4/83
List of Tables
1-1 Access Manager Deployment Types
1-2 Features in Access Manager 11.1.2
1-3 Features Not Available In Access Manager 11.1.2
1-4 Oracle Access Management Post-Installation Tasks
2-1 Welcome Page Sections and Shortcuts
2-2 Controls for Closing Pages
2-3 Page Elements and Descriptions
2-4 Selection Tasks and Controls
2-5 Language Codes For Login Pages
2-6 Oracle Access Management Language Selection Methods
2-7 OAM_LANG_PREF Cookie
2-8 Application Integration for Language Preference
3-1 Configuration Options
3-2 Common Services
3-3 Common Settings
3-4 Common Coherence Settings
3-5
4-1 Roles for Delegating Adminisration
5-1 Data Sources for Oracle Access Management
5-2 Data Sources for Oracle Access Management Services
5-3 User Identity Store Elements
5-4 Access Manager Keys and Storage
5-5 Keystores for Access Manager and Security Token Service
6-1 Conditions Requiring Server Restart
6-2 OAM Server Instance Settings
6-3 OAM Proxy Settings for an Individual OAM Server
6-4 Default Coherence Settings for Individual OAM Servers
7-1 Automated Policy Synchronization - States of Replica
7-2 Multi-Data Center Policy Configurations for Idle Timeout
7-3 Session Synchronization and Failover Scenarios
7-4 oamMDC.properties Properties
7-5 partnerInfo.properties Properties
8-1 Logging Files
8-2 Logging Defaults
8-3 Oracle Access Management Server-Side Component Loggers
8-4 Oracle Access Management Shared-Service Engine Component Loggers
8-5 Oracle Access Management Foundation API Component Loggers
8-6 Mapping of ODL to Java Levels
8-7 Oracle Security Token Service and Identity Federation Loggers
9-1 Oracle Business Intelligence Enterprise Edition Reports for OAM
9-2 Access Manager Administrative Audit Events
9-3 Access Manager Run-time Audit Events
9-4 REST Run-Time Audit Events
9-5 Mobile and Social Run-Time Audit Events
9-6 Categories of Audit Events for Identity Federation
9-7 Identity Federation Session Management Events
9-8 Protocol Flow Events for Identity Federation
9-9 Server Configuration Identity Federation
9-10 Security Events for Identity Federation
9-11 Security Token Service Configuration Management Operations
9-12 Security Token Service-specific Run-time Events
9-13 Audit Configuration Elements
10-1 Logging Levels
10-2 Log Configuration File Names for Components
10-3 Log Writers
10-4 Global Parameters in the First Compound List
10-5 Factors that Determine Whether Logging Is Active
10-6 Mandatory Log Configuration File Parameters
10-7 Log Data File Configuration Parameters
10-8 ParamName Values You Can Configure for Per-Module Logging Threshold
11-1 Accounts_Locked_Out Report Fields
11-2 Authentication_statistics Report Fields
11-3 AuthenticationFromIPByUser Report Fields
11-4 AuthenticationPerIP Report Fields
11-5 AuthenticationStatisticsPerServer Report Fields
11-6 All Errors and Exceptions Report Fields
11-7 Authentication Failures Report Fields
11-8 Authentication History Report Fields
11-9 Authorization History Report Fields
11-10 Multiple Logins From Same IP Report Fields
12-1 OAM Server Metrics: Server Processes Overview Tab
12-2 OAM Server Metrics: Session Operations
12-3 OAM Server Metrics: Server Operations Tab
12-4 OAM Proxy Metrics
12-5 OAM Proxy Tuning Parameters
12-6 OpenSSO Proxy Server Events
12-7 OpenSSO Proxy Metrics: Server
12-8 OpenSSO Proxy Metrics: Agent
13-1 Farm Page Sections
13-2 Resulting Pages for Selected Nodes and Targets
13-3 Summary of Performance Overviews in Fusion Middleware Control
13-4 Access Manager Component Metrics
13-5 STS Component-Specific Metrics
13-6 Status and Controls on Performance Summary Pages
13-7 OAM Log Availability and Functions in Fusion Middleware Control
