Thursday, April 28, 2011

New certifications for OAM

We have released a number of new OAM 3rd party and Oracle packages/certifications on OTN -
  • 64-bit Websphere Application Server v7.0 with Portal on
    SUSE 10 & SUSE 11
    Redhat Linux 5.x
    Windows 2003 & Windows 2008
  • 32-bit ASDK on Redhat Linux 5.5
  • 32-bit Apache 2.2.x, with Apache Reverse Proxy on SUSE 10 & 11
  • 64-bit Apache 2.2.x, with Apache Reverse Proxy on SUSE 11
  • 32-bit & 64 bit Apache 2.2.x, on AIX 6.1
They can be downloaded here.

Wednesday, April 27, 2011

Its official: OAM 11g certified with EBS 12

Oracle Access Manager 11gR1 ( is now certified for use with E-Business Suite Releases 12.0.6 and 12.1.1 and up.

There are two certification paths available: one for new users, and one for users upgrading from Oracle Single Sign-On Server 10gR3 (OSSO).
  • Users who are implementing single sign-on for the first time may integrate OAM 11gR1 using Oracle E-Business Suite AccessGate Release 1.1. Oracle E-Business Suite AccessGate is a Java EE application that resides on a separate application server (Oracle WebLogic Server), and provides direct integration between Oracle E-Business Suite and Oracle Access Manager through OAM WebGate. Oracle E-Business Suite AccessGate is available at no cost to licensed Oracle E-Business Suite customers.

  • Users who are upgrading from OSSO 10gR3 can leverage their existing integration by using OAM 11gR1 with the mod_osso agent. This option allows you to migrate your existing partner application registrations from OSSO 10gR3 to OAM 11gR1, with minimal disruption to existing application integration and functionality. This integration does not require Oracle E-Business Suite AccessGate, and is supported for upgrading users only.
Detailed documentation has been published here:
Integrating Oracle E-Business Suite with Oracle Access Manager 11g using Oracle E- Business Suite AccessGate

Migrating Oracle Single Sign-On 10gR3 to Oracle Access Manager 11gR1 with Oracle E-Business Suite

Prerequisites & Interoperability
  • Oracle E-Business Suite Release 12.1 RUP 1 (12.1.1) or higher; Release 12.0 RUP 6 (12.0.6)
  • Oracle Access Manager 11gR1 ( with Bundle Patch 02 (BP02)
  • Oracle Internet Directory 11gR1 PS2 ( or higher
  • Oracle WebLogic Server 11gR1 PS2 (10.3.3) or higher
Platforms Certified
The Oracle E-Business Suite AccessGate Java application is certified to run on any operating system for which Oracle WebLogic Server 11g is certified. Refer to the Oracle Fusion Middleware 11g System Requirements for more details.

Integration with mod_osso is supported on all fully certified Oracle E-Business Suite Release 12 platforms. Refer to the My Oracle Support Certifications section for more details.

For information on operating systems supported by Oracle Access Manager and its components, refer to the Oracle Identity and Access Management 11gR1 certification matrix.

Wednesday, April 20, 2011

iOS4 tracking location data

As reported here, it turns out iOS4 is tracking and storing user location data. This data is on your phone and is backed up to machines with which you sync your iOS devices. While it doesn't appear that the data is ever accessed by Apple or 3rd parties, this raises significant privacy concerns. Plenty of people are commenting on that, so I won't belabor the point here.

Instead, I'll focus on a counterpoint.

When customers use Oracle Adaptive Access Manager to perform risk/anomaly detection and fraud prevention, often they incorporate IP/Geolocation data to help identify anomalous behavior (why are you performing a transaction from Ouagadougou when normally you log in from San Francisco?) or obvious breaches to the laws of physics (10 minutes ago you and your device were in San Francisco, now you and your device appear to be in Tenerife).

Most IP/Geolocation data is very specific to laptop/desktop types of devices. As more services are accessed using smartphones and tablets (or other non-user devices for that matter) data that helps security infrastructure understand where a user is currently - like, I don't know, say by triangulating that user's device location from nearby cell towers - could prove significantly useful in preventing fraud and therefore protecting people from criminals.

Protecting people from criminals is a good thing, right?

Apple hasn't said why they are collecting the data or how they intend/expect it to be used. That's a smart bunch of people over there, so perhaps they've already thought through the use cases above and that's why the data is there.

Or, this could also turn out to be a serious Big Brother move. What's all that I've been seeing this week about Skynet coming online and destroying humanity?

I'm gonna go download an app to find out where I've been.

Wednesday, April 13, 2011

Oracle Security Token Service – Single “thread of identity”

We are getting ready to roll out our next generation product called Oracle Security Token Service (Oracle STS), which will become the hub for brokering trust and authentication in a typical enterprise deployment. Oracle STS will help solve the identity propagation problems that we see these days in most enterprises.

Many customers have already deployed or in the process of deploying an Access Management solution to address their single-sign-on needs for their intranet and extranet users. The next level of access management problem that is trending is towards facilitating the user’s authenticated identities through multiple business systems and processes so applications can make smart decisions based on user’s identity.

In a typical enterprise environment, the applications users will have to interact with various types of applications in a distributed environment, deployed on multiple application platforms, spanning across multiple security domains. A single “thread of identity” is becoming a requirements to facilitate better and seamless user experience at the same time simplify the integration and deployment of these distributed applications and environments.

Oracle STS can be deployed as a shared service that provides a standard-based consolidated mechanism of trust brokerage between different identity domains and infrastructure tiers which can help bring down the overall cost through centralized administration, increasing end-user productivity and providing improved application security and trust enforcement through standards

Tuesday, April 12, 2011

May 4th webcast: Strong AuthN Credentials Are Not Enough

On May 4th, Mark Karlstrand, product manager for Oracle Adaptive Access Manager, will be doing a webcast discussing why strong credential based authentication is not a solution alone and why a layered approach to access security is required.

Topics covered will include contextual risk analysis, monitoring for suspicious behavior and looking for anomalies related to authentication events. Oracle Adaptive Access Manager provides tools to enable this type of monitoring to detect potentially fraudulent activity and misuse of legitimate user credentials or authentication devices. This layered approach ensures that the credential based authentication mechanism being used will not be a single point of failure.

For information about the topic and to register, go here:

Thursday, April 7, 2011

OAM 11g deployment with a multi-million user population live!

The first production deployment of OAM 11g with a multi-million user population is now live! Starting April 1st, 2011, OAM 11g is now taking 100% of authentication load from extranet web properties of Oracle. All customers that access any Oracle service over the extranet are now authenticated with Oracle Access Manager 11g.

All web authentication traffic at Oracle; intranet or extranet; desktop or iphones; end-user or programmatic, is now being handled by OAM-11g system. Collectively, this amounts to about 750 K authentications requests on a typical working day. As we transition more systems to use Corporate SSO we expect this number to grow in the coming quarters.