The following security model is recommended for applications using Reports and Forms.
If Reports is Using Portal-Based Security
It is recommended that Forms and Reports are associated to same Oracle Internet Directory.
For more information see, Configuring External Oracle Internet Directory for In-Process Servers, and Configuring External Oracle Internet Directory for Standalone Servers
It is recommended that you enable Single Sign-On
Enable Single Sign-On by editing reports servlet configuration
If Reports is using JAZN security
If Reports is using JPS-based security, by default, an in-process server uses the embedded ID store of WebLogic Server as the ID store and an Database Policy store. A standalone server uses JAZN-XML based ID store. Forms uses Oracle Internet Directory based authentication for security. In this scenario:
It is recommended that you configure Reports to use Oracle Internet Directory-based ID store. Forms and Reports should use the same Oracle Internet Directory.
For more information about configuring external Oracle Internet Directory, see, Configuring External Oracle Internet Directory for In-Process Servers, and Configuring External Oracle Internet Directory for Standalone Servers
Database is used as default policy store. This is recommended. You can also migrate to using OID based policy store if needed.
It is recommended that you enable Single Sign-On
Enable Single Sign-On by editing reports servlet configuration