1/45
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
What's New
Product and Component Name Changes
New Features for Release 11g Release 1 (11.1.1)
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
Part I Introduction and Getting Started
1
Introduction to Oracle Access Manager 11g and Administration
Introduction to This Book
Introduction to Getting Started with OAM 11g and Administration
Introduction to Oracle Access Manager and OAM 11g Administration
About Oracle Access Manager 11g and Single Sign-On
Enhancements in Oracle Access Manager 11g
Oracle Access Manager 10g Functionality Not Available with 11g
About Installation versus Upgrading
Getting Started with OAM 11g Administration and Navigation
OAM 11g System Management
Data Sources
OAM Servers and the Administration Console
Policy Enforcement Agents
Single Sign-on and Policies
Single Sign-On
OAM Policy Model and Shared Policy Components
OAM Policy Model, Application Domains, and Policies
Centralized Logout for OAM 11g
Connectivity and Policy Testing
Session Management
Logging and Auditing
Component Event Message Logging
Common Audit Framework
Monitoring OAM Performance
Performance Metrics in the OAM Administration Console
Performance Metrics in Fusion Middleware Control
Using OAM 10g WebGates with OAM 11g
Provisioning OAM 10g WebGates for OAM 11g
Configuring 10g WebGates for Apache v2-based Web Servers (OHS and IHS)
Configuring 10g WebGates for the IIS Web Server
Configuring 10g WebGates for the ISA Server
Configuring Lotus Domino for OAM 10g WebGates
Appendixes
Co-existence: OAM 11g SSO versus OAM 10g SSO with OracleAS SSO 10g
Moving OAM 11g From Test (Source) to Production (Target)
Integration with Oracle ADF Applications
Internationalization and Multibyte Data Support for OAM 10g WebGates
Secure Communication and Certificate Management
Custom WebLogic Scripting Tool Commands for OAM
OAM 11g for IPv6 Clients
Troubleshooting
2
Getting Started with OAM Administration and Navigation
Prerequisites
Introduction to Oracle Access Manager 11g Architecture
About Oracle Access Manager 11g Architecture
Comparing Oracle Access Manager 11g with OAM 10g and OSSO 10g
Introduction to OAM Installation and Configuration
About Deployment Types and OAM
About Post-Installation Tasks
Introduction to OAM Administrators
Logging In to and Signing Out of Oracle Access Manager 11g
Logging In to the Oracle Access Manager 11g Administration Console
Signing Out of Oracle Access Manager 11g Administration Console
Introduction to the OAM Administration Console and Controls
Console Layout and Controls
Welcome Page
Function-Level Tabs and Controls
Content Pages and Page Controls
Elements on a Page
Selecting Controls in the Administration Console
Introduction to Policy Configuration and System Configuration Tabs
About the System Configuration Tab
About the Policy Configuration Tab
Viewing Configuration Details in the Console
Conducting Searches
About Search Controls
Searching for an Instance
Using Online Help
Command-Line Tools
Logging Component Events
Part II OAM 11g System Management
3
Managing Data Sources
Prerequisites
Introduction to Managing Data Sources
About User Identity Stores
About the OAM Policy and Session Data Store
About the OAM Configuration Data File
About Security Keys and the Embedded Java Key Store
Managing User Identity Store and OAM Administrator Registrations
About the User Identity Store Registration Page
Searching for a User Identity Store Registration
Registering a New User Identity Store
Viewing or Editing a User Identity Store Registration
Deleting a User Identity Store Registration
Defining a New OAM Administrator Role
Managing the Database by Using the OAM Administration Console
About Database Deployment for OAM 11g
Configuring a Separate Database for Session Data
4
Managing OAM Server Registration
Prerequisites
Introduction to OAM Server Registration and Management
About Server Side Differences Between OAM 11g and OAM 10g
