Clik here to view.
MDC Switch – Configuring Multi-Data Center Types
INTRODUCTION This post discusses the steps required to configure a “master” data center to a “clone” data center and visa-versa. If you are not familiar with Multi-Data Center (MDC) implementation and...
View ArticleImprove Oracle Unified Directory 11gR2 Search Performance with Index Entry Limit
Introduction I am always looking for great tips that give big values; this one is no exception. This article is to help you understand how to tweak the index called “Index Entry Limit” to reap some...
View ArticleClik here to view.
Working with Oracle Unified Directory 11gR2 Transformation Framework
If you have been using Oracle’s Identity Management software for at least the last few years you will probably be familiar or at least heard of OVD (Oracle Virtual Directory), which was original...
View ArticleOracle Unified Directory 11gR2PS3 Very Large Static Groups
This post is about OUD and extremely large static groups where membership numbers exceed hundreds of thousands or even millions; yes I said millions. I have been using Directory Services for over 15...
View ArticleWhat is SCIM?
SCIM is a standard protocol for accessing identity information (users, roles, etc), including querying, retrieval, create, update and delete. The latest version of SCIM, SCIM 2.0, has been defined in a...
View ArticleClik here to view.
OAM 11g Webgate Tuning
INTRODUCTION This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager Academy. An index to the entire series with links to each of the separate posts is available....
View ArticleClik here to view.
Exploring OAM’s SAML Identity Assertion
Introduction OAM (Oracle Access Manager) has an interesting feature that often goes unnoticed to a considerable number of people wishing to tackle the problem of identity propagation. It’s OAM’s...
View ArticleClik here to view.
OAM Protected SPAs and Same-Origin Policy
Introduction On a previous post, I described the usage of OAM’s SAML Identity Assertion in the context of SPA (Single Page Applications) and how easy it is to take advantage of it for securely...
View ArticleIdentity and Cloud Security A-Team at Oracle Open World
I just wanted to let everyone know that Kiran and I will be presenting with our good friend John Griffith from Regions Bank at Oracle Open World next week. Our session is Oracle Identity Management...
View ArticleImplementing OAuth 2 with Oracle Access Manager OAuth Services (Part III)
Introduction This post is part III of a serie of posts about OAM’s OAuth implementation. Other posts can be found here: Part I – explains the proposed architecture and how to enable and configure OAM...
View ArticleSimplified Role Hierarchy in R10
Introduction Our teammate Jack Desai published an article last year about Fusion Application Roles Concept. It gives you a great overview about the design to grant access to certain functionalities to...
View ArticleImplementing OAuth 2 with Oracle Access Manager OAuth Services (Part IV)
Introduction This post is part IV of a series of posts about OAM’s OAuth implementation. Other posts can be found here: Part I – explains the proposed architecture and how to enable and configure OAM...
View ArticleImplementing OAuth 2 with Oracle Access Manager OAuth Services (Part V)
Introduction This post is part of a series of posts about OAM’s OAuth implementation. Other posts can be found here: Part I – explains the proposed architecture and how to enable and configure OAM...
View ArticleRetrieving the OAM SessionID for Fun and Profit!
Introduction I recently worked with a customer who needed to do some OAM session manipulation via custom code in order to implement a complex use case. While the focus of this post is not to go into...
View ArticleMultiple authentication mechanism chaining in OAM
Authentication mechanism chaining Since the inception of OAM 11g, we have been talking about authentication scheme chaining and being able to invoke multiple authentication schemes in sequence or...
View ArticleOIM Connector for Identity Cloud Service
The IDCS Connector is an OIM REST based connector for Oracle’s Identity Cloud Service (IDCS). In this blog we will look at use case scenarios for hybrid cloud solutions, that span both the Oracle...
View ArticleThe Ultimate Apache/OHS11g Tuning Guide for OAM11g WebGate
Introduction OK, maybe “Ultimate” could be stretching it, but it caught your eye so you can be the judge. This post is part of a larger series on Oracle Access Manager 11g called Oracle Access Manager...
View ArticlePart 1 of 4 – SSSD Linux Authentication: Introduction and Architecture
Introduction This article provides the details needed to solve a real use case used to allow a user to authenticate to an Oracle Public Cloud Linux server in SaaS using a single or multiple LDAP...
View ArticlePart 2 of 4 – SSSD Linux Authentication: LDAP Identity Store Requirements
Introduction In Part 1 of 4 – SSSD Linux Authentication: Introduction and Architecture I covered an introduction on SSSD and an architecture overview with details on the flow of how it all works. In...
View ArticlePart 3 of 4 – SSSD Linux Authentication: Implementation Step-by-Step Guideline
Introduction In Part 2 of 4 – SSSD Linux Authentication: LDAP Identity Store Requirements all the aspects of the LDAP Identity Store requirements were covered. And before that in article Part 1 of 2 –...
View ArticlePart 4 of 4 – SSSD Authentication: Known Problems and Troubleshooting Tips
Introduction In Part 3 of 4 – SSSD Linux Authentication: Implementation Step-by-Step Guideline I covered all the necessary step-by-step details on deploying SSSD, but nothing ever seems to go perfect...
View ArticleIDCS Integrations Series Part II:Integrating Fusion Application with IDCS
Overview Just like every other application, Fusion applications have also moved to cloud. So far large number of fusion deployments in the cloud are OMCS (Oracle Managed Cloud Services) deployments...
View ArticleIDCS Integrations Series Part III: Integrating on-prem applications to IDCS
Overview As more and more customers move Identity to the cloud, we will run into applications that cannot be migrated in short term or cannot be migrated at all to cloud for various reasons including...
View ArticleHow to Configure Oracle Identity Manager to use Unicast
As of version 11gR2PS1 (11.1.2.1.0), OIM relies on JGROUPS to implement cache coordination among all it’s cluster nodes. Out of the box OIM is configured to use Multicast (one to many) for JGroups for...
View ArticleUnder the hood: Oracle Identity Cloud Service Audits
Introduction Audit events enable organization administrators to review the actions performed by members of your organization using details provided by the Audit logs – who performed the action,...
View ArticleUsing SSSD with Kerberos and Active Directory to Terminal into an OCI Linux...
Introduction OCI or Oracle Cloud Infrastructure, is Oracle’s latest cloud infrastructure that is replacing the older Oracle Cloud Infrastructure Classic. One feature it has is built-in Identity...
View ArticleCustom Login Widget for Oracle Identity Cloud Services
Introduction Identity Cloud Services (IDCS) 18.2.4 introduced an all new authentication API that allows customers to build their own login application. Those new APIs allow you to do username and...
View ArticlePart 1: Automate getting an Identity Cloud Service Access Token in Postman
Introduction If you have spent enough time working with web services you have probably heard of Postman. If not, then let me say it is a great tool to test REST APIs against Identity Cloud Service...
View ArticlePart 2: Using Postman Runner with Identity Cloud Service
Introduction In the last article, Part 1: Automate getting an Identity Cloud Service Access Token in Postman, I explained how using a Pre-request Script can automate getting an access token so when a...
View ArticlePart 3: Automate Requests against Identity Service Cloud using Newman
Introduction In Part 1: Automate getting an Identity Cloud Service Access Token in Postman I covered using a Pre-request script to automate getting an Access Token from Identity Cloud Service in order...
View ArticleSilently federate from your SAML IdP or OpenID Connect Provider to IDCS
Introduction As you may know IDCS can operate as both a SAML IdP and a SAML SP at the same time – a use case known as an IdP Proxy or IdP Chaining. This is useful in a bunch of situations, but the most...
View ArticleCloud Security: User Provisioning to Fusion Applications Cloud
Introduction The notion of a user is the most common reason for misunderstanding and confusion. When we mention a user, we often think of the person who is allowed to use an application. However,...
View ArticleUsing the IDCS’ OAuth Device Flow for Fun and Profit
Introduction If you’ve been on the internet recently you’ve probably used OAuth and more specifically the “Authorization Code” grant type (or “AZ Code” if, like The Dude, you are into the whole brevity...
View ArticleTransport Level Security (TLS) and Java
Know Which Versions of TLS are Supported in Recent Java Versions NOTE: A more comprehensive examination of TLS and what to examine when setting up web service integrations in Oracle Cloud Saas...
View ArticleIntegrating APEX with Oracle Identity Cloud Service
Introduction The purpose of this blog post is to describe how to do the Integration of APEX(on-premise) with Oracle Identity Cloud Service(IDCS). The integration described in this Post relies on APEX...
View ArticleImplement Social Login with Oracle Identity Cloud Service
Overview Social login is an important use case for B2C applications be it marketing or eCommerce. It is a form of sign-in/login where a user uses social network services like Facebook, Twitter or...
View ArticleIDCS Integrations Series Part I: Integrating WebLogic Hosted Application with...
Overview As you implement IDCS (Oracle IDentity Cloud Service) use cases, you would have started thinking, “how do you integration application X with IDCS?”, Specially the applications running...
View ArticleRestricting Access to Oracle Analytics Cloud by IP Range
For other A-Team articles by Richard, click here Introduction Customers may want to restrict access to their Oracle Cloud Services to a set of IP ranges, for instance to only allow connections coming...
View ArticleImplementing Data Level Security in Oracle Analytics Cloud using Identity...
Introduction This post describes implementing Data Level Security in Oracle Analytics Cloud (OAC) using Identity Cloud (IDCS) groups. It focuses on what steps are needed. Links to relevant...
View ArticleCreating a 3-legged OAuth Application in IDCS
Where is the simple “shake ‘n’ bake” / step by step guide to creating a 3-legged, Authorization Code flow OAuth client in IDCS? Right here. 1: From the Dashboard in IDCS click the + under Applications...
View ArticleMass Reset Password -part2 – using OIM Apis
Introduction Back in November, I wrote a blog about Mass Rest Password using OID. As mentioned there, and expected for this month, Oracle is now providing the same password change feature, but now...
View ArticleConfiguring OAM SSO for ATG BCC and Endeca XM
Introduction Single sign-on, or “SSO” as it’s commonly referred to, is an authentication method that allows a user access to multiple applications through a single, secure, point of entry. Rather than...
View ArticleProtecting users and their emails after FA-P2T in On-Prem Environments
Introduction The P2T – Prodution to Test – procedure is a very popular feature that FA customers utilize. It allows them to have their production data copied to another environment. Nowadays, P2T is a...
View ArticleOAM Federation: Identity Provider & Service Provider Management
In this blog post I want to clarify a point of initial confusion some people experience with OAM Federation 11.1.2.3. If we go to the “Federation” tab of the OAM Console, we see: Now the two main...
View ArticleOAM Federation 11.1.2.3: Performing a Loopback Test
In this blog post I will share steps for performing a loopback test of OAM Federation 11.1.2.3. In a loopback test, we configure OAM’s SP to point to OAM’s IdP. This enables you to confirm the basic...
View ArticleOAM Federation 11.1.2.3: Example Message Processing Plugin
SAML is an extensible protocol. Since it is based on XML, through the use of XML namespaces, custom elements and attributes can be inserted into the SAML messages at the appropriate places. Sometimes...
View ArticleOAM Federation 11.1.2.3: Performing a loopback test with WS-Federation
In a previous post I gave steps for performing a loopback test with SAML. This is where we configure OAM Federation to talk to itself, to act as both IdP and SP. This is useful in development and test...
View ArticleImplementing OAuth 2 with Oracle Access Manager OAuth Services (Part I)
Introduction This post will explain the basics of OAuth 2.0 and how it can be used to protect resources by implementing some of the most common OAuth use cases. OAM provides out of the box OAuth...
View ArticleImplementing OAuth 2 with Oracle Access Manager OAuth Services (Part II)
Introduction This post is part II of a series of posts about OAM’s OAuth implementation. Other posts can be found here: Part I – explains the proposed architecture and how to enable and configure OAM...
View ArticleIntegrating Okta as Identity Provider to IDCS
IDCS (IDentity Cloud Service) is Oracle’s next-gen Identity solution built in the cloud for the cloud. It is fully standards compliant and implements various standards like SAML (Security Assertion...
View Article