Oracle Access Manager Review
Oracle's WAM Product Provides Limited Value Relative to Its Complexity


What is our primary use case?

Single sign on between analytics and financial platform for internal and external users.  Authorization was front-door only, no granularity between apps.  Used to force acknowledgement of terms of use.

How has it helped my organization?

I was able to use the new SAML Service Provider capability to consume a federated token and exchange it for an OAM token for subsequent session requests across multiple applications.

What is most valuable?

Pretty robust dynamic HTTP Header Responses
Stateful session management, enabling server-side session termination and/or prevention of concurrent logins.

What needs improvement?

The ADF UI is clunky, IMO
The session URL redirects have to be accounted for network-wise. Default is client talking to OAM Server (PDP) in middle tier, which is not realistic. Need separate load balancer/VIP just for this.
Identity propagation to backend apps still immature, IMO. Still relying on headers without any kind of callbacks or 2-way verification, even with Oracle apps.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

No

What do I think about the scalability of the solution?

Too many HA interfaces.

How is customer service and technical support?

Customer Service:

Poor. The EBS Access Gate support was delivered as a patch and support was not able to solve various problems, which I believe to be attributes to more current versions of OAM and WebLogic not being backwards compatible with the documented solution.

Technical Support:

Great blog content from A-Team at Fusion Middleware Security blog.

Which solutions did we use previously?

I've used Symplified, SiteMinder in other shops. This was an Oracle shop, so there was no discussion on which solution was best.

How was the initial setup?

Only because I was familiar. I doubt a first-timer would be able to navigate the documentation.

What about the implementation team?

I was the sole implementer as an independent contractor.

What's my experience with pricing, setup cost, and licensing?

Cannot divulge.

Which other solutions did I evaluate?

Not in this case.

What other advice do I have?

Consider alternatives. There's nothing specific to OAM required to provide SSO to Oracle applications.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful

Add a Comment

Guest
Why do you like it?

Sign Up with Email