Oblix / Oracle SSO
205972Oct 30 2007 — edited Dec 15 2007Hello,
I would like to integrate my web application in the Oracle SSO framework. After reading information on the web site, I understand the recommended way to achieve this is to use Oracle HTTP Server (OHS) based on apache, with the mod_osso module. This setup would redirect the customer requests to my web app to the corporate SSO login page, and then redirect to my web app with some information stored in the HTTP headers.
According to this page:
http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b15997/mod_osso.htm#BABIGABA
the information available to my web app to identify the user is :Osso-User-Guid, Osso-Subscriber-Guid, Osso-Subscriber, Accept-Language.
This seems good enough for authentication, it would allow displaying "John Doe is logged in" on the front page.
But my web app also needs to know about the user Role or Group it belongs to, because depending on the Role, my web app is going to display different information.
On this page:
http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b15988/concepts.htm#i1006251
There is the following sentence:
"A partner application is responsible for determining whether a user authenticated by OracleAS Single Sign-On is authorized to use the application."
Does this mean that you consider role based security to be outside the scope of Oracle SSO ?
Or is there a way to retrieve the Role information from the HTTP headers, or some other way ?
Thanks for your insight.
Best regards,
Olivier Schmitt