Index
A B C D E F G H I L M N O P R S T U V W
A
- About
-
- Changing Directory Server Hosts, D.1
- access
-
- see also access control, 3.8
- denying access to all resources by default, 3.8
- DenyOnNotProtected flag, 3.8
- example of denying access by default, 3.8.1
- access control
-
- see also authentication schemes
- for single sign-on, 7.4.2.1
- increasing or decreasing, 4.8.1
- removing for a group, 4.8.1.2
- access control templates
-
- see authentication schemes
- see authorization schemes
- see policy domains
- Access Domain, 4.3.3
- Access Management Service, 3.3.2, 3.3.5.1, 3.3.5.1, 3.4.1, 3.4.2, 3.4.2
-
- formerly known as Policy Manager API Support Mode, 3.3.1.1
- formerly Policy Manager API Support Mode, 3.4.3
- Access Manager API
-
- processing of resource requests, 3.10.2
- use in authorization requests, 6.10
- Access Manager SDK, 3.4.3, 3.10.2, A.1.6, E.1.6.3
-
- affect on AccessGate configuration parameters, 3.4.2
- authorization clients that use, 6.10
- cache, E.1.6.3
- effect on AccessGate configuration parameters, 3.4.2
- formerly named Access Server SDK, Preface
- Access Server, 1.2
-
- Access Management Service, Preface, 3.3.1.1, 3.3.5.1, 3.4.2, 3.4.2
- Access Management Service field, 3.3.1.1
- Access Server service, 3.3.6.1
- adding, 3.3.2, 3.3.2
- assocating with AccessGates, 3.6
- audit log, 4.12.5
- Audit to Database, 3.3.1.1
- auditing parameters, 3.3.1.1
- cache, 3.3.1.1, 3.4.3.3, 5.3.2, 5.10.7, 5.10.8, 6.3.2, 6.5.2
- cache configuration parameters, 3.3.1.1
- cache flush, 2.3.3
- cache timeout, 3.3.1.1
- cache, updating, 4.9.7.1, 4.9.7.1, 4.10.1, 6.3.4
- cluster
-
- about, 3.3.5
- adding, 3.3.5.1
- managing, 3.3.5.1
- modifying, 3.3.5.1, 3.3.5.1
- reason for configuring, 3.3.5
- viewing, 3.3.5.1, 3.3.5.1
- who configures, 2.2
- command line configuration, 3.3.6
- configuration parameters, 3.3.1.1, 3.3.1.1
- configuration, prerequisites for, 3.2
- configureAAAServer tool, 3.3.6
- configuring, 2.3, 3, 3.3, 3.3
- configuring to communicate with AccessGate, 3.6.2
- debug file, 3.3.1.1
- definition, 1.2
- definition of, 3.1
- deleting, 3.3.4, 3.3.4
- diagnostics, 8.2.2
- directory server profile for, 3.3.2.1
- disassociating from an AccessGate, 3.6.4
- duplicate action handling, 6.7.3.1
- evaluation of policy domains, 4.5.1
- how it checks policies, 4.3.2
- how it processes expressions, 6.4.2.2
- how it selects policy domains, 4.5.1
- installing, 3.3
- instance, adding, 3.3.2
- managing from the command line, 3.3.6, 3.3.6
- Maximum Client Session Time, 3.3.1.1
- modifying, 3.3.3, 3.3.3
- naming, 3.4.3
- number of connections with AccessGate, 3.5.5.1
- Number of Threads, 3.3.1.1
- Password Policy Reload Period, 3.3.1.1
- policy cache timeout, 3.3.1.1
- policy evaluation order, 4.11.4
- polling between it and directory, 3.4.3.4
- polling between it and WebGate, 3.4.3.4
- queues, setting the number of, 3.3.6.2
- reconfiguring, 3.3.6.1, 3.3.6.1
- re-installing Access Server service, 3.3.6.1
- removing Access Server service, 3.3.6.1
- requests to, 3.3.6.2
- role in matching URLs with resources, 4.3.2
- session token cache parameters, 3.3.1.1
- silent installation, 3.3.6
- SNMP Agent Registration Port, 3.3.1.1
- threads, 3.3.6.2
- transport security mode, 3.3.1.1
- URL Prefix Reload Period, 3.3.1.1, 3.3.1.1
- viewing, 3.3.3
- viewing details, 3.3.1, 3.3.1
- who configures, 2.2
- Access Server SDK
-
- now named Access Manager SDK, Preface
- Access Server Timeout Threshold field, 3.4.2, 3.4.3
- Access System
-
- Access Server, 1.2, 1.2
- authorization, 1.1
- cache flush, automatic, 9.2
- components, 1.2, 1.2
- configuration of, 1.4
- configuration, about, 1.1
- configuration, prerequisites for, 2.1
- Identity Server logged you in but the Access System logged you out error, E.1.8.1
- installation overview, 1.3, 1.3
- management overview, 1.5
- Policy Manager, 1.2, 1.2
- setup, 1.3
- sychronizing clocks, 9.3.1
- synchronizing components, 9.3
- WebGate, 1.2, 1.2
- Access System Behavior Changes
-
- AES encryption scheme, 7.3.2
- Access System Console, D.3, D.4, D.5
- Access Tester, 4.13
- AccessGate, 3.3.4
-
- Access Management Service, 3.3.1.1
- adding, 3.4.3
- Audit to Database, 3.3.1.1
- Audit to File field, 3.3.1.1
- Buffer Size, 3.3.1.1
- cache, 3.4.2
- configuration parameters, 3.4.2
- configuration, prerequisites for, 3.2
- configure in the console before installing, 3.4.3
- configureAccessGate tool, 3.4.4
- configuring, 3.4
- creating, Preface
- Debug File Name, 3.3.1.1
- Debug parameter, 3.3.1.1
- definition, 3.1
- delegating administration of, 2.2.2
- deleting, 3.4.5
- disassociating from an Access Server or cluster, 3.6.4
- Engine Configuration Refresh Period, 3.3.1.1
- Hostname, 3.3.1.1
- installing, 3.4.3
- modifying through command line, 3.4.4
- Name, 3.3.1.1
- out-of-box Access Client, 3.5
- Port, 3.3.1.1
- Session Token Cache field, 3.3.1.1
- SNMP, enabling, 3.3.1.1
- Transport Security, 3.3.1.1
- transport security mode for, 3.4.4
- User Cache Timeout, 3.3.1.1
- user-defined parameters, 3.4.3.2
- viewing, 3.4.1
- viewing associated Access Server, 3.4.1
- WebGate, 3.5
- who manages, 2.2
- AccessGate Name field, 3.4.2, 3.4.3
- AccessGate Password field, 3.4.2, 3.4.3
- AccessGates
-
- associating with Access Servers, 3.6
- action challenge parameter, 5.3.2
- actions, A.2
-
- and header variables, 5.10.4, 7.6
- and redirection, 5.10.5
- authentication, 5.10
- authentication actions and session cookies, A.1.4
- authentication actions, setting, 5.10.7
- combining from two or more rules, 6.6.6
- configuring for AD, 5.10
- custom authorization actions, 6.7.6
- determining which ones are returned from an authorization expression, 6.6.5
- duplicate action defaults, 6.7.4
- duplicate actions, 6.5.1, 6.7.3.1
- evaluation order, 6.6.7
- for authorization expressions, 6.7.2
- for authorization success or failure, 6.1.2.1, 6.2.3
- for inconclusive results, 6.7.2.1
- for redirection, 5.10.5
- form action, A.3.1.1
- form action URLs, A.3.1.1
- in a policy authentication rule, 5.10.8
- in authorization expression rules, 6.5.1.1