13-8 Log Levels Tab on Log Configuration Page
13-9 Log Files Elements
13-10 OAM Log Message Search Controls in Fusion Middleware Control
13-11 System MBean Browser
13-12 MBeans that Access Manager and Security Token Service Deploy
13-13 System MBean Browser
13-14 Farm Topology
14-1 Access Manager Settings: Load Balancer
14-2 Server Error Mode
14-3 Error Trigger Condition, Modes, and Message Codes
14-4 External Error Codes, Trigger Conditions, and Recommended Messages
14-5 Access Manager Settings: SSO
14-6 Summary: Simple and Cert Mode
14-7 Server Common OAM Proxy Secure Communication Settings
14-8 Policy Evaluation Caches
15-1 Agent Types
15-2 Agent Registration and SSO Support
15-3 Run Time Processing Overview for Access Manager
15-4 Keys and Policies Generated During Agent Registration
15-5 Artifacts Associated with Agent Registration
15-6 Copying Generated Artifacts
15-7 Remote Registration Methods
15-8 Remote Registration Does Not Support
15-9 Agent Registration and Configuration Update Artifacts
16-1 Elements on Create Pages for 11g and 10g OAM Agents
16-2 User-Defined WebGate Parameters
16-3 Elements on Expanded 11g and 10g WebGate/Access Client Registration Pages
16-4 OAM Agent Search Controls
16-5 Environment Variables to Set within oamreg
16-6 Remote Registration Command Arguments: mode
16-7 Remote Registration Command Samples
16-8 Common Elements in Remote Registration Requests
16-9 Remote Registration Request Templates for OAM Agents
16-10 Elements in Extended OAM Agent Remote Registration Requests
16-11 Variables Required for Remote Registration
16-12 Files Returned by in-band Administrator to out-of-band Administrator
16-13 Remote Agent Update Modes and Input Files
16-14 Delta: OAM Agent Update versus Registration Request
17-1 Session Lifecycle States
17-2 Session Checks for State Changes
17-3 Session Removal
17-4 Application Domain-Specific Overrides
17-5 Session Content: Single Authentication Scheme
17-6 Session Outcomes: Multiple Authentication Schemes
17-7 Global Session Settings
17-8 Application-Specific Session Timing Overrides
17-9 Session Management Controls and the Results Table
18-1 Summary: SSO Components
18-2 Introduction to SSO Implementations
18-3 Access Manager Global, Shared Policy Components
18-4 Access Manager Policy Components
18-5 Condition Types
18-6 Login Processing with Access Manager-Protected Resources
18-7 DCC Deployment Support
18-8 SSO Cookies
19-1 Comparison: Resource Types for Access Manager versus 10g
19-2 Resource Type Definition
19-3 Host Identifiers Examples
19-4 Host Identifier Definition
19-5 Comparing the DCC and ECC
19-6 Native Authentication Modules
19-7 Native Kerberos Authentication Module Definition
19-8 Native LDAP Authentication Modules Definition
19-9 X509 Authentication Module Definition
19-10 Simple Form versus Multi-Step Authentication
19-11 General tab
19-12 Add New Step Entries, Steps Results Table, and Details Section
19-13 Parameter Details for Various Plug-ins
19-14 Steps Orchestration Subtab
19-15 X509 Step Details (KEY_CERTIFICATE_ATTRIBUTE_TO_EXTRACT)
19-16 Steps and Plug-ins in a Customized Step-up Authentication Module
19-17 Managing Custom Plug-ins Actions
19-18 Plugins Status Table
19-19 Example of Plugin Details Extracted from XML Metadata File
19-20 Authentication Scheme Definition
19-21 Pre-configured Authentication Schemes
19-22 Challenge Parameters in Pre-configured Schemes
19-23 User-Defined Challenge Parameters for Authentication Schemes
19-24 Advanced Rules Attributes
19-25 Request Context Data
19-26 Location Context Data
19-27 Session Context Data
19-28 User Context Data
19-29 Sample Advanced Rules
