Oracle Single Sign-On (SSO) enables you to establish a unique identity for each user, and tie that identity to the resources and data sources unique to that user. For example, a user might log in to an environment such as Oracle Portal, which enables them to access certain reports and printers for which they have the necessary privileges. When they choose to run a report from this environment, they can access the necessary data sources for the report because their data source credentials are stored with the single user identity used to login to Oracle Portal. Thus, logging in once provides them access to all of the resources and data sources they require to run their reports.
In addition to working with Oracle Single Sign-On Server 10g (OSSO), Oracle Reports Services applications can now run in a Single Sign-on environment using Oracle Access Manager 11g (OAM) and Oracle Internet Directory (OID) to eliminate the need for additional or different logins to access many applications during the same user session.
Oracle Reports Services applications in Oracle FMW 11g Release 2 can now use one of the following authentication servers in the Single Sign-On mode:
Oracle Single Sign-On Server (OSSO) 10g
Oracle Access Manager (OAM) 11g
The user can choose to authenticate their Reports application using one of these authentication servers. It is required that these authentication servers are configured to use Oracle Internet directory as the backend Identity Store. Authentication servers are designed to work in Web environments where multiple Web-based applications are accessible from a browser. Without an authentication server, each user must maintain a separate identity and password for each application they access. Maintaining multiple accounts and passwords for each user is unsecure and expensive.
Because Oracle Reports Services provides a flexible approach to security, you can implement many variations of this configuration. For example, you might choose not to store data source credentials with the single user identity. Or you might prefer to use direct URLs for launching reports rather than a platform like Oracle Portal. If your reports are public and do not require any security, then you might choose to turn off report security altogether.
This chapter describes how you can implement and administer various configurations of Single Sign-On with Oracle Reports Services.