SlideShare a Scribd company logo

Strategic IT Guide to Oracle IAS and OpenAM SSO Solutions

Download as PPTX, PDF
K
kurtvm

OpenAM can be valid alternative in an Oracle stack. It can tie together Oracle 9i/10g OSSO based midtiers with newer 11g WLS fusion application tiers and even SAML based authentication.

Technology
1 of 46
ITStrategic
ITStrategic BIO  Who am i  Kurt Van Meerbeeck  Engineer in electronics  Working with Java since 1996 (jdk 1.0.2)  Working with Oracle products since 1997 (Oracle 7.3.x, OAS 3.0)  Currently work for AXI NV/BV  Oracle Partner in the Benelux area (www.axi.be/www.axi.nl)  Oracle rdbms/ias  Author of DUDE  Data Unloader tool (www.ora600.be)  Member of the Oaktable Network  www.oaktable.net
ITStrategic A little bit of history Internet Application Server 9i Internet Application Server 10g Fusion Middleware 11g / WLS
ITStrategic ORACLE IAS 10g [ Oracle AS Components [ Middle tiers [ OHS – apache 1.3, mod_oc4j, mod_plsql, m od_rewrite, mod_osso, ... [ Webcache [ J2EE [ Forms, Reports, Disco [ Portal
ITStrategic ORACLE IAS 10g [ Oracle AS Components [ Infrastructure [ OHS – apache 1.3, mod_oc4j, mod_plsql, mod_rewrite, mod_osso, .. . [ OID – LDAP [ J2EE [ SSO server [ OCA [ Rdbms – portal, sso, oca and other configuration & meta data
ITStrategic OSSO Workflow – not yet authenticated MID.axi.be apache J2ee Mod_osso Mod_oc4j http://my.company.com Mod_plsql Apache virtual host - Make it a SSO partner app apache J2ee - register it Oc4j_security - ptlconfig – portal Mod_osso oca - ossoreg.jar – mod_osso INFRA.axi.be - mod_osso.conf Mod_oc4j OID <location /app> Mod_plsql LDAP require valid-user AuthType basic </location> IASDB
ITStrategic OSSO Workflow – not yet authenticated MID.axi.be apache J2ee Partner cookie available ? Mod_osso Mod_oc4j http://my.company.com Mod_plsql infra.axi.be/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=<y> NameVirtualHost *:80 <VirtualHost *:80> ServerName my.company.com apache J2ee Port 80 Oc4j_security # Include the configuration files # needed for mod_osso Mod_osso oca OssoConfigFile /OH/my_comp_osso.conf </VirtualHost> INFRA.axi.be Mod_oc4j OID SSO cookie ? Mod_plsql LDAP -> Generate Redirect to logon page http://infra.axi.be/sso/jsp/login.jsp $OH/sso/policy.properties IASDB
ITStrategic OSSO Workflow – not yet authenticated MID.axi.be apache J2ee Mod_osso Mod_oc4j http://my.company.com Mod_plsql apache J2ee Oc4j_security Mod_osso oca INFRA.axi.be Mod_oc4j OID Mod_plsql LDAP IASDB
ITStrategic OSSO Workflow – not yet authenticated MID.axi.be apache J2ee Mod_osso Mod_oc4j http://my.company.com Mod_plsql HTTP POST - Username Generate Partner cookie - Password Generate redirect to the original URL - Site-token (sitetoken) Check credentials in apache J2ee LDAP/OID Oc4j_security Mod_osso oca INFRA.axi.be Mod_oc4j OID If OK -Generate SSO cookie (SSO_ID) Mod_plsql LDAP -Generate redirect to http://my.company.com/osso_login_success?urlc=<sitetoken> IASDB
ITStrategic OSSO Workflow – not yet authenticated IPASAuthInterface MID.axi.be apache J2ee implements Mod_osso SSOServerA Custom uth Plugin Mod_oc4j http://my.company.com Mod_plsql extends SSOX509CertA SSOKerbeAuth uth apache J2ee Custom Oc4j_security Plugin Mod_osso oca INFRA.axi.be Mod_oc4j OID Mod_plsql LDAP Important for integration - Custom plugins by subclassing OSSO server IASDB
ITStrategic ORACLE 11g FUSION / WEBLOGIC [ Problem [ No infrastructure tier [ No SSO/OID/WNA
ITStrategic ORACLE 11g FUSION / WEBLOGIC [ Premier Support for Oracle Single Sign-On 10gR3 ends on December 31, 2011 [ Limited Extended Support for Oracle Single Sign-On from January 2012 through December 2012 [ It is strongly recommended that you use this additional time to integrate your single sign-on deployment with Oracle Access Manager
ITStrategic ORACLE 11g FUSION / WEBLOGIC Extra licenses and server [ Oracle Access Manager [ Oracle Weblogic Server [ Directory Services Plus
ITStrategic ORACLE 11g FUSION / WEBLOGIC
ITStrategic ORACLE 11g FUSION / WEBLOGIC
ITStrategic Introducing OpenAM [ Open Source alternative [ OpenAM (ForgeRock) [ Based on SUN’s OpenSSO - open sourced before Oracle aqcuisition - most of OpenSSO team quit and started ForgeRock [ Makes use of OpenDJ (based on Sun’s OpenDS) for data store
ITStrategic Concept [ Concept for most access managers is the same Access ID store AM Web DB Manager LDAP Agent App Server Server OSSO OID Mod_osso Apache1.3 OC4J OpenAM OpenDJ Policy Agent [ So the work is mostly the same –complex  [ But not the license costs ! [ And the platform support and features !
ITStrategic OpenAM product support [ OpenAM server runs on • Apache Tomcat 6.x / 7.x • GlassFish v2 • JBoss Enterprise Application Platform 4.x, 5.x • JBoss Application Server 7.x • Jetty 7 • Oracle WLS 11g • Oracle WLS 12c [ OpenAM policy agents • Apache 2.0, 2.2, 2.4 • MS IIS 6, 7 • GlassFish v2, v3 • Jetty 6.1, v7 • Tomcat v6 • WebSphere v6.1 • Weblogic v10
ITStrategic OpenAM authentication [ Out-of-the-box • Active Directory Auth • Adaptive Risk Auth • Certificate Auth • HTTP Basic Auth • HMAC OTP Auth • JDBC Auth (example database table) • LDAP Auth • OATH Auth (OpenAuth RFC 4226/6238) • Oauth 2.0 Auth • RADIUS Auth • SecureID Auth • Windows Desktop SSO Auth • WSS Auth • Federation (SAML, SAMLv2, WS-Fed 1.1) • …. • Custom Auth plugins
ITStrategic OpenAM authorization [ Authorization • Policy engine • Identity membership • LDAP filter • Time • Resource/location/IP • … • Custom plugins • Entitlements • eXtensible Access Control Markup Language (XACML) • OpenAM : policy admin & decision point (PAP/PDP)
ITStrategic OpenAM architecture
ITStrategic Integration
ITStrategic Use Case [ User Case - requirements - integrate with legacy IAS/OSSO - Portal 10g - Forms 10g - OC4J - OBIEE 10g - integrate with Forms 11g (FMW/WLS) - special case as Forms *needs* OID - integrate with OBIEE 11g (FMW/WLS) - integrate with J2EE apps (FMW/WLS) - integrate apps in the cloud using SAMLv2
