Announcement

**chrisplough** · January 30, 2008, 18:46

Re: OTM and LDAP (OID)

Hello,

the GLUSER is the G-Log (OTM) UserID, in the form of DOMAIN.USERNAME -- for instance GUIEST.ADMIN or COMPANY.LOUISE.

Just a little advice as you start looking itno this, I'd highly recommend using SSO (single sign-on) instead of the LDAP integration. With LDAP, you need to keep two copies of the OTM user's password - one in OTM and one in your LDAP directory and they must always be in sync. Instead, with SSO, you just keep the password in your SSO's repository and OTM simply accepts the userID passed to it, without doing it's own authentication. OTM's security remains intact and it's much easier to use.

--Chris

**wlirio** · February 4, 2008, 17:24

Re: OTM and LDAP (OID)

Thank for clarifying the GLUser. Regarding SSO I read somewhere that OTM 5.5.3 does not support SSO which why I went the LDAP route.

**chrisplough** · February 4, 2008, 18:44

Re: OTM and LDAP (OID)

You're welcome. On the SSO side, I haven't seen any notes, but I can't imagine it not working in CU03, because some very high profile clients are using it.

--Chris

**rsadani** · February 12, 2008, 17:26

Re: OTM and LDAP (OID)

We are also in similar stage of installing a access management tool for controlling access to service providers. We are planning to use Siteminder as a SSO tool for access management (with OTM 5.5.4)
Are there any specific advises around this?
Thanks
Ravindra

**chrisplough** · February 12, 2008, 19:09

Re: OTM and LDAP (OID)

Ravindra,

Several OTM / G-Log clients have used Siteminder SSO with OTM without issue -- I wouldn't expect you to have any issues. Just keep in mind that you'll need to configure OTM to use both SSO and the Reverse Proxy (URL Prefix) configuration.

--Chris

**pawsspeedy** · January 14, 2010, 21:56

Re: OTM and LDAP (OID)

Hi Chris,

We are in the middle of our integration with OID and there is a question from our SSO team which i am seeking clarification for:

Oracle SSO(from Oracle 10g Application Server) Solution in our company is protected by a siteminder. OID(LDAP Server) doesn’t store passwords. So, LDAP Authentication against OID is not an option. However, we still offer SSO solution to various ERP and other middle tiers as a partner applications in Oracle SSO Space. In simple, module OSSO in Apache can be registered with 10gAS and used for SSO Authentication.
We don’t see this kind of Authentication mechanism in the Admin guide. We have looked for mod_osso.so file in Apache home but we could not find it. So, can we just download this module and register this middle tier as an Oracle SSO Partner application? Please suggest

Seeking for an answer to this. Thanks in advance

**chrisplough** · January 21, 2010, 09:46

Re: OTM and LDAP (OID)

No - the SSO integration in OTM is achieved in a different manner.

When SSO is enabled, OTM accepts a User ID that can be passed via the HTTP Header or within the URL. When this is received, OTM automatically logs that user in, without presenting a login screen or doing other password authentication. OTM assumes that the SSO solution has already done the appropriate authentication.

I have seen OTM integrated with Siteminder in the past, so this configuration is definitely possible.

--Chris

**pawsspeedy** · January 21, 2010, 11:26

Re: OTM and LDAP (OID)

thanks chris for your help.

**pawsspeedy** · February 8, 2010, 00:50

Re: OTM and LDAP (OID)

Hi Chris,

For SSo integration with Siteminder we followed the following steps.

1) Installing od Siteminder webagent in the webserver (Apache) of OTM.
2) once this was done we set the protection policies in the Siteminder Policy server.

Now we are stuck as to how the users will be assigned roles. my confusion is if the UID and PWD are authenticated by SSO server then OTM needs to authorize the user. for authorisation we need to create users of the same UID inside OTM too, and when we create these users in OTM the system asks for the password to be entered too. should we enter the same password as is of the SSO ID or we can we give any password and OTM will bypass the same.

Thanks in advance.

**chrisplough** · February 8, 2010, 07:13

Re: OTM and LDAP (OID)

You're correct, in that you'll need to create the OTM usernames and assigned roles within the OTM application. These usernames may not be the same as your organizations username standard.

When you pass the OTM username to OTM via the specified variable in the HTTP header, then OTM will automatically log that user in, without verifying the password. OTM is deferring all authentication to the SSO framework.

--Chris

**pawsspeedy** · May 11, 2010, 17:46

Re: OTM and LDAP (OID)

Hi All,

In our project we have executed and implemented SSO authentication. Thanks Chris for your help. however i have another Question :-). In one of the property files i found an entry which says: glog.security.sso.loginBackdoorName=gc3backdoor. Can anybody help me out with the use of this property. Would really appreciate a quick response.

Regards
Paws

**pawsspeedy** · August 16, 2010, 20:24

Re: OTM and LDAP (OID)

Hi Everybody,

Just wanted to let you know that, we have changed the architecture for SSO Authentication, from installing the Siteminder on each OTM Apache Server to having it installed on an Extranet server. this way we can centralize authentication for all our Environments.

Regards
Paws

Announcement

OTM and LDAP (OID)

OTM and LDAP (OID)

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment