Tuesday Jul 28, 2015

Persistent Federation Data Store

When performing Federation SSO operations, the user will be referenced in the SSO message via a unique identifier that will then be used by the SP to map the incoming SSO response to a local user.

Sometimes the unique identifier is an attribute part of the existing LDAP user record, such as the email address or the username, while other times, the identifier only exists for the Federation SSO operation between the SP and IdP for a specific user. In the latter case, the identifier and the user it is attached to need to be stored as account linking information in a Federation Data Store.

In this article, I will show how to configure OIF to use an RDBMS as the Federation Data Store.

Important note: a persistent Federation Data Store is only required for cases where the identifiers used in the SSO responses (persistent NameID in SAML 2.0 for example) are used. It is best not to use a persistent Federation Data Store when not needed.

[Read More]

Tuesday Feb 25, 2014

OIF/OSTS Service Information

OIF and OSTS are two products designed to provide Federation capabilities across security domains:
  • Cross domain SSO for browser based Web SSO flows
  • Cross domain Web Services Security (WSS) for SOAP clients and servers via the WS-Trust protocol

Federation between services is based on trust which is established by exchanging

  • X.509 certificates used for sign/verify and encrypt/decrypt the Federation messages
  • Locations of the Federation services
  • SAML 2.0 Metadata if supported by the partners, when SAML 2.0 Federation SSO is used

In this article, I will discuss about the various kinds of information one has to know in order to be able to set up a Federation agreement between OIF and remote partners, including:

  • How to enable OIF/OSTS services
  • SAML/OpenID Identifiers for OIF/OSTS
  • SAML 2.0 Metadata
  • Certificates
  • Service endpoints
[Read More]

Thursday Feb 20, 2014

Oracle Identity Federation 11.1.2.2.0 has been released!

Oracle Identity Federation (OIF) has been released as part of Oracle Fusion Middleware 11gR2 Release 2 (11.1.2.2.0)!

This new version of OIF provides Identity Provider (IdP) and Service Provider (SP), a.k.a. Relying Party (RP), support for the SAML 2.0, SAML 1.1 and OpenID 2.0 protocols.

The admin interfaces have been revamped to provide a comprehensive and easy way for administrators to manage Federation partnership on a day-to-day basis: while the UI allows the basic administration of Federation settings, which would cover most of the daily use cases, the OIF WLST command scripting tools allow advanced configuration of the Federation servers and its partners.

In this article, I will discuss about the features included in OIF 11.1.2.2.0:

  • Native Integration with OAM
  • Protocols
  • Additional Features

[Read More]
About

Damien Carru is a member of the Oracle Identity Management organization, focusing on Federation and SSO. This blog will cover Federation use cases involving Oracle Access Manager, Oracle Identity Federation and Oracle Security Token Service

Search

Categories
Archives
« September 2015
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today