List of Figures
- 1-1 Oracle Access Management Overview
- 1-2 Access Manager Components and Services
- 1-3 Access Manager Component Distribution
- 2-1 Oracle Access Management Administrator Launch Pad
- 2-2 SSO Agent Search Page
- 3-1 Oracle Access Management Configuration Options
- 3-2 Available Services
- 3-3 Common Settings Page (Collapsed View)
- 3-4 Certificate Revocation List Dialog Box
- 3-5 OCSP/CDP Settings
- 5-1 Creating User Identity Store Registration
- 5-2 System Store Registration
- 5-3 Identity Directory Service Console Page
- 5-4 Create IDS Profile Page
- 5-5 Create IDS Repository Page
- 5-6 Add System Administrator Roles
- 6-1 OAM Server Registration Page with Proxy Tab Displayed
- 8-1 Audit to Database Architecture
- 8-2 Common Settings: Auditing Configuration
- 9-1 Log-Level Activation in the Default Log Configuration File
- 11-1 Server Processes Overview Page
- 11-2 OAM Server Metrics: Session Operations Monitoring Page
- 11-3 OAM Server Metrics: Server Operations Tab
- 11-4 OAM Server Metrics: WebGates Tab
- 11-5 OAM Metrics Table
- 12-1 Fusion Middleware Control (AS-Control) Deployment Architecture
- 12-2 OAM Farm Page in Fusion Middleware Control
- 12-3 Farm Navigation Tree in Fusion Middleware Control
- 12-4 Node Information Page in Fusion Middleware Control
- 12-5 Application Deployment Summary for the Selected Internal Application
- 12-6 Application Deployment Menu
- 12-7 WebLogic Server Domain Summary with Context Menu Exposed
- 12-8 Cluster Page
- 12-9 Key Metrics for Server Page
- 12-10 Aggregated Access Manager Component Metrics for the Cluster
- 12-11 Access Manager Component Metrics for a Single OAM Server Instance
- 12-12 Performance Summary Command
- 12-13 Performance Summary Page with Metric Palette
- 12-14 Access Manager Log Levels on the Log Configuration Tab
- 12-15 Log Levels for Security Token Service
- 12-16 Log Files Configuration Page
- 12-17 Typical Log Messages Page in Fusion Middleware Control
- 12-18 System MBean Browser and Attributes Tab
- 13-1 Access Manager Settings: Load Balancer
- 13-2 Access Manager Settings: Server Error Mode
- 13-3 Access Manager Settings: WebGate Traffic Load Balancer
- 13-4 Common Policy Evaluation Caches
- 15-1 Create OAM WebGate Page
- 15-2 Load Balanced Deployment
- 15-3 Expanded OAM WebGate Page with Defaults
- 15-4 WebGate Search Controls and Create Button
- 15-5 Key Generation
- 16-1 Global Session Details: Common Settings Page
- 16-2 Common Configuration: Session Management Page
- 17-1 Multi-Data Center System Architecture
- 17-2 Active-Active Deployment Mode
- 17-3 Active-Active Mode Failover
- 17-4 Multi-Data Center Deployment
- 17-5 Requests Served By Different Data Centers
- 17-6 Logout and Session Invalidation
- 17-7 Stretch Cluster Deployment
- 17-8 Traditional MDC Deployment
- 17-9 Active-Active Topology
- 17-10 Active-Active Topology Across Multiple Data Centers
- 17-11 Load Balancing Access Manager Components
- 17-12 Global Load Balancer Front Ends Local Load Balancer
- 19-1 Replication Flow
- 19-2 Starting Sequence Illustrated
- 19-3 Applying Custom Transformation Rules
- 21-1 Access Manager 12c Policy Model
- 21-2 Access Manager Shared Policy Components
- 21-3 Anatomy of Access Manager Policies
- 22-1 Default HTTP Resource Type Definition
- 22-2 Default Resource Type wl_authen
- 22-3 Default Resource Type TokenServiceRP Resource Type
- 22-4 Create Host Identifier Page
- 22-5 Native Kerberos Authentication Module
- 22-6 Native LDAP Authentication Module
- 22-7 Native X.509 Authentication Module
- 22-8 Access Manager Plug-ins for Customized Authentication Modules
- 22-9 Creating Custom Authentication Modules: General
- 22-10 Adding a Step and Associating a Plug-in
- 22-11 Plug-in Based Authentication Module Steps and Details
- 22-12 Steps Orchestration for Plug-in Based Authentication Modules
- 22-13 KerberosPlugin
- 22-14 Default KerberosPlugin Steps and Details
- 22-15 Default KerberosPlugin Steps and Orchestration
- 22-16 LDAPPlugin
- 22-17 Default LDAPPlugin Steps and Details
- 22-18 Default Orchestration of Steps for LDAPplugin
- 22-19 X509Plugin
- 22-20 X509Plugin Default Steps and Details
- 22-21 Default Orchestration for X509Plugin Steps
- 22-22 Password Policy Validation Module Plug-ins
- 22-23 Steps Orchestration: Password Policy Validation Plug-ins
- 22-24 Sample Authentication Scheme Page
- 22-25 Plug-ins Page
- 22-26 Plugin Details: Activation Status of Selected Plug-in
- 22-27 Default LDAPScheme Page
- 23-1 SSO Log-in with Embedded Credential Collector and OAM Agents
