Oracle® Access Manager Schema Description 10g (10.1.4.2.0) Part Number E10357-01 |
|
|
View PDF |
This document describes the Oracle-provided objects and attributes that control the behavior of the Oracle Access Manager 10g product. This information is being provided to help you understand the structure and behavior of the Oracle Access Manager product. This document is not intended to be used as a guide for modifying the Oracle Access Manager schema. Oracle does not support modified versions of its schema.
For a number of schema attributes that involve dates and times, Oracle Access Manager stores the data in epoch date and time," where a "0" time is January 1, 1970 00:00:00 GMT, and the value equals the number of seconds from this time. Epoch time allows systems to mathematically compare dates with other dates or some other measure of time. You can use an epoch time converter to calculate the actual date and time with the value stored with the attribute.
The following sections summarize the directory objects and attributes specific to Oracle Access Manager.
Note:
Modifying the schema can cause problems when upgrading to new versions of Oracle Access Manager, and it can cause compatibility issues with older versions.Table 1-1 lists the oblixApplication class descriptions.
Table 1-1 oblixApplication Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This class defines the container for application-level definitions. |
Class type |
Structural |
PossSuperiors |
oblixConfig |
Naming attribute |
obApp |
OID |
1.3.6.1.4.1.3831.0.1.8 |
For example, obapp=userservcenter, ou=oblix, o=company, c=us
.
Table 1-2 lists the oblixApplication attributes.
Table 1-2 oblixApplication Attributes
Attribute | Required | Description |
---|---|---|
obApp |
Yes |
The name of the application. This is the naming attribute. |
obDirFunctions |
No |
The functions configured for this application. The values are true or false to indicate whether a function button is ready to be displayed on the application user interface. Examples of the values are:
|
obVer |
No |
The current release version. |
Table 1-3 lists the oblixPanel class descriptions.
Table 1-3 oblixPanel Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class is used to define entries of panels, reports, workflow tables, search results, and so on. Since this class is the super class of oblixTabPanel, the attributes defined in this class are also applicable to tabs. |
Class type |
Structural |
PossSuperiors |
oblixClass, oblixTabPanel, oblixConfig |
Naming attribute |
obPanelID |
OID |
1.3.6.1.4.1.3831.0.1.0 |
For example,
obpanelid=telephony, obpanelid=employees, obapp=userservcenter, ou=oblix, o=company, c=us
obpanelid=ticketTable, ou=oblix, o=company, c=us
Table 1-4 lists the oblixPanel attributes.
Table 1-4 oblixPanel Attributes
Attribute | Required | Description |
---|---|---|
obPanelID |
Yes |
The ID that uniquely identifies this panel, tab, or table. It is used as the naming attribute. |
obClass |
Yes |
The object classes to be used when entry information is searched. When used for a panel, the valid value is inetOrgPerson or another configured person class. When used for a tab, the valid values are:
When used for a ticket table, the valid value is obTicket. When used for report, the valid value is inetOrgPerson or another configured person or generic class. |
obReady |
Yes |
Whether the panel is ready for display. The default is false. |
obName |
Yes |
The name of the panel or tab. If obPanelTabImageFileName is not used, this label will show up in the default image. |
obPanelType |
Yes |
The type of the panel. When it used for a panel, the valid values are:
and so on. When it is used for a tab, the valid values are:
|
obTemplateClass |
No |
Contains all template classes attached to a tab. |
obOrder |
No |
The order this panel is to be displayed in relation to other panels. |
obDescription |
No |
The description for this object. |
obFilter |
No |
The search filter is used in an "and" relationship with the obClass when generating a report. It is not used in panels. |
obMouseOver |
No |
The help message displayed when the mouse is over this field. |
obPanelTabImgFile Name |
No |
The image file to be used to draw the top panel or tab image. |
obPanelTabImg Depressed |
No |
The image file to be used to draw the top panel or tab image when a user selects the panel or tab. |
obPanelTabImgFile NameBottom |
No |
The image file to be used to draw the bottom panel or tab image for a horizontal profile. |
obPanelTabImg DepressedBottom |
No |
The image file to be used to draw the bottom panel or tab image when the user selects the panel or tab for a horizontal profile. |
obPanelTitleImgFileName |
The image file to be used to display the title for this panel. |
|
obPanelelcTabImg FileName |
Not in use. |
Not in use. |
obPanelelcTabImg FileName2 |
Not in use. |
Not in use. |
obPanelelcTabImg FileNameBottom |
Not in use. |
Not in use. |
obPanelelcTabImg FileName2Bottom |
Not in use. |
Not in use. |
obHidden |
No |
Whether this panel is for system use only. The default is false. An example:
|
obVer |
The current release version. |
For example, obapp=userservcenter, ou=oblix, o=company, c=us
.
Table 1-5 lists the oblixTabPanel class descriptions.
Table 1-5 oblixTabPanel Class Description
Characteristic | Value |
---|---|
SubClassOf |
oblixPanel (It is Top for Active Directory so that Active Directory will have all the attributes from oblixPanel.) |
Description |
This object class is used to define the tabs and workflow ticket tables. |
Class type |
Structural |
PossSuperiors |
oblixApplication, oblixClass |
Naming attribute |
obPanelID |
OID |
1.3.6.1.4.1.3831.0.1.1 |
For example:
obpanelid=Employees, obapp=userservcenter, ou=oblix, o=company, c=us
obpanelid=Locations, obapp=objservcenter, ou=oblix, o=company, c=us
obpanelid=ticketTable, obclass=obticket, ou=oblix, o=company, c=us
Table 1-6 lists the oblixTabPanel attributes.
Table 1-6 oblixTabPanel Attributes
Attribute | Required | Description |
---|---|---|
obTabSearchBaseStr |
No |
The search base associated with the tab. |
obPanelFilter |
No |
A filter that will be used in an "and" relationship with the obClass when directory entry information is searched. |
obHTMLFile |
No |
Not in use. |
obVer |
No |
The current release version. |
Table 1-7 lists the oblixMetaAttribute class descriptions.
Table 1-7 oblixMetaAttribute Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This class holds the Oracle Access Manager meta information for handling the semantic relationship, the display name, the display type, and so on for the attributes. It is used for attributes that are configured under panels or with the object classes. |
Class type |
Structural |
PossSuperiors |
oblixPanel, oblixTabPanel, oblixClass |
Naming attribute |
obAttr |
OID |
1.3.6.1.4.1.3831.0.1.4 |
For example, attributes under a panel:
obattr=cn,obpanelid=Employees, obapp=userservcenter, ou=oblix, o=company, c=us
For example, attributes under a class:
obattr=mailstop, obclass=inetorgperson, ou=oblix, o=company, c=us
Table 1-8 lists the oblixMetaAttribute attributes.
Table 1-8 oblixMetaAttribute Attributes
Attribute | Required | Description |
---|---|---|
obAttr |
Yes |
The name of the attribute this meta data is for. This is the naming attribute. |
obDisplayName |
No |
The user friendly name for the attribute that the end user sees. |
obDisplayType |
Yes |
The display appearance of this attribute. When it used for a panel, the valid values are:
The allowed values of obDisplayType varies depending on the value of the obSemanticType. |
obSemanticType |
No |
The semantic rule associated with this attribute. Valid values:
|
obDateType |
No |
The value can be:
|
obDateSeparator |
No |
The value can be:
|
obChoiceType |
No |
When the obDisplayType is a radio button, check box, or a selection menu, this attribute is used to indicate:
See oblixEnum and oblixRule for details. |
obOrder |
No |
The sequence in which the attribute appears on a panel. |
obCardinality |
No |
Whether a single value or multiple values are allowed for this attribute. Valid values are ob_single and multi. |
obLifeCycleInfo |
Not in use. |
|
obSearchable |
No |
Whether this attribute should appear in a search list. The value of this attribute is automatically assigned based on the display type. |
obRows |
No |
Used as a back-door way to specify the number of rows for displaying a muti-line text box. |
obCols |
No |
Used as a back-door way to specify the number of columns for displaying a muti-line text box |
obSize |
No |
Used as a back-door way to determine the width of a single line of text |
obVisible |
No |
Determines whether this attribute appears on the user interface for configuring and generating a report. The value of this attribute is automatically assigned based on the display type. |
obObjectClass |
No |
The object class in which the derived attribute or Generic Selector is looked up. |
obLookupAttr |
No |
The attribute to be looked up in another object class for the derived attribute |
obMatchAttr |
No |
The attribute to be matched for the derived attribute. |
obReportable |
Not in use. |
|
obClass |
No |
|
obDefaultValue |
Not in use. |
|
obMaxLength |
No |
Used to specify the maximum number of characters for displaying a single-line text box or a password. |
obDataType |
No |
|
obDriving |
||
obDrivenBy |
||
obVer |
No |
The current release version. |
For example, obapp=userservcenter, ou=oblix, o=company, c=us
.
Table 1-9 lists the oblixRule class descriptions.
Table 1-9 oblixRule Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class holds the rules associated with the meta data. |
Class type |
Structural |
PossSuperiors |
oblixMetaAttribute |
Naming attribute |
obID |
OID |
1.3.6.1.4.1.3831.0.1.7 |
For example:
obrule=ourule, obattr=ou, obclass=inetorgperson, ou=oblix
obrule=ourule, obattr=obparentlocationdn, obclass=oblixlocation, ou=oblix, o=company, c=us
Table 1-10 lists the oblixRule attributes.
Table 1-10 oblixTabPanel Attributes
Attribute | Required | Description |
---|---|---|
obID |
Yes |
The system generated unique ID to be used as the naming attribute. |
obAttr |
Yes |
The attribute value to be used when the rule is satisfied. This attribute may or may not be the same as the attribute that meta data is associated with. |
obRule |
Yes |
The filter assigned to the rule. |
obVer |
No |
The current release version. |
Table 1-11 lists the oblixEnum class descriptions.
Table 1-11 oblixRule Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class holds the choice associated with the meta data. |
Class type |
Structural |
PossSuperiors |
oblixMetaAttribute |
Naming attribute |
obID |
OID |
1.3.6.1.4.1.3831.0.1.7 |
For example:
obid=19980713T2257320, obattr=employeetype, obclass=inetorgperson, ou=oblix, o=company, c=us
Table 1-12 lists the oblixEnum attributes.
Table 1-12 oblixEnum Attributes
Attribute | Required | Description |
---|---|---|
obID |
Yes |
The system-generated unique ID to be used as the naming attribute. |
obStoreAs |
Yes |
The actual value to be used for processing. |
obDisplayName |
No |
The name, corresponding to the obStoredAs value, to be displayed in a list for the user to select. |
obOrder |
No |
The order for displaying in the list. |
obVer |
No |
The current release version. |
Table 1-13 lists the oblixUserDefinedButton class descriptions.
Table 1-13 oblixUserDefinedButton Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class defines entries for user defined functions (options). Not in use. |
Class type |
Structural |
PossSuperiors |
oblixApplication |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.0.1.7 |
For example:
obname=my option, obapp=userservcenter, ou=oblix, o=company, c=us
Table 1-14 lists the oblixUserDefinedButton attributes.
Table 1-14 oblixUserDefinedButton Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obHTMLFile |
Yes |
The URL of the HTML file to be invoked when this button is clicked. |
obApp |
No |
Intended for a pointer to point back to the application this button belongs to. Currently not filled. |
obButtonImgFileName |
No |
The name of the image file for the button. |
obMouseOver |
No |
The help text displayed when the mouse is over this button |
obVer |
No |
The current release version. |
Table 1-15 lists the oblixOrgPerson class descriptions.
Table 1-15 oblixOrgPerson Class Description
Characteristic | Value |
---|---|
SubClassOf |
|
Description |
This object class is an auxiliary class for associating Oracle Access Manager person information with the class configured as the structural person object class. |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.0.1.13 |
For example
cn=Rohit Valiveti, ou=Sales, ou=Dealer1k1, ou=Latin America, ou=Ford, o=company, c=us
Table 1-16 lists the oblixOrgPerson attributes.
Table 1-16 oblixOrgPerson Attributes
Attribute | Required | Description |
---|---|---|
obUIConfig |
No |
Not in use. |
obLocationDN |
No |
The location DN for this person. |
obRectangle |
No |
The rectangle location relative to the location map. |
obPSFTID |
No |
Not in use. |
obInDirectManager |
No |
The DN of the indirect manager. |
obObjectClass |
No |
Not in use. |
obDirectReports |
No |
Not in use. |
obUserAccount Control |
No |
The flag indicating whether the user is activated. Possible values include: activated, deactivated, and ObWfPendingActivate. If no value is present, activated is assumed. |
obOutOfOffice Indicator |
No |
This attribute indicates if the person is on vacation. If yes, it will have value as true. Otherwise the value is false. |
obVer |
No |
The current release version. A value of 10.1.4.0 or greater in oblixOrgPerson indicates that the challenge phrase and response attributes are encoded with a delimiter of @n# between multiple values. In the encoding, n is the number of the challenge or response. For more information about multiple challenge and response attributes, see the Oracle Access Manager Identity and Common Administration Guide For implications when upgrading from an earlier release to Oracle Access Manager 10g, see the Oracle Access Manager Upgrade Guide. |
Table 1-17 lists the oblixGroup class descriptions.
Table 1-17 oblixGroup Class Description
Characteristic | Value |
---|---|
SubClassOf |
|
Description |
This object class is attached to the group object class managed by the Group Manager. |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.0.1.14 |
For example
cn=testing group, o=company, c=us
Table 1-18 lists the oblixGroup attributes.
