Overview of OAM(Oracle Access manager)

1)   What is OAM(Oracle Access manager)?

è  Oracle Access Management is a Java, Enterprise Edition (Java EE)-based enterprise-level security application that provides a full range of Web-perimeter security functions and Web single sign-on services including identity context, authentication and authorization; policy administration; testing; logging; auditing; and more.

è  It leverages shared platform services including session management, Identity Context, risk analytics, and auditing, and provides restricted access to confidential information.

  

Oracle Access Management is an integrated platform providing the following services:

·         Access Management Core Services: Authentication, web SSO, coarse-grained authorization for enterprise applications deployed on premise or in the cloud.

Oracle Access Management core services provide the primary perimeter access control services for the whole Oracle Access Management platform, including web authentication, web single sign-on (SSO), and coarse-grained authorization.

Oracle Access Management core services are deployed in a layered architecture across web, application, and data tiers as shown below. CLICK HERE for more details

·         Identity Federation: Cross-Internet-domain authentication and delegated authorization supporting industry standards such as SAML, OAuth, and OpenID. Social log-on using social network identities is supported. For more details CLICK HERE

·          Mobile Security: Lightweight mobile, cloud, and social networks interface to access corporate resources via industry standards such as OAuth. The Mobile and Social service allows mobile clients such as smart phones to leverage the backend Access Management infrastructure for adaptive authentication, SSO, fine-grained authorization, risk analysis and fraud detection.

·         Access Portal Service: A web-based central launch pad allowing users to federate all their applications through SAML, OAuth, or Form-Fill. Access Portal provides the foundation to build a private or public cloud SSO service.

·         Adaptive Access and Fraud Detection: Strong, multi-factor authentication and heuristic fraud detection.Fine-grained Authorization: External, centralized, fine-grained, attribute-based authorization compliant with the Extensible Access Control Markup Language (XACML) standard.For more details CLICK HERE

·         API Security: First line of defense for REST APIs and web services, typically deployed in the DMZ, supporting protocol transformation, API firewalling, authentication, and authorization.

·         SOA Security: Last-mile security component co-located with the resource endpoint, designed to protect against man-in-the-middle attacks.

·         Security Token Service: Trust brokerage between different, heterogeneous infrastructure tiers by creating,validating and consuming standard security tokens such as SAML assertions or Kerberos tokens.

·         Rich-Client-Based Enterprise SSO: Standalone component suite installed on a Microsoft Windows PC to provide SSO to rich client applications. Browser-based Enterprise SSO is available through Access Portal.

·         OAuth Services : allows organizations to implement the open OAuth 2.0 Web authorization protocol in an Access Manager environment. OAuth Services enables a client to access resources protected by Access Manager that belong to another resource owner. An OAuth client can be an application or service created and controlled by your organization, or it can be an application or service created and controlled by another organization that requires access to resources protected by Access Manager.

1)   What are the Components in Access Manager?

è  Access Manager sits on an instance of Oracle WebLogic Server and is part of the Oracle Fusion Middleware Access Management architecture.

                              Access Manager Components and Services

Access Manager Component Distribution

 

  Oracle Access Management Console resides on the Oracle WebLogic Administration Server (referred to as AdminServer). WebLogic Managed Servers hosting OAM runtime instances are known as OAM Servers. Information shared between the two includes:

·         Agent and server configuration data

·         Access Manager policies

·         Session data (shared among all OAM Servers)

Hope this post is useful for you to understand the basic components and services about OAM, I will cover more on OAM in my next blogs. Please subscribe me for more updates and also you can post your comments , feedback or questions in the below comment box.