Enabling SSO for WebCenter 11g using Oracle Access Manager (OAM)

Configuring Single sign-on (SSO) between WebCenter components and/or other partner applications is an important part of WebCenter setup.  OAM configuration with a WebCenter application is covered in detail in the WebCenter Admin Guide on OTN.  Other solutions that can leveraged for SSO are SAML (“built-in” solution in WebLogic Server), Oracle SSO (OSSO), Windows Native Auth (WNA), etc.   Each one has different setup requirements but the following few common “concepts” and functional points exist across the board.

Policy Decision Point (PDP):  Point that evaluates and makes (authorization) decisions

Policy Enforcement Point (PEP): Point which intercepts a request and channels it to the PDP

Policy Administration Point (PAP): Points which help manage and administer policies

Identity Assertion Provider (IAP): A type of Authenticator that allows users or processes to assert their identity based on tokens (specific to the SSO solution)

The figure below shows where these functional points are.  If you note, the Webgate, an out-of-the-box plugin that intercepts HTTP requests and forwards them to the Access Manager is the PEP and the Access Server the PDP.  It also shows the sequence of the events in Single sign-on process.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: