Go to main content
3/656
List of Figures
1-1 Oracle Access Management Overview
1-2 Access Manager 11g Components and Services
1-3 Access Manager 11g Component Distribution
2-1
Oracle Access Management
Administrator Launch Pad
2-2 Self Service Launch Pad
2-3 SSO Agent Search Page
3-1
Oracle Access Management
Configuration Options
3-2 Available Services
3-3 Common Settings Page (Collapsed View)
3-4 Common Coherence Settings
3-5 Certificate Revocation List Dialog Box
3-6 OCSP/CDP Settings
5-1 Creating User Identity Store Registration
5-2 System Store Registration
5-3 Identity Directory Service Console Page
5-4 Create IDS Profile Page
5-5 Create IDS Repository Page
5-6 Add System Administrator Roles
6-1 OAM Server Registration Page with Proxy Tab Displayed
8-1 Audit to Database Architecture
8-2 Common Settings: Auditing Configuration
9-1 Log-Level Activation in the Default Log Configuration File
11-1 Server Processes Overview Page
11-2 OAM Server Metrics: Session Operations Monitoring Page
11-3 OAM Server Metrics: Server Operations Tab
11-4 OAM Server Metrics: WebGates Tab
11-5 Webgate Metrics: Connectivity Table
11-6 Webgate Metrics: Operations Overview Table
11-7 Webgate Metrics: Operations Detail Table
11-8 Webgate Metrics: Detached Information Table
11-9 OSSO Agent Monitoring Page with Operation Details
11-10 OSSO Agent Monitoring Process Overview Table
11-11 OSSO Agent Operation Details Table
11-12 OAM Metrics Table
11-13 Weblogic Metrics
12-1 Fusion Middleware Control (AS-Control) Deployment Architecture
12-2 OAM Farm Page in
Fusion Middleware Control
12-3 Farm Navigation Tree in
Fusion Middleware Control
12-4 Node Information Page in
Fusion Middleware Control
12-5 Application Deployment Summary for the Selected Internal Application
12-6 Application Deployment Menu
12-7 WebLogic Server Domain Summary with Context Menu Exposed
12-8 Cluster Page
12-9 Key Metrics for Server Page
12-10 Aggregated Access Manager Component Metrics for the Cluster
12-11 Access Manager Component Metrics for a Single OAM Server Instance
12-12 Aggregated STS Component Metrics for the Cluster
12-13 STS Component Metrics for an Individual OAM Server Instance
12-14 Performance Summary Command
12-15 Performance Summary Page with Metric Palette
12-16 Access Manager Log Levels on the Log Configuration Tab
12-17 Log Levels for Security Token Service
12-18 Log Files Configuration Page
12-19 Typical Log Messages Page in
Fusion Middleware Control
12-20 System MBean Browser and Attributes Tab
13-1 Access Manager Settings: Load Balancer
13-2 Access Manager Settings: Server Error Mode
13-3 Access Manager Settings: SSO
13-4 Common Policy Evaluation Caches
15-1 Create OAM 11g WebGate Page
15-2 Load Balanced Deployment
15-3 Expanded 11g WebGate Page with Defaults
15-4 WebGate Search Controls and Create Button
15-5 Key Generation
16-1 Global Session Details: Common Settings Page
16-2 Common Configuration: Session Management Page
17-1 Multi-Data Center System Architecture
17-2 Active-Active Deployment Mode
17-3 Active-Active Mode Failover
17-4 Multi-Data Center Deployment
17-5 Requests Served By Different Data Centers
17-6 Logout and Session Invalidation
17-7 Stretch Cluster Deployment
17-8 Traditional MDC Deployment
17-9 Active-Active Topology
17-10 Active-Active Topology Across Multiple Data Centers
17-11 Load Balancing Access Manager Components
17-12 Global Load Balancer Front Ends Local Load Balancer
19-1 Replication Flow
19-2 Starting Sequence Illustrated
19-3 Applying Custom Transformation Rules
21-1 Access Manager 11g Policy Model
