F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Access Policy Manager: Third-Party Integration
  3. apm-integration-with-oracle-access-manager
  4. OAM 11g SSO integration example
Manual Chapter : OAM 11g SSO integration example

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 16.0.0, 15.1.0
Manual Chapter

OAM 11g SSO integration example

Let's walk through an example deployment with Oracle 11g. You can integrate Access Policy Manager with a Oracle 11g server whether it is configured for single sign on (SSO) single domain or SSO multi-domain. To keep this example simple, we will assume that Oracle 11g server is configured for SSO single domain. The Oracle 11g server performs all authentication. A single Resource WebGate is configured in OAM.
In Access Policy Manager on the BIG-IP system, a AAA OAM server has been configured and includes the details of the OAM Access Server and one AccessGate. One virtual server has been configured with OAM native integration enabled. BIG-IP Application Security Manager® (ASM) is installed in another virtual server as a web application firewall configured to prevent DoS and mitigate brute force attacks.
This figure depicts the traffic flow for the example.
Accessing a protected resource using Access Policy Manager deployed with OAM 11g
Typical OAM SSO configuration after APM native integration is enabled
  1. Client requests access to a resource. The request comes to the Resource Webgate (RWG).
  2. RWG checks whether the resource is protected per OAM. The resource is protected and the user has not yet authenticated.
  3. RWG sends a 302 redirect to the client so that the client will be redirected to the OAM 11g server for authentication.
  4. User will follow the redirect to OAM 11g server for authentication. In this example, the user has never been authenticated and form-based authentication is the authentication scheme of the OAM policy protecting the original user-requested resource.
    Before going to OAM, traffic is checked against security policies that are configured with anomaly protection on ASM, provided that the ASM module is enabled to protect the OAM 11g server on the BIG-IP system.
  5. OAM sends a login page to the client.
  6. User submits credentials which come to OAM server where the user's credentials will be validated. In this example, it is assumed that the user submitted valid credentials.
  7. After user credentials are successfully validated on the OAM 11g server, the server will send another 302 redirect, so that the user will be redirected back to the original RWG.
  8. Resource request comes to RWG.
  9. RWG verifies the user's original request again using the
    ObSSOCookie
     passed from the OAM 11g server. Upon successful authorization, the user will be allowed to access the resource.
  10. The protected resource behind VIP1 will be sent back to the user.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information