SlideShare una empresa de Scribd logo

Case Study: ABS OAM

J
jayallen77

A Success Implementation of Oracle Access Manager at American Bureau of Shipping

1 de 5
Descargar para leer sin conexión
American Bureau of Shipping Oracle Access Manager and the WebLogic SSPI In 2009, Partners Consulting was engaged by a worldwide marine and offshore classification and standards organization located in Houston, Texas. The primary focus of the business was to verify that merchant ships and marine structures comply with rules that the society has established for marine and offshore design, construction and periodic survey. The organization’s divisional offices support a worldwide network of more than two hundred representative offices in over 60 countries. Centralized Access Management    The organizational goal was to deploy a commercial off-the-shelf solution in order to provide Enterprise Single Sign-On (SSO) to their customer facing web applications. The marine and offshore compliance and standards applications (and other static resources for builders were all served from a WebLogic Portal environment. External users could either register by phone or via the portal interface and request the appropriate access or rights from the organization. However, in the organization’s existing access request model, development teams would still have to write custom authentication into each of the web based applications in order to achieve SSO with other applications not served from WebLogic Portal. It was determined that it was necessary to license and deploy an Access Management solution that would not only provide seamless integration with the WebLogic Security Provider Interface, but also help eliminate the cost and time required to write authentication into individual customer facing applications. The Challenges Faced  • Credentials were stored in separate Oracle databases and the organization had no centralized LDAP repository. • Customers had to logon to each application separately to receive the appropriate authorization • Existing development effort had not kept up with growth, compounding current Access Management issues. www.partnersconsulting.com | 1(866) 736.5500
The Partners Consulting Approach Partners leveraged our 4D Methodology™ that we developed from our years of consulting experience. Using our methodology, we were able to provide expert oversight, monitoring, and reporting on the issues enabling the organization to make decisions that were best for their needs at the appropriate time throughout the project. Partners Consulting Enabled Success    • Determined the specific technical, functional, and business requirements for a new development environment. • Migrated existing user data from internal and external Oracle databases to a single instance of Oracle Internet Directory (OID). • Established a SSO development environment with integrated Oracle Access Manager (OAM) and WebLogic Portal installations. • Deployed the Oracle WebLogic SSPI Connector and custom security realm to map users and security roles to centralized access policies. • Delivered detailed training for the Web Security teams tasked with managing the OAM deployment. • Provided a roadmap for the steps necessary to build additional test and production environments. www.partnersconsulting.com | 1(866) 736.5500
Oracle Access Manager    With the guidance of Partners Consulting, the American Bureau of Shipping chose Oracle Access Manager (OAM) over other competitors as their web access management solution to address their needs with respect to: • Enterprise Single Sign-on (SSO) • Centralized Policy Management • WebLogic SSPI Integration A Central User Repository    Partners Consulting installed an instance of Oracle Virtual Directory (OVD) to connect to the existing Oracle Database instances and provide a view (“virtualized” abstraction) of user data in a structured LDAP hierarchical format. Once the connectors were defined and a single unified user tree was created in OVD, Partners Consulting then performed a data migration using standard Oracle utilities and exported the user data. A new central user repository was created and stored in a new instance of OID. The OID would hold the new user directory tree with organizational units to contain user, group, and access policy data. The OID instance would serve as a central repository for all of this data going forward, and OAM would be able to authenticate from this LDAP directory. OID now provides the organization the ability to integrate web based applications protected with OAM while minimizing the need to change either