Contents

List of Examples

List of Figures

List of Tables

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documentation
• Conventions

What's New in This Guide

• New Features in Release 11gR1 PS5
• New Features in Oracle Identity Management 11gR1 PS1
• New Features in Release 11gR1 PS3
• New Features in Oracle Identity Management 11gR1
• New Features in Release 11gR1 PS2
• New Features in Release 11gR1 PS1
• New Features in Release 11gR1
• Desupported Features from 10.1.3.x
• Links to Upgrade Documentation

Part I Understanding Security Concepts

1 Introduction to Oracle Platform Security Services

• 1.1 What is Oracle Platform Security Services?
  • 1.1.1 OPSS Main Features
  • 1.1.2 Supported Server Platforms
• 1.2 OPSS Architecture Overview
  • 1.2.1 Benefits of Using OPSS
• 1.3 Oracle ADF Security Overview
• 1.4 OPSS for Administrators
• 1.5 OPSS for Developers
  • 1.5.1 Scenario 1: Enhancing Security in a Java EE Application
  • 1.5.2 Scenario 2: Securing an Oracle ADF Application
  • 1.5.3 Scenario 3: Securing a Java SE Application

2 Understanding Users and Roles

• 2.1 Terminology
• 2.2 Role Mapping
  • 2.2.1 Permission Inheritance and the Role Hierarchy
• 2.3 The Authenticated Role
• 2.4 The Anonymous User and Role
  • 2.4.1 Anonymous Support and Subject
• 2.5 Administrative Users and Roles
• 2.6 Managing User Accounts
• 2.7 Principal Name Comparison Logic
  • 2.7.1 How Does Principal Comparison Affect Authorization?
  • 2.7.2 System Parameters Controlling Principal Name Comparison
• 2.8 The Role Category

3 Understanding Identities, Policies, Credentials, Keys, and Certificates

• 3.1 Authentication Basics
  • 3.1.1 Supported LDAP Identity Store Types
  • 3.1.2 Oracle WebLogic Authenticators
    • 3.1.2.1 Using an LDAP Authenticator
    • 3.1.2.2 Configuring the LDAP Identity Store Service
    • 3.1.2.3 Additional Authentication Methods
  • 3.1.3 WebSphere Identity Stores
• 3.2 Policy Store Basics
• 3.3 Credential Store Basics
• 3.4 Keystore Service Basics
  • 3.4.1 Keystore Repository Types
  • 3.4.2 Keystore Repository Scope and Reassociation

4 About Oracle Platform Security Services Scenarios

• 4.1 Supported LDAP-, DB-, and File-Based Services
• 4.2 Management Tools
• 4.3 Packaging Requirements
• 4.4 Example Scenarios
• 4.5 Other Scenarios

Part II Basic OPSS Administration

5 Security Administration

• 5.1 Choosing the Administration Tool According to Technology
• 5.2 Basic Security Administration Tasks
  • 5.2.1 Setting Up a Brand New Production Environment
• 5.3 Typical Security Practices with Fusion Middleware Control
• 5.4 Typical Security Practices with the Administration Console
• 5.5 Typical Security Practices with Oracle Entitlements Server
• 5.6 Typical Security Practices with OPSS Scripts

6 Deploying Secure Applications

• 6.1 Overview
• 6.2 Selecting the Tool for Deployment
  • 6.2.1 Deploying Java EE and Oracle ADF Applications with Fusion Middleware Control
• 6.3 Deploying Oracle ADF Applications to a Test Environment
  • 6.3.1 Deploying to a Test Environment
    • 6.3.1.1 Typical Administrative Tasks after Deployment in a Test Environment
• 6.4 Deploying Standard Java EE Applications
• 6.5 Migrating from a Test to a Production Environment
  • 6.5.1 Migrating Providers other than Policy and Credential Providers
    • 6.5.1.1 Migrating Identities Manually
  • 6.5.2 Migrating Policies and Credentials at Deployment
    • 6.5.2.1 Migrating Policies Manually
    • 6.5.2.2 Migrating Credentials Manually
    • 6.5.2.3 Migrating Large Volume Policy and Credential Stores
  • 6.5.3 Migrating Audit Policies
  • 6.5.4 Migrating Keystore Service Keys and Certificates

Part III Advanced OPSS Administration

7 Configuring the Identity Store Service

• 7.1 Introduction to the Identity Store Service
  • 7.1.1 About the Identity Store Service
  • 7.1.2 Service Architecture
  • 7.1.3 Application Server Support
  • 7.1.4 Java SE Support
• 7.2 Configuring the Identity Store Provider
• 7.3 Configuring the Identity Store Service
  • 7.3.1 What is Configured?
    • 7.3.1.1 Configuring Multi-LDAP Lookup
    • 7.3.1.2 Global/Connection Parameters
    • 7.3.1.3 Back-End/Connection Parameters
  • 7.3.2 Configuration in WebLogic Server
    • 7.3.2.1 Configuring the Service for Single LDAP
    • 7.3.2.2 Configuring the Service for Multiple LDAP using Fusion Middleware Control
    • 7.3.2.3 Configuring the Service for Multiple LDAP using WLST
    • 7.3.2.4 Configuring Other Parameters
    • 7.3.2.5 Restarting Servers
    • 7.3.2.6 Examples of the Configuration File
  • 7.3.3 Configuring Split Profiles
  • 7.3.4 Configuring Custom Authenticators
  • 7.3.5 Configuration in Other Application Servers
    • 7.3.5.1 Configuring the Service for Single LDAP
    • 7.3.5.2 Configuring the Service for Multiple LDAP
  • 7.3.6 Java SE Environments
• 7.4 Querying the Identity Store Programmatically
• 7.5 SSL for the Identity Store Service
  • 7.5.1 Connections from Oracle WebLogic Server to Identity Store
  • 7.5.2 One-way SSL in a Multi-LDAP Scenario
  • 7.5.3 Two-way SSL in a Multi-LDAP Scenario
  • 7.5.4 Connections in a Single-LDAP Scenario

