What is an Identity?
An identity is the virtual representation of an enterprise resource user including employees, customers, partners, and vendors. Identity Management shows the rights and relationships the user has when interacting with a company’s network.
What is Federation?
Federation is the user account linking between providers in a circle of trust.
What is Federated Identity?
Identity across domains is called Federation. The identity that is federated and encircled with trust by linking one more account with one or more identities and service providers is called Federated Identity.
What is the difference between Multi Domain SSO and Federation?
There are a couple of differences which are listed below.
Identity Federation” refers to the ability to accept users that were not authenticated in your systems (e.g. they use Twitter, FB, someone else’s Active Directory, etc.)
SSO is the ability to log in once and then access many applications without needing to enter credentials again.
You often achieve SSO through the Federation. But you can have SSO without it. (e.g. an Active Directory domain and multiple apps in that domain: you only sign in once).
What is an Identity Provider and Service Provider?
IDP is the site that authenticates the user and sends an assertion to the destination site or SP. SP is the site that consumes the assertion determines the entitlements of the user and grants or denies access to the requested resource.
Explain the flow when a user makes a federation request.
Step 1: The user logs in to the identity provider using an ID and password for authentication. Once the user is authenticated, a session cookie is placed in the browser.
Step 2: The user then clicks on the link to view an application residing on the service provider. The IdP creates a SAML assertion based on the user’s browser cookie, digitally signs the assertion, and then redirects to the SP.
Step 3: The SP receives the SAML assertion, extracts the user’s identity information, and maps the user to a local user account on the destination site.
Step 4: An authorization check is then performed and if successfully authorized, redirects the user’s browser to the protected resource. If the SP successfully receives and validates the user, it will place its cookie in the user’s browser so the user can now navigate between applications in both domains without additional logins.
What is the authentication mechanism used for federation?
Assertions. The assertion created by the IDP will be sent to SP where it will be validated.
What is Mapped Federation
Mapped Federation (Account Mapping): The user has an account on both federation partners i.e. in IdP and SP. Account in IdP is mapped to account in SP based on a common attribute. There is a 1-to-1 linking of accounts between IdP and SP based on shared information like email, DN, uid, etc.
What is Linked Federation
Linked Federation (Account Linking): is an extension to a mapped federation where the user has an account in both federation partners but there is no common attribute for mapping. This is also a 1-to-1 linking of accounts between IdP and SP (similar to Mapped Federation). An example of the linked federation is where the user attribute employee number (or something else) at the IdP side is linked to a different attribute (like uid or email) at SP.
What is a role-based federation?
Role-based federation (attribute-based): IdP can send non-unique attributes in place of specific attributes like the role of identity i.e. manager or developer.
| Learn more information from the GoLogica “Oracle Identity Federation (OIF) Training“ |
What is the latest version of OIF?
The latest available OIF version (as of April 2012) is 11.1.1.6 (11g R1 PS5). 11g R1 PS5 (11.1.1.6) is patch set only which means it must be installed on base version 11.1.1.2.
Where it stored default.
Default Identity Store for OIF is WebLogic’s embedded LDAP server which can be changed to an external LDAP server (OID, AD, ODSEE…) either at the initial configuration status or later using enterprise manager (em)
What is the purpose of a rule designer?
Use this form to create rules that can be applied to password policy selection, automatic group membership, provisioning process selection, task assignment, and prepopulating adapters
What is DN and RDN?
A DN is the LDAP entry that uniquely identifies and describes the entry in the LDAP server.
cn=Jones,dc=oracle,dc=com is the DN of user Jones and RDN is cn=Jones.
How do you define Identity Management & Access Management?
Identity Management enables customers to manage the end-to-end lifecycle of user identities across all enterprise resources securely. Access Management provides web access management including authentication, fine-grained authorization, federation, and proactive online fraud prevention.
Related Courses
| Course Name | Enroll Now |
|---|---|
| Oracle Identity Federation (OIF) Training | Enroll Now |
| Weblogic Admin Training | Enroll Now |
| ORACLE APPS TECHNICAL TRAINING | Enroll Now |
| Oracle RAC 11g & 12c Training | Enroll Now |
| Oracle Identity Analytics Training | Enroll Now |
What are various domains that fall under identity management?
Identity Management, Access Management, and Directory Management. Oracle Products that fall under Identity Management are Oracle Identity Manager and Oracle Role Manager. Oracle products that fall under Access Management are Oracle Access Manager, Oracle Entitlement Server, Oracle Adaptive Access Manager, Oracle Identity Federation, and Enterprise Single Sign-On. Oracle products that fall under Directory Management are OID and OVD.
What is the purpose of a rule designer?
Rule designer is used to create rules that can be applied to password policy selection, automatic group membership, provisioning process selection, task assignment, and prepopulating adapters.
What is an object class and its different types?
Structural: Indicates the attributes that the entry may have and where each entry may occur in the DIT.
Auxiliary: Indicates the attributes that the entry may have.
Abstract: Indicates a “partial” specification in the object class hierarchy; only structural and auxiliary subclasses may appear as entries in the directory.
👉 Related Articles:
🎯 Oracle Identity Analytics Interview Questions
🎯 Oracle Identity Manager Administration (OIM) Training For Beginners