• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


    Company

  • Categories

  • Archive

  • Oracle Identity Federation (OIF) 11.1.1.6 Installation & Configuration

    Posted by "" in "idm, installation, oif" on 2012-04-26

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    I recently implemented Oracle Identity Federation (OIF) as Service Provider (SP) integrated with Oracle Access Manager (OAM) as SP Integration Module. For basics of OIF SP/IdP click here. OIF SP with IdP is integrated using linked federation (attribute employeeNumber on IdP is linked to uid on SP). To further complicate this integration OIF as SP is integrated with two Identity Providers so resource protected in OAM (via OIF SP module) should be able to use either IdP1 or IdP2 .

    I’ll start with installation and configuration of Oracle Identity Federation (OIF) in this port and cover remaining tasks (configuring OIF SP/IdP, OIF with OAM and protecting a resource using multiple IdP) in future posts.

    .

    OIF Installation Key Points

    1. OIF software is part of Oracle Identity Management (IDM) software (This software also contains OID and OVD)

    2. Latest version of OIF (as of April 2012) is 11.1.1.6 where 11.1.1.2 and 11.1.1.6 is full software (11.1.1.3/4/5 and  are patch-set). For 11.1.1.3/4/5 you must first install 11.1.1.2 and then patch it to specific required version i.e. 11.1.1.3/4/5. For 11.1.1.6 version install directly 11.1.1.6. [Thanks Arshad for pointing this out]

    3. OIF (IDM software) requires weblogic, so install WebLogic (For 11.1.1.6 OIF install 10.3.6 WebLogic and for 11.1.1.5 OIF install 10.3.5 WebLogic)

    4. During IDM 11.1.1.2 installation, select option Install Software- Do Not Configure . You should then apply patchset  11.1.1.3/4/5  (depending on which version you need)

    For 11.1.1.6 , you can either  select “Install and Configure” or “Install Software Do not Configure” (For high avabilability select Install Software Do not Configure)

     

    5. OIF User/Message store and Configuration can be stored in Database . If you are planning to use Database to store User/Message data and configuration file, then create OIF schema in database using Repository Creation Utility (RCU)

     


    6.
    After installation of WebLogic & then Identity Management Software (OIF), start OIF configuration from $ORACLE_HOME/bin/config.sh (here ORACLE_HOME is directory in which you installed idm software)

    7. Select Oracle Identity Federation from list of components

     

     

    8. For OIF you get two options to configure BASIC or Advanced

    a) Basic – Use this to configure;
    User Data Store (NONE), Federation Data Store (NONE), Authentication Engine (JAAS), Session Store (MEMORY), Transient Message Data Store (MEMORY), Configuration Store (FILE)

    b) Advanced – Use this to configure;
    User Data Store (NONE, LDAP, RDBMS)
    Federation Data Store (NONE, LDAP, RDBMS, XML)
    Authentication Type (JAAS or LDAP)
    User Session Store (MEMORY, RDBMS)
    Transient Message Data Store (MEMORY, RDBMS)
    Configure Store (FILE, RDBMS)

    Note: If you select option BASIC then you don’t need Database & LDAP Server where as for Advanced you need LDAP Server and Database. I am using OID as LDAP Server.

    Note: These configuration (Autehntication Type, User Data Store, Federation/Message store..) can be changed later as well using Fusion Middleware Control (/em)

    9. Select Advanced and then select Authentication Type, User Store, Federation Store, User Session Store, Message Store, and Configuration Store in OIF as shown below

     

    10. In specifiy Authentication LDAP Details enter LDAP Server (I am using OID as ldap server where innowave21 is server where OID is running and 3063 is LDAP port, cn=orcladmin is OID superuser). When OIF is configured as IdP and LDAP as authentication engine then uid will be used as login attribute.

    Change Base DN from dc=com to your LDAP server domain (in OID this is Realm defined during OID configuration)

     

     

    Change Base DN from dc=com to your LDAP server domain (in OID this is Realm defined during OID configuration)

     

    11. Specify LDAP Server details for Federation Data. During Feedration, federated data will be stored under OID container cn=Federation,dc=<your_domain> (OIF will create this container cn=Federation)

     

    12. Specify Database details for Transient Data Store (OIF schema should already exist that was created earlier using RCU)

     

    13. After installation, from WebLogic Admin Console (/console) you should see managed server (wls_oif1) like below


    14. Key configuration files for OIF are

    a) WebLogic Domain Configuration File config.xml under $DOMAIN_HOME/config/

    b) OIF Circle of Trust and Configuration file  cot.xml, config.xml under directory $DOMAIN_HOME/config/fmwconfig/ servers/ <wls_oif1>/ applications/ OIF_11.1.1.2.0/ configuration

     

    For configuring OIF as Identity Provider (IdP) or Service Provider (SP) stay tuned.

    32 Responses to “Oracle Identity Federation (OIF) 11.1.1.6 Installation & Configuration”

    1. Sunil says:

      Please send me info on using mutiple IdP for a single SP using OAM OIFAuth scheme.
      I posted this on OTN and you said that if I need it now, I should add it to your comments.

    2. Atul Kumar says:

      @ Sunil,
      Is SP or IdP initiated SSO request with 1 IdP (default) working for you (using OIF Scheme) ?

      If yes then add second IdP with SP and then first make SP initiated call with providerId as IdP2 and returnURL as URL protected by OIF scheme.

      For example

      http://oif_sp_host/fed/sp/initiatesso?providerid=http://IdP_2/fed/idp&returnurl=http://ur_to_return

      This URL will initiate SSO on SP using second IdP . After authentication from IdP2 , request is returned to http://ur_to_return where ur_to_return is protected by OAM with OIF authentication scheme.

      Here OAM is already integrated with OIF SP Integration module.

      There are few bugs if you are OAM 11.1.1.5 BP02 but I’ll try to cover them in my post tomorrow.

      Let me know if this is not clear to you.

    3. Sunil says:

      Yes, my default is working. However, there is an issue with OSSO with OAM. There is a bug there and Oracle have confirmed it as a bug. My SR is with oracle dev and its been opened since December and they are still working on a fix for it.

      So in my IdP initiated SSO, I have this URL:

      I currently have two OIF servers setup, one is IdP and the other is SP.
      I use this URL for IdP initiate SSO.

      http://idp.idpdomain.com:8016/fed/idp/initiatesso?providerid=http://sp.spdomain.com:8016/fed/sp&returnurl=aspen.appdomain.com:8016/fed/user/testspsso

      So, here the provider is the SP which has a “default SSO Idp Provider” associated with it.
      When an Idp accesses a resource protected by OAM and is using the OIFAuthN scheme, OAM will forward to OIF (SP) and OIF(SP) will call its default IdP provider to authenticate.

      So, looking at your URL, you have

      http://oif_sp_host/fed/sp/initiatesso?providerid=http://IdP_2/fed/idp&returnurl=http://ur_to_return

      This is different from mine. I have IdP as the first part of URL and you have SP. The provider in your URL is IdP and mine is SP. The third part is the protected resource to return to. That resource is protected by an OSSO agent in my case.

      Why do I have my URL different. I was told to do it this way by oracle. I think you are doing a SP initiated SSO whereas I am trying to make IdP initiated SSO to work.
      i.e. multiple IdP will want access to my protected app and I am acting as an SP.

      Is that the case?

      • Atul Kumar says:

        @ Sunil,

        You said : There is a bug there and Oracle have confirmed it as a bug. My SR is with oracle dev

        AK: Yes, I had this bug in OAM 11.1.1.5 BP 02 and fix is to get new oam_server.ear from Oracle Support and deploy this (This new oam_server.ear works for me). Or wait for OAM BP03 which is due in May end.

        On your OIF setup,
        If you have two OIF one acting as IdP and second SP (which is not same as having multiple IdP). In my case I have three OIF , one acting as SP (this is integrated with OAM using SP integration module OSSO) and another two as IdP (IdP1 and IdP2).

        If you have just one IdP then set that IdP as default IdP in SP and then you don’t have to provide provider Id. Why do you think you have multiple IdP (or am I missing something here ?)

        ___

        Why do I have my URL different. I was told to do it this way by oracle. I think you are doing a SP initiated SSO whereas I am trying to make IdP initiated SSO to work ?

