14. Platform to Product Security Domain OPSS Solution (Basic Features) OPSS Product Solution (Advanced Features) Identity Store Embedded LDAP OID Policy Store File - XML OID Credential Store File – Oracle Wallet OID SSO WLS SAML Oracle Access Manager Authorization OPSS CheckPermission Oracle Entitlement Server
15. Oracle Products Using OPSS Product Name What It Does How It Uses OPSS Oracle ADF / WebCenter ADF is the framework used to develop WebCenter applications (portlets, etc.) Authentication, JAAS Authorization, Application Role,Anonymous and Authenticated Role, Policy Store Abstraction, Policy Management, Credential Store Framework Oracle Web Services Manager (OWSM) OWSM provides SOA and web services security Authentication, JAAS Authorization, Credential Store Framework, Keystore Service, Audit Oracle SOA Provides applications designed to deploy SOA environments (BPEL, ESB, etc.) Authentication, Authorization and Audit Oracle Service Bus (OSB) Connects, mediates, and manages SOA composites interaction Authentication, identity assertion, authorization, Role mapping, credentials mapping, cert. lookup, audit, SSO, SSPI framework for third-party integration Oracle Entitlements Service (OES) Provides externalized fine-grained authorization Authentication, identity assertion, authorization, role mapping, credentials mapping, cert. lookup, audit. WebLogic Server (WLS) Container Java EE server / container Authentication, identity assertion, authorization, role mapping, credentials mapping, cert. lookup, audit, SSO, SSPI framework for third-party integration Oracle Access Manager Web access and single sign on platform Identity assertion and integration with WebLogic Server security.
21. ADF Security: Authorization Administrator Clerks HR Sales Dev ADF Security performs authorization check In her manager role, sking can see master and detail views Policy Store BrowseDepartments.jspx Staff <grant> <principal> <type> role </type> <name> manager </name> </principal> <permission> <name> BrowseDep </name> <actions> view </ actions> </permission> </grant> WebLogic Server ADF Security Filter User sking User ahunold BrowseDepartments.jspx In his user role, ahunold can only see master view JAAS AuthZ request