Skip Headers
Oracle® Fusion Middleware Application Security Guide
11g Release 1 (11.1.1)

Part Number E10043-11
Go to Documentation Home
Home
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
PDF · Mobi · ePub

Index

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  R  S  T  U  V  W  X 

A

AbstractTypedPermission, 20.3.4
access control list, 8.5.1.1
Access Server
cache, 17.6.1
AccessGate
configureAccessGate tool, 17.4.2.1, 17.8.6
ACL, 8.5.1.1
add.application.roles, 21.2
add.authenticated.role, 21.2
addBootStrapCredential, 10.5.5
addPrincipalsToAppRole, 20.2.3
administration tools, 5.1
administrative tasks, 5.4
administrators group, 2.5
Anonymous and Authenticated Roles Properties, F.2.5
anonymous role, 2.4, 2.4.1, 5.2
anonymous role and authentication, 2.4.1
anonymous SSL, 8.5.1
anonymous user, 2.1, 2.4, 2.4.1
anonymous user and role, 21.2
Application Name or Stripe, 21.2
application policy, 2.1
application role, 2.1, 21.2
application role hierarchy, 9.3.6
application stripe, 21.2, 21.2
application.name, 21.2, 21.2
ApplicationRole class, 2.2.1
application-specific policies and roles, 3.3
audit
lifecycle, 12.3.6
audit data
bus-stop files, 13.2.5
file management, C.6
migrating, 13.6.5
reports, 14.1
audit data store
backup and recovery, 13.6.6.2
configuring for Java components, 13.2.3.2
configuring for system components, 13.2.4
data purge, 13.6.6.3
de-configuring, 13.2.4.1
partitioning, 13.6.6.1
schema, 13.6.1
tiered archival, 13.6.6.5
audit logs, 13.5.1
audit policies migration, 6.6.3
audit policy, 13.3
event filters, 12.3.2, 12.3.2
audit report
example of, 14.4
audit reports
attributes, 14.5.2
by component, C.2.2
custom, 14.6.2
list of standard, 14.5.1
types of, 14.2
viewing, 14.3
Audit Schema, C.3
audit service, 28
audit-aware components, C.1.1
auditing
event attributes, C.1.3
events, C.1.2
filter expression syntax, C.5
for Oracle Fusion Middleware components, 13.3
in Oracle Fusion Middleware, 12
Java components, C.1.1
manual policy management, 13.3.4
manually configure for Java components, 13.3.4.2
manually configure for system components, 13.3.4.4
Oracle Directory Integration Platform, C.1.2.1
Oracle HTTP Server, C.1.2.3
Oracle Identity Federation, C.1.2.5
Oracle Internet Directory, C.1.2.4
Oracle Platform Security Services, C.1.2.2
Oracle Virtual Directory, C.1.2.6
Oracle Web Cache, C.1.2.11
Oracle Web Services Manager, C.1.2.12
overview, 12.2
OWSM-Agent, C.1.2.7
OWSM-PM-EJB, C.1.2.8
policy management with Fusion Middleware Control, 13.3.1, 13.3.2
policy management with WLST, 13.3.3
record storage, 12.3.4
report filters, 14.1.5
report setup for Oracle Business Intelligence Publisher, 14.1.3
report templates, 14.1.4
Reports Server, C.1.2.9
system components, C.1.1
WLST commands, C.4
WS-Policy Attachment, C.1.2.10
Authenticated Role, 21.2
authenticated role, 2.3, 5.2, 21.2
authenticated user, 2.1
Authentication providers, 18.1.2.4
DefaultAuthenticator, 16.2.4.2.4, 16.2.5.1, 16.2.6.1, 17.4.3.3, 17.5.3, 17.6.2, 18.1.2.4
LDAP Authentication, 16.2.4.2.1, 17.4.3.1
OAM, 15.2, 15.2
OAM Authenticator, 16.2.5.1, 17.5.3
OAM Identity Asserter, 16.2.4.2.4, 16.2.6.1, 17.4.3.3, 17.6.2
OID Authenticator, 16.2.4.2.4, 16.2.6.1, 17.4.3.3, 17.6.2, 18.1.1.2, 18.1.2.4
OSSO Identity Asserter, 18.1.2.4
WebLogic, 15.1
authenticator flags, 3.2.2.1
Authenticator for OAM, 15.2
Authorization failure, 20.3.3
authorization failure, 9.1

B

backup, 5.2
basic security tasks, 5.2
bootstrap credentials, 6.3.1, 23.1.2
bulkload, 6.6.2.3

C

cache
Access Server, 17.6.1
cache refresh, 9.4
caching, 9.4, 9.4
Cascading deletions, 23.2
characters allowed in policies, L.17.2
characters in security artifacts, 9.1
checkBulkAuthorization, 20.3.3.3
checkPermission, 20.3.3, 20.3.3.1, 20.3.3.1, L.1.1.3.1
choosing
the right SSO solution, 15
class path, 1.5.3, 3.3, 8, 9.2.1, 9.3.6, 21.5.6, E.2.3
class permission, 21.5.6
CredentialAccessPermission, 21.5.6.2
JpsPermission, 21.5.6.3
PolicyStoreAccessPermission, 21.5.6.1
cloning environments, 5.2.1
commands to administer credentials, 9.3, 10.5
Complex queries, 23.2
Compliance, 12.1.1
configuration file, 21.5.9
configuration of multiple authenticators, 3.2.2.1
configureAccessGate tool, 17.4.2.1, 17.8.6
configuring
global logout
Oracle Access Manager, 17.1.2
Identity Assertion
for single sign-on with OAM, 16.2.4, 17.4
Oracle Web Services Manager, 16.2.6, 17.6
OAM Authenticator, 17.5
OAM for single-sign on with OAMCfgTool, 17.4.2.1
OAM for SSO with OAMCfgTool, 17.4.2
OSSO, 18.1
providers for Oracle Web Services Manager, 16.2.6.1, 17.6.2
Single Sign-On in Oracle Fusion Middleware, 15, 16, 17, 18
configuring domains, 5.4
configuring resource permissions, 20.3.4
configuring WebLogic domains, 5.4
CONNECTION_POOL_CLASS, L.6
createAppRole, 9.3.1, 9.3.2, 9.3.4
createCred, 10.5.2
createResourceType, 9.3.14
creating user accounts, 2.6
credential migration settings, 6.2.1
credential store, 2.1
Credential Store Types, 3.4
CredentialAccessPermission, 21.5.6.2
CSF
J2EE example with LDAP store, 24.7.4
J2EE example with wallet, 24.7.3
J2SE example with wallet, 24.7.2
CSIv2 identity assertion, 3.2.2.2
custom authorization providers, 3.3
cwallet.sso, 4.3, 6.2.1, 21, 21.5.3
cwallet.sso file, 21.4

D

DB-based credential store, 3.4
DB-based policy store, 8.3
DB-based security store, 4.1
DBMS_STATS, 8.3.2
debugging authorization, L.1.2.3
DefaultAuthenticator, 16.2.4.2.4, 16.2.5.1, 16.2.6.1, 17.4.3.3, 17.5.3, 17.6.2, 18.1.2.4
deleteAppPolicies, 9.3.13
deleteAppRole, 9.3.5
deleteResourceType, 9.3.16
deleting a role, 9.3.5
deployed application, 5.3
deploying applications, 6.1
deploying JavaEE applications, 6.4
deploying to a test environment, 6.3.1
deployment tools, 6.2
development mode, 21.5.4, 21.5.5.3
distribute environments, 8.2.1
DN, 2.7.2
doAs, 20.3.3.2
doAsPrivileged, 20.3.3.2

E

EAR file, 21.4, 21.4.1, 21.4.2
EJB Interceptor, 21.2
ejb-jar.xml, 3.3, 21.2, 21.4
embedded LDAP, 3.2.2, 4.2
enable.anonymous, 21.2
enterprise group, 2.1
Enterprise Groups and Users Class, 21.3
enterprise user, 2.1
entitlement-based policies, 2.1
Event Source Type, 12.3.2
exportAuditConfig, C.4.7
EXTRA_JAVA_PROPERTIES, F.1, L.1.2

F

fail over support, 5.4
FAQ, 1.1
file-based policy store, 3.3
file-based security store, 4.1

G

generic credential, 10.1
Generic LDAP Properties, F.2.4
getAuditPolicy, C.4.2
getGrantedResources, 20.3.3.4
getNonJavaEEAuditMBeanName, C.4.1
getPermissions, L.1.1.3.2
getResourceType, 9.3.15, 9.3.17, 9.3.17, 9.3.18, 9.3.18, 9.3.19, 9.3.19, 9.3.19, 9.3.20, 9.3.21, 9.3.21, 9.3.22, 9.3.22, 9.3.23, 9.3.23, 9.3.24, 9.3.24, 9.3.25, 9.3.25, 9.3.26, 9.3.26, 9.3.26, 9.3.27, 9.3.27, 9.3.28, 9.3.28, 9.3.29, 9.3.29
grant
permission-based, 2.2.1
grantAppRole, 9.3.6
GrantManager class, 20.3.2
grantPermission, 9.3.10
group, 2.1
GUID, 2.7.2

H

Headers
sent by Oracle HTTP Server, 18.1.1.3
host name verification, 3.2.2.1
hot deployed, 6.6.2

I

Identity Asserter for Single Sign-on with OAM, 15.2
identity store, 2.1
creating provider, 25.3.4
provider configuration properties, 25.3.5
selecting provider, 25.3.3
WebLogic, 3.2.1
WebSphere, 3.2.3
identity store in JavaSE, 22.3.2
Identity Store Service, 7.1
identity store types, 3.2.1
identity virtualization, 7.1.1
idstore.type, F.2.3
importAuditConfig, C.4.8
incompatible versions, L.22, L.23
initializing an LDAP authenticator, 3.2.2.1
invoking MBeans, E.2.2
isCallerInRole, 1.5.1
isUserInRole, 1.5.1, 20.2.2.2

J

JAAS mode, 21.2
Java component, 2.1
javadocs
OPSS APIs, H.1
OPSS MBeans APIs, H.1
OPSS User and Role APIs, H.1
JavaSE application, 23.1
java.security.policy, F.1
jazn-data.xml, 4.3, 6.2.1, 21, 21.4, 21.4.1
JpsApplicationLifecycleListener, 21.5.4
jpsApplicationLifecycleListener, 21.5.1
jps.apppolicy.idstoreartifact.migration, 21.5.1, 21.5.1
jps.auth.debug, L.1.2.1
jps.auth.debug.verbose, L.1.2.2
jps-config-jse.xml, 1.5.3
jps-config.xml, 21, A
jps-config.xml example, 21.5.9
jps-config.xml full example, 21.5.9
jps.credstore.migration, 21.5.4
jps.deployment.handler.disabled, 8.6, 21.5
JpsFilter, 21.2, 21.4, L.1.1.5
JpsInterceptor, 21.2, 21.2.1, 21.4, L.1.1.5
JpsPermission, 21.5.6.3
jps.policystore.applicationid, 21.5.1
jps.policystore.hybrid.mode, F.1, F.1
jps.policystore.migration, 21.5.1
jps.policystore.migration.validate.principal, 21.5.1
jps.policystore.removal, 21.5.1

K

Keys and Certificates
managing, 11
keystore
creating, 11.2.2.1
Keystore Service, 11, 27
commands, 11.4

L

large volume stores, 6.6.2.3
LDAP Credential Store Properties, F.2.2
LDAP Identity Store Properties, F.2.3
LDAP Policy Store Properties, F.2.1
LDAP servers, 4.1
ldapadd, 8.2.2
LDAP-based policy store, 3.3, 8.2
ldapmodify, 8.5.1.1
ldapsearch, 8.2.2
LDIF file, 8.2.2
ldifwrite, 6.6.2.3
listAppRoleMembers, 9.3.9
listAppRoles, 9.3.8
listAuditEvents, C.4.6
listPermissions, 9.3.12
loggers
oracle.security.jps.trace.logger, L.1.1.3.2
oracle.security.jps.util.JpsAuth, L.1.1.3.1
logical role, 2.1, E.3

M

management tools, 4.2
managing
keys and certificates, 4.2
policies and credentials, 4.2
managing credentials, 6.3.1, 6.3.1.1
managing domain authenticators, 5.4
managing identities, 4.2, 6.3.1
managing policies, 6.3.1
managing policies and credentials, 4.2
managing system policies, 6.3.1.1
managing users and groups, 4.2
Manually Configuring
WebGate Web Server, 16.2.3
mapping application roles to enterprise groups, 6.3.1.1
mapping of application roles, 2.2
mapping roles, 6.6.2
matcher class, 20.3.4
Matcher Class for a Resource Type, 20.3.4
MBean
Administration Policy Store, E.2.1
annotations, E.3.1
Application Policy Store, E.2.1
code sample, E.2.3
Credential Store, E.2.1
Global Policy Store, E.2.1
Jps Configuration, E.2.1
migrateSecurityStore, 6.6.1.1, 6.6.2, 8.6.2, 21.5.8, I.3
DB to DB, 6.6.2.1, 6.6.2.2
LDAP to LDAP, 6.6.2.1, 6.6.2.2
XML to LDAP, 6.6.2.1, 6.6.2.2
migrating credentials example, 6.6.2.2
Migrating Identities, 21.5.8
migrating large stores, 6.6.2.3
migrating other providers, 6.6.1
migrating policies and credentials at deployment, 6.6.2
migrating policies example, 6.6.2.1
Migration of credentials, 3.4
Migration of policies, 3.3
mod_osso, 18.1.2, 18.3.1
modifyBootStrapCredential, 10.5.4
modifying a resource type, 9.3.16
Monitoring, 12.1.1
multiple-node server domain, 8.2.1

N

name comparison logic, 2.7.2

O

OAM
Authentication provider, 15.2, 15.2
parameter, 17.2
Troubleshooting, 17.8
Authenticator, 15.2, 16.2.5.1, 17.5.3
Identity Asserter, 15.2, 16.2.4.2.4, 16.2.6.1, 17.4.3.3, 17.6.2
OAM 10g SSO solution, 17
OAM 11g SSO solution, 16
oamauthenticationprovider.war, 16.2.1, 17.1.1.2
oamAuthnProvider.jar, 15.2.5, 16.2.1, 16.2.1, 17.1.1.2, 17.1.1.2
OAMCfgTool, 17.1.1.1, 17.1.1.2, 17.4, 17.4.2
about using, 17.3
Create mode parameters, 17.3.2.1
host identifiers created, 17.3.3
Known Issues, 17.3.4
process overview, 17.3.1
Validate mode parameters, 17.3.2.2
oamcfgtool.jar, 15.2.5, 17.1.1.2
OID Authenticator, 16.2.4.2.4, 16.2.6.1, 17.4.3.3, 17.6.2, 18.1.1.2, 18.1.2.4
OID patches, 8.2
one-way SSL, 8.5.1
OPSS APIs
User and Role, D
OPSS security store, 2.1
OPSS System Properties, F.1
opss_purge_changelog, 8.3.2
Oracle ADF security, 5.1
Oracle Business Intelligence Publisher, 14.1
audit report example, 14.4
Oracle Entitlements Server, 5.2, 5.5, 9, 9.1, 9.7
Oracle Fusion Middleware Audit Framework, 12.1, 12.1.3
concepts, 12.3, 12.3.2
Oracle Information Lifecycle Management Assistant, 13.6.6.5
Oracle Internet Directory, 4.1
Oracle Internet Directory 10.1.4.3 patch, 4.1
Oracle Internet Directory tuning, 4.1
Oracle JDeveloper 11g, 5.1
Oracle Platform Security Services, 15.1
OracleAS Single Sign-On solution, See Also OSSO, 18.1
oracle.deployed.app.dir, B.2
oracle.deployed.app.ext, B.2
oracle.security.jps.config, 1.5.3, A
oracle.security.jps.jaas.mode, 21.2
oracle.security.jps.log.for.approle.substring, L.1.2.3
oracle.security.jps.log.for.enterprise.principalname, L.1.2.3
oracle.security.jps.log.for.permclassname, L.1.2.3
oracle.security.jps.log.for.permeffect, L.1.2.3
oracle.security.jps.log.for.permtarget.substring, L.1.2.3
Oracle-specific applications, 5.1
OSSO
Identity Asserter, 18.1.1, 18.1.2.4, 18.1.2.4
new users, 18.1.2
processing, 18.1.1.2
Tips and Troubleshooting, 18.3
solution, 15.1, 15.1, 18
OSSO Identity Asserter, 18.1.1.1

P

packaging an J2EE application, 21.4
Packaging Credentials, 21.4.2
Packaging Policies, 21.4.1
password credential, 10.1
password validation, 2.6
passwords, 2.6
permission, 20.3.4
permission class, 20.3.4
permission classes, 3.3, 8, 21.5.6
permission inheritance, 2.2.1
permissions to anonymous role, 2.4
permissions to authenticated role, 2.3
PermissionSetManager class, 20.3.2
policy domain
URL prefixes, 17.5.2.1, 17.5.2.2, 17.6.1
policy migration settings, 6.2.1
Policy Store, 3.3
policy store, 2.1
policy store cache, 9.4
PolicyStoreAccessPermission, 21.5.6.1
PolicyStoreIncompatibleVersionException, L.22, L.23
Post-installation tasks, 5.3
principal, 2.1
principal name comparison, 2.7.1, 2.7.2
principal.cache.key, 23.1.1
PrincipalEqualsCaseInsensitive, 2.7.2
PrincipalEqualsCompareDnAndGuid, 2.7.2
Procedure
WebGate
To manually configure a Web server, 16.2.3.2
Process overview
OAMCfgTool, 17.3.1
Oracle Access Manager Authenticator for Web and non-Web Resources, 15.2.2
OSSO Identity Asserter, 18.1.1.2
production environment, 5.2.1

R

RCU, 8.3.1
reassociateSecurityStore, 9.3.30, I.3
Reassociation of credentials, 3.4
Reassociation of policies, 3.3
recovery of server files, 5.2
reference integrity, 3.2.1
referencial integrity, 8.2
remove.anonymous.role, 21.2
Resource Catalog, 20.3.1
resource permissions, 20.3.4
managing, 20.3.4
resource type, 20.3.4
resource-based policies, 2.1
ResourceManager class, 20.3.2
ResourcePermission class, 20.3.4
resourcetypeenforcementmode, F.2.1.1, F.2.1.2
ResourceTypeManager class, 20.3.2
revokeAppRole, 9.3.7
revokePermission, 9.3.11
role category, 2.8
role hierarchy, 2.2.1
RoleCategoryManager class, 2.8

