| Oracle® Fusion Middleware Administrator's Guide for Oracle Adaptive Access Manager Release 11g (11.1.1) Part Number E14568-02 | 
 | 
| 
 | View PDF | 
All tasks in this book presume that you have Oracle Adaptive Access Manager 11g installed with initial configuration completed as described in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
This chapter presents details on setting up the Oracle Adaptive Access Manager environment.
The Oracle Fusion Middleware Installation Guide for Oracle Identity Management 11g Release 1 (11.1.1) provides all installation and initial configuration details.
Oracle Adaptive Access Manager is installed into an environment where you may install other Oracle Identity Management 11g components.
The following Oracle Adaptive Access Manager-related components are deployed in a new WebLogic administration domain using the Oracle Fusion Middleware Configuration Wizard:
WebLogic Administration Server
Managed Server for Oracle Adaptive Access Manager
Oracle Adaptive Access Manager Console deployed on the Administration Server
For information on how to install and configure Oracle Adaptive Access Manager, see the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
After installing and configuring Oracle Adaptive Access Manager, you must complete the following tasks to set up the basic Oracle Adaptive Access Manager environment.
Procedures are provided in the following sections:
The Oracle Adaptive Access Manager Command-Line Interface (CLI) scripts enable users to perform various tasks instead of using OAAM Admin.
For information on setting up the CLI environment, see Section 23.2, "Setting Up the CLI Environment."
Encryption is used to protect data within Oracle Adaptive Access Manager from unauthorized access. The process uses methods and a key or keys to encode plain text into a non-readable form. A key is required to decrypt the encrypted information and make it readable again. Authorized persons who possess the key can decrypt information that is encrypted with the same key.
This section provides instructions to set up encryption and database credentials for Oracle Adaptive Access Manager.
An overview for setting up encryption and database credentials is provided in this section.
Setting up encryption involves the following steps:
Ensure the secret keys (a.k.a symmetric keys) for both configuration value and database are available. If you do not have a secret key, generate an encoded symmetric key using the genEncodedKey command.
Encode the key using the base64encode option of the encodeKey command. This step is not required if the genEncodedKey command was used to generate the key.
Use Fusion Middleware Control to add the encoded secret key to an alias in the Credential Store Framework in the domain where Oracle Adaptive Access Manager is installed.
Configuring database credentials in the Credential Store Framework involves the following steps:
Use Fusion Middleware Control to add database credentials (username and password) in the Credential Store Framework in the domain where Oracle Adaptive Access Manager is installed. These credentials are used by the Oracle Adaptive Access Manager command-line utilities.
Configure the properties files that are used by the Oracle Adaptive Access Manager CLI utilities with details of the WebLogic administration server and Oracle Adaptive Access Manager database.
Pre-requisites for setting up encryption and database credentials for Oracle Adaptive Access Manager are:
If you do not have access to the Oracle Adaptive Access Manager installation folder, make sure Oracle Adaptive Access Manager 11g is configured with Fusion Middleware Control while creating the domain.
If you have access to the Oracle Adaptive Access Manager installation folder then make sure you have access to running the command-line scripts in the MW_HOME\IDM_ORACLE_HOME\oaam\cli folder.
Make sure Sun JDK is installed and check that the java command is in the path by executing the java command.
Note:
If you are upgrading from Oracle Adaptive Access Manager 10.1.4.5 to Oracle Adaptive Access Manager 11g, you can skip Section 2.4.3, "Setting up Secret Key for Encrypting Configuration Values,", Section 2.4.4, "Setting Up Secret Key for Encrypting Database Values,"and Section 2.4.5, "Generating an Encoded Secret Key," since the Upgrade Assistant automatically migrates the secret keys from Oracle Adaptive Access Manager 10.1.4.5 to the Credential Store Framework in Oracle Adaptive Access Manager 11g.To set up the secret key for encrypting configuration values, follow the steps in this section:
Go to the Oracle Adaptive Access Manager command-line folder MW_HOME\IDM_ORACLE_HOME\oaam\cli.
Create a file config_secret_key.file and add the secret key to the file like this:
tobase64=<secret-key>
Note:
This is your key to the encryption algorithm.
Note that 3DES accepts any key, but it must be a minimum of 24 characters.
Encode the key using Base64 algorithm by executing the following command.
In Unix
encodeKey.sh config_secret_key.file
In Windows
encodeKey.cmd config_secret_key.file
If the encoding command was successful, you will see output similar to the following:
base64encode is done! Base64 Encoded value =<encoded_value>
If the KeyStore command was not successful, you might see the following error:
Exception in thread "main" java.lang.NoClassDefFoundError: while resolving class: com.bharosa.vcrypt.common.util.KeyStoreUtil at java.lang.VMClassLoader.resolveClass(java.lang.Class) (/usr/lib/libgcj.so.5.0.0) at java.lang.Class.initializeClass() (/usr/lib/libgcj.so.5.0.0) at java.lang.Class.forName(java.lang.String, boolean, java.lang.ClassLoader) (/usr/lib/libgcj.so.5.0.0) at java.lang.Class.forName(java.lang.String) (/usr/lib/libgcj.so.5.0.0)
Note down the encoded value of the key printed on the screen. Make sure there are no spaces. You need this to add to the Credential Store Framework.
Refer to Section 2.4.6, "Adding Symmetric Key to the Credential Store Framework" for adding the encoded key to the Credential Store Framework.
To set up the secret key for encrypting database values:
Go to the Oracle Adaptive Access Manager command-line folder MW_HOME\IDM_ORACLE_HOME\oaam\cli.
Create a file db_secret_key.file and add the secret key to the file like this:
tobase64=<secret-key>
Note:
This is your key to the encryption algorithm.
Note that 3DES accepts any key, but it must be a minimum of 24 characters.
Encode the key using Base64 algorithm by executing the following command.
In Unix
encodeKey.sh db_secret_key.file
In Windows
encodeKey.cmd db_secret_key.file
If the encoding command was successful, you will see output similar to the following:
base64encode is done! Base64 Encoded value = <encoded_value>
If the KeyStore command was not successful, you might see the following error:
Exception in thread "main" java.lang.NoClassDefFoundError: while resolving class: com.bharosa.vcrypt.common.util.KeyStoreUtil at java.lang.VMClassLoader.resolveClass(java.lang.Class) (/usr/lib/libgcj.so.5.0.0) at java.lang.Class.initializeClass() (/usr/lib/libgcj.so.5.0.0) at java.lang.Class.forName(java.lang.String, boolean, java.lang.ClassLoader) (/usr/lib/libgcj.so.5.0.0) at java.lang.Class.forName(java.lang.String) (/usr/lib/libgcj.so.5.0.0)
Note down the encoded value of the key printed on the screen. Make sure there are no spaces. You need this to add to the Credential Store Framework.
Refer to Section 2.4.6, "Adding Symmetric Key to the Credential Store Framework" for adding the encoded key to the Credential Store Framework.
Execute the following command:
In Unix
genEncodedKey.sh sample.db_3des_input.properties
In Windows
genEncodedKey.cmd sample.db_3des_input.properties
If the command is successful you will see the output like this:
Generated key = <encoded_key>
Note:
Encoding the generated key is not necessary since it is already encoded.OAAM Servers automatically generate the secret key if you start them after domain creation. You can choose to use those autogenerated secret keys if you do not want to use different secret keys.
To add symmetric key to the Credential Store Framework:
Log in to Fusion Middleware Control at http://<weblogic_admin_server>:<port>/em using the Web browser and use the WebLogic Administrator credentials to log in.
Expand the weblogic_domain node in the left Navigation tree.
Select the OAAM domain and right-click and select the menu option Security, and then the option Credentials in the submenu.
Find out whether there is a map with the name oaam. If not, click the Create Map option and enter the Map Name as oaam. Click OK to save the map.
Click the oaam icon to select the map and then click the Create Key option.
In the pop-up window make sure Select Map is oaam.
Enter the Key Name as DESede_db_key_alias if the key is database-related or DESede_config_key_alias if it is configuration/application related. Make sure there are no typos or spaces.
Select the Type as Generic.
Enter the encoded value of the symmetric key as the credential value.
Enter description of this in the Description field.
Click OK to save the secret key to the Credential Store Framework
Make sure you back up the alias and the secret key.
These will be required if you must recreate the domain and point the domain to the existing Oracle Adaptive Access Manager database.
Note:
If you lose the secret key, all the existing data in the Oracle Adaptive Access Manager database will become unusable since many important administrative operations involve encrypted data.To set up the Oracle Adaptive Access Manager database credentials in the Credential Store Framework:
Log in to Fusion Middleware Control at http://<weblogic_admin_server>:<port>/em using the Web browser and use the WebLogic Administrator credentials to log in.
Expand the weblogic_domain icon in the left Navigation tree.
Select the OAAM domain and right-click and select the menu option Security and then the option Credentials in the submenu.
Check to see whether there is a map with the name oaam. If not click the Create Map option and enter the Map Name as oaam. Click OK to save the map.
Click the oaam icon to select the map and then click the Create Key option.
In the pop-up window make sure Select Map is oaam.
Enter the Key as oaam_db_key. Make sure there are no typos and spaces.
Select the Type as Password.
Enter the database username of OAAM in the User Name field.
Enter the database password of OAAM in the Password field.
Enter the description.
It is important to back up the secret keys (both database-related and configuration-related). Make sure you note the secret key and the alias name.
If you delete and recreate the WebLogic domain, make sure you use the backed-up secret keys when setting the encryption keys so that the existing data in the Oracle Adaptive Access Manager database can be decrypted properly.
During registration, which could be enrollment, opening a new account, or another events such as a reset, the user selects different questions from a list of questions and enters answers to them. These questions, called challenge questions, are used to authenticate users.
Default questions are shipped along with Oracle Adaptive Access Manager in the oaam_kba_questions_<locale>.zip files, which are located in the MW_HOME/IDM_ORACLE_HOME/oaam/init/kba_questions directory. The locale identifier <locale> specifies the language version.
You must load the ZIP files for the languages you want to support into Oracle Adaptive Access Manager before users can be asked to register. These questions may also be required to log in to OAAM Server.
For information on importing challenge questions, see Section 6.5.6, "Importing Questions."
Policies are designed to help evaluate and handle business activities or potentially risky activities that are encountered in day-to-day operation.
Base policies are shipped along with Oracle Adaptive Access Manager in the oaam_sample_policies_for_uio_integration.zip file, which is located in the MW_HOME/IDM_ORACLE_HOME/oaam/init directory.
If you want to use these policies, you must import them into your system by following these instructions:
Create a \tmp folder in the drive where you have installed Weblogic if OAAM Admin is installed on the Windows platform.
For example, if the Weblogic domain is on the C drive, you would create a c:\tmp folder.
This folder will be used as a temporary folder for uploading large files into the OAAM Admin application.
In the Navigation tree, double-click Policies. The Policies Search page is displayed.
In the Policies Search page, click the Import Policy button. The Import Policy screen appears.
In the Import Policy dialog box, type the path and oaam_sample_policies_for_uio_integration.zip; or use the Browse (...) button to locate oaam_sample_policies_for_uio_integration.zip, and then select it.
Click Open and then click OK.
A confirmation dialog appears with the list of policies that have been successfully uploaded.
Click Done to dismiss the confirmation dialog.
The policies should be listed in the Search Results table of the Policies Search page.
Conditions consist of parameters that are used to evaluate datapoints collected during a checkpoint such as time, user name, authentication type, transaction data, IP, and so on.
A library of conditions used to configure rules is shipped along with Oracle Adaptive Access Manager in the oaam_rule_conditions.zip file, which is located in the MW_HOME/IDM_ORACLE_HOME/oaam/rule_conditions directory.
To use these conditions, import them into your system by following the instructions in Section 9.24, "Importing Conditions."
Configurable actions are actions that are triggered based on the result action or risk scoring or both after a checkpoint execution. The configurable actions are built using action templates.
Configurable action templates are shipped along with Oracle Adaptive Access Manager in the OOTB_Configurable_Actions.zip file, which is located in the MW_HOME/IDM_ORACLE_HOME/oaam/init directory.
To use these templates, import them into your system by following the instructions in Section 15.13, "Importing Action Templates."
Note:
If you are upgrading from Oracle Adaptive Access Manager 10.1.4.5 to Oracle Adaptive Access Manager 11g, you will see that the names and descriptions of the out-of-the-box action templates are slightly different, since the action templates in Oracle Adaptive Access Manager 11g are globalized and hence the difference.The actors that are tracked during authentication are called authentication entities and include user, city, device, and so on. These basic entities are required to enable conditions that are used for patterns.
Basic required entities are shipped along with Oracle Adaptive Access Manager in the Auth_EntityDefinition.zip file, which is located in the MW_HOME/IDM_ORACLE_HOME/oaam/init directory.
Before you begin using the Autolearning feature, you must import these basic entities into your system.
Import them into your system by following the instructions in Section 16.8, "Importing Entities."
IP location data is used by the risk policies framework to determine the risk of fraud associated with a given IP address (location).
To be able to determine location of the login or transaction, this data must be uploaded. For information, see Section 23.4, "Importing IP Location Data."
The following properties must be set to enable autolearning and configurable action features.
Autolearning
Enable the following properties so that Oracle Adaptive Access Manager collects profiling data:
vcrypt.tracker.autolearning.enabled is set to true.
If this property is absent, the default is for autolearning to be enabled. If the property is present, the assigned value is used.
vcrypt.tracker.autolearning.use.auth.status.for.analysis is set to true
This property must be set to true for the authentication patterns to work. Authentication patterns are the patterns that are used in processing the data relevant to authentication (login) related information only.
vcrypt.tracker.autolearning.use.tran.status.for.analysis is set to true
This property must be set to true for the transaction-related patterns to work. Transaction related patterns are the one that process the transaction related data for Autolearning. An example is a pattern that profiles users who are performing wire transfer operations.
Configurable Actions
To enable the configurable actions feature, set dynamicactions.enabled to true.
A time zone identifies an area that always shares the same local time.
Use the Property Editor to set oaam.adf.timezone to the desired time zone.
For example,
oaam.adf.timezone = Atlantic/Reykjavik
The property takes the standard values for the time zone as listed in Section 2.12.1, "Values for the Common Timezones."
The property is a system wide time zone setting and not a per-user one. All users must be in the single time zone.
Note that time zone and the browser locale formatting are independent of each other. For example, if you set your browser to en-gb, but set your oaam.adf.time zone to America/Los_Angeles, the time stamps will be formatted as per British locale formatting but the time zone will still be Pacific Time.
The time zones are as follows:
Pacific/Midway (GMT-11:00) Midway - Samoa Time (ST)
Pacific/Pago_Pago (GMT-11:00) Pago Pago - Samoa Time (ST)
Pacific/Honolulu (GMT-10:00) Honolulu - Hawaii Time (HT)
America/Anchorage (GMT-09:00) Alaska Time (AKT)
America/Tijuana (GMT-08:00) Tijuana - Pacific Time (PT)
America/Vancouver (GMT-08:00) Vancouver - Pacific Time (Canada) (PT)
America/Los_Angeles (GMT-08:00) Los Angeles - Pacific Time (PT)
America/Chihuahua (GMT-07:00) Chihuahua - Mexico Time 2 (MT)
America/Denver (GMT-07:00) Denver - Mountain Time (MT)
America/Edmonton (GMT-07:00) Mountain Time
Canada (MT)
America/Phoenix (GMT-07:00) Mountain Time (MT)
America/Mazatlan (GMT-07:00) Mexico Time 2 (MT)
America/Guatemala (GMT-06:00) Guatemala - Central America Time (CT)
America/Regina (GMT-06:00) Regina - Central Time (CT)
America/Chicago (GMT-06:00) Chicago - Central Time (CT)
America/Managua (GMT-06:00) Managua - Central America Time (CT)
America/Winnipeg (GMT-06:00) Central Time (Canada) (CT)
America/El_Salvador (GMT-06:00) El Salvador - Central America Time (CT)
America/Costa_Rica (GMT-06:00) Costa Rica - Central America Time (CT)
America/Mexico_City (GMT-06:00) Mexico City - Mexico Time (MT)
America/Guayaquil (GMT-05:00) Guayaquil - Ecuador Time (ECT)
America/Indiana/Indianapolis (GMT-05:00) Indianapolis
Indiana - Eastern Time (ET)
America/Bogota (GMT-05:00) Bogota - Colombia Time (COT)
America/Lima (GMT-05:00) Lima - Peru Time (PET)
America/Panama (GMT-05:00) Panama - Eastern Time (ET)
America/Montreal (GMT-05:00) Montreal - Eastern Time (Canada) (ET)
America/New_York (GMT-05:00) New York - Eastern Time (ET)
America/Puerto_Rico (GMT-04:00) Puerto Rico - Atlantic Time (AT)
America/Halifax (GMT-04:00) Canada Atlantic Time (AT)
America/Santiago (GMT-04:00) Santiago - Chile Time (CLT)
America/Caracas (GMT-04:00) Caracas - Venezuela Time (VET)
America/Godthab (GMT-03:00) Godthab - Western Greenland Time (WGT)
America/Argentina/Buenos_Aires (GMT-03:00) Buenos Aires - Argentine Time (ART)
America/Sao_Paulo (GMT-03:00) Sao Paulo - Brasilia Time (BRT)
America/St_Johns (GMT-03:30) St Johns - Newfoundland Time (NT)
America/Noronha (GMT-02:00) Noronha - Fernando de Noronha Time (FNT)
Atlantic/Azores (GMT-01:00) Azores - Azores Time (AZOT)
Atlantic/Cape_Verde (GMT-01:00) Cape Verde - Cape Verde Time (CVT)
Europe/Dublin (GMT+00:00) Dublin - Greenwich Mean Time (GMT)
Europe/London (GMT+00:00) London - Greenwich Mean Time (GMT)
Etc/UTC (GMT+00:00) Coordinated Universal Time (UTC)
Africa/Casablanca (GMT+00:00) Casablanca - Western European Time (WET)
Europe/Lisbon (GMT+00:00) Lisbon - Western European Time (WET)
Africa/Nouakchott (GMT+00:00) Nouakchott - Greenwich Mean Time (GMT)
Atlantic/Reykjavik (GMT+00:00) Reykjavik - Greenwich Mean Time (GMT)
Europe/Prague (GMT+01:00) Prague - Central European Time (CET)
Europe/Budapest (GMT+01:00) Budapest - Central European Time (CET)
Europe/Madrid (GMT+01:00) Madrid - Central European Time (CET)
Europe/Vienna (GMT+01:00) Vienna - Central European Time (CET)
Africa/Algiers (GMT+01:00) Algiers - Central European Time (CET)
Africa/Lagos (GMT+01:00) Lagos - Western African Time (WAT)
Europe/Belgrade (GMT+01:00) Belgrade - Central European Time (CET)
Europe/Oslo (GMT+01:00) Oslo - Central European Time (CET)
Europe/Rome (GMT+01:00) Rome - Central European Time (CET)
Africa/Tunis (GMT+01:00) Tunis - Central European Time (CET)
Europe/Stockholm (GMT+01:00) Stockholm - Central European Time (CET)
Europe/Copenhagen (GMT+01:00) Copenhagen - Central European Time (CET)
Europe/Tirane (GMT+01:00) Tirane - Central European Time (CET)
Europe/Zurich (GMT+01:00) Zurich - Central European Time (CET)
Europe/Paris (GMT+01:00) Paris - Central European Time (CET)
Europe/Berlin (GMT+01:00) Berlin - Central European Time (CET)
Europe/Warsaw (GMT+01:00) Warsaw - Central European Time (CET)
Europe/Amsterdam (GMT+01:00) Amsterdam - Central European Time (CET)
Europe/Brussels (GMT+01:00) Brussels - Central European Time (CET)
Europe/Luxembourg (GMT+01:00) Luxembourg - Central European Time (CET)
Europe/Bucharest (GMT+02:00) Bucharest - Eastern European Time (EET)
Asia/Nicosia (GMT+02:00) Nicosia - Eastern European Time (EET)
Europe/Kiev (GMT+02:00) Kiev - Eastern European Time (EET)
Europe/Sofia (GMT+02:00) Sofia - Eastern European Time (EET)
Europe/Riga (GMT+02:00) Riga - Eastern European Time (EET)
Africa/Johannesburg (GMT+02:00) Johannesburg - South Africa Time (SAT)
Europe/Athens (GMT+02:00) Athens - Eastern European Time (EET)
Africa/Tripoli (GMT+02:00) Tripoli - Eastern European Time (EET)
Africa/Cairo (GMT+02:00) Cairo - Egypt Time (ET)
Asia/Beirut (GMT+02:00) Beirut - Eastern European Time (EET)
Europe/Tallinn (GMT+02:00) Tallinn - Eastern European Time (EET)
Europe/Vilnius (GMT+02:00) Vilnius - Eastern European Time (EET)
Europe/Helsinki (GMT+02:00) Helsinki - Eastern European Time (EET)
Asia/Amman (GMT+02:00) Amman - Eastern European Time (EET)
Asia/Damascus (GMT+02:00) Damascus - Eastern European Time (EET)
Africa/Harare (GMT+02:00) Harare - Central African Time (CAT)
Asia/Jerusalem (GMT+02:00) Jerusalem - Israel Time (IT)
Europe/Istanbul (GMT+02:00) Istanbul - Eastern European Time (EET)
Africa/Khartoum (GMT+03:00) Khartoum - Eastern African Time (EAT)
Asia/Aden (GMT+03:00) Aden - Arabia Time (AT)
Africa/Mogadishu (GMT+03:00) Mogadishu - Eastern African Time (EAT)
Asia/Baghdad (GMT+03:00) Baghdad - Arabia Time (AT)
Asia/Bahrain (GMT+03:00) Bahrain - Arabia Time (AT)
Africa/Djibouti (GMT+03:00) Djibouti - Eastern African Time (EAT)
Africa/Nairobi (GMT+03:00) Nairobi - Eastern African Time (EAT)
Europe/Moscow (GMT+03:00) Moscow - Moscow Time (MSK)
Asia/Qatar (GMT+03:00) Qatar - Arabia Time (AT)
Asia/Kuwait (GMT+03:00) Kuwait - Arabia Time (AT)
Asia/Riyadh (GMT+03:00) Riyadh - Arabia Time (AT)
Asia/Tehran (GMT+03:30) Tehran - Iran Time (IRT)
Asia/Dubai (GMT+04:00) Dubai - Gulf Time (GT)
Asia/Baku (GMT+04:00) Baku - Azerbaijan Time (AZT)
Asia/Muscat (GMT+04:00) Muscat - Gulf Time (GT)
Asia/Kabul (GMT+04:30) Kabul - Afghanistan Time (AFT)
Asia/Yekaterinburg (GMT+05:00) Yekaterinburg - Yekaterinburg Time (YEKT)
Asia/Karachi (GMT+05:00) Karachi - Pakistan Time (PKT)
Asia/Tashkent (GMT+05:00) Tashkent - Uzbekistan Time (UZT)
Asia/Kolkata (GMT+05:30) Kolkata - India Time (IT)
Asia/Colombo (GMT+05:30) Colombo - Sri Lanka Time (LKT)
Asia/Katmandu (GMT+05:45) Katmandu - Nepal Time (NPT)
Asia/Dhaka (GMT+06:00) Dhaka - Bangladesh Time (BDT)
Asia/Almaty (GMT+06:00) Almaty - Alma-Ata Time (ALMT)
Asia/Novosibirsk (GMT+06:00) Novosibirsk - Novosibirsk Time (NOVT)
Asia/Rangoon (GMT+06:30) Rangoon - Myanmar Time (MMT)
Asia/Krasnoyarsk (GMT+07:00) Krasnoyarsk - Krasnoyarsk Time (KRAT)
Asia/Ho_Chi_Minh (GMT+07:00) Ho Chi Minh - Indochina Time (ICT)
Asia/Jakarta (GMT+07:00) Jakarta - West Indonesia Time (WIT)
Asia/Bangkok (GMT+07:00) Bangkok - Indochina Time (ICT)
Asia/Kuala_Lumpur (GMT+08:00) Kuala Lumpur - Malaysia Time (MYT)
Asia/Shanghai (GMT+08:00) Shanghai - China Time (CT)
Asia/Taipei (GMT+08:00) Taipei - China Time (CT)
Asia/Irkutsk (GMT+08:00) Irkutsk - Irkutsk Time (IRKT)
Asia/Singapore (GMT+08:00) Singapore - Singapore Time (SGT)
Asia/Hong_Kong (GMT+08:00) Hong Kong - Hong Kong Time (HKT)
Asia/Manila (GMT+08:00) Manila - Philippines Time (PHT)
Australia/Perth (GMT+08:00) Perth - Western Time (Australia) (WT)
Asia/Yakutsk (GMT+09:00) Yakutsk - Yakutsk Time (YAKT)
Asia/Tokyo (GMT+09:00) Tokyo - Japan Time (JT)
Asia/Seoul (GMT+09:00) Seoul - Korea Time (KT)
Australia/Adelaide (GMT+09:30) Adelaide - Central Time (South Australia) (CT)
Australia/Darwin (GMT+09:30) Darwin - Central Time (Northern Territory) (CT)
Asia/Vladivostok (GMT+10:00) Vladivostok - Vladivostok Time (VLAT)
Pacific/Guam (GMT+10:00) Guam - Chamorro Time (ChT)
Australia/Hobart (GMT+10:00) Hobart - Eastern Time (Tasmania) (ET)
Australia/Sydney (GMT+10:00) Sydney - Eastern Time (New South Wales) (ET)
Australia/Brisbane (GMT+10:00) Brisbane - Eastern Time (Queensland) (ET)
Asia/Magadan (GMT+11:00) Magadan - Magadan Time (MAGT)
Pacific/Auckland (GMT+12:00) Auckland - New Zealand Time (NZT)
Pacific/Fiji (GMT+12:00) Fiji - Fiji Time (FJT)
Asia/Kamchatka (GMT+12:00) Kamchatka - Petropavlovsk-Kamchatski Time (PETT)
Etc/GMT-12 (GMT+12:00) Dateline Standard Time (UTC+12:00)
Pacific/Tongatapu (GMT+13:00) Tongatapu - Tonga Time (TOT)