tag:blogger.com,1999:blog-1816408742331555186.post3772483117020940617..comments2023-05-22T03:03:54.478-07:00Comments on Oracle Fusion Middleware Security: Understanding OAM Authentication Schemes, Modules, Step Orchestration, and Plug-insChris Johnson (Oracle)http://www.blogger.com/profile/13331466366556759355noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-1816408742331555186.post-85020575827132764342013-04-02T11:48:45.070-07:002013-04-02T11:48:45.070-07:00Nagesh: You can change any of the levels of any of...Nagesh: You can change any of the levels of any of the schemes. The levels simply tell OAM which schemes you trust more than the other schemes. For example you might configure x.509 certificate as level 5 and LDAPScheme (normal username and password) as level 2. If a user were to access the x.509-protected resource first and then go to the LDAPScheme-protected resource OAM would not prompt them for their password. But if they went the other way around (LDAP first, x.509 second) they would be prompted for the higher level credential when they tried to switch.<br /><br />Hope this helpsChris Johnson (Oracle)https://www.blogger.com/profile/13331466366556759355noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-27270167026518822152013-03-03T23:38:58.604-08:002013-03-03T23:38:58.604-08:00Hi Chris,
Can we change the Authentication level ...Hi Chris,<br /><br />Can we change the Authentication level for LDAP Scheme from 2 to 1. What will be the implications if we change it from default 2 to 1.<br /><br />Thanks in advance.<br /><br />Nagesh<br /><br />NageshFussionMiddlewareDbahttps://www.blogger.com/profile/12523215606359367068noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-8189576112995372752012-02-24T11:12:23.187-08:002012-02-24T11:12:23.187-08:00Hi Mahendra. Yes, out of the box OAM will block di...Hi Mahendra. Yes, out of the box OAM will block disabled users from logging in. In fact OAM didn't technically need to do anything special to do that since OID will reject any ldap_bind requests for a user that is disabled.<br /><br />OAM does have special logic embedded so that it can detect when a user's account is disabled in order to display a friendly error message to the end user.Chris Johnson (Oracle)https://www.blogger.com/profile/13331466366556759355noreply@blogger.comtag:blogger.com,1999:blog-1816408742331555186.post-43566285959263037752012-02-20T03:45:27.287-08:002012-02-20T03:45:27.287-08:00Hi Chris,
Thanks for the post. I have a question....Hi Chris,<br /><br />Thanks for the post. I have a question. Is it possible to prevent the authentication using OAM 11g for disabled users in OID 11g? I could not find it anywhere in the documentation.<br /><br />Please help.<br /><br />Thanks,<br />Mahendra.Mahendrahttps://www.blogger.com/profile/08761443601810012115noreply@blogger.com