Re: Oracle Internet Directory

Using Secure Single Sign On in a three tier thin client architecture

 The current Single Sign On architecture is restricted to a two tier client server architecture which prevents it from being used in true network computing environments with middle tier components such as Oracle Application Server and Oracle Enterprise Manager. The following is a suggested architecture
which may achieve this:

LDAP directory is used to store Enterprise Users identified by Distinguished Names Wallet for each Enterprise User is stored in the LDAP directory.  Client attaches to the LDAP directory using a readonly anonymous user (no need for password authentication or SSL) and indicates the Distinguished Name they wish to use. Wallet for the selected DN is downloaded to the client Wallet prompts user for password to open it Once the wallet is successfully opened, the certificate is extracted and used to establish an SSL connection to the middle tier The middle tier establishes a secure SSL connection to the database tier using its own SSL certificate and then forwards the DN of the client to the database to be used for the purpose of database authentication (which may be against the local data dictionary or an LDAP server).

"The Views expressed here are my own and not necessarily those of Oracle Corporation"

Robin Elfrink <robin_at_a1.nl> wrote in message news:3844D84D.F3B68B22_at_a1.nl...
>
> Does anybody here have any experience with Oracle Internet Directory?
>
>
> The LDAP server keeps encrypting the passwords to what looks like LanMan
> encryption, but the documentation says nothing about it.
>
> ----- Have a nice day! -----
> Robin Elfrink <robin_at_a1.nl>
> A3 Enschede B.V.
Received on Wed Dec 01 1999 - 10:20:26 CST