manager Policy Model
15.3
Anatomy of an Application Domain and Policies
15.3.1
About Resource Definitions for Policies
15.3.2
About Authentication Policies
15.3.3
About Authorization Policies
15.3.4
About Token Issuance Policies
15.4
Introduction to Policy Conditions and Rules
15.5
Introduction to Access Manager Credential Collection and Login
15.5.1
About Access Manager Credential Collection
15.5.2
About SSO Login Processing with OAM Agents and ECC
15.5.3
About Login Processing with OAM Agents and DCC
15.5.4
About SSO Login Processing with OSSO Agents (mod_osso) and ECC
15.6
Understanding SSO Cookies
15.6.1
About Single Sign-On Cookies During User Login
15.6.2
About Single Sign-On Server and Agent Cookies
15.6.2.1
OAM_ID cookie
15.6.2.2
OAMAuthnCookie for 11g OAM Webgates
15.6.2.3
ObSSOCookie for 10g Webgates
15.6.2.4
OAM_REQ Cookie
15.6.2.5
DCCCtxCookie
15.6.2.6
mod_osso Cookies
15.6.2.7
OpenSSO Cookie (iPlanetDirectoryPro)
15.7
Introduction to Configuration Tasks for Single Sign-On
16
Managing Authentication and Shared Policy Components
16.1
Prerequisites
16.2
Introduction to Managing Authentication and Shared Policy Components
16.3
Managing Resource Types
16.3.1
About Resource Types and Their Use
16.3.2
About the Resource Type Page
16.3.3
Searching for a Specific Resource Type
16.3.4
Creating a Custom Resource Type
16.4
Managing Host Identifiers
16.4.1
About Host Identifiers
16.4.1.1
Host Identifier Usage
16.4.1.2
Host Identifier Guidelines
16.4.1.3
Host Identifier Variations
16.4.2
About Virtual Web Hosting
16.4.2.1
Placing a Webgate Behind a Reverse Proxy
16.4.2.2
Configuring Virtual Hosting for Non-Apache Web Servers
16.4.2.3
Associating a Webgate for Apache with Virtual Hosts, Directories, or Files
16.4.3
About the Host Identifier Page
16.4.4
Creating a Host Identifier
16.4.5
Searching for a Host Identifier Definition
16.4.6
Viewing or Editing a Host Identifier Definition
16.4.7
Deleting a Host Identifier Definition
16.5
Understanding Authentication Methods and Credential Collectors
16.5.1
About Different Authentication Methods
16.5.2
Comparing Embedded Credential Collector with Detached Credential Collector
16.5.3
Authentication Event Logging and Auditing
16.6
Managing Native Authentication Modules
16.6.1
About Native Access Manager Authentication Modules
16.6.1.1
Native Kerberos Authentication Module
16.6.1.2
Native LDAP Authentication Modules
16.6.1.3
Native X509 Authentication Module
16.6.2
Viewing or Editing Native Authentication Modules
16.6.3
Deleting a Native Authentication Module
16.7
Orchestrating Multi-Step Authentication with Plug-in Based Modules
16.7.1
Comparing Simple Form and Multi-Factor (Multi-Step) Authentication
16.7.2
About Plug-ins and Multi-Step Authentication Module Creation
16.7.3
About Plug-in Based Modules for Multi-Step Authentication
16.7.4
Leveraging SubjectAltName Extension Data and Integrating with Multiple OCSP Endpoints
16.7.5
Creating and Orchestrating Plug-in Based Multi-Step Authentication Modules
16.8
Deploying and Managing Individual Plug-ins for Authentication
16.8.1
About Managing Your Own Authentication Plug-ins
16.8.2
Making Custom Authentication Plug-ins Available for Use
16.8.3
Checking an Authentication Plug-in's Activation Status
16.8.4
Deleting Your Custom Authentication Plug-ins
16.9
Managing Authentication Schemes
16.9.1
About Authentication Schemes and Pages
16.9.1.1
Pre-configured Authentication Schemes
16.9.1.2
About Challenge Methods
16.9.1.3
About Challenge Parameters for Authentication Schemes
16.9.2
Understanding Multi-Level and Step-Up Authentication
16.9.2.1
About Multi-Level and Step-Up Authentication
16.9.2.2
Detection of Insufficient Authentication Level by OAM Agent
16.9.2.3
Multi-Level Authentication Processing with 10g OSSO Agent
16.9.3
Creating an Authentication Scheme
16.9.4
Searching for an Authentication Scheme
16.9.5
Viewing, Editing, or Deleting an Authentication Scheme
16.10
Configuring Challenge Parameters for Encrypted Cookies
16.10.1
About Challenge Parameters for Encrypted Cookies
16.10.2
Configuring Challenge Parameters for Security of Encrypted Cookies
16.10.3
Setting Challenge Parameters for Persistence of Encrypted Cookies
16.11
Understanding Password Policy
16.11.1
Previewing Oracle-Provided Password Forms and Functionality
16.11.2
Previewing the Password Policy Page in Oracle Access Management Console
16.11.3
About Credential Collectors and Password Policy Validation
16.12
Managing Global Password Policy
16.12.1
Defining Your Global Password Policy
16.12.2
Designating the Default Store for Your Password Policy
16.12.3
Adding Key Password Attributes to the Default Store
16.12.3.1
About Extending the Default Store Schema
16.12.3.2
Extending the Default Store Schema with Password Policy Attributes
16.12.4
Adding an Administrator to Change User Attributes After a Password Change
16.13
Configuring Password Policy Authentication
16.13.1
Configuring the Password Policy Validation Authentication Module
16.13.2
Configuring the PasswordPolicyValidationScheme
16.13.3
Adding Your PasswordPolicyValidationScheme to ECC Authentication Policy
16.14
Configuring 11g Webgate and Authentication Policy for DCC
16.14.1
Enabling DCC Credential Operations
16.14.2
Locating and Updating DCC Forms for Password Policy
16.14.3
Adding PasswordPolicyValidationScheme to Authentication Policy for DCC
16.15
Completing Password Policy Configuration
16.15.1
Setting the Error Message Mode for Password Policy Messages
16.15.2
Overriding Native LDAP Password Policy Validation
16.15.3
Disabling ECC Operation and Using DCC Exclusively
16.15.4
Testing Your Multi-Step Authentication
16.16
Configuring Authentication Post Data Handling
16.16.1
About Authentication Post Data Preservation and Restoration
16.16.2
About Configuring Authentication Post Data Handling
16.16.3
Configuring Authentication Post Data Handling
16.16.4
Testing Post Data Handling Configuration
16.17
Configuring Long URL Handling During Authentication
16.17.1
About Long URLs and Authentication Handling
16.17.2
16.17.3
16.17.4
17
Managing Policies to Protect Resources and Enable SSO
17.1
Prerequisites
17.2
Introduction to Application Domain and Policy Creation
17.2.1
About Automatic Application Domain and Policy Generation
17.2.2
About Manually Creating Application Domains and Policies
17.2.3
About Remote Policy Creation and Updates
17.2.4
About Creating or Managing an Application Domain and Policies
17.3
Understanding Application Domain and Policy Management Using the Console
17.3.1
About Application Domain Pages and Navigation
17.3.2
About the Application Domain Summary Page
17.3.3
About the Resource Container in an Application Domain
17.3.4
About Authentication Policy Pages
17.3.5
About Authorization Policy Pages
17.3.6
About Token Issuance Policy Pages
17.4
Managing Application Domains and Policies Using the Console
17.4.1
About Application Domains Summary Page
17.4.2
Creating a Fresh Application Domain Using the Console
17.4.3
Searching for an Existing Application Domain
17.4.4
Viewing or Editing an Application Domain by Using the Oracle Access Management Console
17.4.5
Deleting an Application Domain and Its Content
17.5
Adding and Managing Resource Definitions to be Added to Policies
17.5.1
About Defining Resources in an Application Domain
17.5.1.1
About the Resource Type in a Resource Definition
17.5.1.2
About the Host Identifier in a Resource Definition
17.5.1.3
About the Resource URL, Prefixes, and Patterns
17.5.1.4
About Query String Name and Value Parameters for Resource Definitions
17.5.1.5
About Literal Query Strings in Resource Definitions
17.5.1.6
About Run Time Resource Evaluation
17.5.2
Defining Resources in an Application Domain
17.5.3
Searching for a Resource Definition
17.5.3.1
About Searching for a Specific Resource Definition
17.5.3.2
Searching for a Specific Resource Definition
17.5.4
Viewing, Editing, or Deleting a Resource Definition
17.6
Defining Authentication Policies for Specific Resources
17.6.1
About the Authentication Policy Page
17.6.1.1
About Resources in an Authentication Policy
17.6.2
Creating an Authentication Policy for Specific Resources
17.6.3
Searching for an Authentication Policy
17.6.4
Viewing or Editing an Authentication Policy
17.6.5
Deleting an Authentication Policy
17.7
Defining Authorization Policies for Specific Resources
17.7.1
About Authorization Policies for Specific Resources
17.7.2
Creating an Authorization Policy and Specific Resources
17.7.3
Searching for an Authorization Policy
17.7.4
Viewing or Editing an Authorization Policy and Resources
17.7.5
Deleting an Entire Authorization Policy
17.8
Introduction to Policy Responses for SSO
17.8.1
About Authentication and Authorization Policy Responses for SSO
17.8.2
About the Policy Response Language
17.8.3
About the Namespace and Variable Names for Policy Responses
17.8.4
About Constructing a Policy Response for SSO
17.8.4.1
Simple Responses
17.8.4.2
Compound and Complex Responses
17.8.5
About Policy Response Processing
17.8.6
About Assertion Claims and Processing
17.9
Adding and Managing Policy Responses for SSO
17.9.1
Adding a Policy Response for SSO
17.9.2
Viewing, Editing, or Deleting a Policy Response for SSO
17.10
Introduction to Authorization Policy Rules and Conditions
17.10.1
About Allow or Deny Rules
17.10.2
About Authorization Policy Conditions
17.10.3
About Classifying Users and Groups for Conditions
17.10.4
Guidelines for Authorization Responses Based on Conditions
17.11
Defining Authorization Policy Conditions
17.11.1
Choosing a Condition Type
17.11.1.1
About Choosing a Condition Type
17.11.1.2
Choosing a Condition Type
17.11.2
Defining Identity Conditions
17.11.2.1
About Identity Conditions
17.11.2.2
Specifying Identity Type Conditions
17.11.3
Defining IP4 Range Conditions
17.11.3.1
About IP4 Range Condition Types
17.11.3.2
Defining IP4 Range Conditions
17.11.4
Defining Temporal Conditions
17.11.4.1
About Temporal Conditions
17.11.4.2
Defining Temporal Conditions
17.11.5
Defining Attribute Conditions
17.11.5.1
About Attribute Conditions
17.11.5.2
Defining Attribute Type Conditions
17.11.6
Viewing, Editing, or Deleting Authorization Policy Conditions
17.12
Defining Authorization Policy Rules
17.12.1
About Defining Rules in an Authorization Policy
17.12.2
About Expressions and Expression-Based Policy Evaluation
17.12.2.1
Expression Evaluation in Authorization Rules
17.12.3
Defining Rules in an Authorization Policy
17.13
Validating Authentication and Authorization in an Application Domain
17.14
Understanding Remote Policy and Application Domain Management
17.14.1
About Managing Policies Remotely
17.14.2
About the Create Policy Request Template
17.14.3
About the Update Policy Request Template
17.14.4
About Remote Policy Management and Templates
17.15
Managing Policies and Application Domains Remotely
18
Validating Connectivity and Policies Using the Access Tester
18.1
Prerequisites
18.2
Introduction to the Access Tester for Access Manager 11g
18.2.1
About OAM Agent and Server Interoperability
18.2.2
About Access Tester Security and Processing
18.2.3
About Access Tester Modes and Administrator Interactions
18.3
Installing and Starting the Access Tester
18.3.1
Installing the Access Tester
18.3.2
About Access Tester Supported System Properties
18.3.3
Starting the Tester Without System Properties For Use in Tester Console Mode
18.3.4
Starting the Access Tester with System Properties For Use in Command Line Mode
18.3.4.1
About the Access Tester Command Line Mode
18.3.4.2
Starting the Access Tester with System Properties
18.4
Introduction to the Access Tester Console and Navigation
18.4.1
Access Tester Menus and Command Buttons
18.5
Testing Connectivity and Policies from the Access Tester Console
18.5.1
Establishing a Connection Between the Access Tester and the OAM Server
18.5.1.1
About the Connection Panel
18.5.1.2
Connecting the Access Tester with the OAM Server
18.5.2
Validating Resource Protection from the Access Tester Console
18.5.2.1
About the Protected Resource URI Panel
18.5.2.2
Validating Resource Protection
18.5.3
Testing User Authentication from the Access Tester Console
18.5.3.1
About the User Identity Panel
18.5.3.2
Testing User Credential Authentication
18.5.4
Testing User Authorization from the Access Tester Console
18.5.5
Observing Request Latency
18.6
Creating and Managing Test Cases and Scripts
18.6.1
About Test Cases and Test Scripts
18.6.2
Capturing Test Cases
18.6.3
Generating an Input Test Script
18.6.3.1
About Generating an Input Test Script
18.6.3.2
Generating an Input Test Script
18.6.4
Personalizing an Input Test Script
18.6.4.1
About Customizing a Test Script
18.6.4.2
Customizing a Test Script
18.6.5
Executing a Test Script
18.6.5.1
About Test Script Execution
18.6.5.2
Running a Test Script
18.7
Evaluating Scripts, Log File, and Statistics
18.7.1
About Evaluating Test Results
18.7.2
About the Saved Connection Configuration File
18.7.3
About the Generated Input Test Script
18.7.4
About the Target Output File Containing Test Run Results
18.7.5
About the Statistics Document
18.7.6
About the Execution Log
19
Configuring Centralized Logout for Sessions Involving 11g Webgates
19.1
Prerequisites
19.2
