Oracle OAM Interview Questions & Answers

Oracle OAM Interview Questions & Answers

Q: Describe the Architecture of OAM 11g?

The Oracle Access Manager resides on the Oracle WebLogic Administration Server (known as AdminServer). WebLogic Managed Servers hosting OAM runtime instances are known as OAM Servers. OAM 11g is a J2EE application.
Following Components are involved in OAM
1. Webgate
2. OAM Server
3. OAM Console
Oracle Access Manager (OAM) provides centralized, policy-driven services for authentication, single sign-on (SSO), and identity assertion.

Q: What is WebGate Agent?

OAM agent, also known as WebGate is a pre-packaged web server plugin which communicates with OAM server. There are two versions of OAM Agents, namely 11g WebGates and 10g WebGates.

Q: What is SSO?

SSO (Single Sign On), provides the ability to login to one application once, and login to same/other applications linked to same OAM without prompting for password.

Q: What is the difference between authentication and authorization in OAM?

Authentication is to check if users identity by obtaining some credentials and it will always followed by Authorization process. Authorization is to allow/disallow authenticated user to access application/pages they have access to.

Q: What is authorization module in OAM?

An authorization policy/module is to specify the conditions under which a subject or identity has access to a particular resource.

Q: How many types of resources are available in OAM and what is the use of Resources?

1. Protected Resource -- URL's protected by OAM
2. Public Resource -- URL's not protected by OAM (Public)

Q: What is the use of anonymous scheme in OAM?

Unprotected resources must be included in an authentication policy that uses an authentication scheme with a protection level of 0. Most often this will be the anonymous authentication scheme.

Q: What is the major difference between OAM 10g and OAM 11g?

1. Architecture Components
11g: Agents: Webgate, Access Client, mod_osso, and IAMSuiteAgent, OAM Server, Oracle Access Manager Console (installed on WebLogic Administration Server)
10g: Resource Webgate (RWG), Authentication Webgate (AWG),AccessGate, Access Server, Policy Manager
2. OAM 11g uses, Host-based authentication cookie where as 10g users Domain- based Cookie.
3. Cryptographic keys is one per agent in OAM 11g, One global shared secret key for all Webgates in OAM 10g

Q: What is the use of Host Identifier?

Policies protect resources on computer hosts. Within Oracle Access Manager, the computer host is specified independently using a host identifier.

Q: What is persistent session management is OAM?

The session is created in the distributed in-memory cache. A copy is available in the local in-memory cache on the computer hosting the resource. If session persistence to database is enabled, the session is also written to the database.

Q: Explain the process of protecting web application using OAM and SSO login flow?
1. Register the Webgate Agent
2. Copy Generated Files and Artifacts to the Webgate Instance Location

Q: What are Header Variables and how it is useful?

Depending on the actions (responses in Access Manager) specified for authentication success and authentication failure, the user may be redirected to a specific URL, or user information might be passed on to other applications through a header variable or a cookie value.

Q: What is the difference between Access Gate and Web Gate?
1. A WebGate is a web-server plug-in for Oracle Access Manager (OAM) that intercepts HTTP requests and forwards them to the Access Server for authentication and authorization.
2. AccessGate is custom access client developed using AccessSDK to protect non web-based applications protected by OAM 11g

Q: What is authentication Policy in OAM?

authentication policies are used to protect specific resources. The authentication policy provides the sole authentication method for resources governed by the policy.Each authentication policy defines the type of verification that must be performed to provide a sufficient level of trust for Access Manager to grant access to the user making the request.

Q: Explain the high level steps for Integrating E-Biz R12.2 with OAM 11gR2?

1. Install Database for OAM/OID
2. Run RCU
3. Install Weblogic, IDAM, OID and OHS
4. Create Domain for OAM and OID
5. Upgrade OPSS
6. Create DIP to integrate AD to OID
7. Apply EBS 12.2 patches for OAM
6. Install and Configure Access Gate on 12.2
7. Integrate EBS to OID

Q: What is the difference between SSO and ESSO?
SSO is to enable Single Sign On on Oracle Products and ESSO is to enable Single Sign On on both oracle and non-oracle products including Desktop, Windows password reset etc.,

Q: What are different types of Identity Store?
1. System Identity Store -- Used to authenticate System users like weblogic
2. Default Identity Store -- Used as default authentication for other users/applictions

Q: What is the use of Reverse Proxy?

A proxy server is a go-between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. Typically a reverse proxy is used to hide application server from end-users and/or for URL masking.

Q: Name some new features of OAM11gR2?

Dynamic Authentication -- Dynamic authentication is the ability to define what authentication scheme should be presented to a user base on some condition.
Persistent Login (Remember Me) -- Persistent Login is the ability to let users login without credentials after the first-time login.
Policy Evaluation Ordering -- The out-of-the -box algorithm is based on the "best match" algorithm for evaluating policies.
Delegated Administration -- The ability to select users who can administer their own application domains.
Unified Administration Console -- The console screen has a new look; a new single 'Launch Pad' screen with services that are enabled based on user roles.
Session Management -- Ability to set idle session timeout's at the application domain level