Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Complementary
capability by Oracle
Table Of Contents
Single Sign-on
Manage sign-on to multiple
applications
Manage timeouts uniformly
OBP
IPM
User
BIP
Work-list
OIM
DOCUMAKER
Step-up authentication /
Fraud assertions
Workflow
Documents
Services
Reports
Data-store
Monitoring
Table Of Contents
Customer on-boarding
Origination process
User propagation
OIM OID LDAP-synch
Groups
Group membership
User profile
Table Of Contents
OIM
User provisioning
get login profile
OID
Authentication / SSO
OAM
webgate
OHS
access url
User
OBP UI
server
OAM Asserter
OID Authenticator
(construct JAAS subject)
1. Access
protected
resource
Landing
page
webtier / webgate
OBP - UI
BPM
worklist
BIP
Table Of Contents
Identity store
OIM
connector
Policy store
Weblogic domains
OES Administrators
User
Executive
System Entitlements
OAAM - OAAMEnvAdminGroup,
OAAMInvestigationManagerGroup,
OAAMRuleAdministratorGroup
Resource Type
Service
Page
A jspx or jsff page. Access policies are defined on the page definitions. E.g.
com.ofss.fc.ui.view.txn.customerInformation.pageDefn.casaAcctDetailsPag
eDef
Task Flow
UI Control
Report
Service Response
Element
An output field from a service. Used to protect / hash a response field if the
user does not have access.
e.g. DemandDepositManager.inquireAccountBalance.
SavingsBalanceInquiryResponse.
SavingsBalanceReportDTO.netBalance
Report Field
SOA-server
UI-server
5
2
User
User
1
3
middleware-server
Approval Checks
Transaction Limits
Roles / Policies
Transaction
Blackout
Routing
Definition
Matrix-Auth
1
2
3
Roles
Page
/attributes
Authorization policy
OBP Attributes
Add policies
Access policies on pages / task-flows / services as necessary
Deny policies on UI components
Example [deny, //resource/PI042.pt1:btnUpdate, //view]
Change matrix based policies (rules) as necessary
Teller view
Hiding UI components
Visibility of individual UI
components on each ADF page
are controlled vide OPSS
access policies (explicit deny).
Visibility can be controlled by
using 3 actions
Hide a field
Disable a field
Hash a field
Hide Branch-name
Hash Loan-purpose
Branch-name is
hidden
Loan-purpose is
hashed
Teller view
Policy files
Service
Middleware workspace
UI workspace
Developer
<<generate ADM>>
Policy files
taskflow
Policy files
taskflow
JOB : Artifact
Dependency
Map (ADM)
generator
Page
<<uses>>
Adds dev
artifacts
<<uses>
>
<<uses>
>
ADM
Policy
Import
Tool
Policy
store
(productio
n)
1. Create
fresh
policy store
Policy store
Diagnosis
Tool
Generates policy
<<uses> files
>
3. Perform upgrade
2.
Security
Configurator
Policy
store
(test)
Policy files
Policy files
Policy files
Add
policies
T2
P
Capabilities include
reporting missing
and extra security
artifacts vis--vis
config
<<uses>
>
First release
Initial seed data
preparation
Ongoing releases
as and when
new resources
are added
First release
Initial seed data
preparation
OID
Ongoing releases
as and when
new resource types and
actions
are added
Iterates through the XDO template files for report element names
Creates resources and attributes in OID for their use in access
policies.
IP: 10.180.22.96
Location: /var/build/generic_scripts/ADMGeneration
Dependency: SAILSBUILD_UI
CREATE_RESOURCE
Location:/var/build/generic_scripts
/ADMGeneration/output/
Also, Checked in in svn at
/trunk/core/config/security/opss
IP: 10.180.22.96
Location: /var/build/SecurityServerScript
Dependency: SAILSBUILD_UI
flx_sm_resources_defn
flx_md_menu_attrs_b
flx_sm_res_attrs_b
flx_sm_attrs_b
Tables+CSVs
Location:/var/build/generic_scripts
/ADMGeneration/output/
+
Tables
+
Checked in in svn at
/trunk/core/config/security/opss
WORKLIST_REPORT
IP: 10.180.22.96
Location: /var/build/generic_scripts/WorklistReports
Dependency: SAILSBUILD_UI
WorklistIntegration_*txt
VOBindingsExceptions_*.csv
Location:
1./home/hudson/tomcat/webapps/WorklistReports/
VOBindingIdentifierUtility/output
2. /home/hudson/tomcat/webapps/WorklistReports/
APPXCallReport/output/
Reports are published at :
http://10.180.22.96:7070/WorklistReports/VOBindingIdentifierUtility
http://10.180.22.96:7070/WorklistReports/APPXCallReport
SAILS_BUILD_JUNIT_SMS
IP: 10.180.22.96
Location: /u01/build/com.ofss.fc.junit.sms/junit
Dependency: SAILSBUILD_UI
Location: /u01/build/com.ofss.fc.junit.sms/junit
SECURITY_SEED
IP: 10.180.22.96
Location: /var/build/SecurityServerScript
Dependency: None
Run: During night
OID Policystore
Table Of Contents
Extensibility
Access policies achieve flexibility through execution of attributesbased rules.
Fixed set of OBP entities and attributes, on which policy rules
can be based, will be factory shipped and supported out-of-the
box. Entities currently supported are
DemandDepositAccount
TermDepositAccount
Party
User
Branch
LoanAccount
Table Of Contents
Use Case
Add users in OIM
Add users to groups in OIM
Login declarative and programmatic
Single Sign On across Banker UI, IPM, Worklist, BIP
Build session context on the basis of user search
Build menu on the basis of a list of granted pages
View users granted access on a page
Ascertain user access to service subject to constraints (rules)
Restrict access to screen fields Hide / disable / hash value
Restrict access to specific reports
Restrict access to certain report columns
Hash certain fields in web service output
Assert identities across servers (customer portal, banker UI,
application server)
Add policies using APM
Protect web-services calls using OWSM
Enable third-party access