- in authorization plug-ins, 6.8.1.1
- in authorization rules, 6.6, 6.7.1
- in disjoint domains, 6.7.1.1
- passing header variables, A.1.5
- passing information using actions, 5.10.3
- redirection, 6.2.3
- to pass information, 6.6.4
- triggering after ObSSOCookie is set, Preface, 5.10.9
- triggering after setting the session cookie, 5.10.9
- types of actions, 5.10.1
- used to define the user type, 7.7.2
- Active Directory
-
- authentication scheme for, 5.1.4
- configuring actions when using AD, 5.10
- credential mapping parameter for, 5.4.7
- example of changing the security level when using, 5.4.5
- form-based authentication and AD, A.4.1.2
- multiple searchbases using AD, 5.3.4
- administration
-
- about, 1
- administrators
-
- Access Administrators, 2.2
- configuring, 2
- Delegated Access Administrator, 2.2
- Delegated Access Administrator, configuring, 2.2.2
- Delegated Access Administrators, configuring a group of, 2.2.3
- Master Access Administrator, 2.2
- Master Access Administrator, configuring, 2.2.1
- Master Administrator, 2.2
- policy domain administrators, 4.14
- privileges for each type, 2.2
- AES encryption, 7.3.2, 8.4
- allow access, 6.3.3
- Anonymous authentication scheme
-
- and form-based authentication, A.2, A.3
- anonymous login, 3.8
- Apache
-
- associating an Apache WebGate with particular resources, 3.9
- audit
-
- Master Audit Rule, 4.10
- rule, 4.8
- Audit Date Type field, 4.10.1
- Audit Event Mapping field, 4.10.1
- Audit Events field, 4.10.1
- Audit File Name field, 3.3.1.1
- Audit File Size field, 3.3.1.1
- Audit Record Format field, 4.10.1
- audit rule
-
- definition, 4.8
- Audit to Database field, 3.3.1.1, 3.3.1.1, 3.3.2
- Audit to File, 3.3.1.1, 3.3.1.1, 3.3.2
- authentication, Preface, 1.1
-
- auditing, 4.12
- cookies, used as credentials, 5.3.8
- plug-Ins, A.1.3
- process overview, 3.10
- retaining over multiple sessions, 5.3.7
- rule, 4.8
-
- actions for, 5.10
- creating in the Policy Manager, 5.9.1
- definition, 4.8
- deleting, 5.9.3
- modifying, 5.9.2
- rules, in a policy, 4.11
- scheme
-
- default schemes, Preface
- WebGate, role in, 3, 3.1
- who configures, 4.14
- authentication request
-
- redirecting to another server, 5.3.2
- authentication scheme, 5.1.3
-
- about, 5, 5.1.3
- about steps in, 5.6.2
- actions, 5.10.8
- actions, triggering, 5.10.9
- Anonymous, 3.8
- anonymous login, 3.8
- caching, 3.4.2
- chained, 5.1.2, 5.6
- challenge methods, 5.3.2, 5.4.6
-
- Basic, 5.3.2
- Ext, 5.3.2
- Form, 5.3.2
- None, 5.3.2
- X.509, 5.3.2
- challenge redirects, 3.7.2.1, 5.3.2
- credential mapping, 5.4.7
- default, 5.1.4
- defining, 5.3
- deleting, 5.3.9
- deleting plug-ins, 5.5.3
- disabling, 5.3.2, 5.3.5
- disabling before deleting, Preface
- enabling, 5.3.2, 5.3.5
- external call for data in, A.1.6
- flows, 5.1.3
- flows, about, 5.8
- flows, creating, 5.8.3
- flows, viewing, 5.8.2
- form plug-ins, 5.4.6
- form-based, 3.10.2, 5.10.5.1
- form-based authentication, 3.10.3.3
- general information, 5.1.3
- modifying, 5.3.3
- multiple searchbases, 5.3.4
- multi-step, 5.6
- persistent cookies in, Preface
- plug-ins, 4.7, 5.1.3, 5.4
- plug-ins, adding, 5.5
- plug-ins, reusing, 5.4.4
- redirecting to a challenge page, 5.3.2
- redirection in, 5.3.2
- rules, 4.2.3
- securing the ObSSOCookie in, 5.3.6
- security levels, 5.3.2, 5.4.5
- single sign-on, 3.10
- single-step, about, 5.6.3
- steps, 5.1.3
- steps, adding, 5.7.3
- steps, deleting, 5.7.5
- steps, viewing, 5.7.1
- steps, viewing details, 5.7.2
- time-based, Preface, 5.3.7
- validate password, 5.4.9
- viewing, 5.3.1
- who can create, 2.2.2
- authorization, Preface, Preface, 1.1, 4.7, 6.6.5, A
-
- about, 6.1
- actions, 6.6
- actions associated with authentication, 5.10.9.2
- actions, about, 6.6
- actions, creating for a rule, 6.7.1
- actions, custom, 6.7.6
- actions, duplicate, 6.7.3
- actions, for an authorization rule, 6.7.1
- actions, for inconclusive results, 6.7.2.1
- actions, in disjoint domains, 6.7.1.1
- actions, in form-based authentication, A.1.5
- allow access, 6.3.3
- allow conditions, 6.2.1
- auditing, 4.12
- based on external data, 6.10
- components, illustration of, 4.8
- configuring, 6
- deny access, 6.3.4
- deny conditions, 6.2.1
- evalution, use of operators, 6.4.2.2
- events, 6.11
- expressions, 4.8, 4.8
-
- definition, 4.8
- illustration of, 4.8
- expressions, about, 6.4
- expressions, actions for, 6.7.2
- expressions, creating, 6.1.2, 6.5.2
- expressions, creating for a policy, 6.5.2.1
- expressions, deleting, 6.5.3.1, 6.5.4
- expressions, illustration of, 6.4.1
- expressions, modifying, 6.5.3, 6.5.3.3
- expressions, viewing, 6.5.1
- expressions, viewing for a policy domain, 6.5.1, 6.5.1.1
- external data used in, 6.10
- how it is used, 4.3
- in the Access System, 1.1
- plug-ins, 4.7
- process overview, 3.10
- process, illustration of, 3.10
- rules, 4, 4.3.1, 4.8, 4.8
- rules and expressions, 6.1.2
- rules, about, 6.2, 6.2.3
- rules, compound conditions, 6.4.2.5
- rules, configuring, 6.3.2
- rules, deleting, 6.3.8
- rules, evaluation of, 6.4.2.2
- rules, general information, 6.3.6
- rules, in a policy, 4.11
- rules, modifying, 6.3.7
- rules, replacing operators, 6.5.3.1
- rules, reuse, 6.2.2
- rules, viewing, 6.3.1
- schemes, 4.3.1
- schemes, about, 4.6
- schemes, configuring, 6.9.3
- schemes, deleting, 6.9.5
- schemes, for custom plug-ins, 6.8
- schemes, for single sign-on, 7.4.2.1
- schemes, modifying, 6.9.4
- schemes, plug-ins, 6.9.1
- schemes, viewing, 6.9.2
- single sign-on cookies, use of, 7.3
- timing coditions, 6.3.5
- WebGate, role in, 3, 3.1
- who can configure, 2.2
- who configures, 2.2.2, 4.14
- authorization actions
-
- and HTTP header variables, 6.6.4
- authorization expression
-
- see also authorization
- authorization expressions
-
- see expressions
- authorization rule
-
- Actions, 6.2.3
- Allow Access, 6.2.3
- Deny Access, 6.2.3
- evaluation, 6.2.4
- General Information, 6.2.3
- Timing Conditions, 6.2.3
- timing conditions for, 6.3.5
- authorization rules
-
- definition, 4.8
- timing conditions for, 6.3.5
