4/75
List of Tables
1-1 Oracle Access Management Post-Installation Tasks
1-2 Deployment Types
1-3 Introduction: Access Manager 11.1.2
1-4 10g Functionality Not Available with Access Manager 11g
1-5 Security Token Service Terms and Concepts
1-6 Security Token Service Terms
1-7 Security Token Service 11g Infrastructure
1-8 Integrated Oracle Web Services Manager
2-1 Role Mapping from an LDAP Group to Administrator
2-2 Language Codes For Login Pages
2-3 Oracle Access Management Language Selection Methods
2-4 OAM_LANG_PREF Cookie
2-5 Application Integration for Language Preference
2-6 Welcome Page and Shortcuts
2-7 Function Tabs and Descriptions
2-8 Command Buttons in the Tool Bar
2-9 View Menu Command Descriptions
2-10 System Configuration, Actions Menu, Command Descriptions
2-11 Controls for Open Pages
2-12 Page Elements and Descriptions
2-13 Selection Tasks and Controls
3-1 System Configuration: Common Configuration Section
3-2 Common Services
3-3 Common Settings
3-4 Common Coherence Settings
4-1 Data Sources for Oracle Access Management
4-2 Data Sources for Oracle Access Management Services
4-3 User Identity Store Elements
4-4 Access Manager Keys and Storage
4-5 Keystores for Access Manager and Security Token Service
5-1 Conditions Requiring Server Restart
5-2 OAM Server Instance Settings
5-3 OAM Proxy Settings for an Individual OAM Server
5-4 Default Coherence Settings for Individual OAM Servers
6-1 Logging Files
6-2 Logging Defaults
6-3 Oracle Access Management Server-Side Component Loggers
6-4 Oracle Access Management Shared-Service Engine Component Loggers
6-5 Oracle Access Management Foundation API Component Loggers
6-6 Mapping of ODL to Java Levels
6-7 Oracle Security Token Service and Identity Federation Loggers
7-1 Logging Levels
7-2 Log Configuration File Names for Components
7-3 Log Writers
7-4 Global Parameters in the First Compound List
7-5 Factors that Determine Whether Logging Is Active
7-6 Mandatory Log Configuration File Parameters
7-7 Log Data File Configuration Parameters
7-8 ParamName Values You Can Configure for Per-Module Logging Threshold
8-1 Oracle Business Intelligence Enterprise Edition Reports for OAM
8-2 Access Manager Administrative Audit Events
8-3 Access Manager Run-time Audit Events
8-4 Categories of Audit Events for Identity Federation
8-5 Identity Federation Session Management Events
8-6 Protocol Flow Events for Identity Federation
8-7 Server Configuration Identity Federation
8-8 Security Events for Identity Federation
8-9 Security Token Service Configuration Management Operations
8-10 Security Token Service-specific Run-time Events
8-11 Audit Configuration Elements
9-1 Accounts_Locked_Out Report Fields
9-2 Authentication_statistics Report Fields
9-3 AuthenticationFromIPByUser Report Fields
9-4 AuthenticationPerIP Report Fields
9-5 AuthenticationStatisticsPerServer Report Fields
9-6 All Errors and Exceptions Report Fields
9-7 Authentication Failures Report Fields
9-8 Authentication History Report Fields
9-9 Authorization History Report Fields
9-10 Multiple Logins From Same IP Report Fields
10-1 OAM Server Metrics: Server Processes Overview Tab
10-2 OAM Server Metrics: Session Operations
10-3 OAM Server Metrics: Server Operations Tab
10-4 OAM Proxy Metrics
10-5 OAM Proxy Tuning Parameters
10-6 OpenSSO Proxy Server Events
10-7 OpenSSO Proxy Metrics: Server
10-8 OpenSSO Proxy Metrics: Agent
11-1 Farm Page Sections
11-2 Resulting Pages for Selected Nodes and Targets
11-3 Summary of Performance Overviews in Fusion Middleware Control
11-4 Access Manager Component Metrics
11-5 STS Component-Specific Metrics
11-6 Status and Controls on Performance Summary Pages
11-7 OAM Log Availability and Functions in Fusion Middleware Control
11-8 Log Levels Tab on Log Configuration Page
11-9 Log Files Elements
11-10 OAM Log Message Search Controls in Fusion Middleware Control
11-11 System MBean Browser
11-12 MBeans that Access Manager and Security Token Service Deploy
11-13 System MBean Browser
11-14 Farm Topology
12-1 Access Manager Settings
12-2 Access Manager Settings: Load Balancer
