5-32 Oracle Fusion Middleware Administrators Guide for Oracle Identity Federation specified and the authentication request format is based solely on the RP configuration. ■ Force User Consent - Check this box to prompt the user for consent for any new federation that is, new ClaimedID created between the IdPOP, the RPSP and the user. ■ Default Authentication Mechanism - Holds the local authentication mechanism to use as the authentication method to authenticate the user at the IdPOP, if the assertion uses the PAPE authentication policy. ■ Enabled Session Types - Use the drop-down to list the enabled session types that can be used during the association exchange. Possible values: – no-encryption – dh-sha1 – dh-sha256 ■ Enabled Association Session Types - Use the drop-down to list the enabled association types that the OP supports. Possible values: – hmac-sha1 – hmac-sha256 ■ Default Association Session Type - Specify the default association session type from one of the enabled types. ■ Force User Consent - Check the box to prompt the user for consent for any new federation that is, new ClaimedID created between the OP, the RP, and the user. ■ Force User Consent Web Context - Contains the Web context of the OpenID consent page to be used instead of the Oracle Identity Federation OpenID built-in consent page. ■ Generate Diffie-Hellman parameters when initiating associations - Check the box to generate Diffie-Hellman parameters when initiating association of types DH-SHA1 or DH-SHA256. If not checked, default values are used. ■ Enable PAPE 1.0 - Check this box to enable the PAPE 1.0 extension. With this feature you can specify one or more of: – US Government Level of Assurance Policy – PPID Policy – US Government OpenID Trust Level 1 Policy – US Government No PII Policy

5.6 Configuring Attribute Sharing with the Oracle Access Manager AuthZ Plug-in

Attribute sharing is a joint feature of Oracle Access Manager and Oracle Identity Federation that implements the SAML Attribute Sharing Profile for X.509 Authentication-Based Systems. In this profile, a user who requests a protected resource or service is authenticated with SSL client X.509 certificates, but authorization Note: Changes in session type andor association session type require restart of the Oracle Identity Federation server.