Table of Contents
- List of Examples
- List of Figures
- List of Tables
- Title and Copyright Information
- Preface
- What's New
-
Part I Oracle Identity Management Integration
Topology
-
1
Introduction to Oracle Identity and Access
Management Suite Components Integration
- 1.1 Prerequisites to Integrating Oracle Identity Management Suite Components
- 1.2 Understanding Oracle Identity Management Integration Topologies
- 1.3 Overview of Oracle Identity Management Components Used in the Integration
- 1.4 Oracle Identity Management Integration Quick Links
- 1.5 About Password Management Scenarios
- 1.6 System Requirements and Certification
- 1.7 Using My Oracle Support for Additional Troubleshooting Information
-
1
Introduction to Oracle Identity and Access
Management Suite Components Integration
-
Part II Core Integrations
- 2 Integrating Oracle Access Manager and LDAP
-
3
Integrating Oracle Identity Governance with
Oracle Access Manager and LDAP Connectors
-
3.1
Overview of Oracle Identity Governance and Oracle Access Manager Integration
- 3.1.1 About Integrating Oracle Identity Governance with Oracle Access Manager
- 3.1.2 About Oracle Identity Governance and Oracle Access Manager Single-Node Integration Topology
- 3.1.3 Prerequisites to Integrating Oracle Identity Governance and Oracle Access Manager
- 3.1.4 Roadmap to Integrating Oracle Identity Governance and Oracle Access Manager
- 3.2 Installing Oracle HTTP Server and Configuring the Oracle HTTP Server WebGate
-
3.3
Configuring Oracle Identity Governance and Oracle Access Manager Integration
- 3.3.1 Prerequisites for the Connector-based Integration
-
3.3.2
Step-by-step Procedure for OIG-OAM Integration Using Automated Script
- 3.3.2.1 Populating OHS Rules Using Automated Script
- 3.3.2.2 Configuring WLS Authentication Providers Using Automated Script
- 3.3.2.3 Configuring LDAP Connector Using Automated Script
- 3.3.2.4 Configuring SSO Integration Using Automated Script
- 3.3.2.5 Enabling OAM Notifications Using Automated Script
- 3.3.2.6 Restarting Servers
-
3.4
Validating the Access Manager and Oracle Identity Governance Integration
- 3.4.1 Validating the Oracle Identity Governance SSO Configuration Settings
- 3.4.2 Validating the Oracle Identity Governance Security Provider Configuration
- 3.4.3 Validating the Access Manager Security Provider Configuration
- 3.4.4 Validating the Oracle Identity Governance Domain Credential Store
- 3.4.5 Validating the Oracle Identity Governance Event Handlers Configured for SSO
- 3.4.6 Validating the Oracle Identity Governance SSO Logout Configuration
- 3.4.7 Functionally Testing the Access Manager and Oracle Identity Governance Integration
- 3.4.8 Validating Integration Configuration
- 3.4.9 Improving Reset Password Performance in Active Directory Integration
- 3.5 Scheduled Jobs for OIG-OAM Integration
- 3.6 Configuring User Defined Fields
- 3.7 Known Limitations and Workarounds in OIG-OAM Integration
-
3.1
Overview of Oracle Identity Governance and Oracle Access Manager Integration
-
4
Troubleshooting Common Problems in Access Manager and OIG Integration
-
4.1
Troubleshooting Single Sign-On Issues in an Access Manager and OIG Integrated Environment
- 4.1.1 Diagnosing Single Sign-On Issues By Capturing HTTP Headers
- 4.1.2 Access Manager Redirection to OIG Login Page
- 4.1.3 Access Manager Failure to Authenticate User
- 4.1.4 Troubleshooting Oracle Access Management Console Login Operation Errors
- 4.1.5 Troubleshooting Authenticated User Redirection to OIG Login
- 4.1.6 User Redirected to OIG During OIG Forgot Password, Register New Account, or Track User Registration Flows
- 4.1.7 User Redirection in a Loop
- 4.1.8 Troubleshooting SSO Integration Configuration
- 4.1.9 WADL Generation Does not Show Description
- 4.2 Troubleshooting Auto-Login Issues in an Access Manager and OIG Integrated Environment
- 4.3 Troubleshooting Session Termination Issues
- 4.4 Troubleshooting Account Self-Locking Issues
-
4.5
Troubleshooting Miscellaneous Issues in an Access Manager and OIG Integrated Environment
- 4.5.1 Scheduler and System Properties do not come up in the Integrated Environment
- 4.5.2 Client Based Oracle Identity Governance Login Failure
- 4.5.3 Logout 404 Error Occurs After Logging Out of OIG protected Application
- 4.5.4 Old Password Remains Active After Password Reset
- 4.5.5 OIG Configuration Failure During Seeding of OIG Policies into Access Manager
- 4.5.6 Adding Object Classes Fails
- 4.5.7 SSO Reconciliation Filter Does Not Work With DN Attributes for Trusted Source Reconciliation
- 4.5.8 Login Fails for Users Created Through Bulk Load
- 4.5.9 Events are Generated Without Any Changes in the Target
- 4.6 Troubleshooting Target Account Creation
- 4.7 Troubleshooting prepareIDStore for AD
- 4.8 Troubleshooting the OIG-OAM Integrated Environment Upgrade
-
4.1
Troubleshooting Single Sign-On Issues in an Access Manager and OIG Integrated Environment
- 5 Modifying OAM Configuration Properties
-
Part III External SSO Solutions
-
6
Integrating with Identity Federation
- 6.1 Introduction to Identity Federation with Oracle Access Manager
-
6.2
Integrating Access Manager 11gR2 with Identity Federation 11gR1
- 6.2.1 About SP and Authentication Integration Modes
- 6.2.2 Access Manager and Oracle Identity Federation Integration Overview
- 6.2.3 Prerequisites to Integrating Access Manager with Oracle Identity Federation
- 6.2.4 Verifying Servers are Running and a Resource is Protected
- 6.2.5 Registering Oracle HTTP Server WebGate with Access Manager for Access Manager and OIF Integration
- 6.2.6 Configuring Oracle Identity Federation for Access Manager and OIF Integration
- 6.2.7 Configuring Access Manager for Integration with Oracle Identity Federation
- 6.2.8 Configuring Access Manager to Protect a Resource with the OIFScheme
- 6.2.9 Testing the Access Manager and Oracle Identity Federation Integration Configuration
- 6.3 Running Access Manager-OIF Integration Scripts to Automate Tasks
-
6
Integrating with Identity Federation
-
Part IV Additional Identity Store Configuration
-
7
Configuring an Identity Store with Multiple Directories
- 7.1 Overview of Configuring Multiple Directories as an Identity Store
-
7.2
Configuring Multiple Directories as an Identity Store: Split Profile
- 7.2.1 Prerequisites to Configuring Multiple Directories as an Identity Store
- 7.2.2 Repository Descriptions
- 7.2.3 Setting Up Oracle Internet Directory as a Shadow Directory
- 7.2.4 Directory Structure Overview - Shadow Join
- 7.2.5 Configuring Oracle Virtual Directory Adapters for Split Profile
- 7.2.6 Configuring a Global Consolidated Changelog Plug-in
- 7.2.7 Validating the Oracle Virtual Directory Changelog
- 7.3 Configuring Multiple Directories as an Identity Store: Distinct User and Group Populations in Multiple Directories
- 7.4 Additional Configuration Tasks When Reintegrating Oracle Identity Governance With Multiple Directories
-
7
Configuring an Identity Store with Multiple Directories
-
Appendices
-
A
Verifying Adapters for Multiple Directory Identity Stores by Using ODSM
-
A.1
Verifying Oracle Virtual Directory Adapters for Split Profile by Using ODSM
- A.1.1 Verifying User Adapter for Active Directory Server
- A.1.2 Verifying Shadowjoiner User Adapter
- A.1.3 Verifying JoinView Adapter
- A.1.4 Verifying User/Role Adapter for Oracle Internet Directory
- A.1.5 Verifying Changelog Adapter for Active Directory Server
- A.1.6 Verifying Changelog Adapter for Oracle Internet Directory
- A.1.7 Configuring a Global Consolidated Changelog Plug-in
- A.1.8 Validating Oracle Virtual Directory Changelog
-
A.2
Verifying Adapters for Distinct User and Group Populations in Multiple Directories by Using ODSM
- A.2.1 Verifying the User Adapter on the Oracle Virtual Directory Instances
- A.2.2 Verifying the Plug-In of the User/Role Adapter A1
- A.2.3 Verifying the Plug-In of the User/Role Adapter A2
- A.2.4 Verifying the Changelog Adapter C1 Plug-In
- A.2.5 Verifying the Changelog Adapter for Active Directory
- A.2.6 Verifying Changelog Adapter C2
- A.2.7 Verifying Oracle Virtual Directory Global Plug-in
- A.2.8 Configuring a Global Consolidated Changelog Plug-in
-
A.1
Verifying Oracle Virtual Directory Adapters for Split Profile by Using ODSM
- B Using the idm.conf File
-
C
Using the idmConfigTool Command
- C.1 About idmConfigTool
- C.2 Set Up Environment Variables for OIG-OAM Integration
- C.3 idmConfigTool Syntax and Usage
- C.4 Additional Tasks for OUD Identity Store in an HA Environment
- C.5 IdmConfigTool Options and Properties
- C.1 preConfigIDStore Command
- C.2 prepareIDStore Command
- C.3 configOAM Command
- D Configuring User-Defined Fields
- E Modifying OIG to Revert OIG-OAM Integration Configuration
-
F
Upgrading OIG-OAM Integrated
Environments
- F.1 About the Starting Points for an OIM-OAM Integrated Environment Upgrade
- F.2 Upgrading an OAM-OIM Integrated Environment from a Previous 12c Release
-
F.3
Upgrading an OAM-OIM Integrated
Environment from a 11g Release
- F.3.1 Task 1: Upgrading the Integrated Environments
- F.3.2 Task 2: Configuring Oracle HTTP Server
- F.3.3 Task 3: Prerequisites for the Connector-based Integration
- F.3.4 Task 4: Disabling LDAP Synchronization
- F.3.5 Task 5: Configuring WLS Authentication Providers
- F.3.6 Task 6: Configuring the LDAP Connector
- F.3.7 Task 7: Configuring SSO Integration
- F.3.8 Task 8: Enabling OAM Notifications
- F.3.9 Task 9: Adding Missing Object Classes
- F.3.10 Task 10: Restarting Servers
- F.3.11 Task 11: Performing Post-Upgrade Task
- F.3.12 Task 12: Validating the Integrated Environments
-
A
Verifying Adapters for Multiple Directory Identity Stores by Using ODSM