Total Pageviews

Saturday, February 4, 2017

difference between 10g webgate and 11g webgate

from oracle

Here is 11g features:
  • Oracle Universal Installer for platform. Generic for all platforms
  • Host-based cookie
  • Individual WebGate OAMAuthnCookie_ making it more secure
  • A per agent key, and server key, are used. Agent key is stored in wallet file and Server key is stored in Credential store
  • One per-agent secret key shared between 11g WebGate and OAM Server One OAM Server key
  • OAM 11g supports cross-network-domain single sign-on out of the box. Oracle recommends you use Oracle Identity Federation for this situation.
  • Capability to act as a detached credential collector
  • Webgate Authorization Caching
  • Diagnostic page to tune parameters
  • Has separate install and configuration option. Hence, single install and multiple instance configuration is supported.
And 10g:

  • InstallShield and One installer per platform
  • Domain-based cookie
  • ObSSOCookie (one for all 10g Webgates)
  • Global shared secret stored in the directory server only (not accessible to WebGate)
  • There is just one global shared secret key per OAM deployment which is used by all the WebGates
  • OAM 10g provides a proprietary multiple network domain SSO capability that predates Oracle Identity Federation. Complex configuration is required.
  • One Web server configuration supported per WebGate. Need to have multiple WebGates for multiple instances.

configuring e-Auth Mode at OIF thru WLST



Configuring for eAuth Mode

You can configure the Oracle Identity Federation server to comply with the eAuth specifications. Most of the configuration is performed through Fusion Middleware Control, but the specifications require the presence of two attributes in the SSO assertion that can only be configured through the MBeans/WLST scripts:

the us:gov:e-authentication:basic:specVer attribute containing the version of the eAuth specifications supported by this server

the us:gov:e-authentication:basic:Sid attribute containing the session identifier of the user performing the single sign-on

To configure Oracle Identity Federation to set those two attributes (for a specific provider) and to set the value of the eAuth version, enter the WLST script environment for Oracle Identity Federation instance, and set the following properties if needed:

Set the eauthmodeenabled boolean property for the remote provider to true to enable the eAuth mode:

setFederationProperty(REMOTE_PROVIDER_ID,
'eauthmodeenabled', 'true', 'boolean')
##
## replace REMOTE_PROVIDER_ID with the identifier of the remote provider
Set the eauthversion string property from the idpglobal group to the value the Oracle Identity Federation server should use (2.0 for example):

setConfigProperty('idpglobal', 'eauthversion', '2.0', 'string')