ITStrategic Use Case Legacy environment LDAP sync OpenAM OpenDJ AXI Linux Server (cluster) OSSO-OpenAM LDAP sync Tomcat J2EE Server Integration (custom osso plugin) Oracle Custom policy plugin SSO SSO using SAMLv2 Server SSO using OpenAM Policy agents Oracle 10g Infrastructure New environment SSO using Oracle SSO server J2EE Policy agent Oracle 10g Midtiers LAMP in de CLOUD Oracle 11g Weblogic • Forms 10g • SAMLv2 • Forms 11g • Portal 10g • Service Provider • J2EE • J2EE • OBIEE 11g • OBIEE 10g
ITStrategic Integration
ITStrategic OpenAM HA Server Architecture sso.axi.be:80 http loadbalancer snsrv615:8080 Master-master replication snsrv616:8080 ldap.axi.be:389 Tcp loadbalancer snsrv615:1389 snsrv616:1389 Master-master replication
ITStrategic OpenAM HA Server Architecture [ Linux cluster - Keepalived cluster manager - RHEL of Ubuntu based [ HAProxy loadbalancer - L4 – ldap loadbalancing - L7 – http loadbalancing [ Apache2.2 reverse proxy - In front of tomcat - For complex solutions (like integrating osso) [ OpenAM / Tomcat J2EE - Session failover - Multimaster replication [ OpenDJ - Multimaster replication
ITStrategic OpenAM HA Server Architecture Active/passive cluster Sync config Apache2.2 RP Apache2.2 RP L7 LB HAProxy Active/passive cluster Active/active cluster Session replication OpenAM OpenAM HAProxy L4 LB Active/active cluster Multimaster replication OpenDJ OpenDJ
ITStrategic Integration OSSO
ITStrategic Integration OSSO Legacy environment LDAP sync OpenAM OpenDJ AXI Linux Server (cluster) OSSO-OpenAM LDAP sync Tomcat J2EE Server Integration (custom osso plugin) Oracle SSO Server public class OpenAMAuth extends SSOServerAuth Oracle 10g Infrastructure IPASAuthInterface SSO using Oracle SSO server implements SSOServer Custom Auth Plugin extends Oracle 10g Midtiers SSOX509Cert SSOKerbeAuth • Forms 10g Auth • Portal 10g • J2EE Custom • OBIEE 10g Plugin
ITStrategic Integration OSSO Legacy environment LDAP sync OpenAM OpenDJ AXI Linux Server (cluster) OSSO-OpenAM LDAP sync Tomcat J2EE Server Integration (custom osso plugin) Oracle SSO Server Oracle 10g Infrastructure SSO using Oracle SSO server Oracle 10g Midtiers • Forms 10g • Portal 10g • J2EE • OBIEE 10g
ITStrategic Integration Forms 11g
ITStrategic Integration Forms 11g [ Forms is *SPECIAL* - It will check the version of OID in SSO mode ! - What if you want to get rid of OID ??? Osso-user-dn Osso-subscriber-dn Extra LDAP queries [ RAD’s [ Root DSE orcldirectoryversion
ITStrategic Integration Forms 11g [ Forms is *SPECIAL* - Forms 11g can be plugged into an OID LDAP - What if we could mimic OID using OpenDJ 1. Recreate OID LDAP schema in OpenDJ (ldapsearch) 2. Add orcldirectoryversion to OpenDJ root DSE 3. Plugin Forms11g into OpenDJ !!!
ITStrategic Integration Forms 11g [ Forms is *SPECIAL* but can make use of OpenAM/OpenDJ without OID Osso-user-dn Osso-subscriber-dn Extra LDAP queries [ RAD’s [ Root DSE orcldirectoryversion
ITStrategic Integration OBIEE 11g
ITStrategic Integration OBIEE 11g [ OBIEE 11g runs on top of WLS - Makes use of Oracle Platform Security Services - Switch from embedded ldap to OpenDJ (iplanetAuthenticator) - Configure http header identity asserter (Generic SSO) - Configure OpenDJ (OBIEE groups / BIAuthor, BIAdministrators, etc) - Deploy OpenAM J2EE Policy Agent - Modify OIBIEE analytics war to add J2EE filter (redeploy) - Resync identity GUID attribute with OpenDJ - Modify RPD to use LDAP in initialisation blocks
ITStrategic Integration OBIEE 11g http header id asserter Generic SSO OBIEE 11g / WLS DefaultAuthenticator 6 OPSS ID store 1 5 OBI Embedded 2 Policy store LDAP Credential store Apache rp/ssl OpenAM J2EE policy agent (J2EE filter) IPlanetAuthenticator 3 7 4 OpenAM OpenDJ OpenDJ LDAP LDAP
ITStrategic Integration cloud applications
ITStrategic Integration cloud applications [ OpenAM supports SAMLv2 (and WS-Fed 1.1) and can act as IdP - Agentless WEB SSO - Cross-domain / cross-platform / cross-organisation - Passive – all communcation through user browser - http post/redirect - Provide the app (Service Provider) with all needed info through SAML assertions (attributes) - displayName - Email - Application roles & rights - Custom attribute mapper using jdbc
ITStrategic Integration cloud applications [ At this point…. Users logged on in Portal 10g Policy Agents Policy Agents Policy Agents … Internal app servers can seamlessly logon to apps in the cloud using SAML ! SAML Identity Provider (IdP) OpenAM cluster https://idp.axi.nl AXI SAML based SSO External app servers SAML SP SAML SP SAML SP
ITStrategic What about …
ITStrategic Out of the box mobile app authenticatie with WS-REST (5)logout /identity/logout?subjectid=AQIC5wM2LY4RfckcedfzxGrgVYevbKR- SgBkuemF4Cmm5Qg.*AAJTSQABMDE.* https://sso.axi.be (1) Authenticate /identity/authenticate?username=<uname>&password=<passwd> Apache 2.2 SSL/RP server AXI public dmz (2) token.id=AQIC5wM2LY4RfckcedfzxGrgVYevbKR-SgBkuemF4Cmm5Qg.*AAJTSQABMDE.* https://mobile.axi.be OpenAM OpenDJ Linux Server (keepalived cluster) Apache 2.2 SSL/RP server TOMCAT J2EE Server Mod_security (3) Validate /identity/isTokenValid?tokenid=AQIC5wM2LY4RfckcedfzxGrgVYevbKR- SgBkuemF4Cmm5Qg.*AAJTSQABMDE.* (4) Retrieve attributes (is customer?) /identity/attributes?subjectid=AQIC5wM2LY4RfckcedfzxGrgVYevbKR- SgBkuemF4Cmm5Qg.*AAJTSQABMDE.* J2EE Server
ITStrategic Use Case REST-WS Legacy environment LDAP sync OpenAM OpenDJ AXI Linux Server (cluster) OSSO-OpenAM LDAP sync Tomcat J2EE Server Integration (custom osso plugin) Oracle Custom policy plugin SSO SSO using SAMLv2 Server SSO using OpenAM Policy agents Oracle 10g Infrastructure New environment SSO using Oracle SSO server J2EE Policy agent Oracle 10g Midtiers LAMP in de CLOUD Oracle 11g Weblogic • Forms 10g • SAMLv2 • Forms 11g • Portal 10g • Service Provider • J2EE • J2EE • OBIEE 11g • OBIEE 10g
ITStrategic Conclusion [ Who can benefit from OpenAM • Organisations running IAS9i/10g migrating to 11g WLS • Organisations running multiple web-based apps and want to implement SSO • Organisations wanting to integratie cloud apps using SAMLv2 • Organisations wanting to implement WS Security • Organisations wanting to migrate from Sun OpenSSO to ForgeRock OpenAM [ Benefits • Proven technologie – Sun OpenSSO ! • Easy to customize (auth plugin, policy plugin, saml assertion plugin etc) • Pricing
24/7 Q&A

