By Darin_Pendergraft_Oracle on Mar 21, 2014
Cloud Application management is one of the main themes in the PS2 release. I have asked Lee Howarth to explain a bit more about the new Cloud Access Portal Service.
With the advent of SaaS applications how do we solve password and single sign-on challenges…… again?
For many years Single Sign-On technology has provided various security and usability benefits, allowing organizations to simplify the user experience to gain access to multiple web and enterprise resources, while forcing more complex password policies to increase security. Unfortunately this status quo is being challenged by the advent of Software-as-a-Service applications.
Once again users are being asked to remember multiple name and password combinations to their various SaaS accounts, a situation made even more frustrating by the fact that more and more users are accessing these sites from mobile devices.
The types of web applications accessed by a typical corporate user can be grouped into three main categories:
- Applications that require a name and password (corporate and SaaS) to be entered directly into a login form
- Applications that are protected via some form of Access Management solutions; and
- Applications that are federation enabled (corporate partner or SaaS application).
Addressing the password challenge across each of these categories, while simplifying usability and management are key benefits of the new Oracle Access Management - Access Portal Service.
The Access Portal provides:
- A cross-platform logon portal for web-based applications that automatically adapts to the device form-factor.
- Single sign-on to SaaS, web, partner and Oracle Access Management protected resources via Identity Federation, Form-Fill and Oracle Access Management session identifiers.
- Centralized administration and wizard-based form-fill template generation to simplify administrative tasks.
- RESTful interfaces to enable integration with existing corporate portals.
Administrators define application using the Oracle Access Management administration interface as one of three types – associated to each of the categories mentioned above.
- Form-Fill Applications: are applications that require a name and password to be entered into a login form. The Access Portal service uses proxy technology to provide a form-fill service that supports login forms and can even sense when passwords have changed –perhaps due to password expiration - and enables the user to update securely stored credentials.
- SSO Agent applications: are applications protected by Oracle Access Management (OAM). With this type of application the Access Portal simply represents OAM protected URLs. Authentication is handled by standard OAM authentication and session management.
- Federated Applications: are applications that required a federated authentication, be they partner or SaaS applications. In this case the Access Portal applications are essentially IDP initiated authentication links, which use the Oracle Access Management – Federation Service to authenticate and assert their identity to a target application.
The following diagram represents the high-level architecture for the Access Portal Service (APS):
For more information, please visit http://www.oracle.com/identity