List of Tables

• 1-1 Deployment Types
• 1-2 Enhancements in Oracle Access Manager 11g
• 1-3 OAM 10g Functionality Not Available with Oracle Access Manager 11g
• 1-4 Comparison: OAM 11g versus OAM 10g versus OSSO 10g
• 1-5 Oracle Security Token Service Terms
• 1-6 Oracle Security Token Service 11g Infrastructure
• 1-7 Integrated Oracle Web Services Manager
• 2-1 OAM 11g Co-existence Summary
• 3-1 Role Mapping from an LDAP Group to Administrator
• 3-2 Welcome Page and Shortcuts
• 3-3 Function Tabs and Descriptions
• 3-4 Command Buttons in the Tool Bar
• 3-5 View Menu Command Descriptions
• 3-6 System Configuration, Actions Menu, Command Descriptions
• 3-7 Controls for Open Pages
• 3-8 Page Elements and Descriptions
• 3-9 Selection Tasks and Controls
• 3-10 Policy Configuration Subtabs
• 3-11 Policy Configuration Search Controls
• 3-12 Common System Configuration Search Controls
• 4-1 Common Configuration Nodes in Navigation Tree
• 4-2 Common Settings
• 4-3 Common Coherence Settings
• 5-1 Oracle Access Manager 11g, 10g, and OSSO Key Comparison
• 5-2 User Identity Store Elements
• 6-1 Summary: Server-side Differences with OAM 11g versus OAM 1g versus OSSO 10g
• 6-2 OAM Server Instance Settings
• 6-3 OAM Proxy Settings for an Individual OAM Server
• 6-4 Default Coherence Settings for Individual OAM Servers
• 7-1 Common Session Settings
• 7-2 Session Management Controls and the Results Table
• 8-1 Access Manager Settings
• 8-2 Access Manager Settings: Load Balancer
• 8-3 External Error Codes, Trigger Conditions, and Recommended Messages
• 8-4 Access Manager Settings: SSO
• 8-5 Summary: Simple and Cert Mode
• 8-6 Server Common OAM Proxy Secure Communication Settings
• 8-7 Policy Evaluation Caches
• 8-8 Kerberos Authentication Module Definition
• 8-9 LDAP Authentication Module Definition
• 8-10 X509 Authentication Module Definition
• 8-11 Add New Step Entries, Steps Results Table, and Details Section
• 8-12 Steps Orchestration Subtab
• 8-13 X509 Step Details: Attributes to Extract from a Certificate
• 9-1 Agents for OAM 11g
• 9-2 Comparing Agent Types and Differences
• 9-3 Comparing IAMSuiteAgent and 11g and 10g Webgates
• 9-4 Create Pages for OAM 10g and 11g Webgates
• 9-5 Expanded OAM 11g and 10g Webgate Elements and Defaults
• 9-6 User-Defined Webgate Parameters
• 9-7 OAM Agent Search Controls
• 9-8 Webgate Caches
• 9-9 Create OSSO Agent Page Elements
• 9-10 Expanded OSSO Agent Elements
• 10-1 Remote Registration Request Files
• 10-2 Remote Registration Sample Commands
• 10-3 Results of Remote Registration
• 10-4 Elements Common to Remote Registration Requests
• 10-5 OSSO-Specific Elements in a Remote Registration Request
• 10-6 Elements Common to Full Remote Registration Requests
• 10-7 Variables Required for Remote Registration
• 10-8 Remote Agent and Policy Updates
• 10-9 Remote Application Domain Management Modes
• 10-10 <rregApplicationDomain> Remote Management Template Elements
• 11-1 Comparing OAM 11g Policy Model with OAM 10g
• 11-2 Host Identifiers Examples
• 11-3 OAM 11g SSO versus OSSO 10g Component Summary
• 11-4 SSO Cookies
• 12-1 Resource Type Definition
• 12-2 Host Identifier Definition
• 12-3 Authentication Scheme Definition
• 12-4 Pre-configured Authentication Schemes
• 12-5 Challenge Parameters in Pre-configured Schemes
• 12-6 Challenge Parameters for Encrypted Cookies
• 13-1 Resource Definition Elements
• 13-2 HTTP Resources Sample URL Values
• 13-3 Resource URLs for.jsp
• 13-4 Resource Evaluation Outcomes
• 13-5 Search Elements for a Resource in an Application Domain
• 13-6 Authentication Policy Elements and Descriptions
• 13-7 Authorization Policy Elements and Descriptions
• 13-8 Response Elements
• 13-9 Namespace Request Variables for Single Sign-On
• 13-10 Namespace Session Variables for Single Sign-On
• 13-11 Namespace User Variables
• 13-12 Simple Responses and Descriptions
• 13-13 Complex Responses
• 13-14 Authorization Policy General Details
• 13-15 Add Constraint Window Elements
• 13-16 Identity Class Constraint Details
• 13-17 Temporal Constraint Class Details
• 14-1 User Interactions Using Tester Console Mode versus Command Line Mode Operations
• 14-2 Access Tester Supported System Properties
• 14-3 Access Tester Console Panels
• 14-4 Command Buttons in Access Tester Panels
• 14-5 Additional Access Tester Buttons
• 14-6 Access Tester Menus
• 14-7 Connection Panel Information
• 14-8 Protected Resource URI Panel Fields and Controls
• 14-9 Access Tester User Identity Panel Fields and Controls
• 14-10 Access Tester Capture Request Options
• 14-11 Generate Script Command