8 Configuring the OPSS Security Store

• 8.1 Introduction to the OPSS Security Store
• 8.2 Using an LDAP-Based OPSS Security Store
  • 8.2.1 Multiple-Node Server Environments
  • 8.2.2 Prerequisites to Using an LDAP-Based Security Store
  • 8.2.3 Setting Up a One- Way SSL Connection to the LDAP
• 8.3 Using a DB-Based OPSS Security Store
  • 8.3.1 Prerequisites to Using a DB-Based Security Store
    • 8.3.1.1 Creating the OPSS Schema in an Oracle Database
    • 8.3.1.2 Dropping the OPSS Schema in an Oracle Database
    • 8.3.1.3 Creating a Data Source Instance
  • 8.3.2 Maintaining a DB-Based Security Store
  • 8.3.3 Setting Up an SSL Connection to the DB
• 8.4 Configuring the OPSS Security Store
• 8.5 Reassociating the OPSS Security Store
  • 8.5.1 Reassociating with Fusion Middleware Control
    • 8.5.1.1 Securing Access to Oracle Internet Directory Nodes
  • 8.5.2 Reassociating with the Script reassociateSecurityStore
• 8.6 Migrating the OPSS Security Store
  • 8.6.1 Migrating with Fusion Middleware Control
  • 8.6.2 Migrating with the Script migrateSecurityStore
    • 8.6.2.1 Examples of Use
• 8.7 Configuring the Identity Provider, Property Sets, and SSO
  • 8.7.1 Configuring the Identity Store Provider
  • 8.7.2 Configuring Properties and Property Sets
  • 8.7.3 Specifying a Single Sign-On Solution
    • 8.7.3.1 The OPSS SSO Framework
    • 8.7.3.2 Configuring an SSO Solution with Fusion Middleware Control
    • 8.7.3.3 OAM Configuration Example

9 Managing the Policy Store

• 9.1 Managing the Policy Store
• 9.2 Managing Policies with Fusion Middleware Control
  • 9.2.1 Managing Application Policies
  • 9.2.2 Managing Application Roles
  • 9.2.3 Managing System Policies
• 9.3 Managing Application Policies with OPSS Scripts
  • 9.3.1 listAppStripes
  • 9.3.2 createAppRole
  • 9.3.3 deleteAppRole
  • 9.3.4 grantAppRole
  • 9.3.5 revokeAppRole
  • 9.3.6 listAppRoles
  • 9.3.7 listAppRolesMembers
  • 9.3.8 grantPermission
  • 9.3.9 revokePermission
  • 9.3.10 listPermissions
  • 9.3.11 deleteAppPolicies
  • 9.3.12 createResourceType
  • 9.3.13 getResourceType
  • 9.3.14 deleteResourceType
  • 9.3.15 createResource
  • 9.3.16 deleteResource
  • 9.3.17 listResources
  • 9.3.18 listResourceActions
  • 9.3.19 createEntitlement
  • 9.3.20 getEntitlement
  • 9.3.21 deleteEntitlement
  • 9.3.22 addResourceToEntitlement
  • 9.3.23 revokeResourceFromEntitlement
  • 9.3.24 listEntitlements
  • 9.3.25 grantEntitlement
  • 9.3.26 revokeEntitlement
  • 9.3.27 listEntitlement
  • 9.3.28 listResourceTypes
  • 9.3.29 reassociateSecurityStore
  • 9.3.30 Running an Offline Script after Reassociating to a DB-Based Store
• 9.4 Caching and Refreshing the Cache
  • 9.4.1 An Example
• 9.5 Granting Policies to Anonymous and Authenticated Roles with WLST Scripts
• 9.6 Application Stripe for Versioned Applications in WLST Scripts
• 9.7 Managing Application Policies with Oracle Entitlements Server
• 9.8 Guidelines to Configure the Policy Store

10 Managing the Credential Store

• 10.1 Credential Types
• 10.2 Encrypting Credentials
• 10.3 Managing the Credential Store
• 10.4 Managing Credentials with Fusion Middleware Control
• 10.5 Managing Credentials with OPSS Scripts
  • 10.5.1 listCred
  • 10.5.2 updateCred
  • 10.5.3 createCred
  • 10.5.4 deleteCred
  • 10.5.5 modifyBootStrapCredential
  • 10.5.6 addBootStrapCredential
  • 10.5.7 exportEncryptionKey
  • 10.5.8 importEncryptionKey
  • 10.5.9 restoreEncryptionKey

11 Managing Keys and Certificates with the Keystore Service

• 11.1 About the Keystore Service
  • 11.1.1 Structure of the Keystore Service
  • 11.1.2 Types of Keystores
  • 11.1.3 Domain Trust Store
• 11.2 About Keystore Service Commands
• 11.3 Getting Help for Keystore Service Commands
• 11.4 Keystore Service Command Reference
  • 11.4.1 changeKeyPassword
  • 11.4.2 changeKeyStorePassword
  • 11.4.3 createKeyStore
  • 11.4.4 deleteKeyStore
  • 11.4.5 deleteKeyStoreEntry
  • 11.4.6 exportKeyStore
  • 11.4.7 exportKeyStoreCertificate
  • 11.4.8 exportKeyStoreCertificateRequest
  • 11.4.9 generateKeyPair
  • 11.4.10 generateSecretKey
  • 11.4.11 getKeyStoreCertificates
  • 11.4.12 getKeyStoreSecretKeyProperties
  • 11.4.13 importKeyStore
  • 11.4.14 importKeyStoreCertificate
  • 11.4.15 listExpiringCertificates
  • 11.4.16 listKeyStoreAliases
  • 11.4.17 listKeyStores

12 Introduction to Oracle Fusion Middleware Audit Framework

• 12.1 Benefits and Features of the Oracle Fusion Middleware Audit Framework
  • 12.1.1 Objectives of Auditing
  • 12.1.2 Today's Audit Challenges
  • 12.1.3 Oracle Fusion Middleware Audit Framework in 11g
• 12.2 Overview of Audit Features
• 12.3 Oracle Fusion Middleware Audit Framework Concepts
  • 12.3.1 Audit Architecture
  • 12.3.2 Key Technical Concepts
  • 12.3.3 Audit Metadata Storage
  • 12.3.4 Audit Data Storage
  • 12.3.5 Analytics

13 Configuring and Managing Auditing

• 13.1 Audit Administration Tasks
• 13.2 Managing the Audit Data Store
  • 13.2.1 Create the Audit Schema using RCU
  • 13.2.2 Set Up Audit Data Sources
    • 13.2.2.1 Multiple Data Sources
  • 13.2.3 Configure a Database Audit Data Store for Java Components
    • 13.2.3.1 View Audit Data Store Configuration
    • 13.2.3.2 Configure the Audit Data Store
    • 13.2.3.3 Deconfigure the Audit Data Store
  • 13.2.4 Configure a Database Audit Data Store for System Components
    • 13.2.4.1 Deconfigure the Audit Data Store
  • 13.2.5 Tuning the Bus-stop Files
  • 13.2.6 Configuring the Stand-alone Audit Loader
    • 13.2.6.1 Configuring the Environment
    • 13.2.6.2 Running the Stand-Alone Audit Loader
• 13.3 Managing Audit Policies
  • 13.3.1 Manage Audit Policies for Java Components with Fusion Middleware Control
  • 13.3.2 Manage Audit Policies for System Components with Fusion Middleware Control
  • 13.3.3 Manage Audit Policies with WLST
    • 13.3.3.1 View Audit Policies with WLST
    • 13.3.3.2 Update Audit Policies with WLST
    • 13.3.3.3 Example 1: Configuring an Audit Policy for Users with WLST
    • 13.3.3.4 Example 2: Configuring an Audit Policy for Events with WLST
    • 13.3.3.5 Custom Configuration is Retained when the Audit Level Changes
  • 13.3.4 Manage Audit Policies Manually
    • 13.3.4.1 Location of Configuration Files for Java Components
    • 13.3.4.2 Audit Service Configuration Properties in jps-config.xml for Java Components
    • 13.3.4.3 Switching from Database to File for Java Components
    • 13.3.4.4 Manually Configuring Audit for System Components
• 13.4 Audit Logs
  • 13.4.1 Location of Audit Logs
  • 13.4.2 Audit Log Timestamps
• 13.5 Advanced Management of Database Store
  • 13.5.1 Schema Overview
  • 13.5.2 Table Attributes
  • 13.5.3 Indexing Scheme
  • 13.5.4 Backup and Recovery
  • 13.5.5 Importing and Exporting Data
  • 13.5.6 Partitioning
    • 13.5.6.1 Partition Tables
    • 13.5.6.2 Backup and Recovery of Partitioned Tables
    • 13.5.6.3 Import, Export, and Data Purge
    • 13.5.6.4 Tiered Archival

14 Using Audit Analysis and Reporting

• 14.1 Setting up Oracle Business Intelligence Publisher for Audit Reports
  • 14.1.1 About Oracle Business Intelligence Publisher
  • 14.1.2 Install Oracle Business Intelligence Publisher
  • 14.1.3 Set Up Oracle Reports in Oracle Business Intelligence Publisher
  • 14.1.4 Set Up Audit Report Templates
  • 14.1.5 Set Up Audit Report Filters
  • 14.1.6 Configure Scheduler in Oracle Business Intelligence Publisher
• 14.2 Organization of Audit Reports
• 14.3 View Audit Reports
• 14.4 Example of Oracle Business Intelligence Publisher Reports
• 14.5 Audit Report Details
  • 14.5.1 List of Audit Reports in Oracle Business Intelligence Publisher
  • 14.5.2 Attributes of Audit Reports in Oracle Business Intelligence Publisher
• 14.6 Customizing Audit Reports
  • 14.6.1 Using Advanced Filters on Pre-built Reports
  • 14.6.2 Creating Custom Reports

Part IV Single Sign-On Configuration

15 Introduction to Single Sign-On in Oracle Fusion Middleware

• 15.1 Choosing the Right SSO Solution for Your Deployment
• 15.2 Introduction: OAM Authentication Provider for WebLogic Server
  • 15.2.1 About Using the Identity Asserter Function with Oracle Access Manager
  • 15.2.2 About Using the Authenticator Function with Oracle Access Manager
  • 15.2.3 Choosing Applications for Oracle Access Manager SSO Scenarios and Solutions
    • 15.2.3.1 Applications Using Oracle Access Manager for the First TIme
    • 15.2.3.2 Applications Migrating from Oracle Application Server to Oracle WebLogic Server
    • 15.2.3.3 Applications Using OAM Security Provider for WebLogic SSPI
  • 15.2.4 Implementation: Using the Provider with OAM 11g versus OAM 10g
  • 15.2.5 Requirements for the Provider with Oracle Access Manager
• 15.3 Setting Up Debugging in the WebLogic Administration Console

16 Configuring Single Sign-On with Oracle Access Manager 11g

• 16.1 Introduction to Oracle Access Manager 11g SSO
  • 16.1.1 Previewing Pre-Seeded OAM 11g Policies for Use by the 10g AccessGate
• 16.2 Deploying the Oracle Access Manager 11g SSO Solution
  • 16.2.1 Installing the Authentication Provider with Oracle Access Manager 11g
  • 16.2.2 Converting Oracle Access Manager Certificates to Java Keystore Format
  • 16.2.3 Session Token: Provisioning an OAM Agent with Oracle Access Manager 11g
    • 16.2.3.1 About WebGate Provisioning Methods for Oracle Access Manager 11g
    • 16.2.3.2 Provisioning a WebGate with Oracle Access Manager 11g
  • 16.2.4 Configuring Identity Assertion for SSO with Oracle Access Manager 11g
    • 16.2.4.1 Establishing Trust with Oracle WebLogic Server
    • 16.2.4.2 Configuring Providers in the WebLogic Domain
    • 16.2.4.3 Trusted Header Assertion: Configuring Digital Signature Verification
    • 16.2.4.4 Trusted Header Assertion: Configuring Policies
    • 16.2.4.5 Testing Oracle Access Manager Identity Assertion for Single Sign-on
  • 16.2.5 Configuring the Authenticator Function for Oracle Access Manager 11g
    • 16.2.5.1 Configuring Providers for the Authenticator in a WebLogic Domain
    • 16.2.5.2 Configuring the Application Authentication Method for the Authenticator
    • 16.2.5.3 Mapping the Authenticated User to a Group in LDAP
    • 16.2.5.4 Testing the Oracle Access Manager Authenticator Implementation
  • 16.2.6 Configuring Identity Assertion for Oracle Web Services Manager and OAM 11g
    • 16.2.6.1 Configuring Providers in a WebLogic Domain for Oracle Web Services Manager
    • 16.2.6.2 Testing the Identity Asserter with Oracle Web Services Manager
• 16.3 Configuring Centralized Log Out for Oracle Access Manager 11g
  • 16.3.1 Logout for 11g WebGate and OAM 11g
  • 16.3.2 Logout for 10g WebGate with Oracle Access Manager 11g
• 16.4 Synchronizing the User and SSO Sessions: SSO Synchronization Filter
• 16.5 Troubleshooting Tips

