Friday, November 25, 2011

Authentication Schemes & how to configure one on Oracle Access Manager 11.1.1.5 (11g)

Authentication Schemes & how to configure one on Oracle Access Manager 11.1.1.5 (11g)

Access to a resource or group of resources can be governed by a single authentication process known as an authentication scheme. An authentication scheme is a named component that defines the challenge mechanism required to authenticate a user. Each authentication scheme must also include defined authentication module.

Authentication Scheme Definition
An Authentication Scheme should have the following attributes defined.
  • Name: Unique Name to identify Authentication Scheme
  • Description: Field to explain the use of this Scheme
  • Authentication Level: This is trust level of Authentication Scheme. Trust Level is expressed as an integer value between 0 (no trust) and 99 (highest level of trust).
  • Default: This is a non editable box that is checked when set as the Default button is clicked. Only one Authentication Scheme can be set to default at any time.
  • Challenge Method: Drop-down menu from which one method should be selected, that 
    • Form
    • Basic (LDAP)
    • X509 (Certificate) 
    • WNA (Windows Native Authentication)
    • None
    • DAP 
    • OAM 10g. 
        Challenge Method will determine Authentication Module to be used in Authentication Scheme.
  • Challenge Redirect URL: When a user accesses a protected resource URL, a user is redirected to a server specified in the Challenge Redirect field. If the Authentication Challenge is processed by another host, then the name of host must be defined to be available in Host Identifiers list.
  • Authentication Module: The pre-configured authentication module to be used to challenge the user for credentials. Authentication Module is based on Challenge Method.
  • Challenge URL: The URL the credential collector will redirect to for credential collection. Final credential collection URL will use Challenge URL, Context Type, and Context Value .

To create an authentication scheme
  1. From the Policy Configuration tab, navigation tree, expand the Shared Components node.
  2. Click the Authentication Schemes node, then click the Create button in the tool bar.
  3. Fill in the fresh Authentication Scheme page, as described above
    1. Name
    2. Description
    3. Authentication Level
    4. Default
    5. Challenge Method
    6. Challenge Redirect
    7. Authentication Module
  4. Click Apply to submit the new scheme (or close the page without applying changes).
  5. Dismiss the Confirmation window.
  6. Optional: Click the Set as Default button to automatically use this with new application domains, then close the Confirmation window.
  7. In the navigation tree, confirm the new scheme is listed, and then close the page

    For questions, comments and feedback  please contact:
    Harvinder Singh Saluja
at
Labels:

OCI Knowledge Series: OCI Infrastructure components

  Oracle Cloud Infrastructure (OCI) provides a comprehensive set of infrastructure services that enable you to build and run a wide range of...