Oracle Identity Manager 11gR2-PS2 Hands-on Workshop · Oracle Identity Manager 11gR2-PS2 Hands-on Workshop OIM Architecture [email protected] Principal Product Manager, Oracle

Oracle Identity Manager 11gR2-PS2 Hands-on Workshop

OIM Architecture

[email protected]

Principal Product Manager, Oracle Identity Governance

mailto:[email protected]

2

This document is for informational purposes. It is not a

commitment to deliver any material, code, or functionality, and

should not be relied upon in making purchasing decisions. The

development, release, and timing of any features or functionality

described in this document remains at the sole discretion of

Oracle. This document in any form, software or printed matter,

contains proprietary information that is the exclusive property of

Oracle. This document and information contained herein may not

be disclosed, copied, reproduced or distributed to anyone outside

Oracle without prior written consent of Oracle. This document is

not part of your license agreement nor can it be incorporated into

any contractual agreement with Oracle or its subsidiaries or

affiliates.

3

Agenda – Day 1

• Component Architecture

• Functional Architecture

• Deployment /Physical Architecture

4 4 4

Oracle Identity Manager – Component Architecture

5

• Self Contained, standalone, J2EE Compliant application

• Weblogic and WAS as J2EE container, JVM as Runtime

• SOA For managing Workflow Orchestrating and Notification

• Oracle Identity Manager connects to the SOA managed servers over RMI to invoke the SOA EJBs.

• SOA calls back OIM via callback service deployed in OIM using OIMFrontEndURL

• Inter-process Communication – JMS Queues

• Async Communication and Processing

• Uses JMS Queues - oimAttestationQueue,oimAuditQueue, oimDefaultQueue, oimKernelQueue,

oimProcessQueue, oimReconQueue, oimSODQueue

• Queues are configured during Installation Time

• OES for Authorization

• Policy Definition Point

• Policy Enforcement Point

• BI for Reporting

• No runtime integration except for Certification Reports

• BI is configured against OIM DB to fetch Audit Data

• ADF/Webcenter Composer

• Runtime UI Changes

• Upgrade Safe


6

• Quartz for Scheduler Services

• Manages various schedule tasks defined in OIM

• Uses DB as the centralized storage for picking and running the scheduled activities

• If one of the scheduler instances picks up a job, the other instances will not pick up that same job.

• External Dependencies

• Nexaweb for Deployment Manager Capabilities to import/export OIM Artifacts

• OSCache and jgroups for cache management

• Enterprise Manager

• Monitoring, Helathcheck and Dashboard

• Configurations and Diagnostics

• LDAP as persistent Identity Store

• LDAP Sync for data synchronization between OIM DB and LDAP

• Embedded LibOVD for H/A

• DB as Transactional and Metadata Repository

• OIM, SOA Schema for Transaction DB

• MDS Schema for storing configurations


7

Target IT Apps

Functional Architecture – OIM 11g

Presentation Tier

Design Console

Administration & End-User

Console

SPML Gateway (Web services)

POJO Wrapper for EJBs

Business Services Tier

ADF Faces SOA Suite Entitlement Server

Data Tier

LDAP ID Store

Database

MDS

Audit DB

Integration Services

Platform Services

BI Publisher Reports

Access Manager

Adaptive Acc Manager

Enterprise Manager

Oracle Technology Stack

Oracle Fusion Apps

Custom Client Applications

Common Services

Audit & Compliance

Services

Identity Provisioning

Services

JEE Container Services

REVOKE

GRANT

8

Four Tire Functional Architecture

Presentation Tire

• Identity Self Service/ Sys Admin UI

• Design Console

• Custom UI

• Business Services

• API Service (SPML, EJB, Request WS, OOO Taskflows, Public URLs)

• Integration Service (Connector Framework, Identity Connectors, Adapter Factory, GTC, Remote

Manager and Connector Server )

• Platform Services (Plug-in Framework, SOD Engine Framework)

• Provisioning Services (Catalog Engine, Request Engine, Provisioning and Recon Engine)

• Common Services (User Mgt, Config Mgt etc.)

• Middleware Services

• Request Service, Approval Workflow,

• Configurations and Diagnostics

• Authorization Service

• Scheduler Service

• Reporting Service

• Data Tier

• OIM DB for Transactional DB service

• MDS Store for Configuration Service

• LDAP for Identity Persistence

Functional Architecture – OIM 11g

9

Target IT Apps

Functional Architecture – OIM 11g Administration and End-User Consoles

Presentation Tier

Design Console





Data Tier

LDAP ID Store

Database

MDS

Audit DB


Platform Services


Access Manager


Enterprise Manager


Oracle Fusion Apps


Common Services

Audit & Compliance

Services

User Provisioning

Services


REVOKE

GRANT





Platform Services

Common Services

Audit & Compliance

Services

Id Admin Services


Logon &

Unauthenticated Console (Logon, Forgot Password, Self Reg)

Self-Service

Console (My requests, Open tasks,

User,Role,Org Admin)

Administration

Console (Configuration Management)


Console

10

Target IT Apps

Functional Architecture – OIM 11g Administration and End-User Consoles

Presentation Tier

Design Console


Console





Data Tier

LDAP ID Store

Database

MDS

Audit DB


Platform Services


Access Manager


Enterprise Manager


Oracle Fusion Apps


Common Services

Audit & Compliance

Services

User Provisioning

Services


REVOKE

GRANT





Platform Services

Common Services

Audit & Compliance

Services

Id Admin Services


Logon &

Unauthenticated Console (Logon, Forgot Password, Self Reg)

Self-Service

Console (My requests, Open tasks,

User,Role,Org Admin)

Identity Administration

Console (Configuration Management)

11

Target IT Apps

Functional Architecture – OIM 11g Custom Client Applications

Presentation Tier

Design Console


Console




Data Tier

LDAP ID Store

Database

MDS

Audit DB



Access Manager


Enterprise Manager


Oracle Fusion Apps



Services

REVOKE

GRANT


Platform Services

Common Services

Audit & Compliance

Services




Platform Services

Common Services

Audit & Compliance

Services

Id Admin Services


SPML Web

Services Client (XSD messages)

OIM Java

API Client

Custo

mer

Intr

a/E

xtr

anet

Applic

ations

ADF Taskflows

Request Webservice

12

Target IT Apps

Functional Architecture – OIM 11g Custom Client Applications

Presentation Tier

Design Console


Console




Data Tier

LDAP ID Store

Database

MDS

Audit DB



Access Manager


Enterprise Manager


Oracle Fusion Apps Identity Provisioning

Services

REVOKE

GRANT


Platform Services

Common Services

Audit & Compliance

Services




Platform Services

Common Services

Audit & Compliance

Services

Id Admin Services


SPML Web

Services Client (XSD messages)

OIM Java

API Client


Custo

mer

Intr

a/E

xtr

anet

Applic

ations

ADF Taskflows

Request Webservice

13

Target IT Apps

Functional Architecture – OIM 11g Identity Provisioning Services

Presentation Tier

Design Console


Console





Data Tier

LDAP ID Store

Database

MDS

Audit DB


Platform Services


Access Manager


Enterprise Manager


Oracle Fusion Apps


Common Services

Audit & Compliance

Services


Services


REVOKE

GRANT

Data Tier

LDAP ID Store

Resource Management

Account Management

Service Accounts

Provisioning Workflow

Access Policy/RBAC

Auto Group Membership

Direct Provisioning

Offline Provisioning

Role Manager Integration

14

Target IT Apps


Presentation Tier

Design Console


Console





Database

MDS

Audit DB


Platform Services


Access Manager


Enterprise Manager


Oracle Fusion Apps


Common Services

Audit & Compliance

Services


Services


REVOKE

GRANT

Data Tier

LDAP ID Store

Bulk Load Utility

Authoritative Reconciliation

Account and Entitlement

Reconciliation

LDAP Synch – Users, Roles

15

Target IT Apps


Presentation Tier

Design Console


Console





Database

MDS

Audit DB


Platform Services


Access Manager


Enterprise Manager


Oracle Fusion Apps


Common Services

Audit & Compliance

Services


Services


REVOKE

GRANT

Data Tier

LDAP ID Store

Bulk Load Utility

Authoritative Reconciliation

Account and Entitlement

Reconciliation

LDAP Synch – Users, Roles

16

Target IT Apps

Functional Architecture – OIM 11g Integration Services

Presentation Tier

Design Console


Console





Data Tier

LDAP ID Store

Database

MDS

Audit DB


Platform Services


Access Manager


Enterprise Manager


Oracle Fusion Apps


Common Services

Audit & Compliance

Services

User Provisioning

Services


REVOKE

GRANT


Common Services

Id Admin Services


Adapter Factory

Generic Technology

Connector

Connector LCM

Identity Connector Framework

Remote Manager

17

Target IT Apps

Functional Architecture – OIM 11g Integration Services

Presentation Tier

Design Console


Console





Data Tier

LDAP ID Store

Database

MDS

Audit DB


Platform Services


Access Manager


Enterprise Manager


Oracle Fusion Apps


Common Services

Audit & Compliance

Services

User Provisioning

Services


REVOKE

GRANT


Common Services

Id Admin Services


Adapter factory

Generic Technology

Connector

Connector LCM

Identity Connector Framework

Remote Manager

18

Target IT Apps

Functional Architecture – OIM 11g Common Services

Presentation Tier

Design Console


Console





Data Tier

LDAP ID Store

Database

MDS

Audit DB


Platform Services


Access Manager


Enterprise Manager


Oracle Fusion Apps


Common Services

Audit & Compliance

Services


Services


REVOKE

GRANT

LDAP ID Store

User Management

Role Management

Organization Management

Password Management

Self Service

Self Registration

Configuration Service

19

Target IT Apps


Presentation Tier

Design Console


Console





Data Tier

LDAP ID Store

Database

MDS

Audit DB


Platform Services


Access Manager


Enterprise Manager


Oracle Fusion Apps


Common Services

Audit & Compliance

Services


Services


REVOKE

GRANT

Data Tier

LDAP ID Store

Request Management

Approval Workflow

Management (BPEL Integration)

OIM User/Role DB Provider

Task List

SOA Callback Web Service

Approval Policy Management

Request Webservice

ADF Taskflows

20

Target IT Apps


Presentation Tier

Design Console


Console





Data Tier

LDAP ID Store

Database

MDS

Audit DB


Platform Services


Access Manager


Enterprise Manager


Oracle Fusion Apps


Common Services

Audit & Compliance

Services


Services


REVOKE

GRANT

LDAP ID Store

Scheduler (Quartz based)

Notification Templates

Email Definitions

System Properties

Deployment Manager

Callback Notification

21

Target IT Apps

Functional Architecture – OIM 11g Platform Services

Presentation Tier

Design Console


Console





Data Tier

LDAP ID Store

Database

MDS

Audit DB


Platform Services


Access Manager


Enterprise Manager


Oracle Fusion Apps


Common Services

Audit & Compliance

Services

User Provisioning

Services


REVOKE

GRANT

Common Services

Data Object Mechanism

Event Handlers

Kernel

Context Manager

Plug-in Framework

22

Target IT Apps


Presentation Tier

Design Console


Console





Data Tier

LDAP ID Store

Database

MDS

Audit DB


Platform Services


Access Manager


Enterprise Manager


Oracle Fusion Apps


Common Services

Audit & Compliance

Services

User Provisioning

Services


REVOKE

GRANT

Common Services

Native Data Access

Entity Manager

Toplink Integration

MDS Integration

Caching

DB Provider

LDAP Provider OIM Data

Provider

23

Target IT Apps


Presentation Tier

Design Console


Console





Data Tier

LDAP ID Store

Database

MDS

Audit DB


Platform Services


Access Manager


Enterprise Manager


Oracle Fusion Apps


Common Services

Audit & Compliance

Services

User Provisioning

Services


REVOKE

GRANT

Common Services

Crypto

OJDL (Logging)

Internationalization

Multi Language Support

Fine Grained Authorization

Diagnostic Dashboard

24

Target IT Apps

Functional Architecture – OIM 11g JEE Container Services

Presentation Tier

Design Console


Console





Data Tier

LDAP ID Store

Database

MDS

Audit DB


Platform Services


Access Manager


Enterprise Manager


Oracle Fusion Apps


Common Services

Audit & Compliance

Services


Services


REVOKE

GRANT

Data Tier

LDAP ID Store

Asynchronous Execution

(JMS, MDB)

Authentication (JAAS)

Mbeans (JMX)

Enterprise Manager

High Availability

Credential Store Framework

25

Target IT Apps

Functional Architecture – OIM 11g Audit and Compliance Services

Presentation Tier

Design Console


Console





Data Tier

LDAP ID Store

Database

MDS

Audit DB


Platform Services


Access Manager


Enterprise Manager


Oracle Fusion Apps


Common Services

Audit & Compliance

Services

User Provisioning

Services


REVOKE

GRANT

Common Services

User & Group Profile Audit

Reports

Attestation

Segregation of Duties

Entitlement Data Management

26

Target IT Apps

Functional Architecture – OIM 11g Audit and Compliance Services

Presentation Tier

Design Console


Console





Data Tier

LDAP ID Store

Database

MDS

Audit DB


Platform Services


Access Manager


Enterprise Manager


Oracle Fusion Apps


Common Services

Audit & Compliance

Services

User Provisioning

Services


REVOKE

GRANT

Common Services

User & Group Profile Audit

Reports

Attestation

Segregation of Duties

Entitlement Data Management

27 27 27

Oracle Identity Manager – Deployment Architecture

28

Questions

29

30

Documents

Oracle Identity Manager 11gR2-PS2 Hands-on Workshop · Oracle Identity Manager 11gR2-PS2 Hands-on Workshop OIM Architecture [email protected] Principal Product Manager, Oracle