19
Oracle Enterprise Login Assistant

Use the Oracle Enterprise Login Assistant to open and close existing wallets and enable/disable secure SSL based communications.

See Also:
Chapter 18, for instructions on managing wallets by using Oracle Wallet Manager.

This chapter covers topics in the following sections:

About Oracle Enterprise Login Assistant

Oracle Wallet Manager provides secure management of PKI¹ -based user credentials. Oracle Wallet Manager creates a private and public key pair for a user, and issues a PKCS² #10 certificate signing request which can be fulfilled by a certificate authority (CA). After the CA issues an X.509 certificate, the user can load the certificate into his wallet.

Oracle Wallet Manager also manages user trustpoints, the list of root certificates that the user trusts, and is pre-configured with root certificates from PKI vendors such as VeriSign and CyberTrust. Wallets are protected using password-based, strong encryption.

Typically, users do not need to access their wallets once the wallets have been configured. However, they can easily access their wallets using Oracle Enterprise Login Assistant, a very simple-to-use login tool that hides the complexity of a private key and certificate. Once users have securely opened their wallets by using Oracle Enterprise Login Assistant, they can connect to multiple databases over SSL, without providing additional passwords. This provides the benefit of strong authentication as well as single sign-on.

Starting Oracle Enterprise Login Assistant

Refer to your platform-specific documentation for instructions on how to start Oracle Enterprise Login Assistant.

Enabling Automatic Login

The Automatic Login feature of the Oracle Enterprise Login Assistant enables applications running on a server or a client to revalidate themselves to the other end without human intervention. Users can thus obtain single sign-on (SSO), using the credentials contained in their wallets, to authenticate to multiple applications over SSL.

To enable secure SSL based communications using the default wallet:

Click AutoLogin > Login from the menu bar.
The Login dialog box appears.
Enter the wallet password.
Click OK.
The Oracle Enterprise Login Assistant then creates an obfuscated copy of the wallet on the file system.
You are returned to the Oracle Enterprise Login Assistant window. A message at the bottom of the window displays the message "Autologin enabled".

Disabling Automatic Login

Use the Oracle Enterprise Login Assistant to disable single sign-on communications from server side applications to the client. Log out as follows.

Click AutoLogin > Logout from the menu bar.
A dialog box displays the warning "If you log out, your applications will no longer use the security credentials of your wallet".
Click Yes to continue.
You are returned to the Oracle Enterprise Login Assistant window. A message at the bottom of the window displays the message "Autologin not enabled".

Changing a Wallet Password

Change a wallet password according to company policy or whenever you think that a password has been compromised. Change a wallet password as follows.

Click AutoLogin > Change Password from the menu bar.
The Change Password dialog box appears.
Enter the existing password in the Old Password field.
Read the text that describes how to create more secure passwords.
Enter the new password in the New password field.
Enter the new password again in the Confirm password field.
Click OK to continue.

A dialog box appears and displays the message "Password changed successfully".

Click OK to dismiss this dialog box.

Note:
This procedure changes the password only for the wallet that is stored in the default wallet location. It will not change the password for the current open wallet used for SSO communication.

¹ Public Key Infrastructure
² Public Key Certificate Standard

19 Oracle Enterprise Login Assistant