1.5 Understanding Oracle Access Management Installation

The following sections contain information and links regarding Access Manager installation and post-installation tasks.

1.5.1 About Oracle Access Management Installation

The Oracle Fusion Middleware Supported System Configurations document provides certification information on supported installation types, platforms, operating systems, databases, JDKs, and third-party products related to Oracle Identity Management 11g.

You can access the Oracle Fusion Middleware Supported System Configurations document by searching the Oracle Technology Network (OTN) Web site using the document name, or click the link below.


Using the Oracle Fusion Middleware Configuration Wizard, the following components are deployed for a new domain:

  • WebLogic Administration Server

  • Oracle Access Management Console deployed on the WebLogic Administration Server (sometimes referred to as the OAM Administration Server, or simply AdminServer)

  • A Managed Server for Oracle Access Management

  • An application deployed on the Managed Server

See the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management for details on installation.

1.5.2 Oracle Access Management and WebGates

OracleAS 10g SSO deployments can be upgraded to use Oracle Access Management 11g SSO.

After upgrading and registering OSSO Agents, authentication is based on Access Manager 11g Authentication Policies. However, only OAM Agents (WebGates and Access Clients) use Access Manager11g authorization policies. Over time, all mod_osso agents in the upgraded environment should be replaced with WebGates to enable use of 11g authorization policies.

For details about co-existence after the upgrade, see Oracle Fusion Middleware Upgrade Guide for Oracle Identity and Access Management.

1.5.3 About Oracle Access Management Post-Installation Tasks

Each WebLogic Server domain is a logically related group of Oracle WebLogic Server resources. WebLogic administration domains include a special Oracle WebLogic Server instance called the Administration Server. Usually, the domain includes additional Oracle WebLogic Server instances called Managed Servers, where Web applications and Web Services are deployed.

During initial deployment, the WebLogic Administrator userID and password are set for use when signing in to both the Oracle Access Management and WebLogic Server Administration Console. A different Administrator can be assigned for Oracle Access Management, as described in "About Oracle Access Management Administrators". Administrators can log in and use the Oracle Access Management Console for the post-installation tasks documented in Table 1-3.

Table 1-3 Oracle Access Management Post-Installation Tasks

Service Requirements

Access Manager

Enable Access Manager Service


  • Data sources

  • OAM server instances

  • Agents for Access Manager

  • Application domains and policies that protect resources


  • Common settings, including session-timing

  • Certificate validation

  • Common password policy

Configure Access Manager settings

Identity Federation

  • Enable Identity Federation Service

  • Configure federation settings

  • Register identity provider and service provider partners

Security Token Service

  • Enable Security Token Service

  • Configure Security Token Service settingsRegister endpoints

  • Register endpoints

  • Create token issuance and validation templates

  • Register partner profiles and partners

Mobile and Social

  • Enable Mobile and Social Service

  • Configure Mobile and Social Service