You are previewing Oracle Identity and Access Manager 11g for Administrators.
O'Reilly logo
Oracle Identity and Access Manager 11g for Administrators

Book Description


Administer Oracle Identity Management: installation, configuration, and day-to-day tasks with this Oracle Identity and Access Manager 11g book and eBook

  • Full of illustrations, diagrams, and tips with clear step-by-step instructions and real time examples

  • Understand how to Integrate OIM/OAM with E-Business Suite, Webcenter, Oracle Internet Directory and Active Directory

  • Learn various techniques for implementing and managing OIM/OAM with illustrative screenshots

  • Configure Authentication/Authorization schemes, resources, host identifiers, and application domain in Oracle Access Manager

In Detail

Oracle Identity Management is intended to help organizations quickly and reliably manage information about users on multiple systems and applications. Regulatory Compliance and the desire to expose business applications over the Internet have made Identity and Access management skills particularly desirable in recent times. Oracle Access Manager is a recommended Single Sign-On solution for Fusion Middleware including WebCenter, SOA Suite, Portal, and E-Business Suite; more and more companies are implementing Oracle Access Manager. This book will guide you through the important administrative aspects of Identity Mangement.

Oracle Identity and Access Manager 11g for Administrators covers the complete day-to-day task of installing, configuring, and managing Oracle Access Manager and Oracle Identity Manager. This book covers everything an administrator needs during and after an Oracle Identity and Access Management implementation.

This book covers all aspects of the Oracle Identity and Access Management life cycle from administrator's point of view.

This book starts with an introduction into Oracle’s Identity and Access Management products touching all the products which are part of the Oracle Identity Management Suite. It then covers installation and the configuration of multiple OAM/OIM servers in clusters for resilience and high availability deployment for production deployments, creating Identity and Access Management Schemas, and configuring Identity Manager and Access Manager in detail. The book then dives into the important topic that is Oracle Identity Manager navigation, and covers integrating Oracle Identity Manager with Oracle Internet Directory and Microsoft Active Directory using OIM Connectors. Finally the book covers the important key topic for monitoring that is Logging and Auditing in OIM/OAM and configuring a dedicated database for Auditing.

A focused step-by-step handbook for Identity Management administrators.


Table of Contents

  1. Oracle Identity and Access Manager 11g for Administrators
    1. Oracle Identity and Access Manager 11g for Administrators
    2. Credits
    3. About the Author
    4. About the Reviewers
      1. Support files, eBooks, discount offers and more
        1. Why Subscribe?
        2. Free Access for Packt account holders
        3. Instant Updates on New Packt Books
    6. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Errata
        2. Piracy
        3. Questions
    7. 1. Oracle Identity Management: Overview and Architecture
      1. Oracle Identity Management overview
      2. WebLogic Server overview
      3. Oracle Access Manager overview & architecture
        1. Oracle Access Manager server-side components
      4. Oracle Identity Manager overview & architecture
        1. Oracle Identity Manager architecture
          1. Presentation tier
          2. Business Services tier
          3. Data tier
        2. Oracle Identity Manager components
      5. Summary
    8. 2. Installing Oracle Identity and Access Manager
      1. Installation overview
      2. Installation types
        1. Interactive versus Silent Install
          1. Collocated versus Distributed install
          2. Single instance versus Multiple instance (cluster) install
      3. Things good to know for IDAM Installation
      4. Installing Oracle Identity and Access Management
        1. Installing IDAM
        2. Installing SOA Suite
        3. Upgrading SOA Suite to
        4. Configuring Identity and Access Management and creating your WebLogic domain
        5. Configuring Oracle Identity Manager server
        6. Starting Services and testing URLs
        7. Installing for high availability
          1. Prerequisites for Oracle IDAM high-availability configuration
          2. Installing and Configuring IDAM for high-availability
      5. Silent installation
        1. Silent installation steps
      6. Deinstalling/Uninstalling
        1. Deinstalling/Uninstalling Oracle Identity Management Home
        2. Deinstalling/Uninstalling Oracle Common Home
      7. Summary
    9. 3. IDAM Directory Structure and Files
      1. Common environment variables
        1. Middleware Home
        2. WebLogic Home
        3. Coherence Home
        4. IDAM Oracle Home
        5. Common Oracle Home
        6. SOA Oracle Home
        7. Domain Home
      2. Summary
    10. 4. Start-up Shutdown IDAM
      1. Start-up/Shutdown order
      2. Starting IDAM server
      3. Stopping default IDAM installation
      4. Configure Node Manager
        1. Configure Node Manager as a service
          1. Configure Node Manager as a service on Windows
            1. Uninstall Node Manager service from Windows
          2. Configure Node Manager as a service on Unix/Linux
      5. Options to start/stop IDAM
        1. Start/Stop using WLST commands
        2. Start/Stop using Fusion Middleware Control
        3. Start/Stop using WebLogic console
          1. Troubleshooting Start-up
      6. Things good to know
      7. Summary
    11. 5. OAM Administration and Navigation
      1. Accessing the OA Administration console
        1. Logging in and out of OAM Administration console
      2. Navigating the OAM Administration console
        1. Console layout
        2. Policy configuration
        3. System configuration
      3. Data sources
        1. User Identity store
          1. How to access User Identity Store?
          2. How to create User Identity Store?
          3. How to set a User Identity Store as Primary?
          4. Important points when using stores
        2. OAM policy and session data store
        3. OAM configuration data store
        4. Security key and Java key store
      4. OAM server registration
        1. How to add OAM Server Instance?
      5. Registering OAM agents
        1. What happens when registering agent with OAM server
        2. Registering agents using the Administration console
          1. Registering 11g/10g WebGates using the Administration console
        3. Registering agents remotely using the command line
          1. Remote Registration utility usage
          2. In-band registration
          3. Out-of-band registration
      6. Summary
    12. 6. OAM Policy Component and Single Sign-On
      1. Terminology
        1. Application domain
        2. Resource type
          1. Creating a resource type
          2. Deleting a resource type
        3. Host identifier
          1. Creating a host identifier
          2. Deleting a host identifier
        4. Resources
        5. Authentication modules
          1. Creating a new authentication module
          2. Deleting a new authentication module
        6. Policy (authentication/authorization) response
        7. Authentication schemes
          1. Authentication level
          2. Challenge methods
            1. Form
            2. Basic
            3. X509
            4. WNA
            5. None
            6. DAP
          3. Creating an authentication scheme
          4. Deleting an authentication scheme
        8. Authentication policy
          1. Authentication policy response
          2. Adding an authentication policy
          3. Deleting an authentication policy
        9. Authorization policy
          1. Authorization policy response
          2. Authorization constraints
          3. Adding an authorization policy
          4. Deleting an authorization policy
      2. OAM SSO
        1. OAM SSO login request flow
          1. SSO login request flow with OAM 10g/11g agents (WebGate)
          2. SSO login request flow with OSSO agents
        2. OAM SSO cookies
          1. OAM_ID cookie
          2. OAMAuthn cookie
          3. ObSSO cookie
          4. OAM_REQ cookie
          5. OAMRequestContext cookie
          6. OHS_<host-port> cookie
          7. GITO cookie
        3. SSO engine settings
      3. Managing application domain
        1. Creating an application domain
      4. Summary
    13. 7. OAM Session Management
      1. User session lifecycle
        1. User Lifecycle settings
          1. Idle timeout
          2. Session life time
          3. Maximum number of sessions per user
        2. Managing active users' sessions
      2. Configuring a separate database for session data
      3. Summary
    14. 8. Installing and Configuring OAM Agents
      1. Installing OAM agents
        1. Downloading OAM agent software
          1. Downloading 11g WebGate
          2. Downloading 10g WebGates
          3. Downloading GCC libraries
        2. Installing 11g WebGate for OHS 11g
          1. Provisioning and registering 11g WebGate with OAM server
          2. Installing WebGate 11g Software
