Partnership with :
High level requirements for customer portal Single Sign On are presented below
- Customer must input password only once to access portal and services
- Password must be set by the customer the first time and changed according to a global password policy
- Single Sign On infrastructure must be in high availability.
- About 10 million user must be managed by LDAP
Systems and products
- VMWare servers
- Linux Red Hat EL
- Oracle Access Manager
- Oracle Virtual Directory
- Oracle Internet Directory
- Oracle http Server
- More than 10 web server are placed in DMZ. In each webserver we have the OAM WebGates. Requests are captured by Webgates and turned to OAM servers primary server and secondary server in case of primary failure. Definition of primary and secondary is alternate in all webgates thus reaching a perfect balancing on the two OAM servers.
- OAM servers turn requests to OVD server with the principle of primary and secondary server (in case of failure of the primary).
- OVD server turn requests to OID (Ldap server) via a weighted balancing. OVD lt to configure the percentage of load to transfer to a single underlying ldap server. After performance tests we set the balance to 40%, 40%, 20%. In case of a single ldap server failure, OVD will rebalance the load with equal number of requests per server.
Advantages of this solution are presented below:
- Centralised account management
- Centralised authentication and authorization
- Single sign on for portal and applications
- Horizontal scalability of system components
- High number of authentication/authorization per second.