Index
A B C D E F G H I J K L M N O P R S T U W X
A
- account linking, 1.1.3
- administration
-
- common tasks, 4.2
- affiliations, 1.2.5
-
- runtime behavior, 6.2
- architecture
-
- typical deployment, 2.6.2
- architecture considerations, 2.6.1
- assertion mapping
-
- examples, 6.16.3
- assertion validity, 5.3
- Association, 1.1.3
- Association Session Types, 5.4.4
- Attribute Exchange, 5.4.4
- Attribute Exchange (AX), 2.2.2.6
- attribute mapping
-
- static, 5.9.1.1.1
- Attribute Mapping and Filtering, 5.9.1
- Attribute Name Mapping, 5.9.1.1
- attribute query, 4.2.8
- attribute request, 4.2.8
- Attribute Request Message, 5.8.2
- Attribute Requeste, 5.8
- Attribute Requester
-
- service interface, 5.8.1
- Attribute Response Message, 5.8.3
- Attribute Sharing, 5.6
-
- components, 5.6.1
- Web Services Interface, 5.8
- Attribute Value Filtering, 5.9.1.3
-
- configuring, 5.9.2.3
- Attribute Value Mapping, 5.9.1.2
-
- configuring, 5.9.2.2
- Auditing, 7.4
- Authentication Engines, 5.15
-
- Custom, 5.15.10
- Database Security, 5.15.5
- Database Table, 5.15.6
- Federated SSO Proxy, 5.15.8
- HTTP Header, 5.15.1
- Infocard, 5.15.7
- JAAS, 5.15.9
- LDAP Directory, 5.15.4
- Oracle Access Manager, 5.15.3
- Oracle Single Sign-On, 5.15.2
- authentication engines, 10.2.1
-
- and authentication flows, 2.3
- authentication mechanism
-
- default, 5.14.1.1
- Authentication Mechanisms, 5.14
-
- Local, 5.14.2
- SAML 1.x, 5.14.4
- SAML 2.0, 5.14.3
- WS-Federation 1.1, 5.14.5
- authentication modes, 2.3.1
B
- bilateral authentication, 2.2.2.3
- bindings
-
- HTTP Artifact, 1.2.4.2
- HTTP POST, 1.2.4.1
- HTTP redirect, 1.2.4.4
- Business Processing Plug-in, 11
-
- example, 11.5
- implementing, 11.1.2
- Bypassing User Mapping, 6.19
C
- certificate path validation, 6.22
- certificate repository, 2.1.3.3
- certificate validation, 2.1.3.3
- certificates
-
- and trust, 4.1.1.2
- certification matrix, 1.2.8
- Claimed Identifier, 1.1.3
- common domain parameters, 5.3
- Configuration Settings
-
- and metadata, 5.1.1
- Configuration Settings and Provider Metadata, 5.1.1
- Configuring Audience Restrictions, 6.21
- Configuring Service Providers, 5.5
- Cookie Lifetime, 5.3
- Creating a custom authentication engine, 10.3
- creating a custom SP Integration Engine, 10.4
- Credentials, 4.5
- cross-domain trust, 4.1.1.2
- Cryptographic Provider, 1.2.6
- custom IAM, 10.1
D
- data store, 2.4
-
- configuration, 2.4.4, 5.13.4
- federation, 2.4.1, 5.13.2
- session and message, 2.4.3, 5.13.3
- user, 2.4.2, 5.1.2, 5.13.1
- data stores
-
- managing, 5.13
- deployment
-
- architecture, 2.1
- installation requirements, 2.4.4
- planning, 4.1.1.3
- profiles and bindings, 2.2
- protocols, 2.1.4
- proxy server, 2.1.2
- scenarios, 3.2
- security, 2.1.3
- server roles, 2.1.1
- sizing, 2.6
- topology, 2.1.1, 2.6.4
- with Oracle HTTP Server, 3.2.1
- with Oracle Single Sign-On, 3.2.2
- deployment planning, 4.1.1.2
- deprovisioning, 5.1.2
- destination domain, 1.1.3
- Discovery, 1.1.3
- DN pattern to attribute responder
-
- case-sensitivity, 5.5.1
- domain, 1.1.3
E
- error types, 6.13.3
- Exchange User Identities, 4.1.1.2
F
- features, new
-
- release 11g (11.1.1), Preface
- federated identity management, 1.1.1
-
- event flow, 1.2.7
- Federated SSO Proxy
-
- authentication engines, 5.15.8
- federation
-
- account linking, 1.1.3
- benefits, 1.1.1
- concepts, 1.1.3
