Single Sign On (SSO)

SSO is a security mechanism that allows a user to login once and have access to multiple web applications.

Oracle BPM Enterprise uses SSO to allow users to use the same login and password they use for other applications that share the environment with Oracle BPM web applications. The users need to enter their credentials only one time to access any of the applications. The following applications can use SSO:

Process Administrator
WorkSpace
WorkSpace Administrator
PAPI

Note: SSO is not enable by default. To use SSO, you must manually enable it.

Oracle BPM Enterprise Standalone

On the standalone version of Oracle BPM, you can enable SSO individually for each web application using the Admin Center. When enable SSO using the Admin Center, you must also specify the class used for each web application. This class points to the SSO mechanism of the application server container.

The default class for the Process Administrator, WorkSpace Administrator and PAPI applications is: fuego.web.SSOUserLogin

The default class of the WorkSpace application is: fuego.workspace.security.SSOWorkSpaceLogin

Additionally, you can also implement a custom class to supply your own SSO implementation. See the Oracle BPM PAPI Developer Guide for more information.

Oracle BPM Enterprise on J2EE

When using the J2EE version of Oracle BPM, SSO is configured on the application server. See you application server documentation for more information.

Account Lockout
Oracle BPM Enterprise does not provide a mechanism for locking out user accounts after multiple unsuccessful login attempts. To enable account lockout functionality, you must configure your SSO infrastructure to perform account lock out.
Configuring Custom Single Sign-On Authentication
The following procedure shows you how to configure your web application to use a Custom Single Sign-On implementation.

Parent topic: Security