Index
A B C D E F G H I J K L M N O P R S T U V W X
A
- access control
-
- access control context (AccessControlContext), 2.2.5, 2.2.5
- access control lists and OracleAS JAAS Provider directory entries, 8.6.1.3
- access control lists, definition, 1.1.2.1
- access controller (AccessController), 2.2.5
- capability model, 1.1.2.1
- defined, 1.1.2
- Access Manager SDK, Oracle Access Manager, 11.4.3
- Access SDK, Oracle Access Manager, 11.4.2
- AccessGate vs. WebGate (Oracle Access Manager), 11.1.1
- accounts
-
- creating and configuring new administrator account, 4.6.3
- accounts, OC4J
-
- accounts created in OID, 8.4.1.3
- predefined and required, 4.6.1
- predefined for file-based provider, 7.3.4
- ACLs--see access control lists
- actions element, system-jazn-data.xml, D.4.1
- activateadmin Admintool command, C.4.7
- activated user (file-based provider), 4.6.1
- active directory
-
- login module, 21.6.2
- user account, 21.4
- add command, Admintool shell, C.3.3.1
- addloginmodule option, Admintool, 9.6.1, C.4.1
- addrealm option, Admintool, C.4.2
- addrole option, Admintool, C.4.3
- adduser option, Admintool, C.4.4
- administration
-
- Admintool, 4.2.2
- configuation files and key elements, 4.4
- creating and configuring new administrator account, 4.6.3
- Enterprise Manager, Application Server Control, 4.2.1
- JSR-77 support, 4.1
- MBean browser and administration, 4.3
- MBeans, definition, 4.1
- Oracle Identity Management and Oracle Internet Directory tools, 4.2.3
- standards for managing applications, 4.1
- tools for administration, 4.2
- administrator account
-
- activate in Admintool, C.4.7
- creating and configuring new administrator account, 4.6.3
- oc4jadmin account, 4.6.2
- AdminPermission class, 5.2.1.3
- Admintool
-
- activate administrator user, C.4.7
- add shell command, C.3.3.1
- adding and removing login modules, 9.6.1, C.4.1
- adding and removing realms, C.4.2
- adding and removing roles (file-based provider), C.4.3
- adding and removing users (file-based provider), C.4.4
- cd shell command, C.3.3.2
- checking passwords (file-based provider), C.4.6
- clear shell command, C.3.3.3
- command-line syntax and options, C.2
- exit shell command, C.3.3.4
- granting and revoking permissions, C.4.8
- granting and revoking roles, C.4.9
- granting permissions, 5.3.1
- granting RMI permission, 9.6.2
- help shell command, C.3.3.5
- invoking, 4.2.2, C.2
- listing login modules, 9.6.1, C.4.10
- listing permissions, C.4.11
- listing realms, C.4.12
- listing roles, C.4.13
- listing users, C.4.14
- ls shell command, C.3.3.6
- man shell command, C.3.3.7
- migrating from principals.xml, 7.5, C.4.15
- mk shell command, C.3.3.1
- mkdir shell command, C.3.3.1
- overview, 4.2.2
- pwd shell command, C.3.3.8
- rm shell command, C.3.3.9
- set shell command, C.3.3.10
- setting passwords (file-based provider), C.4.5
- shell commands, C.3.3
- starting shell, C.3
- anonymous lookup, EJBs, 18.5
- anonymous user
-
- activating/deactivating (file-based provider), 4.6.1
- configuring, 4.6.4
- application element, system-jazn-data.xml, D.4.2
- application roles, 3.4
- Application Server Control
-
- configuring Java SSO, 14.2.1
- configuring security provider, 6.3.3.2
- configuring security role mappings, 6.3.4.2
- overview, 4.2.1
- as-context element, orion-ejb-jar.xml, 19.3.2
- authentication
-
- authenticating EJB applications, 18.1
- authentication methods for Web applications, 17.1
- basic method, 16.1.1, 17.1.1
- client-cert method, 17.1.5
- definition, 1.1.1
- digest method, 16.1.2, 17.1.1
- digest method, with Oracle Internet Directory, 8.5.2
- failure, specify default realm, A.2.4.2
- form-based method, 17.1.4
- in OC4J, introduction, 3.2
- login modules, 2.3.2
- NTLM method, 16.1.3
- OracleAS Single Sign-On, 3.1.2
- RealmLoginModule class, 3.1.2
- SSL authentication, 1.2.2
- SSO method, 8.5.1
- supported authentication methods, 2.1.1.1
- authorization
-
- authorization APIs and JAAS mode, 5.2
- authorizing EJB applications, 18.1
- coarse-grained vs. fine-grained, 2.4.1
- comparing models--overview, 2.4.1
- definition, 1.1.2
- enabling Java Authorization Contract for Containers, 5.4.5
- J2EE authorization APIs, 5.4.1
- Java 2 code-based policy management, 5.1
- obtaining a subject, 5.4.2
- policy configuration, OracleAS JAAS Provider, 5.3.3
- policy management, OracleAS JAAS Provider, 5.3
- strategies, 5.5
- to any authenticated user (PUBLIC role), 6.3.4.4
- using checkPermission(), 5.4.3
- authorization--also see access control
B
- basic authentication, 16.1.1
-
- as fallback in digest authentication mode, 17.1.3
- configuring in web.xml, 17.1.1
- definition, 2.1.1.1
- in Oracle Access Manager, 11.3.2
- best practices for security, A.1
- bootstrap accounts, 4.6.1
- bootstrap jazn.xml, 4.4.5
C
- caching, LDAP
-
- caching properties, 8.7.3
- disabling, 8.7.3
- callback handler
-
- identity callback handler interface, identity management framework, 13.2.4
- identity callback handler, identity management framework, 13.1.2
- standard definition, 2.3.2.1
- capability model of access control, 1.1.2.1
- case-sensitivity for roles
-
- custom login modules, 9.1.2
- external LDAP providers, 10.1
- file-based provider, 7
- LDAP-based provider, 8.1
- cd command, Admintool shell, C.3.3.2
- certificates and certificate authorities (SSL)
-
- introduction, 1.2.4
- trust points, 1.2.3
- truststores, 19.1
- using certificates with OC4J and Oracle HTTP Server, 15.2
- checkpasswd option, Admintool, C.4.6
- cipher suites
-
- definition, 16.3.4
- specify in Web site XML file, 15.3
- supported by JSSE, 16.3.4
- class element, system-jazn-data.xml, D.4.3
- class loading, sharing libraries, 6.5
- clear command, Admintool shell, C.3.3.3
- client authentication
-
- basic, 16.1.1
- digest, 16.1.2
- NTLM, 16.1.3
- client-cert authentication
-
- definition, 2.1.1.1
- in OC4J, 17.1.5
- Cluster MBean Browser, 7.6.2
- CN (common name), 8.2.2
- coarse-grained authorization, 2.4.1
- codebase, 2.2.1
- code-based security, 2.2.1
- codesource, 2.2.1
- codesource element, system-jazn-data.xml, D.4.4
- common name (CN), 8.2.2
- Common Secure Interoperability version 2--see CSIv2
- component-managed sign-on (J2CA)
-
- understanding, 20.2
- vs. container-managed sign-on, 20.1.2
- confidentiality element, orion-ejb-jar.xml, 19.3.1
- connection properties, LDAP, 8.7.2
- connector-factory element, oc4j-ra.xml (J2CA), 9.7.3
- container-managed sign-on (J2CA)
-
- authentication, 20.4
- declarative, 20.5
- programmatic, 20.6
- understanding, 20.3
- vs. component-managed sign-on, 20.1.2
- control-flag element, system-jazn-data.xml, D.4.5
- convert option, Admintool, 7.5, C.4.15
- cookie domain for shared Web application, 15.3
- COREid--see Oracle Access Manager
- credential_mapping plug-in, Oracle Access Manager, 11.3.1.3, 11.3.2.2
- credentials element, system-jazn-data.xml, D.4.6
- credentials, specifying in EJB clients, 18.2
- CSIv2
-
- ejb_sec.properties settings, 19.2
- internal-settings.xml settings, 19.1
- introduction, 19
- properties in orion-ejb-jar.xml, 19.3
- custom login modules--see login modules
- custom security providers (custom login modules), 3.1.4
D
- DAS (Delegated Administration Services for OID), 4.2.3.1
- data source
-
- TCPS, 15.10
- database login module, 9.2.2
- DataSourceUserManager (deprecated), 9.2.2.7
- DBTableOraDataSourceLoginModule (database login module), 9.2.2
- deactivated user (file-based provider), 4.6.1
- debugging
-
- general SSL debugging, 15.7.2
- logging, A.3
- PrintingSecurityManager, 5.1.2
- default realm, file-based or LDAP-based provider, 6.2.1
- default-method-access element, orion-ejb-jar.xml, 18.1.6
- Delegated Administration Services (DAS for OID), 4.2.3.1
- deployment
-
- configuring the security provider through Application Server Control, 6.3.3.2
- deploying an application through Application Server Control, 6.3.2.1
- deploying login modules, 9.8.4
- deployment plan, 4.1
- deployment plan editor, 4.2.1
- JSR-88 support, 4.1
- standards for deploying applications, 4.1
- tasks and guidelines, 6.3
- deployment roles, 3.4
- description element, system-jazn-data.xml, D.4.7
- digest authentication, 16.1.2
-
- basic authentication fallback, 17.1.3
- configuring in web.xml, 17.1.1
- definition, 2.1.1.1
- with Oracle Internet Directory, 8.5.2
- digest.auth.basic.fallback property, 17.1.3
- digital certificates, 1.2.3
- display-name element, system-jazn-data.xml, D.4.8
- distinguished name (DN), 8.2.2
- DN (distinguished name), 8.2.2
- doAs() and doAsPrivileged()
-
- method descriptions, 2.3.4
- with JAAS mode, 5.2.1.1
- doasprivileged-mode (obsolete setting), 5.2.1.1
- doPrivileged() method, AccessController, 2.2.5
E
- EJB
-
- anonymous lookup, 18.5
- authenticating and authorizing EJB applications, 18.1
- client security properties for CSIv2, 19.2
- granting permissions in browser, 18.4
- JNDI security providers, 18.2
- namespace access, 18.1.5
- RMI client access, 18.3
- server security properties for CSIv2, 19.1
- troubleshooting, 18.1
- ejb_sec.properties, CSIv2 security properties (EJB client-side), 19.2
- ejb-jar.xml
-
- configuring J2EE security roles, 3.4
- Enterprise Manager--see Application Server Control
- establish-trust-in-client element, orion-ejb-jar.xml, 19.3.1
- establish-trust-in-target element, orion-ejb-jar.xml, 19.3.1
- exit command, Admintool shell, C.3.3.4
- external LDAP providers
-
- administrator user and roles, creating, 10.4.1
- configuring in Application Server Control, after deployment, 10.2.2
- configuring in Application Server Control, during deployment, 10.2.1
- granting RMI permission to LDAP principal, 10.4.2
- introduction, 3.1.4
- overview, configuration and administration, 10.1
- Sun Java System Directory Server (example), 10.5
- system-jazn-data.xml, login-module element options, 10.3
- troubleshooting, 10.1
- external.synchronization property (no longer supported), Preface
F
- file-based provider
-
- activating/deactivating users, 4.6.1
- administering instance-level security, 7.2.6
- configuring as security provider after deployment, 7.2.2
- configuring as security provider during deployment, 7.2.1
- configuring in Application Server Control, 7.2
- default realm, 6.2.1
- introduction, 3.1.4
- migrating from principals.xml, 7.5
- migration tool, migrating from file-based provider (to LDAP-based or alternative file-based), 7.4
- policy management, 7.1
- realm management, 7.1, 7.3.2
- settings in OC4J configuration files, 7.3
- fine-grained authorization, 2.4.1
- form-based authentication
-
- configuration in web.xml, 17.1.4
- definition, 2.1.1.1
- in Oracle Access Manager, 11.3.1
G
- globally unique identifier (GUID), D.4.11
- grant element, system-jazn-data.xml, D.4.9
- grantee element, system-jazn-data.xml, D.4.10
- grantperm option, Admintool, C.4.8
- grantrole option, Admintool, C.4.9
- Group class (deprecated), 5.2.1.3, 12.2
- groups, OC4J instances
-
- adding, administering, 7.6.1
- J2EEServerGroup MBean, 7.6.2
- GUID (globally unique identifier), D.4.11
- guid element, system-jazn-data.xml, D.4.11
H
- help command, Admintool shell, C.3.3.5
- host name verifier (HTTPClient), 16.6
- HTTPClient
-
- basic authentication, 16.1.1
- digest authentication, 16.1.2
- divergence from open source version, 16.2
- NTLM authentication, 16.1.3
- SSL host name verification, 16.6
- using with JSSE, 16.5
- HTTPConnection class, 16.2
- HTTPS for client connections
-
- HTTPClient example, JSSE, 16.5.2
- Oracle HTTPS features, 16.3
- Oracle HTTPS system properties, 16.4
I
- identity callback handler interface, identity management framework, 13.2.4
- identity callback handler, identity management framework, 13.1.2
- identity management API framework for users and roles--see user and role APIs
- identity management framework
-
- callback types, 13.2.5
- configuration, 13.3
- enabling an application to use, 13.3.3
- identity callback handler, 13.1.2
- identity callback handler interface, 13.2.4
- identity token, 13.1.2
- identity token interface, 13.2.1
- multiple OC4J instances, considerations, 13.3.4
- overview, 13.1
- packaging implementation classes, 13.2.8
- programmatic interfaces, 13.2
- properties, 13.3.1
- sample, header-based ID token, 13.5
- subject asserter, 13.1.2
- subject asserter interface, 13.2.7
- summary of how to use, 13.4
- token asserter, 13.1.2
- token asserter interface, 13.2.3
- token collector, 13.1.2
- token collector interface, 13.2.2
- identity management realms (OID)
-
- introduction, 8.6.1
- managing, 8.6.2.1
- relation to JAAS Provider realms, 8.6.1.2
- using multiple realms, 8.6.2.3
- identity propagation, 2.1.3
- identity store, 13.1.2
- identity token interface, identity management framework, 13.2.1
- identity token, identity management framework, 13.1.2
- indirect passwords, 6.1.1
- instance-level security, file-based provider, 7.2.6
- integrity element, orion-ejb-jar.xml, 19.3.1
- internal-settings.xml
-
- CSIv2 security properties (EJB server-side), 19.1
- DTD, 19.1
- sep-property element, 19.1
J
- J2CA, J2EE Connector Architecture--see resource adapters
- J2EE roles, 3.4
- J2EEServerGroup MBean (OC4J groups), 7.6.2
- JAAS (Java Authentication and Authorization Service), 2.3
- JAAS mode
-
- configuring and using, 5.4.4
- introduction, 5.2.1.1
- required for subject propagation, 18.6.2.2
- JAAS provider
-
- integration with SSL-enabled applications, 15.1
- integration with SSO-enabled applications, 8.2.4
- overview, 3.1.1
- JAAS roles (deployment roles), 3.4
- jaas.username.simple property, 6.2.6
- JACC--see Java Authorization Contract for Containers
- Java 2 Security Model, 2.2
- Java Authentication and Authorization Service (JAAS), 2.3
- Java Authorization Contract for Containers (Java ACC)
-
- enabling, 5.4.5.1
- introduction, 5.2.3
- specifying Java ACC provider, 5.4.5.2
- Java Key Store (JKS), 19.1
- Java single sign-on--see Java SSO
- Java SSO
-
- configuration and setup, details, 14.2
- configuration for 10.1.3.1 patch over 10.1.3.0.0, 14.2.4.3
- configuration, summary, 14.1.4
- configuring through Application Server Control, 14.2.1
- deployment scenarios, 14.1.3
- file-based provider and two OC4J instances, 14.2.4.1
- logout API, 14.3.1
- multiple OC4J instances, 14.2.4.2
- overview, 14.1
- properties, 14.2.2
- summary of how to use, 14.4
- troubleshooting, 14.5
- java.net.URL framework, 16.3.3
- java.security.manager property, 5.1.1
- java.security.policy property, 5.1.1
- javax.net.ssl.keyStore property, 16.4.1
- javax.net.ssl.keyStorePassword property, 16.4.2
- javax.net.ssl.keyStoreType property, 16.4.3
- javax.net.ssl.trustStore property, 16.4.4
- javax.net.ssl.trustStorePassword property, 16.4.5
- javax.net.ssl.trustStoreType property, 16.4.6
- JAZN (term no longer used), 3.1.1
- jazn element, jazn.xml, D.2.1
- jazn subelement of password-manager element, system-application.xml, 6.1.2
- jaznadmin user (OID), 8.4.1.3, 8.6.1.3
- JAZNAdminGroup (OID), 8.4.1.3, 8.6.1.3
- jazn-data element, system-jazn-data.xml, D.4.13
- jazn-data.xml
-
- overview, 4.4.4
- persistence mode, 4.4.3
- supplying for deployment, 7.3.1.3
- jazn-loginconfig element, system-jazn-data.xml, 9.7.1, D.4.14
- JAZNPermission class, 5.2.1.3
- jazn-policy element, system-jazn-data.xml, D.4.16
- jazn-realm element, system-jazn-data.xml, D.4.18
- JAZNUserManager, 3.1.2
- jazn-web-app element, orion-application.xml, 17.1.2
- jazn.xml
-
- bootstrap, 4.4.5
- element hierarchy, D.1
- elements and attributes, reference, D.2
- file not found, A.2.1
- locations, 4.4.5
- overview, 4.4.5
- samples, 4.4.5
- JCA--see resource adapters
- JMX (MBeans), 4.3
- JNDI
-
- connection properties, 8.7.2
- EJB JNDI security properties, 18.2
- with a custom login module, 9.8.6
- JSR-77 support, 4.1
- JSR-88 support, 4.1
- JSSE
-
- supported cipher suites, 16.3.4
- using HTTPClient with JSSE, 16.5
K
- kerberos, 21.1
- kerberos client configuration, 21.3
- Key Distribution Center (KDC), 21.1
- keys and keystores (SSL)
-
- introduction, 1.2.4
- Java Key Store (JKS), 19.1
- javax.net.ssl.keyStore property, 16.4.1
- javax.net.ssl.keyStorePassword property, 16.4.2
- javax.net.ssl.keyStoreType property, 16.4.3
- keystore for CSIv2, 19.1
- keystore for ORMIS, 15.8.4.2
- keystore, definition, 15.2
- keytool utility, 15.2
- wallet, equivalent to keystore, 15.2
- keytab file, 21.5
- keytool utility
-
- example, 15.3
- for keystores, 15.2
L
- LDAP
-
- external LDAP providers, 10
- LDAP-based provider, 8
- LDAP principal, 10.4.2
- LDAP-based provider
-
- caching properties, 8.7.3
- connection properties, 8.7.2
- creating users with OID DAS, 8.7
- default realm, 6.2.1
- Oracle Identity Management with Oracle Internet Directory, 3.1.4
- Oracle Identity Management, steps to use, 8.4
- overview of Oracle Identity Management key components, 8.2
- realm management, 8.6
- settings in OC4J configuration files, 8.7
- troubleshooting, 8.8
- user, password, and SSL properties, 8.7.1
- LDAPLoginModule, 3.1.4
- ldapsearch utility, to retrieve realm names from OID, 8.8.2
- libraries
-
- importing shared library into application, 6.5.2
- loading library as OC4J shared library, 6.5.1
- Lightweight Directory Access Protocol--see LDAP
- listloginmodules option, Admintool, 9.6.1, C.4.10
- listperms option, Admintool, C.4.11
- listrealms option, Admintool, C.4.12
- listroles option, Admintool, C.4.13
- listusers option, Admintool, C.4.14
- logging, A.3
- login configuration provider, specification, 9.1.1
- login module element, system-jazn-data.xml, D.4.19
- login modules
-
- adding and removing in Admintool, 9.6.1, C.4.1
- configuration in OC4J configuration files, 9.7
- configuring as security provider after deployment, 9.5.2
- configuring as security provider during deployment, 9.5.1
- configuring in oc4j-ra.xml (J2CA), 9.7.3
- configuring the custom security provider in Application Server Control, 9.5
- configuring with different applications, 2.3.2
- CoreIDLoginModule (Oracle Access Manager), 11.7.5
