Wednesday Dec 11, 2013

How To Do Single Sign On (SSO) for Web Services

A recent question on our internal list was

"A customer has OAM and wants to do SSO to SOAP Web Services".

In this case the customer was using Webcenter Content (the product formerly known as Unified Content Manager UCM). But the scenario applies to any SOAP Web Service.

My answer was well received and there isn't anything proprietary here so I thought I would share to make it easier for people to find and for me to refer to later.

First - There is no such thing as SSO in web services.

There is only identity propagation.

Meaning that I log in as Fabrizio into OAM, connect to a Web application protected by OAM.

That Web application is a Web Services client and I want to tell the client to tell the Web Services that Fabrizio is using the service.

The first step to set this up is to protect the web services via OWSM.

The second step is to translate the OAM token into a WS-Security token.

There are 3 ways to this second step:

1 - If you are writing manual client and don't want any other product involved - use OAM STS

2 - Use Oracle Service Bus (which most likely will also use OAM STS but should make this a couple of mouse clicks)

3 - Use OAG - which doesn't need to talk to STS. It has a very simple way to convert OAM into WS-Security header.

If you're not using OSB already - I would recommend OAG. It's by far the simplest plus you get the additional benefits of OAG.

PS - You can use OSB and OAG together in many scenarios - I was only saying to avoid OSB here because the service was already exposed and there was no benefit I could see for having OSB. If you have a reason to have OSB - let me know. I only know OSB at a very high level since my area of focus is security.

Thursday Aug 29, 2013

The Difference Between Access Manager 10g and 11g Webgates

A common question we get is what is the difference between Access Manager 10g and Access Manager 11g webgates.

My colleague Yagnesh who covers webgates put together a simple list:

Here is 11g features:

  • Oracle Universal Installer for platform. Generic for all platforms
  • Host-based cookie
  • Individual WebGate OAMAuthnCookie_ making it more secure
  • A per agent key, and server key, are used. Agent key is stored in wallet file and Server key is stored in Credential store
  • One per-agent secret key shared between 11g WebGate and OAM Server One OAM Server key
  • OAM 11g supports cross-network-domain single sign-on out of the box. Oracle recommends you use Oracle Identity Federation for this situation.
  • Capability to act as a detached credential collector
  • Webgate Authorization Caching
  • Diagnostic page to tune parameters
  • Has separate install and configuration option. Hence, single install and multiple instance configuration is supported.

And 10g:

  • InstallShield and One installer per platform
  • Domain-based cookie
  • ObSSOCookie (one for all 10g Webgates)
  • Global shared secret stored in the directory server only (not accessible to WebGate)
  • There is just one global shared secret key per OAM deployment which is used by all the WebGates
  • OAM 10g provides a proprietary multiple network domain SSO capability that predates Oracle Identity Federation. Complex configuration is required.
  • One Web server configuration supported per WebGate. Need to have multiple WebGates for multiple instances.

Fresh, Informative and Fun - Join Us For Your Opening Presentation at Open World 2013

Join us on Monday September 23, 2013 for Senior Vice President Amit Jasuja's presentation.

It's called "CON8808 - Oracle Identity Management: Enabling Business Growth in the New Economy".

The title is boring but the presentation will be fresh, informative and fun.

This is our annual presentation to share our thoughts on where the world is going in terms of identity management and letting customers who are leading the way let you know how they are getting there.

And we will deliver this to you in a way that promises to be as entertaining as it is informative.

Click here and schedule yourself for Amit's session before we run out of room

Wednesday May 02, 2012

If You Are Interested In OUD - You Need To Be Reading Sylvain Duloutre's Blog

My colleague Sylvain Duloutre is writing a series of posts about Oracle Unified Directory (OUD) including how to co-habitate and migrate from DSEE to OUD which is how we believe most existing DSEE customers who adopt OUD will make the move.
You can read his blog here.

Friday Apr 20, 2012

Announcing Oracle Optimized Solution for Oracle Unified Directory

I'm happy today to be able to share that we released an optimized solution for Oracle Unified Directory. It's one of the first public announcements we can make of several cool & useful things we've been working on. We have more coming from identity & access team. Which reminds me - for my loyal readers here - since December 2011 - besides covering directory - I am also now on the Oracle Access Manager Suite team. My colleague Sylvain post summed it up nicely what it is:
Oracle Optimized Solution for Oracle Unified Directory is a complete solution - Software and Harware engineered to work together. It implements Oracle Unified Directory software on Oracle's SPARC T4 servers to provide highly available and extremely high performance directory services for the entire enterprise infrastructure and applications. The solution is architected, optimized, and tested to deliver simplicity, performance, security, and savings in enterprise environments. More details available at http://www.oracle.com/us/solutions/1571310
While that post is short - it is dense with information. So to explain it simpler - within Oracle we have a team (Optimized Solutions) who work with our product teams to show how our customers can get the best performance out of our hardware when running a specific software package. Instead of just giving you a generic tuning guide for our product - we've gone through the tuning steps and tested the configuration(s) for you. Thus besides giving you great performance - it's faster & simpler deployment because you can reduce the time it takes to run a tuning exercise from scratch. Optimized solutions simplifies that exercise because we've already done most (if not all) of the work for you. Click here to learn more about our Optimized Solution for Oracle Unified Directory.

Thursday Feb 23, 2012

Oracle Identity Management (OID, OVD, OIF) 11gR1 Patchset 5 (11.1.1.6) Released.

I'm sure you've seen the flood of announcements from the other Fusion Middleware products about the 11.1.1.6 release. We got in on the fun too. You can download it here. And for a fresh install - you can start directly from 11.1.1.6. For the most part this is just a bug fix release for us. But there are a couple of enhancements I would like to share.

Oracle Virtual Directory

The biggest enhancement I would highlight is that we have dramatically simplified configuring OVD for Enterprise User Security (EUS). EUS has been something that has always worked but required to execute lots of individual steps. We now have this setup as a wizard and OVD's own Local Store Adapter holds most of the meta-data. So less work on the enterprise LDAP and fewer steps. It should mean initial EUS configuration by most people can now be done in less than a day.

Directory Integration Platform

DIP has been part of Oracle for over a decade but until 11.1.1.6 it required OID. Now it can be used with DSEE or OUD as its metadata store. This now means that if you want to deploy DSEE or OUD but need to synchronize groups & users from AD - you can do it without needing any type of custom code or bringing in a full provisioning product.

Thursday Oct 13, 2011

How To Simplify Your Password Management With Oracle Enterprise Single Sign-On

We're doing another free webcast - this time on Enterprise Single Sign-On. Click here to register
Addressing Your Password Nightmares with an Enterprise Single Sign-On Platform

Webcast Date: Wednesday, October 19, 2011 
Webcast Time: US Pacific 10am PDT

STEP 1: Please complete the registration form below, to take part in the Live Oracle Webcast event. 

Studies estimate that nearly 25 percent of all help desk calls are related to password resets. The modern enterprise IT environment demands a balance between the intense security required to meet a variety of compliance standards and the need for flexibility and ease-of-use on the part of end-users. 

Enterprise single sign-on (ESSO) can help strike that balance and protect your business. ESSO built into your identity management platform can offer even more. It can reduce risk, enhance user productivity, cut costs, and provide a long-term solution to password management. 

Join us for this live complimentary Webcast where industry experts from Oracle will discuss:
How to slash your password related help desk costs and improve user experience 
The benefits of ESSO integrated into an identity management platform 
Best practices for a successful ESSO deployment
You’ll also have the opportunity to get answers to your most nagging security questions during the live Q&A. 

Friday Sep 02, 2011

How To Use Oracle Identity Management To Rescue Delayed IBM Identity Management Deployments

Oracle Identity Management Webinars

If your organization has a delayed IBM-based identity management deployment this webinar will show reasons why this might be and how Oracle can help.

In particular you will learn how Oracle Identity Management can:

  • Mobilize and complete your identity management project
  • Coexist with or replace your existing IBM identity management point solution
  • Reduce security risk and improve regulatory compliance

Click Here To Register.

Learn How To Save 48% On Your Access Management Deployment

Oracle Identity Management Webinar logo We're hosting an upcoming webinar with the Aberdeen group that will show you research that will show how using an Identity Management platform can save you significant money vs a point-solution based deployment. Click Here to register.

Wednesday Aug 24, 2011

Remember Your Password Or You Won't Get Your Donut

People have trouble remembering complex passwords. Click here to see one organization's ingenious way to get their employees to remember them. Click it or no donut for you.

Thursday Aug 18, 2011

Best Practice For Oracle Virtual Directory (OVD) Backup and Disaster Recovery.

I'm writing this in response to a question on one of our mailing lists because of the current nature of the Oracle docset (something the doc team is working on) - it's kind of hard to figure out in a concise form. Here are the things to do:
  • Make sure to have 2 or more OVD instances deployed in production. OVD provides tools to keep the configurations in synch between systems
  • If you have an external DR site - then synchronize the OVD configuration to this external site. Note this will assume that hostnames will be same in the DR site as primary. If not - then will require manual tweaking of the names.
  • OVD keeps all of its configuration in files in the $ORACLE_INSTANCE directory. Back this directory up. If you needed to recover - this can be restored. Most likely would need to re-register the instance with OPMN and EM - which is covered in the OVD documentation.

Thursday Jul 28, 2011

Oracle Unified Directory Webcast Q&A Results Posted

We have posted the answers to the questions from the Q&A from the OUD introduction webcast.

Monday Jul 25, 2011

Moving OVD 11g Test to Production Configurations

Just back from vacation - during which we launched our new Oracle Unified Directory (OUD). And I'll be spending a lot of time writing about that since it's new product. But here's a useful 11g OVD piece of information. If you need to migrate test to production configurations on 11g OVD and you apply the latest patchset (11.1.1.5 aka Patchset 4) we have new migration scripts that are particularly useful for off-line migrations: For off-line Test-To-Production migration of OVD, customers can use Movement Scripts to:
  1. Create a configuration archive of OVD instance using 'copyConfig' script.
  2. Extract the move plan using 'extractMovePlan' script & edit the move plan appropriately.
  3. Copy the configuration archive & move plan to Production server(s) & execute 'pasteConfig' script.

Friday Jul 15, 2011

Introducing Oracle Unified Directory 11g

=> July 21, 2011 at 10:00am PT / 1:00pm ET / 19:00 CET Enterprises face many choices for managing identity data: to virtualize or not to virtualize, to synchronize data or store data. The choice of directory server means choosing between multiple vendors and compromising between features and performance. Oracle Unified Directory 11g defines a new category in the directory server market. Join us for this launch webcast to learn how Oracle Unified Directory 11g provides scalability and a complete directory server solution. Register by clicking here.

Wednesday Apr 13, 2011

A New OVD Customer Case Study

[Read More]
About

bocadmin_ww

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today