OracleAS 10g: Enterprise Identity Management



Similar documents
Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

Oracle Fusion Middleware

Oracle Application Server 10g: Administer High Availability

Integrating OID with Active Directory and WNA

Oracle Identity Management: Integration with Windows. An Oracle White Paper December. 2004

Oracle Identity Manager

An Oracle White Paper September Directory Services Integration with Database Enterprise User Security

NetIQ Identity Manager Setup Guide

Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y

Oracle Identity and Access Management: The All-In-One Seminar Student Guide

CA Performance Center

Manage Oracle Database Users and Roles Centrally in Active Directory or Sun Directory. Overview August 2008

Connector Guide for Microsoft Exchange Release 9.1.1

CA Spectrum and CA Embedded Entitlements Manager

Business Enterprise Server Help Desk Integration Guide. Version 3.5

Oracle BI Discoverer Administrator 11g: Develop an EUL

Password Management Guide

Contents 1 Overview 2 Introduction to WLS Management Services iii

CA Unified Infrastructure Management Server

Module 1: Introduction to Active Directory Infrastructure

CA Nimsoft Service Desk

Oracle Enterprise Single Sign-on Provisioning Gateway. Administrator Guide Release E

OracleAS Identity Management Solving Real World Problems

To integrate Oracle Application Server with Active Directory follow these steps.

Content Filtering Client Policy & Reporting Administrator s Guide

Secure Configuration Guide

System Administration of Windchill 10.2

Oracle Fusion Middleware

Oracle9i Database: Advanced Backup and Recovery Using RMAN

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

Release System Administrator s Guide

Data Warehousing Fundamentals Student Guide

Administration Guide BES12. Version 12.3

Copyright 2012 Trend Micro Incorporated. All rights reserved.

Embarcadero Performance Center 2.7 Installation Guide

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

Basic System. Vyatta System. REFERENCE GUIDE Using the CLI Working with Configuration System Management User Management Logging VYATTA, INC.

CA Identity Manager. Glossary. r12.5 SP8

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Administration Guide

JD Edwards EnterpriseOne Tools

Installation and Configuration Guide

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

HP Business Service Management

P R O V I S I O N I N G O R A C L E H Y P E R I O N F I N A N C I A L M A N A G E M E N T

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

OpenAM. 1 open source 1 community experience distilled. Single Sign-On (SSO) tool for securing your web. applications in a fast and easy way

Novell Identity Manager

Certificate technology on Pulse Secure Access

TIBCO Administrator User s Guide. Software Release March 2012

IBM Security Access Manager, Version 8.0 Distributed Session Cache Architectural Overview and Migration Guide

ER/Studio Enterprise Portal User Guide

Active Directory Adapter with 64-bit Support Installation and Configuration Guide

Certificate technology on Junos Pulse Secure Access

Administration Guide. SecureLogin 8.0. October, 2013

Oracle Fusion Middleware

FileMaker Server 11. FileMaker Server Help

Using LDAP Authentication in a PowerCenter Domain

CA SiteMinder. Directory Configuration - OpenLDAP. r6.0 SP6

CA Technologies SiteMinder

Universal Content Management Version 10gR3. Security Providers Component Administration Guide

DEPLOYMENT GUIDE Version 1.1. Deploying F5 with Oracle Application Server 10g

No.1 IT Online training institute from Hyderabad URL: sriramtechnologies.com

LDAP Authentication and Authorization

Change Manager 5.0 Installation Guide

Configuration Guide BES12. Version 12.3

BlackBerry Enterprise Service 10. Version: Configuration Guide

Central Security Server

Interstage Application Server V7.0 Single Sign-on Operator's Guide

Configuring IBM Cognos Controller 8 to use Single Sign- On

Security Digital Certificate Manager

Configuring DoD PKI. High-level for installing DoD PKI trust points. Details for installing DoD PKI trust points

Oracle Enterprise Manager

FileMaker Server 14. FileMaker Server Help

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Administering User Security

Nasuni Management Console Guide

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

CA Mobile Device Management 2014 Q1 Getting Started

Integrating OID/SSO with E- Business Suite and Third-Party SSO Solutions. Presented by Paul Jackson (Norman Leach)

Configuration Guide BES12. Version 12.2

Sophos for Microsoft SharePoint startup guide

Designing Windows Server 2008 Active Directory Infrastructure and Services Course 6436B; 5 Days, Instructor-led

Siebel Correspondence, Proposals, and Presentations Guide. Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013

StreamServe Persuasion SP5 Control Center

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

Postgres Plus xdb Replication Server with Multi-Master User s Guide


Administering the Web Server (IIS) Role of Windows Server

Quality Center LDAP Guide

BrightStor ARCserve Backup for Windows

Oracle iprocurement and Oracle Exchange

Oracle Identity Manager, Oracle Internet Directory

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Security Digital Certificate Manager

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

Oracle Enterprise Manager

Apple Pro Training Series. OS X Server. Essentials. Arek Dreyer. and Ben Greisler

Windchill Service Information Manager Curriculum Guide

WebLogic Server 11g Administration Handbook

WorkSite 9 System Engineer

Transcription:

OracleAS 10g: Enterprise Identity Management Student Guide Volume 1 D17035GC10 Edition 1.0 April 2004 D39327

Author Shaibal Kumar Saha Technical Contributors and Reviewers Henry Abrecht Tridip Bhattacharya Lee C. Cooper Greg Gagnon Rajender Gupta Allan L. Haensgen John Heimann Alexander Hunold Sudha P. Iyer Kari Jyrälä Ashish Kolli Jeff Levinger Richard Louis Strohm Michael Mesaros Paul D. Needham Shankar Raman Kevin Reardon David Saslav Daniel Shih Jerry Smith Richard Smith Uppili Srinivasan Olaf Stullich Jay Tomlinson Copyright 2004, Oracle. All rights reserved. This documentation contains proprietary information of Oracle Corporation. It is provided under a license agreement containing restrictions on use and disclosure and is also protected by copyright law. Reverse engineering of the software is prohibited. If this documentation is delivered to a U.S. Government Agency of the Department of Defense, then it is delivered with Restricted Rights and the following legend is applicable: Restricted Rights Legend Use, duplication or disclosure by the Government is subject to restrictions for commercial computer software and shall be deemed to be Restricted Rights software under Federal law, as set forth in subparagraph (c)(1)(ii) of DFARS 252.227-7013, Rights in Technical Data and Computer Software (October 1988). This material or any portion of it may not be copied in any form or by any means without the express prior written permission of Oracle Corporation. Any other copying is a violation of copyright law and may result in civil and/or criminal penalties. If this documentation is delivered to a U.S. Government Agency not within the Department of Defense, then it is delivered with Restricted Rights, as defined in FAR 52.227-14, Rights in Data-General, including Alternate III (June 1987). The information in this document is subject to change without notice. If you find any problems in the documentation, please report them in writing to Education Products, Oracle Corporation, 500 Oracle Parkway, Redwood Shores, CA 94065. Oracle Corporation does not warrant that this document is error-free. Oracle and all references to Oracle Products are trademarks or registered trademarks of Oracle Corporation. All other products or company names are used for identification purposes only, and may be trademarks of their respective owners. Publisher Joseph Fernandez

Contents Preface I Course Introduction Course Objectives I-2 Day 1 I-4 Day 2 I-5 Day 3 I-6 Day 4 I-7 Day 5 I-8 Summary I-9 1 Introduction to Identity Management Objectives 1-2 Identity Management: Overview 1-3 Benefits of Identity Management 1-4 Identity Management System: Components 1-5 Oracle Identity Management Infrastructure 1-6 Oracle Identity Management: Objectives 1-7 Oracle Identity Management: Terminology 1-9 Oracle Identity Management 1-11 Integrating Application Security with Identity Management 1-12 Identity and Application Provisioning Life Cycle 1-14 Oracle Internet Directory: Overview 1-16 Components of Oracle Internet Directory 1-17 OracleAS Single Sign-On Server: Overview 1-19 Oracle Directory Integration and Provisioning Platform 1-20 OracleAS Certificate Authority: Overview 1-21 OracleAS Certificate Authority: Key Features 1-22 Administrative Delegation 1-24 Delegated Administration Services: Overview 1-25 Summary 1-27 2 Security in an Enterprise and Web Environment Objectives 2-2 Enterprise Computing Environment 2-3 Components of Network Security 2-4 General Authentication Flow 2-6 Security Objectives of Oracle Application Server 10g 2-7 Providing Basic Security Services 2-8 Standards and Deployment Flexibility 2-10 Reducing Application Development and Deployment Costs 2-11 iii