21-2 Access Manager Shared Policy Components
21-3 Anatomy of Access Manager Policies
22-1 Default HTTP Resource Type Definition
22-2 Default Resource Type wl_authen
22-3 Default Resource Type TokenServiceRP Resource Type
22-4 Create Host Identifier Page
22-5 Native Kerberos Authentication Module
22-6 Native LDAP Authentication Module
22-7 Native X.509 Authentication Module
22-8 Access Manager Plug-ins for Customized Authentication Modules
22-9 Creating Custom Authentication Modules: General
22-10 Adding a Step and Associating a Plug-in
22-11 Plug-in Based Authentication Module Steps and Details
22-12 Steps Orchestration for Plug-in Based Authentication Modules
22-13 KerberosPlugin
22-14 Default KerberosPlugin Steps and Details
22-15 Default KerberosPlugin Steps and Orchestration
22-16 LDAPPlugin
22-17 Default LDAPPlugin Steps and Details
22-18 Default Orchestration of Steps for LDAPplugin
22-19 X509Plugin
22-20 X509Plugin Default Steps and Details
22-21 Default Orchestration for X509Plugin Steps
22-22 Password Policy Validation Module Plug-ins
22-23 Steps Orchestration: Password Policy Validation Plug-ins
22-24 Plug-ins Page
22-25 Plugin Details: Activation Status of Selected Plug-in
22-26 Default LDAPScheme Page
23-1 SSO Log-in with Embedded Credential Collector and OAM Agents
23-2 Example: Separate Resource WebGate and DCC WebGate Deployment
23-3 Combined DCC and WebGate Configuration
23-4 SSO Login Processing with OSSO Agents and ECC
23-5 OAP Tunneling with DCC
23-6 Enable SSL
23-7 Keystore Configuration
23-8 Add Private Key Alias
23-9 SSL Advanced Options
23-10 New X509 Scheme
24-1 Password Policy Configuration Page
24-2 Password Policy Validation Authentication Module with Orchestrated Plug-ins
24-3 Step Orchestration for Password Policy Validation Module
24-4 Server Error Mode for Password Management
25-1 Application Domains Search Page
25-2 Example Application Domain Summary Page
25-3 Search Results for Resources in an Application Domain
25-4 Authentication Policies Tab
25-5 Authentication Policy Page: Resources and Responses
25-6 Authorization Policies Page
25-7 Individual Authorization Policy Page
25-8 Individual Authorization Policy Resources tab
25-9 Token Issuance Policies Page
25-10 Create Resource Page in the Application Domain
25-11 HTTP Resources, Query String Resource URL Controls
25-12 Resource Search within an Application Domain
25-13 Sample Authentication Policies Page in the Application Domain
25-14 Sample Individual Authentication Policy Page
25-15 Sample Individual Authorization Policy Page
25-16 Individual Authorization Policy Conditions Tab
25-17 Add Condition Window
25-18 Condition Containers on the Authorization Policy Page
25-19 Add Identities Window
25-20 Identity Condition and Details
25-21 Add Search Filter Controls
25-22 Identity Conditions: Details
25-23 IP4 Range Conditions
25-24 Temporal Condition Type Details Page
25-25 Attribute Conditions Page
25-26 Add Attribute Condition Dialog
25-27 Authorization Policy Rules Tab: Simple Mode
25-28 Rules Tab: Expression Rule Mode
25-29 Adding a Resource Prefix for Policy Ordering
25-30 Authorization Policy Response in the Console
25-31 Simple Response Samples
25-32 Complex Response Sample
26-1 OAM Agent (PEP) and OAM Server (PDP) Inter-operability
26-2 User Interactions with the Access Tester
26-3 Access Tester Console
26-4 Server Connection Panel in the Access Tester
26-5 Protected Resource URI Panel in the Access Tester
26-6 Access Tester User Identity Panel
26-7 Test Case Workflow
28-1 Typical Deployment with OpenSSO and Access Manager
28-2 Create OpenSSO Agent Page
28-3 Expanded OpenSSO Web Agent Registration Page
28-4 Expanded OpenSSO J2EE Agent Registration Page
29-1 Create OSSO Agent Page
29-2 OSSO Agent Page and Confirmation Window
35-1 Second Factor Authentication Preferred Method Page
35-2 One Time Password Login Page
35-3 Access Request Notification Preferred Method Page
35-4 Access Request Notification Wait Screen
37-1 Available Services Page
38-1 New Identity Provider Page, Service Details Loaded from Metadata
38-2 New Identity Provider Page, Service Details entered Manually
38-3 Searching for Identity Providers
38-4 Attribute Sharing Plug-in Design
39-1 Identity Federation Service Settings Page
39-2 Keystore Settings
40-1 FederationScheme
40-2 FederationPlugin Steps
40-3 FederationPlugin Orchestration
40-4 Setting Up the Authentication Policy with FederationScheme
40-5 OIFScheme
40-6 OIFMTLDAPPlugin
40-7 Authorization Policy Response Tab
40-8 Adding a Federation Response Attribute to an AuthZ Policy
41-1 Security Token Service Architecture
41-2 Security Token Service Token Support
41-3 Token Translation at a Centralized Authority
41-4 Translating Tokens Behind a Firewall
41-5 Web Services SSO
42-1 Typical Token Ecosystem
42-2 Identity Propagation with the OAM Token
42-3 Process Flow During Identity Propagation
42-4 Identity Propagation Deployment
42-5 Identity Propagation Processing
42-6 Required v1.0 WebLogic Server Identity Assertion Providers
42-7 IAP-Security Token Service Details
42-8 LDAP Provider: IAP-DSEE
42-9 Default Identity Store Defined in Access Manager
42-10 Token Issuance Policy for Identity Propagation
42-11 /wssuser Endpoint for Identity Assertion
42-12 Default Identity Store Defined for Access Manager
42-13 Token Issuance Policy for Identity Propagation
42-14 /wss11user Endpoint for Identity Assertion
43-1 Default Endpoints, Policies, and Validation Templates
43-2 WS-Security 1.0 and 1.1 Policies
43-3 Security Token Service Page
45-1 Validation Templates Search Controls
45-2 Issuance Template Search Controls
45-3 Issuance Template: General Details and Defaults
45-4 Issuance Properties: Username Token Type
45-5 Issuance Properties: SAML Token Types
45-6 Security Details: SAML Tokens
45-7 New Validation Template page: General Page Defaults
45-8 New Validation Template: General Authentication Details
45-9 Token Mapping: SAML2 WS-Security Validation Template
45-10 Token Mapping, username-wstrust-validation-template
45-11 Token Mapping: x509-wss-validation-template
45-12 Endpoints Page
45-13 Token Issuance Policies and Conditions
45-14 Pre-defined Resource Type: TokenServiceRP
45-15 Search: Resource Type TokenServiceRP in Application Domain
45-16 New Custom Token Page
45-17 Custom Tokens Search Page and Controls
45-18 General Details: email-wstrust-valid-temp
45-19 Token Mapping: email-wstrust-valid-temp
45-20 General Details: email-issuance-temp
45-21 Issuance Properties: email-issuance-temp
46-1 New Requester Partner Page
46-2 New Relying Party Partners Page
46-3 Partner Search Controls
46-4 Requester Profile: General
46-5 Requester Profile: Token and Attributes
46-6 Relying Party Profile Token and Attributes
46-7 Token and Attributes: Issuing Authority
46-8 Issuing Authority Profile: Token Mapping Tab
46-9 Search Partner Profiles Page: Requester Profiles
48-1 First Time Device/Application Registration and Authentication Process
48-2 Mobile SSO Agent Requests Access Token from Access Manager
48-3 Mobile SSO Agent Has Valid Access Token in Credential Store
