Oracle Identity Management Products – OID, OVD, OAM, OIM, ORM, OWSM, OIF, eSSO, OES, OAAM

Oracle Identity Management  is Fusion Middleware Component which covers following Identity & Access Management software including Directory Server.

1. Oracle Access Manager (OAM) : Identity and Access Management product acquired from Oblix (Oblix COREid Access & Identity) more here here 

2. Oracle Identity Manager (OIM) : User Provisioning product acquired from Thor more here

3. Oracle Role Manager (ORM) : Enterprise role management product acquired from Bridgestream more here

4. Oracle Web Services Manager (OWSM) : product to protect Web Services acquired from Oblix(Oblix COREsv) more here 

5. Oracle Identity Federation (OIF): Broswer based cross domain SSO solution , combination of product acquired from Oblix(SHAREid) and Phaos

6. Oracle Enterprise Single Sign-On (eSSO) : Unified authentication and Single Sign-On to thin- and thick-client applications with no modification to existing applications. More here

7. Oracle Entitlements Server (OES) :  fine-grained authorization software acquired from BEA(Aqualogic Entitlement Server). More here

8. Oracle Adaptive Access Manager (OAAM): real-time fraud prevention and multi-factor authentication acquired from Bharosa . More here here and here

9. Oracle Platform Security Services (OPSS): Security Framework for Java applications and part of Oracle Fusion Middleware 11g. OPSS is self-contained, portable framework that runs on Oracle WebLogic Server.

10. Identity Governance Framework (IGF) : software to control how identity-related information is used, stored and propagated between applications.

11. Oracle Information Rights Management (IRM) : secures and tracks sensitive digital information everywhere it is stored and used, More here

12. Oracle Identity Analytics (OIA) : Identity Intelligence product acquired from Sun (Sun Role Manager) more here

13. Oracle Single Sign-On (OSSO) : In-house developed web single sign-on product, required by Oracle 10g/11g Portal. Oracle Access Manager’s (OAM) single sign-on solution is recommended web single sign-on product.

Directory Services
.
14. Oracle Internet Directory (OID)
: LDAP compliant directory server more here  and here

15. Oracle Virtual Directory (OVD): provides a single standard interface to access identity data from multiple directory servers like OID, iPlanet, Active Directory or Databases (Relational databases)

.

.

Access Management Software

1. Oracle Access Manager (OAM)
2. Oracle Entitlement Server (OES)
3. Oracle Adaptive Access Manager (OAAM)
4. Oracle Information Rights Management (IRM)
5. Oracle identity Federation (OIF)
6. Oracle Single Sign-On (OSSO)

.
Identity & Access Management Software
1. Oracle Access Manager (OAM)
2. Oracle Entitlement Server (OES)
3. Oracle Identity Manager (OIM)
4. Oracle Internet Directory (OID)
5. Oracle Virtual Directory (OVD)

.

Acronyms related to Identity Management components

OIM – Oracle Identity Manager
ORM – Oracle Role Manager
OAM – Oracle Access Manager
OWSM – Oracle Web Services Manager
OIF – Oracle Identity Federation
eSSO – enterprise Single Sign-On
OES – Oracle Entitlement Server
OAAM – Oracle Adaptive Access Manager
ODS – Oracle Directory Services
OPSS – Oracle Platform Security Services
IGF – Identity Governance Framework
IRM – Information Rights Management
GRC – Governance Rick and Compliance platform
OID – Oracle Internet Directory
OVD – Oracle Virtual Directory
XACML – Extensible Access Control Markup Language
AAPML – Attribute Authority Policy Markup Language
SOAP – Simple Object Access Protocol
WSDL – Web Services Description Language
CARML – Client Attribute Markup Language
CSF – Credential Store Framework
OSDT – Oracle Security Developer Tools
JPS – Java Platform Security
SSPI – Security Services Provider Interface
JAZN – Java AuthoriZatioN
RBAC – Role Based Access Control
JACC – Java Authorization Contract for Containers
JAAS – Java Authentication and Authorization Service
OPSS – Oracle Platform Security Services
EUS – Enterprise User Security
DIP – Directory Integration Platform
LDAP – Lightweight Directory Access Protocol
SAML – Security Assertion Markup Language
ASA – Adaptive Strong Authentication
ARM – Adaptive Risk Management
SPML – Service Provisioning Markup Language
PSO – Provisioning Services Object

.

References

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Oracle Gold Partner specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

29 comments
» Installing Oracle Identity Management (OIM & OAM) 11g R1 PS2 (11.1.1.3) : High Level Steps Online Apps DBA: One Stop Shop for Apps DBA’s says July 29, 2010

[…] those who are new to Oracle Identity Management, check this post here for list of  products which comes under Oracle’s Identity Management […]

Reply
chandupoori says October 21, 2010

pls send me difference between oam sso and osso

Reply
poori says March 16, 2011

Thanks Atul

Reply
» Install Oracle Identity Management (OIM/IDM) 11.1.1.4 - OID / OVD / OIF : High Level Steps Online Apps DBA: One Stop Shop for Apps DBA’s says March 23, 2011

[…] Install Oracle Identity Management (OIM/IDM) 11.1.1.4 – OID / OVD / OIF : High Level Steps Posted in March 23rd, 2011 byAtul Kumar in OIM, idm, im, installation, oid  Print This Post This post covers high level steps to install Oracle Identity Management (OIM) 11.1.1.4 (11gR1 PS3) which covers Oracle Internet Directory (OID), Oracle Virtual Directory (OVD) and Oracle Identity Federation (OIF). For full list of all Oracle Identity Management products click here […]

Reply
Hari says May 12, 2011

Atul,

I brought the Oracle Identity Access Managemenr 11g for Administrators: RAW

I couldn’t find much about IDM Components which are oid,ovd,oif.

Can yoiu please cover them also

Thanks
Hari

Reply
Atul Kumar says May 12, 2011

@ Hari,
This book is focused on OIM (Identity Manager) & OAM (Access Manager) since you have bought this book, I am setting up forum dedicated to those who have bought this book where you can ask questions and I’ll anything and everything in IdM (OID, OVD, OIF, OAM, OIM, OAAM, OIN, OAPM, OES, eSSO, 10g SSO, PassLogix….)

Till that time please leave your query under comments section and I’ll get back to you with answer.

Reply
Jyothi says May 20, 2012

Hi Atul, I have a quick question. Appreciate if you can clarify my confusion. My ovd ports are 6501 and 7501(ssl). While configuring OVD for SSL (Configuring OVD to Accept Server Authentication Only Mode SSL Connections) when I run ORACLE_COMMON_HOME/bin/SSLServerConfig.sh -component ovd, should I provide ovd ports or OID ports ? In oracle guide for Idenitity management, in the topic “Configuring Oracle Virtual Directory for SSL” I see that OID port 389 is provided. Also, in the blog http://bloggingaboutoracleapplications.org/fusion-applications-extending-the-domain-with-oracle-virtual-directory/, it clearly shows OID ports 3060 and 3061(ssl) have been entered. I am confused.

My OID ports are 3060, 3131(ssl).

Can you please let me know whether I need to provide ovd ports or oid ports.

Really appreciate your time.

thank you
Jyothi

Reply
» Confused about Oracle IAM software version & release number ? Online Apps DBA: One Stop Shop for Apps DBA’s says May 30, 2012

[…] This post is to cover software version (release number) and installation media for various Oracle IAM 11g products […]

Reply
Jyothi says June 15, 2012

Hi Atul, How do you patch IDM servers in production ?

For example I have OID,OVD etc running on 11.1.1.3 and oam, oim etc on 11.1.1.5. If I want to use it for OFA 11.1.4, should I completely start from sctach the installation and configuration of IDM using OFA CDs or is there any alternative approach.

What I am thinking is my current IDM envt is of no use anymore if I want to use it for OFA 11.1.4.

Appreciate your input.

Thank you.
Jyothi

thanks
Jyothi

Reply
Atul Kumar says June 15, 2012

Jyothi,
You can apply patches to IDM applications as you apply to any other FMW application

Shutdown services and then set correct oracle_home and use opatch.

Apply post patch steps if any in readme of patch

Reply
Adarsh says December 17, 2012

Hi Atul,

Can we use multiple sites i.e.

subdomain1.mycompanysite.com
subdomain2.mycompanysite.com
subdomain3.mycompanysite.com

on single OHS with singe webgate?

Reply
Anil Reddy says February 13, 2014

Hi Atul,

I’m getting below error when starting OAAM server. Please help me

[ERROR] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 71596947a41dd465:-3538b7a5:1442aba7184:-8000-0000000000000002,0] [APP: oaam_server#11.1.1.3.0] Error while retrieving Credential from CSF. MapName = [oaam], KeyName = [DESede_db_key_alias]. Returning NULL.[[
java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=oaam,keyName=DESede_db_key_alias read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:436)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:496)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:519)
at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:612)
at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.getCredential(SspCredentialStore.java:409)
at oracle.oaam.common.util.CSFUtil$1.run(CSFUtil.java:85)
at oracle.oaam.common.util.CSFUtil$1.run(CSFUtil.java:81)
at oracle.oaam.common.util.CSFUtil.getCredential(CSFUtil.java:81)
at com.bharosa.common.util.cipher.CSFKeyRetrieval.init(CSFKeyRetrieval.java:56)
at com.bharosa.common.util.cipher.CSFKeyRetrieval.(CSFKeyRetrieval.java:33)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at com.bharosa.common.util.BharosaCipher.getKeyRetrievalClass(BharosaCipher.java:390)
at com.bharosa.common.util.BharosaCipher.getCipher(BharosaCipher.java:207)
at com.bharosa.common.util.BharosaCipher.getCipher(BharosaCipher.java:260)
at com.bharosa.vcrypt.auth.util.VCryptPassword.(VCryptPassword.java:32)
at com.bharosa.common.toplink.TOPLinkPasswordAttributeTransformer.(TOPLinkPasswordAttributeTransformer.java:12)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at org.eclipse.persistence.internal.security.PrivilegedAccessHelper.newInstanceFromClass(PrivilegedAccessHelper.java:378)
at org.eclipse.persistence.mappings.foundation.AbstractDirectMapping.convertClassNamesToClasses(AbstractDirectMapping.java:525)
at org.eclipse.persistence.descriptors.ClassDescriptor.convertClassNamesToClasses(ClassDescriptor.java:1477)
at org.eclipse.persistence.sessions.Project.convertClassNamesToClasses(Project.java:362)
at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.deploy(EntityManagerSetupImpl.java:333)
at org.eclipse.persistence.internal.jpa.EntityManagerFactoryImpl.getServerSession(EntityManagerFactoryImpl.java:164)
at com.bharosa.common.toplink.TopLink11gDBMgr.getServerSession(TopLink11gDBMgr.java:166)
at com.bharosa.common.toplink.TopLink11gDBMgr.(TopLink11gDBMgr.java:131)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at com.bharosa.vcrypt.dataaccess.util.VCryptDataAccessMgr.initializeDBMgr(VCryptDataAccessMgr.java:131)
at com.bharosa.vcrypt.dataaccess.util.VCryptDataAccessMgr.(VCryptDataAccessMgr.java:54)
at com.bharosa.common.util.BharosaConfigLoadDbImpl.init(BharosaConfigLoadDbImpl.java:61)
at com.bharosa.common.util.BharosaConfigCommonImpl.init(BharosaConfigCommonImpl.java:33)
at com.bharosa.common.util.BharosaConfig.init(BharosaConfig.java:129)
at com.bharosa.common.util.BharosaConfig.getHashMap(BharosaConfig.java:964)
at com.bharosa.common.util.UserDefEnumFactory.loadEnums(UserDefEnumFactory.java:80)
at com.bharosa.common.util.UserDefEnumFactory.(UserDefEnumFactory.java:162)
at com.bharosa.common.util.UserDefEnumFactory.getInstance(UserDefEnumFactory.java:49)
at com.bharosa.common.util.UserDefEnumFactory.getEnum(UserDefEnumFactory.java:62)
at com.bharosa.common.util.UserDefEnum.getEnum(UserDefEnum.java:38)
at com.bharosa.common.util.BharosaConfig.(BharosaConfig.java:52)
at com.bharosa.common.db.BharosaDBMgr.(BharosaDBMgr.java:56)
at com.bharosa.vcrypt.dataaccess.util.VCryptDataAccessMgr.initializeDBMgr(VCryptDataAccessMgr.java:122)
at com.bharosa.vcrypt.dataaccess.util.VCryptDataAccessMgr.(VCryptDataAccessMgr.java:54)
at oracle.oaam.common.init.OaamServerInit.init(OaamServerInit.java:24)
at oracle.oaam.common.init.AppInitializer.initialize(AppInitializer.java:25)
at oracle.oaam.common.init.AppInitServlet.init(AppInitServlet.java:13)
at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:283)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:64)
at weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(StubLifecycleHelper.java:58)
at weblogic.servlet.internal.StubLifecycleHelper.(StubLifecycleHelper.java:48)
at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:539)
at weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletContext.java:1985)
at weblogic.servlet.internal.WebAppServletContext.loadServletsOnStartup(WebAppServletContext.java:1959)
at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1878)
at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3154)
at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1508)
at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:485)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:427)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:201)
at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:249)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:427)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:28)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:637)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:205)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:58)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:52)
at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:31)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:170)
at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:124)
at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:181)
at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:97)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

]]

Reply
Anil Reddy says February 14, 2014

Hi Atul,

No Disk space issue and weird thing is key exist but still i get this error. I am not able to resolve and i tired re creating KEY “DESede_db_key_alias” as provided by oracle (http://docs.oracle.com/cd/E27559_01/admin.1112/e27207/post.htm#AAMAD6199) 2.4 Section.

But still while starting server i am getting this error.
Please could you help me in resolving this issue.

Reply
Atul Kumar says February 14, 2014

@ Anil Reddy,
In that case user you are trying to start doesn’t have access to read cerential store .

This permission is defined in file DOMAIN_HOME/config/fmwconfig/jazn-data.xml for oaam_app

I had similar issue but for some other app and some other error which can be found here

http://onlineappsdba.com/index.php/2014/01/13/error-in-owsm-after-setting-subject-precedence-context-switching-exception-oracle-security-jps-service-credstore-credential-access/

If you cam’t fix the error then raise SR with OPSS (Platform Security Team) and ask them what content to change in jazn-data.xml file

Reply
Anil Reddy says February 14, 2014

Hi Atul,

Thanks issue got resolved as you said it was permission issue and i have updated in jazan.xml.

Once again thank you :)

Reply
teja says May 2, 2014

Hi Atul, We are in a process to change the domain name of the servers that are hosting OAM 10g to a new domain name and they reside on the same server.
Can you please help me with the configurations changes that needs to be made with related to OAM components.

Any help on this will be great help.

Regards
teja

Reply
sundas7 says June 20, 2014

Hi Atul/Experts,

Please let me know if 8GB RAM( 62 bit) Machine is sufficient if we need to have OIM 11gr2( SOA),OAM,OIF,Weblogic,DB and target system like AD,OID can be installed for testing environment.I am planning to use VM and hence need to have all on the same physical machine.I also came across your article regarding Hardware requirements for Fusion Apps,using Amazon Cloud,but seem to be very expensive.

Please suggest.

Thanks
Sundas7

Reply
Atul Kumar says June 20, 2014

@Sundas7,
No 8 GB ram will not be enough, You need roughly 32 GB (or may be little more) if you are planning to host all.

We host IAM VMs if you need for self learning with 32 GB memory and pre-built database and all software . We can also give a pre-configured VM image with all required components already installed and configured.

Drop us a mail at contact @ k21technologies.com if you need more information.

Reply
sundas7 says June 23, 2014

Thanks for the information.

sundas

Reply
ambu says July 24, 2014

Atul,

i am new for sso configuration. thay are using 11.1.1.5 OAM. client don’t want use OID, they want use only OVD… is it possible can we configure with oid for SSO

Reply
DSP says March 17, 2015

Hi Atul,

We want to integrate R12.2 with thirdparty LDAP and we dont want SSO solution.

Can we just use OID to achieve this or do we need OAM?

what is differenc between

1)Oracle Identity and Access Management Suite Plus 2)Oracle Access Management
3)Oracle Identity Management

is it something like 1 is combination of 2 & 3

Thanks for your help.

Regards,
DSP

Reply
anish says May 7, 2015

Hi

I am looking for a documentation and sequence flow on how multifactor authentication is done using oam/oaam (11gR2PS2 version of the these 2 products)

Thanks
Anish

Reply
Is OAM alone enough or should I also learn OIM/SOA for Apps DBA ? - Oracle : Design, Implement & Maintain Oracle : Design, Implement & Maintain: Oracle Implementation & Training Experts says June 18, 2015

[…] and other IAM products. Oracle Access Manager is recommended Web Single Sign-On product from Oracle Identity & Access Management Suite where other products include OIM, OID, OUD, OVD, OES, OMS, OAAM, OES, eSSO […]

Reply
Pavan says March 16, 2016

Hi atul,

could u explain me how can we find the software for opam(oracle privileged account manager ) and its installation steps. Thanks :) :)

Reply
    Atul Kumar says March 18, 2016

    @Pavan, OPAM is part of Oracle Identity & Access Management (software using which you install OAM/OIM) . When you install and configure Weblogic domain , select OPAM template .

    Reply
Add Your Reply