Mechanics of Oracle Mechanics of Oracle Portal and Identity Portal and Identity Management Management Paper 36768 Sanjeev Mohan Golden Gate University, San Francisco
Dec 14, 2015
Mechanics of Oracle Portal and Mechanics of Oracle Portal and Identity ManagementIdentity ManagementPaper 36768
Sanjeev Mohan
Golden Gate University,
San Francisco
Topics
IntroductionBusiness RequirementsCase Study: Golden Gate
UniversityPortal Identity Management (LDAP)Single Sign On (SSO)
Case Study: Golden Gate University’s Legacy Environment
Operating systems: Solaris, Windows, MPE/ix, Netware, Mac OS, Digital Unix
Hardware platforms: SUN (Sparc), Dell (Intel), HP 3000, Macintosh, DEC Alpha
Databases: Oracle, SQL Server, Access, FoxPro, HP Image
Development: Coldfusion, HTML, Javascript, UniBasic No common code, data, OS, management process,
customer experience
GGU’s new Web Architecture
JSP Pages/XML/HTML
Application Server / Business Tier
HumanResource
Financials Student
Data Mining /Reporting
Portal
Oracle Text Search Oracle Collaboration Suite
LDAP - Oracle OID
Storage Area Network / Physical Data Layer
Oracle 9i Enterprise Edition DBMS
IBM IBMIBM
Migrate legacy apps /File / Print / Messaging
Application Layer
Enterprise Database
Server TierLinux / Solaris
Storage Tier
Business Requirements: Challenges
Profusion of stand alone servers and applications
Redundant storage of data Inaccurate / Out-of-Sync data Lack of Consolidated view of data Inability to produce business intelligence
Business Requirements: Why Portal?
Higher productivity for the employees by providing single point of access to integrated applications.
Better employee communication and collaboration. More efficient business process and improvements Help make an organization more competitive. A well
designed portal could provide an organization with a differentiation over its competition.
Better customer satisfaction and retention. Lower cost and better utilization of the staff e.g. IT
support, HR staff etc. Lower cost by reducing the number of servers.
Integration Levels
Integration of Databases Data Warehouse Enterprise Application Integration (EAI) Application Level Integration Web Services Portal
Integration Architecture
ERP
CRM
EM A I L
LOB
LEGACy
Portal Definition
The term portal is often misused and many describe it as an entry point into a site e.g. a company’s home page.
Portals provide an organizations’ customers and employee an integrated access to applications and services in a highly secure and customizable manner.
Portals
Enterprise Portal– Internal / Corporate Portal– eBusiness Portal
Public Internet Portal Appliance Portal Vertical Portal
Portal features – End User
Access to Enterprise Applications (Self Service)
Categorization of External / Unstructured Content (Taxonomy)
Collaboration Tools Personal Organization Tools Search Tool Personalization / Customization Tools
Portal features – Technology
Identity Management Single Sign On Content Management System Highly Available and Secure Infrastructure Administration Tools User Interface Services e.g. Wireless Support
Portal Vendors
Pure Play Vendors– Epicentric (acquired by Vignette), Plumtree,
Hummingbird, Citrix NFuse, CA CleverPath, Corechange Coreport
Application Server Vendors– BEA WebLogic, IBM WebSphere, Oracle 9iAS,
Sun One and BroadVision InfoExchange ERP Vendors (Oracle, People Soft, SAP) BI Vendors (Brio, Cognos, SAS, Business Objects) Others (UPortal, TIBCO, ATG, Microsoft
SharePoint )
Oracle Portal Architecture
Oracle 9i Application Server
PortalRepositoryOracle 9i
ExternalWeb
Providers
Web Browser
Oracle HTTPServer(Apache)
OC4J (JavaServlet Engine)
ServletConnector
modPL/SQL
ParallelPage
Engine
JavaPortlets
Oracle 9iAS R2 Components
Mid-tier Infrastructure
HTTP Server HTTP Server
BC4J; OC4J_Demo; OC4J_Home; OC4J_Portal
OC4J_Demo; OC4J_Home; OC4J_DAS
Clickstream Clickstream
Portal Internet Directory
SSO SSO
Webcache
Strategic and primary interface for students, faculty, staff, alumni (through Oracle Single Sign On (OSSO)
Portal as a subset of the GGU web site Support for portal standards (JSR 168, WSRP) Robust Portal Integration Framework (PDK)
– Ease of portal page and portlet development– Extensible portlets – calendar, eLearning,
Business Intelligence, OEM 4.0, ERP– External 3rd-party Portlets
Clickstream Analysis
Why Oracle Portal?
Identity Management
An infrastructure to centralize the management of users and the privileges assigned to them
User life cycle management – creation of a new user account, modification, assignment of roles and privileges and finally deletion of the user account.
Business Requirements: Challenges
User information available in multiple systems – redundancy
Programs needed to sync user data Data is not consistent / accurate Security issues when accounts are not
deleted for ex-employees
What is a Directory / What is it not?
Directory is a specialized database Doesn’t contain tables, columns, relations Contains attributes (single valued / multi
valued) Access is not via SQL but via a protocol such
as LDAP (Lightweight Directory Access Protocol)
Tuned for fast reads but not writes
LDAP Schema – Building Blocks
Entries (details for persons / resources) Attributes Primary Key
– E.g. Distinguished Name or DN
Examples:– dn: uid = jdoe, ou = hr, o = acme, dc = com– dn: cn = smohan, dc = ggu, dc = edu
Object Class
Group of attributes Uniquely identified by Abstract Syntax Notation
(ASN.1) object identifiers (OID) Vendor includes standard classes as well as
proprietary. Example “Person” object class contains:
– Mandatory attributes: cn (common name) and sn (surname)
– Optional attributes: userPassword, telephoneNumber etc.
Object Class Hierarchy
inetOrgPerson (2.16.840.113730.3.2.2)
Top (2.5.6.0)
Person (2.5.6.6)
organizationalPerson (2.5.6.7)
Proprietary / User-Defined Object Class
Oracle proprietary: orclSubscriber GGU user-defined: gguPerson Internet Assigned Numbers Authority (IANA)
assigns a “private enterprise number” gguPerson attributes: ClassesEnrolledIn,
StudentId etc.
Directory Integration
Identify Systems of record: HR, email, PBX Some data only in directory
– MD5 hashed user password
Synchronization of sources of data with directory
Create users’ roles and group memberships (Access Control Policy)
Setup Delegated Administration
OID Applications at GGU
Intranet / Portal user authentication Database User Authentication OS Authentication Oracle Net Directory Naming Wireless User Authentication using RADIUS Integration with Oracle 11i eBusiness Suite
LDAP Product Vendors
Novell eDirectory
Sun One
Oracle Internet Directory (OID)
Microsoft Active Directory
OpenLDAP
Entrust (GetAccess) / IBM (Tivoli Policy Director) Netegrity (SiteMinder) / Entegrity (AssureAccess) RSA Security (ClearTrust) / Oblix (NetPoint)
Oracle Internet Directory (OID)
Underlying storage is the database so we get all the benefits of Oracle 9i R2 (RMAN backup, Replication)
Required by Oracle Portal, Collaboration Suite and future Oracle products and Oracle SSO
Integrates with Oracle HRMS, iPlanet and Microsoft Active Directory
Oracle Delegated Administration Service
Business Requirements: Challenges
Help desk inundated with password resets Users leaving passwords on their desks Users wasting time trying to remember
passwords Applications forcing password changes
causing more confusion Applications not securing password
adequately
Single Sign On - Benefits
Ease of administration User convenience Higher security Eases development Reduces help desk support calls
SSO Standards and Vendors
Microsoft .NET Passport (Kerberos) Liberty Alliance (Security Assertion Markup
language - SAML)
--- Oracle Single Sign On (OSSO) Computer Associates (eTrust) IBM (Access360)
Single Sign On - Architecture
Client Web browser
Apache web server (mod_sso)
SSO Server / Identity Provider
LDAP
Authenticated Portal Page / application
1
2
3
6
9
4
5
8
7
Question & Answers