Introduction to Oracle Access Manager

Oracle Identity ManagementOracle + Sun Combination Oracle Platform Security Services Access Management* Access Manager Adaptive Access Manager Enterprise Single Sign-On Identity Federat

Introduction to Oracle Access Manager

After completing this lesson, you should be able to:

Management Suite

Management products

Oracle Identity Management

Oracle + Sun Combination

Oracle Platform Security Services

Access Management*

Access Manager Adaptive Access Manager Enterprise Single Sign-On Identity Federation Entitlements Server

Internet Directory Virtual Directory

Identity Analytics

Operational Manageability Identity & Access Governance

Oracle Access Management Suite Plus

Entitlements Server Adaptive Access Manager

• Real-time fraud prevention

Identity Federation OpenSSO STS

Salient Features of OAM

Oracle Access Manager provides:

OAM 11g Architecture

• Simplified deployment architecture

• Built-in backward

compatibility

• Ease of administration and configuration

Enterprise Deployment Architecture

SSO Login Processing with OAM Agents

Installation and Configuration

– OUI does not perform product configuration.

– Database schema configuration by using the Repository

Creation Utility (RCU)

– Product configuration and deployment by using the

WebLogic Configuration Wizard

Installation and Configuration

– RCU allows customers to choose the product for which they

want to create database schema and creates the schema after providing the database details.

– OAM 11g is a J2EE application that deploys into a container.– The deployment and configuration is handled by the

WebLogic Configuration Wizard.

– The Configuration Wizard uses configuration templates

provided by each product to configure the product.

– It deploys the product into a new or existing WLS domain.

Installation and Configuration Configuration Wizard Screenshot: Templates

OAM 11g R1 Run-Time Architecture

• Isolated run-time and admin server

• Configuration and

policy propagation

FMW Control

WebLogic Administration Server Shared Information

Management Interfaces

– OAM administration console

– WLS administration console

– Oracle Enterprise Manager FMW Control

Backward Compatibility of Agents in a

Heterogeneous Environment

backward compatibility to OSSO and OAM 10g agents

(WebGate, Access SDK , mod_osso)

earlier (10g) OAM agents and OSSO agents (mod_osso) (Earlier OAM 10g agents or OSSO agents need to be

registered with OAM 11g.)

and OAM 11g agents in the same deployment is

supported

SSO and OAM agents

Coexistence of OAM 10g and 11g Servers

Application

Users

Coexistence of OSSO 10g and OAM 11g Servers

Oracle Access

Manager 11g

Protocol Compatibility Framework

Session Management

Session management:

notification of session events to enable global logout

distributed cache

have at one time

(Prevents unauthorized access to systems when a user has been terminated.)

Session Management

Policy Engine

Application End User

Session Management

2 Create Session

3 Return Session ID

5 Authenticated Access

1 Authenticate

4 Authentication Success with Session ID 6 Validate Session & Authorize

7 Application Access

Webgate

Oracle Coherence in Session Management

Oracle Coherence:

latencies

including an optional database store

(Enables failover and reconciliation)

Coherence

OAM Server

Session Data Store

Usability and Life Cycle Management

Enhancements

– Creation of new topologies based on a template

– Incremental migration of policy changes

– Intuitive UI to register an application

– Java-based command-line registration tool that can be run

remotely on any platform

– Automatic generation of agent configuration files

Usability and Life Cycle Management Enhancements: Operational Metrics

Windows Native Authentication

automatically authenticate to their Web applications byusing their desktop credentials

Windows desktop to Web single sign-on

SSO-protected applications simultaneously

– It does not need an IIS-based solution for a WebGate.

– WebGate- and Oracle SSO-protected applications need

not run on a Windows platform.

– Internal versus external Web sites

Upgrade for OracleAS Single Sign-On 10.1.4.3.0

Oracle SSO 10g (10.1.4.3) customers

– In-place (Retain Ports): No changes required on partner

applications, but downtime required for server

– Out-of-place/Rolling upgrade (Change Ports): No downtime

Rich ADF-Based UI

Connection Simulator: Access Tester 11g

– OAM 10g had a server-side Access Tester.

– OAM 11g provides a tool that can be run anywhere.

– It simulates resource requests to ensure that policy

evaluates correctly.

– It also uncovers network issues that might impact WebGates

or mod_osso agents because it can be run anywhere, including on the Web server host.

Access Tester 11g

Key Enhancements in OAM 11g

• It provides simplified installation and configuration

Key Enhancements in OAM 11g

performance by moving cookie encryption and decryption

to the agent

– WebGate maximum user session timeout is now supported

by a WebGate through the host cookie.

– WebGate idle session timeout is now supported by using

in-memory states through the Oracle Coherence-based session management engine.

Oracle Access Manager 11g

Comparison with Oracle Access Manager 10g

tool

Oracle Access Manager 11g

Comparison with Oracle Access Manager 10g

Responses (AuthN &

Oracle Access Manager 11g

Policy Object Comparison

Policy Domain Application Domain

Resource Types Resource Types (same)

Host Identifiers Host Identifiers (same)

Authentication Schemes Authentication Schemes (same) Authentication Plugi-ns Authentication Modules

Authentication Rule Authentication Policy

Authorization Rule Constraint

Authorization Expression Authorization Policy

Product Component Mapping

In this lesson, you should have learned how to:

Management Suite

Management products

The policy and configuration store for OAM 11g is the database

a True

Cookie-replay attacks are now harder to implement due to

agents and the server

Session management in OAM 11g is handled by

Practice 2 Overview:

Viewing New Features Viewlet

This practice covers the following topics: