15-4 Oracle Fusion Middleware Application Security Guide Framework; audit-report generation is supported using Oracle Business Intelligence Publisher. Access Tester : The new Oracle Access Manager 11g Access Tester enables IT professionals and administrators to simulate interactions between registered Oracle Access Manager Agents and Servers. This is useful when testing security policy definitions or troubleshooting issues involving agent connections. Transition from Test to Production : Oracle Access Manager 11g enables moving configuration or policy data from one Oracle Access Manager 11g deployment to another from a small test deployment to a production deployment, for example. Support for the creation of new topologies is based on templates. You can also copy and move policy changes. Co-existence and Upgrades for OSSO 10g : The Oracle-provided Upgrade Assistant scans the existing OracleAS 10g SSO server configuration, accepts as input the 10g OSSO policy properties file and schema information, and transfers configured partner applications into the destination Oracle Access Manager 11g SSO.

15.1.1 Previewing Pre-Seeded OAM 11g Policies for Use by the OAM 10g AccessGate

The Application Authenticator application domain is delivered with OAM 11g. It is pre-seeded with the policy objects that enables integration with applications deployed in WebLogic environments using the OAM Authentication Provider as the security provider. It is not associated with WebGate provisioning. When you provision a WebGate or AccessGate to use this or another existing application domain, you will decline having policies created automatically. The Application Authenticator application domain comes into play with the custom 10g AccessGate used with the OAM Authenticator and the Identity Asserter for Oracle Web Services Manager. In this case, the custom AccessGate not WebGate contacts the WebLogic Server directly with a token to authenticate the user before OAM 11g is contacted. The Application Authenticator application domain protects only resources of type wl_authen and is seeded with two authentication policies and one authorization policy. The following wl_authen resources are also seeded in this domain: ■ AuthenBasic ■ AuthenSSOToken ■ AuthenUsernameAssertion protected by LDAPNoPasswordValidationScheme See Also: ■ Oracle Fusion Middleware Administrators Guide for Oracle Access Manager with Oracle Security Token Service for an Introduction to Post-Upgrade Co-existence Between Oracle Access Manager 11g and OSSO 10g Servers ■ Oracle Fusion Middleware Upgrade Planning Guide ■ Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management Note: Only resources of type wl_authen are allowed in this domain; no other resource types can be added. Policies and Responses for wl_ authen resources can be added. However, ideally, you will not need to modify this domain. Configuring Single Sign-On with Oracle Access Manager 11g 15-5 Figure 15–1 illustrates details of the seeded Application Authenticator application domain in the OAM 11g Administration Console. The page shown describes the pre-seeded User ID Assertion authentication policy, which protects the AuthenUsernameAssertion resource. The authentication scheme for this policy is also shown along with the resources that are protected by the policy. Figure 15–1 Pre-seeded Resources in the User ID Assertion Authentication Policy Figure 15–2 illustrates pre-seeded Responses for the User ID Assertion authentication policy. For more information about Responses, see the Oracle Fusion Middleware Administrators Guide for Oracle Access Manager with Oracle Security Token Service. Figure 15–2 Pre-seeded Responses in the User ID Assertion Policy Figure 15–3 illustrates the pre-seeded Application SSO authentication policy, the resources protected by this policy, and the authentication scheme.