Home > Identity Manager, Oracle MiddleWare > Oracle Access Manager Brief Intro

Oracle Access Manager Brief Intro


Oracle Access Manager in short OAM is part of Oracle Identity and Access Management Suite. It has various components:

  • OAM Policy Manager: Provides administrative interface for creating authentication and authorization policies, matching up groups of users with groups of resources
  • OAM WebPass is a web server plug-in for validating identity
  • OAM WebGate is a web server plug-in for validating resource requests. It is usually Policy Enforcement Point in XACML context (PEP)
  • OAM AccessGate is a client for handling web and non-web requests

This is how the above components work in a typical scenario:

  • User hits a resource (say A) running inside a web server, which in turn is protected by OAM
  • The request is intercepted and the user is redirected for authentication
  • Now user will be shown OAM designed authentication page not the application specific authentication page
  • On successful authentication OAM checks for access policy validation
  • On successful authorization OAM sends a set of attributes on HTTP header
  • “A” checks for the attribute to decide UI to be shown. It and doesn’t need to go through authentication and authorization process again since OAM had already done that in previous steps. However what if OAM goes down? In this case “A” has to show it’s login screen and authentication/authorization this time should happen through application logic not the OAM logic.
  • On successful authentication & authorization OAM creates a session tickets for single sign-on, which let’s users to access various applications that are part of SSO.

This is a very simple work flow explained in simple terms. The real time scenario might be little complex.

Let’s talk about authentication. OAM provides you standard ways to authenticate a user using various approaches such as basic over SSL, basic over LDAP, basic over AD, certificates, form-based etc. But there might be situations where you want a more complex authentication model at place for this OAAM (Oracle Adaptive Access Manager) is the answer. It provides support for multi-factor, strong authentication, behavioral analysis, fraud detection and more importantly risk profiles.

Let’s talk about what is federation. Federation is more an authorization concept that means a user is already authenticated with one vendor and requesting for an access to a resource trusted by another vendor. This is conceptually possible through say SAML assertions. Oracle provides support for federation using OAM and OIF (Oracle Identity Federation).

Let’s talk about Fine-grained entitlements. Oracle Entitlement Server (OES) supports complex policies, which are fine-grained not restricted only at the URL access level but a bit deeper in decision making such as web service’s web method access, enable/disable button in UI etc. OES supports XACML standard, it comes with predefined set of PEPs (Policy Enforcement Point), PDPs (Policy Decision Point), PIPs (Policy Enforcement Point).

That’s all for now, I will try to cover more topics on this in my next set of blogs.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: