Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oracle Single Sign-On to Oracle Access Manager Migration Rob Otto – Oracle Consulting Services UK 1.

Similar presentations

Presentation on theme: "Oracle Single Sign-On to Oracle Access Manager Migration Rob Otto – Oracle Consulting Services UK 1."— Presentation transcript:

1 Oracle Single Sign-On to Oracle Access Manager Migration Rob Otto – Oracle Consulting Services UK

2 The following is intended to outline our general product direction
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remain at the sole discretion of Oracle. 2 2 2

3 Agenda Access Management introduction
Oracle Access Manager 11gR2 Overview Oracle SSO v OAM 11gR2 OAM 11gR2- Migration and Coexistence with OSSO Q&A 3

4 <Insert Picture Here>
Access Management Introduction 4 4

5 Platform Security Services
Identity Management Portfolio – 11gR2 Modern, Innovative & Integrated Governance Password Reset Privileged Accounts Access Request Roles Based Provisioning Role Mining Attestation Separation of Duties Access Web Single Sign-on Federation Mobile, Social & Cloud External Authorization SOA Security Integrated ESSO Token Services Fraud Detection Directory LDAP Storage Virtual Directory Meta Directory Platform Security Services 5

6 Taking a Platform Approach Building on Components of Fusion Middleware
WebCenter ADF Workflow SOA User Interface Coherence CAF Customization Performance Fusion Middleware 6

7 Oracle Access Management
Comprehensive security for applications, data, and web services End-to-end authentication, single sign-on, and fine grained application protection Innovative anomaly detection, transaction security, and multi-factor authentication Extensive 3rd party integrations Access Management Authentication Single Sign-On Federation Fraud Prevention Authorization & Entitlements Web Services Security Secure Token Services 7

8 Adaptive Access Manager
Oracle Access Management Suite Plus Entitlements Server Adaptive Access Manager Entitlements Management Fine Grained Authorization Risk-based Authentication Real-time Fraud Prevention Access Manager Identity Federation Secure Token Services Web Access Control Single Sign-On Partner SSO & Identity Federation Fedlet SP integration Security Token Management Identity Propagation 8

9 Oracle Access Management
Blueprint Architecture

10 <Insert Picture Here>
Oracle Access Manager 11gR2 Overview 10 10

11 Oracle Access Manager 11g Objectives
Provide foundation for Access Management Suite Converge OAM, OSSO, and OpenSSO Provide new and advanced functionality to customers Tighten integrations 11

12 Oracle Access Manager 11g
Key Features Benefits Modular Architecture Separated admin and runtime server to enable independent operations Secure Policy Model Access is denied by default until policies are created to allow access Simplified Install & Config One package to install and one series of steps to configure a simple working environment Session Management Allows admin tracking and termination of user sessions Diagnostics & Monitoring Allows administrators to monitor key operational metrics in real-time Central Agent Management Administration console provides a holistic view of all agents and shows the server they are connected to Backwards Compatibility Compatible with 10g webgates and 10g mod_osso Windows Native AuthN Enables Windows desktop to web single sign-on Improved Utilities Remote registration utility, remote access tester, and WLST cmds for policy operations 12

13 Oracle Access Manager 11g Architecture – Runtime Server
Protocol Compatibility Framework Credential Collector SSO Engine AuthN Service AuthZ Service OAM Server Session Management Identity Provider Token Processing Partner & Trust Policy Service Configuration Service Coherence Distributed Cache Oracle Platform Security Services 13

14 Oracle Access Manager 11g Administration Console
Integrated Security Administration, Agent Administration 14

15 Access Manager 11gR2 Deployment Overview
15 15

16 Access Manager 11gR2 Deployment Detail
External Client Internet Firewall (Web Tier) Protected Load Balancer WebHosts Web Hosts OHS OHS WebGate WebGate Firewall (App Tier) AppHosts IAM Hosts IDMHosts WLS WLS_OAM Admin Server Admin Server WLS_ODSM AccessGate OAM Admin Console Admin Console ODSM EM Firewall (Data Tier) LDAP Hosts DB Hosts RAC OVD OID Metadata DB (OAM, OID, Schema) 16

