Index

A  B  C  D  E  F  H  I  J  K  L  M  N  O  P  R  S  T  U  W  X 

A

account linking, 1.1.3
administration
common tasks, 4.2
affiliations, 1.2.5
runtime behavior, 6.2
architecture
typical deployment, 2.6.2
architecture considerations, 2.6.1
assertion validity, 5.3
Attribute Mapping and Filtering, 5.9.1
Attribute Name Mapping, 5.9.1.1
attribute query, 4.2.8
attribute request, 4.2.8
Attribute Request Message, 5.8.2
Attribute Requeste, 5.8
Attribute Requester
service interface, 5.8.1
Attribute Response Message, 5.8.3
Attribute Sharing, 5.6
components, 5.6.1
Attribute Value Filtering, 5.9.1.3
configuring, 5.9.2.3
Attribute Value Mapping, 5.9.1.2
configuring, 5.9.2.2
Auditing, 7.4
Authentication Engines, 5.15
Custom, 5.15.9
Database Security, 5.15.4
Database Table, 5.15.5
Federated SSO Proxy, 5.15.7
Infocard, 5.15.6
JAAS, 5.15.8
LDAP Directory, 5.15.3
Oracle Access Manager, 5.15.2
Oracle Single Sign-On, 5.15.1
authentication engines, 3.2.5.1.1
and authentication flows, 2.3
authentication mechanism
default, 5.14.1.1
Authentication Mechanisms, 5.14
Local, 5.14.2
SAML 1.x, 5.14.4
SAML 2.0, 5.14.3
WS-Federation 1.1, 5.14.5
authentication modes, 2.3.1

B

bilateral authentication, 2.2.2.3
bindings
HTTP Artifact, 1.2.4.2
HTTP POST, 1.2.4.1
HTTP redirect, 1.2.4.4
Business Processing Plug-in, 8.5

C

certificate repository, 2.1.3.3
certificate validation, 2.1.3.3
certificates
and trust, 4.1.1.2
certification matrix, 1.2.8
common domain parameters, 5.3
Configuration Settings
and metadata, 5.1.1
Configuration Settings and Provider Metadata, 5.1.1
Configuring Service Providers, 5.5
Cookie Lifetime, 5.3
Creating a custom authentication engine, 3.2.5.2
creating a custom SP Integration Engine, 3.2.5.3
Credentials, 4.5
cross-domain trust, 4.1.1.2
Cryptographic Provider, 1.2.6
custom IAM, 3.2.5

D

data store, 2.4
configuration, 2.4.4, 5.13.4
federation, 2.4.1, 5.13.2
session and message, 2.4.3, 5.13.3
user, 2.4.2, 5.1.2, 5.13.1
data stores
managing, 5.13
deployment
architecture, 2.1
installation requirements, 2.4.4
planning, 4.1.1.3
profiles and bindings, 2.2
protocols, 2.1.4
proxy server, 2.1.2
scenarios, 3.2
security, 2.1.3
server roles, 2.1.1
sizing, 2.6
topology, 2.1.1, 2.6.4
with Oracle HTTP Server, 3.2.1
with Oracle Single Sign-On, 3.2.2
deployment planning, 4.1.1.2
deprovisioning, 5.1.2
destination domain, 1.1.3
domain, 1.1.3

E

Exchange User Identities, 4.1.1.2

F

features, new
release 11g (11.1.1), Preface
federated identity management, 1.1.1
event flow, 1.2.7
Federated SSO Proxy
authentication engines, 5.15.7
federation
account linking, 1.1.3
benefits, 1.1.1
concepts, 1.1.3
evolution of standards, 1.1.4.2
use cases, 1.1.2
federation data store, 2.4.1
federation profiles, 1.2.4
artifact, 1.2.4.2
federation termination, 1.2.4.8
global logout, 1.2.4.9
name identifier, 1.2.4.5
federation protocols, 1.1.4
federation record
structure, 5.1.2
uniqueness, 5.1.2
federation termination
profiles, 1.2.4.8
Force SSL, 5.2.1, 5.2.1
forcing reauthentication
not supported with Oracle Single Sign-On, 3.2.2

H

high availability, 2.6.1.6
Host Connection Properties, 5.2.1
HTTP Basic Authentication, 2.3.6
HTTPS mode, 5.2.1, 5.2.1

I

Identities
Federations, 4.4.2
search options, 4.4.4
Users, 4.4.3
Identity Federation Engine, 3.2.5.1.1
identity management
challenges, 1.1.1
federated, 1.1.1
Identity Provider
sending attributes in SSO Assertions, 5.7
identity provider, 1.1.3
Identity Providers - Common Properties, 5.3
Identity Providers - Protocol-Specific Properties, 5.4
IdP Properties
SAML 1.x, 5.4.2
SAML 2.0, 5.4.1
WS-Federation, 5.4.3
implementation checklist, 2.7

