1/83
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in This Guide?
Product Enhancements for Oracle Access Management 11.1.2.2.0
Product Enhancements for Oracle Access Management 11.1.2.1.0
Product Enhancements in Oracle Access Management 11.1.2.0.0
Product and Component Name Changes with 11.1.2
Part I Introduction to Oracle Access Management
1
Introducing Oracle Access Management
1.1
Understanding Oracle Access Management Services
1.2
Using Oracle Access Management Access Manager
1.2.1
Architecting Access Manager
1.2.2
Deploying Access Manager
1.3
Features of Access Manager 11.1.2
1.3.1
Features In Access Manager 11.1.2
1.3.2
Features Not In Access Manager 11.1.2
1.4
System Requirements and Certification
1.5
Installing Oracle Access Management
1.5.1
About Oracle Access Management Installation
1.5.2
About Oracle Access Management Post-Installation Tasks
2
Getting Started with Oracle Access Management
2.1
Starting and Stopping Servers in Your Deployment
2.1.1
Starting Node Manager
2.1.2
Starting and Stopping WebLogic AdminServer
2.1.3
Starting and Stopping Managed WebLogic Servers and Access Manager Servers
2.2
Specifying the Oracle Access Management Console Administrator
2.3
Using the New Oracle Access Management Console
2.3.1
Logging In
2.3.2
Signing Out
2.3.3
Understanding the Controls
2.3.3.1
Using Tabs and the Launch Pad
2.3.3.2
Understanding the Elements on a Page
2.3.3.3
Selecting Controls in the Oracle Access Management Console
2.3.4
Accessing Online Help
2.3.5
Conducting A Search
2.4
Configuring with the Command-Line Tools
2.5
Logging, Auditing, Reporting and Monitoring Performance
2.6
Configuring Oracle Access Management Login Options
2.6.1
Choosing a User Login Language
2.6.1.1
Selecting A Language for Oracle Access Management Login
2.6.1.2
Understanding the Language Preference Cookie
2.6.1.3
Propagating Language Preference and Application Integration
2.6.1.4
Configuring Your Language Preference
2.6.2
Configuring Persistent Login
2.6.2.1
Enabling Persistent Login
2.6.2.2
Troubleshooting Persistent Login
Part II Managing Common and System Configurations
3
Managing Common Services and Certificate Validation
3.1
Configuring Oracle Access Management
3.2
Enabling or Disabling Available Services
3.3
Managing Common Settings
3.3.1
About Common Settings Pages
3.3.2
Managing Common Settings
3.3.3
Viewing Common Coherence Settings
3.4
Managing Certificate Validation and Revocation
3.4.1
Managing Certificate Revocation Lists
3.4.2
Enabling OCSP Certificate Validation
3.4.3
Enabling CRL Distribution Point Extensions
3.4.4
Additional OCSP Configurations
3.4.4.1
Using WLST to Configure HTTP Proxy
3.4.4.2
Configuring Multiple OCSP Responders
3.4.5
Using the configureOAMOSCSPCertValidation WLST Command
3.4.5.1
Description
3.4.5.2
Syntax
3.4.5.3
Examples
4
Delegating Administration
4.1
Understanding Delegated Administration
4.2
Defining the Administrator Roles
4.3
Delegating the Identity Store
4.4
Assigning Roles Using the Administration Console
4.5
Default Administrators, Roles and Groups
4.6
Using the Container Security Framework and MBeans
4.7
Using the Remote Registration Utility
4.8
Auditing Reports
5
Managing Data Sources
5.1
Introducing the Data Sources
5.1.1
About the oam-config.xml Configuration Data File
5.1.2
About the Default LDAP Group
5.2
Managing OAM Identity Stores
5.2.1
About User Identity Stores
5.2.2
Using Multiple Identity Stores
5.2.3
About the User Identity Store Registration Page
5.2.4
Registering a New User Identity Store
5.2.5
Viewing or Editing a User Identity Store Registration
5.2.6
Deleting a User Identity Store Registration
5.3
Managing the Identity Directory Service User Identity Stores
5.3.1
Using Identity Directory Services
5.3.2
Creating an Identity Directory Service Profile
5.3.3
Editing or Deleting an Identity Directory Service Profile
5.3.4
Creating a Form-fill Application Identity Directory Service Profile
5.3.5
Understanding the Pre-Configured Identity Directory Service Profile
5.3.6
Creating an Identity Directory Service Repository
5.4
Setting the Default Store and System Store
5.5
Managing the Administrators Role
5.5.1
About Managing the Administrator Role
5.5.2
Managing Administrator Roles
5.6
Managing the Policy and Session Database
5.6.1
About the Database Store for Policy, Password Management, and Sessions
5.6.2
About Database Deployment
5.6.3
Configuring a Separate Database for Access Manager Sessions
5.7
Introduction to Oracle Access Management Keystores
5.7.1
About Access Manager Security Keys and the Embedded Java Keystore
5.7.2
About Access Manager Keystores
5.7.3
About Identity Federation Keystore
5.8
Integrating a Supported LDAP Directory with Oracle Access Manager
6
Managing Server Registration
6.1
Prerequisites
6.2
Introduction to OAM Servers, Registration, and Management
6.2.1
About Individual OAM Server Registrations
6.2.2
About the Embedded Proxy Server and Backward Compatibility
6.2.3
About 11g SSO, Legacy 10g SSO in Combination with OSSO 10g
6.2.4
About Communication Between OAM Servers and Webgates
6.2.5
About Restarting Servers After Configuration Changes
6.3
Managing Individual OAM Server Registrations
6.3.1
About the OAM Server Registration Page
6.3.1.1
OAM Proxy Page
6.3.1.2
Coherence Page for Individual Servers
6.3.2
Registering a Fresh OAM Server Instance
6.3.3
Viewing or Editing Individual OAM Server and Proxy Settings
6.3.4
Deleting an Individual Server Registration
7
Using Multi-Data Centers
7.1
Introducing Multi-Data Center
7.1.1
Providing a Multi-Data Center Solution
7.1.1.1
Enhancing Cookies for Multi-Data Center
7.1.1.2
Session Adoption During Authorization
7.1.1.3
Session Indexing
7.1.2
Supported Multi-Data Center Topologies
7.1.2.1
Active-Active Mode
7.1.2.2
Active Standby-Passive Mode
7.1.2.3
Active-Hot Standby
7.1.3
Understanding Access Manager Security Modes for Multi-Data Center
7.1.3.1
OPEN Security Mode
7.1.3.2
SIMPLE Security Mode
7.1.3.3
CERT Security Mode
7.2
Understanding Multi-Data Center Deployments
7.2.1
Session Adoption Without Re-authentication, Session Invalidation or Session Data Retrieval
7.2.2
Session Adoption Without Re-authentication But With Session Invalidation & Session Data Retrieval
7.2.3
Session Adoption Without Re-authentication & Session Invalidation But With On-demand Session Data Retrieval
7.2.4
Authentication & Authorization Requests Served By Different Data Centers
7.2.5
Logout and Session Invalidation
7.3
Before Deploying Multi-Data Centers
7.4
Deploying Multi-Data Centers
7.5
Load Balancing Between Access Management Components
7.6
Setting Up A Multi-Data Center
7.7
Syncing Multi-Data Centers
7.7.1
How Automated Policy Synchronizaton Works
7.7.2
Understanding the Replication Agreement
7.7.3
Enabling the Replication Service
7.7.3.1
Setting Up Replication Using REST
7.7.3.2
Querying for Replication Agreement Details
7.7.3.3
Modifying an Existing Replication Agreement
7.7.3.4
Deleting a Replication Agreement
7.8
Understanding Time Outs and Session Syncs
7.8.1
Ensuring Maximum Session Constraints
7.8.2
Configuring Policies for Idle Timeout
7.8.3
Expiring Multi-Data Center Sessions
7.8.4
Synchronizing Sessions and Multi-Data Center Fail Over
7.9
WLST Commands for Multi-Data Centers
7.9.1
enableMultiDataCentreMode
7.9.1.1
Description
7.9.1.2
Syntax
7.9.1.3
Example
7.9.2
disableMultiDataCentreMode
7.9.2.1
Description
7.9.2.2
Syntax
7.9.2.3
Example
7.9.3
addPartnerForMultiDataCentre
7.9.3.1
Description
7.9.3.2
Syntax
7.9.3.3
Example
7.9.4
removePartnerForMultiDataCentre
7.9.4.1
Description
7.9.4.2
Syntax
7.9.4.3
Example
7.9.5
setMultiDataCenterType
7.9.5.1
Description
7.9.5.2
Syntax
7.9.5.3
Example
7.9.6
setMultiDataCenterWrite
7.9.6.1
Description
7.9.6.2
Syntax
7.9.6.3
Example
7.9.7
setMultiDataCentreClusterName
7.9.7.1
Description
7.9.7.2
Syntax
7.9.7.3
Example
7.9.8
validateMDCConfig
7.9.8.1
Description
7.9.8.2
Syntax
7.9.8.3
Example
7.10
Replicating Domains with Multi-Data Centers and Identity Manager
7.11
Multi-Data Center Recommendations
7.11.1
Using a Common Domain
7.11.2
Using an External Load Balancer
7.11.3
Honoring Maximum Sessions
7.12
Cloning with T2P
7.12.1
Move OPSS Data
Part III Logging, Auditing, Reporting and Monitoring Performance
8
Logging Component Event Messages
8.1
Prerequisites
8.2
Introduction to Logging Component Event Messages
8.2.1
About Component Loggers
8.2.2
Sample Logger and Log Handler Definition
8.2.3
About Logging Levels
8.3
Configuring Logging for Access Manager
8.3.1
Modifying the Logger Level for Access Manager
8.3.2
Adding an Access Manager-Specific Logger and Log Handler
8.4
Configuring Logging for Security Token Service and Identity Federation
8.4.1
Configuring Logging for Security Token Service or Identity Federation
8.4.2
Defining Log Level and Log Details for Security Token Service or Identity Federation
8.5
Validating Run-time Event Logging Configuration
9
Auditing Administrative and Run-time Events
9.1
Understanding Oracle Fusion Middleware Auditing
9.2
Introduction to Oracle Access Management Auditing
9.2.1
About Oracle Access Management Auditing Configuration
9.2.2
About Audit Record Storage
9.2.3
About Audit Reports and Oracle Business Intelligence Publisher
9.2.4
About the Audit Log and Data
9.3
Access Manager Events You Can Audit
9.3.1
Access Manager Administrative Events You Can Audit
9.3.2
Access Manager Run-time Events You Can Audit
9.3.3
Auditing Authentication Events
9.4
Mobile and Social Events You Can Audit
9.4.1
REST Run-Time Audit Events
9.4.2
Mobile and Social Audit Events
9.5
Identity Federation Events You Can Audit
9.5.1
Session Management Events for Identity Federation
9.5.2
Protocol Flow Events for Identity Federation
9.5.3
Server Configuration Events for Identity Federation
9.5.4
Security Events for Identity Federation
9.6
Security Token Service Events You Can Audit
9.6.1
About Audit Record Content Common to All Events
9.6.2
Security Token Service Administrative Events You Can Audit
9.6.3
Security Token Service Run-time Events You Can Audit
9.7
Setting Up Auditing for Oracle Access Management
9.7.1
Setting Up the Audit Database Store
9.7.2
Preparing Oracle Business Intelligence Publisher EE
9.7.3
Using the Oracle Access Management Console for Audit Configuration
9.7.4
Adding, Viewing, or Editing Audit Settings
9.8
Validating Auditing and Reports
10
Logging WebGate Event Messages
10.1
About Logging, Log Levels, and Log Output
10.1.1
About Log Levels
10.1.2
About Log Output
10.2
About Log Configuration File Paths and Contents
10.2.1
Log Configuration File Paths and Names
10.2.2
Log Configuration File Contents
10.2.2.1
When Changes to the File Take Effect
10.2.2.2
About Comments in the Log File
10.3
About Directing Log Output to a File or the System File
10.4
Structure and Parameters of the Log Configuration File
10.4.1
The Log Configuration File Header
10.4.2
The Initial Compound List
10.4.3
The Simple List and Logging Threshold
10.4.4
The Second Compound List and Log Handlers
10.4.5
The List for Per-Module Logging
10.4.6
The Filter List
10.4.7
About XML Element Order
10.5
About Activating and Suppressing Logging Levels
10.5.1
About Log Handler Precedence
10.6
Mandatory Log-Handler Configuration Parameters
10.6.1
Settings in the Default Log Configuration File
10.6.1.1
Description of the Settings in the Default Log Configuration File
10.7
Configuring Different Threshold Levels for Different Types of Data
10.7.1
About the MODULE_CONFIG Section
10.7.1.1
Location of the Per-Module Logging Section in the Log Configuration File
10.7.1.2
List of Modules That Can Be Logged
10.7.2
Configuring a Log Level Threshold for a Function or Module
10.8
Filtering Sensitive Attributes
11
Reporting
11.1
Using the Reports
11.2
Accessing Oracle Access Management Reports
11.3
Supported Output Formats
11.4
Reports for Access Manager
11.4.1
Account Management Reports
11.4.2
Authentication Reports
11.4.2.1
Authentication Statistics Report
11.4.2.2
AuthenticationFromIPByUser
11.4.2.3
AuthenticationPerIP
11.4.2.4
AuthenticationStatisticsPerServer Report
11.4.3
Errors and Exceptions
11.4.3.1
All Errors and Exceptions
11.4.3.2
Authentication Failures
11.4.3.3
User Activities
11.4.3.4
Authentication History
11.4.3.5
Authorization History
11.4.3.6
Multiple Logins From Same IP
11.5
Creating Reports Using Third-Party Software
12
Monitoring Performance and Health
12.1
Introduction to Performance Monitoring
12.2
Reviewing DMS Metric Tables
12.3
Monitoring Server Metrics
12.3.1
Monitoring Server Instance Performance
12.3.2
Reviewing Server Metrics Using Oracle Access Management Console
12.4
Monitoring SSO Agent Metrics
12.4.1
Monitoring Agent Metrics Using Oracle Access Management Console
12.4.2
Reviewing OAM Agent Metrics
12.4.3
Reviewing OSSO Agent Metrics
12.5
Introduction to OAM Proxy Metrics and Tuning
12.5.1
About OAM Proxy Metrics
12.5.2
OAM Proxy Server Tuning Parameters
12.6
Reviewing OpenSSO Metrics in the DMS Console
12.6.1
OpenSSO Proxy Events and Metrics: Server
12.6.2
OpenSSO Proxy Metrics: Agent
12.6.3
Reviewing OpenSSO Metrics Using the DMS Console
12.7
Monitoring the Health of an Access Manager Server
12.7.1
Understanding WebGate and Access Manager Communications
12.7.2
Monitoring Access Manager Server Health
13
Monitoring Performance and Logs with Fusion Middleware Control
13.1
Prerequisites
13.2
Introduction to Fusion Middleware Control
13.3
Logging In to and Out of Fusion Middleware Control
13.3.1
About the Login Page for Fusion Middleware Control
13.3.2
Logging In To Fusion Middleware Control
13.3.3
Logging Out of Fusion Middleware Control
13.4
Displaying Menus and Pages in Fusion Middleware Control
13.4.1
About the Farm Page in Fusion Middleware Control
13.4.2
About Context Menus and Pages in Fusion Middleware Control
13.4.3
Displaying Context Menus and Target Details in Fusion Middleware Control
13.5
Viewing Performance in Fusion Middleware Control
13.5.1
About Performance Overview Pages in Fusion Middleware Control
13.5.1.1
Access Manager Component Pages
13.5.1.2
Security Token Service Component Pages
13.5.2
About the Metrics Palette and the Performance Summary Page
13.5.3
Displaying Performance Metrics in Fusion Middleware Control
13.5.4
Displaying Component-Specific Performance Details
13.6
Managing Log Level Changes in Fusion Middleware Control
13.6.1
About Dynamic Log Level Changes
13.6.2
Setting Log Levels Dynamically Using Fusion Middleware Control
13.7
Managing Log File Configuration from Fusion Middleware Control
13.7.1
About Log File Configuration
13.7.2
Managing Log File Configuration by Using Fusion Middleware Control
13.8
Viewing Log Messages in Fusion Middleware Control
13.8.1
About Finding, Viewing, and Exporting Log Messages
13.8.2
Viewing Logged Messages With Fusion Middleware Control
13.9
Displaying MBeans in Fusion Middleware Control
13.9.1
About the System MBean Browser
13.9.2
Managing Mbeans
13.10
Displaying Farm Routing Topology in Fusion Middleware Control
13.10.1
About the Routing Topology
13.10.2
Viewing the Routing Topology using Fusion Middleware Control
Part IV Managing Access Manager Settings and Agents
14
Configuring Access Manager Settings
14.1
Prerequisites
14.2
Managing Load Balancing
14.2.1
About Common Load Balancing Settings
14.2.2
Managing OAM Server Load Balancing
14.3
Managing Secure Error Modes
14.3.1
About OAM Server Error Modes
14.3.2
Managing OAM Server Secure Error Modes
14.4
Managing SSO Tokens and IP Validation
14.4.1
About Access Manager SSO Tokens and IP Validation Settings
14.4.2
Managing SSO Tokens and IP Validation
14.5
Managing the Access Protocol for OAM Proxy Simple and Cert Mode Security
14.5.1
About Simple and Cert Mode Transport Security
14.5.2
About the Common OAM Proxy Page for Secure Server Communications
14.5.3
Viewing or Editing Simple or Cert Settings for OAM Proxy
14.5.4
Configuring 64-bit WebGate in Cert Mode
14.5.5
Tuning the Simple Mode WebGate
14.6
Managing Run Time Policy Evaluation Caches
14.6.1
About Run Time Policy Evaluation Caches
14.6.2
Managing Run Time Policy Evaluation Caches
15
Introduction to Agents and Registration
15.1
Introduction to Policy Enforcement Agents
15.1.1
About Agent Types and Runtime Processing
15.1.2
About 11g Webgate Configured as a Detached Credential Collector
15.1.3
About 11g Webgate Functionality for Mobile and Social
15.1.4
About the Pre-Registered 10g Webgate IAMSuiteAgent
15.2
Introduction to Agent Registration
15.2.1
About Agent Registration, Keys, and Policies
15.2.2
About File System Changes and Artifacts for Registered Agents
15.3
Introduction to Remote Registration
15.3.1
About Performing In-Band Remote Registration
15.3.2
About Performing Out-of-Band Remote Registration
15.3.3
About Updated Agent Configuration Files
16
Registering and Managing OAM 11g Agents
16.1
Prerequisites
16.2
Understanding OAM Agent Registration Parameters in the Console
16.2.1
About Create OAM WebGate Page and Parameters
16.2.2
About User-Defined WebGate Parameters
16.2.3
About IP Address Validation for WebGates
16.2.3.1
Defining The IP Validation Exceptions List
16.2.3.2
Enabling IP Validation in Load Balanced Environments
16.3
Registering an OAM Agent Using the Console
16.4
Configuring and Managing Registered OAM Agents Using the Console
16.4.1
Understanding Registered OAM Agent Configuration Parameters in the Console
16.4.2
Searching for an OAM Agent Registration
16.4.3
Viewing or Editing an OAM Agent Registration Page in the Console
16.4.4
Deleting OAM Agent Registration Using the Console
16.5
Understanding the Remote Registration Tool, Modes, and Process
16.5.1
About Remote Registration Command Arguments and Modes
16.5.2
Common Elements within Remote Registration Request Templates
16.5.3
About Key Use, Generation, Provisioning, and Storage
16.6
Understanding Remote Registration Templates: OAM Agents
16.6.1
OAM Agent Parameters for Remote Registration
16.7
Performing Remote Registration for OAM Agents
16.7.1
Acquiring and Setting Up the Remote Registration Tool
16.7.2
Creating Your Remote Registration Request
16.7.3
Performing In-Band Remote Registration
16.7.4
Performing Out-of-Band Remote Registration
16.8
Introduction to Updating Agents Remotely
16.8.1
About Remote Agent Update Modes
16.8.2
About Remote 11g OAM Agent Updates Template
16.9
Updating Agents Remotely
16.9.1
Updating Agents Remotely
16.9.2
Performing Remote Agent Validation
16.9.3
Performing Remote Agent Removal
16.10
Validating Remote Registration and Resource Protection
16.10.1
Validating Agent Registration using the Oracle Access Management Console
16.10.2
Validating Authentication and Access After Remote Registration
16.11
Replacing the IAMSuiteAgent with an 11g WebGate
16.11.1
Registering a Replacement 11g WebGate for IAMSuiteAgent
16.11.2
Installing the Replacement 11g WebGate for IAMSuiteAgent
16.11.3
Updating the WebLogic Server Plug-in
16.11.4
Confirming the AutoLogin Host Identifier for an OAM / OIM Integration
16.11.5
Configuring OAM Security Providers for WebLogic
16.11.5.1
About Security Providers
16.11.5.2
Setting Up Security Providers for the 11g WebGate
16.11.6
Disabling IAMSuiteAgent
16.11.7
Verification
16.12
Managing the Preferred Host in 10g WebGates
16.12.1
setAllowEmptyHostIdentifier
16.12.1.1
Description
16.12.1.2
Syntax
16.12.1.3
Example
17
Maintaining Access Manager Sessions
17.1
Introducing Access Manager Session Management
17.2
Understanding Server-Side Session Management
17.2.1
Securing Access Manager Sessions
17.2.2
Understanding the Access Manager Session Lifecycle, States, and Enforcement
17.2.2.1
About Global Session Enforcement Checks
17.2.2.2
About Session Removal
17.2.2.3
About Step-Up and Step-Down Authentication and Credentials
17.2.2.4
About Optional Application-Specific Session Enforcement
17.2.2.5
About Timeout with Multiple-Agent Types: OSSO and OAM Agents
17.2.2.6
About OpenSSO Agents
17.2.3
Access Manager Sessions and the Role of Oracle Coherence
17.3
Server-Side Session Enforcement Examples
17.3.1
Example 1: Single Authentication Scheme
17.3.2
Example 2: Multiple Authentication Schemes
17.4
Configuring the Server-Side Session Lifecycle
17.4.1
About Global Session Lifecycle Settings
17.4.2
About Application-Specific Session Overrides
17.4.3
Viewing or Modifying Global Session Settings
17.4.4
Viewing or Modifying Optional Application-Specific Session Overrides
17.5
Managing Active Server-Side Sessions
17.5.1
About the Session Management Pages
17.5.2
Managing Active Sessions
17.6
Verifying Server-Side Session Operations
17.7
Understanding Client-Side Session Management
17.8
Using WLST To Configure Session Management
17.8.1
displaySSOSessionType
17.8.1.1
Description
17.8.1.2
Syntax
17.8.1.3
Example
17.8.2
configSSOSessionType
17.8.2.1
Description
17.8.2.2
Syntax
17.8.2.3
Examples
Part V Managing Access Manager SSO, Policies, and Testing
18
Understanding Single Sign-On with Access Manager
18.1
Introducing Access Manager Single Sign-On
18.1.1
About Multiple Network Domain SSO
18.1.2
About Application SSO and Access Manager
18.1.3
About Multiple WebLogic Server Domain SSO
18.1.4
About Reverse-Proxy SSO
18.2
Understanding the Access Manager Policy Model
18.3
Anatomy of an Application Domain and Policies
18.3.1
About Resource Definitions for Policies
18.3.2
About Authentication Policies
18.3.3
About Authorization Policies
18.3.4
About Token Issuance Policies
18.4
Introduction to Policy Conditions and Rules
18.5
Introducing Access Manager Credential Collection and Login
18.5.1
About Access Manager Credential Collection
18.5.2
About SSO Login Processing with OAM Agents and ECC
18.5.3
About Login Processing with OAM Agents and DCC
18.5.4
About SSO Login Processing with OSSO Agents (mod_osso) and ECC
18.6
Understanding SSO Cookies
18.6.1
About Single Sign-On Cookies During User Login
18.6.2
About Single Sign-On Server and Agent Cookies
18.6.2.1
OAM_ID cookie
18.6.2.2
OAMAuthnCookie for 11g OAM Webgates
18.6.2.3
ObSSOCookie for 10g Webgates
18.6.2.4
OAM_REQ Cookie
18.6.2.5
OAMRequestContext
18.6.2.6
DCCCtxCookie
18.6.2.7
mod_osso Cookies
18.6.2.8
OpenSSO Cookie (iPlanetDirectoryPro)
18.7
Introduction to Configuration Tasks for Single Sign-On
19
Managing Authentication and Shared Policy Components
19.1
Prerequisites
19.2
Understanding Authentication and Shared Policy Component Tasks
19.3
Managing Resource Types
19.3.1
About Resource Types and Their Use
19.3.2
About the Resource Type Page
19.3.3
Searching for a Specific Resource Type
19.3.4
Creating a Custom Resource Type
19.4
Managing Host Identifiers
19.4.1
About Host Identifiers
19.4.1.1
Host Identifier Usage
19.4.1.2
Host Identifier Guidelines
19.4.1.3
Host Identifier Variations
19.4.2
About Virtual Web Hosting
19.4.2.1
Placing a Webgate Behind a Reverse Proxy
19.4.2.2
Configuring Virtual Hosting for Non-Apache Web Servers
19.4.2.3
Associating a Webgate for Apache with Virtual Hosts, Directories, or Files
19.4.3
About the Host Identifier Page
19.4.4
Creating a Host Identifier
19.4.5
Searching for a Host Identifier Definition
19.4.6
Viewing or Editing a Host Identifier Definition
19.4.7
Deleting a Host Identifier Definition
19.5
Understanding Authentication Methods and Credential Collectors
19.5.1
About Different Authentication Methods
19.5.2
Comparing Embedded Credential Collector with Detached Credential Collector
19.5.3
Authentication Event Logging and Auditing
19.6
Managing Native Authentication Modules
19.6.1
About Native Access Manager Authentication Modules
19.6.1.1
Native Kerberos Authentication Module
19.6.1.2
Native LDAP Authentication Modules
19.6.1.3
Native X509 Authentication Module
19.6.2
Viewing or Editing Native Authentication Modules
19.6.3
Deleting a Native Authentication Module
19.7
Orchestrating Multi-Step Authentication with Plug-in Based Modules
19.7.1
Comparing Simple Form and Multi-Factor (Multi-Step) Authentication
19.7.2
About Plug-ins for Multi-Step Authentication Modules
19.7.3
About Plug-in Based Modules for Multi-Step Authentication
19.7.4
Example: Leveraging SubjectAltName Extension Data and Integrating with Multiple OCSP Endpoints
19.7.5
Creating and Orchestrating Plug-in Based Multi-Step Authentication Modules
19.7.6
Creating and Managing Step-Up Authentication
19.7.7
Configuring an HTTPToken Extractor Plug-in
19.7.8
Configuring a JSON Web Token Plug-in
19.7.8.1
Understanding the JSON Web Token Plug-in
19.7.8.2
Configure the JSON Web Token Plug-In
19.8
Deploying and Managing Individual Plug-ins for Authentication
19.8.1
About Managing Your Own Authentication Plug-ins
19.8.2
Making Custom Authentication Plug-ins Available for Use
19.8.3
Checking an Authentication Plug-in's Activation Status
19.8.4
Deleting Your Custom Authentication Plug-ins
19.9
Managing Authentication Schemes
19.9.1
About Authentication Schemes and Pages
19.9.1.1
Pre-configured Authentication Schemes
19.9.1.2
About Challenge Methods
19.9.1.3
About Challenge Parameters for Authentication Schemes
19.9.2
Understanding Multi-Level and Step-Up Authentication
19.9.2.1
About Multi-Level and Step-Up Authentication
19.9.2.2
Detection of Insufficient Authentication Level by OAM Agent
19.9.2.3
Multi-Level Authentication Processing with 10g OSSO Agent
19.9.3
Creating an Authentication Scheme
19.9.4
Searching for an Authentication Scheme
19.9.5
Viewing, Editing, or Deleting an Authentication Scheme
19.10
Extending Authentication Schemes with Advanced Rules
19.10.1
Using Pre-Authentication Advanced Rules
19.10.2
Understanding Sample Advanced Rules
19.11
Configuring Challenge Parameters for Encrypted Cookies
19.11.1
About Challenge Parameters for Encrypted Cookies
19.11.2
Configuring Challenge Parameters for Security of Encrypted Cookies
19.11.3
Setting Challenge Parameters for Persistence of Encrypted Cookies
19.12
Understanding Password Policy
19.12.1
Previewing Oracle-Provided Password Forms and Functionality
19.12.2
Previewing the Password Policy Page in Oracle Access Management Console
19.12.3
About Credential Collectors and Password Policy Validation
19.13
Managing Global Password Policy
19.13.1
Defining Your Global Password Policy
19.13.2
Designating the Default Store for Your Password Policy
19.13.3
Adding Key Password Attributes to the Default Store
19.13.3.1
About Extending the Default Store Schema
19.13.3.2
Extending the Default Store Schema with Password Policy Attributes
19.13.4
Adding an Administrator to Change User Attributes After a Password Change
19.14
Configuring Password Policy Authentication
19.14.1
Configuring the Password Policy Validation Authentication Module
19.14.2
Configuring the PasswordPolicyValidationScheme
19.14.3
Adding Your PasswordPolicyValidationScheme to ECC Authentication Policy
19.15
Configuring 11g WebGates and Authentication Policy for DCC
19.15.1
Enabling DCC Credential Operations
19.15.2
Locating and Updating DCC Forms for Password Policy
19.15.3
Adding PasswordPolicyValidationScheme to Authentication Policy for DCC
19.15.4
Supporting Federation Flows With DCC
19.16
Completing Password Policy Configuration
19.16.1
Setting the Error Message Mode for Password Policy Messages
19.16.2
Overriding Native LDAP Password Policy Validation
19.16.3
Disabling ECC Operation and Using DCC Exclusively
19.16.4
Testing Your Multi-Step Authentication
19.17
Configuring Authentication POST Data Handling
19.17.1
About Authentication Post Data Preservation and Restoration
19.17.2
About Configuring Authentication POST Data Handling
19.17.3
About Post Data Size Limits
19.17.4
Configuring Authentication POST Data Handling
19.17.5
Testing POST Data Handling Configuration
19.18
Long URL Handling During Authentication
19.18.1
About Long URLs and Authentication Handling
19.18.2
About Configuring Long URL Handling
19.19
Using Application Initiated Authentication
19.20
Using the Adaptive Authentication Service
19.20.1
Understanding the Adaptive Authentication Service
19.20.1.1
Understanding the One Time Password Flow
19.20.1.2
Generating a Secret Key
19.20.1.3
Understanding Adaptive Authentication Configurations
19.20.2
Configuring Access Manager for Two-Factor Authentication
19.20.2.1
Configuring OAuth for the Oracle Mobile Authenticator
19.20.2.2
Configuring OAuth for the Google Authenticator
19.20.2.3
Configuring Access Manager
19.20.3
Configuring the Oracle Mobile Authenticator App
19.20.3.1
Understanding Oracle Mobile Authenticator Configuration
19.20.3.2
Configuring the Oracle Mobile Authenticator App on iOS
19.20.3.3
Configuring the Oracle Mobile Authenticator App on Android
19.20.4
Configuring the Google Authenticator App
20
Managing Policies to Protect Resources and Enable SSO
20.1
Prerequisites
20.2
Introduction to Application Domain and Policy Creation
20.2.1
Generating Application Domains and Policies Automatically
20.2.2
Managing Application Domains and Policies Remotely
20.2.3
Creating or Managing an Application Domain and Policies
20.3
Understanding Application Domain and Policy Management
20.3.1
About Application Domain Pages and Navigation
20.3.2
About the Application Domain Summary Page
20.3.3
About the Resource Container in an Application Domain
20.3.4
About Authentication Policy Pages
20.3.5
About Authorization Policy Pages
20.3.6
About Token Issuance Policy Pages
20.4
Managing Application Domains and Policies Using the Console
20.4.1
About Application Domains Summary Page
20.4.2
Creating a Fresh Application Domain
20.4.3
Searching for an Existing Application Domain
20.4.4
Viewing or Editing an Application Domain
20.4.5
Deleting an Application Domain and Its Contents
20.5
Configuring Policy Ordering
20.6
Adding and Managing Policy Resource Definitions
20.6.1
Defining Resources in an Application Domain
20.6.1.1
About the Resource Type in a Resource Definition
20.6.1.2
About the Host Identifier in a Resource Definition
20.6.1.3
About the Resource URL, Prefixes, and Patterns
20.6.1.4
About Query String Name and Value Parameters for Resource Definitions
20.6.1.5
About Literal Query Strings in Resource Definitions
20.6.1.6
About Run Time Resource Evaluation
20.6.2
Defining Resources in an Application Domain
20.6.3
Searching for a Resource Definition
20.6.3.1
About Searching for a Specific Resource Definition
20.6.3.2
Searching for a Specific Resource Definition
20.6.4
Viewing, Editing, or Deleting a Resource Definition
20.7
Defining Authentication Policies for Specific Resources
20.7.1
About the Authentication Policy Page
20.7.1.1
About Resources in an Authentication Policy
20.7.2
Creating an Authentication Policy for Specific Resources
20.7.3
Searching for an Authentication Policy
20.7.4
Viewing or Editing an Authentication Policy
20.7.5
Deleting an Authentication Policy
20.8
Defining Authorization Policies for Specific Resources
20.8.1
About Authorization Policies for Specific Resources
20.8.2
Creating an Authorization Policy and Specific Resources
20.8.3
Searching for an Authorization Policy
20.8.4
Viewing or Editing an Authorization Policy and Resources
20.8.5
Deleting an Entire Authorization Policy
20.9
Introduction to Policy Responses for SSO
20.9.1
About Authentication and Authorization Policy Responses for SSO
20.9.2
About the Policy Response Language
20.9.3
About the Namespace and Variable Names for Policy Responses
20.9.4
About Constructing a Policy Response for SSO
20.9.4.1
Simple Responses
20.9.4.2
Compound and Complex Responses
20.9.4.3
Multi-Valued Responses
20.9.5
About Policy Response Processing
20.9.6
About Assertion Claims and Processing
20.10
Adding and Managing Policy Responses for SSO
20.10.1
Adding a Policy Response for SSO
20.10.2
Viewing, Editing, or Deleting a Policy Response for SSO
20.11
Introduction to Authorization Policy Rules and Conditions
20.11.1
About Allow or Deny Rules
20.11.2
About Authorization Policy Conditions
20.11.3
About Classifying Users and Groups for Conditions
20.11.4
Guidelines for Authorization Responses Based on Conditions
20.12
Defining Authorization Policy Conditions
20.12.1
Choosing a Condition Type
20.12.1.1
About Choosing a Condition Type
20.12.1.2
Choosing a Condition Type
20.12.2
Defining Identity Conditions
20.12.2.1
About Identity Conditions
20.12.2.2
Specifying Identity Type Conditions
20.12.3
Defining IP4 Range Conditions
20.12.3.1
About IP4 Range Condition Types
20.12.3.2
Defining IP4 Range Conditions
20.12.4
Defining Temporal Conditions
20.12.4.1
About Temporal Conditions
20.12.4.2
Defining Temporal Conditions
20.12.5
Defining Attribute Conditions
20.12.5.1
About Attribute Conditions
20.12.5.2
Defining Attribute Type Conditions
20.12.6
Viewing, Editing, or Deleting Authorization Policy Conditions
20.13
Defining Authorization Policy Rules
20.13.1
About Defining Rules in an Authorization Policy
20.13.2
About Expressions and Expression-Based Policy Evaluation
20.13.2.1
Expression Evaluation in Authorization Rules
20.13.3
Defining Rules in an Authorization Policy
20.14
Validating Authentication and Authorization in an Application Domain
20.15
Understanding Remote Policy and Application Domain Management
20.15.1
About Managing Policies Remotely
20.15.2
About the Create Policy Request Template
20.15.3
About the Update Policy Request Template
20.15.4
About Remote Policy Management and Templates
20.16
Managing Policies and Application Domains Remotely
20.17
Defining an Application
21
Validating Connectivity and Policies Using the Access Tester
21.1
Prerequisites
21.2
Introduction to the Access Tester for Access Manager 11g
21.2.1
About OAM Agent and Server Interoperability
21.2.2
About Access Tester Security and Processing
21.2.3
About Access Tester Modes and Administrator Interactions
21.3
Installing and Starting the Access Tester
21.3.1
Installing the Access Tester
21.3.2
About Access Tester Supported System Properties
21.3.3
Starting the Tester Without System Properties For Use in Tester Console Mode
21.3.4
Starting the Access Tester with System Properties For Use in Command Line Mode
21.3.4.1
About the Access Tester Command Line Mode
21.3.4.2
Starting the Access Tester with System Properties
21.4
Introduction to the Access Tester Console and Navigation
21.4.1
Access Tester Menus and Command Buttons
21.5
Testing Connectivity and Policies from the Access Tester Console
21.5.1
Establishing a Connection Between the Access Tester and the OAM Server
21.5.1.1
About the Connection Panel
21.5.1.2
Connecting the Access Tester with the OAM Server
21.5.2
Validating Resource Protection from the Access Tester Console
21.5.2.1
About the Protected Resource URI Panel
21.5.2.2
Validating Resource Protection
21.5.3
Testing User Authentication from the Access Tester Console
21.5.3.1
About the User Identity Panel
21.5.3.2
Testing User Credential Authentication
21.5.4
Testing User Authorization from the Access Tester Console
21.5.5
Observing Request Latency
21.6
Creating and Managing Test Cases and Scripts
21.6.1
About Test Cases and Test Scripts
21.6.2
Capturing Test Cases
21.6.3
Generating an Input Test Script
21.6.3.1
About Generating an Input Test Script
21.6.3.2
Generating an Input Test Script
21.6.4
Personalizing an Input Test Script
21.6.4.1
About Customizing a Test Script
21.6.4.2
Customizing a Test Script
21.6.5
Executing a Test Script
21.6.5.1
About Test Script Execution
21.6.5.2
Running a Test Script
21.7
Evaluating Scripts, Log File, and Statistics
21.7.1
About Evaluating Test Results
21.7.2
About the Saved Connection Configuration File
21.7.3
About the Generated Input Test Script
21.7.4
About the Target Output File Containing Test Run Results
21.7.5
About the Statistics Document
21.7.6
About the Execution Log
22
Configuring Centralized Logout for Sessions Involving 11g WebGates
22.1
Prerequisites
22.2
Introduction to Centralized Logout for Access Manager 11g
22.2.1
About Centralized Logout for 11g Webgates
22.2.2
About Logout Parameters for 11g Webgates
22.3
Configuring Centralized Logout for 11g Webgates
22.3.1
Configuring Centralized Logout for 11g Webgates When the ECC is Used
22.3.2
Configuring Logout When Using Detached Credential Collector-Enabled Webgate
22.4
Validating Global Sign-On and Centralized Logout
22.4.1
Confirming Global Sign-On
22.4.2
Validating Global Sign-On with Mixed Agent Types
22.4.3
Observing Centralized Logout
Part VI Registering and Using Agents with Access Manager
23
Registering and Managing Legacy OpenSSO Agents
23.1
Introduction to OpenSSO, Agents, Migration and Co-existence
23.1.1
About Migration and Co-existence Between OpenSSO and Access Manager
23.1.2
About OpenSSO Agent Reliance on Access Manager
23.2
Runtime Processing Between OpenSSO Agents and Access Manager
23.3
Understanding OpenSSO Agent Registration Parameters
23.3.1
About OpenSSO Agent Registration Parameters
23.3.2
About the Expanded OpenSSO Agent Page and Parameters
23.4
Registering and Managing OpenSSO Agents Using the Console
23.4.1
Registering an OpenSSO Agent using the Oracle Access Management Console
23.4.2
Configuring and Managing Registered OpenSSO Agents Using the Console
23.5
Performing Remote Registration for OpenSSO Agents
23.5.1
Understanding Request Templates for OpenSSO Agent Remote Registration
23.5.2
Reviewing OpenSSO Bootstrap Configuration Mappings
23.5.3
Performing In-Band Remote Registration with OpenSSO Agents
23.5.4
Performing Out-of-Band Remote Registration with OpenSSO Agents
23.6
Updating Registered OpenSSO Agents Remotely
23.6.1
Updating OpenSSO Agents Remotely
23.7
Locating Other OpenSSO Agent Information
24
Registering and Managing Legacy OSSO Agents
24.1
Understanding OSSO Agents with Access Manager
24.1.1
About OSSO Agents with Access Manager
24.1.2
Comparing Access Manager 11g SSO versus OSSO 10g
24.2
Registering OSSO Agents Using Oracle Access Management Console
24.2.1
Understanding the Create OSSO Agent Registration Page and Parameters
24.2.2
Registering an OSSO Agent (mod_osso) Using the Console
24.3
Configuring and Managing Registered OSSO Agents Using the Console
24.3.1
Understanding the Expanded OSSO Agent Page in the Console
24.3.2
Searching for an OSSO Agent (mod_osso) Registration
24.3.3
Viewing or Editing OSSO Agent (mod_osso) Registration
24.3.4
Deleting an OSSO Agent (mod_osso) Registration
24.4
Performing Remote Registration for OSSO Agents
24.4.1
Understanding Request Templates for OSSO Remote Registration
24.4.2
Performing In-Band Remote Registration of OSSO Agents
24.4.3
Performing Out-of-Band Remote Registration for OSSO Agents
24.5
Updating Registered OSSO Agents Remotely
24.6
Configuring Logout for OSSO Agents with Access Manager 11.1.2
24.6.1
About Centralized Logout with OSSO Agents (mod_OSSO) and Access Manager
24.6.2
Removing Custom mod_osso Cookies on Logout
24.7
Locating Other OSSO Agent Information
25
Registering and Managing 10g WebGates with Access Manager 11g
25.1
Prerequisites
25.2
Introduction to 10g OAM Agents for Access Manager 11g
25.2.1
About IAMSuiteAgent: A Pre-Configured 10g WebGate Registered with Access Manager
25.2.2
About Legacy Oracle Access Manager 10g Deployments and WebGates
25.2.3
About Installing Fresh 10g WebGates to Use With Access Manager 11.1.2
25.2.4
About Centralized Logout with 10g OAM Agents and 11g OAM Servers
25.3
Comparing Access Manager 11.1.2 and 10g
25.3.1
Comparing Access Manager 11g versus 10g
25.3.2
Comparing Access Manager 11g versus 10g Policy Model
25.4
Configuring Centralized Logout for IAMSuiteAgent
25.5
Registering a 10g WebGate with Access Manager 11g Remotely
25.6
Managing 10g OAM Agents Remotely
25.7
Locating and Installing the Latest 10g WebGate for Access Manager 11g
25.7.1
Preparing for a Fresh 10g WebGate Installation with Access Manager 11g
25.7.2
Locating and Downloading 10g WebGates for Use with Access Manager 11g
25.7.3
Starting WebGate 10g Installation
25.7.4
Specifying a Transport Security Mode
25.7.5
Requesting or Installing Certificates for Secure Communications
25.7.6
Specifying WebGate Configuration Details
25.7.7
Updating the WebGate Web Server Configuration
25.7.7.1
Manually Configuring Your Web Server
25.7.8
Finishing WebGate Installation
25.7.9
Installing Artifacts and Certificates
25.7.10
Confirming WebGate Installation
25.8
Configuring Centralized Logout for 10g WebGate with 11g OAM Servers
25.8.1
About Centralized Logout Processing for 10g WebGate with 11g OAM Server
25.8.2
About the Centralized Logout Script for 10g WebGates with 11g OAM Servers
25.8.3
Configuring Centralized Logout for 10g WebGates with Access Manager
25.9
Removing a 10g WebGate from the Access Manager 11g Deployment
26
Configuring Apache, OHS, IHS for 10g WebGates
26.1
Prerequisites
26.2
About Oracle HTTP Server and Access Manager
26.3
About Access Manager with Apache and IHS v2 Webgates
26.3.1
About the Apache HTTP Server
26.3.2
About the IBM HTTP Server
26.3.3
About the Apache and IBM HTTP Reverse Proxy Server
26.4
About Apache v2 Architecture and Access Manager
26.5
Requirements for Oracle HTTP Server, IHS, Apache v2 Web Servers
26.5.1
Requirements for IHS2 Web Servers
26.5.2
Requirements for Apache and IHS v2 Reverse Proxy Servers
26.5.3
Requirements for Apache v2 Web Servers
26.6
Preparing Your Web Server
26.6.1
Preparing the IHS v2 Web Server
26.6.1.1
Preparing the Host for IHS v2 Installation
26.6.1.2
Installing the IBM HTTP Server v2
26.6.1.3
Setting Up SSL-Capability
26.6.1.4
Starting a Secure Virtual Host
26.6.2
Preparing Apache and Oracle HTTP Server Web Servers on Linux
26.6.3
Preparing Oracle HTTP Server Web Servers on Linux and Windows Platforms
26.6.4
Setting Oracle HTTP Server Client Certificates
26.6.5
Preparing the Apache v2 Web Server on UNIX
26.6.6
Preparing the Apache v2 SSL Web Server on AIX
26.6.7
Preparing the Apache v2 Web Server on Windows
26.7
Activating Reverse Proxy for Apache v2 and IHS v2
26.7.1
Activating Reverse Proxy For Apache v2 Web Servers
26.7.2
Activating Reverse Proxy For IHS v2 Web Servers
26.8
Verifying httpd.conf Updates for Webgates
26.8.1
Verifying Webgate Details
26.8.2
Verifying Language Encoding
26.9
Tuning Oracle HTTP Server Webgates for Access Manager
26.10
Tuning OHS /Apache Prefork and Worker MPM Modules for OAM
26.10.1
Tuning Oracle HTTP Server /Apache Prefork MPM Module
26.10.2
Tuning Oracle HTTP Server /Apache Worker MPM Module
26.10.3
Tuning Kernel Parameters
26.11
Starting and Stopping Oracle HTTP Server Web Servers
26.12
Tuning Apache/IHS v2 Webgates for Access Manager
26.13
Removing Web Server Configuration Changes After Uninstall
26.14
Helpful Information
27
Configuring the ISA Server for 10g WebGates
27.1
Prerequisites
27.2
About Access Manager and the ISA Server
27.3
Compatibility and Platform Support
27.4
Installing and Configuring Webgate for the ISA Server
27.4.1
Installing Webgate with ISA Server
27.4.2
Changing /access Directory Permissions
27.5
Configuring the ISA Server for the ISAPI Webgate
27.5.1
Registering Access Manager Plug-ins as ISA Server Web Filters
27.5.2
Configuring ISA Firewall Policies for ISA Web Filters
27.5.3
Ordering the ISAPI Filters
27.6
Starting, Stopping, and Restarting the ISA Server
27.7
Removing Access Manager Filters Before Webgate Uninstall on ISA Server
28
Configuring the IIS Web Server for 10g WebGates
28.1
Prerequisites
28.2
Webgate Guidelines for IIS Web Servers
28.2.1
Guidelines for ISAPI Webgates
28.2.1.1
Webgates for IIS v7
28.2.1.2
Webgates for IIS v6
28.2.1.3
Multiple Webgates with a Single IIS 6 Instance
28.3
Prerequisite for Installing Webgate for IIS 7
28.3.1
Prerequisite for Installing Any 10g Webgate for IIS 7
28.3.2
Prerequisite for Installing a 32-bit Webgate for IIS 7
28.4
Updating IIS 7 Web Server Configuration on Windows 2008
28.5
Completing Webgate Installation with IIS
28.5.1
Enabling Client Certificate Authentication on the IIS Web Server
28.5.2
Ordering the ISAPI Filters
28.5.3
Enabling Pass-Through Functionality for POST Data
28.5.3.1
About ISAPI Webgate 10.1.4.2.3
28.5.3.2
About Pass-Through Functionality for POST Data
28.5.3.3
Implementing Pass-Through: IIS 6.0 in Worker Process Isolation Mode
28.5.3.4
Implementing Pass-Through with IIS 6.0 Web Server in IIS 5.0 Isolation Mode
28.5.4
Protecting a Web Site When the Default Site is Not Setup
28.6
Installing and Configuring Multiple 10g Webgates for a Single IIS 7 Instance
28.6.1
Installing Each IIS 7 Webgate in a Multiple Webgate Scenario
28.6.2
Setting the Impersonation DLL for Multiple IIS 7 Webgates
28.6.3
Enabling Client Certification for Multiple IIS 7 Webgates
28.6.4
Configuring IIS 7 Webgates for Pass Through Functionality
28.6.5
Confirming IIS 7 Webgate Installation
28.7
Installing and Configuring Multiple Webgates for a Single IIS 6 Instance
28.7.1
Installing Each Webgate in a Multiple Webgate Scenario
28.7.2
Setting the Impersonation DLL for Multiple Webgates
28.7.3
Enabling SSL and Client Certification for Multiple Webgates
28.7.4
Confirming Multiple Webgate Installation
28.8
Finishing 64-bit Webgate Installation
28.8.1
Setting Access Permissions, ISAPI filters, and Directory Security Authentication
28.8.2
Setting Client Certificate Authentication
28.9
Confirming Webgate Installation on IIS
28.10
Starting, Stopping, and Restarting the IIS Web Server
28.11
Removing Web Server Configuration Changes Before Uninstall
29
Configuring Lotus Domino Web Servers for 10g WebGates
29.1
Prerequisites
29.2
Installing the Domino Web Server
29.3
Setting Up the First Domino Web Server
29.4
Starting the Domino Web Server
29.5
Enabling SSL (Optional)
29.6
Installing a Domino Security (DSAPI) Filter
29.6.1
Completing the WebGate Installation
Part VII Managing Oracle Access Management Identity Federation
30
Introducing Identity Federation in Oracle Access Management
30.1
Understanding Identity Federation Concepts
30.2
Integrating Identity Federation with Access Manager
30.3
Deploying Identity Federation with Oracle Access Management
30.4
Exchanging Identity Federation Data
30.4.1
Using SAML 2.0
30.4.1.1
SAML 2.0 Bindings for SSO and Federation
30.4.1.2
SAML 2.0 Bindings for Single Logout
30.4.1.3
SAML 2.0 NameID Formats
30.4.1.4
Securing SAML 2.0 Data
30.4.1.5
SAML 2.0 Service Details
30.4.2
Using SAML 1.1
30.4.2.1
SAML 1.1 Profiles for Web Browser SSO
30.4.2.2
SAML 1.1 Logout Profile
30.4.2.3
SAML 1.1 NameID Formats
30.4.2.4
Securing SAML 1.1 Data
30.4.2.5
SAML 1.1 Service Details
30.4.3
Using OpenID 2.0
30.4.3.1
OpenID 2.0 Authentication/SSO
30.4.3.2
OpenID 2.0 Logout
30.4.3.3
OpenID 2.0 NameID Format
30.4.3.4
Securing OpenID 2.0 Data
30.4.3.5
Using OpenID 2.0 Extensions
30.4.3.6
OpenID 2.0 Service Details
30.4.4
Initiating Federation SSO
30.4.4.1
IdP Initiated Federation SSO Service
30.4.4.2
SP Initiated Federation SSO Service
30.5
Understanding How Identity Federation Works
30.6
Using Identity Federation
30.6.1
Achieving SSO
30.6.2
Logging Out
30.6.3
Authorizing
30.6.4
Forcing Authentication
30.6.5
Indicating a Passive Identity Provider
30.6.6
User and Assertion Mapping
30.6.7
Platform Dependencies
30.7
Administrating Identity Federation
30.8
Enabling Identity Federation
31
Managing Identity Federation Partners
31.1
Understanding Federation And Partners
31.2
Managing Federation Partners
31.3
Administering Identity Federation As A Service Provider
31.3.1
Creating Remote Identity Provider Partners
31.3.2
Managing the Remote Identity Provider Partners
31.4
Administering Identity Federation As An Identity Provider
31.4.1
Creating Remote Service Provider Partners
31.4.2
Managing the Remote Service Provider Partners
31.5
Using Attribute Mapping Profiles
31.5.1
Using the SP Attribute Mapping Profile
31.5.2
Using the IdP Attribute Mapping Profile
31.6
Mapping Federation Authentication Methods to Access Manager Authentication Schemes
31.6.1
Understanding Federation SSO As An IdP
31.6.2
Understanding Federation SSO As An SP
31.6.3
Configuring an Alternate Authentication Scheme
31.6.4
Using WLST For Mapping Administration
31.7
Using the Attribute Sharing Plug-in for the Attribute Query Service
31.7.1
Understanding the Plug-in and Query Service Design
31.7.1.1
Using the SP Attribute Requester
31.7.1.2
Using the IdP Attribute Responder
31.7.1.3
Using the SOAP Endpoint
31.7.2
Configuring for Attribute Sharing
31.7.2.1
NameID
31.7.2.2
NameID Format
31.7.2.3
IdP
31.7.2.4
RequestedAttributes
31.8
Using the Federation Proxy
31.9
Using WLST for Identity Federation Administration
32
Managing Settings for Identity Federation
32.1
Prerequisites
32.2
Introduction to Federation Settings
32.3
Managing General Federation Settings
32.3.1
About Managing General Federation Settings
32.3.2
Managing General Federation Settings
32.4
Managing Proxy Settings for Federation
32.4.1
About Proxy Settings for Federation
32.4.2
Managing Proxy Settings for Identity Federation
32.5
Defining Keystore Settings for Federation
32.5.1
About Managing Keytore Settings for Identity Federation
32.5.2
Managing Identity Federation Encryption/Signing Keys
32.5.2.1
Resetting the System (.oamkeystore) and Trust (amtruststore) Keystore Password
32.5.2.2
Adding a New Key Entry to the System Keystore (.oamkeystore)
32.6
Exporting Metadata
33
Managing Federation-related Schemes and Policies
33.1
Prerequisites
33.2
Using Identity Federation and Access Manager in Concert Together
33.3
Using Authentication Schemes and Modules for Identity Federation 11
g
Release 2 (11.1.2.2)
33.3.1
About the FederationScheme Authentication Scheme
33.3.2
About the FederationPlugin Authentication Module
33.3.3
Managing Authentication with Identity Federation in 11g Release 2
33.4
Using Authentication Schemes and Modules for Oracle Identity Federation 11g Release 1
33.4.1
About Scheme OIFScheme
33.4.2
About Module OIFMTLDAPPlugin
33.4.3
Managing Authentication with Oracle Identity Federation Release 11gR1
33.5
Managing Access Manager Policies for Use with Identity Federation
33.5.1
About Policy Responses with Assertion Attributes for Identity Federation
33.5.2
Defining Policy Responses with Assertion Attributes for Identity Federation
33.6
Testing Identity Federation Configuration
33.7
Using the Default Identity Provisioning Plug-in
33.7.1
Why Use a Provisioning Plug-in?
33.7.2
About the Default Provisioning Plug-in
33.7.3
Using the Default Provisioning Plug-in
33.7.4
Switching to a Custom Provisioning Plug-in
33.8
Configuring the Identity Provider Discovery Service
33.8.1
Using the Bundled IdP Discovery Service
33.8.2
Creating a custom IdP Discovery Service
33.8.3
Disabling the use of an IdP Discovery Service
33.9
Configuring the Federation User Self-Registration Module
Part VIII Managing Oracle Access Management Security Token Service
34
Introducing the Oracle Access Management Security Token Service
34.1
Understanding the Security Token Service
34.2
Using the Security Token Service
34.3
Security Token Service Key Terms and Concepts
34.4
Integrating the Oracle Web Services Manager
34.5
Architecting the Security Token Service
34.6
Security Token Service Supported Token Matrix
34.7
Deploying Security Token Service
34.7.1
Centralized Token Authority Deployment
34.7.2
Tokens Behind a Firewall Deployment
34.7.3
Web Services SSO Deployment
34.8
Installing Security Token Service
34.8.1
Security Token Service Cluster in Single WLS Domain
34.8.2
Endpoint Exposure through a Web Server Proxy
34.8.3
Interoperability of Requester and Relying Party with Other Oracle WS-Trust based Clients
34.8.4
Security Token Service Installation Overview
34.8.5
Post-Installation Tasks: Security Token Service
34.9
Administrating the Security Token Service
35
Security Token Service Implementation Scenarios
35.1
Prerequisites
35.2
Typical Token Ecosystem
35.3
Scenario: Identity Propagation with the Access Manager Token
35.3.1
Component Processing: Identity Propagation with the OAM Token
35.3.2
Request Security Token Attributes and Run Time Processing
35.3.3
Configuration Requirements: Identity Propagation with the OAM Token
35.3.4
Testing Your Implementation
35.4
Scenario: Web Service Security With On Behalf Of Username Token
35.4.1
Component interactions for Identity Propagation with Username Token
35.4.2
RST Attributes and Processing for Identity Propagation with a Username Token
35.4.3
Configuration Requirements: Identity Propagation with the Username Token
36
Configuring Security Token Service Settings
36.1
Prerequisites
36.2
Introduction to Security Token Service Configuration
36.2.1
Post-Installation Configuration
36.2.2
About OAM Servers and Security Token Service
36.2.3
About Security Token Service Clients
36.2.4
About Agents and Security Token Service
36.2.5
About Security Token Service End Points and Policies
36.3
Enabling and Disabling Security Token Service
36.3.1
About Security Token Service and the Oracle Access Management Console
36.3.1.1
About Security Token Service Administrators
36.3.1.2
About Logging In To, and Signing Out Of, Security Token Service
36.3.2
About Enabling Services for Security Token Service
36.3.3
Enabling and Disabling Services for Security Token Service
36.4
Defining Security Token Service Settings
36.4.1
About Security Token Service Settings
36.4.2
Managing Security Token Service Settings
36.5
Using and Managing WSS Policies for Oracle WSM Agents
36.5.1
Using and Modifying Oracle Workspace Studio Policies
36.5.2
Managing WSS Policies for Security Token Service: Classpath
36.5.3
Managing WSS Policies for Security Token Service: Oracle WSM Policy Manager
36.6
Configuring OWSM for WSS Protocol Communication
36.6.1
About Oracle WSM Agent WS-Security Policies for Security Token Service
36.6.2
Retrieving the Oracle WSM Keystore Password
36.6.3
Extracting the Oracle STS/Oracle WSM Signing and Encryption Certificate
36.6.4
Adding Trusted Certificates to the Oracle WSM Keystore
36.6.5
Validating Trusted Certificates in the Oracle WSM Keystore
36.6.6
Configuring Oracle WSM Agent for WSS Kerberos Policies
36.7
Managing and Migrating Security Token Service Policies
36.7.1
About Managing and Migrating Security Token Service Policies
36.7.2
Managing Security Token Service Policies
36.7.3
Migrating Security Token Service Policies
36.8
Logging Security Token Service Messages
36.9
Auditing the Security Token Service
36.9.1
About Security Token Service Audit Record Storage
36.9.2
About Audit Reports and Oracle Business Intelligence Publisher
36.9.3
About the Audit Log
36.9.4
About Auditing Security Token Service Events
37
Managing Security Token Service Certificates and Keys
37.1
Prerequisites
37.2
Introducing the Security Token Service Certificates and Keys
37.2.1
About Keystores and Security Token Service
37.2.2
About the Oracle Web Services Manager Keystore (default-keystore.jks)
37.2.3
About Using the OPSS Keystore for Requester Certificates
37.3
Managing Security Token Service Encryption/Signing Keys
37.3.1
Resetting System Keystore (.oamkeystore) and Trust Keystore (amtruststore) Password
37.3.2
Adding a New Key Entry to the System Keystore (.oamkeystore)
37.3.2.1
Adding a New Entry
37.3.2.2
Configuring a SAML Issuance Template to use a Signing Key
37.3.2.3
Setting the Default Encryption Key
37.3.3
Extracting an Security Token Service Certificate
37.3.3.1
Using the Certificate Retrieval Service
37.4
Managing Partner Keys for WS-Trust Communications
37.4.1
About Partner Certificates
37.4.2
About Downloading the Relying Party's Certificate at Run Time
37.4.3
Setting the Partner's Signing or Encryption Certificate
37.5
Managing Certificate Validation
37.5.1
Managing the Trust Anchors Store (amtruststore)
37.5.2
Managing Certificate Revocation Lists
37.5.3
Using a Custom Trust Anchor Store for Security Token Service
38
Managing Templates, Endpoints, and Policies
38.1
Introduction
38.2
Searching for an Existing Template
38.2.1
About Template Search Controls
38.2.2
Searching For a Template
38.3
Managing Token Issuance Templates
38.3.1
About Managing Token Issuance Templates
38.3.2
Managing a Token Issuance Template
38.4
Managing Token Validation Templates
38.4.1
About Managing Token Validation Templates
38.4.2
Managing Token Validation Templates
38.5
Managing Security Token Service Endpoints
38.5.1
About Managing Endpoints
38.5.2
Managing EndPoints
38.6
Managing Token Issuance Policies, Conditions, and Rules
38.6.1
About Token Issuance Policies
38.6.2
About Managing Token Issuance Conditions and Rules
38.6.3
Managing Token Issuance Policies and Conditions
38.7
Managing TokenServiceRP Type Resources
38.7.1
About Managing TokenServiceRP Type Resources in Access Manager
38.7.2
Managing TokenServiceRP Type Resources in Application Domains
38.8
Making Custom Classes Available
38.8.1
About Making Classes Available
38.8.2
About Narrowing a Search for Custom Tokens
38.8.3
Managing Custom Tokens
38.9
Managing a Custom Security Token Service Configuration
38.9.1
Creating the Validation Template
38.9.2
Creating the Issuance Template for a Custom Token
38.9.3
Adding the Custom Token to a Requester Profile
38.9.4
Adding the Custom Token to the Relying Party Profile
38.9.5
Mapping the Token to a Requestor
38.9.6
Creating an /wssuser EndPoint
39
Managing Token Service Partners and Partner Profiles
39.1
Prerequisites
39.2
Introduction Token Service Partners and Partner Profiles
39.2.1
About Token Service Partners
39.2.2
About Partner Profiles
39.2.2.1
About Partner Entries
39.2.2.2
About Partner Profile Data
39.3
Managing Token Service Partners
39.3.1
About Managing Token Service Partners
39.3.2
Managing a Token Service Partner
39.3.3
Refining Partner Searches
39.4
Managing Token Service Partner Profiles
39.4.1
About Managing Partner Profiles
39.4.2
Managing a Token Service Partner Profile
39.4.3
Refining a Profile Search
40
Troubleshooting Security Token Service
40.1
Authorization Issues
40.2
Endpoint Issues
40.3
Mapping Operation Issues
Part IX Managing Oracle Access Management Mobile and Social
41
Understanding Mobile and Social
41.1
Introducing Mobile and Social
41.1.1
Installing Mobile and Social
41.1.2
Deploying Mobile and Social
41.1.3
Enabling Mobile and Social
41.2