Table 1-18 oblixGroup Attributes
Attribute | Required | Description |
---|---|---|
obGroupCreator |
No |
The DN of the user who created the group. |
obGroupCreation Date |
No |
The date and time the group is created. |
obSubscription Types |
No |
The group subscription policy. Possible values are:
|
Table 1-19 lists the oblixAdvancedGroup class descriptions.
Table 1-19 oblixAdvancedGroup Class Description
Characteristic | Value |
---|---|
SubClassOf |
|
Description |
This object class is used to attach additional attributes to the group object to provide advanced features |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.8.1.1 |
Table 1-20 lists the oblixAdvancedGroup attributes.
Table 1-20 oblixAdvancedGroup Attributes
Attribute | Required | Description |
---|---|---|
obVer |
No |
The current release version. |
obGroupSubscriptionType |
No |
The subscription policy associated with this group. |
obGroupExpanded Dynamic |
No |
This attribute controls whether a dynamic group is going to be expanded from time to time into static members. |
obGroupSimplifiedAccessControl |
No |
Indicates the type of initial access control set on a group during creation. |
obGroupPureDynamic |
No |
Indicates whether a group is purely dynamic and no static uniquemembers can be added. |
obGroupAdministrator |
No |
The administrator for the group. This is different from the owner. |
obGroupSubscribe Message |
No |
Message to send to a new member when subscribed to a group. |
obGroupUnsubscribe Message |
No |
Message to send to a member when unsubscribed from a group. |
obGroupSubscription Filter |
No |
The LDAP filter to specify who can subscribe to a group if the obSubscriptionType is set to Filter. |
obGroupDynamicFilter |
No |
The dynamic filter for this group. |
Table 1-21 lists the oblixLocation class descriptions.
Table 1-21 oblixLocation Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class defines the location entries. It is provided for use of the location feature. |
Class type |
Structural |
PossSuperiors |
domainDNS, organization, organizationUnit, locality |
Naming attribute |
obID |
OID |
1.3.6.1.4.1.3831.0.1.3 |
For example
obid=650_castro, o=company, c=us
Table 1-22 lists the oblixLocation attributes.
Table 1-22 oblixLocation Attributes
Attribute | Required | Description |
---|---|---|
obID |
Yes |
The unique ID of the location. It is the naming attribute. |
obLocationName |
No |
The description for this location. For example, it could be the address. |
obLocationTitle |
No |
The name given for this location. For example, it could be the sales office. |
obPhoto |
No |
The image for this location. |
obParentLocation DN |
No |
The parent location DN. |
obRectangle |
No |
The rectangle location relative to the parent location. |
obVer |
No |
The current release version. |
Table 1-23 lists the oblixClass class descriptions.
Table 1-23 oblixClass Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class defines the meta information for the object class. |
Class type |
Structural |
PossSuperiors |
oblixConfig |
Naming attribute |
obClass |
OID |
1.3.6.1.4.1.3831.0.1.9 |
For example:
obclass=inetorgperson,ou=oblix,o=company,c=us
obclass=obticket,ou=oblix,o=company,c=us
obclass=oblixlocation,ou=oblix,o=company,c=us
obclass=oblixorgperson,ou=oblix,o=company,c=us
Table 1-24 lists the oblixClass attributes.
Table 1-24 oblixClass Attributes
Attribute | Required | Description |
---|---|---|
obClass |
Yes |
The name of the object class this meta data is for. |
obReady |
Yes |
Whether this configuration is ready to be used. |
obClassAttr |
No |
One of the configured attributes for this class. This attribute is used as the link to the object profile. In attribute access, this attribute is used to determine if a user may view the object. |
obClassType |
No |
The class type as in the following:
|
obHidden |
No |
Whether it is for system use. |
obClassKind |
No |
Whether the defined class is structural or auxiliary. |
obVer |
No |
The current release version. |
Table 1-25 lists the oblixConfig class descriptions.
Table 1-25 oblixConfig Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class defines the container node for the configuration data. |
Class type |
Structural |
PossSuperiors |
domainDNS, organization, organizationalUnit, locality |
Naming attribute |
ou |
OID |
1.3.6.1.4.1.3831.0.1.2 |
For example:
ou=oblix,o=company,c=us
Table 1-26 lists the oblixConfig attributes.
Table 1-26 oblixConfig Attributes
Attribute | Required | Description |
---|---|---|
ou |
Yes |
The organizational unit. This is the naming attribute. |
obPersonOC |
Yes |
The person object class managed by the User Manager. |
obSearchbaseStr |
No |
The global searchbase defined at setup time. This is the default searchbase for all managed operations. |
obWebMasterEmail |
No |
The mail list name for Web masters. |
obBugReportEmail |
No |
The mail list name for filing bug reports. |
obFeedbackEmail |
No |
The mail list name for sending feedback. |
obPhotoStyle |
No |
The personal photo style. The value can be either ob_variable or ob_fixed. |
obPhotoHeight |
No |
The height of the photo displayed on the profile page. Used only when style is ob_fixed. |
obPhotoWidth |
No |
The width of the photo displayed on the profile page. Used only when style is ob_fixed. |
obSMTPHostName |
No |
The SMTP server name. |
obSMTPPort |
No |
The SMTP server port number. |
obDefaultStyle |
No |
Not in use. |
obDefaultOnlyStyle |
No |
Not in use. |
obUserSessionTimeout |
No |
The idle timeout duration of the Oracle Access Manager session if single sign-on is not being used. |
obRichHTMLEmail |
No |
Whether the mail server can handle rich text:
|
obVer |
No |
The current release version. This value is used by the Identity and Access Servers with the Lost Password Management feature. For more information about multiple challenge and response attributes, see the Oracle Access Manager Identity and Common Administration Guide For implications when upgrading from an earlier release to Oracle Access Manager 10g, see the Oracle Access Manager Upgrade Guide. |
obUserSessionElapseTime |
No |
The elapsed time for updating the session cookie. |
obSSOLogoutURL |
No |
Specifies the logout URL if single sign-on is enabled. |
obGroupOC |
No |
Object class managed by group manager. |
obSMTPDomainName |
No |
The mail server domain. |
obMailSentType |
No |
Mail sent type: asynchronous or synchronous |
obAsynchMailQueueSize |
No |
Queue size for asynchronous mail. |
obPasswordExpiryRedirectURL |
No |
The redirect URL for the password expiration warning. |
obLostPasswordRedirectURL |
No |
The redirect URL for lost password management. |
obPasswordChangeRedirectURL |
No |
The redirect URL for password reset. |
obPasswordManagementFlag |
No |
Not in use. |
obAdditionalSearchbasesStr |
No |
Used for disjoint searchbase support in ID. |
obPolicyBase |
No |
The domain path where access policies are stored. |
obCompoundData |
No |
A compound list that holds the attribute names of the most recent login attempts (successful or unsuccessful) and whether logging is enabled or disabled. Some directories restrict the size of attribute values. In cases where obCompoundData overflows, you can chunk the obCompoundData value and store it as a multivalued attribute. The chunk size is specified in the compound_data_threshold parameter in globalparams.xml for the Identity Server and Access Server installation areas. See the Oracle Access Manager Customization Guide for details. Example: <?xml version="1.0" encoding="ISO-8859-1"?> <CompoundList ListName="obcompounddata"> <ValNameList ListName="AuthnloggingConfig"> <Name ValPair ParamName="SuccessLogEnabled" Value="True"/> <Name ValPair ParamName="FailedLogEnabled" Value="True"/> <Name ValPair ParamName="SuccessAttemptTimeAttribute" Value="obLastFailedAttempt"/> </ValNameList> </compoundList> |
obAccountLockoutRedirectURL |
No |
Holds the default account lockout redirect URL. This URL used when a password policy does not contain this URL. |
Table 1-27 lists the oblixGroupOfUniqueNames class descriptions.
Table 1-27 oblixGroupOfUniqueNames Class Description
Characteristic | Value |
---|---|
SubClassOf |
groupOfUniqueNames—for Active Directory and NS. Top—for other directory servers. |
Description |
This object class defines the Web master and directory master groups. |
Class type |
Structural |
PossSuperiors |
organizationalUnit, organization, oblixConfig, oblixApplication |
Naming attribute |
cn |
OID |
1.3.6.1.4.1.3831.0.1.18 |
For example:
cn=Web Masters,ou=oblix,o=company,c=us
cn=Directory Administrators,ou=oblix,o=company,c=us
Table 1-28 lists the oblixGroupOfUniqueNames attributes.
Table 1-28 oblixGroupOfUniqueNames Attributes
Attribute | Required | Description |
---|---|---|
cn |
Yes |
Naming attribute for the group. |
obUniqueMemberStr |
No |
Web master or directory master for the group. |
businessCategory |
No |
Should not include this if it is inherited from groupOfUniqueNames. |
obVer |
No |
The current release version. |
Table 1-29 lists the oblixLanguage class descriptions.
Table 1-29 oblixLanguage Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class indicates the ability of Oracle Access Manager to support multiple language packs. |
Class type |
Structural |
PossSuperiors |
OblixConfig |
Naming attribute |
obID |
OID |
1.3.6.1.4.1.3831.0.1.35 |
For example:
dn: obid=2002T00000002, obcontainerid=language, o=Oblix
obid: 2002T00000002
obattr: obmouseover
oblanguage: fr-FR
obdisplayname: Informations de vue sur des employes
obresourceuid: obpanelid=Employees, obapp=UserServCenter, o=Oblix
objectclass: oblixtext
Table 1-30 lists the oblixLanguage attributes.
Table 1-30 oblixLanguage Attributes
Attribute | Required | Description |
---|---|---|
obID |
Yes |
Language tag RFC 1766. |
obLanguage |
No |
Language code part of the Language Tag ISO 639-1. |
obSubTag |
No |
Optional subtag of the Language Tag ISO 3166-1 or IANA. |
obOrder |
No |
Language evaluation order. |
obDisplayname |
No |
Display name of the configuration. |
obEnabled |
No |
If the value is true, the configuration is enabled. Otherwise, it is disabled. |
obVer |
No |
The current release version. |
Table 1-31 lists the oblixMedia class descriptions.
Table 1-31 oblixMedia Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class is used for the media display type. |
Class type |
Structural |
PossSuperiors |
oblixMetaAttribute |
Naming attribute |
obID |
OID |
1.3.6.1.4.1.3831.0.1.19 |
For example:
Obid=10021119T104927682, obattr=userCertificate, obclass=inetorgperson, ou=oblix, o=company, c=us
Table 1-32 lists the oblixMedia attributes.
Table 1-32 oblixMedia Attributes
Attribute | Required | Description |
---|---|---|
obID |
Yes |
The unique identifier for this object. |
obMediaType |
No |
The specific media type from the following list: application/postscript, application/rtf, application/x-mif, application/x-csh, application/x-dvi, application/x-hdf, application/x-latex, application/x-netcdf, application/x-sh, application/x-tcl, application/x-tex, application/x-texinfo, application/x-troff, application/x-troff-man, application/x-troff-me, application/x-troff-ms, application/x-wais-src, application/zip, application/x-gtar, application/x-shar, application/x-tar, application/mac-binhex40, audio/basic, audio/x-aiff, audio/x-wav, image/gif, image/ief, image/jpeg, image/tiff, image/x-cmu-raster, image/x-portable-anymap, image/x-portable-bitmap, image/x-portable-graymap, image/x-portable-pixmap, image/x-rgb, image/x-xbitmap, image/x-xpixmap, image/x-xwindowdump, text/html, text/plain, text/richtext, text/tab-separated-values, text/x-setext, video/mpeg, video/quicktime, video/x-msvideo, video/x-sgi-movie, eapplication/msword, application/mspowerpoint, application/msexcel |
obMediaTypeFileExt |
No |
The file extension for the above mediatype. |
obDescription |
No |
The description for this object. |
obVer |
No |
The current release version. |
Table 1-33 lists the oblixPasswordPolicy class descriptions.
Table 1-33 oblixPasswordPolicy Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This is the object class for password policy definition. |
Class type |
Structural |
PossSuperiors |
OblixConfig, oblixContainer |
Naming attribute |
obPasswordPolicyID |
OID |
1.3.6.1.4.1.3831.0.1.20 |
For example:
obpasswordpolicyid=10021119T1033315301, obcontainerId=password, ou=oblix, o=company, c=us
Table 1-34 lists the oblixPasswordPolicy attributes.
Table 1-34 oblixPasswordPolicy Attributes
Attribute | Required | Description |
---|---|---|
obPassWordPolicyID |
Yes |
Unique ID for this password policy. |
obInputValidationRules |
No |
The minimum non-alphanumeric character and length for the password. |
obPasswordValidityPeriod |
No |
Password validity period. |
obPasswordExpiryNoticePeriod |
No |
Password expiration notification period—how many days elapse before an expiration notification is sent. |
obExpiryNoticeMode |
No |
Password expiration notification mode: email, login, or both. |
obLostPasswordMechanism |
No |
Not in use. |
obLostPasswordModel |
No |
Not in use. |
obChangeOnReset |
No |
Whether the user must change their password upon first login after the administrator resets the password. |
obKeepHistory |
No |
How many used passwords are kept in the history. |
obPasswordPolicyDomain |
No |
The domain this password policy is applicable to. For example: Example: o=company,c=us |
obPasswordPolicyName |
No |
The name for this password policy. |
obPasswordPolicyFilter |
No |
The filter to be applied to the policy domain. This is useful if the directory information tree (DIT) is flat. |
obPasswordMinimumAge |
No |
The password minimum age in days. |
obLoginTries |
No |
The number of permitted login attempts. |
obLockoutDuration |
No |
The lockout time period if login fails. |
obLoginTimeout |
No |
The days to wait to allow login retry once locked out. |
obPasswordPolicyEnabled |
No |
Whether this policy is enabled. |
obVer |
No |
The current release version. |
obLPMdn |
No |
The DN of the Lost Password Management policy definition. This DN is applicable to all of the users who are administered by this password policy. |
obCompoundData |
No |
A compound list that contains information about account lockout, redirect URLs for lost passwords and password expiry warnings, and associated style sheet information. For more information on obCompoundData, see the discussion of the oblixConfig object class. |
Table 1-35 lists the oblixPersonPasswordPolicy class descriptions.
