Index

A B C D E F G H I J K L M N O P R S T U W X

A

account linking, 1.1.3

administration

common tasks, 4.2

affiliations, 1.2.5

runtime behavior, 6.2

architecture

typical deployment, 2.6.2

architecture considerations, 2.6.1

assertion mapping

examples, 6.16.3

assertion validity, 5.3

Association, 1.1.3

Association Session Types, 5.4.4

Attribute Exchange, 5.4.4

Attribute Exchange (AX), 2.2.2.6

attribute mapping

static, 5.9.1.1.1

Attribute Mapping and Filtering, 5.9.1

Attribute Name Mapping, 5.9.1.1

attribute query, 4.2.8

attribute request, 4.2.8

Attribute Request Message, 5.8.2

Attribute Requeste, 5.8

Attribute Requester

service interface, 5.8.1

Attribute Response Message, 5.8.3

Attribute Sharing, 5.6

components, 5.6.1

Web Services Interface, 5.8

Attribute Value Filtering, 5.9.1.3

configuring, 5.9.2.3

Attribute Value Mapping, 5.9.1.2

configuring, 5.9.2.2

Auditing, 7.4

Authentication Engines, 5.15

Custom, 5.15.10

Database Security, 5.15.5

Database Table, 5.15.6

Federated SSO Proxy, 5.15.8

HTTP Header, 5.15.1

Infocard, 5.15.7

JAAS, 5.15.9

LDAP Directory, 5.15.4

Oracle Access Manager, 5.15.3

Oracle Single Sign-On, 5.15.2

authentication engines, 10.2.1

and authentication flows, 2.3

authentication mechanism

default, 5.14.1.1

Authentication Mechanisms, 5.14

Local, 5.14.2

SAML 1.x, 5.14.4

SAML 2.0, 5.14.3

WS-Federation 1.1, 5.14.5

authentication modes, 2.3.1

B

bilateral authentication, 2.2.2.3

bindings

HTTP Artifact, 1.2.4.2

HTTP POST, 1.2.4.1

HTTP redirect, 1.2.4.4

Business Processing Plug-in, 11

example, 11.5

implementing, 11.1.2

Bypassing User Mapping, 6.19

C

certificate path validation, 6.22

certificate repository, 2.1.3.3

certificate validation, 2.1.3.3

certificates

and trust, 4.1.1.2

certification matrix, 1.2.8

Claimed Identifier, 1.1.3

common domain parameters, 5.3

Configuration Settings

and metadata, 5.1.1

Configuration Settings and Provider Metadata, 5.1.1

Configuring Audience Restrictions, 6.21

Configuring Service Providers, 5.5

Cookie Lifetime, 5.3

Creating a custom authentication engine, 10.3

creating a custom SP Integration Engine, 10.4

Credentials, 4.5

cross-domain trust, 4.1.1.2

Cryptographic Provider, 1.2.6

custom IAM, 10.1

D

data store, 2.4

configuration, 2.4.4, 5.13.4

federation, 2.4.1, 5.13.2

session and message, 2.4.3, 5.13.3

user, 2.4.2, 5.1.2, 5.13.1

data stores

managing, 5.13

deployment

architecture, 2.1

installation requirements, 2.4.4

planning, 4.1.1.3

profiles and bindings, 2.2

protocols, 2.1.4

proxy server, 2.1.2

scenarios, 3.2

security, 2.1.3

server roles, 2.1.1

sizing, 2.6

topology, 2.1.1, 2.6.4

with Oracle HTTP Server, 3.2.1

with Oracle Single Sign-On, 3.2.2

deployment planning, 4.1.1.2

deprovisioning, 5.1.2

destination domain, 1.1.3

Discovery, 1.1.3

DN pattern to attribute responder

case-sensitivity, 5.5.1

domain, 1.1.3

E

error types, 6.13.3

Exchange User Identities, 4.1.1.2

F

features, new

release 11g (11.1.1), Preface

federated identity management, 1.1.1

event flow, 1.2.7

Federated SSO Proxy

authentication engines, 5.15.8

federation

account linking, 1.1.3

benefits, 1.1.1

concepts, 1.1.3

