Trouble Shooting Guide For Oracle Access Manager (OAM) Authentication Issues Federation Authentication(Authn) or Authorization (Authz) Protocols
(Doc ID 2848781.1)
Last updated on OCTOBER 05, 2022
Applies to:
Oracle Access Manager - Version 12.2.1.3.0 and laterInformation in this document applies to any platform.
Goal
Provide generic pointers for basic troubleshooting for Oracle Access Manager (OAM) Federation Protocols
Industry Standards
A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
Federated identity is related to single sign-on (SSO), in which a user's single authentication ticket, or token, is trusted across multiple IT systems or even organizations. SSO is a subset of federated identity management, as it relates only to authentication and is understood on the level of technical interoperability and it would not be possible without some sort of federation.[4]
Technologies used for federated identity include Security Assertion Markup Language (SAML), OAuth, OpenID, Simple Web Tokens, JSON Web Tokens, and SAML assertions (Security Tokens), Web Service Specifications, and Windows Identity Foundation.
Security Assertion Markup Language (SAML) - An open standard for exchanging AuthN and AuthZ data between parties, in particular, between an identity provider and a service provider. It is an XML-based markup language for security assertions.
OAuth - An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. It is an an authorization protocol — or in other words, a set of rules — that allows a third-party website or application to access a user's data without the user needing to share login credentials.
OpenID Connect (OIDC) - An authentication layer on top of OAuth 2.0, an authorization framework. The standard is controlled by the OpenID.
SAML vs. OAuth - SAML (Security Assertion Markup Language) is an alternative federated authentication standard that many enterprises use for Single-Sign On (SSO). SAML enables enterprises to monitor who has access to corporate resources. There are many differences between SAML and OAuth. SAML uses XML to pass messages, and OAuth uses JSON. OAuth provides a simpler mobile experience, while SAML is geared towards enterprise security. That last point is a key differentiator: OAuth uses API calls extensively.
The Oracle Access Manager Team recommends being at the latest product version release, patch-set, and Bundle Patch that is available for the specific component being used. This helps insure that you have the latest fixes/product functionality and helps avoid unnecessary rediscovery of known issues.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Industry Standards |
| Solution |
| Ask Yourself ... |
| Quick Test Verification |
| Possible Quick Fixes |
| How To Verify OAM Component Versions |
| Good to Know Information |
| Tools |
| Additional Trouble Shooting Tips |
| Bundle Patch Information |
| Documentation - Certification - Software |
| Common Problems |
| References |