Providing Security in Depth 2-13 Oracle Application Server: Security Architecture 2-14 User Management in the Internet Environment 2-16 Securing the Web Infrastructure 2-18 Enterprise Security Team 2-19 Summary 2-20 3 Installing OracleAS Infrastructure Objectives 3-2 Services and Components of OracleAS Infrastructure 3-3 Installation of OracleAS Infrastructure: Overview 3-5 Minimum Requirements for OracleAS Infrastructure 3-6 Setting Up the Environment 3-8 OracleAS Infrastructure: Installation Steps 3-10 Starting the Installation 3-12 Oracle Universal Installer 3-13 First Installation of Oracle Product 3-14 Specify File Locations Window 3-15 Select a Product to Install 3-16 Select Installation Type 3-17 Preview of Infrastructure Installation 3-19 Select Configuration Options 3-20 Specify Identity Management Realm 3-21 OracleAS Certificate Authority 3-22 Database Identification 3-23 Passwords and Database File Location 3-24 Database Character Set 3-25 Specify Instance Details 3-26 Summary of Installation 3-27 End of Installation Window 3-28 Postinstallation Tasks 3-29 Accessing the OracleAS Instance 3-30 Application Server Control 3-31 Verifying OID Server 3-32 Accessing the SSO Server 3-33 Starting and Stopping OracleAS Infrastructure 3-34 Summary 3-35 4 Planning Oracle Identity Management Deployment Objectives 4-2 Identity Management Deployment Planning Process: Overview 4-3 iv

Performing Requirement Analysis 4-4 High-Level Requirement Analysis 4-5 Translating Requirements into a Logical Deployment Plan 4-12 Standard Enterprise Model 4-13 Model Serving Internal and External Users 4-14 Using One Identity Management Infrastructure 4-15 Using Two Identity Management Infrastructures Security Isolation 4-16 Administrative Autonomy for Departmental Applications Model 4-18 Central Single Sign-On and Departmental Autonomy for Applications 4-19 Model Integrating OIM with Windows Environment 4-20 Integrating with Enterprise Provisioning 4-21 Application Service Provider Deployment 4-22 Detailed Deployment Planning 4-23 Planning Physical Network Topologies 4-24 Oracle Identity Management Infrastructure Default Deployment 4-25 OIM Infrastructure Deployment Using Multiple Middle-Tier Services 4-26 Replicated Oracle Identity Management 4-27 Application Deployments in Replicated Directory Environments 4-29 Deploying a Directory-Enabled Application: Guidelines 4-30 OracleAS Certificate Authority Recommended Deployment 4-32 Summary 4-33 5a Managing Oracle Internet Directory Objectives 5a-2 What Is a Directory? 5a-3 Lightweight Directory Access Protocol 5a-5 LDAP Components 5a-7 Oracle Internet Directory 5a-9 Security Benefits of OID 5a-10 OID Architecture: Overview 5a-11 OID Server Instance Architecture 5a-12 OID Node Architecture Components 5a-13 OPMNCTL Command 5a-15 Typical Startup Sequence 5a-16 Typical Shutdown Sequence 5a-17 OID Server Processes 5a-18 Starting the OID Monitor Process 5a-19 Starting Oracle Internet Directory Server Instance 5a-21 OID Log Files 5a-23 Stopping the OID Server Instance 5a-24 v