Introduction to Centralized Logout for Access Manager 11g
19.2.1
About Centralized Logout for 11g Webgates
19.2.2
About Logout Parameters for 11g Webgates
19.3
Configuring Centralized Logout for 11g Webgates
19.3.1
Configuring Centralized Logout for 11g Webgates When the ECC is Used
19.3.2
Configuring Logout When Using Detached Credential Collector-Enabled Webgate
19.4
Validating Global Sign-On and Centralized Logout
19.4.1
Confirming Global Sign-On
19.4.2
Validating Global Sign-On with Mixed Agent Types
19.4.3
Observing Centralized Logout
Part VI Registering and Using Legacy Agents with Access Manager
20
Registering and Managing Legacy OpenSSO Agents
20.1
Introduction to OpenSSO, Agents, Migration and Co-existence
20.1.1
About Migration and Co-existence Between OpenSSO and Access Manager
20.1.2
About OpenSSO Agent Reliance on Access Manager
20.2
Runtime Processing Between OpenSSO Agents and Access Manager
20.3
Understanding OpenSSO Agent Registration Parameters
20.3.1
About OpenSSO Agent Registration Parameters
20.3.2
About the Expanded OpenSSO Agent Page and Parameters
20.4
Registering and Managing OpenSSO Agents Using the Console
20.4.1
Registering an OpenSSO Agent using the Oracle Access Management Console
20.4.2
Configuring and Managing Registered OpenSSO Agents Using the Console
20.5
Performing Remote Registration for OpenSSO Agents
20.5.1
Understanding Request Templates for OpenSSO Agent Remote Registration
20.5.2
Reviewing OpenSSO Bootstrap Configuration Mappings
20.5.3
Performing In-Band Remote Registration with OpenSSO Agents
20.5.4
Performing Out-of-Band Remote Registration with OpenSSO Agents
20.6
Updating Registered OpenSSO Agents Remotely
20.6.1
Updating OpenSSO Agents Remotely
20.7
Locating Other OpenSSO Agent Information
21
Registering and Managing Legacy OSSO Agents
21.1
Understanding OSSO Agents with Access Manager
21.1.1
About OSSO Agents with Access Manager
21.1.2
Comparing Access Manager 11g SSO versus OSSO 10g
21.2
Registering OSSO Agents Using Oracle Access Management Console
21.2.1
Understanding the Create OSSO Agent Registration Page and Parameters
21.2.2
Registering an OSSO Agent (mod_osso) Using the Console
21.3
Configuring and Managing Registered OSSO Agents Using the Console
21.3.1
Understanding the Expanded OSSO Agent Page in the Console
21.3.2
Searching for an OSSO Agent (mod_osso) Registration
21.3.3
Viewing or Editing OSSO Agent (mod_osso) Registration
21.3.4
Deleting an OSSO Agent (mod_osso) Registration
21.4
Performing Remote Registration for OSSO Agents
21.4.1
Understanding Request Templates for OSSO Remote Registration
21.4.2
Performing In-Band Remote Registration of OSSO Agents
21.4.3
Performing Out-of-Band Remote Registration for OSSO Agents
21.5
Updating Registered OSSO Agents Remotely
21.6
Configuring Logout for OSSO Agents with Access Manager 11.1.2
21.6.1
About Centralized Logout with OSSO Agents (mod_OSSO) and Access Manager
21.6.2
Removing Custom mod_osso Cookies on Logout
21.7
Locating Other OSSO Agent Information
22
Registering and Managing 10g Webgates with Access Manager 11g
22.1
Prerequisites
22.2
Introduction to 10g OAM Agents for Access Manager 11g
22.2.1
About IAMSuiteAgent: A Pre-Configured 10g Webgate Registered with Access Manager
22.2.2
About Legacy Oracle Access Manager 10g Deployments and Webgates
22.2.3
About Installing Fresh 10g Webgates to Use With Access Manager 11.1.2
22.2.4
About Centralized Logout with 10g OAM Agents and 11g OAM Servers
22.3
Comparing Access Manager 11.1.2 and 10g
22.3.1
Comparing Access Manager 11g versus 10g
22.3.2
Comparing Access Manager 11g versus 10g Policy Model
22.4
Configuring Centralized Logout for IAMSuiteAgent
22.5
Registering a 10g Webgate with Access Manager 11g Remotely
22.6
Managing 10g OAM Agents Remotely
22.7
Locating and Installing the Latest 10g Webgate for Access Manager 11g
22.7.1
Preparing for a Fresh 10g Webgate Installation with Access Manager 11g
22.7.2
Locating and Downloading 10g Webgates for Use with Access Manager 11g
22.7.3
Starting Webgate 10g Installation
22.7.4
Specifying a Transport Security Mode
22.7.5
Requesting or Installing Certificates for Secure Communications
22.7.6
Specifying Webgate Configuration Details
22.7.7
Updating the Webgate Web Server Configuration
22.7.7.1
Manually Configuring Your Web Server
22.7.8
Finishing Webgate Installation
22.7.9
Installing Artifacts and Certificates
22.7.10
Confirming Webgate Installation
22.8
Configuring Centralized Logout for 10g Webgate with 11g OAM Servers
22.8.1
About Centralized Logout Processing for 10g Webgate with 11g OAM Server
22.8.2
About the Centralized Logout Script for 10g Webgates with 11g OAM Servers
22.8.3
Configuring Centralized Logout for 10g Webgates with Access Manager
22.9
Replacing the IAMSuiteAgent with an 10g Webgate
22.9.1
Registering a Replacement 10g Webgate for IAMSuiteAgent
22.9.2
Installing the Replacement 10g Webgate for IAMSuiteAgent
22.9.3
Updating the WebLogic Server Plug-in
22.9.4
Confirming the AutoLogin Host Identifier for an OAM / OIM Integration
22.9.5
Configuring OAM Security Providers for WebLogic
22.9.5.1
About Security Providers
22.9.5.2
Setting Up Security Providers for the 10g Webgate
22.9.6
Disabling IAMSuiteAgent
22.9.7
Verification
22.10
Removing a 10g Webgate from the Access Manager 11g Deployment
23
Configuring Apache, OHS, IHS for 10g Webgates
23.1
Prerequisites
23.2
About Oracle HTTP Server and Access Manager
23.3
About Access Manager with Apache and IHS v2 Webgates
23.3.1
About the Apache HTTP Server
23.3.2
About the IBM HTTP Server
23.3.3
About the Apache and IBM HTTP Reverse Proxy Server
23.4
About Apache v2 Architecture and Access Manager
23.5
Requirements for Oracle HTTP Server, IHS, Apache v2 Web Servers
23.5.1
Requirements for IHS2 Web Servers
23.5.2
Requirements for Apache and IHS v2 Reverse Proxy Servers
23.5.3
Requirements for Apache v2 Web Servers
23.6
Preparing Your Web Server
23.6.1
Preparing the IHS v2 Web Server
23.6.1.1
Preparing the Host for IHS v2 Installation
23.6.1.2
Installing the IBM HTTP Server v2
23.6.1.3
Setting Up SSL-Capability
23.6.1.4
Starting a Secure Virtual Host
23.6.2
Preparing Apache and Oracle HTTP Server Web Servers on Linux
23.6.3
Preparing Oracle HTTP Server Web Servers on Linux and Windows Platforms
23.6.4
Setting Oracle HTTP Server Client Certificates
23.6.5
Preparing the Apache v2 Web Server on UNIX
23.6.6
Preparing the Apache v2 SSL Web Server on AIX
23.6.7
Preparing the Apache v2 Web Server on Windows
23.7
Activating Reverse Proxy for Apache v2 and IHS v2
23.7.1
Activating Reverse Proxy For Apache v2 Web Servers
23.7.2
Activating Reverse Proxy For IHS v2 Web Servers
23.8
Verifying httpd.conf Updates for Webgates
23.8.1
Verifying Webgate Details
23.8.2
Verifying Language Encoding
23.9
Tuning Oracle HTTP Server Webgates for Access Manager
23.10
Tuning OHS /Apache Prefork and MPM Modules for OAM
23.10.1
Tuning Oracle HTTP Server /Apache Prefork Module
23.10.2
Tuning Oracle HTTP Server /Apache MPM Module
23.10.3
Kernal Parameters Tuning
23.11
Starting and Stopping Oracle HTTP Server Web Servers
23.12
Tuning Apache/IHS v2 Webgates for Access Manager
23.13
Removing Web Server Configuration Changes After Uninstall
23.14
Helpful Information
24
Configuring the ISA Server for 10g Webgates
24.1
Prerequisites
24.2
About Access Manager and the ISA Server
24.3
Compatibility and Platform Support
24.4
Installing and Configuring Webgate for the ISA Server
24.4.1
Installing Webgate with ISA Server
24.4.2
Changing /access Directory Permissions
24.5
Configuring the ISA Server for the ISAPI Webgate
24.5.1
Registering Access Manager Plug-ins as ISA Server Web Filters
24.5.2
Configuring ISA Firewall Policies for ISA Web Filters
24.5.3
Ordering the ISAPI Filters
24.6
Starting, Stopping, and Restarting the ISA Server
24.7
Removing Access Manager Filters Before Webgate Uninstall on ISA Server
25
Configuring the IIS Web Server for 10g Webgates
25.1
Prerequisites
25.2
Webgate Guidelines for IIS Web Servers
25.2.1
Guidelines for ISAPI Webgates
25.2.1.1
Webgates for IIS v7
25.2.1.2
Webgates for IIS v6
25.2.1.3
Multiple Webgates with a Single IIS 6 Instance
25.3
Prerequisite for Installing Webgate for IIS 7
25.3.1
Prerequisite for Installing Any 10g Webgate for IIS 7
25.3.2
Prerequisite for Installing a 32-bit Webgate for IIS 7
25.4
Updating IIS 7 Web Server Configuration on Windows 2008
25.5
Completing Webgate Installation with IIS
25.5.1
Enabling Client Certificate Authentication on the IIS Web Server
25.5.2
Ordering the ISAPI Filters
25.5.3
Enabling Pass-Through Functionality for POST Data
25.5.3.1
About ISAPI Webgate 10.1.4.2.3
25.5.3.2
About Pass-Through Functionality for POST Data
25.5.3.3
Implementing Pass-Through: IIS 6.0 in Worker Process Isolation Mode
25.5.3.4
Implementing Pass-Through with IIS 6.0 Web Server in IIS 5.0 Isolation Mode
25.5.4
Protecting a Web Site When the Default Site is Not Setup
25.6
Installing and Configuring Multiple 10g Webgates for a Single IIS 7 Instance
25.6.1
Installing Each IIS 7 Webgate in a Multiple Webgate Scenario
25.6.2
Setting the Impersonation DLL for Multiple IIS 7 Webgates
25.6.3
Enabling Client Certification for Multiple IIS 7 Webgates
25.6.4
Configuring IIS 7 Webgates for Pass Through Functionality
25.6.5
Confirming IIS 7 Webgate Installation
25.7
Installing and Configuring Multiple Webgates for a Single IIS 6 Instance
25.7.1
Installing Each Webgate in a Multiple Webgate Scenario
25.7.2
Setting the Impersonation DLL for Multiple Webgates
25.7.3
Enabling SSL and Client Certification for Multiple Webgates
25.7.4
Confirming Multiple Webgate Installation
25.8
Finishing 64-bit Webgate Installation
25.8.1
Setting Access Permissions, ISAPI filters, and Directory Security Authentication
25.8.2
Setting Client Certificate Authentication
25.9
Confirming Webgate Installation on IIS
25.10
Starting, Stopping, and Restarting the IIS Web Server
25.11
Removing Web Server Configuration Changes Before Uninstall
26
Configuring Lotus Domino Web Servers for 10g Webgates
26.1
Prerequisites
26.2
Installing the Domino Web Server
26.3
Setting Up the First Domino Web Server
26.4
Starting the Domino Web Server
26.5
Enabling SSL (Optional)
26.6
Installing a Domino Security (DSAPI) Filter
26.6.1
Completing the Webgate Installation
Part VII Managing Oracle Access Management Identity Federation
27
Introduction to Identity Federation in Oracle Access Management
27.1
Identity Federation with Oracle Access Management
27.1.1
Federated SSO in Oracle Access Management
27.1.2
Benefits of using Identity Federation 11.1.2 with Access Manager
27.1.3
Key Elements of Access Manager with Identity Federation
27.1.4
Key Features
27.1.4.1
Operational Modes
27.1.4.2
Supported Protocols
27.1.4.3
Supported Data Stores
27.1.4.4
User Mapping
27.1.4.5
Multi-Tenant Support
27.1.4.6
Platform Dependencies
27.1.5
Administration
27.2
Introduction to Identity Federation within Oracle Access Management Console
27.3
Managing the Federation Service
28
Managing Partners for Identity Federation Using Oracle Access Management Console
28.1
Prerequisites
28.2
Introduction to Managing Federation Partners
28.3
Managing Identity Provider Partners for Federation
28.3.1
Creating Federation Identity Providers
28.3.2
Managing Identity Providers for Federation
29
Managing Settings for Identity Federation Using Oracle Access Management Console
29.1
Prerequisites
29.2
Introduction to Federation Settings in Oracle Access Management Console
29.3
Managing General Federation Settings
29.3.1
About Managing General Federation Settings
29.3.2
Managing General Federation Settings
29.4
Managing Proxy Settings for Federation in Oracle Access Management Console
29.4.1
About Proxy Settings for Federation
29.4.2
Managing Proxy Settings for Identity Federation
29.5
Defining Keystore Settings for Federation in Oracle Access Management Console
29.5.1
About Managing Keytore Settings for Identity Federation
29.5.2
Managing Identity Federation Encryption/Signing Keys
29.5.2.1
Resetting the System (.oamkeystore) and Trust (amtruststore) Keystore Password
29.5.2.2
Adding a New Key Entry to the System Keystore (.oamkeystore)
29.6
Exporting Metadata
30
Managing Federation-related Schemes and Policies Using Oracle Access Management Console
30.1
Prerequisites
30.2
Introduction to Using Identity Federation and Access Manager in Concert Together
30.3
Using Authentication Schemes and Modules for Identity Federation 11g Release 2 (11.1.2)
30.3.1
About Scheme FederationScheme
30.3.2
About Module FederationPlugin
30.3.3
Managing Authentication with Identity Federation in 11g Release 2
30.4
Using Authentication Schemes and Modules for Oracle Identity Federation 11g Release 1
30.4.1
About Scheme OIFScheme
30.4.2
About Module OIFMTLDAPPlugin
30.4.3
Managing Authentication with Oracle Identity Federation Release 11gR1
30.5
Managing Access Manager Policies for Use with Identity Federation
30.5.1
About Policy Responses with Assertion Attributes for Identity Federation
30.5.2
Defining Policy Responses with Assertion Attributes for Identity Federation
30.6
Testing Identity Federation Configuration
30.7
Using the Default Identity Provisioning Plug-in
30.7.1
Why Use a Provisioning Plug-in?
30.7.2
About the Default Provisioning Plug-in
30.7.3
Using the Default Provisioning Plug-in
30.7.4
Switching to a Custom Provisioning Plug-in
30.8
Configuring the Identity Provider Discovery Service
30.8.1
Using the Bundled IdP Discovery Service
30.8.2
Creating a custom IdP Discovery Service
30.8.3
Disabling the use of an IdP Discovery Service
30.9
Configuring the Federation User Self-Registration Module
Part VIII Managing Oracle Access Management Security Token Service
31
Security Token Service Implementation Scenarios
31.1
Prerequisites
31.2
Typical Token Ecosystem
31.3
Scenario: Identity Propagation with the Access Manager Token
31.3.1
Component Processing: Identity Propagation with the OAM Token
31.3.2
Request Security Token Attributes and Run Time Processing
31.3.3
Configuration Requirements: Identity Propagation with the OAM Token
31.3.4
Testing Your Implementation
31.4
Scenario: Web Service Security With On Behalf Of Username Token
31.4.1
Component interactions for Identity Propagation with Username Token
31.4.2
RST Attributes and Processing for Identity Propagation with a Username Token
31.4.3
Configuration Requirements: Identity Propagation with the Username Token
32
Managing Security Token Service Settings and Set Up
32.1
Prerequisites
32.2
Introduction to Security Token Service Configuration
32.2.1
Post-Installation Configuration
32.2.2
About OAM Servers and Security Token Service
32.2.3
About Security Token Service Clients
32.2.4
About Agents and Security Token Service
32.2.5
About Security Token Service End Points and Policies
32.3
Enabling and Disabling Security Token Service
32.3.1
About Security Token Service and the Oracle Access Management Console
32.3.1.1
About Security Token Service Administrators
32.3.1.2
About Logging In To, and Signing Out Of, Security Token Service
32.3.2
About Enabling Services for Security Token Service
32.3.3
Enabling and Disabling Services for Security Token Service
32.4
Defining Security Token Service Settings Using Oracle Access Management Console
32.4.1
About Security Token Service Settings
32.4.2
Managing Security Token Service Settings
32.5
Using and Managing WSS Policies for Oracle WSM Agents
32.5.1
Using and Modifying Oracle Workspace Studio Policies
32.5.2
Managing WSS Policies for Security Token Service: Classpath
32.5.3
Managing WSS Policies for Security Token Service: Oracle WSM Policy Manager
32.6
Configuring OWSM for WSS Protocol Communication
32.6.1
About Oracle WSM Agent WS-Security Policies for Security Token Service
32.6.2
Retrieving the Oracle WSM Keystore Password
32.6.3
Extracting the Oracle STS/Oracle WSM Signing and Encryption Certificate
32.6.4
Adding Trusted Certificates to the Oracle WSM Keystore
32.6.5
Validating Trusted Certificates in the Oracle WSM Keystore
32.6.6
Configuring Oracle WSM Agent for WSS Kerberos Policies
32.7
Managing and Migrating Security Token Service Policies
32.7.1
About Managing and Migrating Security Token Service Policies
32.7.2
Managing Security Token Service Policies
32.7.3
Migrating Security Token Service Policies
32.8
Introduction to Logging Security Token Service Messages
32.9
Introduction to Auditing for Security Token Service
32.9.1
About Security Token Service Audit Record Storage
32.9.2
About Audit Reports and Oracle Business Intelligence Publisher
32.9.3
About the Audit Log
32.9.4
About Auditing Security Token Service Events
33
Managing Security Token Service Certificates and Keys
33.1
Prerequisites
33.2
Introduction to Certificates and Keys for Security Token Service
33.2.1
About Keystores and Security Token Service
33.2.2
About the Oracle Web Services Manager Keystore (default-keystore.jks)
33.2.3
About Using the OPSS Keystore for Requester Certificates
33.3
Managing Security Token Service Encryption/Signing Keys
33.3.1
Resetting System Keystore (.oamkeystore) and Trust Keystore (amtruststore) Password
33.3.2
Adding a New Key Entry to the System Keystore (.oamkeystore)
33.3.2.1
Adding a New Entry
33.3.2.2
Configuring a SAML Issuance Template to use a Signing Key
33.3.2.3
Setting the Default Encryption Key
33.3.3
Extracting an Security Token Service Certificate
33.3.3.1
Using the Certificate Retrieval Service
33.4
Managing Partner Keys for WS-Trust Communications
33.4.1
About Partner Certificates
33.4.2
About Downloading the Relying Party's Certificate at Run Time
33.4.3
Setting the Partner's Signing or Encryption Certificate
33.5
Managing Certificate Validation
33.5.1
Managing the Trust Anchors Store (amtruststore)
33.5.2
Managing Certificate Revocation Lists
33.5.3
Using a Custom Trust Anchor Store for Security Token Service
34
Managing Templates, Endpoints, and Policies
34.1
Prerequisites
34.2
Introduction
34.3
Searching for an Existing Template
34.3.1
About Template Search Controls
34.3.2
Searching For a Template
34.4
Managing Token Issuance Templates
34.4.1
About Managing Token Issuance Templates
34.4.2
Managing a Token Issuance Template
34.5
Managing Token Validation Templates
34.5.1
About Managing Token Validation Templates
34.5.2
Managing Token Validation Templates
34.6
Managing Security Token Service Endpoints
34.6.1
About Managing Endpoints
34.6.2
Managing EndPoints
34.7
Managing Token Issuance Policies, Conditions, and Rules
34.7.1
About Token Issuance Policies
34.7.2
About Managing Token Issuance Conditions and Rules
34.7.3
Managing Token Issuance Policies and Conditions
34.8
Managing TokenServiceRP Type Resources
34.8.1
About Managing TokenServiceRP Type Resources in Access Manager
34.8.2
Managing TokenServiceRP Type Resources in Application Domains
34.9
Making Custom Classes Available
34.9.1
About Making Classes Available
34.9.2
About Narrowing a Search for Custom Tokens
34.9.3
Managing Custom Tokens
34.10
Managing a Custom Security Token Service Configuration
34.10.1
Creating the Validation Template
34.10.2
Creating the Issuance Template for a Custom Token
34.10.3
Adding the Custom Token to a Requester Profile
34.10.4
Adding the Custom Token to the Relying Party Profile
34.10.5
Mapping the Token to a Requestor
34.10.6
Creating an /wssuser EndPoint
35
Managing Token Service Partners and Partner Profiles
35.1
Prerequisites
35.2
Introduction Token Service Partners and Partner Profiles
35.2.1
About Token Service Partners
35.2.2
About Partner Profiles
35.2.2.1
About Partner Entries
35.2.2.2
About Partner Profile Data
35.3
Managing Token Service Partners
35.3.1
About Managing Token Service Partners
35.3.2
Managing a Token Service Partner
35.3.3
Refining Partner Searches
35.4
Managing Token Service Partner Profiles
35.4.1
About Managing Partner Profiles
35.4.2
Managing a Token Service Partner Profile
35.4.3
Refining a Profile Search
36
Troubleshooting Security Token Service
36.1
Authorization Issues
36.2
Endpoint Issues
36.3
Mapping Operation Issues
Part IX Managing Oracle Access Management Mobile and Social
37
Understanding Mobile and Social
37.1
Introducing Mobile and Social
37.1.1
Deploying Mobile and Social
37.1.2
Installing Mobile and Social
37.2
Understanding Mobile Services
37.2.1
Introducing Authentication Services and Authorization Services
37.2.2
Introducing User Profile Services
37.2.3
Introducing Mobile Single Sign-on (SSO) Capabilities
37.2.4
Introducing the Mobile and Social Mobile Services Client SDK
37.3
Understanding the Mobile Services Processes
37.3.1
Registering Mobile Device With User Authentication
37.3.2
Authenticating User With Registered Device
37.3.3
Using REST Calls for User Authentication
37.3.4
