secure forms applications · •identity manager • ... oracle adaptive access manager oracle...
TRANSCRIPT
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 1
Secure Forms Applications with OAM, OAAM and DB Label Security
Roy Schultheiß,
Sudhir Tadi
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 2
The following is intended to outline our general product direction. It is intended
for information purposes only, and may not be incorporated into any contract.
It is not a commitment to deliver any material, code, or functionality, and
should not be relied upon in making purchasing decisions. The development,
release, and timing of any features or functionality described for Oracle’s
products remains at the sole discretion of Oracle.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 3
Agenda Introduction
Solution Architecture
Use Case Demonstration
Business Benefits
Q&A
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 4
Introduction
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 5
Introduction EMEA Presales Center
Malaga
Bucharest
Bangalore
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 6
Introduction
We had to showcase the following Security Features for
a Forms Application running on a WebLogic Application Server:
Single Sign-on
Fraud Detection and Strong Authentication
Geographic Location Access Control
Turn Oracle Forms into a modern and secure Application
The Challange
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 7
Solution Architecture
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 8
Solution Architecture Product Selection
Oracle Access
Manager
Single Sign-On
Oracle Adaptive
Access Manager
Fraud Detection
Strong Authentication
Oracle Label
Security
Oracle Adaptive
Access Manager
Location Security
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 9
Governance
• Identity Manager
• Identity Analytics
• Privileged Account Manager
Access
• Access Manager
• Adaptive Access Manager
• Identity Federation
• Entitlement Server
• Mobile & Social Sign On
Directory
• Unified Directory
• Directory Server EE
• Internet Directory
• Virtual Directory
Platform Security Services
Solution Architecture Identity Management Platform
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 11
Solution Architecture Access Management
ACCESS
MANAGER
Scalable
Deployment
Single
Sign-on
Centralized
Policy
Management
Mobile &
Social
Access
Management
In a complex
Environment
Web SSO
Authentication & Authorization
Policy Administration
Session Management
Windows Native Authentication
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 12
Solution Architecture Access Management
ADAPTIVE
ACCESS
MANAGER
Helps
Preventing
Fraud
Security for
Browser &
Mobile
Risk based
Authentication
Device Tracking
Answer Logic
One Time Password
Risk Analytics
Investigation & Forensics
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 13
Solution Architecture Oracle Label Security
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 14
Solution Architecture Architecture
OAM WebGate
OAM WebGate
Oracle Access Manager
Oracle Adaptive Access Manager
Oracle Internet
Directory
Oracle Forms
Web Application
End-User
Single Sign-On
to Enterprise
Applications
HTTP/S
HTTP/S
LDAP/S
Secure
Protocol
over SSL
User Identities
Security Policies
Database
HTTP Server
Resource
Access
Descriptors
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 15
Solution Architecture Architecture
OAM WebGate
OAM WebGate
Oracle Access Manager
Oracle Adaptive Access Manager
Oracle Internet
Directory
Oracle Forms
Web Application
End-User
Single Sign-On
to Enterprise
Applications
HTTP/S
HTTP/S
LDAP/S
Secure
Protocol
over SSL
User Identities
Security Policies
Database
HTTP Server
Resource
Access
Descriptors
Label
Security
IP address
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 16
Solution Architecture Sending End-User‘s IP into the DB
Source: http://docs.oracle.com/cd/E24269_01/doc.11120/e24477/javascript.htm
Trigger: WHEN-CUSTOM-JAVASCRIPT-EVENT
JavaScript Events Calling into Oracle Forms
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 17
Use Case Demonstation
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 18
a) First time access with restricted view
b) User Accessing from Trusted Source
c) User accessing outside Restricted Area
Use Case Demonstration
Oracle Access Management
OAM WebGate
OAAM Registration
OAM WebGate
Sample Web
Application
Oracle Forms
Servlet
End-User
Allowed Location
1
2
Access Sample Web
Application
Access Oracle Forms
User Store
Employees
Managers
Database Oracle Forms Server
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 19
a) First time access with restricted view
b) User accessing from Trusted Source
c) User accessing outside Restricted Area
Use Case Demonstration
Administrator
Adding Trusted IP
1
OAM WebGate
OAAM Authentication
Oracle Forms
Servlet
2
User Store
Employees
Managers
Database Oracle Forms Server
End-User
Allowed Location
Access Oracle Forms
Oracle Access Management
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 20
a) First time access with restricted view
b) User accessing from Trusted Source
c) User accessing outside Restricted Area
Use Case Demonstration
Oracle Forms
Servlet
2 Access Oracle Forms
(blocked)
Administrator
Defining Restricted Area
1
End-User
Outside Restricted Area
Oracle Access Management
OAM WebGate
OAAM Authentication
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 21
Business Benefits
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 22
Business Benefits
Increased end-user productivity
Increased agility
Reduced risk – avoid costs!
Enhanced security and compliance
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 23
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 24
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 25