S

SAML 1.1 identity assertion, 3.2.2
SAML 2.0 identity assertion, 3.2.2
scenarios, 4.4, 4.4
Security Provider Configuration, 8.5.1, 8.7
Security Provider for WebLogic SSPI, 15.2.3.3
security store, 2.1
security-related commands, 5.6
server restart, 4.2, F
service instance update script, E.1
Service Providers, 25.3
introduction, 25.3
understanding, 25.3.1
Set Security Provider, 8.5.1
setAuditPolicy, C.4.3
setAuditRepository, C.4.5
setDomainEnv shell script, F.1, L.1.2
setPolicy, 20.3.3, 20.3.3.3
Setting a Node in LDAP server, 8.2.2
setting up providers
OAM Asserter with Oracle Web Services Manager, 16.2.6.1
OAM Authenticator, 16.2.5.1
OAM Identity Assertion, 16.2.4.2.4, 17.4.3.3
OSSO Identity Asserter, 18.1.2.4
single sign-on solutions for Fusion Middleware, See Also SSO, 15
split profiles, 7.3.3
SPNEGO, 3.2.2.2
SPNEGO tokens, 3.2.2.2
SSL
and User/Role APIs, 25.8
anonymous, 8.5.1
one-way, 8.5.1
SSL to a DB, 8.3.3
SSO
Oracle Access Manager, 15.2
Synchronization Filter, 16.4, 17.7, 18.2
SSO Logout URL, 16.3.1
storing policies and credentials, 4.1
subject, 2.1, 2.4.1, 2.7.1
supported
identity store types, 3.2.1
synchronizing
user and SSO Sessions, 16.4, 17.7, 18.2
system component, 2.1
system-jazn-data.xml, 21

T

Task overview
Configuring the OAM Authenticator, 16.2.5, 17.5
Deploying and configuring OAM Identity Assertion for single sign-on includes, 16.2.4, 17.4
Deploying OSSO Identity Asserter, 18.1.2
Deploying the Identity Asserter with Oracle Web Services Manager, 16.2.6, 17.6
Installing required components for OAM Authentication Provider, 16.2.1, 17.1.1.2
test environments, 6.3
troubleshooting
search fails against Microsoft Active Directory, L.21
typical security practices, 5.3

U

Unsupported Methods in PS2, 23.2
updateServiceInstanceProperty, E.1
updating instance with script, E.1
upgradeSecurityStore, G
URL
SSO Logout URL, 16.3.1
User and Role API, D
Javadoc, 25.9
programming tips, 25.3.9.1
User and Role APIs
and WebLogic authenticators, 25.1.1
environment setup, 25.3.2.1
introduction, 25.1
programming tips, 25.3.9
summary, 25.2
User and Role SPI
Javadoc, 25.10.7.4
UseRetrievedUserNameAsPrincipal, 3.2.1
user.login.attr, L.7
username.attr, L.7

V

virtualize, 7.3.1.1, 7.3.2, 7.3.2.4, F.2.3
virtualized identity, 7.1.1

W

WAR file, 21.2
WebLogic
Authentication provider, 15.1, 16.2.4.2.1, 17.4.3.1
Authentication providers
Identity Assertion, 16.2.4.2.1, 17.4.3.1
J2EE applications, 15.2.3.3
WebLogic Administration Console, 4.2
WebLogic Scripting Tool (WLST), 16.2.4.2.2, 17.4.3.2
weblogic-application.xml, 21
web.xml, 3.3, 21, 21.2, 21.4
WLSGroupImpl, 2.2.1, 9.3.6, 9.3.7, 21.3, 22.4
WLST
createAppRole, 9.3.1, 9.3.2, 9.3.4
createCred, 10.5.2
createResourceType, 9.3.14
deleteAppPolicies, 9.3.13
deleteAppRole, 9.3.5
deleteCred, 10.5.3
deleteResourceType, 9.3.16
getResourceType, 9.3.15, 9.3.17, 9.3.17, 9.3.18, 9.3.18, 9.3.19, 9.3.19, 9.3.19, 9.3.20, 9.3.21, 9.3.21, 9.3.22, 9.3.22, 9.3.23, 9.3.23, 9.3.24, 9.3.24, 9.3.25, 9.3.25, 9.3.26, 9.3.26, 9.3.26, 9.3.27, 9.3.27, 9.3.28, 9.3.28, 9.3.29, 9.3.29
grantAppRole, 9.3.6
grantPermission, 9.3.10
listAppRoleMembers, 9.3.9
listAppRoles, 9.3.8
listPermissions, 9.3.12
reassociateSecurityStore, 9.3.30
revokeAppRole, 9.3.7
revokePermission, 9.3.11
updateCred, 10.5.1
WLSUserImpl, 2.2.1, 21.3, 22.4

X

X509 identity assertion, 3.2.2