Table 1-35 oblixPersonPwdPolicy Class Description
Characteristic | Value |
---|---|
SubClassOf |
|
Description |
This object class is the auxiliary class attached to the user class for runtime password policy handling. |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.0.1.21 |
Table 1-36 lists the oblixPersonPasswordPolicy attributes.
Table 1-36 oblixPersonPwdPolicy Attributes
Attribute | Required | Description |
---|---|---|
obPasswordCreationDate |
No |
The date and time the latest password was created. Used to determine if a password should expire. |
obPasswordHistory |
No |
The passwords used in the past. This attribute is used when password history is enabled. |
obPasswordChangeFlag |
No |
Indicates whether a password needs to be reset during login. |
obPasswordExpmail |
No |
Not in use. |
obLoginTryCount |
No |
The number of login tries conducted. Used for number of login tries. |
obLockoutTime |
No |
The date and time the account is to be locked out. Used for lockout duration. |
obFirstLogin |
No |
Not in use. |
obResponseTries |
No |
The number of tries permitted for a challenge response. Used for number of login tries. |
obLastLoginAttemptDate |
No |
The last time a login is attempted. Used for login tries reset. This attribute is looked up only if password policy has been enabled. If not, it is not required for a successful login. |
obLastResponseAttemptDate |
No |
The last time response was given. Used for login tries reset. |
obResponseTimeout |
No |
Not in use. |
obAnsweredChallenges |
No |
The challenge or challenges that a user has already responded to correctly during a lost password request. Multiple values are stored in encoded format as a single value. |
obYetToBeAnsweredChallenges |
No |
The challenge or challenges that a user has to answer next during a lost password recovery request. Multiple values are stored in encoded format as a single value. |
obLastSuccessfulLoginTime |
No |
Records the time of the user's last login. |
obLastFailedLoginTime |
No |
Records the time of the user's last unsuccessful login attempt. |
Table 1-37 lists the oblixLPMPolicy class descriptions.
Table 1-37 oblixLPMPolicy Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
The object class for Lost Password Management policy definition. |
Class type |
Structural |
Possible superiors |
OblixConfig, oblixContainer |
Naming attribute |
obLPMName |
OID |
1.3.6.1.4.1.3831.0.1.36 |
Examples |
obLPMName=lpm1,obcontainerId=lostPassword,o=Oblix, o=company,c=us |
Table 1-38 lists the oblixPersonPasswordPolicy attributes.
Table 1-38 oblixLPMPolicy Attributes
Attribute | Required | Description |
---|---|---|
obLPMName |
Yes |
Unique name of the Lost Password Management Policy. |
obCPSource |
Yes |
Determines if users can supply their own challenge phrases, if they must respond to an administrator-defined set of challenges, or if both methods are available. Possible values: User—The user can configure the challenge phrases. Predefined—The administrator provides the challenge phrase. The display type is a select element. User or Predefined—The user can choose between administrator-provided challenge phrases or supply new ones. The display type is a combo element. |
obCPSet |
No |
Predefined challenge phrases that are configured by an administrator. This is a multi-valued attribute. |
obMinimumChallengeConfigure |
Yes |
Minimum number of challenges to be configured, while creating the user account. |
obResponseMinimumLength |
No |
Minimum number of characters that must be present in the responses that are configured by a user. |
obAllowDuplicateResponses |
Yes |
Indicates if the same response can be configured for different challenge phrases. Takes a value of true or false. |
obMinimumChallengeAnswer |
Yes |
Minimum number of challenges to be answered correctly when a user deals with a lost password. |
obChallengePoseType |
Yes |
Determines how challenges are presented when a user deals with a lost password. Possible values are All At Once or One After the Other. |
obSendEmail |
Yes |
Determines if email must be sent after a password change that is handled by the lost password application. Possible values are true or false. |
obPolicyEnabled |
Yes |
Determines if this policy is enabled. Possible values are true or false. |
Table 1-39 lists the oblixAuxLocation class descriptions.
Table 1-39 oblixAuxLocation Class Description
Characteristic | Value |
---|---|
SubClassOf |
|
Description |
This auxiliary class can be attached to any structural class managed by Oracle Access Manager to mark the managed object on a location map. |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.0.1.24 |
Table 1-40 lists the oblixAuxLocation attributes.
Table 1-41 lists the oblixContainer class descriptions.
Table 1-41 oblixContainer Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class defines the generic container for Oracle Access Manager-defined objects. |
Class type |
Structural |
PossSuperiors |
OblixConfig, oblixApplication |
Naming attribute |
obContainerID |
OID |
1.3.6.1.4.1.3831.0.1.25 |
For example:
obcontainerId=policies,ou=oblix,o=company,c=us
obcontainerId=DBAgents,ou=oblix,o=company,c=us
obcontainerId=password,ou=oblix,o=company,c=us
obcontainerId=workflowDefinitions,ou=oblix,o=company,c=us
obcontainerId=workflowInstances,ou=oblix,o=company,c=us
Table 1-42 lists the oblixContainer attributes.
Table 1-43 lists the oblixVirtualDB class descriptions.
Table 1-43 oblixVirtualDB Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class is used for a specific virtual directory server profile. A directory server profile instantiates an agent that connects to back-end data bases. |
Class type |
Structural |
PossSuperiors |
oblixContainer |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.0.1.27 |
For example
obname=default-ois, obcontainerId=DBAgents, ou=oblix, o=company, c=us
Table 1-44 lists the oblixVirtualDB attributes.
Table 1-44 oblixVirtualDB Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obDBUsedBy |
No |
Used by the Access System, Identity System, or both. |
obUsedByApp |
No |
Indicates the application for which the DB Profile can be used. Permitted applications and their values are:
|
obOrder |
No |
Not in use. |
obDBDataType |
No |
Not in use. |
obDescription |
No |
Not in use. |
obDBOperation |
No |
The type of operation the directory server profile can carry out:
|
obDBSubType |
No |
The subtype of the back end directory server. Examples:
|
obVer |
No |
The current release version. |
obSearchBaseStr |
No |
The string format for the searchbase associated with this object. |
obEnable |
No |
Whether this configuration is enabled. |
obIsSchemaMaster (for future use) |
No |
To identify the schema master among the directory server profiles. |
obDisplayName |
No |
A human-readable and human-understandable name for the object. |
obSchemaDomain (for future use) |
No |
A Oracle Access Manager-generated unique ID for the schema domain. |
obFlags |
No |
Used to store the flags (referral/SSL/ADSI) on the directory server profile entry. |
obDBType |
No |
The type of the back end data store. Type of directory server: LDAP, RDBMS, PeopleSoft, and so on. |
obMaximumServers |
No |
Maximum number of directory servers used for load balancing. |
obFailoverThreshold |
No |
The minimum number of live primary connections required. If the number of live connections drops to less than the failover threshold, then the Web component attempts to establish connections to its secondary servers in the order they are listed. |
obSleepFor |
No |
Time interval for detecting if the directory server is active. |
obDBUsedByFlag |
No |
Indicates whether the DBProfile is used by the Access or Identity Systems, by both, or by specified Oracle Access Manager instances. |
Table 1-45 lists the oblixDBInstance class descriptions.
Table 1-45 oblixDBInstance Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class defines the DB instance under a directory server profile. Each DB instance contains the connection configuration to a back end directory server. |
Class type |
Structural |
PossSuperiors |
oblixVirtualDB, oblixContainer |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.0.1.28 |
For example
obname=20021116T12333165617,obname=default-ois,obcontainerId=DBAgents,ou=oblix,o=company,c=us
Table 1-46 lists the oblixDBInstance attributes.
Table 1-46 oblixDBInstance Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obOrder |
No |
Not in use. |
obDescription |
No |
Not in use. |
obDBAgentSecurePort |
No |
The port number of the back end directory server when SSL is used. |
obDBAgentCert7PathName |
No |
Not in use. |
obDBAgentSizeLimit |
No |
The client side size limit. |
obDBAgentTimeLimit |
No |
The client side time limit. |
obDBAgentMaxConnections |
No |
The maximum number of connections with the directory server that this instance can establish. |
obDBAgentInitialConnections |
No |
The initial number of connections to be established when this instance is started. |
obDBAgentFlags |
No |
Whether the referral or SSL is on. |
obDBAgentLoginPassword |
No |
The bind password for this instance. |
obDBAgentLoginName |
No |
The bind credential for this instance. |
obDBAgentPort |
No |
The port number of the directory server this instance is configured to connect to. |
obDBAgentHost |
No |
The host name of the directory server this instance is configured to connect to. |
obDisplayName |
No |
A human-readable and human-understandable name for the object. |
obDatabaseName |
No |
The database name, if an ODBC connection type is used, or the Global Database Name, if an OCI connection type is used. |
obDSNName |
No |
The ODBC Data Source Name that is used to connect to the database. |
obVer |
No |
The current release version. |
Table 1-47 lists the oblixWorkflow class descriptions.
Table 1-47 oblixWorkflow Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class is used for workflow definitions. |
Class type |
Structural |
PossSuperiors |
organizationalUnit, organization, oblixContainer |
Naming attribute |
obWorkflowID |
OID |
1.3.6.1.4.1.3831.7.1 |
For example
obworkflowid=7ecd515472b14662976cdee0e447027c, obcontainerId=workflowDefinitions, ou=oblix, o=company, c=us
Table 1-48 lists the oblixWorkflow attributes.
Table 1-48 oblixWorkflow Attributes
Attribute | Required | Description |
---|---|---|
obWorkflowID |
Yes |
The unique ID generated to identify this workflow definition. |
obWorkflowName |
Yes |
The name entered by a user for this workflow definition |
obClass |
Yes |
The object classes this workflow is associated with. This includes all object classes, structured and auxiliary. |
obWorkflowtType |
Yes |
The type of the workflow. Values can be:
|
obTreePathStr |
No |
The domain path where the workflow is defined. The workflow is applicable to all entries under this domain. |
obTreePathFilter |
No |
The filter associated with the delegated management domain. Used when a workflow is defined by a delegated admin. |
obWFDomainFilter |
No |
The filter associated with the tree path. The filter could be used to further quantify the domain. |
obNoOfInstances |
No |
|
obAttr |
No |
The attribute the change attribute and certificate workflow is defined for. |
obApp |
No |
The application this workflow definition is for. |
obWFFirstStep |
No |
Not in use. |
obReady |
No |
Whether this workflow is ready to use. |
obDefiner |
No |
Not in use. |
obDescription |
No |
A description for this object. |
ObDabeledDN |
Not in use. |
Not in use. |
obVer |
No |
The current release version. |
obWFTypeName |
No |
A friendly name for the workflow type. This name is obtained from the parameter file. |
obISWorkflowProvisioned |
No |
Indicates whether this workflow can be used as a subflow. |
obSubscriptionTypes |
No |
The group subscription policy enabled for this workflow. These policies are shown in the list for selection during the workflow run time. |
Table 1-49 lists the oblixWorkflowStep class descriptions.
Table 1-49 oblixWorkflowStep Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class defines the workflow step definition. |
Class type |
Structural |
PossSuperiors |
oblixWorkflow |
Naming attribute |
obWFStepID |
OID |
1.3.6.1.4.1.3831.7.1.2 |
For example:
obwfstepid=1, obworkflowid=7ecd515472b14662976cdee0e447027c, obcontainerId=workflowDefinitions, ou=oblix, o=company, c=us
Table 1-50 lists the oblixWorkflowStep attributes.
Table 1-50 oblixWorkflowStep Attributes
Attribute | Required | Description |
---|---|---|
obWFStepID |
Yes |
The unique ID generated for this workflow step. |
obActionName |
Yes |
The name of this workflow action. The possible names are defined in the workflow template files. |
obOrder |
Yes |
The order of this workflow step relevant to others. |
obCompoundData |
Yes |
Stores XML configuration data pertaining to escalation threshold time interval, maximum number of times to escalate the ticket. For more information on obCompoundData, see the discussion of the oblixConfig object class. |
obDescription |
No |
The description for this object. |
obEntryCondition |
No |
The entry condition for this step. For example: 1:true:false means that the first step exited successfully without waiting for a subflow. |
obVer |
No |
The current release version. |
obForceCommit |
No |
Whether this step needs to perform an implicit commit. |
obUserAction |
No |
When this step is user interactive. |
obWFAttrOrder |
No |
The order of the attributes to be displayed. Listed by attribute names. |
obWFSubflowsStr |
No |
The DN of the subflow that this step needs to wait for to begin. |
Table 1-51 lists the oblixWorkflowTarget class descriptions.
Table 1-51 oblixWorkflowTarget Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class is for the target definition under a workflow definition. |
Class type |
Structural |
PossSuperiors |
oblixWorkflow |
Naming attribute |
obWFTargetID |
OID |
1.3.6.1.4.1.3831.7.1.7 |
For example
obwftargetid=T1, obworkflowid=7ecd515472b14662976cdee0e447027c, obcontainerId=workflowDefinitions, ou=oblix, o=company, c=us
Table 1-52 lists the oblixWorkflowTarget attributes.
Table 1-52 oblixWorkflowTarget Attributes
Attribute | Required | Description |
---|---|---|
obWFTargetID |
Yes |
The unique ID generated for the target. |
obWFTargetDNStr |
No |
The DN of the target domain. Target domain can be a subset of the domain where workflow is defined. |
obWFTargetLabel |
No |
The name of the target domain entered by user at definition time. |
obWFTargetFilter |
No |
The filter further qualifying the target domain. Often used when DIT is flat. |
obVer |
No |
The current release version. |
Table 1-53 lists the oblixWorkflowAttribute class descriptions.
Table 1-53 oblixWorkflowAttribute Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class contains the attribute defined under a workflow step definition. |
Class type |
Structural |
PossSuperiors |
oblixWorkflowStepInstance, oblixWorkflowStep |
Naming attribute |
obAttr |
OID |
1.3.6.1.4.1.3831.7.1.6 |
For example
obattr=cn, obwfstepid=1, obworkflowid=7ecd515472b14662976cdee0e447027c, obcontainerId=workflowDefinitions, ou=oblix, o=company, c=us
Table 1-54 lists the oblixWorkflowAttribute attributes.
Table 1-54 oblixWorkflowAttribute Attributes
Attribute | Required | Description |
---|---|---|
obAttr |
Yes |
The attribute this object is for. |
obAttrType |
Yes |
Currently set to 1. |
obAttrVals |
No |
The default attribute value if the value is set. |
obVer |
No |
The current release version. |
obWFAttrFlags |
No |
How this attribute is to be handled. Possible values:
|
obWFAttrDefVal |
No |
The default value for this attribute if provided. |
Table 1-55 lists the oblixWorkflowInstance class descriptions.
Table 1-55 oblixWorkflowInstance Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class is for workflow instances. |
Class type |
Structural |
PossSuperiors |
OrganizationalUnit, organization, oblixContainer |
Naming attribute |
obWFInstanceID |
OID |
1.3.6.1.4.1.3831.7.1.3 |
For example
obwfinstanceid=3f3b4eb0f241426f862dfaa18efa5ec6, obcontainerId=workflowInstances, ou=Oblix, o=company, c=us
Table 1-56 lists the oblixWorkflowInstance attributes.
Table 1-56 oblixWorkflowInstance Attributes
Attribute | Required | Description |
---|---|---|
obWFInstanceID |
Yes |
The unique ID generated to uniquely identity this workflow instance. |
obWorkflowDN |
Yes |
The DN of this workflow instance. |
obTargetDN |
Yes |
The DN the target user, group or object the workflow is trying to create, delete, or change attribute for. |
obCurrentDN |
No |
The DN of the current person who is processing the workflow. |
obCurrentStep |
No |
The DN of the current step where is workflow process is at. |
obClass |
No |
The object classes this workflow is for, including all structure class and auxiliary classes. |
obApp |
No |
The application name this workflow is for. |
obWorkflowType |
No |
The workflow type copied from the definition. The valid values are:
|
obAttr |
No |
Not in use. |
obDateCreated |
No |
The time stamp this instance is created. |
obWFSupplementalVal |
No |
Used by subflow approval to store the user defined outcome of the subflow. |
obDatepProcessed |
No |
The time stamp for the last action took place. |
obParentWorkflow |
No |
The parent workflow this workflow is triggered. |
obParentStep |
No |
The step in the parent workflow this workflow is triggered. |
obWFStatus |
No |
The instance status:
|
obTriggeredWorkflow |
No |
The number of workflows triggered by this workflow. |
obVer |
No |
The current release version. |
obHostName |
No |
The host name where WebPass is running. Used for asynch resume and IDXML call in the Event plug-in. |
obPort |
No |
The port number where WebPass is running. Used for asynch resume and IDXML call in event plug-in. |
obActionIndicator |
No |
Used in a change attribute workflow. Indicates whether to modify or remove an attribute. |
obWFTypeName |
No |
The workflow name specified by the user in the definition. |
obActorComment |
No |
The comments people put in during the workflow process. |
obKey |
No |
Used for certificate workflows. Key is the public key to be used to connect to VeriSign. |
obCertid |
No |
Used for certificate workflows. Uniquely identify a user cert in case multiple certs are present. |
obWorkflowName |
No |
The workflow name copied from the definition. |
obLockedBy |
No |
If one of the step instances is locked by a user, this attribute contains the DN of the user who locked the ticket. |
Table 1-57 lists the oblixWorkflowStepInstance class descriptions.
Table 1-57 oblixWorkflowStepInstance Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class is for the workflow step instances. |
Class type |
Structural |
PossSuperiors |
oblixWorkflowInstance |
Naming attribute |
obWFStepInstID |
OID |
1.3.6.1.4.1.3831.7.1.4 |
For example:
obwfstepid=1, obworkflowid=7ecd515472b14662976cdee0e447027c, obcontainerId=workflowDefinitions, ou=Oblix, o=company, c=us;
Table 1-58 lists the oblixWorkflowStepInstance attributes.
Table 1-58 oblixWorkflowStepInstance Attributes
Attribute | Required | Description |
---|---|---|
obWFStepInstID |
Yes |
The unique ID generated to identify this step instance. |
obWorkflowStepDN |
Yes |
The DN of this step instance. |
obCompoundData |
No |
Stores XML configuration data for supporting dynamic participants for the workflow step, escalation time, number of times ticket has been escalated. For more information on obCompoundData, see the discussion of the oblixConfig object class. |
Obdynamicparticipantsset |
No |
Stores information about whether dynamic participants are set for the step instance or not. If set, this attribute will be present and its value will be 1. Otherwise, the attribute will not be present. |
obEntryCondition |
No |
Not in use. |
obWFStatus |
No |
|
obRequiredAttribute |
No |
Contains the names of the required attributes. |
obProvisionedAttribute |
No |
Contains the names of the attributes associated with the subflows. |
obOptionalAttribute |
No |
Contains the names of the optional attributes. |
obParticipant |
No |
Not in use. |
obActorDN |
No |
The DN of the person who processed this step. |
obActionName |
No |
The step action name. Copied from the definition. |
obDateCreated |
No |
The time that this step instance was created. |
obDateProcessed |
No |
The time that this step was last processed. |
obActorComment |
No |
Step status used for the confirmation page. Modifiable by the Event API with SetResultString. For example: 2:completed – step 2 completed |
obExitCondition |
No |
Not in use. |
obActionReturnCode |
No |
The return code from this action.
|
obTriggeredWorkflow |
No |
The subflow(s) triggered by this workflow. |
obVer |
No |
The current release version. |
obApp |
No |
The application this workflow is associated with. |
obRetryCount |
No |
The number of retries happened for this step. |
obRetryDone |
No |
If the step involves retry, this is set to true when the retry is done. |
obLockedBy |
No |
If the step is locked by a user, this contains a DN of the user who locked the ticket. |
Table 1-59 lists the oblixPolicyContainer class descriptions.
Table 1-59 oblixPolicyContainer Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class is a container that contains access policies for a particular group of objects. |
Class type |
Structural |
PossSuperiors |
oblixcontainer |
Naming attribute |
obPolicyContainerID |
OID |
1.3.6.1.4.1.3831.5.1.9 |
For example:
obPolicyContainerId=UserDB, obContainId=Policies, ou=oblix, o=company, c=us
Table 1-60 lists the oblixPolicyContainer attributes.
Table 1-60 oblixWorkflowInstance Attributes
Attribute | Required | Description |
---|---|---|
obPolicyContainerID |
Yes |
The value of this attribute uniquely identifies the related policies stored under this container. The possible values are:
|
obVer |
No |
The current release version. |
Table 1-61 lists the oblixPolicyCondition class descriptions.
Table 1-61 oblixPolicyCondition Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class contains the policy condition for a policy definition. |
Class type |
Structural |
PossSuperiors |
oblixPolicyRule |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.5.1.10 |
For example:
Obname=c20021119T21151119115, obname=P20021119t210123979, obpolicyContainerId=UserDB, obcontainerId=Policies, ou=oblix, o=company, c=us
Table 1-62 lists the oblixPolicyCondition attributes.
Table 1-62 oblixWorkflowInstance Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obPolicyConditionOrder |
No |
The order of the policy condition. The policy will be evaluated in this order. |
obPolicyConditionUsage |
No |
Currently only Allow is used. |
obPolicyConditionUIDStr |
No |
Contains the user DN, based on which access control can be specified. |
obPolicyConditionGroupStr |
No |
Contains the group DN, based on which access control can be specified. |
obPolicyConditionRole |
No |
The role assigned the access control. The Access System supports two roles: ob_anyob_none |
obPolicyConditionRuleURL |
No |
The LDAP URL defined from the Query Builder. |
obPolicyConditionTreeURL |
No |
Not in use. |
obPolicyConditionIPAddress |
No |
Contains the IP address, based on which access control can be specified. |
obVer |
No |
The current release version. |
Table 1-63 lists the oblixResourceOperationRule class descriptions.
Table 1-63 oblixPolicyCondition Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class defines the operation and evaluation rule for the access policy. |
Class type |
Structural |
PossSuperiors |
oblixSiteDomain, oblixPolicyContainer |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.5.1.1 |
For example:
obname=R20021119T210123820, obpolicyContainerId=UserDB, obcontainerId=Policies, ou=oblix, o=company, c=us
Table 1-64 lists the oblixResourceOperationRule attributes.
Table 1-64 oblixWorkflowInstance Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
A unique ID generated to identify the policy. This is the naming attribute. |
obDescription |
No |
A short informal description of the Resource Operation Rule that will be displayed by the Policy Manager. |
obResourceOperation |
No |
The value of this attribute depends upon type of resource. For Web resources, it's simply the HTTP request methods. The possible values are:- Get - Put - Head - Options - Connect - Delete - Trace - Other - Post For Identity System attribute access control, the possible values are- Read - Write - Delete - Prenotify - Postnotify - Participant - Workflow - Container_limit - WF_Monitoring - Proxy These basic rights can be combined with Grant and Delegate rights. |
obResourceType |
No |
This can be used to indicate the type of resource. In the Access System, for example, a resource could be a "uri", a "directory entry", an "application" and so on. - 0 indicates an HTTP resource type- 1 indicates ejb resource type In the Identity System, it may contain: - User_DB_Entry- Group_DB_Eentry- Generic_DB_Entry- Application- Other |
obPolicyRuleName |
No |
Used by Oracle Access Manager. Contains the DN of the corresponding oblixPolicyRule entry. |
obResourcePropagate Policy |
No |
Used by Oracle Access Manager. Currently always set to true. |
obResourceUmbrellaPolicy |
No |
Used by Oracle Access Manager. Currently always set to true, which means the policy is applied to the entire subtree. |
obDisplayName |
No |
The display name of the policy. |
obResourceFilter |
No |
Used by the Oracle Access Manager. This filter is applied to the resource to decide if this policy is applicable. |
obResourcePriority |
No |
Used by the Oracle Access Manager. This is an internal priority. It defines the sequence of the policies to be evaluated when resource filter is present at the same domain path. The highest rank is 99. |
ObResourceID |
No |
The obName part of the URL prefix that this policy corresponds to. |
obAbsPathPattern |
No |
Not in use. |
obVer |
No |
The current release version. |
obAuthzEvalExp |
No |
This is the expression used for chained authorization. |
obDuplicateAction |
No |
This is the attribute that stores duplicate action policies for an authorization expression. |
Table 1-65 lists the oblixUserResourceAuxClass class descriptions.
Table 1-65 oblixUserResourceAuxClass Class Description
Characteristic | Value |
---|---|
SubClassOf |
|
Description |
This is the auxiliary class attached to oblixResourceOperationRule for UserDB. |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.5.1.7 |
Table 1-66 lists the oblixUserResourceAuxClass attributes.
Table 1-67 lists the oblixGroupResourceAuxClass class descriptions.
Table 1-67 oblixGroupResourceAuxClass Class Description
Characteristic | Value |
---|---|
SubClassOf |
|
Description |
This is the auxiliary class attached to oblixResourceOperationRule for GroupDB. |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.5.1.8 |
Table 1-68 lists the oblixGroupResourceAuxClass attributes.
Table 1-68 oblixGroupResourceAuxClass Attributes
Attribute | Required | Description |
---|---|---|
obResourceUIDStr |
No |
The domain path where policy is defined. The policy is applicable to the subtree of this domain path. |
obResourceAttribute |
No |
The directory attribute this policy is defined for. |
obGroupSubscriptionType |
No |
Not in use. |
obGroupType |
No |
Not in use. |
Table 1-69 lists the oblixWorkflowResourceAuxClass class descriptions.
Table 1-69 oblixWorkflowResourceAuxClass Class Description
Characteristic | Value |
---|---|
SubClassOf |
|
Description |
This is the auxiliary class attached to oblixResourceOperationRule for WorkflowDB. |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.7.1.5 |
Table 1-70 lists the oblixWorkflowResourceAuxClass attributes.
Table 1-71 lists the oblixGenericResourceAuxClass class descriptions.
Table 1-71 oblixGenericResourceAuxClass Class Description
Characteristic | Value |
---|---|
SubClassOf |
|
Description |
This is the auxiliary class attached to oblixResourceOperationRule for obObjDB. |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.5.1.6 |
Table 1-72 lists the oblixGenericResourceAuxClass attributes.
Table 1-72 oblixGenericResourceAuxClass Attributes
Attribute | Required | Description |
---|---|---|
obResourceUidStr |
No |
The domain path where the policy is defined. The policy is applicable to the subtree of this domain path. |
obResourceAttribute |
No |
The directory attribute for which this policy is defined. |
obObjectClass |
No |
The structural class for which the policy is defined. |
obSize |
No |
The maximum number of subnodes specified by the container limit. |
obContainmentNotifyLimit |
No |
The % up to which notification should be sent. |
Table 1-73 lists the oblixWebResourceAuxClass class descriptions.
Table 1-73 oblixWebResourceAuxClass Class Description
Characteristic | Value |
---|---|
SubClassOf |
|
Description |
This object class defines additional resource parameters. |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.5.1.4 |
Table 1-74 lists the oblixWebResourceAuxClass attributes.
Table 1-74 oblixWorkflowInstance Attributes
Attribute | Required | Description |
---|---|---|
obName |
No |
A unique ID generated by the Access System to identify the resource. |
obAbsPathPattern |
No |
This attribute defines a filter for a group of Web resources. The value of this attribute is a glob pattern. For example: obAbsPathPattern: /webgatetest/.../*.html |
obQueryStrNameValuePattern |
No |
This attribute defines the name-value pair to be matched in the query string. It has the format:
The For example:
The above values will match with these query strings:
The preceding values will not match these query strings:
|
obQueryStrPattern |
No |
This pattern is matched directly with the query string. The order in which the variables appear in the query string matters. The variable must be the full name, for example, variable names cannot be matched as glob patterns. However, values can be represented as a glob pattern. For example:
and not
|
obHostContext |
No |
Value contains the obName value of the host identifier to which this oblixWebResourceauxClass applies. |
Table 1-75 lists the oblixDelegatedAdministratorAuxClass class descriptions.
Table 1-75 oblixDelegatedAdministratorAuxClass Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This auxiliary class is used with the oblixPolicyRule class to store the delegated administrators for the Access System Console. |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.5.1.11 |
Table 1-76 lists the oblixDelegatedAdministratorAuxClass attributes.
Table 1-76 oblixDelegatedAdministratorAuxClass Attributes
Attribute | Required | Description |
---|---|---|
obPolicyConditionUIDStr |
No |
Contains the user DN, based on which access control can be specified. |
obPolicyConditionGroupStr |
No |
Contains the group DN, based on which access control can be specified. |
obPolicyConditionRole |
No |
The role assigned the access control. The Access System supports two roles:
|
Table 1-77 lists the oblixCluster class descriptions.
Table 1-77 oblixCluster Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
Clustering functionality for the Access System Console. |
Class type |
Structural |
PossSuperiors |
oblixContainer |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.32 |
Table 1-78 lists the oblixCluster attributes.
Table 1-78 oblixCluster Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obIsEncrypted |
Yes |
The mode between Access Gate and Access Server. The transport security mode. Can be open, simple, cert. |
obAAAMembers |
No |
This attribute stores the member Access Servers of a cluster. It is a multi-valued attribute. |
obService |
No |
Indicates if the Access Management service is turned on or off. |
obTimeStamp |
No |
Table 1-79 lists the oblixURLPrefix class descriptions.
Table 1-79 oblixURLPrefix Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class defines the resource to be protected by the Access System and the policy domain to which the resource belongs. |
Class type |
Structural |
PossSuperiors |
oblixApplication |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.1 |
Table 1-80 lists the oblixURLPrefix attributes.
Table 1-80 oblixURLPrefix Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
This is the naming attribute. It is generated by the Access System by "munging" the URL prefix. An internal tool does the conversion. |
obDescription |
No |
A short description of the URL Prefix that is displayed by the Policy Manager. |
obSiteDomainID |
No |
The attribute contains the obName value of the policy domain to which this URL prefix belongs. |
obURLPrefix |
No |
The munged value of the Resource. |
obHostContext |
No |
This attribute contains the obname value of the Host Identifier to which this URL Prefix belongs. |
obResourceType |
No |
Indicates the resource type. Resource types are added through the System Console. For example, 0 indicates HTTP, 1 indicates EJB. |
obVer |
No |
The current release version. |
Table 1-81 lists the oblixAuthenticationPolicy class descriptions.
Table 1-81 oblixAuthenticationPolicy Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This class represents the authentication rule for a given policy domain or policy. |
Class type |
Structural |
PossSuperiors |
oblixResourceOperationRule, oblixSiteDomain |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.3 |
For example:
obname=20021118T15425613,obname=2002118T1542429,obapp=PSC,ou=Oblix,o=company,c=us
Table 1-82 lists the oblixAuthenticationPolicy attributes.
Table 1-82 oblixAuthenticationPolicy Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obDescription |
No |
A description of this object. |
obDisplayName |
No |
A human-readable and human-understandable name for the object. |
obSchemeID |
No |
|
obVer |
No |
The current release version. |
Table 1-83 lists the oblixPolicyRule class descriptions.
Table 1-83 oblixPolicyRule Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This class represents the "If Condition then Action" semantics associated with a policy. This entry is used as a container for the authorization rules as well as the delegated administration rules. |
Class type |
Structural |
PossSuperiors |
oblixResourceOperationRule, oblixSiteDomain, oblixPolicyContainer, oblixApplication |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.5.1.5 |
Table 1-84 lists the oblixPolicyRule attributes.
Table 1-84 oblixWorkflowInstance Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
A unique ID generated by the Policy Manager to identify the policy. This is the naming attribute. |
obPolicyRuleEnabled |
No |
This attribute indicates whether a policy rule is currently enabled. If the entry is that of a delegated administrator, the value of this attribute is always true and cannot be changed from the user interface. When used in an authorization rule, the value can either be true or false. |
obPolicyRuleConditionList |
No |
Not in use. |
obPolicyRuleConditionListType |
No |
This attribute indicates whether the list of policy conditions associated with this policy rule is in disjunctive normal form (DNF) or conjunctive normal form (CNF). Defined values are DNF(1) and CNF(2). If the value is "1", it means that all the conditions of obPolicyRuleConditionList must be evaluated to be true in order for the oblixPolicyRule to be evaluated to be true. If the value is "2", it means that if any of the conditions in obPolicyRuleConditionList is evaluated to be true then the oblixPolicyRule is evaluated to be true. The Access System currently uses only 2. |
obPolicyRuleActionList |
No |
|
obPolicyRuleDeniedActionList |
No |
|
obPolicyRuleValidityPeriodList |
No |
Not in use. |
obPolicyRulePriority |
No |
A non-negative integer for prioritizing this oblixPolicyRule relative to other oblixPolicyRules. A larger value indicates a higher priority. It is not used in the Access System, and a value of "1" is assigned to all obPolicyRule. |
obPolicyKeyword |
No |
Possible values for this attribute are: user or admin. The keyword is used to distinguish between an Access Policy and an Admin Policy. |
obDescription |
No |
The description for this object. |
obDisplayName |
No |
A human-readable and human-understandable name for the object. |
obPolicyTimingCondLocalOrAbs |
No |
This is used to determine if the timing condition associated with the policy should be evaluated with respect to local time or absolute time. |
obVer |
No |
The current release version. |
Table 1-85 lists the oblixPolicyTimePeriodCondition class descriptions.
Table 1-85 oblixPolicyTimePeriodCondition Class Description
Characteristic | Value |
---|---|
SubClassOf |
|
Description |
A class representing an action to be performed as a result of a policy rule. |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.5.1.2 |
Table 1-86 lists the oblixPolicyTimePeriodCondition attributes.
Table 1-86 oblixPolicyTimePeriodCondition Attributes
Attribute | Required | Description |
---|---|---|
obPtpConditionTime |
Yes |
The range of calendar dates on which a policy rule is valid. The format of the string is
|
obPtpConditionMonthOfYearMask |
No |
A mask identifying the months of the year in which a policy rule is valid. The format is a string of 12 ASCII "0"s and "1"s, representing the months of the year from January through December. Example: A policy that is valid only on May and December will have the following value for this attribute: 000010000001 |
obPtpConditionDayOfMonthMask |
No |
A mask identifying the days of the month on which a policy rule is valid. The format is a string of 62 ASCII "0"s and "1"s. The first 31 positions represent the days of the month in ascending order, from day 1 to day 31. The next 31 positions represent the days of the month in descending order, from the last day to the day 31 days from the end. |
obPtpConditionDayOfWeekMask |
No |
A mask identifying the days of the week on which a policy rule is valid. The format is a string of seven ASCII "0"s and "1"s, representing the days of the week from Sunday through Saturday. Example: A policy which is valid from Monday to Friday will have the following value for this attribute: 0111110. |
obPtpConditionTimeOfDayMask |
No |
The range of times at which a policy rule is valid. If the second time is earlier than the first, then the interval spans midnight. The format of the string is
|
obPtpConditionTimeZone |
No |
The definition of the time zone for this object. The format of the string is either: "Z" (UTC) or <"+"|"-"><hhmm> |
Table 1-87 lists the oblixWRSCAction class descriptions.
Table 1-87 oblixWRSCAction Class Description
Characteristic | Value |
---|---|
SubClassOf |
|
Description |
A class representing an action to be performed as a result of a policy rule. |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.5.1.3 |
Table 1-88 lists the oblixWRSCAction attributes.
Table 1-88 oblixWRSCAction Attributes
Attribute | Required | Description |
---|---|---|
obSuccessRedirect |
Yes |
This attribute defines the URL that the user is redirected to if the rule condition is evaluated to be true. Example: http://intranet/apps/payroll/paycheck1.html |
obSuccessProfilesAttrs |
No |
This attribute defines HTTP header variables to be returned when a rule condition is evaluated to be true. It has the following format: Return Type: var_name:attribute in person objectclass The value to be returned is retrieved from the person's user profile. Example: To have Access System return the authenticated person's first and last name in the HTTP header variables
|
obSuccessFixedVals |
No |
This attribute defines HTTP header variables to be returned when a rule condition is evaluated to be true. It has the following format:
The value to be returned is fixed and predefined. Example: To have Access System return True in the HTTP header variable Authenticated, the
|
obFailRedirect |
No |
his attribute defines the URL that the user is redirected to if the policy condition is evaluated to be false. Example: http://intranet/apps/errorpages/Custom AuthentFail.html |
obFailProfileAttrs |
No |
This attribute defines HTTP header variables to be returned when a rule condition is evaluated to be false. It has the following format:
The value to be returned is retrieved from the person's user profile. Example: To have Access System return upon a failed authorization the person's First, Last name and Organization in HTTP header variables
|
obFailFixedVals |
No |
This attribute defines HTTP header variables to be returned when a rule condition is evaluated to be false. It has the following format:
The value to be returned is fixed and predefined. Example: To have the Access System return True in the HTTP header variable Authenticated, the oblixWRSCAction entry should contain the following attribute:
|
obInconslusiveRedirect |
No |
The inconclusive result is used when an authorization expression can not explicitly allow or deny a user. Prior to 6.5, this case would always return a deny result to the WebGate or AccessGate. In 6.5, the result is still denied, but the Access Server indicates that the result was inconclusive. Pre-6.5 AccessGates can use this field to determine if the result is an explicit or an implicit deny. This may be used by BEA when Oracle Access Manager is only one of several authorization engines. If the user was denied because of an inconclusive result, other authorization engines may be able to explicitly allow or deny the user. Starting in NetPoint7.0, the administrator can define a redirect URL as well as actions to be returned when an inconclusive result occurs. |
obInconclusiveProfile Attrs |
No |
This stores inconclusive profile attributes. These work in the same way that they do for allow and deny. The only restriction on inconclusive actions is that they can be specified only for the authorization expression and not the rules that comprise the expression.The values for the profile attributes come from the user making the authorization request. |
obInconclusiveFixedVals |
No |
This stores inconclusive fixed values. These work in the same way that they do for allow and deny. The only restriction on inconclusive actions is that they can be specified only for the authorization expression and not the rules that comprise the expression. Fixed values are what the administrator has specified. |
Table 1-89 lists the oblixSiteDomain class descriptions.
Table 1-89 oblixSiteDomain Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class defines the Policy Domain objects in the Access System. |
Class type |
Structural |
PossSuperiors |
oblixApplication |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.2 |
Table 1-90 lists the oblixSiteDomain attributes.
Table 1-90 oblixSiteDomain Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
A unique ID generated by the Access System to identify the policy. This is the naming attribute. |
obDescription |
No |
A short description of the site domain that is displayed by the Policy Manager. |
obDisplayName |
No |
A human-readable and human-understandable name for the object. This name is displayed by the Policy Manager. |
obAuthzEvalExp |
No |
This is the expression used for chained authorization. |
obDuplicateAction |
No |
Stores duplicate action policies for the authorization expression. |
Table 1-91 lists the oblixAuthenticationPolicy class descriptions.
Table 1-91 oblixAuthenticationPolicy Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class defines the authentication rule associated with the policy domain and policy. |
Class type |
Structural |
PossSuperiors |
oblixApplication, oblixSiteDomain, oblixResourceOperationRule |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.3 |
Table 1-92 lists the oblixAuthenticationPolicy attributes.
Table 1-92 oblixAuthenticationPolicy Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
A unique ID generated by the Access System to identify the policy. This is the naming attribute. |
obDescription |
No |
A short description of the authentication policy that will be displayed by the Policy Manager. |
obDisplayName |
No |
A human-readable and human-understandable name for the object.This name will be displayed by the Policy Manager. |
obSchemeID |
No |
This defines the challenge scheme that this Authentication Policy will use. It should be the obname of the corresponding oblixChallengeScheme. |
obVer |
No |
The current release version. |
Table 1-93 lists the oblixAuthenticationFlow class descriptions.
Table 1-93 oblixAuthenticationFlow Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
Stores the control flow for authentication steps in a challenge scheme. Used by Access Server and Policy Manager. |
Class type |
Structural |
PossSuperiors |
OblixChallengeScheme |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.30 |
Table 1-94 lists the oblixAuthenticationFlow attributes.
Table 1-94 oblixAuthenticationFlow Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
|
ObStartEvalWith |
No |
Indicates the step number to use to begin execution. |
obStepFlow |
No |
This field indicates the flow control. It contains fields in the following manner:
obStepFlow contains three values, Step Index, obSuccessNextStep and obOnFailNextStep. If the On Success Next Step Index or On Fail Next Step index is -1, it essentially means stop. |
Table 1-95 lists the oblixAuthenticationStep class descriptions.
Table 1-95 oblixAuthenticationStep Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
Identifies a step in a chained authentication scheme. |
Class type |
Structural |
PossSuperiors |
OblixChallengeScheme |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.31 |
Table 1-96 lists the oblixAuthenticationStep attributes.
Table 1-96 oblixAuthenticationStep Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
A unique ID generated by the Access System to identify the step. This is the naming attribute. |
obDisplayName |
No |
Display Name of the authentication step. |
obIndex |
No |
An index associated with this step. This number is auto-generated and used only for flow control. |
obPluginNumber |
No |
This value indicates the plug-ins associated with this step. The obPluginNumber is essentially a comma-delimited value of plugin identifiers. Plug-ins are evaluated from left to right. |
Table 1-97 lists the oblixChallengeScheme class descriptions.
Table 1-97 oblixChallengeScheme Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
Defines processing and mapping policies for an authentication scheme used by policy domains and Web resources. |
Class type |
Structural |
PossSuperiors |
oblixApplication |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.4 |
For example:
obname=20021118T1452130,obapp=PSC,ou=Oblix,o=company,c=us
Table 1-98 lists the oblixChallengeScheme attributes.
Table 1-98 oblixChallengeScheme Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
A unique ID generated by the Access System to identify the policy. This is the naming attribute. |
obType |
No |
Value is always set to LDAP. |
obDescription |
No |
A short description of the challenge scheme that is displayed by the System Console. |
obDisplayName |
No |
A human-readable and human-understandable name for the object. This name is displayed by the System Console. |
obMappingFilter |
No |
Not in use. |
obDLLPath |
No |
Not in use. |
obChallengeMethod |
No |
This attribute defines the challenge type for authentication. Possible values are
|
obChallengeRedirect |
No |
The URL to which WebGate will redirect the user's browser if necessary. Challenge method: URL Examples: Basic over HTTPS https://serverhost.domain.com https://mymachine.oblix.com Form (local to Web server) /URLpath/login-form /login.html Form (on another web server) http(s)://serverhost.domain.com/ URLpath/login-form https://mymachine.oblix.com/ login.html |
obLevel |
No |
An integer value specifying the authentication level of the scheme. Larger values are more secure. If omitted, the default level is 1. |
obCustomLib |
No |
A custom processing library specification, of the form: . In the previous syntax,
There can be multiple custom processing libraries for a scheme, with execution ordered by priority. For example:
|
obChallengeParameter |
No |
A parameter used in the authentication challenge between the Web server and the browser. The format is For Basic authentication this value must have realm: at the beginning Example:
Example:realm realm name used in BASIC challenge realm:Profile Access Site loginTarget CGI program that is the POST target of a login form:
|
obSelectionFilter |
No |
Not in use. |
obMappingBase |
No |
Not in use. |
obCredentialPassword |
No |
Not in use. |
obAnonUser |
No |
Not in use. |
obVer |
No |
The current release version. |
obEnabled |
No |
This value indicates if the challenge scheme can be used in the policy or policy domain. |
Table 1-99 lists the oblixWebGateConfigInfo class descriptions.
Table 1-99 oblixWebGateConfigInfo Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This class contains all the WebGate and Access Gate parameters. |
Class type |
Structural |
PossSuperiors |
oblixApplication |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.11 |
Table 1-100 lists the oblixWebGateConfigInfo attributes.
Table 1-100 oblixWebGateConfigInfo Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obHostName |
No |
The host name for the Web server on which the WebGate is installed. |
obPort |
No |
The port number for the Web server on which the WebGate is installed. |
obMaxAAAServerConnections |
No |
The maximum number of connections that can be established between the WebGate and the Access Server. |
obDebug |
No |
This value indicates if the WebGate is running in debug mode. A value of |
obMaxAAASessionTime |
No |
The session timeout between the WebGate and the Access Server if the session is idle. |
obFailoverThreshold |
No |
The minimum number of AAA servers that must be active, otherwise failover will happen. |
obSleepFor |
No |
An interval, in number of seconds, that a watcher thread Òwakes upÓ and verifies that the number of connections to various servers is correct according to the defined configuration. If the number of connections is less than the configured number, WebGate tries to establish new connections and reestablish connections to the primary server. Default is every 60 seconds. |
obAAAPrimaryServerID |
No |
This attribute indicates if this is the primary Access Server for the WebGate to communicate with. The value of this field is the obName attribute of the Access Server entry. |
obAAASecondaryServerID |
No |
This attribute indicates if this is a secondary Access Server for the WebGate to communicate with. The value of this field is the |
obIsEncrypted |
No |
The transport security mode. Can be open, simple, cert. |
obMaxSessionTime |
No |
The single sign-on cookie maximum session timeout. The cookie will be invalid when this number is reached. |
obMaxWebGateCacheElems |
No |
The maximum elements per cache. The cache is rotated when this number is reached. |
obWebGateCacheTimeout |
No |
The maximum amount of time an element can be in the cache. |
obTimeStamp |
No |
The time stamp used to determine if the WebGate configuration has been changed. |
obPrimaryCookieDomain |
No |
The domain assigned to the cookie set. |
obIdleSessionTimeout |
No |
The maximum time a cookie can be idle. |
obPreferredHost |
No |
If set, the host will be used by WebGate regardless the host in the URL. |
obAccessClientPasswd |
No |
The password used to connect to the access Server. |
obVer |
No |
The current release version. |
obService |
No |
Indicates if the Access Management service is turned on or off. |
obServerTimeoutThreshold |
No |
The timeout threshold to determine if Oracle Access Manager is reachable. It is used in case the tcp connection lost, for example. |
obSNMPEnabled |
No |
Specifies whether the Oracle Access Manager SNMP agent has been enabled. Can have the following values:
|
obSNMPAgentPort |
No |
Holds the port number of the Oracle Access Manager SNMP agent. This is the port where the agent accepts registration requests from Oracle Access Manager components. |
obCredentials |
No |
Stores the impersonation user name and password in encrypted format. The value is stored as |
ObAccessComponentDescription |
No |
Stores the description of the WebGate. It is a cis attribute. |
obPrimaryClusters |
No |
This attribute stores the primary clusters of a WebGate. It is a multi-valued attribute. |
obBackupClusters |
No |
This attribute stores the backup clusters of a WebGate. It is a multi-valued attribute. |
ObAccessComponentDescription |
No |
Stores the description of the WebGate. It is a cis attribute. Used in Oracle Access Manager 6.5.1 and higher releases. |
ObCompoundData |
No |
Stores XML configuration data for a template object. Used in this case to store data for WebGate configuration parameters, for example, IPValidationExceptions and LogOutUrls. For more information on obCompoundData, see the discussion of the oblixConfig object class. |
Table 1-101 lists the oblixWebResourceSearchList class descriptions.
Table 1-101 oblixWebResourceSearchList Class Description
Characteristic | Value |
---|---|
SubClassOf |
|
Description |
Contains a list of objects that can be searched using the search functionality in the Policy Manager. |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.6.1.5 |
Table 1-102 lists the oblixWebResourceSearchList attributes.
Table 1-103 lists the oblixWRSSearchResultColumns class descriptions.
Table 1-103 oblixWRSSearchResultColumns Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This is used to determine what attributes need to be displayed in the search results. The search functionality in Policy Manager allows one to search on the policy domain name and policy name. |
Class type |
Structural |
PossSuperiors |
oblixApplication |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.6 |
Table 1-104 lists the oblixWRSSearchResultColumns attributes.
Table 1-104 oblixWRSSearchResultColumns Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obSearchResultColumns |
No |
This attribute indicates the columns to display in search results. Values for this:
|
obVer |
No |
The current release version. |
Table 1-105 lists the oblixPSCConfig class descriptions.
Table 1-105 oblixPSCConfig Class Description
Characteristic | Value |
---|---|
SubClassOf |
|
Description |
This is an auxiliary class. It contains top-level configuration information for the Access System. It contains the root directory for the resource and the attributes from a user's entry that need to be cached. |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.6.1.7 |
For example:
obapp=PSC,ou=Oblix,o=company,c=us
Table 1-106 lists the oblixPSCConfig attributes.
Table 1-106 oblixPSCConfig Attributes
Attribute | Required | Description |
---|---|---|
obUserAttrsToCache |
No |
Contains a list of user attributes that need to be cached. For example, suppose an audit rule says to audit |
obUrlMatching |
No |
This attribute has not been used since 5.0. |
obRootDir |
No |
This attribute indicates your root directory. The value of this attribute often is /. This indicates all the resources to be managed by the Access System are under the root directory /.. |
Table 1-107 lists the oblixAAAEngineConfig class descriptions.
Table 1-107 oblixAAAEngineConfig Class Description
Characteristic | Value |
---|---|
SubClassOf |
|
Description |
This is an auxillary class that contains all the parameters used by the Access Server for the Access Engine, such as the cache timeouts, audit file, and audit interval information. |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.6.1.8 |
Table 1-108 lists the oblixAAAEngineConfig attributes.
Table 1-108 oblixAAAEngineConfig Attributes
Attribute | Required | Description |
---|---|---|
obAuditFileName |
No |
The value of this attribute indicates the audit file name to be used. |
obMaxAuditFileSize |
No |
The value of this attribute indicates the maximum size in bytes of the audit file. |
obAuditFileRotationInterval |
No |
Indicates how often the audit file needs to be rotated. File Rotation Interval is specified in seconds. |
obAuditBufferSize |
No |
Indicates the audit buffer size. For example, if the buffer size is 100 bytes, when the Access server has data equal to or more than 100 bytes it writes the data to the audit file. |
ObAuditFlag |
No |
Indicates whether Audit to File is on or off using two flags:
|
obMaxUserCacheElems |
No |
Indicates the maximum number of elements in the user cache. |
obUserCacheTimeout |
No |
Indicates the timeout associated with the elements in the user cache. |
obMaxPolicyCacheElems |
No |
Indicates the maximum number of elements in the policy caches. |
obPolicyCacheTimeout |
No |
Indicates the timeout associated with the elements in the policy caches. |
obSessionTokenCache |
No |
Takes a value of enabled or disabled. Indicates whether or not session tokens are cached. |
obMaxSessionTokenCacheElements |
No |
Indicates the maximum number of elements that can be present in the session token cache. Default: 10,000. |
obEngineConfigRefreshPeriod |
No |
This attribute specifies the refresh period for the following components. Authentication:
Authorization:
Audit:
It will also reload the revoked user list. |
obURLPrefixReloadInterval |
No |
Indicates the time in seconds after which the URL prefixes need to be reloaded. |
obPasswordPolicyReloadInterval |
No |
Indicates the time in seconds after which the password policies need to be reloaded. |
obAuditBufferFlushInterval |
No |
There is an audit buffer flush interval in the code. However, there is no user interface to change it and this attribute is not used. The Access System engine uses a default of 10 seconds. |
Table 1-109 lists the oblixAuditPolicy class descriptions.
Table 1-109 oblixAuditPolicy Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
Contains the audit rule for the policy domains and policies. |
Class type |
Structural |
PossSuperiors |
oblixResourceOperationRule, oblixSiteDomain |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.9 |
For example
obname=MasterAuditPolicy,obpolicyContainerId=WebResrcDB,obcontainerId=Policies,o=company,c=us
Table 1-110 lists the oblixAuditPolicy attributes.
Table 1-110 oblixAuditPolicy Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obAuditEvent |
No |
Indicates which events are audited. Authentication Failure, Authentication Success, Authorization Failure, Authorization Succes. Values stored in the directory for each of these events are:
|
obAuditProfileAttrs |
No |
Indicates which user profile attribute needs to be audited. For example, cn, sn, and so on. |
obVer |
No |
The current release version. |
Table 1-111 lists the oblixMasterAuditPolicy class descriptions.
Table 1-111 oblixMasterAuditPolicy Class Description
Characteristic | Value |
---|---|
SubClassOf |
oblixAuditPolicy |
Description |
This is the master audit rule that is used if there is no audit rule specified at the policy domain or policy level. If there is an audit rule defined at the policy domain or policy level, the obAuditEvent attribute can be overridden, but the obAuditProfileAttrs is appended to the attribute list at the policy domain or policy level. |
Class type |
Structural |
PossSuperiors |
oblixApplication, oblixPolicyContainer |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.10 |
For example
obname=MasterAuditPolicy,obpolicyContainerId=WebResrcDB,obcontainerId=Policies,o=company,c=us
Table 1-112 lists the oblixMasterAuditPolicy attributes.
Table 1-112 oblixMasterAuditPolicy Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obAuditFields |
No |
The order in which auditing information appears in reports. Oracle recommends the Audit Format Rule field follow this structure:
The leading static string can be empty, but the rest of the static strings, including the ending static string, should contain static text. For example:
Oracle Access Manager supports the following data types for audit records: ob_date — Corresponds to date only. It does not include the time of the event unless the date format is ISO. ob_datetime — Corresponds to date and time. The date is logged in the format specified in the master audit policy. The time is logged as hh:mm:ss. The time is always the GMT time on the web server that received the HTTP request, followed by the web server's offset from GMT. ob_event — String corresponding to the event that occurred. Event can be one of the following: Authentication Success, Authentication Failure, Authorization Success or Authorization Failure. ob_ip — IP address of the browser submitting the request. ob_operation — HTTP operation, such as GET, PUT, POST, or others. ob_serverid — Corresponds to the ID of the Access Server that is auditing this information. ob_time — Corresponds to the GMT time at which the event occurred on the web server. Time is always logged as hh:mm:ss+/- offset from GMT on web server. ob_time_no_offset — Corresponds to the GMT time on the AccessGate, but no GMT offset is logged. Time is logged as hh:mm:ss. Master Access Administrators and Delegated Access Administrators cannot change these settings. ob_url — Request URL. ob_userid — Contains the user's DN if the user was successfully authenticated. If the user was not authenticated, or in addition to the DN, it may also contain any other information the authentication module of the Access Server wanted to audit (such as password used by the anonymous user or any certificate fields). For a regular user entry that exists in the directory server and who is not logging in as "anonymous", the password is not logged to the audit log. ob_wgid — ID of the AccessGate that received the request. |
Field separator — The default is " - " (space/dash/space). Note: If you want to use the DBImport Tool utility, you must use a field separator. |
||
obDateType |
No |
Specifies the date format, for example, |
obDateSeparator |
No |
This is used but there is no user interface for it. The default is a slash (/). |
obEscapeChar |
No |
The escape character for the logged audit. This helps log information appear correctly in reports. |
obRecordSeparator |
No |
Used but there is no user interface for it. The default is \n. |
obAuditEventMap |
No |
Specifies the audit event map. Examples:
|
obKeyValSeparator |
No |
Default to be =. There is no user interface for it. |
obListItem Separator |
No |
This is used in the code, but there is no user interface for it. It defaults to a comma (,). |
obVer |
No |
The current release version. |
Table 1-112 lists the oblixApplicationAuditInfo class descriptions.
Table 1-113 oblixApplicationAuditInfo Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This is the object class for the logging and auditing policies. The global one is stored in obName=common. The application-specific ones are stored in |
Class type |
Structural |
PossSuperiors |
oblixPolicyContainer |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.28 |
For example:
obname=common,obpolicyContainerId=WebResrcDB,obcontainerId=Policies,ou=oblix,o=company,c=us
obname=userservcenter,obpolicyContainerId=WebResrcDB,obcontainerId=Policies,ou=oblix,o=company,c=us
obname=groupservcenter,obpolicyContainerId=WebResrcDB,obcontainerId=Policies,ou=oblix,o=company,c=us
obname=objservcenter,obpolicyContainerId=WebResrcDB,obcontainerId=Policies,ou=oblix,o=company,c=us
obname=corpdir,obpolicyContainerId=WebResrcDB,obcontainerId=Policies,ou=oblix,o=company,c=us
Table 1-114 lists the oblixApplicationAuditInfo attributes.
Table 1-114 oblixApplicationAuditInfo Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obLogLevel |
No |
The application log level. Can be:
|
ObProfileAttrs |
No |
The attributes to be logged by default. |
ObAppEventInfo |
No |
The event specific setting. This list varies for each application.
|
obVer |
No |
The current release version. |
Table 1-115 lists the oblixAAAServerConfigInfo class descriptions.
Table 1-115 oblixAAAServerConfigInfo Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
|
Class type |
Structural |
PossSuperiors |
oblixApplication |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.12 |
Table 1-116 lists the oblixAAAServerConfigInfo attributes.
Table 1-116 oblixAAAServerConfigInfo Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obHostName |
Yes |
The host name for the Access Server. |
obPort |
Yes |
The port number of the Access Server. |
obDebug |
No |
Attribute to turn on Access Server debugging. |
obDebugFileName |
No |
Indicates the debug file name. |
obThreads |
No |
The number of threads configured for the Access Server. |
obIsEncrypted |
No |
This attribute defines the transport security mode. |
obMaxAAASessionTime |
No |
This attribute is not used, although it is stored in the directory when a new Access Server entry is created. |
obVer |
No |
The current release version. |
ObService |
No |
Indicates if the Access Management service is turned on or off. |
obSNMPEnabled |
No |
Specifies whether the Oracle Access Manager SNMP agent has been enabled. Can have the following values:
|
obSNMPAgentPort |
No |
Holds the port number of the Oracle Access Manager SNMP agent. This is the port where the agent accepts registration requests from Oracle Access Manager components. |
Table 1-117 lists the oblixWRSCAdminCommon class descriptions.
Table 1-117 oblixWRSCAdminCommon Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This class contains which HTTP operations are supported. |
Class type |
Structural |
PossSuperiors |
oblixApplication |
Naming attribute |
CN |
OID |
1.3.6.1.4.1.3831.6.1.13 |
For example:
cn=WRSC Admin Common Object,obapp=PSC,ou=Oblix, o=company,c=us
Table 1-118 lists the oblixWRSCAdminCommon attributes.
Table 1-118 oblixWRSCAdminCommon Attributes
Attribute | Required | Description |
---|---|---|
cn |
Yes |
Naming attribute. Its value is WRSC Admin Common Object. |
obHTTPOperations |
No |
Indicates the HTTP operations on which policies can be set. Values are:
|
obMoreHTTPOperations |
No |
Indicates more HTTP operations on which policies can be set. Values are:
|
obSharedSecret |
No |
This attribute is modified when a new shared secret is generated. |
obSecretreCycleTime |
No |
Not in use. |
obSecretSize |
No |
Not in use. |
obTimeStamp |
No |
Not in use. |
obVer |
No |
The current release version. |
Table 1-119 lists the oblixHostID class descriptions.
Table 1-119 oblixHostID Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This class represents all the host and port variations for a given host. For example, company.com can be addressed as This class contains the list of all possible identifiers. |
Class type |
Structural |
PossSuperiors |
oblixApplication |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.14 |
For example:
obname=20021203T1637456801,obapp=PSC,ou=Oblix,o=company, c=us
Table 1-120 lists the oblixHostID attributes.
Table 1-120 oblixHostID Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obDescription |
No |
The description for this object. |
obDisplayName |
No |
A human-readable and human-understandable name for the object. |
obHostNamePort |
No |
Host name and port combinations. All possible identifiers for the host. |
obVer |
No |
The current release version. |
Table 1-121 lists the oblixGSN class descriptions.
Table 1-121 oblixGSN Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This class is used in the cache flushing mechanism. It contains a global sequence number which represents the flush request number. The GSN gets incremented by every cache flush request. |
Class type |
Structural |
PossSuperiors |
oblixApplication |
Naming attribute |
obSeqNo |
OID |
1.3.6.1.4.1.3831.6.1.15 |
For example:
obSeqNo=15,obapp=PSC,ou=Oblix,o=company,c=us
Table 1-122 lists the oblixGSN attributes.
Table 1-123 lists the oblixSynchRecord class descriptions.
Table 1-123 oblixSynchRecord Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object is written to the directory for every cache flush request. This object describes what component has been flushed and what policy domain or policy it belongs to. |
Class type |
Structural |
PossSuperiors |
oblixMgmtNode |
Naming attribute |
obSyncRequestNo |
OID |
1.3.6.1.4.1.3831.6.1.16 |
For example:
obSynchRequestNo=15,cn=PSCMgmt,obapp=PSC,ou=Oblix, o=company,c=us
Table 1-124 lists the oblixSynchRecord attributes.
Table 1-124 oblixSynchRecord Attributes
Attribute | Required | Description |
---|---|---|
obSyncRequestNo |
Yes |
A number starting from 1. The new sync request will have a value of <max obSyncRequestNo in the DS> + 1. |
obCompID |
No |
Unique ID of the component to be flushed. The value changes depend on the flush type. If a URL is being flushed, this contains the |
obCompsdID |
No |
Unique ID of the component to be flushed. This is the policy domain ID of the component to be flushed. |
obCompWrorID |
No |
Unique ID of the component to be flushed. This is the policy ID of the component to be flushed. |
obSyncRequestType |
No |
0 is URL prefix, 1 is SD, 2 is policy, 3 is authentication scheme, 4 is default authentication rule, 5 is authentication rule, 6 is default authz rule, 7 is policy authz rule, 8 is default audit rule, 9 is policy audit rule, 10 is user, 11 is host identifier, 12 is password policy, 13 is password policy redirect URL, 14 is unknown, 15 is authz scheme, 16 is all password policies |
obSyncChangeType |
No |
0 indicates an add, 1 is modify, 2 is delete. |
obSyncTime |
No |
The sync record creation time. |
obVer |
No |
The current release version. |
Table 1-125 lists the oblixMgmtNode class descriptions.
Table 1-125 oblixMgmtNode Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This is the container node for all the syn records. All oblixSyncRecord objects are stored under this node. |
Class type |
Structural |
PossSuperiors |
oblixApplication |
Naming attribute |
obSyncRequestNo |
OID |
1.3.6.1.4.1.3831.6.1.17 |
For example:
cn=PSCMgmt,obapp=PSC,ou=Oblix,o=company,c=us
Table 1-126 lists the oblixMgmtNode attributes.
Table 1-127 lists the oblixAAAServerIDNode class descriptions.
Table 1-127 oblixAAAServerIDNode Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
The ObName attribute value for this entry is used on the WebGate entry to identify which Access Server the WebGate should communicate with. ObAAAPrimaryServerID and obAAASecondaryServerID attributes in the WebGate entry contains the obName of oblixAAAServerIDNode. |
Class type |
Structural |
PossSuperiors |
oblixApplication |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.18 |
For example:
obname=20021118T1510350,obapp=PSC,ou=Oblix,o=company,c=us
Table 1-128 lists the oblixAAAServerIDNode attributes.
Table 1-128 oblixAAAServerIDNode Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obServerID |
Yes |
Contains the DN of the Access Server. |
obMaxAAAServerConnections |
No |
Indicates the maximum number of connections from the WebGate to Access Server. |
obVer |
No |
The current release version. |
Table 1-129 lists the oblixWebPassConfigInfo class descriptions.
Table 1-129 oblixWebPassConfigInfo Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class defines the WebPass configuration information. |
Class type |
Structural |
PossSuperiors |
oblixPolicyContainer |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.19 |
For example:
Obname=WebPassdefault, obpolicyContainerId=WebResrcDB, obcontainerId=Policies, ou=oblix, o=company, c=us
Table 1-130 lists the oblixWebPassConfigInfo attributes.
Table 1-130 oblixWebPassConfigInfo Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obHostName |
No |
The host name for the Web server on which the WebPass is installed. |
obPort |
No |
The port number for the Web server on which the WebPass is installed. |
obMaxOISServerConnections |
No |
This indicates the maximum number of connections that can be established between the WebPass and Identity Server. |
obDebug |
No |
This value indicates if the WebPass is running in the debug mode or not. Value of OB_TRUE/true indicates debug is on. |
obMaxOISSsessionTime |
No |
The session time out between WebPass and Identity Server if the session is idle. |
obFailoverThreshold |
No |
Minimum number of valid connections to primary servers that must be maintained before a connection to the secondary server is tried. |
|
No |
An interval, in number of seconds, that a watcher thread Òwakes upÓ and verifies that the number of connections to various servers is correct according to the defined configuration. If the number of connections is less than the configured number, WebPass tries to establish new connections and reestablish connections to the primary Identity Server or the Identity Server tries to establish connections with the directory. |
obOISPrimaryServerID |
No |
This attribute indicates which Identity Server is the primary server for the WebPass to communicate with. The value of this field is the obname attribute of the Identity Server entry. |
obOISSecondaryServerID |
No |
This attribute indicates which Identity Server is the secondary server for the WebPass to communicate with. The value of this field is the obname attribute of the Identity Server entry. |
obIsEncrypted |
No |
The transport security mode. Can be open, simple, cert. |
obMaxSessionTime |
No |
Not in use. |
obMaxWebPassCacheElems |
No |
Not in use. |
obWebPassCacheTimeout |
No |
Not in use. |
obPrimaryCookieDomain |
No |
Not in use. |
obIdleSessionTimeout |
No |
Not in use. |
obTimeStamp |
No |
The time stamp. It is used to determine if the WebPass configuration has been changed. |
obPreferredHost |
No |
Not in use. |
obVer |
No |
The current release version. |
obServerTimeoutThreshold |
No |
The timeout threshold to determine if Oracle Access Manager is reachable. It is used in case of tcp connection lost for example. |
obSNMPEnabled |
No |
Specifies whether the Oracle Access Manager SNMP agent has been enabled. Can have the following values:
|
obSNMPAgentPort |
No |
Holds the port number of the Oracle Access Manager SNMP agent. This is the port where the agent accepts registration requests from Oracle Access Manager components. |
Table 1-131 lists the oblixOISServerConfigInfo class descriptions.
Table 1-131 oblixOISServerConfigInfo Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class defines the Identity Server configuration information. |
Class type |
Structural |
PossSuperiors |
oblixPolicyContainer |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.20 |
For example:
Obname=ois, obpolicyContainerId=WebResrcDB, obcontainerId=Policies, ou=oblix, o=company, c=us
Table 1-132 lists the oblixOISServerConfigInfo attributes.
Table 1-132 oblixOISServerConfigInfo Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obHostName |
No |
The host name for the Identity Server. |
obPort |
No |
The port number for the Identity Server. |
obDebug |
No |
Attribute to turn on Identity Server debugging. |
obDebugFileName |
No |
The debug file name and location. |
obThreads |
No |
The number of threads configured between WebPass and Identity Server. |
obIsEncrypted |
No |
The mode between WebPass and Identity server. The transport security mode. Can be open, simple, cert. |
obMaxOISSessionTime |
No |
The session timeout between WebPass and Identity Server if the session is idle. |
obAuditFileName |
No |
The audit file name and location. |
obAuditBufferSize |
No |
The buffer size set for the audit file. |
obAuditMaxFileSize |
No |
The maximim size for the audit file. |
obAuditFileRotationInterval |
No |
The time interval for rotating the audit file. Will rotate file when this time interval has elapsed. |
obAuditFileFlushInterval |
No |
The time interval to flush the audit file. Will flush the cache when this time interval has elapsed. |
obAuditFlag |
No |
The flag indicating whether auditing is on. |
obDateType |
No |
The date type. Can be:
|
obDateSeparator |
No |
The separator used as delimiter in the corresponding date type. |
obLogFileName |
No |
The log file name and location. |
obLogFileMaxSize |
No |
The maximum size for the log file. When this size is reached, the file is rotated. |
obScopeFileName |
No |
The scope file name and location. |
obFileRotateInterval |
No |
The time interval to rotate the scope file. Will rotate file when time interval reached. |
obAuditFields |
No |
|
obEscapeChar |
No |
Character used as escape character. |
obLogFileRotationInterval |
No |
The time interval to rotate the log file. Will rotate file when time interval reached. |
obLogCacheFlushInterval |
No |
The time interval to flush the log file. Will flush the cache when time interval reached. |
obLogCacheMaxSize |
No |
The maximum cache size for the log information. Will write to the cache when maximum size reached. |
obVer |
No |
The current release version. |
obSNMPEnabled |
No |
Specifies whether the Oracle Access Manager SNMP agent has been enabled. Can have the following values:
|
obSNMPAgentPort |
No |
Holds the port number of the Oracle Access Manager SNMP agent. This is the port where the agent accepts registration requests from Oracle Access Manager components. |
obCompoundData |
No |
Stores XML configuration data for a template object. For more information on obCompoundData, see the discussion of the oblixConfig object class. |
Table 1-133 lists the oblixOISServerIDNode class descriptions.
Table 1-133 oblixOISServerIDNode Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object class contains information for WebPass to use to find the Identity Server configuration information. |
Class type |
Structural |
PossSuperiors |
oblixPolicyContainer |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.21 |
For example
obname=20021119535T5353, obcontainerId=WebRescDB, obcontainerId=Policies, ou=oblix, o=company, c=us
Table 1-134 lists the oblixOISServerIDNode attributes.
Table 1-134 oblixOISServerIDNode Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The generated ID for this object. It is used as the naming attribute. |
obServerid |
No |
The DN of the instance of oblixOISServerConfigInfo (Identity configuration info). |
obMaxOISServerConnections |
No |
The maximum connections to the Identity server. |
obVer |
No |
The current release version. |
Table 1-135 lists the oblixAuthzPluginScheme class descriptions.
Table 1-135 oblixAuthzPluginScheme Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This object contains the basic information about the authorization plug-in. |
Class type |
Structural |
PossSuperiors |
oblixPolicyContainer |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.22 |
For example:
obname=20021203T1636035870,obapp=PSC,o=Oblix,o=company, c=us
obname=20021119535T5353, obcontainerId=WebRescDB, obcontainerId=Policies, ou=oblix, o=company, c=us
Table 1-136 lists the oblixAuthzPluginScheme attributes.
Table 1-136 oblixAuthzPluginScheme Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obDisplayName |
No |
A human-readable and human-understandable name for the object. |
obDescription |
No |
The description for this object. |
obCustomLib |
No |
Path of the plug-in dll or shared library. Depending on the platform, the Access Server will append .dll or .so to this path. This path can be absolute. If not, Access Server will prepend |
obRequiredParams |
No |
A multi-valued attribute. Values will be stored as name:value. If the Master Access Administrator did not specify any values, only the name will be stored as |
obOptionalParams |
No |
A multi-valued attribute. Values will be stored as name:value. If the Master Access Administrator did not specify any values, only the name will be stored as |
obUserProfileAttrs |
No |
A multi-valued attribute containing information about user's profile information to be passed to the plug-in. The DN will be represented by |
obRequestContextParams |
No |
Not in use. |
obVer |
No |
The current release version. |
obMgdCodeUsed |
No |
Used for managed authorization plug-in code. If you write an authorization plugin in managed code and specify in the UI that it is managed code, this attribute stores the result. |
obMgdNameSpace |
No |
Used for managed authorization plug-in code. If you write an authorization plugin in managed code and specify in the UI that it is managed code, this attribute stores the name space. |
Table 1-137 lists the oblixCustomAuthzCondition class descriptions.
Table 1-137 oblixCustomAuthzCondition Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This class represents the custom authorization rules. The custom authorization rules are stored as custom conditions under the oblixpolicyrule and contain the authorization plugin scheme id to which this rule maps. |
Class type |
Structural |
PossSuperiors |
oblixPolicyRule |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.23 |
Table 1-138 lists the oblixCustomAuthzCondition attributes.
Table 1-138 oblixCustomAuthzCondition Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obDisplayName |
No |
A human-readable and human-understandable name for the object. |
obDescription |
No |
The description for this object. |
obpolicyConditionOrder |
No |
|
obPolicyConditionUsage |
No |
Specifies if the plug-in is configured as an authorization plug-in or post authorization plug-in. |
obSchemeID |
No |
ID of the authorization plug-in scheme this condition uses. |
obRequiredParams |
No |
A multi-valued attribute. Values will be stored as name:value*. Condition level required parameters are required parameters for which no value is specified in the authorization scheme. A delegated administrator: must provide values for all these parameters, and cannot add or delete any required parameter. |
obOptionalParams |
No |
A multi-valued attribute. Values are stored as A delegated administrator need not provide values for all these parameters, and cannot add or delete any optional parameter. |
obAdditionalParams |
No |
A multi-valued attribute. Values will be stored as |
obVer |
No |
The current release version. |
Table 1-139 lists the oblixResourceType class descriptions.
Table 1-139 oblixResourceType Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This class allows administrators to define various resources types. Examples of resource types are HTTP, EJB, and so on. This class also contains the operations that are allowed on the resource type. |
Class type |
Structural |
PossSuperiors |
oblixContainer |
Naming attribute |
obName |
OID |
1.3.6.1.4.1.3831.6.1.24 |
For example:
obname=0,obContainerID=URI Resources,obapp=PSC,ou=Oblix, o=company,c=us
Table 1-140 lists the oblixResourceType attributes.
Table 1-140 oblixResourceType Attributes
Attribute | Required | Description |
---|---|---|
obName |
Yes |
The name of this object. It is used as the naming attribute. |
obSchemeName |
No |
Unique name for the new resource type. |
obResourceType |
No |
This attribute indicates the type of resource, for example, 0 is HTTP, 1 is EJB, and so on. |
obDisplayName |
No |
A human-readable and human-understandable name for the object. |
obResourceMatching |
No |
Indicates whether to perform case sensitive or case insensitive matching. |
obResourceOperation |
No |
Specify the available resource operation(s). Click the + and - signs to add or delete fields as necessary. Valid resource operations for HTTP resources are:
Note: For HTTP resource types, you can specify a custom operation; however, Oracle Access Manager interprets it as an OTHER operation. |
obVer |
No |
The current release version. |
Table 1-141 lists the oblixEncryptionKey class descriptions.
Table 1-141 oblixEncryptionKey Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
|
Class type |
Structural |
PossSuperiors |
oblixConfig, oblixContainer |
Naming attribute |
cn |
OID |
1.3.6.1.4.1.3831.6.1.24 |
For example
cn=cookieEncryptionKey,obContainerId=encryptionKey,ou=Oblix, o=company,c=us
cn=cpResponseEncryptionKey,obContainerId=encryptionKey,ou=Oblix, o=company,c=us
Table 1-142 lists the oblixEncryptionKey attributes.
Table 1-142 oblixEncryptionKey Attributes
Attribute | Required | Description |
---|---|---|
cn |
Yes |
The name of the encryption key. |
obSharedSecret |
No |
This is the key that is used to encrypt the obSSOCookie as well as any other encrypted cookies. |
obSecretSize |
No |
The number of bytes that comprise the shared secret. Currently always set to 32. |
obTimeStamp |
No |
The date and time when the shared secret was last changed, or 0 of it was never changed. |
obCipher |
No |
The cipher (RC4 or RC6) used by WebGate to encrypt Oracle cookies and by Oracle Access Manager for a challenge reponse or password in a workflow. For a cookie, RC4 is the default. For challenge response or a password, RC6 is the default. |
obVer |
No |
The current release version. |
Table 1-143 lists the oblixReportStatus class descriptions.
Table 1-143 oblixReportStatus Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
Holds information for reports generated by the Access System. |
Class type |
Structural |
PossSuperiors |
oblixConfig, oblixContainer |
Naming attribute |
obName |
OID |
Table 1-144 lists the oblixReportStatus attributes.
Table 1-144 oblixReportStatus Attributes
Attribute | Required | Description |
---|---|---|
obDisplayName |
Yes |
A human-readable and human-understandable name for the object. |
obName |
No |
The name of this object. It is used as the naming attribute. |
obTimeStamp |
No |
1 if the date and time when the shared secret was last changed, or 0 if it was never changed. |
obServerID |
No |
The DN of the instance of oblixOISServerConfigInfo (Identity configuration info). |
obReportType |
No |
There is currently one type of static report that can be generated from the Access System. These are reports that users generate from the Access System Console. Another type of report is dynamic, that is, the data is generated from auditing functionality. The obReportType stores the report type for a static report. The default report type is User Access Privilege Report, with a value of obReportType=1. |
obReportStatus |
No |
Stores a report status, which may be SUCCESS, FAILED, or PROCESSING. |
obReportMinorStatus |
No |
This field contains additional status information, such as data store error. |
obReportInput |
No |
A series of name-value pairs representing report input data. |
obPercentage |
No |
A status indicator for the percentage of the report that has been completed. |
Table 1-145 lists the obESSJCMapping class descriptions.
Table 1-145 obESSJCMapping Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
This is the object class that stores Control-SA ESS Job Code information. |
Class type |
Structural |
PossSuperiors |
oblixConfig, oblixContainer |
Naming attribute |
obESSjcname |
OID |
1.3.6.1.4.1.3831.9.1.1 |
For example:
ObESSjcname = sales, o=Oblix, o=Company, c=US
Table 1-146 lists the obESSJCMapping attributes.
Table 1-146 obESSJCMapping Attributes
Attribute | Required | Description |
---|---|---|
obESSjcName |
Yes |
The is the key value of this object class. |
obESSJobCode |
No |
This is the job code value. |
obESSApprovalFlag |
No |
This indicates whether approval is required. |
obESSViewableDomains |
No |
This indicates whether the job code is viewable. |
obESSEmailFlag |
No |
This indicates whether email processing is needed or not for the job code value. |
obESSUserGroup |
No |
The user group associated with the job code. |
obESSUGJC |
No |
This stores the tuple information of (usergroup, job code). |
Table 1-147 lists the oblixAuxBMCPersonInfo class descriptions.
Table 1-147 oblixAuxBMCPersonInfo Class Description
Characteristic | Value |
---|---|
SubClassOf |
|
Description |
This is the auxiliary class that stores additional information for BMC Control-SA ESS Enterprise User. |
Class type |
Auxiliary |
PossSuperiors |
|
Naming attribute |
|
OID |
1.3.6.1.4.1.3831.9.1.2 |
Table 1-148 lists the oblixAuxBMCPersonInfo attributes.
Table 1-148 oblixAuxBMCPersonInfo Attributes
Attribute | Required | Description |
---|---|---|
obBMCJobCode |
No |
The job code values associated with this user. |
obBMCEnterpriseID |
No |
The unique Enterprise ID used by the ESS server. |
obBMCMachineName |
No |
The machine name values associated with the user. |
obBMCMachineType |
No |
The machine type values associated with the user. |
obBMCUserGroup |
No |
The user group values associated with the user. |
obBMCUGRelation |
No |
The user group and machine information relationship associated with the user. |
obBMCRSSUserName |
No |
The RSS user names associated with the user. |
Table 1-149 lists the obESSLockingInfo class descriptions.
Table 1-149 obESSLockingInfo Class Description
Characteristic | Value |
---|---|
SubClassOf |
Top |
Description |
The object class used to store state information for Oracle Access ManagerProvisioning Module and Bridge. |
Class type |
Structural |
PossSuperiors |
oblixConfig, oblixContainer |
Naming attribute |
obStatusName |
OID |
1.3.6.1.4.1.3831.9.1.3 |
For example
ObStatusName=200292847471781,obcontainerId=ESSProv,o=Oblix,o=Company,c=US
Table 1-150 lists the obESSLockingInfo attributes.
Table 1-150 obESSLockingInfo Attributes
Attribute | Required | Description |
---|---|---|
obStatusName |
Yes |
The key value for this object class. |
obWhichOIS |
No |
Which server (by ID) is processing this entry of obESSLockingInfo. |
obLockStatus |
No |
The status of the ESS Lock. |
obESSTimeStamp |
No |
The time this entry is being processed. |
obESSSuccessURL |
No |
The URL to be sent back to the workflow engine when ESS backend process is successful. |
obESSFailURL |
No |
The URL to be sent back to the workflow engine when ESS backend process fails. |
obESSExteralID |
No |
The unique transactions ESS external ID associated with this ESSLockingInfo entry. |