I am engulfed in Oracle Identity & Access Management domain. I have expertise in providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., for on-prem and cloud deployments.
I am here to share troubleshooting tips, discuss architecture and design aspects, integration scenarios and many more that I have experienced with.
I presume many people are curious to know about OAM upgrade from 10g to 11g versions. Well, here is the point!!
There is no direct upgrade plan yet because the 11g version is released for OSSO customers extremely. However to upgrade OAM to 11g here are my thoughts:
Architecture is totally revamped in 11g. OAM server is a java based application deployed on WebLogic server. However 10g servers are stand-alone.
10g WebGates are backward compatible with OAM 11g server. 11g WebGates are provided only for OHS server. So if your environment has Apache or IHS servers then you can continue to use 10g Webgates with agent registration.
Policy Domains concept is enhanced with sessions. So you can pass on several session attributes in authorization actions.
If there is a custom plug-in to extrapolate concurrent users scenario, then it is just a checkbox enablement in 11g - much easier, is not it!!
Any custom authentication plug-ins developed in 10g using C/C++ has to be rebuilt using java tech in 11g.
Any Identity XML features used in 10g has NO upgrade or replacement. All the identity features are part of OIM 11g.
If there is a password management features used, then execute the features using OIM 11g.
If you are using RSA token authentication then it is not certified in 11g - Oracle has plans to release this soon.
If you are using Sharepoint integrated with OAM 10g, then Sharepoint 2010 is certified with OAM 11g. Check out this post.
EBS is certified with OAM 10g and 11g versions. In 11g, it is access gate version rather than OSSO delegation.
Therefore, to upgrade OAM 10g to 11g, all the needs to be manually created/configured from the scratch.
If your environment has RSA token as main authentication, then it is better to upgrade to 11gR2 directly as OAM 11gR1 is not certified. OAM 11gR2 - RSA integration guide is here.
The latest IAM release 11.1.2 has upgrade plans from 11gR1.
Upgrading OAM 11gR1 (126.96.36.199) is here.
Unlike OIM, there is a direct upgrade plan from OAM 10g to OAM 11gR2, documentation is here.
Oracle releases products oftentimes and hence it is very difficult to know which version to use and what is certified. I am talking about OIM 11gR1 version with WLS, SOA Suite and RCU.
With OIM 188.8.131.52.0 it is certified with WLS 10.3.5, SOA Suite 184.108.40.206.0 and RCU 220.127.116.11. However with products releasing, they won't appear on OTN, instead you have to download from edelivery. Well, it is a problem if we don't have account.
So I downloaded WLS 10.3.6, SOA Suite 18.104.22.168.0 and Oracle IAM Suite 22.214.171.124. I installed Oracle IAM Suite 126.96.36.199 and failed at OIM configuration step. I wrote a detailed post on the error messages and action plan. Well, it is actually version mismatch. Oracle Identity Manager should be upgraded to 188.8.131.52.2 to use WLS 10.3.6, SOA Suite 184.108.40.206.0.
OAuth 2.0 is a new standard/technology that is being adapted by many organizations for Mobile application developments. And so Oracle used it in Oracle IDM 11gR2 release for Access Management Mobile and Social SSO. I have also seen companies using OAuth 2.0 technology in Gadget applications. So I just thought of doing a small write up on it. I have also recently read a nice post on OAuth2.0.
OAuth is an open authentication protocol which enables applications to access each others data. For instance, a game application can access users data in the Facebook Application. So user logs into Social sites and get access to other applications without need to provide credentials again.
Let me explain this with a simple diagram.
User access gaming application. It redirects user to login to Social Site say Facebook. User logs into Facebook successfully. Now the gaming application can access users data from Facebook.
OAuth 2.0 standard support various clients which access REST APIs. This includes calling out an enterprise application to the cloud or applications getting called from mobile devices.
Check out its specifications here.
The services that OAuth 2.0 support as of today are:
Oracle has released the Oracle Identity Management 220.127.116.11 documentation here. Being more of an OAM guy, it is undoubtedly said that OAM spectrum is vast now with inclusion of Mobile and Social features and Client API toolkits.
I will update you when softwares are available for download.