Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Identity Federation
11
g
Release 1 (11.1.1)
Part Number E13400-02
Home
Book List
Index
Contact Us
Next
View PDF
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in This Guide?
New Features Introduced with Oracle Identity Federation 11
g
Release 1 (11.1.1)
1
Introduction to Oracle Identity Federation
1.1
Federated Identity Management
1.1.1
Challenges of Identity Federation
1.1.2
Federation Use Cases
1.1.3
Concepts
1.1.4
Federation Protocols
1.1.4.1
SAML Basics
1.1.4.2
Evolution of the Federated Identity Standards
1.1.4.3
SAML 1.x
1.1.4.4
SAML 2.0
1.1.4.5
WS-Federation
1.2
About Oracle Identity Federation
1.2.1
Features and Benefits of Oracle Identity Federation
1.2.2
Architecture
1.2.3
High-Level Processing Flow
1.2.4
Federation Protocol Profiles
1.2.4.1
Browser POST Profile
1.2.4.2
Browser Artifact Profile
1.2.4.3
SOAP Binding
1.2.4.4
Browser HTTP Redirect Profile
1.2.4.5
Name Identifier Management Profiles
1.2.4.6
SAML Attribute Sharing Profile
1.2.4.7
WS-Federation Passive Requester Profile
1.2.4.8
Federation Termination Profile
1.2.4.9
Global Logout Profile
1.2.5
Affiliations
1.2.6
Cryptographic Provider
1.2.7
Example of Federation Event Flow
1.2.8
Supported Standards and Applications
2
Planning Oracle Identity Federation Deployment
2.1
Architecture Options
2.1.1
Role in Federation
2.1.2
Proxy Server
2.1.3
Server Security
2.1.3.1
SSL Encryption
2.1.3.2
Certificate-based Authentication
2.1.3.3
Certificate Repository and Validation
2.1.4
Protocol
2.2
Profiles and Bindings
2.2.1
Supported Protocols
2.2.2
Choosing a Profile
2.2.2.1
Using the Artifact Profile
2.2.2.2
Using the POST Profile
2.2.2.3
SAML Security Considerations
2.2.2.4
Using the SAML Attribute Sharing Profile
2.2.2.5
Using the WS-Federation Logout Profile
2.3
Authentication Engines
2.3.1
Engines in Oracle Identity Federation
2.3.2
Authenticating with a Repository
2.3.3
Authenticating with an IdM Solution in IdP Mode
2.3.4
Propagating Authentication State to Oracle Access Manager in SP Mode
2.3.5
Propagating Authentication State to Oracle Single Sign-On in SP Mode
2.3.6
HTTP Basic Authentication
2.4
Data Repositories
2.4.1
Federation Data Store
2.4.2
User Data Store
2.4.3
Session and Message Data Stores
2.4.4
Configuration Data Store
2.5
Installation Requirements
2.5.1
Required Components
2.6
Sizing Guidelines
2.6.1
Deployment and Architecture Considerations
2.6.1.1
Profiles
2.6.1.2
Repositories
2.6.1.3
Transient (Session and Message) Storage
2.6.1.4
Security for Assertions
2.6.1.5
Connection Tuning
2.6.1.6
High Availability
2.6.1.7
Tuning Servers
2.6.1.8
HTTP Session Persistence
2.6.1.9
Impact of Additional Security
2.6.2
Typical Deployment Scenario
2.6.3
Reference Server Footprint
2.6.4
Topology
2.7
Implementation Checklist
3
Deploying Oracle Identity Federation
3.1
Introduction
3.2
Deployment Scenarios
3.2.1
Deploying Oracle Identity Federation with Oracle HTTP Server
3.2.1.1
Starting and Stopping the Oracle HTTP Server Instance
3.2.2
Deploying Oracle Identity Federation with Oracle Single Sign-On
3.2.2.1
Create and Manage the Oracle HTTP Server Instance
3.2.2.2
Integrate Oracle Single Sign-On with OHS
3.2.2.3
Configure Oracle Identity Federation to use Oracle Single Sign-On as the Authentication Engine
3.2.2.4
Configure Oracle Identity Federation for Oracle Single Sign-On SP Integration
3.2.2.5
Configure Oracle Single Sign-On
3.2.2.6
Testing Federated Single Sign-On
3.2.3
Deploying Oracle Identity Federation with Oracle Access Manager
3.2.3.1
Create and Manage OHS
3.2.3.2
Integrate Oracle Access Manager as an Authentication Engine
3.2.3.3
Integrate Oracle Access Manager as an SP Integration Module
3.2.4
Deploying Oracle Identity Federation with a Sun Java System Web Server
3.2.4.1
Requirements
3.2.4.2
Configuring Oracle Identity Federation Without a Web Proxy Server
3.2.4.3
Configuring Oracle Identity Federation Behind a Web Proxy Server
3.2.4.4
Updating the Identity and Access Management servers
3.2.4.5
Sun Java System Web Server Sample Configuration Files
3.2.5
Integrating with Third-Party Identity & Access Management Modules
3.2.5.1
Architecture and Flows
3.2.5.2
Creating a Custom Authentication Engine
3.2.5.3
Creating a Custom SP Integration Engine
3.2.5.4
Logout
3.2.6
Using the Test SP Engine
3.2.6.1
Configure the Test SP Engine
3.2.6.2
Use the Test SP Engine for SP-Initiated SSO
3.2.6.3
Use the Test SP Engine with IdP-Initiated SSO
3.2.6.4
Test SP Engine Results
4
Server Administration
4.1
Basic Administration
4.1.1
About the Federation Server Administrator
4.1.1.1
About Roles
4.1.1.2
Deployment Planning
4.1.1.3
Other Planning Tasks
4.1.2
Administering Oracle Identity Federation
4.1.3
Oracle Identity Federation Log Files
4.1.4
Backups
4.2
Common Tasks
4.2.1
Obtain Server Metadata
4.2.1.1
Versions
4.2.1.2
Provider-specific Metadata
4.2.2
Obtain Server Certificates
4.2.2.1
Specifying Certificate Usage
4.2.2.2
Specifying Certificate Type
4.2.3
Perform SP-initiated Single Sign-On
4.2.4
Perform IdP-initiated Single Sign-On
4.2.5
Launch the Logout Process
4.2.6
Set Signature Verification Certificate Property (SAML 1.x)
4.2.7
Perform SP-initiated Single Sign-On (SAML 1.x)
4.2.8
Send Attribute Requests and Queries (SAML 1.x)
4.2.8.1
NameID Format Strings when Using the Attribute Requester Service
4.2.9
Send Authentication Queries (SAML 1.x)
4.3
Managing Identity Federations
4.3.1
Search for a Provider
4.3.2
Add Trusted Providers
4.3.3
Update Trusted Providers
4.3.4
Delete Trusted Providers
4.3.5
Set Up Single Sign-On for SAML 1.x and WS-Federation
4.4
Configuring Identities
4.4.1
About Federated Identities
4.4.2
Identities - Federations
4.4.3
Identities - Users
4.4.4
Identities - Search Options
4.5
Managing Credentials for Oracle Identity Federation
5
Configuring Oracle Identity Federation
5.1
Data Maintained by Oracle Identity Federation
5.1.1
Server Configuration Data
5.1.2
User Federation Data
5.2
Configuring Server Properties
5.2.1
Host Connection Properties
5.2.2
Outbound Connection Properties
5.3
Configuring Identity Providers - Common Properties
5.4
Configuring Identity Providers - Protocol-Specific Properties
5.4.1
Configure SAML 2.0 IdP Properties
5.4.2
Configure SAML 1.x IdP Properties
5.4.3
Configure WS-Federation IdP Properties
5.5
Configuring Service Providers
5.5.1
Configure Service Provider - Common Properties
5.5.2
Configure Service Provider - SAML 2.0
5.5.3
Configure Service Provider - SAML 1.x
5.5.4
Configure Service Provider - WS-Federation 1.1
5.6
Configuring Attribute Sharing with the Oracle Access Manager AuthZ Plug-in
5.6.1
Components Used for Attribute Sharing
5.6.2
Remote and Local Users
5.6.3
Configuring the Oracle Access Manager Plug-ins
5.6.4
Configuring Oracle Access Manager Schemes and Policies
5.6.4.1
Configuring the Attribute Sharing Authentication Scheme
5.6.4.2
Configuring the Attribute Sharing Authorization Scheme
5.6.4.3
Configuring an Oracle Access Manager Policy using Attribute Sharing
5.6.5
Configuring Oracle Identity Federation as an SP Attribute Requester
5.6.5.1
If Using HTTP Basic Authentication With OHS
5.6.5.2
If Using HTTP Basic Authentication Without OHS
5.6.5.3
If Using SSL Client Authentication
5.6.6
Configuring Oracle Identity Federation as an IdP Attribute Responder
5.6.7
Configuring Oracle Identity Federation for SSL
5.7
Configuring Identity Provider to send attributes in SSO Assertions
5.8
Web Services Interface for Attribute Sharing
5.8.1
Overview of the Service Interface
5.8.2
Attribute Request Message
5.8.3
Attribute Response Message
5.8.4
Interface WSDL
5.9
Configuring Attribute Mapping and Filtering
5.9.1
Introduction to Attribute Mapping and Filtering
5.9.1.1
Attribute Name Mapping
5.9.1.2
Attribute Value Mapping
5.9.1.3
Attribute Value Filtering
5.9.2
Mapping and Filtering Configuration
5.9.2.1
Configuring Attribute Name Mapping
5.9.2.2
Configuring Attribute Value Mapping
5.9.2.3
Configuring Attribute Value Filtering
5.10
Configuring Security and Trust
5.10.1
Security and Trust - Wallet
5.10.2
Security and Trust - Provider Metadata
5.10.3
Security and Trust - Trusted CAs and CRLs
5.11
Configuring Federations
5.12
Configuring Identities
5.13
Managing Data Stores
5.13.1
Manage the User Data Store
5.13.1.1
Configuring Oracle Identity Federation for RDBMS User Data Store
5.13.1.2
Configuring Oracle Identity Federation for an LDAP User Data Store
5.13.1.3
Configuring Oracle Virtual Directory as User Data Store
5.13.1.4
Configuring a Redundancy User Data Store
5.13.2
Manage the Federation Data Store
5.13.2.1
Configuring Oracle Identity Federation for an RDMBS Federation Data Store
5.13.2.2
Configuring Oracle Identity Federation for an LDAP Federation Data Store
5.13.2.3
Configuring Oracle Identity Federation for an XML Federation Data Store
5.13.2.4
Configuring Oracle Virtual Directory as Federation Data Store
5.13.3
Manage the Session Data Store and the Message Data Store
5.13.4
Manage the Configuration Data Store
5.13.4.1
Using a File System Configuration Data Store
5.13.4.2
Using an RDBMS Configuration Data Store
5.13.4.3
When the RDBMS Configuration Data Store is Down
5.13.5
Create the Oracle Identity Federation Schema Using RCU
5.14
Configuring Authentication Mechanisms
5.14.1
About Authentication Mechanisms
5.14.1.1
Setting the Default Authentication Mechanism
5.14.1.2
Mapping from Protocol-specific Methods to Local Mechanisms To Authentication Engines
5.14.1.3
Mapping Local Authentication Mechanisms to Identity Providers
5.14.2
Configure Authentication Mechanisms - Local
5.14.3
Configure Authentication Mechanisms - SAML 2.0
5.14.4
Configure Authentication Mechanisms - SAML 1.x
5.14.5
Configure Authentication Mechanisms - WS-Federation 1.1
5.15
Configuring Authentication Engines
5.15.1
Authentication Engines - Oracle Single Sign-On
5.15.2
Authentication Engines - Oracle Access Manager
5.15.3
Authentication Engines - LDAP Directory
5.15.3.1
Configuring Oracle Virtual Directory as the Authentication Engine
5.15.4
Authentication Engines - Database Security
5.15.5
Authentication Engines - Database Table
5.15.5.1
Configuring Oracle Identity Federation for RDBMS Authentication Engine
5.15.6
Authentication Engines - Infocard
5.15.7
Authentication Engines - Federated SSO Proxy
5.15.7.1
About the Federated SSO Proxy Authentication Engine
5.15.7.2
Selecting the Identity Provider to use
5.15.7.3
Configuring the Federated SSO Proxy Authentication Engine
5.15.8
Authentication Engines - JAAS
5.15.9
Authentication Engines - Custom
5.16
Configuring SP Integration Modules
5.16.1
SP Integration module - Oracle Single Sign-On
5.16.2
SP Integration module - Oracle Access Manager
5.16.3
SP Integration module - Test SP Engine
5.16.4
SP Integration Module - Custom
6
Additional Server Configuration
6.1
Setting up Single Sign-On Services
6.1.1
Oracle Single Sign-On
6.1.2
Oracle Access Manager
6.1.3
SP-initiated SSO
6.1.4
IdP-initiated SSO
6.2
Working with Affiliations
6.3
Additional LDAP Configuration
6.3.1
Configuring the LDAP Inactivity Setting
6.3.2
Configuring the LDAP Read Timeout Setting
6.3.3
ECID Support for LDAP Connections
6.4
Additional Configuration for High Availability
6.4.1
Configuring High Availability LDAP Servers
6.4.2
Configuring the HTTP Session State Sleep/Retry Interval
6.5
Additional RDBMS Configuration
6.5.1
Configuring RDBMS Session Cache
6.5.2
Configuring RDBMS Data Compression
6.6
Session Repository Configuration
6.6.1
Storing Assertion Attributes of User Session
6.7
Additional HTTP Configuration
6.7.1
Configuring HTTP-Only Flag for HTTP Cookies Set by Oracle Identity Federation
6.7.2
Precautions when Customizing the Page in HTTP Post Profile
6.7.3
Using a 303 Status Code for Redirects
6.8
Additional Protocol Configuration
6.8.1
Configuring for eAuth Mode
6.8.2
Configuring the SAML 2.0 LDAP Attribute Profile
6.9
Protecting the SOAP Endpoint
6.9.1
SSL Client Authentication
6.9.2
HTTP Basic Authentication
6.9.2.1
Configuring HTTP Basic Authentication to protect the SOAP URLs
6.9.2.2
Configuring Oracle Identity Federation to Connect to a Protected SOAP URL
6.10
Configuring the SAML 2.0 IdP Discovery (Common Domain Cookie) Profile
6.10.1
Preliminary Steps to Set Up the CDC
6.10.2
Configuring the Common Domain Cookie Profile as an Identity Provider
6.10.3
Configuring the Common Domain Cookie Profile as a Service Provider
6.10.4
Configuring Oracle Identity Federation to Display List of Trusted Providers in CDC
6.11
Configuring the Identity Provider Discovery Service
6.11.1
Create the IdP Discovery Service Page
6.12
Setting up Infocard
6.12.1
Server-side Infocard Setup
6.12.1.1
Set up JCE Policy Files for Oracle WebLogic Server
6.12.1.2
Update the Oracle Identity Federation Configuration
6.12.1.3
Add Personal Card Issuer STS
6.12.1.4
Add Infocard Managed STS
6.12.2
Client-side Infocard Setup
6.12.2.1
Import the Oracle Identity Federation SSL Certificate
6.12.2.2
Create a Personal Infocard
6.13
Additional Run-time Configuration
6.13.1
Redirect to Target URLs for SSO and Logout Operations
6.13.2
Provide XML Message to SP Engine after SSO Completes
6.13.3
Redirect to Target URLs at Error
6.14
Additional Federation Data Store Configuration
6.15
Setting up Backwards Compatibility for Oracle Identity Federation 10g and ShareID service URLs
6.16
Mapping Users through Attributes and NameID in SP Mode
6.16.1
Locating a User
6.16.2
Configuring Oracle Identity Federation
6.16.3
Example 1: Assertion Mapping without federated identities using NameID for SAML 2.0
6.16.4
Example 2: Simple Assertion Mapping without federated identities with an LDAP/SQL Query
6.16.5
Example 3: Complex assertion Mapping without federated identities with an LDAP/SQL Query
6.16.6
Example 4: assertion Mapping without federated identities using LDAP/SQL Query and NameID Mapping
6.16.7
Example 5: assertion Mapping without federated identities for a Specific IdP
6.17
Automatic Account Linking Based on Attribute Query Mapping
6.17.1
Locating the User
6.17.2
Configuring Oracle Identity Federation
6.17.3
Example 1: Automatic Account Linking through NameID mapping for SAML 2.0
6.17.4
Example 2: Simple Automatic Account Linking through LDAP/SQL Query
6.17.5
Example 3: Complex Automatic Account Linking through LDAP/SQLQuery
6.17.6
Example 4: Automatic Account Linking through LDAP/SQL Query and NameID Mapping
6.17.7
Example 5: Automatic Account Linking via Attribute Query for a Specific IdP
6.18
User Opt-In and Opt-Out for Single Sign-On
6.18.1
Modes of Operation
6.18.2
Configuring Oracle Identity Federation
6.18.3
Example 1: Off Mode
6.18.4
Example 2: Opt-In Mode
6.18.5
Example 3: Opt-Out Mode
6.18.6
Example 4: Opt-In Mode for a Specific IdP
6.19
Bypassing User Mapping During Assertion Processing
6.19.1
Configuring Oracle Identity Federation
6.20
Configuring Audience Restrictions for Assertions
7
Diagnostics and Auditing
7.1
Monitoring
7.1.1
Oracle Identity Federation Home Page
7.1.2
Performance Summary
7.1.2.1
About Sensor Weights
7.1.2.2
Event Metrics
7.1.2.3
State Events
7.1.2.4
Phase Events
7.2
Availability
7.3
Logging
7.3.1
About Oracle Identity Federation Logging
7.3.1.1
Types of Logs
7.3.1.2
Log Levels
7.3.1.3
Message IDs
7.3.1.4
Tools for Log Configuration
7.3.2
Viewing Oracle Identity Federation Log Messages
7.3.2.1
Select Messages to View
7.3.2.2
Specify View Options
7.3.3
Configuring Oracle Identity Federation Logs
7.3.3.1
Configure Oracle Identity Federation Log Levels
7.3.3.2
Configure Oracle Identity Federation Log Files
7.3.4
Common Log Messages
7.3.4.1
thread interrupt Messages
7.4
Auditing
7.4.1
About Auditing in Oracle Identity Federation
7.4.1.1
Categories of Audit Events
7.4.1.2
Audit Levels
7.4.2
Configuring Auditing for Oracle Identity Federation
7.4.2.1
Configuring Auditing at the Custom Level
7.4.3
Viewing Audit Data
8
Advanced Topics
8.1
Setting Up a Proxy for Oracle Identity Federation
8.2
Configuring SSL for Oracle Identity Federation
8.2.1
Configuring Oracle Identity Federation as an SSL Server
8.2.1.1
Setting up SSL on Oracle WebLogic Server
8.2.1.2
Configuring Oracle Identity Federation
8.2.2
Configuring Oracle Identity Federation as an SSL Client
8.2.2.1
Configuring Oracle WebLogic Server
8.2.2.2
Configuring Keystore Passwords in Oracle Identity Federation
8.2.2.3
Alternative Way to Configure Oracle Identity Federation as SSL Client
8.2.2.4
Connecting to an LDAP Server over SSL
8.3
Managing Signing and Encryption Wallets
8.4
Setting up JCE Policy Files for Oracle WebLogic Server
8.5
Configuring Oracle Identity Federation for the Business Processing Plug-in
8.5.1
About the Business Processing Plug-in
8.5.2
Configuring the Business Processing Plug-in
8.5.3
Example of Plug-in and Redirect Page
8.5.4
Business Processing Plug-in API
9
Oracle Identity Federation Command-Line Tools
9.1
Introduction to Command-Line Tools for Oracle Identity Federation
9.1.1
Setting up the WLST Environment
9.1.2
Executing the Commands
9.2
Oracle Identity Federation Commands
9.2.1
addConfigListEntryInMap
9.2.1.1
Description
9.2.1.2
Syntax
9.2.1.3
Example
9.2.2
addConfigMapEntryInMap
9.2.2.1
Description
9.2.2.2
Syntax
9.2.2.3
Example
9.2.3
addConfigPropertyListEntry
9.2.3.1
Description
9.2.3.2
Syntax
9.2.3.3
Example
9.2.4
addConfigPropertyMapEntry
9.2.4.1
Description
9.2.4.2
Syntax
9.2.4.3
Example
9.2.5
addCustomAuthnEngine
9.2.5.1
Description
9.2.5.2
Syntax
9.2.5.3
Example
9.2.6
addCustomSPEngine
9.2.6.1
Description
9.2.6.2
Syntax
9.2.6.3
Example
9.2.7
addFederationListEntryInMap
9.2.7.1
Description
9.2.7.2
Syntax
9.2.7.3
Example
9.2.8
addFederationMapEntryInMap
9.2.8.1
Description
9.2.8.2
Syntax
9.2.8.3
Example
9.2.9
addFederationPropertyListEntry
9.2.9.1
Description
9.2.9.2
Syntax
9.2.9.3
Example
9.2.10
addFederationPropertyMapEntry
9.2.10.1
Description
9.2.10.2
Syntax
9.2.10.3
Example
9.2.11
deleteCustomAuthnEngine
9.2.11.1
Description
9.2.11.2
Syntax
9.2.11.3
Example
9.2.12
deleteCustomSPEngine
9.2.12.1
Description
9.2.12.2
Syntax
9.2.12.3
Example
9.2.13
deleteProviderFederation
9.2.13.1
Description
9.2.13.2
Syntax
9.2.13.3
Example
9.2.14
deleteUserFederations
9.2.14.1
Description
9.2.14.2
Syntax
9.2.14.3
Example
9.2.15
changeMessageStore
9.2.15.1
Description
9.2.15.2
Syntax
9.2.15.3
Example
9.2.16
changePeerProviderDescription
9.2.16.1
Description
9.2.16.2
Syntax
9.2.16.3
Example
9.2.17
changeSessionStore
9.2.17.1
Description
9.2.17.2
Syntax
9.2.17.3
Example
9.2.18
createConfigPropertyList
9.2.18.1
Description
9.2.18.2
Syntax
9.2.18.3
Example
9.2.19
createConfigPropertyListInMap
9.2.19.1
Description
9.2.19.2
Syntax
9.2.19.3
Example
9.2.20
createConfigPropertyMap
9.2.20.1
Description
9.2.20.2
Syntax
9.2.20.3
Example
9.2.21
createConfigPropertyMapInMap
9.2.21.1
Description
9.2.21.2
Syntax
9.2.21.3
Example
9.2.22
createFederationPropertyList
9.2.22.1
Description
9.2.22.2
Syntax
9.2.22.3
Example
9.2.23
createFederationPropertyListInMap
9.2.23.1
Description
9.2.23.2
Syntax
9.2.23.3
Example
9.2.24
createFederationPropertyMap
9.2.24.1
Description
9.2.24.2
Syntax
9.2.24.3
Example
9.2.25
createFederationPropertyMapInMap
9.2.25.1
Description
9.2.25.2
Syntax
9.2.25.3
Example
9.2.26
createPeerProviderEntry
9.2.26.1
Description
9.2.26.2
Syntax
9.2.26.3
Example
9.2.27
getConfigListValueInMap
9.2.27.1
Description
9.2.27.2
Syntax
9.2.27.3
Example
9.2.28
getConfigMapEntryInMap
9.2.28.1
Description
9.2.28.2
Syntax
9.2.28.3
Example
9.2.29
getConfigProperty
9.2.29.1
Description
9.2.29.2
Syntax
9.2.29.3
Example
9.2.30
getConfigPropertyList
9.2.30.1
Description
9.2.30.2
Syntax
9.2.30.3
Example
9.2.31
getConfigPropertyMapEntry
9.2.31.1
Description
9.2.31.2
Syntax
9.2.31.3
Example
9.2.32
getFederationListValueInMap
9.2.32.1
Description
9.2.32.2
Syntax
9.2.32.3
Example
9.2.33
getFederationMapEntryInMap
9.2.33.1
Description
9.2.33.2
Syntax
9.2.33.3
Example
9.2.34
getFederationProperty
9.2.34.1
Description
9.2.34.2
Syntax
9.2.34.3
Example
9.2.35
getFederationPropertyList
9.2.35.1
Description
9.2.35.2
Syntax
9.2.35.3
Example
9.2.36
getFederationPropertyMapEntry
9.2.36.1
Description
9.2.36.2
Syntax
9.2.36.3
Example
9.2.37
listCustomAuthnEngines
9.2.37.1
Description
9.2.37.2
Syntax
9.2.37.3
Example
9.2.38
listCustomSPEngines
9.2.38.1
Description
9.2.38.2
Syntax
9.2.38.3
Example
9.2.39
loadMetadata
9.2.39.1
Description
9.2.39.2
Syntax
9.2.39.3
Example
9.2.40
oifStatus
9.2.40.1
Description
9.2.40.2
Syntax
9.2.40.3
Example
9.2.41
removeConfigListInMap
9.2.41.1
Description
9.2.41.2
Syntax
9.2.41.3
Example
9.2.42
removeConfigMapEntryInMap
9.2.42.1
Description
9.2.42.2
Syntax
9.2.42.3
Example
9.2.43
removeConfigMapInMap
9.2.43.1
Description
9.2.43.2
Syntax
9.2.43.3
Example
9.2.44
removeConfigProperty
9.2.44.1
Description
9.2.44.2
Syntax
9.2.44.3
Example
9.2.45
removeConfigPropertyList
9.2.45.1
Description
9.2.45.2
Syntax
9.2.45.3
Example
9.2.46
removeConfigPropertyMap
9.2.46.1
Description
9.2.46.2
Syntax
9.2.46.3
Example
9.2.47
removeConfigPropertyMapEntry
9.2.47.1
Description
9.2.47.2
Syntax
9.2.47.3
Example
9.2.48
removeFederationListInMap
9.2.48.1
Description
9.2.48.2
Syntax
9.2.48.3
Example
9.2.49
removeFederationMapInMap
9.2.49.1
Description
9.2.49.2
Syntax
9.2.49.3
Example
9.2.50
removeFederationMapEntryInMap
9.2.50.1
Description
9.2.50.2
Syntax
9.2.50.3
Example
9.2.51
removeFederationProperty
9.2.51.1
Description
9.2.51.2
Syntax
9.2.51.3
Example
9.2.52
removeFederationPropertyList
9.2.52.1
Description
9.2.52.2
Syntax
9.2.52.3
Example
9.2.53
removeFederationPropertyMap
9.2.53.1
Description
9.2.53.2
Syntax
9.2.53.3
Example
9.2.54
removeFederationPropertyMapEntry
9.2.54.1
Description
9.2.54.2
Syntax
9.2.54.3
Example
9.2.55
