2-10 Developers Guide for Oracle Access Manager and Oracle Security Token Service

2.5.3.2 Cert Transport Security Mode

In Cert transport security mode, the certificates for the server and agent should be requested from a certifying authority. Optionally, the Simple mode self-signed certificates can also be used as a certifying authority, for purposes of issuing Cert mode certificates. Follow these steps to prepare for Cert mode: 1. Import a CA certificate of the certifying authority using the certificate and key pair issued for Access Client and OAM Server. Follow the steps in Importing the CA Certificate on page 2-8. Instead of cacert.pem or cacert.der, substitute the CA certificate file of the issuing authority. 2. If Oracle Access Manager 10g JNI ASDK install is available, it provides a way to generate certificate and key file for the Access Client. These certificates will be in PEM format. For more information about how to generate a certificate using an imported CA certificate, see Oracle Fusion Middleware Administrators Guide for Oracle Access Manager with Oracle Security Token Service. To import this certificate, key pair in the oamclient-keystore.jks in PEM format, follow instructions in Setting Up The Keystore on page 2-9.

2.6 Developing Access Clients

The following topics are discussed in this section: ■ Introduction to Access Clients ■ Structure of an Access Client

2.6.1 Introduction to Access Clients

Access Clients process user requests for access to resources within the LDAP domain protected by the OAM Server. Typically, you embed custom Access Client code in a servlet plug-in or a standalone application that receives resource requests. This code uses Access Manager API libraries to perform authentication and authorization services on the OAM Server. If a resource is not protected, the Access Client grants the user free access to the requested resource. If the resource is protected and the user is authorized to provide certain credentials to gain access, the Access Client attempts to retrieve those user credentials so that the OAM Server can validate them. If authentication of the user and authorization for the resource succeeds, the Access Client makes the resource available to the user. Access Clients can differ according to a variety of factors, as described in Table 2–3 . Table 2–3 Access Client Variations Variation Description Type of application Standalone application versus server plug-ins. Development Language Each development language provides a choice of interfaces to the underlying functionality of the API. For Oracle Access Manager 11g, Java is the only development language for custom Access Clients. Resource Type Protect both HTTP and non-HTTP resources.