I am wondering about the following:
A JDBC driver authenticating a user to a remote Oracle RDBMS using OpenID authentication.
In this instance the Oracle RDBMS will NOT see the user's password.
Is it possible to setup Oracle RDBMS to be an OpenID Relying Party? If so, what versions can be setup this way?
Is there a JDBC driver that can act as a User Agent that can handle the HTTP(S) redirections and such inherent in OpenID authentication?
Thanks.
Ha a look at Oracle Identity Federation.
Related
We have a large SSIS solution with many connection managers pointing to Oracle. Provider is ODBC, data sources are set to defined system DSNs. So far we use user names and passwords and everything works fine. Now we want to switch to Kerberos authentication.
I can already successfully query the Oracle database using sqlplus with Windows authentication.
I'm having hard time achieving the same from SSIS using ODBC connection managers.
Is it possible to reconfigure the ODBC connection managers so they will use Windows authentication? How should be the connection manager configured?
The question is specifically about ODBC, please avoid answers like "use Attunity".
We use MS SQL Server 2016 Enterprise edition, Oracle 12.2.
I finally made it working, hope it helps someone.
I created a new DSN
as User ID I put [OracleUserName]
beware the square brackets! Those are necessary
the OracleUserName is user name configured on Oracle side (I do not know much about Oracle). The DBA configured the AD account to be able to login as this user.
can someone please tell the difference between Oracle Internet Directory and Oracle Access Manager?
For Single sign on configuration do we need both?
thanks
Check this:
1.https://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oidoam.htm#IDMIG30891
1.http://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/oim/10.1.4/oam-osso-portal/oam-osso-portal.htm
yes both needs to be present.
Oracle Internet Directory is LDAP Server. OID (Oracle Internet Directory ) from OAM perspective contains the user's data. OAM uses OID as user identity store. But OID is not mandatory, any other LDAP server can be used like AD, DSEE, OVD, OUD.
OAM provides authentication, authorization, single sign on and session management service for web applications (It also supports same for non-web based application).
For more details on OAM : http://docs.oracle.com/cd/E40329_01/admin.1112/e27239/toc.htm
I have an oracle database where I'm using proxy authentication and windows authentication. This allows me to authenticate the user against AD servers and yet allows pooled connections.
I understand that I can use the oracle data provider for dot net. However, I would prefer to use an orm such as nHibernate. Is it possible to use the nHibernate and use oracle proxy authentication?
All nhibernate needs to know is how to create a connection to your oracle databae right? This is all done by the connection string where you pass in the proxy user's name/pw or you could use Integrated Security in Oracle 8i release 3 or later.
This means this has nothing to do with nhibernate I would say. So yes, it should work.
There are a few users which have (1) username, (2) password and (3) role attributes.
I want to use credentials of a user to authenticate and authorize for EJB service operations (WebLogic 12c App Server).
At the same time, i want to use those credentials for connection to persistence storage (Oracle 11g Database), cause my customer wants to restrict db object access depend on user role attribute.
Is there WebLogic or Oracle Database facilities to do so?
Is there any way to do so?
Very glad to see all your responses. Thank you.
Is it possible to use LDAP authentication with Liquibase?
If not, how have others solved the problem of automating changes to production database schemas using Liquibase (yet still keeping the database credentials secure)?
LDAP is used for server-side authentication. Not all databases support it, for example MySQL only supports it in it's Enterprise version.
Securing the credentials, used by clients like liquibase, falls into two categories:
Protecting data in transit
Protecting credentials at rest
To protect credentials in transit, I'd recommend using a JDBC driver which supports SSL. Some JDBC drivers support this feature, for example MySQL. Another approach is to tunnel the JDBC traffic over a SSH tunnel.
Protecting credentials at rest (in configuration files) is more difficult and depends on how you plan to invoke liquibase. If you're using ANT, I'd suggest using the answer to this question on how to read encrypted property files.