1.What is an Identity?
An identity is the virtual representation of an enterprise resource user including employees, customers, partners and vendors. Identity Management shows the rights and relationships the user has when interacting with a company’s network.
2.What is Federation?
Federation is the user account linking between providers in a circle of trust.
3.What is Federated Identity?
Identity across domains is called Federation. The identity that is federated encircled with trust by linking of one or more accounts with one or more identity and service providers is called Federated Identity.
4.What is the difference between Multi Domain SSO and Federation?
There are a couple of differences and are listed below.
5.What is an Identity Provider and Service Provider?
IDP is the site that authenticates the user and sends an assertion to the destination site or SP. SP is the site that consumes the assertion and determines the entitlements of the user and grants or denies access to the requested resource.
6.Explain the flow when a user makes a federation request?
Step 1: The user logs in to the identity provider using an ID and password for authentication. Once the user is authenticated, a session cookie is placed in the browser.
Step 2: The user then clicks on the link to view an application residing on the service provider. The IdP creates a SAML assertion based on the user’s browser cookie, digitally signs the assertion, and then redirects to the SP.
Step 3: The SP receives the SAML assertion, extracts the user’s identity information, and maps the user to a local user account on the destination site.
Step 4: An authorization check is then performed and if successfully authorized, redirects the user’s browser to the protected resource. If the SP successfully receives and validates the user, it will place its own cookie in the user’s browser so the user can now navigate between applications in both domains without additional logins.
7.What is the authentication mechanism used for federation?
Assertions. The assertion created by the IDP will be sent to SP where it will be validated.
8.What is the Mapped Federation?
Mapped Federation (Account Mapping) : user has account on both federation partners i.e. in IdP and SP. Accounts in IdP are mapped to accounts in SP based on common attributes. There is 1-to-1 linking of account between IdP and SP based on shared information like email, DN, uid etc.
Improve your skills with >> Oracle Enterprise Data Quality >> Oracle Identity Analytics
Related Courses: Oracle Identity Analytics >> Oracle WebLogic
9.What is the Linked Federation?
Linked Federation (Account Linking): is an extension to mapped federation where user has account in both federation partners but there is no common attribute for mapping. This is also 1-to-1 linking of account between IdP and SP (similar to Mapped Federation) . Example of linked federation is where user attribute employeeNumber(or something else) at IdP side is linked to different attribute (like uid or email) at SP.
10.What is role based federation?
Role based federation (attribute based) :IdP can send non-unique attribute in place of specific attribute like role of identity i.e. manager or developer.
11.What is the latest version of OIF?
Latest available OIF version (as of April 2012) is 188.8.131.52 (11g R1 PS5) . 11gR1 PS5 (184.108.40.206) is patch set only that means it must be installed on base version 220.127.116.11.
12.Where is it stored by default?
Default Identity Store for OIF is WebLogic’s embedded LDAP server which can be changed to external LDAP server (OID, AD, ODSEE…) either at initial configuration statgear later using enterprise manager (em)
13.What is the purpose of a rule designer?
Use this form to create rules that can be applied to password policy selection, automatic group membership, provisioning process selection, task assignment, and prepopulating adapters
14.What is DN and RDN?
A DN is the LDAP entry that uniquely identifies and describes the entry in the LDAP server.
cn=Jones,dc=oracle,dc=com is the DN of user Jones and RDN is cn=Jones.
15.How do you define Identity Management & Access Management?
Identity Management enables customers to manage the end-to-end lifecycle of user identities across all enterprise resources securely. Access Management provides web access management including authentication, fine grained authorization, federation and proactive online fraud prevention.
16.What are various domains that fall under identity management?
Identity Management, Access Management, Directory Management. Oracle Products that fall under Identity Management are Oracle Identity Manager and Oracle Role Manager. Oracle products that fall under Access Management are Oracle Access Manager, Oracle Entitlement Server, Oracle Adaptive Access Manager, Oracle Identity federation and Enterprise Single Sign-On. Oracle products that fall under Directory Management are OID and OVD.
17.What is the purpose of a rule designer?
Rule designer is used to create rules that can be applied to password policy selection, automatic group membership, provisioning process selection, task assignment, and prepopulating adapters.
18.What is an object class and their different types?
Structural : Indicates the attributes that the entry may have and where each entry may occur in the DIT.
Auxiliary : Indicates the attributes that the entry may have.
Abstract : Indicates a “partial” specification in the object class hierarchy; only structural and auxiliary subclasses may appear as entries in the directory.