About Individual OAM Server Registrations
About the Embedded Proxy Server and Backward Compatibility
About OAM 11g SSO and Legacy OAM 10g SSO in Combination with OSSO
About Communication Between OAM Servers and WebGates
About Server Common Properties
Managing Individual OAM Server Registrations
About the OAM Server Registration Page
OAM Proxy Page
Coherence Page for Individual Servers
Searching for an Individual OAM Server Registration
Registering a Fresh OAM Server Instance
Viewing or Editing Individual OAM Server and Proxy Settings
Deleting an Individual Server Registration
Introduction to Managing OAM Server Common Properties
About OAM Server Common Properties Pages
Displaying OAM Server Common Properties Pages
Managing Common OAM Proxy Simple and Cert Mode Security
About Simple and Cert Mode Transport Security
About the Common OAM Proxy Page for Secure Server Communications
Viewing or Editing Simple or Cert Settings for OAM Proxy
Managing Run Time Policy Evaluation Caches
About Common Run Time Policy Evaluation Caches
Managing Common Runtime Policy Evaluation Caches
5
Registering Partners (Agents and Applications) by Using the Console
Prerequisites
Introduction to Policy Enforcement Agents
About Policy-Enforcement Agents
About the Pre-Registered IDM Domain Agent
About Registering Partners (Agents and Applications)
About File System Changes and Artifacts for Registered Agents
Registering and Managing WebGate Agents Using the Administration Console
About the Create OAM Agent Page
Searching for a WebGate Agent Registration
Registering a WebGate Agent
Viewing or Editing a WebGate Agent Registration
Deleting a WebGate Agent Registration
Registering and Managing OSSO Agents Using the Administration Console
About OSSO Agents and the OSSO Proxy
About the Create OSSO Agent Page
Searching for an OSSO Agent (mod_osso) Registration
Registering an OSSO Agent (mod_osso)
Viewing or Editing OSSO Agent (mod_osso) Registration
Deleting an OSSO Agent (mod_osso) Registration
6
Registering Partners (Agents and Applications) Remotely
Prerequisites
Introduction to Remote Partner Registration
About In-Band Remote Registration
About Out-of-Band Remote Registration
About Key Use, Generation, Provisioning, and Storage
About the Remote Registration Tool
About Remote Registration Requests
OSSO Remote Registration Request
Short, Simplified OAM Remote Registration Requests
Common Elements of Remote Registration Requests
OSSO-Specific Elements in a Remote Registration Request
Full OAM Remote Registration Requests
About Out-of-Band Registration Responses
Acquiring and Setting Up the Registration Tool
Creating the Registration Request
Performing In-Band Remote Registration
Performing Out-of-Band Remote Registration
Validating Remote Registration and Resource Protection
Validating Remote Registration
Validating Authentication, Resource Protection, and Access After Remote Registration
Part III Single Sign-on, Policies, and Testing
7
Introduction to the OAM Policy Model, Single Sign-On
Prerequisites
Comparing the OAM 11g Policy Model with OAM 10g
Introduction to the OAM 11g Policy Model
About Resource Types
About Host Identifiers
About Authentication, Schemes, and Modules
Authentication Schemes and Modules
Authentication Event Logging and Auditing
About Application Domains and Policies
About Resources and Resource Definitions
About Authentication Policies, Responses, and Resources
About Authorization Policies, Resources, Constraints, and Responses
Introduction to Configuring OAM Single Sign-On
Introduction to SSO Components
About Single Sign-On Components
About Single Sign-On Cookies
About Single Sign-On Cookies
OAMAuthnCookie for 11g OAM WebGates
ObSSOCookie for 10g OAM WebGates
OAM_REQ Cookie
mod_osso Cookies
Introduction to OAM 11g Single Sign-On Implementation Types
Application SSO
Single Sign-On with OAM 11g
Cross-Network Domains and Oracle Access Manager 11g
Introduction to OAM 11g SSO Processing
About SSO Log In Processing
Login
