• No results found

Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1"

Copied!
29
0
0

Loading.... (view fulltext now)

Download now ( 29 Page )

Full text

(1)

PA

GE

1

Enabling Single Sign-On for Oracle Applications

Oracle Applications Users Group

(2)

PA GE 2

Agenda

• Organization • Speakers Introduction

• Information Security Spectrum • Oracle Identity Management Platform

Security Spectrum

• Access Management Framework

• Oracle Access Management System Architecture • Oracle Access Management Integration Architecture • Benefits – Access Control System

Access Control

• Support Architecture • Integration Flow

• Integration of OID and E-Biz (GUID) • Access Gate integration

• Third-party directories integration (AD) • Deployment Topology

• Best Practices

(3)

PA GE 3 PA GE 3

Introduction

(4)

PA

GE

4

About BIAS Corporation

Founded in 2000

Distinguished Oracle Leader

Technology Momentum Award

Portal Blazer Award

Titan Award – Red Stack + HW Momentum Awards

Excellence in Innovation Award

Management Team is Ex-Oracle

Location(s):

Headquartered in Atlanta; Regional office in Washington

D.C.; Offshore – Hyderabad and Chennai, India

~250 employees with 10+ years of Oracle experience on

average

Inc.500|5000 Fastest Growing Private Company in the U.S.

for the 5th Time

Voted Best Place to work in Atlanta for 2nd year

30 Oracle Specializations spanning the entire stack

(5)

PA

GE

5

• Practice Director, Identity Management and Data Security • Enterprise and Solution Architect

• 15+ years of experience in delivering solutions around middleware technologies including Security, SOA , Portal and Custom developed solutions

• 7+ years with BIAS Corporation and Previously held positions at Oracle and IBM

• Focused on delivering solutions to provide best practices and industry standards based solution to BIAS customers

• Leading team of solution and technical architects for delivery of solutions across multiple industries

Kashif Dhatwani

• Solution Architect, Identity Management & Data Security • 15+ years of experience in middleware technologies • 3+ years with BIAS Corporation

• Solution Architect, Technical Architect – Middleware Technologies including Java / J2EE, Portals, Data Security and Identity & access Management

• Leading Development teams to deliver Solutions for Identity & Access Management and Data Security • Oracle Access Management Suite Plus 11g Certified Implementation Specialist and Oracle Database

11g Security Certified Implementation Specialist

Madan Shah

Speakers

(6)

PA

GE

6

(7)

PA GE 7 PA GE 7

BIAS Corporation is a recognized leader in Identity & Access Management system assessment,

design and implementation. As an Oracle Platinum partner, BIAS Corporation’s IDM Practice

provides experienced architects who have expertise in assessment of environments, building

roadmaps, design systems with deep technical experience and implementing solutions using

experienced developers part of BIAS IDM practice.

(8)

PA GE 8 PA GE 8

Security Spectrum

(9)

PA

GE

9

Information Security Spectrum

Identity Management

• Governance • Compliance

• Single Source of Truth • Provisioning /

De-provisioning

• SoD – Separation of Duties

Access Management

• Access Control • Authentication • Authorization • Single Sign-On • Multi-Factor Authentication

Mobile Security

• Security Container • Single Sign-On • Application Management

Data Security

• Protect your data at Rest and in Transit

• Data Access - Authentication • Data Access – Fine Grained

Control • Auditing

(10)

PA GE 10

Governance

• Oracle Identity Manager (OIM) • Oracle Privileged Account Manager (OPAM)

Access

• Oracle Access Manager (OAM) • Oracle Adaptive Access Manager (OAAM)

• Oracle API Gateway

(OEG) • Oracle Identity Federation (OIF) • Oracle Security Token Services (OSTS) • Oracle Entitlement Server (OES) • Oracle Enterprise SSO (OeSSO)

Directory

Oracle Unified Directory (OUD) Oracle Virtual Directory (OVD) Oracle Internet Directory (OID)

Platform Security Services

Identity Management Portfolio – 11gR2

Modern, Innovative & Integrated

Mobile Security

Oracle Mobile Security Suite (OMSS) Oracle Access Manager (OAM) Oracle Identity Manager (OIM)

(11)

PA

GE

11

Database Activity Auditing

Database Firewall Monitoring

Centralized Audit Data Warehouse

Audit Vault, Database Firewall

Transparent Data Encryption

Network Encryption/Strong Auth

Data Masking for Non-Production

Advanced Security, Data Masking

Separation of Duties for DBAs

Protection Realms & Rules

Label Based Access Control

Database Vault, Label Security

Maturity of Database Environment

(12)

PA GE 12 PA GE 12

Access Control

(13)

PA

GE

13

Access Management Framework

Cloud Providers Internal External (partners, vendors) Web Applications LDAP Si ng le U se r a cc ou nt Si ng le L og on Web Applications Web Applications

Single User account Single Logon

(14)

PA

GE

14

Oracle Access Management System

(15)

PA

GE

15

Access Management Integration Architecture

Cloud Providers On Premise Apps Internal External (partners, vendors) Web Applications LDAP Web Applications Web Applications Ac ce ss G at e We bg ate

Oracle Access Manager

Authentication / SSO

Authentication / SSO Federation / SSO

(16)

PA

GE

16

Identity Management

(17)

PA

GE

17

Benefits

Centralized Access Management

• A centralized security enforcement

• A centralized policy control on application access

Single Sign-On

• Use one (1) set of credentials to access all your applications • No need to remember multiple user-IDs and passwords • Reduced risk to compromise credentials

• One Time login to your first application • Navigate securely to multiple applications

Federation

• Single Sign-On for Third-Party application partners • Single Sign-On for Cloud based applications

