[wlirio]

Hi,
We are trying to integrate OTM 5.5.3 with OID using the LDAP configuration.
On the documentation there is a section that talks about extending the LDAP directory to include the GLUSER Attribute.
Quote from Install Doc "

OTM requires that the user ID field be part of the Distinguished Name (at least externally to an LDAP
client). It also requires that each LDAP user object to be authenticated with OTM be populated with
the GLUSER attribute. The GLUSER attribute should not be part of the Distinguished Name."
End Quote

I am not sure what is the GLUSER.

Thanks,

[chrisplough]

Hello,

the GLUSER is the G-Log (OTM) UserID, in the form of DOMAIN.USERNAME -- for instance GUIEST.ADMIN or COMPANY.LOUISE.

Just a little advice as you start looking itno this, I'd highly recommend using SSO (single sign-on) instead of the LDAP integration. With LDAP, you need to keep two copies of the OTM user's password - one in OTM and one in your LDAP directory and they must always be in sync. Instead, with SSO, you just keep the password in your SSO's repository and OTM simply accepts the userID passed to it, without doing it's own authentication. OTM's security remains intact and it's much easier to use.

--Chris

[wlirio]

Thank for clarifying the GLUser. Regarding SSO I read somewhere that OTM 5.5.3 does not support SSO which why I went the LDAP route.

[chrisplough]

You're welcome. On the SSO side, I haven't seen any notes, but I can't imagine it not working in CU03, because some very high profile clients are using it.

--Chris

[rsadani]

We are also in similar stage of installing a access management tool for controlling access to service providers. We are planning to use Siteminder as a SSO tool for access management (with OTM 5.5.4)
Are there any specific advises around this?
Thanks
Ravindra

[chrisplough]

Ravindra,

Several OTM / G-Log clients have used Siteminder SSO with OTM without issue -- I wouldn't expect you to have any issues. Just keep in mind that you'll need to configure OTM to use both SSO and the Reverse Proxy (URL Prefix) configuration.

--Chris

[pawsspeedy]

Hi Chris,

We are in the middle of our integration with OID and there is a question from our SSO team which i am seeking clarification for:

Oracle SSO(from Oracle 10g Application Server) Solution in our company is protected by a siteminder. OID(LDAP Server) doesn’t store passwords. So, LDAP Authentication against OID is not an option. However, we still offer SSO solution to various ERP and other middle tiers as a partner applications in Oracle SSO Space. In simple, module OSSO in Apache can be registered with 10gAS and used for SSO Authentication.
We don’t see this kind of Authentication mechanism in the Admin guide. We have looked for mod_osso.so file in Apache home but we could not find it. So, can we just download this module and register this middle tier as an Oracle SSO Partner application? Please suggest

Seeking for an answer to this. Thanks in advance

[chrisplough]

No - the SSO integration in OTM is achieved in a different manner.

When SSO is enabled, OTM accepts a User ID that can be passed via the HTTP Header or within the URL. When this is received, OTM automatically logs that user in, without presenting a login screen or doing other password authentication. OTM assumes that the SSO solution has already done the appropriate authentication.

I have seen OTM integrated with Siteminder in the past, so this configuration is definitely possible.

--Chris

[pawsspeedy]

thanks chris for your help.

[pawsspeedy]

Hi Chris,

For SSo integration with Siteminder we followed the following steps.

1) Installing od Siteminder webagent in the webserver (Apache) of OTM.
2) once this was done we set the protection policies in the Siteminder Policy server.

Now we are stuck as to how the users will be assigned roles. my confusion is if the UID and PWD are authenticated by SSO server then OTM needs to authorize the user. for authorisation we need to create users of the same UID inside OTM too, and when we create these users in OTM the system asks for the password to be entered too. should we enter the same password as is of the SSO ID or we can we give any password and OTM will bypass the same.

Thanks in advance.