My Oracle Support Banner

Common Problems With Oracle Access Manager (OAM ) Federation Authentication(Authn) or Authorization (Authz) Protocols Starting Point (Doc ID 2833935.1)

Last updated on MARCH 08, 2022

Applies to:

Oracle Access Manager - Version 12.2.1.3.0 and later
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note.


Goal

Common problems with Oracle Access Manager (OAM ) when using Federation Authentication(Authn) or Authorization (Authz) Protocols at Run Time

Industry Standards

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

Federated identity is related to single sign-on (SSO), in which a user's single authentication ticket, or token, is trusted across multiple IT systems or even organizations. SSO is a subset of federated identity management, as it relates only to authentication and is understood on the level of technical interoperability and it would not be possible without some sort of federation.[4]

Technologies used for federated identity include Security Assertion Markup Language (SAML), OAuth, OpenID, Simple Web Tokens, JSON Web Tokens, and SAML assertions (Security Tokens), Web Service Specifications, and Windows Identity Foundation.

Security Assertion Markup Language (SAML) - An open standard for exchanging AuthN and AuthZ data between parties, in particular, between an identity provider and a service provider. It is an XML-based markup language for security assertions.

OAuth - An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. It is an an authorization protocol — or in other words, a set of rules — that allows a third-party website or application to access a user's data without the user needing to share login credentials.

OpenID Connect (OIDC) - An authentication layer on top of OAuth 2.0, an authorization framework. The standard is controlled by the OpenID

SAML vs. OAuth - SAML (Security Assertion Markup Language) is an alternative federated authentication standard that many enterprises use for Single-Sign On (SSO). SAML enables enterprises to monitor who has access to corporate resources. There are many differences between SAML and OAuth. SAML uses XML to pass messages, and OAuth uses JSON. OAuth provides a simpler mobile experience, while SAML is geared towards enterprise security. That last point is a key differentiator: OAuth uses API calls extensively.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
 Industry Standards
Solution
 SAML
 OAuth
 OpenID Connect (OIDC) ... coming soon
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.