Recommended

Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSOkurtvm
 
Case Study: Plus Retail - Moving from the Old World to the New World
Case Study: Plus Retail - Moving from the Old World to the New WorldCase Study: Plus Retail - Moving from the Old World to the New World
Case Study: Plus Retail - Moving from the Old World to the New WorldForgeRock
 
SSL Everywhere!
SSL Everywhere!SSL Everywhere!
SSL Everywhere!Simon Haslam
 
Hacking oracle using metasploit
Hacking oracle using metasploitHacking oracle using metasploit
Hacking oracle using metasploitAlberto García Illera
 
WebLogic in Practice: SSL Configuration
WebLogic in Practice: SSL ConfigurationWebLogic in Practice: SSL Configuration
WebLogic in Practice: SSL ConfigurationSimon Haslam
 
Tips & Tricks for Java & SOA Cloud Service
Tips & Tricks for Java & SOA Cloud ServiceTips & Tricks for Java & SOA Cloud Service
Tips & Tricks for Java & SOA Cloud ServiceSimon Haslam
 
WebLogic Scripting Tool made Cool!
WebLogic Scripting Tool made Cool!WebLogic Scripting Tool made Cool!
WebLogic Scripting Tool made Cool!Maarten Smeets
 
Experiences of SOACS
Experiences of SOACSExperiences of SOACS
Experiences of SOACSSimon Haslam
 

Recommended

Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSOkurtvm
 
Case Study: Plus Retail - Moving from the Old World to the New World
Case Study: Plus Retail - Moving from the Old World to the New WorldCase Study: Plus Retail - Moving from the Old World to the New World
Case Study: Plus Retail - Moving from the Old World to the New WorldForgeRock
 
SSL Everywhere!
SSL Everywhere!SSL Everywhere!
SSL Everywhere!Simon Haslam
 
Hacking oracle using metasploit
Hacking oracle using metasploitHacking oracle using metasploit
Hacking oracle using metasploitAlberto García Illera
 
WebLogic in Practice: SSL Configuration
WebLogic in Practice: SSL ConfigurationWebLogic in Practice: SSL Configuration
WebLogic in Practice: SSL ConfigurationSimon Haslam
 
Tips & Tricks for Java & SOA Cloud Service
Tips & Tricks for Java & SOA Cloud ServiceTips & Tricks for Java & SOA Cloud Service
Tips & Tricks for Java & SOA Cloud ServiceSimon Haslam
 
WebLogic Scripting Tool made Cool!
WebLogic Scripting Tool made Cool!WebLogic Scripting Tool made Cool!
WebLogic Scripting Tool made Cool!Maarten Smeets
 
Experiences of SOACS
Experiences of SOACSExperiences of SOACS
Experiences of SOACSSimon Haslam
 
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...Sumit Gupta
 
2012 ohiolinuxfest replication
2012 ohiolinuxfest replication2012 ohiolinuxfest replication
2012 ohiolinuxfest replicationsqlhjalp
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debuggingMaarten Smeets
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOOliver Mueller
 
ORDS - Oracle REST Data Services
ORDS - Oracle REST Data ServicesORDS - Oracle REST Data Services
ORDS - Oracle REST Data ServicesJustin Michael Raj
 
SSO With APEX and ADFS the weblogic way
SSO With APEX and ADFS the weblogic waySSO With APEX and ADFS the weblogic way
SSO With APEX and ADFS the weblogic waymakker_nl
 
Expose your data as an api is with oracle rest data services -spoug Madrid
Expose your data as an api is with oracle rest data services -spoug MadridExpose your data as an api is with oracle rest data services -spoug Madrid
Expose your data as an api is with oracle rest data services -spoug MadridVinay Kumar
 
Oracle Office Hours - Exposing REST services with APEX and ORDS
Oracle Office Hours - Exposing REST services with APEX and ORDSOracle Office Hours - Exposing REST services with APEX and ORDS
Oracle Office Hours - Exposing REST services with APEX and ORDSDoug Gault
 
Enabling: Optimized Integrations at Amway with Oracle SOA Suite
Enabling: Optimized Integrations at Amway with Oracle SOA SuiteEnabling: Optimized Integrations at Amway with Oracle SOA Suite
Enabling: Optimized Integrations at Amway with Oracle SOA SuiteRevelation Technologies
 
