7. Oracle Access Manager
• Java EE application that provides
• Web Single Sign-On Service include Identity Context
• Authentication & Authorization
• Policy, Session, Agent Management
• Authentication & Coarse Grained Authorization
• Product from Oblix acquired in 2005
• Part of Oracle IDAM Software
• Deployed on Oracle Weblogic Server
• Versions: 11gR2 (PS3, PS2, PS1), 11gR1, 10g
8. Oracle Adaptive Access Manager
• Real Time Risk Analysis & Fraud Prevention
• Multi Factor Authentication
• Offline & Online Risk Analysis
• Product from Bharosa acquired in 2007
• Part of Oracle IDAM Software
• Deployed on Oracle Weblogic Server
• Versions: 11gR2 (PS3, PS2, PS1), 11gR1, 10g
9. Oracle Identity Federation
• Secure Identity Information exchange
between two parties
• Cross domain SSO
• Supports SAML 2.0
• Was part of Oracle IDM (with
OID/OVD) and now merged with
Oracle Access Management
10. Oracle Entitlement Server: OES
• Oracle Entitlements Server (OES) is a standards-based, policy-driven security
solution that provides real time fine-grained authorization in Application,
Service-Oriented Architecture (SOA) and Database environments.
• OES fills the need for granular, flexible, and externalized access control.
• The solution provides a comprehensive and centralized approach for managing
access policies with distributed or centralized enforcement.
• Authorization policy management and runtime enforcement is provided for
sensitive applications, databases, containers (such as Java™, .NET), portals
and content management systems (such as WebCenter and SharePoint),
development frameworks, object relational mapping technologies,
intermediaries (such as XML gateways and ESB’s), web services, and SOA
infrastructure.
11. Oracle Web Service Manager
• Solution for defining policies and securing Web Services
• Web Service security includes authentication, authorization, message
encryption/decryption, and identity propagation
• Component of Oracle SOA suite and installed as part of SOA
12. Oracle API Gateway (OAG)
• First line of defense securing web services, web APIs deployed in
premise or in the cloud.
• With OAG, internal system and corporate data can be exposed as fully
secure REST API
• OAG integrates with Oracle Access Management core services, Oracle
Web Services Manager and third party Access Management systems
• OAG can be deployed on premise and access APIs hosted in cloud or can
be deployed in cloud
13. Oracle Access Manager Overview
• Entitlements
Management
• Fine Grained
Authorization
• Risk-based
Authentication
• Real-time
Fraud
Prevention
• Web Access Control
• Single Sign-On
• Security Token
Management
• Identity Propagation
16. Lightweight Directory Access Protocol
• Lightweight Directory Access Protocol
• An application protocol
• For querying and modifying directory services
• Runs over TCP/IP
• Directory
• A set of objects with similar attributes
• Organized in a logical and hierarchical manner
Example: Telephone directory
18. Oracle Unified Directory: OUD
• LDAP v3 compliant directory server
with
• Directory Server
• Replication
• Proxy
• No database requirement
• Recommended Directory Server for
new/large deployments
19. Oracle Internet Directory: OID
• LDAP v3 compliant directory server
• Data is stored in Oracle Database
• Supports Multi Master Replication
20. Oracle Virtual Directory: OVD
• Virtualisation layer for Multiple User
Repository
• Installed as part of IDM software
(11gR1 latest)
21. Oracle Directory Integration Platform (DIP)
• J2EE application deployed on
Weblogic Server
• Configure with OID/OUD to synch
with other user repository
• Two Modules
– Synchronization
– Provisioning
23. Oracle Access Manager Architecture
Features
– Web single-sign-on
– Multi-level, multi-factor authentication management
– Web Services interfaces
Benefits
– Centralized and consistent security across heterogeneous environment
– Reduced administration cost
– Improved end user experience
24. Oracle Access Manager Architecture
• OAM DB: Policy Store & Metadata
• LDAP Store: Users/Groups
• OAM Domain
– Admin Server
– Managed Server (OAM): PDP
• WebServer
• WebGate: PEP
• Application: Resource
25. Oracle Access Manager Architecture
Application RP
Web Server
Application Server
Application
OAM RP Web
Server
OAM Domain
OAM Server
Admin Server
OAM WebGate
Web Tier Application Tier Data Tier
HTTPS
HTTPS
HTTPS
HTTP
HTTP
OAP
LDAP
DB
DB
26. Oracle Access Manager Architecture
• PEP
– WebGate
– Mod_OSSO
– Access SDK/AccessGate
• OAM Server
– PCF, Session Management, ATN/ATZ,
OPSS
• Backend
– Identity Store
– Policy Store
– Audit Store
Oracle Identity Governance provides
Identity Lifecycle Management (Create, Modify, Enable, Disable, password management, provisioning, reconciliation)
Simplified Access Request (Self Service, Shopping Cart style, Catalog of resource/roles , Approval based)
Advanced Role Lifecycle Management (Role discovery, Role Consolidation, impact analysis of role consolidation, role auditing)
Privileged Account Management (Managing, Auditing, Approval based access on privileged accounts like root, sysadmin, system, apps etc..)
Identity Certification ( Who has access to what certification, Closed Loop Remediation/revoking un-authorised access)
Audit & Monitoring ( Audit on who did what and when including monitoring of system )
Bring Your Own Device
Out of the box mobile apps
Oracle Mobile Security Container
Oracle Mobile Security Access Server (MSAS)
Oracle Mobile Security Manager (MSM)