Index

A B C D E F G H I J K L M N O P R S T U W X

A

access control list, 8.2.1.2

access controller, 1.2.3

Access Server

cache, 10.2.6.1

AccessGate

configureAccessGate tool, 10.2.4.2.4, 10.2.10.6

ACL, 8.2.1.2

administration tools, 6.1

administrative tasks, 6.4

Administrators group, 3.5

Anonymous and Authenticated Roles Properties, F.2.5

anonymous role, 3.4, 3.4.1, 6.2

anonymous role and authentication, 3.4.1

anonymous SSL, 8.2.1

anonymous user, 3.1, 3.4, 3.4.1

anonymous user and role, 15.1

app.context, 8.5.3.3

Application Credential Migration Settings, 7.2.1

Application Name or Stripe, 15.1

Application Policy Migration Settings, 7.2.1

application role, 3.1, 15.1

application stripe, 15.1

ApplicationRole, 3.2.1

application-specific policies and roles, 4.2

audit data

bus-stop files, 12.2.5

file management, C.6

migrating, 12.5.5

reports, 13.1

audit data store

backup and recovery, 12.5.6.2

configuring for Java components, 12.2.3.2

configuring for system components, 12.2.4

data purge, 12.5.6.3

de-configuring, 12.2.4.1

partitioning, 12.5.6.1

schema, 12.5.1

tiered archival, 12.5.6.4

Audit Flow, 11.3.1

audit logs, 12.4.1

audit policy, 12.3

audit report

example of, 13.4

audit reports

attributes, 13.5.2

by component, C.2.2

custom, 13.6.2

list of standard, 13.5.1

types of, 13.2

viewing, 13.3

Audit Schema, C.3

audit-aware components, C.1.1

auditing

event attributes, C.1.3

events, C.1.2

filter expression syntax, C.5

for Oracle Fusion Middleware components, 12.3

in Oracle Fusion Middleware, 11

Java components, C.1.1

manual policy management, 12.3.4

manually configure for Java components, 12.3.4.2

manually configure for system components, 12.3.4.4

Oracle Directory Integration Platform, C.1.2.1

Oracle HTTP Server, C.1.2.3

Oracle Identity Federation, C.1.2.5

Oracle Internet Directory, C.1.2.4

Oracle Platform Security Services, C.1.2.2

Oracle Virtual Directory, C.1.2.6

Oracle Web Cache, C.1.2.11

Oracle Web Services Manager, C.1.2.12

overview, 11.2

OWSM-Agent, C.1.2.7

OWSM-PM-EJB, C.1.2.8

policy management with Fusion Middleware Control, 12.3.1, 12.3.2

policy management with WLST, 12.3.3

record storage, 11.3.3

report filters, 13.1.5

report setup for Oracle Business Intelligence Publisher, 13.1.3

report templates, 13.1.4

Reports Server, C.1.2.9

system components, C.1.1

WLST commands, C.4

WS-Policy Attachment, C.1.2.10

Authenticated Role, 15.1

authenticated role, 3.3, 6.2, 15.1

authenticated user, 3.1

authentication provider, 4.1

Authentication providers, 10.3.2.4

DefaultAuthenticator, 10.2.4.3.4, 10.2.5.3, 10.2.6.3, 10.3.2.4

LDAP Authentication, 10.2.4.3.1

OAM, 10.2, 10.2.2

OAM Authenticator, 10.2.5.3

OAM Identity Asserter, 10.2.4.3.4, 10.2.6.3

OID Authenticator, 10.2.4.3.4, 10.2.6.3, 10.3.1.2, 10.3.2.4

OSSO Identity Asserter, 10.3.2.4

WebLogic, 10.1

authentication providers, 4.1.1

authenticator flags, 4.1.3.1

Authenticator for OAM, 10.2

Auto login, 8.5.3.1

autologin.url, 8.5.3.3

B

basic authentication, 20.6

basic security tasks, 6.2

bootstrap credentials, 7.3.1

bulkload, 7.5.2.3

C

cache

Access Server, 10.2.6.1

callback handler, 1.3.2

choosing

the right SSO solution, 10

cipher suite, 20.2

class permission, 15.4.6

CredentialAccessPermission, 15.4.6.2

JpsPermission, 15.4.6.3

PolicyStoreAccessPermission, 15.4.6.1

commands to administer credentials, 8.4.2, 9.5.2

Compliance, 11.1.1

configuration file, 15.4.9

configuration of multiple authenticators, 4.1.3.1

configureAccessGate tool, 10.2.4.2.4, 10.2.10.6

configuring

global logout

Oracle Access Manager, 10.2.7

Identity Assertion

for single sign-on with OAM, 10.2.4

Oracle Web Services Manager, 10.2.6

OAM Authenticator, 10.2.5

OAM for single-sign on with OAMCfgTool, 10.2.4.2.4

OAM for SSO with OAMCfgTool, 10.2.4.2

OSSO, 10.3

providers for Oracle Web Services Manager, 10.2.6.3

Single Sign-On in Oracle Fusion Middleware, 10

configuring domains, 6.4

Configuring the Local Store Adapter, 8.1.2

configuring WebLogic domains, 6.4

createAppRole, 8.4.2.1

createCred, 9.5.2.3

creating user accounts, 3.6

Credential Management, 7.3.1

Credential Store, 3.1

Credential Store Framework, 14.3.4

Credential Store Framework API, 14.2.4

Credential Store Types, 4.3

CredentialAccessPermission, 15.4.6.2

CredentialMapping permission, 8.5.3.3

credential-related WSLT commands, 6.5

CSF

J2EE example with LDAP store, 17.7.4

J2EE example with wallet, 17.7.3

J2SE example with wallet, 17.7.2

CSIv2 identity assertion, 4.1.2

custom authorization providers, 4.2

cwallet.sso, 5.3, 15, 15.4.3

cwallet.sso file, 15.3

cwallet.sso,, 7.2.1

D

declarative security, 1.4.1

Default Authenticator, 5.1

default keystore, 20.2.1

DefaultAuthenticator, 4.1, 10.2.4.3.4, 10.2.5.3, 10.2.6.3, 10.3.2.4

default.auth.level, 8.5.3.3

deleteAppPolicies, 8.4.2.10

deleteAppRole, 8.4.2.2

deployed application, 6.3

deploying applications, 7.1

deploying JavaEE applications, 7.4

Deploying to a Test Environment, 7.3.1

deployment tools, 7.2

digest authentication, 20.6

distribute environments, 8.1.1

DN, 3.7.2

Dynamic authentication, 8.5.3.1

E

EAR file, 15.3, 15.3.1

ejb-jar.xml, 4.2, 15.3

embedded LDAP, 4.1.1, 5.2

enterprise group, 3.1

Enterprise Groups and Users Class, 15.2

enterprise user, 3.1

Enterprise-Level SSO, 10.1

Event Source Type, 11.3.2.1

Existing OSSO, 10.1

exportAuditConfig, C.4.7

EXTRA_JAVA_PROPERTIES, F.1, I.1.2

F

fail over support, 6.4

FAQ, 2.1

file-based policy store, 4.2

functional policy, 3.1

G

generic credential, 9.1

Generic LDAP Properties, F.2.4

getAuditPolicy, C.4.2

getNonJavaEEAuditMBeanName, C.4.1

getSSLSession, 20.2.2

Global logout, 8.5.3.1

grant, 3.1

grantAppRole, 8.4.2.3

grantPermission, 8.4.2.7

group, 3.1

GUID, 3.7.2

H

Hash function, 20.2.4

Headers

sent by Oracle HTTP Server, 10.3.1.3

host name verification, 20.5.1

HostnameVerifier, 20.5

HTTPClient, 20.2

HTTPConnection, 20.1

I

Identity Asserter for Single Sign-on with OAM, 10.2

Identity Management, 7.3.1

Identity Store, 3.1

identity store

creating provider, 19.3.4

provider configuration properties, 19.3.5

selecting provider, 19.3.3

identity store in JavaSE, 16.2.2

importAuditConfig, C.4.8

initializing an LDAP authenticator, 4.1.3.1

invoking MBeans, E.2.2

isCallerInRole, 2.5.1

isUserInRole, 2.5.1

J

J2EE

authentication, 1.4.2

declarative secutity, 1.4.1

role, 1.4.3

JAAS

callback handler, 1.3.2

principal, 1.3.1

subject, 1.3.1

JAAS mode, 15.1

Java 2

access crontroller, 1.2.3

permission, 1.2.1

protection domain, 1.2.2

security manager, 1.2.3

Java component, 3.1

javadocs

OPSS APIs, H.1

OPSS MBeans APIs, H.1

OPSS User and Role APIs, H.1

javax.net.ssl.keyStore, 20.3

javax.net.ssl.keyStorePassword, 20.3

javax.net.ssl.keyStoreType, 20.3

javax.net.ssl.trustStore, 20.3

javax.net.ssl.trustStorePassword, 20.3

javax.net.ssl.trustStoreType, 20.3

jazn-data.xml, 5.3, 7.2.1, 15, 15.3, 15.3.1

JKS keystore, 20.2, 20.4.1

JpsApplicationLifecycleListener, 15.4.4

jpsApplicationLifecycleListener, 15.4.1

jps.apppolicy.idstoreartifact.migration, 15.4.1, 15.4.1

JpsAuth.checkPermission API, 14.2.3

jps-config-jse.xml, 2.5.3

jps-config.xml, 15, A

jps-config.xml example, 15.4.9

jps-config.xml full example, 15.4.9

jps.credstore.migration, 15.4.4

JpsFilter, 15.1, 15.3

JpsInterceptor, 15.1, 15.1.1, 15.3

JpsPermission, 15.4.6.3

jps.policystore.applicationid, 15.4.1

jps.policystore.migration, 15.4.1

jps.policystore.migration.validate.principal, 15.4.1

jps.policystore.removal, 15.4.1

JSSE, 20

K

Key exchange, 20.2.4

Keystore Properties, F.2.7

L

large volume stores, 7.5.2.3

LDAP authenticator, 4.1.3

LDAP Credential Store Properties, F.2.2

LDAP Identity Store Properties, F.2.3

LDAP Policy Store Properties, F.2.1

LDAP servers, 5.1

ldapadd, 8.1.2

LDAP-based credential, 9.2

LDAP-based policy store, 4.2, 8.1

ldapmodify, 8.2.1.2

ldapsearch, 8.1.2

LDIF file, 8.1.2

ldifwrite, 7.5.2.3

listAppRoleMembers, 8.4.2.6

listAppRoles, 8.4.2.5

listAuditEvents, C.4.6

listPermissions, 8.4.2.9

logical role, 3.1, E.3

LoginService API, 14.2.1

logout.url, 8.5.3.3

LSA, 8.1.2

M

management tools, 5.2

Managing credentials, 7.3.1.1

managing domain authenticators, 6.4

managing identities, 5.2

managing policies and credentials, 5.2, 5.2

Managing system policies, 7.3.1.1

managing users and groups, 5.2

Mapping application roles to enterprise groups, 7.3.1.1

mapping of application roles, 3.2

mapping roles, 7.5.2

MBean

Administration Policy Store, E.2.1

annotations, E.3.1

Application Policy Store, E.2.1

code sample, E.2.3

Credential Store, E.2.1

Global Policy Store, E.2.1

Jps Configuration, E.2.1

migrateSecurityStore, 6.5, 7.5.1.1, 7.5.2, 8.3.2, 9.4.2, 15.4.8

Migrating Audit Policies, 7.5.3

migrating credentials example, 7.5.2.2

Migrating Identities, 15.4.8

Migrating Identities Manually, 7.5.1.1

Migrating Large Volume Stores, 7.5.2.3

Migrating Policies and Credentials at Deployment, 7.5.2

migrating policies example, 7.5.2.1

Migrating Providers, 7.5.1

Migration of credentials, 4.3

Migration of policies, 4.2

mod_osso, 10.3.2, 10.3.3.1

modifyBootStrapCredential, 9.5.2.5

Monitoring, 11.1.1

multiple-node server domain, 8.1.1

N

name comparison logic, 3.7.2

NTLM, 20.6

O

OAM

Authentication provider, 10.2, 10.2.2

parameter, 10.2.8

Troubleshooting, 10.2.10

Authenticator, 10.2, 10.2.5.3

Identity Asserter, 10.2, 10.2.4.3.4, 10.2.6.3

OAM solution, 8.5.3.1

oamAuthnProvider.jar, 10.2.2.1, 10.2.3.2

OAMCfgTool, 10.2.3.1, 10.2.3.2, 10.2.4, 10.2.4.2

about using, 10.2.4.2.1

Create mode parameters, 10.2.4.2.1

host identifiers created, 10.2.4.2.3

Known Issues, 10.2.9

process overview, 10.2.4.2.2

Validate mode parameters, 10.2.4.2.1

oamcfgtool.jar, 10.2.2.1, 10.2.3.2

ObSSOCookie, 10.2.2.2

OID Authenticator, 10.2.4.3.4, 10.2.6.3, 10.3.1.2, 10.3.2.4

one-way SSL, 8.2.1

OPSS

and Oracle Application Development Framework, 14.4

and the development cycle, 14.1.1

features for developers, 14.1.3

OPSS APIs

and JavaEE application, 14.3.1

and JavaSE application, 14.3.7

authentication with, 14.3.2

authorization with, 14.3.3

common uses, 14.3

CSF, 14.3.4

User and Role, 14.3.5, D

OPSS Architecture, 14.1.4

OPSS SSO Framework, 8.5.3.1

OPSS System Properties, F.1

Oracle Access Manager

Integration with OSSO, 10.1, 10.1

Oracle ADF security, 6.1

Oracle Business Intelligence Publisher, 13.1

audit report example, 13.4

Oracle Fusion Middleware Audit Framework, 11.1, 11.1.3

architecture, 11.3.1

concepts, 11.3, 11.3.2

Oracle Information Lifecycle Management Assistant, 12.5.6.4

Oracle Internet Directory, 5.1

Oracle Internet Directory 10.1.4.3 patch, 5.1

Oracle Internet Directory tuning, 5.1

Oracle JDeveloper 11g, 6.1

Oracle Platform Security Services, 10.1

developing with, 14

Oracle Security Developer Tools, 14.5

Oracle Virtual Directory, 5.1

OracleAS Single Sign-On solution, See Also OSSO, 10.3

OraclePKIProvider, 20.2.1

oracle.security.jps.config, 2.5.3, A

Oracle-specific applications, 6.1

orapki, 20.2.1

OSSO

existing implementation, 10.1

Identity Asserter, 10.3.1, 10.3.2.4, 10.3.2.4

new users, 10.3.2

processing, 10.3.1.2

Tips and Troubleshooting, 10.3.3

solution, 10, 10.1, 10.1

OSSO Identity Asserter, 10.3.1.1

P

packaging an J2EE application, 15.3

Packaging Credentials, 15.3.2

Packaging Policies, 15.3.1

password credential, 9.1

Password Validation, 3.6

passwords, 3.6

perimeter authentication, 10.2.2.2

permission, 1.2.1, 3.1

permission classes, 4.2, 8, 15.4.6

permission inheritance, 3.2.1

permissions to anonymous role, 3.4

permissions to authenticated role, 3.3

policy domain

URL prefixes, 10.2.5.2.1, 10.2.5.2.2, 10.2.6.1

Policy Management, 7.3.1

Policy Store, 3.1, 4.2

policy-related WLST commands, 6.5

PolicyStoreAccessPermission, 15.4.6.1

Post-installation tasks, 6.3

principal, 1.3.1, 3.1

principal name comparison, 3.7.1, 3.7.2

PrincipalEqualsCaseInsensitive, 3.7.2

PrincipalEqualsCompareDnAndGuid, 3.7.2

Process overview

OAMCfgTool, 10.2.4.2.2

Oracle Access Manager Authenticator for Web and non-Web Resources, 10.2.2.3

Oracle Access Manager Identity Asserter with Web-only applications, 10.2.2.2

OSSO Identity Asserter, 10.3.1.2

production environment, 6.2.1

Programmatic Authorization, 14.3.3

programmatic security

J2EE

programmatic security, 1.4.1

props.auth.level, 8.5.3.3

props.auth.uri, 8.5.3.3

props.auth.url, 8.5.3.3

protection domain, 1.2.2

R

reassociateSecurityStore, 6.5, 8.4.2.11

Reassociation of credentials, 4.3

Reassociation of policies, 4.2

ResourcePermission, 18.4

revokeAppRole, 8.4.2.4

revokePermission, 8.4.2.8

role hierarchy, 3.2.1

S

SAML 1.1 identiry assertion, 4.1.1

SAML 2.0 identity assertion, 4.1.1

scenarios, 5.4, 5.4

security manager, 1.2.3

Security Provider Configuration, 8.2.1, 8.5

Security Provider for WebLogic SSPI, 10.2.1.3

security role, 1.4.3

security-related commands, 6.5

server restart, 5.2, F

service instance update script, E.1

Service Providers, 19.3

introduction, 19.3

understanding, 19.3.1

setAuditPolicy, C.4.3

setAuditRepository, C.4.5

setDefaultHostnameVerifier, 20.5.2

setDomainEnv shell script, F.1, I.1.2

setHostnameVerifier, 20.5.2

Setting a Node in LDAP server, 8.1.2

setting up providers

OAM Asserter with Oracle Web Services Manager, 10.2.6.3

OAM Authenticator, 10.2.5.3

OAM Identity Assertion, 10.2.4.3.4

OSSO Identity Asserter, 10.3.2.4

Single Sign-On, 8.5.3

single sign-on solutions for Fusion Middleware, See Also SSO, 10

SPNEGO, 4.1.2

SPNEGO tokens, 4.1.2

SSL

and User/Role APIs, 19.8

anonymous, 8.2.1

one-way, 8.2.1

SSLSocketFactory, 20.4.2, 20.4.2

SSO

enterprise level, 10.1

existing 10g SSO, 10.1

Oracle Access Manager, 10.2

Synchronization Filter, 10.4

SSO service, 8.5.3.1

SSO service configuration, 8.5.3.3

sso.provider.class, 8.5.3.3

StandardHostnameVerifier, 20.5.3

storing policies and credentials, 5.1

Subject, 3.7.1

subject, 1.3.1, 3.1, 3.4.1

Symmetric cipher, 20.2.4

synchronizing

user and SSO Sessions, 10.4

system component, 3.1

system-jazn-data.xml, 15

T

Task overview

Configuring the OAM Authenticator, 10.2.5

Deploying and configuring OAM Identity Assertion for single sign-on includes, 10.2.4

Deploying OSSO Identity Asserter, 10.3.2

Deploying the Identity Asserter with Oracle Web Services Manager, 10.2.6

Installing required components for OAM Authentication Provider, 10.2.3.2

Setting policies in Oracle Web Services Manager, 10.2.6.2

Test Environments, 7.3

token.provider.class, 8.5.3.3

typical security practices, 6.3

U

updateServiceInstanceProperty, E.1

updating instance with script, E.1

upgradeSecurityStore, G

User and Role API, 14.2.2, D

Javadoc, 19.9

programming tips, 19.3.9.1

User and Role APIs

and WebLogic authenticators, 19.1.1

developing with, 19

environment setup, 19.3.2

introduction, 19.1

programming tips, 19.3.9

summary, 19.2

UseRetrievedUserNameAsPrincipal, 4.1.3.1

user.login.attr, I.8

username.attr, I.8

W

WAR file, 15.1

WebLogic

Authentication provider, 10.1, 10.2.4.3.1

Authentication providers

Identity Assertion, 10.2.4.3.1

J2EE applications, 10.2.1.3

WebLogic Administration Console, 5.2

WebLogic Scripting Tool (WLST), 10.2.4.3.2

weblogic-application.xml, 15

web.xml, 4.2, 15, 15.3

WLSGroupImpl, 3.2.1, 15.2

WLSGroupImpl principal, 10.2.2.2

WLST

createAppRole, 8.4.2.1

createCred, 9.5.2.3

deleteAppPolicies, 8.4.2.10

deleteAppRole, 8.4.2.2

deleteCred, 9.5.2.4

grantAppRole, 8.4.2.3

grantPermission, 8.4.2.7

listAppRoleMembers, 8.4.2.6

listAppRoles, 8.4.2.5

listCred, 9.5.2.1

listPermissions, 8.4.2.9

reassociateSecurityStore, 8.4.2.11

revokeAppRole, 8.4.2.4

revokePermission, 8.4.2.8

updateCred, 9.5.2.2

WLSUserImpl, 3.2.1, 15.2

WLSUserImpl principal, 10.2.2.2

X

X509 identity assertion, 4.1.1