Login with Self-Service Provisioning Applications
Login and Auto Login for Applications Using Oracle ADF Security
About SSO Log In Processing with OAM Agents
About SSO Login Log In Processing with OSSO Agents (mod_osso)
About Single Sign-On Processing with Mixed Release Agents
8
Managing Policy Components
Prerequisites
Introduction to Managing Policy Components
Managing Resource Types
About Resource Types and Their Use
About the Resource Type Page
Creating a Non-HTTP Resource Type
Searching for a Specific Resource Type
Deleting Resource Types
Managing Host Identifiers
About Host Identifiers
Host Identifier Usage
Host Identifier Guidelines
Host Identifier Variations
About Virtual Web Hosting
About the Host Identifier Page
Creating a Host Identifier
Searching for a Host Identifier Definition
Viewing or Editing a Host Identifier Definition
Deleting a Host Identifier Definition
Managing Authentication Modules
About Default Authentication Modules Pages
Kerberos Authentication Module
LDAP Authentication Modules
X509 Authentication Module
Creating a New Authentication Module
Searching for a Specific Authentication Module
Viewing or Editing Authentication Modules
Deleting an Authentication Module
Managing Authentication Schemes
About the Authentication Schemes Page
Pre-configured Authentication Schemes
About Challenge Methods
About Authentication Modules
About Multi-Level Authentication
Creating an Authentication Scheme
Searching for a Authentication Scheme
Viewing or Editing a Authentication Scheme
Deleting an Authentication Scheme
9
Managing Policies to Protect Resources and Enable SSO
Prerequisites
Introduction to Application Domain Creation
About Automatic Application Domain Creation
About Manually Creating Application Domains
Anatomy of an Application Domain and Policies
Application Domain General Details
Default Resource Definition in a Generated Application Domain
Default Authentication Policies in a Generated Application Domain
Default Authorization Policies in a Generated Application Domain
Managing Application Domains using the Administration Console
About the Application Domains Page
Creating a Fresh Application Domain
Searching for an Application Domain
Viewing or Editing an Application Domain
Deleting an Application Domain and Its Content
Adding and Managing Resource Definitions for Use in Policies
About the Resource Definition Page in an Application Domain
About the Resource Type in a Resource Definition
About the Host Identifier in a Resource Definition
About the Resource URL
About Run Time Resource Evaluation
Adding Resource Definitions to an Application Domain
Searching for a Resource URL Definition
Viewing or Editing a Resource Definition in an Application Domain
Deleting a Resource Definition from an Application Domain
Defining Authentication Policies for Specific Resources
About the Authentication Policy Page
About Resources in an Authentication Policy
Adding an Authentication Policy and Resources
Searching for an Authentication Policy
Viewing or Editing an Authentication Policy
Deleting an Authentication Policy
Defining Authorization Policies for Specific Resources
About Authorization Policies for Specific Resources
Adding an Authorization Policy and Specific Resources
Searching for an Authorization Policy
Viewing or Editing an Authorization Policy and Resources
Deleting an Authorization Policy
Introduction to Policy Responses for SSO
About Authentication and Authorization Policy Responses for SSO
About the Policy Response Language
About the Namespace and Variable Names for Policy Responses
About Constructing a Policy Response for SSO
Simple Responses
Compound and Complex Responses
About Policy Response Processing
Adding and Managing Policy Responses for SSO
Adding a Policy Response for SSO
Viewing, Editing, or Deleting a Policy Response for SSO
Introduction to Authorization Constraints
About Allow or Deny Type Constraints
About Classifying Users and Groups for Constraints
