Windows Oracle -Web - Copyright Oracle Corporation Japan, All rights reserved.

Similar documents
Oracle Identity Managementの概要およびアーキテクチャ

Oracle Application Server 10g(9

<Documents Title Here>

<Documents Title Here>

Windowsユーザーの為のOracle Database セキュリティ入門

組織変更ライブラリ

<Documents Title Here>

<Documents Title Here>

Oracle Web Conferencing Oracle Collaboration Suite 2 (9.0.4) Creation Date: May 14, 2003 Last Update: Jan 21, 2005 Version: 1.21

<Documents Title Here>

untitled

Oracle Application Server 10g(9

Oracle Application Server 10g( )インストール手順書

"CAS を利用した Single Sign On 環境の構築"

C3印刷用.PDF

untitled

橡CoreTechAS_OverView.PDF

untitled

"CAS を利用した Single Sign On 環境の構築"

<Insert Picture Here> Oracle Business Intelligence 2006/6/27

Oracle Secure Enterprise Search 10gを使用したセキュアな検索

Oracle Fail Safe For Windows NT and Windows 2000 リリース・ノート、リリース 3.1.2

Dec , IS p. 1/60

KWCR3.0 instration

意外と簡単!?

Windows SE RAC 10g 構築手順書

Oracle Change Management Pack, Oracle Diagnostics Pack, Oracle Tuning Packインストレーション・ガイド リリース2.2

<Documents Title Here>

FileMaker Server Getting Started Guide

BIG‑IP Access Policy Manager | F5 Datasheet

Oracle8 Workgroup Server for Windows NTインストレーション・ガイド,リリース8.0.6

DS_BIG-IP LTM VE_jp.indd

new_logo.eps

82801pdf.pqxp

Oracle Corporation

FileMaker Server 9 Getting Started Guide

FileMaker Server Getting Started Guide

<Insert Picture Here>

Plan of Talk CAS CAS 2 CAS Single Sign On CAS CAS 2 CAS Aug. 19, 2005 NII p. 2/32

Mac OS X Server Windows NTからの移行

untitled

A book

意外と簡単!? Oracle Database 11g -バックアップ・リカバリ編-

"CAS を利用した Single Sign On 環境の構築"

Oracle Calendar Oracle Collaboration Suite 2(9.0.4) Creation Date: Jun 04, 2003 Last Update: Nov 18, 2003 Version:

PowerPoint プレゼンテーション

Web Microsoft 2008 R2 Database Database!! Database 04 08

FileMaker Server Getting Started Guide

クラウド時代のインフラ構成/変更管理とコンプライアンス管理

untitled

オラクルのバックアップとリカバリの必須要件

untitled

ESA_UI_1110.PDF

CA Federation ご紹介資料

All Rights Reserved, Copyright FUJITSU LIMITED All Rights Reserved, Copyright FUJITSU LIMITED

Cisco® ASA シリーズルーター向けDigiCert® 統合ガイド

untitled

日本語タイトルを入力

FirePass Edge Client TM Edge Client LAN Edge Client 7.0 Edge Client Edge Client Edge Client Edge Client Edge Client Edge Client LAN Edge Client VPN Wi

Office BCP () Office Microsoft Exchange Exchange Server Exchange Online Exchange Server Exchange Online Exchange Exchange 1997 Exc

1 Microsoft Windows Server 2012 Windows Server Windows Azure Hyper-V Windows Server 2012 Datacenter/Standard Hyper-V Windows Server Windo

Part 1 IT CPU IT IT 1998 Windows NT Server 4.0, Terminal Server Edition 1 Windows Based Terminal WBT Windows CE 1 100Mbps 1Gbps LAN OS 1 PC 1 OS 2

JB_weblogic_guide.indd

SSO Sales/Tech combined webinar template

Pro 16 ipad iphone Windows Mac Web App : 12,600 T1 1 1 * Starter Solution Excel PDF Web Web CSV, Excel, XML, ODBC ODBC / JDBC ** SQL REST API (JSON, c

Systemwalker IT Service Management Systemwalker IT Service Management V11.0L10 IT Service Management - Centric Manager Windows

橡ExCtrlPDF.PDF

Encryption Security

Si-R180 ご利用にあたって

Oracle Application Server 10g Release 3(10.1.3)Oracle HTTP Serverの概要

Oracle HTML DB 導入ガイド

wp_integrating_active_directory_ml

Faronics Core User Guide

すぐに使える!Essbase キューブ開発テクニック集

(OnePoint) ( URL Web Copyright 2005 Microsoft Corporation. All rights reserved. Microsoft Windows Visual Basic Visual Studio Microsoft Corporation

Web STEPS Web Web Form Cookie HTTP STEPS Web

Slide 1

Oracle Real Application Clusters 10g Release 2: Microsoft SQL Server 2005との技術的比較

1. E-Business (Web ) 3 Web (Web Server) SSL(Secure Socket Layer) Netscape Communications 3 Oracle Internet Application Server 8i R1.0.1( Oracle ias )


Microsoft Intune MDM ソリューション向けDigiCert® 統合ガイド

Windows PC/ BCP () PC (BYOD: Bring Your Own Device) Windows 8 2 Windows 8 Windows 8 Windows Windows 8 Windows 8 Windows 8 PC/ 2

SSL PKI EFS STPP

wp_integrating_AD_10.9_16JAN2014

Oracle Application Server10g (9.0.4) - OracleAS PortalによるOracleAS Web Cacheの配置

CAS Yale Open Source software Authentication Authorization (nu-cas) Backend Database Authentication Authorization Powered by A

雲の中のWebアプリケーション監視術!~いまなら間に合うクラウド時代の性能監視入門~

rzammpdf.ps

Oracle Application Server 10gリリース2( )Oracle HTTP Serverの概要

rzat10pdf.ps


Oracle9iAS Release 2 (9.0.2) セキュリティ機能概要

HULFT-DataMagic Ver2.2.0 製品対応OS

ActiveDirectory\(AD\)とSAP R/3によるシングルサインオン\(SSO\)環境の構築

,,, J-SOX ISMS PCIDSS,, IM/VoIP/VoD Copyright 2008 Juniper Networks, Inc. 2

Copyright 2008 All Rights Reserved 2

ハピタス のコピー.pages

相続支払い対策ポイント

150423HC相続資産圧縮対策のポイント

Oracle DatabaseとIBM DB2 UDBの技術的比較: パフォーマンスを重視

Transcription:

Windows Oracle -Web - Copyright Oracle Corporation Japan, 2004. All rights reserved.

Agenda Oracle Windows Windows Oracle 1 / Active Directory/Enterprise User Security 1-1 Windows 1-2 Kerberos 1-3 Enterprise User Security 2 Web OracleAS- Single Sign On/Active Directory 2-1 Oracle Application Server 10 g 2-2 Oracle Identity Management Single Sign On 2-3 Oracle Internet Directory Active Directory Copyright Oracle Corporation Japan, 2004. All rights reserved. 2 / 45

Windows Oracle Database 10g 64-bit Itanium 2004/6 Oracle Database 10g (10.1.0) (32-bit) 2004/5 Oracle9i Release 2 (9.2.0) 64-bit Itanium Oracle9i Database Release 2(9.2.0) Oracle8i Enterprise Edition R8.1.7 Oracle Fail Safe Oracle8 Enterprise Edition R8.0 Oracle Parallel Server Option Oracle7 Server R7.3 Oracle7 Server R7.2 Oracle7 Server R7.1 Oracle7 Server R7.0 2003/5 2002/9 2002/1 1998/1 1997/9 1997/7 Win2003 (32/64-bit) Win2000 NT 4.0 EE 1996/12 NT 4.0 Windows NT DBMS 1996/1 NT 3.51 NT 1995/5 NT 3.5 1994/6 NT 3.1 (2003/5) (2000/2) (1997/11) (1996/12) (1996/1) (1994/12) (1993/ ) Copyright Oracle Corporation Japan, 2004. All rights reserved. 3 / 45

Microsoft.NET Oracle Oracle Data Provider for.net.net DB Visual Studio He VS F1 Server Explorer Intellisense XML.NET Web Services WS-I Web Services WSDL.NET J2EE Web Copyright Oracle Corporation Japan, 2004. All rights reserved. 4 / 45

Agenda Oracle Windows Windows Oracle 1 / Active Directory/Enterprise User Security 1-1 Windows 1-2 Kerberos 1-3 Enterprise User Security 2 Web OracleAS- Single Sign On/Active Directory 2-1 Oracle Application Server 10 g 2-2 Oracle Identity Management Single Sign On 2-3 Oracle Internet Directory Active Directory Copyright Oracle Corporation Japan, 2004. All rights reserved. 5 / 45

Client/Server Windows Oracle SCOTT Active Directory (Windows Windows Oracle AD Window EXAMPLE sqlplus /@orcl EXAMPLE SCOTT Oracle RDBMS Windows Oracle ID/ Copyright Oracle Corporation Japan, 2004. All rights reserved. 6 / 45

Windows Oracle :Web Directory/Security Single Sign-On Oracle Portal Windows Oracle E-Business Suite Release 11i User sign-on Microsoft AD(Active Directory) & KDC(Key Distribution Center) Oracle Internet Directory Copyright Oracle Corporation Japan, 2004. All rights reserved. 7 / 45

Oracle ID 3 Windows C/S Web... ID 10 1 Copyright Oracle Corporation Japan, 2004. All rights reserved. 8 / 45

Agenda Oracle Windows Windows Oracle 1 / Active Directory/Enterprise User Security 1-1 Windows 1-2 Kerberos 1-3 Enterprise User Security 2 Web OracleAS- Single Sign On/Active Directory 2-1 Oracle Application Server 10 g 2-2 Oracle Identity Management Single Sign On 2-3 Oracle Internet Directory Active Directory Copyright Oracle Corporation Japan, 2004. All rights reserved. 9 / 45

( SCOTT Active Directory (Windows Windows Oracle Windows Window EXAMPLE sqlplus scott/tiger@orcl Oracle RDBMS SCOTT Windows Oracle Copyright Oracle Corporation Japan, 2004. All rights reserved. 10 / 45

Windows SCOTT Active Directory (Windows Windows Oracle AD Window EXAMPLE sqlplus /@orcl EXAMPLE SCOTT Oracle RDBMS Windows Oracle ID/ Copyright Oracle Corporation Japan, 2004. All rights reserved. 11 / 45

1. REMOTE_OS_AUTHENT=FALSE OS_AUTHENT_PREFIX= OPS$ 2. SQLNET.ORA SQLNET.AUTHENTICATION_SERVICES = (NTS) 3. CREATE USER.. EXTERNALLY 4. GRANT CONNECT TO < > 1. SQLNET.ORA SQLNET.AUTHENTICATION_SERVICES = (NTS) Copyright Oracle Corporation Japan, 2004. All rights reserved. 12 / 45

SQL> CREATE USER OPS$EXAMPLE KAINOUE IDENTIFIED EXTERNALLY; SQL> GRANT CONNECT TO OPS$EXAMPLE KAINOUE ; OPS$EXAMPLE KAINOUE OS_AUTHENT_PREFIX Copyright Oracle Corporation Japan, 2004. All rights reserved. 13 / 45

Administration Assistant for Windows Copyright Oracle Corporation Japan, 2004. All rights reserved. 14 / 45

NTLM Windows AD Windows FOO REMOTE_OS_AUTHENT=TRUE EXAMPLE JAMES Admin Database Smith FOO SMITH SMITH Windows SQL> SELECT * FROM V$SESSION_CONNECT_INFO; SID AUTHENTI OSUSER NETWORK_SERVICE_BANNER --- -------- --------------- ------------------------------------- 151 OS smith Windows NT TCP/IP NT Protocol Adapter 151 OS smith Oracle Advanced Security: encryption service 151 OS smith Oracle Advanced Security: crypto-checksumming Copyright Oracle Corporation Japan, 2004. All rights reserved. 15 / 45

