Go to main content
4/656
List of Tables
1-1 Access Manager Deployment Types
1-2 Features in Access Manager 11.1.2
1-3 Oracle Access Management Post-Installation Tasks
2-1 Language Codes For Login Pages
2-2 Oracle Access Management Language Selection Methods
2-3 OAM_LANG_PREF Cookie
2-4 Application Integration for Language Preference
3-1 Configuration Options
3-2 Common Services
3-3 Common Settings
3-4 Common Coherence Settings
3-5 OCSP Responder Configuration Options
4-1 Roles for Delegating Administration
5-1 Data Sources for
Oracle Access Management
5-2 Data Sources for Oracle Access Management Services
5-3 Components That Use Identity Stores
5-4 User Identity Store Elements
5-5 Access Manager Keys and Storage
5-6 Keystores for Access Manager and Security Token Service
6-1 Conditions Requiring Server Restart
6-2 OAM Server Instance Settings
6-3 OAM Proxy Settings for an Individual OAM Server
6-4 Default Coherence Settings for Individual OAM Servers
7-1 Logging Files
7-2 Logging Defaults
7-3
Oracle Access Management
Server-Side Component Loggers
7-4
Oracle Access Management
Shared-Service Engine Component Loggers
7-5
Oracle Access Management
Foundation API Component Loggers
7-6 Mapping of ODL to Java Levels
7-7 Oracle Security Token Service and Identity Federation Loggers
8-1 Oracle Business Intelligence Enterprise Edition Reports for OAM
8-2 Access Manager Administrative Audit Events
8-3 Access Manager Run-time Audit Events
8-4 REST Run-Time Audit Events
8-5 Mobile and Social Run-Time Audit Events
8-6 Categories of Audit Events for Identity Federation
8-7 Identity Federation Session Management Events
8-8 Protocol Flow Events for Identity Federation
8-9 Server Configuration Identity Federation
8-10 Security Events for Identity Federation
8-11 Security Token Service Configuration Management Operations
8-12 Security Token Service-specific Run-time Events
8-13 Audit Configuration Elements
9-1 Logging Levels
9-2 Log Configuration File Names for Components
9-3 Log Writers
9-4 Global Parameters in the First Compound List
9-5 Factors that Determine Whether Logging Is Active
9-6 Mandatory Log Configuration File Parameters
9-7 Log Data File Configuration Parameters
9-8 ParamName Values You Can Configure for Per-Module Logging Threshold
10-1 Accounts_Locked_Out Report Fields
10-2 Authentication_statistics Report Fields
10-3 AuthenticationFromIPByUser Report Fields
10-4 AuthenticationPerIP Report Fields
10-5 AuthenticationStatisticsPerServer Report Fields
10-6 All Errors and Exceptions Report Fields
10-7 Authentication Failures Report Fields
10-8 Authentication History Report Fields
10-9 Authorization History Report Fields
10-10 Multiple Logins From Same IP Report Fields
11-1 OAM Proxy Metrics
11-2 OAM Proxy Tuning Parameters
11-3 OpenSSO Proxy Server Events
11-4 OpenSSO Proxy Metrics: Server
11-5 OpenSSO Proxy Metrics: Agent
12-1 Farm Page Sections
12-2 Resulting Pages for Selected Nodes and Targets
12-3 Summary of Performance Overviews in Fusion Middleware Control
12-4 Access Manager Component Metrics
12-5 STS Component-Specific Metrics
12-6 Status and Controls on Performance Summary Pages
12-7 OAM Log Availability and Functions in
Fusion Middleware Control
12-8 Log Levels Tab on Log Configuration Page
12-9 Log Files Elements
12-10 OAM Log Message Search Controls in
Fusion Middleware Control
12-11 System MBean Browser
12-12 MBeans that
Access Manager
and
Security Token Service
Deploy
12-13 System MBean Browser
13-1 Access Manager Settings: Load Balancer
13-2 Server Error Mode
13-3 Error Trigger Condition, Modes, and Message Codes
13-4 External Error Codes, Trigger Conditions, and Recommended Messages
13-5 Access Manager Settings: SSO
13-6 Summary: Simple and Cert Mode
13-7 Server Common OAM Proxy Secure Communication Settings
13-8 Policy Evaluation Caches
14-1 Agent Types
14-2 Agent Registration and SSO Support
14-3 Run Time Processing Overview for Access Manager
14-4 Keys and Policies Generated During Agent Registration
14-5 Artifacts Associated with Agent Registration
14-6 Copying Generated Artifacts
14-7 Remote Registration Methods
14-8 Agent Registration and Configuration Update Artifacts
15-1 Elements on Create Pages for 11g and 10g OAM Agents
15-2 User-Defined WebGate Parameters
15-3 Elements on Expanded 11g and 10g WebGate/Access Client Registration Pages
15-4 Agent Search Controls
15-5 Environment Variables to Set within oamreg
15-6 Remote Registration Command Arguments: mode
15-7 Remote Registration Command Samples
15-8 Common Elements in Remote Registration Requests
15-9 Remote Registration Request Templates for OAM Agents
15-10 Elements in Extended OAM Agent Remote Registration Requests
15-11 Variables Required for Remote Registration
15-12 Files Returned by in-band Administrator to out-of-band Administrator
15-13 Remote Agent Update Modes and Input Files
15-14 Delta: OAM Agent Update versus Registration Request
16-1 Session Lifecycle States
16-2 Session Checks for State Changes
16-3 Session Removal
16-4 Application Domain-Specific Overrides
16-5 Session Content: Single Authentication Scheme
16-6 Session Outcomes: Multiple Authentication Schemes
16-7 Global Session Settings
16-8 Application-Specific Session Timing Overrides
16-9 Session Management Controls and the Results Table
17-1 Multi-Data Center Policy Configurations for Idle Timeout
17-2 Session Synchronization and Failover Scenarios
18-1 MDC Use Cases
18-2 oamMDC.properties Properties
18-3 Properties for MDC.properties File
18-4 partnerInfo.properties Properties
19-1 Replication States
19-2 Modifying Replication Agreement Properties
19-3 Modifying Replication Agreement Properties
21-1 Summary: SSO Components
21-2 Introduction to SSO Implementations
21-3 Access Manager Global, Shared Policy Components
21-4 Access Manager Policy Components
21-5 Condition Types
21-6 SSO Cookies
22-1 Comparison: Resource Types for Access Manager versus 10g
22-2 Resource Type Definition
22-3 Host Identifiers Examples
22-4 Host Identifier Definitions
22-5 Comparing the DCC and ECC
22-6 Native Authentication Modules
22-7 Native Kerberos Authentication Module Definition
22-8 Native LDAP Authentication Modules Definition
22-9 X509 Authentication Module Definition
22-10 Simple Form versus Multi-Step Authentication
22-11 General tab
22-12 Add New Step Entries, Steps Results Table, and Details Section
22-13 Parameter Details for Various Plug-ins
22-14 Steps Orchestration Tab
22-15 X509 Step Details (KEY_CERTIFICATE_ATTRIBUTE_TO_EXTRACT)
22-16 Steps and Plug-ins in a Customized Step-up Authentication Module
22-17 Managing Custom Plug-ins Actions
22-18 Plugins Status Table
22-19 Example of Plugin Details Extracted from XML Metadata File
22-20 Authentication Scheme Definition
22-21 Pre-configured Authentication Schemes
22-22 Challenge Parameters in Pre-configured Schemes
22-23 User-Defined Challenge Parameters for Authentication Schemes
22-24 Advanced Rules Attributes
22-25 Sample Advanced Rules
22-26 Request Context Data
22-27 Location Context Data
22-28 Session Context Data
22-29 User Context Data
22-30 Challenge Parameters for 10g/11g Encrypted Cookies
22-31 Resource Webgate Support of POST Data Preservation and Restoration
22-32 Parameters Required for Authentication POST Data Handling
22-33 ECC and DCC: Long URL Handling
22-34 Parameters Required for Long URL Handling
23-1 Login Processing with Access Manager-Protected Resources
23-2 DCC Deployment Support
24-1 Password Policy Configuration Parameters
24-2 Password Policy Elements
24-3 Specifying Credential Collectors and Related Forms for Authentication
24-4 Credential Collector Password Pages
24-5 Password Management Forms and Functions
24-6 Location of Oracle-provided LDIFs for LDAP Providers
24-7 Key Password Attributes in a Password Policy
24-8 User Password Step Details
24-9 Included LDIF Schema Files
25-1 Resource Definition Elements
25-2 HTTP Resources Sample URL Values
25-3 Supported Wildcards in Resource URL Patterns (Precedence Order)
25-4 Sample Resource URLs
25-5 Pattern Matching for Requested URLs
25-6 Query String Matching: Examples
25-7 Resource Evaluation Outcomes
25-8 Search Elements for a Resource in an Application Domain
25-9 Authentication Policy Elements and Descriptions
25-10 Authorization Policy Elements and Descriptions
25-11 Authorization Policy Condition Tab
25-12 Add Condition Window Elements
25-13 Add identities Elements
25-14 Add Search Filter Elements
25-15 LDAP Search Filter Examples for Access Manager
25-16 Temporal Condition Details
25-17 Access Conditions that Require Attribute-Type Conditions
25-18 Attribute Condition Elements
25-19 Attribute Names for Request Built-ins
25-20 Attribute Names for Session Built-ins
25-21 Attribute Condition Data (Aggregation of Conditions)
25-22 Authorization Policy Rules Elements
25-23 Rule Tab in Expression Mode
25-24 Operators for Expressions in Authorization Rules
25-25 Response Elements
25-26 Namespace Request Variables for Single Sign-On
