Authentication Modules & how to configure one on Oracle Access Manager 11.1.1.5 (11g)

In Oracle Access Manager 11g, each authentication scheme requires an authentication module. Default Authentication Modules Pages In the Oracle Access Manager Administration Console, pre-configured authentication modules are organized with other system-level components under the System Configuration tab. Only the following pre-configured authentication module types are allowed in an authentication scheme. However, new modules can be created of an existing type to use in authentication schemes. The default authentication modules are of following types: Kerberos Authentication Module LDAP Authentication Modules X509 Authentication Module  Creating a New Authentication Module     To create a new Authentication Module, log in to OAM Administration Console, select     System Configuration Tab, and expand Authentication Module. Select the desired      module type and click on the Create button in toolbar. a.) LDAP Authentication Modules:Name: Unique Name to identify Authentication Module User Identity Store: The primary user identity store that contains the user credentials required for authentication by this module. LDAP store must be registered with OAM to appear in this list Press Apply button. b.) Kerberos Authentication Modules Name: Unique Name to identify Authentication Module Key Tab File: The full pathname to the encrypted, local, on-disk copy of the host's key, is required to authenticate the key distribution center (KDC). Principal: Identifies the HTTP host for the principal in the Kerberos database, which enables generation of a keytab for a host. KRB Config File: Identifies the path to the configuration file that controls certain aspects of the Kerberos installation. A krb5.conf file must exist in the /etc directory on each UNIX node that is running Kerberos.  Press Apply Button  c.) X509 Authentication Modules Name: Unique Name to identify Authentication Module Match LDAP attribute: Defines the LDAP distinguished name attribute to be used. X509 Cert Attribute: Defines the certificate attribute to be used to bind the public key. Cert Validation Enabled: Enables/Disables X.509 Certificate validation. OCSP Enable: Enables/Disables the Online Certificate Status Protocol. OCSP Server Alias: An aliased name for the OSCSP Responder. OCSP Responder URL: Provides the URL of the Online Certificate Status Protocol responder. OCSP Responder Timeout: Specifies the grace period for users with expired certificates, which enables them to access OAM Servers for a limited time before renewing the certificate. Press Apply.