1
Introduction

This chapter explains how Oracle9iAS Single Sign-On solves the problems associated with using and administering user names and passwords for multiple applications in an enterprise.

This chapter contains these topics:

• What Is Oracle9iAS Single Sign-On?

• The Problem of Too Many Passwords

• The Oracle9iAS Single Sign-On Solution

What Is Oracle9iAS Single Sign-On?

Oracle9iAS Single Sign-On is a service of the Oracle9i Application Server that enables:

• Authentication to all appropriate applications in an enterprise by entering a user name and password only once

• Centralized administration of user name and password combinations for all users in an enterprise

This section contains these topics:

• The Problem of Too Many Passwords

• The Oracle9iAS Single Sign-On Solution

The Problem of Too Many Passwords

Within any given enterprise, a typical user accesses several applications: one, for example, to create expense reports, another to use email, and still another to schedule appointments. Each application requires the user to enter a valid user name and password, which presents three major difficulties:

• Inconvenience

  A user must enter a user name and password to access each and every application. Moreover, it can be difficult to remember the user name and password combinations for multiple applications.

• Poor security

  To remember so many user name and password combinations, users often use one of two strategies:

  • They use the same combination for all applications. This makes it possible for a thief who steals that combination to access all of the user's applications.

  • They use multiple combinations, writing them on pieces of paper that can be lost, stolen, or observed. The more user name and password combinations, the greater the risk that one or more of them may be lost or stolen.

• Difficulty of administration

  It can be costly and difficult to administer password stores for multiple applications. To create or delete a user, or change a password, an administrator must tediously make changes in each application.

The Oracle9iAS Single Sign-On Solution

With Oracle9iAS Single Sign-On, users typically sign on to a centrally administered Login Server through a central Web portal. Once it authenticates a particular user, the Login Server displays links to all the applications for that user.

Using a central Web portal with a centrally administered Login Server has these advantages:

• Convenience

  The user enters the user name and password only once, at a central corporate Web portal, to access all the needed applications. From the user's perspective, authentication to each application happens transparently.

• Increased security

  Fewer user name and password combinations lowers the risk of a thief stealing them and gaining access to a user's restricted information.

• Ease of administration

  Oracle9iAS Single Sign-On provides centralized provisioning of user accounts, so that administrators can easily create new user accounts.

  Centralizing the authentication process also makes it possible to support additional authentication mechanisms in a localized manner. For example, you can implement an LDAP-based authentication, or digital certificate-based authentication, and the change would be localized to the Login Server.