All tasks in this book presume that you have Oracle Adaptive Access Manager 11g installed with initial configuration completed as described in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
This chapter presents details on setting up the Oracle Adaptive Access Manager environment for first time users. For information on how to upgrade an existing Oracle Adaptive Access Manager 10g (10.1.4.5) to Oracle Adaptive Access Manager 11g Release 1, refer to the Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management.
The Oracle Fusion Middleware Installation Guide for Oracle Identity Management 11g Release 1 (11.1.1) provides all installation and initial configuration details.
Oracle Adaptive Access Manager is installed into an environment where you may install other Oracle Identity Management 11g components.
The following Oracle Adaptive Access Manager-related components are deployed in a new WebLogic administration domain using the Oracle Fusion Middleware Configuration Wizard:
WebLogic Administration Server
Managed Server for Oracle Adaptive Access Manager
Oracle Adaptive Access Manager Console deployed on the Administration Server
For information on how to install and configure Oracle Adaptive Access Manager, see the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
After installing and configuring Oracle Adaptive Access Manager, you must complete the following tasks to set up the initial base Oracle Adaptive Access Manager environment.
Procedures are provided in the following sections:
The Oracle Adaptive Access Manager Command-Line Interface (CLI) scripts enable users to perform various tasks instead of using the Oracle Adaptive Access Manager Administration Console.
For information on setting up the CLI environment, see Section 29.2, "Setting Up the CLI Environment."
Encryption is used to protect data within Oracle Adaptive Access Manager from unauthorized access. The process uses methods and a key or keys to encode plain text into a non-readable form. A key is required to decrypt the encrypted information and make it readable again. Authorized persons who possess the key can decrypt information that is encrypted with the same key.
This section provides instructions to set up encryption and database credentials for Oracle Adaptive Access Manager.
An overview for setting up encryption and database credentials is provided in this section.
Setting up encryption involves the following steps:
Ensure the secret keys (a.k.a symmetric keys) for both the configuration value and database are available. If you do not have a secret key, generate an encoded symmetric key using the genEncodedKey command.
Encode the key using the base64encode option of the encodeKey command. This step is not required if the genEncodedKey command was used to generate the key.
Use the Fusion Middleware Control to add the encoded secret key to an alias in the Credential Store Framework in the domain where Oracle Adaptive Access Manager is installed.
A credential store is a repository to store user name/password or generic credentials (a certificate). The value of using a credential store is that the application does not store passwords in clear text and does not have to invent its own solutions for protecting passwords, allowing administrators and developers alike to work with a consistent credential repository.
Configuring database credentials in the Credential Store Framework involves the following steps:
Use the Fusion Middleware Control to add database credentials (user name and password) in the Credential Store Framework in the domain where Oracle Adaptive Access Manager is installed. These credentials are used by the Oracle Adaptive Access Manager command-line utilities.
Configure the properties files that are used by the Oracle Adaptive Access Manager CLI utilities with details of the WebLogic administration server and Oracle Adaptive Access Manager database.
For information on the credential store, refer to "Managing the Credential Store" in the Oracle Fusion Middleware Application Security Guide.
Prerequisites for setting up encryption and database credentials for Oracle Adaptive Access Manager are:
If you do not have access to the Oracle Adaptive Access Manager installation folder, make sure Oracle Adaptive Access Manager 11g is configured with Fusion Middleware Control while creating the domain.
If you have access to the Oracle Adaptive Access Manager installation folder then make sure you have access to running the command-line scripts in the MW_HOME\IDM_ORACLE_HOME\oaam\cli folder.
Make sure Sun JDK is installed and check that the java command is in the path by executing the java command.
Note:
If you are upgrading from Oracle Adaptive Access Manager 10.1.4.5 to Oracle Adaptive Access Manager 11g, you can skip Section 2.4.3, "Setting up Secret Key for Encrypting Configuration Values,", Section 2.4.4, "Setting Up Secret Key for Encrypting Database Values,"and Section 2.4.5, "Generating an Encoded Secret Key," since the Upgrade Assistant automatically migrates the secret keys from Oracle Adaptive Access Manager 10.1.4.5 to the Credential Store Framework in Oracle Adaptive Access Manager 11g.
To set up the secret key for encrypting configuration values, follow the steps in this section:
Go to the Oracle Adaptive Access Manager command-line folder MW_HOME\IDM_ORACLE_HOME\oaam\cli.
Create a file config_secret_key.file and add the secret key to the file by entering:
tobase64=<secret-key>
Note:
If you do not have any secret key refer to Section 2.4.5, "Generating an Encoded Secret Key."
This is your key to the encryption algorithm.
Note that 3DES accepts any key, but it must be a minimum of 24 characters.
Encode the key using the Base64 algorithm by executing the following command.
In Unix
encodeKey.sh config_secret_key.file
In Windows
encodeKey.cmd config_secret_key.file
If the encoding command was successful, you see output similar to the following:
base64encode is done! Base64 Encoded value =<encoded_value>
If the KeyStore command was not successful, you might see the following error:
Exception in thread "main" java.lang.NoClassDefFoundError: while resolving class: com.bharosa.vcrypt.common.util.KeyStoreUtil at java.lang.VMClassLoader.resolveClass(java.lang.Class) (/usr/lib/libgcj.so.5.0.0) at java.lang.Class.initializeClass() (/usr/lib/libgcj.so.5.0.0) at java.lang.Class.forName(java.lang.String, boolean, java.lang.ClassLoader) (/usr/lib/libgcj.so.5.0.0) at java.lang.Class.forName(java.lang.String) (/usr/lib/libgcj.so.5.0.0)
Note down the encoded value of the key printed on the screen. Make sure there are no spaces. You need this to add to the Credential Store Framework.
Refer to Section 2.4.6, "Adding Symmetric Key to the Credential Store Framework" for instructions to add the encoded key to the Credential Store Framework.
To set up the secret key for encrypting database values:
Go to the Oracle Adaptive Access Manager command-line folder MW_HOME\IDM_ORACLE_HOME\oaam\cli.
Create a file db_secret_key.file and add the secret key to the file by entering:
tobase64=<secret-key>
Note:
If you do not have any secret key refer to Section 2.4.5, "Generating an Encoded Secret Key."
This is your key to the encryption algorithm.
Note that 3DES accepts any key, but it must be a minimum of 24 characters.
Encode the key using Base64 algorithm by executing the following command.
In Unix
encodeKey.sh db_secret_key.file
In Windows
encodeKey.cmd db_secret_key.file
If the encoding command was successful, you see output similar to the following:
base64encode is done! Base64 Encoded value = <encoded_value>
If the KeyStore command was not successful, you might see the following error:
Exception in thread "main" java.lang.NoClassDefFoundError: while resolving class: com.bharosa.vcrypt.common.util.KeyStoreUtil at java.lang.VMClassLoader.resolveClass(java.lang.Class) (/usr/lib/libgcj.so.5.0.0) at java.lang.Class.initializeClass() (/usr/lib/libgcj.so.5.0.0) at java.lang.Class.forName(java.lang.String, boolean, java.lang.ClassLoader) (/usr/lib/libgcj.so.5.0.0) at java.lang.Class.forName(java.lang.String) (/usr/lib/libgcj.so.5.0.0)
Note down the encoded value of the key printed on the screen. Make sure there are no spaces. You need this to add to the Credential Store Framework.
Refer to Section 2.4.6, "Adding Symmetric Key to the Credential Store Framework" for instructions on adding the encoded key to the Credential Store Framework.
To generate an encoded secret key:
Execute the following command:
In Unix
genEncodedKey.sh sample.db_3des_input.properties
In Windows
genEncodedKey.cmd sample.db_3des_input.properties
If the command is successful you see output similar to the following:
Generated key = <encoded_key>
Note:
Encoding the generated key is not necessary since it is already encoded.
OAAM Servers automatically generate the secret key if you start them after domain creation. You can choose to use those autogenerated secret keys if you do not want to use different secret keys.
To add symmetric key to the Credential Store Framework:
Log in to Fusion Middleware Control at http://weblogic_admin_server:port/em using the Web browser and use the WebLogic Administrator credentials to log in.
Expand the WebLogic Domain icon in the Navigation tree in the left pane.
Select OAAM domain and right-click and select the menu option Security, and then the option Credentials in the submenu.
Check if there is a map with the name oaam. If not, click the Create Map option and enter the Map Name as oaam. Click OK to save the map.
Click oaam to select the map and then click Create Key.
In the pop-up dialog make sure Select Map is oaam.
Enter:
Enter a description in the Description field.
Click OK to save the secret key to the Credential Store Framework.
Make sure you back up the alias and the secret key.
The backup is required if you must recreate the domain and point the domain to the existing Oracle Adaptive Access Manager database.
Note:
If you lose the secret key, all the existing data in the Oracle Adaptive Access Manager database becomes unusable since many important administrative operations involve encrypted data.
To set up the Oracle Adaptive Access Manager database credentials in the Credential Store Framework:
Log in to Fusion Middleware Control at http://weblogic_admin_server:port/em using the Web browser and use the WebLogic Administrator credentials to log in.
Expand the WebLogic Domain icon in the Navigation tree in the left pane.
Select the OAAM domain and right-click and select the menu option Security and then the option Credentials in the submenu.
Check to see whether there is a map with the name oaam. If not click the Create Map option and enter the Map Name as oaam. Click OK to save the map.
Click oaam to select the map and then click Create Key.
OAAM Servers automatically generate the secret key if you start them after domain creation. You can choose to use those auto-generated secret keys if you do not want to use different secret keys.
In the pop-up dialog make sure Select Map is oaam.
Enter the following:
Enter the description.
Click OK to save the secret key to the Credential Store Framework.
You must back up the secret keys used. You may need these keys, if you have to recreate the Oracle Adaptive Access Manager 11g domain. Make sure you note the secret key and the alias name.
Log in to Oracle Enterprise Manager.
Expand the WebLogic Domain on the left pane, and select OAAM domain.
From the OAAM Domain, select Security, and then Credentials.
Expand oaam and select the symmetric key related entries associated with the Type Generic.
Click Edit.
Go to the Credentials section then copy the symmetric key related entries and note the key name.
Repeat the above steps to back-up database and configuration keys.
Note:
If you delete and recreate the Oracle Adaptive Access Manager 11g domain, make sure you use the backed-up secret keys when setting the encryption keys so that the existing data in the Oracle Adaptive Access Manager database can be decrypted properly.
Before you can access the Oracle Adaptive Access Manager Administration Console, you must create users. Creating these users allows you to use OAAM.
The user can be created in the WebLogic Administration Console. Details for creating an administration user in the WebLogic Administration Console are provided below.
If you want to take care of user and group creation in the external LDAP store, see Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management.
You create a user as follows:
Log in to the Oracle WebLogic Administration Console for your WebLogic administration domain.
In the left pane, select Security Realms.
On the Summary of Security Realms page select the name of the realm (for example, myrealm).
On the Settings for Realm Name page select Users and Groups > Users.
Click New and provide the required information to create a user, such as user1, in the security realm.
Click the newly created user, user1.
Click the Groups tab.
Assign any of the groups with the OAAM prefix to the user, user1.
Click Save.
A full snapshot of policies, dependent components and configurations is shipped with Oracle Adaptive Access Manager. The oaam_base_snapshot.zip file is located in the MW_HOME/IDM_ORACLE_HOME/oaam/init directory.
Log in to the Oracle Adaptive Access Manager Administration Console (OAAM Admin) using the following URL:
http://host:port/oaam_admin
Load the snapshot file into the system by following these instructions:
Open System Snapshot under Environment in the Navigation tree.
Click the Load from File button.
A Load and Restore Snapshot dialog appears.
Deselect Back up current system now and click Continue.
A dialog appears with the message that you have not chosen to back up the current system, and do you want to continue?
When the dialog appears with the message that you have not chosen to back up the current system, and do you want to continue, click Continue.
The Load and Restore Snapshot page appears for you to choose a snapshot to load.
Browse for oaam_base_snapshot.zip and click the Load button to load the snapshot into the system database.
Click OK and then Restore.
The snapshot contains the following items that must be imported into OAAM:
Challenge questions for English (United States)
During registration, which could be enrollment, opening a new account, or another events such as a reset, the user selects different questions from a list of questions and enters answers to them. These questions, called challenge questions, are used to authenticate users.
Questions for the languages you want to support must be in the system before users can be asked to register. These questions may also be required to log in to OAAM Server.
The actors that are tracked during authentication are called authentication entities and include user, city, device, and so on. These base entities are required to enable conditions that are used for patterns.
Patterns are used by Oracle Adaptive Access Manager to either define one bucket or dynamically create buckets. Oracle Adaptive Access Manager collects data and populates these buckets with members based on pattern parameters, and rules perform risk evaluations on dynamically changing membership and distributions of the buckets.
Out-of-the-box configurable actions
Configurable actions are actions that are triggered based on the result action or risk scoring or both after a checkpoint execution. The configurable actions are built using action templates.
Note:
If you are upgrading from Oracle Adaptive Access Manager 10.1.4.5 to Oracle Adaptive Access Manager 11g, you see that the names and descriptions of the out-of-the-box action templates are slightly different, since the action templates in Oracle Adaptive Access Manager 11g are globalized and hence the difference.
Policies are designed to help evaluate and handle business activities or potentially risky activities that are encountered in day-to-day operation.
Collections of items used in rules, user groups, and action and alert groups are shipped with OAAM.
If you need to customize any properties, you should import the snapshot into your new test system, make the changes, export the snapshot, and import it into your new system. Alternatively you can import the snapshot on the new system and make the property changes directly, thereby eliminating the test system completely.
Note:
This procedure is only for first time initial setup. Importing a snapshot overwrites the existing environment and replaces it with a new one. For upgrades, import separate zip files for the entities, definitions, or policies.
For upgrading policies, components, and configurations, perform a backup, and then import the separate file. The following are available:
Base policies are shipped in the oaam_policies.zip file, which is located in the MW_HOME/IDM_ORACLE_HOME/oaam/init directory
Configurable action templates are shipped in the OOTB_Configurable_Actions.zip file, which is located in the MW_HOME/IDM_ORACLE_HOME/oaam/init directory.
Base-authentication required entities are shipped in the Auth_EntityDefinition.zip file, which is located in the MW_HOME/IDM_ORACLE_HOME/oaam/init directory.
Default patterns are shipped in the OOB_Patterns.zip file, which is located in the MW_HOME/IDM_ORACLE_HOME/oaam/init directory
IP location data is used by the risk policies framework to determine the risk of fraud associated with a given IP address (location).
To be able to determine location of the login or transaction, this data must be uploaded. For information, see Section 29.4, "Importing IP Location Data."
For information on enabling OTP, refer to Section 9.6, "Enabling OTP Challenge."
A time zone identifies an area that always shares the same local time.
Time zones are used throughout Oracle Adaptive Access Manager for a variety of purposes. A time stamp can indicate when an alert was generated, the process start and end dates of a job, search pages, and so on. Users often are most comfortable working in their local time zones. As the administrator, you can configure the preferred time zones for the OAAM Administration Console.
The property is a system wide time zone setting and not a per-user one. All users must be in the single time zone.
Note that time zone and the browser locale formatting are independent of each other. For example, if you set your browser to en-gb, but set your oaam.adf.time zone to America/Los_Angeles, the time stamps are formatted as per British locale formatting but the time zone is still Pacific Time.
Use the Property Editor to set oaam.adf.timezone to the desired time zone.
For example,
oaam.adf.timezone = Atlantic/Reykjavik
For instructions on using the Properties Editor, refer to Chapter 28, "Using the Properties Editor."
The property takes the standard values for the time zone as listed in Section 2.9.1, "Values for the Common Timezones."