evolution of standards, 1.1.4.2

use cases, 1.1.2

federation data store, 2.4.1, 5.13.2.1, 6.14

federation profiles, 1.2.4

artifact, 1.2.4.2

federation termination, 1.2.4.8

global logout, 1.2.4.9

name identifier, 1.2.4.5

federation protocols, 1.1.4

federation record

structure, 5.1.2

uniqueness, 5.1.2

federation termination

profiles, 1.2.4.8

Force SSL, 5.2.1, 5.2.1

forcing reauthentication

not supported with Oracle Single Sign-On, 3.2.2

G

Global Logout

On-Demand, 6.8.3

H

high availability, 2.6.1.6

Host Connection Properties, 5.2.1

HTTP Basic Authentication, 2.3.6

HTTP Header Attributes, 5.15.1

HTTPS mode, 5.2.1, 5.2.1

I

ICAM

OpenID, 2.2.2.6

Identities

Federations, 4.4.2

search options, 4.4.4

Users, 4.4.3

Identity Federation Engine, 10.2.1

identity management

challenges, 1.1.1

federated, 1.1.1

Identity Provider

sending attributes in SSO Assertions, 5.7

identity provider, 1.1.3

Identity Providers - Common Properties, 5.3

Identity Providers - Protocol-Specific Properties, 5.4

IdP Properties

OpenID, 5.4.4

SAML 1.x, 5.4.2

SAML 2.0, 5.4.1

WS-Federation, 5.4.3

implementation checklist, 2.7

J

JAAS

authentication engines, 5.15.9

JCE Policy Files, 8.3

K

keystore, 4.1.1.2

password, 8.2.1

L

LD_ASSUME_KERNEL, C.1.4.3

LDAP Directory

authentication engines, 5.15.4

log files, 4.1.3

Logging, 7.3

for RDBMS authentication engine, 5.15.6.1

logout, 4.2.5

M

mapping

authentication mechanisms to authentication engines, 5.14.1.2

methods to authentication mechanisms, 5.14.1.2

Mapping and Filtering

configuration, 5.9.2

MBeans

configuration data, A

Data-store Configuration, A.3

Provider-specific Configuration, A.2

Server-wide Configuration, A.1

Message Data Store, 5.13.3

Metadata, 5.1.1

properties that affect, 5.1.1

protocol URLs, 5.1.1

re-publishing, 5.1.1

metadata, 4.1.1.2

affected properties, 5.1.1

properties that affect, 5.1.1

Monitoring, 7.1

N

NameID

using UserID for, 5.4.2

NameID lookup

disabling, 6.14

new features

release 11g (11.1.1), Preface

O

OASIS, 1.1.4.1

On-Demand Global Logout, 6.8.3

OpenID, 2.2.1.3

association, 1.1.3

attribute exchange, 2.2.2.6

claimed identifier, 1.1.3

Diffie-Hellman parameters, 5.5.5

discovery, 1.1.3

Generic Service Provider, 5.4.4

ICAM, 2.2.2.6

PAPE, 2.2.2.6

PAPE 1.0, 5.5.5

processing flow, 2.2.2.6

Profiles and Extensions, 1.2.4.10

profiles and extensions, 2.2.2.6

Provider, 1.1.3

Relying Party, 1.1.3

SP Properties, 5.5.5

OpenID IdP, 5.4.4

OpenID Provider, 1.1.3

OpenID SP, 5.5.5

Oracle Access Manager

authenticating with, 2.3.4

authentication engines, 5.15.3

configuring plug-ins, 5.6.3

deploying with, 3.2.3

schemes and policies, 5.6.4

Oracle Access Manager 11g, 3.2.4

Oracle Directory Server Enterprise Edition

deploying with, 3.2.6

Oracle HTTP Server

as proxy, B.1

deploying with, 3.2.1.1

Oracle Identity Federation, 1.2

administration, 4.1.2

administration tools, 4.1.2

and PKI, 4.1.1.2

architecture, 1.2.2, 10.2.1

as IdP Attribute Responder, 5.6.6

as SP Attribute Requester, 5.6.5

as SSL client, 8.1.2

as SSL server, 8.1.1

basic administration, 4.1

benefits, 1.2.1

configuring, 5

data maintained by, 5.1

deployed with Oracle Access Manager, 3.2.3

deployed with Oracle HTTP Server, 3.2.1

deployed with Oracle Single Sign-On, 3.2.2

federated identities, 4.4.1

Federations, 4.3

Home Page, 7.1.1

installation requirements, 2.5

log files, 4.1.3

managing credentials for, 4.5

modules and flow, 10.2.1

proxy for, B

schema, 5.13.5

SSL for, 8.1

with Oracle Directory Server Enterprise Edition, 3.2.6

WLST

list of commands, 9.2

WLST for, 9

Oracle Identity Federation/SP

authenticating to OAM, 3.2.5

Oracle Single Sign-On

authenticating with, 2.3.5

authentication engines, 5.15.2

deploying with, 3.2.2

testing deployment, 3.2.2.6

Oracle Universal Federation Framework, 1.1.3

Outbound Connection Properties, 5.2.2

Overriding NameID Mapping, 6.20

P

PAPE

OpenID, 2.2.2.6

PAPE 1.0, 5.4.4

performance, 6.14

and assertion security, 2.6.1.4

and connection tuning, 2.6.1.5

and profiles, 2.6.1.1

and repositories, 2.6.1.2

and server tuning, 2.6.1.7

tuning, 2.6

Performance Summary, 7.1.2

PKI, 4.1.1.2

principal, 1.1.3

profiles

artifact

request processing, 2.2.2.1

security, 2.2.2.3

using, 2.2.2.1

with proxy, 2.2.2.1

attribute sharing

using, 2.2.2.4

choosing, 2.2.2

federation termination, 1.2.4.8

HTTP redirect, 1.2.4.4

logout, 1.2.4.9

OpenID, 2.2.2.6

passive requester, 1.2.4.7

POST, 1.2.4.1

request processing, 2.2.2.2

security, 2.2.2.3

using, 2.2.2.2

with proxy, 2.2.2.2

WS-Federation

using, 2.2.2.5

proxy server, 2.1.2, B

R

RCU

and schema creation, 5.13.5

reauthentication, 5.3

forcing not supported for Oracle Single Sign-On, 3.2.2

reference footprint, 2.6.3

Relying Party, 1.1.3

roles

FederationAdmin, 4.1.1.1

S

SAML, 1.1.4.1

assertions, 1.1.4.1

authentication example, 1.1.4.4

profiles, 1.1.4.1

protocol bindings, 1.1.4.1

request and response cycle, 1.1.4.1

request-response cycle, 1.1.4.1

SAML 1.x, 1.1.4.3

IdP Properties, 5.4.2

SP, 5.5.3

SAML 2.0, 1.1.4.4

IdP NameID formats, 5.4.1

IdP Properties, 5.4.1

SP, 5.5.2

SAML security considerations, 2.2.2.3

schema

creating, 5.13.5

validation, 6.13.4

schema validation, 6.13.4

Security and Trust

configuring, 5.10

Provider Metadata, 5.10.2

Trusted CAs and CRLs, 5.10.3

Wallet, 5.10.1

security considerations, 2.2.2.3

server certificates, 4.2.2

Server Clock Drift, 5.2.1

Server Configuration Data, 5.1.1

Server Hostname, 5.2.1

server metadata, 4.2.1

Server Port, 5.2.1

Service Provider

Common Properties, 5.5.1

OpenID, 5.5.5

SAML 1.x, 5.5.3

SAML 2.0, 5.5.2

WS-Federation 1.1, 5.5.4

service provider, 1.1.3

session

active period, 5.2.1

Session Data Store, 5.13.3

Session Timeout, 5.2.1

Session Types, 5.4.4

setConfigProperty

for DN pattern matching, 5.5.1

signature verification, 4.2.6

Signing and Encryption Wallets, 8.2

Single Sign-On

for SAML 1.x and WS-Federation, 4.3.5

for User Opt-In and Opt-Out, 6.18

schema validation, 6.13.4

single sign-on, 1.1

sizing guidelines, 2.6

SOAP Port, 5.2.1

SP integration engine

custom, 10.4

SP Properties

OpenID, 5.5.5

SSL, 8.1

and PKI, 4.1.1.2

configuration, 8.1.1

configuring for Oracle Identity Federation, 8.1

enabling for server, 5.2.1, 5.2.1

Signing and Encryption Wallets, 8.2

static attribute mapping, 5.9.1.1.1