Stopping the OID Monitor Process 5a-25 Summary 5a-26 5b Managing Oracle Internet Directory Data Objectives 5b-2 Overview of Oracle Directory Manager 5b-3 Connecting to the OID Server 5b-4 ODM Connect Dialog Box 5b-5 Using ODM 5b-7 ODM Navigation Pane 5b-8 Disconnecting from the OID Server 5b-9 Using LDIF File 5b-10 OID Command-Line Tools 5b-12 Using Bulk Tools 5b-13 Using bulkload Command 5b-14 Using ldifwrite Command 5b-16 Using bulkmodify Command 5b-18 Using bulkdelete Command 5b-20 Using LDAP Command-Line Tools 5b-21 Using ldapadd Command 5b-22 Using ldapaddmt Command 5b-24 Using ldapbind Command 5b-25 Using ldapcompare Command 5b-26 Using ldapdelete Command 5b-28 Using ldapmoddn Command 5b-29 Using ldapmodify Command 5b-30 Using ldapmodifymt Command 5b-33 Using ldapsearch Command 5b-34 Summary 5b-36 6 Creating and Managing Oracle Identity Management DIT Objectives 6-2 OID Directory Information Tree: Overview 6-3 Sample DIT Structure 6-4 Planning DIT 6-5 Policies for Organizing Users 6-7 Policies for Organizing Groups 6-9 Delegation in Oracle Application Server 6-11 Privileges for Administering Oracle Technology Stack 6-13 User Administration 6-14 Group Administration 6-15 vi

Administration of Users and Groups in Oracle Application Server 6-16 Create User Group 6-17 Edit User Group 6-18 Delete User Group 6-20 User Privilege Assignment 6-21 Group Creation Group 6-22 Edit Groups Group 6-23 Delete Groups Group 6-25 Group Privilege Assignment 6-26 Delegation Privileges for Deployment of Oracle Components 6-27 Oracle Application Server Administrator 6-28 User Management Application Administrator 6-29 Trusted Application Administrator 6-30 Delegation of Privileges for Component Runtime 6-31 Oracle Components: Security Privileges 6-32 Summary 6-34 7 Configuring Oracle Identity Management Realm Objectives 7-2 Oracle Identity Management Realm: Overview 7-3 Identity Management Policies 7-4 Deploying Identity Management Realms 7-5 Single Identity Management Realm 7-6 Multiple Identity Management Realms 7-7 Identity Management Realm in Hosted Environment 7-8 Identity Management Realm Objects 7-9 Planning the Identity Management Realm 7-10 Default Schema, DIT, and Identity Management Realm 7-12 Default Identity Management Realm 7-14 Identity Management Realm Specific Oracle Context 7-16 Identity Management Realm Specific Oracle Context s Common Entries 7-17 Customizing an Existing Identity Management Realm 7-19 Default Directory Users 7-21 OracleAS Bootstrap Model 7-22 OID Protection Domains 7-23 Directory Roles 7-24 Summary 7-25 8 Managing Credentials Objectives 8-2 Storage of User Credentials 8-3 vii

Password Policies 8-4 Location of Password Policy Entries 8-6 Verification of User Password 8-7 Managing Password Policies Using Oracle Directory Manager 8-8 Modifying Password Policies by Using ODM 8-10 Managing Password Policies by Using Command-Line Tools 8-11 Managing Password Policies Using OID Self-Service Console 8-12 Modifying the OID Administrator Password 8-13 Modifying the IM Administrator Password 8-14 Password Storage for Authenticating to OID 8-16 Password Verifiers 8-18 Location of Password Verifiers 8-20 Attributes Storing Password Verifiers 8-21 Password Verifier Authentication Model 8-23 How Password Verification Works 8-24 Managing Password Verifier Profiles 8-25 Changing ODS Schema Password 8-27 Summary 8-29 9 Administering the OracleAS Single Sign-On Server Objectives 9-2 OracleAS Single Sign-On: Overview 9-3 Single Sign-On Components 9-4 Authentication Flow for OracleAS Single Sign-On 9-6 Starting and Stopping OracleAS Single Sign-On Components 9-8 OracleAS Single Sign-On Administrator s Role 9-10 OracleAS Single Sign-On Administration Pages 9-12 Configuring the OracleAS Single Sign-On Server 9-13 Retrieving ORASSO Schema Password 9-14 Enabling Global User Inactivity Timeout 9-15 Partner Application: Overview 9-17 Registering mod_osso 9-18 Administering External Applications 9-20 Adding an External Application 9-21 Accessing External Application and Storing Its Credentials 9-23 Updating OID Access Information 9-24 Refreshing OID Cache 9-25 Multilevel Authentication: Overview 9-26 Components of a Multilevel System 9-28 Windows Native Authentication 9-31 viii