- authorization scheme
-
- external data, retrieving for authorization, 6.10
B
- Basic authentication, 5.2
- basics, 1
- browsers
-
- caveats for, 3.10.3.1
- Buffer Size, 3.3.1.1
- Buffer Size field, 3.3.1.1, 3.3.2
C
- cache
-
- Access Manager SDK, E.1.6.3
- Access Server, 3.4.3.3, 4.9.7.1, 5.3.2, 5.10.7, 5.10.8, 6.3.2, 6.3.4, 6.5.2
- Access Server, flushing, 2.3.3
- Access System, 9.2
- AccessGate, 3.4.2
- credential mapping, 5.4.7, 5.4.7
- default timeout, 3.4.3.3
- flushing users from, 8.3.2
- form-based login errors and caching, E.1.6.3
- header variables, 5.10.4.1, 6.6.3.1
- Identity Server cache flush, 2.3.3
- InactiveReconfigPeriods, 3.4.3.2
- minimum elements in Access Server, 3.3.1.1
- ObSSOCookie, 3.10.3.1
- password, 5.4.9, 5.4.11
- password policy, 2.2, 8.5
- policy, 3.3.1.1
- Policy Cache Timeout field, 5.10.4.1
- session token, 3.3.1.1
- session token cache, 3.3.1.1
- timeout, 3.3.1.1, 9.3.2
- timeout, default, 9.3.2
- updating for Access Server, 4.9.7.1
- user cache timeout, 5.10.4.1
- WebGate, 3.4.2
- Cache Timeout field, 3.4.2, 3.4.3
- CacheControlHeader field, 3.4.2, 3.4.2, 3.4.3
- CachePragmaHeader field, 3.4.2, 3.4.2, 3.4.3
- Cert mode, 3.4.2, 3.4.3
- cert_decode, 5.4.6
-
- about, 5.4.10
- cert_decode plug-in, 5.4.6
- challenge maxpostdatabytes, 5.3.2, A.1.1
- challenge methods
-
- Basic, 5.2
- cert_decode plug-in, 5.4.6
- Client Cert (X509), 5.2
- credential_mapping plug-in, 5.4.6
- Ext, 5.2
- Form, 5.2
- form, 5.2, 5.3.2, 5.3.2
- None, 5.2
- NT/Win2000 plug-in, 5.4.6
- SecurID plug-in, 5.4.6
- selection_filter plug-in, 5.4.6
- validate_password plug-in, 5.4.6
- challenge parameter
-
- action, 5.3.2
- creds, 5.3.2
- form, 5.3.2
- passthrough, 5.3.2
- sensitivecreds, 5.2
- challenge redirect, 5.3.2
- challenge redirects, 3.7.2.1, 5.3.2
- client_request_retry_attempts, 3.4.3.2
- clusters
-
- Access Server clusters, 3.3.5
- adding, 3.3.5.1
- compound condition, 6.4.1
- conditions, complex, 6.4.1
- configuration
-
- about, 1
- configureAAAServer tool, 3.3.6
- configureAccessGate tool, 3.4.4
- configureWebGate command, 3.4.4
- Configuring
-
- IPv6 with an Authenticating WebGate and Challenge Redirect, D.4
- CONNECT operation, 4.4.3
- Connector for WebSphere, 7.6.1
- cookies
-
- basic authentication cookie, 3.10.3.2
- client cookie, 3.10.3.6
- encrypted session token and, 7.3
- encrypting the single sign-on cookie, 2.2, 2.2.1
- for single sign-on, 7.3
- form-based authentication cookie, 3.10.3.3
- generated during login, 3.10.3
- HTTP header variable size, effect of, 5.10.2
- Identity application session cookie, 3.10.3.4, 3.10.3.5
- in authentication schemes, 5.3.8
- lasting over multiple sessions, 5.3.7
- multi-domain SSO, 7.5
- non-ascii characters in, Preface, 5.10.2, 5.10.7, 5.10.7
- ObFormLoginCookie, 3.10.3, 3.10.3.3, A.2.1
- OBPERM Cookie, 3.10.3
- ObSSOCookie, 3.4.2, 3.10.3, A.1
- ObTEMC Cookie, 3.10.3
- ObTEMP Cookie, 3.10.3
- passing actions in, 6.6.2
- persistent, Preface
- primary HTTP cookie domain, 3.4.2, 3.4.3
- securing the ObSSOCookie, 5.3.6
- sending credentials in, 7.6
- single sign-on cookie, 3.10.3.1
- single sign-on logout, 2.3.3
- system settings cookie, 3.10.3.6
- triggering actions after setting, 5.10.9
- triggering actions after setting the ObSSOCookie, Preface
- COREid
-
- now named Oracle Access Manager, Preface
- Credential Mapping Authentication Plug-In, A.1.3
- credential mapping cache, 5.4.7, 5.4.7
- credential_mapping, 5.4.6
-
- about, 5.4.7
- for form-based authentication, A.1.3
- parameters, 5.4.7
- credentials
-
- browser cookies as, 5.3.8
- sent in a URL, 7.6
- creds challenge parameter, 5.3.2
- custom plug-in, A.1.3
D
- Debug field, 3.3.2, 3.4.2, 3.4.3
- Debug File Name field, 3.3.2
- decimal addressing, 3.7.2
- DELETE operation, 4.4.3
- deny access, 6.3.4
- denying access
-
- example of, 3.8.1
- DenyOnNotProtected, 3.4.2, 3.4.3
-
- advantages of, 3.4
- allow access to all resources, 4.8.1.2
- deny all access unless explicitly allowed, 3.7
- example, 3.8.1
- setting for a WebGate, 3.4.2
- Description field, 3.4.2, 3.4.3
- diagnostics, 3.5.4, 8.2.2
-
- running, 8.6
- directory server
-
- configuration, 2.3.4
- directory server hosts, D.1
- Display Name field, 4.4.6
- duplicate actions, 6.7.3.1
-
- defaults for, 6.7.4
- restrictions on, 6.7.3.2
E
- EJB, 4.4.2
-
- operations, 4.4.4
- email
-
- configuring user feedback email address, 2.3.2
- encryption
-
- schemes, 7.3.2
- Engine Configuration Refresh Period field, 3.3.1.1, 3.3.2
- expressions, 4.3.1, 4.8, 6.1.2
-
- about, 4.8, 6.4
- associating with actions, 6.6.1, 6.7.2
- complex conditions in, 6.4.1
- compound conditions in, 6.4.1
- contents of, 6.4.1
- creating, 6.5.2
- creating, overview, 6.1.2
- duplicate actions, 6.7.5
- duplicate actions in, 6.7.5
- evaluation of, 6.4.1
- evaluation of rules in, 6.4.2.2
- illustration of, 6.4.1
- in authorization rules, 6.2
- inconclusive results in, 6.7.2.1
- status codes, 6.4.2.1
- testing, 4.13
- viewing, 6.5.1
- external data
-
- retrieving for authorization, 6.10
F
- Failover Threshold field, 3.4.2, 3.4.3
- features
-
- new, Preface
- feedback
-
- email address for, 2.3.2
- File Rotation Interval field, 3.3.1.1, 3.3.2
- Firefox, 3.10.3.1
- form
-
- challenge method, 5.3.2
- form challenge method, 5.2, 5.3.2
- form challenge parameter, 5.3.2
- form login
-
- Identity System, 3.10
- form-based authentication, 3.10.2, 3.10.3.3, 5.3.2, A.1
-
- about, A, B
- action challenge parameter, A.1.1
- challenge parameters, A.1.1
- collecting external data for, A.1.6
- configuring, A.3, A.3
- considerations, A.2
- creating the form, A.2
- credential_mapping plug-in, A.1.3
- creds challenge parameter, A.1.1
- custom plug-in, A.1.3
- examples, A.4.1
- form challenge parameter, A.1.1
- header variables, A.1.5
- instead of a plug-in, 5.10.5.1
- multi-language form, A.4.3
- ObFormLoginCookie, 3.10.3.3, A.2.1
- overview, 5.10.5.1
- passthrough challenge parameter, A.1.1
- plug-ins, 5.4.6, A.1.3
- redirection, use of, A.1.2
- session cookie, A.1.4
- task overview, A.1
- validate_password plug-in, A.1.3
G
- GET operation, 4.4.3
- getting started, 1
- Global Pass Phrase, 3.4.4
- globalization, Preface, Preface, 3.4.3.2
H
- HEAD operation, 4.4.3
- header variables, 7.6
-
- actions and, 5.10.4, 6.6.2
- caching, 5.10.4.1, 6.6.3.1
- cookies and, 6.6.3
- duplicate actions and, 6.7.3.2
- HTTP, 5.10.4
- in authorization rules, 6.2.3
- in single sign-on, 7.6
- non-ascii characters in, Preface, 5.10.2, 5.10.7, 5.10.7
- passing information via, 3.10.2, 5.10.1
- passing on redirection, 5.10.4, 5.10.5, 5.10.7
- ProxySSLStateHeader, 3.4.3.2
- setting credentials in, 7.6
- use with cookies, 5.10.2
- Web server handling of, 5.10.4.2
- with WebGate behind a reverse proxy, 3.4.3.2
- host identifiers, 2.2, 2.2.2, 3.1, 3.4.2, 3.4.3, 4.3.1
-
- adding, 3.7.2.3
- and SSO, 7.4.2.1
- and virtual Web hosting, 3.7.2
- definition, 4.3.1, 4.9.7.1
- deleting, 3.7.2.2
- using, 3.7.2, 4.9.7.1
- using vs preferred hosts, 3.7
- viewing, 3.7.2.2
- vs DenyOnNotProtected, 3.4.2, 3.8
- Hostname field, 3.3.2, 3.4.2, 3.4.3
- hosts
-
- configuring identifiers for, 3.7
- HTTP, 4.4.2
-
- operations, 4.4.3
I
- Identity application
-
- cookies generated at login, 3.10.2, 3.10.3.4
- login process for, 3.10
- protecting, 7.7.1
- Identity Domain, 4.3.3
- Identity Server
-
- cache flush, 2.3.3
- logged you in but other system logged you out error, E.1.8.1
- Identity Server logged you in but other system logged you out error, E.1.8.1
- Identity System
-
- anonymous access to, 5.2
- configuring, Preface
- form login, 3.10
- IdentityXML, Preface
- protecting, process for, 3.10
- SSO logout for, B.2
- Idle Session Time field, 3.4.2, 3.4.3
- IIS, A.3.2
- IIS Lockdown tool, 3.5.4
- IIS6, 3.5.4
- impersonation, 3.4.2, 3.4.3
-
- enabling in the Access System, 7.8, 7.8
- Impersonation Password field, 3.4.2, 3.4.3
- Impersonation Username field, 3.4.2, 3.4.3
- InactiveReconfigPeriod, 3.4.3.2, 3.4.3.3
- InactiveReconfigPeriods, 3.4.3.2
- inconclusive results, 6.7.2.1
- installation, Preface
-
- silent, 3.3.6, 3.3.6
- Integrated Windows Authentication, 3.4.3.2
- integration with third-party products, Preface
- introduction, 1
- IP address
-
- deny access according to IP address, 6.3.4
- IP address validation, 3.5.3
- IPValidation, 3.4.2, 3.5.3
-
- configuring, 3.5.3
- IPValidation field, 3.4.2, 3.4.3
- IPValidationException field, 3.4.2, 3.4.3
- IWA, 3.4.3.2
L
- language
-
- multi-language form, A.4.3
- localization, A.3.2
- logging
-
- automatic updates, Preface, Preface
- new features in this release, Preface
- what's new in this release, Preface
- login, 2.3.3
-
- cookies generated during, 3.10.3
- form-based, A
- form-based login, configuring, A.1
- on Netscape, 3.4.3.2
- process, 3.8, 3.10, 3.10
- process, scenarios for, 3.10.2
- self-registration auto login, 3.4.2
- logout, 2.3.3
-
- adding logout URLs, 3.4.2
- button for, 3.4.3.1
- caveats for, 3.10.3.1
- configuring, B
- configuring, for WebGates, 3.4.2
- custom logout pages, B.3
- for an Identity System resource, 3.4.3.1
- forced, 3.4.2
- from a multi-domain SSO session, 7.5.3
- from a single-domain SSO session, 7.4.4
- how it works, B.2
- issues with form-based authetication, A.2.1
- logout URL, 7.4.4, B.1, B.2
- SSO logout URL, configuring, 2.3.3
- logout.html, 7.6.2
- LogOutUrls field, 3.4.3
M
- Master Audit Rule, 4.10
- Maximum Client Session Time field, 3.3.1.1, 3.3.2, 3.4.2, 3.4.3
- Maximum Connections field, 3.4.2, 3.4.3
- Maximum Elements in Cache field, 3.4.2, 3.4.3
- Maximum Elements in Policy Cache field, 3.3.1.1, 3.3.2
- Maximum Elements in Session Token Cache field, 3.3.1.1
- Maximum Elements in User Cache field, 3.3.1.1, 3.3.2
- Maximum User Session Time field, 3.4.2, 3.4.3
- maxpostdatabytes challenge parameter, 5.3.2, A.1.1
- Microsoft Passport, 3.4.3.2
- Mozilla, 3.10.3.1
- mySAP, 7.6.1
N
- name changes, Preface
- names, new, Preface
- NetPoint
-
- now named Oracle Access Manager, Preface
- NetPoint 5.x, 3.4.3.2
- NetPoint SAML Services
-
- now named Oracle Identity Federation, Preface
- Netscape, 3.4.3.2, 3.10.3.1
- network traffic, 3.4.3.3
-
- cache timeout, 9.3.2
- for Access System, 3.4.3.3
- reducing, 3.4.3.3
- new features
-
- logging, Preface
- NT/Win2000 plug-in, 5.4.6
- number of connections, 3.5.5.1
- Number of Threads field, 3.3.1.1, 3.3.2
O
- ob_date, 4.10.1
- ob_datetime, 4.10.1
- ob_event, 4.10.1
- ob_ip, 4.10.1
- ob_operation, 4.10.1
- ob_reason, 4.10.1
- ob_serverid, 4.10.1
- ob_time, 4.10.1
- ob_time_no_offset, 4.10.1
- ob_url, 4.10.1
- ob_userid, 4.10.1
- ObBasicAuthCookie, 3.10.3.2
- ObFormLoginCookie, 3.10.3, 3.10.3.3, A.2.1
- obMappingBase, 5.4.7
- obMappingFilter, 5.4.7, A.3.3
- obmygroups
-
- in authorization actions, 6.6.4
- ObPERM Cookie, 3.10.3
- ObPERM cookie, 3.10.3.6
- ObSSOCookie, 3.4.2, 3.4.3, 3.5.3, 3.10, 3.10.3, 3.10.3.1, 7.3
-
- and redirection for SSO, 7.5.1
- and single domain SSO, 7.4.1
- cache, 3.10.3.1
- caveats for, 3.10.3.1
- configuring, 7.3.2
- form-based authentication and, A.1
- grandfathering, 7.3.2
- multi-domain SSO and, 7.5
- retaining over multiple sessions, 5.3.7
- security of, 7.3.1
- single sign-on and, 7.4.1
- unencrypted data in, 7.3
- ObTEMC Cookie, 3.10.3
- ObTEMC cookie, 3.10.3.4
- ObTEMP Cookie, 3.10.3
- ObTEMP cookie, 3.10.3.5
- OHS2, 3.4.3.2
- Open mode, 3.4.2, 3.4.3
- OPTIONS operation, 4.4.3
- Oracle Access Manager
-
- formerly NetPoint or COREid, Preface
- integration with third-party products, Preface
- protecting, 5.1.4
- unprotecting, 5.1.4
- Oracle HTTP Server 2, 3.4.3.2
- Oracle Identity Federation, Preface
-
- formerly SHAREid, Preface
- OracleAS, 7.6.1, 7.6.1, 7.6.1, 7.6.1
- OTHER operation, 4.4.3
P
- parameter files, C
-
- about, C
- passing information in a header variable, 5.10.3
- passthrough challenge parameter, 5.3.2
- password
-
- cache, 5.4.9
- password policy
-
- flushing from the cache, 8.5
- password policy cache, 2.2, 8.5
- Password Policy Reload Period field, 3.3.1.1, 3.3.2
- passwords
-
- caching, 5.4.11
- PDF files, 3.4.2
- performance, 3.3.2, 3.8
-
- caching passwords, 5.4.11
- configure cache timeout, 9.3.2
