Trouble Shooting Oracle Access Manager (OAM) Federation Authentication(Authn) or Authorization (Authz) Protocols Starting Point (Doc ID 2833944.1)

Last updated on SEPTEMBER 11, 2023

Applies to:

Goal

Provide a starting point when trying to resolve Oracle Access Manager (OAM) Federation protocols, common issues and errors.

This is a living document that contains advice, tips and references to other documentation that can assist in diagnosing problems with an OAM authentication issues. As such it may contain errors so please provide feedback if any is found that is not correct as this document will be modified/improved as needed.

Industry Standards

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

Federated identity is related to single sign-on (SSO), in which a user's single authentication ticket, or token, is trusted across multiple IT systems or even organizations. SSO is a subset of federated identity management, as it relates only to authentication and is understood on the level of technical interoperability and it would not be possible without some sort of federation.[4]

Technologies used for federated identity include Security Assertion Markup Language (SAML), OAuth, OpenID, Simple Web Tokens, JSON Web Tokens, and SAML assertions (Security Tokens), Web Service Specifications, and Windows Identity Foundation.

Security Assertion Markup Language (SAML) - An open standard for exchanging AuthN and AuthZ data between parties, in particular, between an identity provider and a service provider. It is an XML-based markup language for security assertions.

OAuth - An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. It is an an authorization protocol — or in other words, a set of rules — that allows a third-party website or application to access a user's data without the user needing to share login credentials.

OpenID Connect (OIDC) - An authentication layer on top of OAuth 2.0, an authorization framework. The standard is controlled by the OpenID.

SAML vs. OAuth - SAML (Security Assertion Markup Language) is an alternative federated authentication standard that many enterprises use for Single-Sign On (SSO). SAML enables enterprises to monitor who has access to corporate resources. There are many differences between SAML and OAuth. SAML uses XML to pass messages, and OAuth uses JSON. OAuth provides a simpler mobile experience, while SAML is geared towards enterprise security. That last point is a key differentiator: OAuth uses API calls extensively.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.