Monitoring OracleAS Single Sign-On Server 9-32 Summary 9-34 10 Managing Oracle Delegated Administration Service Objectives 10-2 Delegated Administration Service 10-3 OID Self-Service Console: Overview 10-5 Benefits of DAS and OID Self-Service Console 10-6 How DAS Works 10-7 DAS Proxy User 10-9 DAS Configuration and Log Files 10-10 Starting and Stopping DAS 10-11 Verifying Whether DAS Is Running 10-12 Enabling Oracle DAS Debug Mode 10-14 Viewing Configuration Settings for an Identity Management Realm 10-15 Configuring the Default Identity Management Realm Specific Context 10-16 Configuring User Entries 10-18 Managing Users, Groups, and Subscribers Using DAS 10-21 Searching for User and Group Entries Using DAS 10-22 Maintaining User Entries Using DAS 10-23 Changing Passwords 10-24 Changing Another User s Password 10-26 Resetting SSO Password 10-27 Creating Group Entries by Using DAS 10-28 Modifying and Deleting Group Entries Using DAS 10-30 Assigning Privileges to Users and Groups Using DAS 10-31 Managing Services 10-32 Managing Accounts 10-33 Creating Identity Management Realms 10-35 Summary 10-37 11 Managing SSL Certificates in Oracle Identity Management Infrastructure Objectives 11-2 Public Key Infrastructure 11-3 What Is SSL? 11-5 Encryption Mechanism 11-6 Data Integrity: Message Digest 11-7 Authentication: Digital Signatures 11-8 Authentication: Digital Certificates 11-9 How SSL Works 11-10 ix

Certificate Authority 11-12 Traditional Certificate Provisioning 11-13 Oracle PKI Management Tools 11-14 OracleAS Certificate Authority 11-16 OracleAS Certificate Authority: Key Features 11-17 OCA Single Sign-On Authentication 11-19 OracleAS Certificate Provisioning 11-20 OCA Architecture 11-21 OCA Functional Structure 11-22 OCA Configuration Elements 11-24 Starting and Stopping OCA 11-26 Accessing the OCA Home Page 11-27 Details Required to Obtain a Certificate 11-28 Requesting the Web Administrator Certificate 11-29 OCA Administration Home Page 11-30 Summary 11-31 12 Requesting User Certificates from OCA Server Objectives 12-2 User Certificates: Overview 12-3 Requesting a User Certificate 12-4 Requesting a User Certificate Using SSO Authentication 12-5 Requesting a User Certificate Using SSL Authentication 12-7 Requesting a Certificate Using Manual Authentication 12-9 Configuring Browser to Trust OCA 12-11 Managing User Certificates 12-13 Requesting a Server Certificate 12-14 Requesting a Subordinate CA Certificate 12-16 Importing and Downloading a CRL 12-18 Summary 12-19 13 Managing Certificates and Configuring OCA Objectives 13-2 Managing Certificates as an Administrator 13-3 Approving and Rejecting Certificate Request 13-4 Searching for a Certificate Request or an Issued Certificate 13-6 Using Advanced Search 13-8 Revoking a Certificate 13-9 Renewing a Certificate 13-10 Updating the Certificate Revocation List 13-11 Revoking an OCA Web Administrator Certificate 13-12 x

