Oracle Access Manager Overview

10,889 views

Published on

Oracle Access Manager Overview

Published in: Technology
0 Comments
8 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
10,889
On SlideShare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
0
Comments
0
Likes
8
Embeds 0
No embeds

No notes for slide

Oracle Access Manager Overview

  1. 1. Oracle Access Manager Components OAM WebPass: OAM WebPass provides the primary administrative and end-user interface to the OAM Identity Server. OAM Identity Server: OAM Identity Server is the primary engine for interaction with the user repository. OAM Policy Manager: OAM Policy Manager provides the primary administrative interface to the OAM Access Server. This is the Policy Administration Point (PAP) of the access control model. OAM Access Server: OAM Access Server is the policy resolution and decision engine for web access control. This is the Policy Decision Point (PDP) of the access control model. OAM Web Gates: OAM Access Gates (e.g. Web Gates) are usually server-specific modules externalize the server software native security to OAM. Access Gates/Web Gates are the Policy Enforcement Point (PEP) of the access control model. Oracle Access Manager Components OAM WebPass: OAM WebPass provides the primary administrative and end-user interface to the OAM Identity Server. OAM Identity Server: OAM Identity Server is the primary engine for interaction with the user repository. OAM Policy Manager: OAM Policy Manager provides the primary administrative interface to the OAM Access Server. This is the Policy Administration Point (PAP) of the access control model. OAM Access Server: OAM Access Server is the policy resolution and decision engine for web access control. This is the Policy Decision Point (PDP) of the access control model. OAM Web Gates: OAM Access Gates (e.g. Web Gates) are usually server-specific modules externalize the server software native security to OAM. Access Gates/Web Gates are the Policy Enforcement Point (PEP) of the access control model.
  2. 2. OAM System Components: Identity • Shared Infrastructure LDAP-based User, Configuration and Policy data storage Identity Server defines user/group/org objects for Access Server • Identity Components Identity Server Standalone C++ Server Business logic and request processing Receives requests from and returns responses to WebPass Communicates with directory servers (LDAP/S) • WebPass Web Server plug-in passes information between web server and Identity Server XML to XSL conversions for the browser UI (PresentationXML) Redirects HTTP requests from the browser to Access Server Redirects HTTP requests from IdentityXML SOAP API to Identity Server Does no other processing of user requests Identity System Console • Provides web based administration and configuration
  3. 3. • Access Components Access Server Standalone C++ Server Policy decision point (PDP) Receives requests from WebGates/AccessGates Returns decisions and responses to WebGates / AccessGates Communicates with directory servers (LDAP/S) Answers Access Server SDK requests Centralized policy enforcement and logging engine • WebGates Web Server plug-in passes information between web server and Access Server Passes HTTP request information from the web server to Access Server Follows response directives (e.g. HTTP 302 Redirect) from Access Servers (policy enforcement points or PEPs) Inject HTTP Header responses into web server request space Passes user authentication data (e.g. username/password, X.509 Subject, etc.) to Access Server for processing • Policy Manager Web Server plug-in communicates directly with user, configuration and policy repositories. Management interface for policy and configuration data (policy management point or PMP) • Access audit policies • Access policies • Resource definitions (HTTP, EJB, etc.) • Cache management/configuration Application Server AccessGates Similar to WebGates Also communicates with Identity components to get JSR subject/principal information Can operate in proxied and non-proxied configurations Prepared by: Basha Shaik Reference: Oracle

×