Overview#

Oracle Access Manager (OAM) - Was CoreID from OBLIX.

Oracle Access Manager is an Access Control product from Oracle.

Overview of Oracle COREid Access and Identity#

Oracle COREid Access and Identity is an enterprise-class authentication, authorization, and auditing solution that provides centralized security administration. This includes functionality for access control, single sign-on (separate from OracleAS Single Sign-On), personalization, and user profile management in heterogeneous application environments across a variety of application servers, legacy applications, and databases. COREid provides key features for creating, managing, and enforcing access policies. If you have different sets of users that require access to different data sets, while all require access to a common set of data, COREid can allow the right levels of access to each group so that everyone can access only the data that is appropriate for them.

In comparing Oracle COREid Access and Identity to other authentication, single sign-on, and authorization services, note the following differentiating features.

  • You can centralize authentication and authorization for multiple OC4J instances through a single Oracle COREid Access and Identity instance, allowing centralized single sign-on and auditing functionality, as well as more robust authentication options.
  • COREid offers superior identity administration through workflow, fine-grained attribute control, and delegation of administration.
  • COREid supports access control based on dynamic groups, with members based on a given identity profile.
  • COREid allows realtime access and identity integration, with runtime changes made through COREid being automatically populated into the Access Server cache to eliminate security loopholes.

In the OC4J 10.1.3 implementation, OracleAS JAAS Provider supports Oracle COREid Access and Identity integration through a custom login module and a special authentication method setting.

Oracle COREid Access and Identity includes the following components:#

  • WebGate, the policy enforcer, is a Web server plug-in access client (with an associated Apache mod for use on Oracle HTTP Server) that intercepts HTTP requests and forwards them to the Access Server for authentication and authorization. In comparison, an AccessGate is a custom access client, built with the COREid Access SDK, that processes Web and non-Web resource requests from users or applications. It intercepts user requests and forwards them to the Access Server for authentication and authorization. The terms WebGate and AccessGate can be used interchangeably in most situations.
  • WebPass is a Web server plug-in that passes information between a Web server and a COREid server.
  • COREid Identity Server processes all user identity, group, organization, and credential-management requests.
  • Access Server, the policy decision-maker, receives requests, responds to the access client, and manages the login session. The Access Server receives requests from WebGate and queries the authentication, authorization, and auditing rules in Oracle Internet Directory. The Access Server also manages the login session by helping WebGate terminate sessions, set user session timeouts, reauthenticate when timeouts occur, and track session activity.
  • Access Manager writes policy data to Oracle Internet Directory, and updates the Access Server with policy modifications. It includes an Access System Console that enables administrators to manage policies and the system configuration.

History#

Oblix originally had only the "Access Manager" which was a GUI application to make changes to LDAP. They often partnered with Netegrity using the SiteMinder Access Server (Netegrity' products are now part of CA's eTrustâ„¢ Identity and Access Management solutions) to sell a package to their joint clients. We guess Oblix decided that this Access Server thing does not look that hard and so they created their Access Server. Not surprisingly, the Oblix CoreID (formerly Oblix NetPoint) and Siteminder products are very similar.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-10) was last changed on 25-May-2015 09:37 by jim