Manual Chapter :
How does native integration with OAM work?
Applies To:
Show Versions
BIG-IP APM
- 16.0.0, 15.1.0
How does native integration with OAM work?
You can achieve SSO functionality with OAM for HTTP/HTTPS requests passing through a virtual
server to the web application. With OAM support enabled on a Local Traffic
Manager™ (LTM) virtual server, Access Policy Manager will be the OAM policy enforcement point (PEP) on the BIG-IP
system, while the OAM server is still the policy decision point (PDP) in the overall system
architecture. When a user requests access to a protected web resource, Access Policy Manager
communicates with the OAM server to determine whether the user can be authenticated/authorized
for the request, and enforces the policy evaluation decision (made by OAM server) on the BIG-IP
device.
These figures show a typical configuration before and after OAM native integration is
enabled.
Typical configuration before OAM native integration is enabled on the BIG-IP
system
In this figure, individual WebGates, installed on each web server, interact with the OAM Access
Server.
Typical configuration after OAM native integration is enabled on the BIG-IP system
In this figure, WebGates are no longer required on the web servers, and, even if they are
installed, they are not used. Access Policy Manager acts in place of the WebGates, contacting the
OAM Access Server for policy information, and enforcing the policies.
Oracle Access Manager relies on synchronized time on all Oracle Identity
Management systems and BIG-IP systems. Thus, a reliable source is used on all components of a
deployment. It is also recommended to use NTP servers. OAM Access Server time can be ahead of
BIG-IP system time by fewer than 60 seconds, while BIG-IP system time should never be ahead of
OAM Access Server time. Differences in system clocks can cause the system to reject all requests
to the Identity Server.
