F
Introduction to Access SDK
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Road Map
•
•
•
•
•
•
F-2
Objectives
Custom requirements
Access SDK
AccessGates
Providing administrative support for
the development and deployment of AccessGates
Accessing SDK support in Oracle Access Manager 11g
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Objectives
After completing this lesson, you should be able to:
• Identify custom requirements for authentication and
authorization services
• Describe the Access SDK
• Describe AccessGates
• Provide administrative support for development and
deployment of AccessGates
• Describe Access SDK support in Oracle Access Manager
11g
F-3
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Road Map
•
•
•
•
•
•
F-4
Objectives
Custom requirements
Access SDK
AccessGates
Providing administrative support for
the development and deployment of AccessGates
Accessing SDK support in Oracle Access Manager 11g
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Custom Requirements for Authentication and
Authorization Services
Protect URLs on a Web server
with no available WebGate
Protect a Java EE server
with no available identity
assertion provider
Enable a command-line application
to prompt users for authentication
credentials
F-5
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Road Map
•
•
•
•
•
•
F-7
Objectives
Custom requirements
Access SDK
AccessGates
Providing administrative support for
the development and deployment of AccessGates
Accessing SDK support in Oracle Access Manager 11g
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Access SDK
Authentication Services
Authorization Services
F-8
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Road Map
•
•
•
•
•
•
Objectives
Custom requirements
Access SDK
AccessGates
Providing administrative support for
the development and deployment of AccessGates
Accessing SDK support in Oracle Access Manager 11g
F - 10
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Oracle Access Manager Clients
Oracle Access Manager Clients
WebGates
(OracleProvided)
F - 11
AccessGates
(OracleProvided or
Customized)
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
AccessGate Variations
Category
Options
Operating system
Windows, Linux, Solaris
Programming language
Java, C, C++, C#
Protected server type
Web server, Java EE application server, other
Protected resource type
URL, other resource
Credential collection
HTTP FORM-based, session tokens,
command-line input
F - 12
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Road Map
•
•
•
•
•
•
Objectives
Custom requirements
Access SDK
AccessGates
Providing administrative support for
the development and deployment of AccessGates
Accessing SDK support in Oracle Access Manager 11g
F - 13
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Developing and Deploying AccessGates:
Overview
1.
2.
3.
4.
Prepare systems for running AccessGates.
Install Access SDK on the developer’s system.
Develop the AccessGate.
Install Access SDK on the system that will run the
AccessGate.
5. Transfer the AccessGate code to the system on which it will
run, if necessary.
6. Configure Oracle Access Manager to support the
AccessGate.
7. Test the AccessGate.
F - 14
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Preparing Systems for AccessGate Development
and Deployment
Supported Java
SDK Version
Supported
OS Version
Developer’s System
Environment
Variables
F - 15
AccessGate
System
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Installing Access SDK
Use the Oracle Access Manager 10g Access SDK to
Develop AccessGates for Oracle Access Manager 11g
F - 17
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Developing the AccessGate
Developers use the Access SDK to write code that performs
functions such as the following:
• Initializing the Access SDK
• Determining whether a resource to be accessed is a
protected resource
• Collecting authentication credentials, if necessary
• Passing the credentials to Oracle Access Manager and
determining if authentication succeeded
• Allowing or denying the user access to the resource
F - 19
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Example of Access SDK API Usage in an
AccessGate
Defines a resource that
. . .
users want to access
public static final String ms_resource =
"//example.com:80/secrets/index.html";
public static final String ms_protocol = "http";
public static final String ms_method = "GET";
public static void main(String argv[])
try {
Initializes Access SDK
ObConfig.initialize();
Calls OAM to see if the
resource is protected
ObResourceRequest rrq = new
ObResourceRequest(ms_protocol, ms_resource, ms_method);
if (rrq.isProtected()) {
System.out.println("Resource is protected.");
ObAuthenticationScheme authnScheme = new
ObAuthenticationScheme(rrq);
If not, asks user
to authenticate
. . .
F - 20
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Example of Access SDK API Usage in an
AccessGate
Creates a user session
. . .
object with the resource
ObUserSession session =
request and credentials
new ObUserSession(rrq,creds);
if (session.getStatus() == ObUserSession.LOGGEDIN) {
Calls OAM to see if
the user is authorized
to access the resource
if (session.isAuthorized(rrq)) {
System.out.println("User is logged in and
authorized for the request at level " +
session.getLevel()); }
else {
System.out.println("User is logged in but NOT
authorized");
}
} else {
System.out.println("User is NOT logged in");
}
. . .
F - 21
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Configuring Oracle Access Manager
to Support AccessGates
•
•
•
•
F - 22
If necessary, transfer the AccessGate application to the
production system on which it will run.
Deploy the AccessGate.
Using the Oracle Access Manager console, create an
AccessGate entry.
Run the configureAccessGate utility to create the
ObAccessClient.xml file.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Road Map
•
•
•
•
•
•
Objectives
Custom requirements
Access SDK
AccessGates
Providing administrative support for
the development and deployment of AccessGates
Accessing SDK support in Oracle Access Manager 11g
F - 24
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Access SDK Support in
Oracle Access Manager 11g
Access SDK Feature
Oracle Access Manager 11g Support
Authentication API
Supported
Authorization API
Supported
Policy Manager API
Not supported
Authentication and authorization
plug-in SDK
Not supported
Identity XML, identity Web services,
and identity event plug-in API
Refer to the Oracle Identity Manager 11g
documentation for information about identity
management features in the OAM 10g Access
SDK
F - 25
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Quiz
Which of the following four programming languages can
programmers use to code AccessGates?
a. C
b. C++
c. Perl
d. Ruby
e. COBOL
f. Java
g. C#
F - 26
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Quiz
You want your company's packaged applications that are
written in the C programming language to use Oracle Access
Manager for authentication. Which feature of Oracle Access
Manager should you use?
a. Oracle-provided WebGate
b. Oracle-provided AccessGate
c. Custom-developed AccessGate
F - 27
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
Summary
In this lesson, you should have learned how to:
• Identify custom requirements for authentication and
authorization services
• Describe the Access SDK
• Describe AccessGates
• Support the development and deployment of AccessGates
• Describe the differences between the Oracle Access
Manager 10g and 11g Access SDK
F - 28
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.