OracleAS Single Sign-On and OCA 13-13 Configuring OCA Server 13-15 Enabling OCA Server Notifications System 13-16 Configuring Mail Notifications 13-17 Configuring Alerts 13-18 Scheduling OCA Jobs 13-19 Enabling General OCA Server Tasks 13-20 Viewing OCA Logs 13-22 Practice Statement 13-23 Summary 13-24 14 Managing OracleAS Certificate Authority Policies Objectives 14-2 OCA Policy Rules: Overview 14-3 How Policies Are Evaluated 14-4 OCA Default Policies 14-5 OCA Policy Predicates 14-6 OCA Certificate Policy: RSAKeyConstraints 14-7 OCA Certificate Policy: ValidityRule 14-8 OCA Certificate Policy: UniqueCertificateConstraint 14-9 OCA Certificate Policy: RevocationConstraints 14-10 OCA Certificate Policy: RenewalRequestConstraints 14-11 Predicate Attributes 14-12 Actions on Predicates 14-13 Actions on Policies 14-14 Adding Custom Policies 14-16 Summary 14-17 15 Securing Certificates by Using Oracle Wallet Objectives 15-2 What Is Oracle Wallet Manager? 15-3 Oracle Wallet Manager: Functions 15-4 Managing Wallets 15-5 Creating a New Wallet 15-6 Saving a Wallet 15-7 Deleting a Wallet 15-8 Changing the Wallet Password 15-9 Using the Auto Login Feature 15-10 Exporting a Wallet 15-11 Uploading Wallets 15-12 Downloading Wallets 15-14 xi

Managing User Certificates 15-15 Adding a Certificate Request 15-16 Exporting a User Certificate Request 15-17 Importing the User Certificate to the Wallet 15-18 Exporting a User Certificate 15-19 Managing Trusted Certificates 15-20 Importing a Trusted Certificate 15-21 Exporting a Trusted Certificate 15-22 Enable Oracle HTTP Server to Use SSL 15-23 Configuring Oracle HTTP Server for SSL Certificates 15-24 Summary 15-26 16 Integrating Oracle Identity Management Infrastructure with Other Directories and Applications Objectives 16-2 Oracle Directory Integration and Provisioning Platform: Overview 16-3 Why Is Oracle Directory Integration and Provisioning Platform Needed? 16-4 Structure of Oracle DIP 16-5 Provisioning: Overview 16-6 Synchronization: Overview 16-8 Provisioning Versus Synchronization 16-10 Oracle Directory Integration and Provisioning Server 16-11 Directory Integration Toolkit 16-12 Administration and Monitoring Tools 16-13 Oracle Directory Integration and Provisioning Platform Deployment Scenario 16-14 Overall Deployment 16-15 User Creation and Provisioning 16-16 Modification of User Attributes 16-17 Deletion of Users 16-18 Oracle Directory Integration and Provisioning Server 16-19 Register the Oracle Directory Integration and Provisioning Server 16-20 Oracle Directory Integration and Provisioning Server and Configuration Set Entries 16-22 Sequence of Oracle Directory Integration and Provisioning Server Events 16-24 Starting the Oracle Directory Integration and Provisioning Server 16-26 Stopping the Oracle Directory Integration and Provisioning Server 16-28 Restarting the Oracle Directory Integration and Provisioning server 16-30 Setting the Debug Level 16-31 Finding the Log Files 16-33 Viewing Oracle Directory Integration and Provisioning server Information 16-34 Summary 16-36 xii

17 Synchronizing Oracle Identity Management with Other Directories Objectives 17-2 Directory Synchronization Service 17-3 Connectors 17-4 Directory Synchronization Profiles 17-6 Synchronization Agent 17-8 Synchronization Process: Overview 17-9 Directory Synchronization Profile 17-11 Registering Connectors to Oracle Directory Integration and Provisioning Platform 17-13 Mapping Rules and Formats 17-16 Mapping Rule Format 17-17 Creating a New Mapping File 17-20 Guidelines for Adding Mapping Rules 17-22 Mapping Types 17-24 Location and File Names 17-25 Registering Profiles by Using ODM 17-27 Deregistering a Profile Using ODM 17-31 Registering Profile by Using Command-Line Tools 17-32 Deregistering Profile by Using Command-Line Tool 17-34 Using Directory Integration and Provisioning Assistant 17-35 Creating, Modifying, and Deleting directory Synchronization Profile 17-36 Other DIP Assistant Command Options 17-38 Troubleshooting Oracle Directory Integration and Provisioning Platform 17-39 Summary 17-40 18 Configuring Oracle Identity Management Provisioning Integration Service Objectives 18-2 Provisioning Integration Service 18-3 Provisioning Procedure 18-4 Provisioning Information 18-6 Provisioning Integration Service and OID 18-7 Applications and Provisioning Integration Service 18-8 Application and Provisioning Integration Service 18-9 Applications and Provisioning Integration Service 18-10 Deploying Oracle Directory Provisioning Integration Service 18-11 Provisioning Subscription Tool 18-12 Security and Provisioning Profiles 18-16 Provisioning Profiles and Access Entities 18-17 xiii

Security-Sensitive Provisioning Profile Attributes 18-19 Monitoring Provisioning Integration Profile 18-21 Troubleshooting the Provisioning Integration Service 18-22 Summary 18-24 19 Oracle Internet Directory Replication Concepts Objectives 19-2 OID Replication 19-3 Directory Replication Group and Replication Agreement 19-4 Types of Replicas 19-5 Types of Replication 19-6 Partial Replication 19-7 Types of Directory Replication Groups 19-8 Data Transfer Between Nodes in a DRG 19-9 Single-Master DRG 19-10 Multimaster DRG 19-11 Fan-out DRG 19-12 Multimaster and Fan-out DRG 19-13 Enhancing Replication Methods 19-14 Included and Excluded Naming Contexts 19-16 Replication Agreement 19-17 Replication Configuration Objects in OID 19-19 Replication Architecture 19-21 Multimaster Supplier Replication Process 19-22 Multimaster Consumer Replication Process 19-23 OID Replication Server Conflict Resolution 19-24 Automated Resolution of Conflicts 19-26 Replication Processes 19-27 Adding a New Entry to a Consumer 19-28 Deleting an Entry 19-30 Modifying an Entry 19-32 Modifying a Relative Distinguished Name 19-33 Modifying a Distinguished Name 19-35 Fan-out Replication Process 19-36 Partial Replication Filtering Rules 19-37 Summary 19-39 20 Setting Oracle Internet Directory Replication Objectives 20-2 Master and Remote Definition Site 20-3 xiv

Installing and Configuring the Replication Server 20-4 Installing OID on MDS and RMS 20-5 Setting Up OID Replication for DRG 20-7 Loading Data into OID 20-10 Starting OID and Replication Server 20-11 Test Directory Replication 20-12 Adding a Replication Node 20-13 Deleting Replication Node 20-16 Changing Replication Administrator Password 20-17 Resolving Conflicts Manually 20-18 Human Intervention Queue Manipulation Tool 20-19 OID Reconciliation Tool 20-20 Rules for Configuring LDAP Replication 20-21 Adding a Partial Replication Node 20-22 Removing a Partial Replica Node 20-23 Viewing and Modifying Replica Naming Context Objects 20-24 Changing the Replication DN Password 20-25 Managing OID Replication 20-26 Modifying Configuration Parameters 20-27 Viewing and Modifying Replica Node 20-29 Viewing and Modifying Replication Agreement 20-31 Summary 20-33 Appendix A - Practices Appendix B - Solutions Appendix C - Integrating Oracle Identity Management with Windows Active Directory Service Objectives C-2 OID and Microsoft Windows OS C-3 Managing Password Verifiers in OID C-5 MS Windows ADS as Central Enterprise Directory C-6 OID as Central Enterprise Directory C-7 Configuration Information for ADS Connector C-8 MS ADS Synchronization Mapping Rules C-10 MS ADS Synchronization Access Control C-12 Planning Integration with ADS C-13 Configuring ADS and OID Import and Export Synchronization C-14 Summary C-15 xv

Appendix D - Enterprise User Management and Oracle Identity Management Objectives D-2 User Management: Challenges D-3 Enterprise User Security: Overview D-4 Enterprise Users Versus Database Users D-6 Enterprise User Schemas D-8 Enterprise User: Authentication Mechanism D-10 Enterprise User Security: Directory Entries D-12 Enterprise Users and Roles Directory Entries D-13 Enterprise Domains and Database Server Directory Entries D-15 Using Shared Schemas for Enterprise User Security D-17 Shared Schema Configuration for Enterprise Users D-18 Enterprise User Security Configuration: Overview D-19 Enterprise User Security Administration Tools D-21 Summary D-22 xvi

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information