3/83
List of Figures
1-1 Oracle Access Management Overview
1-2 Access Manager 11g Components and Services
1-3 Access Manager 11g Component Distribution
2-1 Default Oracle Access Management Console Log In Page
2-2 Signing Out of the Oracle Access Management Console
2-3 Oracle Access Management Console Launch Pad
2-4 Tabs of Open Content Pages
2-5 SSO Agent Search Page
3-1 Oracle Access Management Configuration Options
3-2 Available Services
3-3 Common Settings Page (Collapsed View)
3-4 Common Coherence Settings
3-5 Certificate Revocation List Dialog Box
3-6 OCSP/CDP Settings
5-1 Creating User Identity Store Registration
5-2 System Store Registration
5-3 Identity Directory Service Console Page
5-4 Create IDS Profile Page
5-5 Create IDS Repository Page
5-6 Common Settings: Default and System Identity Stores
5-7 System Store Registration with Access System Administrators Section
5-8 Add System Administrator Roles
6-1 OAM Server Registration Page with Proxy Tab Displayed
6-2 Coherence Page and Values for an Individual OAM Server
7-1 Multi-Data Center System Architecture
7-2 Active-Active Deployment Mode
7-3 Active-Active Mode Failover
7-4 Multi-Data Center Deployment
7-5 Requests Served By Different Data Centers
7-6 Logout and Session Invalidation
7-7 Active-Active Topology
7-8 Active-Active Topology Across Multiple Data Centers
7-9 Load Balancing Access Manager Components
7-10 Global Load Balancer Front Ends Local Load Balancer
7-11 Automated Policy Synchronization Flow
9-1 Audit to Database Architecture
9-2 Common Settings: Auditing Configuration
10-1 Log-Level Activation in the Default Log Configuration File
12-1 Server Processes Overview Page
12-2 OAM Server Metrics: Session Operations Monitoring Page
12-3 OAM Server Metrics: Server Operations Tab
12-4 OAM Server Metrics: OAM Agents Tab
12-5 OAM Agent Metrics: Monitoring Characteristics
12-6 OAM Agent Metrics: Detached Connectivity Table
12-7 OAM Agent Metrics: Detached Operations Overview Table
12-8 OAM Agent Metrics: Detached Operations Detail Table
12-9 OAM Agent Metrics: Detached Information Table
12-10 OSSO Agent Monitoring Page with Operation Details
12-11 OSSO Agent Monitoring Process Overview Table
12-12 OSSO Agent Information Table
13-1 Fusion Middleware Control (AS-Control) Deployment Architecture
13-2 OAM Farm Page in Fusion Middleware Control
13-3 Farm Navigation Tree in Fusion Middleware Control
13-4 Node Information Page in Fusion Middleware Control
13-5 Application Deployment Summary for the Selected Internal Application
13-6 Application Deployment Menu
13-7 WebLogic Server Domain Summary with Context Menu Exposed
13-8 Cluster Page
13-9 Key Metrics for Server Pages
13-10 Aggregated Access Manager Component Metrics for the Cluster
13-11 Access Manager Component Metrics for a Single OAM Server Instance
13-12 Aggregated STS Component Metrics for the Cluster
13-13 STS Component Metrics for an Individual OAM Server Instance
13-14 Performance Summary Command
13-15 Performance Summary Page with Metric Palette
13-16 Access Manager Log Levels on the Log Configuration Tab
13-17 Log Levels for Security Token Service
13-18 Log Files Configuration Page
13-19 Typical Log Messages Page in Fusion Middleware Control
13-20 System MBean Browser and Attributes Tab
13-21 Routing Topology with Context Menu
14-1 Access Manager Settings: Load Balancer
14-2 Access Manager Settings: Server Error Mode
14-3 Access Manager Settings: SSO
14-4 Common Policy Evaluation Caches
16-1 Create OAM 11g WebGate Page
16-2 Load Balanced Deployment
16-3 Confirmation Window and Expanded 11g WebGate Page with Defaults
16-4 WebGate Search Controls and Create ... Buttons
16-5 Key Generation
17-1 Session Data and the Role of Oracle Coherence
17-2 Global Session Details: Common Settings Page
17-3 Common Configuration: Session Management Page
18-1 Access Manager 11g Policy Model
18-2 Access Manager Shared Policy Components
18-3 Anatomy of Access Manager Policies
18-4 SSO Log-in with Embedded Credential Collector and OAM Agents
18-5 Example: Separate Resource Webgate and DCC Webgate Deployment
18-6 Combined DCC and Webgate Configuration
18-7 SSO Login Processing with OSSO Agents and ECC
19-1 Default HTTP Resource Type Definition
19-2 Default Resource Type wl_authen
19-3 Default Resource Type TokenServiceRP Resource Type
19-4 Host Identifier Page
19-5 Native Kerberos Authentication Module
19-6 Native LDAP Authentication Module
19-7 Native X509 Authentication Module
19-8 Access Manager Plug-ins for Customized Authentication Modules
19-9 Creating Custom Authentication Modules: General
19-10 Adding a Step and Associating a Plug-in
19-11 Plug-in Based Authentication Module Steps and Details
19-12 Steps Orchestration for Plug-in Based Authentication Modules
19-13 Oracle-provided Plug-in Based Authentication Modules
19-14 KerberosPlugin
19-15 Default KerberosPlugin Steps and Details
19-16 Default KerberosPlugin Steps and Orchestration
19-17 LDAPPlugin
19-18 Default LDAPPlugin Steps and Details
19-19 Default Orchestration of Steps for LDAPplugin
19-20 X509Plugin
19-21 X509Plugin Default Steps and Details
19-22 Default Orchestration for X509Plugin Steps
19-23 Password Policy Validation Module Plug-ins
19-24 Steps Orchestration: Password Policy Validation Plug-ins
19-25 StandardLevelCheck-2 and SensitiveLevelCheck-6 Modules
19-26 Plug-ins Page
19-27 Plugin Details: Activation Status of Selected Plug-in
19-28 Default LDAPScheme Page
19-29 Password Policy Configuration Page
19-30 Default Store with New Administrator Designated
19-31 Password Policy Validation Authentication Module with Orchestrated Plug-ins
19-32 Step Orchestration for Password Policy Validation Module
19-33 Sample ECC PasswordPolicyValidationScheme
19-34 Sample DCC PasswordPolicyValidationScheme
19-35 Server Error Mode for Password Management
19-36 Creating an OAuth Web Client
20-1 Application Domains Search Page
20-2 Application Domain Page for Acme Application
20-3 Search Results for Resources in an Application Domain
20-4 Authentication Policies Tab
20-5 Authentication Policy Page: Resources and Responses
20-6 Authorization Policies Page
20-7 Individual Authorization Policy Page
20-8 Individual Authorization Policy Resources tab
20-9 Token Issuance Policies Page
20-10 Create Application Domain
20-11 Adding a Resource Prefix for Policy Ordering
20-12 Fresh Resources (Definition) Page in the Application Domain
20-13 HTTP Resources, Query String Resource URL Controls
20-14 Sample Resource Definitions Search within an Application Domain
20-15 Sample Search Results for Resource Definitions in an Application Domain
20-16 Sample Authentication Policies Page in the Application Domain
20-17 Sample Individual Authentication Policy Page
20-18 Sample Individual Authorization Policy Page
20-19 Authorization Policies Page
20-20 Authorization Policy Response in the Console
20-21 Simple Response Samples
20-22 Complex Response Sample
20-23 Individual Authorization Policy Conditions Tab
20-24 Add Condition Window
20-25 Condition Containers on the Authorization Policy Page
20-26 Add Identities Window
20-27 Identity Condition and Details
20-28 Add Search Filter Controls
20-29 Identity Conditions: Details
20-30 IP4 Range Conditions
20-31 Temporal Condition Type Details Page
20-32 Attribute Conditions Page
20-33 Add Attributes Dialog
20-34 Authorization Policy Rules Tab: Simple Mode
20-35 Rules Tab: Expression Rule Mode
21-1 OAM Agent (PEP) and OAM Server (PDP) Inter-operability
21-2 User Interactions with the Access Tester
21-3 Access Tester Console
21-4 Server Connection Panel in the Access Tester
21-5 Protected Resource URI Panel in the Access Tester
21-6 Access Tester User Identity Panel
21-7 Test Case Workflow
23-1 Typical Deployment with OpenSSO and Access Manager
23-2 New OpenSSO Agent Page
23-3 Expanded OpenSSO Web Agent Registration Page
23-4 Expanded OpenSSO J2EE Agent Registration Page
24-1 Create OSSO Agent Page
24-2 OSSO Agent Page and Confirmation Window
30-1 Available Services Page
31-1 New Identity Provider Page, Service Details Loaded from Metadata
31-2 New Identity Provider Page, Service Details entered Manually
31-3 Searching for Identity Providers
31-4 Updating an Identity Provider
31-5 Attribute Sharing Plug-in Design
32-1 Identity Federation Service Settings Page
32-2 General Section of Federation Settings Page
32-3 Federation Proxy Settings
32-4 Keystore Settings
33-1 FederationScheme
33-2 FederationPlugin
33-3 FederationPlugin Orchestration
33-4 Setting Up the Authentication Policy with FederationScheme
33-5 OIFScheme
33-6 OIFMTLDAPPlugin
33-7 Authorization Policy Response Tab
33-8 Adding a Federation Response Attribute to an AuthZ Policy
34-1 Security Token Service Architecture
34-2 Security Token Service Token Support
34-3 Token Translation at a Centralized Authority
34-4 Translating Tokens Behind a Firewall
34-5 Web Services SSO
35-1 Typical Token Ecosystem
35-2 Identity Propagation with the OAM Token
35-3 Process Flow During Identity Propagation
35-4 Identity Propagation Deployment
35-5 Identity Propagation Processing
35-6 Required v1.0 WebLogic Server Identity Assertion Providers
35-7 IAP-Security Token Service Details
35-8 LDAP Provider: IAP-DSEE
35-9 Default Identity Store Defined in Access Manager
35-10 Token Issuance Policy for Identity Propagation
35-11 /wssuser Endpoint for Identity Assertion
35-12 Default Identity Store Defined for Access Manager
35-13 Token Issuance Policy for Identity Propagation
35-14 /wss11user Endpoint for Identity Assertion
36-1 Default Endpoints, Policies, and Validation Templates
36-2 WS-Security 1.0 and 1.1 Policies
36-3 Available Services Panel
36-4 Security Token Service Page
38-1 Validation Templates Search Controls
38-2 Issuance Template Search Controls
38-3 Issuance Template: General Details and Defaults
38-4 Issuance Properties: Username Token Type
38-5 Issuance Properties: SAML Token Types
38-6 Security Details: SAML Tokens
38-7 New Validation Template page: General Page Defaults
38-8 New Validation Template: General Authentication Details
38-9 Token Mapping: SAML2 WS-Security Validation Template
38-10 Token Mapping, username-wstrust-validation-template
38-11 Token Mapping: x509-wss-validation-template
38-12 Endpoints Page
38-13 Token Issuance Policies and Conditions
38-14 Pre-defined Resource Type: TokenServiceRP
38-15 Search: Resource Type TokenServiceRP in Application Domain
38-16 New Custom Token Page
38-17 Custom Token Definition: email
38-18 Custom Tokens Search Page and Controls
38-19 General Details: email-wstrust-valid-temp
38-20 Token Mapping: email-wstrust-valid-temp
38-21 General Details: email-issuance-temp
38-22 Issuance Properties: email-issuance-temp
39-1 New Requester Partner Page
39-2 New Relying Party Partners Page
39-3 Defined Requester Partner
39-4 Partner Search Controls
39-5 Requester Profile: General
39-6 Requester Profile: Token and Attributes
39-7 Relying Party Profile Token and Attributes
39-8 Token and Attributes: Issuing Authority
39-9 Issuing Authority Profile: Token Mapping Tab
39-10 Search Profiles Page: Requester
41-1 First Time Device/Application Registration and Authentication Process
41-2 Mobile SSO Agent Requests Access Token from Access Manager
41-3 Mobile SSO Agent Has Valid Access Token in Credential Store
41-4 Mobile SSO Agent Does Not Have Valid Access Token in Credential Store
41-5 User Authentication Using REST
41-6 Authenticating User From Browser-based Web App on Registered Mobile Device
41-7
41-8 Authenticating a Returning User with a Local Account
41-9 Authenticating a New User with No Local Account
41-10 Authenticating a User With an OAuth Identity Provider
41-11 Authenticating a User with Access Manager
41-12 Authenticating a User Locally
42-1 Using ODSM to create the PIN attribute in OUD
42-2 Using ODSM to create the pinperson object class
42-3 Using the OAM Console to create an IdentityStore
43-1 Social Identity Account Linking
45-1 OAuth 3-Legged Flow Diagram
45-2 Using a Split Request to get a Client Verification Code
45-3 The Complete Mobile App Authorization Request Flow
47-1 Password Generation Policies Search/Create Tab
47-2 Password Generation Policies Search Results
47-3 New Password Generation Policy Summary Tab
47-4 Password Constraints Tab of a Password Generation Policy
47-5 Add Applications Dialog
47-6 Add Applications Dialog Search Results
47-7 Credential Sharing Groups Search Results
47-8 New Credential Sharing Group Page
47-9 Add Applications Dialog
47-10 Add Applications Dialog Search Results
47-11 Global Agent Settings Search Results
47-12 Import Global Agent Settings Dialog
47-13 New Global Agent Settings Page
48-1 End to End Identity Context Process
48-2 End To End Identity Context Process Components
48-3 Identity Context Process Flow
48-4 OAM Authentication Provider Configuration
50-1 Steps After Creation
50-2 Steps After Orchestration
51-1 Various Clients Deployed on JBoss Application Server
51-2 JBoss Agent Deployed with an Oracle HTTP Server Webgate
51-3 Sample Integration Topology
52-1 Setting up a Trusted User Account for Windows Impersonation
52-2 Configuring Rights for the Trusted User in Windows Impersonation
52-3 Registering the Impersonation Module
52-4 Verifying Event Viewer Settings
52-5 Impersonation Authentication
53-1 Setting up a Trusted User Account for Windows Impersonation
53-2 Configuring Rights for the Trusted User in Windows Impersonation
53-3 Sample Webgate Registration Page
53-4 Impersonation Response in An Application Domain
53-5 Verifying Event Viewer Settings
53-6 Webgate Registration Page
53-7 Impersonation Authentication
C-1 Communication Channels for OAM Servers and WebGates
D-1 IAMSuiteAgent Settings in the WebLogic Administration Console
D-2 IAMSuiteAgent Registration
D-3 Resources Protected by the IAMSuiteAgent
D-4 IAMSuite Authentication Policy: OAM Admin Console Policy
D-5 Protected HigherLevel Policy: Authentication, LDAP Scheme
D-6 Protected LowerLevel Policy: Authentication, OIMScheme
D-7 Public Policy: Authentication, AnonymousSheme
D-8 IAM Suite Authorization Policy
D-9 IAM Suite Token Issuance Policy and Resource URLs
D-10 Generated Authentication Module: OpenSSOAgentAuthPlugin
D-11 Generated Host Identifier: OpenSSOAgent
D-12 Generated Application Domain: OpenSSOAgent
D-13 Application Domain Resources: OpenSSOAgent
D-14 Generated Authentication Policy: OpenSSOAgent Application Domain
D-15 Generated Authorization Policy: OpenSSOAgent Application Domain
D-16 Migrated User Identity Store: OpenSSO
D-17 Migrated Agent: OpenSSO
D-18 Migrated Authentication Module: OpenSSO
D-19 Migrated Host Identifier: OpenSSO
D-20 Migrated Application Domain: OpenSSO
D-21 Migrated Resources: OpenSSO
D-22 Migrated Authentication Policy: OpenSSO
D-23 Migrated Authorization Policy2 Condition: OpenSSO
D-24 Migrated Authorization Policy2: IP Condition Details
Scripting on this page enhances content navigation, but does not change the content in any way.