17 Access Manager 11gR2 Installation and Configuration
Installation process OAM 11g installs using Oracle Universal Installer (OUI) The installation process copies all the software bits to the host machine OUI does not perform product configuration Configuration process requires 2 steps Database schema configuration using Repository Creation Utility (RCU) Product configuration and deployment using WebLogic Configuration Wizard Oracle Support Note provides a good starting point 17 17

18 Oracle Access Manager 11g Windows Native Authentication
SPNEGO based credential validation for true Windows desktop to web single sign-on Allows single sign-on for WebGate and Oracle SSO protected applications simultaneously Does not need IIS based solution for WebGate WebGates and Oracle SSO protected applications need not run on Windows platform Can be enabled for a subset of protected applications Internal vs External websites 18

19 Oracle Access Manager 11g Windows Native Authentication - Setup
Basic steps are as follows: Edit /etc/krb5.conf file Create Service Principal Name Obtain Kerberos Ticket Set-up OAM Kerberos AuthN Module Configure Kerberos AuthN Scheme for WNA Register AD as OAM User Store Verify OAM configuration (oam-config.xml) Enable Kerberos in Web Browser Test See OAM Admin Guide, Chapter 7 (link here) 19

20 <Insert Picture Here>
Oracle SSO v OAM 11gR2 20 20

21 Oracle Access Manager Sample Oracle SSO Architecture
Deployed Application Oracle HTTP Server MOD_OSSO agent Authentication Local User Store End User Authentication Decisions OC4J Application Server LDAP Authentication User Authentication Oracle Single Sign-On Server User Data User Synchronization Enterprise User Store Oracle Internet Directory Directory Integration Platform or Oracle Identity Manager Enterprise User Store Oracle Confidential – For Internal Use Only

22 Oracle Access Manager Key differences v OSSO
OAM 11gR2 OSSO SSO, policy-based AuthN & AuthZ SSO and simple AuthN only WebLogic Server-based OC4J-based 3rd-Party LDAP server support Dependence on OID Support for OSSO, OAM 10g, OAM 11g and OpenSSO agents via PCL Support for only OSSO agents (mod_osso) Server-based session management Sessions via client cookies only Cross-domain SSO is native Single network domain only Native password policy (R2+) OIDDAS for password policy Integration with OIM (optional) for User Self-Service OIDDAS for user self-service

23 OAM 11gR2- Migration and Coexistence with OSSO
<Insert Picture Here> OAM 11gR2- Migration and Coexistence with OSSO 23 23

24 Oracle Access Manager 11g OSSO 10g Upgrade
Facilitated through AS Upgrade Assistant Process: Install OAM 11g Run Upgrade Assistant pointing to Oracle AS Single-On Two modes: Retain Ports: no changes required on partner sites Change Ports: partner sites need new osso.conf which is generated by the Upgrade Assistant See Support Migration Advisor (note 343.1) and upgrade viewlet (note )

25 Co-existence: OAM11g & SSO 10g
Supports OracleAS SSO 10g Release ( ) through OracleAS SSO 10g Release ( ) Co-existence requires same back-end user identity store: Oracle Internet Directory (OID) 25 25

26 Co-existence: OAM11g & SSO 10g
mod_osso redirects requests to the 11g OAM Server for authentication through a proxy. mod_wl replaces mod_oc4j. mod_wl enables SSO to work without any changes on the OHS Without Proxy 26

27 Co-existence: SSO between Partner Applications
App1 upgraded to OAM11g User accessing App1 OAM sets the SSO cookie and updates session information accordingly. The cookie includes a flag indicating that an OSSO cookie must also exist for this cookie to be valid. 27 27

28 Q & A

29 29 29

Download ppt "Oracle Single Sign-On to Oracle Access Manager Migration Rob Otto – Oracle Consulting Services UK 1."

Similar presentations

Ads by Google