The Total Identity Management Solution
-
Upload
fary-ndong -
Category
Documents
-
view
225 -
download
0
Transcript of The Total Identity Management Solution
-
8/2/2019 The Total Identity Management Solution
1/44
Oracle Identity Management:
The Total Identity Solution
Matt Toppermtopper(at)itconvergence.com
-
8/2/2019 The Total Identity Management Solution
2/44
AgendaWhat is Identity Management?
What are the Components?
For each component:
What does it do?What are the features?
Where did it come from?
How is it installed?
How does it all tie together?
What common problems does IdM solve?Common Deployment Scenarios
-
8/2/2019 The Total Identity Management Solution
3/44
What is Identity Management?In information systems, identity management or some times referred as identity
management systems is the management of the identity life cycle of entities (subjects orobjects) during which:
1. the identity is established:
1. a name (or number) is connected to the subject or object;2. the identity is re-established: a new or additional name (or number) is connected to
the subject or object;2. the identity is described:
1. one or more attributes which are applicable to this particular subject or object may beassigned to the identity;
2. the identity is newly described: one or more attributes which are applicable to thisparticular subject or object may be changed;
3. the identity is destroyed.From Wikipedia March 2007
-
8/2/2019 The Total Identity Management Solution
4/44
Oracle Identity ManagementThen and Now
-
8/2/2019 The Total Identity Management Solution
5/44
Classic Oracle IdM
Oracle Internet Directory
Oracle Delegate Administration Interface
Oracle Single Sign On
Oracle Certificate Authority
-
8/2/2019 The Total Identity Management Solution
6/44
Oracle Internet DirectoryWhat does it do?
What are the main features?
LDAP v3 CompliantDynamic Groups
Replication
Directory Integration Platform
Password Policies
-
8/2/2019 The Total Identity Management Solution
7/44
Oracle Internet DirectoryHow is it deployed?
Oracle Databaseand Metadata
Repository
OracleApplication
Server with OID
OracleApplication
Server with OID
LoadBalancer
Microsoft ActiveDirectory
-
8/2/2019 The Total Identity Management Solution
8/44
Oracle Directory Administration Service
What does it do?
What are the main features?
-
8/2/2019 The Total Identity Management Solution
9/44
Oracle Directory Administration Service
How is it deployed?
Oracle Databaseand Metadata
Repository
OracleApplication
Server with OID
OracleApplication
Server with OID
LoadBalancer
OracleApplication
Server with DAS
LoadBalancer
OracleApplication
Server with DAS
-
8/2/2019 The Total Identity Management Solution
10/44
Oracle Single Sign-OnWhat does it do?
What are the main features?
-
8/2/2019 The Total Identity Management Solution
11/44
Oracle Single Sign-On Request Cycle
Oracle Databaseand Metadata
Repository
OracleApplication
Server with SSO
OracleApplication
Server with OID
Oracle ApplicationServer with Portal
Client PC
Initial PortalRequest
No SSO Cookie
Redirect toSSO Server
Request Login PageReturn Login PageSend Login and
Password
Bind Usernameand Password
Validate AgainstDatabase Table
Database MatchesBind Success
Redirect to PortalWith SSO Cookie
Portal PageRequest
With SSO Cookie
Page Returnedto Client Browser
-
8/2/2019 The Total Identity Management Solution
12/44
Oracle Single Sign-OnHow is it deployed?
Oracle Databaseand Metadata
Repository
OracleApplication
Server with OID
OracleApplication
Server with OID
LoadBalancer
OracleApplication
Server with DAS
LoadBalancer
OracleApplication
Server with SSO
-
8/2/2019 The Total Identity Management Solution
13/44
Oracle Certificate AuthorityWhat does it do?
What are the main features?
-
8/2/2019 The Total Identity Management Solution
14/44
Oracle Certificate AuthorityHow is it deployed?
Oracle Databaseand Metadata
Repository
OracleApplication
Server with OID
OracleApplication
Server with OID
LoadBalancer
Oracle ApplicationServer with DAS
and SSO
LoadBalancer
Oracle ApplicationServer with
Certificate Authority
-
8/2/2019 The Total Identity Management Solution
15/44
Classic Oracle IdM Deployment
-
8/2/2019 The Total Identity Management Solution
16/44
New Generation Oracle IdM
Oracle Internet Directory
Oracle Delegated Administration Service
Oracle Certificate Authority
Oracle Single Sign On
Oracle Enterprise Single Sign On
Oracle Identity Manager
Oracle Access Manager
Oracle Virtual DirectoryOracle Identity Federation
Oracle Web Services Manager
Oracle Adaptable Access Manager
Bridgestream (September 5)
-
8/2/2019 The Total Identity Management Solution
17/44
Oracle Enterprise Single Sign OnWhat does it do?
What are the main features?
Single Sign-On Logon Manager
Single Sign-On Password Reset
Single Sign-On Authentication Manager
Single Sign-On Provisioning Gateway
Single Sign-On Kiosk Manager
How is it installed?
Where did it come from?
Passlogix (Partnership, June 2006)
-
8/2/2019 The Total Identity Management Solution
18/44
Oracle Identity ManagerWhat does it do?
What are the main features?
Provisioning
Workflow
Compliance
Connector Architecture
User Self Service
Delegated Administration
Where did it come from?
Thor Xcellerate (Acquisition, November 2005)
-
8/2/2019 The Total Identity Management Solution
19/44
Oracle Identity Manager Connector Pack
Connection Interfaces
BMC Remedy
CA-ACF2 (Mainframe)
CA-Top Secret (Mainframe)
Database User Management
Database Application Tables
IBM RACF
IBM i5/OS
IBM Lotus Notes / Domino
JD Edwards EnterpriseOne
Microsoft Active Directory
Microsoft Exchange
Microsoft Windows 2000
Novell eDirectory
Novell GroupWise
Oracle eBusiness Suite
Oracle Internet Directory
PeopleSoft
Siebel Enterprise Applications
RSA Authentication Manager
RSA Clear Trust
SAPSAP Enterprise Portal
Sun Java System Directory
Unix SSH
Unix Telnet
-
8/2/2019 The Total Identity Management Solution
20/44
Oracle Identity MangerHow is it deployed?
Oracle Databaseand Identity
Manager Repository
Application Server- Server SideComponents
Remote Managers
LDAPJDBCJAVA
Web ServicesDatabases UsersMainframe
SSHJD Edwards
Oracle E-Business SuiteNovell Groupwise
MicrosoftActive Directory
Microsoft ExchangeEtc.
ConnectorTargets
AdministrationConsole
User Self-ServiceDelegated Administration
CustomApplication Clients
Design ConsoleAdministration Services
Design Services
-
8/2/2019 The Total Identity Management Solution
21/44
Oracle Access ManagerWhat does it do?
What are the main features?
WebGate
WebPass
Identity Server
Access Server
Policy Server
How is it installed?
Where did it come from?
Oblix CoreID Access Manager (Acquisition, March 2005)
-
8/2/2019 The Total Identity Management Solution
22/44
Oracle Access MangerHow is it deployed?
Oracle Database
and IdentityMetadata
Repository
EnterpriseApplications
WebPass withPolicy Manger
End UsersEmployees
Partners
CustomersSuppliers
WebServer (OHS orISS) with WebGate
or AccessGate
AccessAdministrators
Oracle AccessServer
-
8/2/2019 The Total Identity Management Solution
23/44
Oracle Virtual DirectoryWhat does it do?
What are the main features?
How is it installed?Where did it come from?
Octet String VDE (Acquisition, November 2005)
-
8/2/2019 The Total Identity Management Solution
24/44
Oracle Virtual DirectoryHow is it deployed?
CustomApplicationUser Table
Web Applications
Access Manager
Oracle VirtualDirectory
Oracle Portal
Oracle InternetDirectory
Microsoft ActiveDirectory
CustomWeb Service
New Acquisitions
Active Directory
-
8/2/2019 The Total Identity Management Solution
25/44
Oracle Identity FederationWhat does it do?
What are the main features?Service Providers
Identity ProvidersPrincipals
Standards
SAML (1.0 / 2.0)
Liberty ID-FF (1.1 / 1.2)
WS-Federation
How is it installed?
Where did it come from?Oblix CoreID Federation (Acquisition, March 2005)
-
8/2/2019 The Total Identity Management Solution
26/44
Oracle Identity Federation
with Oracle Access ManagerHow is it deployed?
Oracle Databaseand Identity
Metadata
Repository
Oracle Access
Manager
End UsersEmployees
Partners
CustomersSuppliers
Peer IdentityProvider
Oracle IdentityFederation
Service Providerand Authentication
Module
OHS or IIS w/Web Pass
Oracle InternetDirectory
EnterpriseApplications
-
8/2/2019 The Total Identity Management Solution
27/44
Oracle Web Services ManagerWhat does it do?
What are the main features?
No Code Changes!!!
Gateway vs Agent
Gateway TranslationsSLAs
Encryption, Authentication, and Authorization Encryption Algorithms: AES-128, AES-256, 3-DES
Message Digests: MD5, SHA-1
Message Structure: XML / SOAP / WS-Security
Token Profiles: Basic Authentication, X.509, SAML Message Integrity: XML Signature
Message Confidentiality: XML Encryption
PKI
Where did it come from?
Oblix CoreSV (Acquisition, March 2005)
-
8/2/2019 The Total Identity Management Solution
28/44
Oracle Web Services Manager Gateway
How is it deployed?
Policy Manger andMonitor
End UsersEmployees
Partners
CustomersSuppliers OWSM Gateway
Administrators
Corporate WebServices
REST
SOAP
HTTP(S)SAML
-
8/2/2019 The Total Identity Management Solution
29/44
Oracle Web Services Manager Agents
How is it deployed?
Policy Manger andMonitor
End UsersEmployees
Partners
CustomersSuppliers
Administrators
Corporate WebServices
REST
SOAP
HTTP(S)SAML
Agent
Agent
Agent
Agent
Agent
Agent
-
8/2/2019 The Total Identity Management Solution
30/44
Oracle Adaptive Access ManagerWhat does it do?
What are the main features?
Adaptive Risk Manager and Strong Authenticator
Bharosa = Trust
Two Factor AuthenticationProfile based on usage patterns: location, device, workflow
View user sessions in real time
Force secondary challenges to users
Many flexible log-in / authentication tools
Where did it come from?
Bharosa (Acquisition, March 2005)
-
8/2/2019 The Total Identity Management Solution
31/44
Oracle Adaptive Access Manager
How is it deployed?
Oracle Database
End UsersEmployees
PartnersCustomersSuppliers
OASA OARM
OARMInternal Users
Customer CareApplication Administrators
-
8/2/2019 The Total Identity Management Solution
32/44
How it all ties together
HR System
OracleIdentity
Manager
Business Unit
FieldLocation
Internal
Employees
Key supplier orbenefits partner
Delegation
Oracle
AccessManager
OracleVirtual
Directory
Delegation
Does provisioning of new-hires to apps, directories,etc.; manages occasionalchanges to user status;
one-click de-provisioning;audit logs and reports
Manages daily useraccess; SSO to anyweb-based app; user
self service andpassword resets
Real-time proxy for directoriesand other repositories; an
alternative or complement tometa-directories
Extends SSO acrosscompany boundaries
Any App onany Platform
OracleFederation
Server
Oracle
FederationServer
ADOID
1,000s of
ExternalUsers
1,000,000s ofInternet Users
Any single source
of truth for users
Connectors
*Courtesy of OracleCorporation
-
8/2/2019 The Total Identity Management Solution
33/44
What are the majorproblems being solved?
-
8/2/2019 The Total Identity Management Solution
34/44
Oracle PortalCommon Deployment Strategy
Oracle Databaseand Identity
MetadataRepository
Oracle
ApplicationServer with OID
OracleApplication
Server with SSOand DAS
LoadBalancer
LoadBalancer
Oracle Portal andBusiness
IntelligenceStandard Edition
Oracle Database
and ProductMetadataRe ositor
DIP
Synchronization
Microsoft ActiveDirectory
DIPSynchronization
and External
Authorization
-
8/2/2019 The Total Identity Management Solution
35/44
Oracle Business Intelligence EnterpriseEdition Common Deployment Strategy
with LDAP / OID Only
Oracle Databaseand Identity
MetadataRepository
Oracle
ApplicationServer with OID
Oracle BI Serverand Presentation
Services
LoadBalancer
UsersSynchronized toSA Tables with
DIP
Session to OIDAuthentication
LoadBalancer
-
8/2/2019 The Total Identity Management Solution
36/44
Oracle Business Intelligence EnterpriseEdition Common Deployment Strategy
with Oracle Access Manager
Oracle Databaseand Identity
MetadataRepository
OracleApplication
Server with OID
Oracle BI Serverand Presentation
Services
LoadBalancer
Users
Synchronized toSA Tables
Using ImpersonationHeaders Authentication
Oracle AS withWebGate andPresentation
Services Plug-In
Oracle AccessServer
LoadBalancer
-
8/2/2019 The Total Identity Management Solution
37/44
Oracle E-Business SuiteCommon Deployment Strategy
Oracle Databaseand Identity
MetadataRepository
OracleApplication
Server with OID
OracleApplication
Server with SSOand DAS
LoadBalancer
Load
Balancer
Oracle E-Business
Release 11i
FND_User
ApplicationsDatabase
DIPSynchronization
-
8/2/2019 The Total Identity Management Solution
38/44
Oracle eBusiness Suite
eBusiness Suite Release
11.5.8 11.5.9 11.5.10 12.0
Single Sign-On
Oracle Internet Directory
Oracle Access Manager
Oracle Identity Manager
-
8/2/2019 The Total Identity Management Solution
39/44
ConclusionWhat is Identity Management?
What are the Components?
For each component:
What does it do?
What are the features?
How is it installed?
Where did it come from?
How does it all tie together?
What common problems does IdM solve?
Common Deployment Scenarios
-
8/2/2019 The Total Identity Management Solution
40/44
Questions?
Matt Toppermtopper(at)itconvergence.com
Or down load the white paper The Total Identity Solution.(Registration Required)
mailto:[email protected]://www.itconvergence.com/portal/page?_pageid=33,67416&_dad=portal&_schema=PORTAL&3098454A97376254E0409340CBB0155F=1http://www.itconvergence.com/portal/page?_pageid=33,67416&_dad=portal&_schema=PORTAL&3098454A97376254E0409340CBB0155F=1mailto:[email protected] -
8/2/2019 The Total Identity Management Solution
41/44
Save the Date!
April 13 17, 2008
Colorado Convention CenterDenver, Colorado
-
8/2/2019 The Total Identity Management Solution
42/44
Sign-up for IOUG Today
Join online at www.ioug.org and get immediate accessto:
Member Discounts and Special Offers
SELECT Journal
Library of Oracle Knowledge (LoOK
Member Directory
Special Interest Groups
Discussion Forums
Access to Local and Regional Users Groups
5 Minute Briefing:OracleVolunteer Opportunities
-
8/2/2019 The Total Identity Management Solution
43/44
Oracle Identity Management:
The Total Identity Solution
Matt [email protected]
-
8/2/2019 The Total Identity Management Solution
44/44
Legal
The information contained herein should be deemedreliable but not guaranteed. The author has madeevery attempt to provide current and accurate
information. If you have any comments or suggestions,please contact the author atmtopper(at)itconvergence.com.
Only IOUG, Collaborate 07, and IT Convergence have
been granted permission to reprint and distribute thispresentation. Others may request redistributionpermission from mtopper(at)itconvergence.com.
Copyright 2007, IT Convergence