AppEx and Identity Management?

Has anyone integrated Oracle Application Express with Oracle's Identity Management suite?
We're bringing IDM into the environment and wondered about converting some existing OAE apps to get authentication/authorization from IDM.
Any advice/samples is welcome and encouraged.
Thanks!
-Joe

We have successfully integrated HTMLDB apps with OID and Active Directory
Here is the link to doc.
Authenticate Users Using an LDAP Server
http://www.oracle.com/technology/products/database/application_express/howtos/how_to_ldap_authenticate.html
Configure an Application as a Partner Application in Oracle AS Single Sign-On
http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html

Similar Messages

E-Business Suite 11i with ESSO and Identity Manager

Hi,
We want to use Identity Manager to provision user information to Active Directory, MS Exchange, and E-Business Suite. Also, intend to deploy e-sso to provide single sign-on experience for desktop and web based applications.
Has anyone integrated Oracle E-Business Suite 11.5.10.2 with Enterprise Single Sign-On and Identity Manager (Identity Management)?
Can we achieve it without using Oracle Internet Directory/OracleAS 10g Single Sign-On?
Any relevant information or issues faced during integration, would be helpful.
Regards.

Hi,
for this integration you will need Provisioning Gateway component of the ESSO suite, and the included OIM-ESSO PG Connector.
The eBusiness Java interface can be integrated with eSSO, trough the java helper object.
There are several metalink notes that describe the OIM-PG integration:
NOTE: 550639.1 eSSO: Overview And Troubleshooting Of OIM Integration With Provisioning Gateway
NOTE: 550642.1 eSSO: OIM PG Integration: ProvisioningInstructionException: The user is not authorized for the action
NOTE: 550645.1 eSSO: OIM PG Integration: Error in Sending Request to web service
NOTE: 550646.1 eSSO: OIM PG Integration: Unsupported major.minor version 49.0
NOTE: 550641.1 eSSO: OIM PG Integration: Add_credential Execution Failed. Error: XPathFactory
NOTE: 550643.1 eSSO: OIM PG Integration: Could not find IT asset value for Svr_key
Yes, with eSSO-OIM you wont need Oracle Internet Directory/OracleAS 10g Single Sign-On.
Octavian

Active Directory, GRC, and Identity Management

I had originally posted this in the Security forum, but was directed here:
A client I am working at would like to explore using Active Directory groups to assign SAP roles to users, both portal roles and ABAP roles. They are currently using Microsoft AD. However they have a requirement to use GRC Access Controls (v5.2) to assist with role maintenace and assignment for SOX compliance. I have been told that the Identity Management product can assist with integrating GRC and AD that will still allow for SOD checking/SOX compliance while role assignments can take place in AD.
Does anybody have experience with using Identity Management either with or without GRC? Does in work with Microsoft AD or is it is own AD product? What was your experience with it?
Are there any other products that can be recommended that will allow for integration between GRC Access Controls and Microsoft AD?
Steve

Hi Steve,
We integrated SiteMinder(eTrust) from CA with the Portal and it is pretty good and stable.
The one thing i like with SiteMinder is they are pretty stable and once it is configured the maintenance is very less and it is very stable also.
Also, they provide integrations with major webservers and application servers.
Cheers, Nag

Difference between Oracle GRC product and Identity management

Hi
I want to know the difference between Oracle GRC product and Oracle Identity and Access Management product. Also what I see that the features Acces manager is providing is also provided by the grc access control governor and transaction control governor. So why two different technology for same task.
Regards

Any answer.
regards

Microsoft Dynamics GP and Identity Management

Am planning to host Microsoft Dynamics GP on Azure IaaS, and thinking of using WAAD for identity management instead of Windows Active Directory on IaaS VM... Is that possible solutions?

Hello,
The following option might be helpful to integrate Dynamics and SSO with Azure AD
http://azure.microsoft.com/en-us/marketplace/partners/microsoft-corporation/crm/
We would also research more on the same and get back to you if we get more information.
Regards,
Neelesh

HSPD-12 and Identity Management

Hi ,
What is SAP proposing for solution for HSPD-12 ?
Any information on Identity Management , will help me .
Thank you .

Perfect - thanks for the additional info.
What you need to do is look into the OAM developers guide and read up on the Access Manager SDK. It is a toolkit that allows you to perform all the same operations that WebGate is specialized to do but from your own code context. This includes the maintenance or creation of user session state as maintained in the session token. This is the same token value that is stored in the ObSSOCookie that you are familiar with.
Using this knowledge, if I have a user with a valid session in a browser - I can pass that cookie into the desktop context and know who the user is by parsing the cookie value with the SDK. Likewise, if my desktop app collects creds from the user and creates a session token, this value can be manually placed into an HTTP cookie and set into a new browser session.
My only advice with this is to take your time to fully understand the API before you throw something half baked into you app. Session state is subject to idle and max session timeouts, for example. Session time params are updated in the session token with every authZ request...
That said, it is a brilliant system. Once you wrap your mind around the idea that you can build your own AccessGate, the world is your oyster.
I have also seen folks stand up a centralized we service that implements AccessGate functionality - that may be a lighter weight model to pursue depending on how you deploy your app.
Hope this helps.
Cheers,
Mark

Oracle Identity and Access Management (11.1.1.3.0) and IM difference?