Agenda Oracle Windows Windows Oracle 1 / Active Directory/Enterprise User Security 1-1 Windows 1-2 Kerberos 1-3 Enterprise User Security 2 Web OracleAS- Single Sign On/Active Directory 2-1 Oracle Application Server 10 g 2-2 Oracle Identity Management Single Sign On 2-3 Oracle Internet Directory Active Directory Copyright Oracle Corporation Japan, 2004. All rights reserved. 16 / 45

Kerberos? Windows Kerberos Windows 2000 2003 Windows 2000 XP Kerberos 3... KDC TGT +ID ST Copyright Oracle Corporation Japan, 2004. All rights reserved. 17 / 45

Kerberos TGT 1. 3 KDC 2.ID TGT ST (ST) 3. Copyright Oracle Corporation Japan, 2004. All rights reserved. 18 / 45

Kerberos Windows Oracle Kerberos Active Directory KDC (Active Directory) 1. AD KDC(Key Distribution Center) 2. Kerberos Advanced Security Option Copyright Oracle Corporation Japan, 2004. All rights reserved. 19 / 45

Windows LM NTLM v2 Kerberos 3 KDC TGT +ID ST Copyright Oracle Corporation Japan, 2004. All rights reserved. 20 / 45

Kerberos (1/3) Active Directory (DC/KDC) (2) TGT (1) TGT Ticket Granting Ticket DC Domain Controller KDC Key Distribution Center Copyright Oracle Corporation Japan, 2004. All rights reserved. 21 / 45

Kerberos (2/3) TGT 1. Active Directory (DC/KDC) 2. ST ST 3. ST Service Ticket Copyright Oracle Corporation Japan, 2004. All rights reserved. 22 / 45

Kerberos (3/3) Active Directory (DC/KDC) ST 1. 2 ST Copyright Oracle Corporation Japan, 2004. All rights reserved. 23 / 45

Kerberos KDC 1. Kerberos 2. KeyTab 1. SQLNET.ORA SQLNET.AUTHENTICATION_SERVICES = (KERBEROS5), etc 2. CREATE USER.. EXTERNALLY 3. GRANT CONNECT TO < > 1. SQLNET.ORA SQLNET.AUTHENTICATION_SERVICES = (KERBEROS5), etc Copyright Oracle Corporation Japan, 2004. All rights reserved. 24 / 45

Agenda Oracle Windows Windows Oracle 1 / Active Directory/Enterprise User Security 1-1 Windows 1-2 Kerberos 1-3 Enterprise User Security 2 Web OracleAS- Single Sign On/Active Directory 2-1 Oracle Application Server 10 g 2-2 Oracle Identity Management Single Sign On 2-3 Oracle Internet Directory Active Directory Copyright Oracle Corporation Japan, 2004. All rights reserved. 25 / 45

SCOTT Active Directory (Windows SCOTT Active Directory Database Copyright Oracle Corporation Japan, 2004. All rights reserved. 26 / 45

SCOTT SCOTT Active Directory (Windows AD Oracle Internet Directory ( ) Copyright Oracle Corporation Japan, 2004. All rights reserved. 27 / 45

Enterprise User Security 3 SSL Kerberos * 3 *Enterprise User Security Kerberos Oracle10g Copyright Oracle Corporation Japan, 2004. All rights reserved. 28 / 45

EUS SSL Kerberos PKI Kerberos PKI SSL / Kerberos / SSL / SSL Advanced Security Option Advanced Security Option 2 3 2 3 2 3 AD Copyright Oracle Corporation Japan, 2004. All rights reserved. 29 / 45

Agenda Oracle Windows Windows Oracle 1 / Active Directory/Enterprise User Security 1-1 Windows 1-2 Kerberos 1-3 Enterprise User Security 2 Web OracleAS- Single Sign On/Active Directory 2-1 Oracle Application Server 10 g 2-2 Oracle Identity Management Single Sign On 2-3 Oracle Internet Directory Active Directory Copyright Oracle Corporation Japan, 2004. All rights reserved. 30 / 45

Oracle Application Server Oracle Application Server 10 g J2EE Single Sign On Oracle Identity Management Copyright Oracle Corporation Japan, 2004. All rights reserved. 31 / 45

local system local system Oracle Identity Management Directory... etc. SSO Copyright Oracle Corporation Japan, 2004. All rights reserved. 32 / 45

Oracle Application Server 10 g Security Cluster User HTTP/ HTTPS Authentication Authorization HTTP J2EE Encryption JAAS JavaACC SSO OracleAS Portal etc. Oracle Net Database SSO HTTP/ HTTPS HTTP Cookie SSO LDAP/ LDAPS LDAP/ LDAPS Oracle Identity Management Sync / Replica Other Repository Copyright Oracle Corporation Japan, 2004. All rights reserved. 33 / 45

Agenda Oracle Windows Windows Oracle 1 / Active Directory/Enterprise User Security 1-1 Windows 1-2 Kerberos 1-3 Enterprise User Security 2 Web OracleAS- Single Sign On/Active Directory 2-1 Oracle Application Server 10 g 2-2 Oracle Identity Management Single Sign On 2-3 Oracle Internet Directory Active Directory Copyright Oracle Corporation Japan, 2004. All rights reserved. 34 / 45

Oracle Identity Management Oracle Identity Management Oracle Application Server 10 g SSO LDAP Directory Directory Copyright Oracle Corporation Japan, 2004. All rights reserved. 35 / 45

Oracle Identity Management Oracle Identity Management SSO Single Sign-On Directory Database User Directory Delegation Service PKI Provisioning / Integration Certificate Authority Application Server Copyright Oracle Corporation Japan, 2004. All rights reserved. 36 / 45

Oracle Identity Management Oracle Identity Management User Database - - Directory Application Server Copyright Oracle Corporation Japan, 2004. All rights reserved. 37 / 45

OracleAS Single Sign-On Application Server Web SSO Cookie mod_osso OracleAS Portal SSO SDK AP Oracle Internet Directory User (1) request (3) response (2) login Oracle HTTP Server with mod_osso OracleAS Single Sign-On Copyright Oracle Corporation Japan, 2004. All rights reserved. 38 / 45

OracleAS Single Sign-On Web Copyright Oracle Corporation Japan, 2004. All rights reserved. 39 / 45

Oracle User (1) SSO J2EE (5) w/sso OracleAS Portal (6) Database SSO (2) (4)SSO (3) Oracle Identity Management Directory DB access Copyright Oracle Corporation Japan, 2004. All rights reserved. 40 / 45

3rd Party SSO (1) request (3) response Oracle HTTP Server with mod_osso 2b. ticket User 2c. ticket check (2) login 3 rd Party SSO 2a. redirect / login 2d. ticket check Sync Oracle Identity Management Windows Copyright Oracle Corporation Japan, 2004. All rights reserved. 41 / 45

Agenda Oracle Windows Windows Oracle 1 / Active Directory/Enterprise User Security 1-1 Windows 1-2 Kerberos 1-3 Enterprise User Security 2 Web OracleAS- Single Sign On/Active Directory 2-1 Oracle Application Server 10 g 2-2 Oracle Identity Management Single Sign On 2-3 Oracle Internet Directory Active Directory Copyright Oracle Corporation Japan, 2004. All rights reserved. 42 / 45

AD -AD AD OID - Active Directory OID jp.axa.com sales group1 SCOTT JOE group2 JAMES FORD SMITH jp.oracle.com OracleContext ActiveChgImp) Users SCOTT JOE JAMES FORD SMITH Mapping Rule(ActiveChgImp) DomainRules ou=group1,ou=sales,dc=jp,dc=axa,dc=com:cn=users,dc=jp,dc=oracle,dc=com: ou=group2,ou=sales,dc=jp,dc=axa,dc=com:cn=users,dc=jp,dc=oracle,dc=com: Copyright Oracle Corporation Japan, 2004. All rights reserved. 43 / 45

AD -AD AD OID - Active Directory OID Copyright Oracle Corporation Japan, 2004. All rights reserved. 44 / 45

Copyright Oracle Corporation Japan, 2004. All rights reserved. 45 / 45

2024 © docsplayer.net プライバシー | 利用規約 | フィードバック