1 Developing with Oracle Access Management Components

This chapter introduces the Oracle Access Management components and developing with the software development kits (SDKs) and application programming interfaces (APIs). This chapter provides the following sections:

1.1 About Oracle Access Management

Oracle Access Management release 11.1.2 provides converged multi-services with several integrated components:

  • Authentication and SSO, provided by Oracle Access Management Access Manager (Access Manager)

  • Federated SSO, provided by Oracle Access Management Identity Federation (Identity Federation)

  • Mobile security and social identity, provided by Oracle Access Management Mobile and Social (Mobile and Social)

  • Security Token Service, provided by Oracle Access Management Security Token Service (Security Token Service)

You can developing applications to customize your environment or otherwise extend functionality using the Oracle Access Management component supplied SDKs and APIs, related Javadocs, and this guide.

1.2 About Access Manager

Access Manager is an enterprise level solution that centralizes critical access control services to provide an integrated solution that delivers authentication, authorization, web single sign-on, policy administration, enforcement agent management, session control, systems monitoring, reporting, logging and auditing.

In this release, you can develop your own Access Clients, custom authentication plug-ins, custom login and error pages, administer Access Manager policies programmatically, as well as enable the impersonation feature and develop a custom user interface for managing, using the provided Java Access SDK and Access Manager APIs.

For more information about Access Manager, see Oracle Fusion Middleware Administrator's Guide for Oracle Access Management.

For information about developing applications using Access Manager SDKs and APIs, see Part II, "Developing with Access Manager".

1.3 About Mobile and Social

Mobile and Social acts as an intermediary between a user seeking to access protected resources, and the backend Access Management and Identity Management services that protect the resources. Mobile and Social provides simplified client libraries that allow developers to quickly add feature-rich authentication, authorization, and Identity capabilities to registered applications. On the backend, the Mobile and Social server's pluggable architecture lets system administrators add, modify, and remove Identity and Access Management services without having to update user installed software. Mobile and Social features individual SDKs for iOS devices and Java. If you are developing an application on a platform or device that cannot use the iOS or Java SDKs, you can write code to directly send Mobile and Social REST calls to the Mobile and Social server.

For more information about Mobile and Social in Oracle Access Management, see Oracle Fusion Middleware Administrator's Guide for Oracle Access Management.

For information about developing applications using Mobile and Social SDKs, see Part III, "Developing with Mobile and Social"

1.4 About Identity Federation

Identity Federation enables organizations to securely link accounts and identities across security boundaries without a central user repository or the need to synchronize data stores. It provides an interoperable way to implement cross domain single sign-on without the overhead of managing, maintaining, and administering their identities and credentials. As a result of cloud, Web Services, and business-to-business transactions, federated authentication is now a core element of any Web access management solution. Beginning with this release, SAML-based federation services are not being converged directly into a single access management server. In this initial release, convergence is limited to Service Provider functionality. In this initial release any Identity Provider functionality still requires a Oracle Identity Federation 11gR1 installation. However, the linking of Oracle Access Management 11gR2 and Oracle Identity Federation 11gR1 is very simple and well integrated.

For more information about Identity Federation in Oracle Access Management, see Oracle Fusion Middleware Administrator's Guide for Oracle Access Management.

In this release, you can develop a custom user provisioning plug-in if the out-of-the-box solution does not meet your needs. For more information about developing applications with Identity Federation APIs, see Part IV, "Developing with Identity Federation".

1.5 About Security Token Service

Security Token Service is a standards-based security solution that issues, validates, or exchanges security tokens and acts as a trusted authority that an enterprise web services infrastructure may use to enforce appropriate security token policies across web services providers and consumers. It also provides a means for propagating identity and security information across infrastructure tiers.

For more information about Security Token Service in Oracle Access Management, see Oracle Fusion Middleware Administrator's Guide for Oracle Access Management.

In this release, when Security Token Service does not support the token that you want to validate and is not provided out-of-the-box, you can write your own validation and issuance module classes. For more information about developing tokens with Security Token Service, see Part V, "Developing with Security Token Service".

1.6 System Requirements and Certification

Refer to the system requirements and certification documentation for information about hardware and software requirements, platforms, databases, and other information. Both of these documents are available on Oracle Technology Network (OTN).

The system requirements document covers information such as hardware and software requirements, minimum disk space and memory requirements, and required system libraries, packages, or patches:


The certification document covers supported installation types, platforms, operating systems, databases, JDKs, and third-party products: