Oracle Access Manager (OAM) Persistent Federation Data Store
(Doc ID 2851908.1)
Last updated on SEPTEMBER 11, 2023
Applies to:
Oracle Access Manager - Version 11.1.2.3.0 and laterInformation in this document applies to any platform.
Goal
To provide a starting point when wanting to use Oracle Access Manager (OAM) Federation using a persistent Federation Data Store.
When performing Federation Single Sign-on (SSO) operations, the user will be referenced in the Single Sign-on (SSO) message via a unique identifier that will then be used by the Serice Provider (SP) to map the incoming Single Sign-on (SSO) reSerice Provider (SP)onse to a local user.
Sometimes the unique identifier is an attribute part of the existing LDAP user record, such as the email address or the username, while other times, the identifier only exists for the Federation Single Sign-on (SSO) operation between the Serice Provider (SP) and Identity Provider (IdP) for a Serice Provider (SP)ecific user. In the latter case, the identifier and the user it is attached to need to be stored as account linking information in a Federation Data Store.
This note will show how to configure Oracle Access Manager (OAM) Federation to use an RDBMS as the Federation Data Store.
Important note: a persistent Federation Data Store is only required for cases where the identifiers used in the Single Sign-on (SSO) reSerice Provider (SP)onses (persistent NameID in SAML 2.0 for example) are used. It is best not to use a persistent Federation Data Store when not needed.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |
| Identifiers in Federation Messages |
| Federation Data Store |
| Configuring Oracle Access Manager (OAM) Federation to use a Federation Data Store |
| Configuring Oracle Access Manager (OAM) Federation Identity Provider (Identity Provider (IdP)) to use a Hash as NameID |