the infrastructure or the applications being developed. A Single Sign‐On (SSO) Environment    To alleviate the burden of having to re-write individual applications to integrate with an existing SSO solution, Partners Consulting had to deploy an Access Management solution that would integrate with existing WebLogic Portal applications and their security realms. The solution would not only need to provide SSO to all customer facing applications, but it would have to perform role-based authorizations that would be understood by WebLogic Portal. Partners Consulting installed OAM to provide the authentication, authorization, and auditing services necessary to protect more than 20 portal applications. www.partnersconsulting.com | 1(866) 736.5500
(SSO, continued) The base solution was comprised of OAM Identity and Access Servers installed on a single machine. These servers serve as the “decision making” components in basic user and access management for the organization. Then OAM’s “WebGates” were plugged into existing web servers as the “policy enforcement points”. User’s requesting access to portal applications would either have to present an SSO authentication token or they would have to authenticate to with whichever authentication mechanism was defined for that application. Once a user authenticates to a WebGate protected resource he or she is granted an obSSOCookie (token) and is not authenticated again until a designated timeout.   Existing WebLogic Security    The greatest challenge for the organization however, was not in simply creating an environment where users had only a single authentication. For this organization, the entirety of their applications in the portal had all been written to authenticate and authorize users within the WebLogic security model. In this model, a security principal (user or group with a collective set of permissions) is set and the roles assigned to that principal are determined for authorization to a given resource. The SSPI Connector    In the development environment, OAM was integrated with the existing WebLogic Server and Portal by installing and configuring a WebLogic SSPI Connector. The SSPI connector installation forms a bridge between OAM and WebLogic. A new security realm is created and was configured to trust OAM’s session cookie for authentication and to read and map user roles to WebLogic security roles and application permissions. The connector allows SSO and eliminates the need to re-write security in existing applications. (A diagram of the OAM and WebLogic authentication flow is included on the last page of this document) www.partnersconsulting.com | 1(866) 736.5500
How the Connector Works  1) In the client’s environment, a user attempts to access an OAM protected Web application that is deployed on the WebLogic Server as a part of the Corporate Portal. 2) Then OAM’s WebGate plug-in, intercepts the request and queries an Access Server to check if the resource is protected. 3) If the resource is protected, WebGate redirects the user’s browser to the Corporate Portal login page portlet. 4) In the login portlet the user presents their user name and password for authentication as they normally would. 5) If the user authenticates successfully, WebGate generates a session cookie, which it appends as an HTTP header; the Web server forwards this HTTP request to the WebLogic proxy plug-in which forwards the request to the WebLogic server. 6) The WebLogic proxy plug-in passes the cookie in the HTTP header to the WebLogic Server. 7) The WebLogic Server's security service was configured to expect the OAM cookie as an external token for validating the user. The WebLogic security service then sets the cookie in the HTTP response. 8) The WebLogic Identity Assertion Provider then extracts the cookie information from the HTTP header, validates the cookie, and retrieves the user identity from the OAM Access Server. 9) When authentication is successful, a Role Mapping Provider uses the WebGate to communicate with the Access Server to determine what OAM- defined roles are assigned to this user. These roles are then mapped to security roles in WebLogic. 10) The Authorization Provider uses the WebGate to ask the Access Server to verify that the user has permission to access the requested resource. The policies that protect resources are specified in OAM. 11) If authorization is successful, the WebLogic Server allows the user access to the requested resource. 12) In this scenario, if the cookie is already set, the user is logged in without being challenged. www.partnersconsulting.com | 1(866) 736.5500

Recomendados

Oracle Directory Services - Customer Presentation
Oracle Directory Services - Customer PresentationOracle Directory Services - Customer Presentation
Oracle Directory Services - Customer PresentationDelivery Centric
 
Oracle unified directory_11g
Oracle unified directory_11gOracle unified directory_11g
Oracle unified directory_11gOracleIDM
 
SANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements ServerSANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements ServerOracleIDM
 
CARA User Interface for Oracle WebCenter
CARA User Interface for Oracle WebCenterCARA User Interface for Oracle WebCenter
CARA User Interface for Oracle WebCentercara4oraclewebcenter
 
OOW-CON3656-EA
OOW-CON3656-EAOOW-CON3656-EA
OOW-CON3656-EABen Duan
 
Enterprise Mashups With Soa
Enterprise Mashups With SoaEnterprise Mashups With Soa
Enterprise Mashups With Soaumityalcinalp
 
Liferay Portal Customizing to Business Needs
Liferay Portal Customizing to Business NeedsLiferay Portal Customizing to Business Needs
Liferay Portal Customizing to Business NeedsInfoAxon Technologies Limited
 
Sun welcome middleware_overview 0324101_bosnia(2)
Sun welcome middleware_overview 0324101_bosnia(2)Sun welcome middleware_overview 0324101_bosnia(2)
Sun welcome middleware_overview 0324101_bosnia(2)Oracle BH
 

Recomendados

Oracle Directory Services - Customer Presentation
Oracle Directory Services - Customer PresentationOracle Directory Services - Customer Presentation
Oracle Directory Services - Customer PresentationDelivery Centric
 
Oracle unified directory_11g
Oracle unified directory_11gOracle unified directory_11g
Oracle unified directory_11gOracleIDM
 
SANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements ServerSANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements ServerOracleIDM
 
CARA User Interface for Oracle WebCenter
CARA User Interface for Oracle WebCenterCARA User Interface for Oracle WebCenter
CARA User Interface for Oracle WebCentercara4oraclewebcenter
 
OOW-CON3656-EA
OOW-CON3656-EAOOW-CON3656-EA
OOW-CON3656-EABen Duan
 
Enterprise Mashups With Soa
Enterprise Mashups With SoaEnterprise Mashups With Soa
Enterprise Mashups With Soaumityalcinalp
 
Liferay Portal Customizing to Business Needs
Liferay Portal Customizing to Business NeedsLiferay Portal Customizing to Business Needs
Liferay Portal Customizing to Business NeedsInfoAxon Technologies Limited
 
Sun welcome middleware_overview 0324101_bosnia(2)
Sun welcome middleware_overview 0324101_bosnia(2)Sun welcome middleware_overview 0324101_bosnia(2)
Sun welcome middleware_overview 0324101_bosnia(2)Oracle BH
 
Resume somnath sinha
Resume somnath sinhaResume somnath sinha
Resume somnath sinhaSomnath Sinha
 
OOW 2009 Using FMW EBS R12
OOW 2009 Using FMW EBS R12OOW 2009 Using FMW EBS R12
OOW 2009 Using FMW EBS R12jucaab
 
Liferay dxp – the good, the bad and the ugly
Liferay dxp – the good, the bad and the uglyLiferay dxp – the good, the bad and the ugly
Liferay dxp – the good, the bad and the uglyAzilen Technologies Pvt. Ltd.
 
New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...
New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...
New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...InSync2011
 
Case Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoCase Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoForgeRock
 
OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1Atul Goyal
 
uPortal Integration In Action
uPortal Integration In ActionuPortal Integration In Action
uPortal Integration In ActionJim Helwig
 
IDM Resume _ Kiran
IDM Resume _ KiranIDM Resume _ Kiran
IDM Resume _ KiranKiran Kumar
 
Tl Resume Aug11
Tl Resume Aug11Tl Resume Aug11
Tl Resume Aug11TomLawson
 
"Oracle Insight for Investors" Educational Webcast - Oracle Fusion Middleware
"Oracle Insight for Investors" Educational Webcast - Oracle Fusion Middleware"Oracle Insight for Investors" Educational Webcast - Oracle Fusion Middleware
"Oracle Insight for Investors" Educational Webcast - Oracle Fusion Middlewareinvestorrelation
 
Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...ORACLE USER GROUP ESTONIA
 
Sim-webcast-part1-1aa
Sim-webcast-part1-1aaSim-webcast-part1-1aa
Sim-webcast-part1-1aaOracleIDM
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm WorkshopMohamed Atef
 
Corporate overview the services story
Corporate overview the services storyCorporate overview the services story
Corporate overview the services storyORACLE USER GROUP ESTONIA
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureAtul Goyal
 
Realizing Great Customer Experiences with Adobe® LiveCycle® ES3
Realizing Great Customer Experiences with Adobe® LiveCycle® ES3Realizing Great Customer Experiences with Adobe® LiveCycle® ES3
Realizing Great Customer Experiences with Adobe® LiveCycle® ES3Craig Randall
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementOracleIDM
 
Silicus share point-overview-slideshare2
Silicus share point-overview-slideshare2Silicus share point-overview-slideshare2
Silicus share point-overview-slideshare2Silicus Technologies
 
Hayat resume 1
Hayat resume 1Hayat resume 1
Hayat resume 1Hayat Azizi
 
ORACLE FUSION - IBANK
ORACLE FUSION - IBANKORACLE FUSION - IBANK
ORACLE FUSION - IBANKibankuk
 
Treball psico 3
Treball psico 3Treball psico 3
Treball psico 3guest2821916
 
Ina
InaIna
InaPk Doctors
 

Más contenido relacionado

La actualidad más candente

Resume somnath sinha
Resume somnath sinhaResume somnath sinha
Resume somnath sinhaSomnath Sinha
 
OOW 2009 Using FMW EBS R12
OOW 2009 Using FMW EBS R12OOW 2009 Using FMW EBS R12
OOW 2009 Using FMW EBS R12jucaab
 
New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...
New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...
New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...InSync2011
 
Case Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoCase Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoForgeRock
 
OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1Atul Goyal
 
uPortal Integration In Action
uPortal Integration In ActionuPortal Integration In Action
uPortal Integration In ActionJim Helwig
 
IDM Resume _ Kiran
IDM Resume _ KiranIDM Resume _ Kiran
IDM Resume _ KiranKiran Kumar
 
Tl Resume Aug11
Tl Resume Aug11Tl Resume Aug11
Tl Resume Aug11TomLawson
 
"Oracle Insight for Investors" Educational Webcast - Oracle Fusion Middleware
"Oracle Insight for Investors" Educational Webcast - Oracle Fusion Middleware"Oracle Insight for Investors" Educational Webcast - Oracle Fusion Middleware
"Oracle Insight for Investors" Educational Webcast - Oracle Fusion Middlewareinvestorrelation
 
Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...ORACLE USER GROUP ESTONIA
 
Sim-webcast-part1-1aa
Sim-webcast-part1-1aaSim-webcast-part1-1aa
Sim-webcast-part1-1aaOracleIDM
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureAtul Goyal
 
Realizing Great Customer Experiences with Adobe® LiveCycle® ES3
Realizing Great Customer Experiences with Adobe® LiveCycle® ES3Realizing Great Customer Experiences with Adobe® LiveCycle® ES3
Realizing Great Customer Experiences with Adobe® LiveCycle® ES3Craig Randall
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementOracleIDM
 
Silicus share point-overview-slideshare2
Silicus share point-overview-slideshare2Silicus share point-overview-slideshare2
Silicus share point-overview-slideshare2Silicus Technologies
 
ORACLE FUSION - IBANK
ORACLE FUSION - IBANKORACLE FUSION - IBANK
ORACLE FUSION - IBANKibankuk
 

La actualidad más candente (20)

Resume somnath sinha
Resume somnath sinhaResume somnath sinha
Resume somnath sinha
 
OOW 2009 Using FMW EBS R12
OOW 2009 Using FMW EBS R12OOW 2009 Using FMW EBS R12
OOW 2009 Using FMW EBS R12
 
Liferay dxp – the good, the bad and the ugly
Liferay dxp – the good, the bad and the uglyLiferay dxp – the good, the bad and the ugly
Liferay dxp – the good, the bad and the ugly
 
New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...
New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...
New & Emerging _ Mick Andrew _ Adding mobile and web 2.0 UIs to existing appl...
 
Case Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoCase Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San Francisco
 
OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1
 
uPortal Integration In Action
uPortal Integration In ActionuPortal Integration In Action
uPortal Integration In Action
 
IDM Resume _ Kiran
IDM Resume _ KiranIDM Resume _ Kiran
IDM Resume _ Kiran
 
Tl Resume Aug11
Tl Resume Aug11Tl Resume Aug11
Tl Resume Aug11
 
"Oracle Insight for Investors" Educational Webcast - Oracle Fusion Middleware
"Oracle Insight for Investors" Educational Webcast - Oracle Fusion Middleware"Oracle Insight for Investors" Educational Webcast - Oracle Fusion Middleware
"Oracle Insight for Investors" Educational Webcast - Oracle Fusion Middleware
 
Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...
 