Implementing Oracle Identity Management Using External Authentication Plug-In
Implementing Oracle Identity Management Using External Authentication Plug-InImplementing Oracle Identity Management Using External Authentication Plug-In
Implementing Oracle Identity Management Using External Authentication Plug-InDinesh Gupta
 
Oracle SOA Suite 12.2.1 new features
Oracle SOA Suite 12.2.1 new featuresOracle SOA Suite 12.2.1 new features
Oracle SOA Suite 12.2.1 new featuresMaarten Smeets
 
Spring 3.1: a Walking Tour
Spring 3.1: a Walking TourSpring 3.1: a Walking Tour
Spring 3.1: a Walking TourJoshua Long
 
Java ee 8 + security overview
Java ee 8 + security overviewJava ee 8 + security overview
Java ee 8 + security overviewRudy De Busscher
 
A Walking Tour of (almost) all of Springdom
A Walking Tour of (almost) all of Springdom A Walking Tour of (almost) all of Springdom
A Walking Tour of (almost) all of Springdom Joshua Long
 
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...J V
 
TWJUG August, MySQL JDBC Driver "Connector/J"
TWJUG August, MySQL JDBC Driver "Connector/J"TWJUG August, MySQL JDBC Driver "Connector/J"
TWJUG August, MySQL JDBC Driver "Connector/J"Ryusuke Kajiyama
 
SharePoint is from Mars, SQL Server is from Venus (SQL Server for SharePoint ...
SharePoint is from Mars, SQL Server is from Venus (SQL Server for SharePoint ...SharePoint is from Mars, SQL Server is from Venus (SQL Server for SharePoint ...
SharePoint is from Mars, SQL Server is from Venus (SQL Server for SharePoint ...Mark Broadbent
 
What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)Rudy De Busscher
 
jsf2 Notes
jsf2 Notesjsf2 Notes
jsf2 NotesRajiv Gupta
 
WebLogic for DBAs
WebLogic for DBAsWebLogic for DBAs
WebLogic for DBAsSimon Haslam
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An IntroductionForgeRock
 
IE05 Open Source Software
IE05 Open Source SoftwareIE05 Open Source Software
IE05 Open Source Softwaremaki2055
 

More Related Content

What's hot

Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...Sumit Gupta
 
2012 ohiolinuxfest replication
2012 ohiolinuxfest replication2012 ohiolinuxfest replication
2012 ohiolinuxfest replicationsqlhjalp
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debuggingMaarten Smeets
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOOliver Mueller
 
ORDS - Oracle REST Data Services
ORDS - Oracle REST Data ServicesORDS - Oracle REST Data Services
ORDS - Oracle REST Data ServicesJustin Michael Raj
 
SSO With APEX and ADFS the weblogic way
SSO With APEX and ADFS the weblogic waySSO With APEX and ADFS the weblogic way
SSO With APEX and ADFS the weblogic waymakker_nl
 
Expose your data as an api is with oracle rest data services -spoug Madrid
Expose your data as an api is with oracle rest data services -spoug MadridExpose your data as an api is with oracle rest data services -spoug Madrid
Expose your data as an api is with oracle rest data services -spoug MadridVinay Kumar
 
Oracle Office Hours - Exposing REST services with APEX and ORDS
Oracle Office Hours - Exposing REST services with APEX and ORDSOracle Office Hours - Exposing REST services with APEX and ORDS
Oracle Office Hours - Exposing REST services with APEX and ORDSDoug Gault
 
Enabling: Optimized Integrations at Amway with Oracle SOA Suite
Enabling: Optimized Integrations at Amway with Oracle SOA SuiteEnabling: Optimized Integrations at Amway with Oracle SOA Suite
Enabling: Optimized Integrations at Amway with Oracle SOA SuiteRevelation Technologies
 
Implementing Oracle Identity Management Using External Authentication Plug-In
Implementing Oracle Identity Management Using External Authentication Plug-InImplementing Oracle Identity Management Using External Authentication Plug-In
Implementing Oracle Identity Management Using External Authentication Plug-InDinesh Gupta
 
Oracle SOA Suite 12.2.1 new features
Oracle SOA Suite 12.2.1 new featuresOracle SOA Suite 12.2.1 new features
Oracle SOA Suite 12.2.1 new featuresMaarten Smeets
 
Spring 3.1: a Walking Tour
Spring 3.1: a Walking TourSpring 3.1: a Walking Tour
Spring 3.1: a Walking TourJoshua Long
 
Java ee 8 + security overview
Java ee 8 + security overviewJava ee 8 + security overview
Java ee 8 + security overviewRudy De Busscher
 
A Walking Tour of (almost) all of Springdom
A Walking Tour of (almost) all of Springdom A Walking Tour of (almost) all of Springdom
A Walking Tour of (almost) all of Springdom Joshua Long
 
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...J V
 
TWJUG August, MySQL JDBC Driver "Connector/J"
TWJUG August, MySQL JDBC Driver "Connector/J"TWJUG August, MySQL JDBC Driver "Connector/J"
TWJUG August, MySQL JDBC Driver "Connector/J"Ryusuke Kajiyama
 
SharePoint is from Mars, SQL Server is from Venus (SQL Server for SharePoint ...
SharePoint is from Mars, SQL Server is from Venus (SQL Server for SharePoint ...SharePoint is from Mars, SQL Server is from Venus (SQL Server for SharePoint ...
SharePoint is from Mars, SQL Server is from Venus (SQL Server for SharePoint ...Mark Broadbent
 
What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)Rudy De Busscher
 

What's hot (20)

Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
 
2012 ohiolinuxfest replication
2012 ohiolinuxfest replication2012 ohiolinuxfest replication
2012 ohiolinuxfest replication
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debugging
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSO
 
ORDS - Oracle REST Data Services
ORDS - Oracle REST Data ServicesORDS - Oracle REST Data Services
ORDS - Oracle REST Data Services
 
SSO With APEX and ADFS the weblogic way
SSO With APEX and ADFS the weblogic waySSO With APEX and ADFS the weblogic way
SSO With APEX and ADFS the weblogic way
 
Expose your data as an api is with oracle rest data services -spoug Madrid
Expose your data as an api is with oracle rest data services -spoug MadridExpose your data as an api is with oracle rest data services -spoug Madrid
Expose your data as an api is with oracle rest data services -spoug Madrid
 
Oracle Office Hours - Exposing REST services with APEX and ORDS
Oracle Office Hours - Exposing REST services with APEX and ORDSOracle Office Hours - Exposing REST services with APEX and ORDS
Oracle Office Hours - Exposing REST services with APEX and ORDS
 
Enabling: Optimized Integrations at Amway with Oracle SOA Suite
Enabling: Optimized Integrations at Amway with Oracle SOA SuiteEnabling: Optimized Integrations at Amway with Oracle SOA Suite
Enabling: Optimized Integrations at Amway with Oracle SOA Suite
 
Implementing Oracle Identity Management Using External Authentication Plug-In
Implementing Oracle Identity Management Using External Authentication Plug-InImplementing Oracle Identity Management Using External Authentication Plug-In
Implementing Oracle Identity Management Using External Authentication Plug-In
 
Oracle SOA Suite 12.2.1 new features
Oracle SOA Suite 12.2.1 new featuresOracle SOA Suite 12.2.1 new features
Oracle SOA Suite 12.2.1 new features
 
Spring 3.1: a Walking Tour
Spring 3.1: a Walking TourSpring 3.1: a Walking Tour
Spring 3.1: a Walking Tour
 
Java ee 8 + security overview
Java ee 8 + security overviewJava ee 8 + security overview
Java ee 8 + security overview
 
A Walking Tour of (almost) all of Springdom
A Walking Tour of (almost) all of Springdom A Walking Tour of (almost) all of Springdom
A Walking Tour of (almost) all of Springdom
 
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
 
TWJUG August, MySQL JDBC Driver "Connector/J"
TWJUG August, MySQL JDBC Driver "Connector/J"TWJUG August, MySQL JDBC Driver "Connector/J"
TWJUG August, MySQL JDBC Driver "Connector/J"
 
SharePoint is from Mars, SQL Server is from Venus (SQL Server for SharePoint ...
SharePoint is from Mars, SQL Server is from Venus (SQL Server for SharePoint ...SharePoint is from Mars, SQL Server is from Venus (SQL Server for SharePoint ...
SharePoint is from Mars, SQL Server is from Venus (SQL Server for SharePoint ...
 
What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)What is tackled in the Java EE Security API (Java EE 8)
What is tackled in the Java EE Security API (Java EE 8)
 
jsf2 Notes
jsf2 Notesjsf2 Notes
jsf2 Notes
 
WebLogic for DBAs
WebLogic for DBAsWebLogic for DBAs
WebLogic for DBAs
 

Viewers also liked

OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An IntroductionForgeRock
 
IE05 Open Source Software
IE05 Open Source SoftwareIE05 Open Source Software
IE05 Open Source Softwaremaki2055
 
A Centralized and Scalable Retail Solution based on Oracle Advanced Queueing
A Centralized and Scalable Retail Solution based on Oracle Advanced QueueingA Centralized and Scalable Retail Solution based on Oracle Advanced Queueing
A Centralized and Scalable Retail Solution based on Oracle Advanced Queueingkurtvm
 
Nevera Dul Moment
Nevera Dul MomentNevera Dul Moment
Nevera Dul Momentkurtvm
 
Opendj - A LDAP Server for dummies
Opendj - A LDAP Server for dummiesOpendj - A LDAP Server for dummies
Opendj - A LDAP Server for dummiesClaudio Borges
 
Présentation Oauth OpenID
Présentation Oauth OpenIDPrésentation Oauth OpenID
Présentation Oauth OpenIDPascal Flamand
 

Viewers also liked (7)

OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
 
IE05 Open Source Software
IE05 Open Source SoftwareIE05 Open Source Software
IE05 Open Source Software
 
A Centralized and Scalable Retail Solution based on Oracle Advanced Queueing
A Centralized and Scalable Retail Solution based on Oracle Advanced QueueingA Centralized and Scalable Retail Solution based on Oracle Advanced Queueing
A Centralized and Scalable Retail Solution based on Oracle Advanced Queueing
 
Nevera Dul Moment
Nevera Dul MomentNevera Dul Moment
Nevera Dul Moment
 
SSO PPTX
SSO PPTXSSO PPTX
SSO PPTX
 
Opendj - A LDAP Server for dummies
Opendj - A LDAP Server for dummiesOpendj - A LDAP Server for dummies
Opendj - A LDAP Server for dummies
 
Présentation Oauth OpenID
Présentation Oauth OpenIDPrésentation Oauth OpenID
Présentation Oauth OpenID
 

Similar to Strategic IT Guide to Oracle IAS and OpenAM SSO Solutions

Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Anna Klepacka
 
Scorware - Spring Introduction
Scorware - Spring IntroductionScorware - Spring Introduction
Scorware - Spring Introductionvschiavoni
 
Scaling MongoDB in the cloud with Microsoft Azure
Scaling MongoDB in the cloud with Microsoft AzureScaling MongoDB in the cloud with Microsoft Azure
Scaling MongoDB in the cloud with Microsoft AzureIvan Fioravanti
 
system automation, integration and recovery
system automation, integration and recoverysystem automation, integration and recovery
system automation, integration and recoveryDerek Chang
 
IKS early adopters workshop - introducing FISE
IKS early adopters workshop - introducing FISEIKS early adopters workshop - introducing FISE
IKS early adopters workshop - introducing FISEBertrand Delacretaz
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRailwaymen
 
Red Hat and Oracle: Delivering on the Promise of Interoperability in Java EE 7
Red Hat and Oracle: Delivering on the Promise of Interoperability in Java EE 7Red Hat and Oracle: Delivering on the Promise of Interoperability in Java EE 7
Red Hat and Oracle: Delivering on the Promise of Interoperability in Java EE 7Max Andersen
 
Jug Poitou Charentes - Apache, OSGi and Karaf
Jug Poitou Charentes - Apache, OSGi and KarafJug Poitou Charentes - Apache, OSGi and Karaf
Jug Poitou Charentes - Apache, OSGi and KarafGuillaume Nodet
 
01 demystifying mysq-lfororacledbaanddeveloperv1
01 demystifying mysq-lfororacledbaanddeveloperv101 demystifying mysq-lfororacledbaanddeveloperv1
01 demystifying mysq-lfororacledbaanddeveloperv1Ivan Ma
 
Introduction to require js
Introduction to require jsIntroduction to require js
Introduction to require jsAhmed Elharouny
 
Hacking Oracle Web Applications With Metasploit
Hacking Oracle Web Applications With MetasploitHacking Oracle Web Applications With Metasploit
Hacking Oracle Web Applications With MetasploitChris Gates
 
oozieee.pdf
oozieee.pdfoozieee.pdf
oozieee.pdfwwww63
 
Apache, osgi and karaf par Guillaume Nodet
Apache, osgi and karaf par Guillaume NodetApache, osgi and karaf par Guillaume Nodet
Apache, osgi and karaf par Guillaume NodetNormandy JUG
 
Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012Christian Frichot
 
Enterprise Spring Building Scalable Applications
Enterprise Spring Building Scalable ApplicationsEnterprise Spring Building Scalable Applications
Enterprise Spring Building Scalable ApplicationsGordon Dickens
 

Similar to Strategic IT Guide to Oracle IAS and OpenAM SSO Solutions (20)

Idm(oia oam) syllabus
Idm(oia oam) syllabusIdm(oia oam) syllabus
Idm(oia oam) syllabus
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
 
Scorware - Spring Introduction
Scorware - Spring IntroductionScorware - Spring Introduction
Scorware - Spring Introduction
 
Scaling MongoDB in the cloud with Microsoft Azure
Scaling MongoDB in the cloud with Microsoft AzureScaling MongoDB in the cloud with Microsoft Azure
Scaling MongoDB in the cloud with Microsoft Azure
 
system automation, integration and recovery
system automation, integration and recoverysystem automation, integration and recovery
system automation, integration and recovery
 
IKS early adopters workshop - introducing FISE
IKS early adopters workshop - introducing FISEIKS early adopters workshop - introducing FISE
IKS early adopters workshop - introducing FISE
 
RoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails exampleRoR Workshop - Web applications hacking - Ruby on Rails example
RoR Workshop - Web applications hacking - Ruby on Rails example
 
Red Hat and Oracle: Delivering on the Promise of Interoperability in Java EE 7
Red Hat and Oracle: Delivering on the Promise of Interoperability in Java EE 7Red Hat and Oracle: Delivering on the Promise of Interoperability in Java EE 7
Red Hat and Oracle: Delivering on the Promise of Interoperability in Java EE 7
 
Jug Poitou Charentes - Apache, OSGi and Karaf
Jug Poitou Charentes - Apache, OSGi and KarafJug Poitou Charentes - Apache, OSGi and Karaf
Jug Poitou Charentes - Apache, OSGi and Karaf
 
01 demystifying mysq-lfororacledbaanddeveloperv1
01 demystifying mysq-lfororacledbaanddeveloperv101 demystifying mysq-lfororacledbaanddeveloperv1
01 demystifying mysq-lfororacledbaanddeveloperv1
 
CQ5 and Sling overview
CQ5 and Sling overviewCQ5 and Sling overview
CQ5 and Sling overview
 
Introduction to require js
Introduction to require jsIntroduction to require js
Introduction to require js
 
Hacking Oracle Web Applications With Metasploit
Hacking Oracle Web Applications With MetasploitHacking Oracle Web Applications With Metasploit
Hacking Oracle Web Applications With Metasploit
 
oozieee.pdf
oozieee.pdfoozieee.pdf
oozieee.pdf
 
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
 
Hadoop Oozie
Hadoop OozieHadoop Oozie
Hadoop Oozie
 
Apache, osgi and karaf par Guillaume Nodet
Apache, osgi and karaf par Guillaume NodetApache, osgi and karaf par Guillaume Nodet
Apache, osgi and karaf par Guillaume Nodet
 
Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012
 
Enterprise Spring Building Scalable Applications
Enterprise Spring Building Scalable ApplicationsEnterprise Spring Building Scalable Applications
Enterprise Spring Building Scalable Applications
 
Karaf ee-apachecon eu-2012
Karaf ee-apachecon eu-2012Karaf ee-apachecon eu-2012
Karaf ee-apachecon eu-2012
 

Recently uploaded

Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 

Recently uploaded (20)

Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 

Strategic IT Guide to Oracle IAS and OpenAM SSO Solutions

  • 2. ITStrategic BIO  Who am i  Kurt Van Meerbeeck  Engineer in electronics  Working with Java since 1996 (jdk 1.0.2)  Working with Oracle products since 1997 (Oracle 7.3.x, OAS 3.0)  Currently work for AXI NV/BV  Oracle Partner in the Benelux area (www.axi.be/www.axi.nl)  Oracle rdbms/ias  Author of DUDE  Data Unloader tool (www.ora600.be)  Member of the Oaktable Network  www.oaktable.net
  • 3. ITStrategic A little bit of history Internet Application Server 9i Internet Application Server 10g Fusion Middleware 11g / WLS
  • 4. ITStrategic ORACLE IAS 10g [ Oracle AS Components [ Middle tiers [ OHS – apache 1.3, mod_oc4j, mod_plsql, m od_rewrite, mod_osso, ... [ Webcache [ J2EE [ Forms, Reports, Disco [ Portal
  • 5. ITStrategic ORACLE IAS 10g [ Oracle AS Components [ Infrastructure [ OHS – apache 1.3, mod_oc4j, mod_plsql, mod_rewrite, mod_osso, .. . [ OID – LDAP [ J2EE [ SSO server [ OCA [ Rdbms – portal, sso, oca and other configuration & meta data
  • 6. ITStrategic OSSO Workflow – not yet authenticated MID.axi.be apache J2ee Mod_osso Mod_oc4j http://my.company.com Mod_plsql Apache virtual host - Make it a SSO partner app apache J2ee - register it Oc4j_security - ptlconfig – portal Mod_osso oca - ossoreg.jar – mod_osso INFRA.axi.be - mod_osso.conf Mod_oc4j OID <location /app> Mod_plsql LDAP require valid-user AuthType basic </location> IASDB
  • 7. ITStrategic OSSO Workflow – not yet authenticated MID.axi.be apache J2ee Partner cookie available ? Mod_osso Mod_oc4j http://my.company.com Mod_plsql infra.axi.be/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=<y> NameVirtualHost *:80 <VirtualHost *:80> ServerName my.company.com apache J2ee Port 80 Oc4j_security # Include the configuration files # needed for mod_osso Mod_osso oca OssoConfigFile /OH/my_comp_osso.conf </VirtualHost> INFRA.axi.be Mod_oc4j OID SSO cookie ? Mod_plsql LDAP -> Generate Redirect to logon page http://infra.axi.be/sso/jsp/login.jsp $OH/sso/policy.properties IASDB
  • 8. ITStrategic OSSO Workflow – not yet authenticated MID.axi.be apache J2ee Mod_osso Mod_oc4j http://my.company.com Mod_plsql apache J2ee Oc4j_security Mod_osso oca INFRA.axi.be Mod_oc4j OID Mod_plsql LDAP IASDB
  • 9. ITStrategic OSSO Workflow – not yet authenticated MID.axi.be apache J2ee Mod_osso Mod_oc4j http://my.company.com Mod_plsql HTTP POST - Username Generate Partner cookie - Password Generate redirect to the original URL - Site-token (sitetoken) Check credentials in apache J2ee LDAP/OID Oc4j_security Mod_osso oca INFRA.axi.be Mod_oc4j OID If OK -Generate SSO cookie (SSO_ID) Mod_plsql LDAP -Generate redirect to http://my.company.com/osso_login_success?urlc=<sitetoken> IASDB
  • 10. ITStrategic OSSO Workflow – not yet authenticated IPASAuthInterface MID.axi.be apache J2ee implements Mod_osso SSOServerA Custom uth Plugin Mod_oc4j http://my.company.com Mod_plsql extends SSOX509CertA SSOKerbeAuth uth apache J2ee Custom Oc4j_security Plugin Mod_osso oca INFRA.axi.be Mod_oc4j OID Mod_plsql LDAP Important for integration - Custom plugins by subclassing OSSO server IASDB
  • 11. ITStrategic ORACLE 11g FUSION / WEBLOGIC [ Problem [ No infrastructure tier [ No SSO/OID/WNA
  • 12. ITStrategic ORACLE 11g FUSION / WEBLOGIC [ Premier Support for Oracle Single Sign-On 10gR3 ends on December 31, 2011 [ Limited Extended Support for Oracle Single Sign-On from January 2012 through December 2012 [ It is strongly recommended that you use this additional time to integrate your single sign-on deployment with Oracle Access Manager
  • 13. ITStrategic ORACLE 11g FUSION / WEBLOGIC Extra licenses and server [ Oracle Access Manager [ Oracle Weblogic Server [ Directory Services Plus
  • 14. ITStrategic ORACLE 11g FUSION / WEBLOGIC
  • 15. ITStrategic ORACLE 11g FUSION / WEBLOGIC
  • 16. ITStrategic Introducing OpenAM [ Open Source alternative [ OpenAM (ForgeRock) [ Based on SUN’s OpenSSO - open sourced before Oracle aqcuisition - most of OpenSSO team quit and started ForgeRock [ Makes use of OpenDJ (based on Sun’s OpenDS) for data store
  • 17. ITStrategic Concept [ Concept for most access managers is the same Access ID store AM Web DB Manager LDAP Agent App Server Server OSSO OID Mod_osso Apache1.3 OC4J OpenAM OpenDJ Policy Agent [ So the work is mostly the same –complex  [ But not the license costs ! [ And the platform support and features !
  • 18. ITStrategic OpenAM product support [ OpenAM server runs on • Apache Tomcat 6.x / 7.x • GlassFish v2 • JBoss Enterprise Application Platform 4.x, 5.x • JBoss Application Server 7.x • Jetty 7 • Oracle WLS 11g • Oracle WLS 12c [ OpenAM policy agents • Apache 2.0, 2.2, 2.4 • MS IIS 6, 7 • GlassFish v2, v3 • Jetty 6.1, v7 • Tomcat v6 • WebSphere v6.1 • Weblogic v10
  • 19. ITStrategic OpenAM authentication [ Out-of-the-box • Active Directory Auth • Adaptive Risk Auth • Certificate Auth • HTTP Basic Auth • HMAC OTP Auth • JDBC Auth (example database table) • LDAP Auth • OATH Auth (OpenAuth RFC 4226/6238) • Oauth 2.0 Auth • RADIUS Auth • SecureID Auth • Windows Desktop SSO Auth • WSS Auth • Federation (SAML, SAMLv2, WS-Fed 1.1) • …. • Custom Auth plugins
  • 20. ITStrategic OpenAM authorization [ Authorization • Policy engine • Identity membership • LDAP filter • Time • Resource/location/IP • … • Custom plugins • Entitlements • eXtensible Access Control Markup Language (XACML) • OpenAM : policy admin & decision point (PAP/PDP)
  • 21. ITStrategic OpenAM architecture
  • 22. ITStrategic Integration
  • 23. ITStrategic Use Case [ User Case - requirements - integrate with legacy IAS/OSSO - Portal 10g - Forms 10g - OC4J - OBIEE 10g - integrate with Forms 11g (FMW/WLS) - special case as Forms *needs* OID - integrate with OBIEE 11g (FMW/WLS) - integrate with J2EE apps (FMW/WLS) - integrate apps in the cloud using SAMLv2
  • 24. ITStrategic Use Case Legacy environment LDAP sync OpenAM OpenDJ AXI Linux Server (cluster) OSSO-OpenAM LDAP sync Tomcat J2EE Server Integration (custom osso plugin) Oracle Custom policy plugin SSO SSO using SAMLv2 Server SSO using OpenAM Policy agents Oracle 10g Infrastructure New environment SSO using Oracle SSO server J2EE Policy agent Oracle 10g Midtiers LAMP in de CLOUD Oracle 11g Weblogic • Forms 10g • SAMLv2 • Forms 11g • Portal 10g • Service Provider • J2EE • J2EE • OBIEE 11g • OBIEE 10g
  • 25. ITStrategic Integration
  • 26. ITStrategic OpenAM HA Server Architecture sso.axi.be:80 http loadbalancer snsrv615:8080 Master-master replication snsrv616:8080 ldap.axi.be:389 Tcp loadbalancer snsrv615:1389 snsrv616:1389 Master-master replication
  • 27. ITStrategic OpenAM HA Server Architecture [ Linux cluster - Keepalived cluster manager - RHEL of Ubuntu based [ HAProxy loadbalancer - L4 – ldap loadbalancing - L7 – http loadbalancing [ Apache2.2 reverse proxy - In front of tomcat - For complex solutions (like integrating osso) [ OpenAM / Tomcat J2EE - Session failover - Multimaster replication [ OpenDJ - Multimaster replication
  • 28. ITStrategic OpenAM HA Server Architecture Active/passive cluster Sync config Apache2.2 RP Apache2.2 RP L7 LB HAProxy Active/passive cluster Active/active cluster Session replication OpenAM OpenAM HAProxy L4 LB Active/active cluster Multimaster replication OpenDJ OpenDJ
  • 29. ITStrategic Integration OSSO
  • 30. ITStrategic Integration OSSO Legacy environment LDAP sync OpenAM OpenDJ AXI Linux Server (cluster) OSSO-OpenAM LDAP sync Tomcat J2EE Server Integration (custom osso plugin) Oracle SSO Server public class OpenAMAuth extends SSOServerAuth Oracle 10g Infrastructure IPASAuthInterface SSO using Oracle SSO server implements SSOServer Custom Auth Plugin extends Oracle 10g Midtiers SSOX509Cert SSOKerbeAuth • Forms 10g Auth • Portal 10g • J2EE Custom • OBIEE 10g Plugin
  • 31. ITStrategic Integration OSSO Legacy environment LDAP sync OpenAM OpenDJ AXI Linux Server (cluster) OSSO-OpenAM LDAP sync Tomcat J2EE Server Integration (custom osso plugin) Oracle SSO Server Oracle 10g Infrastructure SSO using Oracle SSO server Oracle 10g Midtiers • Forms 10g • Portal 10g • J2EE • OBIEE 10g
  • 32. ITStrategic Integration Forms 11g
  • 33. ITStrategic Integration Forms 11g [ Forms is *SPECIAL* - It will check the version of OID in SSO mode ! - What if you want to get rid of OID ??? Osso-user-dn Osso-subscriber-dn Extra LDAP queries [ RAD’s [ Root DSE orcldirectoryversion
  • 34. ITStrategic Integration Forms 11g [ Forms is *SPECIAL* - Forms 11g can be plugged into an OID LDAP - What if we could mimic OID using OpenDJ 1. Recreate OID LDAP schema in OpenDJ (ldapsearch) 2. Add orcldirectoryversion to OpenDJ root DSE 3. Plugin Forms11g into OpenDJ !!!
  • 35. ITStrategic Integration Forms 11g [ Forms is *SPECIAL* but can make use of OpenAM/OpenDJ without OID Osso-user-dn Osso-subscriber-dn Extra LDAP queries [ RAD’s [ Root DSE orcldirectoryversion
  • 36. ITStrategic Integration OBIEE 11g
  • 37. ITStrategic Integration OBIEE 11g [ OBIEE 11g runs on top of WLS - Makes use of Oracle Platform Security Services - Switch from embedded ldap to OpenDJ (iplanetAuthenticator) - Configure http header identity asserter (Generic SSO) - Configure OpenDJ (OBIEE groups / BIAuthor, BIAdministrators, etc) - Deploy OpenAM J2EE Policy Agent - Modify OIBIEE analytics war to add J2EE filter (redeploy) - Resync identity GUID attribute with OpenDJ - Modify RPD to use LDAP in initialisation blocks
  • 38. ITStrategic Integration OBIEE 11g http header id asserter Generic SSO OBIEE 11g / WLS DefaultAuthenticator 6 OPSS ID store 1 5 OBI Embedded 2 Policy store LDAP Credential store Apache rp/ssl OpenAM J2EE policy agent (J2EE filter) IPlanetAuthenticator 3 7 4 OpenAM OpenDJ OpenDJ LDAP LDAP
  • 39. ITStrategic Integration cloud applications
  • 40. ITStrategic Integration cloud applications [ OpenAM supports SAMLv2 (and WS-Fed 1.1) and can act as IdP - Agentless WEB SSO - Cross-domain / cross-platform / cross-organisation - Passive – all communcation through user browser - http post/redirect - Provide the app (Service Provider) with all needed info through SAML assertions (attributes) - displayName - Email - Application roles & rights - Custom attribute mapper using jdbc
  • 41. ITStrategic Integration cloud applications [ At this point…. Users logged on in Portal 10g Policy Agents Policy Agents Policy Agents … Internal app servers can seamlessly logon to apps in the cloud using SAML ! SAML Identity Provider (IdP) OpenAM cluster https://idp.axi.nl AXI SAML based SSO External app servers SAML SP SAML SP SAML SP
  • 42. ITStrategic What about …
  • 43. ITStrategic Out of the box mobile app authenticatie with WS-REST (5)logout /identity/logout?subjectid=AQIC5wM2LY4RfckcedfzxGrgVYevbKR- SgBkuemF4Cmm5Qg.*AAJTSQABMDE.* https://sso.axi.be (1) Authenticate /identity/authenticate?username=<uname>&password=<passwd> Apache 2.2 SSL/RP server AXI public dmz (2) token.id=AQIC5wM2LY4RfckcedfzxGrgVYevbKR-SgBkuemF4Cmm5Qg.*AAJTSQABMDE.* https://mobile.axi.be OpenAM OpenDJ Linux Server (keepalived cluster) Apache 2.2 SSL/RP server TOMCAT J2EE Server Mod_security (3) Validate /identity/isTokenValid?tokenid=AQIC5wM2LY4RfckcedfzxGrgVYevbKR- SgBkuemF4Cmm5Qg.*AAJTSQABMDE.* (4) Retrieve attributes (is customer?) /identity/attributes?subjectid=AQIC5wM2LY4RfckcedfzxGrgVYevbKR- SgBkuemF4Cmm5Qg.*AAJTSQABMDE.* J2EE Server
  • 44. ITStrategic Use Case REST-WS Legacy environment LDAP sync OpenAM OpenDJ AXI Linux Server (cluster) OSSO-OpenAM LDAP sync Tomcat J2EE Server Integration (custom osso plugin) Oracle Custom policy plugin SSO SSO using SAMLv2 Server SSO using OpenAM Policy agents Oracle 10g Infrastructure New environment SSO using Oracle SSO server J2EE Policy agent Oracle 10g Midtiers LAMP in de CLOUD Oracle 11g Weblogic • Forms 10g • SAMLv2 • Forms 11g • Portal 10g • Service Provider • J2EE • J2EE • OBIEE 11g • OBIEE 10g
  • 45. ITStrategic Conclusion [ Who can benefit from OpenAM • Organisations running IAS9i/10g migrating to 11g WLS • Organisations running multiple web-based apps and want to implement SSO • Organisations wanting to integratie cloud apps using SAMLv2 • Organisations wanting to implement WS Security • Organisations wanting to migrate from Sun OpenSSO to ForgeRock OpenAM [ Benefits • Proven technologie – Sun OpenSSO ! • Easy to customize (auth plugin, policy plugin, saml assertion plugin etc) • Pricing
  • 46. 24/7 Q&A