1 / 33

Mechanics of Oracle Portal and Identity Management Paper 36768

Mechanics of Oracle Portal and Identity Management Paper 36768. Sanjeev Mohan Golden Gate University, San Francisco. Topics. Introduction Business Requirements Case Study: Golden Gate University Portal Identity Management (LDAP) Single Sign On (SSO).

sharvani
Télécharger la présentation

Mechanics of Oracle Portal and Identity Management Paper 36768

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mechanics of Oracle Portal and Identity ManagementPaper 36768 Sanjeev Mohan Golden Gate University, San Francisco

  2. Topics • Introduction • Business Requirements • Case Study: Golden Gate University • Portal • Identity Management (LDAP) • Single Sign On (SSO)

  3. Case Study: Golden Gate University’s Legacy Environment • Operating systems: Solaris, Windows, MPE/ix, Netware, Mac OS, Digital Unix • Hardware platforms: SUN (Sparc), Dell (Intel), HP 3000, Macintosh, DEC Alpha • Databases: Oracle, SQL Server, Access, FoxPro, HP Image • Development: Coldfusion, HTML, Javascript, UniBasic • No common code, data, OS, management process, customer experience

  4. GGU’s new Web Architecture

  5. Business Requirements: Challenges • Profusion of stand alone servers and applications • Redundant storage of data • Inaccurate / Out-of-Sync data • Lack of Consolidated view of data • Inability to produce business intelligence

  6. Business Requirements: Why Portal? • Higher productivity for the employees by providing single point of access to integrated applications. • Better employee communication and collaboration. • More efficient business process and improvements • Help make an organization more competitive. A well designed portal could provide an organization with a differentiation over its competition. • Better customer satisfaction and retention. • Lower cost and better utilization of the staff e.g. IT support, HR staff etc. • Lower cost by reducing the number of servers.

  7. Integration Levels • Integration of Databases • Data Warehouse • Enterprise Application Integration (EAI) • Application Level Integration • Web Services • Portal

  8. Integration Architecture Enterprise Portal ERP CRM EM A I L LOB L E G A C y Enterprise Application Integration (EAI) Data Warehouse

  9. Portal Definition • The term portal is often misused and many describe it as an entry point into a site e.g. a company’s home page. • Portals provide an organizations’ customers and employee an integrated access to applications and services in a highly secure and customizable manner.

  10. Portals • Enterprise Portal • Internal / Corporate Portal • eBusiness Portal • Public Internet Portal • Appliance Portal • Vertical Portal

  11. Portal features – End User • Access to Enterprise Applications (Self Service) • Categorization of External / Unstructured Content (Taxonomy) • Collaboration Tools • Personal Organization Tools • Search Tool • Personalization / Customization Tools

  12. Portal features – Technology • Identity Management • Single Sign On • Content Management System • Highly Available and Secure Infrastructure • Administration Tools • User Interface Services e.g. Wireless Support

  13. Portal Vendors • Pure Play Vendors • Epicentric (acquired by Vignette), Plumtree, Hummingbird, Citrix NFuse, CA CleverPath, Corechange Coreport • Application Server Vendors • BEA WebLogic, IBM WebSphere, Oracle 9iAS, Sun One and BroadVision InfoExchange • ERP Vendors (Oracle, People Soft, SAP) • BI Vendors (Brio, Cognos, SAS, Business Objects) • Others (UPortal, TIBCO, ATG, Microsoft SharePoint )

  14. Oracle Portal Architecture

  15. Oracle 9iAS R2 Components

  16. Why Oracle Portal? • Strategic and primary interface for students, faculty, staff, alumni (through Oracle Single Sign On (OSSO) • Portal as a subset of the GGU web site • Support for portal standards (JSR 168, WSRP) • Robust Portal Integration Framework (PDK) • Ease of portal page and portlet development • Extensible portlets – calendar, eLearning, Business Intelligence, OEM 4.0, ERP • External 3rd-party Portlets • Clickstream Analysis

  17. Identity Management • An infrastructure to centralize the management of users and the privileges assigned to them • User life cycle management – creation of a new user account, modification, assignment of roles and privileges and finally deletion of the user account.

  18. Business Requirements: Challenges • User information available in multiple systems – redundancy • Programs needed to sync user data • Data is not consistent / accurate • Security issues when accounts are not deleted for ex-employees

  19. What is a Directory / What is it not? • Directory is a specialized database • Doesn’t contain tables, columns, relations • Contains attributes (single valued / multi valued) • Access is not via SQL but via a protocol such as LDAP (Lightweight Directory Access Protocol) • Tuned for fast reads but not writes

  20. LDAP Schema – Building Blocks • Entries (details for persons / resources) • Attributes • Primary Key • E.g. Distinguished Name or DN • Examples: • dn: uid = jdoe, ou = hr, o = acme, dc = com • dn: cn = smohan, dc = ggu, dc = edu

  21. Object Class • Group of attributes • Uniquely identified by Abstract Syntax Notation (ASN.1) object identifiers (OID) • Vendor includes standard classes as well as proprietary. • Example “Person” object class contains: • Mandatory attributes: cn (common name) and sn (surname) • Optional attributes: userPassword, telephoneNumber etc.

  22. Top (2.5.6.0) inetOrgPerson (2.16.840.113730.3.2.2) Person (2.5.6.6) organizationalPerson (2.5.6.7) Object Class Hierarchy

  23. Proprietary / User-Defined Object Class • Oracle proprietary: orclSubscriber • GGU user-defined: gguPerson • Internet Assigned Numbers Authority (IANA) assigns a “private enterprise number” • gguPerson attributes: ClassesEnrolledIn, StudentId etc.

  24. Directory Integration • Identify Systems of record: HR, email, PBX • Some data only in directory • MD5 hashed user password • Synchronization of sources of data with directory • Create users’ roles and group memberships (Access Control Policy) • Setup Delegated Administration

  25. OID Applications at GGU • Intranet / Portal user authentication • Database User Authentication • OS Authentication • Oracle Net Directory Naming • Wireless User Authentication using RADIUS • Integration with Oracle 11i eBusiness Suite

  26. LDAP Product Vendors • Novell eDirectory • Sun One • Oracle Internet Directory (OID) • Microsoft Active Directory • OpenLDAP • Entrust (GetAccess) / IBM (Tivoli Policy Director) Netegrity (SiteMinder) / Entegrity (AssureAccess) RSA Security (ClearTrust) / Oblix (NetPoint)

  27. Oracle Internet Directory (OID) • Underlying storage is the database so we get all the benefits of Oracle 9i R2 (RMAN backup, Replication) • Required by Oracle Portal, Collaboration Suite and future Oracle products and Oracle SSO • Integrates with Oracle HRMS, iPlanet and Microsoft Active Directory • Oracle Delegated Administration Service

  28. Business Requirements: Challenges • Help desk inundated with password resets • Users leaving passwords on their desks • Users wasting time trying to remember passwords • Applications forcing password changes causing more confusion • Applications not securing password adequately

  29. Single Sign On - Benefits • Ease of administration • User convenience • Higher security • Eases development • Reduces help desk support calls

  30. SSO Standards and Vendors • Microsoft .NET Passport (Kerberos) • Liberty Alliance (Security Assertion Markup language - SAML) --- • Oracle Single Sign On (OSSO) • Computer Associates (eTrust) • IBM (Access360)

  31. Single Sign On - Architecture 7 Apache web server (mod_sso) Authenticated Portal Page / application Client Web browser 1 9 2 8 SSO Server / Identity Provider 4 LDAP 3 6 5

  32. Question & Answers

More Related