This article I am doing an explanation how FA-IDM solution works, from flows perspective. Please check A-Team link below:
http://www.ateam-oracle.com/idm-fa-integration-flows
I hope this helps,
Thiago Leoncio
Thiago - Tech Director, Principal Architect and software developer for many different languages. I am passionate about the development of any kind. I am a developer since 1996, coding for many different styles such as Cold Fusion, Java, PHP, PL-SQL, Objective-C, Nodejs and many others..anything needed we can translate to code.
Saturday, May 31, 2014
Saturday, April 19, 2014
What is the difference between OIMAuthenticator & OIMSignatureAutenticator in weblogic providers type?
Hello everybody,
Today I would like to discuss the authenticator provider for
IDM.
Basically , let's start answering
then main question. The difference comes from OIMSignatureAuthenticator
being used in situations where a digital signature can be inspected instead of
a password - which is useful in some specific integrations. Such as Quartz
Scheduler integration with OIM as: OAM
with OIM or SiteMinder with OIM.
So, it allows Weblogic Server and its provider to participate,
for example, in SSO solution for Web service applications. It validates
assertions by checking the signature and validates, if needed, the certificate
for trust based on data configured for a specific partner.
Trying to clarify a bit more with one simple example:
Use-case:
All authentication either via browser (http/https) or
non-http, such as Design Console login or t3/t3s route, must be handled by
Siteminder SSO. Only signature authentication will be handled by Oracle
Identity Manager.
This way you will allow only integration products to use
signature as part of the authentication process, all others will be controlled
by your SSO product , in my example SiteMinder.
So, into WLS(Home >Summary of Security Realms >myrealm
>Providers ) your authemtication chain will be like this:
SiteminderIdentityAsserter
DefaultAuthenticator SUFFICIENT
OIMSignatureAuthenticator SUFFICIENT
SiteminderAuthenticationProvider SUFFICIENT
DefaultIdentityAsserter SUFFICIENT
References:
1-Oracle® Fusion Middleware Administrator's Guide for Oracle
Identity Manager-11g Release 2 (11.1.2)-doc: E27149-04
Definitions from WLS Console:
OIMSignatureAuthenticator
Provider that performs signature based authentication thru
the Oracle Identity Manager relational database
OIM Authenticator or OIM Authenticator Provider
Provider that performs authentication thru the Oracle
Identity Manager relational database
I hope this helps,
Thiago Leoncio.
Subscribe to:
Posts (Atom)