The time zones are as follows:
Pacific/Midway (GMT-11:00) Midway - Samoa Time (ST)
Pacific/Pago_Pago (GMT-11:00) Pago Pago - Samoa Time (ST)
Pacific/Honolulu (GMT-10:00) Honolulu - Hawaii Time (HT)
America/Anchorage (GMT-09:00) Alaska Time (AKT)
America/Tijuana (GMT-08:00) Tijuana - Pacific Time (PT)
America/Vancouver (GMT-08:00) Vancouver - Pacific Time (Canada) (PT)
America/Los_Angeles (GMT-08:00) Los Angeles - Pacific Time (PT)
America/Chihuahua (GMT-07:00) Chihuahua - Mexico Time 2 (MT)
America/Denver (GMT-07:00) Denver - Mountain Time (MT)
America/Edmonton (GMT-07:00) Mountain Time
Canada (MT)
America/Phoenix (GMT-07:00) Mountain Time (MT)
America/Mazatlan (GMT-07:00) Mexico Time 2 (MT)
America/Guatemala (GMT-06:00) Guatemala - Central America Time (CT)
America/Regina (GMT-06:00) Regina - Central Time (CT)
America/Chicago (GMT-06:00) Chicago - Central Time (CT)
America/Managua (GMT-06:00) Managua - Central America Time (CT)
America/Winnipeg (GMT-06:00) Central Time (Canada) (CT)
America/El_Salvador (GMT-06:00) El Salvador - Central America Time (CT)
America/Costa_Rica (GMT-06:00) Costa Rica - Central America Time (CT)
America/Mexico_City (GMT-06:00) Mexico City - Mexico Time (MT)
America/Guayaquil (GMT-05:00) Guayaquil - Ecuador Time (ECT)
America/Indiana/Indianapolis (GMT-05:00) Indianapolis
Indiana - Eastern Time (ET)
America/Bogota (GMT-05:00) Bogota - Colombia Time (COT)
America/Lima (GMT-05:00) Lima - Peru Time (PET)
America/Panama (GMT-05:00) Panama - Eastern Time (ET)
America/Montreal (GMT-05:00) Montreal - Eastern Time (Canada) (ET)
America/New_York (GMT-05:00) New York - Eastern Time (ET)
America/Puerto_Rico (GMT-04:00) Puerto Rico - Atlantic Time (AT)
America/Halifax (GMT-04:00) Canada Atlantic Time (AT)
America/Santiago (GMT-04:00) Santiago - Chile Time (CLT)
America/Caracas (GMT-04:00) Caracas - Venezuela Time (VET)
America/Godthab (GMT-03:00) Godthab - Western Greenland Time (WGT)
America/Argentina/Buenos_Aires (GMT-03:00) Buenos Aires - Argentine Time (ART)
America/Sao_Paulo (GMT-03:00) Sao Paulo - Brasilia Time (BRT)
America/St_Johns (GMT-03:30) St Johns - Newfoundland Time (NT)
America/Noronha (GMT-02:00) Noronha - Fernando de Noronha Time (FNT)
Atlantic/Azores (GMT-01:00) Azores - Azores Time (AZOT)
Atlantic/Cape_Verde (GMT-01:00) Cape Verde - Cape Verde Time (CVT)
Europe/Dublin (GMT+00:00) Dublin - Greenwich Mean Time (GMT)
Europe/London (GMT+00:00) London - Greenwich Mean Time (GMT)
Etc/UTC (GMT+00:00) Coordinated Universal Time (UTC)
Africa/Casablanca (GMT+00:00) Casablanca - Western European Time (WET)
Europe/Lisbon (GMT+00:00) Lisbon - Western European Time (WET)
Africa/Nouakchott (GMT+00:00) Nouakchott - Greenwich Mean Time (GMT)
Atlantic/Reykjavik (GMT+00:00) Reykjavik - Greenwich Mean Time (GMT)
