Setting Up a Database Service to Use Oracle Proxy Authentication

Use this procedure to set up your system to use Oracle proxy authentication.

To set up a database service for Oracle proxy authentication

  1. Create the proxy user in Oracle. At the command line, type

    create user LAWSON_PROXY identified by userPassword

  2. Create the lawson database user if it does not exist. At the command line, type

    create user lawson identified by userPassword

  3. Create any database user accounts for any other users who will be accessing the database. For each user, at the command line, type

    create user userName identified by userPassword

  4. Create the proxy role. At the command line, type

    create role LAWSON_PROXY_ROLE identified by rolePassword

  5. Grant the role to the users, including the LAWSON_PROXY user. For each user, at the command line, type

    grant LAWSON_PROXY_ROLE to userName

  6. Create the proxy for each user. For each user, at the command line, type

    alter user userName grant connect through LAWSON_PROXY with role LAWSON_PROXY_ROLE

  7. Run the law_perms.sql.pl script for the LAWSON_PROXY_ROLE.
  8. Set up a database service using the following template. This .xml file can include identities for the service as well and then you can use ssoconfig to import the service and identities. 
    <?xml version="1.0" encoding="ISO-8859-1"?> 
<BATCH_LOAD FORMAT="Opaque" OVERRIDE="false"> 
    <SERVICE> 
        <HasCredential>true</HasCredential> 
        <LoginProcedure>FILL_IT</LoginProcedure> 
        <ID>MYPRIVID</ID> 
        <SvcEntryAttrList>database_login_name,password</SvcEntryAttrList> 
        <LOGINSCHEME NAME="DB"> 
<LoginProcedure>USE_USER_AND_PRIVILEGED_ID</LoginProcedure> 
<LOGINSCHEMENAME>DB</LOGINSCHEMENAME> 
</LOGINSCHEME> 
        <IdentityAttrList>database_login_name</IdentityAttrList> 
        <CredentialAttrList>PASSWORD</CredentialAttrList> 
    </SERVICE> 
    <IDENTITY SERVICENAME="MYPRIVID"> 
        <RDID>Sample.User</RDID> 
        <PASSWORD><![CDATA[9ac3bb172c]]></PASSWORD> 
        <DATABASE_LOGIN_NAME><![CDATA[SampleUser]]></DATABASE_LOGIN_NAME> 
    </IDENTITY> 
<IDENTITY KEY="DEFAULT" PRIVILEGED="TRUE" SERVICENAME="MYPRIVID"> 
        <PASSWORD><![CDATA[2fb9004ab097469c0106984697bb53b0]]></PASSWORD> 
        <DATABASE_LOGIN_NAME><![CDATA[LAWSON_PROXY]]></DATABASE_LOGIN_NAME> 
    </IDENTITY>
  9. Import the .xml file by running ssoconfig -c, and selecting Manage Services > Load service and identity file.
  10. Configure the Environment service to use the database service you just created.
  11. Add the LAWSON_PROXY user as the identity for the Environment service privileged identity.
  12. Edit the ORACLE database configuration file so that it refers to the database service and to the proxy role: 
    SERVICENAME=DBServiceName
ROLE=LAWSON_PROXY_ROLE