Skip Headers
Oracle® Configuration Manager Collection Overview
Release 10.3.7

Part Number E26169-01
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Feedback page
Contact Us

Go to previous page
Go to next page
PDF · Mobi · ePub

22 Oracle Identity Management Collections

As a prerequisite for Oracle Identity Management Collections, the user is required to log on to Fusion Middleware Enterprise Manager Console once before running the configuration collection.

The Oracle Identity Management collections include the following:

22.1 Directory Integration Platform

The configuration categories and their associated configuration items for the Directory Integration Platform target type follow:

22.1.1 Directory Integration Platform Configuration

Oracle Internet Directory Host
Oracle Internet Directory Port
SSL Mode
Refresh Interval

22.1.2 Admin Server Details

Admin Server Host
Admin Server Port
WebLogic Domain Name

22.1.3 WebLogic Application Configuration

Load Order

22.2 Oracle Access Manager

ECM Associations
J2EE Application Config
Target Version

22.3 Oracle Adaptive Access Manager

ECM Associations
J2EE Application Config
Target Version

22.4 Oracle Identity Federation

The configuration categories and their associated configuration items for the Oracle Identity Federation target type follow:

22.4.1 Server Configurations

Server Host Name
Server Port
Port - SSL Enabled
Port - Force SSL
SOAP Port - SSL Enabled
SOAP Port - Force SSL
SOAP Port - Require Client Certificate
Server Clock Drift (sec)
Session Timeout (sec)
Request Timeout (sec)
Default XML Data Encryption Algorithm
Logout Option - Fail on Error
Logout Option - Return Status
Logout Option - Local Logout Only
Logout Option - Parallel Logout
Maximum SOAP Connections
Maximum SOAP Connections per Server
Proxy Host
Proxy Port
Proxy Username
Non-Proxy Hosts

22.4.2 Data Store Configurations

Federation Store LDAP Connection URL
Federation Store LDAP Bind DN
User Federation Record context
LDAP Container Object Class
Unique Federation ID Attribute
Federation Store LDAP Maximum Connections
Federation Store LDAP Connection Wait Timeout (sec)
Federation Store RDBMS JNDI Name
User Store LDAP Connection URL
User Store LDAP Bind DN
LDAP User ID Attribute
LDAP User Description Attribute
Person Object Class
Base DN
User Store LDAP Maximum Connections
User Store LDAP Connection Wait Timeout (sec)
User Store RDBMS JNDI Name
User Store RDBMS Login Table
RDBMS User ID Attribute
RDBMS User Description Attribute

22.4.3 Identity Provider Configurations

Enable Identity Provider
Provider ID
Assertion Validity (sec)
Re-authenticate After (sec)
Send Signed Assertion
Artifact Timeout (sec)
Enable Common Domain
Common Domain URL
Common Domain Cookie Domain
Common Domain Cookie Lifetime (day)
SSO User Opt-In/Out Mode
Opt-In/Out User Attribute
Opt-In/Out Attribute Value
Re-authenticate when Missing User Session Attributes

22.4.4 Identity Provider SAML 2.0 Assertion Properties

Enabled NameID Formats
Default NameID Format
Get Value from User Session for X.509 Subject Name
Get Value from User Session for Email Address
Get Value from User Session for Windows Domain Qualified Name
Get Value from User Session for Kerberos Principal Name
Get Value from User Session for Unspecified
Get Value from User Session for Custom
User Attribute Mapping for X.509 Subject Name
User Attribute Mapping for Email Address
User Attribute Mapping for Windows Domain Qualified Name
User Attribute Mapping for Kerberos Principal Name
User Attribute Mapping for Kerberos Principal Name
User Attribute Mapping for Custom
Name of the Custom Format
Federation Creation User Consent URL
Force User Consent
Send Encrypted Assertions
Send Encrypted Assertions
Send Encrypted NameID
Send Signed Assertion

22.4.5 Identity Provider SAML 2.0 Protocol Properties

Enable SAML 2.0 Protocol
Enable Register NameID Protocol
Enable Federation Termination Protocol
Enable Attribute Query Responder
User Identity Federation for Attribute Response
Enable Authentication Query Responder
Enable Assertion ID Responder
Enable Protocol Bindings
Default Binding
Default SSO Response Binding
Authentication Request message to Require Signed
Request | XML/HTTP Post message to Require Signed
Request | URL/HTTP Redirect message to Require Signed
Request | XML/SOAP message to Require Signed
Response | XML/HTTP Post message to Require Signed
Response | URL/HTTP Redirect message to Require Signed
Response | XML/SOAP message to Require Signed
Request | XML/HTTP Post message to Send Signed
Request | URL/HTTP Redirect message to Send Signed
Request | XML/SOAP message to Send Signed
Response | XML/HTTP Post message to Send Signed
Response | URL/HTTP Redirect message to Send Signed
Response | XML/SOAP message to Send Signed
Response (Assertion) | XML/HTTP Post message to Send Signed
Response (Assertion) | XML/SOAP message to Send Signed

22.4.6 Identity Provider SAML 1.0 Assertion and Protocol Properties

Enabled NameID Formats
Default NameID Format
Get Value from User Session for X.509 Subject Name
Get Value from User Session for Email Address
Get Value from User Session for Windows Domain Qualified Name
Get Value from User Session for Unspecified
Get Value from User Session for Custom
User Attribute Mapping for X.509 Subject Name
User Attribute Mapping for Email Address
User Attribute Mapping for Windows Domain Qualified Name
User Attribute Mapping for Unspecified
User Attribute Mapping for Custom
Name of the Custom Format
Send Signed Assertion
Enable SAML 1.1 Protocol
Enable SAML 1.0 Protocol
Enable Attribute Query Responder
Enable Authentication Query Responder
Enable Assertion ID Responder
SSO Response Binding
Request | XML/SOAP message to Require Signed
Response (Assertion) | XML/HTTP Post message to Send Signed
Response (Assertion) | XML/SOAP message to Send Signed

22.4.7 Identity Provider WSFed 1.1 Properties

Enable WS-Federation 1.1 Protocol
SSO Token Type
Use Microsoft Web Browser Federated SSO Profile

22.4.8 Service Provider Configurations

Service Provider Configurations
Provider ID
Enable Map Assertion to User Account
Anonymous User ID
Ignore Unknown Conditions
Require Signed Assertions
Default SSO Identity Provider
Enable IdP Discovery Service URL
IdP Discovery Service URL
Enable Common Domain Service
Common Domain Service URL
Enable Attribute Requester Service
Default Attribute Authority
DN Pattern | Identity Provider
Authentication Mechanism | Identity Provider

22.4.9 Service Provider SAML 2.0 Assertion Properties

Map User via Federated Identity
Enable Auto Account Linking
Map User via Attribute Query
Attribute Query
Map User via NameID
Enabled NameID Formats
User Attribute Mapping for X.509 Subject Name
User Attribute Mapping for Email Address
User Attribute Mapping for Windows Domain Qualified Name
User Attribute Mapping for Kerberos Principal Name
User Attribute Mapping for Unspecified
User Attribute Mapping for Custom
Name of the Custom Format
Error when User Mapping Fails
Error when User Mapping Fails
Required Signed Assertion

22.4.10 Service Provider SAML 2.0 Protocol Properties

Enable SAML 2.0 Protocol Enabled
Enable Register NameID Protocol
Enable Federation Termination Protocol
Send Encrypted NameIDs
Send Encrypted Attributes
Allow Federation Creation
User Consent URL
Force User Consent
Enable Protocol Bindings
Default Binding
Default SSO Request Binding
Default SSO Response Binding
Default Authentication Request NameID Format
Request Authentication Context Mechanism
Request Authentication Context Comparison
Request Authentication Context Comparison
Request | XML/HTTP Post message to Send Signed
Request | URL/HTTP Redirect message to Send Signed
Request | XML/SOAP message to Send Signed
Response | XML/HTTP Post message to Send Signed
Response | URL/HTTP Redirect message to Send Signed
Response | XML/SOAP message to Send Signed
Request | XML/HTTP Post message to Require Signed
Request | URL/HTTP Redirect message to Require Signed
Request | XML/SOAP message to Require Signed
Response | XML/HTTP Post message to Require Signed
Response | URL/HTTP Redirect message to Require Signed
Response | XML/SOAP message to Require Signed
Response (Assertion) | XML/HTTP Post message to Require Signed
Response (Assertion) | XML/SOAP message to Require Signed

22.4.11 Service Provider SAML 1.x Assertion and Protocol Properties

Map User via Attribute Query
Map User via Attribute Query
Map User via NameID
Enabled NameID Formats
User Attribute Mapping for X.509 Subject Name
User Attribute Mapping for Email Address
User Attribute Mapping for Windows Domain Qualified Name
User Attribute Mapping for Unspecified
User Attribute Mapping for Custom
Name of the Custom Format
Error when User Mapping Fails
Ignore Unknown Condition
Required Signed Assertion
Enable SAML 1.0 Protocol
Enable SAML 1.1 Protocol
Enable Protocol Binding
Enable Protocol Binding
Response (Assertion) | XML/HTTP Post message to Require Signed
Response (Assertion) | XML/SOAP message to Require Signed

22.4.12 Service Provider WSFed 1.1 Properties

Enable WD-Federation 1.1 Protocol

22.4.13 Admin Server Details

Admin Server Host
Admin Server Port
WebLogic Domain Name

22.4.14 WebLogic Application Configuration

Load Order

22.5 Oracle Identity Manager

ECM Associations
J2EE Application Config
Target Version

22.6 Oracle Internet Directory

The configuration categories and their associated configuration items for the Oracle Internet Directory target type follow:

22.6.1 Oracle Internet Directory General Configurations

Server Mode
Max number of entries returned by search
Max time allowed for a search to complete
Anonymous Bind
SDump Flag
SSL Interop Mode

22.6.2 Oracle Internet Directory Performance Configurations

Number of OID LDAP Server Processes
Number of DB Connections per Server Process
Enable Entry Cache
Maximum Entries in Entry Cache
Maximum Entry Size in Cache (byte)
Maximum Entry Cache Size (bytes)
Number of users in privilege Group membership Cache
LDAP Idle Connection Timeout (sec)
OID Server Network Read/Write Retry Timeout (sec)
Maximum number of LDAP connections per Server Process
Max Time for Server process to respond to Dispatcher process (sec)
Number of Dispatcher Threads per Server Process
Number of Plugin Threads per Server Process<
Enable Change Log Generation
Enable Group Cache

22.6.3 Oracle Internet Directory SASL Configurations

Authentication Mode
Cipher Choice
External SASL Authentication
Authentication Mechanism

22.6.4 Oracle Internet Directory Statistics Configurations

Stats Flag
Stats Frequency (min)
Security Event Tracking
User Statistics Collection
Event Levels

22.6.5 Oracle Internet Directory Log Configurations

Debug Level
Operations Enabled for Debug
Maximum Log File Size
Maximum Files in Rotation

22.6.6 Admin Server Details

Admin Server Host
Admin Server Port
WebLogic Domain Name

22.7 Oracle Virtual Directory

The configuration categories and their associated configuration items for the Oracle Virtual Directory target type follow:

22.7.1 Server Configuration

ACL Check
DoS Active
DoS Rate Period
Exempt IP Addresses
Exempt Subjects
Maximum inactive connection timeouts
Maximum Connections
Maximum Connections per IP
Maximum Connections per Subject
Maximum Operations per Connection
Schema Check

22.7.2 Search Configuration

Anonymous Search Limit
Authenticated Search Limit
Persistent Search

22.7.3 Schema Locations

Schema Locations

22.7.4 Listener Configuration

Listener Name
Listener Type
Listener Version
Listener Active
Listener Host
Listener Port
Group URL
SSL Enabled
SSL Authentication Type
SSL Trust Store
SSL Key Store
SSL Protocol
SSL Ciphers

22.7.5 Administration Server Details

Admin Server Host
Admin Server Port
WebLogic Domain Name