Guidelines for Authorization Responses Based on Constraints
About Constraints and General Authorization Policy Details
About the Add Constraint Window
About Identity Class Constraints
About IP4Range Class Constraints
About Temporal Class Constraints
Defining Authorization Policy Constraints
Defining Identity Class Constraints
Defining IP4Range Class Constraints
Defining Temporal Class Constraints
Viewing, Editing, or Deleting Authorization Policy Constraints
Managing the Common SSO Engine
About Common SSO Engine Settings
Viewing or Editing Common SSO Engine Details
Validating Authentication and Authorization in an Application Domain
10
Validating Connectivity and Policies Using the Access Tester
Prerequisites
Introduction to the OAM 11g Access Tester
About OAM Agent and Server Interoperability
About Access Tester Security and Processing
About Access Tester Modes and Administrator Interactions
Installing and Starting the Access Tester
Installing the Access Tester
About Access Tester Supported System Properties
Starting the Access Tester Without System Properties For Use in Console Mode
Starting the Access Tester with System Properties For Use in Command Line Mode
About the Access Tester Command Line Mode
Starting the Access Tester with System Properties
Introduction to the Access Tester Console and Navigation
Access Tester Menus and Command Buttons
Testing Connectivity and Policies from the Access Tester Console
Establishing a Connection Between the Access Tester and the OAM Server
About the Connection Panel
Connecting the Access Tester with the OAM Server
Validating Resource Protection from the Access Tester Console
About the Protected Resource URI Panel
Validating Resource Protection
Testing User Authentication from the Access Tester Console
About the User Identity Panel
Testing User Credential Authentication
Testing User Authorization from the Access Tester Console
Observing Request Latency
Creating and Managing Test Cases and Scripts
About Test Cases and Test Scripts
Capturing Test Cases
Generating an Input Test Script
About Generating an Input Test Script
Generating an Input Test Script
Personalizing an Input Test Script
About Customizing a Test Script
Customizing a Test Script
Executing a Test Script
About Test Script Execution
Running a Test Script
Evaluating Scripts, Log File, and Statistics
About Evaluating Test Results
About the Saved Connection Configuration File
About the Generated Input Test Script
About the Target Output File Containing Test Run Results
About the Statistics Document
About the Execution Log
11
Configuring Centralized Logout for OAM 11g
Prerequisites
Introduction to OAM 11g Centralized Logout
About Centralized Logout with OAM 11g Agents and Servers
About Centralized Logout with OAM 10g Agents and OAM 11g Servers
About Centralized Logout with the IDM Domain Agent
About Centralized Logout with OSSO Agents (mod_OSSO) and OAM 11g
About Centralized Logout for Applications Using Oracle ADF Security
Configuring Centralized Logout for 11g WebGate with OAM 11g Server
About Configuring Centralized Logout for 11g WebGates
Configuring Centralized Logout for 11g WebGates
Configuring Centralized Logout for the IDM Domain Agent
Configuring Centralized Logout for 10g WebGate with OAM 11g Servers
About Centralized Logout Processing for 10g WebGate with OAM 11g Server
About the Centralized Logout Script for OAM 10g Agents with OAM 11g Servers
Configuring Centralized Logout for 10g WebGates with OAM 11g
Configuring Centralized Logout for Oracle ADF-Coded Applications
About Centralized Logout Processing for Applications Coded to Oracle ADF Standards
Configuring Centralized Logout for ADF-Coded Applications with OAM 11g
Validating Global Sign-On and Centralized Logout
Confirming Global Sign-On
Validating Global Sign-On with Mixed Agent Types
Observing Centralized Logout
Part IV Session Management and Life Cycle Management
12
Managing Sessions
Prerequisites
Introduction to User Sessions and Session Management
