TIP #39: SSO in Oracle application server

SSO (Single Sign On) server in Oracle AS provides a service for one time login.

SSO Component :
  • OC4J_Security
  • HTTP server

Options for Bouncing SSO

  • Bounce SSO component only
  • Bounce SSO and OID

Flow of SSO

  1. User first time tries to access application
  2. There is no login cookie, therefore it is redirected to SSO server
  3. SSO Returns username/password page to user.
  4. SSO Verified username/password with OID
  5. If password is OK, SSO return a token to client with list of all application that user has access. This token is stored in client as a cookie.

No comments: