Action Identity Blog

Oracle Access Manager 11g is Oracle’s latest Web SSO offering.  It can provide authentication, authorization, and single sign-on functionality to web resources and even WebLogic applications.  Oracle Identity and Access Management Suite 11g is deployed as a web application within a WebLogic domain; the deployment consists of an administration console (deployed on the domain’s admin server), one or more managed servers which undertake the work required to manage access, identity stores which contain the users that can be authenticated by Oracle Access Manager, and the WebGates deployed to protect web resources.

Oracle’s Access Manager policy model is straightforward and avoids conflicts in policy decisions.  Each resource (i.e. the page, image, or other object being requested by the user) will be evaluated by a single authentication policy and a single authorization policy, which will respectively designate the method by which the user must prove their identity and constraints which determine access to the resource.

     Within the policy model, there are objects shared across Oracle’s OAM deployment.  These are known as shared components.  Briefly, they are:

• Authentication Schemes – An object tying an authentication method (e.g. LDAP) and challenge method (e.g. Basic) to an authentication level.  These are used by Authentication policies to designate how a user must prove (or have already proven) their identity when accessing a resource.

• Application Domain – A grouping of resources and the policies that protect them.

• Host Identifier – A grouping of all identifiers that could be used to access a particular resource host (e.g. site.example.com, site.example.com:80) used in resource definitions.

Within Oracle Access Manager’s policy model, application domains stand as the basic grouping mechanism, defining resources, which consist of a host identifier and URL pattern (this combination must be unique across all application domains), and policies, which define how resources are to be accessed.  When a protected resource is accessed, it will be tied to one Authentication Policy, which ties the resource to an authentication scheme, and one Authorization Policy, which details a list of constraints that determine the conditions (e.g. user, group, time of day, IP address) under which Oracle Access Manager will either allow or deny access to the resource.  The results of these policy evaluations will determine success or failure of the access.

Oracle’s OAM 11g provides several other strong features which make it a competitive access management product.  For instance, Oracle Access Manager leverages Oracle Coherence to distribute user sessions between server instances, allowing users to keep their sessions even as servers stop or fail, and allowing newly started (or restarted) servers to access existing sessions.    Oracle Access Manager 11g also leverages the Fusion Middleware Audit Framework, allowing auditing, reporting, and logging to be monitored and controlled centrally through Enterprise Manager.  However, probably the greatest bonus of all is that OAM 11g can emulate the access server for OAM 10g WebGates and the OSSO server for OracleAS Single Sign-On 10g agents.  This allows current Oracle customers to integrate OAM 11g quickly and easily into their existing deployment.

Oracle Access Manager is just one of several products that constitute the Oracle Identity and Access Management Suite.  In future blog posts, we will examine these products and how they can be used to meet an organization’s security needs.

At Action Identity, Enterprise Single Sign On (SSO) is just one of the many identity authentication and identity management solutions we provide. Enterprise SSO is an IT configuration that gives users access to a multitude of computer software applications without needing to key in usernames and passwords for each and every one. The benefits of Enterprise SSO should be clear to anyone who has had to juggle a large number of username and password combinations. Not only is there a limit to the number of log-in credentials users are capable of remembering, but the amount of time that is wasted by logging into many different applications throughout the course of a day is time that could be spent doing something far more productive. When it comes to Enterprise SSO, Action Identity has experience in all facets of consulting, implementation, and training, and over the years we have built a reputation as one of the most reliable and cost-effective identity management consultants in North America.

I hope you have enjoyed this post. If you have any questions or comments, feel free to comment below. I look forward to hearing from you. If you’d like to contact us directly, click here. 

To learn more about our Oracle Identity and Access Management Suite, please visit our website. 

Interested in similar articles?
http://www.actionidentity.com/blog/post.cfm/going-in-depth-with-oracle-esso-lm-administrative-console-formerly-passlogix-sso
http://www.actionidentity.com/blog/post.cfm/which-version-of-novell-identity-manager-is-right-for-me
http://www.actionidentity.com/blog/post.cfm/what-is-idm
http://www.actionidentity.com/blog/page.cfm/archives