17 Configuring Single Sign-On Using Oracle Access Manager 10g

• 17.1 Deploying SSO Solutions with Oracle Access Manager 10g
  • 17.1.1 Installing and Setting Up Authentication Providers for OAM 10g
    • 17.1.1.1 About Oracle Access Manager 10g Installation and Setup
    • 17.1.1.2 Installing Components and Files for Authentication Providers and OAM 10g
    • 17.1.1.3 Converting Oracle Access Manager Certificates to Java Keystore Format
    • 17.1.1.4 Creating Resource Types in Oracle Access Manager 10g
  • 17.1.2 Configuring Global Logout for Oracle Access Manager 10g and 10g WebGates
    • 17.1.2.1 Recommended Process for Configuring Logout
    • 17.1.2.2 Alternative Process for Configuring Logout
• 17.2 Oracle Access Manager Authentication Provider Parameter List
• 17.3 Introduction to OAMCfgTool
  • 17.3.1 OAMCfgTool Process Overview
  • 17.3.2 OAMCfgTool Parameters and Values
    • 17.3.2.1 Create Mode Parameters and Values
    • 17.3.2.2 Validate Mode Parameters and Values
    • 17.3.2.3 Delete Mode Parameters and Values
  • 17.3.3 Sample Policy Domain and AccessGate Profile Created with OAMCfgTool
  • 17.3.4 Known Issues: JAR Files and OAMCfgTool
• 17.4 Configuring OAM Identity Assertion for SSO with Oracle Access Manager 10g
  • 17.4.1 Establishing Trust with Oracle WebLogic Server
    • 17.4.1.1 Setting Up the Application Authentication Method for SSO
    • 17.4.1.2 Confirming mod_weblogic for Oracle Access Manager Identity Asserter
    • 17.4.1.3 Establishing Trust between Oracle WebLogic Server and Other Entities
  • 17.4.2 Configuring the Authentication Scheme for the Identity Asserter
    • 17.4.2.1 Creating an Authentication Scheme, Policy Domain, and a WebGate Profile
  • 17.4.3 Configuring Providers in the WebLogic Domain
    • 17.4.3.1 About Oracle WebLogic Server Authentication and Identity Assertion Providers
    • 17.4.3.2 About the Oracle WebLogic Scripting Tool (WLST)
    • 17.4.3.3 Setting Up Providers for Oracle Access Manager Identity Assertion
  • 17.4.4 Setting Up the Login Form for the Identity Asserter and OAM 10g
  • 17.4.5 Testing Identity Assertion for SSO with OAM 10g
• 17.5 Configuring the Authenticator for Oracle Access Manager 10g
  • 17.5.1 Creating an Authentication Scheme for the Authenticator
  • 17.5.2 Configuring a Policy Domain for the Oracle Access Manager Authenticator
    • 17.5.2.1 About Creating a Policy Domain
    • 17.5.2.2 Creating a Policy Domain and Access Policies for the Authenticator
  • 17.5.3 Configuring Providers for the Authenticator in a WebLogic Domain
  • 17.5.4 Configuring the Application Authentication Method for the Authenticator
  • 17.5.5 Mapping the Authenticated User to a Group in LDAP
  • 17.5.6 Testing the Oracle Access Manager Authenticator Implementation
• 17.6 Configuring Identity Assertion for Oracle Web Services Manager and OAM 10g
  • 17.6.1 Creating an Policy Domain for Use with Oracle Web Services Manager
  • 17.6.2 Configuring Providers in a WebLogic Domain for Oracle Web Services Manager
  • 17.6.3 Testing the Identity Asserter with Oracle Web Services Manager
• 17.7 Synchronizing the User and SSO Sessions: SSO Synchronization Filter
• 17.8 Troubleshooting Tips for OAM Provider Deployments
  • 17.8.1 About Using IPv6
  • 17.8.2 Apache Bridge Failure: Timed Out
  • 17.8.3 Authenticated User with Access Denied
  • 17.8.4 Browser Back Button Results in Error
  • 17.8.5 Cannot Reboot After Adding OAM and OID Authenticators
  • 17.8.6 Client in Cluster with Load-Balanced WebGates
  • 17.8.7 Error 401: Unable to Access the Application
  • 17.8.8 Error 403: Unable to Access the Application
  • 17.8.9 Error 404: Not Found ... Anything Matching the Request URI
  • 17.8.10 Error Issued with the Action URL in Form Login Page
  • 17.8.11 Error or Failure on Oracle WebLogic Server Startup
  • 17.8.12 JAAS Control Flag
  • 17.8.13 Login Form is Shown Repeatedly Upon Credential Submission: No Error
  • 17.8.14 Logout and Session Time Out Issues
  • 17.8.15 Not Found: The requested URL or Resource Was Not Found
  • 17.8.16 Oracle WebLogic Server Fails to Start
  • 17.8.17 Oracle ADF Integration and Cert Mode
  • 17.8.18 About Protected_JSessionId_Policy

18 Configuring Single Sign-On using OracleAS SSO 10g

• 18.1 Deploying the OracleAS 10g Single Sign-On (OSSO) Solution
  • 18.1.1 Using the OSSO Identity Asserter
    • 18.1.1.1 Oracle WebLogic Security Framework
    • 18.1.1.2 OSSO Identity Asserter Processing
    • 18.1.1.3 Consumption of Headers with OSSO Identity Asserter
  • 18.1.2 New Users of the OSSO Identity Asserter
    • 18.1.2.1 Configuring mod_weblogic
    • 18.1.2.2 Registering Oracle HTTP Server mod_osso with OSSO Server 10.1.4
    • 18.1.2.3 Configuring mod_osso to Protect Web Resources
    • 18.1.2.4 Adding Providers to a WebLogic Domain for OSSO
    • 18.1.2.5 Establishing Trust Between Oracle WebLogic Server and Other Entities
    • 18.1.2.6 Configuring the Application for the OSSO Identity Asserter
• 18.2 Synchronizing the User and SSO Sessions: SSO Synchronization Filter
• 18.3 Troubleshooting for an OSSO Identity Asserter Deployment
  • 18.3.1 SSO-Related Problems
  • 18.3.2 OSSO Identity Asserter-Related Problems
  • 18.3.3 URL Rewriting and JSESSIONID
  • 18.3.4 About mod_osso, OSSO Cookies, and Directives
    • 18.3.4.1 New OssoHTTPOnly Directive in mod_osso
    • 18.3.4.2 OssoSecureCookies Directive in mod_osso
    • 18.3.4.3 Mod_osso Does Not Encode the Return URL
    • 18.3.4.4 mod_osso: "Page Not found" error After Default Installation
  • 18.3.5 About Using IPv6

Part V Developing with Oracle Platform Security Services APIs

19 Integrating Application Security with OPSS

• 19.1 Introduction
• 19.2 Security Integration Use Cases
  • 19.2.1 Authentication
    • 19.2.1.1 Java EE Application Requiring Authenticated Users
    • 19.2.1.2 Java EE Application Requiring Programmatic Authentication
    • 19.2.1.3 Java SE Application Requiring Authentication
  • 19.2.2 Identities
    • 19.2.2.1 Application Running in Two Environments
    • 19.2.2.2 Application Accessing User Profiles in Multiple Stores
  • 19.2.3 Authorization
    • 19.2.3.1 Java EE Application Accessible by Specific Roles
    • 19.2.3.2 ADF Application Requiring Fine-Grained Authorization
    • 19.2.3.3 Web Application Securing Web Services
    • 19.2.3.4 Java EE Application Requiring Codebase Permissions
    • 19.2.3.5 Non-ADF Application Requiring Fine-Grained Authorization
  • 19.2.4 Credentials
    • 19.2.4.1 Application Requiring Credentials to Access System
  • 19.2.5 Audit
    • 19.2.5.1 Auditing Security-Related Activity
    • 19.2.5.2 Auditing Business-Related Activity
  • 19.2.6 Identity Propagation
    • 19.2.6.1 Propagating the Executing User Identity
    • 19.2.6.2 Propagating a User Identity
    • 19.2.6.3 Propagating Identities Across Domains
    • 19.2.6.4 Propagating Identities over HTTP
  • 19.2.7 Administration and Management
    • 19.2.7.1 Application Requiring a Central Store
    • 19.2.7.2 Application Requiring Custom Management Tool
    • 19.2.7.3 Application Running in a Multiple Server Environment
  • 19.2.8 Integration
    • 19.2.8.1 Application Running in Multiple Domains
• 19.3 Some Use Cases Details
  • 19.3.1 Propagating Identities over HTTP
    • 19.3.1.1 The OPSS Trust Service
    • 19.3.1.2 Propagating Identities over the HTTP Protocol
    • 19.3.1.3 Domains Using Both Protocols
  • 19.3.2 A Custom Graphical User Interface
    • 19.3.2.1 Imports Assumed
    • 19.3.2.2 Code Sample 1
    • 19.3.2.3 Code Sample 2
    • 19.3.2.4 Code Sample 3
    • 19.3.2.5 Code Sample 4
    • 19.3.2.6 Code Sample 5
    • 19.3.2.7 Code Sample 6
• 19.4 Appendix - Security Life Cycle of an ADF Application
  • 19.4.1 Development Phase
  • 19.4.2 Deployment Phase
  • 19.4.3 Management Phase
  • 19.4.4 Summary of Tasks per Participant per Phase
• 19.5 Appendix - Code and Configuration Examples
  • 19.5.1 Code Examples
  • 19.5.2 Configuration Examples
  • 19.5.3 Full Code Example of a Java EE Application with Integrated Security

20 The OPSS Policy Model

• 20.1 The Security Policy Model
• 20.2 Authorization Overview
  • 20.2.1 Introduction to Authorization
  • 20.2.2 The Java EE Authorization Model
    • 20.2.2.1 Declarative Authorization
    • 20.2.2.2 Programmatic Authorization
    • 20.2.2.3 Java EE Code Example
  • 20.2.3 The JAAS Authorization Model
• 20.3 The JAAS/OPSS Authorization Model
  • 20.3.1 The Resource Catalog
  • 20.3.2 Managing Policies
  • 20.3.3 Checking Policies
    • 20.3.3.1 Using the Method checkPermission
    • 20.3.3.2 Using the Methods doAs and doAsPrivileged
    • 20.3.3.3 Using the Method checkBulkAuthorization
    • 20.3.3.4 Using the Method getGrantedResources
  • 20.3.4 The Class ResourcePermission

21 Manually Configuring Java EE Applications to Use OPSS

• 21.1 Configuring the Servlet Filter and the EJB Interceptor
  • 21.1.1 Interceptor Configuration Syntax
  • 21.1.2 Summary of Filter and Interceptor Parameters
  • 21.1.3 Configuring the Application Stripe for Application MBeans
• 21.2 Choosing the Appropriate Class for Enterprise Groups and Users
• 21.3 Packaging a Java EE Application Manually
  • 21.3.1 Packaging Policies with Application
  • 21.3.2 Packaging Credentials with Application
• 21.4 Configuring Applications to Use OPSS
  • 21.4.1 Parameters Controlling Policy Migration
  • 21.4.2 Policy Parameter Configuration According to Behavior
    • 21.4.2.1 To Skip Migrating All Policies
    • 21.4.2.2 To Migrate All Policies with Merging
    • 21.4.2.3 To Migrate All Policies with Overwriting
    • 21.4.2.4 To Remove (or Prevent the Removal of) Application Policies
    • 21.4.2.5 To Migrate Policies in a Static Deployment
    • 21.4.2.6 Recommendations
  • 21.4.3 Using a Wallet-Based Credential Store
  • 21.4.4 Parameters Controlling Credential Migration
  • 21.4.5 Credential Parameter Configuration According to Behavior
    • 21.4.5.1 To Skip Migrating Credentials
    • 21.4.5.2 To Migrate Credentials with Merging
    • 21.4.5.3 To Migrate Credentials with Overwriting
  • 21.4.6 Supported Permission Classes
    • 21.4.6.1 Policy Store Permission
    • 21.4.6.2 Credential Store Permission
    • 21.4.6.3 Generic Permission
  • 21.4.7 Specifying Bootstrap Credentials Manually
  • 21.4.8 Migrating Identities with migrateSecurityStore
  • 21.4.9 Example of Configuration File jps-config.xml

22 Authentication for Java SE Applicaitons

• 22.1 Links to Authentication Topics for Java EE Applications
• 22.2 Authentication for Java SE Applications
  • 22.2.1 The Identity Store
  • 22.2.2 Configuring an LDAP Identity Store in Java SE Applications
  • 22.2.3 Supported Login Modules for Java SE Applications
    • 22.2.3.1 The Identity Store Login Module
    • 22.2.3.2 Using the Identity Store Login Module for Authentication
    • 22.2.3.3 Using the Identity Login Module for Assertion
  • 22.2.4 Using the OPSS API LoginService in Java SE Applications
• 22.3 Configuration Examples

