Single Sign On is basically an implementation mechanism or technology that allows customers of multiple browser applications to specify
credentials once (at login typically) that are reused for that session for subsequent applications. This avoids logging on more than once. This
aids in cross product navigation where a user logs onto one application and when transfer to another application avoid logging into that other
Single Sign On is not a product requirement it is an infrastructure requirement. Therefore there are infrastructure solutions available.
Typically there are two main styles of Single Sign On with different approaches for implementation.
The first style is best described as "Desktop" Single Sign-On. This is where you logon to your client machine (usually a windows based
PC) and the credentials you used to logon to that machine are reused for ANY product used after authentication. Typically this is implemented using the Kerberos protocol and Simple and Protected Negotiate (SPNEGO) protocol. This is restricted to operating systems (typically Windows) where you perform the following:
As you can see the majority of the work is in Oracle WebLogic and is documented in Configuring Single Sign-On with Microsoft Clients.
The second style of is best described as "Browser" Single Sign-On.
This typically means you login to the machine and then open the browser
to logon. At this point as long as the browser is open, any subsequent
application will reuse the credentials specified for the browser
session. This is the style i implemented by SSO products such as Oracle Access Manager, Oracle Enterprise SSO and other SSO products (including third party ones). Typically implementing this involves the following:
Again, as you can see the majority of the work is in Oracle WebLogic and Oracle Access Manager.
Information about implementing Single Sign-On withour products (both styles) is contained in
While the first style is lower cost typically, it is restricted to specific platforms that support Kerberos and SPNEGO. It is restricted also in flexibility, it passes the credentials from the client all the way to the server so they must match. Oracle Access Manager on the other hand is far more flexible supporting a wide range of architectures as well as including Access Control features, password control and user tracking features within WebGate. These features allow additional features to be implemented:
Whatever the style you choose to adopt, we have a flexible set of solutions to implement SSO. The only common element and the only step Oracle Utilities Application Framework is to change the J2EE login preference from the default FORM based to CLIENT-CERT.
Oracle Utilities, including Opower, partners with the world's hardest working electric, water and natural gas companies to empower, enhance and enable your every single day. From cloud-native products and better grid management tools to support for every single step of your customer's journey, we have the answer. Learn more at oracle.com/utilities. Get specific product information as quick as clicking right here.