This list of enhancements has been developed for this Oracle Access Management 220.127.116.11.0 release. Where applicable, links to the documentation are included.
This Oracle Access Management 11g Release 2 (18.104.22.168) release allows for two console interfaces. The familiar Oracle Access Management Console has been updated and streamlined, and a new Access Manager Policy Manager Console, deployable on a WebLogic Managed Server, has been introduced. Additional information on the two consoles can be found in Oracle Access Management Console and the Policy Manager Console.
AP Proxy Application Logon Packaging, see Configuring the Access Portal Service.
New Administrator Roles, see Delegating Administration.
The Adaptive Authentication Service now offers multifactor authentication in addition to the standard user name and password. Additional security is enforced by adding a One Time Password (OTP) or a Push Notification step as a second factor in the authentication process. It is configured in tandem with the Oracle Mobile Authenticator mobile app. For details, see Managing the Adaptive Authentication Service and Oracle Mobile Authenticator
WS-Federation 1.1 support has been implemented in the Federation Service using WLST commands. See Using WS-Federation 1.1.
Mobile and Social
Mobile Services has been renamed to Mobile and Social Services.
Mobile and Social Services (Mobile Services) and OAuth Services now use a direct connection to communicate with OAM. Prior to version 22.214.171.124, Mobile and Social only communicated with OAM using TCP/IP (that is, remote mode). Now communication defaults to local, which is faster. Important! If Mobile and Social is configured to communicate with OAM 10g in your environment, set the
OAM_LOCAL_MODE attribute to
false. For details, see Defining, Modifying or Deleting an Authentication Service Provider (for Mobile and Social Services) and Configuring the Service Provider (for OAuth Services).
DCC Enhancements for the following use cases:
Access Manager SSO flows for all OOTB schemes including forms, basic, WNA, X509, TOTP, and RSA.
Unsolicited login where an external custom login page can submit to a DCC end point instead of the ECC.
Converged Federation Service flows for both SP and IDP. DCC is capable of tunneling SAML tokens to Access Manager.
OAAM step-up flows. DCC is capable of redirecting to OAAM and sending the user's context, then tunneling the TAP token back to Access Manager.
Flows in an MDC set-up.
Multi-Data Centers documentation has been upgraded and expanded. See Implementing Multi-Data Centers
A JSON Web Token Plug-in has been added. See JSON Web Token Plug-in.
Access to the Forgot Password URL using Access Manager is discussed in Administering the Forgot Password URL.