- duplicate actions, impact, 6.7.3.1
- logout URLs, impact, 7.4.4
- viewing policy domains, impact, 9.4
- personalizing the end user's interaction, 5.10.3
- plug-ins
-
- about, 4.7
- adding, 5.5
- adding to an authentication scheme, 5.5.2
- cert_decode, 5.4.6, 5.4.6
-
- about, 5.4.10
- credential_mapping, 5.4.6
-
- about, 5.4.7
- for form-based authentication, A.1.3
- parameters, 5.4.7
- custom
-
- for form-based authentication, A.1.3
- custom plug-ins, creating, 4.7
- custom, authorization schemes for, 6.8
- custom, to use in authorization schemes, 6.8
- definition, 4.7
- deleting from an authentication scheme, 5.5.3
- for a step, 5.6.2
- for authentication
-
- about, 5.4
- Access System-provided, 5.4.1
- custom, 5.4.2
- for challenge methods, 5.4.6
- to change security levels, 5.4.5
- for authentication flows, 5.8.1
- for authentication schemes, 4.6, 4.7, 5.1.2
- for authorization
-
- about, 6.8.1.1
- specifying, 6.9.1
- task overview, 6.8.1.1
- for authorization schemes, 4.7
-
- optional parameters, 6.9.1.3
- required parameters, 6.9.1.2
- for custom authorization actions, 6.7.6
- for disjoint (multiple) searchbases, 5.3.4
- for UNIX, 4.7
- for Windows, 4.7
- form-based authentication, A.1.3
- in a step, changing, 5.7.4
- NT/WIN2000, 5.4.6
- return codes, 5.4.3
- SecurID, 5.4.6
- selection_filter, 5.4.6, 5.4.6
- validate_password, 5.4.6, 5.4.6
-
- about, 5.4.9
- for form-based authentication, A.1.3
- parameters, 5.4.9
- versus form-based authentication, 5.10.5.1
- viewing, 5.5.1
- vs using form-based authentication, 5.10.5.1
- why separate into steps, 5.6.4
- Windows NT/2000, 5.4.12
- Plumtree Corporate Portal, 7.6.1
- policy, 4
-
- see also policy domain
- adding, 4.11.2
- finding, 4.9.5
- policy base
-
- about, 4.1.1
- policy cache, 3.3.1.1
- policy cache timeout, 5.10.4.1
- Policy Cache Timeout field, 3.3.1.1, 3.3.1.1, 3.3.2
- policy domain
-
- about, 4, 4
- administration
-
- about, 4.2
- configuring, 4.14.1
- delegating, 4.14, 4.14.1
- task overview, 4.2.2, 4.2.3
- why have multiple administrators, 4.3.6
- administrators, 4.14
- administrators, configuring, 4.14.1
- administrators, viewing, 4.14.1
- audit rules for, 4.12.1
-
- creating, 4.12.3
- audit rules for, modifying, 4.12.2
- auditing access to resources, 4.10, 4.12
- authentication actions for, setting, 5.10.8
- authorization expressions for, deleting, 6.5.4
- authorization expressions for, viewing, 6.5.1
- authorization rules for, viewing, 6.3.1
- components of, 4.3.1
- creating, 4.9.1
- creating the first one, 4.2.1
- creating, overview, 4.2.3
- default, Preface, 4.3.3
- default domains, 4.3.3
- default rules for, 5.9
- defining subsets of protected resources, 4.11
- delegated administration, 4.14
- delegated administration, caveat, 2.2.2
- delegating administration of, 4.14
- deleting, 4.9.3
- denying access to all resources in, 3.8
- disabling, 4.9.4
- effect of multiple policy domains and policies, 4.5.1
- EJB resource, 4.4.5
- enabling, 4.9.1, 4.9.1, 4.9.4
- examples of, 4.3.5, 4.3.5
- finding, 4.9.5, 4.9.5
- granularity of domains, 4.5.1
- host identifiers, 4.3.1, 4.9.7.1
- HTTP resource, 4.4.5
- location of policy data in the DIT, 4.1.1
- managing, about, 4.2.2
- master audit rule, 4.10
- modifying, 4.9.2
- order of evaluation, 4.3.2
- overview of creating, 4.1
- policies
-
- about, 4.3, 4.11
- adding, 4.11.2
- audit rules for, 4.12.3, 4.12.4
- configuring, 4.11
- deleting, 4.11.5
- deploying, 4.11.6
- finding, 4.9.5
- modifying, 4.11.3
- order of evaluation, 4.11.1
- ordering, 4.11.4
- overlapping patterns for, 4.11.1
- policies within, 4.3.1
- policy base, 4.1.1
- Policy Manager application, 3.1
- prerequisites for configuring, 4.1
- protecting all resources, 4.8.1.2
- RDBMS resource, 4.4.5
- resource types, configuring, 4.4
- resources, adding, 4.9.7
- root, 4.1.2
- root URL, 4.1.2
- rules and expression in, 4.8
- rules in policy domains, about, 4.8.1
- schemes in, 4.6
- servlet resource, 4.4.5
- single sign-on across domains, 7.2.1
- single sign-on with third-party applications, 7.2.1
- single sign-on within a domain, 7.2, 7.2.1
- structure, 4.3.1
- testing the configuration, 4.13
- top URL prefix in the DIT, 4.1.2
- unprotecting all resources, 4.8.1.1
- URL patterns, 4.5.3
- URL patterns, about, 4.5.3
- URL prefixes, 3.7.2.1, 4.5, 4.5.1
- URL prefixes, illustration of, 4.5
- URLs for resources, configuring, 4.5
- URLs in, 4.3.1
- viewing, 4.9.6
- who administers, 4.3.6
- who creates, 4.3.4
- Policy Manager, 1.2
-
- see also policy domain
- authentication schemes created during setup, 5.1.4
- authorization rules defined in, 6.3.1
- capturing messages sent to, 3.3.2
- changing the default landing page, 9.5.1
- changing the search interface, 9.5.2
- creating authentication rules in, 5.9.1
- creating authorization expression rules in, 6.1.2
- creating authorization rules in, 6.3.2
- customizing the user interface, 9.5
- debugging, 3.3.2
- definition, 3.1
- Identity Server logged you in but Policy Manager logged you out error, E.1.8.1
- installation, 4.1.1
- installed on same Web server as WebPass, 1.2
- location of policy data, 4.1.1
- policy base, 4.1.1
- policy domain root, 4.1.2
- preconfigured policy domains, 4.3.3
- purpose of, 4.9.1
- setting allow access in, 6.3.3
- setting deny access in, 6.3.4
- setting timing conditions for authorization rules, 6.3.5
- synchronizing clocks with other components, 9.3.1
- use for, 4.9.1, 6.1.2
- Policy Manager API, Preface
- Policy Manager API Support Mode, 3.4.1
-
- See Access Management Service, 3.3.1.1
- Port field, 3.3.2, 3.4.2, 3.4.3
- POST operation, 4.4.3
- preferred host
-
- and virtual servers, 3.7.1
- vs DenyOnNotProtected, 3.8
- vs host identifiers, 3.7, 7.4.2.1
- Preferred HTTP Host
-
- configuring for a virtual host, 3.7.3
- Preferred HTTP Host field, 3.4.2, 3.4.3
- Primary HTTP Cookie Domain field, 3.4.2, 3.4.3, 3.4.3
- Procedure
-
- AccessGates and WebGates
-
- To associate an AccessGate with an Access Server, 3.6.2
- To associate an AccessGate with an Access Server cluster, 3.6.2
- To change the configuration polling frequency, 3.4.3.4
- To change the default configuration cache timeout, 9.3.2
- To check the status of a WebGate, 3.5.5
- To create an AccessGate instance, 3.4.3
- To delete an AccessGate, 3.4.5
- To disassociate an AccessGate from an Access Server or an Access Server cluster, 3.6.4
- To modify a WebGate through the command line, 3.5.2
- To modify an AccessGate through the Access System Console, 3.4.4
- To modify an AccessGate through the command line, 3.4.4
- To view AccessGates, 3.4.1
- To view AccessGates associated with a cluster, 3.6.3
- administrators
-
- To add a Master Access Administrator, 2.2.1
- To create a group of Delegated Access Administrators, 2.2.3
- To modify a group of delegated administrators, 2.2.4
- To modify policy domain rights, 4.14.1
- To view Delegated Access Administrators for a policy domain, 4.14.1
- audits, logs, and reports
-
- To add a user access privilege report, 8.7.1
- To configure a server's Master Audit policy, 4.10.1
- To create an audit rule for a policy domain, 4.12.1
- To define an audit rule for a policy, 4.12.3
- To delete the Master Audit Rule, 4.10.3
- To modify an audit rule for a policy, 4.12.4
- To modify an audit rule for a policy domain, 4.12.2
- To modify the Master Audit Rule, 4.10.2
- authentication
-
- To add a step to an authentication scheme, 5.7.3
- To add plug-ins to an authentication scheme, 5.5.2
- To add, remove, or re-order plug-ins in an existing step, 5.7.4
- To configure an authentication scheme for multiple searchbases, 5.3.4
- To configure the flows of an authentication scheme, 5.8.3
- To correct an authentication flow containing a cycle, 5.8.4
- To create a default authentication rule for a policy domain, 5.9.1
- To create an authentication rule for a policy, 5.9.4
- To create an authentication scheme, 5.3.2
- To define a persistent cookie in the authentication scheme, 5.3.7
- To delete a policy domain's authentication rule, 5.9.3
- To delete a policy's authentication rule, 5.9.6
- To delete a step from an authentication scheme, 5.7.5
- To delete an authentication scheme, 5.3.9
- To delete plug-ins from an authentication scheme, 5.5.3
- To enable or disable an authentication scheme, 5.3.5
- To include a browser cookie as a credential in an authentication scheme, 5.3.8
- To list and view the details of an authentication scheme, 5.3.1
- To modify a policy domain's authentication rule, 5.9.2
- To modify a policy's authentication rule, 5.9.5
- To modify the content of an authentication scheme, 5.3.3
- To set authentication actions for a policy, 5.10.8
- To view the configuration of an authentication flow, 5.8.2
- To view the details for a step, 5.7.2
- To view the list of plug-ins for an authentication scheme, 5.5.1
- To view the steps of an authentication scheme, 5.7.1
- authorization
-
- To configure an authentication scheme for disjoint domains, 6.7.1.1
- To configure the sample scheme to obtain external authorization data, 6.10.1
- To create an action for an authorization expression, 6.7.2
- To create an action for an authorization rule, 6.7.1
- To create an authorization expression for a policy, 6.5.2.1
- To create an authorization expression for a policy domain, 6.5.2
- To create an authorization scheme, 6.9.3
- To define an authorization rule, 6.3.2
- To delete an authorization rule, 6.3.8
- To delete an authorization scheme, 6.9.5
- To delete an item, 6.5.3.1
- To delete the authorization expression for a policy, 6.5.4
- To delete the authorization expression for a policy domain, 6.5.4
- To delete the entire content of an expression, 6.5.3.1
- To display a current list of authorization rules, 6.3.1
- To display the Authorization Expression page for a policy to modify the expression, 6.5.3.3
- To display the page for modifying the authorization expression for a policy domain, 6.5.3.3
- To implement a custom action, 6.7.6
- To modify an authorization rule, 6.3.7
- To modify an authorization scheme, 6.9.4
- To replace one authorization rule with another, 6.5.3.1
- To replace one operator with another, 6.5.3.1
- To retrieve external data for an authorization request, 6.10
- To set a timing condition, 6.3.5
- To set Allow access, 6.3.3
- To set Deny Access, 6.3.4
- To set the behavior for handling duplicate actions for an expression, 6.7.5
- To set the system default duplicate actions behavior for the Access Server, 6.7.4
- To view an authorization expression for a policy, 6.5.1.1
- To view an authorization expression for a policy domain, 6.5.1
- To view configured authorization schemes, 6.9.2
- To view the general information for an authorization rule, 6.3.6
- form-based authentication
-
- To configure a form-based authentication scheme, A.3.1
- To include only active users in the obMappingFilter, A.3.3.1
- To include only non-active users in the obMappingFilter, A.3.3.2
- To retrieve external data for an authentication request, A.1.6
- To set the login form encoding to UTF-8 for 10g Release 3 (10.1.4), A.4.1.2
- hosts and resources
-
- To change a resource description, 4.9.8
- To define a resource type, 4.4.6
- To delete a resource, 4.9.9
- To deny access to all unprotected resources, 3.8
- To view or delete existing Host Identifiers, 3.7.2.2
- IPv6
-
- To configure IPv6 with a separate proxy for authentication and resource WebGates, D.5
- To configure IPv6 with an authenticating WebGate and challenge redirect, D.4
- To configure IPv6 with simple authentication, D.3
- policy domains and policies
-
- To add a policy, 4.11.2
- To add resources to a policy domain, 4.9.7.1, 4.9.7.1
- To create a policy domain, 4.9.1
- To create an authentication rule for a policy, 5.9.4
- To create an authorization expression for a policy, 6.5.2.1
- To delegate rights for a policy domain, 4.14.1
- To delete a policy, 4.11.5
- To delete a policy domain, 4.9.3
- To delete a policy domain's authentication rule, 5.9.3
- To delete a policy's authentication rule, 5.9.6
- To delete the authorization expression for a policy, 6.5.4
- To delete the authorization expression for a policy domain, 6.5.4
