Last updated on JULY 01, 2016
Applies to:Oracle Application Server Single Sign-On - Version 10.1.2.2 to 10.1.4.3 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.
***Checked for relevance on 02-Jun-2015***
Some applications that may wish to take different actions depending upon whether a user is already authenticated to Oracle AS Single Sign-On (OSSO) or not. For example an application that can provide some functionality to public users and thus only wants to authenticate the user if they are already authenticated to OSSO via another partner application.
To facilitate this OSSO has a feature available in versions 10.1.2.2 and above that will allow the SSO server to set a domain cookie when a user is authenticated. This cookie is the ORASSO_AUTH_HINT cookie and can be configured to be returned to all applications in the same common domain rather than just the SSO server virtual host, as for the SSO_ID cookie. The partner application can check for the existence of this cookie and if it is present can dynamically request authentication via the SSO server. See Oracle Identity Management Application Developer's Guide 10g (10.1.4.0.1) Chapter 9 Developing Applications for Single Sign-On 9.3.3 Developing Java Applications That Use Dynamic Directives for how the application can achieve this. If configured correctly the ORASSO_AUTH_HINT cookie will be removed upon a successful SSO logout or whenever the users browser session is terminated.
This article will explain how to configure the ORASSO_AUTH_HINT cookie.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms