Documente Academic
Documente Profesional
Documente Cultură
secure, central
management of enterprise
identities.
Server-side components
OAM
Server (installed on a
WebLogic Managed Sever),
Console
Oracle
Access Management
Console provides access to all
services and configuration
details.
channel protocols
exchanged between Agent and
Server: HTTP/HTTPS.
Back channel protocols:
Authenticated clients can perform
session operations using
enhancements in the Oracle
Access Protocol (OAP).
Proxy
Provides
Cryptographic keys
One
Keys storage
Agent
Policy Store
Database
in production
environments; file-based in
demonstration and development
environments, as described
in"Managing the Policy and
Session Database".
Applications
An
SSO Engine
Manages
Session Management
Global
Policies
Registered
Client IP
Maintains
Cookies
Host-based
authentication cookie:
11g Webgate, One per agent:
OAMAuthnCookie_host:port_random_numberse
t by Webgate using the authentication token
received from the OAM Server after successful
authentication.
11g Webgate, Transient: OAM_REQ is
scoped to the OAM Server. OAM_REQ is set or
cleared by the OAM Server if the
Authentication request context cookie is
enabled. Protected with keys known to the
OAM Server only. This cookie is configured as a
high availability option to store the state about
the user's original request to a protected
resource while his credentials are collected and
authentication is performed.
Centralized log-out
ThelogOutUrls(10g
Webgate confi
guration parameter) is preserved.
10g logout.html requires specifi
c details for Access Manager 11g.