2 What's New in Oracle Identity Management 12c (12.2.1.4.0)

This topic lists the new features for all the products in Oracle Identity Management Release 12c (12.2.1.4.0).

2.1 What's New in Oracle Access Management

Oracle Access Management 12c (12.2.1.4.0) includes the following new features:

  • Passwordless Login

    Passwordless authentication allows you to bypass the standard web form based authentication when using a mobile device. For details, see Using Passwordless Authentication in Administering Oracle Access Management.

  • Dynamic Client Registration

    Dynamic client Registration (DCR) provides a way for the native mobile apps (Android) to dynamically register as clients with the OAuth Server (OAM). For details, see Dynamic Client Registration in Administering Oracle Access Management

  • OAP over REST

    Oracle Access Protocol (OAP) over REST enables the use of HTTP(S) infrastructure to route and load balance requests. Changing the transport mechanism between WebGate and server has a beneficial impact on reducing operational cost for hybrid deployments where some components are on-premises and others have moved to cloud. For details, see About OAP Over Rest Communication in Administering Oracle Access Management

  • WebGate using PFS and Approved Cipher Suites for OAP Simple/Cert Mode Communication

    When the Simple/Cert Mode communication occurs, WebGate ensure that valid and approved cipher suites defined by the admin are used. For details, see About WebGate TLS validating PFS and Approved Ciphers in Administering Oracle Access Management

  • HealthCheck Framework

    HealthCheck Framework enables health check on servers. These checks can be performed using REST API or by scheduling periodic checks on the server. Each schedule can be associated with a specified set of tests to be run. For details, see Monitoring Server Health with Health Check Framework in Administering Oracle Access Management

  • Modified UserInfo Response

    The format of the UserInfo response for OAuth flows is modified with the following changes:

    • Additional new parameters guid and sub are included in the response.
    • The parameters Profile, Email, Address, and Phone are returned directly under the root tag instead of seperate containers for each of the parameters.
    • The parameters email_verified and phone_number_verified are returned as booleans.

    For example,

    {
               "guid": "6C9CF210194A11E99FB45DDD0C60B95A",
               "sub": "weblogic",
               "family_name": "weblogic",
               "preferred_username": "weblogic",
               "updated_at": "1548740667872",
               "email_verified": false,
               "phone_number_verified": false
    }

    To retrieve the user info attributes in the older format (see the following example), set the custom attribute UserInfoScopeCont to true at the domain level.

    Sample UserInfo response format when the custom attribute UserInfoScopeCont is set,

    {
         "profile": {
                    "guid": "6C9CF210194A11E99FB45DDD0C60B95A",
                     "sub": "weblogic",
                     "family_name": "weblogic",
                     "preferred_username": "weblogic",
                    "updated_at": "1548743708100"
         },
         "email": {
                    "email_verified": false
         },
         "address": {},
         "phone": {
                    "phone_number_verified": false
         }
    }
  • Policy Cache Resiliency

    Improved resilience of the managed servers with the ability to read, validate and replace policy cache in a small step within the server, and delegation of cache building to the Admin Server. Introduced distribution of policy cache from Admin to manage servers with write once and read many times and reducing contention between multiple OAM server’s policy cache present in a cluster.

    Policy cache can be fine-tuned using parameters. For details, see Configuring Policy Cache Parameters in Administering Oracle Access Management.

2.2 What's New in Oracle Identity Governance

Oracle Identity Governance 12c (12.2.1.4.0) has the following key new features:

2.3 What's New in Oracle Unified Directory

Oracle Unified Directory 12c (12.2.1.4.0) has the following key features:

2.4 What’s New in Oracle Internet Directory

Oracle Internet Directory 12c (12.2.1.4.0) has the following new features:

  • Quality of Service

    Provides the capability to restrict the number of user connections or operations possible in a given duration of time. See Managing Quality of Service Configuration in Administering Oracle Internet Directory.

  • Monitoring Oracle Internet Directory Server using LDAP

    Monitors the current state of the server for debugging or troubleshooting purposes by using LDAP. See Monitoring Oracle Internet Directory Server Using LDAP in Administering Oracle Internet Directory.

  • Update to Oracle Database Client software

    Oracle Internet Directory 12.2.1.4.0 installation includes an update to the database client software installed with Oracle Fusion Middleware. The database patch set included is 12.1.0.2.190716. If you execute the command opatch lsinventory, the patch identification number for this update will appear as 29494060 on Linux/Unix and 30220086 on Microsoft Windows.

2.5 What's New in Oracle Identity Management Integration

This revision contains no new features. Minor updates were made throughout the guide.