SlideShare a Scribd company logo

Oracle Access Manager integration with WNA/AD

Download as PPTX, PDF
Sumit Gupta
Sumit Gupta

This is the presentation I used for my session in SANGAM 2015 @ Hyderabad, India.

Education
1 of 62
Oracle Access Manager integration with WNA/AD 122nd November 2015 Hyderabad, India #AIOUG SANGAM 15 Sumit Gupta . . . . meeting of minds
Introduction • Presenter – Sumit Gupta • 10+ Years experience in Oracle Fusion Middleware • OPN Certified IAM Expert – Oracle Identity Manager 11g Certified Implementation Specialist – Oracle Access Management Suite Plus 11g Implementation Specialist – Oracle Certified Associate, Oracle Weblogic Server 12c administrator • Presenter – UKOUG Tech 14 – Liverpool, UK – Middleware SIG – Reading, UK – Sangam 2015 – Hyderabad, India – UKOUG Tech 15 – Birmingham, UK • Blogger (www.OraWorld.co.uk) – More than 150 articles – 1200 + subscribers www.OraWorld.co.ukwww.OraWorld.co.uk 2Copyright © 2015, OraWorld Ltd. All rights reseved
Agenda • Windows Native Authentication Overview • Kerberos Basics • WNA Configurations • WNA Testing (Demo Viewlet) • WNA Sequence Flow • Lessons Learnt • References • QnA Session www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 3
Windows Native Authentication www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 4
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 5 • Native authentication protocol in Active Directory • Kerberos Domain • Principal (Machines, Services & Users) – Service Principal Name (SPN) • PROTOCOL/hostname for services • username@DOMAIN for users • Key Distribution Center (KDC) • Ticket Granting Ticket (TGT) • Service Ticket (ST)
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 6
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 7
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 8
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 9
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 10
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 11
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 12
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 13
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 14
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 15
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 16
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 17
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 18
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 19
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 20
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 21
Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 22
WNA High Level Steps • Tasks on the Windows domain controller: - Configuring the domain controller to support Kerberos Authentication - Generating a keytab file for a service user • Tasks on the Oracle Access Manager server: - Configuring an Active Directory identity store - Configuring a Kerberos authentication module - Defining a policy that uses the Kerberos authentication module to protect resources • Configuring end-user browsers 23 www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved
WNA Configuration • Create a service user in Windows AD Server. www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 24 AD Server
WNA Configuration • KeyTab generation – contains shared secret key of the service ktpass.exe -princ HTTP/<OHS hostname>@<AD Server Domain> -pass <Password of the user created to be mapped> – mapuser <AD DOMAINsAMAccountName of the user created > – out <Location_of_keytab_file> www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 25 AD Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 26 AD Server
WNA Configuration • Copy generated keytab (binary file) to OAM Server • Set up krb5.conf - Unix : /etc/krb5.conf on unix - Windows: C:windowskrb5.conf • KRB5_CONFIG env variable www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 27 OAM Server [logging] default = FILE:/u01/app/oracle/middleware/Oracle_IAM1/wna/krb5libs.log kdc = FILE:/u01/app/oracle/middleware/Oracle_IAM1/wna/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = OWAD.LOCAL dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 600 clock_skew= 600 udp_preference_limit= 1 default_tkt_enctypes = RC4-HMAC default_tgs_enctypes = RC4-HMAC [realms] OWAD.LOCAL = { kdc = owwin-ad.owad.local admin_server = owwin-ad.owad.local default_domain = OWAD.LOCAL } [domain_realm] .owad.local = OWAD.LOCAL owad.local = OWAD.LOCAL
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 28 OAM Server • Klist commands [orafmw@iam ~]$ klist -e klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_500) Kerberos 4 ticket cache: /tmp/tkt500 klist: You have no tickets cached [orafmw@iam ~]$ klist -k /u01/app/oracle/middleware/Oracle_IAM1/wna/oraworld.keytab -t -K -e Keytab name: FILE:/u01/app/oracle/middleware/Oracle_IAM1/wna/oraworld.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 3 01/01/70 01:00:00 HTTP/oraworld.com@OWAD.LOCAL (ArcFour with HMAC/md5) (0x1d1b117a1db40dc241f7838b083a6b9d)
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 29 OAM Server • Kinit command [orafmw@iam ~]$ kinit -V HTTP/oraworld.com@OWAD.LOCAL -k -t /u01/app/oracle/middleware/Oracle_IAM1/wna/oraworld.keytab Authenticated to Kerberos v5 [orafmw@iam ~]$ klist -e Ticket cache: FILE:/tmp/krb5cc_500 Default principal: HTTP/oraworld.com@OWAD.LOCAL Valid starting Expires Service principal 06/22/15 11:47:22 06/22/15 21:47:27 krbtgt/OWAD.LOCAL@OWAD.LOCAL renew until 06/23/15 11:47:22, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 Kerberos 4 ticket cache: /tmp/tkt500 klist: You have no tickets cached
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 30 OAM Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 31 OAM Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 32 OAM Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 33 OAM Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 34 OAM Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 35 OAM Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 36 OAM Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 37 OAM Server
WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 38 OAM Server
Browser Configuration www.OraWorld.co.uk 39 Copyright © 2015, OraWorld Ltd. All rights reserved 39 • Open Internet Explorer • Go to Tools > Internet Options > Security > Local Intranet > Advanced • Add OAM Server host name Internet Explorer
Browser Configuration www.OraWorld.co.uk 40 Copyright © 2015, OraWorld Ltd. All rights reserved 40 Internet Explorer
Browser Configuration www.OraWorld.co.uk 41 Copyright © 2015, OraWorld Ltd. All rights reserved 41 Internet Explorer
Browser Configuration www.OraWorld.co.uk 42 Copyright © 2015, OraWorld Ltd. All rights reserved 42 • Go to Advanced tab > Security • Check the box besides – Enable Integrated Windows Authentication Internet Explorer
Browser Configuration www.OraWorld.co.uk 43 Copyright © 2015, OraWorld Ltd. All rights reserved 43 Internet Explorer
Browser Configuration www.OraWorld.co.uk 44 Copyright © 2015, OraWorld Ltd. All rights reserved 44 • Go to Security > Local Intranet > Custom Level • Select Automatic logon only in Intranet zone • Restart Internet Explorer Internet Explorer
Browser Configuration www.OraWorld.co.uk 45 Copyright © 2015, OraWorld Ltd. All rights reserved 45 Internet Explorer
Browser Configuration www.OraWorld.co.uk 46 Copyright © 2015, OraWorld Ltd. All rights reserved 46 • Google Chrome uses the Internet Explorer settings. Chrome
Browser Configuration www.OraWorld.co.uk 47 Copyright © 2015, OraWorld Ltd. All rights reserved 47 • about:config • Set network.negotiate-auth.trusted-uris to OAMHOST.DOMAIN. Firefox
Browser Configuration www.OraWorld.co.uk 48 Copyright © 2015, OraWorld Ltd. All rights reserved 48 Firefox
WNA Testing www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 49 • Demo Viewlet Link • https://www.youtube.com/watch?v=C-HKAN2InyY
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 50
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 51 OAM Server Log. <11-Jun-2015 13:03:12 o'clock BST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to /u01/app/oracle/middleware/user_projects/domains/iam_domain/servers/oam_server1/logs/oam_server1.log00059. Log messages will continue to be logged in /u01/app/oracle/middleware/user_projects/domains/iam_domain/servers/oam_server1/logs/oam_server1.log.> >>> KeyTabInputStream, readName(): OWAD.LOCAL >>> KeyTabInputStream, readName(): HTTP >>> KeyTabInputStream, readName(): oraworld.com >>> KeyTab: load() entry length: 63; type: 23 Added key: 23version: 3 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23. 0: EncryptionKey: keyType=23 kvno=3 keyValue (hex dump)= 0000: 1D 1B 11 7A 1D B4 0D C2 41 F7 83 8B 08 3A 6B 9D ...z....A....:k.
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 52 http://oraworld.com:7777/secured/index.html GET /secured/index.html HTTP/1.1 Host: oraworld.com:7777 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive HTTP/1.1 302 Found Date: Mon, 29 Jun 2015 11:48:49 GMT Server: Oracle-Application-Server-11g Set-Cookie: OAMAuthnHintCookie=0@1435578529; httponly; path=/; domain=.com Set-Cookie: OAMRequestContext_oraworld.com:7777_505353=PSSttVqN64gXBgIbzgp8jA==;max-age=300; httponly; path=/ Location: http://oraworld.com:14100/oam/server/obrareq.cgi?encquery%3DxjRnrPN5vUi8FDE0h2Os3fXf <Trimmed> Content-Length: 652 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 53 http://oraworld.com:14100/oam/server/obrareq.cgi?encquery%<Trimmed> GET /oam/server/obrareq.cgi?encquery%3DxjRn<Trimmed>HTTP/1.1 Host: oraworld.com:14100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: OAMRequestContext_oraworld.com:7777_505353=PSSttVqN64gXBgIbzgp8jA== Connection: keep-alive HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 29 Jun 2015 11:48:49 GMT Transfer-Encoding: chunked Location: http://oraworld.com:14100/oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foa m%2FCredCollectServlet%2FWNA&request_id=- 276341910699531784&locale=en_US&resource_url=http%253A%252F%252Foraworld.com%253A7777%252Fsecured%252Finde x.html Set-Cookie: OAM_REQ_0=VERSION_4~ugKPHSCILJo%<Trimmed>; path=/; HttpOnly Set-Cookie: OAM_REQ_COUNT=VERSION_4~1; path=/; HttpOnly X-ORACLE-DMS-ECID: 74645cb114abea27:-3751213f:14dfcde14b8:-8000-0000000000029fd1
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 54 http://oraworld.com:14100/oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foam%2F CredCollectServlet%2FWNA&request_id=- 276341910699531784&locale=en_US&resource_url=http%253A%252F%252Foraworld.com%253A7777%252Fsecured%252Finde x.html GET /oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foam%2FCredCollectServlet%2 FWNA&request_id=- 276341910699531784&locale=en_US&resource_url=http%253A%252F%252Foraworld.com%253A7777%252Fsecured%252Finde x.html HTTP/1.1 Host: oraworld.com:14100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: OAMRequestContext_oraworld.com:7777_505353=<Trimmed>OAM_REQ_COUNT=VERSION_4~1 Connection: keep-alive HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store Date: Mon, 29 Jun 2015 11:48:50 GMT Pragma: no-cache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: 0 WWW-Authenticate: Negotiate WWW-Authenticate: Basic realm="OAM 11g"
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 55 http://oraworld.com:14100/oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foam%2F CredCollectServlet%2FWNA&request_id=- 23&locale=en_US&resource_url=http%253A%252F%252Foraworld.com%253A7777%252Fsecured%252Findex.html GET /oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foam%2FCredCollectServlet%2FWNA &request_id=-27784&locale=en_US&resource_url=http%253A%252F%252Foraworld.com777%252Fsecured?Findex.html HTTP/1.1 Host: oraworld.com:14100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Cookie: OAMRequestContext_oraworld.com:7777_50<Trimmed>LJeWMsd; OAM_REQ_COUNT=VERSION_4~1 Connection: keep-alive Authorization: Negotiate YIIGlgYGKwYBBQUCoIIGijCCBoagMDA<Trimmed>== HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 29 Jun 2015 11:48:50 GMT Transfer-Encoding: chunked Location: http://oraworld.com:7777/obrar.cgi?encreply=<Trimmed> Set-Cookie: OAM_ID=VERSION_4~SrAPo4Sh9v3M<Trimmed>; path=/; HttpOnly Set-Cookie: OAM_GITO=v1~uid:Wnauser1r&<Trimmed>c-oraworld.c&; path=/; HttpOnly; expires=Thu, 01-Jan-1970 01:00:00 GMT Set-Cookie: OAM_REQ_0=invalid; path=/; HttpOnly X-ORACLE-DMS-ECID: 74645cb114abea27:-3751213f:14dfcde14b8:-8000-0000000000029fd6
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 56
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 57 http://oraworld.com:7777/obrar.cgi?encreply=<Trimmed> GET /obrar.cgi?encreply=<Trimmed>k%3D HTTP/1.1 Host: oraworld.com:7777 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: OAMRequestContext_oraworld.com:7777_505353=PSSt<Trimmed>rr2SMpNMOF2B/DbQk3/N1Ua1onzJ Connection: keep-alive HTTP/1.1 302 Found Date: Mon, 29 Jun 2015 11:48:52 GMT Server: Oracle-Application-Server-11g Set-Cookie: OAMRequestContext_oraworld.com:7777_505353=;expires=thursday, 01-jan-1970 01:00:00 gmt; httponly; path=/ Set-Cookie: OAMAuthnCookie_oraworld.com:7777=<Trimmed>%3D;httponly; path=/ Set-Cookie: OAMAuthnHintCookie=X; httponly; path=/ Location: /secured/index.html Content-Length: 230 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1
WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 58 http://oraworld.com:7777/secured/index.html GET /secured/index.html HTTP/1.1 Host: oraworld.com:7777 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: OAM_REQ_0=invalid; OAM_REQ_COUNT=VERSION_4~1; OAM_ID=VERSION_4~SrAPo4Sh9v3Mz9YtR0IUJQ==~<Trimmed<; OAMAuthnHintCookie=X Connection: keep-alive HTTP/1.1 200 OK Date: Mon, 29 Jun 2015 11:48:52 GMT Server: Oracle-Application-Server-11g Set-Cookie: OAMAuthnHintCookie=;expires=thursday, 01-jan-1970 01:00:00 gmt; httponly; path=/ Set-Cookie: OAMAuthnHintCookie=1; httponly; path=/; domain=.com Cache-Control: no-cache Pragma: no-cache Last-Modified: Tue, 23 Jun 2015 19:07:39 GMT Etag: "bc06de-3cd-519341a9c54c0” Accept-Ranges: bytes Content-Length: 973 Connection: Keep-Alive Content-Type: text/html Content-Language: en
• NTLM versus Kerberos - SPNEGO token can contain either NTLM or Kerberos token depending on the Windows client capabilities. All pre–Windows 2000 clients use NTLM. AD domains by default support “mixed” mode. - If Kerberos fails, the client falls back to NTLM. - HTTP header logger or Fiddler are best to diagnose this. Browser logging can also help. • Clock Skew Errors - Synchronize clocks on both your OAM Server and the AD server . 59 59 www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved Lessons Learnt
• Error: - kinit(v5): Key table entry not found while getting initial credentials - kinit(v5): Preauthentication failed while getting initial credentials - kinit(v5): KDC reply did not match expectations while getting initial credentials • PROTOCOL and DOMAIN NAME are always in CAPITAL LETTERS. • hostname and username are always in lower case. 60 60 www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved Lessons Learnt
• Configuring Access Manager for Windows Native Authentication OAM 11g WNA Step by Step Setup Guide (Doc ID 1416860.1) • WNA Basics • WNA for multiple AD forest. • Oracle Access Manager 11g WNA Quick Start Guide (Doc ID 1416903.1) • http://tools.ietf.org/html/rfc4559 • Trouble Shooting OAM 11g WNA Issues Quick Start Guide (Doc ID 1433554.1) • Blogs: Enable Logging & Lessons Learnt • Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 61 References
QnA www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 62

Recommended

Oracle BI publisher intro
Oracle BI publisher introOracle BI publisher intro
Oracle BI publisher introAdil Arshad
 
OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2
OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2
OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2vasuballa
 
oracle ebs free web service integration tools
oracle ebs free web service integration toolsoracle ebs free web service integration tools
oracle ebs free web service integration toolsSmartDog Services
 
01 oracle application integration overview
01 oracle application integration overview01 oracle application integration overview
01 oracle application integration overviewnksolanki
 
EPM Automate - Automating Enterprise Performance Management Cloud Solutions
EPM Automate - Automating Enterprise Performance Management Cloud SolutionsEPM Automate - Automating Enterprise Performance Management Cloud Solutions
EPM Automate - Automating Enterprise Performance Management Cloud SolutionsJoseph Alaimo Jr
 
Oracle Fusion Application
Oracle Fusion ApplicationOracle Fusion Application
Oracle Fusion ApplicationArman Sadat Hossain
 
Automate All The Things with Flow
Automate All The Things with FlowAutomate All The Things with Flow
Automate All The Things with FlowSalesforce Admins
 
Oracle APEX or ADF? From Requirements to Tool Choice
Oracle APEX or ADF? From Requirements to Tool ChoiceOracle APEX or ADF? From Requirements to Tool Choice
Oracle APEX or ADF? From Requirements to Tool ChoiceSten Vesterli
 

Recommended

Oracle BI publisher intro
Oracle BI publisher introOracle BI publisher intro
Oracle BI publisher introAdil Arshad
 
OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2
OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2
OOW15 - Planning Your Upgrade to Oracle E-Business Suite 12.2vasuballa
 
oracle ebs free web service integration tools
oracle ebs free web service integration toolsoracle ebs free web service integration tools
oracle ebs free web service integration toolsSmartDog Services
 
01 oracle application integration overview
01 oracle application integration overview01 oracle application integration overview
01 oracle application integration overviewnksolanki
 
EPM Automate - Automating Enterprise Performance Management Cloud Solutions
EPM Automate - Automating Enterprise Performance Management Cloud SolutionsEPM Automate - Automating Enterprise Performance Management Cloud Solutions
EPM Automate - Automating Enterprise Performance Management Cloud SolutionsJoseph Alaimo Jr
 
Oracle Fusion Application
Oracle Fusion ApplicationOracle Fusion Application
Oracle Fusion ApplicationArman Sadat Hossain
 
Automate All The Things with Flow
Automate All The Things with FlowAutomate All The Things with Flow
Automate All The Things with FlowSalesforce Admins
 
Oracle APEX or ADF? From Requirements to Tool Choice
Oracle APEX or ADF? From Requirements to Tool ChoiceOracle APEX or ADF? From Requirements to Tool Choice
Oracle APEX or ADF? From Requirements to Tool ChoiceSten Vesterli
 
Oracle hcm cloud overview
Oracle hcm cloud overviewOracle hcm cloud overview
Oracle hcm cloud overviewTrevor Hewitt
 
10 Tips for Successful 12.2 Upgrade
10 Tips for Successful 12.2 Upgrade10 Tips for Successful 12.2 Upgrade
10 Tips for Successful 12.2 UpgradeOAUGNJ
 
How to make APEX print through Node.js
How to make APEX print through Node.jsHow to make APEX print through Node.js
How to make APEX print through Node.jsDimitri Gielis
 
Migration to Oracle ERP Cloud: A must read winning recipe for all
Migration to Oracle ERP Cloud: A must read winning recipe for allMigration to Oracle ERP Cloud: A must read winning recipe for all
Migration to Oracle ERP Cloud: A must read winning recipe for allJim Pang
 
Oracle EBS Apps HRMS Presentation
Oracle EBS Apps HRMS PresentationOracle EBS Apps HRMS Presentation
Oracle EBS Apps HRMS PresentationFeras Ahmad
 
Three layer API Design Architecture
Three layer API Design ArchitectureThree layer API Design Architecture
Three layer API Design ArchitectureHarish Kumar
 
Oracle Forms to APEX conversion tool
Oracle Forms to APEX conversion toolOracle Forms to APEX conversion tool
Oracle Forms to APEX conversion toolScott Wesley
 
Oracle Integration Cloud Service (ICS) best practices learned from the field
Oracle Integration Cloud Service (ICS) best practices learned from the fieldOracle Integration Cloud Service (ICS) best practices learned from the field
Oracle Integration Cloud Service (ICS) best practices learned from the fieldRobert van Mölken
 
HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf Ales Lichtenberg
 
Oracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & glOracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & glmagnifics
 
Troubleshooting APEX Performance Issues
Troubleshooting APEX Performance IssuesTroubleshooting APEX Performance Issues
Troubleshooting APEX Performance IssuesRoel Hartman
 
Optimize DR and Cloning with Logical Hostnames in Oracle E-Business Suite (OA...
Optimize DR and Cloning with Logical Hostnames in Oracle E-Business Suite (OA...Optimize DR and Cloning with Logical Hostnames in Oracle E-Business Suite (OA...
Optimize DR and Cloning with Logical Hostnames in Oracle E-Business Suite (OA...Andrejs Prokopjevs
 
#OOW16 - Risk Management Cloud / GRC General Session
#OOW16 - Risk Management Cloud / GRC General Session#OOW16 - Risk Management Cloud / GRC General Session
#OOW16 - Risk Management Cloud / GRC General SessionDane Roberts
 
Introduction to Oracle Financials
Introduction to Oracle FinancialsIntroduction to Oracle Financials
Introduction to Oracle Financialshasan2000
 
