Clik here to view.
SAML, REST, smart phones and you
(or Smart devices, not so smart protocols) I’ve been working on and off with a customer on a project that involves all sorts of cool buzzwords – iPhone/Android/Blackberry Apps as clients, using REST to...
View ArticleSAML is good, but it’s no replacement for WAM
My recent posts about SAML got me thinking about a couple of common misconceptions I see from customers surrounding the technology. The first and most important misconception is articulated by this...
View ArticleDo I Need to Secure My Service?
Introduction I sometimes get asked by customers whether they need any security at all for their “internal services”. I wanted to take a post to examine this subject. Let’s take the simplest case...
View ArticleKeystores and signing your SAML assertions
I’ve been working on a project recently that includes SOAP clients submitting messages via JMS and HTTP to Oracle Service Bus (OSB). OSB is supposed to validate the assertion, perhaps do some...
View ArticleClik here to view.
Using the x.509 Attribute Sharing profile responsibly
Introduction This article is about development of Custom plug-ins for OVD for a very specific use case. Main Article I’m back, rested and I’ve had some time to think about the crazy (clever?) OVD...
View ArticleClik here to view.
5 Minutes or Less: On SAML Audiences, Entities and Issuers
I’ve recently helped a customer who wanted to integrate a home-built SAML Identity Provider with a Weblogic Service Provider. After exchanging metadata and going through all the necessary configuration...
View ArticleClik here to view.
Five Minutes or less: OpenID
Introduction Most of the technical people I work with know what SAML is and how it works and how the federation protocols for SAML work (SP initiated, IdP initiated, Browser Artifact, Browser POST)....
View ArticleClik here to view.
Virtual Users in OIF, Weblogic and OWSM
One of the main strengths of SAML is the ability to communicate identity information across security domains that do not necessarily share the same user base. In other words, the authenticated user in...
View ArticleClik here to view.
5 Minutes or Less: WLS SAML2 SSO and your cookies
This is somewhat related to what Brian describes in WLS Session Cookie Overriding in an OAM/SSO Enabled Environment. Here, I want to quickly point one potential issue if you plan to implement Web SSO...
View ArticleClik here to view.
Integrating OBIEE 11g into Weblogic’s SAML SSO
SAML is a way to convey identity information across systems. It is an industry-accepted standard and especially interesting when you need to propagate user information between different security...
View ArticleClik here to view.
Before I forget it: HowTo SAML 2.0 IdP-initiated flow in Weblogic
I’d better do it now, otherwise I will forget the details.Quite some people think that all an IdP-initiated flow requires is the target application URL in the consumer side. This is actually nothing...
View ArticleClik here to view.
Front-ending a SAML Service Provider with OHS
This is a follow-up to one of my previous posts titled Integrating OBIEE 11g into Weblogic’s SAML SSO, where I mention the following when configuring the Service Provider: “The Published Site URL field...
View ArticleClik here to view.
Part 2: Kerberos Authentication, RBAC and SAML identity propagation in OAG
This post is the second one of a series by Andre Correa and Paulo Pereira on OAG (Oracle API Gateway).The first post is found at...
View ArticleClik here to view.
Part 3: Kerberos Authentication, RBAC and SAML Identity Propagation in OAG
Introduction This post is the third one of a series by Andre Correa and Paulo Pereira on OAG (Oracle API Gateway). In the first post we introduced the use case and talked about the Kerberos...
View ArticleClik here to view.
OAM Federation: Identity Provider & Service Provider Management
In this blog post I want to clarify a point of initial confusion some people experience with OAM Federation 11.1.2.3. If we go to the “Federation” tab of the OAM Console, we see: Now the two main...
View ArticleClik here to view.
OAM Federation 11.1.2.3: Performing a Loopback Test
In this blog post I will share steps for performing a loopback test of OAM Federation 11.1.2.3. In a loopback test, we configure OAM’s SP to point to OAM’s IdP. This enables you to confirm the basic...
View ArticleClik here to view.
OAM Federation 11.1.2.3: Example Message Processing Plugin
SAML is an extensible protocol. Since it is based on XML, through the use of XML namespaces, custom elements and attributes can be inserted into the SAML messages at the appropriate places. Sometimes...
View ArticleClik here to view.
Exploring OAM’s SAML Identity Assertion
Introduction OAM (Oracle Access Manager) has an interesting feature that often goes unnoticed to a considerable number of people wishing to tackle the problem of identity propagation. It’s OAM’s...
View ArticleAuthenticating to OIM SCIM server using an OAM-generated SAML identity assertion
In a previous post previous post I provided a brief introduction to SCIM. In this post I’m going to dive right in and give an example of using the OIM SCIM services and securing them with OAM. Why...
View ArticleAuthenticating to the OIG REST API from an OAM-protected web app
The objective of this post is to describe how a web app protected by an OAM WebGate can authenticate to the OIG REST APIs. In a previous blog post, I provided detailed steps to do the same thing for...
View ArticleSOA Security – Follow-up Question
I got an email from a response to a post that I did after last year's OOW.http://oracleaccessmanagement.blogspot.com/2008/09/soa-security-adt-or-crocodile-filled.htmlThe question is basically - "How do...
View ArticleHow to Debug SAML Token Profile on WLS
K asks:On the client site I have two Credential Mapping Provider (SAML and PKI) and two Credential Mapping (Key Pair and certificate) configured and the request produced well (I monitor it with...
View ArticleTeach an Old Dog New Tricks – SAML Name Mappers
A few weeks ago, I said that I was sure that there was some way to get custom attributes passed in and out of SAML Assertions for the purpose of Federated Authorization. Well, at that time I was under...
View ArticleClik here to view.
Bearer Confirmation Method (Huh! What is it good for…)
For starters, allow me to introduce myself. My name is Brian Eidelman and I am a new member of the Fusion Middleware Architecture Group (a.k.a the A-Team) and a new contributor to this blog. Since the...
View ArticleSAML Bearer Confirmation – An example using OWSM Client Policy
This is an extension of the discussion started by Brian in his inaugural post here at the FusionSecurity blog. Brian and I, along with other members of the A-Team were out at HQ getting some training...
View ArticleOWSM Client Policies and SAML – Simpler is Better
Classic example of me being "too clever by half".From the OWSM DocumentationLooks like you can just set the username as a propertyURL localURL = new URL("https://.../MyWebServicePort?WSDL"); QName name...
View ArticleIdentity Cloud Services and Weblogic Federation with Virtual Users and Groups
Introduction Federation is a well-known pattern and has been discussed at length on this blog. Almost every vendor or cloud provider out there supports Federation and it’s been around for quite some...
View ArticleSilently federate from your SAML IdP or OpenID Connect Provider to IDCS
Introduction As you may know IDCS can operate as both a SAML IdP and a SAML SP at the same time – a use case known as an IdP Proxy or IdP Chaining. This is useful in a bunch of situations, but the most...
View Article