Understanding Encryption Levels

Oracle Fusion Cloud Enterprise Performance Management and Oracle Enterprise Data Management Cloud uses Transport Layer Security (TLS) with SHA-2/SHA-256 Cryptographic Hash Algorithm to secure communication and data. Currently, Cloud EPM and Oracle Enterprise Data Management Cloud do not support mutual TLS (mTLS) authentication.

Browsers, Smart View, and EPM Automate

Cloud EPM and Oracle Enterprise Data Management Cloud use Transport Layer Security (TLS) with SHA-2/SHA-256 Cryptographic Hash Algorithm to secure communication with browsers, Oracle Smart View for Office, and EPM Automate.

Oracle recommends that you install the newest version of the supported browser. Generally, the newest version is compatible with higher cipher strengths and has improved security. See Supported Browsers.

SAML Messages to Identity Providers

  • Oracle Access Manager, which is the default Service Provider (SP), uses the MD5 algorithm to sign SAML messages to the Identity Provider (IdP) that you configured when setting up SSO. See Configuring Security Settings.
  • If your IdP, for example, SiteMinder, indicates that the signature validation of authentication request from the SP fails because it is signed using MD5 while the IdP supports only newer algorithms (such as RSA), create a service request containing an Exception Request asking Oracle to provide SSO SP XML metadata (in SHA-256 format). In the service request, indicate Hosting Services Problem Type.
  • On receiving the service request, Oracle will attach the SP metadata in SHA-256 format to the service request, which you can extract and upload to the IdP.
  • Cloud EPM and Oracle Enterprise Data Management Cloud relational data is encrypted using Transparent Data Encryption (TDE).

Navigation Flows and Connections

The credentials and other secure parameters used in Navigation Flows and Connections are encrypted using AES-256.

Session Management

To ensure security, Cloud EPM and Oracle Enterprise Data Management Cloud encrypts all sessions. The session information contained in cookies is encrypted and the session ID is randomly generated.