About the User Session Lifecycle
Oracle Coherence and Session Management
Configuring User Session Lifecycle Settings
About Common Session Lifecycle Setting Page
Viewing or Modifying Common Session Lifecycle Settings
Managing Active User Sessions
About the Session Management Page
Managing Active User Sessions
Verifying Session Management
Security
Secure HTTPS Protocol
Coherence
Database Persistence
Part V Logging and Auditing
13
Logging Component Event Messages
Introduction to Logging OAM Component Events
About OAM Component Loggers
Sample Logger and Log Handler Definition
About Logging Levels
Configuring Logging for Oracle Access Manager Using Custom WLST Commands
Modifying the Oracle Access Manager Logger Level
Adding an OAM-Specific Logger and Log Handler
Validating Run-time Event Logging Configuration
14
Auditing OAM Administrative and Run-time Events
Prerequisites
Introduction to Oracle Access Manager Auditing
About OAM Auditing Configuration
About Audit Record Storage
About Audit Reports and Oracle Business Intelligence Publisher
About the Audit Log
OAM Events You Can Audit
OAM Administrative Events You Can Audit
OAM Run-time Events You Can Audit
About Authentication Event Auditing
Setting Up Auditing for Oracle Access Manager
Setting Up the Audit Database Store
Preparing Oracle Business Intelligence Publisher EE
About the Auditing Configuration Page in Oracle Access Manager
Adding, Viewing, or Editing Common Audit Settings within Oracle Access Manager
Validating Oracle Access Manager Auditing and Reports
Part VI Monitoring OAM Performance
15
Monitoring OAM Metrics by Using Oracle Access Manager
Introduction to Monitoring and Metrics by Using OAM
About OAM Proxy Metrics
Monitoring Agents and Servers
Reviewing Performance Metrics
Reviewing OAM Agent Metrics
Reviewing OSSO Agent Metrics
Performance Tuning Parameters
OAM Proxy Server Tuning Parameters
16
Monitoring OAM Performance by Using Fusion Middleware Control
Prerequisites
Introduction to OAM 11g and Fusion Middleware Control
Logging In to and Out of Fusion Middleware Control
About the Login Page for Fusion Middleware Control
Logging In To Fusion Middleware Control
Logging Out of Fusion Middleware Control
Displaying OAM 11g Menus and Pages in Fusion Middleware Control
About the OAM Farm Page in Fusion Middleware Control
About Context Menus and Pages in Fusion Middleware Control
Displaying Context Menus and Target Details in Fusion Middleware Control
Viewing OAM Performance in Fusion Middleware Control
About OAM Performance Overview Pages in Fusion Middleware Control
About Metrics and the Performance Summary Page
Configuring OAM Performance Metrics in Fusion Middleware Control
Viewing OAM Performance in Fusion Middleware Control
Managing Log Level Changes in Fusion Middleware Control
About Dynamic Log Level Changes
Setting OAM Log Levels Dynamically Using Fusion Middleware Control
Managing OAM Log File Configuration from Fusion Middleware Control
About Log File Configuration
Managing OAM Log File Configuration by Using Fusion Middleware Control
Locating and Viewing OAM Log Messages in Fusion Middleware Control
About Finding, Viewing, and Exporting Log Messages
Locating and Viewing Logged OAM Information in Fusion Middleware Control
Displaying OAM MBeans in Fusion Middleware Control
About the System MBean Browser
Viewing, Editing, and Invoking OAM 11g Mbeans
Displaying Farm Routing Topology in Fusion Middleware Control
About the Routing Topology
Viewing the OAM Routing Topology using Fusion Middleware Control
Part VII Using OAM 10g WebGates with OAM 11g
17
Managing OAM 10g WebGates with OAM 11g
Prerequisites
Introduction to OAM 10g Agents for OAM 11g
About Replacing the IDM Domain Agent with an OAM 10g WebGate
About Legacy OAM 10g Deployments and WebGates
About Installing Fresh OAM 10g WebGates to Use With OAM 11g
Provisioning a 10g WebGate with OAM 11g
Locating and Installing the Latest OAM 10g WebGate for OAM 11g
Preparing for a Fresh 10g WebGate Installation with OAM 11g