Authenticating User With Mobile Browser-based Web App
37.4
Using Mobile Services
37.4.1
Protecting the Mobile Client Registration Endpoint
37.4.2
Exchanging Credentials
37.4.3
Protecting User Profile Services And Authorization Services
37.4.4
Using Mobile Services with Oracle Access Manager
37.4.5
Using Mobile Services with Oracle Adaptive Access Manager Services
37.5
Understanding Internet Identity Services
37.6
Understanding Internet Identity Services Processes
37.6.1
Authenticating a Returning User With a Local Account
37.6.2
Authenticating a New User With No Local Account
37.6.3
Using OAuth For Access Token Retrieval
37.6.4
Authenticating a User With Access Manager and Internet Identity Services
37.6.5
Authenticating a User Locally
37.7
Using Internet Identity Services
37.7.1
Using Internet Identity Services With Oracle Access Manager
37.7.2
Using Internet Identity Services With Mobile Services
37.7.3
Using the Internet Identity Services SDK
38
Configuring Mobile Services
38.1
Navigating the Mobile Services Graphical User Interface
38.2
Understanding Mobile Services Configuration
38.2.1
Understanding Service Providers
38.2.2
Understanding Service Profiles
38.2.3
Understanding Security Handler Plug-ins
38.2.4
Understanding Application Profiles
38.2.5
Understanding Service Domains
38.3
Defining Service Providers
38.3.1
Defining, Modifying or Deleting an Authentication Service Provider
38.3.1.1
Creating an Authentication Service Provider
38.3.1.2
Editing or Deleting an Authentication Service Provider
38.3.1.3
Understanding the Pre-Configured Authentication Service Providers
38.3.2
Defining, Modifying or Deleting an Authorization Service Provider
38.3.2.1
Creating an Authorization Service Provider
38.3.2.2
Editing or Deleting an Authorization Service Provider
38.3.2.3
Understanding the Pre-Configured Authorization Service Provider
38.3.3
Defining, Modifying or Deleting a User Profile Service Provider
38.3.3.1
Creating a User Profile Service Provider
38.3.3.2
Editing or Deleting a User Profile Service Provider
38.3.3.3
Understanding the Pre-Configured User Profile Service Provider
38.4
Defining Service Profiles
38.4.1
Defining, Modifying and Deleting an Authentication Service Profile
38.4.1.1
Creating an Authentication Service Profile
38.4.1.2
Editing or Deleting an Authentication Service Profile
38.4.2
Defining, Modifying and Deleting an Authorization Service Profile
38.4.2.1
Creating an Authorization Service Profile
38.4.2.2
Editing or Deleting an Authorization Service Profile
38.4.3
Defining, Modifying and Deleting a User Profile Service Profile
38.4.3.1
Creating a User Profile Service Profile
38.4.3.2
Editing or Deleting a User Profile Service Profile
38.5
Defining Security Handler Plug-ins
38.5.1
Creating a Security Handler Plug-in
38.5.2
Editing or Deleting a Security Handler Plug-in
38.5.3
Device Fingerprinting and Device Profile Attributes
38.6
Defining Application Profiles
38.6.1
Creating an Application Profile
38.6.2
Editing or Deleting an Application Profile
38.7
Defining Service Domains
38.7.1
Creating a Service Domain
38.7.2
Editing or Deleting a Service Domain
38.8
Using the Jail Breaking Detection Policy
38.8.1
Adding a New Jail Breaking Detection Policy
38.8.2
Editing the Jail Breaking Detection Policy
38.9
Configuring Mobile Services with Other Oracle Products
38.9.1
Configuring Mobile Services for Access Manager
38.9.1.1
Configuring Mobile Services to Work With Access Manager in Simple and Certificate Mode
38.9.1.2
Configuring Authentication Service Provider for Remote Oracle Access Manager Server 10g
38.9.1.3
Configuring Authentication Service Provider for Remote Access Manager 11gR2 or Oracle Access Manager 11gR1 PS1
38.9.2
Configuring Mobile Services for Oracle Adaptive Access Manager
38.9.2.1
Understanding OAAM Support in Mobile and Social
38.9.2.2
Configuring the WebLogic Administration Domain
38.9.2.3
Setting up a Lost or Stolen Device Rule
38.9.2.4
Configuring Blacklisted Devices and Applications
38.9.2.5
Understanding the OAAM Sessions for Mobile Applications
38.9.2.6
Registering Users for OAAM Authentication
39
Configuring Internet Identity Services
39.1
Navigating the Internet Identity Services Graphical User Interface
39.2
Understanding Internet Identity Services Configuration
39.2.1
Understanding Internet Identity Providers
39.2.2
Understanding Service Provider Interfaces
39.2.3
Understanding Application Profiles
39.3
Defining Internet Identity Providers
39.3.1
Creating an Internet Identity Provider
39.3.2
Editing or Deleting an Internet Identity Provider
39.3.3
Generating the Consumer Key and Consumer Secret for OAuth Providers
39.3.3.1
Generating a Consumer Key and Consumer Secret for Facebook
39.3.3.2
Generating a Consumer Key and Consumer Secret for Twitter
39.3.3.3
Generating a Consumer Key and Consumer Secret for LinkedIn
39.3.4
Troubleshooting Internet Identity Providers
39.3.4.1
Configuring WebLogic Server for Facebook Compatibility
39.3.4.2
Configuring WebLogic Server 10.3.5 and Older for Facebook Compatibility
39.4
Defining Service Provider Interfaces
39.4.1
Creating a Service Provider Interface
39.4.2
Editing or Deleting an Service Provider Interface
39.4.3
Adding a Custom Service Provider Interface Implementation
39.5
Defining Application Profiles
39.5.1
Creating an Application Profile
39.5.2
Editing or Deleting an Application Profile
39.6
Integrating Internet Identity Services With Mobile Applications
40
Configuring Mobile and Social System Settings
40.1
Accessing the Mobile and Social Settings Interface
40.2
Logging and Auditing
40.3
Deploying Mobile and Social With Oracle Access Manager
40.4
Configuring Mobile and Social After Running Test-to-Production Scripts
Part X Using Identity Context
41
Using Identity Context
41.1
Introducing Identity Context
41.2
Understanding Identity Context
41.3
Working With the Identity Context Service
41.3.1
Using the Identity Context Dictionary
41.3.2
Understanding Identity Context Runtime
41.4
Using the Identity Context API
41.5
Configuring the Identity Context Service Components
41.5.1
Configuring Oracle Fusion Middleware
41.5.2
Configuring Access Manager
41.5.2.1
Configuring Identity Assertion
41.5.2.2
Configuring Federation Attributes
41.5.2.3
Configuring Session Attributes
41.5.2.4
Configuring Identity Store Attributes
41.5.3
Configuring Oracle Adaptive Access Manager
41.5.3.1
Setting Up Oracle Adaptive Access Manager
41.5.3.2
Configuring Access Manager for OAAM Integration
41.5.3.3
Validating Identity Context Data Published by OAAM
41.5.4
Configuring Web Service Security Manager
41.5.5
Configuring Oracle Entitlements Server
41.5.6
Configuring Oracle Enterprise Single Sign On
41.5.7
Configuring Oracle Access Management Mobile and Social
41.6
Validating Identity Context
Part XI Integrating Access Manager with Other Products
42
Integrating RSA SecurID Authentication with Access Manager
42.1
Introduction to Access Manager and RSA SecurID Authentication
42.2
Components Required for SecurID Authentication
42.2.1
Supported Versions and Platforms
42.2.2
Required RSA Components
42.2.2.1
RSA Authentication Manager
42.2.2.2
RSA SecurID Tokens
42.2.3
Installation and Configuration Requirements
42.3
SecurID Authentication Modes
42.3.1
Standard SecurID Authentication
42.3.2
SecurID Next Tokencode Authentication
42.3.3
SecurID New PIN Authentication
42.4
Configuring Access Manager for RSA SecurID Authentication
43
Configuring Access Manager for Windows Native Authentication
43.1
What is New in this Release?
43.2
Introduction to Access Manager with Windows Native Authentication
43.2.1
Access Manager WNA Login and Fall Back Authentication
43.2.2
Supported Integration Approaches
43.3
Preparing Your Active Directory/Kerberos Topology
43.4
Performing Oracle-Specific Prerequisite Tasks
43.4.1
Confirming Access Manager Operation
43.5
Enabling the Browser to Return Kerberos Tokens
43.6
Integrating KerberosPlugin with Oracle Virtual Directory
43.6.1
Preparing Oracle Virtual Directory for Integration
43.6.2
Registering Oracle Virtual Directory as the Default Store for WNA
43.6.3
Setting Up Authentication with Access Manager KerberosPlugin and OVD
43.7
Integrating Access Manager KerberosPlugin with Search Failover
43.7.1
Registering Microsoft Active Directory Instances with Access Manager
43.7.2
Setting Up Access Manager KerberosPlugin for ADGCs
43.8
Configuring Access Manager for Windows Native Authentication
43.8.1
Creating the Authentication Scheme for Windows Native Authentication
43.8.2
Configuring Access ManagerPolicies for Windows Native Authentication
43.8.3
Verifying the Access Manager Configuration File
43.9
Validating WNA with Access Manager-Protected Resources
43.10
Troubleshooting WNA Configuration
43.10.1
Kinit Fails
43.10.2
Unable To Access a Protected Resource Using WNA Authentication Scheme
43.10.3
User Identity Store is Not Active Directory
44
Integrating JBoss with Access Manager
44.1
Introduction to JBoss with Access Manager
44.1.1
About Configuration and Processing by Access ManagerJBoss Agent
44.1.2
About Configuration and Processing by Access Manager Login Module
44.2
Integration Topology
44.2.1
Access Manager JBoss Agent Functionality
44.2.2
Topology: Access Manager with JBoss Agent
44.2.3
Topology: JBoss Agent Behind Web Server Configured with Webgate
44.2.4
Sample Integration Topology
44.3
Preparing Your Environment for JBoss Integration
44.4
Protecting JBoss-Specific Resources
44.4.1
Registering the JBoss Agent with Automatic Policy Creation
44.4.2
Creating a Custom Policy for JBoss Resource Protection
44.5
Protecting Web Applications with the JBoss Agent
44.5.1
Creating Configuration Properties for the JBoss Agent
44.5.2
Configuring the Authentication Valve
44.5.3
Mapping the Filter in the Application's web.xml File
44.5.4
Configuring the JBoss Login Module to Use Access Manager Policies
44.6
Configuring JBoss Server to Access a Host Name (not localhost)
44.7
Configuring the Login Module to Secure EJBs
44.7.1
Configuring the Server to Secure EJBs
44.7.2
Configuring the Client Side to Secure EJBs
44.8
Configuring the Login Module to Secure Web Service Access
44.8.1
Configuring the Server to Secure Web Services Access
44.8.2
Configuring the Client to Secure Web Services Access
44.9
Configuring Logging for the JBoss Agent and Login Module
44.10
Validating Your Configuration
45
Integrating Microsoft SharePoint Server 2010 with Access Manager
45.1
What is New in this Release?
45.2
Introduction to Integrating with the SharePoint Server 2010
45.2.1
About Windows Impersonation
45.2.2
About Form-based Authentication With This Integration
45.2.3
About Authentication with Windows Impersonation and SharePoint 2010 Integration
45.2.4
About Access Manager and Windows Native Authentication
45.3
Integration Requirements
45.3.1
Confirming Requirements
45.3.2
Required Access Manager Components
45.3.3
Required Microsoft Components
45.4
Preparing for Integration with SharePoint 2010
45.5
Integrating with Microsoft SharePoint Server 2010
45.5.1
Creating a New Web Application in Microsoft SharePoint Server 2010
45.5.2
Creating a New Site Collection for Microsoft SharePoint Server 2010
45.6
Setting Up Microsoft Windows Impersonation
45.6.1
Creating Trusted User Accounts
45.6.2
Assigning Rights to the Trusted User
45.6.3
Binding the Trusted User to Your Webgate
45.6.4
Adding an Impersonation Response to an Authorization Policy
45.6.5
Adding an Impersonation dll to IIS
45.6.6
Testing Impersonation
45.6.6.1
Creating an IIS Virtual Site Not Protected by SharePoint Server
45.6.6.2
Testing Impersonation Using the Event Viewer
45.6.6.3
Testing Impersonation using a Web Page
45.6.6.4
Negative Testing for Impersonation
45.7
Completing the SharePoint Server Integration
45.7.1
Configuring IIS Security
45.8
Integrating with Microsoft SharePoint Server 2010 Configured With LDAP Membership Provider
45.8.1
About Integrating with Microsoft SharePoint Server 2010 Configured with LDAP Membership Provider
45.8.2
Installing Access Manager for Microsoft SharePoint Server 2010 Configured With LDAP Membership Provider
45.8.3
Configuring an Authentication Scheme for Use with LDAP Membership Provider
45.8.4
Updating the Application Domain Protecting the SharePoint Web Site
45.8.5
Creating an Authorization Response for Header Variable SP_SSO_UID
45.8.6
Creating an Authorization Response for the OAMAuthCookie
45.8.7
Configuring and Deploying OAMCustomMemebershipProvider
45.8.8
Enabling Logging for CustomMemeberShipProvider
45.8.9
Ensuring Directory Servers are Synchronized
45.8.10
Testing the Integration
45.9
Configuring Single Sign-On for Office Documents
45.10
Configuring Single Sign-off for Microsoft SharePoint Server 2010
45.10.1
Configuring a Custom Logout URL in SharePoint Server 2010
45.10.2
Configuring Logout in SharePoint Server 2010 with Impersonation
45.11
Setting Up Access Manager and Windows Native Authentication
45.11.1
Setting Up Access Manager WNA
45.11.2
Setting Up WNA with SharePoint Server 2010
45.11.3
Installing Access Manager for WNA and SharePoint Server 2010
45.11.4
Testing Your WNA Implementation
45.12
Synchronizing User Profiles Between Directories
45.13
Testing Your Integration
45.13.1
Testing the SharePoint Server Integration
45.13.2
Testing Single Sign-On for the SharePoint Server Integration
45.14
Troubleshooting
45.14.1
Internet Explorer File Downloads Over SSL Might Not Work
46
Integrating Access Manager 11.1.2 with SAP NetWeaver Enterprise Portal
46.1
What is New in This Release?
