Today lets discover Single Sign-On (SSO) like why its used , advantages of using it , what all different type of applications can use SSO including technical details of SSO .
What is Single Sign-On Server (SSO) ?
As name says Single-Sign On Server is set of services (Software) which enables login to Application once which will allow you to login to Ppartner Applications with no need to login again. Lets assume I have configured single SSO Server for Portal , E-Business Suite, Collaboration Suite plus some other other applications, Now if I login to any one of them & after that if I wish to login to other applications I should be able to login without supplying passwords again.
How will I log off then ?
This is called as Single Sign-Off which is part of SSO server , If you logout from any one application SSO server will log off from all applications.
What are Technology Stack components of SSO Server ?
SSO consist of OC4J_Security & HTTP Server which are part of Oracle Identity Management which inturn part of Oracle Infrastructure Server which in turn part of Oracle Application Server. SSO server uses Oracle Internet Directory to store User Credentials in encrypted format for Partner Applications . If some one ask you to bounce SSO server , you bounce either of them or both . Oracle components uses mod_osso which is part of Oracle HTTP Server to connect to SSO server.
Partner Application & External Applications ?
As mentioned above lot of time about Partner Applications ; Partner Applications are the one which delegates their authentication to SSO server (like Portal, Discoverer, E-Business Suite, Collaboration Suite) where as External Applications are applications which don’t delegate their authentication to SSO Server (like yahoo, google, hotmail applications).
What does delegating Authentication means here ? Delegating authentication means partner application will ask sso to verify if a user is authenticated properly or not where as external application will check username/password at their end sso server will simply hold username/password in OID (If users select remember external application password)
Request Flow when SSO is used …
Very important to understand request flow when a application is configured with SSO & user tries to access Application .
1) User first time tries to access application (like portal, collabsuite, apps 11i) configured with sso server
2) Application checks that there is no login cookie set into User(Clients) browser so Application redirects it to Single Sign-On Server via mod_osso
3) Single Sign-On Server returns login page to user & user enter his/her username/password
4) SSO validates these password against one stored in Oracle Internet Directory
5) If password matches then SSO return a token to client with list of all applications which user has access and return client back to original application
6) This token is stored as part of cookie in user’s/client’s browser & further connections from client to applications will be allowed (as authentication token is already in cookie)
Do you know how to access Single Sign-On server from browser or what is SSO URL ?
Lot more on OID & Identity Management including IM Cluster coming soon …
Related Posts for Apps SSO/OID Integration
- 25 Things Apps DBA should know for Apps 11i/R12 Integration with OID/SSO
- Questions for Oracle Apps 11i & R12 Integration with 10g AS/SSO
- Oracle Single Sign-On Server for Apps DBA
- Clone Apps 11i/R12/12i integrated with SSO
- Notes/Docs to integrate Apps 11i with 10g AS Portal/OID/SSO
- Migrate Users to/from OID and Oracle Apps 11i/R12
- User created in Apps 11i/R12/12i not sync to OID
- Apps 11i/R12/12i Registration/Deregistration with OID/SSO : internals
- Error while running SSO registration on 11i : txkrun.pl -script=SetSSOReg
- How to Deregister SSO/OID from Oracle Apps 11i/R12/12i
- Error adding new User (11i) – unable to call fnd_ldap _wrapper .create_user
- Unable to call fnd_ldap_wrapper . create_user / update_user ORA-20001
- Oracle Access Manager 11g is now certified with E-Business Suite (Apps) R12
- Integrate Oracle Apps (E-Business Suite) R12 with Oracle Access Manager (OAM) 11g for SSO
- EBusiness Suite (Apps R12) integration with OAM 11g : inter component communication and Ports to open in FireWall
- 10g WebGate Installation with OAM 11g : Access Server ID, Port and WebGate ID
- EBS R12 integration with WebCenter – Error retrieving WSDL at URL OA_HTML/ portlets/ WSRPBaseService?WSDL
- Integrate E-Business Suite with Oracle WebCenter (220.127.116.11) using OID and OAM (11g) as SSO
- EBS R12 integrated with SSO (OAM/OSSO) prompting for username / password again : Your Oracle E-Business Suite account has not been linked
- EBS OAM integration : Logout should re-direct to different URL