4/72
List of Tables
1-1 Oracle Access Management Post-Installation Tasks
1-2 Deployment Types
1-3 Introduction: Access Manager 11.1.2
1-4 10g Functionality Not Available with Access Manager 11g
1-5 Security Token Service Terms and Concepts
1-6 Security Token Service Terms
1-7 Security Token Service 11g Infrastructure
1-8 Integrated Oracle Web Services Manager
2-1 Role Mapping from an LDAP Group to Administrator
2-2 Welcome Page and Shortcuts
2-3 Function Tabs and Descriptions
2-4 Command Buttons in the Tool Bar
2-5 View Menu Command Descriptions
2-6 System Configuration, Actions Menu, Command Descriptions
2-7 Controls for Open Pages
2-8 Page Elements and Descriptions
2-9 Selection Tasks and Controls
3-1 System Configuration: Common Configuration Section
3-2 Common Services
3-3 Common Settings
3-4 Common Coherence Settings
4-1 Data Sources for Oracle Access Management
4-2 Data Sources for Oracle Access Management Services
4-3 11.1.2 Keys and Storage
4-4 User Identity Store Elements
5-1 Conditions Requiring Server Restart
5-2 OAM Server Instance Settings
5-3 OAM Proxy Settings for an Individual OAM Server
5-4 Default Coherence Settings for Individual OAM Servers
6-1 Logging Files
6-2 Logging Defaults
6-3 Oracle Access Management Server-Side Component Loggers
6-4 Oracle Access Management Shared-Service Engine Component Loggers
6-5 Oracle Access Management Foundation API Component Loggers
6-6 Mapping of ODL to Java Levels
6-7 Oracle Security Token Service and Identity Federation Loggers
7-1 Logging Levels
7-2 Log Configuration File Names for Components
7-3 Log Writers
7-4 Global Parameters in the First Compound List
7-5 Factors that Determine Whether Logging Is Active
7-6 Mandatory Log Configuration File Parameters
7-7 Log Data File Configuration Parameters
7-8 ParamName Values You Can Configure for Per-Module Logging Threshold
8-1 Oracle Business Intelligence Enterprise Edition Reports for OAM
8-2 Access Manager Administrative Audit Events
8-3 Access Manager Run-time Audit Events
8-4 Categories of Audit Events for Identity Federation
8-5 Identity Federation Session Management Events
8-6 Protocol Flow Events for Identity Federation
8-7 Server Configuration Identity Federation
8-8 Security Events for Identity Federation
8-9 Security Token Service Configuration Management Operations
8-10 Security Token Service-specific Run-time Events
8-11 Audit Configuration Elements
9-1 OAM Server Metrics: Server Processes Overview Tab
9-2 OAM Server Metrics: Session Operations
9-3 OAM Server Metrics: Server Operations Tab
9-4 OAM Proxy Metrics
9-5 OAM Proxy Tuning Parameters
9-6 OpenSSO Proxy Server Events
9-7 OpenSSO Proxy Metrics: Server
9-8 OpenSSO Proxy Metrics: Agent
10-1 Farm Page Sections
10-2 Resulting Pages for Selected Nodes and Targets
10-3 Summary of Performance Overviews in Fusion Middleware Control
10-4 Access Manager Component Metrics
10-5 STS Component-Specific Metrics
10-6 Status and Controls on Performance Summary Pages
10-7 OAM Log Availability and Functions in Fusion Middleware Control
10-8 Log Levels Tab on Log Configuration Page
10-9 Log Files Elements
10-10 OAM Log Message Search Controls in Fusion Middleware Control
10-11 System MBean Browser
10-12 MBeans that Access Manager and Security Token Service Deploy
10-13 System MBean Browser
10-14 Farm Topology
11-1 Access Manager Settings
11-2 Access Manager Settings: Load Balancer
11-3 Server Error Mode
11-4 Error Trigger Condition, Modes, and Message Codes
11-5 External Error Codes, Trigger Conditions, and Recommended Messages
11-6 Access Manager Settings: SSO
11-7 Summary: Simple and Cert Mode
11-8 Server Common OAM Proxy Secure Communication Settings
11-9 Policy Evaluation Caches
12-1 Agent Types
12-2 Agent Registration and SSO Support
12-3 Run Time Processing Overview for Access Manager
12-4 Keys and Policies Generated During Agent Registration
12-5 Artifacts Associated with Agent Registration
12-6 Copying Generated Artifacts
12-7 Remote Registration Methods
12-8 Remote Registration Does Not Support
12-9 Agent Registration and Configuration Update Artifacts
13-1 Elements on Create Pages for 11g and 10g OAM Agents
13-2 User-Defined Webgate Parameters
13-3 Elements on Expanded 11g and 10g Webgate/Access Client Registration Pages
13-4 OAM Agent Search Controls
13-5 Environment Variables to Set within oamreg
13-6 Remote Registration Command Arguments: mode
13-7 Remote Registration Command Samples
13-8 Common Elements in Remote Registration Requests
13-9 Remote Registration Request Templates for OAM Agents
13-10 Elements in Extended OAM Agent Remote Registration Requests
13-11 Variables Required for Remote Registration
13-12 Files Returned by in-band Administrator to out-of-band Administrator
13-13 Remote Agent Update Modes and Input Files
13-14 Delta: OAM Agent Update versus Registration Request
14-1 Common Session Settings
14-2 Session Management Controls and the Results Table
15-1 Summary: SSO Components
15-2 Introduction to SSO Implementations
15-3 Access Manager Global, Shared Policy Components
15-4 Access Manager Policy Components
15-5 Condition Types
15-6 Login Processing with Access Manager-Protected Resources
15-7 DCC Deployment Support
15-8 SSO Cookies
16-1 Comparison: Resource Types for Access Manager versus 10g
16-2 Resource Type Definition
16-3 Host Identifiers Examples
16-4 Host Identifier Definition
16-5 Comparing the DCC and ECC
16-6 Native Authentication Modules
16-7 Native Kerberos Authentication Module Definition
16-8 Native LDAP Authentication Modules Definition
16-9 X509 Authentication Module Definition
16-10 Simple Form versus Multi-Step Authentication
16-11 General tab
16-12 Add New Step Entries, Steps Results Table, and Details Section
16-13 Parameter Details for Various Plug-ins
16-14 Steps Orchestration Subtab
16-15 X509 Step Details (KEY_CERTIFICATE_ATTRIBUTE_TO_EXTRACT)
16-16 Managing Custom Plug-ins Actions
16-17 Plugins Status Table
16-18 Example of Plugin Details Extracted from XML Metadata File
16-19 Authentication Scheme Definition
16-20 Pre-configured Authentication Schemes
16-21 Challenge Parameters in Pre-configured Schemes
16-22 User-Defined Challenge Parameters for Authentication Schemes
16-23 Challenge Parameters for 10g/11g Encrypted Cookies
16-24 Credential Collector Password Pages
16-25 Password Management Forms and Functions
16-26 Password Policy Elements
16-27 Specifying Credential Collectors and Related Forms for Authentication
16-28 Location of Oracle-provided LDIFs for LDAP Providers
16-29 Key Password Attributes in a Password Policy
16-30 User Password Step Details
16-31 Resource Webgate Support of Post Data Preservation and Restoration
16-32 Credential Collector Support for Post Data Handling
16-33 ECC and DCC: Long URL Handling
17-1 Resource Definition Elements
17-2 HTTP Resources Sample URL Values
17-3 Supported Wildcards in Resource URL Patterns (Precedence Order)
17-4 Sample Resource URLs
17-5 Pattern Matching for Requested URLs
17-6 Query String Matching: Examples
17-7 Resource Evaluation Outcomes
17-8 Search Elements for a Resource in an Application Domain
17-9 Authentication Policy Elements and Descriptions
17-10 Authorization Policy Elements and Descriptions
17-11 Response Elements
17-12 Namespace Request Variables for Single Sign-On
17-13 Namespace Session Variables for Single Sign-On
17-14 Namespace User Variables
17-15 Simple Responses and Descriptions
17-16 Complex Responses
17-17 Fresh OSSO Installation: Protected Policy Response (Header)
