|Oracle9iAS Single Sign-On Application Developer's Guide
Part Number A90343-01
This chapter explains how Oracle9iAS Single Sign-On solves the problems associated with using and administering user names and passwords for multiple applications in an enterprise.
This chapter contains these topics:
Oracle9iAS Single Sign-On is a service of the Oracle9i Application Server that enables:
This section contains these topics:
Within any given enterprise, a typical user accesses several applications: one, for example, to create expense reports, another to use email, and still another to schedule appointments. Each application requires the user to enter a valid user name and password, which presents three major difficulties:
A user must enter a user name and password to access each and every application. Moreover, it can be difficult to remember the user name and password combinations for multiple applications.
To remember so many user name and password combinations, users often use one of two strategies:
It can be costly and difficult to administer password stores for multiple applications. To create or delete a user, or change a password, an administrator must tediously make changes in each application.
With Oracle9iAS Single Sign-On, users typically sign on to a centrally administered Login Server through a central Web portal. Once it authenticates a particular user, the Login Server displays links to all the applications for that user.
Using a central Web portal with a centrally administered Login Server has these advantages:
The user enters the user name and password only once, at a central corporate Web portal, to access all the needed applications. From the user's perspective, authentication to each application happens transparently.
Fewer user name and password combinations lowers the risk of a thief stealing them and gaining access to a user's restricted information.
Oracle9iAS Single Sign-On provides centralized provisioning of user accounts, so that administrators can easily create new user accounts.
Centralizing the authentication process also makes it possible to support additional authentication mechanisms in a localized manner. For example, you can implement an LDAP-based authentication, or digital certificate-based authentication, and the change would be localized to the Login Server.