What is difference between Oracle Identity and Access Management (11.1.1.3.0) and Identity Management (11.1.1.3.0) ?
From
http://www.oracle.com/technetwork/middleware/downloads/oid-11g-161194.html

When you run the config, you are asked to add some product. Have checked the "Oracle Access Manager with Database Policy Store" product?
If not, you can add it by extending the domain. Once done you have to start two WLS servers (AdminServer and oam_server1):
Start AdminServer with $DOMAIN/bin/startWebLogic.sh
Start oam_server1 with $DOMAIN/bin/startManagedWebLogic.sh oam_server1
It might be that oam_server1 asks for username and password. This is fine for the first time. During the first start the necessary directory structure is created. Once it came up and enters RUNNING state, kill it and create a file boot.properties in $DOMAIN/servers/oam_server1/security with the entries username=name and password=pw in two lines and start oam_server1 again.
Starting oam_server1 is recommend to get proper values in the oamconsole.
HTH,
--olaf

Confusion with a current state of Oracle Identity Management

I would like to know if anyone has successfully implemented the complete suite of IdM. If yes, please share this experience. I want to clarify the definition of "successful integration". It should include the following:
- SSO for Partner applications
- SSO for External (third parties) applications
- Provisioning and Synchronization
- Delegated Administration
- WNA with Kerberos
- SAML implementation (optional)
I would appreciate all answers on this subject

To restart from your initial question, it's quite strange because the components you mention are all included in the AS10g Enterprise Edition or in AS10g Portal, and are perfectly integrated. I know numerous customers which use Oracle Portal, for instance, and leverage on SSO (patner or external), Delegated Administration (DAS) , Synchro with AD server and Windows native authentication, without a single line of specific code. Provisioning is done automatically by DIP in the case of Portal with AD, as well, or with a Human resource system. Even the password synchro can be made betwwen AD and OID (Oracle LDAP)
Now, it's a sligthy different discussion if we consider the recent acquisitions made by Oracle, and which are sold in the so call : Oracle Identity management 10g.
OAM (previously Oblix) is a more ambitious product that Oracle SSO.
OIM (provisioning and identity management) is far more sophisticated than Oracle DIP.
The goal, for Oracle, is to unify the workflow engine and the Human interface (with ADF). This task is probably on the rails for the next year.
OVD (previously OctetSting) is an architectural component which allow virtualisation of LDAP server.
About Federation, OIF allow all existing Oracle Portal customer (using SSO) to rely on SAML tokens in order to trust partners site.
So, in my opinion, acquisitions oblige to make a substantial effort to unify human interface and make arbitration between some concepts, but it's within the Oracle means.

Metadirectory or Identity Manager?

Hi all, can someone please clarify what might (or might not) be happening with respect to both Metadirectory and Identity Manager please???
I've had an assignment since late last year to do some testing and benchmarking with Sun Metadirectory.
Both Metadirectory and Identity Manager have their respective product pages but neither has a trial/download link:
http://www.sun.com/software/products/meta_directory/home_meta_dir.xml
http://www.sun.com/software/products/identity_mgr/index.xml
I have the CD for Metadirectory 5.0 (the last one to come with my EduSoft subscription) but it isn't compatible with Directory Server 5.2.
From what I can tell, Identity Manager appears to be the replacement for Metadirectory so it probably doesn't make sense to do any Metadirectory evaluation if it's about to be discontinued...
Our Sun sales rep has also been unable to help provide any useful info.
Does anyone know what's happening? It seems Sun has left this particular product tree in limbo and I have a long overdue assignment to complete... Please help.
-Brian

From metadirectory's page "The Sun ONE Meta-Directory capabilities are now integrated into the Sun Java System Identity Manager."
Sun is not trying to sell Metadirectory anymore, and I guess it will be EOLed soon if it has not already been the case. I don't think it makes sense to evalutate Meta-Directory today.
Identity Manager (or IDM) is not meant to be a centralized ldap directory like Meta, but a centralized provisioning system ... although there are still ways to achieve what Meta did, it's not what it was designed for in the first place.

Oracle Identity Manager 9.1.0.2 and Oracle Weblogic server 11g R1 b(10.3.1)

Hi,
can we Install Oracle Identity Manager 9.1.0.2 version on Oracle Weblogic server 11h R1 b(10.3.1)?
Is it OIM 9.1.0.2 compatible to install on Oracle Weblogic server 11h R1 b(10.3.1).
Early response is appreciated

Check this
http://www.oracle.com/technology/software/products/ias/files/idm_certification_101401.html#BABGBGHI
And Oracle has mentioned that
*2.1 Certified Application Servers*
Note: There is no change in application server certification from
release 9.1.0.1 to release 9.1.0.2.
Oracle WebLogic Server 10.3
But you can try with new version of Weblogic. It shouldn't create any problem.

Oracle Identity and Access Management Suite Plus Integration with Oracle ADF

Hi All,
Kindly advice if Oracle Identity and Access Management Suite Plus can be integrated with Oracle ADF based applications to manage the end-to-end lifecycle of user accounts specifically addressing to roles/priviledges and security.
Request you to share links to documentation where I can study the steps to integrate both the frameworks.
Looking forward to hear from you soon.
Best Regards,
Ankit Gupta

Hi Sébastien,
I came across the below link for the required integrations -
Oracle&reg; Fusion Middleware Installation Guide for Oracle Identity and Access Management 11g Release 2 (11.1.2) - …
Oracle&reg; Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management 11g Release 2 (11.1.2) - Co…
Best Regards,
Ankit Gupta

Discuss Identity and Access Management in the Cloud

Identity and access management in the cloud refers to the processes, technologies, and policies for managing cloud systems identities and controlling how these identities can be used to access cloud resources. Three separate processes are used in most cloud
identity and access management solutions:
Identity provisioning and storage
Authentication
Authorization
Identity management in a cloud system requires a complex collection of technologies to manage authentication, authorization and access control across distributed environments. These environments might include assets both on the internal cloud, which would
be an on-premises private cloud, and services accessed on the public cloud. These environments can also cross-security domains, as when two enterprise-level organizations collaborate and enable cross-domain access to users from the partner security domain.
You can learn more about these topics in the article Identity and Access Management in the Cloud.
Let's talk about that article and the topics of identity and access management in the cloud! Use this thread to get it started.
Thanks!
Tom
Learn more about Private Cloud at the
Private Cloud Solutions Hub

Tom,
I am a novice and attempting to achieve a proof of concept of single sign on. One example I read stated one should install Identity and Access on VS2012. I did this on two different machines. One was in the office domain and it shows the
item "Identity and Access..." in the context menu of the MVC project I created. The other machine is my laptop. I followed the same procedure that worked on the desktop, yet the Identity and Access item in the project context menu does not show.
One difference is that the laptop is not part of a domain, but I am attempting this proof of concept in Windows Azure with the laptop, since we do not have a test AD in our corporate domain.
Is this the right forum to inquire about this issue? Do you have a recommendation about a better forum?
Stephen Pidgeon

2008 R2 Server and Microsoft identity Management for Unix - Lost groups

I couldn't find a group that fit this one so I'm putting in the general group- If their is a better group please reply with it - Thx
We have 2 Windows 2008 R2 servers and 2 linux boxes running NIS/Kerberos. One of the Linux servers also runs a secondary NIS server for performance reasons. Unix Services syncs the account db in NIS format to it, the other server connects
and auth's directly off of the AD server. We have had this setup for over a year now and it's run with out problem. Today I ran the Microsoft Identity Management utility and lost NIS group on the Linux server that runs it's one NIS server.
On the Linux server that connects directly to the AD box the groups all appear with an id command from the command line. It looks like the Unix for Windows services app nolonger will sync to a Linux NIS server. I feel this is a bug due to
the fact that I recently update the two Windows 2008 R2 server to the latest patch releases a few days ago.
Does any one have a fix for this or could Microsoft look into it.

Hello,
you may ask this in
https://social.technet.microsoft.com/Forums/en-US/home?category=identitymanagement
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter:

OBIEE 11g RPD and Weblogic Identity Management

Hi,
I have an issue where only users from one weblogic Provider (LDAPAuthenticator) can log into OBIEE.
New users created using the default provider (DefaultAuthenticator) cannot log in (the exception is the Administrator user which was upgraded from 10g).
If I open the RPD in online mode and connect to 'Identity Management', I do not see the new users above in the list (i.e. they have not been pulled down by OBI)
Error message in the logs show "authentication passed, however use cannot be found in identity store" - which makes sense as I do not see them in the RPD. Any ideas?
N.B: New application roles in weblogic are syncing with the the RPD correctly.

Thanks for your reply Paul. That is quite a drawback if it is the case. I guess the fall back is to implement one authenticator and if that fails, it would pass on to the RPD authentication (like in 10g)? Have you by chance managed to implement the 'act as' obi functionality with the weblogic authenticator setup?

Hello, Identity manager fail to add entries in the LDAP and database table

Hello,
Well I installed identity manager 7 in a windows 2003 advanced server.
I I appended an NT server resource, a Mysql table, a solaris server resource and an ldap server resource.
I created the roles for these resources and then I assigned them to an account that I created for testing purposes.
After the aprooval, in the solaris machine, the user has been added in the user database but no home directory has been created as I didn't set the apropriate flag to true.
I the windows resource everything worked very smooth and with no problem.
In the ldap and mysql table resources I recieved a failure having error message null. and from a sniffing that I did for investigation I never saw a sigle packed arrive to the mysql server or to the directory server from the idm server.
Any ideas or suggestions on what to do ?

Well the problem with the directory server just solved.
But the problem with mysql remains.
The first thing that I do when I add a resource is to test the connection.
The problem with the LDAP is that the dn was not present in the directory server. They gave me an ou that didn't exist.

AppEx and Identity Management?

Similar Messages

Maybe you are looking for