        I am doing SP initiated call and you are doing IdP initiated call and for that reason URL are different. It does not matter if this is SP initiated or IdP initiated both should create session in OAM.

        There is another bug for SP or IdP initiated call in OAM 11.1.1.5 BP02 and fix is to

        ___

        1. Login to OAM Console
        2. Expand Application Domain -> IAM Suite
        3. Click the Authentication Policies node, then click the Create button in the tool bar
        4. Fill in the fresh Authentication Policy page:
        a) Name: TAP Response Protected Policy
        b) Description: TAP Response Protected Authentication Policy for OAMAgent
        c) Authentication Scheme: TAPResponseOnlyScheme
        5. Open the Resources node
        6. Click the New Resource button in the upper-right corner of the Search page
        7. On the Resource Definition page enter the following details:
        a) Type: HTTP
        b) Description: TAP Resource to be asserted against
        c) Host Identifier: IAMSuiteAgent
        d) Resource URL: /oamTAPResponseAssertResource
        e) Protection Level: Protected
        f) Authentication Policy: TAP Response Protected Policy
        g) Authorization Policy: Protected Resource Policy
        Click Apply

        ______

    4. Sunil says:

      The TAP workaround is the result of me filing a bug and oracle gave that as a workaround. And, yes that does fix IdP initiated SSO but this workaround breaks SP inititated SSO for me. It now loops!
      Oracle have reproduced this and called it a bug also and are working on a fix.

      • Atul Kumar says:

        @ Sunil,
        Good thanks, Yes I had looping issue too and that is another bug . Ask support for Bug # 13812000 .

        I think we are working on similar implementation. Are you using OES and OEG too ?

        Lets chat sometime on phone.

    5. Sunil says:

      You what you are saying is that there is a new ear file for oam that I can apply? I already have BP02 applied and this ear is in addition to BP02?
      I’ve asked oracle many times but they never mentioned this ear file. Did you get it from support?

      • Atul Kumar says:

        @ Sunil,
        Yes problem with OAM BP02 integration with OIF (where OAM has delegated authentication to OIF SP which in turn to IdP) is that after SAML assertion by IdP request comes to SP (creates session in OIF SP) and while creating session in OAM request redirects in loop between OAM, SP and IdP. If this is what you are hitting then this is bug and temporary workaround is get new oam_server.ear from support (undeploy existing oam_server.ear from weblogic which comes as part of OAM BP02 and deploy new ear file ) . Ask product support to look for bug # 13812000

    6. kjj1983 says:

