Integrating Oracle 10g Application Server with Oracle Access Manager -Overview
=========================
i) Oracle Application Server (OAS) can be integrated with Oracle Access
Manager (OAM, earlier called as Oblix COREid) for Authentication and
Authorization. Though Oracle Application Server has its own
Authentication and Single Sign-On feature but integrating OAS with OAM
provide more flexibility and security to Oracle Application Server and help in providing fine grained access control for protecting web and other resources.
ii) You also need OAM-OAS integration if you wish to integrate E-Business
Suite with Oracle Access Manager (Oblix COREid) for authentication and
authorization.
iii) If you wish to integrate (protect/authenticate/authorize) any oracle
product (like portal, Forms, BI, E-Business Suite) with Oracle Access
Manager (Oblix COREid) it should be done via Oracle Application Server.
iv) Integration of OAM with OAS will help you to provide identity management functionality to Web based application which run on Oracle Application server or any other Oracle product like Oracle E-Business Suite Self Service applications (iProc, iRec)
iv) While integrating Oracle Access Manager’s Authorization functionality, either Oracle Application Server or Oracle Access Manager Single Sign-On can act as authentication mechanism.
OAS (10g AS) - OAM (Oblix COREid) Integration Architecture
—————————————————————————–
As shown in diagram on top, you will have Oracle Access Manager installed and configured with any LDAP Server (AD, OID, iPlanet) and Oracle HTTP Server will be protected by WebGate (OAM web component).
Here is request flow when Oracle Application Server is protected by Oracle Access Manager (Oblix COREid)
i) User try to access web resource (http/https) on oracle application server which is protected by Oracle Access Manager (Oblix COREid), request is received by WebGate (access manager component on Web Server)
ii) Webgate request for policy from Access Server (another component in Oracle Access Manager) to check if resource (URL) is protected or not
iii) If resource/URL is not protected page is returned to user. If resource/URL is protected, webgate ask user to authenticate
iv) Credentials entered by user is validated against LDAP directory via access system.
v) After successful authentication, Oracle Access Manager Single Sign-On cookie (obSSOCookie) is sent to user browser
vi) After successful authorization (pre-defined at access server policy domains), access server executes actions specified in security policy and set HTTP Header variable that maps to Oracle Application Server 10g User ID
vii) Oracle AS Single Sign-On recognizes HTTP Headers set by Oracle Access Manager (HeaderVar), authenticates user and sets Oracle Single Sign-On Cookie.
If your LDAP store for Access is not same OID where Oracle Application Server users are stored then ensure that user data in two LDAP servers is in sync (up to date)
Implementation of 10g AS integration with Oracle Access Manager(Oblix COREid) coming soon …
Integration of Oracle Access Manager(COREid) with Siebel coming soon…
Related Posts for Access Manager
- Integration Steps - 10g AS with OAM (COREid)
- OAS - OAM (Access Manager / Oblix COREid) Integration Architecture
- Oblix COREid and Oracle Identity Management
- Installing Oracle Access Manager (Oblix COREid / Netpoint)
- Oracle Access Manager (Oblix COREid) 10.1.4.2 Upgrade
- Access Manager: WebGate Request Flow
Popularity: 32% [?]
Good hands-on exercises (installation, patching, cloning), very experienced trainer worth for Money 
11 users commented in " OAS - OAM (Access Manager / Oblix COREid) Integration Architecture "
Follow-up comment rss or Leave a TrackbackHi Atul,
I am trying to protect MS Exchange Server with Oracle Access Manager (Oblix Netpoint). Do you have any idea how to do it?
I would appreciate an email on pandeypunit@yahoo.com.
Thanks & Regards,
Punit Pandey
Punit, Depending on way you are accessing MS exchange data you can protect using access policy on netpoint access server (Oracle Access manager now) and authentication plug-in on Exchange server.
Here is a scenario. We would like to use external apps e.g. .net asp as landing site for external users. After they are logged in, they can click on istore (EBS) and access it without having to provide the credentials again. I know OAM can handle heterogeneous environments. But the question is how will the credentials be handed over to EBS HTTP server once users have logged into .net app? I know OAM creates the SSO cookies, but will it work ? How can we “hand-over” the credentials to EBS HTTP….
Integrate EBS with 10g SSO/OID and further SSO/OID with OAM so OAM passes cookie to OAS and OAS inturn to EBS HTTP
When are you going to post Integration of Oracle Access Manager(COREid) with Siebel? Really looking forward to read it.
Hi PPatil,
Thanks for your interest, Are you looking for Oracle Access Manager Integration with Siebel Applications or Siebel Business Intelligence ?
Yes i am looking for Integration with OBIEE 10.1.3.3.3 or 10.1.3.3.2
ppatil,
As you know OBIEE consist of many components and you can deploy it on different application server so integration with OAM depends on all such factor. More over integration will depend on what you wish to protect in OBIEE (URL, services, users, sso ) using OAM …
Good starting point is integration guide for Oracle access Manager http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b25347/toc.htm
Your blog is excellent. Thanks. How would you best integrate Oblix/OAM with Sharepoint 2007 server? Do you have any diagrams/tips of how it would work in an HA environment?
To integrate Oracle Access Manager (earlier Oblix) with Sharepoint Portal server
check
Here
Atul, thanks very much!
Leave A Reply