Identity Management & Security Articles

(See also: Security topic)

Exploring Oracle Mobile Authenticator and Its Applications [November 2017]
by Samanvitha Kumar and Narayana Khadri
This article explores the features of Oracle Mobile Authenticator and how it is designed to provide Multi-Factor Authentication (MFA) capability in identity and access management products.

Oracle Identity Cloud Service: AD Bridge High-Availability Configuration Using Docker and Windows Containers [October 2017]
by Ricardo Gutierrez
Part of the IDCS Deep Dive series exploring hybrid scenarios, this article focuses on integration with Microsoft Active Directory, an on-premise infrastructure present in most organizations.

Tech Article: Implementing ASM-Scoped & Database-Scoped Security on Oracle Exadata Database Machine
[July 2017]
by Deiby Gómez , YV Ravikumar
Oracle Exadata Storage Server security has two modes: ASM-Scoped Security and Database-Scoped Security. This article describes the use cases for both approaches.

Fine-Tune Privilege Management [July 2017]
by Steven Feuerstein
Improve PL/SQL security in Oracle Database 12c.

Oracle Identity Cloud Service: Multitenant Provisioning, FedSSO with Custom App Templates and Just-In-Time Provisioning [March 2017]
by Ricardo Gutierrez
Explores some of Oracle Identity Cloud Service's provisioning capabilities for a hybrid environment and integration with cloud applications.

Lock It Down [March 2016]
by Arup Nanda
Limit authorization to only those who need it, and remove all-powerful superuser roles with Oracle Database Vault.

Unify Auditing [September 2015]
by Arup Nanda
Unify auditing to a secure, high-performance single view in Oracle Database 12c.

Oracle Identity Manager 11gR2PS2 UI Bulk Role Operations [September 2015]
by Eduardo Ludovico
This article by Oracle senior consultant Eduardo Ludovico illustrates how to modify Oracle Identity Manager to prodvide a user-friendly way to perform a bulk removal of users via a graphical interface.

On More-Secure Applications [May 2015]
by Tom Kyte
Our technologist shows how to build security into application design.

Dynamically Dangerous Code [May 2015]
by Steven Feuerstein
There’s a right time to use dynamic SQL, but there’s never a right time for SQL injection.

Yes, Oracle API Gateway Can Protect Your Web Application, Too [May 2015]
by Marcelo Parisi
This article examines basic concepts of web application security using Oracle API Gateway, using an XSS Injection issue and an SQL Injection issue to demonstrate how Oracle API Gateway can bring value to these scenarios.

Protecting and Accessing Resources with OAuth in Oracle Access Manager [March 2015]
by Ronaldo Fernandes
Oracle principal consultant Ronaldo Fernandes demonstrates how to configure OAM to protect a service hosted on WebLogic Server (WLS) as well as a Web Application (also hosted on WebLogic) consuming it, using 3-legged OAuth flow.

Oracle Identity Manager 11G R2 PS2 Catalog Cart Items Customization [March 2015]
by Venkata Siva Rami Reddy Kurri
Venkat Kurri's article shows you step-by-step how to use Oracle Identity Manager's (OIM) user interface customization capabilities to customize OIM Catalog Cart Items.

Externalize the Security of Oracle ADF Applications Using Oracle Entitlements Server [February 2015]
by Ganesh Kamble
This article discusses how you can use Oracle Entitlements Server (OES) to secure the resources of Oracle Application Development Framework (ADF) applications, with a focus on creating policies for securing an ADF application, and then storing those policies in Oracle Internet Directory.

Building a Scalable, Highly Available Oracle API Gateway 11g Infrastructure in a Cloud Environment [January 2015]
by Marcelo Parisi
With its focus on service protection, and its authentication mechanisms, message encryption, and security/policy functionalities, Oracle API Gateway (OAG) 11g can be a very powerful tool in the secure provisioning of services in the cloud. This article shows you how to create a cloud-based OAG infrastructure, with high-availability and scalability support.

Managing WebLogic Server and Deployed Applications in DMZ and Other Complicated Network Setups [November 2014]
by Martin Heinzl
WebLogic Server comes out of the box with a general configuration that should satisfy most applications. But DMZ setups and other special environments require additional configuration, communication and security. This article by Martin Heinzl focuses on options for various DMZ setups.

Virus-Proofing Oracle WebCenter Content 11g with Oracle API Gateway 11g [June 2014]
by Marcelo Parisi
Marcelo Parisi's article is a proof-of-concept for a basic infrastructure re-architecture and software configuration needed to implement a basic virus-checking routine on files before they get to Oracle WebCenter Content.

Oracle Identity Manager 11gR2 Catalog: Domain Index Best Practices and FAQs [May 2014]
by Lokesh Gupta
This technical how-to guide provides information on the Access Request Catalog feature in Oracle Identity Management (OIM), including optimizations required for domain-based indexing used in cataloging.

Oracle Identity Manager: Implementing Additional Request Information [April 2014]
by Nitin Patel
Nitin Patel's article offers detailed step-by-step technical instructions for implementing the Additional Request Information feature in Oracle Identity Manager.

Oracle Identity Manager UI Customizations [February 2014]
by Gaurav Singh
Tips, tricks, and technical insight into customizations for the Oracle Identity Manager user interface.

Diagnosing Intermittent Authentication Failures and User Lock Outs in Oracle WebLogic [February 2014]
by Shailesh K. Mishrah
How login failures in WebLogic can be diagnosed with the help of available debug flags and log files.

Flexible Manipulation of Session Timeout for Oracle Identity Manager Web Applications [January 2014]
by Firdaus Fraz
Oracle Fusion Middleware Identity Management solution architect Firdaus Fraz's concise article focuses on session timeout configuration for Oracle Identity Manager 11gR2PS1 using an Oracle WebLogic deployment plan.

Working with Oracle Security Token Service in an Architecture Involving Oracle WebLogic Server and Oracle Service Bus [January 2014]
by Rolando Fernandes
A step by step guide to creating a single sign-on between Oracle WebLogic and Oracle Service Bus using Oracle Security Token Service (OSTS) to generate SAML tokens.

Hide from Prying Eyes [January 2014]
by Arup Nanda
Use Data Redaction in Oracle Database 12c to hide sensitive data automatically.

Programmatic Identity Assertion with Oracle Platform Security Services [December 2013]
by Shailesh K. Mishra
This short article from a member of the Oracle Identity Manager team shows how programmatic identity assertion can be performed using OPSS APIs in cases where code must run under the security context of a runtime identity.

Oracle Identity Manager 11gR2 Reconciliation Events Processing [December 2013]
by Firdaus Fraz
Available options and the associated limitations for reconciliation and the sequencing of reconciliation events in Oracle Identity Manager.

Enterprise Grade Deployment Considerations for Oracle Identity Manager AD Connector [October 2013]
by Firdaus Fraz
Oracle Fusion Middleware solution architect Firdaus Fraz illustrates provides best practice recommendations for setting up an enterprise deployment environment for the OIM connector for Microsoft Active Directory.

Multi-Factor Authentication in Oracle WebLogic [October 2013]
by Shailesh K. Mishra
Using multi-factor authentication to protect web applications deployed on Oracle WebLogic.

Protecting IDPs from Malformed SAML Requests [July 2013]
by Steffo Weber
Using Oracle API Gateway as an XML firewall to protect Oracle Identity Federation from receiving malformed SAML requests.

Securing Heterogeneous Systems Using Oracle Web Services Manager [May 2012]
by Ronald van Luttikhuizen and Jens Peters
A case study on using use Oracle Web Services Manager to secure interactions between Web Services exposed by Oracle Service Bus and an employee portal built in Microsoft .NET and Silverlight.

How To Configure Browser-based SSO with Kerberos/SPNEGO and Oracle WebLogic Server [May 2012]
by Abhijit Patil
Oracle WebLogic Server offers a complete solution for single sign-on with Microsoft clients using Kerberos. 

Security for Everyone [01-Jan-2012]
by Frank Nimphius
Protect your Oracle ADF applications from unauthorized access using the Oracle ADF Security feature.

On History, Basics, and Network Performance [01-Jan-2012]
by Tom Kyte
Our technologist recalls a Web seminar, gives the right hint, and dishes on network performance.

Managing Audit Trails [12-Oct-2010]
by Arup Nanda
Relocate the audit trail to a different tablespace and set up an automatic purge process to keep its size under control.

Series: Project Lockdown [Updated September 2010]
by Arup Nanda
Learn a practical, phased approach to securing your database infrastructure using built-in Oracle Database security features—over one day, week, month, and quarter (updated for Oracle Database 11g Release 2)

Intelligence and Identity [01-Jan-2008]
by Mark Rittman and Joel Crisp
Integrating Oracle Business Intelligence and Oracle Identity Management.

Faster, Safer, and Smaller LOBs [17-Aug-2007]
by Jonathan Gennick
Oracle SecureFiles provides increased performance, better security, and reduced disk usage.

Implementing Row-Level Security in Java Applications [9-July-2007]
by Lonneke Dikmans, Oracle Fusion Middleware Regional Director
Learn how to enforce row-level security across your JEE application, from database to cache.

Testing Database Security [26-Oct-2006]
by Aradhana Puri
Questions and answers on securing your Oracle database by using FGA and VPD

Secure Search Returns Best Results [28-Aug-2006]
by Ron Hardman
Oracle Secure Enterprise Search provides the right intranet search.