1. Authentication Data Store assists in users' authentication
2. Identity Data Store holds the users' profiles
- Usually, there is a 1-to-1 mapping between a user in the authentication data store and a user in the identity data store
- Authentication data can also be stored together with Identity Data Store
- i.e. The Sun LDAP is used for both Authentication and Identity
- The reserve is also true: Active Directory can be configured for both purposes
3. Configuration Data Store is used for storing service configuration data and other information pertinent to the server's operation. Policies are also stored here.
- We used to store Configuration data in Sun LDAP as well
- However, since version Access Manager 8.x (aka OpenSSO 8.x), these data is now stored in the embedded OpenDS.
- This embedded OpenDS makes configuration for high-availability easier - less work to do
.