Oracle Identity Management Products – OID, OVD, OAM, OIM, ORM, OWSM, OIF, eSSO, OES, OAAM

Oracle Identity Management  is Fusion Middleware Component which covers following Identity & Access Management software including Directory Server.

1. Oracle Access Manager (OAM) : Identity and Access Management product acquired from Oblix (Oblix COREid Access & Identity) more here here 

2. Oracle Identity Manager (OIM) : User Provisioning product acquired from Thor more here

3. Oracle Role Manager (ORM) : Enterprise role management product acquired from Bridgestream more here

4. Oracle Web Services Manager (OWSM) : product to protect Web Services acquired from Oblix(Oblix COREsv) more here

5. Oracle Identity Federation (OIF): Broswer based cross domain SSO solution , combination of product acquired from Oblix(SHAREid) and Phaos

6. Oracle Enterprise Single Sign-On (eSSO) : Unified authentication and Single Sign-On to thin- and thick-client applications with no modification to existing applications. More here

7. Oracle Entitlements Server (OES) :  fine-grained authorization software acquired from BEA(Aqualogic Entitlement Server). More here

8. Oracle Adaptive Access Manager (OAAM): real-time fraud prevention and multi-factor authentication acquired from Bharosa . More here here and here

9. Oracle Platform Security Services (OPSS): Security Framework for Java applications and part of Oracle Fusion Middleware 11g. OPSS is self-contained, portable framework that runs on Oracle WebLogic Server.

10. Identity Governance Framework (IGF) : software to control how identity-related information is used, stored and propagated between applications.

11. Oracle Information Rights Management (IRM) : secures and tracks sensitive digital information everywhere it is stored and used, More here

12. Oracle Identity Analytics (OIA) : Identity Intelligence product acquired from Sun (Sun Role Manager) more here

13. Oracle Single Sign-On (OSSO) : In-house developed web single sign-on product, required by Oracle 10g/11g Portal. Oracle Access Manager’s (OAM) single sign-on solution is recommended web single sign-on product.

Directory Services
14. Oracle Internet Directory (OID)
: LDAP compliant directory server more here  and here

15. Oracle Virtual Directory (OVD): provides a single standard interface to access identity data from multiple directory servers like OID, iPlanet, Active Directory or Databases (Relational databases)



Access Management Software

1. Oracle Access Manager (OAM)
2. Oracle Entitlement Server (OES)
3. Oracle Adaptive Access Manager (OAAM)
4. Oracle Information Rights Management (IRM)
5. Oracle identity Federation (OIF)
6. Oracle Single Sign-On (OSSO)

Identity & Access Management Software
1. Oracle Access Manager (OAM)
2. Oracle Entitlement Server (OES)
3. Oracle Identity Manager (OIM)
4. Oracle Internet Directory (OID)
5. Oracle Virtual Directory (OVD)


Acronyms related to Identity Management components

OIM – Oracle Identity Manager
ORM – Oracle Role Manager
OAM – Oracle Access Manager
OWSM – Oracle Web Services Manager
OIF – Oracle Identity Federation
eSSO – enterprise Single Sign-On
OES – Oracle Entitlement Server
OAAM – Oracle Adaptive Access Manager
ODS – Oracle Directory Services
OPSS – Oracle Platform Security Services
IGF – Identity Governance Framework
IRM – Information Rights Management
GRC – Governance Rick and Compliance platform
OID – Oracle Internet Directory
OVD – Oracle Virtual Directory
XACML – Extensible Access Control Markup Language
AAPML – Attribute Authority Policy Markup Language
SOAP – Simple Object Access Protocol
WSDL – Web Services Description Language
CARML – Client Attribute Markup Language
CSF – Credential Store Framework
OSDT – Oracle Security Developer Tools
JPS – Java Platform Security
SSPI – Security Services Provider Interface
JAZN – Java AuthoriZatioN
RBAC – Role Based Access Control
JACC – Java Authorization Contract for Containers
JAAS – Java Authentication and Authorization Service
OPSS – Oracle Platform Security Services
EUS – Enterprise User Security
DIP – Directory Integration Platform
LDAP – Lightweight Directory Access Protocol
SAML – Security Assertion Markup Language
ASA – Adaptive Strong Authentication
ARM – Adaptive Risk Management
SPML – Service Provisioning Markup Language
PSO – Provisioning Services Object.

OAM FREE Interview Questions: 

Q: Describe the Architecture of OAM 11g?
A: The Oracle Access Manager resides on the Oracle WebLogic Administration Server (known as AdminServer). WebLogic Managed Servers hosting OAM runtime instances are known as OAM Servers. OAM 11g is a J2EE application.

Following Components are involved in OAM
1. Webgate
2. OAM Server
3. OAM Console
Oracle Access Manager (OAM) provides centralized, policy-driven services for authentication, single sign-on (SSO), and identity assertion.

Q: What is WebGate Agent?
A: OAM agent, also known as WebGate is a pre-packaged web server plugin which communicates with OAM server. There are two versions of OAM Agents, namely 11g WebGates and 10g WebGates.

Q: What is SSO?
A: SSO (Single Sign On), provides the ability to login to one application once, and log into same/other applications linked to same OAM without prompting for the password.

Q: What is the difference between authentication and authorization in OAM?
A: Authentication is to check if users identity by obtaining some credentials and it will always be followed by Authorization process. Authorization is to allow/disallow authenticated user to access application/pages they have access to.

Q: What is authorization module in OAM?
An authorization policy/module is to specify the conditions under which a subject or identity has access to a particular resource.

Q: How many types of resources are available in OAM and what is the use of Resources?
1. Protected Resource — URL’s protected by OAM
2. Public Resource — URL’s not protected by OAM (Public)

Q: What is the use of anonymous scheme in OAM?
A: Unprotected resources must be included in an authentication policy that uses an authentication scheme with a protection level of 0. Most often this will be the anonymous authentication scheme.

Q: What is the major difference between OAM 10g and OAM 11g?
1. Architecture Components
11g: Agents: Webgate, Access Client, mod_osso, and IAMSuiteAgent, OAM Server, Oracle Access Manager Console (installed on WebLogic Administration Server)
10g: Resource Webgate (RWG), Authentication Webgate (AWG), AccessGate, Access Server, Policy Manager
2. OAM 11g uses, Host-based authentication cookie whereas 10g users Domain- based Cookie.
3. Cryptographic keys is one per agent in OAM 11g, One global shared secret key for all Webgates in OAM 10g

Q: What is the use of Host Identifier?
A: Policies protect resources on computer hosts. Within Oracle Access Manager, the computer host is specified independently using a host identifier.

Q: What is persistent session management is OAM?
A: The session is created in the distributed in-memory cache. A copy is available in the local in-memory cache on the computer hosting the resource. If session persistence to the database is enabled, the session is also written to the database.

Q: Explain the process of protecting web application using OAM and SSO login flow?
1. Register the Webgate Agent
2. Copy Generated Files and Artifacts to the Webgate Instance Location

Q: What are Header Variables and how it is useful?
A: Depending on the actions (responses in Access Manager) specified for authentication success and authentication failure, the user may be redirected to a specific URL, or user information might be passed on to other applications through a header variable or a cookie value.

Q: What is the difference between Access Gate and Web Gate?
1. A WebGate is a web-server plug-in for Oracle Access Manager (OAM) that intercepts HTTP requests and forwards them to the Access Server for authentication and authorization.
2. AccessGate is custom access client developed using AccessSDK to protect non web-based applications protected by OAM 11g

Q: What is authentication Policy in OAM?
A: authentication policies are used to protect specific resources. The authentication policy provides the sole authentication method for resources governed by the policy.Each authentication policy defines the type of verification that must be performed to provide a sufficient level of trust for Access Manager to grant access to the user making the request.

Q: Explain the high-level steps for Integrating E-Biz R12.2 with OAM 11gR2?
1. Install Database for OAM/OID
2. Run RCU
3. Install Weblogic, IDAM, OID and OHS
4. Create Domain for OAM and OID
5. Upgrade OPSS
6. Create DIP to integrate AD to OID
7. Apply EBS 12.2 patches for OAM
6. Install and Configure Access Gate on 12.2
7. Integrate EBS to OID

Q: What is the difference between SSO and ESSO?
A: SSO is to enable Single Sign-On on Oracle Products and ESSO is to enable Single Sign-On on both oracle and non-oracle products including Desktop, Windows password reset etc.

Q: What are different types of Identity Store?
1. System Identity Store — Used to authenticate System users like Weblogic
2. Default Identity Store — Used as default authentication for other users/applications

Q: What is the use of Reverse Proxy?
A: A proxy server is a go-between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. Typically a reverse proxy is used to hide application server from end-users and/or for URL masking.

Q: Name some new features of OAM11gR2?
A: Dynamic Authentication — Dynamic authentication is the ability to define what authentication scheme should be presented to a user base on some condition.
Persistent Login (Remember Me) — Persistent Login is the ability to let users log in without credentials after the first-time login.
Policy Evaluation Ordering — The out-of-the -box algorithm is based on the “best match” algorithm for evaluating policies.
Delegated Administration — The ability to select users who can administer their own application domains.
Unified Administration Console — The console screen has a new look; a new single ‘Launch Pad’ screen with services that are enabled based on user roles.
Session Management — Ability to set idle session timeout’s at the application domain level

If you are looking for commonly asked interview questions for Oracle Access Manager then just click below and get that in your inbox.




Share This Post with Your Friends over Social Media!

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

» Installing Oracle Identity Management (OIM & OAM) 11g R1 PS2 ( : High Level Steps Online Apps DBA: One Stop Shop for Apps DBA’s says July 29, 2010

[…] those who are new to Oracle Identity Management, check this post here for list of  products which comes under Oracle’s Identity Management […]

chandupoori says October 21, 2010

pls send me difference between oam sso and osso

poori says March 16, 2011

Thanks Atul

» Install Oracle Identity Management (OIM/IDM) - OID / OVD / OIF : High Level Steps Online Apps DBA: One Stop Shop for Apps DBA’s says March 23, 2011

[…] Install Oracle Identity Management (OIM/IDM) – OID / OVD / OIF : High Level Steps Posted in March 23rd, 2011 byAtul Kumar in OIM, idm, im, installation, oid  Print This Post This post covers high level steps to install Oracle Identity Management (OIM) (11gR1 PS3) which covers Oracle Internet Directory (OID), Oracle Virtual Directory (OVD) and Oracle Identity Federation (OIF). For full list of all Oracle Identity Management products click here […]

Hari says May 12, 2011


I brought the Oracle Identity Access Managemenr 11g for Administrators: RAW

I couldn’t find much about IDM Components which are oid,ovd,oif.

Can yoiu please cover them also


Atul Kumar says May 12, 2011

@ Hari,
This book is focused on OIM (Identity Manager) & OAM (Access Manager) since you have bought this book, I am setting up forum dedicated to those who have bought this book where you can ask questions and I’ll anything and everything in IdM (OID, OVD, OIF, OAM, OIM, OAAM, OIN, OAPM, OES, eSSO, 10g SSO, PassLogix….)

Till that time please leave your query under comments section and I’ll get back to you with answer.

Jyothi says May 20, 2012

Hi Atul, I have a quick question. Appreciate if you can clarify my confusion. My ovd ports are 6501 and 7501(ssl). While configuring OVD for SSL (Configuring OVD to Accept Server Authentication Only Mode SSL Connections) when I run ORACLE_COMMON_HOME/bin/ -component ovd, should I provide ovd ports or OID ports ? In oracle guide for Idenitity management, in the topic “Configuring Oracle Virtual Directory for SSL” I see that OID port 389 is provided. Also, in the blog, it clearly shows OID ports 3060 and 3061(ssl) have been entered. I am confused.

My OID ports are 3060, 3131(ssl).

Can you please let me know whether I need to provide ovd ports or oid ports.

Really appreciate your time.

thank you

» Confused about Oracle IAM software version & release number ? Online Apps DBA: One Stop Shop for Apps DBA’s says May 30, 2012

[…] This post is to cover software version (release number) and installation media for various Oracle IAM 11g products […]

Jyothi says June 15, 2012

Hi Atul, How do you patch IDM servers in production ?

For example I have OID,OVD etc running on and oam, oim etc on If I want to use it for OFA 11.1.4, should I completely start from sctach the installation and configuration of IDM using OFA CDs or is there any alternative approach.

What I am thinking is my current IDM envt is of no use anymore if I want to use it for OFA 11.1.4.

Appreciate your input.

Thank you.


Atul Kumar says June 15, 2012

You can apply patches to IDM applications as you apply to any other FMW application

Shutdown services and then set correct oracle_home and use opatch.

Apply post patch steps if any in readme of patch

Adarsh says December 17, 2012

Hi Atul,

Can we use multiple sites i.e.

on single OHS with singe webgate?

Anil Reddy says February 13, 2014

Hi Atul,

I’m getting below error when starting OAAM server. Please help me

[ERROR] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 71596947a41dd465:-3538b7a5:1442aba7184:-8000-0000000000000002,0] [APP: oaam_server#] Error while retrieving Credential from CSF. MapName = [oaam], KeyName = [DESede_db_key_alias]. Returning NULL.[[ access denied ( context=SYSTEM,mapName=oaam,keyName=DESede_db_key_alias read)
at oracle.oaam.common.util.CSFUtil$
at oracle.oaam.common.util.CSFUtil$
at oracle.oaam.common.util.CSFUtil.getCredential(
at com.bharosa.common.util.cipher.CSFKeyRetrieval.init(
at com.bharosa.common.util.cipher.CSFKeyRetrieval.(
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(
at java.lang.reflect.Constructor.newInstance(
at com.bharosa.common.util.BharosaCipher.getKeyRetrievalClass(
at com.bharosa.common.util.BharosaCipher.getCipher(
at com.bharosa.common.util.BharosaCipher.getCipher(
at com.bharosa.vcrypt.auth.util.VCryptPassword.(
at com.bharosa.common.toplink.TOPLinkPasswordAttributeTransformer.(
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(
at java.lang.reflect.Constructor.newInstance(
at java.lang.Class.newInstance0(
at java.lang.Class.newInstance(
at org.eclipse.persistence.descriptors.ClassDescriptor.convertClassNamesToClasses(
at org.eclipse.persistence.sessions.Project.convertClassNamesToClasses(
at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.deploy(
at org.eclipse.persistence.internal.jpa.EntityManagerFactoryImpl.getServerSession(
at com.bharosa.common.toplink.TopLink11gDBMgr.getServerSession(
at com.bharosa.common.toplink.TopLink11gDBMgr.(
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(
at java.lang.reflect.Constructor.newInstance(
at java.lang.Class.newInstance0(
at java.lang.Class.newInstance(
at com.bharosa.vcrypt.dataaccess.util.VCryptDataAccessMgr.initializeDBMgr(
at com.bharosa.vcrypt.dataaccess.util.VCryptDataAccessMgr.(
at com.bharosa.common.util.BharosaConfigLoadDbImpl.init(
at com.bharosa.common.util.BharosaConfigCommonImpl.init(
at com.bharosa.common.util.BharosaConfig.init(
at com.bharosa.common.util.BharosaConfig.getHashMap(
at com.bharosa.common.util.UserDefEnumFactory.loadEnums(
at com.bharosa.common.util.UserDefEnumFactory.(
at com.bharosa.common.util.UserDefEnumFactory.getInstance(
at com.bharosa.common.util.UserDefEnumFactory.getEnum(
at com.bharosa.common.util.UserDefEnum.getEnum(
at com.bharosa.common.util.BharosaConfig.(
at com.bharosa.common.db.BharosaDBMgr.(
at com.bharosa.vcrypt.dataaccess.util.VCryptDataAccessMgr.initializeDBMgr(
at com.bharosa.vcrypt.dataaccess.util.VCryptDataAccessMgr.(
at oracle.oaam.common.init.OaamServerInit.init(
at oracle.oaam.common.init.AppInitializer.initialize(
at oracle.oaam.common.init.AppInitServlet.init(
at weblogic.servlet.internal.StubSecurityHelper$
at weblogic.servlet.internal.StubSecurityHelper.createServlet(
at weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(
at weblogic.servlet.internal.StubLifecycleHelper.(
at weblogic.servlet.internal.ServletStubImpl.prepareServlet(
at weblogic.servlet.internal.WebAppServletContext.preloadServlet(
at weblogic.servlet.internal.WebAppServletContext.loadServletsOnStartup(
at weblogic.servlet.internal.WebAppServletContext.preloadResources(
at weblogic.servlet.internal.WebAppServletContext.start(
at weblogic.servlet.internal.WebAppModule.startContexts(
at weblogic.servlet.internal.WebAppModule.start(
at weblogic.application.internal.flow.ModuleStateDriver$
at weblogic.application.utils.StateMachineDriver.nextState(
at weblogic.application.internal.flow.ModuleStateDriver.start(
at weblogic.application.internal.flow.ScopedModuleDriver.start(
at weblogic.application.internal.flow.ModuleListenerInvoker.start(
at weblogic.application.internal.flow.ModuleStateDriver$
at weblogic.application.utils.StateMachineDriver.nextState(
at weblogic.application.internal.flow.ModuleStateDriver.start(
at weblogic.application.internal.flow.StartModulesFlow.activate(
at weblogic.application.internal.BaseDeployment$
at weblogic.application.utils.StateMachineDriver.nextState(
at weblogic.application.internal.BaseDeployment.activate(
at weblogic.application.internal.EarDeployment.activate(
at weblogic.application.internal.DeploymentStateChecker.activate(
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(
at weblogic.deploy.internal.targetserver.BasicDeployment.activate(
at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(


Anil Reddy says February 14, 2014

Hi Atul,

No Disk space issue and weird thing is key exist but still i get this error. I am not able to resolve and i tired re creating KEY “DESede_db_key_alias” as provided by oracle ( 2.4 Section.

But still while starting server i am getting this error.
Please could you help me in resolving this issue.

Atul Kumar says February 14, 2014

@ Anil Reddy,
In that case user you are trying to start doesn’t have access to read cerential store .

This permission is defined in file DOMAIN_HOME/config/fmwconfig/jazn-data.xml for oaam_app

I had similar issue but for some other app and some other error which can be found here

If you cam’t fix the error then raise SR with OPSS (Platform Security Team) and ask them what content to change in jazn-data.xml file

Anil Reddy says February 14, 2014

Hi Atul,

Thanks issue got resolved as you said it was permission issue and i have updated in jazan.xml.

Once again thank you 🙂

teja says May 2, 2014

Hi Atul, We are in a process to change the domain name of the servers that are hosting OAM 10g to a new domain name and they reside on the same server.
Can you please help me with the configurations changes that needs to be made with related to OAM components.

Any help on this will be great help.


sundas7 says June 20, 2014

Hi Atul/Experts,

Please let me know if 8GB RAM( 62 bit) Machine is sufficient if we need to have OIM 11gr2( SOA),OAM,OIF,Weblogic,DB and target system like AD,OID can be installed for testing environment.I am planning to use VM and hence need to have all on the same physical machine.I also came across your article regarding Hardware requirements for Fusion Apps,using Amazon Cloud,but seem to be very expensive.

Please suggest.


Atul Kumar says June 20, 2014

No 8 GB ram will not be enough, You need roughly 32 GB (or may be little more) if you are planning to host all.

We host IAM VMs if you need for self learning with 32 GB memory and pre-built database and all software . We can also give a pre-configured VM image with all required components already installed and configured.

Drop us a mail at contact @ if you need more information.

sundas7 says June 23, 2014

Thanks for the information.


ambu says July 24, 2014


i am new for sso configuration. thay are using OAM. client don’t want use OID, they want use only OVD… is it possible can we configure with oid for SSO

DSP says March 17, 2015

Hi Atul,

We want to integrate R12.2 with thirdparty LDAP and we dont want SSO solution.

Can we just use OID to achieve this or do we need OAM?

what is differenc between

1)Oracle Identity and Access Management Suite Plus 2)Oracle Access Management
3)Oracle Identity Management

is it something like 1 is combination of 2 & 3

Thanks for your help.


anish says May 7, 2015


I am looking for a documentation and sequence flow on how multifactor authentication is done using oam/oaam (11gR2PS2 version of the these 2 products)


Is OAM alone enough or should I also learn OIM/SOA for Apps DBA ? - Oracle : Design, Implement & Maintain Oracle : Design, Implement & Maintain: Oracle Implementation & Training Experts says June 18, 2015

[…] and other IAM products. Oracle Access Manager is recommended Web Single Sign-On product from Oracle Identity & Access Management Suite where other products include OIM, OID, OUD, OVD, OES, OMS, OAAM, OES, eSSO […]

Pavan says March 16, 2016

Hi atul,

could u explain me how can we find the software for opam(oracle privileged account manager ) and its installation steps. Thanks 🙂 🙂

    Atul Kumar says March 18, 2016

    @Pavan, OPAM is part of Oracle Identity & Access Management (software using which you install OAM/OIM) . When you install and configure Weblogic domain , select OPAM template .

Argha says May 30, 2017

I want to install and configure Oracle Virtual Directory latest version and configure with Database Adapter plugin. Can anyone suggest what is the latest version and whether it supports database adapter or not.

Hui says September 24, 2018

Oracle Identity Management 11g R1 Whitepaper URL link on your website needs to be updated.

Add Your Reply

Not found