Overview#Oracle Access Manager (OAM) - Was CoreID from OBLIX.
In comparing Oracle COREid Access and Identity to other authentication, single sign-on, and authorization services, note the following differentiating features.
- You can centralize authentication and authorization for multiple OC4J instances through a single Oracle COREid Access and Identity instance, allowing centralized single sign-on and auditing functionality, as well as more robust authentication options.
- COREid offers superior identity administration through workflow, fine-grained attribute control, and delegation of administration.
- COREid supports access control based on dynamic groups, with members based on a given identity profile.
- COREid allows realtime access and identity integration, with runtime changes made through COREid being automatically populated into the Access Server cache to eliminate security loopholes.
In the OC4J 10.1.3 implementation, OracleAS JAAS Provider supports Oracle COREid Access and Identity integration through a custom login module and a special authentication method setting.
Oracle COREid Access and Identity includes the following components:#
- WebGate, the policy enforcer, is a Web server plug-in access client (with an associated Apache mod for use on Oracle HTTP Server) that intercepts HTTP requests and forwards them to the Access Server for authentication and authorization. In comparison, an AccessGate is a custom access client, built with the COREid Access SDK, that processes Web and non-Web resource requests from users or applications. It intercepts user requests and forwards them to the Access Server for authentication and authorization. The terms WebGate and AccessGate can be used interchangeably in most situations.
- WebPass is a Web server plug-in that passes information between a Web server and a COREid server.
- COREid Identity Server processes all user identity, group, organization, and credential-management requests.
- Access Server, the policy decision-maker, receives requests, responds to the access client, and manages the login session. The Access Server receives requests from WebGate and queries the authentication, authorization, and auditing rules in Oracle Internet Directory. The Access Server also manages the login session by helping WebGate terminate sessions, set user session timeouts, reauthenticate when timeouts occur, and track session activity.
- Access Manager writes policy data to Oracle Internet Directory, and updates the Access Server with policy modifications. It includes an Access System Console that enables administrators to manage policies and the system configuration.