Category Archives for security

Oracle Identity Management Products – OID, OVD, OAM, OIM, ORM, OWSM, OIF, eSSO, OES, OAAM

Oracle Identity Management  is Fusion Middleware Component which covers following Identity & Access Management software including Directory Server. 1. Oracle Access Manager (OAM) : Identity and Access Management product acquired from Oblix (Oblix COREid Access & Identity) more here here  2. Oracle Identity Manager (OIM) : User Provisioning product acquired from Thor more here 3. Oracle Role […]

Read More

Oracle Access Manager Questions & Answers

Hi all, Here I am going to post OAM questions and answers. Oracle Access Manager is a state-of-the-art solution for both centralized identity management and access control, providing an integrated standards-based solution that delivers authentication, web single sign-on, access policy creation and enforcement, user self-registration and self-service, delegated administration, reporting, and auditing.     Q: What is […]

Read More

Protecting WebLogic Server application using Oracle Entitlement Server

This post talks about protecting a WebLogic server application using Oracle Entitlement Server. This means coarse grained access which is page level access based on user user roles. Though OES is meant for fine grained access, we will discuss how a basic WL app can be protected at first. Later if you want to provide […]

Read More

Overview of Securing Web Services in Fusion Middleware 11g (SOA / ADF / WebCenter)

This post covers basic concepts around securing web services in Fusion Middleware 11g. If you are administrator or developer, working on Fusion Middleware (and developing/managing web services) then you may find this post useful (This post covers conceptual points around web services security. For detailed steps and advanced topics stay tuned to this blog) 1) WebServices in […]

Read More

short presentation on Oracle Web Services Manager – OWSM in 11g R1

Here is short presentation on“introduction of Oracle Web Services Manager (OWSM) 11g R1” from Vikas Jain OWSM is tool to secure Web Services (+ more) and provides centralized management of policies (using OWSM Policy Manager). OWSM agents are already embedded in WebLogic Server (for more information on WebLogic click here) . . OWSM is completely […]

Read More

EBS 11i Application Access Control

Limiting Users from Specific IP to Access EBS. Business need here is to allow certain IPs only to access e-business suite, Bellow mentioned is a very common way, <Directory /> Order allow,deny Allow from 10.172.152.114 10.171.145.134 </Directory> This will serve our purpose, but there are two main issues 1) When running Autoconfig, these changes will […]

Read More

Listener Security – Important Tips

Turn on Logging In order to know, which listener commands were executing, one should enable the logging by the following: LSNRCTL> set log_directory  …/log LSNRCTL> set log_file Listener_<sid name>.log LSNRCTL> set log_status on LSNRCTL> save_config Set the Listener Password Setting Listener Password is strongly recommended in order to prevent the distinct attacks. There are two […]

Read More

Security in Oracle WebLogic : Realm, Security Provider, Authentication, Authorization, Users

Security Providers – are modules that provide security service to application to protect Weblogic resource. Types of security providers in WebLogic Server are Authentication Provider, Authorization Provider, Auditing Providers, Credential Mapping Provider, Identity Assertion Provider, Principal Validation Provider, Adjudication Providers, Role Mapping Providers, Certificate Lookup and Validation Providers, Keystore Providers and Realm Adapter providers. Security Provider […]

Read More

Is your Single Sign-On (AS-SSO) Server revealing too much information ?

Without going too much into write-up, lets evaluate Oracle’s own implementation of Single Sign-On Server i.e.  https://login.oracle.com  (In use by application like OTN, Conference.. ) Server Name & Identity Management Version If you check screen shot (Oracle’s Login Server i.e. https://login.oracle.com), you can figure out that Login server (Single Sign-On Server) is using Oracle Identity Management (10.1.4.0.1) This […]

Read More

Node / Responsibility Trust Level in Oracle Applications (E-Business Suite 11i/R12)

Node or Responsibility Trust Level : is profile option, to restrict access to set of responsibilities based on Web Server from which user logs in. This profile option can take one of three values – —Administrative —Normal (Default Value) —External Lets suppose E-Business Suite (11i/R12) is deployed with four middle tier where two nodes (node1 […]

Read More
Not found