Oracle APEX Social Login
Oracle APEX Social LoginOracle APEX Social Login
Oracle APEX Social Loginmsewtz
 
Salesforce REST API
Salesforce REST API Salesforce REST API
Salesforce REST API Bohdan Dovhań
 
MySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA ToolMySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA ToolMiguel Araújo
 
Implementing Cloud Financials
Implementing Cloud FinancialsImplementing Cloud Financials
Implementing Cloud FinancialsOHUG
 
Oracle Fusion Financial Report Centre Reporting Beginner course
Oracle Fusion Financial Report Centre Reporting Beginner courseOracle Fusion Financial Report Centre Reporting Beginner course
Oracle Fusion Financial Report Centre Reporting Beginner courseKhalil Rehman NLP (MPrac) MCIPS, PMP,OCP
 
Oracle Fusion HCM Presentation
Oracle Fusion HCM PresentationOracle Fusion HCM Presentation
Oracle Fusion HCM PresentationFeras Ahmad
 
The Role of Kerberos in Identity Mgmt
The Role of Kerberos in Identity MgmtThe Role of Kerberos in Identity Mgmt
The Role of Kerberos in Identity MgmtISACA New England
 
Migrate Oracle Forms & Reports
Migrate Oracle Forms & ReportsMigrate Oracle Forms & Reports
Migrate Oracle Forms & Reportskshukla5
 

More Related Content

What's hot

Oracle hcm cloud overview
Oracle hcm cloud overviewOracle hcm cloud overview
Oracle hcm cloud overviewTrevor Hewitt
 
10 Tips for Successful 12.2 Upgrade
10 Tips for Successful 12.2 Upgrade10 Tips for Successful 12.2 Upgrade
10 Tips for Successful 12.2 UpgradeOAUGNJ
 
How to make APEX print through Node.js
How to make APEX print through Node.jsHow to make APEX print through Node.js
How to make APEX print through Node.jsDimitri Gielis
 
Migration to Oracle ERP Cloud: A must read winning recipe for all
Migration to Oracle ERP Cloud: A must read winning recipe for allMigration to Oracle ERP Cloud: A must read winning recipe for all
Migration to Oracle ERP Cloud: A must read winning recipe for allJim Pang
 
Oracle EBS Apps HRMS Presentation
Oracle EBS Apps HRMS PresentationOracle EBS Apps HRMS Presentation
Oracle EBS Apps HRMS PresentationFeras Ahmad
 
Three layer API Design Architecture
Three layer API Design ArchitectureThree layer API Design Architecture
Three layer API Design ArchitectureHarish Kumar
 
Oracle Forms to APEX conversion tool
Oracle Forms to APEX conversion toolOracle Forms to APEX conversion tool
Oracle Forms to APEX conversion toolScott Wesley
 
Oracle Integration Cloud Service (ICS) best practices learned from the field
Oracle Integration Cloud Service (ICS) best practices learned from the fieldOracle Integration Cloud Service (ICS) best practices learned from the field
Oracle Integration Cloud Service (ICS) best practices learned from the fieldRobert van Mölken
 
HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf Ales Lichtenberg
 
Oracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & glOracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & glmagnifics
 
Troubleshooting APEX Performance Issues
Troubleshooting APEX Performance IssuesTroubleshooting APEX Performance Issues
Troubleshooting APEX Performance IssuesRoel Hartman
 
Optimize DR and Cloning with Logical Hostnames in Oracle E-Business Suite (OA...
Optimize DR and Cloning with Logical Hostnames in Oracle E-Business Suite (OA...Optimize DR and Cloning with Logical Hostnames in Oracle E-Business Suite (OA...
Optimize DR and Cloning with Logical Hostnames in Oracle E-Business Suite (OA...Andrejs Prokopjevs
 
#OOW16 - Risk Management Cloud / GRC General Session
#OOW16 - Risk Management Cloud / GRC General Session#OOW16 - Risk Management Cloud / GRC General Session
#OOW16 - Risk Management Cloud / GRC General SessionDane Roberts
 
Introduction to Oracle Financials
Introduction to Oracle FinancialsIntroduction to Oracle Financials
Introduction to Oracle Financialshasan2000
 
Oracle APEX Social Login
Oracle APEX Social LoginOracle APEX Social Login
Oracle APEX Social Loginmsewtz
 
MySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA ToolMySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA ToolMiguel Araújo
 
Implementing Cloud Financials
Implementing Cloud FinancialsImplementing Cloud Financials
Implementing Cloud FinancialsOHUG
 
Oracle Fusion HCM Presentation
Oracle Fusion HCM PresentationOracle Fusion HCM Presentation
Oracle Fusion HCM PresentationFeras Ahmad
 

What's hot (20)

Oracle hcm cloud overview
Oracle hcm cloud overviewOracle hcm cloud overview
Oracle hcm cloud overview
 
10 Tips for Successful 12.2 Upgrade
10 Tips for Successful 12.2 Upgrade10 Tips for Successful 12.2 Upgrade
10 Tips for Successful 12.2 Upgrade
 
How to make APEX print through Node.js
How to make APEX print through Node.jsHow to make APEX print through Node.js
How to make APEX print through Node.js
 
Migration to Oracle ERP Cloud: A must read winning recipe for all
Migration to Oracle ERP Cloud: A must read winning recipe for allMigration to Oracle ERP Cloud: A must read winning recipe for all
Migration to Oracle ERP Cloud: A must read winning recipe for all
 
Oracle EBS Apps HRMS Presentation
Oracle EBS Apps HRMS PresentationOracle EBS Apps HRMS Presentation
Oracle EBS Apps HRMS Presentation
 
Three layer API Design Architecture
Three layer API Design ArchitectureThree layer API Design Architecture
Three layer API Design Architecture
 
Oracle Forms to APEX conversion tool
Oracle Forms to APEX conversion toolOracle Forms to APEX conversion tool
Oracle Forms to APEX conversion tool
 
Oracle Integration Cloud Service (ICS) best practices learned from the field
Oracle Integration Cloud Service (ICS) best practices learned from the fieldOracle Integration Cloud Service (ICS) best practices learned from the field
Oracle Integration Cloud Service (ICS) best practices learned from the field
 
HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf
 
Oracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & glOracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & gl
 
Troubleshooting APEX Performance Issues
Troubleshooting APEX Performance IssuesTroubleshooting APEX Performance Issues
Troubleshooting APEX Performance Issues
 
Optimize DR and Cloning with Logical Hostnames in Oracle E-Business Suite (OA...
Optimize DR and Cloning with Logical Hostnames in Oracle E-Business Suite (OA...Optimize DR and Cloning with Logical Hostnames in Oracle E-Business Suite (OA...
Optimize DR and Cloning with Logical Hostnames in Oracle E-Business Suite (OA...
 
#OOW16 - Risk Management Cloud / GRC General Session
#OOW16 - Risk Management Cloud / GRC General Session#OOW16 - Risk Management Cloud / GRC General Session
#OOW16 - Risk Management Cloud / GRC General Session
 
Introduction to Oracle Financials
Introduction to Oracle FinancialsIntroduction to Oracle Financials
Introduction to Oracle Financials
 
Oracle APEX Social Login
Oracle APEX Social LoginOracle APEX Social Login
Oracle APEX Social Login
 
Salesforce REST API
Salesforce REST API Salesforce REST API
Salesforce REST API
 
MySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA ToolMySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA Tool
 
Implementing Cloud Financials
Implementing Cloud FinancialsImplementing Cloud Financials
Implementing Cloud Financials
 
Oracle Fusion Financial Report Centre Reporting Beginner course
Oracle Fusion Financial Report Centre Reporting Beginner courseOracle Fusion Financial Report Centre Reporting Beginner course
Oracle Fusion Financial Report Centre Reporting Beginner course
 
Oracle Fusion HCM Presentation
Oracle Fusion HCM PresentationOracle Fusion HCM Presentation
Oracle Fusion HCM Presentation
 

Viewers also liked

The Role of Kerberos in Identity Mgmt
The Role of Kerberos in Identity MgmtThe Role of Kerberos in Identity Mgmt
The Role of Kerberos in Identity MgmtISACA New England
 
Migrate Oracle Forms & Reports
Migrate Oracle Forms & ReportsMigrate Oracle Forms & Reports
Migrate Oracle Forms & Reportskshukla5
 
Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...Andrejs Prokopjevs
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureAtul Goyal
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101OneLogin
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
Web Security Programming I I
Web Security Programming I IWeb Security Programming I I
Web Security Programming I IPavu Jas
 
Palestra cheng nutrition
Palestra cheng nutritionPalestra cheng nutrition
Palestra cheng nutritionfruticultura
 
OpenThink Labs Training : Diving into Java, Breaking the Surface
OpenThink Labs Training : Diving into Java, Breaking the SurfaceOpenThink Labs Training : Diving into Java, Breaking the Surface
OpenThink Labs Training : Diving into Java, Breaking the SurfaceWildan Maulana
 
Zhao_Work samples
Zhao_Work samplesZhao_Work samples
Zhao_Work samplesYajing Zhao
 
Does simultaneous outsourcing of all your purchase-to-pay processes and achie...
Does simultaneous outsourcing of all your purchase-to-pay processes and achie...Does simultaneous outsourcing of all your purchase-to-pay processes and achie...
Does simultaneous outsourcing of all your purchase-to-pay processes and achie...sharedserviceslink.com
 
Difrentiation
DifrentiationDifrentiation
Difrentiationlecturer
 
WASH United India | Fellowships | Round 2
WASH United India | Fellowships | Round 2WASH United India | Fellowships | Round 2
WASH United India | Fellowships | Round 2WASH United
 
Paul Cragg Larsen - FINRA BrokerCheck Report
Paul Cragg Larsen - FINRA BrokerCheck ReportPaul Cragg Larsen - FINRA BrokerCheck Report
Paul Cragg Larsen - FINRA BrokerCheck Reportvernonhealy
 
Kessan 1708682945115077
Kessan 1708682945115077Kessan 1708682945115077
Kessan 1708682945115077yoshikawa0521
 
Most people cannot say - even to themselves - what their "Business Model" is
Most people cannot say - even to themselves - what their "Business Model" is Most people cannot say - even to themselves - what their "Business Model" is
Most people cannot say - even to themselves - what their "Business Model" is S K "Bal" Palekar
 
Quantum Entanglement - Cryptography and Communication
Quantum Entanglement - Cryptography and CommunicationQuantum Entanglement - Cryptography and Communication
Quantum Entanglement - Cryptography and CommunicationYi-Hsueh Tsai
 
Removal of Transformation Errors by Quarterion In Multi View Image Registration
Removal of Transformation Errors by Quarterion In Multi View Image RegistrationRemoval of Transformation Errors by Quarterion In Multi View Image Registration
Removal of Transformation Errors by Quarterion In Multi View Image RegistrationIDES Editor
 

Viewers also liked (19)

The Role of Kerberos in Identity Mgmt
The Role of Kerberos in Identity MgmtThe Role of Kerberos in Identity Mgmt
The Role of Kerberos in Identity Mgmt
 
Migrate Oracle Forms & Reports
Migrate Oracle Forms & ReportsMigrate Oracle Forms & Reports
Migrate Oracle Forms & Reports
 
Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 Architecture
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
Anh vui
Anh vuiAnh vui
Anh vui
 
Web Security Programming I I
Web Security Programming I IWeb Security Programming I I
Web Security Programming I I
 
Palestra cheng nutrition
Palestra cheng nutritionPalestra cheng nutrition
Palestra cheng nutrition
 
OpenThink Labs Training : Diving into Java, Breaking the Surface
OpenThink Labs Training : Diving into Java, Breaking the SurfaceOpenThink Labs Training : Diving into Java, Breaking the Surface
OpenThink Labs Training : Diving into Java, Breaking the Surface
 
Zhao_Work samples
Zhao_Work samplesZhao_Work samples
Zhao_Work samples
 
Does simultaneous outsourcing of all your purchase-to-pay processes and achie...
Does simultaneous outsourcing of all your purchase-to-pay processes and achie...Does simultaneous outsourcing of all your purchase-to-pay processes and achie...
Does simultaneous outsourcing of all your purchase-to-pay processes and achie...
 
Difrentiation
DifrentiationDifrentiation
Difrentiation
 
WASH United India | Fellowships | Round 2
WASH United India | Fellowships | Round 2WASH United India | Fellowships | Round 2
WASH United India | Fellowships | Round 2
 
Paul Cragg Larsen - FINRA BrokerCheck Report
Paul Cragg Larsen - FINRA BrokerCheck ReportPaul Cragg Larsen - FINRA BrokerCheck Report
Paul Cragg Larsen - FINRA BrokerCheck Report
 
Kessan 1708682945115077
Kessan 1708682945115077Kessan 1708682945115077
Kessan 1708682945115077
 
Most people cannot say - even to themselves - what their "Business Model" is
Most people cannot say - even to themselves - what their "Business Model" is Most people cannot say - even to themselves - what their "Business Model" is
Most people cannot say - even to themselves - what their "Business Model" is
 
Quantum Entanglement - Cryptography and Communication
Quantum Entanglement - Cryptography and CommunicationQuantum Entanglement - Cryptography and Communication
Quantum Entanglement - Cryptography and Communication
 
Removal of Transformation Errors by Quarterion In Multi View Image Registration
Removal of Transformation Errors by Quarterion In Multi View Image RegistrationRemoval of Transformation Errors by Quarterion In Multi View Image Registration
Removal of Transformation Errors by Quarterion In Multi View Image Registration
 

Similar to Oracle Access Manager integration with WNA/AD

Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...Alfredo Krieg
 
Oracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18cOracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18cAiougVizagChapter
 
Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Kellyn Pot'Vin-Gorman
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debuggingMaarten Smeets
 
Weblogic scripting LVOUG meetup #11
Weblogic scripting LVOUG meetup #11Weblogic scripting LVOUG meetup #11
Weblogic scripting LVOUG meetup #11Andrejs Vorobjovs
 
Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016Kellyn Pot'Vin-Gorman
 
Kscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKellyn Pot'Vin-Gorman
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxlior mazor
 
Oracle Key Vault Overview
Oracle Key Vault OverviewOracle Key Vault Overview
Oracle Key Vault OverviewTroy Kitch
 
veshaal-singh-ebs-oracle cloud(iaas+paas)
veshaal-singh-ebs-oracle cloud(iaas+paas)veshaal-singh-ebs-oracle cloud(iaas+paas)
veshaal-singh-ebs-oracle cloud(iaas+paas)aioughydchapter
 
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...Insight Technology, Inc.
 