19-30 Challenge Parameters for 10g/11g Encrypted Cookies
19-31 Credential Collector Password Pages
19-32 Password Management Forms and Functions
19-33 Password Policy Elements
19-34 Specifying Credential Collectors and Related Forms for Authentication
19-35 Location of Oracle-provided LDIFs for LDAP Providers
19-36 Key Password Attributes in a Password Policy
19-37 User Password Step Details
19-38 Resource Webgate Support of POST Data Preservation and Restoration
19-39 Credential Collector Support for POST Data Handling
19-40 Authentication Schemes Supporting POST Data Handling
19-41 Parameters Required for Authentication POST Data Handling
19-42 ECC and DCC: Long URL Handling
19-43 Authentication Schemes Supporting Long URL Handling
19-44 Parameters Required for Long URL Handling
20-1 Resource Definition Elements
20-2 HTTP Resources Sample URL Values
20-3 Supported Wildcards in Resource URL Patterns (Precedence Order)
20-4 Sample Resource URLs
20-5 Pattern Matching for Requested URLs
20-6 Query String Matching: Examples
20-7 Resource Evaluation Outcomes
20-8 Search Elements for a Resource in an Application Domain
20-9 Authentication Policy Elements and Descriptions
20-10 Authorization Policy Elements and Descriptions
20-11 Response Elements
20-12 Namespace Request Variables for Single Sign-On
20-13 Namespace Session Variables for Single Sign-On
20-14 Namespace User Variables
20-15 Simple Responses and Descriptions
20-16 Complex Responses
20-17 Fresh OSSO Installation: Protected Policy Response (Header)
20-18 Authorization Policy Condition Tab
20-19 Add Condition Window Elements
20-20 Add identities Elements
20-21 Add Search Filter Elements
20-22 LDAP Search Filter Examples for Access Manager
20-23 Temporal Condition Details
20-24 Access Conditions that Require Attribute-Type Conditions
20-25 Attribute Condition Elements
20-26 Attribute Names for Request Built-ins
20-27 Attribute Names for Session Built-ins
20-28 Attribute Condition Data (Aggregation of Conditions)
20-29 Authorization Policy Rules Elements
20-30 Rule Tab in Expression Mode
20-31 Operators for Expressions in Authorization Rules
20-32 Remote Policy Management Modes, Templates, and Flags
20-33 Remote Management Template Elements
21-1 User Interactions: Tester Console Mode versus Command Line Mode Operations
21-2 Access Tester Supported System Properties
21-3 Access Tester Console Panels
21-4 Command Buttons in Access Tester Panels
21-5 Additional Access Tester Buttons
21-6 Access Tester Menus
21-7 Connection Panel Information
21-8 Protected Resource URI Panel Fields and Controls
21-9 Access Tester User Identity Panel Fields and Controls
21-10 Access Tester Capture Request Options
21-11 Generate Script Command
21-12 Test Script Control Parameters
21-13 Run Test Script Commands
21-14 Mismatched Results Reasons in the Statistics Document
22-1 Centralized Logout Circumstances
22-2 Logout Details After Registration (ObAccessClient.xml)
23-1 Features: OpenSSO Agents with Access Manager
23-2 OpenSSO Policy Migration
23-3 OpenSSO Reliance on Access Manager
23-4 Access Manager Processing with OpenSSO
23-5 Elements on the New OpenSSO Agent Page
23-6 Relocating OpenSSO Artifacts
23-7 Expanded OpenSSO Agent Registration Elements
23-8 OpenSSO Request Files for Remote Registration
23-9 OpenSSO Agent Remote Registration Request
23-10 J2EE Request File Mappings to the Properties File
23-11 Mapping the Web Request File to the Properties File
23-12 Delta: OpenSSO Remote Registration versus Remote Updates
23-13 Other OpenSSO Information in this Guide
24-1 OSSO Agents with Access Manager
24-2 11g Access Manager SSO versus OSSO 10g Component Summary
24-3 Create OSSO Agent Page Elements
