| |
Oracle Identity Cloud Integrator Provider : Provider Specific
Configuration Options Related Tasks
Use this page to define provider specific configuration for this Oracle Identity Cloud Integrator Provider.
Configuration Options
Name Description Host The host name used to connect to the Oracle Identity Cloud Service.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.HostPort The port number used to connect to the Oracle Identity Cloud Service.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.PortBasePath The URI base path used for the connection to the Oracle Identity Cloud Service.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.BasePathSSLEnabled Specifies whether the TLS/SSL protocol is used when connecting to the Oracle Identity Cloud Service.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.SSLEnabledTenant The name of the primary tenant where users and groups reside from the Oracle Identity Cloud Service. When the primary tenant is not configured, the user authentication processing must identify the tenant name.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.TenantClient Id The Client Id used when retrieving tokens from the Oracle Identity Cloud Service.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.ClientIdClient Secret The Client secret used when retrieving tokens from the Oracle Identity Cloud Service.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.ClientSecretClient Tenant The tenant in which the Client Id resides from the Oracle Identity Cloud Service. When no client tenant name is configured, the tenant configured for the provider is used.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.ClientTenantCache Enabled Specifies whether to cache the Oracle Identity Cloud Service user's information.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.CacheEnabledCache Size Specifies the maximum number of entries to cache.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.CacheSizeCache TTL The time-to-live (TTL) of the Oracle Identity Cloud Service user cache, in seconds.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.CacheTTLToken Cache Enabled Specifies whether to cache Oracle Identity Cloud Service tokens after successful validation of the token.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.TokenCacheEnabledAccess Token Timeout Window The number of seconds before an access token times out that a new access token is requested. Adjusting the timeout window impacts how long access tokens are cached for reuse before an updated access token is requested from the authorization server.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.AccessTokenTimeoutWindowTenant Data Flush Interval The interval, in seconds, that the cached data for all the tenants, including the metadata and public key is flushed. Adjusting the interval impacts how long the tenant data is cached for reuse before it is updated. The default value is 0, which means that tenant data from a previous download is not cleared unless triggered by an MBean operation or configuration change.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.TenantDataFlushIntervalSynchronization Filter Enabled Specifies whether the synchronization filter is enabled for servlet applications deployed on the security realm.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.SyncFilterEnabledOnly Client Cert Requests Specifies whether the synchronization filter only filters the requests with CLIENT_CERT or CLIENT-CERT Auth Type.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.SyncFilterOnlyClientCertRequestsMatch Case Specifies whether the synchronization filter performs case match when comparing the session user and the remote user.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.SyncFilterMatchCasePrefer Header Specifies whether the synchronization filter looks into the requests header before looking at the token for the remote user and tenant. This attribute is used only when the synchronization filter is enabled for requests with all authentication types.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.SyncFilterPreferHeaderUser Header Name The names of HTTP headers sent on requests that the synchronization filter uses to look for remote user information.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.SyncFilterUserHeaderNamesConnect Timeout The maximum time to wait, in seconds, for the connection to the Oracle Identity Cloud Service to be established.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.ConnectTimeoutResponse Read Timeout The maximum time to wait, in seconds, for a response from the Oracle Identity Cloud Service.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.ResponseReadTimeoutIDCS server not available counter interval The interval, in seconds, that the count of authentication failures caused by the Oracle Identity Cloud Service not being available are logged to the server log. Setting to zero (0) or negative value turns off the logging of the count.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.ServerNotAvailableCounterIntervalUser Authentication Assertion Attribute Used for User Authentication and Assertion. The default value results in the use of the attribute configured by the Oracle Identity Cloud Service.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.UserAuthenticationAssertionAttributeUser Name Resource Attribute SCIM User resource type attribute that specifies the name of the user.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.UserNameResourceAttributeUser ID Resource Attribute SCIM User resource type attribute that specifies the ID (GUID) of the user.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.UserIDResourceAttributeClient ID Resource Attribute Used for Client ID App Assertion. The default value results in the use of the attribute configured by the Oracle Identity Cloud Service.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.ClientIDResourceAttributeTenant Header Names The names of HTTP headers sent on requests to the Oracle Identity Cloud Service that are used to determine the tenancy during authentication.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.TenantHeaderNamesApplication Name Filter Header Name The name of the HTTP header used to determine the application name applied when filtering the authentication and assertion requests to the Oracle Identity Cloud Service. When no value is supplied or can be determined, requests are not filtered by an application.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.AppNameFilterHeaderNameToken Validation Level The level of validation performed on Oracle Identity Cloud Service tokens passed to the Identity Asserter. Valid values are
FULL,NORMAL,SIGNATUREandNONE.MBean Attribute:
OracleIdentityCloudIntegratorMBean.TokenValidationLevelToken Clock Skew The allowable variance, in seconds, for the token Expiration, Issued At, and Not Before attributes.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.TokenClockSkewMinimum value:
0Issuer An override for the token issuer value used during validation. The issuer is normally obtained from the Oracle Identity Cloud Service Discovery Metadata. When configured, the issuer value is used for all tenants.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.IssuerJSONWeb Key Set URI An override for the JSON Web Key Set location (jwks_uri) used during validation of tokens. A file location can be specified to load keys from the local environment. The location of the keys is normally obtained from the Oracle Identity Cloud Service Discovery Metadata. When configured, the URI is used for all tenants.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.JSONWebKeySetURISignature Prefer X509 Certificate If the optional X.509 certificate chain ("x5c claim") is available from the JSON Web Key Set, this attribute specifies whether the public key obtained from the X.509 certificate in the supplied chain is used during the verification of the token signature.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.SignaturePreferX509CertificateUser Name Token Claim Used to get the user name from the token. Corresponds to the SCIM User name resource type attribute. If not set, the subject ("sub claim") is used.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.UserNameTokenClaimUser ID Token Claim Used to get the user ID (GUID) from the token. Corresponds to the SCIM User ID resource type attribute.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.UserIDTokenClaimGroups Token Claim Used to get groups from the token.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.GroupsTokenClaimApp Roles Token Claim Used to get AppRoles from the token.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.AppRolesTokenClaimClient Name Token Claim Used to get the client name from the access token.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.ClientNameTokenClaimClient ID Token Claim Used to get the client Id (GUID) from the access token.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.ClientIDTokenClaimClient Tenant Token Claim Used to get the Identity Domain for the client from the access token.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.ClientTenantTokenClaimResource Tenant Token Claim Used to get the Identity Domain for the resource from the access token.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.ResourceTenantTokenClaimTenant Token Claim Used to get the Identity Domain from the token.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.TenantTokenClaimTenant Host Name Template The tenant-based host name, in Fully Qualified Domain name (FQDN) format, comprised of a tenant name and a host name. This attribute contains the tokens, such as {%tenant}.{%host}, that are replaced with the actual values.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.TenantHostNameTemplateThread Lock Timeout The maximum time to wait, in seconds, when a thread attempts to acquire a synchronization lock for obtaining metadata, keys and access tokens.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.ThreadLockTimeoutAny Identity Domain Enabled The Oracle Identity Cloud Integrator provider defines this setting as always enabled.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.AnyIdentityDomainEnabledToken Virtual User Allowed Determines whether to allow identity assertion to authenticate WebLogic Server users who are not represented in the security store.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.TokenVirtualUserAllowedAudience Enabled Specifies whether the audience from the access token is stored in the subject for later use by the application.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.AudienceEnabledClient As User Principal Enabled Specifies whether the client name from the access token is stored in the subject as the username for later use by the application.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.ClientAsUserPrincipalEnabledOnly User Token Claims Specifies whether the claims about the user from the token are the only claims processed when a subject is created. Any additional information in the subject about the user, including groups and application roles, is obtained from the Oracle Identity Cloud Service.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.OnlyUserTokenClaimsEnabledToken Secure Transport Required Determines whether the Oracle Identity Cloud Integrator provider checks for a secure transport connection before accepting active token types. When enabled and a secure transport connection cannot be determined, tokens are not accepted for identity assertion.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.TokenSecureTransportRequiredTenant Data Reload Enabled Specifies whether to re-load Oracle Identity Cloud Service tenant data when a token validation error occurs.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.TenantDataReloadEnabledTenant Data Reload Interval The interval, in seconds, that the Oracle Identity Cloud Service tenant data would not be removed when a token validation error occurs. Adjusting the interval impacts how long the tenant data is cached for reuse before repeated token validation errors result in a tenant data re-load.
MBean Attribute:
OracleIdentityCloudIntegratorMBean.TenantDataReloadInterval
|