Oracle Identity Management Products – OID, OVD, OAM, OIM, ORM, OWSM, OIF, eSSO, OES, OAAM
Oracle Identity Management is Fusion Middleware Component which covers following Identity & Access Management software including Directory Server.
1. Oracle Access Manager (OAM) : Identity and Access Management product acquired from Oblix (Oblix COREid Access & Identity) more here here
2. Oracle Identity Manager (OIM) : User Provisioning product acquired from Thor more here
3. Oracle Role Manager (ORM) : Enterprise role management product acquired from Bridgestream more here
4. Oracle Web Services Manager (OWSM) : product to protect Web Services acquired from Oblix(Oblix COREsv) more here
5. Oracle Identity Federation (OIF): Broswer based cross domain SSO solution , combination of product acquired from Oblix(SHAREid) and Phaos
6. Oracle Enterprise Single Sign-On (eSSO) : Unified authentication and Single Sign-On to thin- and thick-client applications with no modification to existing applications. More here
7. Oracle Entitlements Server (OES) : fine-grained authorization software acquired from BEA(Aqualogic Entitlement Server). More here
8. Oracle Adaptive Access Manager (OAAM): real-time fraud prevention and multi-factor authentication acquired from Bharosa . More here here and here
9. Oracle Platform Security Services (OPSS): Security Framework for Java applications and part of Oracle Fusion Middleware 11g. OPSS is self-contained, portable framework that runs on Oracle WebLogic Server.
10. Identity Governance Framework (IGF) : software to control how identity-related information is used, stored and propagated between applications.
11. Oracle Information Rights Management (IRM) : secures and tracks sensitive digital information everywhere it is stored and used, More here
12. Oracle Identity Analytics (OIA) : Identity Intelligence product acquired from Sun (Sun Role Manager) more here
13. Oracle Single Sign-On (OSSO) : In-house developed web single sign-on product, required by Oracle 10g/11g Portal. Oracle Access Manager’s (OAM) single sign-on solution is recommended web single sign-on product.
Directory Services
.
14. Oracle Internet Directory (OID) : LDAP compliant directory server more here and here
15. Oracle Virtual Directory (OVD): provides a single standard interface to access identity data from multiple directory servers like OID, iPlanet, Active Directory or Databases (Relational databases)
.
.
Access Management Software
1. Oracle Access Manager (OAM)
2. Oracle Entitlement Server (OES)
3. Oracle Adaptive Access Manager (OAAM)
4. Oracle Information Rights Management (IRM)
5. Oracle identity Federation (OIF)
6. Oracle Single Sign-On (OSSO)
.
Identity & Access Management Software
1. Oracle Access Manager (OAM)
2. Oracle Entitlement Server (OES)
3. Oracle Identity Manager (OIM)
4. Oracle Internet Directory (OID)
5. Oracle Virtual Directory (OVD)
.
Acronyms related to Identity Management components
OIM – Oracle Identity Manager
ORM – Oracle Role Manager
OAM – Oracle Access Manager
OWSM – Oracle Web Services Manager
OIF – Oracle Identity Federation
eSSO – enterprise Single Sign-On
OES – Oracle Entitlement Server
OAAM – Oracle Adaptive Access Manager
ODS – Oracle Directory Services
OPSS – Oracle Platform Security Services
IGF – Identity Governance Framework
IRM – Information Rights Management
GRC – Governance Rick and Compliance platform
OID – Oracle Internet Directory
OVD – Oracle Virtual Directory
XACML – Extensible Access Control Markup Language
AAPML – Attribute Authority Policy Markup Language
SOAP – Simple Object Access Protocol
WSDL – Web Services Description Language
CARML – Client Attribute Markup Language
CSF – Credential Store Framework
OSDT – Oracle Security Developer Tools
JPS – Java Platform Security
SSPI – Security Services Provider Interface
JAZN – Java AuthoriZatioN
RBAC – Role Based Access Control
JACC – Java Authorization Contract for Containers
JAAS – Java Authentication and Authorization Service
OPSS – Oracle Platform Security Services
EUS – Enterprise User Security
DIP – Directory Integration Platform
LDAP – Lightweight Directory Access Protocol
SAML – Security Assertion Markup Language
ASA – Adaptive Strong Authentication
ARM – Adaptive Risk Management
SPML – Service Provisioning Markup Language
PSO – Provisioning Services Object.
OAM FREE Interview Questions:
Q: Describe the Architecture of OAM 11g?
A: The Oracle Access Manager resides on the Oracle WebLogic Administration Server (known as AdminServer). WebLogic Managed Servers hosting OAM runtime instances are known as OAM Servers. OAM 11g is a J2EE application.
Following Components are involved in OAM
1. Webgate
2. OAM Server
3. OAM Console
Oracle Access Manager (OAM) provides centralized, policy-driven services for authentication, single sign-on (SSO), and identity assertion.
