The Total Identity Solution

Similar documents
SSL, Load Balancers, Rewrite, Redirect, and More Advanced Configuration

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

Identity Management Basics. OWASP May 9, The OWASP Foundation. Derek Browne, CISSP, ISSAP

Agenda. How to configure

Oracle Fusion Middleware

<Insert Picture Here> Oracle Web Services Manager (WSM)

Identity Management and Single Sign-On

Role Based Identity and Access Management Basic Infrastructure for New Citizen Services and Lean Internal Administration

Oracle Access Manager. An Oracle White Paper

Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1

OracleAS Identity Management Solving Real World Problems

An Oracle White Paper Sep Buyer s Guide for Enterprise Single Sign On

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

> Please fill your survey to be eligible for a prize draw. Only contact info is required for prize draw Survey portion is optional

IBM Tivoli Identity Manager

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Web Applications Access Control Single Sign On

Oracle IDM Integration with E-Business Suite & Middleware Technologies

<Insert Picture Here> Oracle Identity And Access Management

Approaches to Enterprise Identity Management: Best of Breed vs. Suites

Access Management Analysis of some available solutions

Sun Infrastructure Solution for Network Identity Seamlessly extend secure access to your enterprise fast, with reduced deployment time and cost

Okta/Dropbox Active Directory Integration Guide

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Password Self-Service for Novell edirectory. Brent McCormick Novell Corporate Technology Strategist

Single Sign-On. Security and comfort can be friend. Arnd Langguth. September, 2006

Integrating Biometrics into the Database and Application Server Infrastructure. Shirley Ann Stern Principal Product Manager Oracle Corporation

Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo

How To Get A Single Sign On (Sso)

September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence

Biometric Single Sign-on using SAML

Oracle E-Business Suite (R12) Integration with OID/OAM 11g

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

Single Sign-On Access Management A Technical Framework on Access Management Systems

Oracle Access Manager

Securing Web Services From Encryption to a Web Service Security Infrastructure

nexus Hybrid Access Gateway

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

Integrating Hitachi ID Suite with WebSSO Systems

Flexible Identity Federation

Single Sign On In A CORBA-Based

Novell Access Manager

NetIQ Identity Manager Setup Guide

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Administration Guide

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

SAML Security Option White Paper

An Oracle White Paper Dec Oracle Access Management Security Token Service

Casper Suite. Security Overview

Enterprise Identity Management Reference Architecture

PingFederate. SSO Integration Overview

CS 356 Lecture 28 Internet Authentication. Spring 2013

SAML-Based SSO Solution

CA SiteMinder. Implementation Guide. r12.0 SP2

SAM Enterprise Identity Manager

CA Single Sign-On Migration Guide

Microsoft Enterprise Mobility Suite

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

IBM Tivoli Access Manager for Enterprise Single Sign-On

About Me. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack

Authentication: Password Madness

SAP Single Sign-On 2.0 Overview Presentation

TIBCO Spotfire Platform IT Brief

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

TrustedX - PKI Authentication. Whitepaper

Identity and Access Management

SAML-Based SSO Solution

Mobile Admin Architecture

Securing SAS Web Applications with SiteMinder

Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies

- Identity & Access Management

API-Security Gateway Dirk Krafzig

Securely Managing and Exposing Web Services & Applications

Oracle Cloud Bjarte Drivenes Enterprise Architect. Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Deploying RSA ClearTrust with the FirePass controller

Web Services Security with SOAP Security Proxies

OpenAM. 1 open source 1 community experience distilled. Single Sign-On (SSO) tool for securing your web. applications in a fast and easy way

Securing your business

and the software then detects and automates all password-related events for the employee, including:

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Leverage Active Directory with Kerberos to Eliminate HTTP Password

Biometric Single Sign-on using SAML Architecture & Design Strategies

Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications

These requirements led to several challenges in deploying identity related applications within the enterprise:

First-hand Information about the Enhanced Functionality and Integration Options Within SAP NetWeaver Identity Management 7.2

Passlogix Sign-On Platform

Successful Enterprise Single Sign-on Addressing Deployment Challenges

Using SAML for Single Sign-On in the SOA Software Platform

SAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams.

Trust but Verify: Best Practices for Monitoring Privileged Users

Identity Governance Evolution

Centralized Oracle Database Authentication and Authorization in a Directory

ESA EO Identify Management

Proof of Concept Guide

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Software Requirement Specification Web Services Security

P-Synch by M-Tech Information Technology, Inc. ID-Synch by M-Tech Information Technology, Inc.

Security Specifications

Authentication Integration

White paper December Addressing single sign-on inside, outside, and between organizations

Transcription:

Oracle Identity Management The Total Identity Solution Dan Norris Practice Manager Piocon Technologies, Inc. dnorris@piocon.com Presentation created by Matt Topper

Agenda Who is Dan? What is Identity Management? What are the Components? For each component: What does it do? What are the features? How is it installed? How does it all tie together? Common Deployment Scenarios

Who is Dan? Virgo Scuba Diver (PADI Advanced OW, Nitrox) Over 21, under 35 Oracle DBA & UNIX Admin background Certifiable: OCM, ACE Director, RHCE Consultant, mostly fixing things that are broken Active community participant: RAC SIG, SIG Council, DBA Track Manager, blogger, tweeter ESA Practice Manager at Piocon Technologies 3

Oracle Identity Management Then and Now <Insert Picture Here>

The Original Players Oracle Internet Directory Oracle Delegated Administration Service Oracle Certificate Authority Oracle Single Sign On Oracle Enterprise Single Sign On Oracle Identity Manager Oracle Access Manager Oracle Virtual Directory Oracle Identity Federation Oracle Web Services Manager Oracle Adaptable Access Manager Oracle Role Manager Oracle Authentication Services for Operating Systems

Oracle Internet et Directory What does it do? What are the main features? LDAP v3 Compliant Dynamic Groups Replication Directory Integration Platform Password Policies

Oracle Internet et Directory How is it deployed? Oracle Application Server with OID Oracle Database and Metadata Repository Load Balancer Oracle Application Server with OID Microsoft Active Microsoft Active Directory

Oracle Directory Administration Service What does it do? What are the main features?

Oracle Directory Administration Service How is it deployed? Oracle Application Server with DAS Oracle Application Server with OID Oracle Database and Metadata Repository Load Balancer Load Balancer Oracle Application Server with DAS Oracle Application Server with OID

Oracle OaceSingle gesg Sign-On What does it do? What are the main features?

Oracle Single Sign-On Request Cycle Client PC Send Redirect Login to and Portal Request Return With Password SSO Login Cookie Page Oracle Application Server with SSO Oracle Application Server with OID Oracle Database and Metadata Repository Bind Username Success and Password Database Validate Against Matches Database Table Initial Portal Portal Page Request With No SSO Cookie Page Redirect Returned to to SSO Client Server Browser Oracle Application Server with Portal

Oracle OaceSingle gesg Sign-On How is it deployed? Oracle Application Server with DAS Oracle Application Server with OID Oracle Database and Metadata Repository Load Balancer Load Balancer Oracle Application Server with SSO Oracle Application Server with OID

Oracle Certificate Authority ty What does it do? What are the main features? PKI X.509v3 Certificates Web Based Certificate Management

Oracle Certificate Authority ty How is it deployed? Oracle Application Server with DAS and SSO Oracle Application Server with OID Oracle Database and Metadata Repository Load Balancer Load Balancer Oracle Application Server with Certificate Authority Oracle Application Server with OID

Classic Oracle IdM Deployment e

Oracle Identity Management The New Generation <Insert Picture Here>

New Generation Oracle IdM Oracle Internet Directory Oracle Delegated Administration Service Oracle Certificate Authority Oracle Single Sign On Oracle Enterprise Single Sign On Oracle Identity Manager Oracle Access Manager Oracle Virtual Directory Oracle Identity Federation Oracle Web Services Manager Oracle Adaptable Access Manager Oracle Role Manager Oracle Authentication Services for Operating Systems

Oracle OaceEnterprise tep sesingle gesg Sign On What does it do? What are the main features? Single Sign-On Logon Manager Single Sign-On Password Reset Single Sign-On Authentication Manager Single Sign-On Provisioning Gateway Single Sign-On Kiosk Manager How is it installed?

How is it deployed? Oracle esso Password Reset Oracle esso Suite Management Console Oracle esso Provisioning Gateway Oracle Identity Manager (OIM) Password Directory, Domain, Database Windows Web Sites PKI Biometrics Token/ Smart card Oracle esso Authentication Manager Oracle esso Logon Manager Oracle esso Kiosk Manager Mainframes (OS390, AS400) Java Extranet & Portal User Auth User s Desktop Application Sign-On

Oracle OaceIdentity ttymanager age What does it do? What are the main features? Provisioning Workflow Attestation User Self Service Connector Architecture Delegated Administration

Oracle Identity Manager Connector Pack Connection Interfaces BMC Remedy CA-ACF2 (Mainframe) CA-Top Secret (Mainframe) Database User Management Database Application Tables IBM RACF IBM i5/os IBM Lotus Notes / Domino JD Edwards EnterpriseOne Microsoft Active Directory Microsoft Exchange Microsoft Windows 2000 Novell edirectory Novell GroupWise Oracle ebusiness Suite Oracle Internet Directory PeopleSoft Siebel Enterprise Applications RSA Authentication Manager RSA Clear Trust SAP SAP Enterprise Portal Sun Java System Directory Unix SSH Unix Telnet

Oracle Identity ty Manger How is it deployed? Application Server and did Identity - Server Side Components Oracle Database Manager Repository Administration Console User Self-Service Delegated Administration Custom Application Clients (API and Web Services) Design Console Administration Services Design Services Remote Managers Connector Targets LDAP JDBC JAVA Web Services Databases Users Mainframe SSH JD Edwards Oracle E-Business Suite Novell Groupwise Microsoft Active Directory Microsoft Exchange Etc.

Oracle Access Manager age What does it do? What are the main features? WebGate WebPass Identity Server Access Server Policy Server How is it installed?

Oracle Access Manger How is it deployed?

Oracle Virtual Directory What does it do? What are the main features? How is it installed?

Oracle Virtual Directory How is it deployed? Oracle Internet Directory Web Applications Microsoft Active Directory Oracle Database Oracle Virtual Directory Custom Application User Table Access Manager Custom Web Service New Acquisitions Active Directory

Oracle Identity ty Federation What does it do? What are the main features? Service Providers Identity Providers Principals Standards SAML (1.0 / 2.0) Liberty ID-FF (1.1 / 1.2) WS-Federation How is it installed?

Oracle Identity Federation with Oracle Access Manager How is it deployed? Browser Web server authn_subjectdn COREid Authn plugin Access Webgate Server authz_attribute attribute Authz plugin [with http(s) client] Client Certificate HTTPS SOAP/ HTTPS SERVICE PROVIDER Attribute Service SAML Requester Federation Server SAMLP/ SOAP/ HTTP(S) IDENTITY PROVIDER Federation Servere SAML Responder LDAP Directory

Oracle Web Services Manager age What does it do? What are the main features? No Code Changes!!! Gateway vs Agent Gateway Translations SLAs Encryption, Authentication, and Authorization Encryption Algorithms: AES-128, AES-256, 3-DES Message Digests: MD5, SHA-1 Message Structure: XML / SOAP / WS-Security Token Profiles: Basic Authentication, X.509, SAML Message Integrity: XML Signature Message Confidentiality: XML Encryption PKI

Oracle Web Services Manager Gateway How is it deployed? Clients Web services Policy Enforcement Points (PEP) Gateway Oracle WSM server Policy manager components Management Console Monitor Database

Oracle Web Services Manager Agents How is it deployed? Clients Web services Policy Enforcement Points (PEP) Agent Agent Agent Agent Agent Agent Oracle WSM server components Policy manager Management Console Monitor Database

Oracle Adaptive Access Manager age What does it do? What are the main features? Adaptive Risk Manager and Strong Authenticator Multi-Factor Authentication (Something you have, Something you know, Something you are) Profile based on usage patterns: location, device, workflow View user sessions in real time Force secondary challenges to users Many flexible log-in / authentication tools Offline Mode

Challenge

Oracle Adaptive Access Manager age How is it deployed?

Oracle OaceRole oemanager age What does it do?

The Evolution of Identity Management In The Beginning There Was Manual Provisioning User The The Cat Helpdesk Who Makes Guy The Rules The Boss The IT Dude Applications He routs the request He creates the account He decides who has to approve He approves the request But The Process Was Hard To Control land daudit..

The Evolution of Identity Management Then We Added Provisioning Tool.. User The The Cat Helpdesk Who Makes Guy The Rules The Boss The IT Dude Applications Provisioning helps with self service & administration Rules and polices are constantly changing Resolving policies into WHO is not trivial Provisioning helps with automation & audit But Provisioning i i Tools Are Not Business Smart..

The Evolution of Identity Management Enterprise Role Management Completes The Puzzle User The The Cat Helpdesk Who Makes Guy The Rules The Boss The IT Dude Applications Provisioning helps with self service & administration Provisioning helps with automation & audit Role Management helps Role Management define who should have helps define who has access to what to do what

Oracle OaceRole oemanager age What are the main features? Role Management Role Mining Hierarchy Management Polyarchy / Relationship Management Reporting, Audit and Compliance

Oracle Authentication t Services for Operating Systems What does it do? What are the main features? Centrally Manage Users, Passwords, Certificates, and Sudo Central Audit Logs SSL Integration All major Unix systems Migration Utilities How is it installed?

Oracle Authentication Services for Operating Systems How is it deployed?

How it all ties together Does provisioning of newhires to apps, directories, etc.; manages occasional changes to user status; one-click de-provisioning; audit logs and reports HR System Oracle Role Manager Any single source of truth for users Oracle Identity Manager Connectors Any App on any Platform Oracle Virtual Directory AD OID Real-time proxy for directories and other repositories; an alternative or complement to meta-directories Manages daily user access; SSO to any web-based app; user self service and password resets Oracle Adaptive Access Manager Oracle Access Manager Delegation Business Unit 1,000,000 s of Internet t Users Key supplier or benefits partner Oracle Federation Server Extends SSO across company boundaries Oracle Federation Server Internal Employees Delegation Field Location 1,000 s of External Users

Oracle Identity Management Deployment Scenarios <Insert Picture Here>

Oracle Portal Common Deployment Strategy Oracle Application Server with SSO and DAS DIP Synchronization and External Authorization Microsoft Active Directory Oracle Database and Identity Metadata Repository Load Balancer Load Balancer Oracle Application Server with OID DIP Synchronization Oracle Portal and Business Intelligence Standard Edition Oracle Database and Product Metadata Repository

Oracle Business Intelligence Enterprise Edition Common Deployment Strategy t with LDAP / OID Only Oracle BI Server and Presentation Services Session to OID Authentication Oracle Database and Identity Metadata Repository Load Balancer Load Balancer Oracle Application Server with OID Users Synchronized to SA Tables with DIP

Oracle Business Intelligence Enterprise Edition Common Deployment Strategy t with Oracle Access Manager Load Balancer Oracle AS with WebGate and Presentation Services Plug-In Oracle BI Server and Presentation Services Oracle Access Server Oracle Database and Identity Metadata Repository Using Impersonation Headers Authentication Load Balancer Oracle Application Server with OID Users Synchronized to SA Tables

Oracle E-Business Suite Common Deployment Strategyt Oracle Application Server with SSO and DAS Oracle Database and Identity Metadata Repository Load Balancer Load Balancer Oracle Application Server with OID DIP Synchronization Oracle E- Business Release 11i FND_User Applications Database

Oracle ebusiness ess Suite ebusiness Suite Release 11.5.8 11.5.9 11.5.10 12.0 Single Sign-On Oracle Internet Directory Oracle Access Manager Oracle Identity Manager

Conclusion What is Identity Management? What are the Components? For each component: What does it do? What are the features? How is it installed? How does it all tie together? th What common problems does IdM solve? Common Deployment Scenarios

50

Oracle Identity Management The Total Identity Solution Dan Norris Practice Manager Piocon Technologies, Inc. dnorris@piocon.com Presentation created by Matt Topper

Legal The information contained herein should be deemed reliable but not guaranteed. The author has made every attempt to provide current and accurate information. If you have any comments or suggestions, please contact the author at: dnorris@piocon.com You may request redistribution permission from dnorris@piocon.com. Copyright 2008, Piocon Technologies 52

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information