1.1 Understanding Oracle Access Management Services

Oracle Access Management is a Java, Enterprise Edition (Java EE)-based enterprise-level security application that provides a full range of Web-perimeter security functions and Web single sign-on services including identity context, authentication and authorization; policy administration; testing; logging; auditing; and more.

It leverages shared platform services including session management, Identity Context, risk analytics, and auditing, and provides restricted access to confidential information. Many existing access technologies in the Oracle Identity Management stack converge in the Oracle Access Management stack as illustrated in Figure 1-1.

Figure 1-1 Oracle Access Management Overview

Description of "Figure 1-1 Oracle Access Management Overview"

Starting with release 11.1.2, Oracle Access Management includes these services.

• Oracle Access Management Access Manager (Access Manager) is described in "Understanding Oracle Access Management Access Manager" and the following parts of this guide.

  • Managing Common and System Configurations

  • Logging, Auditing, Reporting and Monitoring Performance

  • Managing Access Manager Settings and Agents

  • Managing Access Manager SSO, Policies, and Testing

  • Registering and Using Agents with Access Manager

  • Integrating Access Manager with Other Products

• Oracle Access Management Identity Federation (Identity Federation) provides cross-domain single sign-on support using open federation protocol standards such as SAML and OpenID. Beginning with release 11.1.2, Identity Federation has been incorporated as a part of the Oracle Access Management platform, leveraging its shared services. This Identity Federation service includes a streamlined user interface and administration experience. For more information, see the chapters listed in Managing Oracle Access Management Identity Federation

• Oracle Access Management Security Token Service (Security Token Service) provides token validation and generation to facilitate access to services across security domains and beyond organizational boundaries. Essentially the service acts as a trust-broker that receives and validates client requests and generates appropriate tokens for a requested resource. For more information, see the chapters listed in Managing Oracle Access Management Security Token Service

• Oracle Access Management Mobile and Social (Mobile and Social) acts as an intermediary between a user seeking access to protected resources, and the back-end Identity and Access Management services that protect the resources. Mobile and Social extends security and compliance to mobile platforms and simplifies integration with Social Identity services including Facebook and Google. Mobile and Social RESTful enables Identity and Access Management infrastructure and includes platform-specific developer kits for leading mobile platforms that enables developers to easily access security services and enable single sign-on across native and mobile browser-based applications. For more information, see the chapters listed in Managing Oracle Access Management Mobile and Social

• Oracle Access Portal is a hosted single sign-on proxy service that enables intranet and extranet applications with Oracle's form-fill single sign-on technology. It also provides REST interfaces that implement the Web Logon Manager end-user web application as well as custom front-end applications for user-level management of application credentials via desktop and mobile Web browsers. With the 11.1.2.2 release, Oracle Access Portal has been incorporated into the Oracle Access Management platform. For more information, see the chapters listed in Managing Oracle Access Management Oracle Access Portal

• The Adaptive Authentication Service is a One Time Password Authenticator that provides multifactor authentication in addition to the standard user name and password type authentication. It provides a framework for adding a custom second factor authentication processor that accepts a PIN from a user. For more information, see the chapters listed in Managing the Adaptive Authentication Service and Oracle Mobile Authenticator

• OAuth Services allows organizations to implement the open OAuth 2.0 Web authorization protocol in an Access Manager environment. OAuth Services enables a client to access resources protected by Access Manager that belong to another resource owner. An OAuth client can be an application or service created and controlled by your organization, or it can be an application or service created and controlled by another organization that requires access to resources protected by Access Manager. For more information, see the chapters listed in Managing the Oracle Access Management OAuth Service

• Identity Context provides context-aware security policy management that enables Administrators to control the level of security imposed in an application delivery environment through security frameworks provided by Oracle Identity Management. For more information, see the chapters listed in Using Identity Context.

OpenSSO 8.0 and Sun Access Manager 7.1 have also converged into Oracle Access Management 11.1.2. For more information, see:

• Registering and Managing Legacy OpenSSO Agents

• Oracle Fusion Middleware Upgrade Guide for Oracle Identity and Access Management