- evolution of standards, 1.1.4.2
- use cases, 1.1.2
- federation data store, 2.4.1, 5.13.2.1, 6.14
- federation profiles, 1.2.4
-
- artifact, 1.2.4.2
- federation termination, 1.2.4.8
- global logout, 1.2.4.9
- name identifier, 1.2.4.5
- federation protocols, 1.1.4
- federation record
-
- structure, 5.1.2
- uniqueness, 5.1.2
- federation termination
-
- profiles, 1.2.4.8
- Force SSL, 5.2.1, 5.2.1
- forcing reauthentication
-
- not supported with Oracle Single Sign-On, 3.2.2
G
- Global Logout
-
- On-Demand, 6.8.3
H
- high availability, 2.6.1.6
- Host Connection Properties, 5.2.1
- HTTP Basic Authentication, 2.3.6
- HTTP Header Attributes, 5.15.1
- HTTPS mode, 5.2.1, 5.2.1
I
- ICAM
-
- OpenID, 2.2.2.6
- Identities
-
- Federations, 4.4.2
- search options, 4.4.4
- Users, 4.4.3
- Identity Federation Engine, 10.2.1
- identity management
-
- challenges, 1.1.1
- federated, 1.1.1
- Identity Provider
-
- sending attributes in SSO Assertions, 5.7
- identity provider, 1.1.3
- Identity Providers - Common Properties, 5.3
- Identity Providers - Protocol-Specific Properties, 5.4
- IdP Properties
-
- OpenID, 5.4.4
- SAML 1.x, 5.4.2
- SAML 2.0, 5.4.1
- WS-Federation, 5.4.3
- implementation checklist, 2.7
J
- JAAS
-
- authentication engines, 5.15.9
- JCE Policy Files, 8.3
K
- keystore, 4.1.1.2
-
- password, 8.2.1
L
- LD_ASSUME_KERNEL, C.1.4.3
- LDAP Directory
-
- authentication engines, 5.15.4
- log files, 4.1.3
- Logging, 7.3
- login table
-
- for RDBMS authentication engine, 5.15.6.1
- logout, 4.2.5
M
- mapping
-
- authentication mechanisms to authentication engines, 5.14.1.2
- methods to authentication mechanisms, 5.14.1.2
- Mapping and Filtering
-
- configuration, 5.9.2
- MBeans
-
- configuration data, A
- Data-store Configuration, A.3
- Provider-specific Configuration, A.2
- Server-wide Configuration, A.1
- Message Data Store, 5.13.3
- Metadata, 5.1.1
-
- properties that affect, 5.1.1
- protocol URLs, 5.1.1
- re-publishing, 5.1.1
- metadata, 4.1.1.2
-
- affected properties, 5.1.1
- properties that affect, 5.1.1
- Monitoring, 7.1
N
- NameID
-
- using UserID for, 5.4.2
- NameID lookup
-
- disabling, 6.14
- new features
-
- release 11g (11.1.1), Preface
O
- OASIS, 1.1.4.1
- On-Demand Global Logout, 6.8.3
- OpenID, 2.2.1.3
-
- association, 1.1.3
- attribute exchange, 2.2.2.6
- claimed identifier, 1.1.3
- Diffie-Hellman parameters, 5.5.5
- discovery, 1.1.3
- Generic Service Provider, 5.4.4
- ICAM, 2.2.2.6
- PAPE, 2.2.2.6
- PAPE 1.0, 5.5.5
- processing flow, 2.2.2.6
- Profiles and Extensions, 1.2.4.10
- profiles and extensions, 2.2.2.6
- Provider, 1.1.3
- Relying Party, 1.1.3
- SP Properties, 5.5.5
- OpenID IdP, 5.4.4
- OpenID Provider, 1.1.3
- OpenID SP, 5.5.5
- Oracle Access Manager
-
- authenticating with, 2.3.4
- authentication engines, 5.15.3
- configuring plug-ins, 5.6.3
- deploying with, 3.2.3
- schemes and policies, 5.6.4
- Oracle Access Manager 11g, 3.2.4
- Oracle Directory Server Enterprise Edition
-
- deploying with, 3.2.6
- Oracle HTTP Server
-
- as proxy, B.1
- deploying with, 3.2.1.1
- Oracle Identity Federation, 1.2
-
- administration, 4.1.2
- administration tools, 4.1.2
- and PKI, 4.1.1.2
- architecture, 1.2.2, 10.2.1
- as IdP Attribute Responder, 5.6.6
- as SP Attribute Requester, 5.6.5
- as SSL client, 8.1.2
- as SSL server, 8.1.1
- basic administration, 4.1
- benefits, 1.2.1
- configuring, 5
- data maintained by, 5.1
- deployed with Oracle Access Manager, 3.2.3
- deployed with Oracle HTTP Server, 3.2.1
- deployed with Oracle Single Sign-On, 3.2.2
- federated identities, 4.4.1
- Federations, 4.3
- Home Page, 7.1.1
- installation requirements, 2.5
- log files, 4.1.3
- managing credentials for, 4.5
- modules and flow, 10.2.1
- proxy for, B
- schema, 5.13.5
- SSL for, 8.1
- with Oracle Directory Server Enterprise Edition, 3.2.6
- WLST
-
- list of commands, 9.2
- WLST for, 9
- Oracle Identity Federation/SP
-
- authenticating to OAM, 3.2.5
- Oracle Single Sign-On
-
- authenticating with, 2.3.5
- authentication engines, 5.15.2
- deploying with, 3.2.2
- testing deployment, 3.2.2.6
- Oracle Universal Federation Framework, 1.1.3
- Outbound Connection Properties, 5.2.2
- Overriding NameID Mapping, 6.20
P
- PAPE
-
- OpenID, 2.2.2.6
- PAPE 1.0, 5.4.4
- performance, 6.14
-
- and assertion security, 2.6.1.4
- and connection tuning, 2.6.1.5
- and profiles, 2.6.1.1
- and repositories, 2.6.1.2
- and server tuning, 2.6.1.7
- tuning, 2.6
- Performance Summary, 7.1.2
- PKI, 4.1.1.2
- principal, 1.1.3
- profiles
-
- artifact
-
- request processing, 2.2.2.1
- security, 2.2.2.3
- using, 2.2.2.1
- with proxy, 2.2.2.1
- attribute sharing
-
- using, 2.2.2.4
- choosing, 2.2.2
- federation termination, 1.2.4.8
- HTTP redirect, 1.2.4.4
- logout, 1.2.4.9
- OpenID, 2.2.2.6
- passive requester, 1.2.4.7
- POST, 1.2.4.1
-
- request processing, 2.2.2.2
- security, 2.2.2.3
- using, 2.2.2.2
- with proxy, 2.2.2.2
- WS-Federation
-
- using, 2.2.2.5
- proxy server, 2.1.2, B
R
- RCU
-
- and schema creation, 5.13.5
- reauthentication, 5.3
-
- forcing not supported for Oracle Single Sign-On, 3.2.2
- reference footprint, 2.6.3
- Relying Party, 1.1.3
- roles
-
- FederationAdmin, 4.1.1.1
S
- SAML, 1.1.4.1
-
- assertions, 1.1.4.1
- authentication example, 1.1.4.4
- profiles, 1.1.4.1
- protocol bindings, 1.1.4.1
- request and response cycle, 1.1.4.1
- request-response cycle, 1.1.4.1
- SAML 1.x, 1.1.4.3
-
- IdP Properties, 5.4.2
- SP, 5.5.3
- SAML 2.0, 1.1.4.4
-
- IdP NameID formats, 5.4.1
- IdP Properties, 5.4.1
- SP, 5.5.2
- SAML security considerations, 2.2.2.3
- schema
-
- creating, 5.13.5
- validation, 6.13.4
- schema validation, 6.13.4
- Security and Trust
-
- configuring, 5.10
- Provider Metadata, 5.10.2
- Trusted CAs and CRLs, 5.10.3
- Wallet, 5.10.1
- security considerations, 2.2.2.3
- server certificates, 4.2.2
- Server Clock Drift, 5.2.1
- Server Configuration Data, 5.1.1
- Server Hostname, 5.2.1
- server metadata, 4.2.1
- Server Port, 5.2.1
- Service Provider
-
- Common Properties, 5.5.1
- OpenID, 5.5.5
- SAML 1.x, 5.5.3
- SAML 2.0, 5.5.2
- WS-Federation 1.1, 5.5.4
- service provider, 1.1.3
- session
-
- active period, 5.2.1
- Session Data Store, 5.13.3
- Session Timeout, 5.2.1
- Session Types, 5.4.4
- setConfigProperty
-
- for DN pattern matching, 5.5.1
- signature verification, 4.2.6
- Signing and Encryption Wallets, 8.2
- Single Sign-On
-
- for SAML 1.x and WS-Federation, 4.3.5
- for User Opt-In and Opt-Out, 6.18
- schema validation, 6.13.4
- single sign-on, 1.1
- sizing guidelines, 2.6
- SOAP Port, 5.2.1
- SP integration engine
-
- custom, 10.4
- SP Properties
-
- OpenID, 5.5.5
- SSL, 8.1
-
- and PKI, 4.1.1.2
- configuration, 8.1.1
- configuring for Oracle Identity Federation, 8.1
- enabling for server, 5.2.1, 5.2.1
- Signing and Encryption Wallets, 8.2
- static attribute mapping, 5.9.1.1.1
- Supported Standards and Applications, 1.2.8
T
- test SP engine, 3.2.7
- third-party IAM solutions, 10.1
- timeout parameters, 5.3
- topology, 2.6.4
- transient data store, 2.4.3
- troubleshooting
-
- AccessGate permission error, C.1.4.1
- back-ends with same cookie domain, C.1.4.4
- bookmarked login page, C.1.3.2
- bookmarked resource, C.1.6.1
- file descriptor error, C.1.5.1
- incorrect login page, C.1.3.1
- LD_ASSUME_KERNEL, C.1.4.3
- non-ASCII AccessGate ID, C.1.4.2
- Operating System configuration, C.1.5
- Oracle Access Manager configuration, C.1.4
- Oracle Identity Federation configuration, C.1.2
- Oracle Single Sign-On configuration, C.1.3
- runtime SSO issues, C.1.6
- trusted provider
-
- adding, 4.3.2
- delete, 4.3.4
- for SSO, 4.3.5
- searching, 4.3.1
- update, 4.3.3
U
- User Consent, 5.4.1
-
- example page, 5.4.1
- user data store, 2.4.2
-
- configuring none, 5.13.1.5
- connection data, 2.4.2
- User Federation Data, 5.1.2
- User Federation Record Context, 2.4.1
- User Opt-In and Opt-Out
-
- for Single Sign-On, 6.18
- user records
-
- basic data, 5.1.2
- deprovisioning, 5.1.2
- federation data, 5.1.2
- synchronizing, 5.1.2
W
- web access management (WAM) system, 1.2.3
- Web Proxy
-
- configuring behind, 3.2.6.3
- WLST, 9
-
- addConfigListEntryInMap, 9.2.1
- addConfigMapEntryInMap, 9.2.2
- addConfigPropertyListEntry, 9.2.3
- addConfigPropertyMapEntry, 9.2.4
- addFederationListEntryInMap, 9.2.7
- addFederationMapEntryInMap, 9.2.8
- addFederationPropertyMapEntry, 9.2.10
- changePeerProviderDescription, 9.2.16
- changeSessionStore, 9.2.17
- createConfigPropertyList, 9.2.18
- createConfigPropertyListInMap, 9.2.19
- createConfigPropertyMap, 9.2.20
- createConfigPropertyMapInMap, 9.2.21
- createFederationPropertyList, 9.2.22
- createFederationPropertyListInMap, 9.2.23
- createFederationPropertyMap, 9.2.24
- createFederationPropertyMapInMap, 9.2.25
- createPeerProviderEntry, 9.2.26
- deleteCustomAuthnEngine, 9.2.11
- deleteCustomSPEngine, 9.2.12
- deleteUserFederations, 9.2.14
- environment setup, 9.1.1
- executing commands, 9.1.2
- extractproviderprops, 9.2.36
- getConfigListValueInMap, 9.2.27
- getConfigMapEntryInMap, 9.2.28
- getConfigProperty, 9.2.29
- getConfigPropertyList, 9.2.30
- getConfigPropertyMapEntry, 9.2.31
- getFederationListValueInMap, 9.2.32
- getFederationMapEntryInMap, 9.2.33
- getFederationProperty, 9.2.34
- getFederationPropertyList, 9.2.35
- getFederationPropertyMapEntry, 9.2.38
- listCustomAuthnEngines, 9.2.39
- listCustomSPEngines, 9.2.40
- loadMetadata, 9.2.41, 9.2.42
- removeConfigListInMap, 9.2.43
- removeConfigMapEntryInMap, 9.2.44
- removeConfigMapInMap, 9.2.45
- removeConfigProperty, 9.2.46
- removeConfigPropertyList, 9.2.47
- removeConfigPropertyMap, 9.2.48
- removeConfigPropertyMapEntry, 9.2.49
- removeFederationListInMap, 9.2.50
- removeFederationMapEntryInMap, 9.2.52
- removeFederationMapInMap, 9.2.51
- removeFederationProperty, 9.2.53
- removeFederationPropertyList, 9.2.54
- removeFederationPropertyMap, 9.2.55
- removeFederationPropertyMapEntry, 9.2.56
- removePeerProviderEntry, 9.2.57
- setConfigProperty, 9.2.58
- setCustomAuthnEngine, 9.2.59
- setCustomSPEngine, 9.2.60
- setFederationProperty, 9.2.61
- setproviderprops, 9.2.37
- WS-Federation, 1.1.4.5
-
- IdP Properties, 5.4.3
- WS-Federation 1.1
-
- SP, 5.5.4
X
- X.509 certificates, 4.1.1.2