Index

A B C D E F G H I L M N O P R S T U V W

A

access

B

Basic authentication, 5.2

basics, 1

browsers

caveats for, 3.10.3.1

Buffer Size, 3.3.1.1

Buffer Size field, 3.3.1.1, 3.3.2

C

cache

Access Manager SDK, D.1.6.2

Access Server, 3.4.3.3, 4.9.7.1, 5.3.2, 5.10.7, 5.10.8, 6.3.2, 6.3.4, 6.5.2

Access Server, flushing, 2.3.3

Access System, 9.2

AccessGate, 3.4.2

credential mapping, 5.4.7, 5.4.7

default timeout, 3.4.3.3

flushing users from, 8.3.2

form-based login errors and caching, D.1.6.2

header variables, 5.10.4.1, 6.6.3.1

Identity Server cache flush, 2.3.3

InactiveReconfigPeriods, 3.4.3.2

minimum elements in Access Server, 3.3.1.1

ObSSOCookie, 3.10.3.1

password, 5.4.9, 5.4.11

password policy, 2.2, 8.5

policy, 3.3.1.1

Policy Cache Timeout field, 5.10.4.1

session token, 3.3.1.1

session token cache, 3.3.1.1

timeout, 3.3.1.1, 9.3.2

timeout, default, 9.3.2

updating for Access Server, 4.9.7.1

user cache timeout, 5.10.4.1

WebGate, 3.4.2

Cache Timeout field, 3.4.2, 3.4.3

CacheControlHeader field, 3.4.2, 3.4.2, 3.4.3

CachePragmaHeader field, 3.4.2, 3.4.2, 3.4.3

Cert mode, 3.4.2, 3.4.3

cert_decode, 5.4.6

about, 5.4.10

cert_decode plug-in, 5.4.6

challenge methods

Basic, 5.2

cert_decode plug-in, 5.4.6

Client Cert (X509), 5.2

credential_mapping plug-in, 5.4.6

Ext, 5.2

Form, 5.2

form, 5.2, 5.3.2, 5.3.2

None, 5.2

NT/Win2000 plug-in, 5.4.6

SecurID plug-in, 5.4.6

selection_filter plug-in, 5.4.6

validate_password plug-in, 5.4.6

challenge parameter

action, 5.3.2

creds, 5.3.2

form, 5.3.2

passthrough, 5.3.2

challenge redirect, 5.3.2

challenge redirects, 3.7.2.1, 5.3.2

client_request_retry_attempts, 3.4.3.2

clusters

Access Server clusters, 3.3.5

adding, 3.3.5.1

compound condition, 6.4.1

conditions, complex, 6.4.1

configuration

about, 1

configureAAAServer tool, 3.3.6

configureAccessGate tool, 3.4.4

configureWebGate command, 3.4.4

CONNECT operation, 4.4.3

Connector for WebSphere, 7.6.1

basic authentication cookie, 3.10.3.2

client cookie, 3.10.3.6

encrypted session token and, 7.3

encrypting the single sign-on cookie, 2.2, 2.2.1

for single sign-on, 7.3

form-based authentication cookie, 3.10.3.3

generated during login, 3.10.3

HTTP header variable size, effect of, 5.10.2

Identity application session cookie, 3.10.3.4, 3.10.3.5

in authentication schemes, 5.3.8

lasting over multiple sessions, 5.3.7

multi-domain SSO, 7.5

non-ascii characters in, Preface, 5.10.2, 5.10.7, 5.10.7

ObFormLoginCookie, 3.10.3, 3.10.3.3, A.2.1

OBPERM Cookie, 3.10.3

ObSSOCookie, 3.4.2, 3.10.3, A.1

ObTEMC Cookie, 3.10.3

ObTEMP Cookie, 3.10.3

passing actions in, 6.6.2

persistent, Preface

primary HTTP cookie domain, 3.4.2, 3.4.3

securing the ObSSOCookie, 5.3.6

sending credentials in, 7.6

single sign-on cookie, 3.10.3.1

single sign-on logout, 2.3.3

system settings cookie, 3.10.3.6

triggering actions after setting, 5.10.9

triggering actions after setting the ObSSOCookie, Preface

COREid

now named Oracle Access Manager, Preface

Credential Mapping Authentication Plug-In, A.1.3

credential mapping cache, 5.4.7, 5.4.7

credential_mapping, 5.4.6

about, 5.4.7

for form-based authentication, A.1.3

parameters, 5.4.7

credentials

browser cookies as, 5.3.8

sent in a URL, 7.6

creds challenge parameter, 5.3.2

custom plug-in, A.1.3

D

Debug field, 3.3.2, 3.4.2, 3.4.3

Debug File Name field, 3.3.2

decimal addressing, 3.7.2

DELETE operation, 4.4.3

deny access, 6.3.4

denying access

example of, 3.8.1

DenyOnNotProtected, 3.4.2, 3.4.3

advantages of, 3.4

allow access to all resources, 4.8.1.2

deny all access unless explicitly allowed, 3.7

example, 3.8.1

setting for a WebGate, 3.4.2

Description field, 3.4.2, 3.4.3

diagnostics, 3.5.4, 8.2.2

running, 8.6

directory server

configuration, 2.3.4

Display Name field, 4.4.6

duplicate actions, 6.7.3.1

defaults for, 6.7.4

restrictions on, 6.7.3.2

E

EJB, 4.4.2

operations, 4.4.4

configuring user feedback email address, 2.3.2

encryption

schemes, 7.3.2

Engine Configuration Refresh Period field, 3.3.1.1, 3.3.2

expressions, 4.3.1, 4.8, 6.1.2

about, 4.8, 6.4

associating with actions, 6.6.1, 6.7.2

complex conditions in, 6.4.1

compound conditions in, 6.4.1

contents of, 6.4.1

creating, 6.5.2

creating, overview, 6.1.2

duplicate actions, 6.7.5

duplicate actions in, 6.7.5

evaluation of, 6.4.1

evaluation of rules in, 6.4.2.2

illustration of, 6.4.1

in authorization rules, 6.2

inconclusive results in, 6.7.2.1

status codes, 6.4.2.1

testing, 4.13

viewing, 6.5.1

external data

retrieving for authorization, 6.10

F

Failover Threshold field, 3.4.2, 3.4.3

features

new, Preface

feedback

email address for, 2.3.2

File Rotation Interval field, 3.3.1.1, 3.3.2

Firefox, 3.10.3.1

form

challenge method, 5.3.2

form challenge method, 5.2, 5.3.2

form challenge parameter, 5.3.2

form login

Identity System, 3.10

form-based authentication, 3.10.2, 3.10.3.3, 5.3.2, A.1

about, A, B

action challenge parameter, A.1.1

challenge parameters, A.1.1

collecting external data for, A.1.6

configuring, A.3, A.3

considerations, A.2

creating the form, A.2

credential_mapping plug-in, A.1.3

creds challenge parameter, A.1.1

custom plug-in, A.1.3

examples, A.4.1

form challenge parameter, A.1.1

header variables, A.1.5

instead of a plug-in, 5.10.5.1

multi-language form, A.4.3

ObFormLoginCookie, 3.10.3.3, A.2.1

overview, 5.10.5.1

passthrough challenge parameter, A.1.1

plug-ins, 5.4.6, A.1.3

redirection, use of, A.1.2

session cookie, A.1.4

task overview, A.1

validate_password plug-in, A.1.3

G

GET operation, 4.4.3

GetProxySSLStateHeader, 3.4.3.2, 3.4.3.2, 3.4.3.2

getting started, 1

Global Pass Phrase, 3.4.4

globalization, Preface, Preface, 3.4.3.2

H

HEAD operation, 4.4.3

header variables, 7.6

actions and, 5.10.4, 6.6.2

caching, 5.10.4.1, 6.6.3.1

cookies and, 6.6.3

duplicate actions and, 6.7.3.2

GetProxySSLStateHeader, 3.4.3.2

HTTP, 5.10.4

in authorization rules, 6.2.3

in single sign-on, 7.6

non-ascii characters in, Preface, 5.10.2, 5.10.7, 5.10.7

passing information via, 3.10.2, 5.10.1

passing on redirection, 5.10.4, 5.10.5, 5.10.7

setting credentials in, 7.6

use with cookies, 5.10.2

Web server handling of, 5.10.4.2

with WebGate behind a reverse proxy, 3.4.3.2

host identifiers, 2.2, 2.2.2, 3.1, 3.4.2, 3.4.3, 4.3.1

adding, 3.7.2.3

and SSO, 7.4.2.1

and virtual Web hosting, 3.7.2

definition, 4.3.1, 4.9.7.1

deleting, 3.7.2.2

using, 3.7.2, 4.9.7.1

using vs preferred hosts, 3.7

viewing, 3.7.2.2

vs DenyOnNotProtected, 3.4.2, 3.8

Hostname field, 3.3.2, 3.4.2, 3.4.3

hosts

configuring identifiers for, 3.7

HTTP, 4.4.2

operations, 4.4.3

I

Identity application

cookies generated at login, 3.10.2, 3.10.3.4

protecting, 7.7.1

Identity Domain, 4.3.3

Identity Server

cache flush, 2.3.3

logged you in but other system logged you out error, D.1.5.1

Identity Server logged you in but other system logged you out error, D.1.5.1

Identity System

anonymous access to, 5.2

configuring, Preface

form login, 3.10

IdentityXML, Preface

protecting, process for, 3.10

SSO logout for, B.1

Idle Session Time field, 3.4.2, 3.4.3

IIS, A.3.2

IIS Lockdown tool, 3.5.4

IIS6, 3.5.4

impersonation, 3.4.2, 3.4.3

enabling in the Access System, 7.8, 7.8

Impersonation Password field, 3.4.2, 3.4.3

Impersonation Username field, 3.4.2, 3.4.3

InactiveReconfigPeriod, 3.4.3.2, 3.4.3.3

InactiveReconfigPeriods, 3.4.3.2

inconclusive results, 6.7.2.1

installation, Preface

silent, 3.3.6, 3.3.6

Integrated Windows Authentication, 3.4.3.2

introduction, 1

IP address

deny access according to IP address, 6.3.4

IP address validation, 3.5.3

IPValidation, 3.4.2, 3.5.3

configuring, 3.5.3

IPValidation field, 3.4.2, 3.4.3

IPValidationException field, 3.4.2, 3.4.3

IWA, 3.4.3.2

L

language

multi-language form, A.4.3

localization, A.3.2

logging

automatic updates, Preface, Preface

new features in this release, Preface

what's new in this release, Preface

cookies generated during, 3.10.3

form-based, A

form-based login, configuring, A.1

on Netscape, 3.4.3.2

process, 3.8, 3.10, 3.10

process, scenarios for, 3.10.2

self-registration auto login, 3.4.2

logout, 2.3.3

adding logout URLs, 3.4.2

button for, 3.4.3.1

caveats for, 3.10.3.1

configuring, B

configuring, for WebGates, 3.4.2

custom logout pages, B.2

for an Identity System resource, 3.4.3.1

forced, 3.4.2

from a multi-domain SSO session, 7.5.3

from a single-domain SSO session, 7.4.4

how it works, B.1

issues with form-based authetication, A.2.1

logout URL, 7.4.4, B, B.1

SSO logout URL, configuring, 2.3.3

logout.html, 7.6.2

LogOutUrls field, 3.4.3

M

Master Audit Rule, 4.10

Maximum Client Session Time field, 3.3.1.1, 3.3.2, 3.4.2, 3.4.3

Maximum Connections field, 3.4.2, 3.4.3

Maximum Elements in Cache field, 3.4.2, 3.4.3

Maximum Elements in Policy Cache field, 3.3.1.1, 3.3.2

Maximum Elements in Session Token Cache field, 3.3.1.1

Maximum Elements in User Cache field, 3.3.1.1, 3.3.2

Maximum User Session Time field, 3.4.2, 3.4.3

