Oracle Fusion Middleware 11g Release 1 IDM Suite Rodger King Senior Principal Support Engineer
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle.
Agenda IDM What is in there? What s it for? What can I use?
What s in there?
What s in there? Not one suite but two Oracle Identity Management Suite Oracle Identity and Access Management Suite
Oracle Identity Management Suite Components Oracle Internet Directory (OID) Oracle Virtual Directory (OVD) Oracle Identity Federation (OIF) Oracle Directory Services Manager (ODSM) Oracle Directory Integration Platform (ODIP) Oracle Security Developer Tools (OSDT) First Released in 11gR1 (11.1.1.1.0) Re-released in PS1 (11.1.1.2.0) Patched in PS2 (11.1.1.3.0), Patched in PS3 (11.1.1.4.0) Patch planned for PS4 (11.1.1.5.0)
Oracle Identity and Access Management Suite Components Oracle Identity Manager (OIM) Oracle Access Manager (OAM) Oracle Authorization Policy Manager (OAPM) Oracle Identity Navigator (OIN) Oracle Adaptive Access Manager (OAAM) Oracle Platform Security Services (OPSS) First Released in 11gR1 PS2 (11.1.1.3.0) No patch issued for PS3 (11.1.1.4.0) Patch planned for PS4 (11.1.1.5.0)
Inter-Operability issues PS2(11.1.1.3.0) Both suites based on WLS 10.3.3 Products from both suites can be installed under a common middleware home and one domain PS3(11.1.1.4.0) IDM suite based on WLS 10.3.4 IAM suite still based on WLS 10.3.3 Products from both suites should be installed under separate middleware home and separate domains PS4(11.1.1.5.0) Products from both suites are planned to be installed under a common middleware home and one domain
Oracle Identity Management Suite Oracle Internet Directory (OID) An online directory is a specialized database that stores and retrieves collections of information about objects. The information can represent any resources that require management, for example: Employee names, titles, and security credentials Information about partners Information about shared resources such as conference rooms and printers. Clients communicate with OID by means of the Lightweight Directory Access Protocol (LDAP). OID is an LDAP directory that uses an Oracle Database for storage.
Oracle Identity Management Suite Oracle Virtual Directory (OVD) Oracle Virtual Directory is an LDAP service that provides a single, abstracted view of enterprise directory servers and databases from a variety of vendors. OVD can serve as a single source of truth in an environment with multiple data sources. OVD provides adapters for connecting to a variety of data sources, including OID, other directories, and databases. OVD has an LDAP Schema but no local storage, retrieves data from backend storage
Oracle Identity Management Suite Oracle Identity Federation (OIF) Oracle Identity Federation enables companies to provide services and share identity information across their respective security domains. Implementing OIF allows Single Sign On (SSO) between Service Provider (SP) applications using different authentication engines and user stores through authentication with the single Identity Provider (IdP). Users in one security domain can be mapped to corresponding identities in other security domains. The end user does not need to log in again to access a remote entity where business is conducted. Enterprises do not need to manage the identities of users who are already known to a partner organization.
Oracle Identity Management Suite Oracle Directory Services Manager (ODSM) ODSM provides a graphical administrative interface for Oracle Internet Directory and Oracle Virtual Directory. Oracle Directory Services Manager enables you to configure the structure of the directory, define objects in the directory, add and configure users, groups, and other entries. A replacement for the oidadmin console found in Oracle Application Server 10g.
Oracle Identity Management Suite Oracle Directory Integration Platform (ODIP) ODIP enables you to synchronize Oracle Internet Directory data with other data sources. ODIP enables you to develop and deploy connectivity agents to perform tasks such as synchronizing employee records in an HR database with OID. ODIP is also used for EBS integration with OID, for two-way provisioning A replacement for the DIP function found in Oracle Application Server 10g.
Oracle Identity Management Suite Oracle Security Developer Tools (OSDT) Oracle Security Developer Tools provide you with the cryptographic building blocks necessary for developing robust security applications The tools build upon the core foundations of cryptography, public key infrastructure, web services security, and federated identity management. The following products are examples that utilize OSDT: Oracle BPEL Process Manager Oracle Platform Security Services Oracle Wallet Oracle Web Services Manager (OWSM) Business Integration (B2B) Oracle Portal
Oracle Identity and Access Management Suite Oracle Identity Management (OIM) Oracle Identity Manager is a user provisioning and administration solution, which automates the process of adding, updating, and deleting user accounts from applications and directories. It also improves regulatory compliance by providing granular reports that attest to who has access to what. OIM is available as a stand-alone product or as part of Oracle Identity and Access Management Suite. OIM allows administrators to revoke user access to all or specific applications from a single control point. It is also a replacement for the DAS function found in Oracle Application Server 10g.
