40.3 Using Authentication Schemes and Modules for Oracle Identity Federation

An authentication scheme is a named component that defines the challenge mechanism required to authenticate a user. Each authentication scheme must also include a defined authentication module.

The following topics describe the authentication schemes and modules that are available for use with the Oracle Identity Federation server in Oracle Fusion Middleware Release 11g R1 (11.1.1).

See Using Authentication Schemes and Modules for Identity Federation about any schemes that are used for Identity Federation in 11g Release 2 (11.1.2.3).

See Managing Authentication Schemes for additional information about schemes.

40.3.1 About Scheme OIFScheme

OIFScheme and OIFMTScheme are used for integration with Oracle Identity Federation 11g Release 1 (11.1.1).

See Using Authentication Schemes and Modules for Identity Federation for the schemes available with Identity Federation 11g Release 2 (11.1.2.3).

Table 40-4 describes the scheme OIFScheme.

Table 40-4 OIFScheme Definition

Element Description

Name

This is the scheme name.

Description

This is a brief description of the scheme.

Authentication Level

This is the trust level of the authentication scheme.

Default

This is a non-editable box that is checked when the Set as Default button is clicked.

Challenge Method

Use to select a challenge method from those available in the drop-down box.

Challenge Redirect URL

This is the URL of another server to which user requests must be redirected for processing.

Authentication Module

This is the authentication module to use with the scheme.

Challenge URL

This is the URL the credential collector will redirect to for credential collection.

Context Type

Use this element to build the final URL for the credential collector.

Challenge Parameters

This is the list of parameters, if any, to use with the challenge.

Table 22-21 for OIFScheme specifications.

40.3.2 About the OIFMTLDAPPlugin Authentication Module

The OIFMTLDAPPlugin module authenticates federated tenants through Identity Federation and non-federated tenants with the identity store associated with Access Manager.

Table 40-5 lists the steps for OIFMTLDAPPlugin.

Table 40-5 IFMTLDAPPlugin Steps

Element Description

Step Name

This is the name of the step within the module.

Description

This element contains a brief description of this step.

Plugin Name

This element specifies the plugin associated with this step.

Plugin Parameters

This element lists the parameters, if any, needed for plugin execution. The parameter list varies with the plugin.

40.3.3 Managing Authentication with Oracle Identity Federation Release 11gR1

When you manage authentication with Oracle Identity Federation Release 11gR1, you work with OIFScheme and OIFMTLDAPPlugin, a custom authentication module for Identity Federation 11g Release 1 (11.1.1).

The following topics explain how to manage authentication with Oracle Identity Federation Release 11gR1:

40.3.3.1 Prerequisites for Authentication with Oracle Identity Federation Release 11gR1

None

40.3.3.2 Viewing or Modifying the OIFScheme Authentication Scheme

You can search for the OIFScheme Authentication Scheme and modify the Scheme details as desired.

To view or modify the Authentication Scheme:

  1. In the Oracle Access Management Console, click Application Security at the top of the window.
  2. In the Application Security console, click Authentication Schemes in the Access Manager section.
  3. Search for and open the OIFScheme authentication scheme.
  4. Review OIFscheme details to ensure these are desired for your deployment.

    See Table 40-4 for field details.

  5. Click Save.

40.3.3.3 Prerequisites for Viewing or Modifying the OIFMTLDAPPlugin Authentication

None.

40.3.3.4 Viewing or Modifying the OIFMTLDAPPlugin Authentication

You can search for the OIFMTLDAPPlugin Authentication and modify module details as desired.

To view or modify the OIFMTLDAPPlugin Authentication:

  1. In the Oracle Access Management Console, click Application Security at the top of the window.
  2. In the Application Security console, click Authentication Modules in the Plug-ins section.
  3. Search for and open the OIFMTLDAPPlugin authentication module.
  4. Review OIFMTLDAPPlugin details to ensure these are configured as desired for your deployment.

    See Table 40-5 for details.

  5. Click Save.

40.3.3.5 Adding an Authentication Policy with OIFScheme

The procedure for this task is the same as described in the following topics:

See "Adding an Authentication Policy with FederationScheme".