48-4 Mobile SSO Agent Does Not Have Valid Access Token in Credential Store
48-5 User Authentication Using REST
48-6 Authenticating User From Browser-based Web App on Registered Mobile Device
48-7
48-8 Authenticating a Returning User with a Local Account
48-9 Authenticating a New User with No Local Account
48-10 Authenticating a User With an OAuth Identity Provider
48-11 Authenticating a User with Access Manager
48-12 Authenticating a User Locally
49-1 Using ODSM to create the PIN attribute in OUD
49-2 Using ODSM to create the pinperson object class
49-3 Using the OAM Console to create an IdentityStore
50-1 Social Identity Account Linking
52-1 OAuth 3-Legged Flow Diagram
52-2 Using a Split Request to get a Client Verification Code
52-3 The Complete Mobile App Authorization Request Flow
53-1 Mobile (top) and Federation (bottom) Identity Domain Screens
53-2 Identity Federation DefaultDomain Configuration Page
53-3 Mobile Security DefaultDomain Configuration Page
53-4 OAuth Services Service Profile Configuration Page
54-1 Password Generation Policies Search/Create Tab
54-2 New Password Generation Policy Summary Tab
54-3 Password Constraints Tab of a Password Generation Policy
54-4 Add Applications Dialog
54-5 Credential Sharing Groups tab
54-6 New Credential Sharing Group Page
54-7 Add Applications Dialog
54-8 Global Agent Settings Search tab
54-9 New Global Agent Settings Page
55-1 End to End Identity Context Process
55-2 End To End Identity Context Process Components
55-3 Identity Context Process Flow
55-4 OAM Authentication Provider Configuration
58-1 Various Clients Deployed on JBoss Application Server
58-2 JBoss Agent Deployed with an Oracle HTTP Server WebGate
58-3 Sample Integration Topology
59-1 Setting up a Trusted User Account for Windows Impersonation
59-2 Configuring Rights for the Trusted User in Windows Impersonation
59-3 Registering the Impersonation Module
59-4 Verifying Event Viewer Settings
59-5 Impersonation Authentication
60-1 Setting up a Trusted User Account for Windows Impersonation
60-2 Configuring Rights for the Trusted User in Windows Impersonation
60-3 Verifying Event Viewer Settings
60-4 Impersonation Authentication
C-1 Communication Channels for OAM Servers and WebGates
D-1 IAMSuiteAgent Settings in the WebLogic Administration Console
D-2 IAMSuiteAgent Registration
D-3 Resources Protected by the IAMSuiteAgent
D-4 IAMSuite Authentication Policy: OAM Admin Console Policy
D-5 Protected HigherLevel Policy: Authentication, LDAP Scheme
D-6 Protected LowerLevel Policy: Authentication, OIMScheme
D-7 Public Policy: Authentication, AnonymousSheme
D-8 IAM Suite Authorization Policy
D-9 IAM Suite Token Issuance Policy and Resource URLs
D-10 Generated Authentication Module: OpenSSOAgentAuthPlugin
D-11 Generated Host Identifier: OpenSSOAgent1
D-12 Generated Application Domain: OpenSSOAgent1
D-13 Application Domain Resources: OpenSSOAgent1
D-14 Generated Authentication Policy: OpenSSOAgent Application Domain
D-15 Generated Authorization Policy: OpenSSOAgent Application Domain
D-16 Migrated User Identity Store
D-17 Migrated Agent: OpenSSOAgent1
D-18 Migrated Authentication Module: OpenSSOAgent1
D-19 Migrated Host Identifier: OpenSSOAgent1
D-20 Migrated Application Domain: OpenSSOAgent1
D-21 Migrated Resources: OpenSSOAgent1
D-22 Migrated Authentication Policy: OpenSSOAgent1
D-23 Migrated Authorization Policy2 Condition: OpenSSOAgent1
D-24 Migrated Authorization Policy2: IP Condition Details
Scripting on this page enhances content navigation, but does not change the content in any way.