Introduction to Oracle Access manager : Identity and Access System WebPass ,

Webgate, Policy Manager

1. Oracle Access Manager (OAM) mainly consists of two main systems

a) Identity System to create/manage users & groups, self registration and
password
management.
b) Access System to configure single/multi domain SSO solution for Web
and non-Web based applications, web pages and other resources. To configure
access management (authentication and authorization) to various type of
resources (applications web or non-web based, web pages)
2. It is possible to implement only Identity System or only Access
Systemor both components of Access Manager.
3. Using
Access
Managers Identity
System you
can

i) Create, remove or manage identity information related to users or groups.

ii) provide delegated administration and self service on identity
(users/groups/resources)
iii)use workflow engine to automate requests and approvals related to identity
data
iv)Password Management Define multiple password policy, change
passwords,
lost
password
management
v) configure auditing and reporting on identity events
.
A. Oracle Access Manager Identity System
1. Oracles Access Manager Identity system mainly contains four
applications to provide above functionality (mentioned in step 3 above)
i) User Manager Application to add, remove or manage users.
ii) Group Manager Application to add, delete, manage groups (static,

dynamic, nested). use this application to Add/remove users from group or search
members
in
group.
iii) Organization Manager to manage system rules, access privileges and
workflows
for
entire
Organizations.
iv) Identity System Console to create administrators and delegated
administrator for identity system and setup identity system application including
object classes and attributes.
.

.
2. Oracle Access Managers Identity System has two sub components
i) Identity Server stand-alone server process that communicates with
Directory
Server
(AD,
OID,
Sun
Directory
server..)
ii) WebPass is webserver plug-in that communicates between webserver
(Apache, OHS, IIS..) and Identity Server.
Identity Server is to manage information about users, groups, and other objects
stored
in
Directory
Server.
There can be one or more identity server in Access Manager solution.
WebPass receives requests from users and forwards to identity server. After
processing that request by identity server, WebPass receives reply from Identity
Server
and
passes
it
to
Webserver.
WebPass
can
connect
to
one
to
more
Identity
Server
Communication between WebPass and Identity Server is via Oracles
proprietary
protocol
i.e. Oracle
Identity
Protocol

 Communication
between
Identity
Server
and Directory server
using LDAP (Light weight Directory Access Protocol)

is

.
B. Oracle Access Manager Access System
.

.
1. Consists of following four subcomponents
i) Access Server provides dynamic policy evaluation service for web-based
and non-Web resources and applications. Access server receives request from
webgate or custom AccessGate, Access Server then queries LDAP server for
authentication , authorization and auditing rules.
ii) WebGate is a webserver plug-in that intercepts HTTP requests from
users for web resource and forward them to access server for authentication and
authorization.
iii) Policy Manager Administrators use policy manager to define resources
to be protected by Access System. Policy Manager is implemented on
WebServer with WebPass and Communicates with directory server (OID, AD or

iPlanet) to write policy data. Policy Manager Communicates with Access Server
(using Oracle Access Protocol) to update access server for any policy
modification.

Policy
Manager
contains
following
modules
a)
Authentication
Module
b)
Authorization
Module
c)
Auditing
Module
d) Session Management Module
iv) Access System Console is used to configure access server and has
following
tabs
System
Configuration, System
Management and Access System Configuration
i)
System
Configuration
To
define
a)
Master
and
Delegated
Access
Administrator
b) Resource type, Policy domain, authentication and authorization schemes
ii) System Management to manage diagnostics, reports
iii)
Access
System
Configuration
a) To view, add, modify or delete Access Server, Access Gate or Access
Server cluster.
b) To view and modify authentication/authorization parameters .
.
There can be one or more Access server in Access Manager solution.
WebGate receives requests from users and forwards to Access
server;After processing that request by Access Server, WebGate receives reply
from Access
Serverand
passes
it
to
Webserver.

WebGate can
connect
to
one or
more Access
Server
Communication between WebGate and Access Server is via Oracles
proprietary
protocol
i.e. Oracle Access
Protocol
Communication
between Access Server and Directory Server is
using LDAP (Light weight Directory Access Protocol)