This chapter describes the separately licensed Oracle Identity and Access Management independent license offerings. Please note that as of August 9th, 2012, the Oracle Identity and Access Management products are version 11gR2 (11.1.2).
The following sections describe the Oracle Identity and Access Management products and product families that can be separately licensed, independent of the packaged Oracle Application Server or WebLogic editions.
Section 10.10, "Oracle Enterprise Single Sign-On Suite Plus"
Section 10.13, "Oracle Identity and Access Management Suite Plus"
Section 10.16, "Oracle Management Pack Plus for Identity Management"
You may not use the options, packs, or products described below without separately purchased licenses. The fact that these options, packs, or products may be included in product CDs or downloads or described in documentation that you receive does not authorize you to use them without purchasing the appropriate licenses.
See Section 10.17, "Oracle Database License Requirements," for important license requirements regarding the use of Oracle Database with the products described in this chapter.
Oracle Enterprise Identity Services Suite can be separately licensed, independent of any Oracle Application Server or WebLogic edition. It includes:
Oracle Identity Governance Suite can be separately licensed, independent of any Oracle Application Server or WebLogic edition. It includes:
Identity Analytics (includes Identity Auditor)
Identity Manager
Privileged Account Manager
Identity Manager Connector for Database User Management, Identity Manager Connectors for Microsoft Active Directory, Identity Manager Connector for Microsoft Windows, Identity Manager Connector for Microsoft Exchange, Identity Manager Connector for Novell eDirectory, Identity Manager Connector for Oracle Internet Directory, Identity Manager Connector for Sun Java System Directory, Identity Manager Connector for Oracle Directory Server Enterprise Edition, Identity Manager Connector for Oracle Unified Directory, Identity Manager Connector for Web Services, and Identity Manager Connector for UNIX
The following restricted-use licenses are included when you separately license Oracle Identity Governance Suite:
Restricted Use: Oracle Internet Application Server Enterprise Edition or WebLogic Enterprise Edition as host for only all components licensed under Identity Governance Suite, including run-time components to provide java runtime environment and http support, as well as configuration and administration components used for the setup and management of these run-time components.
Restricted Use: Business Intelligence Publisher to publish and/or view:
Shipped BI Publisher reports. Layout changes are allowed, AND
Shipped or newly created BI Publisher reports that are modified to access data from the existing Identity Management schema that has not been customized.
Restricted Use: BPEL Process Manager for creating workflows where Identity Analytics is one of the endpoints. Note: Oracle BPEL Process Manager bundles UDDI client libraries from the HP SOA Systinet Registry. Such libraries and UDDI client functionality are licensed only to the end user for the purpose of connecting to and communicating with the Oracle Service Registry.
A license to Oracle Identity Governance Suite (IGS) includes a restricted-use license to Oracle Advanced Security (OAS), with OAS restricted to its Transparent Data Encryption component used solely for encrypting passwords for the Oracle Privileged Account Manager component of IGS. OAS is separately installed as a component of Oracle Database Enterprise Edition (DB EE). You have no further rights to use OAS or DB EE unless you have separately licensed those products.
Oracle Entitlements Server can be separately licensed, independent of any Oracle Application Server or WebLogic edition. For using Oracle Entitlements Server, a license of Oracle Entitlements Server Security Module is required.
The following restricted-use licenses are included when you separately license Oracle Entitlements Server:
Restricted Use: Business Intelligence Publisher to publish and/or view:
Shipped BI Publisher reports. Layout changes are allowed, AND
Shipped or newly created BI Publisher reports that are modified to access data from the existing Identity Management schema that has not been customized.
Oracle Internet Application Server Enterprise Edition or WebLogic Enterprise Edition as host for only Oracle Entitlements Server, including run-time components to provide Java run-time environment and HTTP support, as well as configuration and administration components used for the setup and management of these run-time components.
Oracle Entitlements Server Security Module can be separately licensed, independent of any Oracle Application Server or WebLogic edition.