User Repositories

• Integration with multiple user repositories

• Support for commonly used LDAPs and Microsoft Active Directory

Productivity

• Increase productivity of employees • Maintain compliance standards

(18)

PA GE 18 PA GE 18

Oracle e-Business Application

Single Sign-On

(19)

PA

GE

19

Oracle E-Business and Access Manager

Support Architecture

11.5.10.2

12.1.3

12.2

E-Business

Suite

12.2.2+

Oracle Access Manager

11.1.2.2

Oracle Identity Management

11.1.1.7

Oracle Web Gate

11.1.2.2

E-Business

Suite 12

Oracle Access Manager

11.1.2.2

Oracle Identity Management

11.1.1.7.0

Oracle Access Manager Webgate

11.1.2.2.0

Oracle E-Business Suite Access Gate

1.2.3.4

(20)

PA GE 20

Integration Architecture

Oracle E-Business Suite Oracle E-Business Suite

1. User Requests protected resource

WebServer Webgate

E-Business Suite Access Gate

4. Webgate connects user to EBS Access Gate To collect credentials

8. EBS access gate identifies the EBS user linked to authenticated OID user

Oracle Internet Directory Oracle Access Manager 3. W eb ga te In te rc ep ts P er O A M p oli ci es

5. User Submits Credentials to OAM Server 2. User redirected to

EBS Access Gate Protected by OAM

6. OAM verifies credentials against user repository 7. OAM returns user identifier to EBS

(21)

PA

GE

21

EBS Access Gate

Oracle E-Business Suite AccessGate

E-Business Suite Instance Database

FND_USR Link

Oracle Access Manager UID + Web Gate

ORCLGUID

UID + ORCLGUID

Oracle Internet Directory

FND_USR Link JAVA EE Application Deployed on WebLogic Domain Every User record has unique ORCLGUID

(22)

PA

GE

22

Deployment Topology (Clustered)

Oracle E-Business Suite Release 12.2 single sign-on

User OAM Server1 OID 1 Oracle E-Business Suite Release 12.2.2+ Load Balancer

Oracle Access Manager Server Oracle HTTP Server

Oracle Internet Directory

Load Balancer EBS AccessGate WebGate Web Server 1 Web Server 2 OAM Server 2 OID 2 Oracle Database

(23)

PA

GE

23

Third-Party LDAP Integration

(24)

PA

GE

24

Third-Party Access Management

(25)

PA

GE

25

Architectural Considerations

• Unidirectional Provisioning

• From Oracle Internet Directory to Oracle E-Business Suite only • From Oracle E-Business Suite to Oracle Internet Directory only • Bi-Directional Provisioning

• From Oracle Internet Directory to Oracle E-Business Suite • From Oracle E-Business Suite to Oracle Internet Directory

Provisioning

• Microsoft Active Directory • LDAPs

• Databases

Corporate User Repositories

• EBS responsibilities are managed within EBS

Authorization

• Existing environment can upgrade from OSSO to OAM

Upgrade

• Multiple E-Business systems using same Security Framework (Access Manager)

Co-Existence

(26)

PA

GE

26

Best Practices

• High Availability

• Disaster Recovery Environment

• Performance Considerations

• OAM Detached Credential Collector vs Embedded Credential Collector

• Multi Factor Authentication and Risk-based Authentications

SSO Infrastructure

• Encrypt all HTTP and LDAP Traffic

• TLS 1.2/TLS 1.1

End To End SSL

• Out of the Box Auditing functionality provided by OAM for User Authentications

• BI Publisher Reports

(27)

PA

GE

27

Oracle created the OPN Specialized Program to showcase the Oracle partners who have achieved expertise in Oracle product areas and reached specialization status through competency development, business results, expertise and proven success. BIAS is proud to be specialized in 30 areas of Oracle products, which include the following:

(28)

PA

GE

28

Contact Us

Kashif Dhatwani

Practice Director - Identity Management & Data Security

770-685-6240

(29)

PA

GE

References

Download now ( PDF - 29 Page - 2.61 MB )

Related documents

Oracle Identity and Access Management

Oracle Access Manager Access System, 6-2 Oracle Access Manager Identity System, 6-8 Oracle Application Server Single Sign-On, 8-1 Oracle Delegated Administration Services,

Cloud Seeding Frequently Asked Questions

A preliminary assessment was undertaken of precipitation and weather systems over the Monaro region during the winter months (May to September), in particular since the

Consumer Buying Behaviour Towards Toothpaste Brands _ Toothpaste Industry Overview, Toothpaste Companies, Toothpaste Brands, Co

this latest launch brings C-P’s toothpastes to a total of six, with mega Brand Colgate Dental Cream (CDC), the category volume driver; Colgate Gel-Positioned

Cisco Product Quick Reference Guide

Managed Devices Cisco 2000, 2100, 2500, 4100 and 4400, 5500 Series Wireless LAN Controllers; Cisco Catalyst 6500 Series Wireless Services Module (WiSM) and Cisco Wireless

Canalization and Creative Evolution: Images of Life in Bergson and Whitehead

Canalization serves as an image for the work of the élan, which, considered in itself—independently of the matter to which it is always actually immanent—is an invisible

How could initial teacher education programmes in New Zealand accommodate and assist educational change?

Teachers were the only ones to rate (i) Respond to technical changes and (a) Establish a balance between academic and non-academic needs of students. Survey results from

Software Quality Assurance and Security. Longe Oluwafunmilola Aderannibi. Department of Computer Science. Adeleke University Ede,

 Secure Memory and Cache Management  Secure Error and Exception Handling Software engineers, Quality assurance and Security engineers can form a cooperative alliance

Important note To cite this publication, please use the final published version (if applicable). Please check the document version above.

We propose a method to construct a near-optimal control law by means of model-based reinforcement learning and subsequently verifying the reachability and safety of the