Microsoft Passport, 3.4.3.2

Mozilla, 3.10.3.1

mySAP, 7.6.1

N

name changes, Preface

names, new, Preface

NetPoint

now named Oracle Access Manager, Preface

NetPoint 5.x, 3.4.3.2

NetPoint SAML Services

now named Oracle Identity Federation, Preface

Netscape, 3.4.3.2, 3.10.3.1

network traffic, 3.4.3.3

cache timeout, 9.3.2

for Access System, 3.4.3.3

reducing, 3.4.3.3

new features

logging, Preface

NT/Win2000 plug-in, 5.4.6

number of connections, 3.5.5.1

Number of Threads field, 3.3.1.1, 3.3.2

O

ob_date, 4.10.1

ob_datetime, 4.10.1

ob_event, 4.10.1

ob_ip, 4.10.1

ob_operation, 4.10.1

ob_reason, 4.10.1

ob_serverid, 4.10.1

ob_time, 4.10.1

ob_time_no_offset, 4.10.1

ob_url, 4.10.1

ob_userid, 4.10.1

ObBasicAuthCookie, 3.10.3.2

ObFormLoginCookie, 3.10.3, 3.10.3.3, A.2.1

obMappingBase, 5.4.7

obMappingFilter, 5.4.7, A.3.3

obmygroups

in authorization actions, 6.6.4

ObPERM Cookie, 3.10.3

ObPERM cookie, 3.10.3.6

ObSSOCookie, 3.4.2, 3.4.3, 3.5.3, 3.10, 3.10.3, 3.10.3.1, 7.3

and redirection for SSO, 7.5.1

and single domain SSO, 7.4.1

cache, 3.10.3.1

caveats for, 3.10.3.1

configuring, 7.3.2

form-based authentication and, A.1

grandfathering, 7.3.2

multi-domain SSO and, 7.5

retaining over multiple sessions, 5.3.7

security of, 7.3.1

single sign-on and, 7.4.1

unencrypted data in, 7.3

ObTEMC Cookie, 3.10.3

ObTEMC cookie, 3.10.3.4

ObTEMP Cookie, 3.10.3

ObTEMP cookie, 3.10.3.5

OHS2, 3.4.3.2

Open mode, 3.4.2, 3.4.3

OPTIONS operation, 4.4.3

Oracle Access Manager

formerly NetPoint or COREid, Preface

protecting, 5.1.4

unprotecting, 5.1.4

Oracle HTTP Server 2, 3.4.3.2

Oracle Identity Federation, Preface

formerly SHAREid, Preface

OracleAS, 7.6.1, 7.6.1, 7.6.1, 7.6.1

OTHER operation, 4.4.3

P

parameter files, C

about, C

passing information in a header variable, 5.10.3

passthrough challenge parameter, 5.3.2

password

cache, 5.4.9

password policy cache, 2.2, 8.5

Password Policy Reload Period field, 3.3.1.1, 3.3.2

passwords

caching, 5.4.11

PDF files, 3.4.2

performance, 3.3.2, 3.8

caching passwords, 5.4.11

configure cache timeout, 9.3.2

duplicate actions, impact, 6.7.3.1

logout URLs, impact, 7.4.4

viewing policy domains, impact, 9.4

personalizing the end user's interaction, 5.10.3

plug-ins

about, 4.7

adding, 5.5

adding to an authentication scheme, 5.5.2

cert_decode, 5.4.6, 5.4.6

about, 5.4.10

credential_mapping, 5.4.6

about, 5.4.7

for form-based authentication, A.1.3

parameters, 5.4.7

custom

for form-based authentication, A.1.3

custom plug-ins, creating, 4.7

custom, authorization schemes for, 6.8

custom, to use in authorization schemes, 6.8

definition, 4.7

deleting from an authentication scheme, 5.5.3

for a step, 5.6.2

for authentication

about, 5.4

Access System-provided, 5.4.1

custom, 5.4.2

for challenge methods, 5.4.6

to change security levels, 5.4.5

for authentication flows, 5.8.1

for authentication schemes, 4.6, 4.7, 5.1.2

for authorization

about, 6.8.1.1

specifying, 6.9.1

task overview, 6.8.1.1

for authorization schemes, 4.7

optional parameters, 6.9.1.3

required parameters, 6.9.1.2

for custom authorization actions, 6.7.6

for disjoint (multiple) searchbases, 5.3.4

for UNIX, 4.7

for Windows, 4.7

form-based authentication, A.1.3

in a step, changing, 5.7.4

NT/WIN2000, 5.4.6

return codes, 5.4.3

SecurID, 5.4.6

selection_filter, 5.4.6, 5.4.6

validate_password, 5.4.6, 5.4.6

about, 5.4.9

for form-based authentication, A.1.3

parameters, 5.4.9

versus form-based authentication, 5.10.5.1

viewing, 5.5.1

vs using form-based authentication, 5.10.5.1

why separate into steps, 5.6.4

Windows NT/2000, 5.4.12

Plumtree Corporate Portal, 7.6.1

policy, 4

R

RC4 encryption, 7.3.2

RC4 encryption scheme, 7.3.2

RC6 encryption, 7.3.2

RC6 encryption scheme, 7.3.2

redirecting an authentication request, 5.3.2

redirecting users to a specific URL, 5.10.3

redirection, 5.10.5, 6.2.3

and header variables, 5.10.1

authorization rules and, 6.2.3

configured in an action, 5.10.5

configuring, 7.5.1

for authentication success and failure, 5.10.7

in form-based login, A.1.1, A.1.2

in multi-domain SSO, 7.5.1

multi-domain SSO use of, 5.3.2

to a URL for authentication, 5.3.2

Redirection URL field, 5.10.7

report files, 3.4.2

reports

user access privileges, 8.7

resource

adding to a policy domain, 4.9.7, 4.9.7.1

auditing of, 4.12.1

authenticating users who try to access, 5

deleting, 4.9.9

denying access by default, 3.7, 3.8

EJB, 4.4.2

HTTP, 3.4, 4.4.2

identified by host identifier, 3.7

identified by preferred host, 3.7

J2EE, 4.4.5

policies for, 4.5

policy domain root, 4.1.2

protecting, 2.2

protecting all resources, 4.8.1.2

protecting with policy domain, 4

protecting with WebGate, 3.1

type

configuring, 4.4

defining, 4.4.6

unprotecting all resources, 4.8.1.1

URL pattern for, 4.5

URL patterns, about, 4.5.3

URL prefix, about, 4.5.1

URLs for, 4.5

who can define resource types, 2.2.2

Resource Matching field, 4.4.6

Resource Name field, 4.4.6

Resource Operation field, 4.4.6

resource types

about, 4.4

C programs, 4.4.5

C++ programs, 4.4.5

CRM applications, 4.4.5

directories, 4.4.5

Enterprise Java Beans (EJBs), 4.4.5

ERP applications, 4.4.5

Java programs, 4.4.5

Java Server pages (JSPs), 4.4.5

query strings, 4.4.5

supported, 4.4.5

web applications, 4.4.5

web pages, 4.4.5

reverse proxy, 3.4.3.2, 7.4.3

revoking users, 8.3.1

role

deny access to a role, 6.3.4

RSA SecurID, 7.6.1

rule

deny access filters, 6.3.4

rules

about, 4.8

illustration of, 4.8

types of, 4.8

S

schemes

T

Task overview

Administering a policy domain, 4.2.2

Associating an AccessGate with an Access Server or cluster includes, 3.6.2

configuring a custom logout page, B.2

Configuring form-based authentication, A.1

Create an AccessGate, 3.4

Creating a form for authentication, A.3, A.3

Creating a policy domain, 4.2.3

Creating authorization expressions, 6.1.2

Creating the first policy domain, 4.2.1

Defining actions for a policy's authentication rule, 5.10.8

Defining and managing authentication schemes, 5.3

Defining authentication and authorization schemes for single sign-on, 7.4.2.1

Enabling single domain single sign-on, 7.4.2

Implementing multi-domain single sign-on, 7.5

Prerequisite tasks for a Master Administrator, 4.1

Protecting resources on a virtual host, 3.7

Providing customized authorization plug-ins, 6.8.1.1

servers

Creating an Access Server, 3.3

Setting authentication actions for a policy domain, 5.10.7

timeout

for WebGate to AccessGate connections, 3.4.3.2

TRACE operation, 4.4.3

traffic, network, 3.4.3.3

transport security, 3.3.1.1

changing, caveat for, 3.3.5.1

configuring from the command line, 3.4.4

for AccessGates, 3.4.3

modes, 3.3.1.1

options, 3.4.2, 3.4.2

password, command line option, 3.4.4

password, configuring, 3.4.4

reconfiguring, 3.4.4

searching based on, 3.4.1

selecting the mode, 3.3.2

when to use the same mode, 3.3.5.1

Transport Security field, 3.3.1.1, 3.3.2, 3.4.2, 3.4.3

troubleshooting, D, D

typical problems in Oracle Access Manager, D

U

URL

containing the ObSSOCookie, 7.3

decimal addressing, 3.7.2

deny access to all URLs, 3.4.2

flushing from cache, 8.5

form action URLs, A.3.1.1

logout URLs, 3.4.2, 7.4.4, B, B.1

maximum number in cache, 3.4.2

Oracle Access Manager URLs, unprotecting, 5.1.4

pattern matching symbols, 4.5.4

patterns, how used, 4.5.3

policy domain root URL, 4.1.2

prefix, 4.1.2

prefix reload period, 3.3.1.1

prefix, how used, 4.5.1

prefixes for, 4.5

protecting Oracle Access Manager URLs, 5.1.4

redirection, 5.10.1, 5.10.3, 6.2.3

Redirection URL field, 5.10.7

SSO Logout URL, 2.3.3, 7.6.2

storing as https, 3.4.3.2

user credentials in, 7.6

WebGate diagnostic, 3.5.4

URL Prefix Reload Period field, 3.3.1.1, 3.3.2

URLInUTF8Format, 3.4.3.2

UseIISBuiltinAuthentication, 3.4.3.2

user cache timeout, 3.3.1.1, 5.10.4.1

User Cache Timeout field, 3.3.1.1, 3.3.2

user-defined parameters, 3.4.2, 3.4.3.2

client_request_retry_attempts, 3.4.3.2

GetProxySSLStateHeader, 3.4.3.2

InactiveReconfigPeriods, 3.4.3.2

SlowFormLogin, 3.4.3.2

URLInUTF8Format, 3.4.3.2, 3.4.3.2

UseIISBuiltinAuthentication, 3.4.3.2

WaitForFailover, 3.4.3.2

User-Defined Parameters field, 3.4.2, 3.4.3

users

access privilege reports, 8.7

authentication and authorization of, 1.2

authentication of, Preface, 1.1

authorization of, Preface, 1.1

deny access to specific user, 6.3.4

filtering inactive users, 5.4.8

flushing from the cache, 8.3.2

inactive, 5.4.8

revoking, 8.3.1

UTF-8, 3.4.3.2

V

Validate Password Authentication Plug-Ins, A.1.3

validate_password, 5.4.6

about, 5.4.9

for form-based authentication, A.1.3

parameters, 5.4.9

validate_password plug-in, 5.4.6, A.1.3

virtual servers, 3.7.1

configuring, 3.7.3

virtual Web hosting, 3.7.3

configuring a WebGate for, 3.7.3

W

WaitForFailover, 3.4.3.2, 3.4.3.2, 3.4.3.2

Web forms, A

Web pages

protecting

see resource, protecting

Web server hosts

configuring identifiers for, 3.7

WebGate, 1.2