Data repositories within Oracle Access Manager refer to a collection of user identity stores and a database for policies, session store, and audit store.
There are different data repositories in OAM such as:-
1) Identity Store – LDAP
2) Policy Store – Oracle Database
3) Session Store – Coherence In-Memory, Oracle Database
4) Config Store – File
5) Keystore – CSF, JKS
6) Audit Store – File, Oracle Database
1) Identity Store refers to store containing enterprise users & group.
a) By default, OAM 11g uses the embedded LDAP in the WebLogic Server domain as the user identity store.
b) There are two default seeded users: weblogic (this user is the default administrator and is a member of the Administrators group) and OracleSystemUser (Oracle application software system user and is a member of OracleSystemGroup). Weblogic user is used to log in to the OAM Console.
c) The user and group populations are created and managed by using WLS admin console > Security Realms > myrealm > Users and Groups. Other LDAP browser can also be used to connect to WLS Embedded LDAP server including LDAP Browser, Softerra LDAP administrator, JXplorer, Apache LDAP directory Studio and so on.
d)There are a total of eight seeded groups:
• AdminChannelUsers (AdminChannelUsers can access the administration channel.)
• Administrators (Administrators can view and modify all resource attributes and start and stop servers.)
• AppTesters (AppTesters group)
• CrossDomainConnectors (CrossDomainConnectors can make inter-domain calls from foreign domains.)
• Deployers (Deployers can view all resource attributes and deploy applications.)
• Monitors (Monitors can view and modify all resource attributes and perform operations not restricted by roles.)
• Operators (Operators can view and modify all resource attributes and perform server life cycle operations.)
• OracleSystemGroup (Oracle application software system group)
e) There are a total of nine seeded global roles:
e) As mentioned in point a) that by default, OAM 11g uses the embedded LDAP in the WebLogic Server domain as the user identity store. However, a number of other external LDAP repositories can also be registered as user identity stores. Some of the supported user directories are: Oracle Internet Directory, Sun LDAP Directory (iPlanet), Novell eDirectory, Microsoft AD and openLDAP. Besides these standard directories, you can also configure OAM to communicate with Oracle Virtual Directory, which in turn exposes user data from multiple repositories that it communicates with.
f) Access Manager requires a System Store and a Default Store.
System Store: Only a single User Identity Store can (and must) be designated as the System Store. This is used to authenticate Administrators signing in to use the Oracle Access Management Console, remote registration tools, and custom administrative commands in WLST.
Default Store: As the name implies, the LDAP store designated as the Default Store is the automatic choice for LDAP Authentication Methods unless you configure a different store.
During initial WebLogic domain configuration, the Embedded LDAP store is configured as the one and only User Identity Store that is designated as both the System Store and the Default Store. You can mark any single identity store as both- System & Default store. OR you can choose 2 different identity stores for this purpose. But there can be ONLY 1 System store & 1 Default store.