Oracle Identity Manager 11gR2-PS2 OIM Architecture
March 2014
Principal Product Manager, Oracle Identity Governance
2
This document is for informational purposes. It is not a
commitment to deliver any material, code, or functionality, and
should not be relied upon in making purchasing decisions. The
development, release, and timing of any features or functionality
described in this document remains at the sole discretion of
Oracle. This document in any form, software or printed matter,
contains proprietary information that is the exclusive property of
Oracle. This document and information contained herein may not
be disclosed, copied, reproduced or distributed to anyone outside
Oracle without prior written consent of Oracle. This document is
not part of your license agreement nor can it be incorporated into
any contractual agreement with Oracle or its subsidiaries or
affiliates.
3
Agenda
• Component Architecture
• Functional Architecture
• Deployment /Physical Architecture
4 4 4
Oracle Identity Manager – Component Architecture
5
• Self Contained, standalone, J2EE Compliant application
• Weblogic and WAS as J2EE container, JVM as Runtime
• SOA For managing Workflow Orchestrating and Notification
• Oracle Identity Manager connects to the SOA managed servers over RMI to invoke the SOA EJBs.
• SOA calls back OIM via callback service deployed in OIM using OIMFrontEndURL
• Inter-process Communication – JMS Queues
• Async Communication and Processing
• Uses JMS Queues - oimAttestationQueue,oimAuditQueue, oimDefaultQueue, oimKernelQueue,
oimProcessQueue, oimReconQueue, oimSODQueue
• Queues are configured during Installation Time
• OES for Authorization
• Policy Definition Point
• Policy Enforcement Point
• BI for Reporting
• No runtime integration except for Certification Reports
• BI is configured against OIM DB to fetch Audit Data
• ADF/Webcenter Composer
• Runtime UI Changes
• Upgrade Safe
Oracle Identity Manager – Component Architecture
6
• Quartz for Scheduler Services
• Manages various schedule tasks defined in OIM
• Uses DB as the centralized storage for picking and running the scheduled activities
• If one of the scheduler instances picks up a job, the other instances will not pick up that same job.
• External Dependencies
• Nexaweb for Deployment Manager Capabilities to import/export OIM Artifacts
• OSCache and jgroups for cache management
• Enterprise Manager
• Monitoring, Helathcheck and Dashboard
• Configurations and Diagnostics
• LDAP as persistent Identity Store
• LDAP Sync for data synchronization between OIM DB and LDAP
• Embedded LibOVD for H/A
• DB as Transactional and Metadata Repository
• OIM, SOA Schema for Transaction DB
• MDS Schema for storing configurations
Oracle Identity Manager – Component Architecture
7
Target IT Apps
Functional Architecture – OIM 11g
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
Identity Provisioning
Services
JEE Container Services
REVOKE
GRANT
8
Four Tire Functional Architecture
Presentation Tire
• Identity Self Service/ Sys Admin UI
• Design Console
• Custom UI
• Business Services
• API Service (SPML, EJB, Request WS, OOO Taskflows, Public URLs)
• Integration Service (Connector Framework, Identity Connectors, Adapter Factory, GTC, Remote
Manager and Connector Server )
• Platform Services (Plug-in Framework, SOD Engine Framework)
• Provisioning Services (Catalog Engine, Request Engine, Provisioning and Recon Engine)
• Common Services (User Mgt, Config Mgt etc.)
• Middleware Services
• Request Service, Approval Workflow,
• Configurations and Diagnostics
• Authorization Service
• Scheduler Service
• Reporting Service
• Data Tier
• OIM DB for Transactional DB service
• MDS Store for Configuration Service
• LDAP for Identity Persistence
Functional Architecture – OIM 11g
9
Target IT Apps
Functional Architecture – OIM 11g Administration and End-User Consoles
Presentation Tier
Design Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
User Provisioning
Services
JEE Container Services
REVOKE
GRANT
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
Integration Services
Platform Services
Common Services
Audit & Compliance
Services
Id Admin Services
JEE Container Services
Logon &
Unauthenticated Console (Logon, Forgot Password, Self Reg)
Self-Service
Console (My requests, Open tasks,
User,Role,Org Admin)
Administration
Console (Configuration Management)
Administration & End-User
Console
10
Target IT Apps
Functional Architecture – OIM 11g Administration and End-User Consoles
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
User Provisioning
Services
JEE Container Services
REVOKE
GRANT
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
Integration Services
Platform Services
Common Services
Audit & Compliance
Services
Id Admin Services
JEE Container Services
Logon &
Unauthenticated Console (Logon, Forgot Password, Self Reg)
Self-Service
Console (My requests, Open tasks,
User,Role,Org Admin)
Identity Administration
Console (Configuration Management)
11
Target IT Apps
Functional Architecture – OIM 11g Custom Client Applications
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Identity Provisioning
Services
REVOKE
GRANT
Business Services Tier
Platform Services
Common Services
Audit & Compliance
Services
JEE Container Services
Business Services Tier
Integration Services
Platform Services
Common Services
Audit & Compliance
Services
Id Admin Services
JEE Container Services
SPML Web
Services Client (XSD messages)
OIM Java
API Client
Custo
me
r In
tra
/Extr
ane
t
Applic
atio
ns
ADF Taskflows
Request Webservice
12
Target IT Apps
Functional Architecture – OIM 11g Custom Client Applications
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps Identity Provisioning
Services
REVOKE
GRANT
Business Services Tier
Platform Services
Common Services
Audit & Compliance
Services
JEE Container Services
Business Services Tier
Integration Services
Platform Services
Common Services
Audit & Compliance
Services
Id Admin Services
JEE Container Services
SPML Web
Services Client (XSD messages)
OIM Java
API Client
Custom Client Applications
Custo
me
r In
tra
/Extr
ane
t
Applic
atio
ns
ADF Taskflows
Request Webservice
13
Target IT Apps
Functional Architecture – OIM 11g Identity Provisioning Services
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
Identity Provisioning
Services
JEE Container Services
REVOKE
GRANT
Data Tier
LDAP ID Store
Resource Management
Account Management
Service Accounts
Provisioning Workflow
Access Policy/RBAC
Auto Group Membership
Direct Provisioning
Offline Provisioning
Role Manager Integration
14
Target IT Apps
Functional Architecture – OIM 11g Identity Provisioning Services
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
Identity Provisioning
Services
JEE Container Services
REVOKE
GRANT
Data Tier
LDAP ID Store
Bulk Load Utility
Authoritative Reconciliation
Account and Entitlement
Reconciliation
LDAP Synch – Users, Roles
15
Target IT Apps
Functional Architecture – OIM 11g Identity Provisioning Services
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
Identity Provisioning
Services
JEE Container Services
REVOKE
GRANT
Data Tier
LDAP ID Store
Bulk Load Utility
Authoritative Reconciliation
Account and Entitlement
Reconciliation
LDAP Synch – Users, Roles
16
Target IT Apps
Functional Architecture – OIM 11g Integration Services
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
User Provisioning
Services
JEE Container Services
REVOKE
GRANT
POJO Wrapper for EJBs
Common Services
Id Admin Services
JEE Container Services
Adapter Factory
Generic Technology
Connector
Connector LCM
Identity Connector Framework
Remote Manager
17
Target IT Apps
Functional Architecture – OIM 11g Integration Services
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
User Provisioning
Services
JEE Container Services
REVOKE
GRANT
POJO Wrapper for EJBs
Common Services
Id Admin Services
JEE Container Services
Adapter factory
Generic Technology
Connector
Connector LCM
Identity Connector Framework
Remote Manager
18
Target IT Apps
Functional Architecture – OIM 11g Common Services
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
Identity Provisioning
Services
JEE Container Services
REVOKE
GRANT
LDAP ID Store
User Management
Role Management
Organization Management
Password Management
Self Service
Self Registration
Configuration Service
19
Target IT Apps
Functional Architecture – OIM 11g Common Services
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
Identity Provisioning
Services
JEE Container Services
REVOKE
GRANT
Data Tier
LDAP ID Store
Request Management
Approval Workflow
Management (BPEL Integration)
OIM User/Role DB Provider
Task List
SOA Callback Web Service
Approval Policy Management
Request Webservice
ADF Taskflows
20
Target IT Apps
Functional Architecture – OIM 11g Common Services
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
Identity Provisioning
Services
JEE Container Services
REVOKE
GRANT
LDAP ID Store
Scheduler (Quartz based)
Notification Templates
Email Definitions
System Properties
Deployment Manager
Callback Notification
21
Target IT Apps
Functional Architecture – OIM 11g Platform Services
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
User Provisioning
Services
JEE Container Services
REVOKE
GRANT
Common Services
Data Object Mechanism
Event Handlers
Kernel
Context Manager
Plug-in Framework
22
Target IT Apps
Functional Architecture – OIM 11g Platform Services
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
User Provisioning
Services
JEE Container Services
REVOKE
GRANT
Common Services
Native Data Access
Entity Manager
Toplink Integration
MDS Integration
Caching
DB Provider
LDAP Provider OIM Data Provider
23
Target IT Apps
Functional Architecture – OIM 11g Platform Services
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
User Provisioning
Services
JEE Container Services
REVOKE
GRANT
Common Services
Crypto
OJDL (Logging)
Internationalization
Multi Language Support
Fine Grained Authorization
Diagnostic Dashboard
24
Target IT Apps
Functional Architecture – OIM 11g JEE Container Services
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
Identity Provisioning
Services
JEE Container Services
REVOKE
GRANT
Data Tier
LDAP ID Store
Asynchronous Execution
(JMS, MDB)
Authentication (JAAS)
Mbeans (JMX)
Enterprise Manager
High Availability
Credential Store Framework
25
Target IT Apps
Functional Architecture – OIM 11g Audit and Compliance Services
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
User Provisioning
Services
JEE Container Services
REVOKE
GRANT
Common Services
User & Group Profile Audit
Reports
Attestation
Segregation of Duties
Entitlement Data Management
26
Target IT Apps
Functional Architecture – OIM 11g Audit and Compliance Services
Presentation Tier
Design Console
Administration & End-User
Console
SPML Gateway (Web services)
POJO Wrapper for EJBs
Business Services Tier
ADF Faces SOA Suite Entitlement Server
Data Tier
LDAP ID Store
Database
MDS
Audit DB
Integration Services
Platform Services
BI Publisher Reports
Access Manager
Adaptive Acc Manager
Enterprise Manager
Oracle Technology Stack
Oracle Fusion Apps
Custom Client Applications
Common Services
Audit & Compliance
Services
User Provisioning
Services
JEE Container Services
REVOKE
GRANT
Common Services
User & Group Profile Audit
Reports
Attestation
Segregation of Duties
Entitlement Data Management
27 27 27
Oracle Identity Manager – Deployment Architecture
28
Questions
29
30
Top Related