Note that to use the Oracle Entitlements Server Security Module, you need to license Oracle Entitlements Server or Oracle Access Management Suite Plus (which includes Oracle Entitlements Server).
Oracle Directory Services Plus can be separately licensed, independent of any Oracle Application Server or WebLogic edition. It includes:
Oracle Directory Server Enterprise Edition
Oracle Internet Directory (including Delegated Administration Services and Directory Integration Platform). These components are described in Section 1.3.2.2.2, "Oracle Identity Management."*
Oracle Unified Directory*
Oracle Virtual Directory*
Oracle Authentication Services for Operating Systems (OAS4OS). OAS4OS is certified to work with Oracle Internet Directory (OID) only.
* Includes usage of Oracle Directory Services Manager.
The following restricted-use licenses are included when you separately license Oracle Directory Services Plus:
Oracle Single Sign-On is provided for authentication services to users accessing Oracle Delegated Administration Services only.
Restricted Use: Business Intelligence Publisher to publish and/or view:
Shipped BI Publisher reports. Layout changes are allowed, AND
Shipped or newly created BI Publisher reports that are modified to access data from the existing Identity Management schema that has not been customized.
Oracle Internet Application Server Enterprise Edition or WebLogic Enterprise Edition as host for only Oracle Directory Services Plus, including run-time components to provide Java run-time environment and HTTP support, as well as configuration and administration components used for the setup and management of these run-time components.
Oracle Database Standard Edition. This infrastructure database is only to be used for storing LDAP related data related to the use of Internet Directory as a general purpose LDAP directory. Storing any other data in the infrastructure database requires a full use license of Oracle Database Standard Edition.
Oracle Access Manager can be separately licensed, independent of any Oracle Application Server or WebLogic edition.
The following restricted-use licenses are included when you separately license Oracle Access Manager:
Restricted Use: Business Intelligence Publisher to publish and/or view:
Shipped BI Publisher reports. Layout changes are allowed, AND
Shipped or newly created BI Publisher reports that are modified to access data from the existing Identity Management schema that has not been customized.
Oracle Internet Application Server Enterprise Edition or WebLogic Enterprise Edition as host for only Oracle Access Manager, including run-time components to provide Java run-time environment and HTTP support, as well as configuration and administration components used for the setup and management of these run-time components.
Oracle Identity Manager and associated Identity Manager LDAP Connectors (Microsoft AD, Novell eDirectory, Oracle Internet Directory, and Sun Java System Directory) are restricted to managing users in a directory specific to the following:
Self-service registration
Self-service user profile view and/or modify
Self-service password reset
Lost password management (setting up challenge questions)
Password reset on first login
Password policy enforcement (password strength, expiration period, and so on)
Password expiration notification
Delegated administration of administrative capabilities (down to the attribute level) to lower level administrators to manage users in the system
Oracle Coherence Enterprise Edition (restricted to run in the same JVM as Oracle Access Manager) for user session, configuration, and policy synchronization within Oracle Access Manager. Any other use, including running Oracle Coherence Enterprise Edition on a separate processor, triggers a full use license.
The license for Oracle Access Manager provides unrestricted use of Access Manager WebGates, which are web server plug-ins that intercept requests from users for resources and forwards these requests to the Access Manager server for authentication and authorization. This license also provides unrestricted use of Access Manager authentication provider for application servers.
Oracle Identity Federation can be separately licensed, independent of any Oracle Application Server or WebLogic edition. It includes Oracle OpenSSO Fedlet.
The following restricted-use licenses are included when you separately license Oracle Identity Federation:
Restricted Use: Business Intelligence Publisher to publish and/or view:
Shipped BI Publisher reports. Layout changes are allowed, AND
Shipped or newly created BI Publisher reports that are modified to access data from the existing Identity Management schema that has not been customized.
Oracle Internet Application Server Enterprise Edition or WebLogic Enterprise Edition as host for only Oracle Identity Federation, including run-time components to provide Java run-time environment and HTTP support, as well as configuration and administration components used for the setup and management of these run-time components.
Oracle Identity Manager can be separately licensed, independent of any Oracle Application Server or WebLogic edition and includes Identity Connector Server.
The following restricted-use licenses are included when you separately license Oracle Identity Manager:
Restricted Use: Business Intelligence Publisher to publish and/or view:
Shipped BI Publisher reports. Layout changes are allowed, AND
Shipped or newly created BI Publisher reports that are modified to access data from the existing Identity Management schema that has not been customized.
Oracle Internet Application Server Enterprise Edition or WebLogic Enterprise Edition as host for only Oracle Identity Manager, including run-time components to provide Java run-time environment and HTTP support, as well as configuration and administration components used for the setup and management of these run-time components.
Restricted use license of BPEL Process Manager for creating approval workflows, reviewing and approving approval tasks, invoking and consuming external web services and Java code, and performing endpoint routing and selection only for Oracle Identity Manager.
Restricted Use: Oracle Identity Manager product includes use of Oracle Entitlements Server product solely for defining and managing authorization policies for Oracle Identity Manager
Oracle Identity Manager Connectors can be separately licensed, independent of any Oracle Application Server or WebLogic edition. Oracle Identity Manager Connectors require Oracle Identity Manager.
Available Identity Manager Connectors are:
BMC Remedy Ticketing
BMC Remedy User Management
CA ACF2
CA Top Secret
Database Applications Table
Database User Management
Google Apps
IBM Lotus Notes/Domino
IBM OS/400
IBM RACF
JDEdwards EnterpriseOne
Microsoft Active Directory
Microsoft Exchange
Microsoft Windows
Novell eDirectory
Novell Groupwise
Oracle CRM On Demand
Oracle Directory Server Enterprise Edition
Oracle e-Business
Oracle Internet Directory
Oracle Retail
Oracle Unified Directory
PeopleSoft Enterprise Applications
RSA Authentication Manager
RSA ClearTrust
SAP Enterprise Applications
SAP Enterprise Portal
Siebel Enterprise Applications
Sun Java System Directory
UNIX
Web Services
Oracle Enterprise Single Sign-On Suite Plus (ESSO Suite Plus) can be separately licensed, independent of any Oracle Application Server or WebLogic Server edition. ESSO Suite Plus includes the following integrated components:
Oracle Enterprise Single Sign-On Anywhere
Oracle Enterprise Single Sign-On Authentication Manager
Oracle Enterprise Single Sign-On Kiosk Manager
Oracle Enterprise Single Sign-On Logon Manager
Oracle Enterprise Single Sign-On Password Reset
Oracle Enterprise Single Sign-On Provisioning Gateway
Oracle Enterprise Single Sign-On Universal Authentication Manager
Oracle Access Portal
The Oracle Traffic Director portion of the Oracle Access Portal is restricted to the following features: High Availability Virtual IP, Access Manager WebGate, and Origin Server Load Balancing to WebLogic Server.
A license to Oracle Enterprise Single Sign-On Suite Plus (ESSO Suite Plus) includes a restricted-use license for Oracle Business Intelligence Publisher (BI Publisher), Oracle Internet Application Server Enterprise Edition (IASEE) or Oracle WebLogic Server Enterprise Edition (WLSEE) and Oracle Access Manager.
Use of Oracle Access Manager is restricted to use with Oracle Access Portal.
Use of Oracle Business Intelligence Publisher (BI Publisher) is restricted to publishing and/or viewing:
Included BI Publisher reports. Layout changes are allowed; AND
Included or newly created BI Publisher reports that are modified to access data from the existing Oracle Identity Management schema that has not been customized.
Oracle Internet Application Server Enterprise Edition or Oracle WebLogic Server Enterprise Edition may be used solely as host for Oracle Access Manager, including run-time components to provide Java run-time environment and HTTP support, as well as configuration and administration components used for the setup and management of those run-time components.
Oracle Access Management Suite Plus (AMSP) can be separately licensed, independent of any Oracle Application Server or WebLogic edition. AMSP includes the following integrated components:
Oracle Adaptive Access Manager (includes Adaptive Authentication Service feature)
Oracle OpenSSO Fedlet
Oracle Security Token Service (STS)
Oracle Mobile and Social
Oracle Access Portal
The Oracle Traffic Director portion of the AMSP is restricted to the following features: High Availability Virtual IP, Access Manager WebGate, and Origin Server Load Balancing to WebLogic Server.
A license to Oracle Access Management Suite Plus (AMSP) includes a restricted-use license for Oracle Business Intelligence Publisher (BI Publisher), Oracle Internet Application Server Enterprise Edition (IASEE) or Oracle WebLogic Server Enterprise Edition (WLSEE), Oracle Web Services Manager (OWSM) and Oracle User Messaging Service (OUMS).
Use of Oracle Business Intelligence Publisher (BI Publisher) is restricted to publishing and/or viewing:
Included BI Publisher reports. Layout changes are allowed; AND
Included or newly created BI Publisher reports that are modified to access data from the existing Identity Management schema that has not been customized.
Oracle Internet Application Server Enterprise Edition or WebLogic Server Enterprise Edition may be used solely as host for AMSP, including run-time components to provide Java run-time environment and HTTP support, as well as configuration and administration components used for the setup and management of these run-time components.
Use of OWSM to protect web services must be performed in conjunction with at least one of the other components within AMSP (i.e., one or more of the following:
Authentication — OWSM requires integration with Oracle Access Manager for authentication.
Authorization — OWSM requires integration with Oracle Entitlements Server for authorization.
Federation — OWSM requires integration with Oracle Identity Federation for federation.
OWSM agents acting as a WS-Trust client to the OpenSSO or Oracle STS server.
Use of Oracle User Messaging Service (OUMS) is restricted to messaging needs related to Oracle Adaptive Access Manager security features. Message delivery is available in all formats including SMS, email, IM, and voice for the following:
Delivery of the Oracle Adaptive Access Manager one-time password authentication.
Delivery of transaction confirmation messages.
Security alerts to administrators/investigators.
Oracle API Gateway can be licensed independently of any edition of Oracle Internet Application Server or Oracle WebLogic Server. Oracle API Gateway includes the following components:
Oracle API Gateway Admin Node Manager
Oracle API Gateway Node Manager
Oracle API Gateway Policy Studio
Oracle API Gateway Manager
Oracle API Gateway Analytics
Oracle API Gateway Explorer
Oracle API Gateway has license prerequisites of Database Standard Edition, or Database Enterprise Edition, or SOA Suite for Oracle Middleware, or Service Bus, or Access Management Suite Plus, or Access Manager, or Entitlements Server.
Oracle Identity and Access Management Suite Plus can be separately licensed, independent of any Oracle Application Server or WebLogic edition. It includes:
Oracle Directory Services Plus (see Section 10.5, "Oracle Directory Services Plus")
Oracle OpenSSO Fedlet
Oracle Security Token Service (STS)
Oracle Single Sign-On (see Section 1.3.2.2.2, "Oracle Identity Management")
The following restricted-use licenses are included when you separately license Oracle Identity and Access Management Suite Plus:
Restricted Use: Business Intelligence Publisher to publish and/or view:
Shipped BI Publisher reports. Layout changes are allowed, AND
Shipped or newly created BI Publisher reports that are modified to access data from the existing Identity Management schema that has not been customized.
Oracle Internet Application Server Enterprise Edition or WebLogic Enterprise Edition as host for only Identity and Access Management Suite, including run-time components to provide Java run-time environment and HTTP support, as well as configuration and administration components used for the setup and management of these run-time components.
Oracle Database Standard Edition. This infrastructure database is only to be used for storing LDAP related data related to the use of Internet Directory as a general purpose LDAP directory. Storing any other data in the infrastructure database requires a full use license of Oracle Database Standard Edition.
Note:
If an included product (for example, Oracle Access Manager) comes with restricted-use licenses, the restricted-use licenses still apply when you separately license Oracle Identity and Access Management Suite Plus.
Oracle Mobile Security Suite can be separately licensed, independent of the packaged Oracle Internet Application Server Enterprise Edition (IASEE) or Oracle WebLogic Server Enterprise Edition (WLSEE). It includes:
Mobile Security Container
Mobile Security Containerization Tool
Mobile Security Access Server
Mobile Security File Manager
Mobile Security Notification Server
Mobile Security Administrative Console
Restricted Use: A license to Oracle Mobile Security Suite includes a restricted-use license for Oracle Access Management Suite Plus (AMSP) restricted to the Oracle Mobile and Social component.
Restricted Use: A license to Oracle Mobile Security Suite includes a restricted-use license for WebLogic Server Enterprise Edition (WLSEE). WLSEE may be used solely as host for the Oracle Mobile and Social component in AMSP to provide Java runtime environment components and administration components used for the setup and management of these run-time components.
Restricted Use: A license to Oracle Mobile Security Suite includes a restricted-use license for Business Intelligence Publisher (BI Publisher). Use of BI Publisher is restricted to the Oracle Mobile and Social component in AMSP to publish and/or view:
Included BI Publisher reports. Layout changes are allowed; AND
Included or newly created BI Publisher reports that are modified to access data from the existing Oracle Identity Management schema that has not been customized.
Oracle Secure Mobile Mail Manager can be separately licensed, independent of the packaged Oracle Internet Application Server Enterprise Edition or Oracle WebLogic Server Enterprise Edition.
The Management Pack for Identity Management enables enterprises to proactively monitor the availability, performance, load, and security metrics of various Identity Management components. This pack helps improve performance and availability, and reduce the cost and complexity of managing Identity Management deployments, including the following environments:
Directory Integration Platform
Oracle Access Manager
Oracle Adaptive Access Manager
Oracle Directory Server Enterprise Edition (formerly Sun Java Directory Server Enterprise Edition)
Oracle Identity Federation
Oracle Identity Manager
Oracle Internet Directory
Oracle Unified Directory
Oracle Virtual Directory
Management Pack Plus for Identity Management includes a restricted use license of Real User Experience Insight. The Key Performance Indicators (KPI) Tracking and Reporting, Complete User Experience Monitoring and Service Modeling components of Real User Experience Insight (RUEI) are limited to use with Identity Management Products for Single Sign On (SSO).
For complete license details about Management Pack for Identity Management, see "Identity Management Enterprise Management" in Oracle Enterprise Manager Licensing Information. This document is available from the Oracle Enterprise Manager Documentation page at http://www.oracle.com/technetwork/oem/grid-control/documentation/index.html.
Storing any data other than the Oracle Repository Creation Utility database schema in the Oracle Application Server Infrastructure database requires a full use license of the Oracle Database (Standard Edition, Standard Edition One, or Enterprise Edition).
Some examples of the kinds of data that require the purchase of a full use license for the Oracle Database Standard Edition or Standard Edition One include:
Documents or any other objects stored in the Oracle Database under Oracle Content Management SDK
Documents or any kind of content stored in the Portal Repository
Oracle Integration B2B
Any BPEL Process Manager process instance data, which includes using Oracle Database as the dehydration store
Any other custom data that is created or updated by an application
Two kinds of data require the purchase of a full use license of the Oracle Database Enterprise Edition:
Any Oracle Portal that leverages the VPD functionality of the database for hosting
Any LDAP data related to the use of an Oracle Internet Directory LDAP Directory, and database replication is used
The following scenarios do not require the purchase of a full use license of the Oracle Database when you purchase Oracle Internet Application Server:
If you are only using Oracle Web Cache
If you are using Oracle Business Intelligence Discoverer only against a non-Oracle database
If you are using Oracle Reports Services only against a non-Oracle database