Wednesday, September 15, 2010

Wall-to-wall SSO and EUS

After introducing Kerberos, and getting SSO to the database working, it's time for some excitement: combine Single Sign On (SSO) with Enterprise User Security (EUS).
Sure, I blogged about Enterprise Security a long time ago (See the "Enterprise Security" entries of 2005), but there I used certificates; in fact another identity.
In this entry, some of the 2005 stuff returns, but parts will differ.

The latest and the greatest.

For those of you how wonder why I bother to blog about this "ancient" version, read the statement of direction on SSO server (note 979951.1 on MOS). Basically, when you use Portal, Forms or Discoverer, you need OSSO 10GR3 (even Forms 11G).
It's not that ancient when it will be around for some time...

Goal.

What I want, is the same a the previous entry on SSO, but I do not wish to create users: I want to use EUS instead.

Preparations.

In addition to what's already in place, I need a complete SSO infrastructure.
The brave may want to do this Enterprise-sized setup, for now I'll just go with the "all-in-one" Identity Management install. Even patched it to 10.1.4.3.

Steps

In order to achieve all this, I would need to:
  1. Set up synchronization between Active Directory and OID
  2. Set up Enterprise Security in the database(s)
  3. Set up a trusted relation between OSSO Application Server and AD
  4. As a bonus: try to persuade Forms menu security to use EUS
I will blog about these - stay tuned...

No comments: