Oracle Access Management 12c: Administration Essentials

Course Overview

• Course Objectives
• Course Agenda
• Practice Environment: Overview

Introduction to Oracle Access Management

• Objectives
• Road Map
• Oracle Identity and Access Management Products
• Access Management Platform
• Oracle Access Management 12c PS3: Overview
• Oracle Access Management: Services
• Oracle Access Management: Salient Features
• Oracle Access Management 12c Architecture
• Road Map
• Installation and Configuration
• Fusion Middleware Configuration Wizard: Templates
• Road Map
• OAM 12c PS3 Runtime Architecture
• OAM 12c PS3 Servers
• Scalable Deployment Models
• Multidatacenter Support
• Road Map
• Management Interfaces
• Administration Interface: Alta Skin Based
• REST-Based Policy Administration APIs
• Road Map
• Session Management
• Session Management in OAM Console
• Session Management with REST API
• Database-Based Session Cache
• Road Map
• Oracle Access Management Policy Model
• Authorization Policy Management
• Policy Model Features
• Authorization Policy Model
• About Policy Ordering
• Configuring Policy Ordering
• Road Map
• Centralized Agent Management
• Login Processing with OAM Agents
• Embedded Credential Collector
• Detached Credential Collector
• Road Map
• Password Management
• Global Password Policy
• Managing Password Policy with REST
• Road Map
• Auditing and Logging
• Connection Simulator: Access Tester
• Access Tester Tool
• Road Map
• Oracle Integrations
• Windows Native Authentication
• Java SDK and Extensibility Framework
• Quiz
• Summary

Installation and Configuration

• Objectives
• Road Map
• Oracle Fusion Middleware Home and Oracle WebLogic Server Home
• Oracle Home
• Installing and Configuring Oracle Access Management: Sequence of Steps
• Installation Versus Configuration
• System Requirements for Oracle Identity and Access Management 12c PS3
• Road Map
• Oracle Middleware Infrastructure Installation
• Choosing an Installation Type
• Middleware Home
• Setting Environment Variables
• Practice 3-1 Overview: Installing Fusion Middleware Infrastructure and Identity
• and Access Management Products
• Road Map
• Installation: Welcome, Middleware Home, and Installation Type
• Prerequisite Checks, Installation Summary, and Progress
• Installation Complete
• Road Map
• Oracle Database Requirements
• Creating OAM Schema by Using RCU
• Creating OAM Schema: Operation and Database Connection Details
• Schema Creation: Select Components
• Creating OAM Schema: Tablespaces
• Practice 3-2 Overview: Configuring OAM Schema
• Road Map
• Configuration Wizard: Configuring Oracle Access Management Products
• Configuration Wizard: Domain and Application Location
• Configuration Wizard: Administrator, Domain Mode, and JDK
• Configuring Database Connection, JDBC Component Datasources
• Configuration Wizard: Administration and Managed Servers
• Configuration Wizard: Clusters and Machines
• Configuration Wizard: Assigning Servers to Machines and Summary
• Servers, Applications, and Data Sources
• Installing OHS for Oracle WebLogic Server
• Configuration Wizard: Extending Domain and Domain Source
• Practice 3-3 Overview: Configuring a WebLogic Server (WLS) Domain for
• Oracle Access Manager
• Road Map
• Starting Oracle Access Management
• Validating a Successful Installation and Configuration
• Oracle WebLogic Server Administration Console
• Oracle WebLogic Server Administration Console: Server Status
• Oracle Access Management Administration Console
• Oracle Enterprise Manager Fusion Middleware Control
• Practice 3-4 Overview: Performing Sanity Checks
• Road Map
• Uninstallation Prerequisites
• Uninstalling the Oracle Identity and Access Management Oracle Home
• Quiz
• Summary

System Configuration: Agents, Servers, and Data Sources

• Objectives
• Road Map
• Oracle Access Management Administration Console
• Servers
• Creating and Deleting a Managed Server
• Managing Servers
• Individual Server Properties
• OAM Proxy
• Managing Servers
• Road Map
• Agents
• Installing and Configuring WebGate 12c
• Practice 4 Overview: Installing OHS, and Installing, Creating, and Configuring
• an OAM 12c WebGate
• Road Map
• Registering Agents
• Creating or Registering OAM Agents by Using the OAM Console
• Viewing and Editing OAM Agent Registration by Using OAM Console
• In-Band Versus Out-of-Band Registration of Agents
• Registration Tool
• Using the Registration Tool
• Registration Output Files
• Registration Tool
• Registration Using the oamreg Tool
• Request File
• Sample Request File: Short Version
• Key Request Parameters
• Request File: Parameter Guidelines
• In-Band Registration Using the oamreg Tool
• Out-of-Band Registration Using the oamreg Tool
• Remote Registration: Common Issues
• Using the Remote Registration Utility: Roles
• Practice 4 Overview: Registering Agents
• Road Map
• User Identity Store
• Data Repositories
• User Identity Store: WLS Embedded LDAP Server
• User Identity Store: Managing LDAP Servers
• Testing an LDAP Connection
• Quiz
• Practice 4 Overview: Managing Identity Store and Agent Communication
• Summary

Configuring DCC, Policies, and Responses

• Objectives
• Road Map
• Application Domain
• Conceptual Relationships for Policy Objects
• Road Map
• Resource Types
• Custom Types and Operations
• Host Identifier
• Road Map
• Access Control
• Authentication
• Authorization
• Road Map
• Authentication Module
• Authentication Module Features
• Step-Up Authentication Feature
• Shared Components: Authentication Schemes
• Road Map
• Conditions
• Rules
• Simple Rule Mode
• Expression Rule Mode
• Expression Rule Mode: Special Characters
• Expression Rule Mode: Examples
• Policy Model: LDAP Search Filter
• LDAP Search Filter
• Multiple IP4 Ranges
• Attribute Condition
• Road Map
• Authentication Policies
• Authorization Policies
• Resources
• Wildcard Patterns
• URL Query String Parameter List
• Resource Matching Algorithm
• Path Matching
• Path Matching: Examples
• Query String Matching
• Query String Matching: Examples
• Operation Matching
• What Are Responses?
• Responses
• Response Expressions
• Response: Examples
• Response Providers
• Authorization Condition and Rules
• Road Map
• Introduction to Detached Credential Collector
• Main Benefits of Detached Credential Collector
• Different DCC Deployment Architecture
• Request Flow with Detached Credential Collector
• Request Flow with Detached Credential Collector and Resource WebGate
• Configuring WebGate as DCC
• Detached Credential Collector
• Resource WebGate
• Authentication Scheme Parameters
• Authentication Policy for DCC
• Multifactor Authentication for DCC
• Multifactor Authentication
• Error Processing
• Switch from ECC to DCC
• DCC: Enhancements
• High-Level Feature Flow
• Road Map
• Policy Administration REST APIs
• Request and Response
• Resource URL
• Policy Administration REST WADL File
• URLs for Policy Artifacts
• Error Codes
• Resource URL: Example
• How to Run CURL Commands: Examples
• Getting an Application Domain
• Creating an Application Domain
• Creating a Resource and Retrieving All Resources from an Application
• Domain: Examples
• Quiz
• Summary
• Practice 5: Overview

Single Sign-On and Session Management

• Objectives
• Road Map
• Oracle Access Management Single Sign-On
• Oracle Access Management Single Sign-On Scenario
• Oracle Access Management Single Logout Scenario
• Road Map
• Session and Cookie Creation in Authentication
• Session and Cookie Usage After Successful Authentication
• OAM Session and OAM_ID Cookie
• Agent Cookies
• Single Sign-On Cookie Reference
• Cookie and Communication Security
• Session and Cookies in Single Logout
• Road Map
• Session Life Cycle
• Session Timeouts
• POST Data Preservation and Restoration
• Resource WebGate Support for POST Data Preservation
• Credential Collector Support for POST Data
• POST Data Size Limits
• Road Map
• Session Caching and Persistence
• Road Map
• Configuring Single Sign-On: Overview
• Road Map
• Default Login Page
• Default Login and Logout Pages
• Default Login/Logout Pages
• Options for Displaying the Single Sign-On Login Page by Using
• Form-Based Authentication
• Configuring an Authentication Scheme for a Customized Login Page
• Customizing Logout
• Logout Configuration for Detached Credential Collector
• Road Map
• Configuring Session Management Options
• Managing Sessions
• Road Map
• What Is Impersonation?
• Guidelines for Impersonation
• Impersonation
• Setting Up Impersonation
• Testing Impersonation
• Road Map
• Windows Native Authentication
• User Validation Replacing Credential Collection in WNA
• Configuring an Oracle Access Management Deployment for WNA
• Quiz
• Summary
• Practice 6 Overview: Examining Single Sign-On and Managing Sessions

Using Oracle Access Management with WebLogic Applications

• Objectives
• Road Map
• Java EE Authentication and Authorization
• Using OAM for Perimeter Authentication and Authorization with a WebGate
• Using OAM for Perimeter Authentication Without a WebGate
• Road Map
• Identity Assertion Providers
• Oracle Access Management Identity Assertion Provider
• OAM Identity Assertion Provider Event Sequence
• Road Map
• OAM Authenticator
• Quiz
• Summary
• Practice 7 Overview: Using an Identity Assertion Provider

Auditing and Logging

• Objectives
• Road Map
• Auditing: Overview
• Logging: Overview
• Road Map
• Fusion Middleware Audit Framework
• Audit Output Options
• Audit Architecture Using a Database as the Audit Store
• Deploying Auditing by Using a Database as the Audit Store
• Audit Settings
• Road Map
• Audited Events: Examples
• Data Recorded When an Audited Event Occurs: Examples
• Oracle Business Intelligence Publisher
• Deploying BI Publisher to Support FMW Audit Framework and Oracle
• Access Management Reports
• Generating Oracle BI Publisher Reports
• Road Map
• Administrator Tasks: Logging
• Logging Configuration Objects
• Log Levels
• Oracle Access Management Loggers and Log Level Inheritance
• Log Handler Settings
• Logging Configuration Tools
• Viewing the Logging Configuration by Using FMW Control
• Modifying Log Level by Using FMW Control
• Creating or Configuring Log Handlers by Using FMW Control
• Using the WLST Tool to Configure Logging
• Road Map
• Locating Log Files
• Viewing and Downloading Log Files by Using FMW Control
• Road Map
• Log Files from Related Products in an Oracle Access Management
• Deployment
• Quiz
• Summary
• Practice 8 Overview: Auditing and Logging

Diagnostics and Troubleshooting

• Objectives
• Road Map
• Access Tester: Overview
• Access Tester: Use Cases
• Access Tester: Core Functionality
• Access Tester Architecture
• Test Cases and Test Scripts
• Access Tester Simulating Steps 1, 3, 5, and 6 of Agent and OAM Server
• Interaction
• Output Files and Security Features
• Starting the Access Tester
• System Properties
• Access Tester Console
• Road Map
• Using the weblogic.Admin Utility to Check the State of Servers
• Examining Admin Server and Managed Server Logs
• WebLogic Server Thread Dump
• Agent and Server Monitoring in the OAM Console
• OAM Proxy Errors
• Configuration Data
• Road Map
• Frequently Observed Issues
• LDAP Server
• OAM Runtime Servers
• Agent-Side Issues
• Runtime DB Issues
• Admin Change Propagation and Activation
• Policy Repository DB Issues
• Road Map
• WLST Architecture
• Offline and Online Modes
• Executing WLST Commands
• Python Script with an Embedded WLST Command to Create an Identity
• Store: Example
• WLST Commands for OAM 12c
• Road Map
• Oracle Enterprise Manager Fusion Middleware Control
• FMW Control: Performance Overview
• Fusion Middleware Control MBean Browser
• Quiz
• Summary
• Practice 9 Overview: Working with the Access Tester, WLST, and FMW
• Control

Hybrid OAM—IDCS Solution

• Objectives
• Road Map
• Introduction to Oracle Identity Cloud Service (IDCS)
• Authentication Features in IDCS
• Road Map
• The Hybrid Access Management Use Case
• OAM as an Identity Provider for IDCS
• Road Map
• Set Up OAM as an IDP for IDCS
• Log In to IDCS Using OAM Credentials
• Summary