Identity Federation integrated with Access Manager can be administered with a combination of configurations using the Oracle Access Management Console and Oracle WebLogic Scripting Tool (WLST) commands.
Use the Oracle Access Management Console to enable the Identity Federation service, manage IdP and SP partner profiles, and work with federated authentication schemes and policies. Use the WLST utilities to manage additional server and partner configuration properties.
Note:
Not all WLST command functionality is duplicated in the Oracle Access Management Console and not all console functionality is duplicated on the command line.
The Oracle Access Management Console enables Administrators to manage configuration related to the federation service and partners. Table 37-9 summarizes the types of information that you can configure for Identity Federation using Oracle Access Management Console.
Table 37-9 Configuring Identity Federation Settings
| Configuring ... | Description |
|---|---|
|
Federation Administrators |
Administrators who can manage federated partners and related configuration. |
|
Federation Service |
Enable and disable the Identity Federation service in Access Manager. See "Enabling Identity Federation". |
|
Federation Settings |
Manage basic Identity Federation service configuration properties. See Managing Settings for Identity Federation. |
|
Providers for Federation |
IdP partners are managed within the context of administering Identity Federation as a SP. Conversely, SP partners are managed within the context of administering Identity Federation as an IdP. See Administering Identity Federation As A Service Provider or Administering Identity Federation As An Identity Provider.. |
|
Authentication Schemes and Modules for Federation |
Manage federation authentication schemes. See "Using Authentication Schemes and Modules for Identity Federation 11g Release 2 (11.1.2.2)". |
|
Policies for Use with Federation |
Manage policies for use with federation partners. See "Managing Access Manager Policies for Use with Identity Federation". |
Table 37-10 outlines the tasks required to implement identity federation using the Oracle Access Management Console.
Table 37-10 Implementing Identity Federation
| Task | Reference |
|---|---|
|
Enable the Identity Federation service. |
|
|
Configure federation settings. |
|
|
Identity IdP and/or SP partners, and configure attributes for them. |
|
|
Configure an authentication or authorization policy. |
|
|
Protect a resource with this policy. |