What's New in This Guide?
This section summarizes the new features and significant changes in Administering Oracle Access Management 12c (12.2.1.3.0)
Follow the pointers into this guide to get more information about the features and how to use them.
-
Updates in October 2022 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
-
Updates in January 2021 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
-
Updates in October 2020 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
-
Updates in July 2020 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
-
Updates in April 2020 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
-
Updates in November 2019 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
-
Updates in April 2018 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
-
Updates in January 2018 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
-
Updates in October 2017 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
Updates in October 2022 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
This revision of Oracle® Fusion Middleware Administering Oracle Access Management addresses bug fixes.
Updates in January 2021 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
This revision of Oracle® Fusion Middleware Administering Oracle Access Management contains feature updates and addresses bug fixes.
- Recommendation to Use Embedded Credential Collector (ECC) in OAM
12c
It is recommended that you use ECC for the new features introduced in OAM 12c. Some of the new features introduced in OAM 12c do not support DCC. For example, OpenIDConnect with DCC is not supported.
For additional details, see
Doc ID 2634863.1
at https://support.oracle.com.Also see, Overview of Access Manager Credential Collection and Embedded Credential Collector Versus Detached Credential Collector
-
Keep the OAUTH_TOKEN Response Unset
OAM provides an option to not set the
OAUTH_TOKEN
cookie or header when SSO Session Linking is enabled. You must set the challenge parameterIS_OAUTH_TOKEN_RESPONSE_SET
tofalse
.Note:
IfIS_OAUTH_TOKEN_RESPONSE_SET
is not configured, or set totrue
then theOAUTH_TOKEN
cookie/header is set.
Updates in October 2020 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
This revision of Oracle® Fusion Middleware Administering Oracle Access Management contains feature updates and addresses bug fixes.
-
Support for AWS Role Mapping Attribute in SAML Response
Introduces a new function that can be configured in SP Attribute Profile for supporting the AWS role mapping attribute in SAML response.
For details, see AWS Role Mapping Attribute in SAML Response
-
Support for Attribute Value Mapping and Filters in OAM Federation
OAM federation supported Attribute Name Mapping. It extends the support for Attribute Value Mapping and Attribute Filtering features.
For details, see Using Attribute Value Mapping and Filtering
Updates in July 2020 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
This revision of Oracle® Fusion Middleware Administering Oracle Access Management contains feature updates and addresses bug fixes.
- Support for SameSite=None Attribute in OAM Cookies
OAM adds SameSite=None attribute to all the cookies set by WebGate and OAM Server.
For details, see Support for SameSite=None Attribute in OAM Cookies
Updates in April 2020 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
This revision of Oracle® Fusion Middleware Administering Oracle Access Management addresses bug fixes.
Updates in November 2019 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
This revision of Oracle® Fusion Middleware Administering Oracle Access Management addresses bug fixes.
Updates in April 2018 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
This revision of Oracle® Fusion Middleware Administering Oracle Access Management contains content updates and addresses bug fixes.
OpenIDConnect implements authentication as an extension to the OAuth 2.0 authorization process. It provides easily consumable ID Tokens that are obtained by Clients using OAuth 2.0 flows.
-
Verify the identity of the end-user based on the authentication performed by an Authorization Server.
-
Obtain profile information in an interoperable REST-like manner.
See Managing the Oracle Access Management OAuth Service and OpenIDConnect to understand, manage and integrate the OpenIDConnect functionality in OAM.
Updates in January 2018 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
This revision of Oracle® Fusion Middleware Administering Oracle Access Management contains content updates and addresses bug fixes.
The forgot password feature in OAM can be accomplished using One Time Pin (OTP) generation and ChangePassword using OTP REST APIs. See Configuring Forgot Password using OTP for the setup steps required for enabling forgot password flow using OTP in OAM.
Updates in October 2017 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
This revision of Oracle® Fusion Middleware Administering Oracle Access Management contains content updates and addresses bug fixes.
-
Using configuration URLs, you can manually create the quick response (QR) code and scan it offline to link the OMA App to an account. See Adding an Account to the OMA App by Scanning the QR Code
-
If there is an exception logged in OAM server logs on the failure of oamkeystore data decryption while configuring MDC using REST APIs, you can safely ignore it and restart the clone data center to set all the internal keys between Master and Clone data centers. See Fail to Decrypt oamkeystore Data with Cipher Key from OAM Config.
-
Integration of Access Manager with Microsoft Sharepoint Server is supported using 11g Webgate agent. See Integrating Microsoft SharePoint Server with Access Manager relevant to 12c release.
Features of Access Manager 12.2.1.3.0
Table -1 provides an overview of Access Manager 12.2.1.3.0.
Table -1 Features in Access Manager 12.2.1.3.0
Features | Description |
---|---|
OAM Caching Simplification |
OAM 12c supports database-backed server-side session management to synchronize the session state across multiple nodes of an OAM 12c server cluster. See Maintaining Access Manager Sessions. It implements database-based authentication plugin import, distribution and activation. See Table 22-16 The configuration and policy is propagated through the configuration and policy store using periodic polling. See Polling Interval for System and Policy Configuration |
MDC lifecycle simplification |
This feature simplifies the process of setting up and administering OAM Multi-data Center Topologies without using T2P tooling. New REST based APIs introduced for administrative and diagnostic purposes significantly reduce the number of configuration steps performed in the MDC environment. Migration of OAM system configuration and policy artifacts from one Data Center to another is now simplified and done through MDC Admin REST APIs. |
TLS1.2 Support |
OAM 12c supports TLS1.2 to provide communications security over the internet. All the simple mode certificates that are generated out-of-the-box for WebGate SSL communication are upgraded to SHA2 . |
OAuth MDC Support |
OAuth MDC provides support for OAuth in a Multi Data Center environment. This feature supports the following:
|
Password policy |
OAM 12c supports multiple password policies for setting up varied levels of password based complexity protection for users belonging to different groups. See Multiple Password Policies Forgot Password feature in OAM can be experienced using One Time Pin generation by using password change REST APIs. See Setting up the Forgot Password Module Forced Password change can be administered using REST API’s. See Key Password Attributes in a Password Policy |
OMA App |
|
Features Not Supported in Access Manager 12.2.1.3.0
The following table lists the features that are unsupported from OAM 12.2.1.3.0 and provides the migration path.
Unsupported Features in OAM 12.2.1.3.0 | Description | Migration Path |
---|---|---|
10g OSSO server co-existence |
OAM 12c server does not support co-existence with the OSSO servers |
Upgrade from OSSO to OAM 11g R2PS3 and then upgrade to OAM 12c. |
OpenSSO server co-existence |
OAM 12c server does not support co-existence with the OpenSSO server. | Upgrade to OAM 11gR2PS3 and then upgrade to OAM 12c. |
OAM 10g server co-existence | OAM 12c server does not support co-existence with OAM 10g server. | Migrate to OAM 12c server. |
OpenSSO agents | OpenSSO agents are not supported in the OAM 12c release. |
Migrate to supported 12c agents. OAM 11g and 12c WebGates and Accessgates are supported in OAM 12.2.1.3.0 |
mod_osso | OAM 12c does not support mod OSSO (OSSO Agent Proxy) agents. | Migrate to 12c WebGate agents and upgrade to OAM 12c. |
OAM10g WebGate | OAM 12c server does not support OAM 10 WebGates. |
Migrate to OAM11g R2PS3 or OAM 12c WebGates Upgrade the server to OAM 12c. |
IDMConfigTool | OAM 12c does not support the following IDMConfigTool commands and attributes:
|
|
IAMSuiteAgent |
OAM 12c does not support IAMSuiteAgent. Till R2PS3, IAMSuiteAgent was the OOB agent protecting the OAM console. From 12c PS3 onwards, this is done using default OOB Login page. As per EDG (Enterprise Development Guide), it is recommended to protect OAM console using a webgate agent. |
|
Oracle Mobile Security Suite (OMSS) | OAM 12c does not support OMSS. |