A quick introduction to OAM, OIM and OID

A quick introduction to Oracle Access Manager (OAM), Oracle

Identity Manager (OIM) and Oracle Internet Directory (OID).
Oracle Access Manager (OAM)
Oracle Access Manager is a J2EE application typically deployed on a
dedicated managed server in a Weblogic (Application Server)
clustered environment.
An enterprise typically has many applications for different purposes.
Each application typically has its own authentication and
authorization functionality.
OAM provides a single point to control all resource grants in an
enterprise where multiple applications exist on different platform.
OAM provides:

Single Sign On (SSO)

Authentication

Authorization

Real time session management

Auditing

Policy Administration
Flaws in conventional security model.
Individual authentication/authorization for each independent

application in the enterprise. .net, J2EE, SAP, WebCenter etc. All

application have their *own* authentication and authorization
mechanism.

Effective Security

Cost

Inconsistence

Security Complainces

Ease for users (Single Sign On)

Governance, Support and Management

One of the web server will have OAM-Agent. Other web servers will
be redirected to this OAM-Agent via a reverse proxy. Hence, we don't
need OAM-Agent on each Web Server.
The request goes to the OAM agent which redirects the request to
OAM which in turn challenges the user for user/pwd. Once user/pwd
is provided the OAM goes to the LDAP (AD or OID) to authenticate
the user. Once the user is authenticated the webgate opens the gate
to the underlying corresponding web server.
Oracle Identity Manager (OIM)
OIM does life cycle management of an identity (generally a user, e.g
employee).
OIM server is a J2EE application. User provisioning is done in OIM.
The OIM integrates this with all the other applications.
Lets take an example of an employee joining an organizaiton.
He/She needs access to various applications in the organization. The
HR typically creates the employee in HRMS on the joining date.

The manager raises various user ids crations for this new employee
for email, timesheet app, crm, leave mgmt app etc. With OIM this
provisionting can be done automatically or manually at single point.
OIM provides a unified access control for all the applications in the
enterprize. Once the employee quits, the manager need only to log
onto OIM and delete (soft/hard) the employee from various
applications.
OIM integrates with other application using SOA suite with
respective JCA adapters.
Oracle Internet Directory (OID)
This is a directory of objects. For e.g in case of employees in an
organization, this directory will hold employees details like name,
designation, enterprize roles, applicaiton specific roles, security
credentials like password, password reminder questions.
This is typically a single source of truth for information about
employees in an organization.
Various applications access OID to authenticate and authorize users.
Typically, OID is integrated with OAM.
OID is Oracle's LDAP implementation. Active Directory or AD is
similar implementation for the same solution from Microsoft.
OID generally uses oracle database for storage of all the said
information above.