Sim-webcast-part1-1aa
Sim-webcast-part1-1aaSim-webcast-part1-1aa
Sim-webcast-part1-1aa
 
Idm Workshop
Idm WorkshopIdm Workshop
Idm Workshop
 
Corporate overview the services story
Corporate overview the services storyCorporate overview the services story
Corporate overview the services story
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 Architecture
 
Realizing Great Customer Experiences with Adobe® LiveCycle® ES3
Realizing Great Customer Experiences with Adobe® LiveCycle® ES3Realizing Great Customer Experiences with Adobe® LiveCycle® ES3
Realizing Great Customer Experiences with Adobe® LiveCycle® ES3
 
Building a Secure Cloud with Identity Management
Building a Secure Cloud with Identity ManagementBuilding a Secure Cloud with Identity Management
Building a Secure Cloud with Identity Management
 
Silicus share point-overview-slideshare2
Silicus share point-overview-slideshare2Silicus share point-overview-slideshare2
Silicus share point-overview-slideshare2
 
Hayat resume 1
Hayat resume 1Hayat resume 1
Hayat resume 1
 
ORACLE FUSION - IBANK
ORACLE FUSION - IBANKORACLE FUSION - IBANK
ORACLE FUSION - IBANK
 

Destacado

Valvular Heart Disease
Valvular Heart DiseaseValvular Heart Disease
Valvular Heart DiseasePk Doctors
 
Wsm Presentation 5 4 10
Wsm Presentation 5 4 10Wsm Presentation 5 4 10
Wsm Presentation 5 4 10toddzaugg
 
Drug Addiction NICE Guidelines
Drug Addiction NICE GuidelinesDrug Addiction NICE Guidelines
Drug Addiction NICE GuidelinesPk Doctors
 
Презентация по европейской интеграции
Презентация по европейской интеграцииПрезентация по европейской интеграции
Презентация по европейской интеграцииPiotr Klimaszewski
 
Elements of artjustine
Elements of artjustineElements of artjustine
Elements of artjustinegzorskas
 
Protect Your Heart
Protect Your HeartProtect Your Heart
Protect Your HeartPk Doctors
 
PIMA News Letter
PIMA News LetterPIMA News Letter
PIMA News LetterPk Doctors
 
PHP from soup to nuts Course Deck
PHP from soup to nuts Course DeckPHP from soup to nuts Course Deck
PHP from soup to nuts Course DeckrICh morrow
 
Hall of fame december
Hall of fame decemberHall of fame december
Hall of fame decembersamsungmena
 

Destacado (16)

Treball psico 3
Treball psico 3Treball psico 3
Treball psico 3
 
Ina
InaIna
Ina
 
Valvular Heart Disease
Valvular Heart DiseaseValvular Heart Disease
Valvular Heart Disease
 
Wsm Presentation 5 4 10
Wsm Presentation 5 4 10Wsm Presentation 5 4 10
Wsm Presentation 5 4 10
 
Ingles
InglesIngles
Ingles
 
Drug Addiction NICE Guidelines
Drug Addiction NICE GuidelinesDrug Addiction NICE Guidelines
Drug Addiction NICE Guidelines
 
Презентация по европейской интеграции
Презентация по европейской интеграцииПрезентация по европейской интеграции
Презентация по европейской интеграции
 
Elements of artjustine
Elements of artjustineElements of artjustine
Elements of artjustine
 
Protect Your Heart
Protect Your HeartProtect Your Heart
Protect Your Heart
 
PIMA News Letter
PIMA News LetterPIMA News Letter
PIMA News Letter
 
P1151418327
P1151418327P1151418327
P1151418327
 
PHP from soup to nuts Course Deck
PHP from soup to nuts Course DeckPHP from soup to nuts Course Deck
PHP from soup to nuts Course Deck
 
Hall of fame december
Hall of fame decemberHall of fame december
Hall of fame december
 
P1111338292
P1111338292P1111338292
P1111338292
 
Bmx
BmxBmx
Bmx
 
Reggae
ReggaeReggae
Reggae
 

Similar a Case Study: ABS OAM

Multiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidMultiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidpasalapudi
 
Case Study: ATMOS OIM
Case Study: ATMOS OIMCase Study: ATMOS OIM
Case Study: ATMOS OIMjayallen77
 
Cloud & Oracle FMW
Cloud & Oracle FMWCloud & Oracle FMW
Cloud & Oracle FMWHisham Galal
 
Liferay dxp 7.2_features_overview
Liferay dxp 7.2_features_overviewLiferay dxp 7.2_features_overview
Liferay dxp 7.2_features_overviewChinmay Panda
 
Round table guide
Round table guideRound table guide
Round table guideOracleIDM
 
What Is Oracle Fusion Middleware .pdf
What Is Oracle Fusion Middleware .pdfWhat Is Oracle Fusion Middleware .pdf
What Is Oracle Fusion Middleware .pdfPridesys IT Ltd.
 
Oracle Integration Cloud – Pragmatic approach to integrations
Oracle Integration Cloud – Pragmatic approach to integrationsOracle Integration Cloud – Pragmatic approach to integrations
Oracle Integration Cloud – Pragmatic approach to integrationsJade Global
 
The Race To 50 Million Page Views
The Race To 50 Million Page ViewsThe Race To 50 Million Page Views
The Race To 50 Million Page ViewsLogicworksNY
 
Sun welcome middleware_overview 0324101_bosnia
Sun welcome middleware_overview 0324101_bosniaSun welcome middleware_overview 0324101_bosnia
Sun welcome middleware_overview 0324101_bosniaOracle BH
 
Prominent Back-end frameworks to consider in 2022!
Prominent Back-end frameworks to consider in 2022!Prominent Back-end frameworks to consider in 2022!
Prominent Back-end frameworks to consider in 2022!Shelly Megan
 
Executive Overview Using Soa To Improve Operational Efficiency
Executive Overview Using Soa To Improve Operational EfficiencyExecutive Overview Using Soa To Improve Operational Efficiency
Executive Overview Using Soa To Improve Operational Efficiencysean.mcclowry
 
Addvantum Oracle Profile OFMW
Addvantum Oracle Profile OFMW Addvantum Oracle Profile OFMW
Addvantum Oracle Profile OFMW Addvantum
 
Jade Global Oracle Integration and Application Development
Jade Global Oracle Integration and Application Development Jade Global Oracle Integration and Application Development
Jade Global Oracle Integration and Application Development Jade Global
 
Oracle Webcenter Suite Overview
Oracle Webcenter Suite OverviewOracle Webcenter Suite Overview
Oracle Webcenter Suite OverviewEslam Hafez
 

Similar a Case Study: ABS OAM (20)

Multiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidMultiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oid
 
Case Study: ATMOS OIM
Case Study: ATMOS OIMCase Study: ATMOS OIM
Case Study: ATMOS OIM
 
Fmw generico
Fmw genericoFmw generico
Fmw generico
 
Oracle Middleware
Oracle MiddlewareOracle Middleware
Oracle Middleware
 
Cloud & Oracle FMW
Cloud & Oracle FMWCloud & Oracle FMW
Cloud & Oracle FMW
 
Visual Fusion SaaS
Visual Fusion SaaSVisual Fusion SaaS
Visual Fusion SaaS
 
Liferay dxp 7.2_features_overview
Liferay dxp 7.2_features_overviewLiferay dxp 7.2_features_overview
Liferay dxp 7.2_features_overview
 
D linsync10 fusaapps
D linsync10 fusaappsD linsync10 fusaapps
D linsync10 fusaapps
 
Round table guide
Round table guideRound table guide
Round table guide
 
What Is Oracle Fusion Middleware .pdf
What Is Oracle Fusion Middleware .pdfWhat Is Oracle Fusion Middleware .pdf
What Is Oracle Fusion Middleware .pdf
 
Oracle Integration Cloud – Pragmatic approach to integrations
Oracle Integration Cloud – Pragmatic approach to integrationsOracle Integration Cloud – Pragmatic approach to integrations
Oracle Integration Cloud – Pragmatic approach to integrations
 
The Race To 50 Million Page Views
The Race To 50 Million Page ViewsThe Race To 50 Million Page Views
The Race To 50 Million Page Views
 
Naresh_Profile
Naresh_ProfileNaresh_Profile
Naresh_Profile
 
Sun welcome middleware_overview 0324101_bosnia
Sun welcome middleware_overview 0324101_bosniaSun welcome middleware_overview 0324101_bosnia
Sun welcome middleware_overview 0324101_bosnia
 
Prominent Back-end frameworks to consider in 2022!
Prominent Back-end frameworks to consider in 2022!Prominent Back-end frameworks to consider in 2022!
Prominent Back-end frameworks to consider in 2022!
 
Executive Overview Using Soa To Improve Operational Efficiency
Executive Overview Using Soa To Improve Operational EfficiencyExecutive Overview Using Soa To Improve Operational Efficiency
Executive Overview Using Soa To Improve Operational Efficiency
 
Primavera roadmap
Primavera roadmapPrimavera roadmap
Primavera roadmap
 
Addvantum Oracle Profile OFMW
Addvantum Oracle Profile OFMW Addvantum Oracle Profile OFMW
Addvantum Oracle Profile OFMW
 
Jade Global Oracle Integration and Application Development
Jade Global Oracle Integration and Application Development Jade Global Oracle Integration and Application Development
Jade Global Oracle Integration and Application Development
 
Oracle Webcenter Suite Overview
Oracle Webcenter Suite OverviewOracle Webcenter Suite Overview
Oracle Webcenter Suite Overview
 

Case Study: ABS OAM

  • 1. American Bureau of Shipping Oracle Access Manager and the WebLogic SSPI In 2009, Partners Consulting was engaged by a worldwide marine and offshore classification and standards organization located in Houston, Texas. The primary focus of the business was to verify that merchant ships and marine structures comply with rules that the society has established for marine and offshore design, construction and periodic survey. The organization’s divisional offices support a worldwide network of more than two hundred representative offices in over 60 countries. Centralized Access Management    The organizational goal was to deploy a commercial off-the-shelf solution in order to provide Enterprise Single Sign-On (SSO) to their customer facing web applications. The marine and offshore compliance and standards applications (and other static resources for builders were all served from a WebLogic Portal environment. External users could either register by phone or via the portal interface and request the appropriate access or rights from the organization. However, in the organization’s existing access request model, development teams would still have to write custom authentication into each of the web based applications in order to achieve SSO with other applications not served from WebLogic Portal. It was determined that it was necessary to license and deploy an Access Management solution that would not only provide seamless integration with the WebLogic Security Provider Interface, but also help eliminate the cost and time required to write authentication into individual customer facing applications. The Challenges Faced  • Credentials were stored in separate Oracle databases and the organization had no centralized LDAP repository. • Customers had to logon to each application separately to receive the appropriate authorization • Existing development effort had not kept up with growth, compounding current Access Management issues. www.partnersconsulting.com | 1(866) 736.5500
  • 2. The Partners Consulting Approach Partners leveraged our 4D Methodology™ that we developed from our years of consulting experience. Using our methodology, we were able to provide expert oversight, monitoring, and reporting on the issues enabling the organization to make decisions that were best for their needs at the appropriate time throughout the project. Partners Consulting Enabled Success    • Determined the specific technical, functional, and business requirements for a new development environment. • Migrated existing user data from internal and external Oracle databases to a single instance of Oracle Internet Directory (OID). • Established a SSO development environment with integrated Oracle Access Manager (OAM) and WebLogic Portal installations. • Deployed the Oracle WebLogic SSPI Connector and custom security realm to map users and security roles to centralized access policies. • Delivered detailed training for the Web Security teams tasked with managing the OAM deployment. • Provided a roadmap for the steps necessary to build additional test and production environments. www.partnersconsulting.com | 1(866) 736.5500
  • 3. Oracle Access Manager    With the guidance of Partners Consulting, the American Bureau of Shipping chose Oracle Access Manager (OAM) over other competitors as their web access management solution to address their needs with respect to: • Enterprise Single Sign-on (SSO) • Centralized Policy Management • WebLogic SSPI Integration A Central User Repository    Partners Consulting installed an instance of Oracle Virtual Directory (OVD) to connect to the existing Oracle Database instances and provide a view (“virtualized” abstraction) of user data in a structured LDAP hierarchical format. Once the connectors were defined and a single unified user tree was created in OVD, Partners Consulting then performed a data migration using standard Oracle utilities and exported the user data. A new central user repository was created and stored in a new instance of OID. The OID would hold the new user directory tree with organizational units to contain