1/32
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle Access Management?
Enhancements in Oracle Access Management 11.1.2.3.0
Guide Changes: 11
g
Release 2 Patch Set 1 (11.1.2.1)
Guide Changes: 11
g
Release 2 (11.1.2) November 2012 Library Refresh
New Features in 11
g
Release 2 (11.1.2)
New Features in 11
g
Release 1 (11.1.1)
Product and Component Name Changes
Part I Introduction
1
Developing with Oracle Access Management Components
1.1
About Oracle Access Management
1.2
About Access Manager
1.3
About Mobile and Social
1.4
About Identity Federation
1.5
About Security Token Service
1.6
System Requirements and Certification
Part II Developing with Access Manager
2
Developing Access Clients
2.1
About Developing Access Clients
2.1.1
About the Access SDK and APIs
2.1.2
About Installing Access SDK
2.1.3
About Custom Access Clients
2.1.3.1
When to Create a Custom Access Client
2.1.3.2
Access Client Architecture
2.1.4
About Access Client Request Processing
2.2
Developing Access Clients
2.2.1
Structure of an Access Client
2.2.2
Typical Access Client Execution Flow
2.2.3
Sample Code: Simple Access Client
2.2.4
Annotated Sample Code: Simple Access Client
2.2.5
Sample Code: Java Login Servlet
2.2.6
Annotated Sample Code: Java Login Servlet
2.2.7
Sample Code: Additional Methods
2.2.8
Annotated Sample Code: Additional Methods
2.2.9
Sample Code: Certificate-Based Authentication in Java
2.3
Messages, Exceptions, and Logging
2.3.1
Messages
2.3.2
Exceptions
2.3.3
Logging
2.4
Building an Access Client Program
2.4.1
Setting the Development Environment
2.4.2
Compiling a New Access Client Program
2.5
Configuring and Deploying Access Clients
2.5.1
Task Overview: Configuring and Deploying an Custom Access Client
2.5.2
Configuration Requirements
2.5.3
Generating the Required Configuration Files
2.5.4
SSL Certificate and Key Files
2.5.4.1
Simple Transport Security Mode
2.5.4.2
Cert Transport Security Mode
2.6
Compatibility: 11
g
versus 10
g
Access SDK and APIs
2.6.1
Compatibility of the 11
g
Access SDK
2.6.2
Compatibility of 10
g
JNI ASDK and 11
g
Access SDK
2.6.3
Deprecated: 10
g
JNI ASDK
2.7
Migrating Earlier Applications or Converting Your Code
2.7.1
Modifying Your Development and Runtime Environment
2.7.2
Migrating Your Application
2.7.2.1
Configuration Specific to Migration
2.7.3
Converting Your Code
2.7.3.1
Understanding Differences Between 10
g
JNI ASDK and 11
g
Access SDK
2.7.3.2
Converting Code
2.8
Best Practices
2.8.1
Avoiding Problems with Access Clients
2.8.1.1
Thread Safe Code
2.8.2
Identifying and Resolving Access Client Problems
2.8.3
Resolving Environment Problems
2.8.3.1
Java EE Containers
2.8.3.2
Oracle WebLogic Server
2.8.3.3
Other Application Servers
2.8.4
Tuning for High Load Environment
3
Developing Custom Authentication Plug-ins
3.1
Introduction to Authentication Plug-ins
3.1.1
About the Custom Plug-in Life Cycle
3.1.2
About Planning, the Authentication Model, and Plug-ins
3.2
Introduction to Multi-Step Authentication Framework
3.2.1
About the Multi-Step Framework
3.2.2
Process Overview: Multi-Step Authentication
3.2.3
About the PAUSE State
3.2.4
About Information Collected
3.2.4.1
UserContextData
3.2.4.2
UserActionContext
3.2.4.3
UserAction
3.2.4.4
UserActionMetaData
3.3
Introduction to Plug-in Interfaces
3.3.1
About the Plug-in Interfaces
3.3.1.1
GenericPluginService
3.3.1.2
AuthnPluginService
3.3.2
About Plug-in Hierarchies
3.4
Sample Code: Custom Database User Authentication Plug-in
3.4.1
Sample Code: Database User Authentication Plug-in
3.4.2
Sample Plug-in Configuration Metadata Requirements
3.4.3
Sample Manifest File for the Plug-in
3.4.4
Plug-in JAR File Structure
3.5
Developing an Authentication Plug-in
3.5.1
About Writing a Custom Authentication Plug-in
3.5.2
Writing a Custom Authentication Plug-in
3.5.3
Error Codes in an Authentication Plug-In
3.5.4
JAR Files Required for Compiling a Custom Authentication Plug-in
4
Developing Custom Pages
4.1
Introducing the Custom Pages Framework
4.1.1
Returning the OAM_REQ Token
4.1.2
Returning the End Point
4.2
Authenticating with Custom Pages
4.2.1
Using mod_osso Agent
4.2.1.1
OSSO 10
g
4.2.1.2
11
g
OAM Server
4.2.1.3
Process Overview: Developing Programmatic Clients
4.2.2
Using Unsolicited Post
4.2.3
Setting Custom OSSO Cookies After Authentication
4.3
Understanding Custom Login Pages
4.3.1
Creating a Form-Based Login Page
4.3.2
Page Redirection Process
4.4
Understanding Custom Error Pages
4.4.1
Enabling Error Page Customization
4.4.2
Standard Error Codes
4.4.3
Security Level Configuration
4.4.4
Secondary Error Message Propagation
4.4.5
Retrieving Error Codes
4.4.5.1
Code Samples
4.4.6
Error Data Sources Summary
4.5
Understanding Custom Password Pages
4.5.1
Customizing the Password Page WAR
4.5.2
Using the Request Cache
4.5.3
Specifying Custom Pages In a Policy
4.5.4
Retrieving Warning Messages
4.5.5
Retrieving Password Policy Error Codes
4.5.6
Obtaining Password Policy Rules
4.6
Using the Credential Collectors with Custom Pages
4.6.1
Using the Detached Credential Collector
4.6.2
Creating a Form-Based Login Page Using DCC
4.7
Specifying the Custom Error and Logout Page Deployment Paths
5
Managing Policy Objects
5.1
Introduction to Policy Administration API
5.1.1
Access Manager Policy Model
5.1.2
Security Model
5.1.3
Resource URLs
5.1.4
URL Resources and Supported HTTP Methods
5.1.5
Error Handling
5.2
Compatibility
5.3
Managing Policy Objects
5.3.1
HTTP Methods
5.3.2
Media Types
5.3.3
Resources Summary
5.4
Examples
5.4.1
Retrieve Application Domains
5.4.2
Create a New Application Domain
5.4.3
Get All Authentication Schemes
5.4.4
Create a New Authentication Scheme
5.4.5
Get a Particular Authentication Scheme
5.4.6
Get All Resources in an Application Domain
5.4.7
Create a Resource in an Application Domain
5.4.8
Get All Policies in an Application Domain
5.5
Client Tooling
6
Developing an Application to Manage Impersonation
6.1
About Impersonation
6.1.1
Impersonation Concepts and Terminology
6.1.2
Impersonation Grant Syntax
6.1.3
Impersonation Trigger Invocation Using the SSO Service
6.1.4
Triggering Impersonation Without API Abstraction
6.1.5
Impersonator Identity Communication During Impersonation Sessions
6.2
Configuring Impersonation Support
6.2.1
Configuring Impersonation Using oam-config.xml
6.2.2
Configuring Impersonation Using idmConfigTool
6.2.3
Configuring the Authentication Scheme
6.3
Testing SSO Login and Impersonation
Part III Developing with Mobile and Social
7
Developing Applications Using the Mobile and Social Client SDKs
7.1
Before you Begin
7.2
Introduction to Developing Mobile Services Applications
7.2.1
Building Applications With User Profile Services
7.3
Introduction to Developing Internet Identity Services Applications
8
Developing Mobile Services Applications with the Java Client SDK
8.1
Overview
8.2
Invoking Authentication Services With the Java Client SDK
8.2.1
Getting Started
8.2.2
Create a Client Token
8.2.3
Create a User Token
8.2.4
Create an Access Token
8.2.5
Validate a Client Token
8.2.6
Validate a User Token
8.2.7
Perform a User Lookup Using the User Token
8.2.8
Delete the Client Token
8.3
Invoking User Profile Services with the Java Client SDK
8.3.1
Working with People
8.3.1.1
Getting set up
8.3.1.2
Creating a User
8.3.1.3
Reading a User
8.3.1.4
Updating a User
8.3.1.5
Deleting a User
8.3.1.6
Searching for a User
8.3.1.7
Retrieving User Attributes and Validating the Results
8.3.2
Working With Groups
8.3.2.1
Getting set up
8.3.2.2
Creating a Group
8.3.2.3
Reading a Group
8.3.2.4
Updating a Group
8.3.2.5
Deleting a Group
8.3.2.6
Searching a Group
8.3.2.7
Searching Groups With Paging Support
8.3.2.8
Adding a User to a Group
8.3.2.9
Getting Group Membership Info
8.3.2.10
Searching for a Member Within a Group
8.3.2.11
Removing a Member From a Group
8.3.2.12
Assigning Group Ownership
8.3.2.13
Getting Group Ownership Info
8.3.2.14
Searching for the Owner of a Group
8.3.2.15
Removing a Group Owner
8.3.2.16
Adding a Group (or a User) to a Group Using addMemberOf
8.3.2.17
Getting the Membership of a Group Using getMemberOf
8.3.2.18
Searching a Group Using searchMemberOf
8.3.2.19
Removing a Group (or a User) from a Group Using deleteMemberOf
8.3.2.20
Assigning Group Ownership Using addOwnerOf
8.3.2.21
Getting Group Ownership Info Using getOwnerOf
8.3.2.22
Searching for the Owner of a Group Using searchOwnerOf
8.3.2.23
Removing a Group (or a User) from a Group Using deleteOwnerOf
8.3.3
Working With Organizations
8.3.3.1
Getting set up
8.3.3.2
Creating Helper Utilities
8.3.3.3
Verifying a Manager
8.3.3.4
Verifying Direct Reports
8.3.3.5
Retrieve All Reports Using Scope=All Feature
8.3.3.6
Retrieve the Manager Chain Using Scope=toTop Feature
8.3.3.7
Retrieve Report Details Using Pre-Fetch Feature
8.3.3.8
Retrieve Manager Data using the Pre-Fetch feature
8.3.3.9
Deleting a Report From the Manager
8.3.4
Searching With Paging Support
8.4
Invoking Authorization Services With the Java Client SDK
9
Developing Mobile Services Applications with the iOS Client SDK
9.1
Getting Started With the iOS Client SDK
9.1.1
Getting Started Using the iOS Client SDK With Xcode
9.2
Invoking Authentication Services With the iOS Client SDK
9.3
URL-Based Configuration
9.4
Initialization Properties
9.5
About Offline Authentication
9.6
Invoking Social Identity Authentication
9.7
Invoking User Profile Services With the iOS Client SDK
9.7.1
Working With People
9.7.2
Working With Groups
9.7.3
Working With Organizations
9.7.4
Using the Asynchronous API
9.8
Invoking the Mobile Single Sign-on Agent App
9.8.1
Invoking the Mobile Single Sign-on Agent App From a Web Browser
9.9
Invoking REST Web Services
9.9.1
Understanding the OMRESTRequest API Flow
9.10
Using the iOS SDK to Create a Custom Mobile Single Sign-on Agent App
9.11
Login and KBA View Customization
9.11.1
Implementing Native View Customization
9.11.2
Implementing Progress View Customization
9.12
Using the Cryptography Module
9.13
Using the Auto Login and the Remember Credentials Features
9.14
Using the Credential Store Service (KeyChain)
10
Developing Mobile Services Applications with the Android Client SDK
10.1
Getting Started With the Android Client SDK
10.1.1
Developing and Packaging Android Applications
10.2
Invoking Authentication Services With the Android Client SDK
10.3
URL-Based Initialization
10.4
Initialization Properties
10.5
About Offline Authentication
10.6
Invoking Social Identity Authentication Using the Android Client SDK
10.7
Invoking the Mobile Single Sign-on Agent App
10.7.1
Invoking the Mobile Single Sign-on Agent app from another application(SSO Client)
10.7.2
Invoking the Mobile Single Sign-on Agent App Using a Mobile Browser
10.8
Invoking User Profile Services With the Android Client SDK User Role Module
10.9
Invoking REST Web Services
10.10
Creating a Custom Mobile Single Sign-on Agent App Using the Android Client SDK
10.11
Login View and KBA View Customization
10.12
Using the Cryptography APIs
10.13
Using the Auto Login and the Remember Credentials Features
10.14