12-3 Server Error Mode
12-4 Error Trigger Condition, Modes, and Message Codes
12-5 External Error Codes, Trigger Conditions, and Recommended Messages
12-6 Access Manager Settings: SSO
12-7 Summary: Simple and Cert Mode
12-8 Server Common OAM Proxy Secure Communication Settings
12-9 Policy Evaluation Caches
13-1 Agent Types
13-2 Agent Registration and SSO Support
13-3 Run Time Processing Overview for Access Manager
13-4 Keys and Policies Generated During Agent Registration
13-5 Artifacts Associated with Agent Registration
13-6 Copying Generated Artifacts
13-7 Remote Registration Methods
13-8 Remote Registration Does Not Support
13-9 Agent Registration and Configuration Update Artifacts
14-1 Elements on Create Pages for 11g and 10g OAM Agents
14-2 User-Defined Webgate Parameters
14-3 Elements on Expanded 11g and 10g Webgate/Access Client Registration Pages
14-4 OAM Agent Search Controls
14-5 Environment Variables to Set within oamreg
14-6 Remote Registration Command Arguments: mode
14-7 Remote Registration Command Samples
14-8 Common Elements in Remote Registration Requests
14-9 Remote Registration Request Templates for OAM Agents
14-10 Elements in Extended OAM Agent Remote Registration Requests
14-11 Variables Required for Remote Registration
14-12 Files Returned by in-band Administrator to out-of-band Administrator
14-13 Remote Agent Update Modes and Input Files
14-14 Delta: OAM Agent Update versus Registration Request
15-1 Common Session Settings
15-2 Session Management Controls and the Results Table
16-1 Summary: SSO Components
16-2 Introduction to SSO Implementations
16-3 Access Manager Global, Shared Policy Components
16-4 Access Manager Policy Components
16-5 Condition Types
16-6 Login Processing with Access Manager-Protected Resources
16-7 DCC Deployment Support
16-8 SSO Cookies
17-1 Comparison: Resource Types for Access Manager versus 10g
17-2 Resource Type Definition
17-3 Host Identifiers Examples
17-4 Host Identifier Definition
17-5 Comparing the DCC and ECC
17-6 Native Authentication Modules
17-7 Native Kerberos Authentication Module Definition
17-8 Native LDAP Authentication Modules Definition
17-9 X509 Authentication Module Definition
17-10 Simple Form versus Multi-Step Authentication
17-11 General tab
17-12 Add New Step Entries, Steps Results Table, and Details Section
17-13 Parameter Details for Various Plug-ins
17-14 Steps Orchestration Subtab
17-15 X509 Step Details (KEY_CERTIFICATE_ATTRIBUTE_TO_EXTRACT)
17-16 Steps and Plug-ins in a Customized Step-up Authentication Module
17-17 Managing Custom Plug-ins Actions
17-18 Plugins Status Table
17-19 Example of Plugin Details Extracted from XML Metadata File
17-20 Authentication Scheme Definition
17-21 Pre-configured Authentication Schemes
17-22 Challenge Parameters in Pre-configured Schemes
17-23 User-Defined Challenge Parameters for Authentication Schemes
17-24 Challenge Parameters for 10g/11g Encrypted Cookies
17-25 Credential Collector Password Pages
17-26 Password Management Forms and Functions
17-27 Password Policy Elements
17-28 Specifying Credential Collectors and Related Forms for Authentication
17-29 Location of Oracle-provided LDIFs for LDAP Providers
17-30 Key Password Attributes in a Password Policy
17-31 User Password Step Details
17-32 Resource Webgate Support of POST Data Preservation and Restoration
17-33 Credential Collector Support for POST Data Handling
17-34 Authentication Schemes Supporting POST Data Handling
17-35 Parameters Required for Authentication POST Data Handling
17-36 ECC and DCC: Long URL Handling
17-37 Authentication Schemes Supporting Long URL Handling
17-38 Parameters Required for Long URL Handling
18-1 Resource Definition Elements
18-2 HTTP Resources Sample URL Values
18-3 Supported Wildcards in Resource URL Patterns (Precedence Order)
18-4 Sample Resource URLs
18-5 Pattern Matching for Requested URLs
18-6 Query String Matching: Examples
18-7 Resource Evaluation Outcomes
18-8 Search Elements for a Resource in an Application Domain
18-9 Authentication Policy Elements and Descriptions
18-10 Authorization Policy Elements and Descriptions
18-11 Response Elements
18-12 Namespace Request Variables for Single Sign-On
18-13 Namespace Session Variables for Single Sign-On
18-14 Namespace User Variables
18-15 Simple Responses and Descriptions
18-16 Complex Responses
18-17 Fresh OSSO Installation: Protected Policy Response (Header)
18-18 Authorization Policy Condition Tab
18-19 Add Condition Window Elements
18-20 Add identities Elements
18-21 Add Search Filter Elements
18-22 LDAP Search Filter Examples for Access Manager
18-23 Temporal Condition Details
18-24 Access Conditions that Require Attribute-Type Conditions
18-25 Attribute Condition Elements
18-26 Attribute Names for Request Built-ins
18-27 Attribute Names for Session Built-ins
18-28 Attribute Condition Data (Aggregation of Conditions)
18-29 Authorization Policy Rules Elements
18-30 Rule Tab in Expression Mode
18-31 Operators for Expressions in Authorization Rules
18-32 Remote Policy Management Modes, Templates, and Flags
18-33 Remote Management Template Elements
19-1 User Interactions: Tester Console Mode versus Command Line Mode Operations
19-2 Access Tester Supported System Properties
19-3 Access Tester Console Panels
19-4 Command Buttons in Access Tester Panels
19-5 Additional Access Tester Buttons
19-6 Access Tester Menus
19-7 Connection Panel Information
19-8 Protected Resource URI Panel Fields and Controls
19-9 Access Tester User Identity Panel Fields and Controls
19-10 Access Tester Capture Request Options
19-11 Generate Script Command
19-12 Test Script Control Parameters
19-13 Run Test Script Commands
19-14 Mismatched Results Reasons in the Statistics Document
20-1 Centralized Logout Circumstances
20-2 Logout Details After Registration (ObAccessClient.xml)
21-1 Features: OpenSSO Agents with Access Manager
21-2 OpenSSO Policy Migration
21-3 OpenSSO Reliance on Access Manager
21-4 Access Manager Processing with OpenSSO
21-5 Elements on the New OpenSSO Agent Page
21-6 Relocating OpenSSO Artifacts
21-7 Expanded OpenSSO Agent Registration Elements
21-8 OpenSSO Request Files for Remote Registration
21-9 OpenSSO Agent Remote Registration Request
21-10 J2EE Request File Mappings to the Properties File
21-11 Mapping the Web Request File to the Properties File
21-12 Delta: OpenSSO Remote Registration versus Remote Updates
21-13 Other OpenSSO Information in this Guide
22-1 OSSO Agents with Access Manager
22-2 11g Access Manager SSO versus OSSO 10g Component Summary
22-3 Create OSSO Agent Page Elements
22-4 Relocating OSSO Artifacts
22-5 Expanded OSSO Agent Elements
22-6 OpenSSO Request Files for Remote Registration
22-7 OSSO-Specific Elements in a Remote Registration Request
22-8 Delta: OSSO Remote Registration versus Remote Updates
22-9 Other OSSO Information in this Guide
23-1 Installation Comparison with 10g Webgates
23-2 Comparison: Access Manager 11g versus 10g
23-3 Comparing Access Manager 11g Policy Model versus 10g
23-4 Preparing for 10g Webgate Installation with Access Manager 11g
23-5 Sample end_url Parameter Specifications
26-1 IIS 7 Webgate Windows Server 2008
28-1 Supported Protocols
28-2 Identity Federation Configuration in Oracle Access Management Console
28-3 Integration of Identity Federation and Access Manager 11g Release 2 (11.1.2.1)
29-1 Identity Provider Partner Settings
29-2 Attributes for Google OpenID Partner
29-3 Attributes for Yahoo OpenID Partner
29-4 Elements Used for IdP Provider Search
30-1 Federation Settings in the Console
30-2 General Federation Settings
30-3 Federation Proxy Settings
30-4 Keystore Settings for Federation
31-1 FederationScheme Element Definitions
31-2 FederationPlugin Steps
31-3 Orchestration of FederationPlugin
31-4 OIFScheme Definition
31-5 OIFMTLDAPPlugin Steps
31-6 Policy Response Elements
33-1 Security Token Service Settings
33-2 Configuring a Non-Oracle WSM Client for WSS Kerberos Policies
34-1 Security Token Service Public Keys Used at Run Time
34-2 Keystore Mbeans
34-3 Partner Keys for WS-Trust Communications
34-4 Conditions for Security Token Service Certificate Validation
