DBAsupport.com Forums - Powered by vBulletin
Results 1 to 8 of 8

Thread: Oracle Single Sign-on

Hybrid View

  1. #1
    Join Date
    May 2009
    Posts
    7

    Oracle Single Sign-on

    I am trying to implement Oracle Single Sign-on with our Oracle 9i and 10g databases in a Windows environment. We have an internally written legacy application that we are trying to incorporate Single Sign-on. I have been able to use Single Sign-on when I use SQL+ from the command prompt. But I have not been able to implement it with our Legacy application. I have Oracle 9i and 10g Enterprise Editions installed with none of the added cost features such as Advanced Security.
    Are there other Oracle pieces that are needed for SSO to work with legacy products?
    Can someone point me to some documents with instructions?


    Thanks in Advance,

    pengwen

  2. #2
    Join Date
    Jul 2002
    Location
    Lake Worth, FL
    Posts
    1,492

    Cool Ldap?

    How do the users login to legacy system?
    How does the legacy system login to the database?

    The most common scenario is:
    a) Your OID is synchronized with M$ Active Directory where user accounts and passwords are managed.
    b) Applications use LDAP to validate login.

    Therefore, you may need to change the legacy login procedure to use LDAP for account validation.

    PS: If you are lucky, the legacy application may already have LDAP configured and you would just have to "turn it on".
    "The person who says it cannot be done should not interrupt the person doing it." --Chinese Proverb

  3. #3
    Join Date
    May 2009
    Posts
    7

    Oracle Single Sign-on

    LKBrwn_DBA thanks for the reply.

    They launch the application and get a logon screen to enter username/password/datasource

    The database is stored on a DB Server. The client application is on a physical or virtual machine.

    The legacy system logs in to the database via the ODBC data source. The user can login as long as the user is created in the database and has the correct permissions.

    Part of what I was not clear about was what was needed to be installed with Oracle for SSO to work. The OID was not selected when Oracle was installed.
    Only the basic selections were made when Oracle was installed. I'm trying to determine what are the missing pieces needed.

    Regards,

    Pengwen

  4. #4
    Join Date
    Jul 2002
    Location
    Lake Worth, FL
    Posts
    1,492

    Cool Oid + ias + sso

    What I do not understand is your statement: "I have been able to use Single Sign-on when I use SQL+ from the command prompt".

    If you have not installed OID, then you do not have SSO.

    OID (Oracle Internet Directory) + IAS (Application Server) is required for SSO.

    Check out the Oracle Identity Management documentation.
    "The person who says it cannot be done should not interrupt the person doing it." --Chinese Proverb

  5. #5
    Join Date
    May 2009
    Posts
    7
    Thanks LDBrwn_DBA.

    I had come across a document related to SSO stating that you could use the Oracle Admin Assistant for Windows.

    What I had done was go into the Oracle Admin Assistant for Windows and added myself as a user with my domain name under OS Database Administrators and OS Database Operators. Also under the Databases section I had selected this user and added some rights/privs/permissions etc.
    Within the database I had created myself as a user using my domain name.

    Once this was done I went to the command prompt and typed sqlplus /@db and when I did the show user it listed my domain name.

    Upon doing further research I thought there were other Oracle pieces that were needed like Oracle Advanced Security for one. Then further reading showed possibly a directory server needed to be set up. I couldn't find anything that definitively stated for SSO you need exactly these pieces.

    So thanks for letting me know the 2 pieces that are needed and I will take this and have a real attempt at setting up SSO. And for the notice about configuring the legacy app to use LDAP for account validation.

    I'll let you know how I get on.

    Regards,

    pengwen

  6. #6
    Join Date
    Jul 2002
    Location
    Lake Worth, FL
    Posts
    1,492

    Talking Not SSO

    Typing sqlplus /@db is NOT Single Sign-on but rather logging in to the database(s) as an externally identified user (Oracle identifies the user as being an OS account belonging to the "DBA" group).


    For Single Sign-On, you need to install OID (Oracle Internet Directory) which you then can synchronize with the WinDoze Active Directory to support corporate-wide SSO.

    Also for the Applications to be able to "use" SSO, they themselves have to have configured (and available) a module/plugin/program that supports SSO.

    Good Luck!
    "The person who says it cannot be done should not interrupt the person doing it." --Chinese Proverb

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width