List of Tables
- 1-1 Access Manager Deployment Types
- 1-2 Oracle Access Management Post-Installation Tasks
- 2-1 Language Codes For Login Pages
- 2-2 Oracle Access Management Language Selection Methods
- 2-3 OAM_LANG_PREF Cookie
- 2-4 Application Integration for Language Preference
- 3-1 Configuration Options
- 3-2 Common Services
- 3-3 Common Settings
- 3-4 OCSP Responder Configuration Options
- 4-1 Roles for Delegating Administration
- 5-1 Data Sources for Oracle Access Management
- 5-2 Data Sources for Oracle Access Management Services
- 5-3 Components That Use Identity Stores
- 5-4 User Identity Store Elements
- 5-5 Access Manager Keys and Storage
- 5-6 Keystores for Access Manager and Security Token Service
- 6-1 Conditions Requiring Server Restart
- 6-2 OAM Server Instance Settings
- 6-3 OAM Proxy Settings for an Individual OAM Server
- 7-1 Logging Files
- 7-2 Logging Defaults
- 7-3 Oracle Access Management Server-Side Component Loggers
- 7-4 Oracle Access Management Shared-Service Engine Component Loggers
- 7-5 Oracle Access Management Foundation API Component Loggers
- 7-6 Mapping of ODL to Java Levels
- 7-7 Oracle Identity Federation Loggers
- 8-1 Oracle Business Intelligence Enterprise Edition Reports for OAM
- 8-2 Access Manager Administrative Audit Events
- 8-3 Access Manager Run-time Audit Events
- 8-4 Categories of Audit Events for Identity Federation
- 8-5 Identity Federation Session Management Events
- 8-6 Protocol Flow Events for Identity Federation
- 8-7 Server Configuration Identity Federation
- 8-8 Security Events for Identity Federation
- 8-9 Audit Configuration Elements
- 9-1 Logging Levels
- 9-2 Log Configuration File Names for Components
- 9-3 Log Writers
- 9-4 Global Parameters in the First Compound List
- 9-5 Factors that Determine Whether Logging Is Active
- 9-6 Mandatory Log Configuration File Parameters
- 9-7 Log Data File Configuration Parameters
- 9-8 ParamName Values You Can Configure for Per-Module Logging Threshold
- 10-1 Accounts_Locked_Out Report Fields
- 10-2 AuthenticationFromIPByUser Report Fields
- 10-3 AuthenticationPerIP Report Fields
- 10-4 Authentication_statistics Report Fields
- 10-5 AuthenticationStatisticsPerServer Report Fields
- 10-6 All Errors and Exceptions Report Fields
- 10-7 Authentication Failures Report Fields
- 10-8 Authentication History Report Fields
- 10-9 Authorization History Report Fields
- 10-10 Multiple Logins From Same IP Report Fields
- 11-1 OAM Proxy Metrics
- 11-2 OAM Proxy Tuning Parameters
- 11-3 Health Check REST API Parameters
- 12-1 Farm Page Sections
- 12-2 Resulting Pages for Selected Nodes and Targets
- 12-3 Summary of Performance Overviews in Fusion Middleware Control
- 12-4 Access Manager Component Metrics
- 12-5 Status and Controls on Performance Summary Pages
- 12-6 OAM Log Availability and Functions in Fusion Middleware Control
- 12-7 Log Levels Tab on Log Configuration Page
- 12-8 Log Files Elements
- 12-9 OAM Log Message Search Controls in Fusion Middleware Control
- 12-10 System MBean Browser
- 12-11 MBeans that Access Manager and Security Token Service Deploy
- 12-12 System MBean Browser
- 13-1 Access Manager Settings: Load Balancer
- 13-2 Server Error Mode
- 13-3 Error Trigger Condition, Modes, and Message Codes
- 13-4 External Error Codes, Trigger Conditions, and Recommended Messages
- 13-5 Access Manager Settings: WebGate Traffic Load Balancer
- 13-6 Access Manager Settings: SSO
- 13-7 Summary: Simple and Cert Mode
- 13-8 Server Common OAM Proxy Secure Communication Settings
- 13-9 Policy Evaluation Caches
- 13-10 Polciy Cache Parameters
- 14-1 Agent Types
- 14-2 Agent Registration and SSO Support
- 14-3 Run Time Processing Overview for Access Manager
- 14-4 Keys and Policies Generated During Agent Registration
- 14-5 Artifacts Associated with Agent Registration
- 14-6 Copying Generated Artifacts
- 14-7 Remote Registration Methods
- 14-8 Agent Registration and Configuration Update Artifacts
- 15-1 Elements on Create Pages for OAM Agents
- 15-2 User-Defined WebGate Parameters
- 15-3 Elements on Expanded OAM WebGate/Access Client Registration Pages
- 15-4 Agent Search Controls
- 15-5 Environment Variables to Set within oamreg
- 15-6 Remote Registration Command Arguments: mode
- 15-7 Remote Registration Command Samples
- 15-8 Common Elements in Remote Registration Requests
- 15-9 Remote Registration Request Templates for OAM Agents
- 15-10 Elements in Extended OAM Agent Remote Registration Requests
- 15-11 Variables Required for Remote Registration
- 15-12 Files Returned by in-band Administrator to out-of-band Administrator
- 15-13 Remote Agent Update Modes and Input Files
- 15-14 Delta: OAM Agent Update versus Registration Request
- 16-1 Features Supported when the Database is Unavailable
- 16-2 Features Not Supported when the Database is Unavailable
- 16-3 Session Lifecycle States
- 16-4 Session Checks for State Changes
- 16-5 Session Removal
- 16-6 Application Domain-Specific Overrides
- 16-7 Session Content: Single Authentication Scheme
- 16-8 Session Outcomes: Multiple Authentication Schemes
- 16-9 Global Session Settings
- 16-10 Default Polling Interval
- 16-11 Application-Specific Session Timing Overrides
- 16-12 Session Management Controls and the Results Table
- 17-1 Multi-Data Center Policy Configurations for Idle Timeout
- 17-2 Session Synchronization and Failover Scenarios
- 18-1 MDC Use Cases
- 19-1 Replication States
- 19-2 Modifying Replication Agreement Properties
- 21-1 Summary: SSO Components
- 21-2 Introduction to SSO Implementations
- 21-3 Access Manager Global, Shared Policy Components
- 21-4 Access Manager Policy Components
- 21-5 Condition Types
- 21-6 SSO Cookies
- 22-1 Resource Type Definition
- 22-2 Host Identifiers Examples
- 22-3 Host Identifier Definitions
- 22-4 Comparing the DCC and ECC
- 22-5 Native Authentication Modules
- 22-6 Native Kerberos Authentication Module Definition
- 22-7 Native LDAP Authentication Modules Definition
- 22-8 X509 Authentication Module Definition
- 22-9 Simple Form versus Multi-Step Authentication
- 22-10 General tab
- 22-11 Add New Step Entries, Steps Results Table, and Details Section
- 22-12 Parameter Details for Various Plug-ins
- 22-13 Steps Orchestration Tab
- 22-14 X509 Step Details (KEY_CERTIFICATE_ATTRIBUTE_TO_EXTRACT)
- 22-15 Steps and Plug-ins in a Customized Step-up Authentication Module
- 22-16 UserIdentification Step
- 22-17 X509CredentialExtractor Step
- 22-18 X509 Step Orchestration for EKU
- 22-19 Custom Plug-ins Actions
- 22-20 Plugins Status Table
- 22-21 Example of Plugin Details Extracted from XML Metadata File
- 22-22 Authentication Scheme Definition
- 22-23 Pre-configured Authentication Schemes
- 22-24 Challenge Parameters in Pre-configured Schemes
- 22-25 User-Defined Challenge Parameters for Authentication Schemes
- 22-26 Advanced Rules Attributes
- 22-27 Sample Advanced Rules
- 22-28 Request Context Data
- 22-29 Location Context Data
- 22-30 Session Context Data
- 22-31 User Context Data
- 22-32 Challenge Parameters for 11g Encrypted Cookies
- 22-33 Resource Webgate Support of POST Data Preservation and Restoration
- 22-34 Parameters Required for Authentication POST Data Handling
- 22-35 ECC and DCC: Long URL Handling
- 22-36 Parameters Required for Long URL Handling
- 23-1 Login Processing with Access Manager-Protected Resources
- 23-2 DCC Deployment Support
- 24-1 Password Policy Configuration Parameters
- 24-2 Password Policy Elements
- 24-3 Specifying Credential Collectors and Related Forms for Authentication
- 24-4 Credential Collector Password Pages
- 24-5 Password Management Forms and Functions
- 24-6 Location of Oracle-provided LDIFs for LDAP Providers
- 24-7 Key Password Attributes in a Password Policy
- 24-8 User Password Step Details
- 24-9 Included LDIF Schema Files
- 25-1 Resource Definition Elements
- 25-2 HTTP Resources Sample URL Values
- 25-3 Supported Wildcards in Resource URL Patterns (Precedence Order)
- 25-4 Sample Resource URLs
- 25-5 Pattern Matching for Requested URLs
- 25-6 Query String Matching: Examples
- 25-7 Resource Evaluation Outcomes
- 25-8 Search Elements for a Resource in an Application Domain
- 25-9 Authentication Policy Elements and Descriptions
- 25-10 Authorization Policy Elements and Descriptions
- 25-11 Authorization Policy Condition Tab
- 25-12 Add Condition Window Elements
- 25-13 Add identities Elements
- 25-14 Add Search Filter Elements
- 25-15 LDAP Search Filter Examples for Access Manager
- 25-16 Temporal Condition Details
- 25-17 Access Conditions that Require Attribute-Type Conditions
- 25-18 Attribute Condition Elements
- 25-19 Attribute Names for Request Built-ins
- 25-20 Attribute Names for Session Built-ins
- 25-21 Attribute Condition Data (Aggregation of Conditions)
- 25-22 Authorization Policy Rules Elements
- 25-23 Rule Tab in Expression Mode
- 25-24 Operators for Expressions in Authorization Rules
- 25-25 Response Elements
- 25-26 Namespace Request Variables for Single Sign-On
- 25-27 Namespace Session Variables for Single Sign-On
- 25-28 Namespace User Variables
- 25-29 Simple Responses and Descriptions
- 25-30 Complex Responses
- 25-31 Remote Policy Management Modes, Templates, and Flags
- 25-32 Remote Management Template Elements
- -33 UserIdentification Step
- -34 UserAuthentication Step
- -35 Passwordless Step
- 26-1 User Interactions: Tester Console Mode versus Command Line Mode Operations
- 26-2 Access Tester Supported System Properties
- 26-3 Access Tester Console Panels
- 26-4 Command Buttons in Access Tester Panels
- 26-5 Additional Access Tester Buttons
- 26-6 Access Tester Menus
- 26-7 Connection Panel Information
- 26-8 Protected Resource URI Panel Fields and Controls
- 26-9 Access Tester User Identity Panel Fields and Controls
- 26-10 Access Tester Capture Request Options
- 26-11 Generate Script Command
- 26-12 Test Script Control Parameters
- 26-13 Run Test Script Commands
- 26-14 Mismatched Results Reasons in the Statistics Document
- 27-1 Centralized Logout Circumstances
- 27-2 Logout Details After Registration (ObAccessClient.xml)
- 30-1 Supported SAML 2.0 NameID Formats
- 30-2 SAML 2.0 URLs for Identity Federation Acting As Identity Provider
- 30-3 SAML 2.0 URLs for Identity Federation Acting as Service Provider
- 30-4 Supported SAML 1.1 NameID Formats
- 30-5 SAML 1.1 URLs for Identity Federation Acting As Identity Provider
- 30-6 SAML 1.1 URL for Identity Federation Acting as Service Provider
- 30-7 OpenID 2.0 URLs for Identity Federation Acting As Identity Provider
- 30-8 OpenID 2.0 URLs for Identity Federation Acting as Service Provider
- 30-9 Configuring Identity Federation Settings
- 30-10 Implementing Identity Federation
- 31-1 Default Partner Profiles
- 31-2 Identity Provider Partner Settings
- 31-3 Attributes for Google OpenID Partner
- 31-4 Attributes for Yahoo OpenID Partner
- 31-5 Elements Used for IdP Provider Search
- 31-6 Service Provider Partner Settings
- 31-7 Sample SP Attribute Mappings
- 31-8 Attribute Mapping Value Expressions
- 31-9 Attribute Value Filtering Condtions
- 31-10 Sample IdP Attribute Mappings
- 31-11 Default Federation Authentication Method and Access Manager Authentication Scheme Mappings
- 31-12 Configuration Parameters for Attribute Sharing Plug-in
- 31-13 Session Attributes Accessible To Attribute Sharing Plug-in
- 32-1 Federation Settings in the Console
- 32-2 General Federation Settings
- 32-3 Federation Proxy Settings
- 32-4 Keystore Settings for Federation
- 33-1 FederationScheme Element Definitions
- 33-2 FederationPlugin Steps
- 33-3 Orchestration of FederationPlugin
- 33-4 OIFScheme Definition
- 33-5 IFMTLDAPPlugin Steps
- 33-6 Policy Response Elements
- 33-7 Message Attribute Mapping
- 33-8 Office 365 Service Provider Attribute Values
- 35-1 Adaptive Authentication Plugin Properties
- 35-2 Server Side Configuration for Adaptive Authentication Service
- 36-1 Location URL Parameter Definitions
- 36-2 Offline Configuration URL Parameters
- 39-1 OAuth Identity Domain Details
- 39-2 Optional Parameters for Consent Management on MDC
- 39-3 Mandatory Property and Values for Creating the OAuth Client Template
- 39-4 Registration Token Sample Response
- 39-5 Registration Token Error Responses
- 39-6 Client Registration Error Responses
- 39-7 chaining_level Values and Behavior
- 39-8 Request Parameters
- 39-9 Response Parameters
- 40-1 Claims within the ID Token used by OpenIDConnect
- 40-2 Claims used by OpenIDConnect
- 40-3 Attributes and Values for Custom Claim Definition
- 40-4 Parameters used in the curl command for OpenIDConnect Authentication Flows
- 40-5 Authorization Code Grant Authentication flow: Parameters and Access tokens
- 40-6 Implicit Grant Authentication Flow: Parameters and Access tokens
- 40-7 Parameter Values for response_mode
- 40-8 scope values that are used to request Claims
- 40-9 Claims under each scope and the corresponding backend LDAP attribute.
- 40-10 Parameters to create new authentication module, UserInfoAuthModule
- 40-11 OIDC Standard Claims Mapping
- 40-12 Fetch public certificate of given Identity domain: Parameters
- 41-1 OpenIDConnectPlugin: Parameters for plugin configuration
- 41-2 UserIdentificationPlugin: Parameters to modify filters
- 42-1 OAuthUserSelfRegistrationPlugin Step
- 42-2 JIT Step Orchestration
- 42-3 OAuthUserSelfRegistrationPlugin Step for auto-provisioning
- 42-4 CredentialCollectorPlugin Step for Auto-Provisioning
- 42-5 JIT Step Orchestration
- 42-6 OAuthUserSelfRegistrationPlugin Step for auto-provisioning
- 42-7 JIT Step Orchestration
- 43-1 Identity Context Schema Attributes
- 43-2 Mapping Identity Context Operations
- 49-1 Access Manager Support for RSA Features
- 49-2 RSA Features Not Supported
- 50-1 Sample Naming
- 51-1 Component Requirements
- 51-2 Microsoft Requirements for this Integration
- 51-3 Create Web Application Options for Microsoft SharePoint Server
- 51-4 Create a Web Application to Host a Site Collection for SharePoint Server
- 52-1 Requirements for Impersonation with a Header Variable
- 53-1 Login Module Stacks for using Header Variables
- 53-2 Login Module Stacks for using Header Variables
- A-1 addOAMSSOProvider Command-line Arguments
- B-1 importcert Command Syntax
- B-2 Mandatory Configurations in WegGate User Defined Parameters Field
- B-3 WebGate User Defined Configuration Parameters
- B-4 PFS Cipher Suites
- B-5 Supported Cipher Suites
- E-1 Attacks and Mitigations
- G-1 oamMDC.properties Properties
- G-2 partnerInfo.properties Properties