        3. Installing and configuring 10g WebGate for OHS 10g
          1. Provisioning 10g WebGate for OAM 11g
          2. Installing 10g WebGate Software
      2. OAM agent (WebGate/OSSO) properties
        1. 11g WebGate Properties
        2. 10g WebGate Properties
        3. OSSO agent properties
      3. Summary
    15. 9. OIM Navigation: Administration and Design Console
      1. OIM interfaces
        1. Oracle Identity Manager Administrative and User Console
          1. Self-Service Console for unauthenticated users
            1. Reset a forgotten password
            2. Self-registration
            3. Track self-registration requests
          2. Self-Service Console for authenticated users
            1. Profile management
            2. Request management
            3. Task management
          3. Administration Console
          4. Advanced Administration Console
        2. Oracle Identity Manager Design Console
          1. Installing Design Console
          2. OIM Design Console navigation
            1. User Management
            2. Resource Management
            3. Process Management
            4. Administration
            5. Development Tools
        3. SPML Web Service
      2. Summary
    16. 10. OIM Connectors—Installation and Configuration
      1. Connector
        1. Connector Components
          1. IT resource type
          2. IT resource
          3. Process form
          4. Resource object
          5. Provisioning process
          6. Process task
          7. Process task adapter
        2. Types of OIM connectors
          1. Predefined connectors
          2. Custom connector using Adapter Factory
          3. Generic technology connector
      2. Provisioning and reconciliation
        1. Provisioning
          1. Request-based provisioning
          2. Policy-based provisioning
          3. Direct provisioning
        2. Reconciliation
          1. Trusted source reconciliation
          2. Account reconciliation
      3. Installing predefined connectors
        1. Deploying the OIM connector for Oracle Internet Directory
          1. Preinstallation steps
          2. Installing OIM-OID connector
          3. Configure IT Resource (OID)
          4. Using the OIM-OID connector
            1. Performing reconciliation
            2. Performing provisioning
              1. Switching from direct provisioning to request-based provisioning
              2. Switching from request-based provisioning to direct provisioning
              3. Provision resource using Direct provisioning
        2. Deploying OIM connector for Microsoft Active Directory User Management
          1. Pre-installation
          2. Installation
          3. Configuring IT resource for Active Directory
          4. Setting up lookup definition in OIM
          5. Using OIM-AD connector
            1. Performing reconciliation
            2. Performing provisioning
              1. Switching from direct provisioning to request-based provisioning
              2. Switching from request-based provisioning to direct provisioning
              3. Provision resource using direct provisioning
        3. Deploying the OIM connector for Oracle e-Business User Management
          1. Pre-installation steps
          2. Installation
          3. Configure IT resource for EBS
          4. Using OIM-EBS User Management connector
            1. Performing reconciliation
              1. Configuring EBS as a trusted source
              2. Configuring EBS as target resource
      4. Transferring connectors from test to production
      5. Summary
    17. 11. OIM Configuration and Tasks
      1. WebLogic Full Client (WLfullclient)
        1. How to Generate wlfullclient.jar
        2. MDS utilities
      2. How to import/export/delete files using WebLogic MDS utilities
      3. OIM password policy
        1. Creating a password policy
        2. Associate password policy with a resource
      4. Purge OIM cache
      5. Managing OIM configuration
        1. How to manage OIM configuration using MBeans
        2. Managing system properties in OIM
      6. Changing OIM hostname and port number
      7. Changing passwords related to OIM
      8. Summary
    18. 12. OAM Integration with Fusion Middleware and EBS R12
      1. OAM Integration with Fusion Middleware
        1. FMW security concepts
          1. Users, groups, application roles
          2. Identity, policy, and credential stores
            1. Identity store
            2. Policy store
            3. Credential store
          3. WebLogic server authentication providers
            1. JAAS flag
            2. Oracle Internet Directory authentication provider
            3. OAM identity assertion provider
      2. Integrating FMW with OAM for SSO
          1. Sentence case and hyphenate High-level for OAM with FMW
          2. WebCenter-specific tasks
          3. OBIEE-specific tasks
      3. Integrate Oracle E-Business Suite with OAM
        1. E-Business Suite—OAM integration component
          1. Profile option
          2. Oracle HTTP Server
          3. Web Gate
          4. mod_wl_ohs
          5. WebLogic server
          6. Oracle E-Business Suite Access Gate
        2. Request flow for EBS integrated with OAM
        3. High-level steps to integrate EBS R12 with OAM SSO
      4. Summary
    19. 13. Logging and Auditing for OIM/OAM
      1. Logging methods
        1. Oracle Diagnostic Logging (ODL) framework
          1. Loggers
          2. Log handlers
          3. Log level
            1. How to change log level
              1. Changing the log level using WLST
              2. Changing the log level using FMW Control
              3. Changing Log Location/Log Rotation policy using FMW Control
        2. Apache log4j
          1. Log level
          2. How to configure log4j
        3. WebLogic logging service
          1. How to enable debugging in WebLogic server
        4. Log location
        5. Auditing
          1. Auditing in OAM
            1. Auditing flow in OAM
            2. Configuring auditing for OAM
            3. Prepare the audit store
            4. Configure WebLogic domain to connect to audit store
            5. Configure OAM to use the audit store
            6. Configure audit policies
            7. Restart WebLogic server
            8. Test working of auditing
          2. Auditing in OIM
      2. Remote Diagnostic Agent (RDA)
        1. Configuring RDA
      3. Summary
    20. A. Appendix
      1. FAQ
      2. Common issues
        1. Start/Stop issues
        2. User registration in OIM
        3. Error while running MDS utility
        4. Unable to log in to OIM design console
      3. Summary