Loading in 2 Seconds...
Loading in 2 Seconds...
Integrated Security Demo - Web Services Security ,Oracle 9iAS, PKI. CSCI 5931 – Web Security Instructor: Dr. Andrew Yang Team: Web Warriors Rohan Bairat, Shashank Dhond, Mohd A Azeem 23 rd April 2003. Single Sign on.
CSCI 5931 – Web Security
Instructor: Dr. Andrew Yang
Team: Web Warriors
Rohan Bairat, Shashank Dhond, Mohd A Azeem
23 rd April 2003
Centralized authentication for web applications
• Centralized SSO Server
– Verifies SSO password
– Sets SSO cookie at client
– External app username/password store
• Username/Password managed in LDAP directory
– Oracle Internet Directory (OID)
– Other LDAPv3 directory requires OID gateway
– Users provisioned through OID Delegated Administrative
Oracle9iAS Single Sign-On uses one of these authentication methods:
Local user authentication: Uses a lookup table within the Login Server schema. This table contains user name, password, Login Server privilege level, and other auditing fields for the user. The incoming password is one-way hashed and compared to the entry in the table.
External repository authentication:Typically relies on an LDAP-compliant directory. In this case, the Login Server binds to the LDAP-compliant directory, then looks up the user credentials stored there. External Authentication includes LDAP and Database Authentication and any others that may be custom-developed
Authentication to partner applications
Once a user has been authenticated and an SSO cookie has been set, Oracle 9i AS SSO directs the user back to the partner application and includes an encrypted token which contains the user’s identity in the partner application URL. Then the token is encrypted in a key which is shared only by Oracle 9i AS SSO and the partner application. This assures the partner application that the token is authentic and was created by Oracle 9i AS SSO.
Authentication to External Applications
Directories supporting the Lightweight Directory Access Protocol (LDAP) are increasingly used as a single source of enterprise-wide information about users.
Oracle9iAS SSO verifies usernames and passwords using OID. When a user submits username and password as part of the initial authentication, Oracle9iAS SSO compares the username and password with that maintained in OID. If the comparison succeeds, username and password are considered to be verified.