- database login module, 9.2.2
- definition, 2.3.2
- deploying, 9.8.4
- EIS connections (J2CA), using for, 20.6.2
- granting RMI permission, 9.6.2
- in identity management framework, 13.1.2, 13.2.6
- introducing custom login modules, usage, 9.3
- jazn-loginconfig configuration element, D.4.14
- LDAPLoginModule, 3.1.4, 10.3
- listing in Admintool, 9.6.1, C.4.10
- login configuration provider, 3.1.1
- login configuration provider, specification, 9.1.1
- login-module configuration element, D.4.19
- login-modules configuration element, D.4.20
- optional packages, deployed as, 9.4.2
- packaging, 9.4
- RealmLoginModule, 9.2.1
- sample, 9.9
- stacking, 2.3.2.2
- step by step, 9.8
- troubleshooting, 9.1.2
- login modules element, system-jazn-data.xml, D.4.20
- login-config element, web.xml, 17.1.1
- LoginContext class, 2.3.2.1
- login-module element, system-jazn-data.xml
-
- for external LDAP providers, 10.3
- ls command, Admintool shell, C.3.3.6
M
- man command, Admintool shell, C.3.3.7
- MBeans
-
- definition, 4.1
- MBean browser and administration, 4.3
- member element, system-jazn-data.xml, D.4.21
- members element, system-jazn-data.xml, D.4.22
- method-permission element, ejb-jar.xml, 18.1.1
- migration
-
- migrating from principals.xml, 7.5, C.4.15
- migration tool, migrating from file-based provider (to LDAP-based or alternative file-based), 7.4
- mk command, Admintool shell, C.3.3.1
- mkdir command, Admintool shell, C.3.3.1
N
- name element, system-jazn-data.xml, D.4.23, D.4.24
- namespace access (EJBs), 18.1.5
- needs-client-auth (SSL client authentication), 15.6
- NTLM authentication, 16.1.3
O
- ObSSOCookie, Oracle Access Manager SSO cookie, 11.2.3
- oc4jadmin account, 4.6.2
- oc4j-connectors.xml (J2CA), security-permission element, 20.1.3.2
- oc4j-ra.xml (J2CA)
-
- login module settings, 9.7.3
- security-config element, 20.1.3.1
- oidadmin (Oracle Directory Manager), 4.2.3.2
- OID--see Oracle Internet Directory
- omitting realm names from principals, 6.2.6
- OPMN (Oracle Process Manager and Notification Server), 15.8.2
- option element, system-jazn-data.xml, D.4.25
- optional packages, used for login modules, 9.4.2
- options element, system-jazn-data.xml, D.4.26
- Oracle Access Manager
-
- Access Manager SDK, 11.4.3
- Access SDK, 11.4.2
- action URL, protecting, 11.3.4
- application, protecting, 11.7.4
- architecture, 11.1.3
- auth-method setting, 11.7.3
- basic authentication, 11.3.2
- credential_mapping plug-in, 11.3.1.3, 11.3.2.2
- EJB application, use case, 11.10.3
- form-based authentication, 11.3.1
- granting permissions to Oracle Access Manager principals, 11.8
- granting RMI permission to Oracle Access Manager principal, 11.8.1
- login module configuration, 11.7.5
- overview, 11.1.1
- plug-ins, overview, 11.2.2
- Policy Manager, introduction, 11.1.1
- Policy Manager, running, 11.1.5
- prerequisites, 11.1.2
- resource types, configuration, 11.3.3
- resource types, overview, 11.2.1
- sample use cases for J2EE applications, 11.10
- sample use cases for Web services, 11.11
- single sign-on cookie, 11.2.3
- troubleshooting, 11.12
- validate_password plug-in, 11.3.1.4
- Web app using HTTP header variables, use case, 11.10.1
- Web app using SSO cookie, use case, 11.10.2
- Web service with SAML token, use case, 11.11.3
- Web service with username token, use case, 11.11.1
- Web service with X.509 token, use case, 11.11.2
- Oracle COREid Access and Identity--see Oracle Access Manager
- Oracle Directory Manager (oidadmin), 4.2.3.2
- Oracle Enterprise Manager--see Application Server Control
- Oracle HTTPS (client-side)
-
- example, JSSE, 16.5.2
- overview, 16.3
- system properties, 16.4
- Oracle Identity Management
-
- configuring as security provider after deployment, 8.4.3.2
- configuring as security provider during deployment, 8.4.3.1
- default realm, 6.2.1
- LDAP-based provider (with Oracle Internet Directory), 3.1.4
- overview, key components, 8.2
- troubleshooting, 8.8
- using, steps to use, 8.4
- Oracle Internet Directory
-
- Delegated Administration Services (DAS), 4.2.3.1
- jaznadmin user, JAZNAdminGroup, 8.4.1.3, 8.6.1.3
- LDAP-based provider (with Oracle Identity Management), 3.1.4
- Oracle Directory Manager (oidadmin), 4.2.3.2
- overview, 8.2.1
- ports, with or without SSL, 8.4.1.1, 8.7.1
- realm names, retrieving with ldapsearch, 8.8.2
- supported versions, 8.3
- Oracle Java SSL (deprecated), 16.8
- Oracle Wallet
-
- auto-login wallet, SSO wallet, 15.5.2
- usage by Oracle HTTP Server, 15.2
- OracleAS JAAS Provider
-
- introduction, 3.1
- permissions, checking, 5.2.1.4
- permissions, granting, 5.2.1.3
- policy APIs, 5.2.1.2
- policy configuration, 5.3.3
- policy management, 5.3
- realm APIs, 5.2.1.2
- specifying as login configuration provider, 9.1.1
- specifying as policy provider, 5.3.4
- OracleAS Single Sign-On
-
- integration, 3.1.2
- overview, 8.2.3
- servlet session synchronization, 8.4.2.4
- supported versions, 8.3
- oracle.home property, 5.1.3
- oracle.j2ee.home property, 4.4.5
- oracle.security.jazn.config property, 4.4.5
- OracleSSLCredential, Oracle Java SSL package, 16.8.2
- Oracle.ssl.defaultCipherSuites property (Oracle Java SSL), 16.8.6.1
- orion-application.xml
-
- configuring SSO, 8.5.1
- jazn and jazn-web-app elements, 4.4.1
- login module settings, 9.7.2
- mapping J2EE roles to deployment roles, 17.2.5
- orion-ejb-jar.xml
-
- CSIv2 properties, 19.3
- default security role, 18.1.6
- security role mapping configuration, 18.1.4
- ORMI tunneling over HTTPS, 15.9
- ORMIS
-
- configuring access restrictions, 15.8.3
- configuring clients to use ORMIS, 15.8.4
- configuring for OC4J in OAS, 15.8.2
- configuring for standalone OC4J, 15.8.1
P
- packaging
-
- identity management framework implementation classes, 13.2.8
- login modules, 9.4
- password-manager element, system-application.xml, 6.1.2
- passwords
-
- checking in Admintool (file-based provider), C.4.6
- clear (human-readable) (file-based provider), 6.1.3
- indirect passwords, 6.1.1
- obfuscated passwords for LDAP user, 8.7.1
- password indirection, 6.1
- password obfuscation, 6.1, 6.1.3
- setting in Admintool (file-based provider), C.4.5
- Permission class, subclasses, characteristics, 2.2.2
- permission element, system-jazn-data.xml, D.4.27
- permissions
-
- capability model of access control, 1.1.2.1
- granting and revoking in Admintool, C.4.8
- granting EJB permissions in browser, 18.4
- in Java 2 Security Model, 2.2.2
- listing in Admintool, C.4.11
- OracleAS JAAS Provider APIs for checking, 5.2.1.4
- OracleAS JAAS Provider APIs for granting, 5.2.1.3
- permissions element, system-jazn-data.xml, D.4.28
- persistence mode, system-jazn-data.xml or jazn-data.xml, 4.4.3
- plug-ins (Oracle Access Manager)
-
- credential_mapping, 11.3.1.3, 11.3.2.2
- overview, 11.2.2
- validate_password, 11.3.1.4
- policies
-
- definition, JAAS policy, 2.3.3
- definition, Java 2 policy, 2.2.4
- file-based provider, policy management, 7.1
- grant configuration element, D.4.9
- granting permissions, Admintool, 5.3.1
- Java 2 policy file, creating, 5.1.3
- Java 2 policy file, specifying, 5.1.1
- jazn-policy configuration element, D.4.16
- OracleAS JAAS Provider policy APIs, 5.2.1.2
- package for policy management, 3.1.2
- policy cache, LDAP, 8.7.3
- policy configuration, OracleAS JAAS Provider, 5.3.3
- policy management, OracleAS JAAS Provider, 5.3
- policy provider, 3.1.1
- policy provider, specification, 5.3.4
- Policy Manager, Oracle Access Manager
-
- introduction, 11.1.1
- running, 11.1.5
- policy provider, specification, 5.3.4
- ports, for Oracle Internet Directory, with or without SSL, 8.4.1.1, 8.7.1
- principal element, system-jazn-data.xml, D.4.29
- principals
-
- in JAAS, definition, 2.3.1
- Principal interface, 2.3.1
- sample principal class, 9.9.2
- principals element, system-jazn-data.xml, D.4.30
- principals.xml
-
- migrating from, in Admintool, C.4.15
- principals.xml, migrating from, in Admintool, 7.5
- PrintingSecurityManager, 5.1.2
- property element, jazn.xml, D.2.2
- PropertyPermission, 18.4
- protection domains, 2.2.3
- PUBLIC role (for access by any authenticated user), 6.3.4.4
- pwd command, Admintool shell, C.3.3.8
R
- realm element, system-jazn-data.xml, D.4.31
- RealmLoginModule class
-
- configuring, 9.2.1
- introduction, 3.1.2
- realm-name element, system-jazn-data.xml, D.4.32
- RealmPermission class, 5.2.1.3
- realms
-
- adding and removing in Admintool, C.4.2
- default realm, file-based or LDAP-based provder, 6.2.1
- file-based provider, realm management, 7.1
- hierarchy for OracleAS JAAS Provider, 8.6.1.1
- jazn-realm configuration element, D.4.18
- listing in Admintool, C.4.12
- managing identity management realms (OID), 8.6.2.1
- managing in file-based provider, 7.3.2
- managing in LDAP-based environments, 8.6
- multiple realms, 6.2.5
- nondefault realm, 6.2.4
- omitting realm name from principals, 6.2.6
- OracleAS JAAS Provider realm APIs, 5.2.1.2
- overview, 3.1.3
- package for realm management, 3.1.2
- realm cache, LDAP, 8.7.3
- realm configuration element, D.4.31
- relation of JAAS Provider realms to OID realms, 8.6.1.2
- retrieving from OID using ldapsearch, 8.8.2
- tasks and guidelines in OC4J, 6.2
- troubleshooting, A.2.4
- using multiple identity management realms (OID), 8.6.2.3
- remloginmodule option, Admintool, 9.6.1, C.4.1
- remrealm option, Admintool, C.4.2
- remrole option, Admintool, C.4.3
- remuser option, Admintool, C.4.4
- resource adapters
-
- authentication in container-managed sign-on, 20.4
- component-managed sign-on, 20.2
- component-managed vs. container-managed sign-on, 20.1.2
- container-managed sign-on, 20.3
- declarative container-managed sign-on, 20.5
- login modules for EIS connections, 20.6.2
- overview of security and authentication setup, 20.1
- overview of security-related configuration elements, 20.1.3
- programmatic container-managed sign-on, 20.6
- sample, programmatic container-managed sign-on, 20.6.1.2
- security contract, 20.1.1
- resource types (Oracle Access Manager)
-
- configuration, 11.3.3
- overview, 11.2.1
- revokeperm option, Admintool, C.4.8
- revokerole option, Admintool, C.4.9
- rm command, Admintool shell, C.3.3.9
- RMI permission
-
- granting for login modules, 9.6.2
- granting to administrator roles, external LDAP provider, 10.4.1
- granting to appropriate role for EJB, 18.3
- granting to LDAP principal, 10.4.2
- granting to Oracle Access Manager principal, 11.8.1
- role and user APIs
-
- model/framework, 12.3
- overview, 12.1
- properties file, 12.5.4
- replacement of UserManager, User, Group features, 12.2
- sample, basic, 12.6
- sample, OC4J integration, 12.7
- steps and samples, 12.5
- summary of classes and interfaces, 12.4
- role element, system-jazn-data.xml, D.4.33
- RoleAdminPermission class, 5.2.1.3
- roles
-
- adding and removing in Admintool (file-based provider), C.4.3
- application roles, 3.4
- case-sensitivity, custom login modules, 9.1.2
- case-sensitivity, external LDAP providers, 10.1
- case-sensitivity, file-based provider, 7
- case-sensitivity, LDAP-based provider, 8.1
- creating, editing, deleting (file-based provider), 7.2.5
- definition, 1.1.2.2
- deployment roles, 3.4
- granting and revoking in Admintool, C.4.9
- J2EE roles, 3.4
- listing in Admintool, C.4.13
- mapping J2EE roles to deployment roles, 17.2.5
- mapping logical roles to users and roles, EJBs, 18.1.4
- mapping, overview, 3.4
- methods unchecked for security roles, EJBs, 18.1.2
- role configuration element, D.4.33
- role-based access control, 1.1.2.2
- roles configuration element, D.4.34
- roles element, system-jazn-data.xml, D.4.34
- run-as element, ejb-jar.xml, 18.1.3
- run-as security identity
-
- for EJBs, 18.1.3
- for Web applications, 17.2.4
- runas-mode (obsolete setting), 5.2.1.1
- RuntimePermission, 18.4
S
- samples
-
- identity management framework, header-based ID token, 13.5
- jazn-loginconfig configuration, D.4.14
- jazn-policy configuration, D.4.16
- jazn-realm configuration, D.4.18
- JSSE with HTTPClient, 16.5.2
- login module, 9.9
- Oracle Access Manager use cases for J2EE applications, 11.10
- Oracle Access Manager use cases for Web services, 11.11
- programmatic container-managed sign-on (resource adapters), 20.6.1.2
- sample servlet, various features, B
- Sun Java System Directory Server configuration, 10.5
- user and role APIs, basic example, 12.6
- user and role APIs, OC4J integration, 12.7
- sas-context element, orion-ejb-jar.xml, 19.3.3
- Secure Sockets Layer--see SSL
- security managers
-
- overview, 2.2.5
- PrintingSecurityManager for debug, 5.1.2
- specifying, enabling, 5.1.1
- security provider
-
- definition, 1.1.1
- supported providers, 3.1.4
- security-identity element, ejb-jar.xml, 18.1.3
- SecurityManager class, 2.2.5
- security-role element, ejb-jar.xml, 18.1.1
- security-role-mapping element, orion-ejb-jar.xml, 18.1.4
- security-role-ref element, ejb-jar.xml, 18.1.1
- sep-property element, internal-settings.xml, 19.1
- servlet session synchronization (with SSO), 8.4.2.4
- session cache, LDAP, 8.7.3
- session synchronization for servlets (with SSO), 8.4.2.4
- session-tracking element, orion-web.xml, 15.3
- set command, Admintool shell, C.3.3.10
- setpasswd option, Admintool, C.4.5
- setSSLEnabledCipherSuites() method, Oracle Java SSL, 16.8.6.2
- shared libraries
-
- importing, 6.5.2
- loading, 6.5.1
- shared Web applications, 15.3
- shell commands, Admintool, C.3.3
- shell option, Admintool, C.3
- single sign-on
-
- alternatives in Oracle Application Server, 3.2.3
- configuring in orion-application.xml, 8.5.1
- definition, 3.2.3, 3.2.3
- integration with JAAS provider, 8.2.4
- Java SSO, 14
- Oracle Access Manager SSO cookie, 11.2.3
- Oracle Access Manager SSO, configure Web apps, 11.7.3
- OracleAS Single Sign-On overview, 8.2.3
- SocketPermission, 18.4
- SPNEGO, 21.1
- SSL
-
- authentication in SSL, 1.2.2
- client authentication, 15.6
- debugging, 15.7.2
- enabling SSL in OC4J, 15.3
- enabling/disabling for LDAP-based provider, 8.7.1
- host name verification for HTTPClient, 16.6
- integration with JAAS provider, 15.1
- introduction, 1.2.1
- ORMI over SSL, 15.8
- ORMI tunneling over HTTPS, 15.9
- port for Oracle Internet Directory with SSL, 8.4.1.1, 8.7.1
- troubleshooting, 15.7
- truststores, 19.1
- using certificates with OC4J and Oracle HTTP Server, 15.2
- ssl-config element, Web site XML file, 15.3
- SSO--see single sign-on
- stacking login modules, 2.3.2.2
- subject asserter interface, identity management framework, 13.2.7
- subject asserter, identity management framework, 13.1.2
- subject propagation
-
- enabling, 18.6.2
- overview in OC4J, 18.6.1
- removing/configuring restrictions, 18.6.4
- sharing principal classes, 18.6.3
- Subject.doAs() and Subject.doAsPrivileged()
-
- method descriptions, 2.3.4
- with JAAS mode, 5.2.1.1
- subjects
-
- in JAAS, definition, 2.3.1
- Subject class, 2.3.1
- Sun Java System Directory Server (external LDAP provider, example), 10.5
- system application
-
- overview, 4.5
- system-application.xml, 4.4.2
- system-jazn-data.xml
-
- and Admintool, 4.2.2
- element hierarchy, D.3
- elements and attributes, reference, D.4
- for policy data, 7.3.3
- overview, 4.4.3
- persistence mode, 4.4.3
- settings for login modules, 9.7.1
T
- TCPS, 15.10
- third-party LDAP providers--see external LDAP providers
- token asserter interface, identity management framework, 13.2.3
- token asserter, identity management framework, 13.1.2
- token collector interface, identity management framework, 13.2.2
- token collector, identity management framework, 13.1.2
- transport-config element, orion-ejb-jar.xml, 19.3.1
- troubleshooting
-
- EJBs, 18.1
- external LDAP providers, 10.1
- general OC4J security troubleshooting, A.2
- Java SSO, 14.5
- JAZN not properly configured, A.2.1
- LDAP-based provider, 8.8
- logging, A.3
- login modules, 9.1.2
- Oracle Access Manager, 11.12
- Oracle Identity Management, 8.8
- realms, A.2.4
- SSL, 15.7
- unable to locate login configuration, A.2.3
- trust points, 1.2.3
- truststores (SSL)
-
- introduction, 1.2.4
- javax.net.ssl.trustStore property, 16.4.4
- javax.net.ssl.trustStorePassword property, 16.4.5
- javax.net.ssl.trustStoreType property, 16.4.6
- truststore for CSIv2, 19.1
- tunneling, ORMI over HTTPS, 15.9
- type element, system-jazn-data.xml, D.4.35, D.4.36
U
- unchecked element, ejb-jar.xml, 18.1.2
- url element, system-jazn-data.xml, D.4.37
- use-caller-identity element, ejb-jar.xml, 18.1.3
- user and role APIs
-
- model/framework, 12.3
- overview, 12.1
- properties file, 12.5.4
- replacement of UserManager, User, Group features, 12.2
- sample, basic, 12.6
- sample, OC4J integration, 12.7
- steps and samples, 12.5
- summary of classes and interfaces, 12.4
- User class (deprecated), 9.2.2, 12.2
- user element, system-jazn-data.xml, D.4.38
- user repository, 1.1.1
- UserManager class (deprecated), 12.2
- users
-
- activating/deactivating (file-based provider), 4.6.1
- adding and removing in Admintool (file-based provider), C.4.4
- creating, editing, deleting (file-based provider), 7.2.4
- creating, with OID DAS for LDAP-based provider, 8.7
- ldap.user and ldap.password properties for LDAP, 8.7.1
- listing in Admintool, C.4.14
- user configuration element, D.4.38
- users configuration element, D.4.39
- users element, system-jazn-data.xml, D.4.39
V
- validate_password plug-in, Oracle Access Manager, 11.3.1.4
- value element, system-jazn-data.xml, D.4.40
W
- wallet, equivalent to keystore, 15.2
- wallets--see Oracle Wallet
- Web services, use cases with Oracle Access Manager, 11.11
- web-app element, Web site XML file, 15.3
- WebGate vs. AccessGate (Oracle Access Manager), 11.1.1
- web.xml
-
- configuring authentication method, 17.1.1
- configuring J2EE security roles, 3.4
- Windows Native Authentication See WNA
- WNA, 21.1
-
- configure OC4J, 21.6
- login module, 21.6.2
- prerequisites, 21.2
- testing, 21.7
X
- XML-based provider--see file-based provider