10 Update Application Configuration with IAM Details

Learn how to configure your application to build and propagate an end-user security context payload to Oracle AI Database for every SQL operation, so the database can enforce data access control using Oracle Deep Data Security (Deep Sec).

The configuration described in this chapter applies to all deployment scenarios where end users connect to the database through an application, regardless of whether those users are managed in an identity and access management (IAM) system or maintained in the application's own user store.

The chapter begins with the authentication concepts you need before modifying your application, then walks you through configuring Java, Python, and .NET applications. It also provides guidance for implementing a custom security context provider when you need custom authentication logic or when no out-of-the-box provider is available for your application framework or Oracle client driver.

Note:

You must configure the database server for TLS before configuring the application. The client-side trust store requires the server certificate to establish trust. For TLS configuration, see Configuring Transport Layer Security Encryption in Oracle AI Database Security Guide.

Topics:

• Understand Authentication Flow and Prerequisites

• Configure Java Applications

• Configure Python Applications

• Configure .NET Applications

• Advanced: Implement a Security Context Provider