removePeerProviderEntry
9.2.55.1
Description
9.2.55.2
Syntax
9.2.55.3
Example
9.2.56
setConfigProperty
9.2.56.1
Description
9.2.56.2
Syntax
9.2.56.3
Example
9.2.57
setCustomAuthnEngine
9.2.57.1
Description
9.2.57.2
Syntax
9.2.57.3
Example
9.2.58
setCustomSPEngine
9.2.58.1
Description
9.2.58.2
Syntax
9.2.58.3
Example
9.2.59
setFederationProperty
9.2.59.1
Description
9.2.59.2
Syntax
9.2.59.3
Example
Part I Appendices
A
Oracle Identity Federation MBeans
A.1
Server-wide Configuration (config.xml)
A.1.1
FederationConfig
A.1.1.1
FederationConfigMXBean
A.1.1.2
The FederationConfig Element
A.1.2
Config
A.1.2.1
ConfigMXBean
A.1.2.2
The Config Element
A.1.3
PropertiesList
A.1.3.1
PropertiesListMXBean
A.1.3.2
The PropertiesList Element
A.1.4
PropertiesMap
A.1.4.1
PropertiesMapMXBean
A.1.4.2
The PropertiesMap Element
A.2
Provider-specific Configuration
A.2.1
CircleOfTrust
A.2.1.1
CircleOfTrustMXBean
A.2.1.2
The CircleOfTrust Element
A.2.2
PeerProvider
A.2.2.1
PeerProviderMXBean
A.2.2.2
The PeerProvider Element
A.3
Data-store Configuration
A.3.1
Datastore
A.3.1.1
DatastoreMXBean
A.3.1.2
The datastore Element
A.3.2
DiscoveryProvider
A.3.2.1
DiscoveryProviderMXBean
A.3.2.2
The DiscoveryProvider Element
A.4
Oracle Identity Federation Schema
A.5
Programmatic Access to Oracle Identity Federation MBeans
A.5.1
Access the MBean Server
A.5.2
Access Oracle Identity Federation MBeans
A.6
Oracle Identity Federation MBeans API
B
Troubleshooting Oracle Identity Federation
B.1
Problems and Solutions
B.1.1
General Issues
B.1.1.1
Attribute Sharing with the Microsoft Internet Information Server Cannot Retrieve X.509 Certificate SubjectDN
B.1.1.2
Signed SAML 1.0 Assertions Can Cause SSO Failures
B.1.1.3
Encrypting Network Connections
B.1.1.4
Connecting to an LDAP Server over SSL
B.1.1.5
thread interrupt Messages for RDBMS Message Store
B.1.1.6
Metadata File is Unusable when Oracle Identity Federation is Configured for SSL
B.1.2
Oracle Identity Federation Configuration Issues
B.1.2.1
Assertions Using SAML 1.x POST Method Fail in Japanese Locale
B.1.2.2
Failed to find orclfednamevalue Error
B.1.2.3
Configuring Audit Policies for Oracle Identity Federation Events
B.1.3
Oracle Single Sign-On Login Issues
B.1.3.1
Incorrect Login Page Appears
B.1.3.2
Bookmarked Login Pages
B.1.3.3
Unable to Modify File Used to Upload Provider Metadata
B.1.4
Oracle Access Manager Configuration Issues
B.1.4.1
AccessGate Permission Error
B.1.4.2
Non-ASCII AccessGate ID
B.1.4.3
Setting LD_ASSUME_KERNEL Value
B.1.4.4
Using the Same Cookie Domain for Two Back-ends
B.1.4.5
Oracle Access Manager Integration Issues
B.1.5
Operating System Configuration Issues
B.1.5.1
File Descriptors on Linux
B.1.5.2
Search Fails Against Microsoft Active Directory with an Unknown Host Exception
B.1.6
Runtime/Single Sign-On Issues
B.1.6.1
Bookmarking a WS-Federation Protected Resource
B.1.6.2
SP Unable to Map NameID to Local User
B.1.7
Performance Issues
B.1.7.1
Internal Error 500 when Using LDAP Store
Glossary
Index
Scripting on this page enhances content navigation, but does not change the content in any way.