- To disable a policy domain, 4.9.4
- To display the Authorization Expression page for a policy to modify the expression, 6.5.3.3
- To display the page for modifying the authorization expression for a policy domain, 6.5.3.3
- To enable a policy domain, 4.9.4
- To modify a policy, 4.11.3
- To modify a policy domain, 4.9.2
- To modify a policy domain's authentication rule, 5.9.2
- To modify a policy's authentication rule, 5.9.5
- To run Access Tester, 4.13
- To search for existing policy domains or policies, 4.9.5
- To set authentication actions for a policy domain, 5.10.7
- To set the order of policies within a domain, 4.11.4
- To turn off the display of Resource Type and URL Prefix columns, 9.4
- To view policy domains and configuration information, 4.9.6
- Policy Manager
-
- To change search parameters, 9.5.2
- To change the default number of search results, 9.5.2
- To set Search as the default page, 9.5.1
- servers
-
- To access the configureAAAserver tool, 3.3.6.1
- To add an Access Server cluster, 3.3.5.1
- To add an Access Server instance, 3.3.2
- To archive sync records, 8.8.2
- To configure the directory server, 2.3.4
- To create the revoked user list, 8.3.1
- To customize email, 2.3.2
- To delete an Access Server, 3.3.4
- To flush all redirect URLs, 8.5
- To flush user information from the cache, 8.3.2
- To generate a cryptographic key, 8.4
- To implement synchronization, 9.3.1
- To install an Access Server in silent mode, 3.3.6
- To modify common parameters, 3.3.6.1
- To purge sync records, 8.8.3
- To re-configure an Access Server, 3.3.6.1
- To remove an Access Server service, 3.3.6.1
- To run diagnostics for Access Servers, 8.6
- To set the number of queues on Solaris, 3.3.6.2
- To set the number of queues on Windows 2000, 3.3.6.2
- To set the number of queues on Windows NT, 3.3.6.2
- To view Access Server configuration details, 3.3.1
- To view certificate details, 5.4.10
- To view or modify an Access Server cluster, 3.3.5.1
- To view server settings, 2.3.1
- single sign-on
-
- To configure a second WebGate for single sign-on, 7.4.2.1
- To configure redirection, 7.5.1
- To configure the logout button, 3.4.3.1
- To configure the ObSSOCookie, 7.3.2
- To configure the SSO Logout URL, 2.3.3
- To configure the WebGate, 7.4.2.1
- To create a policy domain that protects the Access System applications, 7.7.1
- To create a policy domain that protects the Identity System applications, 7.7.1
- To secure the ObSSOCookie, 5.3.6
- virtual servers
-
- To configure a preferred HTTP host for a virtual server, 3.7.3
- Process overview
-
- Form-based authentication from the user's perspective, 5.10.5.1
- How a URL prefix is used, 4.5.1
- How URL patterns are used, 4.5.3
- Identity resource protected by WebGate, 3.10.2
- Multi-domain single sign-on, 7.5
- WebGate-to-Access Server configuration polling, 3.4.3.3
- proxy, 7.4.3
- PUT operation, 4.4.3
R
- RC4 encryption, 7.3.2
- RC4 encryption scheme, 7.3.2
- RC6 encryption, 7.3.2
- RC6 encryption scheme, 7.3.2
- redirecting an authentication request, 5.3.2
- redirecting users to a specific URL, 5.10.3
- redirection, 5.10.5, 6.2.3
-
- and header variables, 5.10.1
- authorization rules and, 6.2.3
- configured in an action, 5.10.5
- configuring, 7.5.1
- for authentication success and failure, 5.10.7
- in form-based login, A.1.1, A.1.2
- in multi-domain SSO, 7.5.1
- multi-domain SSO use of, 5.3.2
- to a URL for authentication, 5.3.2
- Redirection URL field, 5.10.7
- report files, 3.4.2
- reports
-
- user access privileges, 8.7
- resource
-
- adding to a policy domain, 4.9.7, 4.9.7.1
- auditing of, 4.12.1
- authenticating users who try to access, 5
- deleting, 4.9.9
- denying access by default, 3.7, 3.8
- EJB, 4.4.2
- HTTP, 3.4, 4.4.2
- identified by host identifier, 3.7
- identified by preferred host, 3.7
- J2EE, 4.4.5
- policies for, 4.5
- policy domain root, 4.1.2
- protecting, 2.2
- protecting all resources, 4.8.1.2
- protecting with policy domain, 4
- protecting with WebGate, 3.1
- type
-
- configuring, 4.4
- defining, 4.4.6
- unprotecting all resources, 4.8.1.1
- URL pattern for, 4.5
- URL patterns, about, 4.5.3
- URL prefix, about, 4.5.1
- URLs for, 4.5
- who can define resource types, 2.2.2
- Resource Matching field, 4.4.6
- Resource Name field, 4.4.6
- Resource Operation field, 4.4.6
- resource types
-
- about, 4.4
- C programs, 4.4.5
- C++ programs, 4.4.5
- CRM applications, 4.4.5
- directories, 4.4.5
- Enterprise Java Beans (EJBs), 4.4.5
- ERP applications, 4.4.5
- Java programs, 4.4.5
- Java Server pages (JSPs), 4.4.5
- query strings, 4.4.5
- supported, 4.4.5
- web applications, 4.4.5
- web pages, 4.4.5
- reverse proxy, 7.4.3
- revoking users, 8.3.1
- role
-
- deny access to a role, 6.3.4
- RSA SecurID, 7.6.1
- rule
-
- deny access filters, 6.3.4
- rules
-
- about, 4.8
- illustration of, 4.8
- types of, 4.8
S
- schemes
-
- see also authentication scheme
- about, 4.6
- see also authorization scheme
- searchbase
-
- multiple searchbases, 5.3.4
- SecurID plug-in, 5.4.6
- Security Provider for WebLogic SSPI, 7.6.1
- Select Cluster Type field, 3.6.2
- selection filter plug-in, 5.4.6
- selection_filter, 5.4.6
- sensitivecreds challenge parameter, 5.2
- server settings
-
- directory servers, 2.3.4
- email addresses, 2.3.2
- SSO logout URL, 2.3.3
- viewing, 2.3.1
- servers
-
- see also Access Server
- virtual, 3.7.1
- session token cache, 3.3.1.1
- Session Token Cache field, 3.3.2
- shared secret, 8.4
-
- changing, 8.4.1
- configuring, 7.3.2
- creating, 8.4
- definition, 7.3.2
- frequency of reading, 3.4.3.2
- read interval, 3.4.3.2
- who creates, 2.2, 2.2.1
- SHAREid
-
- now named Oracle Identity Federation, Preface
- silent mode, 3.3.6
- Simple mode, 3.4.2, 3.4.3
- single sign-on, 3.10
-
- between Identity and Access System, 7.7
- caveats for the ObSSOCookie, 3.10.3.1
- configuring, 7
- cookies, 7.3
- definition, 7.2
- issues with IP addresses, 3.5.3
- logout from, 2.3.3, 7.4.4
- logout from multi-domain, 7.5.3
- multi-domain, 7.5
- ObSSOCookie, 3.10.3.1
- ObSSOCookie, securing, 5.3.6
