| Oracle® Identity Management Infrastructure Administrator's Guide 10g (10.1.4.0.1) Part Number B15994-01 |
|
|
View PDF |
| Oracle® Identity Management Infrastructure Administrator's Guide 10g (10.1.4.0.1) Part Number B15994-01 |
|
|
View PDF |
This chapter discusses integrating Oracle components with other enterprise identity management solutions.
This chapter contains the following topics:
While the identity management infrastructure is an essential component in most Oracle deployments, it is also designed to permit integration with other identity management solutions. Integration of Oracle products around a common infrastructure provides a single point of integration with other enterprise identity management solutions, including:
Directory services
User authentication services
User provisioning applications
Third-party PKI solutions
Identity management integration allows Oracle users to use existing enterprise infrastructure components in the Oracle environment, which can provide the following benefits:
Unified user provisioning: User provisioning refers to the process by which new users are added and deleted from the various enterprise systems. New user provisioning can be driven by a number of different sources, such as human resource (HR) systems, customer relationship management (CRM) systems, and network administration environments. When a new user is created in one system, automated user provisioning creates the required user account footprints in other enterprise applications. An account footprint is the set of application resources required by a user account.
Centralized user administration: Once a user account is created, it must be maintained and administered. Centralized user administration ensures that all application-related information associated with a user, such as passwords, roles, and application preferences, are administered in one place.
Runtime security service integration: Organizations want applications in the enterprise environment to be capable of using a common set of security services for authentication and data privacy.
Delivering these benefits requires tools and strategies for integrating the identity management infrastructure and third-party directory, security, and user administration environments.
|
See Also: Oracle Identity Management Integration Guide and Oracle Application Server Single Sign-On Administrator's Guide for information about deploying these integration solutions. |
The identity management infrastructure provides a number of tools for integrating with other identity management environments, including various services and APIs, preconfigured directory connectivity solutions, and standards support, which are briefly described in this section. For additional information on their use, see the appropriate component documentation.
Oracle Directory Integration Platform
Oracle Directory Integration Platform consists of a set of services and interfaces built into Oracle Internet Directory that facilitate the development of synchronization and provisioning solutions between Oracle Internet Directory and other repositories, such as third-party directories (SunONE Directory and Microsoft Active Directory, for example), application user repositories (as might be stored in a flat file, for example), or database tables containing HR information.
Oracle Directory Integration Platform includes a documented API and incorporates available industry standards where they exist, making it possible for Oracle, customers, and third parties to develop and deploy customized synchronization and provisioning solutions. It also facilitates interoperability between Oracle Internet Directory and third-party metadirectory and provisioning solutions.
Oracle Internet Directory Plug-In Architecture
Oracle Internet Directory supports a PL/SQL-based plug-in framework that enables you to include custom routines (Oracle, customer-written, or third-party) that can execute before, during, or after a directory operation. For example, this framework can be used to:
Validate data before the directory server performs an operation on it
Perform specified actions after the server performs an operation
Define custom password policies
Authenticate users through external credential stores such as NOS directories
Preconfigured Directory Connectivity Solutions
Oracle Internet Directory includes preconfigured connectivity solutions built on Oracle Directory Integration Platform and the Oracle Internet Directory plug-in architecture, which make it possible to automatically provision users in the identity management infrastructure from other systems, and to administer users in the identity management infrastructure from those environments. Preconfigured connectivity solutions include:
Oracle E-Business Suite
Oracle Database tables
SunONE and iPlanet
Microsoft Active Directory
|
See Also: Oracle Identity Management Integration Guide for more information about preconfigured directory connectivity solutions. |
OracleAS Single Sign-On Partner APIs
OracleAS Single Sign-On supports a third-party authentication API that allows Oracle Application Server Single Sign-On to obtain user identities from a trusted, third-party authentication mechanism. This feature can be used to allow application users to access Web applications across the two environments, having to log in only once.
Oracle Application Server Java Authentication and Authorization Service (JAAS) Provider Developer APIs
Oracle Application Server Java Authentication and Authorization Service (JAAS) Provider allows user-written Java applications running in the Oracle J2EE environment to use OracleAS Single Sign-On and Oracle Internet Directory for authentication and identity services.
LDAP Standard Support
Oracle Internet Directory supports the LDAPv3 standard in accordance with the IETF RFC 2251.
|
See Also: Oracle Internet Directory Administrator's Guide for more information about preconfigured directory connectivity solutions. |
Authentication Standard Support
OracleAS Single Sign-On supports user authentication using Kerberos tickets issued by a Kerberos key distribution center, which allows users who have been issued a valid Kerberos ticket (in, for example, the Windows environment) to log in to their Web applications without having to provide a username and password.
X.509v3 Certificate Standard Support
The identity management infrastructure issues and uses X.509v3 standard PKI certificates for strong authentication services. Customers with existing X.509v3 certificate authorities can use these certificates in the Oracle environment.
