Total Pageviews

Friday, February 27, 2015

OAM 11gR2 difference between ECC and DCC Authentication Model


DCC    => Detached Credential Collector (AKA Authenticating WebGate), new feature introduced in  11gR2 

ECC    => Embedded Credential Collector, default 11g behaviour


in OAM 10g user credentials are submitted to Webgate and than Webgate communicate to OAM server with mitigate the chanegs. when OAM 11G version was introduced, it had different flow. user credentials are submitted to webgate and webgate displays OAM server login page(for credential collection). so, you have to expose OAM server for credentials submissions that is not a good practice for companies who dont want to have  OAM exposed, it is security volatility for them. so Oracle provided DCC feature in OAM 11gR2.

Now, when you are configuring 11gR2 Webgate you have a check box "Allow Credentials Collector Operators". if you click this check box users credentials will be submitted to Webgate(middle tier) and webgate will submit user credentials to OAM server.

DCC is the way to go now a days, now companies have option to separate Webgate in webtire from OAM server.




No comments:

Post a Comment