Skip Headers
Oracle® Identity Management Concepts and Deployment Planning Guide
10g Release 2 (10.1.2)
B14084-02
  Go To Documentation Library
Home
Go To Product List
Solution Area
Go To Table Of Contents
Contents
Go To Index
Index

Previous
Previous
Next
Next
 

5 Integrating with Other Identity Management Solutions

This chapter discusses integrating Oracle components with other enterprise identity management solutions.

This chapter contains the following topics:

5.1 Reasons for Identity Management Integration

While the Oracle Identity Management infrastructure is an essential component in most Oracle deployments, it is also designed to permit integration with other identity management solutions. Integration of Oracle products around a common infrastructure provides a single point of integration with other enterprise identity management solutions, including:

Identity management integration allows Oracle users to use existing enterprise infrastructure components in the Oracle environment, which can provide the following benefits:

Delivering these benefits requires tools and strategies for integrating Oracle Identity Management and third-party directory, security, and user administration environments.


See Also:

Oracle Identity Management Integration Guide and Oracle Application Server Single Sign-On Administrator's Guide for information about deploying these integration solutions

5.2 Identity Management Integration Tools and Strategies

Oracle Identity Management provides a number of tools for integrating with other identity management environments, including various services and APIs, preconfigured directory connectivity solutions, and standards support, which are briefly described in this section. For additional information on their use, see the appropriate component documentation.

Oracle Directory Integration and Provisioning

Oracle Directory Integration and Provisioning consists of a set of services and interfaces built into Oracle Internet Directory that facilitate the development of synchronization and provisioning solutions between Oracle Internet Directory and other repositories, such as third-party directories (SunONE Directory and Microsoft Active Directory, for example), application user repositories (as might be stored in a flat file, for example), or database tables containing HR information.

Oracle Directory Integration and Provisioning includes a documented API and incorporates available industry standards where they exist, making it possible for Oracle, customers, and third parties to develop and deploy customized synchronization and provisioning solutions. It also facilitates interoperability between Oracle Internet Directory and third-party metadirectory and provisioning solutions.

Oracle Internet Directory Plug-In Architecture

Oracle Internet Directory supports a PL/SQL-based plug-in framework that enables you to include custom routines (Oracle, customer-written, or third-party) that can execute before, during, or after a directory operation. For example, this framework can be used to:


See Also:

Oracle Internet Directory Administrator's Guide for more information

Preconfigured Directory Connectivity Solutions

Oracle Internet Directory includes preconfigured connectivity solutions built on Oracle Directory Integration and Provisioning and the Oracle Internet Directory plug-in architecture, which make it possible to automatically provision users in the Oracle Identity Management space from other systems, and to administer users in the Oracle Identity Management space from those environments. Preconfigured connectivity solutions include:


See Also:

Oracle Identity Management Integration Guide for more information about preconfigured directory connectivity solutions

OracleAS Single Sign-On Partner APIs

OracleAS Single Sign-On supports a third-party authentication API that allows Oracle Application Server Single Sign-On to obtain user identities from a trusted, third-party authentication mechanism. This feature can be used to allow application users to access Web applications across the two environments, having to log in only once.

Oracle Application Server Java Authentication and Authorization Service (JAAS) Provider Developer APIs

Oracle Application Server Java Authentication and Authorization Service (JAAS) Provider allows user-written Java applications running in the Oracle J2EE environment to use OracleAS Single Sign-On and Oracle Internet Directory for authentication and identity services.


See Also:

JAAS Provider API Reference for more information

LDAP Standard Support

Oracle Internet Directory supports the LDAPv3 standard in accordance with the IETF RFC 2251.


See Also:

Oracle Internet Directory Administrator's Guide for more information about preconfigured directory connectivity solutions

Authentication Standard Support

OracleAS Single Sign-On supports user authentication using Kerberos tickets issued by a Kerberos key distribution center, which allows users who have been issued a valid Kerberos ticket (in, for example, the Windows environment) to log in to their Web applications without having to provide a username and password.

X.509v3 Certificate Standard Support

Oracle Identity Management issues and uses X.509v3 standard PKI certificates for strong authentication services. Customers with existing X.509v3 certificate authorities can use these certificates in the Oracle environment.