4
Integrating Oracle Identity Federation 4-1
4
Integrating Oracle Identity Federation
This chapter describes how to integrate Oracle Access Manager with Oracle Identity Federation to create an authenticated session.
This chapter contains these sections:
■
Background and Integration Overview
■
Register Oracle HTTP Server with Oracle Access Manager
■
Integrate Oracle Identity Federation in SP Mode
■
Integrate Oracle Identity Federation Authentication Mode
■
Test the Configuration
4.1 Background and Integration Overview
This section provides background about the integration procedure. Topics include:
■
About Integration with Oracle Identity Federation
■
Overview of Integration Tasks
■
Prerequisites
■
Additional Setup
4.1.1 About Integration with Oracle Identity Federation
About Oracle Identity Federation Oracle Identity Federation is a standalone, self-contained federation server that
enables single sign-on and authentication in a multiple-domain identity network.
The SP integration Engine included with Oracle Identity Federation consists of a servlet that processes requests from the server to create a user authenticated session at
the Identity and Access Management IAM server. The engine includes several internal plug-ins that allow it to interact with different IAM servers, including Oracle
Access Manager.
About the Integration Two integration modes are described in this chapter:
■
SP Mode
4-2 Oracle Fusion Middleware Integration Guide for Oracle Access Manager
This mode enables Oracle Identity Federation to authenticate the user and propagate the authentication state to Oracle Access Manager, which maintains the
session information.
■
Authentication Mode This mode enables Oracle Access Manager to authenticate the user.
Figure 4–1 describes the processing flow in each mode.
Figure 4–1 Oracle Access Manager and Oracle Identity Federation
In the SP mode, Oracle Identity Federation uses the federation protocols to identify a user, and requests the authentication module to create an authenticated session at
Oracle Access Manager. To integrate in SP mode, see SP Mode Integration Procedure
. In the authentication mode, Oracle Access Manager looks up the user identity in the
LDAP store and obtains a session cookie so that the user can access the requested resource, which is protected by either mod_osso or Oracle Access Manager 11g
WebGate. To integrate in authentication mode, see Authentication Mode Integration
Procedure .
4.1.2 Overview of Integration Tasks
The tasks required to integrate Oracle Access Manager with Oracle Identity Federation are similar for both modes, with some variation.
SP Mode Integration Procedure Configuring the SP mode requires the following tasks:
1. Ensure that the necessary components, including Oracle WebLogic Server and
Identity Management IdM components, are installed and operational. For details, see
Section 4.1.3 and
Section 4.1.4 .
2. Register Oracle HTTP Server as a partner with Oracle Access Manager to protect a
resource. For details, see
Section 4.2 .
3. Configure the Oracle Identity Federation server to function as a service provider
SP with Oracle Access Manager.
Integrating Oracle Identity Federation 4-3
For details, see Section 4.3.1
.
4.
Configure the Oracle Access Manager server to delegate the authentication to Oracle Identity Federation.
For details, see Section 4.3.2
.
5.
Test the integration. For details, see
Section 4.5.1 .
Authentication Mode Integration Procedure Configuring the authentication mode requires the following tasks:
1.
Ensure that the necessary components, including Oracle WebLogic Server and Identity Management IdM components, are installed and operational.
For details, see Section 4.1.3
and Section 4.1.4
.
2.
Register Oracle HTTP Server as a partner with the Oracle Access Manager server to protect a resource.
For details, see Section 4.2
.
3.
Configure the Oracle Identity Federation server to function as an identity provider IdP with Oracle Access Manager.
For details, see Section 4.4
.
4.
Test the integration. For details, see
Section 4.5.2 .
4.1.3 Prerequisites