Oracle Cloud Storage Service & Oracle Database Backup Cloud Service
Oracle Cloud Storage Service & Oracle Database Backup Cloud ServiceOracle Cloud Storage Service & Oracle Database Backup Cloud Service
Oracle Cloud Storage Service & Oracle Database Backup Cloud ServiceJean-Philippe PINTE
 
Using MySQL Enterprise Monitor for Continuous Performance Improvement
Using MySQL Enterprise Monitor for Continuous Performance ImprovementUsing MySQL Enterprise Monitor for Continuous Performance Improvement
Using MySQL Enterprise Monitor for Continuous Performance ImprovementMark Matthews
 
Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Harin Vadodaria
 
OOW16 - Running your E-Business Suite on Oracle Cloud (IaaS + PaaS) - Why, Wh...
OOW16 - Running your E-Business Suite on Oracle Cloud (IaaS + PaaS) - Why, Wh...OOW16 - Running your E-Business Suite on Oracle Cloud (IaaS + PaaS) - Why, Wh...
OOW16 - Running your E-Business Suite on Oracle Cloud (IaaS + PaaS) - Why, Wh...vasuballa
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov
 
MySQL Enterprise Portfolio
MySQL Enterprise PortfolioMySQL Enterprise Portfolio
MySQL Enterprise PortfolioAbel Flórez
 
MySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMark Swarbrick
 
Powering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon WorkspacesPowering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon WorkspacesAmazon Web Services
 

Similar to Oracle Access Manager integration with WNA/AD (20)

Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
 
Oracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18cOracle database in cloud, dr in cloud and overview of oracle database 18c
Oracle database in cloud, dr in cloud and overview of oracle database 18c
 
Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debugging
 
Weblogic scripting LVOUG meetup #11
Weblogic scripting LVOUG meetup #11Weblogic scripting LVOUG meetup #11
Weblogic scripting LVOUG meetup #11
 
Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016
 
Kscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise Manager
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
 
Oracle Key Vault Overview
Oracle Key Vault OverviewOracle Key Vault Overview
Oracle Key Vault Overview
 
veshaal-singh-ebs-oracle cloud(iaas+paas)
veshaal-singh-ebs-oracle cloud(iaas+paas)veshaal-singh-ebs-oracle cloud(iaas+paas)
veshaal-singh-ebs-oracle cloud(iaas+paas)
 
Aruba OS 7.3 User Guide
Aruba OS 7.3 User GuideAruba OS 7.3 User Guide
Aruba OS 7.3 User Guide
 
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...
 
Oracle Cloud Storage Service & Oracle Database Backup Cloud Service
Oracle Cloud Storage Service & Oracle Database Backup Cloud ServiceOracle Cloud Storage Service & Oracle Database Backup Cloud Service
Oracle Cloud Storage Service & Oracle Database Backup Cloud Service
 
Using MySQL Enterprise Monitor for Continuous Performance Improvement
Using MySQL Enterprise Monitor for Continuous Performance ImprovementUsing MySQL Enterprise Monitor for Continuous Performance Improvement
Using MySQL Enterprise Monitor for Continuous Performance Improvement
 
Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016
 
OOW16 - Running your E-Business Suite on Oracle Cloud (IaaS + PaaS) - Why, Wh...
OOW16 - Running your E-Business Suite on Oracle Cloud (IaaS + PaaS) - Why, Wh...OOW16 - Running your E-Business Suite on Oracle Cloud (IaaS + PaaS) - Why, Wh...
OOW16 - Running your E-Business Suite on Oracle Cloud (IaaS + PaaS) - Why, Wh...
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server
 
MySQL Enterprise Portfolio
MySQL Enterprise PortfolioMySQL Enterprise Portfolio
MySQL Enterprise Portfolio
 
MySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance Tuning
 
Powering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon WorkspacesPowering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon Workspaces
 

Recently uploaded

Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinojohnmickonozaleda
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 

Recently uploaded (20)

Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipino
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 

Oracle Access Manager integration with WNA/AD

  • 1. Oracle Access Manager integration with WNA/AD 122nd November 2015 Hyderabad, India #AIOUG SANGAM 15 Sumit Gupta . . . . meeting of minds
  • 2. Introduction • Presenter – Sumit Gupta • 10+ Years experience in Oracle Fusion Middleware • OPN Certified IAM Expert – Oracle Identity Manager 11g Certified Implementation Specialist – Oracle Access Management Suite Plus 11g Implementation Specialist – Oracle Certified Associate, Oracle Weblogic Server 12c administrator • Presenter – UKOUG Tech 14 – Liverpool, UK – Middleware SIG – Reading, UK – Sangam 2015 – Hyderabad, India – UKOUG Tech 15 – Birmingham, UK • Blogger (www.OraWorld.co.uk) – More than 150 articles – 1200 + subscribers www.OraWorld.co.ukwww.OraWorld.co.uk 2Copyright © 2015, OraWorld Ltd. All rights reseved
  • 3. Agenda • Windows Native Authentication Overview • Kerberos Basics • WNA Configurations • WNA Testing (Demo Viewlet) • WNA Sequence Flow • Lessons Learnt • References • QnA Session www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 3
  • 4. Windows Native Authentication www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 4
  • 5. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 5 • Native authentication protocol in Active Directory • Kerberos Domain • Principal (Machines, Services & Users) – Service Principal Name (SPN) • PROTOCOL/hostname for services • username@DOMAIN for users • Key Distribution Center (KDC) • Ticket Granting Ticket (TGT) • Service Ticket (ST)
  • 6. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 6
  • 7. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 7
  • 8. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 8
  • 9. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 9
  • 10. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 10
  • 11. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 11
  • 12. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 12
  • 13. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 13
  • 14. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 14
  • 15. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 15
  • 16. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 16
  • 17. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 17
  • 18. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 18
  • 19. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 19
  • 20. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 20
  • 21. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 21
  • 22. Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 22
  • 23. WNA High Level Steps • Tasks on the Windows domain controller: - Configuring the domain controller to support Kerberos Authentication - Generating a keytab file for a service user • Tasks on the Oracle Access Manager server: - Configuring an Active Directory identity store - Configuring a Kerberos authentication module - Defining a policy that uses the Kerberos authentication module to protect resources • Configuring end-user browsers 23 www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved
  • 24. WNA Configuration • Create a service user in Windows AD Server. www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 24 AD Server
  • 25. WNA Configuration • KeyTab generation – contains shared secret key of the service ktpass.exe -princ HTTP/<OHS hostname>@<AD Server Domain> -pass <Password of the user created to be mapped> – mapuser <AD DOMAINsAMAccountName of the user created > – out <Location_of_keytab_file> www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 25 AD Server
  • 26. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 26 AD Server
  • 27. WNA Configuration • Copy generated keytab (binary file) to OAM Server • Set up krb5.conf - Unix : /etc/krb5.conf on unix - Windows: C:windowskrb5.conf • KRB5_CONFIG env variable www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 27 OAM Server [logging] default = FILE:/u01/app/oracle/middleware/Oracle_IAM1/wna/krb5libs.log kdc = FILE:/u01/app/oracle/middleware/Oracle_IAM1/wna/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = OWAD.LOCAL dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 600 clock_skew= 600 udp_preference_limit= 1 default_tkt_enctypes = RC4-HMAC default_tgs_enctypes = RC4-HMAC [realms] OWAD.LOCAL = { kdc = owwin-ad.owad.local admin_server = owwin-ad.owad.local default_domain = OWAD.LOCAL } [domain_realm] .owad.local = OWAD.LOCAL owad.local = OWAD.LOCAL
  • 28. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 28 OAM Server • Klist commands [orafmw@iam ~]$ klist -e klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_500) Kerberos 4 ticket cache: /tmp/tkt500 klist: You have no tickets cached [orafmw@iam ~]$ klist -k /u01/app/oracle/middleware/Oracle_IAM1/wna/oraworld.keytab -t -K -e Keytab name: FILE:/u01/app/oracle/middleware/Oracle_IAM1/wna/oraworld.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 3 01/01/70 01:00:00 HTTP/oraworld.com@OWAD.LOCAL (ArcFour with HMAC/md5) (0x1d1b117a1db40dc241f7838b083a6b9d)
  • 29. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 29 OAM Server • Kinit command [orafmw@iam ~]$ kinit -V HTTP/oraworld.com@OWAD.LOCAL -k -t /u01/app/oracle/middleware/Oracle_IAM1/wna/oraworld.keytab Authenticated to Kerberos v5 [orafmw@iam ~]$ klist -e Ticket cache: FILE:/tmp/krb5cc_500 Default principal: HTTP/oraworld.com@OWAD.LOCAL Valid starting Expires Service principal 06/22/15 11:47:22 06/22/15 21:47:27 krbtgt/OWAD.LOCAL@OWAD.LOCAL renew until 06/23/15 11:47:22, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 Kerberos 4 ticket cache: /tmp/tkt500 klist: You have no tickets cached
  • 30. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 30 OAM Server
  • 31. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 31 OAM Server
  • 32. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 32 OAM Server
  • 33. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 33 OAM Server
  • 34. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 34 OAM Server
  • 35. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 35 OAM Server
  • 36. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 36 OAM Server
  • 37. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 37 OAM Server
  • 38. WNA Configuration www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 38 OAM Server
  • 39. Browser Configuration www.OraWorld.co.uk 39 Copyright © 2015, OraWorld Ltd. All rights reserved 39 • Open Internet Explorer • Go to Tools > Internet Options > Security > Local Intranet > Advanced • Add OAM Server host name Internet Explorer
  • 40. Browser Configuration www.OraWorld.co.uk 40 Copyright © 2015, OraWorld Ltd. All rights reserved 40 Internet Explorer
  • 41. Browser Configuration www.OraWorld.co.uk 41 Copyright © 2015, OraWorld Ltd. All rights reserved 41 Internet Explorer
  • 42. Browser Configuration www.OraWorld.co.uk 42 Copyright © 2015, OraWorld Ltd. All rights reserved 42 • Go to Advanced tab > Security • Check the box besides – Enable Integrated Windows Authentication Internet Explorer
  • 43. Browser Configuration www.OraWorld.co.uk 43 Copyright © 2015, OraWorld Ltd. All rights reserved 43 Internet Explorer
  • 44. Browser Configuration www.OraWorld.co.uk 44 Copyright © 2015, OraWorld Ltd. All rights reserved 44 • Go to Security > Local Intranet > Custom Level • Select Automatic logon only in Intranet zone • Restart Internet Explorer Internet Explorer
  • 45. Browser Configuration www.OraWorld.co.uk 45 Copyright © 2015, OraWorld Ltd. All rights reserved 45 Internet Explorer
  • 46. Browser Configuration www.OraWorld.co.uk 46 Copyright © 2015, OraWorld Ltd. All rights reserved 46 • Google Chrome uses the Internet Explorer settings. Chrome
  • 47. Browser Configuration www.OraWorld.co.uk 47 Copyright © 2015, OraWorld Ltd. All rights reserved 47 • about:config • Set network.negotiate-auth.trusted-uris to OAMHOST.DOMAIN. Firefox
  • 48. Browser Configuration www.OraWorld.co.uk 48 Copyright © 2015, OraWorld Ltd. All rights reserved 48 Firefox
  • 49. WNA Testing www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 49 • Demo Viewlet Link • https://www.youtube.com/watch?v=C-HKAN2InyY
  • 50. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 50
  • 51. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 51 OAM Server Log. <11-Jun-2015 13:03:12 o'clock BST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to /u01/app/oracle/middleware/user_projects/domains/iam_domain/servers/oam_server1/logs/oam_server1.log00059. Log messages will continue to be logged in /u01/app/oracle/middleware/user_projects/domains/iam_domain/servers/oam_server1/logs/oam_server1.log.> >>> KeyTabInputStream, readName(): OWAD.LOCAL >>> KeyTabInputStream, readName(): HTTP >>> KeyTabInputStream, readName(): oraworld.com >>> KeyTab: load() entry length: 63; type: 23 Added key: 23version: 3 Ordering keys wrt default_tkt_enctypes list default etypes for default_tkt_enctypes: 23. 0: EncryptionKey: keyType=23 kvno=3 keyValue (hex dump)= 0000: 1D 1B 11 7A 1D B4 0D C2 41 F7 83 8B 08 3A 6B 9D ...z....A....:k.
  • 52. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 52 http://oraworld.com:7777/secured/index.html GET /secured/index.html HTTP/1.1 Host: oraworld.com:7777 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive HTTP/1.1 302 Found Date: Mon, 29 Jun 2015 11:48:49 GMT Server: Oracle-Application-Server-11g Set-Cookie: OAMAuthnHintCookie=0@1435578529; httponly; path=/; domain=.com Set-Cookie: OAMRequestContext_oraworld.com:7777_505353=PSSttVqN64gXBgIbzgp8jA==;max-age=300; httponly; path=/ Location: http://oraworld.com:14100/oam/server/obrareq.cgi?encquery%3DxjRnrPN5vUi8FDE0h2Os3fXf <Trimmed> Content-Length: 652 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1
  • 53. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 53 http://oraworld.com:14100/oam/server/obrareq.cgi?encquery%<Trimmed> GET /oam/server/obrareq.cgi?encquery%3DxjRn<Trimmed>HTTP/1.1 Host: oraworld.com:14100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: OAMRequestContext_oraworld.com:7777_505353=PSSttVqN64gXBgIbzgp8jA== Connection: keep-alive HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 29 Jun 2015 11:48:49 GMT Transfer-Encoding: chunked Location: http://oraworld.com:14100/oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foa m%2FCredCollectServlet%2FWNA&request_id=- 276341910699531784&locale=en_US&resource_url=http%253A%252F%252Foraworld.com%253A7777%252Fsecured%252Finde x.html Set-Cookie: OAM_REQ_0=VERSION_4~ugKPHSCILJo%<Trimmed>; path=/; HttpOnly Set-Cookie: OAM_REQ_COUNT=VERSION_4~1; path=/; HttpOnly X-ORACLE-DMS-ECID: 74645cb114abea27:-3751213f:14dfcde14b8:-8000-0000000000029fd1
  • 54. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 54 http://oraworld.com:14100/oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foam%2F CredCollectServlet%2FWNA&request_id=- 276341910699531784&locale=en_US&resource_url=http%253A%252F%252Foraworld.com%253A7777%252Fsecured%252Finde x.html GET /oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foam%2FCredCollectServlet%2 FWNA&request_id=- 276341910699531784&locale=en_US&resource_url=http%253A%252F%252Foraworld.com%253A7777%252Fsecured%252Finde x.html HTTP/1.1 Host: oraworld.com:14100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: OAMRequestContext_oraworld.com:7777_505353=<Trimmed>OAM_REQ_COUNT=VERSION_4~1 Connection: keep-alive HTTP/1.1 401 Unauthorized Cache-Control: no-cache, no-store Date: Mon, 29 Jun 2015 11:48:50 GMT Pragma: no-cache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: 0 WWW-Authenticate: Negotiate WWW-Authenticate: Basic realm="OAM 11g"
  • 55. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 55 http://oraworld.com:14100/oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foam%2F CredCollectServlet%2FWNA&request_id=- 23&locale=en_US&resource_url=http%253A%252F%252Foraworld.com%253A7777%252Fsecured%252Findex.html GET /oam/CredCollectServlet/WNA?authn_try_count=0&spnegotoken=string&challenge_url=%2Foam%2FCredCollectServlet%2FWNA &request_id=-27784&locale=en_US&resource_url=http%253A%252F%252Foraworld.com777%252Fsecured?Findex.html HTTP/1.1 Host: oraworld.com:14100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Cookie: OAMRequestContext_oraworld.com:7777_50<Trimmed>LJeWMsd; OAM_REQ_COUNT=VERSION_4~1 Connection: keep-alive Authorization: Negotiate YIIGlgYGKwYBBQUCoIIGijCCBoagMDA<Trimmed>== HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 29 Jun 2015 11:48:50 GMT Transfer-Encoding: chunked Location: http://oraworld.com:7777/obrar.cgi?encreply=<Trimmed> Set-Cookie: OAM_ID=VERSION_4~SrAPo4Sh9v3M<Trimmed>; path=/; HttpOnly Set-Cookie: OAM_GITO=v1~uid:Wnauser1r&<Trimmed>c-oraworld.c&; path=/; HttpOnly; expires=Thu, 01-Jan-1970 01:00:00 GMT Set-Cookie: OAM_REQ_0=invalid; path=/; HttpOnly X-ORACLE-DMS-ECID: 74645cb114abea27:-3751213f:14dfcde14b8:-8000-0000000000029fd6
  • 56. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 56
  • 57. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 57 http://oraworld.com:7777/obrar.cgi?encreply=<Trimmed> GET /obrar.cgi?encreply=<Trimmed>k%3D HTTP/1.1 Host: oraworld.com:7777 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: OAMRequestContext_oraworld.com:7777_505353=PSSt<Trimmed>rr2SMpNMOF2B/DbQk3/N1Ua1onzJ Connection: keep-alive HTTP/1.1 302 Found Date: Mon, 29 Jun 2015 11:48:52 GMT Server: Oracle-Application-Server-11g Set-Cookie: OAMRequestContext_oraworld.com:7777_505353=;expires=thursday, 01-jan-1970 01:00:00 gmt; httponly; path=/ Set-Cookie: OAMAuthnCookie_oraworld.com:7777=<Trimmed>%3D;httponly; path=/ Set-Cookie: OAMAuthnHintCookie=X; httponly; path=/ Location: /secured/index.html Content-Length: 230 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1
  • 58. WNA Sequence Diagram www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 58 http://oraworld.com:7777/secured/index.html GET /secured/index.html HTTP/1.1 Host: oraworld.com:7777 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: OAM_REQ_0=invalid; OAM_REQ_COUNT=VERSION_4~1; OAM_ID=VERSION_4~SrAPo4Sh9v3Mz9YtR0IUJQ==~<Trimmed<; OAMAuthnHintCookie=X Connection: keep-alive HTTP/1.1 200 OK Date: Mon, 29 Jun 2015 11:48:52 GMT Server: Oracle-Application-Server-11g Set-Cookie: OAMAuthnHintCookie=;expires=thursday, 01-jan-1970 01:00:00 gmt; httponly; path=/ Set-Cookie: OAMAuthnHintCookie=1; httponly; path=/; domain=.com Cache-Control: no-cache Pragma: no-cache Last-Modified: Tue, 23 Jun 2015 19:07:39 GMT Etag: "bc06de-3cd-519341a9c54c0” Accept-Ranges: bytes Content-Length: 973 Connection: Keep-Alive Content-Type: text/html Content-Language: en
  • 59. • NTLM versus Kerberos - SPNEGO token can contain either NTLM or Kerberos token depending on the Windows client capabilities. All pre–Windows 2000 clients use NTLM. AD domains by default support “mixed” mode. - If Kerberos fails, the client falls back to NTLM. - HTTP header logger or Fiddler are best to diagnose this. Browser logging can also help. • Clock Skew Errors - Synchronize clocks on both your OAM Server and the AD server . 59 59 www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved Lessons Learnt
  • 60. • Error: - kinit(v5): Key table entry not found while getting initial credentials - kinit(v5): Preauthentication failed while getting initial credentials - kinit(v5): KDC reply did not match expectations while getting initial credentials • PROTOCOL and DOMAIN NAME are always in CAPITAL LETTERS. • hostname and username are always in lower case. 60 60 www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved Lessons Learnt
  • 61. • Configuring Access Manager for Windows Native Authentication OAM 11g WNA Step by Step Setup Guide (Doc ID 1416860.1) • WNA Basics • WNA for multiple AD forest. • Oracle Access Manager 11g WNA Quick Start Guide (Doc ID 1416903.1) • http://tools.ietf.org/html/rfc4559 • Trouble Shooting OAM 11g WNA Issues Quick Start Guide (Doc ID 1433554.1) • Blogs: Enable Logging & Lessons Learnt • Kerberos Basics www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 61 References
  • 62. QnA www.OraWorld.co.uk Copyright © 2015, OraWorld Ltd. All rights reserved 62