J

JAAS
authentication engines, 5.15.8
JCE Policy Files, 8.4

K

keystore, 4.1.1.2

L

LD_ASSUME_KERNEL, B.1.4.3
LDAP Directory
authentication engines, 5.15.3
log files, 4.1.3
Logging, 7.3
logout, 4.2.5

M

mapping
authentication mechanisms to authentication engines, 5.14.1.2
methods to authentication mechanisms, 5.14.1.2
Mapping and Filtering
configuration, 5.9.2
Message Data Store, 5.13.3
Metadata, 5.1.1
properties that affect, 5.1.1
protocol URLs, 5.1.1
re-publishing, 5.1.1
metadata, 4.1.1.2
affected properties, 5.1.1
properties that affect, 5.1.1
Monitoring, 7.1

N

new features
release 11g (11.1.1), Preface

O

OASIS, 1.1.4.1
Oracle Access Manager
authenticating with, 2.3.4
authentication engines, 5.15.2
configuring plug-ins, 5.6.3
deploying with, 3.2.3
schemes and policies, 5.6.4
Oracle HTTP Server
as proxy, 8.1
deploying with, 3.2.1
Oracle Identity Federation, 1.2
administration, 4.1.2
administration tools, 4.1.2
and PKI, 4.1.1.2
architecture, 1.2.2, 3.2.5.1.1
as IdP Attribute Responder, 5.6.6
as SP Attribute Requester, 5.6.5
as SSL client, 8.2.2
as SSL server, 8.2.1
basic administration, 4.1
benefits, 1.2.1
configuring, 5
data maintained by, 5.1
deployed with Oracle Access Manager, 3.2.3
deployed with Oracle HTTP Server, 3.2.1
deployed with Oracle Single Sign-On, 3.2.2
deployed with Sun Java System Web Server, 3.2.4
federated identities, 4.4.1
Federations, 4.3
Home Page, 7.1.1
installation requirements, 2.5
log files, 4.1.3
managing credentials for, 4.5
modules and flow, 3.2.5.1.1
proxy for, 8.1
schema, 5.13.5
SSL for, 8.2
WLST
list of commands, 9.2
WLST for, 9
Oracle Single Sign-On
authenticating with, 2.3.5
authentication engines, 5.15.1
deploying with, 3.2.2
testing deployment, 3.2.2.6
Outbound Connection Properties, 5.2.2

P

performance
and assertion security, 2.6.1.4
and connection tuning, 2.6.1.5
and profiles, 2.6.1.1
and repositories, 2.6.1.2
and server tuning, 2.6.1.7
tuning, 2.6
Performance Summary, 7.1.2
PKI, 4.1.1.2
principal, 1.1.3
profiles
artifact
request processing, 2.2.2.1
security, 2.2.2.3
using, 2.2.2.1
with proxy, 2.2.2.1
attribute sharing
using, 2.2.2.4
choosing, 2.2.2
federation termination, 1.2.4.8
HTTP redirect, 1.2.4.4
logout, 1.2.4.9
passive requester, 1.2.4.7
POST, 1.2.4.1
request processing, 2.2.2.2
security, 2.2.2.3
using, 2.2.2.2
with proxy, 2.2.2.2
WS-Federation
using, 2.2.2.5
Proxy
setting up, 8.1
proxy server, 8.1

R

RCU
and schema creation, 5.13.5
reauthentication, 5.3
forcing not supported for Oracle Single Sign-On, 3.2.2
reference footprint, 2.6.3
roles
FederationAdmin, 4.1.1.1

S

SAML, 1.1.4.1
assertions, 1.1.4.1
authentication example, 1.1.4.4
profiles, 1.1.4.1
protocol bindings, 1.1.4.1
request and response cycle, 1.1.4.1
request-response cycle, 1.1.4.1
SAML 1.x, 1.1.4.3
IdP Properties, 5.4.2
SP, 5.5.3
SAML 2.0, 1.1.4.4
IdP NameID formats, 5.4.1
IdP Properties, 5.4.1
SP, 5.5.2
SAML security considerations, 2.2.2.3
schema
creating, 5.13.5
Security and Trust
configuring, 5.10
Provider Metadata, 5.10.2
Trusted CAs and CRLs, 5.10.3
Wallet, 5.10.1
security considerations, 2.2.2.3
server certificates, 4.2.2
Server Clock Drift, 5.2.1
Server Configuration Data, 5.1.1
Server Hostname, 5.2.1
server metadata, 4.2.1
Server Port, 5.2.1
Service Provider
Common Properties, 5.5.1
SAML 1.x, 5.5.3
SAML 2.0, 5.5.2
WS-Federation 1.1, 5.5.4
service provider, 1.1.3
session
active period, 5.2.1
Session Data Store, 5.13.3
Session Timeout, 5.2.1
signature verification, 4.2.6
Signing and Encryption Wallets, 8.3
Single Sign-On
for SAML 1.x and WS-Federation, 4.3.5
single sign-on, 1.1
sizing guidelines, 2.6
SOAP Port, 5.2.1
SP integration engine
custom, 3.2.5.3
SSL, 8.2
and PKI, 4.1.1.2
configuration, 8.2.1
configuring for Oracle Identity Federation, 8.2
enabling for server, 5.2.1, 5.2.1
Sun Java System Web Server
deploying Oracle Identity Federation with, 3.2.4
deploying with, 3.2.4
Supported Standards and Applications, 1.2.8

T

test SP engine, 3.2.6
third-party IAM solutions, 3.2.5
timeout parameters, 5.3
topology, 2.6.4
transient data store, 2.4.3
troubleshooting
AccessGate permission error, B.1.4.1
back-ends with same cookie domain, B.1.4.4
bookmarked login page, B.1.3.2
bookmarked resource, B.1.6.1
file descriptor error, B.1.5.1
incorrect login page, B.1.3.1
LD_ASSUME_KERNEL, B.1.4.3
non-ASCII AccessGate ID, B.1.4.2
Operating System configuration, B.1.5
Oracle Access Manager configuration, B.1.4
Oracle Identity Federation configuration, B.1.2
Oracle Single Sign-On configuration, B.1.3
runtime SSO issues, B.1.6
search fails against Microsoft Active Directory, B.1.5.2
trusted provider
adding, 4.3.2
delete, 4.3.4
for SSO, 4.3.5
searching, 4.3.1
update, 4.3.3

U

User Consent, 5.4.1
example page, 5.4.1
user data store, 2.4.2
connection data, 2.4.2
User Federation Data, 5.1.2
User Federation Record Context, 2.4.1
user records
basic data, 5.1.2
deprovisioning, 5.1.2
federation data, 5.1.2
synchronizing, 5.1.2

W

Web Proxy
configuring behind, 3.2.4.3
WLST, 9
addConfigListEntryInMap, 9.2.1
addConfigMapEntryInMap, 9.2.2
addConfigPropertyListEntry, 9.2.3
addConfigPropertyMapEntry, 9.2.4
addFederationListEntryInMap, 9.2.7
addFederationMapEntryInMap, 9.2.8
addFederationPropertyMapEntry, 9.2.10
changePeerProviderDescription, 9.2.16
changeSessionStore, 9.2.17
createConfigPropertyList, 9.2.18
createConfigPropertyListInMap, 9.2.19
createConfigPropertyMap, 9.2.20
createConfigPropertyMapInMap, 9.2.21
createFederationPropertyList, 9.2.22
createFederationPropertyListInMap, 9.2.23
createFederationPropertyMap, 9.2.24
createFederationPropertyMapInMap, 9.2.25
createPeerProviderEntry, 9.2.26
deleteCustomAuthnEngine, 9.2.11
deleteCustomSPEngine, 9.2.12
deleteUserFederations, 9.2.14
environment setup, 9.1.1
executing commands, 9.1.2
getConfigListValueInMap, 9.2.27
getConfigMapEntryInMap, 9.2.28
getConfigProperty, 9.2.29
getConfigPropertyList, 9.2.30
getConfigPropertyMapEntry, 9.2.31
getFederationListValueInMap, 9.2.32
getFederationMapEntryInMap, 9.2.33
getFederationProperty, 9.2.34
getFederationPropertyList, 9.2.35
getFederationPropertyMapEntry, 9.2.36
listCustomAuthnEngines, 9.2.37
listCustomSPEngines, 9.2.38
loadMetadata, 9.2.39, 9.2.40
removeConfigListInMap, 9.2.41
removeConfigMapEntryInMap, 9.2.42
removeConfigMapInMap, 9.2.43
removeConfigProperty, 9.2.44
removeConfigPropertyList, 9.2.45
removeConfigPropertyMap, 9.2.46
removeConfigPropertyMapEntry, 9.2.47
removeFederationListInMap, 9.2.48
removeFederationMapEntryInMap, 9.2.50
removeFederationMapInMap, 9.2.49
removeFederationProperty, 9.2.51
removeFederationPropertyList, 9.2.52
removeFederationPropertyMap, 9.2.53
removeFederationPropertyMapEntry, 9.2.54
removePeerProviderEntry, 9.2.55
setConfigProperty, 9.2.56
setCustomAuthnEngine, 9.2.57
setCustomSPEngine, 9.2.58
setFederationProperty, 9.2.59
WS-Federation, 1.1.4.5
IdP Properties, 5.4.3
WS-Federation 1.1
SP, 5.5.4

X

X.509 certificates, 4.1.1.2