Q: What is WebGate Agent?
A: OAM agent, also known as WebGate is a pre-packaged web server plugin which communicates with OAM server. There are two versions of OAM Agents, namely 11g WebGates and 10g WebGates.
Q: What is SSO?
A: SSO (Single Sign On), provides the ability to login to one application once, and log into same/other applications linked to same OAM without prompting for the password.
Q: What is the difference between authentication and authorization in OAM?
A: Authentication is to check if users identity by obtaining some credentials and it will always be followed by Authorization process. Authorization is to allow/disallow authenticated user to access application/pages they have access to.
Q: What is authorization module in OAM?
A: An authorization policy/module is to specify the conditions under which a subject or identity has access to a particular resource.
Q: How many types of resources are available in OAM and what is the use of Resources?
A:
1. Protected Resource — URL’s protected by OAM
2. Public Resource — URL’s not protected by OAM (Public)
Q: What is the use of anonymous scheme in OAM?
A: Unprotected resources must be included in an authentication policy that uses an authentication scheme with a protection level of 0. Most often this will be the anonymous authentication scheme.
Q: What is the major difference between OAM 10g and OAM 11g?
A:
1. Architecture Components
11g: Agents: Webgate, Access Client, mod_osso, and IAMSuiteAgent, OAM Server, Oracle Access Manager Console (installed on WebLogic Administration Server)
10g: Resource Webgate (RWG), Authentication Webgate (AWG), AccessGate, Access Server, Policy Manager
2. OAM 11g uses, Host-based authentication cookie whereas 10g users Domain- based Cookie.
3. Cryptographic keys is one per agent in OAM 11g, One global shared secret key for all Webgates in OAM 10g
Q: What is the use of Host Identifier?
A: Policies protect resources on computer hosts. Within Oracle Access Manager, the computer host is specified independently using a host identifier.
Q: What is persistent session management is OAM?
A: The session is created in the distributed in-memory cache. A copy is available in the local in-memory cache on the computer hosting the resource. If session persistence to the database is enabled, the session is also written to the database.
Q: Explain the process of protecting web application using OAM and SSO login flow?
A:
1. Register the Webgate Agent
2. Copy Generated Files and Artifacts to the Webgate Instance Location
Q: What are Header Variables and how it is useful?
A: Depending on the actions (responses in Access Manager) specified for authentication success and authentication failure, the user may be redirected to a specific URL, or user information might be passed on to other applications through a header variable or a cookie value.
Q: What is the difference between Access Gate and Web Gate?
A:
1. A WebGate is a web-server plug-in for Oracle Access Manager (OAM) that intercepts HTTP requests and forwards them to the Access Server for authentication and authorization.
2. AccessGate is custom access client developed using AccessSDK to protect non web-based applications protected by OAM 11g
Q: What is authentication Policy in OAM?
A: authentication policies are used to protect specific resources. The authentication policy provides the sole authentication method for resources governed by the policy.Each authentication policy defines the type of verification that must be performed to provide a sufficient level of trust for Access Manager to grant access to the user making the request.
Q: Explain the high-level steps for Integrating E-Biz R12.2 with OAM 11gR2?
A:
1. Install Database for OAM/OID
2. Run RCU
3. Install Weblogic, IDAM, OID and OHS
4. Create Domain for OAM and OID
5. Upgrade OPSS
6. Create DIP to integrate AD to OID
7. Apply EBS 12.2 patches for OAM
6. Install and Configure Access Gate on 12.2
7. Integrate EBS to OID
Q: What is the difference between SSO and ESSO?
A: SSO is to enable Single Sign-On on Oracle Products and ESSO is to enable Single Sign-On on both oracle and non-oracle products including Desktop, Windows password reset etc.
Q: What are different types of Identity Store?
A:
1. System Identity Store — Used to authenticate System users like Weblogic
2. Default Identity Store — Used as default authentication for other users/applications
Q: What is the use of Reverse Proxy?
A: A proxy server is a go-between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. Typically a reverse proxy is used to hide application server from end-users and/or for URL masking.
Q: Name some new features of OAM11gR2?
A: Dynamic Authentication — Dynamic authentication is the ability to define what authentication scheme should be presented to a user base on some condition.
Persistent Login (Remember Me) — Persistent Login is the ability to let users log in without credentials after the first-time login.
Policy Evaluation Ordering — The out-of-the -box algorithm is based on the “best match” algorithm for evaluating policies.
Delegated Administration — The ability to select users who can administer their own application domains.
Unified Administration Console — The console screen has a new look; a new single ‘Launch Pad’ screen with services that are enabled based on user roles.
Session Management — Ability to set idle session timeout’s at the application domain level
If you are looking for commonly asked interview questions for Oracle Access Manager then just click below and get that in your inbox.
References