I am trying to implement Oracle Single Sign-on with our Oracle 9i and 10g databases in a Windows environment. We have an internally written legacy application that we are trying to incorporate Single Sign-on. I have been able to use Single Sign-on when I use SQL+ from the command prompt. But I have not been able to implement it with our Legacy application. I have Oracle 9i and 10g Enterprise Editions installed with none of the added cost features such as Advanced Security.
Are there other Oracle pieces that are needed for SSO to work with legacy products?
Can someone point me to some documents with instructions?
Thanks in Advance,
06-03-2009, 07:47 AM
How do the users login to legacy system?
How does the legacy system login to the database?
The most common scenario is:
a) Your OID is synchronized with M$ Active Directory where user accounts and passwords are managed.
b) Applications use LDAP to validate login.
Therefore, you may need to change the legacy login procedure to use LDAP for account validation.
PS: If you are lucky, the legacy application may already have LDAP configured and you would just have to "turn it on".
06-03-2009, 08:29 AM
Oracle Single Sign-on
LKBrwn_DBA thanks for the reply.
They launch the application and get a logon screen to enter username/password/datasource
The database is stored on a DB Server. The client application is on a physical or virtual machine.
The legacy system logs in to the database via the ODBC data source. The user can login as long as the user is created in the database and has the correct permissions.
Part of what I was not clear about was what was needed to be installed with Oracle for SSO to work. The OID was not selected when Oracle was installed.
Only the basic selections were made when Oracle was installed. I'm trying to determine what are the missing pieces needed.
06-03-2009, 01:25 PM
Oid + ias + sso
What I do not understand is your statement: "I have been able to use Single Sign-on when I use SQL+ from the command prompt".
If you have not installed OID, then you do not have SSO.
OID (Oracle Internet Directory) + IAS (Application Server) is required for SSO.
I had come across a document related to SSO stating that you could use the Oracle Admin Assistant for Windows.
What I had done was go into the Oracle Admin Assistant for Windows and added myself as a user with my domain name under OS Database Administrators and OS Database Operators. Also under the Databases section I had selected this user and added some rights/privs/permissions etc.
Within the database I had created myself as a user using my domain name.
Once this was done I went to the command prompt and typed sqlplus /@db and when I did the show user it listed my domain name.
Upon doing further research I thought there were other Oracle pieces that were needed like Oracle Advanced Security for one. Then further reading showed possibly a directory server needed to be set up. I couldn't find anything that definitively stated for SSO you need exactly these pieces.
So thanks for letting me know the 2 pieces that are needed and I will take this and have a real attempt at setting up SSO. And for the notice about configuring the legacy app to use LDAP for account validation.
I'll let you know how I get on.
06-08-2009, 07:59 AM
Typing sqlplus /@db is NOT Single Sign-on but rather logging in to the database(s) as an externally identified user (Oracle identifies the user as being an OS account belonging to the "DBA" group).
For Single Sign-On, you need to install OID (Oracle Internet Directory) which you then can synchronize with the WinDoze Active Directory to support corporate-wide SSO.
Also for the Applications to be able to "use" SSO, they themselves have to have configured (and available) a module/plugin/program that supports SSO.
06-08-2009, 09:54 AM
Thanks LKBrwn_DBA for your information and patience. In the environment I'm in I need all the luck I can get. I have downloaded the Oracle Identity management software and will begin to take a look at that.
06-19-2009, 09:59 AM
Oracle Single Sign-on
More questions. Yes, I have found we are using Oracle External Authentication and calling it SSO. I have had some information from one of our clients that they have in the startup string "C:\Program Files\SunGard\Adaptiv MasterFiles\Bin\Adaptiv.Operations.exe" -sso -db:Panorama:ds:ADAPTIV_DEV -db:Reference:ds:ADAPTIV_DEV. I have tried that at our ofc but get ORA-01005:null password given; logon denied. I have my internalname created in the DB and identified as external authentication. I have changed the parameters *.remote_os_authent=TRUE
Within the applicationthe internalname is mapped to application user. I am not sure what else needs to be done? Any suggestions? Thanks in Advance.