`
security
  • 浏览: 380918 次
  • 来自: www.pgp.org.cn
社区版块
存档分类
最新评论

今天,浏览到一片关于评论Oracle SSO的文章,本人也持同样看法。

阅读更多

Evaluating Oracle Single Sign-On

Many of you know about login.case.edu. It makes your lives much easier because now you only have to enter your password once for numerous web services. However, there is a problem with the service: it is too complicated. It is not too complicated for the average user, but for the people who implement it. Just look at the hoops you have to jump through to get it working on your own server. What's more is that it relies on a web server module (not everybody has access to the web server config files) and requires somebody in ITS to manually do work every time a new client wishes to use it. What is needed is an alternative.

Well, we are already running an Oracle Single Sign-On product, so let's use that! OK, let's evaluate the Oracle product.

  1. We are using it because it is required by the portal.
  2. It requires manual intervention every time a new client wishes to use it. Isn't this a reason why we are investigating alternative?
  3. The Oracle products easily integrate with it. Hooray! No more separate logins for the portal and the calendar.
  4. Writing external programs to authenticate against it requires the use of a C or Java SDK. (I can hear the screams of agony now).
  5. The module mod_osso appears to only be available for Oracle's Application Server. Does it work with IIS? No. Does it work with your standalone Apache? I don't know either. Judging from a Google search, I'd say it isn't promising. Most importantly, does it work with mod_auth_ldap? Well, we don't know. If it doesn't, there is nothing we can do because the module is closed source.

In summary, we are being forced to use Oracle Single Sign-On, but it works well with the Oracle Applications. No matter what we decide to do, we will have to use this product. If we decide to make it the only SSO service for the university, a significant amount of effort would be required for every new application deployed to use it. Would system administrators make this effort to configure it, or would they take the easy way out and just resort to the tried and true LDAP authentication? Also, any department that uses IIS to host web applications would be unable to use the service. Do we really want to deploy a single sign-on service that only a subset of the university can use?

In my next post, I will explore alternatives to Oracle Single Sign-On and how they could integrate with the Oracle applications.

分享到:
评论

相关推荐

    How to integrate BIEE with Oracle SSO Portal.doc

    【整合BIEE与Oracle SSO门户的详细步骤】 在企业级IT环境中,实现单点登录(SSO)是提高用户便利性和系统安全性的重要手段。本文档将详细讲解如何将Oracle Business Intelligence Enterprise Edition(BIEE)与...

    oracle单点登录demo示例

    Oracle单点登录(Single Sign-On, SSO)是一种身份验证机制,它允许用户在一次登录后访问多个相互关联的应用系统,而无需再次输入凭证。Oracle的SSO解决方案提供了企业级的安全性和便利性,大大提高了用户体验并降低...

    CAS与Oracle连接实现(SSO)[借鉴].pdf

    Oracle 数据库进行身份验证的处理器: 在 CAS (Central Authentication Service) 中实现与 Oracle 数据库的连接,主要是为了实现单点登录(Single Sign-On, SSO)功能,即用户只需要一次登录,就能访问多个相互信任...

    SSO账号用途

    SSO账号的使用及如何利用sso账号查询oracle证书真假

    Oracle EBS 单点登录 方案

    Oracle EBS(E-Business Suite)单点登录(Single Sign-On, SSO)方案是企业级集成的关键组成部分,它允许用户在多个应用间切换而无需重复登录,提高了工作效率并增强了安全性。本文档主要针对Oracle E-Business ...

    通过Oracle EBS 看SOA

    如给某集团公司做大型Oracle ERP系统规划,架构和实施的时候,采用了Oracle Portal以及SSO 单点登陆到BIEE 系统,OA以及Oracle ERP系统等等,幵丏我们的生活中类似SOA”也到处存在啊,我们新房子装修的时候,提前在...

    spring boot 实现SSO单点登陆

    spring boot整合spring security 实现SSO单点登陆 完整DEMO. ...2、先后启动SsoServer、sso-resource、sso-client1、sso-client2 3、访问http://sso-taobao:8083/client1/ 或 http://sso-tmall:8084/client2/

    C#单点登陆组件源码SSO

    单点登录(Single Sign-On,简称SSO)是一种网络身份验证机制,允许用户在一个系统上登录后,无需再次验证即可访问多个相互关联的系统。在IT行业中,SSO技术广泛应用于企业级应用,提高用户体验,简化管理并增强安全...

    SSO个人实现方式

    SSO(Single Sign-On)是单点登录的缩写,是一种网络身份验证机制,允许用户在一次登录后访问多个相互关联的应用系统,而无需再次进行身份验证。在本文中,我们将探讨SSO的原理,以及如何通过提供的压缩包文件实现...

    SSO单点登录

    "Alum.SSO"可能是一个关于SSO实现的项目文件,其中可能包含了IdP和SP的配置示例、代码示例、文档以及可能的测试数据。通过分析这些文件,可以更深入地理解SSO的工作原理,以及如何在实际环境中部署和管理SSO系统。 ...

    SSO单点登陆解决方案

    * 会员在第一次登录时,Passport服务器验证身份之后,生成的Cookie验证票,只需保存到Passport服务器所在域的Cookie中,不能采用向每个成员网站所在的域中写Cookie,防止响应时间太长,给会员带来不友好的浏览体验。...

    关于SSO单点登录的简单实现

    SSO(Single Sign-On)单点登录是一种身份验证机制,允许用户在一次登录后访问多个相互关联的应用系统,而无需再次进行身份验证。这个过程提高了用户体验,同时也简化了安全管理。在本文中,我们将探讨SSO的基本原理...

    SSO配置

    4. **SSO应用程序定义账户**:同样,这可以是一个单独用户或一个组,具有管理应用程序定义但不管理服务本身的权限。 为实现委派并确保服务尽可能安全,建议使用一个组作为SSO管理员账户,另一个组作为SSO应用程序...

    SSO_same_domain

    3. **OAuth和OpenID Connect**:尽管这些协议主要用于跨域认证,但在同域环境下,它们同样可以提供SSO功能。通过OAuth,用户授权服务提供商授予第三方应用访问其数据的权限;OpenID Connect则是在OAuth之上添加了一...

    sso单点登录

    单点登录(Single Sign-On,简称SSO)是一种网络访问控制机制,允许用户在一次登录后,无需再次认证即可访问多个相互信任的应用系统。这种方式极大地提高了用户体验,减少了用户记忆和输入多个账号密码的麻烦,同时...

    .NET版本SSO接口完整版(联合登陆,注册,验证,短信)

    用户SSO接口API源代码,...包含数据库脚本(Oracle,MySql) 代码结构 trunk |__SSO.Lib |__SSO.BLL |__SSO.DAL |__SSO.Domain |__SSO.ManageFacade |__SSO.Management |__SSO.Open |__SSO.SDK |__SSO.UTILS

    sso 单点登陆 java 动手写sso

    SSO(Single Sign-On)单点登录是一种身份验证机制,允许用户在一次登录后,就能访问多个相互关联的应用系统,而无需再次进行身份验证。在Java中实现SSO,我们可以利用Spring Boot框架的强大功能,它提供了丰富的...

    sso解决方案汇总

    本文将深入探讨SSO的几种常见实现方案,包括虚拟目录的主应用与子应用之间的SSO、不同验证机制下的SSO、同一域名或不同域名下子域名间SSO的实现,以及不同.NET版本和混合身份验证模式下的SSO解决方案。 ### 虚拟...

Global site tag (gtag.js) - Google Analytics