Wednesday, August 29, 2012

Going back to OES 10g version

I am back to 10g versions which is considered as stable version compared to 10g. Working on OAM/OES/OIM 10g stuff...

OES 11g is much simpler than OES 10g and one such case is exporting and importing application specific policies.

There is small write up on exporting application specific policy in OES 10g.

Wednesday, August 22, 2012

Upgrade plans of OAM 10g to 11g

I presume many people are curious to know about OAM upgrade from 10g to 11g versions. Well, here is the point!!

There is no direct upgrade plan yet because the 11g version is released for OSSO customers extremely. However to upgrade OAM to 11g here are my thoughts:

  1. Architecture is totally revamped in 11g. OAM server is a java based application deployed on WebLogic server. However 10g servers are stand-alone. 
  2. 10g WebGates are backward compatible with OAM 11g server. 11g WebGates are provided only for OHS server. So if your environment has Apache or IHS servers then you can continue to use 10g Webgates with agent registration.
  3. Policy Domains concept is enhanced with sessions. So you can pass on several session attributes in authorization actions. 
  4. If there is a custom plug-in to extrapolate concurrent users scenario, then it is just a checkbox enablement in 11g - much easier, is not it!!
  5. Any custom authentication plug-ins developed in 10g using C/C++ has to be rebuilt using java tech in 11g.
  6. Any Identity XML features used in 10g has NO upgrade or replacement. All the identity features are part of OIM 11g.
  7. If there is a password management features used, then execute the features using OIM 11g.
  8. If you are using RSA token authentication then it is not certified in 11g - Oracle has plans to release this soon.
  9. If you are using Sharepoint integrated with OAM 10g, then Sharepoint 2010 is certified with OAM 11g. Check out this post.
  10. EBS is certified with OAM 10g and 11g versions. In 11g, it is access gate version rather than OSSO delegation.
Therefore, to upgrade OAM 10g to 11g, all the needs to be manually created/configured from the scratch.
If your environment has RSA token as main authentication, then it is better to upgrade to 11gR2 directly as OAM 11gR1 is not certified. OAM 11gR2 - RSA integration guide is here.

The latest IAM release 11.1.2 has upgrade plans from 11gR1.
Upgrading OAM 11gR1 ( is here.
Unlike OIM, there is a direct upgrade plan from OAM 10g to OAM 11gR2, documentation is here.

Upgrading OIM 10g to 11g

Here is the white paper talking about upgrading Oracle Identity Manager 10g to 11g.

The upgrade plan from OIM 10g to 11gR2 made of two parts:

Tuesday, August 21, 2012

Configuring OID 11g replication

I did a small write up on OID 11g replication concepts here and LDAP based replication setup here.

Friday, August 17, 2012

OIM 11g Configuration error

Oracle releases products oftentimes and hence it is very difficult to know which version to use and what is certified. I am talking about OIM 11gR1 version with WLS, SOA Suite and RCU.

With OIM it is certified with WLS 10.3.5, SOA Suite and RCU However with products releasing, they won't appear on OTN, instead you have to download from edelivery. Well, it is a problem if we don't have account.

So I downloaded WLS 10.3.6, SOA Suite and Oracle IAM Suite I installed Oracle IAM Suite and failed at OIM configuration step. I wrote a detailed post on the error messages and action plan. Well, it is actually version mismatch. Oracle Identity Manager should be upgraded to to use WLS 10.3.6, SOA Suite

Tuesday, August 14, 2012

OAM 11g - Apex 4.1.0 Integration

I wrote a post on OAM 11g integration with APEX 4.1.0 application here. Hope this is helpful.

Small writeup on OAuth2.0

OAuth 2.0 is a new standard/technology that is being adapted by many organizations for Mobile application developments. And so Oracle used it in Oracle IDM 11gR2 release for Access Management Mobile and Social SSO. I have also seen companies using OAuth 2.0 technology in Gadget applications. So I just thought of doing a small write up on it. I have also recently read a nice post on OAuth2.0.

OAuth is an open authentication protocol which enables applications to access each others data. For instance, a game application can access users data in the Facebook Application. So user logs into Social sites and get access to other applications without need to provide credentials again.
Let me explain this with a simple diagram. 

Example of how OAuth 2.0 is used to share data via applications.

User access gaming application. It redirects user to login to Social Site say Facebook. User logs into Facebook successfully. Now the gaming application can access users data from Facebook.

OAuth 2.0 standard support various clients which access REST APIs. This includes calling out an enterprise application to the cloud or applications getting called from mobile devices.

Check out its specifications here.
The services that OAuth 2.0 support as of today are:

Monday, August 13, 2012

Sunday, August 5, 2012

Oracle Identity Management documentation is out

Oracle has released the Oracle Identity Management documentation here. Being more of an OAM guy, it is undoubtedly said that OAM spectrum is vast now with inclusion of Mobile and Social features and Client API toolkits.

I will update you when softwares are available for download.