In Oracle Access Manager 11g, each authentication scheme requires an authentication module.
Default Authentication Modules Pages
In the Oracle Access Manager Administration Console, pre-configured authentication modules are organized with other system-level components under the System Configuration tab.Only the following pre-configured authentication module types are allowed in an authentication scheme. However, new modules can be created of an existing type to use in authentication schemes. The default authentication modules are of following types:
- Kerberos Authentication Module
- LDAP Authentication Modules
- X509 Authentication Module
Creating a New Authentication Module
To create a new Authentication Module, log in to OAM Administration Console, select
System Configuration Tab, and expand Authentication Module. Select the desired
module type and click on the Create button in toolbar.
a.) LDAP Authentication Modules:Name: Unique Name to identify Authentication Module
User Identity Store: The primary user identity store that contains the user credentials
required for authentication by this module. LDAP store must be registered with OAM to
appear in this list
Press Apply button.
b.) Kerberos Authentication Modules
Name: Unique Name to identify Authentication Module
Key Tab File: The full pathname to the encrypted, local, on-disk copy of the host's key,
is required to authenticate the key distribution center (KDC).
Principal: Identifies the HTTP host for the principal in the Kerberos database, which
enables generation of a keytab for a host.
KRB Config File: Identifies the path to the configuration file that controls certain aspects
of the Kerberos installation. A krb5.conf file must exist in the /etc directory on each
UNIX node that is running Kerberos.
Press Apply Button
c.) X509 Authentication Modules
Name: Unique Name to identify Authentication Module
Match LDAP attribute: Defines the LDAP distinguished name attribute to be used.
X509 Cert Attribute: Defines the certificate attribute to be used to bind the public key.
Cert Validation Enabled: Enables/Disables X.509 Certificate validation.
OCSP Enable: Enables/Disables the Online Certificate Status Protocol.
OCSP Server Alias: An aliased name for the OSCSP Responder.
OCSP Responder URL: Provides the URL of the Online Certificate Status Protocol
responder.
OCSP Responder Timeout: Specifies the grace period for users with expired
certificates, which enables them to access OAM Servers for a limited time before
renewing the certificate.
Press Apply.
For questions, comments and feedback please contact:
Harvinder Singh Saluja