Oracle® Identity Federation Administrator's Guide 10g (10.1.4.0.1) B25355-02 |
|
Previous |
Next |
This section describes changes since the 10.1.4.0.1 release.:
With the 10.1.4.2 patch set release, Oracle Identity Federation provides:
Attribute Name Mapping, Attribute Value Mapping, and Attribute Value Filtering
a new command-line tool designed to perfom bulk delete operations of federation records from the Federation Data Store
the ability to configure how Oracle Identity Federation responds when an error occurs in the logout flow
a mechanism for requiring a client SSL certificate for all SOAP requests
the no-fail-on-error option during Liberty 1.x/SAML 2.0 logout flow processing
support for custom authentication engines
the ability to configure the logout service to return the logout status
the ability to configure SAML 2.0 Authentication Query Response and Assertion ID Request
The following new topics have been added to the Oracle Identity Federation Administrator's Guide:
Deploying Oracle Identity Federation with a Sun Java System Web Server
Configuring Oracle Identity Federation to Use IBM Tivoli Directory Server as the Data Store
Integrating with Third-Party Identity & Access Management Modules
The following instructions have been updated:
Several terms that were previously used to describe Oracle Identity Federation or Oracle SHAREid features are no longer in use with release 10.1.4.2:
SmartMaps - If a SHAREid SP could not map an incoming SSO assertion to a local user, the SmartMaps interface could be used to create a new user.
This is not a supported feature in Oracle Identity Federation and the term is not used.
SmartWalls - This was a best practice related to mapping an incoming SSO assertion to a user. SmartWalls was intended to thwart a user from one IdP from impersonating a user from another IdP by falsely asserting attributes for that user.
As a rule, SAML 2.0 and Liberty do not use attribute mapping; instead they use opaque name identifiers that are not susceptible to this problem. The term SmartWalls has been replaced by "local user mapping".
SmartMarks - This concept has been superseded in SAML 2.0 with the implementation of the SP-initiated IdP discovery using common domain cookies. While the feature is still applicable in the context of SAML 1.x, from now on it is referred to as SP-initiated IdP discovery.