Wednesday, June 3, 2015

What are the Differences Between SSO 10g and Identity Access Management 11g? (Doc ID 1383256.1)

In this Document Purpose Scope Details What is Oracle Access Manager? User Management / Self Service Console / OIDDAS References Applies to: Oracle Access Manager - Version 11.1.1.3.0 to 11.1.1.5.0 [Release 11g] Oracle Application Server Single Sign-On - Version 10.1.2.0.2 to 10.1.4.3 [Release 10gR2 to 10gR3] Oracle Fusion Middleware - Version 11.1.1.3.0 and later Information in this document applies to any platform. ***Checked for relevance on 19-Jun-2013*** Purpose Your objective is to upgrade or migrate Oracle Single-Sign-On Server 10g to an Identity Access Management 11g solution which features, for example: Oracle Access Manager Oracle Identity Manager The purpose of this document is to briefly describe the differences between Oracle Single Sign On 10g and Identity Access Management 11g. Scope This document is for consultants, system administrators / architects who have been assigned the task of planning the upgrade of an Application Server 10g SSO solution to 11g. Important to Note: For a fully detailed step by step guide to migrating SSO 10g to IAM 11g use the Lifecycle Advisor Note 343.1 Migration Advisor: Oracle Fusion Middleware (FMW) AS10g SSO to IAM 11g Details What is Oracle Access Manager? Oracle Access Manager 11g ( OAM ) is the Oracle Fusion Middleware 11g Single-Sign-On solution. OAM 11g is a Java EE-based application running in a WebLogic Server and provides authentication and authorization functionality. OAM 11g stores Policy information in a database and authenticates users against LDAP Server. Unlike SSO 10g, OAM 11g is not bound to Oracle Internet Directory. OAM 11g can use any Directory store against which is certified. Oracle Internet Directory, however, remains a recommended Directory store solution. OAM 11g provides Web Gates to protect web-based applications .Web Gates are HTTP Server plug-ins and available for various HTTP Server. OAM 11g provides the Access SDK to develop Access Gates to protect non-web based applications. OAM 11g provides backward compatibility for mod_osso protected OSSO Partner applications. Product Documentation : Fusion Middleware Administrator's Guide for Oracle Access Manager with Oracle Security Token Service 11g Comparing Oracle Access Manager 11g, 10g, and OracleAS SSO 10g User Management / Self Service Console / OIDDAS SSO 10g: Oracle Internet Directory Delegated Administration Services ( OIDDAS ) is the GUI User Management application used with OSSO 10g. OAM 11g: Oracle Identity Manager 11g ( OIM ) is a user provisioning and administration solution and could be integrated with OAM 11g. OAM integrated with OIM provides amongst others the following features: Password Policy ( OAM without OIM integration relies on the LDAP password policy ) Change Password URL Retrieval of Password functionality User Management Self Service Console OAM cache updates The Upgrade Guide documents that OIDDAS can be retained in an upgraded environment, if OSSO Partner applications still require OIDDAS. Caveat: OIDDAS has reached the end of life cycle and will be not enhanced anymore. OIDDAS can be protected as a mod_osso Partner Application by OAM 11g , however OIDDAS cannot be integrated with OAM like OIM 11g, and should not be used as the default User Management solution in an Fusion Middleware 11g architecture.

No comments:

Post a Comment