I was able to use the new SAML Service Provider capability to consume a federated token and exchange it for an OAM token for subsequent session requests across multiple applications.
Pretty robust dynamic HTTP Header Responses
Stateful session management, enabling server-side session termination and/or prevention of concurrent logins.
The ADF UI is clunky, IMO
The session URL redirects have to be accounted for network-wise. Default is client talking to OAM Server (PDP) in middle tier, which is not realistic. Need separate load balancer/VIP just for this.
Identity propagation to backend apps still immature, IMO. Still relying on headers without any kind of callbacks or 2-way verification, even with Oracle apps.
Too many HA interfaces.
Poor. The EBS Access Gate support was delivered as a patch and support was not able to solve various problems, which I believe to be attributes to more current versions of OAM and WebLogic not being backwards compatible with the documented solution.
Great blog content from A-Team at Fusion Middleware Security blog.
I've used Symplified, SiteMinder in other shops. This was an Oracle shop, so there was no discussion on which solution was best.
Only because I was familiar. I doubt a first-timer would be able to navigate the documentation.
I was the sole implementer as an independent contractor.
Not in this case.
Consider alternatives. There's nothing specific to OAM required to provide SSO to Oracle applications.