24-4 Relocating OSSO Artifacts
24-5 Expanded OSSO Agent Elements
24-6 OpenSSO Request Files for Remote Registration
24-7 OSSO-Specific Elements in a Remote Registration Request
24-8 Delta: OSSO Remote Registration versus Remote Updates
24-9 Other OSSO Information in this Guide
25-1 Installation Comparison with 10g WebGates
25-2 Comparison: Access Manager 11g versus 10g
25-3 Comparing Access Manager 11g Policy Model versus 10g
25-4 Preparing for 10g WebGate Installation with Access Manager 11g
25-5 Sample end_url Parameter Specifications
28-1 IIS 7 Webgate Windows Server 2008
30-1 Supported SAML 2.0 NameID Formats
30-2 SAML 2.0 URLs for Identity Federation Acting As Identity Provider
30-3 SAML 2.0 URLs for Identity Federation Acting as Service Provider
30-4 Supported SAML 1.1 NameID Formats
30-5 SAML 1.1 URLs for Identity Federation Acting As Identity Provider
30-6 SAML 1.1 URL for Identity Federation Acting as Service Provider
30-7 OpenID 2.0 URLs for Identity Federation Acting As Identity Provider
30-8 OpenID 2.0 URLs for Identity Federation Acting as Service Provider
30-9 Configuring Identity Federation Settings
30-10 Implementing Identity Federation
31-1 Default Partner Profiles
31-2 Identity Provider Partner Settings
31-3 Attributes for Google OpenID Partner
31-4 Attributes for Yahoo OpenID Partner
31-5 Elements Used for IdP Provider Search
31-6 Service Provider Partner Settings
31-7 Sample SP Attribute Mappings
31-8 Attribute Mapping Value Expressions
31-9 Sample IdP Attribute Mappings
31-10 Default Federation Authentication Method and Access Manager Authentication Scheme Mappings
31-11 Configuration Parameters for Attribute Sharing Plug-in
31-12 Session Attributes Accessible To Attribute Sharing Plug-in
32-1 Federation Settings in the Console
32-2 General Federation Settings
32-3 Federation Proxy Settings
32-4 Keystore Settings for Federation
33-1 FederationScheme Element Definitions
33-2 FederationPlugin Steps
33-3 Orchestration of FederationPlugin
33-4 OIFScheme Definition
33-5 OIFMTLDAPPlugin Steps
33-6 Policy Response Elements
34-1 Security Token Service 11g Infrastructure
34-2 Security Token Service Terms
34-3 Integrated Oracle Web Services Manager
36-1 Security Token Service Settings
36-2 Configuring a Non-Oracle WSM Client for WSS Kerberos Policies
37-1 Security Token Service Public Keys Used at Run Time
37-2 Keystore Mbeans
37-3 Partner Keys for WS-Trust Communications
37-4 Conditions for Security Token Service Certificate Validation
37-5 Successful Certificate Validation Requirements
38-1 Search Validation Template
38-2 Issuance Template Requirements
38-3 Issuance Template: General Details
38-4 Issuance Properties: Username Token Type
38-5 Issuance Properties: SAML Token Types
38-6 Security Details: SAML Tokens
38-7 Issuance Template: Attribute Mapping, SAML Token
38-8 Validation Template Protocols
38-9 New Validation Template: General Details
38-10 New Validation Template: Authentication Details
38-11 New Validation Template: Token Mapping
38-12 Endpoints Page
38-13 Conditions tab: Token Issuance Policy
38-14 New Custom Token Elements
38-15 Custom Tokens Search Elements and Controls
39-1 Security Token Service Partners
39-2 Security Token Service Clients
39-3 Security Token Service Partner Entry
39-4 Security Token Service Partner Profile Data
39-5 Partner Elements for Partner Types
39-6 Elements for Security Token Service Partners
39-7 Profile: General
39-8 Requester Profile: Token and Attributes
39-9 Relying Party Profile Requirements
39-10 Token and Attributes Elements: Issuing Authority
39-11 Issuing Authority Token Mapping Elements
41-1 Features in Mobile and Social Based on the Companion Services Installed
41-2 Mobile and Non-Mobile Authentication Service Providers in Mobile Services
41-3 Android, iOS, and Java Features of Mobile and Social Mobile Services Client SDK
41-4 Token Requirements for the Mobile and Social Server
41-5 Identity Providers That Mobile and Social Natively Supports
42-1 Pre-configured Authentication Service Providers
42-2 Access Manager Authentication Service Provider Default Attributes
42-3 WebGate Agent for Authentication Service Provider Default Attributes
42-4 JWT Authentication Service Provider Default Attributes
42-5 JWT-OAM Authentication Service Provider Default Attributes
42-6 Access Manager Authorization Service Provider Default Attributes
42-7 WebGate Agent for Authorization Service Provider Default Attributes
42-8 User Profile Service Provider Default Attribute Names and Values
42-9 User Profile Service Provider Default Attribute Names and Values
42-10 Authentication Service Profile Default General Properties
42-11 Token Support and URI Category Information Default Properties
42-12 Authorization Service Profile Default General Properties
42-13 User Profile Service Profile Default General Properties
42-14 Security Handler Plug-in General Properties
42-15 Application Profile General Properties
42-16 Service Domain General Properties
42-17 Application Profile Selection Properties
42-18 Service Profile Selection Properties
42-19 User Profile Service Protection Properties
42-20 Authorization Service Protection Properties
42-21 OAAM Policies Supported By Mobile and Social
42-22 Mapping Terms Between OAAM and Mobile and Social
43-1 OpenID Protocol Attributes
43-2 OAuth Protocol Attributes
43-3 User Attributes Returned By Google
43-4 User Attributes Returned By Yahoo
43-5 User Profile Attributes Returned By Foursquare
43-6 User Profile Attributes Returned By Windows Live
43-7 Service Provider Interface Information Properties
43-8 Account Linking Properties
44-1 Attribute Settings for an Oracle Access Manager 11gR1 PS1 Authentication Service Provider
46-1 User Profile Resource Server - Resource Categories
46-2 User Profile Resource Server - Scope Settings
46-3 OAuth Service Profile Configuration Attributes
46-4 Mobile Client Attributes Names and Values
46-5 Web Client Attributes Names and Values
46-6 OAuth Service Provider Attributes for Access Manager
46-7 User Profile Service Attributes
46-8 OAuth Server Settings Attributes
46-9 Default OAuth JKS Keystore File and Settings File
48-1 Identity Context Schema Attributes
48-2 Mapping Identity Context Operations
49-1 Access Manager Support for RSA Features
49-2 RSA Features Not Supported
49-3 Installation and Configuration Guidelines
50-1 Sample Naming
50-2 ktpass Keytab Generation Parameter Descriptions
50-3 Values for Kerberos Authentication Module Steps
50-4 Steps Orchestration Order
50-5 Steps Parameter Values
50-6 Kerberos Authentication Scheme Parameter Values
50-7 Firefox Preferences for IWA
51-1 JBoss Agent Composition
52-1 Access Manager Component Requirements
52-2 Microsoft Requirements for this Integration
52-3 Create Web Application Options for Microsoft SharePoint Server
52-4 Create a Web Application to Host a Site Collection for SharePoint Server
53-1 Requirements for Impersonation with a Header Variable
55-1 Login Module Stacks for using Header Variables
55-2 Login Module Stacks for using Header Variables
56-1
56-2
56-3 Login Module Flags
A-1 addOAMSSOProvider Command-line Arguments
B-1 Languages for Localized Messages
C-1 importcert Command Syntax
D-1 Comparing IAMSuiteAgent with 11g and 10g Webgates
Scripting on this page enhances content navigation, but does not change the content in any way.