OAS – OAM (Access Manager / Oblix COREid) Integration Architecture
Integrating Oracle 10g Application Server with Oracle Access Manager -Overview
=========================
i) Oracle Application Server (OAS) can be integrated with Oracle Access
Manager (OAM, earlier called as Oblix COREid) for Authentication and
Authorization. Though Oracle Application Server has its own
Authentication and Single Sign-On feature but integrating OAS with OAM
provide more flexibility and security to Oracle Application Server and help in providing fine grained access control for protecting web and other resources.
ii) You also need OAM-OAS integration if you wish to integrate E-Business
Suite with Oracle Access Manager (Oblix COREid) for authentication and
authorization.
iii) If you wish to integrate (protect/authenticate/authorize) any oracle
product (like portal, Forms, BI, E-Business Suite) with Oracle Access
Manager (Oblix COREid) it should be done via Oracle Application Server.
iv) Integration of OAM with OAS will help you to provide identity management functionality to Web based application which run on Oracle Application server or any other Oracle product like Oracle E-Business Suite Self Service applications (iProc, iRec)
iv) While integrating Oracle Access Manager’s Authorization functionality, either Oracle Application Server or Oracle Access Manager Single Sign-On can act as authentication mechanism.
OAS (10g AS) – OAM (Oblix COREid) Integration Architecture
—————————————————————————–
As shown in diagram on top, you will have Oracle Access Manager installed and configured with any LDAP Server (AD, OID, iPlanet) and Oracle HTTP Server will be protected by WebGate (OAM web component).
Here is request flow when Oracle Application Server is protected by Oracle Access Manager (Oblix COREid)
i) User try to access web resource (http/https) on oracle application server which is protected by Oracle Access Manager (Oblix COREid), request is received by WebGate (access manager component on Web Server)
ii) Webgate request for policy from Access Server (another component in Oracle Access Manager) to check if resource (URL) is protected or not
iii) If resource/URL is not protected page is returned to user. If resource/URL is protected, webgate ask user to authenticate
iv) Credentials entered by user is validated against LDAP directory via access system.
v) After successful authentication, Oracle Access Manager Single Sign-On cookie (obSSOCookie) is sent to user browser
vi) After successful authorization (pre-defined at access server policy domains), access server executes actions specified in security policy and set HTTP Header variable that maps to Oracle Application Server 10g User ID
vii) Oracle AS Single Sign-On recognizes HTTP Headers set by Oracle Access Manager (HeaderVar), authenticates user and sets Oracle Single Sign-On Cookie.
If your LDAP store for Access is not same OID where Oracle Application Server users are stored then ensure that user data in two LDAP servers is in sync (up to date)
Implementation of 10g AS integration with Oracle Access Manager(Oblix COREid) coming soon …
Integration of Oracle Access Manager(COREid) with Siebel coming soon…