2 What's New in Oracle Identity Management 12c (12.2.1.3.0)

This topic lists the new features for all the products in Oracle Identity Management Release 12c (12.2.1.3.0).

Topics

• What's New in Oracle Access Management

• What's New in Oracle Identity Governance

• What's New in Oracle Unified Directory

• What’s New in Oracle Internet Directory

• What's New in Oracle Identity Management Integration

2.1 What's New in Oracle Access Management

Oracle Access Management 12c (12.2.1.3) includes the following new features:

• OAuth MDC

  Provides support for OAuth in a Multi Data Center environment. This feature supports the following:

  • OAuth Artifacts (such as Identity Domains, Clients, Resources, and so on) created on Data Center1(DC1) are visible and are seamlessly synchronized across data centers.

  • OAuth trust artifacts (such as trust certificates used to sign and issue JWT tokens) are visible across other data centers.

  • An OAuth token generated on DC1 will be validated on other data centers. Runtime will work seamlessly with different DCs.

  • A session created on DC1 associated with a validated token is seamlessly validated by other DCs when the request reaches them.

  • Refresh token generated on DC1 will be valid on DC2. When played against DC2, it is validated and an access token is generated on DC2.

  See Configuring OAuth Services in Oracle® Fusion Middleware Administering Oracle Access Management

• MDC Lifecycle simplification

  Simplifies the process of setting up and administering OAM Multi-data Center Topologies without using T2P tooling. New REST based APIs introduced for administrative and diagnostic purposes significantly reduce the number of configuration steps performed in the MDC environment. Migration of OAM system configuration and policy artifacts from one Data Center to another is now simplified and done through MDC Admin REST APIs.

  See Implementing Multi-data centres in Oracle® Fusion Middleware Administering Oracle Access Management

• OAM Caching Simplification

  This feature supports the following:

  • OAM 12c supports database-backed server-side session management to synchronize the session state across multiple nodes of an OAM 12c server cluster.

    See Maintaining Access Manager Sessions in Oracle® Fusion Middleware Administering Oracle Access Management

  • It implements database-based authentication plugin import, distribution and activation.

    See Custom Plug-ins Actions in Oracle® Fusion Middleware Administering Oracle Access Management

  • The configuration and policy is propagated through the configuration and policy store using periodic polling.

    See Policy Interval for System and Policy Configuration in Oracle® Fusion Middleware Administering Oracle Access Management

• TLS1.2 and SHA2

  OAM 12c supports TLS1.2 to provide communications security over the internet. All the simple mode certificates that are generated out-of-the-box for WebGate SSL communication are upgraded to SHA2.

  See TLS 1.2 support in Oracle Access Management in Oracle® Fusion Middleware Administering Oracle Access Management

• Password policy

  This feature supports the following:

  • OAM 12c supports multiple password policies for setting up varied levels of password based complexity protection for users belonging to different groups.

    See Multiple Password Policies in Oracle® Fusion Middleware Administering Oracle Access Management

  • Forgot Password feature in OAM can be experienced using One Time Pin generation by using password change REST API’s.

    See Setting up the Forgot Password Module in Oracle® Fusion Middleware Administering Oracle Access Management

  • Forced Password change can be administered using REST API’s.

    See Forced Password Change Policy in Oracle® Fusion Middleware Administering Oracle Access Management

• OMA

  • Experience a new enhanced enrollment process for adding your accounts to the OMA app.

  • Use App Protection feature to protect your OMA app with a fingerprint identity sensor such as Touch ID for iOS and Fingerprint for Andriod.

  • Windows 10 platform is now supported.

  See Configuring the Oracle Mobile Authenticator in Oracle® Fusion Middleware Administering Oracle Access Management

• REST API

  REST API’s are introduced in 12c for Federation Management, Multi Data Center, OAuth,, Password Management, Multifactor authentication OTP, Password Policy and Session Management. They are documented in REST API’s reference documents.

  See,

  • REST API for Federation Management in Oracle Access Manager

  • REST API for Multi Data Center in Oracle Access Manager

  • REST API for OAuth in Oracle Access Manager

  • REST API for Password Management in Oracle Access Manager

  • REST API for Multifactor Authentication OTP in Oracle Access Manager

  • REST API for Password Policy Management in Oracle Access Manager

  • REST API for Session Management in Oracle Access Manager

• Simplified Installation Process

  • The installation process is simplified with reduced number of steps, compared to the earlier releases.

  • Bootstrapping is the process of creating out-of-the-box Oracle Access Management (OAM) artifacts in the OAM store. For example, authentication schemes under policy components. 12c (12.2.1.3.0) allows to re-bootstrap individual components if failed. For example, policy, system, federation.

    This makes the installation process easier. In case of failure, individual components can be re-run again, instead of starting over from the beginning.

  • The number of post-configuration steps are reduced in 12c (12.2.1.3.0).

2.2 What's New in Oracle Identity Governance

Oracle Identity Governance 12c (12.2.1.3.0) has the following key new features:

• Oracle Identity Governance enables you to define your own custom access reviewer for user certifications. See Custom Reviewer for User Certifications in Performing Self Service Tasks with Oracle Identity Governance.

• Group or certifier assignments must be claimed by a user to take actions on it and released by the user for other users in the group to view the actions taken. See Claiming and Releasing Group Certifier Assignments in Performing Self Service Tasks with Oracle Identity Governance. Group certifier assignments can be defined while creating the certification definitions. See Creating Certification Definitions in Performing Self Service Tasks with Oracle Identity Governance.

• New options have been introduced under the Limit the entitlement-assignments to certify for each user option for creating a user certification definition. See Creating a User Certification Definition in Performing Self Service Tasks with Oracle Identity Governance.

• New option Include entitlements provisioned by access policy has been introduced for creating an entitlement certification definition. See Creating an Entitlement Certification Definition in Performing Self Service Tasks with Oracle Identity Governance.

• The Certification Dashboard enables sorting and listing the certifications by the percentage completion of the certifications. See Sorting Certification Search Results in Performing Self Service Tasks with Oracle Identity Governance.

• Oracle Identity Governance supports inheriting the access granted via access policies from the parent role to child role. See Evaluating Policies for Role Inheritance in Performing Self Service Tasks with Oracle Identity Governance.

• Access Policy can be created and managed from the Manage tab in Identity Self Service. See Managing Access Policies in Performing Self Service Tasks with Oracle Identity Governance.

• The application onboarding capability in Identity Self Service allows you to create and manage applications, templates, and instances of applications, and clone applications. See Managing Application Onboarding in Performing Self Service Tasks with Oracle Identity Governance.

• In Identity System Administration, the Import and Export options for incremental migration of deployments by using the Deployment Manager have a new interface and flow. See Migrating Incrementally Using the Deployment Manager in Administering Oracle Identity Governance.

• Oracle Identity Governance provides a new real-time certification purging solution. See Using the Real-Time Certification Purge in Oracle Identity Governance in Administering Oracle Identity Governance.

• The user interface for defining connectors and upgrading connectors have been enhanced. See Defining a Connector and Wizard Mode Upgrade in Staging Environment in Administering Oracle Identity Governance.

• SCIM resources are secured by custom Oracle Web Services Manager (OWSM) policy, custom request headers, and a origin whitelist. See Securing SCIM Resources in Developing and Customizing Applications for Oracle Identity Governance.

• Oracle Identity Governance provides a JSON Web Token (JWT) service to simplify the use of Oracle Identity Governance SCIM-REST service. See Using the JSON Web Token (JWT) Service.

• Oracle Identity Governance provides policy sets containing attached OWSM policies on application path that make Restful and SOAP services secure. See Understanding Global Policy Attachments in Developing and Customizing Applications for Oracle Identity Governance.

• Multiple sandboxes can be published in bulk and in a specified sequence. See Understanding Sandbox Operations and Publishing Sandboxes in Bulk and Sequence in Developing and Customizing Applications for Oracle Identity Governance.

• The installation process is simplified in 12c (12.2.1.3.0).

  • Integrated quick installer is introduced in 12c (12.2.1.3.0) for Oracle Identity Governance. This can be used to install Oracle Fusion Middleware Infrastructure 12c (12.2.1.3.0), Oracle SOA Suite 12c (12.2.1.3.0), and Oracle Identity and Access Management 12c (12.2.1.3.0) in one go. You do not have to use multiple installers to install the products required for Oracle Identity Governance.

  • Configuration through bootstrapping as part of server startup has been introduced in 12c (12.2.1.3.0). Post-configuration steps required in the earlier releases (11g ) are now done through auto-discovery during bootstrap, both in case of cluster mode and out-of-the box configuration.

2.3 What's New in Oracle Unified Directory

Oracle Unified Directory 12c (12.2.1.3.0) has the following key features:

• Improved performance and scalability:

  • The bulk offline import process for large deployments using the import-ldif command has been significantly enhanced and simplified.

  • Support for Transparent Network Substrate (TNS) aliases that allow effortless and transparent migration of TNS entries and aliases from Oracle Internet Directory. Oracle Unified Directory TNS aliases are compatible with TNS aliases on Oracle Internet Directory and therefore supported by database tools, such as netmgr.

  • Support for TNS aliases for Oracle Unified Directory deployments with Oracle Enterprise User Security (EUS) configured. See Enabling TNS Alias Support for EUS-enabled Configurations in Oracle® Fusion Middleware Installing Oracle Unified Directory.

  • Support to Retrieve Multi-Valued Attributes in the Created Order. See Retrieving Multi-Valued Attributes in the Order of Creation in Oracle® Fusion Middleware Administering Oracle Unified Directory.

• Enhanced security through:

  • Password-Based Key Derivation Function 2 Password Storage Schemes. See Password Storage Scheme in Oracle® Fusion Middleware Administering Oracle Unified Directory.

• ODSM Rebranding:

  • The Oracle Directory Services Manager (ODSM) interface for Oracle Unified Directory is, now, re-branded as Oracle Unified Directory Services Manager (OUDSM).

• Support for TLS 1.2 Protocols and Cipher Suites:

  • Supported TLS Protocols and Cipher Suites. See Supported TLS Protocols and Cipher Suites by Oracle Unified Directory in Oracle® Fusion Middleware Administering Oracle Unified Directory.

  • Support for Overriding System Default Protocols and Cipher Suites for TLS Communication. See Overriding System Default Protocols and Cipher Suites for TLS Communication in Oracle® Fusion Middleware Administering Oracle Unified Directory.

  • Support for Governing SSL/TLS Protocol and Cipher Suites. See About the Configurable LDAP Extension Properties Relevant to Security in Oracle® Fusion Middleware Administering Oracle Unified Directory.

  • Support for Configuring TLS Protocol Version and Cipher Suites in Connection handler. See Specifying Protocol Version and Cipher suites in a Connection Handler in Oracle® Fusion Middleware Administering Oracle Unified Directory.

  • Support for Configuring TLS Protocol Version and Cipher Suites in Crypto Manager for Replication. See Configuring SSL Protocol and Cipher Suites in Crypto Manager for Replication in Oracle® Fusion Middleware Administering Oracle Unified Directory.

  • Support of RDBMS Extension to Use Secure Connection. See Creating an RDBMS Extension to Use Secure Connection in Oracle® Fusion Middleware Administering Oracle Unified Directory.

  • Support for Configuring TLS Protocol Version and Cipher Suites for OUDSM to OUD Communication. See Configuring TLS Protocol and Cipher Suites for OUDSM to OUD Communication in Oracle® Fusion Middleware Administering Oracle Unified Directory.

• Support for new log publishers that are configurable via OUDSM:

  • Multiple log publishers are listed and configurable via OUDSM. See Viewing Existing Log Publishers in Oracle® Fusion Middleware Administering Oracle Unified Directory.

• Support for WebLogic Scripting Tool provisioning commands:

  • Multiple WLST provisioning commands are supported for configuring a WebLogic domain and for creating and deleting OUD instances. See Support for WLST Provisioning Commands in Oracle® Fusion Middleware Installing Oracle Unified Directory.

• Support for the Upgrade OUD Instance script:

  • The script updates the install path of each instance to point to the new Oracle 12c Home and also updates the Java properties for each instance. See Upgrading an Existing Oracle Unified Directory Server Instance in Oracle® Fusion Middleware Installing Oracle Unified Directory.

• Support for Oracle Fusion Middleware configuration tools:

  • Support for Oracle Fusion Middleware Configuration Wizard to create or extend a WebLogic domain with OUD system component on the admin machine. See Configuring OUD and OUDSM in a Single Domain in Oracle® Fusion Middleware Installing Oracle Unified Directory.

  • Support for Oracle Fusion Middleware Repository Creation Utility to create database schemas and load in your database. See Creating Database Schemas for the Infrastructure Domain Using the Repository Creation Utility in Oracle® Fusion Middleware Installing Oracle Unified Directory.

  • Support for Oracle Fusion Middleware Reconfiguration Wizard to reconfigure a WebLogic Server domain. See Upgrading OUDSM from 11g to 12c Using the Reconfiguration Wizard in Oracle® Fusion Middleware Installing Oracle Unified Directory.

• REST API

  • REST API’s are introduced in 12c for Oracle Unified Directory. See Admin REST APIs for Oracle Unified Directory

2.4 What’s New in Oracle Internet Directory

Oracle Internet Directory 12c Release 2 (12.2.1.3.0) has the following key new features:

• Oracle Internet Directory now uses WebLogic Management Framework for basic administrative tasks through a common command line, API and user interface. See What is the WebLogic Management Framework? in Understanding Fusion Middleware.

• Diagnostic log messages are captured in OID server log files that includes database SQL statements and other operational time metrics. From this release, oiddiag tool is capable of generating HTML summary reports. See Oracle Internet Directory Debug Logs in Oracle Fusion Middleware Administering Oracle Internet Directory and About Oracle Internet Directory Server Diagnostic Command-Line Tool in Oracle Fusion Middleware Reference for Oracle Identity Management.

• Replication improvements including additional debug statements for change log processing and retry_cnt updates, range fix for HIQ processing, reversed order of search results for subtree deletes, replication queue stats and replication dn info in oiddiag report are added. See Managing and Monitoring Replication in Oracle Fusion Middleware Administering Oracle Internet Directory.

  Replication server now supports one-way or two-way authentication SSL mode. See Use of SSL Encryption in Oracle Internet Directory Replication in Oracle Fusion Middleware Administering Oracle Internet Directory

• Out-of-box default SSL configuration of OID server instance has the value of orclcryptoversion is set to 24. This means, only TLSv1.2 and TLSv1.1 are enabled. See Configuring Secure Sockets Layer (SSL) for other configuration settings in Oracle Fusion Middleware Administering Oracle Internet Directory.

  To enable no-auth mode of SSL, anonymous cipher should be configured in Oracle Internet Directory. See Configuring ODSM Connection with SSL Enabled in Oracle Fusion Middleware Administering Oracle Internet Directory

2.5 What's New in Oracle Identity Management Integration

Integrate Oracle Identity Governance (OIG) and Oracle Access Manager (OAM) using LDAP Connectors.

• Execute the new automated script, OIGOAMIntegration.sh to accomplish OIG-OAM integration in a single step. The script utilizes user-supplied values from property files to perform various configurations. See One-step Procedure for OIG-OAM Integration Using Automated Script in Integration Guide for Oracle Identity Management Suite.

• Alternatively, execute individual configuration steps sequentially to accomplish the integration incrementally. This is done by running the new automated script, OIGOAMIntegration.sh several times, each time with a different parameter to specify which operation to be performed. See Step-by-step Procedure for OIG-OAM Integration Using Automated Script Integration Guide for Oracle Identity Management Suite.