Single Sign-On Authentication
Single sign-on (SSO) enables end users to enter a password once to gain authenticated access to various resource servers, which supply applications or services. The resource servers that an end user can access depend on what implementations of the SSO Adapter interface are available in the system.
Standard application programming interfaces (APIs) are used to provide user access to a resource server. To access a mail server, for example, an application uses the JavaMailTM API.
To create an authenticated connection using an API, administrators provide the API with the configuration data for the connection. The SSO Adapter, which uses standard database terminology, provides this configuration data for an authenticated connection, and the SSO Adapter service stores that data.
The SSO Adapter service defines two levels of data:
-
SSO Adapter template defines a class of connections to be made available to users. Many end users use a single template. The template defines data values that are the same for all users, including default values and what values a user can edit. Therefore, SSO Adapter templates are defined at a global service level.
-
SSO Adapter configuration provides data values that are specific to an organization, role, or user. A configuration references a template and takes data values from the template for properties that the end user cannot change. Whenever an end user changes the user-editable properties of an SSO Adapter configuration, that configuration change applies only to that one end user.
- © 2010, Oracle Corporation and/or its affiliates