在12.0版本的Oracle E-Business Suite中,已集成SSO和OID,并从应用程序向OID进行身份验证。尽管设置为仅使用SSO登录,但用户仍能通过AppsLocalLogin.jsp登录。预期行为是阻止使用此URL登录并显示错误消息。该问题可通过创建测试用户并尝试使用两种方式登录来复现。
注:以下仅为个人测试及见解
EBS 版本:11.5.10.2
背景:SSO单点登录时通过
http://<host>.<domain>:<port>/登录EBS,会自动跳转至SSO统一登录界面,
但Oracle EBS预留了登录后门,
http://<host>.<domain>:<port>/OA
_HTML/AppsLocalLogin.jsp,
通过此URL仍然可以绕过SSO统一登录界面,由EBS登录界面进入系统。
目的:是否可以屏蔽该URL,即使手工输入该URL,也限制只能从SSO统一界面登录EBS。
文档参考:
Applications SSO Login Types (APPS_SSO_LOCAL_LOGIN)
o SSO – Login is only allowed through Single Sign-On. The password is set to ‘EXTERNAL’ after a single sign-on account and an application account are linked.
o LOCAL – Login is only allowed via Oracle E-Business Suite local login. Passwords must be retained in the Oracle E-Business Suite and the account cannot be linked to any Oracle Internet Directory user.
o BOTH – Login can be through both single sign-on and Oracle E-Business Suite. Since changes to the Oracle E-Business Suite password can be synchronized to Oracle Internet Directory, but not vice versa, a user’s Single Sign-On password will not necessarily b
o SSO – Login is only allowed through Single Sign-On. The password is set to ‘EXTERNAL’ after a single sign-on account and an application account are linked.
o LOCAL – Login is only allowed via Oracle E-Business Suite local login. Passwords must be retained in the Oracle E-Business Suite and the account cannot be linked to any Oracle Internet Directory user.
o BOTH – Login can be through both single sign-on and Oracle E-Business Suite. Since changes to the Oracle E-Business Suite password can be synchronized to Oracle Internet Directory, but not vice versa, a user’s Single Sign-On password will not necessarily b
最低0.47元/天 解锁文章
扫一扫
1427
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