23 Authorization for Java SE Applications

• 23.1 Configuring Policy and Credential Stores in Java SE Applications
  • 23.1.1 Configuring File-Based Policy and Credential Stores
  • 23.1.2 Configuring LDAP-Based Policy and Credential Stores
  • 23.1.3 Configuring DB-Based OPSS Security Stores
• 23.2 Unsupported Methods for File-Based Policy Stores

24 Developing with the Credential Store Framework

• 24.1 About the Credential Store Framework API
• 24.2 Overview of Application Development with CSF
• 24.3 Setting the Java Security Policy Permissions
  • 24.3.1 Guidelines for Granting Permissions
  • 24.3.2 Permissions Grant Example 1
  • 24.3.3 Permissions Grant Example 2
• 24.4 Guidelines for the Map Name
• 24.5 Configuring the Credential Store
• 24.6 Steps for Using the API
  • 24.6.1 Using the CSF API in a Standalone Environment
  • 24.6.2 Using the CSF API in Oracle WebLogic Server
• 24.7 Examples
  • 24.7.1 Code for CSF Operations
  • 24.7.2 Example 1: Java SE Application with Wallet Store
  • 24.7.3 Example 2: Java EE Application with Wallet Store
  • 24.7.4 Example 3: Java EE Application with LDAP Store
• 24.8 Best Practices

25 Developing with the User and Role API

• 25.1 Introduction to the User and Role API Framework
  • 25.1.1 User and Role API and the Oracle WebLogic Server Authenticators
• 25.2 Summary of Roles and Classes
• 25.3 Working with Service Providers
  • 25.3.1 Understanding Service Providers
  • 25.3.2 Setting Up the Environment
  • 25.3.3 Selecting the Provider
  • 25.3.4 Creating the Provider Instance
  • 25.3.5 Properties for Provider Configuration
    • 25.3.5.1 Start-time and Run-time Configuration
    • 25.3.5.2 ECID Propagation
    • 25.3.5.3 When to Pass Configuration Values
  • 25.3.6 Configuring the Provider when Creating a Factory Instance
    • 25.3.6.1 Oracle Internet Directory Provider
    • 25.3.6.2 Using Existing Logger Objects
    • 25.3.6.3 Supplying Constant Values
    • 25.3.6.4 Configuring Connection Parameters
    • 25.3.6.5 Configuring a Custom Connection Pool Class
  • 25.3.7 Configuring the Provider when Creating a Store Instance
  • 25.3.8 Runtime Configuration
  • 25.3.9 Programming Considerations
    • 25.3.9.1 Provider Portability Considerations
    • 25.3.9.2 Considerations when Using IdentityStore Objects
  • 25.3.10 Provider Life cycle
• 25.4 Searching the Repository
  • 25.4.1 Searching for a Specific Identity
  • 25.4.2 Searching for Multiple Identities
  • 25.4.3 Specifying Search Parameters
  • 25.4.4 Using Search Filters
    • 25.4.4.1 Operators in Search Filters
    • 25.4.4.2 Handling Special Characters when Using Search Filters
    • 25.4.4.3 Search Filter for Logged-In User
    • 25.4.4.4 Examples of Using Search Filters
  • 25.4.5 Searching by GUID
• 25.5 User Authentication
• 25.6 Creating and Modifying Entries in the Identity Store
  • 25.6.1 Handling Special Characters when Creating Identities
  • 25.6.2 Creating an Identity
  • 25.6.3 Modifying an Identity
  • 25.6.4 Deleting an Identity
• 25.7 Examples of User and Role API Usage
  • 25.7.1 Example 1: Searching for Users
  • 25.7.2 Example 2: User Management in an Oracle Internet Directory Store
  • 25.7.3 Example 3: User Management in a Microsoft Active Directory Store
• 25.8 SSL Configuration for LDAP-based User and Role API Providers
  • 25.8.1 Out-of-the-box Support for SSL
    • 25.8.1.1 System Properties
    • 25.8.1.2 SSL configuration
  • 25.8.2 Customizing SSL Support for the User and Role API
    • 25.8.2.1 SSL configuration
• 25.9 The User and Role API Reference
• 25.10 Developing Custom User and Role Providers
  • 25.10.1 SPI Overview
  • 25.10.2 Types of User and Role Providers
  • 25.10.3 Developing a Read-Only Provider
    • 25.10.3.1 SPI Classes Requiring Extension
    • 25.10.3.2 oracle.security.idm.spi.AbstractIdentityStoreFactory
    • 25.10.3.3 oracle.security.idm.spi.AbstractIdentityStore
    • 25.10.3.4 oracle.security.idm.spi.AbstractRoleManager
    • 25.10.3.5 oracle.security.idm.spi.AbstractUserManager
    • 25.10.3.6 oracle.security.idm.spi.AbstractRoleProfile
    • 25.10.3.7 oracle.security.idm.spi.AbstractUserProfile
    • 25.10.3.8 oracle.security.idm.spi.AbstractSimpleSearchFilter
    • 25.10.3.9 oracle.security.idm.spi.AbstractComplexSearchFilter
    • 25.10.3.10 oracle.security.idm.spi.AbstractSearchResponse
  • 25.10.4 Developing a Full-Featured Provider
  • 25.10.5 Development Guidelines
  • 25.10.6 Testing and Verification
  • 25.10.7 Example: Implementing an Identity Provider
    • 25.10.7.1 About the Sample Provider
    • 25.10.7.2 Overview of Implementation
    • 25.10.7.3 Configure jps-config.xml to use the Sample Identity Provider
    • 25.10.7.4 Configure Oracle WebLogic Server
• The User and Role SPI Reference
  • oracle.security.idm.spi.AbstractUserProfile
  • oracle.security.idm.spi.AbstractUserManager
  • oracle.security.idm.spi.AbstractUser
  • oracle.security.idm.spi.AbstractSubjectParser
  • oracle.security.idm.spi.AbstractStoreConfiguration
  • oracle.security.idm.spi. AbstractSimpleSearchFilter
  • oracle.security.idm.spi.AbstractSearchResponse
  • oracle.security.idm.spi.AbstractRoleProfile
  • oracle.security.idm.spi.AbstractRoleManager
  • oracle.security.idm.spi.AbstractRole
  • oracle.security.idm.spi.AbstractIdentityStoreFactory
  • oracle.security.idm.spi.AbstractIdentityStore
  • oracle.security.idm.spi.AbstractComplexSearchFilter

26 Developing with the Identity Directory API

• 26.1 About the Identity Directory API
  • 26.1.1 Feature Overview
• 26.2 Summary of Classes
• 26.3 Identity Directory Configuration
• 26.4 Working with the Identity Directory API
  • 26.4.1 Getting an Identity Directory API Instance
  • 26.4.2 Performing CRUD Operations on Users and Groups
    • 26.4.2.1 User Operations
    • 26.4.2.2 Group Operations
• 26.5 Examples of Identity Directory API
  • 26.5.1 Initialize and Obtain Identity Directory Handle
  • 26.5.2 Create a User
  • 26.5.3 Get a User
  • 26.5.4 Modify a User
  • 26.5.5 Simple Search for a User
  • 26.5.6 Complex Search for Users
  • 26.5.7 Create a Group
  • 26.5.8 Get a Group
  • 26.5.9 Get Group Using a Search Filter
  • 26.5.10 Delete a Group
  • 26.5.11 Add a Member to a Group
  • 26.5.12 Delete a Member from a Group
• 26.6 SSL Configuration

27 Developing with the Keystore Service

• 27.1 About the Keystore Service API
• 27.2 Overview of Application Development with the Keystore Service
• 27.3 Setting the Java Security Policy Permission
  • 27.3.1 Guidelines for Granting Permissions
  • 27.3.2 Permissions Grant Example 1
  • 27.3.3 Permissions Grant Example 2
  • 27.3.4 Permissions Grant Example 3
• 27.4 Configuring the Keystore Service
• 27.5 Steps for Using the Keystore Service API
  • 27.5.1 Using the Keystore Service API in a Standalone Environment
  • 27.5.2 Using the Keystore Service API in Oracle WebLogic Server
• 27.6 Example of Keystore Service API Usage
  • 27.6.1 Java Program for Keystore Service Operations
  • 27.6.2 Policy Store Setup
  • 27.6.3 Configuration File
  • 27.6.4 About Using the Keystore Service in the Java SE Environment
• 27.7 Best Practices

28 Developing with the Audit Service

• 28.1 Application Integration with Audit Flow
• 28.2 Audit Metadata Model
  • 28.2.1 Attribute Groups
    • 28.2.1.1 Audit Attribute Data Types
    • 28.2.1.2 Common Attribute Groups
    • 28.2.1.3 Generic Attribute Groups
    • 28.2.1.4 Custom Attribute Groups
  • 28.2.2 Event Categories and Events
    • 28.2.2.1 System Categories and Events
    • 28.2.2.2 Component/Application Categories
• 28.3 The Audit Metadata Store
• 28.4 Integrating the Application with the Audit Framework
• 28.5 Create Audit Definition Files
  • 28.5.1 Understand Mapping and Versioning Rules
    • 28.5.1.1 Version Numbers
    • 28.5.1.2 Custom Attribute to Database Column Mappings
• 28.6 Register Application with the Registration Service
• 28.7 Add Application Code to Log Audit Events
  • 28.7.1 Audit Client API
  • 28.7.2 Set System Grants
  • 28.7.3 Obtain Auditor Instance
• 28.8 Integrate with Oracle Business Intelligence Publisher
• 28.9 Update and Maintain Audit Definitions

Part VI Appendices

A OPSS Configuration File Reference

• A.1 Top- and Second-Level Element Hierarchy
• A.2 Lower-Level Elements
• <description>
• <extendedProperty>
• <extendedPropertySet>
• <extendedPropertySetRef>
• <extendedPropertySets>
• <jpsConfig>
• <jpsContext>
• <jpsContexts>
• <name>
• <property>
• <propertySet>
• <propertySetRef>
• <propertySets>
• <serviceInstance>
• <serviceInstanceRef>
• <serviceInstances>
• <serviceProvider>
• <serviceProviders>
• <value>
• <values>

B File-Based Identity and Policy Store Reference

• B.1 Hierarchy of Elements in system-jazn-data.xml
• B.2 Elements and Attributes of system-jazn-data.xml
• <actions>
• <actions-delimiter>
• <app-role>
• <app-roles>
• <application>
• <applications>
• <attribute>
• <class>
• <codesource>
• <credentials>
• <description>
• <display-name>
• <extended-attributes>
• <grant>
• <grantee>
• <guid>
• <jazn-data>
• <jazn-policy>
• <jazn-realm>
• <matcher-class>
• <member>
• <member-resource>
• <member-resources>
• <members>
• <name>
• <owner>
• <owners>
• <permission>
• <permissions>
• <permission-set>
• <permission-sets>
• <policy-store>
• <principal>
• <principals>
• <provider-name>
• <realm>
• <resource>
• <resources>
• <resource-name>
• <resource-type>
• <resource-types>
• <role>
• <role-categories>
• <role-category>
• <role-name-ref>
• <roles>
• <type>
• <type-name-ref>
• <uniquename>
• <url>
• <user>
• <users>
• <value>
• <values>

C Oracle Fusion Middleware Audit Framework Reference

• C.1 Audit Events
  • C.1.1 What Components Can be Audited?
  • C.1.2 What Events can be Audited?
    • C.1.2.1 Oracle Directory Integration Platform Events and their Attributes
    • C.1.2.2 Oracle Platform Security Services Events and their Attributes
    • C.1.2.3 Oracle HTTP Server Events and their Attributes
    • C.1.2.4 Oracle Internet Directory Events and their Attributes
    • C.1.2.5 Oracle Identity Federation Events and their Attributes
    • C.1.2.6 Oracle Virtual Directory Events and their Attributes
    • C.1.2.7 OWSM-Agent Events and their Attributes
    • C.1.2.8 OWSM-PM-EJB Events and their Attributes
    • C.1.2.9 Reports Server Events and their Attributes
    • C.1.2.10 WS-Policy Attachment Events and their Attributes
    • C.1.2.11 Oracle Web Cache Events and their Attributes
    • C.1.2.12 Oracle Web Services Manager Events and their Attributes
  • C.1.3 Event Attribute Descriptions
• C.2 Pre-built Audit Reports
  • C.2.1 Common Audit Reports
  • C.2.2 Component-Specific Audit Reports
• C.3 The Audit Schema
• C.4 WLST Commands for Auditing
  • C.4.1 getNonJava EEAuditMBeanName
    • C.4.1.1 Description
    • C.4.1.2 Syntax
    • C.4.1.3 Example
  • C.4.2 getAuditPolicy
    • C.4.2.1 Description
    • C.4.2.2 Syntax
    • C.4.2.3 Example
  • C.4.3 setAuditPolicy
    • C.4.3.1 Description
    • C.4.3.2 Syntax
    • C.4.3.3 Example
  • C.4.4 getAuditRepository
    • C.4.4.1 Description
    • C.4.4.2 Syntax
    • C.4.4.3 Example
  • C.4.5 setAuditRepository
    • C.4.5.1 Description
    • C.4.5.2 Syntax
    • C.4.5.3 Example
  • C.4.6 listAuditEvents
    • C.4.6.1 Description
    • C.4.6.2 Syntax
    • C.4.6.3 Example
  • C.4.7 exportAuditConfig
    • C.4.7.1 Description
    • C.4.7.2 Syntax
    • C.4.7.3 Example
  • C.4.8 importAuditConfig
    • C.4.8.1 Description
    • C.4.8.2 Syntax
    • C.4.8.3 Example
• C.5 Audit Filter Expression Syntax
• C.6 Naming and Logging Format of Audit Files

