Skip to main content

Posts

Oracle Access Manager 12C- New Key Feature and Differences

REST API - REST API’s are introduced in 12c for Federation Management, Multi Data Center, OAuth,, Password Management, Multifactor authentication OTP, Password Policy and Session Management. Enhanced SSL - OAM 12c supports  TLS1.2  to provide communications security over the internet. All the simple mode certificates that are generated out-of-the-box for WebGate SSL communication are upgraded to  SHA2 . Authentication Protocol -  Provides support for OAuth in a Multi Data Center environment. MDC Deployment Simplification - Process of setting up and administering OAM Multi-data Center Topologies is simplified without using T2P tooling. New REST based APIs introduced for administrative and diagnostic purposes significantly reduce the number of configuration steps performed in the MDC environment. Session Management -  OAM 12c supports database-backed server-side session management to synchronize the session state across multiple nodes of an OAM 12c server clust
Recent posts

Home Organization Policy- OIM PS3

When an end user submits a request for self-registration, the home organization of the user gets determined by the home organization policy. The organization name (as determined by the home organization policy) is filled in the request submitted. The approver can override the home organization of the user while approving the request. If a pre-process custom handler is defined to determine the home organization during self-registration, then home organization policy will not be evaluated. If workflow pol-icy is defined, then it takes precedence over the Home Organization Policy. In Home Organization Policy, you can define rules based on user attributes. The return value of the rule is the organization name. Rules are evaluated, in the order in which they appear on the Home Organization Policy page, starting from first rule to the last rule. Rules can be re-ordered from Home Organization Policy page. Evaluation of rules is stopped on first rule match and the organization name is re

Self Service Capability- OIM PS3

This is a New feature in OIM PS3 which lets you control the user self service capability based on the user attribute,role, Organization. You can restrict a user’s self-service capabilities in Oracle Identity Manager by defining policies and rules, based on user attributes. You can also set user attributes as denied attributes to the user who satisfies the rule. For this practice, if the user is a Contractor, the Telephone Number and Email fields are denied attributes for this user. As a result, the user cannot modify the values in these fields. Below are all the capabilities which can be provided/denied to the user: To create these rules login to Admin console and click on Self Service Capabilities. Here if we want to give all the capabilities then create a if condition which is always true (like 1==1) and add all the capabilities. But if we want to give capabilities on condition then add this condition in If and add capabilities in Else section. User attributes can

What is CASB - Oracle CASB Cloud Service

What is CASB: Cloud Access Security Brokers is a term coined by Gartner to describe cloud solutions centered around these four main pillars: visibility, compliance, data security, and threat protection. As per Gartner  Cloud access security brokers (CASBs)  are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.   To Summarize CASB is a service which is used to secure and monitor Cloud and On-Prem applications and to respond with remediation in case of Threats or suspicious events are detected. Key is the analysis of events generated in the

Changing Logo in OIM PS3

Copy the Custom Logo in  $MW_HOME/Oracle_IDM1/server/apps/ oim.ear/iam-consoles-faces.war/images directory. Login to Identity console. Click on Sandbox to create a new Sandbox. Activate the Sandbox. Click on Customize and then Click Structure on top left. Click on the Oracle logo to Edit. Select commandImageLink and click on Properties. Update the ICON option with the logo path :  /../oim/images/ custom_logo.png New logo will reflect immediately. Verify and Publish the Sandbox.

OAM 11g PS3 SSO with Peoplesoft HCM 9.2 (Peopletools 8.55)

Setting up the Environment: It is assumed that Peoplesoft Pre-built VM is used and configured. Peoplesoft is up and running. OAM 11gR2 PS3 is up and running. OHS is protected by OAM webgate and can be reverse proxied to Peoplesoft. To setup the Application designer navigate to the '/opt/oracle/psft/pt/tools_client/' location in the VM. Download the folder on local machine where Application Designer needs to be installed. Install the oracle client and put tnsnames.ora <client_home>\product\12.1.0\client_1\network\admin location. Navigate to the folder and run 'setupPTClient.bat  -t -l' to install the application designer. Navigate to 'C:\PT8.55.06_Client_ORA\bin\client\winx86' and run pside.exe to start the application designer. DB name in this case is 'PSHCMDB and userid/pwd is PS/PS. Configuration on PeopleSoft: Login to the Peoplesoft console http://<host_name>:8000/psp/ps/?cmd=start using credentials PS/PS. Click on

OAM as IDP and SP (2 OAM PS3)

Oracle Access Manager can act as Identity Provider or Service Provider based on requirement.I configured a use case where one OAM is acting as IDP and another one acting as SP. High level steps  are as below:  Download the IDP OAM metadata by accessing the below URL: http://<IDP-OAM>:14100/oamfed/sp/metadata Note that metadata consists both IDP and SP in one file. While importing IDP metadata remove SP metadata from the file. Login to the SP OAM console and  click on federation. Click on Service Provider Management. Import the Idp metadata. Click ‘Create Authentication Scheme and Module’ to create the scheme and module. Now Login to Idp VM and import the Service provide metadata. Remember to modify the metadata to contain only Service Provider metadata. Provide the NameID Value as mail. Access any application protected by SP OAM and it will redirect to the IDP -OAM.