This post covers changes in Oracle Access Manager from 10g (10.1.4.X) to 11g (11.1.1.X).
Oracle Access Manager (OAM) : is Access Management Product acquired from Oblix in 2005.
- Oblix COREid (6, 7) and OAM 10g is written in C++where as OAM 11g is J2EE application deployed on Oracle WebLogic Server (10.3.3+)
- There are two main OAM components in OAM 10g, Access System(Access Server, WebGate and Policy Manager) and Identity System (Identity Server and WebPass). In OAM 11g there is NO “Identity System Component“. Identity related functions are moved to Oracle Identity Manager(OIM) 11g. (OIM is user provisioning and reconciliation product acquired from Thor Xellerate)
- There is NO identityXML interface or Workflow in OAM 11g.
- Access Server in 10g is now called as OAM Server in 11g
- Policy Manager in 10g is now called as OAM Administration Console in 11g
- AccesssGate and WebGate in 10g are now called as OAM Agents in 11g
- Directory Profiles in 10g are now called as User-Identity Store in 11g
- In OAM 10g configurations are stored in LDAP servers where as in OAM 11g configurations are stored in xml file (under webloigic domain) – $DOMAIN_HOME/config/fmwconfig/oam-config.xml
- In OAM 10g Policies are stored in LDAP server where as in OAM 11g you have option to store them either in XML file or in Database.
- In OAM 10g Sessions used to be stateless where as in OAM 11g, user sessions are stateful and stored on Server in OAM 11g (It is possible to leverage Coherence for distributed caching of session data). For more information on Oracle Coherence (earlier Tangosol) click here
- In OAM 11g (by default) Policy Data & User session datais stored in single database (details under $DOMAIN_HOME/config/jdbc/oam-db-jdbc.xml) under one schema however it is possible to configure OAM Policy Data in to one database and user session data in another database.
- OAM Server (Access Server in 10g) in OAM 11g is deployed on WebLogic Managed Server (oam_server1 – default port 14100)
- In OAM 11g, OAM Administration Console(Policy Manager in 10g) is deployed on WebLogic Admin Server (default port 7001)
- URL for OAM Administration Console is http://server:7001/oamconsole (default username/password created during domain creation in weblogic)
- OAM 11g User Interface (UI) is based on Application Development Framework (ADF)
- Three type of Web Agents are supported in OAM 11g –
a) AccessGate/WebGate from 11g
b) AccessGate/WebGate from 10g (for backward compatibility) and
c) mod_osso for Oracle 10g Single Sign-On integration
For step by step installation of Oracle Access Manager (OAM) 11g click here