Locating and Downloading 10g WebGates for Use with OAM 11g
Starting WebGate 10g Installation
Specifying a Transport Security Mode
Requesting or Installing Certificates for Secure Communications
Specifying WebGate Configuration Details
Updating the WebGate Web Server Configuration
Manually Configuring Your Web Server
Finishing WebGate Installation
Installing Artifacts and Certificates
Confirming WebGate Installation
Configuring Centralized Logout for 10g WebGate with OAM 11g
Replacing the IDM Domain Agent with an OAM 10g WebGate
Provisioning a 10g WebGate to Replace the IDM Domain Agent
Installing a 10g WebGate to Replace the IDM Domain Agent
Updating the WebLogic Server Plug-in
Confirming the AutoLogin Host Identifier for an OAM / OIM Integration
Configuring OAM Security Providers for WebLogic
About Security Providers
Setting Up Security Providers for the 10g WebGate
Disabling the IDM Domain Agent
Verification
Deploying Applications in a WebLogic Container
Removing a 10g WebGate from the OAM 11g Deployment
18
Configuring Apache, OHS, IHS for 10g WebGates
Prerequisites
About Oracle HTTP Server and Oracle Access Manager
About Oracle Access Manager with Apache and IHS v2 WebGates
About the Apache HTTP Server
About the IBM HTTP Server
About the Apache and IBM HTTP Reverse Proxy Server
About Apache v2 Architecture and Oracle Access Manager
Requirements for Oracle HTTP Server, IHS, Apache v2 Web Servers
Requirements for IHS2 Web Servers
Requirements for Apache and IHS v2 Reverse Proxy Servers
Requirements for Apache v2 Web Servers
Preparing Your Web Server
Preparing the IHS v2 Web Server
Preparing the Host for IHS v2 Installation
Installing the IBM HTTP Server v2
Setting Up SSL-Capability
Starting a Secure Virtual Host
Preparing Apache and Oracle HTTP Server Web Servers on Linux
Preparing Oracle HTTP Server Web Servers on Linux and Windows Platforms
Setting Oracle HTTP Server Client Certificates
Preparing the Apache v2 Web Server on UNIX
Preparing the Apache v2 SSL Web Server on AIX
Preparing the Apache v2 Web Server on Windows
Activating Reverse Proxy for Apache v2 and IHS v2
Activating Reverse Proxy For Apache v2 Web Servers
Activating Reverse Proxy For IHS v2 Web Servers
Verifying httpd.conf Updates for Oracle Access Manager WebGates
Verifying WebGate Details
Verifying Language Encoding
Tuning Oracle HTTP Server for Oracle Access Manager WebGates
Tuning OHS /Apache Prefork and MPM Modules for OAM
Tuning Oracle HTTP Server /Apache Prefork Module
Tuning Oracle HTTP Server /Apache MPM Module
Kernal Parameters Tuning
Starting and Stopping Oracle HTTP Server Web Servers
Tuning Apache/IHS v2 for Oracle Access Manager WebGates
Removing Web Server Configuration Changes After Uninstall
Helpful Information
19
Configuring the IIS Web Server for 10g WebGates
Prerequisites
WebGate Guidelines for IIS Web Servers
Guidelines for ISAPI WebGates
WebGates for IIS v7
WebGates for IIS v6
Multiple WebGates with a Single IIS 6 Instance
Prerequisite for Installing WebGate for IIS 7
Prerequisite for Installing Any 10g WebGate for IIS 7
Prerequisite for Installing a 32-bit WebGate for IIS 7
Updating IIS 7 Web Server Configuration on Windows 2008
Completing WebGate Installation with IIS
Enabling Client Certificate Authentication on the IIS Web Server
Ordering the ISAPI Filters
Enabling Pass-Through Functionality for POST Data
About ISAPI WebGate 10.1.4.2.3
About Pass-Through Functionality for POST Data
Implementing Pass-Through: IIS 6.0 in Worker Process Isolation Mode
Implementing Pass-Through with IIS 6.0 Web Server in IIS 5.0 Isolation Mode
Protecting a Web Site When the Default Site is Not Setup
Installing and Configuring Multiple 10g WebGates for a Single IIS 7 Instance
Installing Each IIS 7 WebGate in a Multiple WebGate Scenario
Setting the Impersonation DLL for Multiple IIS 7 WebGates
Enabling Client Certification for Multiple IIS 7 WebGates
Configuring IIS 7 WebGates for Pass Through Functionality
Confirming IIS 7 WebGate Installation
Installing and Configuring Multiple WebGates for a Single IIS 6 Instance
Installing Each WebGate in a Multiple WebGate Scenario
Setting the Impersonation DLL for Multiple WebGates
Enabling SSL and Client Certification for Multiple WebGates
Confirming Multiple WebGate Installation
Finishing 64-bit WebGate Installation
Setting Access Permissions, ISAPI filters, and Directory Security Authentication
Setting Client Certificate Authentication
Confirming WebGate Installation on IIS
Starting, Stopping, and Restarting the IIS Web Server
Removing Web Server Configuration Changes Before Uninstall
20
Configuring the ISA Server for 10g WebGates
Prerequisites
About Oracle Access Manager and the ISA Server
Compatibility and Platform Support
Installing and Configuring WebGate for the ISA Server
Installing WebGate with ISA Server
Changing /access Directory Permissions
Configuring the ISA Server for the ISAPI WebGate
Registering Oracle Access Manager Plug-ins as ISA Server Web Filters
Configuring ISA Firewall Policies for ISA Web Filters
Ordering the ISAPI Filters
Starting, Stopping, and Restarting the ISA Server
Removing Oracle Access Manager Filters Before WebGate Uninstall on ISA Server
21
Configuring Lotus Domino Web Servers for 10g WebGates
Prerequisites
Installing the Domino Web Server
Setting Up the First Domino Web Server
Starting the Domino Web Server
Enabling SSL (Optional)
Installing a Domino Security (DSAPI) Filter
Completing the WebGate Installation
Part VIII Appendixes
A
Transitioning OAM 11g from a Test to a Production Environment
Prerequisites
Introduction to Deployment Scenarios and Data Types
Introduction to Methods and Tools
About New versus Existing Production Environments
About Methods to Move from Test to Production
About the WebLogic Scripting Tool Commands
About Conflict Resolution
About Building a Dependency Tree for Each Application Domain
Planning an OAM 11g Move from Test to Production
Choose the Method
Noting Differences Between Source and Target Environments
Developing Deployment Inventories
Developing Tests
Understanding Change Propagation
Scheduling and Notifications
Backup and Recovery Strategies
Moving OAM 11g From Test to Production
Exporting OAM 11g Data from Test (Source)
Importing OAM 11g to Production (Target)
B
Co-existence Overview: OAM 11g and OSSO 10g
Prerequisites
Introduction to Upgrading and Co-existence with OracleAS 10g SSO
Pre- and Post-Upgrade Topology and Authentication Examples
About Pre-Upgrade OSSO 10g Topology
Simple OSSO 10g with mod_oc4j on a Front-End Proxy Server
About Post-Upgrade Topology and Co-existence
Post-Upgrade: mod_wl Replaces mod_oc4j on the Proxy Server
Post-Upgrade: No Proxy Server
Introduction to Validating Post-Upgrade Co-Existence with OAM 11g
About Post-Upgrade SSO
About Post-Upgrade OSSO 10g Authentication
Validating Post-Upgrade Co-existence
Validating Post-Upgrade Registration and Policies
Sample Partner Applications Protected Using OSSO 10g
Policy Enforcement Agent Details
Shared Components: Host Identifiers for migratedSSOPartners
Resources in the migratedSSOPartners Application Domain
Authentication Policy in the migratedSSOPartners Application Domain
Validating Post-Upgrade SSO with Oracle Access Manager Protected Resources
Validating Post-Upgrade SSO with OSSO-Protected Resources
C
Integrating Oracle ADF Applications with Oracle Access Manager 11g SSO
Introduction to Oracle Platform Security Services and Oracle Application Developer Framework
Oracle Platform Security Services Single Sign-on Framework
Oracle Application Developer Framework
Integrating OAM 11g With Web Applications Using Oracle ADF Security and the OPSS SSO Framework
Sample SSO Configuration for OAM 11g
SSO Provider Configuration Details
Confirming Application-Driven Authentication During Runtime
D
Internationalization and Multibyte Data Support for OAM 10g WebGates
Introduction to Internationalization and Multibyte Data Support
Languages For Localized Messages in Oracle Access Manager
Bi-directional Language Support
UTF-8 Encoding
E
Securing Communication with OAM 11g
Prerequisites
Introduction to Securing Communication Between OAM 11g Servers and WebGates
About Certificates, Authorities, and Encryption Keys
About Security Modes and X509Scheme Authentication
Configuring Cert Mode Communication for OAM 11g
About Cert Mode Encryption and Files
Generating a Private Key, Certificate Request, Installing Certificates for OAM Server
Retrieving the OAM Keystore Alias and Password Using Custom WLST Commands
Importing CA-Signed Certificates Into the Keystore
Adding Certificate Details to OAM Common Server Properties
Generating a Private Key, Certificate Request, and Getting Certs for WebGates
Updating the WebGate to Use Certificates
Configuring Simple Mode Communication with OAM 11g
About Simple Mode, Encryption, and Keys
Updating the WebGate Registration for Simple Mode
Verifying Simple Mode Configuration
F
Introduction to Custom WLST Commands for OAM Administrators
Prerequisites
Introduction to WebLogic Scripting Tool Commands for OAM
WLST OAM Command Summary
Running WLST Commands for OAM Operations
Starting the WLST Shell and Logging In
Changing the Request Cache Type in a High Availability Environment
G
Configuring OAM 11g for IPv6 Clients
Prerequisites
Introduction to Oracle Access Manager 11g and IPv6
Configuring IPv6 with OAM 11g and Challenge Redirect
Considerations
Configuring IPv6: Separate Proxy for OAM 11g and WebGates
H
Troubleshooting
Introduction to OAM 11g Troubleshooting
About System Analysis and Problem Scenarios
About LDAP Server or Identity Store Issues
About OAM Server or Host Issues
About Agent-Side Configuration and Load Issues
About Runtime Database (Audit or Session Data) Issues
About Change Propagation or Activation Issues
About Policy Store Database Issues
Authentication Issues
Anonymous Authentication Issues
Authorization Issues
Cannot Access Authentication LDAP or Database
Cannot Find Configuration
Configuration Does Not Exist ...
Could Not Find Partial Trigger
Deployments with Freshly Installed OAM 10g WebGates
Authentication Issues with OAM 10g WebGates
Logout Issues with OAM 10g WebGates
Diagnosing OAM 11g Initialization and Performance Issues
Diagnosing an Initialization Issue
Diagnosing a Performance Issue
Diagnosing Out-of-Memory Issues With a Heap Dump
Disabling Windows Challenge/Response Authentication on IIS Web Servers
IIS Web Server Issues
Form Authentication or Pass-Through Not Working
IIS and General Web Component Guidelines
Issues with IIS v6 Web Servers
Page Cannot Be Displayed Error
Removing and Reinstalling IIS DLLs
jps Logger Class Instantiation Warning is Logged on Authentication
Login Failure for a Protected Page
OAM Metric Persistence Timer IllegalStateException: SafeCluster
Partial Cluster Failure and Intermittent Login and Logout Failures
Registration Issues
Rowkey does not have any primary key attributes Error
SELinux Issues
SSL versus Open Communication
Start Up Issues
Synchronizing OAM Server Clocks
Unable to Cancel Some Operations
Using Oracle Coherence for Troubleshooting
Troubleshooting OAM Servers Using Oracle Coherence Properties
Validation Errors
Web Server Issues
Access Server Fails on an Apache Web Server
Apache v2 on HP-UX
Apache v2 Bundled with Red Hat Enterprise Linux 4
Apache v2 Bundled with Security-Enhanced Linux
Apache v2 on UNIX with the mpm_worker_module for WebGate
Domino Web Server Issues
Errors, Loss of Access, and Unpredictable Behavior
Known Issues for ISA Web Server
Oracle HTTP Server Fails to Start with LinuxThreads
Oracle HTTP Server WebGate Fails to Initialize On Linux Red Hat 4
Oracle HTTP Server Web Server Configuration File Issue
Issues with IIS v6 Web Servers
PCLOSE Error When Starting Sun Web Server
Removing and Reinstalling IIS DLLs
Windows Native Authentication
Index
Scripting on this page enhances content navigation, but does not change the content in any way.