Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials. Oracle Single Sign-On Server (OSSO) and Oracle Access Manager (OAM) are two Single Sign On Solutions from Oracle. Oracle Access Manager is the preferred solution going forward, and forms the basis of Oracle Fusion Middleware 11g.
Single Sign on (SSO) - One Userid/Password, multiple Applications
Most of organizations will have multiple applications, it becomes difficult to remember userid/passwords for different applications. SSO will help us to have One Userid/Password to access multiple applications and single logout from all applications
What Do I Need for Oracle Single Sign-On?
The nexus of an Oracle SSO system is the Oracle Identity Management Infrastructure installation. This consists of the following components:
An Oracle Internet Directory (OID) LDAP server, used to store user, role, security, and other information. OID uses an Oracle database as the back-end storage of this information.
An Oracle HTTP Server 11g Release 1 as a front end to the Oracle WebLogic Server. The Oracle HTTP Server is included in the Oracle Web Tier Utilities 11g Release 1 (11.1.1).
An Oracle SSO Plug-in (OAM 11g WebGate) is used to authenticate the user and create the OSSO session cookie. This is available in the Oracle Fusion Middleware 11g Identity and Access management 11g package.
The users and group information may also be loaded or modified through standard LDAP Data Interchange Format (LDIF) scripts.
Additional administrative scripts for configuring the OSSO system and registering HTTP servers.
For more information on setting up SSO, refer to either the Classic Client or Fusion Client version of the Oracle Retail Predictive Application Server Administration Guide.
Additional WebLogic managed servers are needed to deploy the business applications leveraging the OSSO technology.
Oracle SSO Terms and Definitions
This section lists the terms and definitions used in Oracle SSO.
Authentication
Authentication is the process of establishing a user's identity. There are many types of authentication. The most common authentication process involves a user ID and password.
Identity Management Infrastructure
The Identity Management Infrastructure is the collection of product and services which provide Oracle SSO functionality. This includes the Oracle Internet Directory, an Oracle HTTP server, and the Oracle SSO services. The Oracle Application Server deployed with these components is typically referred as the Infrastructure instance.
mod_wl_ohs
mod_wl_ohs operates as a module within the HTTP server that allows requests to be proxied from the Apache HTTP server to the WebLogic server.
Oracle Internet Directory
Oracle Internet Directory (OID) is an LDAP-compliant directory service. It contains user IDs, passwords, group membership, privileges, and other attributes for users who are authenticated using Oracle SSO.
Partner Application
A partner application is an application that delegates authentication to the Oracle Identity Management Infrastructure. One such partner application is the Oracle HTTP Server (OHS) supplied with the Oracle Application Server. OHS uses the OAM 11g WebGate module to configure this functionality.
All partner applications must be registered with the Oracle Access Manager.
Realm
A Realm is a collection of users and groups (roles) managed by a single password policy. This policy controls what may be used for authentication (for example, passwords, X.509 certificates, and biometric devices). A Realm also contains an authorization policy used for controlling access to applications or resources used by one or more applications.
A single OID can contain multiple Realms. This feature can consolidate security for retailers with multiple banners or to consolidate security for multiple development and test environments.
