- OracleApps Epicenter - http://www.oracleappshub.com -

Oracle Access Manager – Consultant Note

Friend of mine working in retail sector asked some queries on Oracle Access Manager usage, quickly revisited one of training note when working in health care, both the sectors extensively using these products.This Post is collection is high level overview for Oracle Access manager.

What is Oracle Access Manager

Oracle Access Manager (OAM) is IAM solution for web access management and user identity administration. Oracle Access Manager is designed to support complex, heterogeneous enterprise environments. Oracle Access Manager consists of two tightly integrated components:

  • the Access
  • Identity Systems

The Identity System provides delegated administration of user profiles and workflow for creating, updating, and deleting these profiles. It also provides applications for user self registration, password management and dynamic group management. The Access System provides access control and single sign-on to Web applications and J2EE resources (EJBs, servlets, etc.) running on a variety of Web and Application servers.

Two Products and there Generally Available (GA) dates

  • Identity Manager โ€“ since 1991
  • Access Manager โ€“ since 1996

Components

Oracle Access Manager consists of tightly coupled Identity and Access Systems. These two systems are integrated, so that a profile change made via the Identity System takes effect instantaneously for access evaluation by Access the System. The Access and Identity Systems also include web server agents namely, WebGate and WebPass, for all leading Web and Application servers. The following components are shipped with Oracle Access Manager:

  1. Identity Server
  2. WebPass :A WebPass is a web server plug-in that passes information back and forth between the web server and the Identity Server over the Oracle Identity Protocol (formerly Netpoint or COREid Identity Protocol). Hence, WebPass is the presentation tier of the Identity System. By default, WebPass renders its content as HTML so that it can be accessed through a browser. But in addition, it provides a Web Service interface, known as IdentityXML, which SOAP-based clients can leverage to programmatically interact with the Identity System. The idea behind IdentityXML is that it allows the integration of business logic governing identity administration process to be available and easily integrated with existing applications in a SOA environment
  3. Access Server
  4. WebGate :WebGate is an out-of-the-box access client for enforcing access policy on HTTP based resources; hence it is the Access System's web Policy Enforcement Point or PEP. The WebGate client runs as a plug-in or module on top of most popular web servers, and intercepts HTTP requests for web resources and forwards them to the Access Server where access control policies are applied. WebGates are optimized to work on web server environments, as are streamlined for the HTTP protocol, and understand URLs, session cookies, HTTP redirects, secure sessions (HTTPS); and also implement policy caches that improve WebGate's performance and allow for scalability in highly trafficked sites
  5. Policy Manager :Access Manager's Policy Manager is a browser-based graphical tool for configuring resources to be protected and well as creating and managing access policies, so it is the Access System's Policy Management Authority or PMA The Policy Manager provides the login interface for the Access System, communicates with the directory server to manage policy data, and communicates with the Access Server over the Oracle Access Protocol to update the Access Server cache when policies are modified.

Get Clarified on -Oracle Access Manager differ from OracleAS Single Sign-on

They are similar products in that both perform user authentication. However Oracle Access Manager also provides powerful policy-based authorization functionality to web and J2EE resources, which OracleAS Single Sign-on does not. They are currently separate products and can be used together in a single environment if required. Oracle Access Manager access also provides integrations with a broad set of non-Oracle products and platforms.

2 factor authentication(including RSA SecurID, X.509 certificates)...etc [Adopted from oracle Documentation]

The Oracle solutions supports 2 factor and X.509 authentication for user authentication with Oracle Access Manager.

  • RSA SecurID Authentication: Oracle Access Manager supports RSA Security features and provides the SecurID authentication plug-in and components needed to integrate a native SecurID authentication scheme into Oracle Access Manager policy domains for Web single sign-on. See "Integrating the RSA SecurID Authentication Plug-In" for details.
  • Smart Card Authentication: Oracle Access Manager supports smart card authentication with Active Directory and IIS Web servers using ActivCard Cryptographic Service Provider (CSP) for Windows 2000, ActivCard Gold utilities, and ActivCard USB Reader v2.0 in homogeneous Windows environments. See "Integrating Smart Cards" for details.