Sudipto Desmukh's Blog: single

Showing posts with label single. Show all posts

Wednesday, July 8, 2015

OAM : Oracle Traffic Director Licensing for Oracle Access Portal

Starting with Oracle Access Manager (OAM) 11.1.2.2.x , the license includes Oracle Access Portal Service.

What is Oracle Access Portal (OAP) ?
The Access Portal Service is a hosted single sign-on proxy service that enables intranet and extranet applications with Oracle's form-fill single sign-on technology. Web Logon Manager, available as a standalone download from Oracle Support, provides end-users with the ability to create, modify, and delete application credentials as well as log on to provisioned applications through both desktop and mobile browsers. Available from 11gR2 PS2.

What is Oracle Traffic Director(OTD) ?
Oracle Traffic Director is a fast, reliable, and scalable layer-7 software load balancer. The architecture of Oracle Traffic Director enables it to handle large volumes of application traffic with low latency. The product is optimized for use in Oracle Exalogic Elastic Cloud and Oracle SuperCluster.

OTD and OAP
For enabling the Oracle Access Portal Service, Oracle traffic Director (OTD) is mandatory as it intercepts user connections to the target application and provides path-proxy and DNS-proxy functionality, allowing for path and DNS rewriting. It also hosts the WebGate plugin.

OTD Licensing for OAP
Though OTD is primarily licensed only for Exalogic , following are exceptions -

The Oracle Traffic Director portion of the Oracle Access Portal is restricted to the following features: High Availability Virtual IP, Access Manager WebGate, and Origin Server Load Balancing to WebLogic Server.
IDM Oracle Access Portal (OAP) license entitlement now includes OTD to be a front-end on Oracle Enterprise Linux 5.6+, Redhat Enterprise Linux 5.6+ and Solaris (SPARC, x64) 11.1+.

Access Management Licensing - http://docs.oracle.com/cd/E29542_01/doc.1111/e14860/im_options.htm#FMWLC240

Reference :

http://docs.oracle.com/cd/E28280_01/doc.1111/e14860/im_options.htm#FMWLC239

Is Oracle Traffic Director (OTD) Available/Licensed to use for a Non Exalogic setup? (Doc ID 1500970.1)

Tuesday, March 24, 2015

Flavors of Mobile Security/SSO for Mobile Web Apps, Native/Hybrid Apps, MAM & MDM

I recently came across quite a few customer use cases which require mobile security/Single-Sign-On (SSO). While it may sound generic, there's a lot more to it.

This post intends to provide some clarity around the various security use cases for mobile apps possible & the high level solution approach using Oracle IDM -

1) Security for Mobile Web Applications (Invoked from a mobile browser)

This is no different from invoking a web application on a desktop or a laptop. Would use Oracle Access Manager(OAM) based SSO alongwith OHS+Webgate.

2) Security for Native/Hybrid mobile applications on personal devices

(Leveraging existing IDM Platform)

This can be achieved using OAM Mobile & Social Services (OAMMS) which has support for Android and iOS platforms. For other platforms (like Windows) OAM Mobile OAuth Services (along with REST calls) within OAM can be leveraged. Mobile applications implemented using REST and supporting OAuth makes mobile app security technology agnostic (similar to what SAML does to federation).

Image Courtesy : Oracle PM Team Blog

3) Security for Native/Hybrid mobile applications on corporate owned devices

(MDM or Mobile Device Management)

This feature is currently not available in the Oracle IDM World, but would be available in Oracle Mobile Security Suite (OMSS) in the upcoming 11gR2 PS3 (11.1.2.3).

4) Security for Native/Hybrid mobile applications on personal devices (BYOD concept)

(MAM or Mobile Application Management)

This can be implemented using OMSS. The concept uses a Secure Mobile Workspace within the personal device which silos all corporate communications using an App Tunnel. The concept is explained in detailed at my blog on OMSS here .

Image Courtesy : Oracle Document

Monday, August 11, 2014

Debugging SSO issues using OAM Tester

The OAM Tester is a great desktop based tool to test issues while accessing resources protected using OAM. It will help you with basic logs and categorizes on what exactly fails(authentication,authorization etc).

This is a quick way to ensure that everything works fine at the OAM layer without having to look at the logs and/or tools like Firebug or HTTPAnalyzers/Fiddler.

The port for the server connection would be 5575 which is the port for Access Manager.All the rest should be self explanatory.

Copy the following files from <ORACLE_IAM_HOME>/oam/server/tester & launch oamtest to get to this dialog.

Links from Oracle documentation -

Validating Connectivity and Policies Using the Access Tester

Validating Connectivity and Policies Using the Access Tester (Linkfor quick install)

Thanks to my colleague Shivram Sundaram to help find this thus quickly resolving multiple issues.

Note - I was on the 11gR2 version of OAM.

Facebook