Policies and responses enable single sign-on and can override other directives.
Before starting activities in this section, be sure to review the "Introduction to Policy Responses for SSO".
Unless explicitly stated, information in this section applies equally to authentication and authorization responses.
Users with valid Administrator credentials can add a policy response for authentication or authorization to the Protected Resource Policy.
For example, you can collect the DN of the realm that is created when Oracle Internet Directory is installed. Optionally, you can also configure the global user ID of the subscriber in Oracle Internet Directory or a subscriber name rather than the default company as shown in Table 25-31.
Table 25-31 Fresh OSSO Installation: Protected Policy Response (Header)
Response Parameter | Collect Realm DN when OID is Installed | Configure GUID of Subscriber IN OID to Different Company | Configure GUID of Subscriber IN OID to Default Company |
---|---|---|---|
Name |
osso-subscriber-dn (lowercase) |
osso-subscriber (optional) |
osso-subscriber-guid (optional) |
Type |
Header |
Header |
Header |
Value |
dc=country,dc=example,dc=com |
dc=country_or_region,dc=com |
,dc=default_company,dc=com Go to the subscriber DN (in Oracle Internal Directory for example) and find the value (of orclguid for the DN, for example). |
Prerequisites
Analyze desired conditions before crafting authorization responses to ensure the appropriate actions are taken by the response. You need an Application Domain with an existing authentication or authorization policy.
See Also:
To add a policy Response
Users with valid Administrator credentials can view or edit a policy response for authentication or authorization.
Prerequisites
You must have an Application Domain with an existing authentication or authorization policy.
See Also:
To view, modify, or delete a policy response