17-18 Authorization Policy Condition Tab
17-19 Add Condition Window Elements
17-20 Add identities Elements
17-21 Add Search Filter Elements
17-22 LDAP Search Filter Examples for Access Manager
17-23 Temporal Condition Details
17-24 Access Conditions that Require Attribute-Type Conditions
17-25 Attribute Condition Elements
17-26 Attribute Names for Request Built-ins
17-27 Attribute Names for Session Built-ins
17-28 Attribute Condition Data (Aggregation of Conditions)
17-29 Authorization Policy Rules Elements
17-30 Rule Tab in Expression Mode
17-31 Operators for Expressions in Authorization Rules
17-32 Remote Policy Management Modes, Templates, and Flags
17-33 Remote Management Template Elements
18-1 User Interactions: Tester Console Mode versus Command Line Mode Operations
18-2 Access Tester Supported System Properties
18-3 Access Tester Console Panels
18-4 Command Buttons in Access Tester Panels
18-5 Additional Access Tester Buttons
18-6 Access Tester Menus
18-7 Connection Panel Information
18-8 Protected Resource URI Panel Fields and Controls
18-9 Access Tester User Identity Panel Fields and Controls
18-10 Access Tester Capture Request Options
18-11 Generate Script Command
18-12 Test Script Control Parameters
18-13 Run Test Script Commands
18-14 Mismatched Results Reasons in the Statistics Document
19-1 Centralized Logout Circumstances
19-2 Logout Details After Registration (ObAccessClient.xml)
20-1 Features: OpenSSO Agents with Access Manager
20-2 OpenSSO Policy Migration
20-3 OpenSSO Reliance on Access Manager
20-4 Access Manager Processing with OpenSSO
20-5 Elements on the New OpenSSO Agent Page
20-6 Relocating OpenSSO Artifacts
20-7 Expanded OpenSSO Agent Registration Elements
20-8 OpenSSO Request Files for Remote Registration
20-9 OpenSSO Agent Remote Registration Request
20-10 J2EE Request File Mappings to the Properties File
20-11 Mapping the Web Request File to the Properties File
20-12 Delta: OpenSSO Remote Registration versus Remote Updates
20-13 Other OpenSSO Information in this Guide
21-1 OSSO Agents with Access Manager
21-2 11g Access Manager SSO versus OSSO 10g Component Summary
21-3 Create OSSO Agent Page Elements
21-4 Relocating OSSO Artifacts
21-5 Expanded OSSO Agent Elements
21-6 OpenSSO Request Files for Remote Registration
21-7 OSSO-Specific Elements in a Remote Registration Request
21-8 Delta: OSSO Remote Registration versus Remote Updates
21-9 Other OSSO Information in this Guide
22-1 Installation Comparison with 10g Webgates
22-2 Comparison: Access Manager 11g versus 10g
22-3 Comparing Access Manager 11g Policy Model versus 10g
22-4 Preparing for 10g Webgate Installation with Access Manager 11g
22-5 Sample end_url Parameter Specifications
25-1 IIS 7 Webgate Windows Server 2008
27-1 Supported Protocols
27-2 Identity Federation Configuration in Oracle Access Management Console
27-3 Integration of Identity Federation and Access Manager 11g Release 2 (11.1.2)
28-1 Identity Provider Partner Settings
28-2 Attributes for Google OpenID Partner
28-3 Attributes for Yahoo OpenID Partner
28-4 Elements Used for IdP Provider Search
29-1 Federation Settings in the Console
29-2 General Federation Settings
29-3 Federation Proxy Settings
29-4 Keystore Settings for Federation
30-1 FederationScheme Element Definitions
30-2 FederationPlugin Steps
30-3 Orchestration of FederationPlugin
30-4 OIFScheme Definition
30-5 OIFMTLDAPPlugin Steps
30-6 Policy Response Elements
32-1 Security Token Service Settings
32-2 Configuring a Non-Oracle WSM Client for WSS Kerberos Policies
33-1 Security Token Service Public Keys Used at Run Time
33-2 Keystores for Access Manager and Security Token Service
33-3 Keystore Mbeans
33-4 Partner Keys for WS-Trust Communications
33-5 Conditions for Security Token Service Certificate Validation
33-6 Successful Certificate Validation Requirements
34-1 Search Validation Template
34-2 Issuance Template Requirements
34-3 Issuance Template: General Details
34-4 Issuance Properties: Username Token Type
34-5 Issuance Properties: SAML Token Types
34-6 Security Details: SAML Tokens
34-7 Issuance Template: Attribute Mapping, SAML Token
34-8 Validation Template Protocols
34-9 New Validation Template: General Details
34-10 New Validation Template: Authentication Details
34-11 New Validation Template: Token Mapping
34-12 Endpoints Page
34-13 Conditions tab: Token Issuance Policy
34-14 New Custom Token Elements
34-15 Custom Tokens Search Elements and Controls
35-1 Security Token Service Partners
35-2 Security Token Service Clients
35-3 Security Token Service Partner Entry
35-4 Security Token Service Partner Profile Data
35-5 Partner Elements for Partner Types
35-6 Elements for Security Token Service Partners
35-7 Profile: General
35-8 Requester Profile: Token and Attributes
35-9 Relying Party Profile Requirements
35-10 Token and Attributes Elements: Issuing Authority
35-11 Issuing Authority Token Mapping Elements
37-1 Features in Mobile and Social Based on the Companion Services Installed
37-2 Pre-configured Mobile and Non-Mobile Authentication Service Providers
37-3 Java and iOS Features of Mobile and Social Mobile Services Client SDK
37-4 Token Requirements for the Mobile and Social Server
37-5 Identity Providers That Mobile and Social Natively Supports
38-1 Access Manager Authentication Service Provider Default Attributes
38-2 WebGate Agent for Authentication Service Provider Default Attributes
38-3 JWT Authentication Service Provider Default Attributes
38-4 Pre-configured Authentication Service Providers
38-5 Access Manager Authorization Service Provider Default Attributes
38-6 WebGate Agent for Authorization Service Provider Default Attributes
38-7 User Profile Service Provider Default Attribute Names and Values
38-8 Authentication Service Profile Default General Properties
38-9 Token Support and URI Category Information Default Properties
38-10 Authorization Service Profile Default General Properties
38-11 User Profile Service Profile Default General Properties
38-12 Security Handler Plug-in General Properties
38-13 Application Profile General Properties
38-14 Service Domain General Properties
38-15 Application Profile Selection Properties
38-16 Service Profile Selection Properties
38-17 User Profile Service Protection Properties
38-18 Authorization Service Protection Properties
38-19 OAAM Policies Supported By Mobile and Social
38-20 Mapping Terms Between OAAM and Mobile and Social
39-1 OpenID Protocol Attributes
39-2 OAuth Protocol Attributes
39-3 User Attributes Returned By Google
39-4 User Attributes Returned By Yahoo
39-5 Service Provider Interface Information Properties
40-1 Attribute Settings for an Oracle Access Manager 11gR1 PS1 Authentication Service Provider
41-1 Identity Context Schema Attributes
41-2 Mapping Identity Context Operations
42-1 Access Manager Support for RSA Features
42-2 RSA Features Not Supported
42-3 Installation and Configuration Guidelines
43-1 Sample Naming
44-1 JBoss Agent Composition
45-1 Access Manager Component Requirements
45-2 Microsoft Requirements for this Integration
45-3 Create Web Application Options for Microsoft SharePoint Server 2010
45-4 Create a Web Application to Host a Site Collection for SharePoint Server 2010
46-1 Login Module Stacks for using Header Variables
A-1 addOAMSSOProvider Command-line Arguments
B-1 Languages for Localized Messages
C-1 importcert Command Syntax
D-1 Comparing IAMSuiteAgent with 11g and 10g Webgates
Scripting on this page enhances content navigation, but does not change the content in any way.