Understanding Mobile Services
41.2.1
Introducing Authentication Services and Authorization Services
41.2.2
Understanding the Mobile Services Authorization Flow
41.2.3
Understanding Single Sign-on (SSO) for Mobile Services
41.2.4
Introducing the Mobile and Social Mobile Services Client SDK
41.2.5
Introducing User Profile Services
41.3
Understanding the Mobile Services Processes
41.3.1
Registering a Mobile Device With User Authentication
41.3.2
Authenticating a User With a Registered Device
41.3.3
Using REST Calls for User Authentication
41.3.4
Authenticating the User With a Mobile Browser-Based Web App
41.3.5
Authorization Using the Mobile OAuth Authorization Flow
41.4
Using Mobile Services
41.4.1
Protecting the Mobile Client Registration Endpoint
41.4.2
Exchanging Credentials
41.4.3
Protecting User Profile Services And Authorization Services
41.4.4
Using Mobile Services with Oracle Access Manager
41.4.5
Using Mobile Services with Oracle Adaptive Access Manager Services
41.5
Understanding Social Identity
41.6
Understanding Social Identity Processes
41.6.1
Authenticating a Returning User With a Local Account
41.6.2
Authenticating a New User With No Local Account
41.6.3
Using OAuth For Access Token Retrieval
41.6.4
Authenticating a User With Access Manager and Social Identity
41.6.5
Authenticating a User Locally
41.7
Using Social Identity
41.7.1
Using Social Identity With Oracle Access Manager
41.7.2
Using Social Identity With Mobile Services
41.7.3
Using the Social Identity SDK
42
Configuring Mobile Services
42.1
Opening the Mobile Services Configuration Page
42.2
Understanding Mobile Services Configuration
42.2.1
Understanding Service Providers
42.2.2
Understanding Service Profiles
42.2.3
Understanding Security Handler Plug-ins
42.2.4
Understanding Application Profiles
42.2.5
Understanding Service Domains
42.3
Defining Service Providers
42.3.1
Defining, Modifying or Deleting an Authentication Service Provider
42.3.1.1
Understanding the Pre-Configured Authentication Service Providers
42.3.1.2
Understanding the JWT-OAM Token Authentication Service Provider
42.3.1.3
Creating an Authentication Service Provider
42.3.1.4
Editing or Deleting an Authentication Service Provider
42.3.1.5
Requiring User Credentials to Exchange a JWT Token for an OAM Token
42.3.1.6
Configuring OAM to use the JWT-OAM + PIN Token Service Provider
42.3.2
Defining, Modifying or Deleting an Authorization Service Provider
42.3.2.1
Creating an Authorization Service Provider
42.3.2.2
Editing or Deleting an Authorization Service Provider
42.3.2.3
Understanding the Pre-Configured Authorization Service Provider
42.3.3
Defining, Modifying or Deleting a User Profile Service Provider
42.3.3.1
Creating a User Profile Service Provider
42.3.3.2
Editing or Deleting a User Profile Service Provider
42.3.3.3
Understanding the Pre-Configured User Profile Service Provider
42.4
Defining Service Profiles
42.4.1
Defining, Modifying and Deleting an Authentication Service Profile
42.4.1.1
Creating an Authentication Service Profile
42.4.1.2
Editing or Deleting an Authentication Service Profile
42.4.2
Defining, Modifying and Deleting an Authorization Service Profile
42.4.2.1
Creating an Authorization Service Profile
42.4.2.2
Editing or Deleting an Authorization Service Profile
42.4.3
Defining, Modifying and Deleting a User Profile Service Profile
42.4.3.1
Creating a User Profile Service Profile
42.4.3.2
Editing or Deleting a User Profile Service Profile
42.5
Defining Security Handler Plug-ins
42.5.1
Creating a Security Handler Plug-in
42.5.2
Editing or Deleting a Security Handler Plug-in
42.5.3
Device Fingerprinting and Device Profile Attributes
42.6
Defining Application Profiles
42.6.1
Creating an Application Profile
42.6.2
Editing or Deleting an Application Profile
42.7
Defining Service Domains
42.7.1
Creating a Service Domain
42.7.2
Editing or Deleting a Service Domain
42.8
Using the Jail Breaking Detection Policy
42.8.1
Adding a New Jail Breaking Detection Policy
42.8.2
Editing the Jail Breaking Detection Policy
42.9
Configuring Mobile Services with Other Oracle Products
42.9.1
Configuring Mobile Services for Access Manager
42.9.1.1
Configuring Mobile Services to Work With Access Manager in Simple and Certificate Mode
42.9.1.2
Configuring an Authentication Service Provider for Remote Oracle Access Manager Server 10g
42.9.1.3
Configuring an Authentication Service Provider for Remote Access Manager 11gR2 or Oracle Access Manager 11gR1 PS1
42.9.2
Configuring Mobile Services for Oracle Adaptive Access Manager
42.9.2.1
Understanding OAAM Support in Mobile and Social
42.9.2.2
Configuring the WebLogic Administration Domain
42.9.2.3
Configuring OAAM if Social Identity Authentication is Enabled in Mobile Services
42.9.2.4
Setting up a Lost or Stolen Device Rule
42.9.2.5
Configuring Blacklisted Devices and Applications
42.9.2.6
Understanding the OAAM Sessions for Mobile Applications
42.9.2.7
Registering Users for OAAM Authentication
43
Configuring Social Identity
43.1
Opening the Social Identity Configuration Page
43.2
Understanding Social Identity Configuration
43.2.1
Understanding Social Identity Providers
43.2.2
Understanding Service Provider Interfaces
43.2.3
Understanding Application Profiles
43.3
Defining Social Identity Providers
43.3.1
Creating a Social Identity Provider
43.3.2
Editing or Deleting a Social Identity Provider
43.3.3
Generating the Consumer Key and Consumer Secret for OAuth Providers
43.3.3.1
Generating a Consumer Key and Consumer Secret for Facebook
43.3.3.2
Generating a Consumer Key and Consumer Secret for Twitter
43.3.3.3
Generating a Consumer Key and Consumer Secret for LinkedIn
43.3.3.4
Generating a Consumer Key and Consumer Secret for Foursquare
43.3.3.5
Generating a Consumer Key and Consumer Secret for Windows Live
43.3.3.6
Generating a Consumer Key and Consumer Secret for Google
43.3.4
Troubleshooting Facebook Social Identity Providers
43.3.4.1
Configuring WebLogic Server for Facebook Compatibility
43.3.4.2
Configuring WebLogic Server 10.3.5 and Older for Facebook Compatibility
43.4
Defining Service Provider Interfaces
43.4.1
Creating a Service Provider Interface
43.4.2
Editing or Deleting an Service Provider Interface
43.4.3
Adding a Custom Service Provider Interface Implementation
43.5
Defining Application Profiles
43.5.1
Creating an Application Profile
43.5.2
Editing or Deleting an Application Profile
43.6
Integrating Social Identity With Mobile Applications
43.7
Linking Social Identity Provider Accounts
43.7.1
Using Social Identity Provider Account Linking
43.7.2
Configuring Social Identity Provider Account Linking
44
Configuring Mobile and Social System Settings
44.1
Accessing the Mobile and Social Settings Interface
44.1.1
Understanding the Mobile and Social Settings Page
44.2
Logging and Auditing
44.3
Deploying Mobile and Social With Oracle Access Manager
44.4
Configuring Mobile and Social After Running Test-to-Production Scripts
44.5
Configuring Mobile and Social for High Availability (HA)
44.6
Enabling the REST Client to Specify the Tenant Name
Part X Managing the Oracle Access Management OAuth Service
45
Understanding the OAuth Service
45.1
Introducing the OAuth Service
45.2
Understanding the OAuth Service
45.2.1
Understanding OAuth 2.0 Roles
45.2.2
Understanding the OAuth Service Components
45.2.3
Understanding the OAuth Service Supported Features
45.2.4
The Mobile OAuth Authorization Flow
45.2.5
Understanding the OAuth Service Authorization and Authentication Endpoints
45.2.6
Understanding Refresh Tokens
45.2.7
Understanding the Mobile OAuth Client UI Form Factor Options
45.2.8
Understanding Mobile OAuth Single Sign-on (SSO)
45.3
Understanding the OAuth Service Processes
45.3.1
Understanding OAuth 3-Legged Authorization
45.3.2
Understanding OAuth 2-Legged Authorization
45.3.3
Understanding Mobile OAuth Authorization
46
Configuring OAuth Services
46.1
Enabling OAuth Services
46.2
Opening the OAuth Services Configuration Page
46.3
Understanding OAuth Services Configuration
46.3.1
Understanding OAuth Identity Domains Configuration
46.3.2
Understanding OAuth Service Provider Configuration
46.3.3
Understanding OAuth Service Profiles Configuration
46.3.4
Understanding OAuth Resource Servers Configuration
46.3.5
Understanding OAuth Client Profiles Configuration
46.3.6
Understanding OAuth Consent Management Service Configuration
46.3.7
Understanding OAuth Access Token Custom Attributes
46.3.8
Understanding OAuth Services Security
46.4
Configuring OAuth Services Settings
46.4.1
Configuring OAuth Identity Domains
46.4.1.1
Creating an OAuth Identity Domain
46.4.1.2
Editing or Deleting an OAuth Identity Domain
46.4.1.3
Understanding the Identity Domain Configuration Page - Summary Tab
46.4.1.4
Understanding the Create OAuth Identity Domain Wizard Page
46.4.2
Configuring OAuth Service Profiles
46.4.2.1
Creating an OAuth Service Profile
46.4.2.2
Editing or Deleting an OAuth Service Profile
46.4.2.3
Understanding the OAuth Service Profile Configuration Page
46.4.3
Configuring OAuth Clients
46.4.3.1
Creating an OAuth Client
46.4.3.2
Editing or Deleting a Client
46.4.3.3
Understanding the OAuth Web Clients Configuration Page
46.4.3.4
Understanding the OAuth Mobile Clients Configuration Page
46.4.4
Configuring the OAuth Service Provider
46.4.4.1
Editing or Deleting the OAuth Service Provider
46.4.4.2
Understanding the OAuth Service Provider Configuration Page
46.4.5
Configuring OAuth Resource Servers
46.4.5.1
Creating an OAuth Resource Server
46.4.5.2
Editing or Deleting an OAuth Resource Server
46.4.5.3
Understanding the OAuth Resource Servers Configuration Page
46.4.6
Configuring User Profile Services
46.4.6.1
Creating a New User Profile Service
46.4.6.2
Editing the User Profile Service
46.4.6.3
Understanding the OAuth User Profile Services Configuration Page
46.4.7
Configuring OAuth Consent Management Services
46.4.7.1
Creating a New Consent Management Service
46.4.7.2
Editing the Consent Management Service
46.4.7.3
Understanding the OAuth Consent Management Service Configuration
46.4.8
Configuring OAuth Plug-Ins
46.4.8.1
Creating a new OAuth Plug-in
46.4.8.2
Understanding the Plug-in Configuration Page
46.4.9
Configuring OAuth Server Settings
46.4.10
Configuring the OAuth Services Jail Breaking Detection Policy
46.4.11
Configuring Token Life Cycle Management
46.5
Configuring OAuth to Accept Third-Party JWT Bearer Assertions
46.5.1
Understanding the default OAuth Service Profile Keystore
46.5.2
Creating a Non-Default Keystore for an OAuth Service Profile
46.5.3
Configuring an OAuth Service Profile for Third-Party JWT Assertion Validation
46.6
Configuring a WebGate to Support the OAuth Service
Part XI Managing Oracle Access Management Oracle Access Portal
47
Configuring the
Access Portal Service
47.1
Prerequisites for Deploying the Access Portal Service
47.2
Overview of the Access Portal Service Deployment Process
47.3
Deploying the Access Portal Service
47.3.1
Deploying the Java Cryptography Extension Policy Files
47.3.2
Creating the Identity Store Configuration File
47.3.3
Creating the Oracle Access Manager Configuration File
47.3.4
Understanding the Access Portal Service Repository Objects
47.3.5
Preparing and Enabling the Access Portal Service on an Oracle Repository
47.3.6
Preparing and Enabling the Access Portal Service on Microsoft Active Directory
47.3.7
(Active Directory Only) Deploying the OAMAgent Web Application
47.3.8
Setting the Policy Cache Refresh Interval
47.3.9
Integrating with Oracle Privilege Account Manager
47.3.9.1
Installing the Oracle Privileged Account Manager Certificates
47.3.9.2
Configuring the Oracle Privileged Account Manager Server
47.3.9.3
Configuring the Provisioning Gateway Server
47.3.10
Deploying the Oracle Traffic Director Administration Server
47.3.10.1
Applying the Required Oracle Traffic Director Patch
47.3.11
Deploying the Webgate Binaries and Secure Trust Artifacts
47.3.12
(Optional) Configuring the ESSOProvisioning Plugin
47.3.13
Creating an Oracle Traffic Director Configuration
47.3.14
Protecting the Oracle Traffic Director Instance with the Webgate and Access Proxy Plugins
47.3.14.1
Generating the Secure Trust Artifacts
47.3.14.2
Loading the Required WebGate Libraries into the OTD Instance
47.3.14.3
Deploying the Configuration Changes
47.3.14.4
Testing the WebGate
47.3.15
(Optional) Enabling the Detached Credential Collector for the Target Webgate
47.3.15.1
Creating and Applying the Detached Credential Collector Authentication Scheme
47.3.15.2
Deploying Detached Credential Collector Pages on Oracle HTTP Server
47.3.15.3
Routing Oracle Traffic Director Authentication Requests via the Detached Credential Collector
47.3.16
Configuring Logon Manager for Compatibility with the Access Portal Service
47.3.16.1
Modifying the Access Portal Service Configuration
47.3.16.2
Modifying the Logon Manager Configuration
47.4
Enabling Form-Fill Single Sign-On for an Application
47.4.1
Configuring a Form-Fill Application Policy
47.4.1.1
Creating a Form-Fill Application Policy
47.4.1.2
Adding a Proxy-Enabled URL to a Form Fill Application Policy
47.4.1.3
Publishing the Policy to the Repository
47.4.1.4
(Optional) Importing the Policy into the Oracle Access Manager Console
47.4.1.5
Testing the Policy
47.4.2
Guidelines for Configuring Proxy Rules in Oracle Traffic Director
47.4.2.1
Path Rewriting Guidelines for HTTP Request/Response Headers
47.4.2.2
Path Rewriting Guidelines for Browser Cookies
47.4.2.3
Path Rewriting Guidelines for Page Content
47.4.3
Configuring the Access Proxy Request Filtering
47.4.3.1
Configuring the JavaScript Injection Filter
47.4.3.2
Configuring the Mock Credentials Filter
47.4.3.3
Configuring HTTP Basic Authentication
47.4.3.4
Configuring the HTTP Request Sanitizer Directive
47.5
Adding a Federated Partner Provider Application
47.6
Adding an Oracle SSO Agent Application
47.7
Common Interface Controls
47.8
Managing Password Generation Policies
47.8.1
Searching for Password Generation Policies
47.8.2
Creating Password Generation Policies
47.8.3
Managing Policy Subscribers
47.9
Managing Credential Sharing Groups
47.9.1
Searching for Credential Sharing Groups
47.9.2
Creating Credential Sharing Groups
47.9.3
Managing Applications in Credential Sharing Groups
47.10
Managing Global Agent Settings
47.10.1
Searching for Sets of Global Agent Settings
47.10.2
Importing an INI File with a Global Agent Settings Configuration
47.10.3
Creating a Set of Global Agent Settings
Part XII Using Identity Context
48
Using Identity Context
48.1
Introducing Identity Context
48.2
Understanding Identity Context
48.3
Working With the Identity Context Service
48.3.1
Using the Identity Context Dictionary
48.3.2
Understanding Identity Context Runtime
48.4
Using the Identity Context API
48.5
Configuring the Identity Context Service Components
48.5.1
Configuring Oracle Fusion Middleware
48.5.2
Configuring Access Manager
48.5.2.1
Configuring Identity Assertion
48.5.2.2
Configuring Federation Attributes
48.5.2.3
Configuring Session Attributes
48.5.2.4
Configuring Identity Store Attributes
48.5.3
Configuring Oracle Adaptive Access Manager
48.5.3.1
Setting Up Oracle Adaptive Access Manager
48.5.3.2
Configuring Access Manager for OAAM Integration
48.5.3.3
Validating Identity Context Data Published by OAAM
48.5.4
Configuring Web Service Security Manager
48.5.5
Configuring Oracle Entitlements Server
48.5.6
Configuring Oracle Enterprise Single Sign On
48.5.7
Configuring Oracle Access Management Mobile and Social
48.6
Validating Identity Context
Part XIII Integrating Access Manager with Other Products
49
Integrating RSA SecurID Authentication with Access Manager
49.1
Introduction to Access Manager and RSA SecurID Authentication
49.2
Components Required for SecurID Authentication
49.2.1
Supported Versions and Platforms
49.2.2
Required RSA Components
49.2.2.1
RSA Authentication Manager
49.2.2.2
RSA SecurID Tokens
49.2.3
Installation and Configuration Requirements
49.3
SecurID Authentication Modes
49.3.1
Standard SecurID Authentication
49.3.2
SecurID Next Tokencode Authentication
49.3.3
SecurID New PIN Authentication
49.4
Configuring Access Manager for RSA SecurID Authentication
49.5
Running a Custom RSA Plug-in
50
Configuring Access Manager for Windows Native Authentication
50.1
Introducing Access Manager with Windows Native Authentication
50.1.1
Access Manager WNA Login and Fall Back Authentication
50.1.2
Supported Integration Approaches
50.2
Preparing Your Active Directory/Kerberos Topology
50.3
Performing Oracle-Specific Prerequisite Tasks
50.3.1
Confirming Access Manager Operation
50.4
Enabling the Browser to Return Kerberos Tokens
50.5
Integrating KerberosPlugin with Oracle Virtual Directory
50.5.1
Preparing Oracle Virtual Directory for Integration
50.5.2
Registering Oracle Virtual Directory as the Default Store for WNA
50.5.3
Setting Up Authentication with Access Manager KerberosPlugin and OVD
50.6
Integrating Access Manager KerberosPlugin with Search Failover
50.6.1
Registering Microsoft Active Directory Instances with Access Manager
50.6.2
Setting Up Access Manager KerberosPlugin for ADGCs
50.7
Configuring Access Manager for Windows Native Authentication
50.7.1
Creating the Authentication Scheme for Windows Native Authentication
50.7.2
Configuring Access Manager Policies for Windows Native Authentication
50.7.3
Configuring WNA for NTLM Fallback
50.7.4
Verifying the Access Manager Configuration File
50.8
Validating WNA with Access Manager-Protected Resources
50.9
Configuring WNA For Use With DCC
50.9.1
Initializing the Kerberos Protocol
50.9.2
Configuring Access Manager
50.10
Configuring Access for Multiple Untrusted Active Directory Forests
50.10.1
Create Service Principal Accounts
50.10.2
Generating a Master Keytab File
50.10.3
Configuring the krb5.conf File
50.10.4
Validating Access to the KDC Servers Using the Keytabs
50.10.5
Creating the Active Directory or Oracle Virtual Directory User Stores
50.10.6
Creating the Custom Kerberos Authentication Module
50.10.7
Configuring Integrated Windows Authentication
50.10.8
Testing the Configurations
50.10.9
Troubleshooting the Configurations
50.10.9.1
Adding Kerberos Debugging to the Access Manager Server
50.10.9.2
Turning Access Manager Server Debug Mode to TRACE
50.10.9.3
Verifying LDAP Searches in OVD
50.11
Troubleshooting WNA Configuration
50.11.1
Keytab Format Results in Authentication Error When Using IBM JDK
50.11.2
Kinit Fails
50.11.3
Unable To Access a Protected Resource Using WNA Authentication Scheme
50.11.4
User Identity Store is Not Active Directory
51
Integrating JBoss with Access Manager
51.1
Introduction to JBoss with Access Manager
51.1.1
About Configuration and Processing by Access Manager JBoss Agent
51.1.2
About Configuration and Processing by Access Manager Login Module
51.2
Integration Topology
51.2.1
Access Manager JBoss Agent Functionality
51.2.2
Topology: Access Manager with JBoss Agent
51.2.3
Topology: JBoss Agent Behind Web Server Configured with Webgate
51.2.4
Sample Integration Topology
51.3
Preparing Your Environment for JBoss Integration
51.4
Protecting JBoss-Specific Resources
51.4.1
Registering the JBoss Agent with Automatic Policy Creation
51.4.2
Creating a Custom Policy for JBoss Resource Protection
51.5
Protecting Web Applications with the JBoss Agent
51.5.1
Creating Configuration Properties for the JBoss Agent
51.5.2
Configuring the Authentication Valve
51.5.3
Mapping the Filter in the Application's web.xml File
51.5.4
Configuring the JBoss Login Module to Use Access Manager Policies
51.6
Configuring JBoss Server to Access a Host Name (not localhost)
51.7
Configuring the Login Module to Secure EJBs
51.7.1
Configuring the Server to Secure EJBs
51.7.2
Configuring the Client Side to Secure EJBs
51.8
Configuring the Login Module to Secure Web Service Access
51.8.1
Configuring the Server to Secure Web Services Access
51.8.2
Configuring the Client to Secure Web Services Access
51.9
Configuring Logging for the JBoss Agent and Login Module
51.10
Validating Your Configuration
52
Integrating Microsoft SharePoint Server with Access Manager
52.1
What is Supported in This Release?
52.2
Introduction to Integrating With the SharePoint Server
52.2.1
About Windows Impersonation
52.2.2
About Form Based Authentication With This Integration
52.2.3
About Authentication With Windows Impersonation and SharePoint Server Integration
52.2.4
About Access Manager and Windows Native Authentication
52.3
Integration Requirements
52.3.1
Confirming Requirements
52.3.2
Required Access Manager Components
52.3.3
Required Microsoft Components
52.4
Preparing for Integration With SharePoint Server
52.5
Integrating With Microsoft SharePoint Server
52.5.1
Creating a New Web Application in Microsoft SharePoint Server
52.5.2
Creating a New Site Collection for Microsoft SharePoint Server
52.6
Setting Up Microsoft Windows Impersonation
52.6.1
Creating Trusted User Accounts
52.6.2
Assigning Rights to the Trusted User
52.6.3
Binding the Trusted User to Your WebGate
52.6.4
Adding an Impersonation Response to an Authorization Policy
52.6.5
Adding an Impersonation DLL to IIS
52.6.6
Testing Impersonation
52.6.6.1
Creating an IIS Virtual Site Not Protected by SharePoint Server
52.6.6.2
Testing Impersonation Using the Event Viewer
52.6.6.3
Testing Impersonation using a Web Page
52.6.6.4
Negative Testing for Impersonation
52.7
Completing the SharePoint Server Integration
52.7.1
Configuring IIS Security
52.8
Integrating With Microsoft SharePoint Server Configured With LDAP Membership Provider
52.8.1
About Integrating With Microsoft SharePoint Server Configured With LDAP Membership Provider
52.8.2
Installing Access Manager for Microsoft SharePoint Server Configured With LDAP Membership Provider
52.8.3
Configuring an Authentication Scheme for Use With LDAP Membership Provider
52.8.4
Updating the Application Domain Protecting the SharePoint Web Site
52.8.5
Creating an Authorization Response for Header Variable SP_SSO_UID
52.8.6
Creating an Authorization Response for the OAMAuthCookie
52.8.7
Configuring and Deploying OAMCustomMembershipProvider
52.8.8
Enabling Logging for CustomMemberShipProvider
52.8.9
Ensuring Directory Servers are Synchronized
52.8.10
Testing the Integration
52.9
Configuring Single Sign-On for Office Documents
52.10
Configuring Single Sign-off for Microsoft SharePoint Server
52.10.1
Configuring a Custom Logout URL in SharePoint Server
52.10.2
Configuring Logout in SharePoint Server With Impersonation
52.11
Setting Up Access Manager and Windows Native Authentication
52.11.1
Setting Up Access Manager WNA
52.11.2
Setting Up WNA With SharePoint Server
52.11.3
Installing Access Manager for WNA and SharePoint Server
52.11.4
Testing Your WNA Implementation
52.12
Synchronizing User Profiles Between Directories
52.13
Testing Your Integration
52.13.1
Testing the SharePoint Server Integration
52.13.2
Testing Single Sign-On for the SharePoint Server Integration
52.14
Troubleshooting
52.14.1
Internet Explorer File Downloads Over SSL Might Not Work
53
Integrating Access Manager with Outlook Web Application
53.1
What is New in This Release?