- 23-2 Example: Separate Resource WebGate and DCC WebGate Deployment
- 23-3 Combined DCC and WebGate Configuration
- 23-4 OAP Tunneling with DCC
- 23-5 Enable SSL
- 23-6 Keystore Configuration
- 23-7 Add Private Key Alias
- 23-8 SSL Advanced Options
- 23-9 New X509 Scheme
- 24-1 Password Policy Configuration Page
- 24-2 Password Policy Validation Authentication Module with Orchestrated Plug-ins
- 24-3 Step Orchestration for Password Policy Validation Module
- 24-4 Server Error Mode for Password Management
- 25-1 Application Domains Search Page
- 25-2 Example Application Domain Summary Page
- 25-3 Search Results for Resources in an Application Domain
- 25-4 Authentication Policies Tab
- 25-5 Authentication Policy Page: Resources and Responses
- 25-6 Authorization Policies Page
- 25-7 Individual Authorization Policy Page
- 25-8 Individual Authorization Policy Resources tab
- 25-9 Token Issuance Policies Page
- 25-10 Create Resource Page in the Application Domain
- 25-11 HTTP Resources, Query String Resource URL Controls
- 25-12 Resource Search within an Application Domain
- 25-13 Sample Authentication Policies Page in the Application Domain
- 25-14 Sample Individual Authentication Policy Page
- 25-15 Sample Individual Authorization Policy Page
- 25-16 Individual Authorization Policy Conditions Tab
- 25-17 Add Condition Window
- 25-18 Condition Containers on the Authorization Policy Page
- 25-19 Add Identities Window
- 25-20 Identity Condition and Details
- 25-21 Add Search Filter Controls
- 25-22 Identity Conditions: Details
- 25-23 IP4 Range Conditions
- 25-24 Temporal Condition Type Details Page
- 25-25 Attribute Conditions Page
- 25-26 Add Attribute Condition Dialog
- 25-27 Authorization Policy Rules Tab: Simple Mode
- 25-28 Rules Tab: Expression Rule Mode
- 25-29 Adding a Resource Prefix for Policy Ordering
- 25-30 Authorization Policy Response in the Console
- 25-31 Simple Response Samples
- 25-32 Complex Response Sample
- 26-1 OAM Agent (PEP) and OAM Server (PDP) Inter-operability
- 26-2 User Interactions with the Access Tester
- 26-3 Access Tester Console
- 26-4 Server Connection Panel in the Access Tester
- 26-5 Protected Resource URI Panel in the Access Tester
- 26-6 Access Tester User Identity Panel
- 26-7 Test Case Workflow
- 29-1 Mydomain example
- 29-2 Example Domain
- 29-3 Example Domain Schema
- 29-4 MyDomain Schema
- 29-5 Example Domain Rule
- 29-6 MyDomain Rule
- 30-1 Available Services Page
- 31-1 New Identity Provider Page, Service Details Loaded from Metadata
- 31-2 New Identity Provider Page, Service Details entered Manually
- 31-3 Searching for Identity Providers
- 31-4 Attribute Sharing Plug-in Design
- 32-1 Identity Federation Service Settings Page
- 32-2 Keystore Settings
- 33-1 FederationScheme
- 33-2 FederationPlugin Steps
- 33-3 FederationPlugin Orchestration
- 33-4 Setting Up the Authentication Policy with FederationScheme
- 33-5 OIFScheme
- 33-6 OIFMTLDAPPlugin
- 33-7 Authorization Policy Response Tab
- 33-8 Adding a Federation Response Attribute to an AuthZ Policy
- 35-1 Second Factor Authentication Preferred Method Page
- 35-2 One Time Password Login Page
- 35-3 Access Request Notification Preferred Method Page
- 35-4 Access Request Notification Wait Screen
- 36-1 OAA Error Handling Plugin Screen
- 38-1 OAuth 3-Legged Flow Diagram
- 39-1 Diagram Showing the Flow for Getting Registration Token
- 39-2 Diagram Showing the Flow for Client Registration
- 39-3 Use case flow for SSO Session Linking for OAuth Tokens
- 42-1 Sample Authentication Scheme Page
- 42-2 Sample Authentication Scheme Page
- 42-3 Sample Authentication Scheme Page
- 43-1 End to End Identity Context Process
- 43-2 End To End Identity Context Process Components
- 43-3 Identity Context Process Flow
- 51-1 Setting up a Trusted User Account for Windows Impersonation
- 51-2 Configuring Rights for the Trusted User in Windows Impersonation
- 51-3 Verifying Event Viewer Settings
- 51-4 Impersonation Authentication
- 52-1 Setting up a Trusted User Account for Windows Impersonation
- 52-2 Configuring Rights for the Trusted User in Windows Impersonation
- 52-3 Verifying Event Viewer Settings
- 52-4 Impersonation Authentication
- 54-1 PCA Login page
- 54-2 Select Federation Screen
- 54-3 Create IDP
- 54-4 Provide IDP Details
- 54-5 IDP Added
- 54-6 Export PCA SP Metadata
- 54-7 Add SP Details
- 54-8 OAM IDP Screen
- 54-9 Enter SSO Details
- 54-10 PCA Login Screen
- B-1 Communication Channels for OAM Servers and WebGates
- B-2 mod_wl_proxy as Load Balancer