Index

A B C D E F G H I J K L M N O P R S T U V W X

A

access control list, 8.2.1.2

access controller, 1.2.3

Access Server

cache, 10.2.6.1

AccessGate

configureAccessGate tool, 10.2.4.2.4, 10.2.10.6

ACL, 8.2.1.2

anonymous role, 3.4, 3.4.1, 6.2

anonymous SSL, 8.2.1

anonymous user, 3.1, 3.4, 3.4.1

anonymous user and role, 15.1

Application Name or Stripe, 15.1

application role, 3.1, 15.1

audit data

bus-stop files, 12.2.5

file management, C.6

migrating, 12.5.5

reports, 13.1

audit data store

backup and recovery, 12.5.6.2

configuring for Java components, 12.2.3.2

configuring for system components, 12.2.4

data purge, 12.5.6.3

de-configuring, 12.2.4.1

partitioning, 12.5.6.1

schema, 12.5.1

tiered archival, 12.5.6.4

Audit Flow, 11.3.1

audit logs, 12.4.1

audit policy, 12.3

audit report

example of, 13.4

audit reports

attributes, 13.5.2

by component, C.2.2

custom, 13.6.2

list of standard, 13.5.1

types of, 13.2

viewing, 13.3

Audit Schema, C.3

audit-aware components, C.1.1

auditing

event attributes, C.1.3

events, C.1.2

filter expression syntax, C.5

for Oracle Fusion Middleware components, 12.3

in Oracle Fusion Middleware, 11

Java components, C.1.1

manual policy management, 12.3.4

manually configure for Java components, 12.3.4.2

manually configure for system components, 12.3.4.4

Oracle Directory Integration Platform, C.1.2.1

Oracle HTTP Server, C.1.2.3

Oracle Identity Federation, C.1.2.5

Oracle Internet Directory, C.1.2.4

Oracle Platform Security Services, C.1.2.2

Oracle Virtual Directory, C.1.2.6

Oracle Web Cache, C.1.2.11

Oracle Web Services Manager, C.1.2.12

overview, 11.2

OWSM-Agent, C.1.2.7

OWSM-PM-EJB, C.1.2.8

policy management with Fusion Middleware Control, 12.3.1, 12.3.2

policy management with WLST, 12.3.3

record storage, 11.3.3

report filters, 13.1.5

report setup for Oracle Business Intelligence Publisher, 13.1.3

report templates, 13.1.4

Reports Server, C.1.2.9

system components, C.1.1

WLST commands, C.4

WS-Policy Attachment, C.1.2.10

authenticated role, 3.3, 6.2, 15.1

authenticated user, 3.1

authentication provider, 4.1

Authentication providers, 10.3.2.4

DefaultAuthenticator, 10.2.4.3.3, 10.2.5.3, 10.2.6.3, 10.3.2.4

LDAP Authentication, 10.2.4.3.1

OAM, 10.2, 10.2.2

OAM Authenticator, 10.2.5.3

OAM Identity Asserter, 10.2.4.3.3, 10.2.6.3

OID Authenticator, 10.2.4.3.3, 10.2.6.3, 10.3.1.2, 10.3.2.4

OSSO Identity Asserter, 10.3.2.4

WebLogic, 10.1

Authenticator for OAM, 10.2

B

basic authentication, 20.6

bootstrap credentials, 7.3.1

C

cache

Access Server, 10.2.6.1

callback handler, 1.3.2

choosing

the right SSO solution, 10

cipher suite, 20.2

class permission, 15.4.6

CredentialAccessPermission, 15.4.6.2

JpsPermission, 15.4.6.3

PolicyStoreAccessPermission, 15.4.6.1

commands to administer credentials, 8.4.2, 9.5.2

Compliance, 11.1.1

configuration file, 15.4.9

configureAccessGate tool, 10.2.4.2.4, 10.2.10.6

configuring

global logout

Oracle Access Manager, 10.2.7

Identity Assertion

for single sign-on with OAM, 10.2.4

Oracle Web Services Manager, 10.2.6

OAM Authenticator, 10.2.5

OAM for single-sign on with OAMCfgTool, 10.2.4.2.4

OAM for SSO with OAMCfgTool, 10.2.4.2

OSSO, 10.3

providers for Oracle Web Services Manager, 10.2.6.3

Single Sign-On in Oracle Fusion Middleware, 10

configuring domains, 6.4

Configuring the Local Store Adapter, 8.1.2

createAppRole, 8.4.2.1

createCred, 9.5.2.3

Credential Store, 3.1

Credential Store Framework, 14.3.4

Credential Store Framework API, 14.2.4

CredentialAccessPermission, 15.4.6.2

CSF

J2EE example with LDAP store, 17.7.4

J2EE example with wallet, 17.7.3

J2SE example with wallet, 17.7.2

CSIv2 identity assertion, 4.1.2

cwallet.sso, 5.3, 15.4.3

cwallet.sso file, 15.3

D

declarative security, 1.4.1

default keystore, 20.2.1

DefaultAuthenticator, 5.1, 10.2.4.3.3, 10.2.5.3, 10.2.6.3, 10.3.2.4

deleteAppPolicies, 8.4.2.10

deleteAppRole, 8.4.2.2

digest authentication, 20.6

distribute environments, 8.1.1

E

EAR file, 15.3, 15.3.1

ejb-jar.xml, 4.2, 15.3

embedded LDAP, 4.1.1, 5.2

enterprise group, 3.1

enterprise user, 3.1

Enterprise-Level SSO, 10.1

Event Source Type, 11.3.2.1

Existing OSSO, 10.1

exportAuditConfig, C.4.7

EXTRA_JAVA_PROPERTIES, F.1, I.1.2

F

fail over support, 6.4

FAQ, 2.1

G

generic credential, 9.1

getAuditPolicy, C.4.2

getNonJavaEEAuditMBeanName, C.4.1

getSSLSession, 20.2.2

grantAppRole, 8.4.2.3

grantPermission, 8.4.2.7

group, 3.1

H

Hash function, 20.2.4

Headers

sent by Oracle HTTP Server, 10.3.1.3

host name verification, 20.5.1

HostnameVerifier, 20.5

HTTPClient, 20.2

HTTPConnection, 20.1

I

Identity Asserter for Single Sign-on with OAM, 10.2

Identity Store, 3.1

identity store

creating provider, 19.3.4

provider configuration properties, 19.3.5

selecting provider, 19.3.3

identity store in JavaSE, 16.2.2

importAuditConfig, C.4.8

initializing an LDAP authenticator, 4.1.3.1

invoking MBeans, E.2.2

isCallerInRole, 2.5.1

isUserInRole, 2.5.1

J

J2EE

authentication, 1.4.2

declarative secutity, 1.4.1

role, 1.4.3

JAAS

callback handler, 1.3.2

principal, 1.3.1

subject, 1.3.1

JAAS mode, 15.1

Java 2

access crontroller, 1.2.3

permission, 1.2.1

protection domain, 1.2.2

security manager, 1.2.3

javadocs

OPSS APIs, H.1

OPSS MBeans APIs, H.1

OPSS User and Role APIs, H.1

javax.net.ssl.keyStore, 20.3

javax.net.ssl.keyStorePassword, 20.3

javax.net.ssl.keyStoreType, 20.3

javax.net.ssl.trustStore, 20.3

javax.net.ssl.trustStorePassword, 20.3

javax.net.ssl.trustStoreType, 20.3

jazn-data.xml, 5.3, 15.3, 15.3.1

JKS keystore, 20.2, 20.4.1

JpsApplicationLifecycleListener, 15.4.4

jpsApplicationLifecycleListener, 15.4.1

jps.apppolicy.idstoreartifact.migration, 15.4.1, 15.4.1

JpsAppVersionLifecycleListener, 15.4.1

JpsAuth.checkPermission API, 14.2.3

jps-config-jse.xml, 2.5.3

jps-config.xml, A

jps-config.xml full example, 15.4.9

jps.credstore.migration, 15.4.4

JpsFilter, 15.1, 15.3

JpsInterceptor, 15.1, 15.1.1, 15.3

JpsPermission, 15.4.6.3

jps.policystore.applicationid, 15.4.1

jps.policystore.migration, 15.4.1

jps.policystore.migration.validate.principal, 15.4.1

jps.policystore.removal, 15.4.1

JSSE, 20

K

Key exchange, 20.2.4

L

large volume stores, 7.5.2.3

LDAP servers, 5.1

ldapadd, 8.1.2

LDAP-based credential, 9.2

LDAP-based policy store, 8.1

ldapmodify, 8.2.1.2

ldapsearch, 8.1.2

LDIF file, 8.1.2

listAppRoleMembers, 8.4.2.6

listAppRoles, 8.4.2.5

listAuditEvents, C.4.6

listPermissions, 8.4.2.9

logical role, 3.1, E.3

LoginService API, 14.2.1

LSA, 8.1.2

M

management tools, 5.2

mapping roles, 7.5.2

MBean

Administration Policy Store, E.2.1

annotations, E.3.1

Application Policy Store, E.2.1

code sample, E.2.3

Credential Store, E.2.1

Global Policy Store, E.2.1

Jps Configuration, E.2.1

migrateSecurityStore, 7.5.1.1, 7.5.2, 8.3.2, 9.4.2, 15.4.8

migrating credentials example, 7.5.2.2

migrating policies example, 7.5.2.1

mod_osso, 10.3.2

modifyBootStrapCredential, 9.5.2.5

Monitoring, 11.1.1

multiple-node server domain, 8.1.1

N

NTLM, 20.6

O

OAM

Authentication provider, 10.2, 10.2.2

parameter, 10.2.8

Troubleshooting, 10.2.10

Authenticator, 10.2, 10.2.5.3

Identity Asserter, 10.2, 10.2.4.3.3, 10.2.6.3

oamAuthnProvider.jar, 10.2.2.1, 10.2.3.2

OAMCfgTool, 10.2.3.1, 10.2.3.2, 10.2.4, 10.2.4.2

about using, 10.2.4.2.1

Create mode parameters, 10.2.4.2.1

host identifiers created, 10.2.4.2.3

Known Issues, 10.2.9

process overview, 10.2.4.2.2

Validate mode parameters, 10.2.4.2.1

oamcfgtool.jar, 10.2.2.1, 10.2.3.2

ObSSOCookie, 10.2.2.2

OID Authenticator, 10.2.4.3.3, 10.2.6.3, 10.3.1.2, 10.3.2.4

one-way SSL, 8.2.1

OPSS

and Oracle Application Development Framework, 14.4

and the development cycle, 14.1.1

features for developers, 14.1.3

OPSS APIs

and JavaEE application, 14.3.1

and JavaSE application, 14.3.7

authentication with, 14.3.2

authorization with, 14.3.3

common uses, 14.3

CSF, 14.3.4

User and Role, 14.3.5, D

OPSS Architecture, 14.1.4

Oracle Access Manager

Integration with OSSO, 10.1, 10.1

Oracle Business Intelligence Publisher, 13.1

audit report example, 13.4

Oracle Fusion Middleware Audit Framework, 11.1, 11.1.3

architecture, 11.3.1

concepts, 11.3, 11.3.2

Oracle Information Lifecycle Management Assistant, 12.5.6.4

Oracle Internet Directory, 5.1

Oracle Internet Directory 10.1.4.3 patch, 5.1

Oracle Platform Security Services, 10.1

developing with, 14

Oracle Security Developer Tools, 14.5

Oracle Virtual Directory, 5.1

OracleAS Single Sign-On solution, See Also OSSO, 10.3

OraclePKIProvider, 20.2.1

oracle.security.jps.config, 2.5.3, A

orapki, 20.2.1

OSSO

existing implementation, 10.1

Identity Asserter, 10.3.1, 10.3.2.4, 10.3.2.4

new users, 10.3.2

processing, 10.3.1.2

Tips and Troubleshooting, 10.3.3

solution, 10, 10.1, 10.1

OSSO Identity Asserter, 10.3.1.1

P

password credential, 9.1

perimeter authentication, 10.2.2.2

permission, 1.2.1

permission classes, 8, 15.4.6

policy domain

URL prefixes, 10.2.5.2.1, 10.2.5.2.2, 10.2.6.1

Policy Store, 4.2

PolicyStoreAccessPermission, 15.4.6.1

principal, 1.3.1, 3.1

Process overview

OAMCfgTool, 10.2.4.2.2

Oracle Access Manager Authenticator for Web and non-Web Resources, 10.2.2.3

Oracle Access Manager Identity Asserter with Web-only applications, 10.2.2.2

OSSO Identity Asserter, 10.3.1.2

production environment, 6.2.1

Programmatic Authorization, 14.3.3

programmatic security

J2EE

programmatic security, 1.4.1

protection domain, 1.2.2

R

reassociateSecurityStore, 8.4.2.11

revokeAppRole, 8.4.2.4

revokePermission, 8.4.2.8

role hierarchy, 3.2.1

S

SAML 1.1 identiry assertion, 4.1.1

SAML 2.0 identity assertion, 4.1.1

scenarios, 5.4

security manager, 1.2.3

Security Provider for WebLogic SSPI, 10.2.1.3

security role, 1.4.3

security-related commands, 6.5

server restart, F

service instance update script, E.1

Service Providers, 19.3

introduction, 19.3

understanding, 19.3.1

setAuditPolicy, C.4.3

setAuditRepository, C.4.5

setDefaultHostnameVerifier, 20.5.2

setDomainEnv shell script, F.1, I.1.2

setHostnameVerifier, 20.5.2

Setting a Node in LDAP server, 8.1.2

setting up providers

OAM Asserter with Oracle Web Services Manager, 10.2.6.3

OAM Authenticator, 10.2.5.3

OAM Identity Assertion, 10.2.4.3.3

OSSO Identity Asserter, 10.3.2.4

single sign-on solutions for Fusion Middleware, See Also SSO, 10

SPNEGO, 4.1.2

SPNEGO tokens, 4.1.2

SSL

and User/Role APIs, 19.8

anonymous, 8.2.1

one-way, 8.2.1

SSLSocketFactory, 20.4.2, 20.4.2

SSO

enterprise level, 10.1

existing 10g SSO, 10.1

Oracle Access Manager, 10.2

Synchronization Filter, 10.4

StandardHostnameVerifier, 20.5.3

subject, 1.3.1, 3.1

Symmetric cipher, 20.2.4

synchronizing

user and SSO Sessions, 10.4

T

Task overview

Configuring the OAM Authenticator, 10.2.5

Deploying and configuring OAM Identity Assertion for single sign-on includes, 10.2.4

Deploying OSSO Identity Asserter, 10.3.2

Deploying the Identity Asserter with Oracle Web Services Manager, 10.2.6

Installing required components for OAM Authentication Provider, 10.2.3.2

Setting policies in Oracle Web Services Manager, 10.2.6.2

U

updateServiceInstanceProperty, E.1

updating instance with script, E.1

upgradeSecurityStore, G

User and Role API, 14.2.2, D

Javadoc, 19.9

programming tips, 19.3.9.1

User and Role APIs

and WebLogic authenticators, 19.1.1

developing with, 19

environment setup, 19.3.2

introduction, 19.1

programming tips, 19.3.9

summary, 19.2

UseRetrievedUserNameAsPrincipal, 4.1.3.1

V

Versioning the Application, 15.4.1

W

WAR file, 15.1

WebLogic

Authentication provider, 10.1, 10.2.4.3.1

Authentication providers

Identity Assertion, 10.2.4.3.1

J2EE applications, 10.2.1.3

WebLogic Scripting Tool (WLST), 10.2.4.3.2

web.xml, 4.2, 15.3

WLSGroupImpl, 15.2

WLSGroupImpl principal, 10.2.2.2

WLST

createAppRole, 8.4.2.1

createCred, 9.5.2.3

deleteAppPolicies, 8.4.2.10

deleteAppRole, 8.4.2.2

deleteCred, 9.5.2.4

grantAppRole, 8.4.2.3

grantPermission, 8.4.2.7

listAppRoleMembers, 8.4.2.6

listAppRoles, 8.4.2.5

listCred, 9.5.2.1

listPermissions, 8.4.2.9

reassociateSecurityStore, 8.4.2.11

revokeAppRole, 8.4.2.4

revokePermission, 8.4.2.8

updateCred, 9.5.2.2

WLSUserImpl, 15.2

WLSUserImpl principal, 10.2.2.2

X

X509 identity assertion, 4.1.1