Table of Contents
- List of Examples
- List of Figures
- List of Tables
- Title and Copyright Information
- Preface
-
What's New in This Guide?
- Updates in October 2022 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
- Updates in January 2021 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
- Updates in October 2020 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
- Updates in July 2020 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
- Updates in April 2020 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
- Updates in November 2019 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
- Updates in April 2018 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
- Updates in January 2018 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
- Updates in October 2017 Documentation Refresh for 12c Release 2 (12.2.1.3.0)
- Features of Access Manager 12.2.1.3.0
- Features Not Supported in Access Manager 12.2.1.3.0
-
Part I Introduction to Oracle Access Management
- 1 Introducing Oracle Access Management
-
2
Getting Started with Oracle Access Management
- 2.1 Starting and Stopping Servers in Your Deployment
- 2.2 About Oracle Access Management Administrators
- 2.3 Oracle Access Management Console and the Policy Manager Console
- 2.4 Understanding the Oracle Access Management Console
- 2.5 About Logging Into the Oracle Access Management Console
- 2.6 Using the Oracle Access Management Console
- 2.7 Command-Line Tools for Configuration
- 2.8 Logging, Auditing, Reporting, and Monitoring Performance
- 2.9 Configuring Oracle Access Management Login Options
-
Part II Managing Common and System Configurations
- 3 Managing Common Services and Certificate Validation
- 4 Delegating Administration
-
5
Managing Data Sources
- 5.1 Data Sources for Oracle Access Management
-
5.2
Registering and Managing User Identity Stores
- 5.2.1 Understanding User Identity Stores
- 5.2.2 About using the System Store for User Identities
- 5.2.3 About Using Multiple Identity Stores
- 5.2.4 User Identity Store Settings
- 5.2.5 Registering a New User Identity Store
- 5.2.6 Viewing or Editing a User Identity Store Registration
- 5.2.7 Deleting a User Identity Store Registration
-
5.3
Managing the Identity Directory Service User Identity Stores
- 5.3.1 Identity Directory Services
- 5.3.2 Creating an Identity Directory Service Profile
- 5.3.3 Editing or Deleting an Identity Directory Service Profile
- 5.3.4 Creating a Form-fill Application Identity Directory Service Profile
- 5.3.5 Understanding the Pre-Configured Identity Directory Service Profile
- 5.3.6 Creating an Identity Directory Service Repository
- 5.4 Managing Administrator Roles
- 5.5 Managing the Policy and Session Database
- 5.6 Introduction to Oracle Access Management Keystores
- 5.7 Integrating a Supported LDAP Directory with Oracle Access Manager
- 6 Managing Server Registration
-
Part III Logging, Auditing, Reporting and Monitoring Performance
- 7 Logging Component Event Messages
-
8
Auditing Administrative and Run-time Events
- 8.1 Introduction to Oracle Fusion Middleware Auditing
-
8.2
Oracle Access Management Auditing
- 8.2.1 Understanding Oracle Access Management Auditing
- 8.2.2 About Oracle Access Management Auditing Configuration
- 8.2.3 About Audit Record Storage
- 8.2.4 About Audit Reports and Oracle Business Intelligence Publisher
- 8.2.5 Oracle BI Enterprise Edition (Oracle BI EE)
- 8.2.6 About the Audit Log and Data
- 8.3 Access Manager Events You Can Audit
- 8.4 Identity Federation Events You Can Audit
- 8.5 Setting Up Auditing for Oracle Access Management
- 8.6 Validating Auditing and Reports
-
9
Logging WebGate Event Messages
- 9.1 Understanding Logging for WebGate Instances
- 9.2 About Log Configuration File Paths and Contents
- 9.3 About Directing Log Output to a File or the System File
-
9.4
Structure and Parameters of the WebGate Log Configuration File
- 9.4.1 Structure of WebGate Log Configuration XML File Header
- 9.4.2 Structure of WebGate Initial Compound List
- 9.4.3 Parameters in the WebGate Simple List and Logging Threshold
- 9.4.4 Parameters in the WebGate Second Compound List and Log Handlers
- 9.4.5 Parameters in the WebGate List for Per-Module Logging
- 9.4.6 Parameters in the WebGate Filter List
- 9.4.7 WebGate XML Element Order
- 9.5 Activating and Suppressing Logging Levels
- 9.6 Mandatory Log Configuration File Parameters
- 9.7 Configuring Different Threshold Levels for Different Types of Data
- 9.8 Filtering Sensitive Attributes
-
10
Understanding Oracle Access Management Reports
- 10.1 About Reports in Oracle Access Management
- 10.2 Accessing Oracle Access Management Reports
- 10.3 Supported Output Formats
- 10.4 Classification of Reports for Access Manager
- 10.5 About Creating Reports Using Third-Party Software
-
11
Monitoring Oracle Access Management Performance and Access Manager Health
- 11.1 Introduction to Performance Monitoring
- 11.2 Monitoring Server Metrics Using Oracle Access Management Console
- 11.3 Monitoring SSO Agent Metrics Using Oracle Access Management Console
- 11.4 OAM Proxy Metrics and Tuning
- 11.5 Monitoring Metrics Using the DMS Console
- 11.6 Monitoring the Health of an Access Manager Server
-
12
Monitoring Performance and Logs with Fusion Middleware Control
- 12.1 Introduction to Fusion Middleware Control
- 12.2 Logging In to and Out of Fusion Middleware Control
- 12.3 Displaying Menus and Pages in Fusion Middleware Control
- 12.4 Viewing Performance in Fusion Middleware Control
- 12.5 Managing Log Level Changes in Fusion Middleware Control
- 12.6 Managing Log File Configuration from Fusion Middleware Control
- 12.7 Viewing Log Messages in Fusion Middleware Control
- 12.8 Displaying MBeans in Fusion Middleware Control
-
Part IV Managing Access Manager Settings and Agents
- 13 Configuring Access Manager Settings
- 14 Introduction to Agents and Registration
-
15
Registering and Managing OAM Agents
- 15.1 Before Registering and Managing Agents
- 15.2 OAM Agent Registration Parameters in the Console
- 15.3 Registering an OAM Agent Using the Console
- 15.4 Bulk Updates to WebGates
- 15.5 Configuring and Managing Registered OAM Agents Using the Console
- 15.6 Remote Registration Tool, Modes, and Process
- 15.7 Remote Registration Templates: OAM Agents
- 15.8 Performing Remote Registration for OAM Agents
- 15.9 Remote Agent Update Modes and Templates
- 15.10 Updating Agents Remotely
- 15.11 Validating Remote Registration and Resource Protection
- 15.12 setAllowEmptyHostIdentifier
-
16
Maintaining Access Manager Sessions
- 16.1 Introducing Access Manager Session Management
- 16.2 Understanding Server-Side Session Management
- 16.3 Server-Side Session Enforcement Examples
- 16.4 Configuring the Server-Side Session Lifecycle
- 16.5 Managing Active Server-Side Sessions
- 16.6 Validating Server-Side Session Operations
- 16.7 Using REST APIs for CRUD Operations on a Session
-
Part V Implementing Multi-Data Centers
-
17
Understanding Multi-Data Centers
- 17.1 Introducing the Multi-Data Center
-
17.2
Multi-Data Center Deployments
- 17.2.1 Session Adoption Without Re-authentication, Session Invalidation or Session Data Retrieval
- 17.2.2 Session Adoption Without Re-authentication But With Session Invalidation andSession Data Retrieval
- 17.2.3 Session Adoption Without Re-authentication and Session Invalidation But With On-demand Session Data Retrieval
- 17.2.4 Authentication and Authorization Requests Served By Different Data Centers
- 17.2.5 Logout and Session Invalidation
- 17.2.6 Stretch Cluster Deployments
- 17.3 Active-Active Multi-Data Center Topology Deployment
- 17.4 Load Balancing Between Access Management Components
- 17.5 Understanding Time Outs and Session Syncs
- 17.6 Replicating a Multi-Data Center Environment
- 17.7 Multi-Data Center Recommendations
- 18 Configuring Multi-Data Centers
-
19
Synchronizing Data In A Multi-Data Center
- 19.1 Understanding the Multi-Data Center Synchronization
- 19.2 Enabling Data Replication
- 19.3 Synchronizing Master and Clone Metadata
- 19.4 Using REST API for Replication Agreements
- 19.5 Customizing Transformation Rules
- 19.6 Disabling Automated Policy Synchronization
- 19.7 Best Practices for Replication
-
20
Setting Up the Multi-Data Center: A Sequence
- 20.1 Before You Begin
- 20.2 Setting Up a Multi-Data Center
- 20.3 Enabling Automated Policy Synchronization
-
20.4
Troubleshooting the Multi-Data Center Setup
- 20.4.1 Unauthorized Error Displayed When the Authorization Header is Correct
- 20.4.2 Curl Command Returns Curl: (35) SSL Connect Error
- 20.4.3 APS Synchronization Failed With 401-UnAuthorized Error
- 20.4.4 Fail to Decrypt oamkeystore Data with Cipher Key from OAM Config
- 20.4.5 Modifying the Polling Interval in Clone Data Centers
- 20.4.6 Overwriting the Existing MDC Configuration or Recovering from an Inconsistent State
- 20.4.7 Changing the Security Mode of Managed Servers in Working MDC Environment
- 20.4.8 MDC Session Adoption Issues in 11g–12c OAM Setup with SIMPLE Mode Servers
- 20.4.9 Request Failed When the Input Parameters Passed are Valid
- 20.4.10 Modifying Session Control Parameters
- 20.4.11 Modifying Backward Compatibility Flag
- 20.4.12 Disabling MDC
- 20.4.13 Backup Existing Artifacts in a Data Center
-
17
Understanding Multi-Data Centers
-
Part VI Managing Access Manager SSO, Policies, and Testing
-
21
Understanding Single Sign-On with Access Manager
- 21.1 Access Manager Single Sign-On Components
- 21.2 Access Manager Policy Model
- 21.3 Anatomy of an Application Domain and Policies
- 21.4 Policy Conditions and Rules
- 21.5 Understanding SSO Cookies
- 21.6 Configuring Single Sign-On with Access Manager
-
22
Managing Authentication and Shared Policy Components
- 22.1 Prerequisites to Managing Authentication and Shared Policy Components
- 22.2 Configuring Shared Policy Components
- 22.3 Managing Resource Types
- 22.4 Managing Host Identifiers
- 22.5 Understanding Authentication Methods and Credential Collectors
- 22.6 Managing Native Authentication Modules
-
22.7
Orchestrating Multi-Step Authentication with Plug-in Based Modules
- 22.7.1 Simple Form Versus Multi-Factor (Multi-Step) Authentication
- 22.7.2 Access Manager Plug-ins for Multi-Step Authentication Modules
- 22.7.3 Pre-populated Plug-ins for Configuring Access Manager with Multi-Step Authentication
- 22.7.4 Example: Leveraging SubjectAltName Extension Data and Integrating with Multiple OCSP Endpoints
- 22.7.5 Creating a Custom Authentication Module using Bundled Plug-ins
- 22.7.6 Steps and Plug-ins in Customized Step-up Authentication Module
- 22.7.7 Configuring Step-up Authentication
- 22.7.8 Configuring an HTTPToken Extractor Plug-in
- 22.7.9 JSON Web Token Plug-in
- 22.8 Deploying and Managing Individual Plug-ins for Authentication
- 22.9 Managing Authentication Schemes
- 22.10 Extending Authentication Schemes with Advanced Rules
- 22.11 Configuring Challenge Parameters for Encrypted Cookies
- 22.12 Configuring Authentication POST Data Handling
- 22.13 Long URL Handling During Authentication
- 22.14 Using Application Initiated Authentication
-
23
Understanding Credential Collection and Login
- 23.1 Overview of Access Manager Credential Collection
- 23.2 Overview of the SSO Login Process with OAM Agents and ECC
- 23.3 Overview of the SSO Login Process with OAM Agents and DCC
- 23.4 Configuring OAM WebGate and Authentication Policy for DCC
- 23.5 Tunneling from DCC to Access Manager Over Oracle Access Protocol
- 23.6 Configuring a DCC WebGate for X509 Authentication
-
24
Using Password Policy
- 24.1 Understanding Password Management
- 24.2 Enabling Password Management
- 24.3 Accessing Password Policy Configuration Page
- 24.4 Specifying Credential Collector URLs with Password Policy
- 24.5 Oracle-Provided Password Forms
- 24.6 Managing Global Password Policy
- 24.7 Configuring Password Policy Authentication
- 24.8 Completing Password Policy Configuration
- 24.9 Configuring the PasswordManagementPlugin
- 24.10 Multiple Password Policies
- 24.11 Using ESAPI and Validation Properties
-
25
Managing Policies to Protect Resources and Enable SSO
- 25.1 Prerequisites to Managing Policies and Protecting Resources
- 25.2 Introduction to Application Domain and Policy Creation
- 25.3 Understanding Application Domain and Policy Management
- 25.4 Managing Application Domains Using the Console
-
25.5
Adding and Managing Policy Resource Definitions
-
25.5.1
Resources in an Application Domain
- 25.5.1.1 Resource Type in a Resource Definition
- 25.5.1.2 Host Identifier in a Resource Definition
- 25.5.1.3 Resource URL, Prefixes, and Patterns
- 25.5.1.4 Query String Name and Value Parameters for Resource Definitions
- 25.5.1.5 Literal Query Strings in Resource Definitions
- 25.5.1.6 Run Time Resource Evaluation
- 25.5.2 Defining Resources in an Application Domain
- 25.5.3 Searching for a Resource Definition
- 25.5.4 Viewing, Editing, or Deleting a Resource Definition
-
25.5.1
Resources in an Application Domain
- 25.6 Defining Authentication Policies for Specific Resources
- 25.7 Defining Authorization Policies for Specific Resources
- 25.8 Configuring Success and Failure URLs for Authorization Policies
- 25.9 Introduction to Authorization Policy Rules and Conditions
- 25.10 Defining Authorization Policy Conditions
- 25.11 Defining Authorization Policy Rules
- 25.12 Configuring Policy Ordering
-
25.13
Introduction to Policy Responses for SSO
- 25.13.1 Authentication and Authorization Policy Responses for SSO
- 25.13.2 About the Policy Response Language
- 25.13.3 Namespace and Variable Names for Policy Responses
- 25.13.4 About Constructing a Policy Response for SSO
- 25.13.5 About Policy Response Processing
- 25.13.6 Assertion Claims and Processing
- 25.14 Adding and Managing Policy Responses for SSO
- 25.15 Validating Authentication and Authorization in an Application Domain
- 25.16 Understanding Remote Policy and Application Domain Management
- 25.17 Managing Policies and Application Domains Remotely
- 25.18 Application and Application-types
-
26
Validating Connectivity and Policies Using the Access Tester
- 26.1 Prerequisites to Using the Access Tester to Validate Connectivity and Policies
- 26.2 Introduction to the Access Tester for Access Manager 12c
- 26.3 Installing and Starting the Access Tester
- 26.4 Access Tester Console, Navigation, and Controls
-
26.5
Testing Connectivity and Policies from the Access Tester Console
- 26.5.1 Establishing a Connection Between the Access Tester and the OAM Server
- 26.5.2 Validating Resource Protection from the Access Tester Console
- 26.5.3 Testing User Authentication from the Access Tester Console
- 26.5.4 Testing User Authorization from the Access Tester Console
- 26.5.5 Observing Request Latency
- 26.6 Creating and Managing Test Cases and Scripts
- 26.7 Evaluating Scripts, Log File, and Statistics
- 27 Configuring Centralized Logout for Sessions Involving OAM WebGates
-
21
Understanding Single Sign-On with Access Manager
-
Part VII Managing Oracle Access Management Identity Federation
-
28
Introducing Identity Federation in Oracle Access Management
- 28.1 Integrating Identity Federation with Access Manager
- 28.2 Deploying Identity Federation with Oracle Access Management
- 28.3 Understanding How Identity Federation Works
- 28.4 Using Identity Federation
- 28.5 Initiating Federation SSO
- 28.6 Exchanging Identity Federation Data
