By Mark Wilcox - CTO - Oracle Consulting Security-Oracle on Aug 29, 2013
A common question we get is what is the difference between Access Manager 10g and Access Manager 11g webgates.
My colleague Yagnesh who covers webgates put together a simple list:
Here is 11g features:
- Oracle Universal Installer for platform. Generic for all platforms
- Host-based cookie
- Individual WebGate OAMAuthnCookie_
making it more secure
- A per agent key, and server key, are used. Agent key is stored in wallet file and Server key is stored in Credential store
- One per-agent secret key shared between 11g WebGate and OAM Server One OAM Server key
- OAM 11g supports cross-network-domain single sign-on out of the box. Oracle recommends you use Oracle Identity Federation for this situation.
- Capability to act as a detached credential collector
- Webgate Authorization Caching
- Diagnostic page to tune parameters
- Has separate install and configuration option. Hence, single install and multiple instance configuration is supported.
- InstallShield and One installer per platform
- Domain-based cookie
- ObSSOCookie (one for all 10g Webgates)
- Global shared secret stored in the directory server only (not accessible to WebGate)
- There is just one global shared secret key per OAM deployment which is used by all the WebGates
- OAM 10g provides a proprietary multiple network domain SSO capability that predates Oracle Identity Federation. Complex configuration is required.
- One Web server configuration supported per WebGate. Need to have multiple WebGates for multiple instances.