D User and Role API Reference

• D.1 Mapping User Attributes to LDAP Directories
• D.2 Mapping Role Attributes to LDAP Directories
• D.3 Default Configuration Parameters
• D.4 Secure Connections for Microsoft Active Directory

E Administration with WLST Scripting and MBean Programming

• E.1 Configuring OPSS Service Provider Instances with a WLST Script
• E.2 Configuring OPSS Services with MBeans
  • E.2.1 List of Supported OPSS MBeans
  • E.2.2 Invoking an OPSS MBean
  • E.2.3 Programming with OPSS MBeans
• E.3 Access Restrictions
  • E.3.1 Annotation Examples
  • E.3.2 Mapping of Logical Roles to WebLogic Roles
  • E.3.3 Particular Access Restrictions

F OPSS System and Configuration Properties

• F.1 OPSS System Properties
• F.2 OPSS Configuration Properties
  • F.2.1 Policy Store Properties
    • F.2.1.1 Policy Store Configuration
    • F.2.1.2 Runtime Policy Store Configuration
  • F.2.2 Credential Store Properties
  • F.2.3 LDAP Identity Store Properties
  • F.2.4 Properties Common to All LDAP-Based Instances
  • F.2.5 Anonymous and Authenticated Roles Properties
  • F.2.6 Trust Service Properties
  • F.2.7 Audit Service Properties
  • F.2.8 Keystore Service Properties

G Upgrading Security Data

• G.1 Upgrading with upgradeSecurityStore
  • G.1.1 Examples of Use
    • G.1.1.1 Example 1 - Upgrading Identities
    • G.1.1.2 Example 2 - Upgrading to File-Based Policies
    • G.1.1.3 Example 3 - Upgrading to Oracle Internet Directory LDAP-Based Policies
    • G.1.1.4 Example 4 - Upgrading File-Based Policies to Use the Resource Catalog
• G.2 Upgrading Policies with upgradeOpss
  • G.2.1 Command Syntax

H References

• H.1 OPSS API References

I OPSS Scripts

• I.1 Policy-Related Scripts
• I.2 Credential-Related Scripts
• I.3 Other Security Scripts
• I.4 Audit Scripts

J Using an OpenLDAP Identity Store

• J.1 Using an OpenLDAP Identity Store

K Adapter Configuration for Identity Virtualization

• K.1 About Split Profiles
• K.2 Configuring a Split Profile
• K.3 Deleting a Join Rule
• K.4 Deleting a Join Adapter
• K.5 Changing Adapter Visibility

L Troubleshooting Security in Oracle Fusion Middleware

• L.1 Diagnosing Security Errors
  • L.1.1 Log Files and OPSS Loggers
    • L.1.1.1 Diagnostic Log Files
    • L.1.1.2 Generic Log Files
    • L.1.1.3 Authorization Loggers
    • L.1.1.4 Offline OPSS Scripts Loggers
    • L.1.1.5 Other OPSS Loggers
    • L.1.1.6 Audit Loggers
    • L.1.1.7 Managing Loggers with Fusion Middleware Control
  • L.1.2 System Properties
    • L.1.2.1 jps.auth.debug
    • L.1.2.2 jps.auth.debug.verbose
    • L.1.2.3 Debugging the Authorization Process
  • L.1.3 Solving Security Errors
    • L.1.3.1 Understanding Sample Log Entries
    • L.1.3.2 Searching Logs with Fusion Middleware Control
    • L.1.3.3 Identifying a Message Context with Fusion Middleware Control
    • L.1.3.4 Generating Error Listing Files with Fusion Middleware Control
• L.2 Reassociation Failure
  • L.2.1 Missing Policies in Reassociated Policy Store
  • L.2.2 Unsupported Schema
• L.3 Server Fails to Start
  • L.3.1 Missing Required LDAP Authenticator
  • L.3.2 Missing Administrator Account
  • L.3.3 Missing Permission
  • L.3.4 Server with NFS-Mounted Domain Directory Fails to Start
  • L.3.5 Other Causes
• L.4 Failure to Grant or Revoke Permissions - Case Mismatch
• L.5 Failure to Connect to an LDAP Server
• L.6 Failure to Connect to the Embedded LDAP Authenticator
• L.7 User and Role API Failure
• L.8 Failure to Access Data in the Credential Store
• L.9 Failure to Establish an Anonymous SSL Connection
• L.10 Authorization Check Failure
• L.11 User Gets Unexpected Permissions
• L.12 Security Access Control Exception
• L.13 Runtime Permission Check Failure
• L.14 Permission Failure Before Server Starts
• L.15 Policy Migration Failure
• L.16 Characters in Policies
  • L.16.1 Use of Special Characters in Oracle Internet Directory 10.1.4.3
  • L.16.2 XML Policy Store that Contains Certain Characters
  • L.16.3 Characters in Application Role Names
  • L.16.4 Missing Newline Characters in XML Policy Store
• L.17 Granting Permissions in Java SE Applications
• L.18 Troubleshooting Oracle Business Intelligence Reporting
  • L.18.1 Audit Templates for Oracle Business Intelligence Publisher
  • L.18.2 Oracle Business Intelligence Publisher Time Zone
• L.19 Search Failure when Matching Attribute in Policy Store
• L.20 Search Failure with an Unknown Host Exception
• L.21 Incompatible Versions of Binaries and Policy Store
• L.22 Incompatible Versions of Policy Stores
• L.23 Need Further Help?

Index