Oracle Identity and Access Management Suite Oracle Access Management (OAM) Oracle Access Manager 11g provides single sign-on (SSO), authentication, authorization to registered agents (in any combination) protecting resources. Agents include: OAM 11g WebGates OAM 10g WebGates IDM Domain Agent OSSO Agents (10g mod_osso) OAM 11g can be integrated with any Web applications currently using Oracle ADF Security and the OPSS SSO Framework OAM 11g is the strategic Oracle single sign-on product that replaces the deprecated Oracle 10g SSO Server.
Oracle Identity and Access Management Suite Oracle Authorization Policy Manager (OAPM) A security administrator can use WLST commands or Fusion Middleware Control to manage application policies. Authorization Policy Manager greatly simplifies the creation, configuration, and administration of application policies over those two other tools by offering: User-friendly names and descriptions of security artifacts A way to organize application roles by business, product, or any other parameter specific to an application A uniform graphic interface to search, create, browse, and edit security artifacts A way to specify a subset of applications that a role can manage
Oracle Identity and Access Management Suite Oracle Identity Navigator (OIN) Allows access to all the Oracle Identity Management consoles from one site. You can use Oracle Identity Navigator to access consoles for: Oracle Access Manager Oracle Adaptive Access Manager Oracle Identity Manager, Directory Services Other Oracle Identity Management services. Configure OIN to connect to the consoles either by configuring the URLs directly or via the product discovery feature.
Oracle Identity and Access Management Suite Oracle Adaptive Access Manager (OAAM) Oracle Adaptive Access Manager protects companies exposing Web applications and services, and their end users from online threats and insider fraud. Oracle Adaptive Access Manager provides risk-aware authentication, real-time behavior profiling, and transaction and event risk analysis. The Oracle Adaptive Access Manager dashboard can present key metrics to Administrators.
Oracle Identity and Access Management Suite Oracle Platform Security Services (OPSS) Oracle Platform Security Services (OPSS) provides a standards-based, portable, integrated, enterprise-grade security framework for both Java SE) and Java EE applications. OPSS provides APIs that insulate developers from security and identity management implementation details By leveraging OPSS, in-house developed applications, thirdparty applications, and integrated applications all benefit from the same uniform security, identity management, and audit services across the enterprise. OPSS comprises Oracle WebLogic Server's internal security framework and Oracle's security framework (referred to as Oracle Platform Security or OPS)
How much IDM can I use? All11g Fusion Middleware products can use the full range of IDM suites and components with the exception.. Portal, Forms, Reports, Discoverer However the process of certification has started. From PS3 onwards Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management 11g Release 1 (11.1.1) Section 10.2 Part Number E10129-05 Oracle Fusion Middleware Administrator's Guide for Oracle Portal 11g Release 1 (11.1.1) Section 7.1.7.2 Part Number E10239-05
Use Case Getting Portal 10g to 11g and use OAM Step 1 - Get your SSO/OID to 10.1.4.3 Step 2 - Get your OID to 11g PS3 (optional) Step 3 - Get your Portal to 11g PS3 Step 4 - Validate your 11g Portal is running OK Step 5 - Install OAM Step 6 - Upgrade 10g SSO to 11g OAM
WLS_Portal Step 6 Step 4 11g Portal PS3 11g Portal PS3 11g OID PS3 11g OID PS3 11g OAM PS2 BP1 10.1.4.3 SSO/DAS 10.1.4.3 DAS
Updating to 11g What am I likely to be using? 10g Use Case 1 - OID 11g - OID 10g Use Case 2 - OID/SSO/DIP/DAS (e.g. Portal User) 11g - OID/(SSO or OAM)/ODIP/10gDAS/(OIM)/(OIN) 10g Use Case 3 - OID/SSO/WebCenter 11g - OID/OAM/(OIM)/WebCenter 10g Use Case 4 - OID/Msoft AD/Custom Apps 11g - OID/Msoft AD/(OVD)/OIM/(OAAM)/(OIN)
Whats in there? Two suites not one 12 major components Whats it for? Take Away Points Supports all your Security and Identity needs What can I use? For 11g products - all component of all suites 11g PFRD PS3 becoming certified with 11g OAM PS2 but must continue to use 10g SSO for DAS. Inter-operability issues at PS3
Documentation Oracle Fusion Middleware Concepts Guide 11g Release 1 (11.1.1) Oracle Fusion Middleware Installation Planning Guide 11g Release 1 (11.1.1) Chapter 1 Understanding Your Installation Start point Oracle Fusion Middleware Installation Planning Guide 11g Release 1 (11.1.1) Chapter 2 Understanding Oracle Fusion Middleware Concepts and Directory Structure Getting Started With Identity Management Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management 11g Release 1 (11.1.1) Oracle Fusion Middleware Administrator's Guide for Oracle Portal 11g Release 1 (11.1.1
Thank You!