- Oracle Identity Manager 11gR2-PS2 has a component architecture that includes a self-contained J2EE application, SOA for workflow and notifications, OES for authorization, BI for reporting, and external dependencies like LDAP and databases. - The functional architecture has four tiers - presentation, business services, integration services, and data. Key services include identity provisioning, common services, and integration with target applications. - Identity provisioning services within OIM handle tasks like resource management, account management, provisioning workflow, role integration, and reconciliation.

1. Oracle Identity Manager 11gR2-PS2
OIM Architecture
March 2014
atul.goyal@oracle.com
Principal Product Manager, Oracle Identity Governance

2. 2
This document is for informational purposes. It is not a
commitment to deliver any material, code, or functionality, and
should not be relied upon in making purchasing decisions. The
development, release, and timing of any features or functionality
described in this document remains at the sole discretion of
Oracle. This document in any form, software or printed matter,
contains proprietary information that is the exclusive property of
Oracle. This document and information contained herein may not
be disclosed, copied, reproduced or distributed to anyone outside
Oracle without prior written consent of Oracle. This document is
not part of your license agreement nor can it be incorporated into
any contractual agreement with Oracle or its subsidiaries or
affiliates.

3. 3
Agenda
• Component Architecture
• Functional Architecture
• Deployment /Physical Architecture

4. 44 4
Oracle Identity Manager – Component Architecture

5. 5
• Self Contained, standalone, J2EE Compliant application
• Weblogic and WAS as J2EE container, JVM as Runtime
• SOA For managing Workflow Orchestrating and Notification
• Oracle Identity Manager connects to the SOA managed servers over RMI to invoke the SOA EJBs.
• SOA calls back OIM via callback service deployed in OIM using OIMFrontEndURL
• Inter-process Communication – JMS Queues
• Async Communication and Processing
• Uses JMS Queues - oimAttestationQueue,oimAuditQueue, oimDefaultQueue, oimKernelQueue,
oimProcessQueue, oimReconQueue, oimSODQueue
• Queues are configured during Installation Time
• OES for Authorization
• Policy Definition Point
• Policy Enforcement Point
• BI for Reporting
• No runtime integration except for Certification Reports
• BI is configured against OIM DB to fetch Audit Data
• ADF/Webcenter Composer
• Runtime UI Changes
• Upgrade Safe
Oracle Identity Manager – Component Architecture

6. 6
• Quartz for Scheduler Services
• Manages various schedule tasks defined in OIM
• Uses DB as the centralized storage for picking and running the scheduled activities
• If one of the scheduler instances picks up a job, the other instances will not pick up that same job.
• External Dependencies
• Nexaweb for Deployment Manager Capabilities to import/export OIM Artifacts
• OSCache and jgroups for cache management
• Enterprise Manager
• Monitoring, Helathcheck and Dashboard
• Configurations and Diagnostics
• LDAP as persistent Identity Store
• LDAP Sync for data synchronization between OIM DB and LDAP
• Embedded LibOVD for H/A
• DB as Transactional and Metadata Repository
• OIM, SOA Schema for Transaction DB
• MDS Schema for storing configurations
Oracle Identity Manager – Component Architecture

7. 7
Target IT Apps
Functional Architecture – OIM 11g
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
Identity
Provisioning
Services
JEE Container
Services
REVOKE
GRANT

8. 8
Four Tire Functional Architecture
Presentation Tire
• Identity Self Service/ Sys Admin UI
• Design Console
• Custom UI
• Business Services
• API Service (SPML, EJB, Request WS, OOO Taskflows, Public URLs)
• Integration Service (Connector Framework, Identity Connectors, Adapter Factory, GTC, Remote
Manager and Connector Server )
• Platform Services (Plug-in Framework, SOD Engine Framework)
• Provisioning Services (Catalog Engine, Request Engine, Provisioning and Recon Engine)
• Common Services (User Mgt, Config Mgt etc.)
• Middleware Services
• Request Service, Approval Workflow,
• Configurations and Diagnostics
• Authorization Service
• Scheduler Service
• Reporting Service
• Data Tier
• OIM DB for Transactional DB service
• MDS Store for Configuration Service
• LDAP for Identity Persistence
Functional Architecture – OIM 11g

9. 9
Target IT Apps
Functional Architecture – OIM 11g
Administration and End-User Consoles
Presentation
Tier
Design Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
User
Provisioning
Services
JEE Container
Services
REVOKE
GRANT
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
Integration
Services
Platform
Services
Common
Services
Audit &
Compliance
Services
Id Admin
Services
JEE Container
Services
Logon &
Unauthenticated Console
(Logon, Forgot Password, Self Reg)
Self-Service
Console (My requests, Open tasks,
User,Role,Org Admin)
Administration
Console (ConfigurationManagement)
Administration
& End-User
Console

10. 10
Target IT Apps
Functional Architecture – OIM 11g
Administration and End-User Consoles
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
User
Provisioning
Services
JEE Container
Services
REVOKE
GRANT
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
Integration
Services
Platform
Services
Common
Services
Audit &
Compliance
Services
Id Admin
Services
JEE Container
Services
Logon &
Unauthenticated Console
(Logon, Forgot Password, Self Reg)
Self-Service
Console (My requests, Open tasks,
User,Role,Org Admin)
Identity Administration
Console (ConfigurationManagement)

11. 11
Target IT Apps
Functional Architecture – OIM 11g
CustomClient Applications
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client
Applications
Identity
Provisioning
Services
REVOKE
GRANT
Business Services Tier
Platform
Services
Common
Services
Audit &
Compliance
Services
JEE Container
Services
Business Services Tier
Integration
Services
Platform
Services
Common
Services
Audit &
Compliance
Services
Id Admin
Services
JEE Container
Services
SPML Web
Services Client
(XSD messages)
OIM Java
API Client
CustomerIntra/Extranet
Applications
ADF Taskflows
Request Webservice

12. 12
Target IT Apps
Functional Architecture – OIM 11g
CustomClient Applications
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion AppsIdentity
Provisioning
Services
REVOKE
GRANT
Business Services Tier
Platform
Services
Common
Services
Audit &
Compliance
Services
JEE Container
Services
Business Services Tier
Integration
Services
Platform
Services
Common
Services
Audit &
Compliance
Services
Id Admin
Services
JEE Container
Services
SPML Web
Services Client
(XSD messages)
OIM Java
API Client
Custom Client
Applications
CustomerIntra/Extranet
Applications
ADF Taskflows
Request Webservice

13. 13
Target IT Apps
Functional Architecture – OIM 11g
IdentityProvisioning Services
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
Identity
Provisioning
Services
JEE Container
Services
REVOKE
GRANT
Data Tier
LDAP ID Store
ResourceManagement
Account Management
ServiceAccounts
Provisioning Workflow
Access Policy/RBAC
Auto Group Membership
Direct Provisioning
Offline Provisioning
Role Manager Integration

14. 14
Target IT Apps
Functional Architecture – OIM 11g
IdentityProvisioning Services
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
Identity
Provisioning
Services
JEE Container
Services
REVOKE
GRANT
Data Tier
LDAP ID Store
Bulk Load Utility
Authoritative Reconciliation
Account and Entitlement
Reconciliation
LDAP Synch – Users, Roles

15. 15
Target IT Apps
Functional Architecture – OIM 11g
IdentityProvisioning Services
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
Identity
Provisioning
Services
JEE Container
Services
REVOKE
GRANT
Data Tier
LDAP ID Store
Bulk Load Utility
Authoritative Reconciliation
Account and Entitlement
Reconciliation
LDAP Synch – Users, Roles

16. 16
Target IT Apps
Functional Architecture – OIM 11g
Integration Services
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
User
Provisioning
Services
JEE Container
Services
REVOKE
GRANT
POJO Wrapper
for EJBs
Common
Services
Id Admin
Services
JEE Container
Services
Adapter Factory
Generic Technology
Connector
Connector LCM
Identity Connector Framework
Remote Manager

