Top 10 Oracle Access Manager Interview Questions and Answers
Q1. Make sense of The Flow When A User Makes A Request Protected By An Access Gate (not Webgate)?
The stream is displayed beneath:
The application or servlet containing the entrance entryway code gets asset demand from the client.
The entrance entryway code develops ObResourceRequest construction and access door contacts Access server to find regardless of whether asset is secured.
The entrance server answers.
In the event that the asset isn't safeguarded, access entryway permits client to get to the asset. In any case..,
Access Gate develops ObAuthenticationScheme construction to supply ask Access Server what qualifications the client needs to.
The entrance server answers.
The application utilizes a structure or another me to bring the qualifications.
The AccessGate develops ObUserSession structure which presents client subtleties to Acc Server.
On the off chance that certifications are demonstrated legitimate, access entryway makes a meeting token for the client and afterward sends an approval solicitation to the entrance server.
Access server approves assuming the client is authz to get to that asset.
Access entryway permits client to get to the mentioned asset.
Q2. When Do You Need An Access Gate?
An entrance entryway is expected rather than a standard webgate when you really want to control admittance to an asset where OAM doesnot give OOTB arrangement.
These could include:
insurance for non-http assets (EJB, JNDI and so on.,)
Execution of SSO to safeguard a blend of http and non-http assets.
A document called obAccessClient.xml is put away in the server where access door is introduced. this record contains config params entered through the configureAccessGate apparatus.
Q3. What Are The Obssocookie Contents?
Treat contains scrambled meeting token and non-encoded information.
This Encrypted Session Token comprises of : DN of the confirmed client, level of auth plot, ip address of client to which treat was given, time the treat is given, time the treat was last refreshed. In the event that the client isn't inactive, then treat will get consequently refreshed at a decent stretch to forestall meeting break. The refreshed span is the 1/4 th of inactive meeting break of accessgate.
The Unencrypted ObSSOCookie information contains treat expiry time, space in which treat is substantial, extra banner that decides whether treat must be sent utilizing SSL.
Q4. What Happens If The Obssocookie Is Tampered?
At the point when access framework produces ObSSOCookie, MD-5 hash is taken from meeting token. So when the client is verified again utilizing the treat, the MD5 hash is contrasted and unique treat contents. MD-5 hash is a one-way hash, thus it cant be decoded. Access waiter contrasts the treat items and hash. In the event that both are not same, treat is altered meanwhile. This treat doesn't contain username and secret phrase.
Q5. What Is An Access Server Sdk?
The Access Manager Software Developer's Kit (SDK) empowers you to improve the entrance the board abilities of the Access System. This SDK empowers you to make a specific AccessGate. The Access Manager SDK establishes a climate for you to construct a unique connection library or a common item to proceed as an AccessGate. You likewise need the configureAccessGate.exe apparatus to check that your client works accurately.
Q6. What Is An Identity Xml?
IdentityXML gives an automatic point of interaction to doing the activities that a client can perform while getting to a COREid application from a program. For example, a program can send an IdentityXML solicitation to find individuals from a gathering characterized in the Group Manager application, or to add a client to the User Manager.
IdentityXML empowers you to deal with straightforward activities and multi-step work processes to change client, gathering, and association object profiles.
In the wake of making the IdentityXML demand, you develop a SOAP covering to send the IdentityXML solicitation to WebPass utilizing HTTP. The IdentityXML API utilizes XML over SOAP. We pass IdentityXML boundaries to the COREid Server utilizing a HTTP request.This HTTP demand contains a SOAP envelope.When WebPass gets the HTTP demand, the SOAP envelope demonstrates that it is an IdentityXML demand instead of the typical program demand.
The solicitation is sent to the COREid Server, where the solicitation is done and a reaction is returned. On the other hand, you can utilize WSDL to build the SOAP demand. The SOAP content seems to be this, SOAP envelope (with oblix namespace characterized), SOAP body (with validation subtleties), genuine solicitation (with application name and params). The application name can be userservcenter, groupservcenter or objservcenter (for associations).
Q7. Make sense of Various Major Params Defined In Webgate Instance Profile?
Hostname: name of the machine facilitating the entrance entryway.
Greatest User Session Time: Maximum measure of time in seconds that a client's confirmation meeting is legitimate, no matter what their movement. At the lapse of this meeting time, the client is re-tested for confirmation. This is a constrained logout. Default = 36@A worth of 0 incapacitates this break setting.
Inactive Session Time (seconds): Amount of time in seconds that a client's verification meeting stays substantial without getting to any AccessGate safeguarded assets.
Most extreme Connections: Maximum number of associations this AccessGate can lay out. This boundary depends on the number of Access Server associations are characterized to every individual Access Server. This number might be more noteworthy than the number allotted at some random time.
IPValidationException: IPValidationException is intended for WebGates. This is a rundown of IP tends to that are rejected from IP address approval. It is frequently utilized for barring IP tends to that are set by intermediaries.
Most extreme Client Session Time :Connection kept up with to the Access Server by the AccessGate. On the off chance that you are sending a firewall (or another gadget) between the AccessGate and the Access Server, this worth ought to be more modest than the break setting for the firewall.
Failover Threshold: Number addressing the moment that this AccessGate opens associations with Secondary Access Servers. On the off chance that you type 30 in this field, and the quantity of associations with essential Access Servers tumbles to 29, this AccessGate opens associations with optional Access Servers.
Favored HTTP Host : Defines how the host name shows up in all HTTP demands as they endeavor to get to the safeguarded Web server. The host name in the HTTP demand is trlated into the worth gone into this field no matter what how it was characterized in a client's HTTP demand.
Essential HTTP Cookie Domain: This boundary depicts the Web waiter space on which the AccessGate is conveyed, for example, .mycompany.com.
IPValidation: IP address approval is well defined for WebGates and is utilized to decide if a client's IP address is equivalent to the IP address put away in the ObSSOCookie produced for single sign-on.
Q8. What Is Multi Domain Single Sign-on?
Multi Domain SSO enables clients to get to more than one safeguarded asset (URL and Applications), which are dispersed across various spaces with one time verification.
Q9. What Is Single Sign On?
Single Sign-On permits clients to sign on once to a safeguarded application and get sufficiently close to the next safeguarded assets inside a similar space characterized with same verification level.
Q10. Make sense of Various Security Modes Present In Oracle Access Manager?
Open: Allows decoded correspondence. In Open mode, there is no confirmation or encryption between the AccessGate and Access Server. The AccessGate doesn't request verification of the Access Server's personality and the Access Server acknowledges associations from all AccessGates. Also, Identity Server doesn't need confirmation of character from WebPass.
Basic: Supports encryption by Oracle. In Simple mode correspondences between Web clients (WebPass and Identity Server, Policy Manager and WebPass, and Access Server and WebGate are encoded utilizing TLS v@In both Simple and Cert mode, Oracle Access Manager parts use X.509 advanced authentications as it were. This incorporates Cert Authentication among WebGates and the Access Server where the standard cert-decipher module unravels the declaration and passes endorsement data to the standard credential_mapping verification module. For every public key there exists a relating private key that Oracle Access Manager stores in the aaa_key.pem record for the Access Server (or ois_key.pem for Identity Server).
Cert: Requires an outsider declaration. Use Cert (SSL) mode assuming you have an inside Certificate Authority (CA) for handling server declarations. In Cert mode, correspondence among WebGate and Access Server, and Identity Server and WebPass are scrambled utilizing Trport Layer Security, RFC 2246 (TLS v1).