Oracle Identity Manager (Thor Xellerate) Architecture

.
Oracle Identity Manager (OIM)  is a product from Oracle Identity Management Stack (acquired from Thor Xellerate) that handles user provisioning, Creating/Removing/Managing Access Privileges from Users, Reconciliation and request processing(using workflow). 

  • OIM is J2EE (for provisioning, request processing and job scheduling) and Web-based (profile management and delegated administration) application.
  • OIM is j2ee based application deployed on J2EE compliant application server (WebLogic, Tomcat, IBM WebSphere) and repository in relational database (Oracle, MySQL)
  • For OIM certification matrix (certified O.S., WebServer, Database)  Click Here
  • 9.1.0.2 is latest available version for OIM (as of June 2010). . 

OIM Architecture

.

Various logical layers in OIM’s N-Tier architecture are

1. Presentation Layer (Client Side)
a) Administrative Console
– Web Browser-based application running on client PC
b) Design Console – Stand-alone Java application running at client PC and interacting directly with Identity Manager

2. Dynamic Presentation Logic Layer (Logical Component)
c) WebServer
(serving JSP, Servlets, XML, XSL …). This layer holds logic to generate dynamic pages for Administrative Console. Design Console includes Dynamic Presentation Layer.

.
3. Business Logic Layer/ Server Tier (Logical Component)
This layer is interface between presentation/dynamic presentation layer and data layer(OIM repository) or integration layer (Connecting to external sources like ERP/CRM/mainframes)
d) J2EE application server(EJB and other J2EE technology): Supported J2EE application servers are WebLogic, JBoss, OC4J, WebSphere,
e) Web-based application deployed on J2EE application server (for profile/password management, provisioning and delegated administration)
f) J2EE-based application (uses EJB, JMS, JDBC and JNDI) deployed on J2EE application server (for Provisioning, Reconciliation, Request Processing and Scheduled Jobs)
g) Remote Manager (aka Agent , Optional component to be deployed on target machine) – used only by Advanced Mainframe connectors (IBM RACF, CA, ACF2…) and Active Directory Password Synchronization
h) Quartz – is a J2EE scheduling product which comes as part of Oracle Identity Manager

.
4. Backend System/Integration Layer (Logical Component)
i) Database to hold OIM schema and repository – Certified databases are Oracle and MS-SQL
j) Backend systems (aka resources in OIM terminology) like ERP, CRM, mainframes, LDAP Servers which integrates with OIM for user provisioning or reconciliation (These systems are external and not part of OIM component)

 .

For overview of Oracle Identity Manager installation click here

.

Related

Resource, Reconciliation, Provisioning and Connectors in Oracle Identity Manager coming soon !!

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Oracle Gold Partner specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

18 comments
» Step by Step Installation of OIM Design Console 9.1.0 Online Apps DBA: One Stop Shop for Apps DBA’s says August 12, 2010

[…] Step by Step Installation of OIM Design Console 9.1.0 Posted in August 12th, 2010 byAtul Kumar in OIM, identity_manager  Print This Post OIM Design Console is standalone java application running at client PC and interacting with OIM Server. OIM Design Console & OIM Administration console are part of presentation layer in OIM Architecture. More on OIM 9.X Architecture here […]

Reply
Arun Rajendran says November 28, 2010

Anil,

I am very new to oracle identity manager. We have implement OIM (only installation) recently in our environment. We want to integrate OIM with active directory and peoplesoft. Please let me know how we can do it

Also want to check if there are any online training available for OIM?

Reply
Atul Kumar says November 29, 2010

@ Arun,
For integrating OIM with AD/Peoplesoft you must use connectors

http://download.oracle.com/docs/cd/E11223_01/index.htm

For OIM / AD connectors http://download.oracle.com/docs/cd/E11223_01/doc.910/e11197/toc.htm

For OIM/Peoplsoft Connectors http://download.oracle.com/docs/cd/E11223_01/doc.910/e11206/toc.htm

For OIM Training , There is training from FocusThread http://focusthread.com/training

Are you interested in development or administration training for OIM ?

Reply
Arun Rajendran says November 30, 2010

Thanks Anil

I am looking for administration training for OIM

Reply
Arun Rajendran says November 30, 2010

Anil,

Is it possible to get only the training material for OIM from FocusThread?

Reply
poori says March 16, 2011

Hi Atul kumar,
we need comparision of sun/tivoli/oracle IDM space .

please help me ,its very urgent

Reply
poori says March 24, 2011

please help me ,its very urgent

Reply
Gopal says June 3, 2011

Hi Atul,

Is there any certifications recommended for a career on Identity and Access Management? I want to focus primarily on administration side than the programming.

Thanks,
Gopal

Reply
Atul Kumar says June 3, 2011

@ Gopal,
Currently there is one certification for OIA (Identity Analytics, earlier sun role manager) –

http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=426

As of today there is no certification for other idam products like OAM, OIM, OID, OVD, OIF or OES

Reply
sinraj72 says April 10, 2012

For a very low user base around 800, where client is ready to maintain User ID Lifecycle in thier A/D, do we need OIM with OAM or can we use OIP to synchronise/provision IDs inot Siebel local Id Sotres. Please provide your view on the prefreable solution with pros and cons.

Reply
Atul Kumar says April 10, 2012

@ sinraj72,
I am not familiar with requirement of Siebel but from OAM point of view you don’t even need OIP. For OAM all you need to do is add another Identity Store as AD and make this identity provider as default and system identity store. OAM will then authenticate against AD

Reply
sinraj72 says April 10, 2012

Atul,
In continuation to thread, just wanted to add there are two groups of users. One group is more than 20000 of external user for whic OAM is being mainly implemented and another group is around 800 from client which I have discussed in earlier thread, who support the first group for their businees. Now I would like you to have a fresh look at earlier thread and would like to have your expert advice on those 800 IDs maintained by client in thier AD.

Reply
» OIM Connector for Microsoft : AD, Exchange, Windows, Password Management Online Apps DBA: One Stop Shop for Apps DBA’s says July 15, 2012

[…] Oracle Identity Manager (OIM) (more here) is user provisioning and reconciliation software. To install & configure OIM 11g (11.1.1.3) click here  (latest OIM version as of July 2012 is 11.1.1.5. Installation & Configuration steps for OIM 11.1.1.5 are same as 11.1.1.3 , simply use software version WebLogic-10.3.5, RCU-11.1.1.5, and IDAM 11.1.1.5) […]

Reply
Kumar says July 30, 2012

Hi

1. How can i connect OIM to Weblogic Default LDAP user store?
2. When i create a user using OIM Delegated administration, Can this user be used to access only OIM or it can be configured for access other tools also.

Thanks

Reply
    Atul Kumar says July 31, 2012

    @ Kumar,

    1. How can i connect OIM to Weblogic Default LDAP user store?
    AK — You can’t , OIM has its own user store and if you want to authenticate against user in embedded store then user should be in both embedded ldap server and also in OIM. You can use SSO (configured with user store as embedded ldap store) and also configure identity asserter.

    2. When i create a user using OIM Delegated administration, Can this user be used to access only OIM or it can be configured for access other tools also.
    AK — What do you mean by other tools , please be more specific .

    Reply
bhumesh says December 20, 2012

Hi,

Not able to login on OIM UI with any user ids (including xelsysadm). However I am able to reset password through “forgot password” link at login page. But with new password again not able to login.

Pls suggest….thanks in advance.

Bhumesh

Reply
Madan says May 14, 2013

We want to integrate OAM 11gR2 and OIM 11gR2 for Password management Functionalities such change password capability. I am reviewing Enterprise Deployment Blueprint http://www.oracle.com/technetwork/database/availability/maa-deployment-blueprint-1735105.pdf.

It talks about split domain where OAM and OIM are on different domain with separate Admin Server. In Past we had to keep OAM and OIM on the same domain for integration.

Can you please confirm that OAM and OIM can be on separate domain for this requirement and can be integrated as well. Do you see any issues

Thanks,
Madan

Reply
carmel says June 25, 2014

hello gents,

can you please send me your thoughts how can I safely backup OIM 9.1 app and Oracle DB 10G instance ? I have to deploy custom .jar files and to import .xml using standard interface which writes in the DB tier. These are all custom not from Oracle Support patches.

My understanding is I have to address it on 2 levels:

1. OIM App deployed in Linux Red Hat(I think I need to make a full archive with time tar command, not sure)

2. Oracle DB level, version is 10.X. Shall I use RMAN ?

Thanks and Regards,
Silviu

Reply
Add Your Reply