53.2
Introduction to Integration with Outlook Web Application
53.2.1
About Impersonation Provided by Microsoft Windows
53.2.2
About Access Manager 11g Support for Windows Impersonation
53.2.3
About Single Sign-On for Authenticated Access Manager Users into Exchange
53.2.4
About Confirming Requirements
53.3
Enabling Impersonation With a Header Variable
53.3.1
Requirements for Impersonation with a Header Variable
53.3.2
Creating an Impersonator as a Trusted User
53.3.3
Assigning Rights to the Trusted User
53.3.4
Binding the Trusted User to Your Webgate
53.3.5
Adding an Impersonation Response to An Application Domain
53.3.6
Adding an Impersonation DLL to IIS
53.3.7
Testing Impersonation
53.3.7.1
Creating an IIS Virtual Site
53.3.7.2
Testing Impersonation Using the Event Viewer
53.3.7.3
Testing Impersonation using a Web Page
53.4
Setting Up Impersonation for Outlook Web Application (OWA)
53.4.1
Prerequisites to Setting Impersonation for Outlook Web Application
53.4.2
Creating a Trusted User Account for Outlook Web Application
53.4.3
Assigning Rights to the Outlook Web Application Trusted User
53.4.4
Binding the Trusted Outlook Web Application User to Your Webgate
53.4.5
Adding an Impersonation Action to an Application Domain for Outlook Web Application
53.4.6
Adding an Impersonation dll to IIS
53.4.7
Configuring IIS Security
53.4.8
Testing Impersonation for Outlook Web Application
53.4.8.1
Testing Impersonation Using the Event Viewer
53.4.8.2
Testing Impersonation using a Web Page
53.4.8.3
Negative Testing for Impersonation
53.5
Setting Up Access Manager WNA for Outlook Web Application
54
Integrating Microsoft Forefront Threat Management Gateway 2010 with Access Manager
54.1
What is New in This Release?
54.2
Introduction to Integration with TMG Server 2010
54.2.1
About This Integration
54.2.2
About Confirming Certification Requirements
54.3
Creating a Forefront TMG Policy and Rules
54.3.1
Creating a Custom Policy for Forefront TMG
54.3.2
Creating a Forefront TMG Firewall Policy Rule
54.3.3
Verifying Forefront TMG Proxy Configuration
54.4
Installing and Configuring 10g Webgate for Forefront TMG Server
54.4.1
Installing 10g WebGate with TMG Server
54.4.2
Changing /access Directory Permissions
54.5
Configuring the TMG 2010 Server for the ISAPI 10g Webgate
54.5.1
Registering Access Manager Plug-ins as TMG Server Web Filters
54.5.2
Ordering the ISAPI Filters
54.5.3
Verifying Form-based Authentication
54.6
Starting, Stopping, and Restarting the TMG Server
54.7
Removing Access Manager Filters Before WebGate Uninstall on TMG Server
54.8
Troubleshooting
55
Integrating Access Manager 11.1.2 with SAP NetWeaver Enterprise Portal
55.1
What is Supported in This Release?
55.2
Supported Versions and Platforms
55.3
Integration Architecture
55.3.1
Process Overview: Integration with SAP NetWeaver Enterprise Portal
55.4
Configuring Oracle Access Management and NetWeaver Enterprise Portal 7.0.
x
55.4.1
Before You Begin
55.4.2
Configuring the Apache HTTP Server as a Proxy
55.4.3
Configuring SAP NetWeaver Enterprise Portal for External Authentication
55.4.4
Adjusting the Login Module Stacks for using Header Variables
55.4.5
Configuring Access Manager 11.1.2 for SAP Enterprise Portal
55.5
Configuring Oracle Access Management and NetWeaver Enterprise Portal 7.4.
x
55.5.1
Before You Begin
55.5.2
Configuring Access Manager for SAP NetWeaver Enterprise Portal 7.4.
x
55.5.3
Configuring Apache Web Server 2.0.
x
or 2.2.
x
55.5.4
Configuring SAP Enterprise Portal 7.4 for External Authentication
55.5.5
Adjusting the Login Module Stacks for Using Header Variables
55.6
Testing the Integration
55.7
Troubleshooting the Integration
56
Integrating Oracle Access Manager 11.1.2 with SAP NetWeaver Enterprise Portal Using OpenSSO Policy Agent 2.2
56.1
What is Supported in This Release?
56.2
Registering the OpenSSO Agent
56.3
Installing the OpenSSO Policy Agent 2.2 on SAP Enterprise Portal
56.3.1
Post-Installation Steps
56.4
Deploying the Agent Software Delivery Archive
56.5
Making a Class Loader Reference to the Login Module
56.6
Modifying the SAP Enterprise Portal 7.0 / Web Application Server 7.0 Class Path
56.7
Deploying and Starting the Agentapp.war File
56.8
Using Telnet to Create a Reference Between agentapp and Library AmSAPAgent2.2
56.9
Adding the Login Module to the Stack
56.10
Modifying the Login Module Stack
56.11
Updating the ume.logoff.redirect.uri
56.12
Configuring the AMAgent.properties File
56.13
Testing the Integration
Part XIV Appendixes
A
Integrating Oracle ADF Applications with Access Manager SSO
A.1
Introducing Oracle Platform Security Services and Oracle Application Developer Framework
A.1.1
Oracle Platform Security Services Single Sign-on Framework
A.1.2
Oracle Application Developer Framework
A.2
Integrating Access Manager With Web Applications Using Oracle ADF Security and the OPSS SSO Framework
A.2.1
Sample SSO Configuration for Access Manager
A.2.2
SSO Provider Configuration Details
A.3
Configuring Centralized Logout for Oracle ADF-Coded Applications
A.3.1
About Centralized Logout Processing for Applications Coded to Oracle ADF Standards
A.3.2
Configuring Centralized Logout for ADF-Coded Applications with Access Manager
A.4
Confirming Application-Driven Authentication During Runtime
B
Internationalization and Multibyte Data Support for 10g WebGates
B.1
Introduction to Internationalization and Multibyte Data Support
B.1.1
Languages For Localized Messages
B.1.2
Bi-directional Language Support
B.1.3
UTF-8 Encoding
C
Securing Communication
C.1
Prerequisites
C.2
Securing Communication Between OAM Servers and WebGates
C.2.1
About Certificates, Authorities, and Encryption Keys
C.2.2
About Security Modes and X509Scheme Authentication
C.2.3
About the Importcert Tool
C.3
Generating Client Keystores for OAM Tester in Cert Mode
C.4
Configuring Cert Mode Communication for Access Manager
C.4.1
About Cert Mode Encryption and Files
C.4.2
Generating a Certificate Request and Private Key for OAM Server
C.4.3
Retrieving the OAM Keystore Alias and Password
C.4.4
Importing the Trusted, Signed Certificate Chain Into the Keystore
C.4.5
Adding Certificate Details to Access Manager Settings
C.4.6
Generating a Private Key and Certificate Request for WebGates
C.4.7
Updating WebGate to Use Certificates
C.5
Configuring Simple Mode Communication with Access Manager
C.5.1
About Simple Mode, Encryption, and Keys
C.5.2
Retrieving the Global Passphrase for Simple Mode
C.5.3
Updating WebGate Registration for Simple Mode
C.5.4
Verifying Simple Mode Configuration
D
Reviewing Bundled, Generated, and Migrated Artifacts
D.1
Bundled 10g IAMSuiteAgent Artifacts
D.1.1
Pre-Registered 10g IAMSuiteAgent
D.1.2
IAMSuiteAgent Security Provider Settings, WebLogic Administration Console
D.1.3
IAMSuiteAgent Registration
D.1.4
Resources Protected by IAMSuiteAgent
D.1.5
Pre-seeded IAM Suite Application Domain and Policies
D.2
Generated Artifacts: OpenSSO
D.2.1
Generated OpenSSOAgentAuthPlugin
D.2.2
Generated Host Identifier: OpenSSOAgent
D.2.3
Generated Application Domain: OpenSSOAgent
D.2.4
Generated Resources: OpenSSOAgent
D.2.5
Generated Authentication Policy: OpenSSOAgent Application Domain
D.2.6
Generated Authorization Policy: OpenSSOAgent Application Domain
D.3
Migrated Artifacts: OpenSSO
D.3.1
Migrated User Identity Store: OpenSSO
D.3.2
Migrated Agents: OpenSSO
D.3.3
Migrated Authentication Module: OpenSSO
D.3.4
Migrated Host Identifier: OpenSSO
D.3.5
Migrated Application Domain: OpenSSO
D.3.6
Migrated Resources: OpenSSO
D.3.7
Migrated Authentication Policy: OpenSSO
D.3.8
Migrated Authorization Policy: OpenSSO
E
Troubleshooting
E.1
Introduction to Oracle Access Management Troubleshooting
E.1.1
About System Analysis and Problem Scenarios
E.1.2
About LDAP Server or Identity Store Issues
E.1.3
About OAM Server or Host Issues
E.1.4
About Agent-Side Configuration and Load Issues
E.1.5
About Runtime Database (Audit or Session Data) Issues
E.1.6
About Change Propagation or Activation Issues
E.1.7
About Policy Store Database Issues
E.2
Using My Oracle Support for Additional Troubleshooting Information
E.3
Administrator Lockout
E.4
Oracle Access Management Console Inconsistent State
E.5
AdminServer Won't Start if the Wrong Java Path Given with WebLogic Server Installation
E.6
Agent Naming Not Unique
E.7
Application URL Requirements
E.8
Authentication Issues
E.8.1
Anonymous Authentication Issues
E.8.2
X.509Scheme and SSL Handshake Issues
E.8.2.1
Configuration Issues
E.8.2.2
Trust Issues
E.8.2.3
Certificate Validation Issues
E.8.3
X.509 Protected Resource and Single Sign Off
E.8.4
X509CredentialExtractor Certificate Validation Error
E.9
Authorization Issues
E.9.1
Authorization Condition Error
E.9.2
LDAP Search Filter Test Results
E.9.3
Authorization Header Response Names
E.10
Cannot Access Authentication LDAP or Database
E.11
Cannot Find Configuration
E.11.1
Configuration Does Not Exist ...
E.12
Co-existence Between OSSO and Access Manager
E.13
Could Not Find Partial Trigger
E.14
Denial of Service Attacks
E.14.1
Protecting the OAM Server from Crashing Under Load
E.14.2
Compensating for Network Latency
E.14.3
Protecting OAM Servers from a Flood of HTTP Requests
E.15
Deployments with Freshly Installed 10g Webgates
E.15.1
Authentication Issues with 10g Webgates
E.15.2
Logout Issues with 10g Webgates
E.16
Diagnosing Initialization and Performance Issues
E.16.1
Diagnosing an Initialization Issue
E.16.2
Diagnosing a Performance Issue
E.16.3
Diagnosing Out-of-Memory Issues With a Heap Dump
E.17
Disabling Windows Challenge/Response Authentication on IIS Web Servers
E.18
Changing UserIdentityStore1 Type Can Lock Out Administrators
E.19
IIS Web Server Issues
E.19.1
Form Authentication or Pass-Through Not Working
E.19.2
IIS and General Web Component Guidelines
E.19.3
Issues with IIS v6 Web Servers
E.19.4
Page Cannot Be Displayed Error
E.19.5
Removing and Reinstalling IIS DLLs
E.20
Import and File Upload Limits
E.21
jps Logger Class Instantiation Warning is Logged on Authentication
E.22
Internationalization, Languages, and Translation
E.22.1
Automatically Generated Descriptions Are Not Translated
E.22.2
Console Looks Messy
E.22.3
Authentication Fails: Users with Non-ASCII Characters
E.22.4
Access Tester Does Not Work with Non-ASCII Agent Names
E.22.5
Locales, Languages, and Oracle Access Management Console Login Page
E.23
Login Failure for a Protected Page
E.24
OAM Metric Persistence Timer IllegalStateException: SafeCluster
E.25
Partial Cluster Failure and Intermittent Login and Logout Failures
E.26
RSA SecurID Issues and Logs
E.27
Registration Issues
E.28
Rowkey does not have any primary key attributes Error
E.29
SELinux Issues
E.30
Session Issues
E.30.1
Session Impersonation Not Enabled by Default
E.30.2
Sessions with Oracle Access Manager 11.1.1 Integrated with Oracle Identity Federation 11.1.1
E.31
SSL versus Open Communication
E.32
Start Up Issues
E.33
Synchronizing OAM Server Clocks
E.34
Using Coherence
E.35
Validation Errors
E.36
Web Server Issues
E.36.1
Server Fails on an Apache Web Server
E.36.2
Apache v2 on HP-UX
E.36.3
Apache v2 Bundled with Red Hat Enterprise Linux 4
E.36.4
Apache v2 Bundled with Security-Enhanced Linux
E.36.5
Apache v2 on UNIX with the mpm_worker_module for Webgate
E.36.6
Domino Web Server Issues
E.36.7
Errors, Loss of Access, and Unpredictable Behavior
E.36.8
Known Issues for ISA Web Server
E.36.9
Oracle HTTP Server Fails to Start with LinuxThreads
E.36.10
Oracle HTTP Server Webgate Fails to Initialize On Linux Red Hat 4
E.36.11
Oracle HTTP Server Web Server Configuration File Issue
E.36.12
Issues with IIS v6 Web Servers
E.36.13
PCLOSE Error When Starting Sun Web Server
E.36.14
Removing and Reinstalling IIS DLLs
E.37
Windows Native Authentication
Index
Scripting on this page enhances content navigation, but does not change the content in any way.