17. 17
Target IT Apps
Functional Architecture – OIM 11g
Integration Services
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
User
Provisioning
Services
JEE Container
Services
REVOKE
GRANT
POJO Wrapper
for EJBs
Common
Services
Id Admin
Services
JEE Container
Services
Adapter factory
Generic Technology
Connector
Connector LCM
Identity Connector Framework
Remote Manager

18. 18
Target IT Apps
Functional Architecture – OIM 11g
Common Services
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
Identity
Provisioning
Services
JEE Container
Services
REVOKE
GRANT
LDAP ID Store
User Management
Role Management
Organization Management
PasswordManagement
Self Service
Self Registration
ConfigurationService

19. 19
Target IT Apps
Functional Architecture – OIM 11g
Common Services
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
Identity
Provisioning
Services
JEE Container
Services
REVOKE
GRANT
Data Tier
LDAP ID Store
Request Management
Approval Workflow
Management
(BPEL Integration)
OIM User/Role DB Provider
Task List
SOA Callback WebService
Approval Policy Management
Request Webservice
ADF Taskflows

20. 20
Target IT Apps
Functional Architecture – OIM 11g
Common Services
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
Identity
Provisioning
Services
JEE Container
Services
REVOKE
GRANT
LDAP ID Store
Scheduler (Quartz based)
NotificationTemplates
Email Definitions
System Properties
Deployment Manager
Callback Notification

21. 21
Target IT Apps
Functional Architecture – OIM 11g
PlatformServices
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
User
Provisioning
Services
JEE Container
Services
REVOKE
GRANT
Common
Services
Data Object Mechanism
Event Handlers
Kernel
Context Manager
Plug-in Framework

22. 22
Target IT Apps
Functional Architecture – OIM 11g
PlatformServices
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
User
Provisioning
Services
JEE Container
Services
REVOKE
GRANT
Common
Services
Native Data Access
Entity Manager
Toplink Integration
MDS Integration
Caching
DB Provider
LDAP ProviderOIM Data
Provider

23. 23
Target IT Apps
Functional Architecture – OIM 11g
PlatformServices
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
User
Provisioning
Services
JEE Container
Services
REVOKE
GRANT
Common
Services
Crypto
OJDL(Logging)
Internationalization
Multi Language Support
Fine GrainedAuthorization
Diagnostic Dashboard

24. 24
Target IT Apps
Functional Architecture – OIM 11g
JEE Container Services
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
Identity
Provisioning
Services
JEE Container
Services
REVOKE
GRANT
Data Tier
LDAP ID Store
Asynchronous Execution
(JMS, MDB)
Authentication (JAAS)
Mbeans (JMX)
Enterprise Manager
HighAvailability
Credential Store Framework

25. 25
Target IT Apps
Functional Architecture – OIM 11g
Audit and Compliance Services
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
User
Provisioning
Services
JEE Container
Services
REVOKE
GRANT
Common
Services
User & Group Profile Audit
Reports
Attestation
Segregationof Duties
Entitlement Data Management

26. 26
Target IT Apps
Functional Architecture – OIM 11g
Audit and Compliance Services
Presentation
Tier
Design Console
Administration
& End-User
Console
SPMLGateway
(Web services)
POJO Wrapper
for EJBs
Business Services Tier
ADF Faces SOASuite Entitlement
Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration
Services
Platform
Services
BI Publisher
Reports
Access
Manager
Adaptive
Acc Manager
Enterprise
Manager
Oracle Technology Stack
Oracle Fusion Apps
CustomClient
Applications
Common
Services
Audit &
Compliance
Services
User
Provisioning
Services
JEE Container
Services
REVOKE
GRANT
Common
Services
User & Group Profile Audit
Reports
Attestation
Segregationof Duties
Entitlement Data Management

27. 2727 27
Oracle Identity Manager – Deployment Architecture

28. 28
Questions

29. 29

30. 30