Differences between DCC and ECC:
Access Manager supports the embedded credential collector (ECC) by default and also enables you to configure the latest Webgate to use as a detached credential collector (DCC, also known as an Authenticating Webgate).
DCC : The Detached Credential Collector remains a logical part of the server and acts as a front channel communication endpoint of the OAM Server. DCC will be more secure when compared with ECC because it resides outside the boundary of OAM Server.
Access Manager supports the embedded credential collector (ECC) by default and also enables you to configure the latest Webgate to use as a detached credential collector (DCC, also known as an Authenticating Webgate).
DCC : The Detached Credential Collector remains a logical part of the server and acts as a front channel communication endpoint of the OAM Server. DCC will be more secure when compared with ECC because it resides outside the boundary of OAM Server.
DCC can override ECC with simple configuration.
Authentication Process in DCC:
- Works in both 10g and 11g Webgates
- Handles Form-based authentication, which consists of a challenge to the user for their credentials (simple form or multi-factor).
- Decrypts the authentication request message from the agent using the agent key; performs basic integrity checks; validates request time; and extracts all parameters from the request including request context.
- Constructs the authentication response message, including request context originally retrieved, encrypts obrar using the agent key.
- Decrypts the logout redirect request using the agent key to trigger logout processing.
ECC: The Embedded Credential Collector is deployed with, and integral to, the OAM Server and part of the protocol binding layer
Authentication Process in ECC:
Authentication Process in ECC:
- The ECC handles the request coming to the protocol binding layer (PBL), which converts it and sends it to the SSO Engine.
- The SSO Engine checks for a valid session and, if none, transfers control to the Authentication Engine.
- The Authentication Engine checks for resource protection and fetches the authentication scheme associated with the resource.
- The ECC interacts with the client, accepts the data, and submits this to the PBL.