My Oracle Support Banner

Trouble Shooting Guide For Oracle Access Manager (OAM) Authentication Issues Federation Authentication(Authn) or Authorization (Authz) Protocols (Doc ID 2848781.1)

Last updated on FEBRUARY 11, 2022

Applies to:

Oracle Access Manager - Version 12.2.1.3.0 and later
Information in this document applies to any platform.

Goal

Provide generic pointers for basic troubleshooting for Oracle Access Manager (OAM) Federation Protocols

Industry Standards

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

Federated identity is related to single sign-on (SSO), in which a user's single authentication ticket, or token, is trusted across multiple IT systems or even organizations. SSO is a subset of federated identity management, as it relates only to authentication and is understood on the level of technical interoperability and it would not be possible without some sort of federation.[4]

Technologies used for federated identity include Security Assertion Markup Language (SAML), OAuth, OpenID, Simple Web Tokens, JSON Web Tokens, and SAML assertions (Security Tokens), Web Service Specifications, and Windows Identity Foundation.

Security Assertion Markup Language (SAML) - An open standard for exchanging AuthN and AuthZ data between parties, in particular, between an identity provider and a service provider. It is an XML-based markup language for security assertions.

OAuth - An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. It is an an authorization protocol — or in other words, a set of rules — that allows a third-party website or application to access a user's data without the user needing to share login credentials.

OpenID Connect (OIDC) - An authentication layer on top of OAuth 2.0, an authorization framework. The standard is controlled by the OpenID.

SAML vs. OAuth - SAML (Security Assertion Markup Language) is an alternative federated authentication standard that many enterprises use for Single-Sign On (SSO). SAML enables enterprises to monitor who has access to corporate resources. There are many differences between SAML and OAuth. SAML uses XML to pass messages, and OAuth uses JSON. OAuth provides a simpler mobile experience, while SAML is geared towards enterprise security. That last point is a key differentiator: OAuth uses API calls extensively.

The Oracle Access Manager Team recommends being at the latest product version release, patch-set, and Bundle Patch that is available for the specific component being used. This helps insure that you have the latest fixes/product functionality and helps avoid unnecessary rediscovery of known issues.

 

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
 Industry Standards
Solution
 Know Your Environment
 Ask Yourself ...
 Simplify Environment As much As Passable
 Quick Test Verification
  Possible Quick Fixes
 How To Verify OAM Component Versions
 Bundle Patch Information
 Documentation Certification Software
 OAM Product Documentation
 OAM Product Certification Matrix
 OAM Software
 Good to Know Information
 Tools
 Additional Trouble Shooting Tips
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.