Skip to Main Content
Forums

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

backdoor link with SSO authentication scheme?!

Sorin2-OracleFeb 3 2006 — edited Feb 5 2006
Hello!

I think is can be an important security issue…

I just activated SSO for my HTMLDB application. I used the “authentication scheme from gallery:Oracle Application Server Single Sign-On (HTML DB as Partner Application)” (changed only logout URL, but this is not relevant) and I followed the steps from
http://www.oracle.com/technology/products/database/htmldb/howtos/sso_partner_app.html

Everything was working fine with SSO login, but...

Users noticed me hey have “strange results” using their old bookmarks to former login page (“htmldb built-in authentication”).

Where can I be wrong? It looks for me like a big security bug.

I’d like to know if there is a registered bug or a support note for this.

Please help!

Message was edited by:
jkestely
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 5 2006
Added on Feb 3 2006
#apex-discussions
4 comments
630 views