25-27 Namespace Session Variables for Single Sign-On
25-28 Namespace User Variables
25-29 Simple Responses and Descriptions
25-30 Complex Responses
25-31 Fresh OSSO Installation: Protected Policy Response (Header)
25-32 Remote Policy Management Modes, Templates, and Flags
25-33 Remote Management Template Elements
26-1 User Interactions: Tester Console Mode versus Command Line Mode Operations
26-2 Access Tester Supported System Properties
26-3 Access Tester Console Panels
26-4 Command Buttons in Access Tester Panels
26-5 Additional Access Tester Buttons
26-6 Access Tester Menus
26-7 Connection Panel Information
26-8 Protected Resource URI Panel Fields and Controls
26-9 Access Tester User Identity Panel Fields and Controls
26-10 Access Tester Capture Request Options
26-11 Generate Script Command
26-12 Test Script Control Parameters
26-13 Run Test Script Commands
26-14 Mismatched Results Reasons in the Statistics Document
27-1 Centralized Logout Circumstances
27-2 Logout Details After Registration (ObAccessClient.xml)
28-1 Features: OpenSSO Agents with Access Manager
28-2 OpenSSO Policy Migration
28-3 OpenSSO Reliance on Access Manager
28-4 Access Manager Processing with OpenSSO
28-5 Elements on the New OpenSSO Agent Page
28-6 Relocating OpenSSO Artifacts
28-7 Expanded OpenSSO Agent Registration Elements
28-8 OpenSSO Request Files for Remote Registration
28-9 OpenSSO Agent Remote Registration Request
28-10 J2EE Request File Mappings to the Properties File
28-11 Mapping the Web Request File to the Properties File
28-12 Delta: OpenSSO Remote Registration versus Remote Updates
28-13 Other OpenSSO Information in this Guide
29-1 OSSO Agents with Access Manager
29-2 11g Access Manager SSO versus OSSO 10g Component Summary
29-3 Create OSSO Agent Page Elements
29-4 Relocating OSSO Artifacts
29-5 Expanded OSSO Agent Elements
29-6 OpenSSO Request Files for Remote Registration
29-7 OSSO-Specific Elements in a Remote Registration Request
29-8 Delta: OSSO Remote Registration versus Remote Updates
29-9 Other OSSO Information in this Guide
30-1 Installation Comparison with 10g WebGates
30-2 Comparison: Access Manager 11g versus 10g
30-3 Comparing Access Manager 11g Policy Model versus 10g
30-4 Preparing for 10g WebGate Installation with Access Manager 11g
30-5 Sample end_url Parameter Specifications
33-1 IIS 7 Webgate Windows Server 2008
35-1 Adaptive Authentication Plugin Properties
35-2 Server Side Configuration for Adaptive Authentication Service
36-1 Location URL Parameter Definitions
36-2 Offline Configuration URL Parameters
37-1 Supported SAML 2.0 NameID Formats
37-2 SAML 2.0 URLs for Identity Federation Acting As Identity Provider
37-3 SAML 2.0 URLs for Identity Federation Acting as Service Provider
37-4 Supported SAML 1.1 NameID Formats
37-5 SAML 1.1 URLs for Identity Federation Acting As Identity Provider
37-6 SAML 1.1 URL for Identity Federation Acting as Service Provider
37-7 OpenID 2.0 URLs for Identity Federation Acting As Identity Provider
37-8 OpenID 2.0 URLs for Identity Federation Acting as Service Provider
37-9 Configuring Identity Federation Settings
37-10 Implementing Identity Federation
38-1 Default Partner Profiles
38-2 Identity Provider Partner Settings
38-3 Attributes for Google OpenID Partner
38-4 Attributes for Yahoo OpenID Partner
38-5 Elements Used for IdP Provider Search
38-6 Service Provider Partner Settings
38-7 Sample SP Attribute Mappings
38-8 Attribute Mapping Value Expressions
38-9 Sample IdP Attribute Mappings
38-10 Default Federation Authentication Method and Access Manager Authentication Scheme Mappings
38-11 Configuration Parameters for Attribute Sharing Plug-in
38-12 Session Attributes Accessible To Attribute Sharing Plug-in
39-1 Federation Settings in the Console
39-2 General Federation Settings
39-3 Federation Proxy Settings
39-4 Keystore Settings for Federation
40-1 FederationScheme Element Definitions
40-2 FederationPlugin Steps
40-3 Orchestration of FederationPlugin
40-4 OIFScheme Definition
40-5 IFMTLDAPPlugin Steps
40-6 Policy Response Elements
40-7 Message Attribute Mapping
40-8 Office 365 Service Provider Attribute Values
41-1 Security Token Service 11g Infrastructure
41-2 Security Token Service Terms
41-3 Integrated Oracle Web Services Manager
43-1 Security Token Service Settings
44-1 Security Token Service Public Keys Used at Run Time
44-2 Keystore Mbeans
44-3 Partner Keys for WS-Trust Communications
44-4 Successful Certificate Validation Requirements
45-1 Search Validation Template
45-2 Issuance Template Requirements
45-3 Issuance Template: General Details
45-4 Issuance Properties: Username Token Type
45-5 Issuance Properties: SAML Token Types
45-6 Security Details: SAML Tokens
45-7 Issuance Template: Attribute Mapping, SAML Token
45-8 Validation Template Protocols
45-9 New Validation Template: General Details
45-10 New Validation Template: Authentication Details
45-11 New Validation Template: Token Mapping
45-12 Endpoints Page
45-13 Conditions tab: Token Issuance Policy
45-14 New Custom Token Elements
45-15 Custom Tokens Search Elements and Controls
46-1 Security Token Service Partners
46-2 Security Token Service Clients
46-3 Security Token Service Partner Entry
46-4 Security Token Service Partner Profile Data
46-5 Partner Elements for Partner Types
46-6 Elements for Security Token Service Partners
46-7 Profile: General
46-8 Requester Profile: Token and Attributes
46-9 Relying Party Profile Requirements
46-10 Token and Attributes Elements: Issuing Authority
46-11 Issuing Authority Token Mapping Elements
48-1 Features in Mobile and Social Based on the Companion Services Installed
48-2 Mobile and Non-Mobile Authentication Service Providers in Mobile and Social Services
48-3 Android, iOS, and Java Features of the Mobile and Social Services Client SDK
48-4 Token Requirements for the Mobile and Social Server
48-5 Identity Providers That Mobile and Social Natively Supports
49-1 Pre-configured Authentication Service Providers
49-2 Access Manager Authentication Service Provider Default Attributes
49-3 Webgate Agent for Authentication Service Provider Default Attributes
49-4 JWT Authentication Service Provider Default Attributes
49-5 JWT-OAM Authentication Service Provider Default Attributes
49-6 Access Manager Authorization Service Provider Default Attributes
49-7 Webgate Agent for Authorization Service Provider Default Attributes
49-8 User Profile Service Provider Default Attribute Names and Values
49-9 User Profile Service Provider Default Attribute Names and Values
49-10 Authentication Service Profile Default General Properties
49-11 Token Support and URI Category Information Default Properties
49-12 Authorization Service Profile Default General Properties
49-13 User Profile Service Profile Default General Properties
49-14 Security Handler Plug-in General Properties
49-15 Application Profile General Properties
49-16 Service Domain General Properties
49-17 Application Profile Selection Properties
49-18 Service Profile Selection Properties
49-19 User Profile Service Protection Properties
49-20 Authorization Service Protection Properties
49-21 OAAM Policies Supported By Mobile and Social
49-22 Mapping Terms Between OAAM and Mobile and Social
50-1 OpenID Protocol Attributes
50-2 OAuth Protocol Attributes
50-3 User Attributes Returned By Google
50-4 User Attributes Returned By Yahoo
50-5 User Profile Attributes Returned By Foursquare
50-6 User Profile Attributes Returned By Windows Live
50-7 Service Provider Interface Information Properties
50-8 Account Linking Properties
51-1 Attribute Settings for an Oracle Access Manager 11gR1 PS1 Authentication Service Provider
52-1 Default User Profile Services Endpoint Operations
52-2 User Profile Resource Server - Scope Settings
53-1 OAuth Service Profile Configuration Attributes
53-2 Web Client Attributes Names and Values
53-3 OAuth Service Provider Attributes for Access Manager
53-4 User Profile Service Attributes
53-5 OAuth Server Settings Attributes
53-6 Default OAuth JKS Keystore File and Settings File
55-1 Identity Context Schema Attributes
55-2 Mapping Identity Context Operations
56-1 Access Manager Support for RSA Features
56-2 RSA Features Not Supported
57-1 Sample Naming
58-1 JBoss Agent Composition
59-1 Component Requirements
59-2 Microsoft Requirements for this Integration
59-3 Create Web Application Options for Microsoft SharePoint Server
59-4 Create a Web Application to Host a Site Collection for SharePoint Server
60-1 Requirements for Impersonation with a Header Variable
62-1 Login Module Stacks for using Header Variables
62-2 Login Module Stacks for using Header Variables
63-1
63-2
63-3 Ticket Authentication Values
A-1 addOAMSSOProvider Command-line Arguments
B-1 Languages for Localized Messages
C-1 importcert Command Syntax
D-1 Comparing IAMSuiteAgent with 11g and 10g Webgates
Scripting on this page enhances content navigation, but does not change the content in any way.