46.2
Supported Versions and Platforms
46.3
Integration Architecture
46.3.1
Process Overview: Integration with SAP NetWeaver Enterprise Portal
46.4
Prerequisites
46.5
Configuring SAP NetWeaver Enterprise Portal for Access Manager
46.5.1
Configuring the Apache HTTP Server as a Proxy
46.5.2
Configuring SAP NetWeaver Enterprise Portal for External Authentication
46.5.3
Adjusting the Login Module Stacks for using Header Variables
46.6
Configuring Access Manager to Work With SAP NetWeaver Enterprise Portal
46.6.1
Configuring Access Manager 11.1.2 for SAP Enterprise Portal
46.7
Testing the Integration
46.8
Troubleshooting the Integration
Part XII Appendixes
A
Integrating Oracle ADF Applications with Access Manager SSO
A.1
Introduction to Oracle Platform Security Services and Oracle Application Developer Framework
A.1.1
Oracle Platform Security Services Single Sign-on Framework
A.1.2
Oracle Application Developer Framework
A.2
Integrating Access Manager With Web Applications Using Oracle ADF Security and the OPSS SSO Framework
A.2.1
Sample SSO Configuration for Access Manager
A.2.2
SSO Provider Configuration Details
A.3
Configuring Centralized Logout for Oracle ADF-Coded Applications
A.3.1
About Centralized Logout Processing for Applications Coded to Oracle ADF Standards
A.3.2
Configuring Centralized Logout for ADF-Coded Applications with Access Manager
A.4
Confirming Application-Driven Authentication During Runtime
B
Internationalization and Multibyte Data Support for 10g Webgates
B.1
Introduction to Internationalization and Multibyte Data Support
B.1.1
Languages For Localized Messages
B.1.2
Bi-directional Language Support
B.1.3
UTF-8 Encoding
C
Securing Communication
C.1
Prerequisites
C.2
Introduction to Securing Communication Between OAM Servers and Webgates
C.2.1
About Certificates, Authorities, and Encryption Keys
C.2.2
About Security Modes and X509Scheme Authentication
C.2.3
About the Importcert Tool
C.3
Generating Client Keystores for OAM Tester in Cert Mode
C.4
Configuring Cert Mode Communication for Access Manager
C.4.1
About Cert Mode Encryption and Files
C.4.2
Generating a Certificate Request and Private Key for OAM Server
C.4.3
Retrieving the OAM Keystore Alias and Password
C.4.4
Importing the Trusted, Signed Certificate Chain Into the Keystore
C.4.5
Adding Certificate Details to Access Manager Settings
C.4.6
Generating a Private Key and Certificate Request for Webgates
C.4.7
Updating Webgate to Use Certificates
C.5
Configuring Simple Mode Communication with Access Manager
C.5.1
About Simple Mode, Encryption, and Keys
C.5.2
Retrieving the Global Passphrase for Simple Mode
C.5.3
Updating Webgate Registration for Simple Mode
C.5.4
Verifying Simple Mode Configuration
D
Reviewing Bundled, Generated, and Migrated Artifacts
D.1
Bundled 10g IAMSuiteAgent Artifacts
D.1.1
Pre-Registered 10g IAMSuiteAgent
D.1.2
IAMSuiteAgent Security Provider Settings, WebLogic Administration Console
D.1.3
IAMSuiteAgent Registration
D.1.4
Resources Protected by IAMSuiteAgent
D.1.5
Pre-seeded IAM Suite Application Domain and Policies
D.2
Generated Artifacts: OpenSSO
D.2.1
Generated OpenSSOAgentAuthPlugin
D.2.2
Generated Host Identifier: OpenSSOAgent
D.2.3
Generated Application Domain: OpenSSOAgent
D.2.4
Generated Resources: OpenSSOAgent
D.2.5
Generated Authentication Policy: OpenSSOAgent Application Domain
D.2.6
Generated Authorization Policy: OpenSSOAgent Application Domain
D.3
Migrated Artifacts: OpenSSO
D.3.1
Migrated User Identity Store: OpenSSO
D.3.2
Migrated Agents: OpenSSO
D.3.3
Migrated Authentication Module: OpenSSO
D.3.4
Migrated Host Identifier: OpenSSO
D.3.5
Migrated Application Domain: OpenSSO
D.3.6
Migrated Resources: OpenSSO
D.3.7
Migrated Authentication Policy: OpenSSO
D.3.8
Migrated Authorization Policy: OpenSSO
E
Troubleshooting
E.1
Introduction to Oracle Access Management Troubleshooting
E.1.1
About System Analysis and Problem Scenarios
E.1.2
About LDAP Server or Identity Store Issues
E.1.3
About OAM Server or Host Issues
E.1.4
About Agent-Side Configuration and Load Issues
E.1.5
About Runtime Database (Audit or Session Data) Issues
E.1.6
About Change Propagation or Activation Issues
E.1.7
About Policy Store Database Issues
E.2
Using My Oracle Support for Additional Troubleshooting Information
E.3
Administrator Lockout
E.4
Oracle Access Management Console Inconsistent State
E.5
AdminServer Won't Start if the Wrong Java Path Given with WebLogic Server Installation
E.6
Agent Naming Not Unique
E.7
Application URL Requirements
E.8
Authentication Issues
E.8.1
Anonymous Authentication Issues
E.8.2
X.509Scheme and SSL Handshake Issues
E.8.2.1
Configuration Issues
E.8.2.2
Trust Issues
E.8.2.3
Certificate Validation Issues
E.8.3
X.509 Protected Resource and Single Sign Off
E.8.4
X509CredentialExtractor Certificate Validation Error
E.9
Authorization Issues
E.9.1
Authorization Condition Error
E.9.2
LDAP Search Filter Test Results
E.9.3
Authorization Header Response Names
E.10
Cannot Access Authentication LDAP or Database
E.11
Cannot Find Configuration
E.11.1
Configuration Does Not Exist ...
E.12
Co-existence Between OSSO and Access Manager
E.13
Could Not Find Partial Trigger
E.14
Denial of Service Attacks
E.14.1
Protecting the OAM Server from Crashing Under Load
E.14.2
Compensating for Network Latency
E.14.3
Protecting OAM Servers from a Flood of HTTP Requests
E.15
Deployments with Freshly Installed 10g Webgates
E.15.1
Authentication Issues with 10g Webgates
E.15.2
Logout Issues with 10g Webgates
E.16
Diagnosing Initialization and Performance Issues
E.16.1
Diagnosing an Initialization Issue
E.16.2
Diagnosing a Performance Issue
E.16.3
Diagnosing Out-of-Memory Issues With a Heap Dump
E.17
Disabling Windows Challenge/Response Authentication on IIS Web Servers
E.18
Changing UserIdentityStore1 Type Can Lock Out Administrators
E.19
IIS Web Server Issues
E.19.1
Form Authentication or Pass-Through Not Working
E.19.2
IIS and General Web Component Guidelines
E.19.3
Issues with IIS v6 Web Servers
E.19.4
Page Cannot Be Displayed Error
E.19.5
Removing and Reinstalling IIS DLLs
E.20
Import and File Upload Limits
E.21
jps Logger Class Instantiation Warning is Logged on Authentication
E.22
Internationalization, Languages, and Translation
E.22.1
Automatically Generated Descriptions Are Not Translated
E.22.2
Console Looks Messy
E.22.3
Authentication Fails: Users with Non-ASCII Characters
E.22.4
Access Tester Does Not Work with Non-ASCII Agent Names
E.22.5
Locales, Languages, and Oracle Access Management Console Login Page
E.23
Login Failure for a Protected Page
E.24
OAM Metric Persistence Timer IllegalStateException: SafeCluster
E.25
Partial Cluster Failure and Intermittent Login and Logout Failures
E.26
RSA SecurID Issues and Logs
E.27
Registration Issues
E.28
Rowkey does not have any primary key attributes Error
E.29
SELinux Issues
E.30
Session Issues
E.30.1
Session Impersonation Not Enabled by Default
E.30.2
Sessions with Oracle Access Manager 11.1.1 Integrated with Oracle Identity Federation 11.1.1
E.31
SSL versus Open Communication
E.32
Start Up Issues
E.33
Synchronizing OAM Server Clocks
E.34
Using Coherence
E.35
Validation Errors
E.36
Web Server Issues
E.36.1
Server Fails on an Apache Web Server
E.36.2
Apache v2 on HP-UX
E.36.3
Apache v2 Bundled with Red Hat Enterprise Linux 4
E.36.4
Apache v2 Bundled with Security-Enhanced Linux
E.36.5
Apache v2 on UNIX with the mpm_worker_module for Webgate
E.36.6
Domino Web Server Issues
E.36.7
Errors, Loss of Access, and Unpredictable Behavior
E.36.8
Known Issues for ISA Web Server
E.36.9
Oracle HTTP Server Fails to Start with LinuxThreads
E.36.10
Oracle HTTP Server Webgate Fails to Initialize On Linux Red Hat 4
E.36.11
Oracle HTTP Server Web Server Configuration File Issue
E.36.12
Issues with IIS v6 Web Servers
E.36.13
PCLOSE Error When Starting Sun Web Server
E.36.14
Removing and Reinstalling IIS DLLs
E.37
Windows Native Authentication
Mobile and Social Glossary
Index
Scripting on this page enhances content navigation, but does not change the content in any way.