Supported Standards and Applications, 1.2.8

T

test SP engine, 3.2.7

third-party IAM solutions, 10.1

timeout parameters, 5.3

topology, 2.6.4

transient data store, 2.4.3

troubleshooting

AccessGate permission error, C.1.4.1

back-ends with same cookie domain, C.1.4.4

bookmarked login page, C.1.3.2

bookmarked resource, C.1.6.1

file descriptor error, C.1.5.1

incorrect login page, C.1.3.1

LD_ASSUME_KERNEL, C.1.4.3

non-ASCII AccessGate ID, C.1.4.2

Operating System configuration, C.1.5

Oracle Access Manager configuration, C.1.4

Oracle Identity Federation configuration, C.1.2

Oracle Single Sign-On configuration, C.1.3

runtime SSO issues, C.1.6

trusted provider

adding, 4.3.2

delete, 4.3.4

for SSO, 4.3.5

searching, 4.3.1

update, 4.3.3

U

User Consent, 5.4.1

example page, 5.4.1

user data store, 2.4.2

configuring none, 5.13.1.5

connection data, 2.4.2

User Federation Data, 5.1.2

User Federation Record Context, 2.4.1

User Opt-In and Opt-Out

for Single Sign-On, 6.18

user records

basic data, 5.1.2

deprovisioning, 5.1.2

federation data, 5.1.2

synchronizing, 5.1.2

W

web access management (WAM) system, 1.2.3

Web Proxy

configuring behind, 3.2.6.3

WLST, 9

addConfigListEntryInMap, 9.2.1

addConfigMapEntryInMap, 9.2.2

addConfigPropertyListEntry, 9.2.3

addConfigPropertyMapEntry, 9.2.4

addFederationListEntryInMap, 9.2.7

addFederationMapEntryInMap, 9.2.8

addFederationPropertyMapEntry, 9.2.10

changePeerProviderDescription, 9.2.16

changeSessionStore, 9.2.17

createConfigPropertyList, 9.2.18

createConfigPropertyListInMap, 9.2.19

createConfigPropertyMap, 9.2.20

createConfigPropertyMapInMap, 9.2.21

createFederationPropertyList, 9.2.22

createFederationPropertyListInMap, 9.2.23

createFederationPropertyMap, 9.2.24

createFederationPropertyMapInMap, 9.2.25

createPeerProviderEntry, 9.2.26

deleteCustomAuthnEngine, 9.2.11

deleteCustomSPEngine, 9.2.12

deleteUserFederations, 9.2.14

environment setup, 9.1.1

executing commands, 9.1.2

extractproviderprops, 9.2.36

getConfigListValueInMap, 9.2.27

getConfigMapEntryInMap, 9.2.28

getConfigProperty, 9.2.29

getConfigPropertyList, 9.2.30

getConfigPropertyMapEntry, 9.2.31

getFederationListValueInMap, 9.2.32

getFederationMapEntryInMap, 9.2.33

getFederationProperty, 9.2.34

getFederationPropertyList, 9.2.35

getFederationPropertyMapEntry, 9.2.38

listCustomAuthnEngines, 9.2.39

listCustomSPEngines, 9.2.40

loadMetadata, 9.2.41, 9.2.42

removeConfigListInMap, 9.2.43

removeConfigMapEntryInMap, 9.2.44

removeConfigMapInMap, 9.2.45

removeConfigProperty, 9.2.46

removeConfigPropertyList, 9.2.47

removeConfigPropertyMap, 9.2.48

removeConfigPropertyMapEntry, 9.2.49

removeFederationListInMap, 9.2.50

removeFederationMapEntryInMap, 9.2.52

removeFederationMapInMap, 9.2.51

removeFederationProperty, 9.2.53

removeFederationPropertyList, 9.2.54

removeFederationPropertyMap, 9.2.55

removeFederationPropertyMapEntry, 9.2.56

removePeerProviderEntry, 9.2.57

setConfigProperty, 9.2.58

setCustomAuthnEngine, 9.2.59

setCustomSPEngine, 9.2.60

setFederationProperty, 9.2.61

setproviderprops, 9.2.37

WS-Federation, 1.1.4.5

IdP Properties, 5.4.3

WS-Federation 1.1

SP, 5.5.4

X

X.509 certificates, 4.1.1.2