Deploying Oracle Identity Federation 3-13 Using an Alternate Return Attribute for the HTTP Header When Oracle Identity Federation is integrated with Oracle Access Manager for authentication, WebGate is protecting the feduserauthnoam URL, and Oracle Access Manager is configured to pass the user identifier as an HTTP header to Oracle Identity Federation, the policy protecting the feduserauthnoam URL contains an authorization rule with an action that adds an HTTP header with a return attribute referencing the user ID from the LDAP user record. This return attribute is the same as the Unique User ID set in Fusion Middleware Control when you navigate to the Oracle Identity Federation instance, under Administration, then Data Stores, then User Data Store section. Due to a bug, orclguid cannot be used as the return attribute for the HTTP header containing the user identifier. As a workaround, the unique user identifier must be changed to another attribute. To perform the change: ■ change the return attribute in the Oracle Access Manager console to the new attribute uid for example. ■ in Fusion Middleware Control navigate to Oracle Identity Federation Administration , then Data Stores, then User Data Store, and change the Unique User ID to the new attribute uid for example. ■ if other authentication engines were used, check that their Unique User ID attributes is correctly updated. ■ if Oracle Identity Federation was integrated with Oracle Access Manager through the Oracle Access Manager SP Integration Module, update the integration: after performing the above changes, navigate to the Oracle Identity Federation instance in Fusion Middleware Control, then Administration, then SP Integration Modules , then OAM SP Engine, enter the Oracle Access Manager administrator credentials, select the created authentication schemes to be updated, and click Configure Oracle Access Manager; this updates the mapping rules in Oracle Access Manager to reflect the new attribute.

3.2.3.3 Integrate Oracle Access Manager as an SP Integration Module

This task enables the SP integration module to interact with Oracle Access Manager. The basic steps are: ■ Verify requirements ■ Install Oracle Access Server SDK ■ Integrate Oracle Access Manager with Oracle Access Server SDK ■ Update the Oracle WebLogic Server Classpath ■ Configure Oracle Identity Federation ■ Integrate Oracle Identity Federation with Oracle Access Manager ■ Protect an Oracle Access Manager Resource with Oracle Identity Federation Verify Requirements Take these steps: Note: The fix for Oracle Access Manager bug 5736326 is required when protecting the feduserauthnoam URL with HTTP Basic Authentication.