Europe/Prague (GMT+01:00) Prague - Central European Time (CET)
Europe/Budapest (GMT+01:00) Budapest - Central European Time (CET)
Europe/Madrid (GMT+01:00) Madrid - Central European Time (CET)
Europe/Vienna (GMT+01:00) Vienna - Central European Time (CET)
Africa/Algiers (GMT+01:00) Algiers - Central European Time (CET)
Africa/Lagos (GMT+01:00) Lagos - Western African Time (WAT)
Europe/Belgrade (GMT+01:00) Belgrade - Central European Time (CET)
Europe/Oslo (GMT+01:00) Oslo - Central European Time (CET)
Europe/Rome (GMT+01:00) Rome - Central European Time (CET)
Africa/Tunis (GMT+01:00) Tunis - Central European Time (CET)
Europe/Stockholm (GMT+01:00) Stockholm - Central European Time (CET)
Europe/Copenhagen (GMT+01:00) Copenhagen - Central European Time (CET)
Europe/Tirane (GMT+01:00) Tirane - Central European Time (CET)
Europe/Zurich (GMT+01:00) Zurich - Central European Time (CET)
Europe/Paris (GMT+01:00) Paris - Central European Time (CET)
Europe/Berlin (GMT+01:00) Berlin - Central European Time (CET)
Europe/Warsaw (GMT+01:00) Warsaw - Central European Time (CET)
Europe/Amsterdam (GMT+01:00) Amsterdam - Central European Time (CET)
Europe/Brussels (GMT+01:00) Brussels - Central European Time (CET)
Europe/Luxembourg (GMT+01:00) Luxembourg - Central European Time (CET)
Europe/Bucharest (GMT+02:00) Bucharest - Eastern European Time (EET)
Asia/Nicosia (GMT+02:00) Nicosia - Eastern European Time (EET)
Europe/Kiev (GMT+02:00) Kiev - Eastern European Time (EET)
Europe/Sofia (GMT+02:00) Sofia - Eastern European Time (EET)
Europe/Riga (GMT+02:00) Riga - Eastern European Time (EET)
Africa/Johannesburg (GMT+02:00) Johannesburg - South Africa Time (SAT)
Europe/Athens (GMT+02:00) Athens - Eastern European Time (EET)
Africa/Tripoli (GMT+02:00) Tripoli - Eastern European Time (EET)
Africa/Cairo (GMT+02:00) Cairo - Egypt Time (ET)
Asia/Beirut (GMT+02:00) Beirut - Eastern European Time (EET)
Europe/Tallinn (GMT+02:00) Tallinn - Eastern European Time (EET)
Europe/Vilnius (GMT+02:00) Vilnius - Eastern European Time (EET)
Europe/Helsinki (GMT+02:00) Helsinki - Eastern European Time (EET)
Asia/Amman (GMT+02:00) Amman - Eastern European Time (EET)
Asia/Damascus (GMT+02:00) Damascus - Eastern European Time (EET)
Africa/Harare (GMT+02:00) Harare - Central African Time (CAT)
Asia/Jerusalem (GMT+02:00) Jerusalem - Israel Time (IT)
Europe/Istanbul (GMT+02:00) Istanbul - Eastern European Time (EET)
Africa/Khartoum (GMT+03:00) Khartoum - Eastern African Time (EAT)
Asia/Aden (GMT+03:00) Aden - Arabia Time (AT)
Africa/Mogadishu (GMT+03:00) Mogadishu - Eastern African Time (EAT)
Asia/Baghdad (GMT+03:00) Baghdad - Arabia Time (AT)
Asia/Bahrain (GMT+03:00) Bahrain - Arabia Time (AT)
Africa/Djibouti (GMT+03:00) Djibouti - Eastern African Time (EAT)
Africa/Nairobi (GMT+03:00) Nairobi - Eastern African Time (EAT)
Europe/Moscow (GMT+03:00) Moscow - Moscow Time (MSK)
Asia/Qatar (GMT+03:00) Qatar - Arabia Time (AT)
Asia/Kuwait (GMT+03:00) Kuwait - Arabia Time (AT)
Asia/Riyadh (GMT+03:00) Riyadh - Arabia Time (AT)
Asia/Tehran (GMT+03:30) Tehran - Iran Time (IRT)
Asia/Dubai (GMT+04:00) Dubai - Gulf Time (GT)
Asia/Baku (GMT+04:00) Baku - Azerbaijan Time (AZT)
Asia/Muscat (GMT+04:00) Muscat - Gulf Time (GT)
Asia/Kabul (GMT+04:30) Kabul - Afghanistan Time (AFT)
Asia/Yekaterinburg (GMT+05:00) Yekaterinburg - Yekaterinburg Time (YEKT)
Asia/Karachi (GMT+05:00) Karachi - Pakistan Time (PKT)
Asia/Tashkent (GMT+05:00) Tashkent - Uzbekistan Time (UZT)
Asia/Kolkata (GMT+05:30) Kolkata - India Time (IT)
Asia/Colombo (GMT+05:30) Colombo - Sri Lanka Time (LKT)
Asia/Katmandu (GMT+05:45) Katmandu - Nepal Time (NPT)
Asia/Dhaka (GMT+06:00) Dhaka - Bangladesh Time (BDT)
Asia/Almaty (GMT+06:00) Almaty - Alma-Ata Time (ALMT)
Asia/Novosibirsk (GMT+06:00) Novosibirsk - Novosibirsk Time (NOVT)
Asia/Rangoon (GMT+06:30) Rangoon - Myanmar Time (MMT)
Asia/Krasnoyarsk (GMT+07:00) Krasnoyarsk - Krasnoyarsk Time (KRAT)
Asia/Ho_Chi_Minh (GMT+07:00) Ho Chi Minh - Indochina Time (ICT)
Asia/Jakarta (GMT+07:00) Jakarta - West Indonesia Time (WIT)
Asia/Bangkok (GMT+07:00) Bangkok - Indochina Time (ICT)
Asia/Kuala_Lumpur (GMT+08:00) Kuala Lumpur - Malaysia Time (MYT)
Asia/Shanghai (GMT+08:00) Shanghai - China Time (CT)
Asia/Taipei (GMT+08:00) Taipei - China Time (CT)
Asia/Irkutsk (GMT+08:00) Irkutsk - Irkutsk Time (IRKT)
Asia/Singapore (GMT+08:00) Singapore - Singapore Time (SGT)
Asia/Hong_Kong (GMT+08:00) Hong Kong - Hong Kong Time (HKT)
Asia/Manila (GMT+08:00) Manila - Philippines Time (PHT)
Australia/Perth (GMT+08:00) Perth - Western Time (Australia) (WT)
Asia/Yakutsk (GMT+09:00) Yakutsk - Yakutsk Time (YAKT)
Asia/Tokyo (GMT+09:00) Tokyo - Japan Time (JT)
Asia/Seoul (GMT+09:00) Seoul - Korea Time (KT)
Australia/Adelaide (GMT+09:30) Adelaide - Central Time (South Australia) (CT)
Australia/Darwin (GMT+09:30) Darwin - Central Time (Northern Territory) (CT)
Asia/Vladivostok (GMT+10:00) Vladivostok - Vladivostok Time (VLAT)
Pacific/Guam (GMT+10:00) Guam - Chamorro Time (ChT)
Australia/Hobart (GMT+10:00) Hobart - Eastern Time (Tasmania) (ET)
Australia/Sydney (GMT+10:00) Sydney - Eastern Time (New South Wales) (ET)
Australia/Brisbane (GMT+10:00) Brisbane - Eastern Time (Queensland) (ET)
Asia/Magadan (GMT+11:00) Magadan - Magadan Time (MAGT)
Pacific/Auckland (GMT+12:00) Auckland - New Zealand Time (NZT)
Pacific/Fiji (GMT+12:00) Fiji - Fiji Time (FJT)
Asia/Kamchatka (GMT+12:00) Kamchatka - Petropavlovsk-Kamchatski Time (PETT)
Etc/GMT-12 (GMT+12:00) Dateline Standard Time (UTC+12:00)
Pacific/Tongatapu (GMT+13:00) Tongatapu - Tonga Time (TOT)