What's New in OracleAS Single Sign-On?

This section describes new features of the OracleAS Single Sign-On 10g (10.1.4.0.1) and provides pointers to additional information. Information from previous releases is also retained to help those users migrating to the current release.

The following sections describe the new features in OracleAS Single Sign-On that are presented in this book:

• Federated Authentication

• Configuring Custom (Deployment-Specific) Pages

• Changes to the Syntax for Invoking OracleAS Single Sign-On

• Changing the Single Sign-On Administration Group

• Globalization Support

• Elimination of the Database Access Descriptor (DAD)

• Protecting URLs in the Absence of a Load Balancer

• Information on Authentication Levels

• Login Page Error Codes

• Authentication URL

• Configuring Single Sign-On Server for Multiple Realms

• Configuring SSL for Partner Applications

• Debug Log Files

• URLs to Protected Resources Fail to Return the Resource

• Secure Transmission of mod_osso Cookies

• Obsolete Error Messages

Federated Authentication

• You can implement federated authentication using Oracle Application Server Single Sign-On and Oracle Identity Federation. Federated single sign-on permits users to access information on different corporate Web sites while authenticating to only one of those sites. You can configure either Oracle Application Server Single Sign-On or Oracle Identity Federation to be the authentication mechanism for users who want to access resources that are protected by either product.

  
  

  See Also: "Integrating with Oracle Identity Federation".

  
  

Configuring Custom (Deployment-Specific) Pages

• The WWSSO_LS_CONFIGUATION_INFO$ table is no longer required for the single sign-off page.

• You can configure custom login pages for external applications.

  
  

  See Also: "Installing Deployment-Specific Pages".

  
  

Changes to the Syntax for Invoking OracleAS Single Sign-On

• The syntax for invoking OracleAS Single Sign-On has been simplified. For example, instead of accessing the administration home page by typing the following URL:

  http://host:port/pls/orasso

  You can now use the following:

  http://host:port/sso

  
  

  See Also: "Accessing the Single Sign-On Server", "Accessing the Administration Pages", "Reregistering mod_osso on the Partner Application Middle Tiers" , "Enabling SSL", "Advanced Deployment Options", "Monitoring a Single Sign-On Server Enabled for SSL", "Creating Deployment-Specific Pages",

  
  

Changing the Single Sign-On Administration Group

• The steps for this procedure have changed.

  
  

  See Also: "Changing the Single Sign-On Administration Group".

  
  

Globalization Support

• This information for this has been updated. Pointers have been added to additional information.

  
  

  See Also: "Configuring Globalization Support".

  
  

Elimination of the Database Access Descriptor (DAD)

• This table no longer is needed and has been removed.

  
  

  See Also: "Troubleshooting an Inaccessible Server".

  
  

Protecting URLs in the Absence of a Load Balancer

• The syntax for this operation has changed.

  
  

  See Also: "Protecting URLs in the Absence of a Load Balancing Router".

  
  

Information on Authentication Levels

• Information on authentication levels has been expanded.

  
  

  See Also: "Authentication Levels".

  
  

Login Page Error Codes

• Information on login page error codes has been updated.

  
  

  See Also: "Login Page Error Codes" and "Post-Login Messages".

  
  

Authentication URL

• Information on the authentication URL has been updated.

  
  

  See Also: "How the Single Sign-On Server Uses Deployment-Specific Pages".

  
  

Configuring Single Sign-On Server for Multiple Realms

• This procedure has changed.

  
  

  See Also: "Configuring the Single Sign-On Server for Multiple Realms".

  
  

Configuring SSL for Partner Applications

• Information has been added about configuring SSL for partner applications (including OracleAS Single Sign-On).

  
  

  See Also: "Caveats About Configuring SSL" and "Automated SSL Configuration".

  
  

Debug Log Files

• A note has been added to notify users that debug log files should not be deleted when OC4J is running.

  
  

  See Also: "Diagnosing OracleAS Single Sign-On Problems".

  
  

URLs to Protected Resources Fail to Return the Resource

• A note has been added regarding some browsers' limitations regarding URL length. For some situations, configuring mod_osso to use the POST method instead of the GET directive can be an effective work-around.

  
  

  See Also: "URL Exceeds Maximum Length".

  
  

Secure Transmission of mod_osso Cookies

• A section has been added regarding adding the OssoSecureCookies directive to ensure that cookies are transmitted using HTTPS.

  
  

  See Also: "Secure Transmission of mod_osso Cookies".

  
  

Obsolete Error Messages

• The error, "Forbidden Error When Accessing OracleAS Single Sign-on Administration" is now obsolete, as are all Type 41400 errors.

  
  

  See Also: "Troubleshooting OracleAS Single Sign-On".