Index

A B C D E F G H I J K L M N O P R S T U W X

A

access control list, 7.2.1.2

Access Server

cache, 9.4.4.1

AccessGate

configureAccessGate tool, 9.4.2.2.4, 9.4.8.6

ACL, 7.2.1.2

action, 2.1

addPrincipalsToAppRole, 17.1.3

administration tools, 5.1

administrative tasks, 5.4

Administrators group, 2.5

Anonymous and Authenticated Roles Properties, F.2.5

anonymous role, 2.4, 2.4.1, 5.2

anonymous role and authentication, 2.4.1

anonymous SSL, 7.2.1

anonymous user, 2.1, 2.4, 2.4.1

anonymous user and role, 14.1

app.context, 7.5.3.3

Application Credential Migration Settings, 6.2.1

Application Name or Stripe, 14.1

application policy, 2.1

Application Policy Migration Settings, 6.2.1

application role, 2.1, 14.1

application role hierarchy, 7.4.2.3

application stripe, 14.1

ApplicationRole, 2.2.1

application-specific policies and roles, 3.2

audit data

bus-stop files, 11.2.5

file management, C.6

migrating, 11.5.5

reports, 12.1

audit data store

backup and recovery, 11.5.6.2

configuring for Java components, 11.2.3.2

configuring for system components, 11.2.4

data purge, 11.5.6.3

de-configuring, 11.2.4.1

partitioning, 11.5.6.1

schema, 11.5.1

tiered archival, 11.5.6.4

Audit Flow, 10.3.1

audit logs, 11.4.1

audit policy, 11.3

audit report

example of, 12.4

audit reports

attributes, 12.5.2

by component, C.2.2

custom, 12.6.2

list of standard, 12.5.1

types of, 12.2

viewing, 12.3

Audit Schema, C.3

audit-aware components, C.1.1

auditing

event attributes, C.1.3

events, C.1.2

filter expression syntax, C.5

for Oracle Fusion Middleware components, 11.3

in Oracle Fusion Middleware, 10

Java components, C.1.1

manual policy management, 11.3.4

manually configure for Java components, 11.3.4.2

manually configure for system components, 11.3.4.4

Oracle Directory Integration Platform, C.1.2.1

Oracle HTTP Server, C.1.2.3

Oracle Identity Federation, C.1.2.5

Oracle Internet Directory, C.1.2.4

Oracle Platform Security Services, C.1.2.2

Oracle Virtual Directory, C.1.2.6

Oracle Web Cache, C.1.2.11

Oracle Web Services Manager, C.1.2.12

overview, 10.2

OWSM-Agent, C.1.2.7

OWSM-PM-EJB, C.1.2.8

policy management with Fusion Middleware Control, 11.3.1, 11.3.2

policy management with WLST, 11.3.3

record storage, 10.3.3

report filters, 12.1.5

report setup for Oracle Business Intelligence Publisher, 12.1.3

report templates, 12.1.4

Reports Server, C.1.2.9

system components, C.1.1

WLST commands, C.4

WS-Policy Attachment, C.1.2.10

Authenticated Role, 14.1

authenticated role, 2.3, 5.2, 14.1

authenticated user, 2.1

authentication provider, 3.1

Authentication providers, 9.5.2.4

DefaultAuthenticator, 9.3.5.2.4, 9.3.6.1, 9.3.7.2, 9.4.2.3.4, 9.4.3.3, 9.4.4.3, 9.5.2.4

LDAP Authentication, 9.3.5.2.1, 9.4.2.3.1

OAM, 9.2, 9.2

OAM Authenticator, 9.3.6.1, 9.4.3.3

OAM Identity Asserter, 9.3.5.2.4, 9.3.7.2, 9.4.2.3.4, 9.4.4.3

OID Authenticator, 9.3.5.2.4, 9.3.7.2, 9.4.2.3.4, 9.4.4.3, 9.5.1.2, 9.5.2.4

OSSO Identity Asserter, 9.5.2.4

WebLogic, 9.1

authentication providers, 3.1.1

authenticator flags, 3.1.4.1

Authenticator for OAM, 9.2

Authorization failure, 7.4

authorization failures, 17.2.3

Auto login, 7.5.3.1

autologin.url, 7.5.3.3

B

backup, 5.2

basic security tasks, 5.2

bootstrap credentials, 6.3.1, 17.4.1

bulk authorization, 17.3

bulkload, 6.5.2.3

C

cache

Access Server, 9.4.4.1

cascading deletions, 17.3

checkBulkAuthorization, 17.2.3.3

checkPermission, 17.2.3.1

choosing

the right SSO solution, 9

class path, 1.5.3, 3.2, 6.5.1.1, 7, 7.4.1.1, 7.4.2.3, 14.4.6, E.2.3

class permission, 14.4.6

CredentialAccessPermission, 14.4.6.2

JpsPermission, 14.4.6.3

PolicyStoreAccessPermission, 14.4.6.1

cloning environments, 5.2.1

commands to administer credentials, 7.4.2, 8.5.2

complex queries, 17.3

Compliance, 10.1.1

configuration file, 14.4.9

configuration of multiple authenticators, 3.1.4.1

configureAccessGate tool, 9.4.2.2.4, 9.4.8.6

configuring

global logout

Oracle Access Manager, 9.4.6

Identity Assertion

for single sign-on with OAM, 9.3.5, 9.4.2

Oracle Web Services Manager, 9.3.7, 9.4.4

OAM Authenticator, 9.4.3

OAM for single-sign on with OAMCfgTool, 9.4.2.2.4

OAM for SSO with OAMCfgTool, 9.4.2.2

OSSO, 9.5

providers for Oracle Web Services Manager, 9.3.7.2, 9.4.4.3

Single Sign-On in Oracle Fusion Middleware, 9

configuring domains, 5.4

configuring resource permissions, 17.2.1.2.2

configuring WebLogic domains, 5.4

createAppRole, 7.4.2.1

createCred, 8.5.2.3

createResourceType, 7.4.2.11

creating user accounts, 2.6

Credential Management, 6.3.1

Credential Store, 2.1

Credential Store Framework, 13.3.4

Credential Store Framework API, 13.2.4

Credential Store Types, 3.3

CredentialAccessPermission, 14.4.6.2

CredentialMapping permission, 7.5.3.3

CSF

J2EE example with LDAP store, 16.7.4

J2EE example with wallet, 16.7.3

J2SE example with wallet, 16.7.2

CSIv2 identity assertion, 3.1.3

custom authorization providers, 3.2

cwallet.sso, 4.3, 14, 14.4.3

cwallet.sso file, 14.3

cwallet.sso,, 6.2.1

D

DefaultAuthenticator, 3.1, 9.3.5.2.4, 9.3.6.1, 9.3.7.2, 9.4.2.3.4, 9.4.3.3, 9.4.4.3, 9.5.2.4

default.auth.level, 7.5.3.3

deleteAppPolicies, 7.4.2.10

deleteAppRole, 7.4.2.2

deleteResourceType, 7.4.2.13

deleting a role, 7.4.2.2

deployed application, 5.3

deploying applications, 6.1

deploying JavaEE applications, 6.4

Deploying to a Test Environment, 6.3.1

deployment tools, 6.2

distribute environments, 7.1.1

DN, 2.7.2

doAs, 17.2.3.2

doAsPrivileged, 17.2.3.2

Dynamic authentication, 7.5.3.1

E

EAR file, 14.3, 14.3.1

EJB Interceptor, 14.1

ejb-jar.xml, 3.2, 14.1, 14.3

embedded LDAP, 3.1.1, 4.2

enterprise group, 2.1

Enterprise Groups and Users Class, 14.2

enterprise user, 2.1

Enterprise-Level SSO, 9.1

entitlement, 2.1, 17.2.1.2.4

Event Source Type, 10.3.2

Existing OSSO, 9.1

exportAuditConfig, C.4.7

EXTRA_JAVA_PROPERTIES, F.1, J.1.2

F

fail over support, 5.4

FAQ, 1.1

file-based policy store, 3.2

functional policy, 2.1

G

generic credential, 8.1

Generic LDAP Properties, F.2.4

getAuditPolicy, C.4.2

getGrantedResources, 17.2.3.4

getNonJavaEEAuditMBeanName, C.4.1

getResourceType, 7.4.2.12

Global logout, 7.5.3.1

grant, 2.1

entitlement-based, 17.2.1.2.5

permission-based, 2.2.1

grant example, 17.2.1.2.5

grantAppRole, 7.4.2.3

GrantManager class, 17.2.2

grantPermission, 7.4.2.7

group, 2.1

GUID, 2.7.2

H

Headers

sent by Oracle HTTP Server, 9.5.1.3

host name verification, 3.1.4.1

I

Identity Asserter for Single Sign-on with OAM, 9.2

Identity Management, 6.3.1

Identity Store, 2.1

identity store

creating provider, 18.3.4

provider configuration properties, 18.3.5

selecting provider, 18.3.3

identity store in JavaSE, 15.2.2

idstore.type, F.2.3

importAuditConfig, C.4.8

initializing an LDAP authenticator, 3.1.4.1

invoking MBeans, E.2.2

isCallerInRole, 1.5.1

isUserInRole, 1.5.1, 17.1.2.2

J

JAAS mode, 14.1

Java component, 2.1

javadocs

OPSS APIs, H.1

OPSS MBeans APIs, H.1

OPSS User and Role APIs, H.1

JavaSE application, 17.4

java.security.policy, F.1

jazn-data.xml, 4.3, 6.2.1, 14, 14.3, 14.3.1

JpsApplicationLifecycleListener, 14.4.4

jpsApplicationLifecycleListener, 14.4.1

jps.apppolicy.idstoreartifact.migration, 14.4.1, 14.4.1

JpsAuth.checkPermission API, 13.2.3

jps.auth.debug, J.1.2.1

jps.auth.debug.verbose, J.1.2.2

jps-config-jse.xml, 1.5.3, 17.4.1

jps-config.xml, 14, A

jps-config.xml example, 14.4.9

jps-config.xml full example, 14.4.9

jps.credstore.migration, 14.4.4

jps.deployment.handler.disabled, 7.3, 8.4, 14.4

JpsFilter, 14.1, 14.3

JpsInterceptor, 14.1, 14.1.1, 14.3

JpsPermission, 14.4.6.3

jps.policystore.applicationid, 14.4.1

jps.policystore.hybrid.mode, F.1

jps.policystore.migration, 14.4.1

jps.policystore.migration.validate.principal, 14.4.1

jps.policystore.removal, 14.4.1

K

Keystore Properties, F.2.7

L

large volume stores, 6.5.2.3

LDAP authenticator, 3.1.4

LDAP Credential Store Properties, F.2.2

LDAP Identity Store Properties, F.2.3

LDAP Policy Store Properties, F.2.1

LDAP servers, 4.1

ldapadd, 7.1.2

LDAP-based credential, 8.2

LDAP-based policy store, 3.2, 7.1

ldapmodify, 7.2.1.2

ldapsearch, 7.1.2

LDIF file, 7.1.2

ldifwrite, 6.5.2.3

listAppRoleMembers, 7.4.2.6

listAppRoles, 7.4.2.5

listAuditEvents, C.4.6

listPermissions, 7.4.2.9

logical role, 2.1, E.3

LoginService API, 13.2.1

logout.url, 7.5.3.3

M

management tools, 4.2

Managing credentials, 6.3.1.1

managing domain authenticators, 5.4

managing identities, 4.2

managing policies and credentials, 4.2, 4.2

Managing system policies, 6.3.1.1

managing users and groups, 4.2

Manually Configuring

WebGate Web Server, 9.3.4

Mapping application roles to enterprise groups, 6.3.1.1

mapping of application roles, 2.2

mapping roles, 6.5.2

MBean

Administration Policy Store, E.2.1

annotations, E.3.1

Application Policy Store, E.2.1

code sample, E.2.3

Credential Store, E.2.1

Global Policy Store, E.2.1

Jps Configuration, E.2.1

migrateSecurityStore, 6.5.1.1, 6.5.2, 7.3.2, 8.4.2, 14.4.8, I.1.3

Migrating Audit Policies, 6.5.3

migrating credentials example, 6.5.2.2

Migrating Identities, 14.4.8

Migrating Identities Manually, 6.5.1.1

Migrating Large Volume Stores, 6.5.2.3

Migrating Policies and Credentials at Deployment, 6.5.2

migrating policies example, 6.5.2.1

Migrating Providers, 6.5.1

Migration of credentials, 3.3

Migration of policies, 3.2

mod_osso, 9.5.2, 9.5.3.1

modifyBootStrapCredential, 8.5.2.5

modifying a resource type, 7.4.2.13

Monitoring, 10.1.1

multiple-node server domain, 7.1.1

N

name comparison logic, 2.7.2

O

OAM

Authentication provider, 9.2, 9.2

parameter, 9.4.5

Troubleshooting, 9.4.8

Authenticator, 9.2, 9.3.6.1, 9.4.3.3

Identity Asserter, 9.2, 9.3.5.2.4, 9.3.7.2, 9.4.2.3.4, 9.4.4.3

OAM 10g SSO solution, 9

OAM 11g SSO solution, 9

OAM solution, 7.5.3.1

oamauthenticationprovider.war, 9.3.2, 9.4.1.2

oamAuthnProvider.jar, 9.2.6, 9.3.2, 9.3.2, 9.4.1.2, 9.4.1.2

OAMCfgTool, 9.4.1.1, 9.4.1.2, 9.4.2, 9.4.2.2

about using, 9.4.2.2.1

Create mode parameters, 9.4.2.2.1

host identifiers created, 9.4.2.2.3

Known Issues, 9.4.7

process overview, 9.4.2.2.2

Validate mode parameters, 9.4.2.2.1

oamcfgtool.jar, 9.2.6, 9.4.1.2

OID Authenticator, 9.3.5.2.4, 9.3.7.2, 9.4.2.3.4, 9.4.4.3, 9.5.1.2, 9.5.2.4

one-way SSL, 7.2.1

OPSS

and Oracle Application Development Framework, 13.4

and the development cycle, 13.1.1

features for developers, 13.1.3

OPSS APIs

and JavaEE application, 13.3.1

and JavaSE application, 13.3.7

authentication with, 13.3.2

authorization with, 13.3.3

common uses, 13.3

CSF, 13.3.4

User and Role, 13.3.5, D

OPSS Architecture, 13.1.4

OPSS SSO Framework, 7.5.3.1

OPSS System Properties, F.1

Oracle Access Manager

Integration with OSSO, 9.1, 9.1

Oracle ADF security, 5.1

Oracle Authorization Policy Manager, 5.2, 5.5, 7.4, 7.4.3

Oracle Business Intelligence Publisher, 12.1

audit report example, 12.4

Oracle Fusion Middleware Audit Framework, 10.1, 10.1.3

architecture, 10.3.1

concepts, 10.3, 10.3.2

Oracle Information Lifecycle Management Assistant, 11.5.6.4

Oracle Internet Directory, 4.1

Oracle Internet Directory 10.1.4.3 patch, 4.1

Oracle Internet Directory tuning, 4.1

Oracle JDeveloper 11g, 5.1

Oracle Platform Security Services, 9.1

developing with, 13

Oracle Security Developer Tools, 13.5

OracleAS Single Sign-On solution, See Also OSSO, 9.5

oracle.security.jps.config, 1.5.3, A

Oracle-specific applications, 5.1

OSSO

existing implementation, 9.1

Identity Asserter, 9.5.1, 9.5.2.4, 9.5.2.4

new users, 9.5.2

processing, 9.5.1.2

Tips and Troubleshooting, 9.5.3

solution, 9, 9.1, 9.1

OSSO Identity Asserter, 9.5.1.1

P

packaging an J2EE application, 14.3

Packaging Credentials, 14.3.2

Packaging Policies, 14.3.1

password credential, 8.1

Password Validation, 2.6

passwords, 2.6

permission, 2.1, 17.2.1.2.2

permission classes, 3.2, 7, 14.4.6

permission inheritance, 2.2.1

permission set, 2.1, 17.2.1.2.4

permissions to anonymous role, 2.4

permissions to authenticated role, 2.3

PermissionSetManager class, 17.2.2

policy domain

URL prefixes, 9.4.3.2.1, 9.4.3.2.2, 9.4.4.1

Policy Management, 6.3.1

Policy Store, 2.1, 3.2

policy store removal, 3.2

PolicyStoreAccessPermission, 14.4.6.1

Post-installation tasks, 5.3

principal, 2.1

principal name comparison, 2.7.1, 2.7.2

PrincipalEqualsCaseInsensitive, 2.7.2

PrincipalEqualsCompareDnAndGuid, 2.7.2

Procedure

WebGate

To manually configure a Web server, 9.3.4.2

Process overview

OAMCfgTool, 9.4.2.2.2

Oracle Access Manager Authenticator for Web and non-Web Resources, 9.2.3

Oracle Access Manager Identity Asserter with Web-only applications, 9.2.2

OSSO Identity Asserter, 9.5.1.2

production environment, 5.2.1

Programmatic Authorization, 13.3.3

props.auth.level, 7.5.3.3

props.auth.uri, 7.5.3.3

props.auth.url, 7.5.3.3

R

reassociateSecurityStore, 7.4.2.14, I.1.3

Reassociation of credentials, 3.3

Reassociation of policies, 3.2

recovery of server files, 5.2

resource, 2.1, 17.2.1.2.3

resource catalog, 2.1, 17.2.1, 17.2.1.2

resource permissions, 17.2.1.2.2

managing, 17.2.1.2.2

resource type, 2.1, 17.2.1.2.1, 17.2.1.2.2

ResourceManager class, 17.2.2

ResourcePermission class, 17.2.1.2.2

ResourceTypeManager class, 17.2.2

revokeAppRole, 7.4.2.4

revokePermission, 7.4.2.8

role category, 2.8

role hierarchy, 2.2.1

RoleCategoryManager class, 2.8

S

SAML 1.1 identiry assertion, 3.1.1

SAML 2.0 identity assertion, 3.1.1

scenarios, 4.4, 4.4

Security Provider Configuration, 7.2.1, 7.5

Security Provider for WebLogic SSPI, 9.2.4.3

security-related commands, 5.6

server restart, 4.2, F

service instance update script, E.1

Service Providers, 18.3

introduction, 18.3

understanding, 18.3.1

Set Security Provider, 7.2.1

setAuditPolicy, C.4.3

setAuditRepository, C.4.5

setDomainEnv shell script, F.1, J.1.2

Setting a Node in LDAP server, 7.1.2

setting up providers

OAM Asserter with Oracle Web Services Manager, 9.3.7.2

OAM Authenticator, 9.3.6.1

OAM Identity Assertion, 9.3.5.2.4, 9.4.2.3.4

OSSO Identity Asserter, 9.5.2.4

Single Sign-On, 7.5.3

single sign-on solutions for Fusion Middleware, See Also SSO, 9

SPNEGO, 3.1.3

SPNEGO tokens, 3.1.3

SSL

and User/Role APIs, 18.8

anonymous, 7.2.1

one-way, 7.2.1

SSO

enterprise level, 9.1

existing 10g SSO, 9.1

Oracle Access Manager, 9.2

Synchronization Filter, 9.6

SSO Logout URL, 9.3.8.1

SSO service, 7.5.3.1

SSO service configuration, 7.5.3.3

sso.provider.class, 7.5.3.3

storing policies and credentials, 4.1

Subject, 2.7.1

subject, 2.1, 2.4.1

synchronizing

user and SSO Sessions, 9.6

system component, 2.1

system-jazn-data.xml, 14

T

Task overview

Configuring the OAM Authenticator, 9.3.6, 9.4.3

Deploying and configuring OAM Identity Assertion for single sign-on includes, 9.3.5, 9.4.2

Deploying OSSO Identity Asserter, 9.5.2

Deploying the Identity Asserter with Oracle Web Services Manager, 9.3.7, 9.4.4

Installing required components for OAM Authentication Provider, 9.3.2, 9.4.1.2

Setting policies in Oracle Web Services Manager, 9.3.7.1, 9.4.4.2

Test Environments, 6.3

token.provider.class, 7.5.3.3

typical security practices, 5.3

U

unsupported methods in PS2, 17.3

updateServiceInstanceProperty, E.1

updating instance with script, E.1

upgradeSecurityStore, G

URL

SSO Logout URL, 9.3.8.1

User and Role API, 13.2.2, D

Javadoc, 18.9

programming tips, 18.3.9.1

User and Role APIs

and WebLogic authenticators, 18.1.1

developing with, 18

environment setup, 18.3.2

introduction, 18.1

programming tips, 18.3.9

summary, 18.2

User and Role SPI

Javadoc, 18.10.7.4

UseRetrievedUserNameAsPrincipal, 3.1.4.1

user.login.attr, J.8

username.attr, J.8

W

WAR file, 14.1

WebLogic

Authentication provider, 9.1, 9.3.5.2.1, 9.4.2.3.1

Authentication providers

Identity Assertion, 9.3.5.2.1, 9.4.2.3.1

J2EE applications, 9.2.4.3

WebLogic Administration Console, 4.2

WebLogic Scripting Tool (WLST), 9.3.5.2.2, 9.4.2.3.2

weblogic-application.xml, 14

web.xml, 3.2, 14, 14.1, 14.3

WLSGroupImpl, 2.2.1, 7.4.2.3, 7.4.2.4, 14.2

WLST