tags:

views:

413

answers:

2
Q: 

How to enforce one-and-only-one concurrent logon per user with Oracle SSO?

OK, the auditors have come knocking and I know one of their standard "exposures" is if your application allows concurrent logons by the same user.

Let's put aside the quantification of that risk for a minute...

The application I'm working with uses Oracle SSO for managing authentication, and as far as I know, it does not have an out-of-the-box solution for this.

I'm looking for advice - either a way that the standard product can be made to support this requirement, or the most maintainable, unintrusive customisation to do the same.

Appreciate any thoughts on the matter...

+1  A: 

Ignoring the SSO part, you would add the user to a profile that limits the number of active sessions.

ALTER PROFILE app_user LIMIT SESSIONS_PER_USER 1;

I don't know what SSO adds to this.

Daniel Emge  2009-02-10 17:20:44
Don't think that will work in my case, since the mid-tier does proxy authentication to the database? Each actual user doesn't have their own db profile.
tardate  2009-02-11 03:18:59
A: 

You can limit the user via a logon trigger. Have the trigger query the database for sessions belonging to the user. If the user is already login error and log the present session out.

MichaelN  2009-03-09 19:30:42
Thanks MichaelN, but I think the same problem as with Demage's answer ... fine if we are dealing with database users, but does not solve the OSSO/mid-tier problem because the users do not have a database session of their own.
tardate  2009-03-10 02:01:22
SSO throws a wrench into that. Can you make use of the Remote_User header to limit the number of similar user connection?
MichaelN  2009-03-10 16:22:19

related questions

Is there a Way to use Linq to Oracle
NHibernate and Oracle connect through Windows Authenication
Boolean Field in Oracle
How do you manage schema upgrades to a production database?
How do I deal with quotes ' in SQL
When do you use table clusters?
Oracle write to file
MS SQL Server 2008 "linked server" to Oracle : schema not showing
Develop on local Oracle instance
Resources for an Oracle beginner
What strategies have you employed to improve web application performance?
Automate Syncing Oracle Tables With MySQL Tables
Best way to encapsulate complex Oracle PL/SQL cursor logic as a view?
What Content Management does your workplace use?
What is the difference between oracle's 'yy' and 'rr' date mask?
SQL/Query tools?
How to make Pro*C cope with #warning directives?
Oracle SQL Developer not responsive when trying to view tables (or suggest an Oracle Mac client)
How big would such a database be?
Oracle - What TNS Names file am I using?
What is a good way to open large files across a WAN?
How do I find the high water mark (for sessions) on Oracle 9i
SQL Case Statement Syntax?
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?