- 28.7 Administrating Identity Federation
- 28.8 Enabling Identity Federation
-
29
Managing Identity Federation Partners
- 29.1 Understanding Federation And Partners
- 29.2 Managing Federation Partners
- 29.3 Administering Identity Federation As A Service Provider
- 29.4 Administering Identity Federation As An Identity Provider
- 29.5 Using Attribute Mapping Profiles
- 29.6 Mapping Federation Authentication Methods to Access Manager Authentication Schemes
- 29.7 Using the Attribute Sharing Plug-in for the Attribute Query Service
- 29.8 Using the Federation Proxy
- 29.9 Using WLST for Identity Federation Administration
-
30
Managing Settings for Identity Federation
- 30.1 Prerequisites for Settings in Federation Identity
- 30.2 About Federation Settings
- 30.3 Managing General Federation Settings
- 30.4 Managing Proxy Settings for Federation
-
30.5
Defining Keystore Settings for Federation
- 30.5.1 About Managing Keytore Settings for Identity Federation
-
30.5.2
Managing Identity Federation Encryption/Signing Keys
- 30.5.2.1 Task Overview: Managing Identity Federation Encryption/Signing Keys
- 30.5.2.2 Resetting the System (.oamkeystore) and Trust (amtruststore) Keystore Password
-
30.5.2.3
Adding a New Key Entry to the System Keystore (.oamkeystore)
- 30.5.2.3.1 Task Overview: Adding a New Key Entry to the System Keystore (.oamkeystore)
- 30.5.2.3.2 Adding a New Entry in the .oamkeystore
- 30.5.2.3.3 Adding a New Entry in the Identity Federation Settings
- 30.5.2.3.4 Configuring the Signing and Encryption Key
- 30.5.2.3.5 Using WLST for Key Transport Algorithm
- 30.6 Exporting Metadata
-
31
Managing Federation Schemes and Policies
- 31.1 Use of Identity Federation and Access Manager Together
- 31.2 Using Authentication Schemes and Modules for Identity Federation
-
31.3
Using Authentication Schemes and Modules for Oracle Identity Federation
- 31.3.1 About Scheme OIFScheme
- 31.3.2 About the OIFMTLDAPPlugin Authentication Module
-
31.3.3
Managing Authentication with Oracle Identity Federation Release 11gR1
- 31.3.3.1 Prerequisites for Authentication with Oracle Identity Federation Release 11gR1
- 31.3.3.2 Viewing or Modifying the OIFScheme Authentication Scheme
- 31.3.3.3 Prerequisites for Viewing or Modifying the OIFMTLDAPPlugin Authentication
- 31.3.3.4 Viewing or Modifying the OIFMTLDAPPlugin Authentication
- 31.3.3.5 Adding an Authentication Policy with OIFScheme
- 31.4 Managing Access Manager Policies for Use with Identity Federation
- 31.5 Testing Identity Federation Configuration
- 31.6 Using the Default Identity Provisioning Plug-in
- 31.7 Configuring the Identity Provider Discovery Service
- 31.8 Integrating OAM Identity Provider With Microsoft Office 365 Service Provider
-
28
Introducing Identity Federation in Oracle Access Management
-
Part VIII Managing the Adaptive Authentication Service and Oracle Mobile Authenticator
-
32
Introducing the Adaptive Authentication Service
- 32.1 About Adaptive Authentication Service
- 32.2 Working with the Adaptive Authentication Service
- 32.3 Understanding Adaptive Authentication Service and OMA Configurations
-
32.4
Configuring an Adaptive Authentication Service
- 32.4.1 Generating a Secret Key for the Oracle Mobile Authenticator
- 32.4.2 Configuring Oauth Services to enable the Secret Key API
- 32.4.3 Configuring the Adaptive Authentication Plug-in in the Oracle Access Management Console
- 32.4.4 Setting Credentials for UMS, iOS, and Android
- 32.4.5 Creating a Java KeyStore for iOS Access Request (Push) Notifications
- 32.4.6 Connecting with Messaging Server
- 32.4.7 Enabling REST API to update FCM Service Account JSON
- 32.4.8 Migrating to service account json for Android Push Notification
- 32.4.9 Configuring Host Name Verifier for Android Access Request (Push) Notifications
- 32.4.10 Configuring Access Manager for VPN in a Use Case
- 32.4.11 Troubleshooting Push Notifications
-
33
Configuring the Oracle Mobile Authenticator
- 33.1 Understanding Oracle Mobile Authenticator Configuration
- 33.2 Using the Oracle Mobile Authenticator App
-
33.3
Managing the Oracle Mobile Authenticator App
- 33.3.1 Switching Between Grid View and List View
- 33.3.2 Editing Accounts in the OMA App
- 33.3.3 Reordering Accounts in the OMA App
- 33.3.4 Deleting an Account in the OMA App
- 33.3.5 Enabling App Protection
- 33.3.6 Changing Your OMA App PIN
- 33.3.7 Disabling OMA App PIN Protection
- 33.3.8 Managing Notification History in the OMA App
- 33.4 Configuring the Google Authenticator App
-
32
Introducing the Adaptive Authentication Service
-
Part IX Managing the Oracle Access Management OAuth Service and OpenIDConnect
- 34 Understanding OAuth Services
- 35 Configuring OAuth Services in 12c
-
36
Understanding OpenIDConnect
- 36.1 About OpenIDConnect Tokens
- 36.2 Claims
- 36.3 OpenIDConnect Authentication Flows in Oracle Access Manager
- 37 OIDC Client Integrations with Social Identity Providers
-
Part X Using Identity Context
-
38
Using Identity Context
- 38.1 Introducing Identity Context
- 38.2 Understanding Identity Context
- 38.3 Working With the Identity Context Service
- 38.4 Identity Context API
- 38.5 Configuring the Identity Context Service Components
- 38.6 Validating Identity Context
-
38
Using Identity Context
-
Part XI Integrating Access Manager with Other Products
- 39 Integrating RSA SecurID Authentication with Access Manager
-
40
Configuring Access Manager for Windows Native Authentication
- 40.1 Introducing Access Manager with Windows Native Authentication
- 40.2 About Preparing Your Active Directory and Kerberos Topology
- 40.3 Confirming Access Manager Operations
- 40.4 Enabling the Browser to Return Kerberos Tokens
- 40.5 Integrating KerberosPlugin with Oracle Virtual Directory
- 40.6 Integrating the KerberosPlugin with Search Failover
-
40.7
Configuring Access Manager for Windows Native Authentication
- 40.7.1 Creating the Authentication Scheme for Windows Native Authentication
- 40.7.2 Configuring Policies for Windows Native Authentication
- 40.7.3 Configuring WNA for NTLM Fallback
- 40.7.4 Configuring WNA Fallback to FORM-based Authentication Scheme
- 40.7.5 Verifying the Access Manager Configuration File
- 40.8 Validating WNA with Access Manager Protected Resources
- 40.9 Configuring WNA For Use With DCC
- 40.10 Troubleshooting WNA Configuration
-
41
Integrating Microsoft SharePoint Server with Access Manager
- 41.1 What is Supported in This Release?
- 41.2 Introduction to Integrating With the SharePoint Server
- 41.3 Integration Requirements
- 41.4 Preparing for Integration With SharePoint Server
- 41.5 Integrating With Microsoft SharePoint Server
- 41.6 Setting Up Microsoft Windows Impersonation
- 41.7 Completing the SharePoint Server Integration
-
41.8
Integrating With Microsoft SharePoint Server Configured With LDAP Membership Provider
- 41.8.1 About Integrating With Microsoft SharePoint Server Configured With LDAP Membership Provider
- 41.8.2 Installing Access Manager for Microsoft SharePoint Server Configured With LDAP Membership Provider
- 41.8.3 Configuring an Authentication Scheme for Use With LDAP Membership Provider
- 41.8.4 Integrating SharePoint Server with OAM 11g using FBA
- 41.8.5 Ensuring Directory Servers are Synchronized
- 41.8.6 Testing the Integration
- 41.9 Configuring Single Sign-On for Office Documents
- 41.10 Configuring Single Sign-off for Microsoft SharePoint Server
- 41.11 Setting Up Access Manager and Windows Native Authentication
- 41.12 Synchronizing User Profiles Between Directories
- 41.13 Testing Your Integration
- 41.14 Troubleshooting
-
42
Integrating Access Manager with Outlook Web Application
- 42.1 What is New in This Release?
- 42.2 Introduction to Integration with Outlook Web Application
-
42.3
Enabling Impersonation With a Header Variable
- 42.3.1 Requirements for Impersonation with a Header Variable
- 42.3.2 Creating an Impersonator as a Trusted User
- 42.3.3 Assigning Rights to the Trusted User
- 42.3.4 Binding the Trusted User to Your WebGate
- 42.3.5 Adding an Impersonation Response to An Application Domain
- 42.3.6 Adding an Impersonation DLL to IIS
- 42.3.7 Testing Impersonation
-
42.4
Setting Up Impersonation for Outlook Web Application (OWA)
- 42.4.1 Prerequisites to Setting Impersonation for Outlook Web Application
- 42.4.2 Creating a Trusted User Account for Outlook Web Application
- 42.4.3 Assigning Rights to the Outlook Web Application Trusted User
- 42.4.4 Binding the Trusted Outlook Web Application User to Your WebGate
- 42.4.5 Adding an Impersonation Action to an Application Domain for Outlook Web Application
- 42.4.6 Adding an Impersonation dll to IIS
- 42.4.7 Configuring IIS Security
- 42.4.8 Testing Impersonation for Outlook Web Application
- 42.5 Setting Up Access Manager WNA for Outlook Web Application
-
43
Integrating Microsoft Forefront Threat Management Gateway 2010 with Access Manager
- 43.1 What is New in This Release?
- 43.2 Introduction to Integration with TMG Server 2010
- 43.3 Creating a Forefront TMG Policy and Rules
- 43.4 Installing and Configuring 11g Webgate for Forefront TMG Server
- 43.5 Configuring the TMG 2010 Server for the ISAPI 11g Webgate
- 43.6 Starting, Stopping, and Restarting the TMG Server
- 43.7 Removing Access Manager Filters Before WebGate Uninstall on TMG Server
- 43.8 Troubleshooting
-
44
Integrating Access Manager with SAP NetWeaver Enterprise Portal
- 44.1 What is Supported in This Release?
- 44.2 Supported Versions and Platforms
- 44.3 Integration Architecture
-
44.4
Configuring Oracle Access Management and NetWeaver Enterprise Portal 7.0.x
- 44.4.1 Before You Begin Configuring OAM and NetWeaver Enterprise Portal 7.0.x
- 44.4.2 Configuring the Apache HTTP Server as a Proxy
- 44.4.3 Configuring SAP NetWeaver Enterprise Portal for External Authentication
- 44.4.4 Adjusting the Login Module Stacks for using Header Variables
- 44.4.5 Configuring Access Manager for SAP Enterprise Portal
-
44.5
Configuring Oracle Access Management and NetWeaver Enterprise Portal 7.4.x
- 44.5.1 Before You Begin Configuring OAM and NetWeaver Enterprise Portal 7.4.x
- 44.5.2 Configuring Access Manager for SAP NetWeaver Enterprise Portal 7.4.x
- 44.5.3 Configuring Apache Web Server 2.0.x or 2.2.x
- 44.5.4 Configuring SAP Enterprise Portal 7.4 for External Authentication
- 44.5.5 Adjusting the Login Module Stacks for Using Header Variables
- 44.6 Testing the Integration
- 44.7 Troubleshooting the Integration
-
Appendixes
-
A
Integrating Oracle ADF Applications with Access Manager SSO
- A.1 Introducing Oracle Platform Security Services and Oracle Application Developer Framework
- A.2 Integrating Access Manager With Web Applications Using Oracle ADF Security and the OPSS SSO Framework
- A.3 Configuring Centralized Logout for Oracle ADF-Coded Applications
- A.4 Confirming Application-Driven Authentication During Runtime
-
B
Securing Communication
- B.1 Prerequisites to Setting up a Secure Communication between OAM Servers and Webgates
- B.2 Securing Communication Between OAM Servers and WebGates
- B.3 Generating Client Keystores for OAM Tester in Cert Mode
-
B.4
Configuring Cert Mode Communication for Access Manager
- B.4.1 About Cert Mode Encryption and Files
- B.4.2 Generating a Certificate Request and Private Key for OAM Server
- B.4.3 Retrieving the .OAMKeystore password stored in UDM
- B.4.4 Importing the Trusted, Signed Certificate Chain Into the Keystore
- B.4.5 Adding Certificate Details to Access Manager Settings
- B.4.6 Generating a Private Key and Certificate Request for WebGates
- B.4.7 Supporting Two-Way SSL for CERT Mode Communication
- B.4.8 Updating WebGate to Use Certificates
- B.5 Configuring Simple Mode Communication with Access Manager
- C Setting the GCM API key within the OAM Credential Store
-
D
Troubleshooting
-
D.1
Introduction to Oracle Access Management Troubleshooting
- D.1.1 System Analysis and Problem Scenarios
- D.1.2 LDAP Server or Identity Store Issues
- D.1.3 OAM Server or Host Issues
- D.1.4 Agent-Side Configuration and Load Issues
- D.1.5 Runtime Database (Audit or Session Data) Issues
- D.1.6 Change Propagation or Activation Issues
- D.1.7 Policy Store Database Issues
- D.2 My Oracle Support for Additional Troubleshooting Information
- D.3 SQL Queries to List Sessions and Plugins from Database
- D.4 Administrator Lockout
- D.5 Error During Federation Configuration After Upgrade from PS1 to PS2
- D.6 Oracle Access Management Console Inconsistent State
- D.7 AdminServer Won't Start if the Wrong Java Path Given with WebLogic Server Installation
- D.8 Agent Naming Not Unique
- D.9 Application URL Requirements
- D.10 Authentication Issues
- D.11 Authorization Issues
- D.12 Cannot Access Authentication LDAP or Database
- D.13 Cannot Find Configuration
- D.14 OAM unsupports Whole Server Migration
- D.15 Could Not Find Partial Trigger
- D.16 Denial of Service Attacks
- D.17 Diagnosing Initialization and Performance Issues
- D.18 Disabling Windows Challenge/Response Authentication on IIS Web Servers
- D.19 Changing UserIdentityStore1 Type Can Lock Out Administrators
- D.20 IIS Web Server Issues
- D.21 Import and File Upload Limits
- D.22 jps Logger Class Instantiation Warning is Logged on Authentication
- D.23 Internationalization, Languages, and Translation
- D.24 Login Failure for a Protected Page
- D.25 OAM Metric Persistence Timer IllegalStateException: SafeCluster
- D.26 Partial Cluster Failure and Intermittent Login and Logout Failures
- D.27 RSA SecurID Issues and Logs
- D.28 Registration Issues
- D.29 Rowkey does not have any primary key attributes Error
- D.30 SELinux Issues
- D.31 Session Issues
- D.32 SSL versus Open Communication
- D.33 Start Up Issues
- D.34 Synchronizing OAM Server Clocks
- D.35 Time delay in configuration change
- D.36 Validation Errors
-
D.37
Web Server Issues
- D.37.1 Server Fails on an Apache Web Server
- D.37.2 Apache v2 on HP-UX
- D.37.3 Apache v2 Bundled with Red Hat Enterprise Linux 4
- D.37.4 Apache v2 Bundled with Security-Enhanced Linux
- D.37.5 Apache v2 on UNIX with the mpm_worker_module for Webgate
- D.37.6 Domino Web Server Issues
- D.37.7 Errors, Loss of Access, and Unpredictable Behavior
- D.37.8 Known Issues for ISA Web Server
- D.37.9 Oracle HTTP Server Fails to Start with LinuxThreads
- D.37.10 Oracle HTTP Server Webgate Fails to Initialize On Linux Red Hat 4
- D.37.11 Oracle HTTP Server Web Server Configuration File Issue
- D.37.12 Issues with IIS v6 Web Servers
- D.37.13 PCLOSE Error When Starting Sun Web Server
- D.37.14 Removing and Reinstalling IIS DLLs
- D.38 Windows Native Authentication
-
D.39
WLST Commands for Multi-Data Centers
- D.39.1 enableMultiDataCentreMode
- D.39.2 disableMultiDataCentreMode
- D.39.3 addPartnerForMultiDataCentre
- D.39.4 removePartnerForMultiDataCentre
- D.39.5 setMultiDataCenterType
- D.39.6 setMultiDataCenterWrite
- D.39.7 setMultiDataCentreClusterName
- D.39.8 validateMDCConfig
- D.39.9 exportAccessStore
- D.39.10 importAccessStore
- D.40 Comparing Default Parameters and Values used in MDC Configuration for 11g and 12c
-
D.1
Introduction to Oracle Access Management Troubleshooting
-
A
Integrating Oracle ADF Applications with Access Manager SSO