      I think we are hit by Bug 13812000

      [2012-05-15T06:58:58.087-07:00] [oam_server1] [TRACE] [] [oracle.oam.controller] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: ab97688b1af69ce1:-10c9cdc3:13750945aa0:-8000-0000000000000dfe,0] [SRC_CLASS: oracle.security.am.controller.MasterController] [APP: oam_server] [SRC_METHOD: processEvent] MasterController: Flow Controller: oracle.security.am.engines.enginecontroller.SSOEngineController@2620e750, Event: oracle.security.am.controller.events.credcollect.DAPAssertCredentialsEvent@2270f5ea, Event Handler: CredCollectEngineController
      [2012-05-15T06:58:58.087-07:00] [oam_server1] [NOTIFICATION:16] [OAM-02086] [oracle.oam.controller] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: ab97688b1af69ce1:-10c9cdc3:13750945aa0:-8000-0000000000000dfe,0] [APP: oam_server] ssoFlowController: processing Event:CRED_CHECK_REQUEST_CREDS.
      [2012-05-15T06:58:58.087-07:00] [oam_server1] [TRACE:16] [] [oracle.oam.controller] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: ab97688b1af69ce1:-10c9cdc3:13750945aa0:-8000-0000000000000dfe,0] [SRC_CLASS: oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController] [APP: oam_server] [SRC_METHOD: processEvent] ENTRY
      [2012-05-15T06:58:58.087-07:00] [oam_server1] [TRACE] [OAM-02078] [oracle.oam.controller] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: ab97688b1af69ce1:-10c9cdc3:13750945aa0:-8000-0000000000000dfe,0] [SRC_CLASS: oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController] [APP: oam_server] [SRC_METHOD: processEvent] Processing Event CRED_CHECK_REQUEST_CREDS
      [2012-05-15T06:58:58.087-07:00] [oam_server1] [TRACE:16] [] [oracle.oam.controller] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: ab97688b1af69ce1:-10c9cdc3:13750945aa0:-8000-0000000000000dfe,0] [SRC_CLASS: oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController] [APP: oam_server] [SRC_METHOD: handleCheckRequestCredentialsEvent] Event execution status: fail
      [2012-05-15T06:58:58.087-07:00] [oam_server1] [TRACE:16] [] [oracle.oam.controller] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: ab97688b1af69ce1:-10c9cdc3:13750945aa0:-8000-0000000000000dfe,0] [SRC_CLASS: oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController] [APP: oam_server] [SRC_METHOD: processEvent] RETURN oracle.security.am.controller.events.credcollect.CheckRequestCredentialsEvent@7861a781
      [2012-05-15T06:58:58.087-07:00] [oam_server1] [NOTIFICATION:16] [OAM-02099] [oracle.oam.controller] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: ab97688b1af69ce1:-10c9cdc3:13750945aa0:-8000-0000000000000dfe,0] [APP: oam_server] ssoFlowController: Event processing finished :CRED_CHECK_REQUEST_CREDS with status fail.
      [2012-05-15T06:58:58.087-07:00] [oam_server1] [TRACE:16] [] [oracle.oam.audit] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: ab97688b1af69ce1:-10c9cdc3:13750945aa0:-8000-0000000000000dfe,0] [SRC_CLASS: oracle.security.am.common.audit.config.AuditConfigStore] [APP: oam_server] [SRC_METHOD: loadConfiguration] ENTRY
      [2012-05-15T06:58:58.087-07:00] [oam_server1] [TRACE:16] [] [oracle.oam.audit] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: ab97688b1af69ce1:-10c9cdc3:13750945aa0:-8000-0000000000000dfe,0] [SRC_CLASS: oracle.security.am.common.audit.config.AuditConfigStore] [APP: oam_server] [SRC_METHOD: loadConfiguration] Returning t

    7. Sunil says:

      Yes, I logged that bug and Patch p13834510_111152_Generic.zip, fixes it.
      I got a hotfix from Oracle and that fixed my issue with OAM/ OIF
      That hotfix is going to be in BP03 due out at end of may.

    8. Atul Kumar says:

      @ kjj1983

      Thanks Sunil.

      My 2 cents , after applying patch 13834510 undeploy oam_server application and redeploy oam-server.ear from one which comes as part of patch. This file after patch gets copied to $ORACLE_HOME/oam/server/apps directory

    9. kjj1983 says:

      @Atul/Sunil –

      Thanks for the patch info. After applying the patch the loop issue is gone. but now the issue is the below

      [2012-05-15T23:34:45.378-07:00] [oam_server1] [ERROR] [OAMSSA-20040] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: ab97688b1af69ce1:-530892a3:137543e7400:-8000-00000000000004c1,0] [APP: oam_server] Could not modify user attribute for user : cn, attribute : null, value : {2} .
      [2012-05-15T23:34:45.378-07:00] [oam_server1] [TRACE:16] [] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: ab97688b1af69ce1:-530892a3:137543e7400:-8000-00000000000004c1,0] [SRC_CLASS: UserProviderImpl] [APP: oam_server] [SRC_METHOD: getUsersByAttribute] RETURN
      [2012-05-15T23:34:45.379-07:00] [oam_server1] [ERROR] [OAMSSA-12126] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: ab97688b1af69ce1:-530892a3:137543e7400:-8000-00000000000004c1,0] [APP: oam_server] Cannot assert the username from DAP token.
      [2012-05-15T23:34:45.381-07:00] [oam_server1] [TRACE] [] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: ab97688b1af69ce1:-530892a3:137543e7400:-8000-00000000000004c1,0] [SRC_CLASS: oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor] [APP: oam_server] [SRC_METHOD: execute] User is authenticated with Authentication scheme level = 2
      [2012-05-15T23:34:45.382-07:00] [oam_server1] [NOTIFICATION:16] [OAMSSA-12130] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: ab97688b1af69ce1:-530892a3:137543e7400:-8000-00000000000004c1,0] [APP: oam_server] Result of Authentication Scheme Execution: false.
      [2012-05-15T23:34:45.382-07:00] [oam_server1] [TRACE:16] [] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: ab97688b1af69ce1:-530892a3:137543e7400:-8000-00000000000004c1,0] [SRC_CLASS: oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl] [APP: oam_server] [SRC_METHOD: validateUser] Authenticated User Name: null

      I am doing transient federation.

    10. Sunil says:

      Did you apply the TAP workaround?

    11. kjj1983 says:

      TAP workaround?

    12. Sunil says:

      @kjj1983
      What is your email address?

      You have to create AuthN Scheme/ Resource and authN Policy for TAP. I can send you info to your email.

    13. kjj1983 says:

      @Sunil

      Please send it to jkunal@gmail.com

      Thanks.

    14. Sunil says:

      I have OIF/OAM working now. OIF having mutiple IdPs. All working now.

    15. narendra says:

      Hi Atul,

      Can you please provide link for downloading OIF 10g .

      Thanks,
      Narendra

      • Atul Kumar says:

        @ narendra,
        I don’t think OIF 10g is available to download on Oracle website (or OTN) . Please raise an Service Request via My Oracle Support (earlier Metalink) and support team should be able to ship you OIF media

    16. arshadiqbal1 says:

      Hi Atul,

      I followed step-by-step installation for Oracle Identity and Access Management, but at the end I don’t find OIF. I don’t know which step I missed during the installation from Part(I) to Part(VI) of your online help:
      http://onlineappsdba.com/index.php/2010/08/23/part-vi-configure-identity-manager-oim-oracleidm-11g-step-by-step-installation-of-oam-oim-oaam-oapm-oin/

      I installed the following components on Red Hat Enterprise Linux Server release 5.8 (64-bit):
      -Oracle 11g database 11.2.0.1.0
      -RCU utility 11.1.1.5
      -Weblogic Server 10.3.6
      -SOA Suite 11.1.1.5.0
      -Oracle Identity & Access Management 11.1.1.5

      I thought Oracle Identity & Access Management 11.1.1.5 should include OIF but at the very end, I couldn’t find OIF when I logged in to the Oracle Enterprise Manager using http://localhost:7001/em. I don’t see OIF under “Identity and Access”.

      Please let me know which step I am missing or if I has installed wrong versions. Please advise me a workaround so that I don’t have to start Oracle installation from the beginning.

      Thanks,
      -Arshad

    17. arshadiqbal1 says:

      Thanks Atul for quick reply,

      (1) Can I install Identity Management 11gR1(11.1.1.6.0) which includes OIF. Is this require some additional software? As I see “Patch Scripts” under required software.Is this will be compatible with existing installed components?

      (2) Also if I want to install 11.1.1.5.0 OID, can you please point me to the download link for Oracle Internet Directory(OID) 11.1.1.5.0?

      Thanks,
      -Arshad

    18. Atul Kumar says:

      @ arshadiqbal1,
      Insatll OID/OIF 11.1.1.6 under different middleware home (than OAM/OIM). Use 10.3.6 weblogic and it should work

      Atul

    19. arshadiqbal1 says:

      Please explain what do you mean by different Middleware home, if I will use the already installed Weblogic Server 10.3.6 then it will be the same Middleware directory. Forgive me if I am missing a key point here.

      My current middleware directory is:

      /home/oracle/Oracle/Middleware/
      [oracle@localhost Middleware]$ ls -l
      total 236
      -rw-rw—- 1 oracle oinstall 219 Nov 12 12:30 domain-registry.xml
      drwxr-xr-x 2 oracle oinstall 4096 Nov 12 14:48 logs
      drwxr-xr-x 7 oracle oinstall 36864 Nov 1 10:37 modules
      -rw-r–r– 1 oracle oinstall 852 Nov 1 10:37 ocm.rsp
      drwxr-x— 32 oracle oinstall 4096 Nov 1 12:02 oracle_common
      drwxr-x— 29 oracle oinstall 4096 Nov 12 14:26 Oracle_IDM1
      drwxr-x— 27 oracle oinstall 4096 Nov 1 12:02 Oracle_SOA1
      -rw-r–r– 1 oracle oinstall 108888 Nov 1 10:38 registry.dat
      -rw-r–r– 1 oracle oinstall 1775 Nov 1 10:38 registry.xml
      drwxr-x— 4 oracle oinstall 4096 Nov 12 12:29 user_projects
      drwxr-xr-x 8 oracle oinstall 4096 Nov 1 10:37 utils
      drwxr-xr-x 9 oracle oinstall 4096 Nov 2 14:45 wlserver_10.3

      Thanks,
      -Arshad

    20. Atul Kumar says:

      @ Arshad,

      You middlware home for OIM/OAM is /home/oracle/Oracle/Middleware

      Though Oracle says you can install OIM/OAM and OID/OIF in same middleware home but I always faced issues with enterprise manager and I usually install OIM/OAM in one moddleware home and OID/OIF in second middlewar home.

      Install another weblogic under /home/oracle/Oracle/Middleware2 so this will create second middleware home . Install OID/OIF in this second middleware home (/home/oracle/Oracle/Middleware2)

    21. arshadiqbal1 says:

      Thanks Atul for your prompt helps.

      One more question when I will install Weblogic server 10.3.6 again in a different Middleware home then I have to install the Oracle Fusion Middleware 11g SOA Suite 11.1.1.5.0 again? Or I don’t need that component:

      Could you please specify the correct steps in order for me, knowing that Oracle database and RCU is already installed.

      Thanks again,
      -Arshad

    22. arshadiqbal1 says:

      Hi Atul,

      I am going to install Oracle Identity Management 11.1.1.6.0, I have already installed Weblogic server 10.3.6 & Oracle SOA Suite 11g (11.1.1.6.0).

      Can I install OID/OIF 11.1.1.6.0 directly?
      I am confused with your post in the beginning of this page under “OIF Installation Key Points”:

      ” You must first install 11.1.1.2 and then patch it to 11.1.1.6.”

      Thanks,
      -Arshad

    23. Atul Kumar says:

      @ arshadiqbal1,

      a) SOA is not required for OID/OIF but there is no harm if it exists in same MW_HOME where you are going to install OID/OIF

      b) Yes you can install OID/OIF 11.1.1.6 directly . This is full version

      ” You must first install 11.1.1.2 and then patch it to 11.1.1.6.”
      This is wrong and thanks for pointing this out . You can install 11.1.1.6 directly as this is full version.

    24. sampal says:

      Hello Atul,

      In our current environment we have OIF integrated with OAM in authentication mode. OIF is acting as the identity provider to different external applications. We want to protect the applictaions using two different authentictaion schemes – Form based and Kerberos. However in oam when we protect /fed/user/authnoam we can use only one authentication scheme – either kerberos/form based. We have used virtual hosts configuration in Apache server too. ( It didnot work )

      Can you please let me know how can we protect applictaion with multiple authentication schemes from OAM.

    25. kumar says:

      Hi Atul,

      We want to integrate R12 with other applications using SAML 2.0.

      How we can use OIF integrated into R12 to act as SSO using SAML. Or do we need to install OAM/OID/SSO to get this work.

      Any suggetions?Any notes.

      Thanks in advance.

    26. pratapuce says:

      Hi Atul

      We have Third party SAML based identity provider used for authentication.
      1. User login to URL of SAML based Identity server
      2. User provides credentials inside the URL for authentication.
      3. Ones authenticated, The URL provides links to connect to applications
      4. If we click a particular application then it should connect to application without providing further Login details.

      Oracle Enterprise Manager 12c is our Linked application we need to configure with Third party SAML based identity provider.

      1. Do we need Oracle Access Manager or OID for this configuration
      2. Only Oracle Identity federation is enough
      3. Is there any Oracle document to perform this configuration

      Any suggestions

      Thanks in Advance
      Pratap

      • Atul Kumar says:

        @ Pratap,
        From Oracle’s point of view, I don’t think OEM 12c can talk directly to OIF configured as Service Provider with SAML based identity provider. Chekc with OEM team if this is supported.

        Else follow this

        1. Integrate OEM 12c with OAM and see it works with OAM first
        2. Integrate OAM with OIF
        3. Integrate OIF (in SP mode) with SAML provider (in IdP mode)
        4. Test this integration

    Leave a Reply



  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.
  • CONTACTS

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP