Mechanics of Oracle Portal and Identity Management Mechanics of Oracle Portal and Identity Management Paper Sanjeev Mohan Golden Gate University, San Francisco
Topics Introduction Business Requirements Case Study: Golden Gate University Portal Identity Management (LDAP) Single Sign On (SSO)
Case Study: Golden Gate University’s Legacy Environment Operating systems: Solaris, Windows, MPE/ix, Netware, Mac OS, Digital Unix Hardware platforms: SUN (Sparc), Dell (Intel), HP 3000, Macintosh, DEC Alpha Databases: Oracle, SQL Server, Access, FoxPro, HP Image Development: Coldfusion, HTML, Javascript, UniBasic No common code, data, OS, management process, customer experience
GGU ’ s new Web Architecture
Business Requirements: Challenges Profusion of stand alone servers and applications Redundant storage of data Inaccurate / Out-of-Sync data Lack of Consolidated view of data Inability to produce business intelligence
Business Requirements: Why Portal? Higher productivity for the employees by providing single point of access to integrated applications. Better employee communication and collaboration. More efficient business process and improvements Help make an organization more competitive. A well designed portal could provide an organization with a differentiation over its competition. Better customer satisfaction and retention. Lower cost and better utilization of the staff e.g. IT support, HR staff etc. Lower cost by reducing the number of servers.
Integration Levels Integration of Databases Data Warehouse Enterprise Application Integration (EAI) Application Level Integration Web Services Portal
Integration Architecture ERPERP CRMCRM EM A I L LOBLOB LEGACyLEGACy
Portal Definition The term portal is often misused and many describe it as an entry point into a site e.g. a company’s home page. Portals provide an organizations’ customers and employee an integrated access to applications and services in a highly secure and customizable manner.
Portals Enterprise Portal – Internal / Corporate Portal – eBusiness Portal Public Internet Portal Appliance Portal Vertical Portal
Portal features – End User Access to Enterprise Applications (Self Service) Categorization of External / Unstructured Content (Taxonomy) Collaboration Tools Personal Organization Tools Search Tool Personalization / Customization Tools
Portal features – Technology Identity Management Single Sign On Content Management System Highly Available and Secure Infrastructure Administration Tools User Interface Services e.g. Wireless Support
Portal Vendors Pure Play Vendors – Epicentric (acquired by Vignette), Plumtree, Hummingbird, Citrix NFuse, CA CleverPath, Corechange Coreport Application Server Vendors – BEA WebLogic, IBM WebSphere, Oracle 9iAS, Sun One and BroadVision InfoExchange ERP Vendors (Oracle, People Soft, SAP) BI Vendors (Brio, Cognos, SAS, Business Objects) Others (UPortal, TIBCO, ATG, Microsoft SharePoint )
Oracle Portal Architecture
Oracle 9iAS R2 Components Mid-tierInfrastructure HTTP Server BC4J; OC4J_Demo; OC4J_Home; OC4J_Portal OC4J_Demo; OC4J_Home; OC4J_DAS Clickstream PortalInternet Directory SSO Webcache
Strategic and primary interface for students, faculty, staff, alumni (through Oracle Single Sign On (OSSO) Portal as a subset of the GGU web site Support for portal standards (JSR 168, WSRP) Robust Portal Integration Framework (PDK) – Ease of portal page and portlet development – Extensible portlets – calendar, eLearning, Business Intelligence, OEM 4.0, ERP – External 3 rd -party Portlets Clickstream Analysis Why Oracle Portal?
Identity Management An infrastructure to centralize the management of users and the privileges assigned to them User life cycle management – creation of a new user account, modification, assignment of roles and privileges and finally deletion of the user account.
Business Requirements: Challenges User information available in multiple systems – redundancy Programs needed to sync user data Data is not consistent / accurate Security issues when accounts are not deleted for ex-employees
What is a Directory / What is it not? Directory is a specialized database Doesn’t contain tables, columns, relations Contains attributes (single valued / multi valued) Access is not via SQL but via a protocol such as LDAP (Lightweight Directory Access Protocol) Tuned for fast reads but not writes
LDAP Schema – Building Blocks Entries (details for persons / resources) Attributes Primary Key – E.g. Distinguished Name or DN Examples: – dn: uid = jdoe, ou = hr, o = acme, dc = com – dn: cn = smohan, dc = ggu, dc = edu
Object Class Group of attributes Uniquely identified by Abstract Syntax Notation (ASN.1) object identifiers (OID) Vendor includes standard classes as well as proprietary. Example “Person” object class contains: – Mandatory attributes: cn (common name) and sn (surname) – Optional attributes: userPassword, telephoneNumber etc.
Object Class Hierarchy inetOrgPerson ( ) Top ( ) Person ( ) organizationalPerson ( )
Proprietary / User-Defined Object Class Oracle proprietary: orclSubscriber GGU user-defined: gguPerson Internet Assigned Numbers Authority (IANA) assigns a “private enterprise number” gguPerson attributes: ClassesEnrolledIn, StudentId etc.
Directory Integration Identify Systems of record: HR, , PBX Some data only in directory – MD5 hashed user password Synchronization of sources of data with directory Create users’ roles and group memberships (Access Control Policy) Setup Delegated Administration
OID Applications at GGU Intranet / Portal user authentication Database User Authentication OS Authentication Oracle Net Directory Naming Wireless User Authentication using RADIUS Integration with Oracle 11i eBusiness Suite
LDAP Product Vendors Novell eDirectory Sun One Oracle Internet Directory (OID) Microsoft Active Directory OpenLDAP Entrust (GetAccess) / IBM (Tivoli Policy Director) Netegrity (SiteMinder) / Entegrity (AssureAccess) RSA Security (ClearTrust) / Oblix (NetPoint)
Oracle Internet Directory (OID) Underlying storage is the database so we get all the benefits of Oracle 9i R2 (RMAN backup, Replication) Required by Oracle Portal, Collaboration Suite and future Oracle products and Oracle SSO Integrates with Oracle HRMS, iPlanet and Microsoft Active Directory Oracle Delegated Administration Service
Business Requirements: Challenges Help desk inundated with password resets Users leaving passwords on their desks Users wasting time trying to remember passwords Applications forcing password changes causing more confusion Applications not securing password adequately
Single Sign On - Benefits Ease of administration User convenience Higher security Eases development Reduces help desk support calls
SSO Standards and Vendors Microsoft.NET Passport (Kerberos) Liberty Alliance (Security Assertion Markup language - SAML) --- Oracle Single Sign On (OSSO) Computer Associates (eTrust) IBM (Access360)
Single Sign On - Architecture Client Web browser Apache web server (mod_sso) SSO Server / Identity Provider LDAP Authenticated Portal Page / application
Question & Answers