Oracle® Application Server Single Sign-On Administrator's Guide 10g (9.0.4) Part Number B10851-01 |
|
Occurs when a single sign-on user submits an account and password combination from any number of workstations more times than is permitted by Oracle Internet Directory. The default lockout period is 24 hours.
Company that installs and maintains Web applications and makes them available to its customers, typically for a fee.
Parameter that enables you to specify a particular authentication behavior for an application. You can link this parameter with a specific authentication plugin.
An implementation of a specific authentication method. OracleAS Single Sign-On has Java plugins for password authentication, digital certificates, Windows native authentication, and third-party access management.
An authentication method whereby login credentials are submitted in the application URL, which is protected by HTTP basic authentication.
A list of users whose X.509 certificates have been revoked. An application uses this list to determine who gains access to the application.
The file on the Oracle HTTP Server that is used to configure a database access descriptor (DAD).
Database connection information for a particular OracleAS component such as the the single sign-on schema.
A Web service of Oracle Internet Directory that performs user and group management functions.
In asymmetric encryption, a data structure that vouches for the identity of a public key owner. A certificate is issued by a trusted third party called a certificate authority. As such in provides assurance that the public key may be safely used to encrypt messages to the key owner.
The hierarchical collection of entries that constitute an LDAP directory.
A feature of Oracle Internet Directory that enables an enterprise to use an external user repository to authenticate to Oracle products.
A name that identifies the location of an entry in an LDAP-compliant directory. Also known as a DN. The distinguished name of the user in the example that follows consists of his name and parent entries in ascending order, from left to right.
cn=jsmith,cn=users,cn=defaultsubscribers,cn=acme,cn=com
Applications that do not delegate authentication to the single sign-on server. Instead, they display HTML login forms that ask for application user names and passwords. At the first login, users can choose to have the single sign-on server retrieve these credentials for them. Thereafter, they are logged in to these applications transparently.
The act of forcing a user to reauthenticate if he or she has been idle for a preconfigured amount of time. OracleAS Single Sign-On enables you to specify a global user inactivity timeout. This feature is intended for installations that have sensitive applications.
An authentication method whereby login credentials are submitted as part of the login URL.
A optional feature that forces single sign-on users to reauthenticate if they have been idle for a preconfigured amount of time. The global user inactivity timeout is much shorter than the single sign-out session timeout.
Multilanguage support for graphical user interfaces. OracleAS Single Sign-On supports 29 languages.
A numeric string that uniquely identifies a user. A person may change or add user names, passwords, and distinguished names, but her globally unique user ID always remains the same.
The file used to configure the Oracle HTTP Server.
Discrete namespace, or DIT, within a single instance of the Oracle identity management infrastructure.
The administrative group responsible for user and group management functions in OracleAS. The single sign-on administrator is a member of the group iASAdmins.
The database that contains OracleAS Single Sign-On and Oracle Internet Directory.
The OracleAS components responsible for identity management. These components are OracleAS Single Sign-On, Oracle Delegated Administration Services, and Oracle Internet Directory.
A network authentication protocol that uses secret key cryptography.
A computer that issues a Kerberos-authenticated user a service ticket. This ticket contains the user's credentials.
In Kerberos authentication, the file that stores the network service key.
To improve throughput, the single sign-on server caches and then reuses connections to Oracle Internet Directory.
Older application that cannot be modified to delegate authentication to the single sign-on server. Also known as an external application.
Hardware devices and software that balance connection requests between two or more single sign-on servers, either because of heavy load or as failover. BigIP, Alteon, or Local Director are all popular hardware devices. OracleAS Web Cache is an example of load balancing software.
That portion of a single sign-on instance that consists of the Oracle HTTP Server and OC4J. The single sign-on middle tier is situated between the identity management infrastructure database and the client.
The SSL module on the Oracle HTTP Server.
A module on the Oracle HTTP Server that enables applications protected by OracleAS Single Sign-On to accept HTTP headers in lieu of a user name and password once the user has logged into the single sign-on server. The values for these headers are stored in the mod_osso cookie.
User data stored on the HTTP server. The cookie is created when a user authenticates. When the same user requests another application, the Web server uses the information in the mod_osso cookie to log the user in to the application. This feature speeds server response time.
A module on the Oracle HTTP Server that makes it possible to use mod_osso to enable legacy, or external, applications.
OC4J (Oracle Containers for J2EE)
A lightweight, scalable container for Java2 Enterprise Edition.
A Java-based GUI for managing most functions in Oracle Internet Directory. It is used to create members of the group iASAdmins. It is also used to manage password policies.
The GUI that monitors server load and user activity on the single sign-on server. Oracle Enterprise Manager monitors other OracleAS components as well.
Software that processes Web transactions that use the Hypertext Transfer Protocol (HTTP). Oracle uses HTTP software developed by the Apache Group.
A single sign-on partner application that provides a mechanism for integrating files, images, applications, and Web sites. The External Applications portlet provides access to external applications.
An OracleAS application or non-Oracle application that delegates the authentication function to the single sign-on server. This type of application spares you from reauthenticating by accepting mod_osso headers or by redirecting the user to the server itself. To redirect you itself, the application must be integrated with the single sign-on SDK.
Multipurpose configuration file for OracleAS Single Sign-On. Contains basic parameters required by the single sign-on server. Also used to configure advanced features such as multilevel authentication.
An authentication method whereby login credentials are submitted within the body of the login form.
A server that proxies for the real server, or host. In OracleAS Single Sign-On, proxies are used for load balancing and as an extra layer of security. See load balancer.
A widely used security protocol that uses public-key cryptography to secure communications between a client and server. The client uses a public key provided by the server to conduct a secret key exchange.
In Kerberos authentication, the secret key of the server.
In Kerberos authentication, a data structure that enables the client to obtain a ticket and, by extension, the user's credentials.
The APIs that enable partner applications for single sign-on. The SDK consists of PL/SQL and Java APIs as well as sample code that demonstrates how these APIs are implemented.
Program logic that enables users to log in securely to single sign-on applications such as expense reports, mail, and benefits.
The process by which you terminate a single sign-on session and log out of all active partner applications simultaneously. You can do this by logging out of the application that you are working in.
The protocol over which Windows-based Kerberos authentication occurs.
The URL to the routine responsible for establishing the session and session cookies for an application.
Non-Oracle single sign-on system that can be modified to use OracleAS Single Sign-On to gain access to OracleAS applications.
The code that passes authenticated user information to the partner application. The partner application uses this information to construct the session cookie.
A Java module that maps a user certificate to the user's nickname. The nickname is then passed to an authentication module, which uses this nickname to retrieve the user's certificate from the directory.
A server that proxies for the real server or servers. In the case of OracleAS Single Sign-On, virtual hosts are used for load balancing between two or more single sign-on servers. They also provide an extra layer of security.
|
![]() Copyright © 1996, 2003 Oracle Corporation. All Rights Reserved. |
|