What's New

This section describes changes since the 10.1.4.0.1 release.:

• New Features in Oracle Identity Federation

• Documentation Updates

• Terminology Changes

New Features in Oracle Identity Federation

With the 10.1.4.2 patch set release, Oracle Identity Federation provides:

• Attribute Name Mapping, Attribute Value Mapping, and Attribute Value Filtering

• a new command-line tool designed to perfom bulk delete operations of federation records from the Federation Data Store

• the ability to configure how Oracle Identity Federation responds when an error occurs in the logout flow

• a mechanism for requiring a client SSL certificate for all SOAP requests

• the no-fail-on-error option during Liberty 1.x/SAML 2.0 logout flow processing

• support for custom authentication engines

• the ability to configure the logout service to return the logout status

• the ability to configure SAML 2.0 Authentication Query Response and Assertion ID Request

Documentation Updates

The following new topics have been added to the Oracle Identity Federation Administrator's Guide:

• Sizing Guidelines

• Deploying Oracle Identity Federation with eTrust SiteMinder

• Deploying Oracle Identity Federation with a Sun Java System Web Server

• Configuring Oracle Identity Federation to Use IBM Tivoli Directory Server as the Data Store

• Integrating with Third-Party Identity & Access Management Modules

• Configuring Attribute Mapping

• Interoperating with Microsoft ADFS

• Logout Status

• Configuring SAML 2.0 Authentication Query Response

• Configuring SAML 2.0 Assertion ID Request

• Additional eTrust SiteMinder Configuration

• References

The following instructions have been updated:

• Using SSL with Oracle Identity Federation

Terminology Changes

Several terms that were previously used to describe Oracle Identity Federation or Oracle SHAREid features are no longer in use with release 10.1.4.2:

• SmartMaps - If a SHAREid SP could not map an incoming SSO assertion to a local user, the SmartMaps interface could be used to create a new user.

  This is not a supported feature in Oracle Identity Federation and the term is not used.

• SmartWalls - This was a best practice related to mapping an incoming SSO assertion to a user. SmartWalls was intended to thwart a user from one IdP from impersonating a user from another IdP by falsely asserting attributes for that user.

  As a rule, SAML 2.0 and Liberty do not use attribute mapping; instead they use opaque name identifiers that are not susceptible to this problem. The term SmartWalls has been replaced by "local user mapping".

• SmartMarks - This concept has been superseded in SAML 2.0 with the implementation of the SP-initiated IdP discovery using common domain cookies. While the feature is still applicable in the context of SAML 1.x, from now on it is referred to as SP-initiated IdP discovery.