Security Modules (OES Client) in Oracle Entitlement Server (OES) 11g


Oracle Entitlement Server (OES) is a fine-grained authorization product and part of Access Management Suite.

1. OES consists of :
a) OES 11g Administration Console : Authorization Policy Manager (APM) : This is server side components installed as part of Identity & Access Management software.

b) OES 11g Client (SM) : OES Security Module is a client side component (this acts as Policy Enforcement Point and can also acts as Policy Decision point) that queries and enforces policies. OES Client (SM) is installed as separate software.
OES – Oracle Entitlement Server
PDP – Policy Decision Point
PEP – Policy Enforcement Point
JRF – Java Required Files
SM – Security Module
2. Type of SM : Security modules can be of following type

a) WebLogic SM (-smType wls)- WebLogic Security Module is a custom Java Security Module that includes both a Policy Decision Point and a Policy Enforcement Point. It will only run on the WebLogic Server container and does not need explicit authorization API calls. WebLogic SM can be with or without JRF (Java Required Files). JRF are installed with WebLogic Server under oracle_common when you install any Fusion Middleware product like WebCenter, SOA, IdM, IDAM etc. in a Middleware Home (MW_HOME)

b) Oracle Service Bus (OSB) SM (-smType wls -onJRF) – similar to WebLogic Security Module but with JRF

c) Java SM (-smType java)

Note : You can also use Java Security Module in the proxy mode with Web Service Security Module or RMI Security Module

d) RMI SM (-smType rmi)

e) .Net SM ( -smType dotnetws)

f) Web Service SM (-smType ws)

g) Web Service SM on Oracle WebLogic Server (-smType ws -onWLS) :

h) IBM WebSphere SM (-smType was) : This SM will only run on the IBM WebSphere container.

i) JBoss SM (-smType jobs) : This SM will only run on the JBoss container.

j) Apache Tomcat SM (-smType tomcat) : It will only run on the Apache Tomcat container.

k) .NET SM :

l) Microsoft Share Point (MOSS) SM :

3. Security Module contains functionality to evaluate and enforce authorisation decisions. Security Module can act as Policy Decision Point (PDP) or both PDP and Policy Enforcement Point (PEP)

4. In OES 11gR2, WebLogic Server SM, Oracle Service Bus SM, and Microsoft Sharepoint SM works both as PEP and PDP.

More on installing and configuring OES client (Security Module) in next post


About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

Add Your Reply

Not found