Oracle Access Manager (OAM) As An Identity Provider (IdP) With A Federation Proxy
(Doc ID 2846173.1)
Last updated on JUNE 29, 2023
Applies to:
Oracle Access Manager - Version 11.1.2.3.0 and laterInformation in this document applies to any platform.
Goal
The following Information is from a previous Oracle blog post that is no longer available. This is a living document and will be modified/improved as needed.
This article will explain the concept of Federation Proxy and how Oracle Access Manager (OAM) as an Identity Provider (IdP) can easily be configured to become a Service Provider (SP) and delegate authentication to another remote IdP instead of authenticating the user locally.
Federation Proxy is typically used when a Federation hub acts as:
- An IdP for SP Partners, where the IdP aggregates Federation trust between those SPs and itself
- An SP with remote IdP Partners
This approach has the advantage of:
- Reducing trust management overhead:
- Each new IdP Partner added to the Federation hub will be automatically available to all the SP partners integrated with the Federation hub
- Each new SP Partner added to the Federation hub won't need to be defined at the IdP Partners
- Providing a layered Federation trust model, where the Federation hub hides the Federation deployment to the IdP Partners
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
Direct Trust Model |
Brokered Trust Model |
Federation Proxy in OAM |
Configuring OAM for Federation Proxy |