1 / 29

Agenda

Oracle Single Sign-On to Oracle Access Manager Migration Rob Otto – Oracle Consulting Services UK.

emmett
Download Presentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Oracle Single Sign-On to Oracle Access Manager Migration Rob Otto – Oracle Consulting Services UK

  2. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remain at the sole discretion of Oracle.

  3. Agenda • Access Management introduction • Oracle Access Manager 11gR2 Overview • Oracle SSO v OAM 11gR2 • OAM 11gR2- Migration and Coexistence with OSSO • Q&A

  4. <Insert Picture Here> Access Management Introduction

  5. Identity Management Portfolio – 11gR2Modern, Innovative & Integrated Governance Directory Access Web Single Sign-on Federation Mobile, Social & Cloud External Authorization SOA Security Integrated ESSO Token Services Fraud Detection Password Reset Privileged Accounts Access Request Roles Based Provisioning Role Mining Attestation Separation of Duties LDAP Storage Virtual Directory Meta Directory Platform Security Services

  6. Performance User Interface Customization Taking a Platform ApproachBuilding on Components of Fusion Middleware ADF WebCenter SOA Workflow CAF Coherence Fusion Middleware

  7. Oracle Access Management • Comprehensive security for applications, data, and web services • End-to-end authentication, single sign-on, and fine grained application protection • Innovative anomaly detection, transaction security, and multi-factor authentication • Extensive 3rd party integrations Access Management • Authentication • Single Sign-On • Federation • Fraud Prevention • Authorization & Entitlements • Web Services Security • Secure Token Services

  8. Oracle Access Management Suite Plus Entitlements Server Adaptive Access Manager • Entitlements Management • Fine Grained Authorization • Risk-based Authentication • Real-time Fraud Prevention Secure Token Services Identity Federation Access Manager • Web Access Control • Single Sign-On • Partner SSO & Identity Federation • Fedlet SP integration • Security Token Management • Identity Propagation

  9. Oracle Access Management Blueprint Architecture

  10. <Insert Picture Here> Oracle Access Manager 11gR2 Overview

  11. Oracle Access Manager 11gObjectives • Provide foundation for Access Management Suite • Converge OAM, OSSO, and OpenSSO • Provide new and advanced functionality to customers • Tighten integrations

  12. Oracle Access Manager 11g

  13. Oracle Access Manager 11gArchitecture – Runtime Server Protocol Compatibility Framework Credential Collector SSO Engine AuthN Service AuthZ Service OAM Server Session Management Identity Provider Token Processing Partner & Trust Policy Service Configuration Service Coherence Distributed Cache Oracle Platform Security Services

  14. Oracle Access Manager 11gAdministration Console • Integrated Security Administration, Agent Administration

  15. Access Manager 11gR2Deployment Overview

  16. Access Manager 11gR2Deployment Detail External Client Internet Firewall(Web Tier) Protected Load Balancer WebHosts Web Hosts OHS OHS WebGate WebGate Firewall(App Tier) IDMHosts AppHosts IAM Hosts Admin Server WLS_ODSM WLS WLS_OAM Admin Server AccessGate ODSM OAM Admin Console Admin Console EM Firewall(Data Tier) LDAP Hosts DB Hosts RAC OVD OID Metadata DB(OAM, OID, Schema)

  17. Access Manager 11gR2Installation and Configuration • Installation process • OAM 11g installs using Oracle Universal Installer (OUI) • The installation process copies all the software bits to the host machine • OUI does not perform product configuration • Configuration process requires 2 steps • Database schema configuration using Repository Creation Utility (RCU) • Product configuration and deployment using WebLogic Configuration Wizard • Oracle Support Note 340.1 provides a good starting point

  18. Oracle Access Manager 11gWindows Native Authentication • SPNEGO based credential validation for true Windows desktop to web single sign-on • Allows single sign-on for WebGate and Oracle SSO protected applications simultaneously • Does not need IIS based solution for WebGate • WebGates and Oracle SSO protected applications need not run on Windows platform • Can be enabled for a subset of protected applications • Internal vs External websites

  19. Oracle Access Manager 11gWindows Native Authentication - Setup • Basic steps are as follows: • Edit /etc/krb5.conf file • Create Service Principal Name • Obtain Kerberos Ticket • Set-up OAM Kerberos AuthN Module • Configure Kerberos AuthN Scheme for WNA • Register AD as OAM User Store • Verify OAM configuration (oam-config.xml) • Enable Kerberos in Web Browser • Test • See OAM Admin Guide, Chapter 7 (link here)

  20. <Insert Picture Here> Oracle SSO v OAM 11gR2

  21. Oracle Access Manager Sample Oracle SSO Architecture Deployed Application Oracle HTTP Server MOD_OSSO agent Authentication Local User Store End User Authentication Decisions OC4J Application Server LDAP Authentication User Authentication Oracle Single Sign-On Server User Synchronization User Data Enterprise User Store Directory Integration Platform or Oracle Identity Manager Oracle Internet Directory Enterprise User Store Oracle Confidential – For Internal Use Only 21

  22. Oracle Access Manager Key differences v OSSO

  23. <Insert Picture Here> OAM 11gR2- Migration and Coexistence with OSSO

  24. Oracle Access Manager 11gOSSO 10g Upgrade • Facilitated through AS Upgrade Assistant • Process: • Install OAM 11g • Run Upgrade Assistant pointing to Oracle AS Single-On 10.1.4.3 • Two modes: • Retain Ports: no changes required on partner sites • Change Ports: partner sites need new osso.conf which is generated by the Upgrade Assistant • See Support Migration Advisor (note 343.1) and upgrade viewlet (note 1230123.1)

  25. Co-existence: OAM11g & SSO 10g Supports OracleAS SSO 10g Release (10.1.2.0.2) through OracleAS SSO 10g Release (10.1.4.3.0) Co-existence requires same back-end user identity store: Oracle Internet Directory (OID)

  26. Co-existence: OAM11g & SSO 10g • mod_osso redirects requests to the 11g OAM Server for authentication through a proxy. • mod_wl replaces mod_oc4j. mod_wl enables SSO to work without any changes on the OHS Without Proxy

  27. Co-existence: SSO between Partner Applications App1 upgraded to OAM11g User accessing App1 OAM sets the SSO cookie and updates session information accordingly. The cookie includes a flag indicating that an OSSO cookie must also exist for this cookie to be valid.

  28. Q & A

More Related