Invoking the CredentialStoreService With the Android Client SDK Secure Storage Module
10.15
Error Codes
11
Developing Applications Using the Social Identity Client SDK
11.1
Before you Begin
11.2
Introduction to Developing Social Identity Applications
11.2.1
About the Social Identity Client SDK
11.3
Getting the List of Identity Providers for an Application
11.4
Integrating Social Identity With a Web Application Running on a Server
11.4.1
Defining the Web Application on the Mobile and Social Server
11.4.2
Integrating the Social Identity Login Page With the Web Application
11.4.2.1
Adding the Pre-built Social Identity Login Page
11.4.2.2
Building a Custom Login Page
11.4.3
Handling User Registration
11.4.3.1
Using a Custom User Registration Page
11.4.3.2
Using the Mobile and Social Built-in User Registration Page
11.4.4
Handling the Final Return Response
11.4.4.1
Secured Attribute Exchange (SAE) Token Response Attributes
11.5
Integrating With an Access Manager Protected Web Application
11.6
Integrating Social Identity With a Mobile Application
11.6.1
Defining the Mobile Application on the Mobile and Social Server
12
Extending the Capabilities of the Mobile and Social Server
12.1
Create a new Authentication Services Provider for Mobile Services
12.1.1
Developing the Custom Authentication Service Provider
12.1.1.1
Implementing the TokenService Interface
12.1.1.2
Extending the MobileCompositeTokenServiceProvider
12.1.2
Building the Custom Authentication Service Provider
12.1.2.1
To Build the Custom Authentication Service Provider
12.1.3
Deploying the Custom Authentication Service Provider
12.1.3.1
To Deploy the Custom Authentication Service Provider
12.2
Create a new Identity Service Provider for Internet Identity Services
12.2.1
Developing the Custom Identity Service Provider
12.2.2
Building the Custom Identity Service Provider
12.2.2.1
To Build the Custom Identity Service Provider
12.2.3
Deploying the Custom Identity Service Provider
12.2.3.1
To Deploy the Custom Identity Service Provider
13
Using the Mobile and Social REST API
Request and Response Header Attribute Name Reference
X-IDAAS-REST-VERSION
Where to use This Attribute
Attribute Type
Sample cURL Command
Comments
X-IDAAS-SERVICEDOMAIN
Where to use This Attribute
Attribute Type
Sample cURL Command
Comments
X-IDAAS-REST-AUTHORIZATION
Where to use This Attribute
Attribute Type
Sample cURL Commands
Comments
AUTHORIZATION
Where to use This Attribute
Attribute Type
Sample cURL Command
Comments
X-Idaas-Rest-Subject-Type
Where to use This Attribute
Attribute Type
Sample cURL Command
Comments
X-Idaas-Rest-Subject-Value
Where to use This Attribute
Attribute Type
Sample cURL Command
X-Idaas-Rest-Subject
Where to use This Attribute
Attribute Type
Sample cURL Command
X-Idaas-Rest-Subject-CREDENTIAL
Where to use This Attribute
Attribute Type
Sample cURL Command
Comments
X-Idaas-Rest-Subject-Username
Where to use This Attribute
Attribute Type
Sample cURL Command
X-Idaas-Rest-Subject-Password
Where to use This Attribute
Attribute Type
Sample cURL Command
X-Idaas-Rest-New-Token-Type-To-Create
Where to use This Attribute
Attribute Type
Sample cURL Command
Comments
X-Idaas-Rest-Application-Context
Where to use This Attribute
Attribute Type
Sample cURL Command
X-Idaas-Rest-Application-Resource
Where to use This Attribute
Attribute Type
Sample cURL Command
X-Idaas-Rest-User-Principal
Where to use This Attribute
Attribute Type
Sample cURL Command
X-Idaas-Rest-Provider-Type
Where to use This Attribute
Attribute Type
Sample cURL Command
Mobile and Social REST Security Filter Reference
Authorize With UIDPASSWORD
cURL Command
Expected Output
Comments
Authorize With HTTP Basic
cURL Command
Expected Output
Comments
Authorize With an Access Manager Token
cURL Command
Expected Output
Comments
Mobile Services REST Reference: Authentication and Authorization
Authentication for a Client Token
cURL Command
Expected Output
Comments
Authentication for a User Token
cURL Command
Expected Output
Comments
Authentication for an Access Token
cURL Command
Expected Output
Comments
Authentication for Multiple Tokens
cURL Command
Expected Output
Comments
Get or Validate a (Client) Token
cURL Command
Expected Output
Comments
Delete a Token
cURL Command
Expected Output
Comments
Authorization
cURL Command
Expected Output
Comments
Create a JWT User Token
cURL Command
Expected Output
Create a JWT User Token, OAM User Token, and OAM Master Token
cURL Command
Expected Output
Exchanging a JWT Token for OAM Tokens
cURL Command
Expected Output
Testing the JWT-OAM + PIN Token Service Provider (Mobile Case)
Testing the JWT-OAM + PIN Token Service Provider (Desktop Case)
Create an OAM Access Token Using an OAM User Token
cURL Command
Expected Output
Validate a JWT USER TOKEN
cURL Command
Expected Output
Validate an OAM USER TOKEN
cURL Command
Expected Output
Delete an OAM USER TOKEN
cURL Command
Expected Output
Mobile Services REST Reference: Commands for Mobile Single Sign-on Tokens
Create a Client Registration Handle for a Mobile Single Sign-on Agent App
cURL Command
Expected Output
Comments
Create a Client Registration Handle for a Mobile Single Sign-on Client App (User Name Scenario)
cURL Command
Expected Output
Comments
Create a Client Registration Handle for a Mobile Single Sign-on Client App (User Token Scenario)
cURL Command
Expected Output
Comments
Create a Request for a User Token
cURL Command
Expected Output
Comments
Create a Request for an Access Token
cURL Command
Expected Output
Comments
The Single Sign-on Agent Request to Create an Access Token for its own use
cURL Command
Expected Output
Comments
Verify a Client Reg Handle
cURL Command
Expected Output
Comments
Mobile Services REST Reference: Commands for User Profile Services
Basic User Operations
Create a User
Read a User
Update a User
Delete a User
Basic Group Operations
Create a Group
Read a Group
Update a Group
Delete a Group
"memberOf" Relationship Operations
Create a "memberOf" Relationship
Read a "memberOf" Relationship
Delete a "memberOf" Relationship
"members" Relationship Operations
Create a "members" Relationship
Read a "members" Relationship
Delete a "members" Relationship
"manager" Relationship Operations
Create a "manager" Relationship
Read a "manager" Relationship
Delete a "manager" Relationship
"reports" Relationship Operations
Create a "reports" Relationship
Read a "reports" Relationship
Delete a "reports" Relationship
"ownerOf" Relationship Operations
Create an "OwnerOf" Relationship
Read an "OwnerOf" Relationship
Delete an "OwnerOf" Relationship
"personOwner" Relationship Operations
Create a "personOwner" Relationship
Read a "personOwner" Relationship
Delete a "personOwner" Relationship
"groupOwner" Relationship Operations
Create a "groupOwner" Relationship
Read a "groupOwner" Relationship
Delete a "groupOwner" Relationship
"groupOwnerOf" Relationship Operations
Create a "groupOwnerOf" Relationship
Read a "groupOwnerOf" Relationship
Delete a "groupOwnerOf" Relationship
"groupMemberOf" Relationship Operations
Create a "groupMemberOf" Relationship
Read a "groupMemberOf" Relationship
Delete a "groupMemberOf" Relationship
"groupMembers" Relationship Operations
Create a "groupMembers" Relationship
Read a "groupMembers" Relationship
Delete a "groupMembers" Relationship
Search User Operations
Search Users
Search Users With PageSize and PagePos
Search Users With a Search Parameter and Without a Search Filter
Search Users With a Search Filter
Search Groups
Search Relationships
The "attrsToFetch" Query Parameter Feature
Read a User With attrsToFetch
Search Groups With attrsToFetch
Search a Relationship With attrsToFetch
The "prefetch" Query Parameter Feature
Read a User With prefetch
The "scope" Query Parameter Feature
Search a Relationship With scope
Practical Examples
Mobile SSO Agent Requests Client Registration Handle (Client Token)
Mobile SSO Agent Requests Client Registration Handle on Behalf of Business App
A User Token Request
An Access Token Request
Access Manager Master Token Authentication
Device Registration Request with KBA Response
Specifying the Tenant Name in the Header
Error Messages
Part IV Developing with the OAuth Service
14
Using the OAuth Service API
Standard Three-Legged OAuth Flows
Sample Request
Part One: Front-Channel Request
Part 2: Back-Channel Request
Standard Two-Legged OAuth Flows
Sample Response
Using Client Credentials
Using the Resource Owner Credentials
Using a Refresh Token
Using a SAML Client Assertion
Using a JWT Client Assertion
Using User ID/Password Credentials and ClientID+Secret in an HTTP Basic Header
Using User ID/Password Credentials and a JWT Client Assertion
Using UserID/Password Credentials and a SAML Client Assertion
Using a SAML User Assertion Credential and ClientID+Secret in an HTTP Basic Header
Using a SAML User Assertion Credential and a SAML Client Assertion
Using a SAML User Assertion Credential and a JWT Client Assertion
Using a JWT User Assertion Credential and ClientID+Secret in an HTTP Basic Header
Using a JWT User Assertion Credential and a SAML Client Assertion
Using a JWT User Assertion Credential and a JWT Client Assertion
Identity Token Acquisition
Getting a Client Identity Token
Using Client Credentials
Using a Third-Party Generated SAML Client Assertion
Using a Third-Party Generated JWT Client Assertion
Getting a User Identity Token
Getting a User Identity Token With a User ID and Password and Varying Client Credentials
Getting a User Identity Token With a SAML User Assertion Credential and Varying Client Credentials
Getting a User Identity Token With a JWT User Assertion Credential and Varying Client Credentials
Validating an Access Token
Using the Client ID and Secret in an HTTP Basic Header
Using a Client Assertion
Performing Access Token Introspection
Using the Client ID and Secret in the HTTP Basic Header
Using a Client Assertion
Revoking an Access Token
Using the Client ID and Secret in the HTTP Basic Header
Using a Client Assertion
OAuth User Profile Service REST Interface
Read My Profile
Update My Profile
Create a User Profile
Read a User Profile
Update a User Profile
Delete a User Profile
Create a Group Profile
Read a Group Profile
Update a Group Profile
Delete a Group Profile
Delete a User Profile
OAuth Consent Management REST Interfaces
Get an Access Token with Client Credentials and the Scope
Access the Consent Management Resource Server
Grant the Client Permission to Access the User's UserProfile Resource
Get the Access Token for the User's UserProfile Resource
Access the User's UserProfile Resource with the Access Token
OAuth Mobile Client Two-Legged Flows
Get Application Profile
Create Mobile Device Client Verification Code
Create a Mobile Client Assertion
Logout
Login
Create OAM UT and OAM MT using JWT User Assertion (Token Exchange)
Create an OAM Access Token Using an OAM User Token
Create OAuth AT using OAM Credential Grant Type
OAuth Mobile Client Three-Legged Flows
Get Application Profile
Create Mobile Device Client Verification Code
Create Authorization Code for Device Registration
Create Client Assertion
Create Mobile Device Client Verification Code
Create Authorization Code for Access Token with Client Verification Code
Create Access Token
OAM Token Exchange and Credential-Based (Including PIN-Based) Authentication
Using a Client Credential + User Name and Password Combination
Overview
How to Get a JWT User Token
How to Get a JWT Access Token
How to Get an OAM User Token and Master Token
Using a Client Credential + oracle_user_credentials Combination
Overview
How to Get a JWT User Token
How to Get a JWT Access Token
How to Get an OAM User Token and Master Token
Using JWT Assertion
Overview
How to Get a JWT User Token
How to Get a JWT Access Token
How to Get an OAM User Token and Master Token
How to Get an OAM Access Token With an OAM User Token Located in the Server-Side Key Store
Using JWT Assertion + PIN
Overview
How to Get an OAM User Token and Master Token
Using SAML2 Assertion
Overview
How to Get a JWT User Token
How to Get a JWT Access Token
How to Get an OAM User Token and Master Token
OAM Token Exchange on Mobile Devices
How to Request a Verification Code
How to Register the Client
How to Get an OAM User Token and Master Token
How to Get an OAM Access Token
15
Customizing the OAuth Service
15.1
Introduction
15.2
Creating a Custom Client Management Plug-in
15.2.1
The Default Client Management Plug-in Implementation
15.2.2
The Client Runtime Flow
15.2.3
Deployment Notes
15.2.4
Sample Code
15.3
Creating a Custom Resource Server Profile-Management Plug-in
15.3.1
The Default Resource Server Profile-Management Plug-in Implementation
15.3.2
Resource Server Usage and Validation
15.3.3
Development and Deployment Notes
15.3.4
Sample Code
15.4
Creating a Custom Token Attributes Plug-in
15.4.1
Deployment Notes
15.4.2
Sample Code
15.5
Creating a Custom Authorization and Consent Service Plug-in
15.5.1
The Default Resource Authorization and User Consent Services Implementations
Part V Developing with Identity Federation
16
Developing a Custom User Provisioning Plug-in
16.1
Introduction to User Provisioning Plug-ins
16.2
Introduction to Plug-in Interfaces
16.3
Sample Code: Custom User Provisioning Plug-in
16.4
Developing a User Provisioning Plug-in
16.4.1
Process Overview: Developing a Custom Plug-in
16.4.2
Files Required for Compiling a Plug-in
Part VI Developing with Security Token Service
17
Developing a Custom Token Module
17.1
Introduction to Oracle Security Token Service Custom Token Module Classes
17.2
Writing a TokenValidatorModule Class
17.2.1
About Writing a TokenValidatorModule Class
17.2.2
Writing a TokenValidatorModule Class
17.3
Writing a TokenIssuanceModule Class
17.3.1
About Writing a TokenIssuanceModule Class
17.3.2
Writing a TokenIssuanceModule Class
Part VII Appendices
A
Creating Deployment-Specific Pages
A.1
How the Single Sign-On Server Uses Deployment-Specific Pages
A.1.1
Change Password Page Behavior
A.1.1.1
Password Has Expired
A.1.1.2
Password Is About to Expire
A.1.1.3
Grace Login Is in Force
A.1.1.4
Force Change Password
A.2
How to Write Deployment-Specific Pages
A.2.1
Login Page Parameters
A.2.2
Change Password Page Parameters
A.3
Page Error Codes
A.3.1
OSSO 10g Login Page Error Codes
A.4
Adding Globalization Support
A.4.1
Deciding What Language to Display the Page In
A.4.1.1
Use the Accept-Language Header to Determine the Page
A.4.1.2
Use Page Logic to Determine the Language
A.4.2
Rendering the Page
A.5
Guidelines for Deployment-Specific Pages
A.6
Examples of Deployment-Specific Pages
A.6.1
Using Custom Classes
A.7
Adding an External Application
Scripting on this page enhances content navigation, but does not change the content in any way.