Security Modules (OES Client) in Oracle Entitlement Server (OES) 11g


Oracle Entitlement Server (OES) is a fine-grained authorization product and part of Access Management Suite.

1. OES consists of :
a) OES 11g Administration Console : Authorization Policy Manager (APM) : This is server side components installed as part of Identity & Access Management software.

b) OES 11g Client (SM) : OES Security Module is a client side component (this acts as Policy Enforcement Point and can also acts as Policy Decision point) that queries and enforces policies. OES Client (SM) is installed as separate software.
OES – Oracle Entitlement Server
PDP – Policy Decision Point
PEP – Policy Enforcement Point
JRF – Java Required Files
SM – Security Module
2. Type of SM : Security modules can be of following type

a) WebLogic SM (-smType wls)- WebLogic Security Module is a custom Java Security Module that includes both a Policy Decision Point and a Policy Enforcement Point. It will only run on the WebLogic Server container and does not need explicit authorization API calls. WebLogic SM can be with or without JRF (Java Required Files). JRF are installed with WebLogic Server under oracle_common when you install any Fusion Middleware product like WebCenter, SOA, IdM, IDAM etc. in a Middleware Home (MW_HOME)

b) Oracle Service Bus (OSB) SM (-smType wls -onJRF) – similar to WebLogic Security Module but with JRF

c) Java SM (-smType java)

Note : You can also use Java Security Module in the proxy mode with Web Service Security Module or RMI Security Module

d) RMI SM (-smType rmi)

e) .Net SM ( -smType dotnetws)

f) Web Service SM (-smType ws)

g) Web Service SM on Oracle WebLogic Server (-smType ws -onWLS) :

h) IBM WebSphere SM (-smType was) : This SM will only run on the IBM WebSphere container.

i) JBoss SM (-smType jobs) : This SM will only run on the JBoss container.

j) Apache Tomcat SM (-smType tomcat) : It will only run on the Apache Tomcat container.

k) .NET SM :

l) Microsoft Share Point (MOSS) SM :

3. Security Module contains functionality to evaluate and enforce authorisation decisions. Security Module can act as Policy Decision Point (PDP) or both PDP and Policy Enforcement Point (PEP)

4. In OES 11gR2, WebLogic Server SM, Oracle Service Bus SM, and Microsoft Sharepoint SM works both as PEP and PDP.

More on installing and configuring OES client (Security Module) in next post


Share This Post with Your Friends over Social Media!

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

» Install and Configure Oracle Entitlement Server (OES) 11gR2 (11.1.2) Part II Online Apps DBA: One Stop Shop for Apps DBA’s says March 29, 2013

[…] In next part of Install and COnfigure OES 11gR2, I’ll cover installation and configuration of OES Client (WebLogic Security Module). You can read on Security Modules of OES here […]

» Beware OES 11gR2 Security Module for OSB is NOT yet certified with OSB (as of Oct 2013) Online Apps DBA: One Stop Shop for Apps DBA’s says September 30, 2013

[…] Posted in September 30th, 2013 byAtul Kumar in oes, osb I discussed about OES Server,  OES Client (Security Module) and Oracle Service Bus. You can integrate Oracle Service Bus (OSB) 11gR1 with Oracle Entitlement […]

» Discovery Mode in OES 11g for WebLogic/OSB Security Module : Online Apps DBA: One Stop Shop for Apps DBA’s says October 1, 2013

[…] to achieve this, you install & configure OES Security Module and enable Discovery Mode for this Security Module. Once Security Module is configured in […]

» Auditing in Oracle Entitlement Server (OES ) 11g Online Apps DBA: One Stop Shop for Apps DBA’s says January 14, 2014

[…] To Audit OES Security Modules (SM), you must update jps-config.xml used by Security Module and update entry for serviceInstance […]

» Upgrade Oracle IAM (OES) from 11gR2 ( to 11gR2 PS2 ( lessons learned Online Apps DBA: One Stop Shop for Apps DBA’s says February 11, 2014

[…] a) Upgrade OES Server b) Upgrade OES Client i.e. OES Security Module (OESSM) […]

Add Your Reply