Wednesday, November 23, 2016

What is DCC(Detached credential collector) in OAM ??

Hello friends, Recently I came across the requirement for Detached credential collector in OAM So I  started configuring it with a sample application to understand how it works.  In my blog, I will also post about the configuration changes required for DCC.

Before we get started with these configurations, It is better to understand the main difference between the DCC and ECC(Embedded credential collector) which are supported by OAM. The major difference is way the credentials are submitted to OAM server for the validation. 

How ECC Works:
  • Embedded credential collector(ECC) engine is used for capturing the user credentials submitted which is embedded/deployed inside OAM application server from an external agent like user browser etc. So ECC services runs on application layer.
  • In ECC mechanism, user submits the credentials on the login form which will be submitted directly to OAM Server over web i.e., user credentials are submitted to OAM Server from user browser agent to OAM server running in the middle tier/App layer through a proxy over HTTP/HTTPS. You can still secure this communication by adding SSL layer but most of the people doesn't like to expose their app layer contexts.
How DCC Works:
  • In DCC mechanism, user submits the credentials on the login form which is deployed in DMZ served by DCC webgate and webgate will also takes care of submitting these credentials to OAM server through OAP communication. This OAP communication is backend channel communication happens between the webgate and OAM server. 
              So comparatively DCC is more secured mechanism while handling the user credential communication between  User browser agent and OAM servers. DCC supports almost all the features which ECC supports except a few like Challenge methods. DCC supports only Basic/form based authentications where as ECC supports many other ways of challenge mechanisms. As long as you are using the Form based mechanism for user authentications, DCC is the more secure way to use.

             Also there are several other differences between this ECC and DCC which are very well documented here.

      After going through above link, you will have a better understanding on the way how these credential collectors work in OAM and differences between these two mechanisms.

My blog post on how to configure DCC in OAM is here...

Thanks you for visiting.