Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mechanics of Oracle Portal and Identity Management Mechanics of Oracle Portal and Identity Management Paper 36768 Sanjeev Mohan Golden Gate University,

Similar presentations


Presentation on theme: "Mechanics of Oracle Portal and Identity Management Mechanics of Oracle Portal and Identity Management Paper 36768 Sanjeev Mohan Golden Gate University,"— Presentation transcript:

1 Mechanics of Oracle Portal and Identity Management Mechanics of Oracle Portal and Identity Management Paper Sanjeev Mohan Golden Gate University, San Francisco

2 Topics  Introduction  Business Requirements  Case Study: Golden Gate University  Portal  Identity Management (LDAP)  Single Sign On (SSO)

3 Case Study: Golden Gate University’s Legacy Environment  Operating systems: Solaris, Windows, MPE/ix, Netware, Mac OS, Digital Unix  Hardware platforms: SUN (Sparc), Dell (Intel), HP 3000, Macintosh, DEC Alpha  Databases: Oracle, SQL Server, Access, FoxPro, HP Image  Development: Coldfusion, HTML, Javascript, UniBasic  No common code, data, OS, management process, customer experience

4 GGU ’ s new Web Architecture

5 Business Requirements: Challenges  Profusion of stand alone servers and applications  Redundant storage of data  Inaccurate / Out-of-Sync data  Lack of Consolidated view of data  Inability to produce business intelligence

6 Business Requirements: Why Portal?  Higher productivity for the employees by providing single point of access to integrated applications.  Better employee communication and collaboration.  More efficient business process and improvements  Help make an organization more competitive. A well designed portal could provide an organization with a differentiation over its competition.  Better customer satisfaction and retention.  Lower cost and better utilization of the staff e.g. IT support, HR staff etc.  Lower cost by reducing the number of servers.

7 Integration Levels  Integration of Databases  Data Warehouse  Enterprise Application Integration (EAI)  Application Level Integration  Web Services  Portal

8 Integration Architecture ERPERP CRMCRM EM A I L LOBLOB LEGACyLEGACy

9 Portal Definition  The term portal is often misused and many describe it as an entry point into a site e.g. a company’s home page.  Portals provide an organizations’ customers and employee an integrated access to applications and services in a highly secure and customizable manner.

10 Portals  Enterprise Portal – Internal / Corporate Portal – eBusiness Portal  Public Internet Portal  Appliance Portal  Vertical Portal

11 Portal features – End User  Access to Enterprise Applications (Self Service)  Categorization of External / Unstructured Content (Taxonomy)  Collaboration Tools  Personal Organization Tools  Search Tool  Personalization / Customization Tools

12 Portal features – Technology  Identity Management  Single Sign On  Content Management System  Highly Available and Secure Infrastructure  Administration Tools  User Interface Services e.g. Wireless Support

13 Portal Vendors  Pure Play Vendors – Epicentric (acquired by Vignette), Plumtree, Hummingbird, Citrix NFuse, CA CleverPath, Corechange Coreport  Application Server Vendors – BEA WebLogic, IBM WebSphere, Oracle 9iAS, Sun One and BroadVision InfoExchange  ERP Vendors (Oracle, People Soft, SAP)  BI Vendors (Brio, Cognos, SAS, Business Objects)  Others (UPortal, TIBCO, ATG, Microsoft SharePoint )

14 Oracle Portal Architecture

15 Oracle 9iAS R2 Components Mid-tierInfrastructure HTTP Server BC4J; OC4J_Demo; OC4J_Home; OC4J_Portal OC4J_Demo; OC4J_Home; OC4J_DAS Clickstream PortalInternet Directory SSO Webcache

16  Strategic and primary interface for students, faculty, staff, alumni (through Oracle Single Sign On (OSSO)  Portal as a subset of the GGU web site  Support for portal standards (JSR 168, WSRP)  Robust Portal Integration Framework (PDK) – Ease of portal page and portlet development – Extensible portlets – calendar, eLearning, Business Intelligence, OEM 4.0, ERP – External 3 rd -party Portlets  Clickstream Analysis Why Oracle Portal?

17 Identity Management  An infrastructure to centralize the management of users and the privileges assigned to them  User life cycle management – creation of a new user account, modification, assignment of roles and privileges and finally deletion of the user account.

18 Business Requirements: Challenges  User information available in multiple systems – redundancy  Programs needed to sync user data  Data is not consistent / accurate  Security issues when accounts are not deleted for ex-employees

19 What is a Directory / What is it not?  Directory is a specialized database  Doesn’t contain tables, columns, relations  Contains attributes (single valued / multi valued)  Access is not via SQL but via a protocol such as LDAP (Lightweight Directory Access Protocol)  Tuned for fast reads but not writes

20 LDAP Schema – Building Blocks  Entries (details for persons / resources)  Attributes  Primary Key – E.g. Distinguished Name or DN  Examples: – dn: uid = jdoe, ou = hr, o = acme, dc = com – dn: cn = smohan, dc = ggu, dc = edu

21 Object Class  Group of attributes  Uniquely identified by Abstract Syntax Notation (ASN.1) object identifiers (OID)  Vendor includes standard classes as well as proprietary.  Example “Person” object class contains: – Mandatory attributes: cn (common name) and sn (surname) – Optional attributes: userPassword, telephoneNumber etc.

22 Object Class Hierarchy inetOrgPerson ( ) Top ( ) Person ( ) organizationalPerson ( )

23 Proprietary / User-Defined Object Class  Oracle proprietary: orclSubscriber  GGU user-defined: gguPerson  Internet Assigned Numbers Authority (IANA) assigns a “private enterprise number”  gguPerson attributes: ClassesEnrolledIn, StudentId etc.

24

25 Directory Integration  Identify Systems of record: HR, , PBX  Some data only in directory – MD5 hashed user password  Synchronization of sources of data with directory  Create users’ roles and group memberships (Access Control Policy)  Setup Delegated Administration

26 OID Applications at GGU  Intranet / Portal user authentication  Database User Authentication  OS Authentication  Oracle Net Directory Naming  Wireless User Authentication using RADIUS  Integration with Oracle 11i eBusiness Suite

27 LDAP Product Vendors  Novell eDirectory  Sun One  Oracle Internet Directory (OID)  Microsoft Active Directory  OpenLDAP  Entrust (GetAccess) / IBM (Tivoli Policy Director) Netegrity (SiteMinder) / Entegrity (AssureAccess) RSA Security (ClearTrust) / Oblix (NetPoint)

28 Oracle Internet Directory (OID)  Underlying storage is the database so we get all the benefits of Oracle 9i R2 (RMAN backup, Replication)  Required by Oracle Portal, Collaboration Suite and future Oracle products and Oracle SSO  Integrates with Oracle HRMS, iPlanet and Microsoft Active Directory  Oracle Delegated Administration Service

29 Business Requirements: Challenges  Help desk inundated with password resets  Users leaving passwords on their desks  Users wasting time trying to remember passwords  Applications forcing password changes causing more confusion  Applications not securing password adequately

30 Single Sign On - Benefits  Ease of administration  User convenience  Higher security  Eases development  Reduces help desk support calls

31 SSO Standards and Vendors  Microsoft.NET Passport (Kerberos)  Liberty Alliance (Security Assertion Markup language - SAML) ---  Oracle Single Sign On (OSSO)  Computer Associates (eTrust)  IBM (Access360)

32 Single Sign On - Architecture Client Web browser Apache web server (mod_sso) SSO Server / Identity Provider LDAP Authenticated Portal Page / application

33 Question & Answers


Download ppt "Mechanics of Oracle Portal and Identity Management Mechanics of Oracle Portal and Identity Management Paper 36768 Sanjeev Mohan Golden Gate University,"

Similar presentations


Ads by Google