2. Oracle Access Manager Components
OAM WebPass: OAM WebPass provides the primary administrative and
end-user interface to the OAM Identity Server.
OAM Identity Server: OAM Identity Server is the primary engine for
interaction with the user repository.
OAM Policy Manager: OAM Policy Manager provides the primary
administrative interface to the OAM Access Server. This is the Policy
Administration Point (PAP) of the access control model.
OAM Access Server: OAM Access Server is the policy resolution and
decision engine for web access control. This is the Policy Decision Point
(PDP) of the access control model.
OAM Web Gates: OAM Access Gates (e.g. Web Gates) are usually
server-specific modules externalize the server software native security to
OAM. Access Gates/Web Gates are the Policy Enforcement Point (PEP)
of the access control model. Oracle Access Manager Components
OAM WebPass: OAM WebPass provides the primary administrative and
end-user interface to the OAM Identity Server.
OAM Identity Server: OAM Identity Server is the primary engine for
interaction with the user repository.
OAM Policy Manager: OAM Policy Manager provides the primary
administrative interface to the OAM Access Server. This is the Policy
Administration Point (PAP) of the access control model.
OAM Access Server: OAM Access Server is the policy resolution and
decision engine for web access control. This is the Policy Decision Point
(PDP) of the access control model.
OAM Web Gates: OAM Access Gates (e.g. Web Gates) are usually
server-specific modules externalize the server software native security to
OAM. Access Gates/Web Gates are the Policy Enforcement Point (PEP)
of the access control model.
3. OAM System Components: Identity
• Shared Infrastructure
LDAP-based User, Configuration and Policy data storage
Identity Server defines user/group/org objects for Access Server
• Identity Components
Identity Server
Standalone C++ Server
Business logic and request processing
Receives requests from and returns responses to WebPass
Communicates with directory servers (LDAP/S)
• WebPass
Web Server plug-in passes information between web server and
Identity Server
XML to XSL conversions for the browser UI (PresentationXML)
Redirects HTTP requests from the browser to Access Server
Redirects HTTP requests from IdentityXML SOAP API to Identity
Server
Does no other processing of user requests
Identity System Console
• Provides web based administration and configuration
4. • Access Components
Access Server
Standalone C++ Server
Policy decision point (PDP)
Receives requests from WebGates/AccessGates
Returns decisions and responses to WebGates / AccessGates
Communicates with directory servers (LDAP/S)
Answers Access Server SDK requests
Centralized policy enforcement and logging engine
• WebGates
Web Server plug-in passes information between web server and
Access Server
Passes HTTP request information from the web server to Access
Server
Follows response directives (e.g. HTTP 302 Redirect) from Access
Servers (policy enforcement points or PEPs)
Inject HTTP Header responses into web server request space
Passes user authentication data (e.g. username/password, X.509
Subject, etc.) to Access Server for processing
• Policy Manager
Web Server plug-in communicates directly with user,
configuration and policy repositories.
Management interface for policy and configuration data (policy
management point or PMP)
• Access audit policies
• Access policies
• Resource definitions (HTTP, EJB, etc.)
• Cache management/configuration
Application Server AccessGates
Similar to WebGates
Also communicates with Identity components to get JSR
subject/principal information
Can operate in proxied and non-proxied configurations
Prepared by: Basha Shaik
Reference: Oracle