Embed Size (px)
Citation preview
Products/Components in OIM 11.1.2.3
1. Database 12.1.0.2 and Listener2. RCU 11.1.1.93. Weblogic 10.3.6 with JDK 1.7 Update 80+4. Oracle SOA 11.1.1.9
1. Oracle BPEL PM, Mediator, Rules, B2B, Human Workflow2. Oracle Business Activity Monitoring (BAM)3. Oracle Enterprise Manager
5. IDM Suite 11.1.1.9 (Optional for OIM)1. Oracle Internet Directory : LDAP Server, Built in C Language.2. Oracle Directory Integration Platform : AD <=> OID #Directory Server Sync3. Oracle Virtual Directory : Virtualization Services, Integration, Holistic View of Data(LDAP + DB +
WebService)4. Oracle Identity Federation : Facebook [ABC Enterprise Group (resources ref: 1,2,3,4,5..)] => ABC
Enterprise(resources : 1,2,3,4,5..)5. Oracle HTTP Server : Internal to OVD and OIF.6. Oracle Directory Service Manager : JEE application to manage OID/OVD.7. Enterprise Manager : Control OID/OVD, Logs etc.
Products/Components in OIM 11.1.2.3
6. IAM Suite 11.1.2.31. Oracle Identity Manager Server : JEE Application Server, deployed on Weblogic.2. Oracle Identity Manager Design Console : Swing based client of OIM.3. Oracle Identity Manager Remote Manager : is also client for OIM but installed on legacy applications
node.4. Oracle Access Manager : used for SSO of applications.5. Oracle Adaptive Access Manager : Banking Sector Specific, previously called as Bharosa.6. Oracle Access Management Mobile and Social : Mobile (iOS, Android), Social (Google, LinkedIn,
Facebook, Twitter)7. Oracle Privileged Account Manager : Shared Password Management(OPAM+OIN)8. Oracle Entitlement Server : Embedded OIM9. Oracle Mobile Security Suite:
7. BI Publisher 11.1.1.9 : used for OIM Audit reporting.8. OIM High Availability Architecture with consolidation of all products.
1. Database 12.1.0.2 and Listener
Listener
Listener is a process that resides on the DB Server whose responsibility is to listen for incoming client connection requests(from OIM/OAM/SOA etc) and manage the traffic to the DB server.Every time a client(OIM/OAM etc) requests a network session with the DB server, a listener receives the actual request. If the client information matches the listener information, then the listener grants a connection to the server.
Here client is OIM/SOA/BI/OID/OVD etc.
2. RCU 11.1.1.9
• Stands for “Repository Creation Utility”.• Many of the Oracle Fusion Middleware components(OIM/OAM/SOA etc.) require the existence of
schemas(collection of DB objects like table, triggers, stored procedures, views, functions etc.) in a database prior to installation & configuration. These schemas(also known as DB Users) are created and loaded in the database using the Repository Creation Utility (RCU).
• RCU is mandatory before doing the configuration of any Fusion Middleware products(OIM/OAM etc.)• In nutshell, RCU (graphical utility) is collection of relevant PL/SQL scripts, which is being executed against the
Database. RCU impacts only database.
RCU database
Creates schema’s in the database
3. Weblogic server – 10.3.6
Oracle Weblogic Server is a Java EE application server currently developed by Oracle Corporation.
Weblogic Server allows you to quickly develop and deploy reliable, secure, scalable and manageable applications. It manages system-level details so you can concentrate on business logic and presentation.
Weblogic Server is a container, which provides JDBC, JMS etc. services to all deployed applications.
OIM/BI/SOA/ODSM etc. applications are deployed on top of Weblogic server i.e. all applications require the container services which provides essential services.
Weblogic requires supported JDK to execute code and the supported JDK (Could be SunJDK or JrockitJDK) version is 1.7 update 80+
Weblogic is the first product which need to be installed for IDMSuite, IAMSuite etc. or wherever application server is mandatory.
4. Oracle SOA 11.1.1.9
Oracle SOA(Service Oriented Architecture) transforms complex application(OIM) integration into agile and re-usable service-based connectivity.
OIM is dependent on SOA for 7+ Features these are 1) BPM Worklist Application is embedded in OIM Identity Console as INBOX, 2) Request Based Provisioning, 3) Disconnected Resources, 4) Certification, 5) SoD Workflow, 6) Identity Audit Workflow, 7)Role Life Cycle Management workflow.
OIM communicates with SOA, for all approval (like Manager approval) requirements.
OIM also sends emails to all identities(like Password Reset etc.), from UMS(component of SOA).
OIM connects to the SOA managed server over RMI to invoke the SOA EJBs.
Although SOA is vast and are consisted of primarily 6 components, but in OIM context 1)BPEL, 2) Human Task, 3) Business Rule(optional) and 4) EM are used, whereas 5) Mediator and 6) BAM is not used.
5. IDM Suite 11.1.1.9
Oracle Internet Directory
Oracle Internet Directory is an LDAP directory/Server that uses an Oracle Database for storage.
The information(Employee Details/Credentials) in the directory is available to different clients, such as OIM, OAM etc. Clients communicate with a directory server by means of the Lightweight Directory Access Protocol (LDAP).
Entries in an LDAP directory are arranged in a hierarchy known as a directory information tree (DIT). Each individual entry in the directory has a specific location in the DIT that is uniquely identified by a distinguished name (DN). The distinguished name tells you exactly where the entry resides in the directory hierarchy. The graphic shows a DIT with two users named Anne Smith. The DN for the Anne Smith on the left is:
cn=Anne Smith, ou=Sales, c=us
The DN for the Anne Smith on the right is:
cn=Anne Smith, ou=Server Development, c=uk
5. IDM Suite 11.1.1.9
Oracle Directory Integration Platform (ODIP)
The Oracle Directory Integration Platform (ODIP) enables, to synchronize Oracle Internet Directory(OID) data with other data sources(AD, ODSEE, Database etc.). We can save time and resources by using Oracle Internet Directory(OID) as the central repository for different LDAP-enabled applications and connected directories. Synchronization can be one-way or two-way between OID and other data sources.
Oracle Directory Integration Platform (ODIP) enables, to develop and deploy connectivity agents to perform tasks such as synchronizing employee records in an HR database with Oracle Internet Directory.
5. IDM Suite 11.1.1.9
Oracle Virtual Directory
Oracle Virtual Directory is an LDAP service that provides a single, abstracted view of enterprise directory servers and databases from a variety of vendors. Oracle Virtual Directory can serve as a single source of truth in an environment with multiple data sources.
Oracle Virtual Directory minimizes or eliminates the need to change existing infrastructure or applications when you add new ones, saving the time and expense. Data translation and joining capabilities allow you to create an integrated view of multiple data sources without changing their structure. This enables organizations to share the data that resides in their own repository while retaining full control of it and monitoring its usage. The sources can be separately owned and need not be synchronized. Users see only a single, logical LDAP tree, although there may be multiple data sources.
5. IDM Suite 11.1.1.9
Oracle Directory Service Manager
Oracle Directory Services Manager (ODSM) provides a graphical administrative interface for Oracle Internet Directory and Oracle Virtual Directory.
ODSM enables, to configure the structure of the directory, define objects in the directory, add and configure users, groups, and other entries. ODSM is the interface you use to manage entries, schema, security, adapters, extensions, and other directory features.
5. IDM Suite 11.1.1.9Oracle Identity Federation
OIF enables companies to provide services and share identity information across their respective security domains. The end user does not need to log in again to access a remote entity where business is conducted. Users authenticate at their local sites, and the federation mechanism enables this information to be shared. Enterprises do not need to manage the identities of users who are already known to a partner organization.
EXAMPLE :MyCorp and TravelClub have established a federated relationship. TravelClub is a partner organization providing access to travel services for employees of MyCorp corporation. Mary, an employee of MyCorp, is planning a business trip. She accesses MyCorp's employee portal in her browser and logs in, and selects MyTravel Planner. The portal returns her personal page. Mary selects a link in the MyTravel Planner for TravelClub. TravelClub requests authentication for Mary from MyCorp, which returns the necessary identity information to the travel site. Mary is then automatically authenticated to the TravelClub site. TravelClub returns a page with Mary's travel account information.
Continued..
5. IDM Suite 11.1.1.9
Oracle Identity Federation - 2
When Mary is done, she can log out of both her TravelClub and MyCorp sessions using a single global logout feature at the MyCorp home page.
Summary : OIF provides cross-domain single sign-on support using open federation protocol standards such as SAML and OpenID. Beginning with release 11.1.2, Identity Federation has been incorporated as a part of the Oracle Access Management platform, leveraging its shared services. This Identity Federation service includes a streamlined user interface and administration experience.
5. IDM Suite 11.1.1.9
Enterprise Manager
EM enables you to configure and manage all Oracle products from one user interface. You can perform most configuration functions in Fusion Middleware Control that you can perform from the command line. Oracle Enterprise Manager Fusion Middleware Control also includes wizards for setting up replication and for estimating sizing and tuning needs.
6. IAM Suite 11.1.2.3
Oracle Identity Manager Server
OIM is a user provisioning and administration solution that automates the process of adding, updating, and deleting user accounts from applications and directories. It also improves regulatory compliance by providing granular reports that attest to who has access to what.
OIM provides the following functionalities:
User Administration
Workflow and Policy
Password Management
Audit and Compliance Management
User Provisioning
Organization and Role Management
6. IAM Suite 11.1.2.3Oracle Access Manager
OAM is a Java, Enterprise Edition (Java EE)-based enterprise-level security application that provides a full range of Web-perimeter security functions and Web single sign-on services including identity context, authentication and authorization; policy administration; testing; logging and auditing.
It leverages shared platform services including session management, Identity Context, risk analytics, and auditing, and provides restricted access to confidential information.
SSO allows users and groups to access multiple applications after authentication, eliminating the need for multiple sign-on requests. To enable SSO, a Web server, Application Server, or any third-party application must be protected by a WebGate (or mod_osso instance) that is registered as an agent with Access Manager. Administrators then define authentication and authorization policies to protect the resource. To enforce these authentication policies, the agent acts as a filter for HTTP requests.
Access Manager 11g Components and Services
6. IAM Suite
Oracle Adaptive Access Manager
OAAM (previously known as Bharosa) is an innovative, comprehensive feature set to help organizations prevent fraud and misuse. Strengthening standard authentication mechanisms, innovative risk-based challenge methods, intuitive policy administration and integration across the Identity and Access Management Suite and with third party products make OAAM uniquely flexible and effective. Primarily it is used in banking/financial sector, one can co-relate it with online banking experience.
Oracle Adaptive Access Manager provides:
Real-time and batch risk analytics to combat fraud and misuse across multiple channels of access. Real-time evaluation of multiple data types helps stop fraud as it occurs. It makes exposing sensitive data, transactions and business processes to consumers, remote employees or partners via your intranet and extranet safer.
An extensive set of capabilities including device fingerprinting, real-time behavioral profiling and risk analytics that can be harnessed across both Web and mobile channels.
Risk-based authentication methods including knowledge-based authentication (KBA) challenge infrastructure with Answer Logic and OTP Anywhere server-generated one-time passwords, delivered out of band via Short Message Service (SMS), e-mail or Instant Messaging (IM) delivery channels.
Standard integration with Oracle Identity Management, the industry leading identity management and Web Single Sign-On products, which are integrated with leading enterprise applications.
It provides security from Phishing, Malware, Transaction fraud, Insider fraud,
6. IAM Suite
Oracle Privileged Account Manager
Centralized password Management for Privileged and shared accounts, UNIX & Solaris root accounts, Oracle DB SYSDBA, application accounts, LDAP Admin accounts, Network devices and Hypervisors.
Interactive, Policy-Based account & session checkout and check-in
Automatic password changes in target using Identity Connector Framework
User Management, group Management and workflow capabilities by integrating with Oracle identity Manager
Provides central governance and complete lifecycle management from request to usage tracking for both regular and privileged users
Enhances security and significantly improves compliance
6. IAM SuiteOracle Access Management Mobile and Social
6. IAM SuiteOracle Mobile Security Suite
Oracle Entitlement Server
is a fine-grained authorization and entitlement management product embedded in OIM.
Oracle Mobile Security Strategy
7. BI Publisher 11.1.1.9
• Oracle Business Intelligence (BI) Publisher is Oracle's primary reporting tool for authoring, managing, and delivering all highly formatted documents. BI Publisher is shipped with OIM11.1.2.3
• BI Publisher is deployed and configured as a separate managed server within the same OIM domain..• There are 9 types of OIM Audit reports available in BI Publisher, the reports supports HTML, PDF, RTF,
MHTML formats.
Features of BI Publisher are :• Highly formatted and professional quality reports with pagination and headers/footers.• Capability to develop custom reports against the OIM repository (read-only repository access).• BI Publisher's scheduling capabilities and delivery mechanisms, such as e-mail and FTP.• Format (report) can be edited separately from the data definition (data model).• Standardized Oracle Identity sub template for headers.• National Language Support (NLS) for BI Publisher report output.
8. OIM High Availability Architecture
1) Client accesses SOA and OIM consoles via top level load balancer(H/W) URL, which transfers the request to further 2 set of S/W load balancers(WEBHOST1 and WEBHOST2). These in turn connects with least loaded OIM and SOA nodes.
2) OIMHOST1 and OIMHOST2 are 2 node cluster of OIM and SOA, which connects with OID/OVD Cluster using H/W Load Balancers.
3) OIMHOST1 and OIMHOST2, communicates with OID/OVD cluster (OVDHOST1/ OVDHOST2 and OIDHOST1/ OIDHOST2.
4) Each tier 1) top level load Balancers, 2) OIMHOST1 and OIMHOST2 and 3) Directory Services(OID/OVD) is separated by firewall policies.
5) Oracle RAC database has been configured in a JDBC multi data source to protect the instance from Oracle RAC node failure, OIM/SOA and OID/OVD cluster communicates with RAC.
