The following sections provide details on the features available (and not available) in Access Manager 11.1.2.3.0.
Table 1-2 provides an overview of Access Manager 11.1.2. For a list of names that have changed with 11.1.2, see "Product and Component Name Changes with 11.1.2".
Table 1-2 Features in Access Manager 11.1.2
Access Manager 11g | Description |
---|---|
Oracle Identity Management Infrastructure |
Enables secure, central management of enterprise identities |
Policy Enforcement Agents |
Resides with the relying parties and delegate authentication and authorization tasks to OAM Servers
Notes: Nine Administrator languages are supported. Unless explicitly stated, the term "Webgate" refers to both an out of the box Webgate or a custom Access Client. See Introduction to Agents and Registration for an introduction to agents. |
Server-side components |
OAM Server (installed on a WebLogic Managed Sever) |
Console |
Oracle Access Management Console provides access to all services and configuration details. |
Protocols for information exchange on the Internet |
|
Proxy |
Provides support for legacy systems
See Also: About the Embedded Proxy Server and Backward Compatibility and the new Managing Oracle Access Management Oracle Access Portal |
Cryptographic keys |
Note: One key is generated and used per registered mod_osso or 11g Webgate. However, one single key is generated for all 10g Webgates.
|
Keys storage |
|
Encryption / Decryption (The process of converting encrypted data back into its original form) |
Introduces client-side cryptography and ensures that cryptography is performed at both the agent and server ends:
|
Policy Store |
Database in production environments; file-based in demonstration and development environments, as described in "Managing the Policy and Session Database". |
Applications |
An application that delegates authentication and authorization to Access Manager and accepts headers from a registered Agent. Note: External applications do not delegate authentication. Instead, these display HTML login forms that ask for application user names and passwords. For example, Yahoo! Mail is an external application that uses HTML login forms. |
SSO Engine |
Manages the session lifecycle, facilitates global logout across all relying parties in the valid session, and provides consistent service across multiple protocols. Uses Agents registered with Access Manager 11g:
|
Session Management |
Global session specifications are enabled for all Application Domains and resources. In addition, Application Domain-specific session overrides can be configured. |
Policies |
Registered agents rely on Access Manager authentication, authorization, and token issuance policies to determine who gets access to protected applications (defined resources). |
Client IP |
Maintains this client's age, and includes it in the host-based cookie: OAMAuthnCookie for 11g Webgate (or ObSSOCookie for 10g Webgate) |
Response token replay prevention |
Include |
Multiple network domain support |
Access Manager 11g supports cross-network-domain single sign-on out of the box. Oracle recommends you use Oracle Federation for this situation. |
Cookies |
Host-based authentication cookie:
|
Centralized log-out |
See Configuring Centralized Logout for Sessions Involving 11g WebGates. |
Case Insensitive Policy Resource Matching |
An optional setting is available to enable case insensitive policy resource matching. This is a global setting and both entries must be added to the oam-config.xml file under Policy Service > OAMPolicy Provider > properties:
|