user, group, and access policy data. The OID instance would serve as a central repository for all of this data going forward, and OAM would be able to authenticate from this LDAP directory. OID now provides the organization the ability to integrate web based applications protected with OAM while minimizing the need to change either the infrastructure or the applications being developed. A Single Sign‐On (SSO) Environment    To alleviate the burden of having to re-write individual applications to integrate with an existing SSO solution, Partners Consulting had to deploy an Access Management solution that would integrate with existing WebLogic Portal applications and their security realms. The solution would not only need to provide SSO to all customer facing applications, but it would have to perform role-based authorizations that would be understood by WebLogic Portal. Partners Consulting installed OAM to provide the authentication, authorization, and auditing services necessary to protect more than 20 portal applications. www.partnersconsulting.com | 1(866) 736.5500
  • 4. (SSO, continued) The base solution was comprised of OAM Identity and Access Servers installed on a single machine. These servers serve as the “decision making” components in basic user and access management for the organization. Then OAM’s “WebGates” were plugged into existing web servers as the “policy enforcement points”. User’s requesting access to portal applications would either have to present an SSO authentication token or they would have to authenticate to with whichever authentication mechanism was defined for that application. Once a user authenticates to a WebGate protected resource he or she is granted an obSSOCookie (token) and is not authenticated again until a designated timeout.   Existing WebLogic Security    The greatest challenge for the organization however, was not in simply creating an environment where users had only a single authentication. For this organization, the entirety of their applications in the portal had all been written to authenticate and authorize users within the WebLogic security model. In this model, a security principal (user or group with a collective set of permissions) is set and the roles assigned to that principal are determined for authorization to a given resource. The SSPI Connector    In the development environment, OAM was integrated with the existing WebLogic Server and Portal by installing and configuring a WebLogic SSPI Connector. The SSPI connector installation forms a bridge between OAM and WebLogic. A new security realm is created and was configured to trust OAM’s session cookie for authentication and to read and map user roles to WebLogic security roles and application permissions. The connector allows SSO and eliminates the need to re-write security in existing applications. (A diagram of the OAM and WebLogic authentication flow is included on the last page of this document) www.partnersconsulting.com | 1(866) 736.5500
  • 5. How the Connector Works  1) In the client’s environment, a user attempts to access an OAM protected Web application that is deployed on the WebLogic Server as a part of the Corporate Portal. 2) Then OAM’s WebGate plug-in, intercepts the request and queries an Access Server to check if the resource is protected. 3) If the resource is protected, WebGate redirects the user’s browser to the Corporate Portal login page portlet. 4) In the login portlet the user presents their user name and password for authentication as they normally would. 5) If the user authenticates successfully, WebGate generates a session cookie, which it appends as an HTTP header; the Web server forwards this HTTP request to the WebLogic proxy plug-in which forwards the request to the WebLogic server. 6) The WebLogic proxy plug-in passes the cookie in the HTTP header to the WebLogic Server. 7) The WebLogic Server's security service was configured to expect the OAM cookie as an external token for validating the user. The WebLogic security service then sets the cookie in the HTTP response. 8) The WebLogic Identity Assertion Provider then extracts the cookie information from the HTTP header, validates the cookie, and retrieves the user identity from the OAM Access Server. 9) When authentication is successful, a Role Mapping Provider uses the WebGate to communicate with the Access Server to determine what OAM- defined roles are assigned to this user. These roles are then mapped to security roles in WebLogic. 10) The Authorization Provider uses the WebGate to ask the Access Server to verify that the user has permission to access the requested resource. The policies that protect resources are specified in OAM. 11) If authorization is successful, the WebLogic Server allows the user access to the requested resource. 12) In this scenario, if the cookie is already set, the user is logged in without being challenged. www.partnersconsulting.com | 1(866) 736.5500