Configure Publisher with Single Sign-on (SSO)
Integrating a single sign-on (SSO) solution enables a user to log on (sign-on) and be authenticated once.
Thereafter, the authenticated user is given access to system components or resources according to the permissions and privileges granted to that user. Publisher can be configured to trust incoming HTTP requests authenticated by a SSO solution configured for use with Oracle Fusion Middleware and Oracle WebLogic Server. For information about configuring SSO for Oracle Fusion Middleware, see Securing Applications with Oracle Platform Security Services.
When Publisher is configured to use SSO authentication, it accepts authenticated users from whatever SSO solution Oracle Fusion Middleware is configured to use. If SSO is not enabled, then Publisher challenges each user for authentication credentials. When Publisher is configured to use SSO, a user is first redirected to the SSO solution's login page for authentication.
Configuring Publisher to work with SSO authentication requires that:
-
Oracle Fusion Middleware and Oracle WebLogic Server are configured to accept SSO authentication. Oracle Access Manager is recommended in production environments.
-
Publisher is configured to trust incoming messages.
-
The HTTP header information required for identity propagation with SSO configurations (namely, user identity and SSO cookie) is specified and configured.
How Publisher Operates with SSO Authentication
After SSO authorization has been implemented, Publisher operates as if the incoming web request is from a user authenticated by the SSO solution. User personalization and access controls such as data-level security are maintained in this environment.
Tasks for Setting Up SSO Authentication with Publisher
Refer to the table below for SSO authentication configuration tasks and links providing more information.
| Task | Description | For More Information |
|---|---|---|
|
Configure Oracle Access Manager as the SSO authentication provider. |
Configure Oracle Access Manager to protect the Publisher URL entry points. |
Configure SSO in an Oracle Access Manager Environment See Securing Applications with Oracle Platform Security Services |
|
Configure the HTTP proxy. |
Configure the web proxy to forward requests from Publisher to the SSO provider. |
|
|
Configure a new authenticator for Oracle WebLogic Server. |
Configure the Oracle WebLogic Server domain in which Publisher is installed to use the new identity store. |
Configure a New Authenticator for Oracle WebLogic Server See Oracle WebLogic Server Administration Console Online Help |
|
Configure a new identity asserter for Oracle WebLogic Server. |
Configure the Oracle WebLogic Server domain in which Publisher is installed to use the SSO provider as an asserter. |
|
|
Enable Publisher to accept SSO authentication. |
Enable the SSO provider configured to work with Publisherr. |