• 14-12 Test Script Control Parameters
• 14-13 Run Test Script Commands
• 14-14 Mismatched Results Reasons in the Statistics Document
• 15-1 Centralized Logout Circumstances
• 15-2 Logout Elements in OAM 11g Webgate Registration
• 15-3 Sample end_url Parameter Specifications
• 17-1 Policies Transport Security when Message-level Security Not Required
• 17-2 Security Token Service Settings
• 17-3 Configuring a Non-Oracle WSM Client for WSS Kerberos Policies
• 17-4 Oracle Security Token Service Configuration Management Operations
• 17-5 Oracle Security Token Service-specific Run-time Events
• 18-1 OSTS Public Keys Used at Run Time
• 18-2 Keystores for Oracle Access Manager with Oracle Security Token Service
• 18-3 Keystore Mbeans
• 18-4 Partner Keys for WS-Trust Communications
• 18-5 Conditions for Oracle Security Token Service Certificate Validation
• 18-6 Successful Certificate Validation Requirements
• 19-1 Template Search Controls
• 19-2 Issuance Template Requirements
• 19-3 Issuance Template: General Details
• 19-4 Issuance Properties: Username Token Type
• 19-5 Issuance Properties: SAML Token Types
• 19-6 Security Details: SAML Tokens
• 19-7 Issuance Template: Attribute Mapping, SAML Token
• 19-8 Validation Template Protocols
• 19-9 New Validation Template: General Details
• 19-10 New Validation Template: Authentication Details
• 19-11 New Validation Template: Token Mapping
• 19-12 Endpoints Page
• 19-13 Constraints Tab: Token Issuance Policy
• 20-1 Elements for Oracle Security Token Service Partners
• 20-2 Profile: General
• 20-3 Requester Profile: Token and Attributes
• 20-4 Relying Party Profile Requirements
• 20-5 Token and Attributes Elements: Issuing Authority
• 20-6 Issuing Authority Token Mapping Elements
• 22-1 Oracle Access Manager Server-Side Components
• 22-2 Oracle Access Manager Shared-Service Engine Components
• 22-3 Oracle Access Manager Foundation APIs Components
• 22-4 Mapping of ODL to Java Levels
• 22-5 Oracle Security Token Service Logger
• 23-1 Logging Levels
• 23-2 Log Configuration File Names for Components
• 23-3 Log Writers
• 23-4 Global Parameters in the First Compound List
• 23-5 Factors that Determine Whether Logging Is Active
• 23-6 Mandatory Log Configuration File Parameters
• 23-7 Log Data File Configuration Parameters
• 23-8 ParamName Values You Can Configure for Per-Module Logging Threshold
• 24-1 Oracle Access Manager Administrative Audit Events
• 24-2 OAM Run-time Audit Events
• 24-3 Audit Configuration Elements
• 25-1 OAM Proxy Metrics
• 25-2 OAM Proxy Tuning Parameters
• 26-1 Farm Page Sections
• 26-2 Resulting Pages for Selected Nodes and Targets
• 26-3 Summary of Performance Overviews in Fusion Middleware Control
• 26-4 Access Manager Component Metrics
• 26-5 STS Component-Specific Metrics
• 26-6 Status and Controls on Performance Summary Pages
• 26-7 OAM Log Availability and Functions in Fusion Middleware Control
• 26-8 Log Levels Tab on Log Configuration Page
• 26-9 Log Files Elements
• 26-10 OAM Log Message Search Controls in Fusion Middleware Control
• 26-11 System MBean Browser
• 26-12
• 26-13 System MBean Browser
• 26-14 Farm Topology
• 27-1 Installation Comparison with OAM 10g Webgates
• 27-2 Preparing for 10g Webgate Installation with OAM 11g
• 29-1 IIS 7 Webgate Windows Server 2008
• A-1 Partner Applications Protected by OSSO 10g
• B-1 Deployment Types
• B-2 Differences when Transitioning Data to New versus Existing Target Environments
• B-3 Full Replication
• B-4 Delta-Replication
• B-5 Export Partner and Policy Commands
• B-6 Import Partners, Policy, and Delta Commands
• C-1 addOAMSSOProvider Command-line Arguments
• D-1 Languages for Localized Messages in Oracle Access Manager
• E-1 importcert Command Syntax
• F-1 Operational Modes for WLST commands for OAM
• F-2 WLST Oracle Access Manager Commands
• F-3 WLST Commands Oracle Security Token Service
• H-1 Login Page Parameters Submitted to the Page by the Single Sign-On Server
• H-2 Login Page Parameters Submitted by the Page to the Single Sign-On Server
• H-3 Change Password Parameters Submitted to the Page
• H-4 Change Password Page Parameters Submitted by the Page
• H-5 Parameters Submitted to the Single Sign-Off Page
• H-6 Parameters Submitted to the External Application Login Page
• H-7 Parameters the External Application Login Page Submits to the Application
• H-8 Login Page Error Codes
• H-9 Post-Login Messages
• H-10 Change Password Page Error Codes
• H-11 External Application Login Page Error Codes
• H-12 External Application Login
• H-13 Authentication Method
• H-14 Additional Fields