1/16
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle Access Manager?
What's New in 11g Release 1 (11.1.1.5.0)
What's New in 11g Release 1 (11.1.1)
1
About Oracle Identity Management Components
1.1
About Oracle Access Manager Integrations
1.2
A Note About IDMDomain Agents and Webgates
1.3
Components Described in This Document
1.3.1
Oracle Identity Navigator
1.3.2
Oracle Identity Federation
1.3.3
Oracle Identity Manager
1.3.4
Oracle Adaptive Access Manager
1.4
System Requirements and Certification
2
Introduction to Oracle Access Manager Integrations
2.1
Perspectives on Identity Management Integration
2.1.1
Access Management Perspective
2.1.2
Oracle Identity Manager Perspective
2.1.3
Additional Perspectives
2.2
Summary of Integrations
2.3
Enabling Identity Administration with Oracle Identity Manager
2.4
Enabling Single Sign-On for Oracle Identity Manager
2.4.1
Prerequisites
2.4.2
Configuration
2.5
Integrating with Oracle Adaptive Access Manager for Native Authentication
2.6
Enabling Single Sign-On for Oracle Identity Navigator
2.7
Integrating Oracle Access Manager with Oracle Identity Federation
2.8
Integrating Oracle Identity Manager, Oracle Access Manager, and Oracle Adaptive Access Manager
2.8.1
Introduction and Benefits
2.8.1.1
How Oracle Access Manager Leverages Oracle Identity Manager and Oracle Adaptive Access Manager
2.8.1.2
Benefits of the Integration
2.8.1.3
Dependency of Components in the Integration
2.8.2
Deployment Options for Strong Authentication
2.8.2.1
About Native and Advanced Integration
2.8.2.2
Component Interactions
2.8.3
Deployment Options for Password Management
2.8.3.1
Oracle Access Manager Integrated with Oracle Identity Manager
2.8.3.2
Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Manager Integrated
2.8.4
Password Management Scenarios
2.8.4.1
Self-Registration
2.8.4.2
Password Change
2.8.4.3
Forgot Password
2.8.4.4
Account Lock and Unlock
2.8.4.5
Challenge Setup
2.8.4.6
Challenge Reset
3
Integrating with Oracle Identity Navigator
3.1
Enabling Single Sign-On
3.1.1
Configure a New Resource for the Agent
3.1.2
Configure Oracle HTTP Server for the Oracle Access Manager Domain
3.1.3
Add New Identity Providers
4
Integrating Oracle Identity Federation
4.1
Background and Integration Overview
4.1.1
About Integration with Oracle Identity Federation
4.1.2
Overview of Integration Tasks
4.1.3
Prerequisites
4.1.4
Additional Setup
4.2
Register Oracle HTTP Server with Oracle Access Manager
4.2.1
Register Oracle HTTP Server and mod_osso with Oracle Access Manager
4.2.2
Register Oracle HTTP Server and WebGate with Oracle Access Manager
4.3
Integrate Oracle Identity Federation in SP Mode
4.3.1
Configure Oracle Identity Federation Providers
4.3.1.1
Generate Provider Metadata
4.3.1.2
Register the Providers
4.3.1.3
Configure Data Store
4.3.1.4
Configure the Authentication Engine
4.3.1.5
Set the Default Identity Provider
4.3.1.6
Configure Oracle Identity Federation in SP Mode
4.3.2
Delegate Authentication to Oracle Identity Federation
4.4
Integrate Oracle Identity Federation (Authentication Mode)
4.4.1
Generate Provider Metadata
4.4.2
Register the Providers
4.4.3
Configure the Data Store
4.4.4
Configure Authentication Engines
4.4.4.1
Oracle Single Sign-ON (OSSO) Agent
4.4.4.2
WebGate 11g Agent
4.5
Test the Configuration
4.5.1
Test SP Mode Configuration
4.5.2
Test Authentication Mode Configuration
5
Integrating Oracle Access Manager and Oracle Identity Manager
5.1
About the Integration
5.2
Prerequisites
5.3
Perform Integration Tasks in Oracle Access Manager
5.4
Perform Integration Tasks in Oracle Identity Manager
5.5
Test the Integration
5.6
Additional Configuration
5.6.1
Migrating from the Domain Agent to 10gWebGate with OHS 11g
5.6.1.1
Update WebGate Type and ID
5.6.1.2
Set the WebGate Preferred Host
5.6.1.3
Create the Oracle Identity Manager SSO Keystore
5.6.2
Loading the Nexaweb Applet in an Integrated Environment
6
Integrating Oracle Access Manager and Oracle Adaptive Access Manager
6.1
About Basic and Advanced Integration Modes
6.2
Oracle Access Manager-Oracle Adaptive Access Manager Basic Integration
6.2.1
Processing Flow for Native Integration
6.2.2
Prerequisites
6.2.3
Native Integration Steps
6.3
Oracle Access Manager-Oracle Adaptive Access Manager Advanced Integration
6.3.1
Processing Flow for Advanced Integration
6.3.2
Implementing Advanced Integration
6.3.3
Prerequisites
6.3.4
Oracle Access Manager and Oracle Adaptive Access Manager Integration Steps
6.3.4.1
Setting Oracle Adaptive Access Manager Properties for Oracle Access Manager
6.3.4.2
Settingthe Oracle Access Manager Credentials in Credential Store Framework
6.3.4.3
Configuring the Oracle Access Manager Policy Authentication Scheme
6.4
Configuration and Troubleshooting
6.4.1
Using ConfigureOAAM WLST to Create the Datasource
6.4.2
How to Implement Case-Insensitive Logins
6.4.3
Using Non-ASCII Credentials
6.4.4
Testing Before Setting Up the Integration
6.4.5
OAM and OAAM Integration and Changes in the Console
6.4.6
OAM and OAAM Integration and Internet Explorer Version 7
6.4.7
OTP Challenge is Not Supported in OAAMBasic Integration
6.4.8
OAAMAdvanced Authentication Scheme Protected Resource Is Not Accessible in OAM 11.1.1.4.0 - OAAM 11.1.1.5.0 Integration
6.4.9
No Synchronization Between Database and LDAP
7
Integrating Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Manager
7.1
Introduction
7.2
Process Flow
7.3
Prerequisites for the Integration
7.4
Overview of Integration Tasks
7.5
Install Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Manager
7.6
Perform Post-Configuration for Oracle Access Manager and Oracle Adaptive Access Manager
7.6.1
Restart the Servers
7.6.2
Create Users and Import Snapshot for Oracle Adaptive Access Manager
7.6.2.1
Create Oracle Adaptive Access Manager Users
7.6.2.2
Import Oracle Adaptive Access Manager Snapshot
7.6.3
Set Up Validation for Oracle Access Manager and Oracle Adaptive Access Manager
7.6.3.1
Validate the Oracle Access Manager Setup
7.6.3.2
Validate Oracle Adaptive Access Manager Setup
7.7
Register the 11
g
WebGate
7.7.1
Pre-requisites for WebGate Registration
7.7.2
Configure the 11
g
WebGate
7.7.3
Register the 11
g
WebGate as a Partner
7.7.4
Restart the OHS WebGate
7.7.5
Validate the WebGate Setup
7.8
Integrate Oracle Access Manager and Oracle Identity Manager
7.9
Enable LDAP Synchronization for Oracle Identity Manager
7.10
Integrate Oracle Access Manager and Oracle Adaptive Access Manager
7.10.1
Configure Oracle Access Manager for Oracle Access Manager and Oracle Adaptive Access Manager Integration
7.10.1.1
Register the OAAM Server as a Partner Application
7.10.1.2
Update the IAMSuite Agent
7.10.1.3
Configure for Domain Agent
7.10.2
Validate Oracle Access Manager Configuration
7.10.3
Configure Oracle Adaptive Access Manager for Oracle Access Manager and Oracle Adaptive Access Manager Integration
7.10.4
Protect a Resource with Oracle Adaptive Access Manager in Oracle Access Manager
7.10.5
Validate the Oracle Access Manager and Oracle Adaptive Access Manager Integration
7.11
Integrate Oracle Identity Manager and Oracle Adaptive Access Manager
7.11.1
Set Oracle Adaptive Access Manager Properties for Oracle Identity Manager
7.11.2
Set Oracle Identity Manager Credentials in Credential Store Framework
7.12
Configure Oracle Identity Manager Properties for the Integration
7.13
Configure TAP Scheme to Access Applications in the IAMSuite Agent Application Domain
7.14
Troubleshooting Tips
7.14.1
Policies and Challenge Questions
7.14.2
Cookie Domain Definition
7.14.3
In the OAM and OAAM Integration TAP Could Not Modify User Attribute
7.14.4
TAP: setupOAMTapIntegration Script Does Not Provide Exit Status Message
8
Integrating Oracle Access Manager 10
g
and Oracle Adaptive Access Manager 11
g
8.1
Prerequisites
8.2
Integration Overview
8.3
Configure OAM AccessGate for OAAM Web Server
8.4
Configure OAM Authentication Scheme
8.5
Configure Oracle Access Manager Connection (Optional)
8.6
Set Up WebGate for OAAM Web Server
8.7
Configure OAM Domain to Use OAAM Authentication
8.8
Configure OHS
8.9
Configure Oracle Adaptive Access Manager Properties
8.9.1
Set Oracle Adaptive Access Manager Properties for Oracle Access Manager
8.9.2
Set Oracle Access Manager Credentials in Credential Store Framework
8.10
Turn Off IP Validation
8.11
Testing Oracle Adaptive Access Manager and Oracle Access Manager Integration
9
Configuring Oracle Access Manager to use Windows Native Authentication
9.1
Before You Begin
9.2
About Oracle Access Manager with Windows Native Authentication
9.3
Performing Prerequisite Tasks
9.3.1
Edit the krb5.conf File
9.3.2
Create the Service Principal Name (SPN)
9.3.3
Obtain the Kerberos Ticket
9.4
Configuring Oracle Access Manager for WNA
9.4.1
Set Up the Kerberos Authentication Module in Oracle Access Manager
9.4.2
Set the Oracle Access Manager Authentication Scheme for Windows Native Authentication
9.4.3
Register Microsoft Active Directory as a User-Identity Data Store
9.4.4
Verify the Oracle Access Manager Configuration File
9.5
Enabling the Browser to Return Kerberos Tokens
9.6
Validating WNA with Oracle Access Manager-Protected Resources
9.7
Troubleshooting WNA Configuration
Index
Scripting on this page enhances content navigation, but does not change the content in any way.