Oracle Access Manager (OAM) As An Identity Provider (IdP) With A Federation Proxy
(Doc ID 2846173.1)
Last updated on MARCH 28, 2022
Applies to:Oracle Access Manager - Version 184.108.40.206.0 and later
Information in this document applies to any platform.
The following Information is from a previous Oracle blog post that is no longer available. This is a living document and will be modified/improved as needed.
This article will explain the concept of Federation Proxy and how Oracle Access Manager (OAM) as an Identity Provider (IdP) can easily be configured to become a Service Provider (SP) and delegate authentication to another remote IdP instead of authenticating the user locally.
Federation Proxy is typically used when a Federation hub acts as:
- An IdP for SP Partners, where the IdP aggregates Federation trust between those SPs and itself
- An SP with remote IdP Partners
This approach has the advantage of:
- Reducing trust management overhead:
- Each new IdP Partner added to the Federation hub will be automatically available to all the SP partners integrated with the Federation hub
- Each new SP Partner added to the Federation hub won't need to be defined at the IdP Partners
- Providing a layered Federation trust model, where the Federation hub hides the Federation deployment to the IdP Partners
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|Direct Trust Model|
|Brokered Trust Model|
|Federation Proxy in OAM|
|Configuring OAM for Federation Proxy|