The following topics describe how to use authentication schemes and modules for Identity Federation 11G Release 2 (11.1.2.2):
FederationScheme
is a general-purpose scheme for use with Identity Federation 11g Release 2 (11.1.2.2).
Figure 40-1 shows the Access Console page for FederationScheme
:.
Table 40-1 describes the FederationScheme
.
Table 40-1 FederationScheme Element Definitions
Element | Description |
---|---|
Name |
This is the scheme name. |
Description |
This is a brief description of the scheme. |
Authentication Level |
This is the trust level of the authentication scheme. |
Default |
This is a non-editable box that is checked when the Set as Default button is clicked. |
Challenge Method |
You may select a challenge method from those available in the drop-down box. |
Challenge Redirect URL |
This is the URL of another server to which user requests must be redirected for processing. |
Authentication Module |
This is the authentication module to use with the scheme. |
Challenge URL |
This is the URL to which the credential collector will redirect for credential collection. Not used by the federation plug-in. |
Context Type |
This element is used to build the final URL for the credential collector. |
Context Value |
This element is used to build the final URL for the credential collector. The value depends on the context type. |
Challenge Parameters |
This is the list of parameters, if any, to use with the challenge. |
Table 22-21 lists the specifications for FederationScheme
.
The FederationMTScheme
authentication scheme is a scheme that is designed for use in multi-tenancy environments.
The FederationPlugin
provides a custom authentication module.
Figure 40-2 displays the module's Console page.
Table 40-2 describes the attributes that you need to configure the FederationPlugin.
Table 40-2 FederationPlugin Steps
Element | Description |
---|---|
Step Name |
This is the name of the step within the module. |
Description |
This element contains a brief description of the step. |
Plugin Name |
This element specifies the plugin associated with the step. |
The value of FedSSOIdP is the IDP to be picked up by the authentication plugin.
Orchestration enables you to specify the order of the steps within the plugin, and what to do if each of those steps succeeds or fails.
Figure 40-3 illustrates the orchestration of the FederationPlugin
.
See Table 22-14 for a similar orchestration.
Figure 40-3 FederationPlugin Orchestration
Table 40-3 describes the attributes for the orchestration of the FederationPlugin
.
Table 40-3 Orchestration of FederationPlugin
Element | Description |
---|---|
Name |
This is the step name. The steps appear in this column in order of execution, which can be modified with the Initial Step drop-down. |
Description |
This is a brief description of the step. |
On Success |
This is the action to take upon successful completion of the step, such as execution of next step in the orchestration. |
On Error |
This is the action to take upon error, such as taking the specified failure action. |
On Failure |
This is the action to take upon step failure. |
When you manage authentication with Identity Federation in 11g Release 2, you work with the FerationScheme and the FederationPlugin
plug-in, a custom authentication module.
The following topics introduce authentication with Identity Federation in 11g Release 2:
You can view or modify FederationScheme
authentication scheme.
To view or modify FederationScheme:
You can view or modify FederationPlugin
authentication plug-in.
To view or modify FederationPlugin:
FederationScheme
to associate a resource that is protected by this policy.To add an authentication policy with FederationScheme
to associate a resource that is protected by this policy:
In the Oracle Access Management Console, click Application Security at the top of the window.
In the Application Security console, click Application Domains in the Access Manager section.
Search for and open the target application domain.
In the application domain configuration page, click the Authentication Policies tab.
Click Create and enter the following General Policy Details.
Name
Authentication Scheme
Add these Global Policy Elements and Specifications:
Description (optional)
Success URL
Failure URL
To add resources:
Click the Resources tab on the Authentication Policy page.
Click the Add button on the tab.
Choose a URL from the list.
Repeat these steps as needed to add more resources.
Click Apply to save changes and close the confirmation window.
Responses:
Figure 40-4 shows the console page to define the authentication policy and associate the policy to the resources.
Figure 40-4 Setting Up the Authentication Policy with FederationScheme