What's New in This Guide

This chapter describes the most important changes introduced in releases 11gR1, 11gR1 PS1, 11gR1 PS2, 11gR1+, and 11gR1 PS3.

New Features in Release 11gR1 PS3

The features introduced in release 11gR1 PS3 include the following:

• Support for DB-based stores. For details, see Section 8.3, "Using a DB-Based OPSS Security Store."

• Support for the IBM WebSphere Application Server. For details, see Section 1.1.2, "Supported Server Platforms."

• Support for identity virtualization, which allows querying multiple identity stores. For details, see Section 7.3, "Configuring the Identity Store Service."

• Support for security administrative scripts on IBM WebSphere Application Server. For details, see Appendix I, "OPSS Scripts."

• The OPSS script upgradeOpss to upgrade security data from 11gR1 PS1 or 11gR1 PS2 to 11gR1 PS3. For details, see Appendix G, "Upgrading Policies with upgradeOpss."

• Additional OPSS scripts. For complete list, see Appendix I, "OPSS Scripts."

• Improved Fusion Middleware Control security pages.

• Enhanced OAMCfgTool for OAM 10g SSO, with additional parameters. For details, see Section 16.3, "Introduction to OAMCfgTool."

• User and Role API support for IBM Tivoli and Microsoft ADAM directories. For details see Section 25.3.3, "Selecting the Provider".

New Features in Oracle Identity Management 11gR1

The features introduced in Oracle Identity Management 11gR1 include the following:

• Oracle Authorization Policy Manager, a tool to manage application security artifacts. The set of available tools to administer application security is expanded to Oracle WebLogic Administration Console, Oracle Enterprise Manager Fusion Middleware Control, WLST commands, and Oracle Authorization Policy Manager.

Additions to This Guide

New material in this guide includes:

• An appendix that lists all security-related WLST commands.

New Features in Release 11gR1 PS2

The features introduced in release 11gR1 PS2 include the following:

• The Resource Catalog, a way of specifying resource types, resources, actions, and entitlements in an application policy grant. Starting with this release, OPSS supports resource-based policies with the introduction of the resource catalog.

• Instructions for developing custom User and Role providers.

• Use of the class ResourcePermission in permissions.

• New WLST commands to manage resource types.

• The system property jps.deployment.handler.disabled of the Oracle WebLogic Server has been introduced.

• A new use of the command upgradeSecurityStore.

• A new argument to the command migrateSecurityStore to control the migration behavior upon encountering duplicate items. It applies only when migrating application policies.

New Features in Release 11gR1 PS1

The features introduced in release 11gR1 PS1 include the following:

• The class Resource Permission.

• Principal name comparison has been enhanced.

• Manual settings for policy migration have been simplified. In particular, versioning the application is no longer required.

• The WLST command migrateSecurityStore supports the embedded LDAP store as a target.

• The configuration of the identity store has been simplified. For example, previously required properties such as username.attr and login.name.attr are no longer needed when configuring an LDAP identity store.

• The WLST command reassociateSecurityStore supports an existing LDAP node as a target.

• New and improved Oracle Fusion Middleware Control pages. In particular, using these pages, one can specify the SSO service to use in a domain.

New Features in Release 11gR1

The single most important new feature in the 11gR1 release is the introduction of the Oracle WebLogic Server as the environment where applications run and where security is provisioned.

The features introduced in release 11gR1 include the following:

• Support for application policies and roles, and the authenticated and anonymous users and roles

• Credential Store Framework

• Auditing framework for Oracle Platform Security Services (OPSS) events for credential and policy management, and authorization checks

• Support for application lifecycle security integrated with JDeveloper

• Enhanced authorization framework

• Consolidation of code-based and subject-based policies in system-jazn-data.xml

• Management of security with Oracle Fusion Middleware and WLST commands

• New security-related WLST commands

Desupported Features from 10.1.3.x

The features de-supported in release 11gR1 include the following:

• Jazn is replaced with OPSS.

• Jazn Realm API is replaced by the User and Role API.

• Migration of OSDT toolkit from proprietary objects to JCE is desupported.

• The identity store, as previously configured in system-jazn-data.xml, is replaced by the use of WebLogic authenticators.

• The functions of Oracle Jazn Administration Tool are replaced as follows:

  • User and Role CRUD operations are replaced by the use of the Embedded LDAP configured and operated with the Oracle WebLogic Administration Console

  • The configuration of login modules is replaced with the use of the Oracle WebLogic Administration Console to configure authenticators

• JavaSSO is no longer supported. On a Oracle WebLogic Server domain, Single Sign-On (SSO) is automatic within clusters only when session replication is turned on.

Links to Upgrade Documentation

To upgrade from a previous release to the current, see any of the following documents:

• Oracle Fusion Middleware Upgrade Planning Guide

• Oracle Fusion Middleware Upgrade Guide for Java EE

• Oracle Fusion Middleware Upgrade Guide for Oracle SOA Suite, WebCenter, and ADF

• Oracle Fusion Middleware Upgrade Guide for Oracle Portal, Forms, Reports, and Discoverer

• Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management