Skip to main content

OAM as IDP and SP (2 OAM PS3)

Oracle Access Manager can act as Identity Provider or Service Provider based on requirement.I configured a use case where one OAM is acting as IDP and another one acting as SP. High level steps  are as below: 

 Download the IDP OAM metadata by accessing the below URL:
http://<IDP-OAM>:14100/oamfed/sp/metadata

Note that metadata consists both IDP and SP in one file. While importing IDP metadata remove SP metadata from the file.

Login to the SP OAM console and click on federation. Click on Service Provider Management.
Import the Idp metadata.
Click ‘Create Authentication Scheme and Module’ to create the scheme and module.



Now Login to Idp VM and import the Service provide metadata.
Remember to modify the metadata to contain only Service Provider metadata.

Provide the NameID Value as mail.



Access any application protected by SP OAM and it will redirect to the IDP -OAM.






Comments

  1. Ravi Ranjan Kumar23 April 2019 at 14:10

    Thanks for sharing the valuable post.
    I have a requirement where I have to make my OAM as both(IDP and SP) at a time
    ERP(SP)<==>OAM(IDP)==OAM(SP)<==>MS Azure(IDP)

    How to configure this? could you help please.

    If possible please provide the solution in my email "ravcusat23@gmail.com"
    Thanks,
    Ravi Ranjan

    ReplyDelete

Post a Comment

Popular posts from this blog

Developing Prepopulate Adapter with OIM 11g R2

1.      Prepopulate Adapter in OIM uses the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. 2.      Write the Java code which returns the value which has to be populated on the form. 3.      This code will implement the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. Code Snippet: - package com.oracle.oim.utility.eventhandler; import java.io.Serializable; import java.util.Iterator; import java.util.List; import java.util.logging.Logger; import oracle.iam.identity.exception.NoSuchUserException; import oracle.iam.identity.exception.UserLookupException; import oracle.iam.identity.usermgmt.api.UserManager; import oracle.iam.identity.usermgmt.vo.User; import oracle.iam.platform.Platform; import oracle.iam.platform.authz.exception.AccessDeniedException; import oracle.iam.request.exception.RequestServiceException; import oracle.iam.request.vo.Beneficiary; import oracle.iam.request.vo.RequestData; public c
5 comments
Read more

OIM Tuning

Application Module tuning is a critical setting which will affect the UI performance. Following are the recommended application module settings for OIM and these are already set out-of-box (OOB) in later releases of OIM 11g R2. Ensure that these settings are implemented as recommended in your environment. -Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -Djbo.recyclethreshold=60 - Djbo.ampool.timetolive=-1 -Djbo.load.components.lazily=true - Djbo.doconnectionpooling=true -Djbo.txn.disconnect_level=1 - Djbo.connectfailover=false -Djbo.max.cursors=5 - Doracle.jdbc.implicitStatementCacheSize=5 - Doracle.jdbc.maxCachedBufferSize=19 open DOMAIN_HOME/bin/setDomainEnv.sh file for the WebLogic Server instance.find these lines: JAVA_OPTIONS="${JAVA_OPTIONS}" export JAVA_OPTIONS and change it to: JAVA_OPTIONS="-Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -D
Post a Comment
Read more

What is Application Instance

Application instance is a provisionable entity. It is a combination of IT resource instance (target connectivity and connector configuration) and resource object (provisioning mechanism) . Creating and managing application instances are performed by using the Oracle Identity System Administration. Once Created Application Instance can be requested from the catalog. Application instances can be connected or disconnected.  Connected application  instance -It has a connector defined for the provisioning of entities. Account is created in the target system real time in case of connected Application Instance. Disconnected  application instance - It is used for the provisioning of a disconnected resource, for which  a connector is not defined, and therefore, the provisioning is performed manually by the administrator. A mail trigger system can also be attached which sends the account creation/modification/deletion mails to the application owner.
Post a Comment
Read more