5.2 Available Features with OracleAS Single Sign-On, Oracle Internet Directory and Forms

5.2.1 Dynamic Resource Creation When A Resource Is Not Found In Oracle Internet Directory

A user connects to Forms and is authenticated by mod_osso in combination with the OracleAS Single Sign-On Server and Oracle Internet Directory. Once the user is authenticated, the user is directed to the Forms Servlet which takes the user's request information containing the OracleAS Single Sign-On user name. The user name and the application name build a unique pair that identifies the user's resource information for this application in Oracle Internet Directory.

When an authenticated Forms user has neither the resource for a particular application that is being requested nor a default resource in Oracle Internet Directory, then the user is redirected to a Oracle Internet Directory/DAS page to dynamically create them. After creating the resource, the user is redirected back to the original Forms request URL.

The way Forms Services handles the missing resource information is customizable by the application or Forms Services administrator. The following options are available:

• Allow dynamic resource creation (default)

• Redirect the user to a pre-defined URL as specified by the ssoErrorUrl parameter

• Display the Forms error message

The redirection URL is provided by the system administrator in the Forms configuration files and should be either absolute or relative.

5.2.2 Support for Default Preferences in Oracle Internet Directory to Define Forms Resources

In previous releases, Forms uses resources added to each individual user account using the Oracle Delegated Administration Services. This implementation means that even if users share a common resource, it needs to be implemented for each user, no matter if there are 10 of them or 10,000.

In this Forms release, Forms and application administrators can define common used resources as default resources using the Oracle Internet Directory preferences. An administrator creates a resource once and all user accounts automatically inherit this resource to be used within Forms.

5.2.3 Support for Dynamic Directives With Forms and OracleAS Single Sign-On

Enforcing OracleAS Single Sign-On in Forms is now done within the formsweb.cfg file. There is now a new OracleAS Single Sign-On parameter, ssoMode, to indicate when a custom application requires OracleAS Single Sign-On authentication.

This parameter allows a Forms Services instance to handle both application types, public and OracleAS Single Sign-On protected Forms. Because OracleAS Single Sign-On is configured in the formsweb.cfg file, Enterprise Manager Application Server Control Console can read and write the single OracleAS Single Sign-On parameter.

5.2.4 Support for Database Password Expiration for Forms Running with OracleAS Single Sign-On

In previous releases of Oracle Forms, password changes between Oracle Forms and an Oracle database would be successful, but these changes (including expirations) would not propagate to Oracle Internet Directory.

Now in OracleAS Forms Services, if the database password has expired and the Forms Services application, running in OracleAS Single Sign-On mode, is used to renew it, then the new password entered by the user is used to update the Resource Access Descriptor (RAD) in Oracle Internet Directory for this application. This feature ensures that OracleAS Single Sign-On with Forms continues working even when a database password was changed. However, if password changes are made in SQL*PLUS, and not in Oracle Forms, then the database connect string is not updated in Oracle Internet Directory.