This content has been marked as final. Show 1 reply
In general, what you're talking about is "third-party authentication (web authentication)" - that is, authentication is performed external to SGD, by the Apache webserver, and then the user is logged into SGD, using an identity established from, in your case, Active Directory.
Here's some documentation on this process: http://docs.oracle.com/cd/E26362_01/E26354/html/third-party-auth.html#web-auth
The specifics of how you configure Apache will depend on the token generation package you use - for example, RSA SecuriD has a Webagent you can install/configure for Apache, others have used a mod_auth module, such mod_auth_radius, dynamically loading the module into Apache.
The first point is to "protect" the SGD login url (/sgd) with some Apache ACL - once authenticated by whatever mechanism you choose, the user will see the SGD login page.
From there, you configure webserver authentication, so the REMOTE_USER environment variable can be passed to SGD to do a lookup of an identity using whatever directory service you have configured.