Installing Oracle Access Manager in Simple Transport security mode.
Hi all,
As you would know that there are various security modes available in Oracle Access Manager and you will use it based on the environment you are working on.
The various security modes available are:
1. Open: In this mode, there will be no authentication or encryption between the OAM components between Identity Server and WebPass or between Access Server and Access Gates etc., This means that Identity Server doesnot ask for the proof of WebPass and Access Server does not ask for the proof of Access Gate.
This mode is generally used in non secured environments.
2. Simple: In this mode, the encryption happens between OAM components using X.509 digital Certificates provided by the Oracle. Here, there is no third party providing the certificates. OAM is shipped with its own private key that gets installed in all the OAM components. For each public key there is a corresponding private key that Oracle Access Manager stores in the aaa_key.pem file (or ois_key.pem for Oracle Access Manager). A program named openSSL in the \tools subdirectory generates the private key. The openSSL program is called automatically during installation of each AccessGate and Access Server. Unlike Cert mode, Oracle Access Manager has already generated the private key. The key is presented automatically during installation.
3. Cert : In this mode, the encryption happens between OAM components using X.509 digital certificates provided by the 3rd party CA. This is generally used in production environments.
If you are installing Identity server in Simple mode, you have to select the Simple option as shown below.
then the files ois_cert.pem and ois_key.pem will be present under the location identity_server_install\identity\oblix\config\simple initially. After the certificate gets generated by open SSL, then the certificate will be copied to the same location and it is ois_cert.pem.
Here, you will secure the private key using PEM pass phrase (Privacy Enhanced Mail) as shown below.
You are done! Now the OAM components will communicate with each other in secured mode.
References:
About the Author Mahendra
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com