34-5 Successful Certificate Validation Requirements
35-1 Search Validation Template
35-2 Issuance Template Requirements
35-3 Issuance Template: General Details
35-4 Issuance Properties: Username Token Type
35-5 Issuance Properties: SAML Token Types
35-6 Security Details: SAML Tokens
35-7 Issuance Template: Attribute Mapping, SAML Token
35-8 Validation Template Protocols
35-9 New Validation Template: General Details
35-10 New Validation Template: Authentication Details
35-11 New Validation Template: Token Mapping
35-12 Endpoints Page
35-13 Conditions tab: Token Issuance Policy
35-14 New Custom Token Elements
35-15 Custom Tokens Search Elements and Controls
36-1 Security Token Service Partners
36-2 Security Token Service Clients
36-3 Security Token Service Partner Entry
36-4 Security Token Service Partner Profile Data
36-5 Partner Elements for Partner Types
36-6 Elements for Security Token Service Partners
36-7 Profile: General
36-8 Requester Profile: Token and Attributes
36-9 Relying Party Profile Requirements
36-10 Token and Attributes Elements: Issuing Authority
36-11 Issuing Authority Token Mapping Elements
38-1 Features in Mobile and Social Based on the Companion Services Installed
38-2 Pre-configured Mobile and Non-Mobile Authentication Service Providers
38-3 Android, iOS, and Java Features of Mobile and Social Mobile Services Client SDK
38-4 Token Requirements for the Mobile and Social Server
38-5 Identity Providers That Mobile and Social Natively Supports
39-1 Pre-configured Authentication Service Providers
39-2 Access Manager Authentication Service Provider Default Attributes
39-3 WebGate Agent for Authentication Service Provider Default Attributes
39-4 JWT Authentication Service Provider Default Attributes
39-5 The JWT-OAM Authentication Token Service Providers
39-6 JWT-OAM Authentication Service Provider Default Attributes
39-7 Access Manager Authorization Service Provider Default Attributes
39-8 WebGate Agent for Authorization Service Provider Default Attributes
39-9 User Profile Service Provider Default Attribute Names and Values
39-10 Authentication Service Profile Default General Properties
39-11 Token Support and URI Category Information Default Properties
39-12 Authorization Service Profile Default General Properties
39-13 User Profile Service Profile Default General Properties
39-14 Security Handler Plug-in General Properties
39-15 Application Profile General Properties
39-16 Service Domain General Properties
39-17 Application Profile Selection Properties
39-18 Service Profile Selection Properties
39-19 User Profile Service Protection Properties
39-20 Authorization Service Protection Properties
39-21
39-22 OAAM Policies Supported By Mobile and Social
39-23 Mapping Terms Between OAAM and Mobile and Social
40-1 OpenID Protocol Attributes
40-2 OAuth Protocol Attributes
40-3 User Attributes Returned By Google
40-4 User Attributes Returned By Yahoo
40-5 User Profile Attributes Returned By Foursquare
40-6 User Profile Attributes Returned By Windows Live
40-7 Service Provider Interface Information Properties
40-8 Account Linking Properties
41-1 Attribute Settings for an Oracle Access Manager 11gR1 PS1 Authentication Service Provider
42-1 Identity Context Schema Attributes
42-2 Mapping Identity Context Operations
43-1 Access Manager Support for RSA Features
43-2 RSA Features Not Supported
43-3 Installation and Configuration Guidelines
44-1 Sample Naming
45-1 JBoss Agent Composition
46-1 Access Manager Component Requirements
46-2 Microsoft Requirements for this Integration
46-3 Create Web Application Options for Microsoft SharePoint Server
46-4 Create a Web Application to Host a Site Collection for SharePoint Server
47-1 Requirements for Impersonation with a Header Variable
49-1 Login Module Stacks for using Header Variables
A-1 addOAMSSOProvider Command-line Arguments
B-1 Languages for Localized Messages
C-1 importcert Command Syntax
D-1 Comparing IAMSuiteAgent with 11g and 10g Webgates
Scripting on this page enhances content navigation, but does not change the content in any way.