Home Learn the Basics View Content Add Content Create Pages Build Portlets Administer Page Groups Administer the Portal Try the Hands-On Exercises
Home
Home
Return to Build PortletsCurrent page 1 of 10Go to page 2 of 10Go to page 3 of 10Go to page 4 of 10Go to page 5 of 10Go to page 6 of 10Go to page 7 of 10Go to page 8 of 10Go to page 9 of 10Go to page 10 of 10Next Page
 

 

PKI Enabling Oracle Single Sign-on Server

For those requiring the highest level of authentication for their Single Sign-on applications, Oracle offers certificate based authentication (X.509 client certificates) for the Oracle Single Sign-on Server using Oracle Certificate Authority (OCA).

Important Note:

Because misconfiguring this feature can cause problems with your mid tier SSO applications, it is strongly advised that you practice this exercise on a non production version of your Infrastructure first.

There are two basic configurations we will be using in our lesson. Default Certificate Authentication (Certificate Only) and Fallback Authentication.

Certificate Only Authentication

Certificate Only Authentication only allows users who have been issued a digital certificate by the OCA to authenticate against your web applications. In this configuration, even if you have a valid user ID and password for an application, you will not be able to authenticate unless your browser has been issued a digital certificate from the OCA.

Users with certificates will not be challenged for their user name and password because the certificate itself is their credential. If the certificate is valid, as soon as the user clicks the login button they will be automatically logged into their application without entering a user name and password.

Fallback Authentication

With Fallback Authentication configured, if a user has a certificate they will be automatically authenticated into their applications. However, with fallback authentication configured, if the user does not have a digital certificate, they will instead be challenged for a user name and password when they try to login and granted access if the user name and password are valid.

Prerequisites:

Oracle 10g Application Server infrastructure must be installed and running

The Oracle Certificate Authority must be installed and running

The Oracle Certificate Authority "Web Administration Enrollment" must be configured

Subjects covered in this section:

In this hands-on exercise we will be setting up the Oracle SSO server for Fallback Authentication. However, Fallback authentication is optional so you may skip Fallback authentication if you wish. During the configuration we will point out the minor differences between Certificate Only Authentication and Fallback Authentication setup. The exercise has been broken down into the following sections.

SSL enabling the Oracle Application Server

SSL enabling Oracle Single sign-on server

Configuring Fallback authentication (Optional)

Configuring the Wallet

Testing: Issuing a User Certificate

Testing: Certificate Authentication

Testing: Fallback Authentication (Optional)
Oracle Logo Next Page