This chapter provides a brief description of new features introduced with the latest release of Oracle Identity Federation, and points you to more information about each one. It contains these topics:
New Features in Oracle Identity Federation 11g Release 1 (11.1.1) Patch Set 3
New Features In Oracle Identity Federation 11g Release 1 (11.1.1)
Note:
The Oracle Identity Federation server is referred to as the federation server in this chapter.This document contains the following updates in 11g Release 1 (11.1.1.9):
One-to-one mapping of attribute names to assertion attributes. See Section 5.9.1.1.
Considerations for HA configuration in SSL mode. See Section 6.4.3.
Details and examples of post-processing plug-in configuration for Oracle Access Manager 11g. See Section 12.2.2, Section 12.5.3.3, and Section 12.5.3.4.
New command syntax for entering the WLST environment. See Section 9.1.2.
Revised command syntax for certain commands. See Section 6.20, Section 9.2.36.2, and Section 9.2.37.2.
This document describes the following updates in 11g Release 1 (11.1.1.7):
Requirement to run the upgrade script when operating in an upgraded 11.1.1.7.0 environment for integration with Oracle Access Manager 11g. See Section 5.16.2.
Support for the Backend Attribute Exchange (BAE) Direct Attribute Exchange profile. See Section 6.8.2.
Procedure for adding an external OpenID provider. See Section 5.4.5.
This document describes the following new features and updates in 11g Release 1 (11.1.1.6):
SHA-256 support for XML signatures
Use of the Relay State in IdP-initiated SSO
Support for Oracle Access Manager 11g authentication engine
Support for Oracle Access Manager 11g SP integration engine
Support for ACS URL for IdP-initiated SSO operations
Sending ACS URL with the Authentication Request in SAML 2.0
Implementation of OpenID UI Extension
The following additional changes appear in the document:
Section 11.3 contains updated instructions for packaging the business processing plug-in.
Section 6.24 explains how to configure Oracle Identity Federation to integrate with OpenID partners.
Section 4.2.5 explains how Oracle Identity Federation determines the relay state for IdP-initiated single sign-on.
Figure 2-11 has been corrected to show a Web proxy in front of the Oracle Identity Federation server.
Various documentation errata have been corrected.
This document has been updated to correct a number of documentation errata.
11g Release 1 (11.1.1) Patch Set 3 provides these features:
Separate keystore and encryption key passwords
Global logout enhancements
Configuring Oracle Identity Federation/SP to authenticate itself to Oracle Access Manager.
Support for the OpenID protocol
New HTTP header authentication engine
Certification with Oracle Access Manager 11g
Import and export of a provider's settings through WLST
Restrictions on assertion validity
The ability to override NameID mapping per partner
Support for SAML 1.x Source ID
Custom pre- and post-processing actions
Support for the eAuth specifications
Support for HTTP header collector
The following documentation changes appear in this release:
The customization features are collected under a separate part, Part III, "Oracle Universal Federation Framework".
The pdf version of the document is split into two volumes.
WebLogic Server Integration: Oracle Identity Federation is now a Java component managed by the Oracle WebLogic Server.
Fusion Middleware Control: You can manage Oracle Identity Federation by using a graphical user interface called Oracle Enterprise Manager Fusion Middleware Control
Integration with Common Auditing Infrastructure: Oracle Identity Federation is now integrated with the Oracle Fusion Middleware audit framework. You can configure auditing from the command line or by using Fusion Middleware Control.
See Also:
Section 7.4, "Auditing"
Support for Oracle Single Sign-On and Oracle Access Manager 10g (10.1.4.2.0) or later: Oracle Fusion Middleware 11g Release 1 (11.1.1) does not include Oracle Single Sign-On or Oracle Access Manager. Oracle Identity Federation 11g Release 1 (11.1.1), however, is compatible with Oracle Single Sign-On and Oracle Access Manager 10g (10.1.4.2.0) or later.