- passing user information, 5.10.3, 6.6.4
- prerequisites, 7.1
- reverse proxy, 7.4.3
- security level for, 5.3.2
- single domain, 7.4
- single domain, setting up, 7.4.2
- triggering authentication actions after signing on, 5.10.9.1
- types of, 7.2.1
- using older WebGates, 7.3.2
- Sleep For field, 3.4.2, 3.4.3
- SlowFormLogin, 3.4.3.2, 3.4.3.2
- SNMP
-
- see also Oracle Access Manager Identity and Common Administration Guide
- enabling, 3.3.1.1, 3.3.1.1, 3.3.1.1, 3.3.2, 3.3.2
- SNMP Agent Registration Port, 3.3.1.1
- SNMP Agent Registration Port field, 3.3.1.1, 3.3.2
- SNMP State field, 3.3.1.1
- SSO
-
- see single sign-on
- SSO Logout URL, 7.6.2
- SSO logout value
-
- cache flush after changing, 2.3.3
- State field, 3.4.2
- sync records, 8.8
- System Console
-
- Identity Server logged you in but the System Console logged you out error, E.1.8.1
T
- Task overview
-
- Administering a policy domain, 4.2.2
- Associating an AccessGate with an Access Server or cluster includes, 3.6.2
- configuring a custom logout page, B.3
- Configuring form-based authentication, A.1
- Create an AccessGate, 3.4
- Creating a form for authentication, A.3, A.3
- Creating a policy domain, 4.2.3
- Creating authorization expressions, 6.1.2
- Creating the first policy domain, 4.2.1
- Defining actions for a policy's authentication rule, 5.10.8
- Defining and managing authentication schemes, 5.3
- Defining authentication and authorization schemes for single sign-on, 7.4.2.1
- Enabling single domain single sign-on, 7.4.2
- Implementing multi-domain single sign-on, 7.5
- Prerequisite tasks for a Master Administrator, 4.1
- Protecting resources on a virtual host, 3.7
- Providing customized authorization plug-ins, 6.8.1.1
- servers
-
- Creating an Access Server, 3.3
- Setting authentication actions for a policy domain, 5.10.7
- third-party products, Preface
- timeout
-
- for WebGate to AccessGate connections, 3.4.3.2
- TRACE operation, 4.4.3
- traffic, network, 3.4.3.3
- transport security, 3.3.1.1
-
- changing, caveat for, 3.3.5.1
- configuring from the command line, 3.4.4
- for AccessGates, 3.4.3
- modes, 3.3.1.1
- options, 3.4.2, 3.4.2
- password, command line option, 3.4.4
- password, configuring, 3.4.4
- reconfiguring, 3.4.4
- searching based on, 3.4.1
- selecting the mode, 3.3.2
- when to use the same mode, 3.3.5.1, 3.4.2, 3.4.2
- Transport Security field, 3.3.1.1, 3.3.2, 3.4.2, 3.4.3
- troubleshooting, E, E
-
- typical problems in Oracle Access Manager, E
U
- URL
-
- containing the ObSSOCookie, 7.3
- decimal addressing, 3.7.2
- deny access to all URLs, 3.4.2
- flushing from cache, 8.5
- form action URLs, A.3.1.1
- logout URLs, 3.4.2, 7.4.4, B.1, B.2
- maximum number in cache, 3.4.2
- Oracle Access Manager URLs, unprotecting, 5.1.4
- pattern matching symbols, 4.5.4
- patterns, how used, 4.5.3
- policy domain root URL, 4.1.2
- prefix, 4.1.2
- prefix reload period, 3.3.1.1
- prefix, how used, 4.5.1
- prefixes for, 4.5
- protecting Oracle Access Manager URLs, 5.1.4
- redirection, 5.10.1, 5.10.3, 6.2.3
- Redirection URL field, 5.10.7
- SSO Logout URL, 2.3.3, 7.6.2
- storing as https, 3.4.3.2
- user credentials in, 7.6
- WebGate diagnostic, 3.5.4
- URL Prefix Reload Period field, 3.3.1.1, 3.3.2
- URLInUTF8Format, 3.4.3.2
- UseIISBuiltinAuthentication, 3.4.3.2
- user cache timeout, 3.3.1.1, 5.10.4.1
- User Cache Timeout field, 3.3.1.1, 3.3.2
- user-defined parameters, 3.4.2, 3.4.3.2
-
- client_request_retry_attempts, 3.4.3.2
- InactiveReconfigPeriods, 3.4.3.2
- ProxySSLHeaderVar, 3.4.3.2
- SlowFormLogin, 3.4.3.2
- URLInUTF8Format, 3.4.3.2, 3.4.3.2
- UseIISBuiltinAuthentication, 3.4.3.2
- WaitForFailover, 3.4.3.2
- User-Defined Parameters field, 3.4.2, 3.4.3
- users
-
- access privilege reports, 8.7
- authentication and authorization of, 1.2
- authentication of, Preface, 1.1
- authorization of, Preface, 1.1
- deny access to specific user, 6.3.4
- filtering inactive users, 5.4.8
- flushing from the cache, 8.3.2
- inactive, 5.4.8
- revoking, 8.3.1
- UTF-8, 3.4.3.2
V
- Validate Password Authentication Plug-Ins, A.1.3
- validate_password, 5.4.6
-
- about, 5.4.9
- for form-based authentication, A.1.3
- parameters, 5.4.9
- validate_password plug-in, 5.4.6, A.1.3
- virtual servers, 3.7.1
-
- configuring, 3.7.3
- virtual Web hosting, 3.7.3
-
- configuring a WebGate for, 3.7.3
W
- WaitForFailover, 3.4.3.2, 3.4.3.2, 3.4.3.2
- Web forms, A
- Web pages
-
- protecting
-
- see resource, protecting
- Web server hosts
-
- configuring identifiers for, 3.7
- WebGate, 1.2
-
- see also AccessGate
- Access Server Timeout Threshold, 3.4.2
- associating with particular virtual host, directory, or file, 3.9
- cache, 3.4.2
- CacheControlHeader, 3.4.2
- CachePragmaHeader, 3.4.2
- checking the status of, 3.5.5
- configuration polling, 3.4.3.3
- configureWebGate command, 3.4.4
- configuring for virtual Web hosting, 3.7.3
- configuring on IE, 3.4.3
- definition, 1.2, 3.1
- DenyOnNotProtected, 3.4.2
- DenyOnNotProtected parameter, 3.4.3
- diagnostic URL, 3.5.4
- diagnostics, 3.5.4, 3.5.4
- IP address validation, 3.5.3
- IPValidation, 3.4.2
- IPValidationException, 3.4.2
- login when a resource is not protected, 3.10.2
- login when a resource is protected, 3.10.2
- LogOutUrls, 3.4.2, 3.4.3
- managing, 3.5
- modifying, 3.5.2
- polling frequency, 3.4.3.4
- polling frequency, changing, 3.4.3.4
- Preferred HTTP Host
-
- with virtual hosts, 3.7.3
- status, checking, 3.5.5
- synchronizing with Access Server, 3.5.1
- updates in this release, Preface
- user-defined parameters for, 3.4.2, 3.4.3
- webgate.dll, 3.5.4
- WebPass
-
- installed on same Web server as Policy Manager, 1.2
- what's new in this release, Preface
-
- attribute sharing, Preface
- federated authorization, Preface
- globalization, Preface
- modifying authentication schemes without disabling them, Preface
- persistent cookies in authentication schemes, Preface, Preface
- triggering authentication actions after the ObSSOCookie is set, Preface
- WebGate updates, Preface
- Windows 2000 plug-in, 5.4.12
- Windows NT plug-in, 5.4.12