Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

Oracle® Identity M anagem ent Application Developer’s Guide 10g Release 2 (10.1

Oracle® Identity M anagem ent Application Developer’s Guide 10g Release 2 (10.1.2) Part No. B14087-01 December 2004 Oracle Identity Management Application Developer’s Guide, 10g Release 2 (10.1.2) Part No. B14087-01 Copyright © 1996, 2004, Oracle. All rights reserved. Primary Author: Henry Abrecht Contributing Author: Jennifer Polk, Richard Smith Contributor: Kamalendu Biswas, Ramakrishna Bollu, Saheli Dey, Bruce Ernst, Rajinder Gupta, Ashish Kolli, Stephen Lee, David Lin, Radhika Moolky, Samit Roy, David Saslav The Programs (which include both the software and documentation) contain proprietary information; they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright, patent, and other intellectual and industrial property laws. Reverse engineering, disassembly, or decompilation of the Programs, except to the extent required to obtain interoperability with other independently created software or as speciﬁed by law, is prohibited. The information contained in this document is subject to change without notice. If you ﬁnd any problems in the documentation, please report them to us in writing. This document is not warranted to be error-free. Except as may be expressly permitted in your license agreement for these Programs, no part of these Programs may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose. If the Programs are delivered to the United States Government or anyone licensing or using the Programs on behalf of the United States Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-speciﬁc supplemental regulations. As such, use, duplication, disclosure, modiﬁcation, and adaptation of the Programs, including documentation and technical data, shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement, and, to the extent applicable, the additional rights set forth in FAR 52.227-19, Commercial Computer Software--Restricted Rights (June 1987). Oracle Corporation, 500 Oracle Parkway, Redwood City, CA 94065 The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherently dangerous applications. It shall be the licensee's responsibility to take all appropriate fail-safe, backup, redundancy and other measures to ensure the safe use of such applications if the Programs are used for such purposes, and we disclaim liability for any damages caused by such use of the Programs. Oracle is a registered trademark of Oracle Corporation and/or its afﬁliates. Other names may be trademarks of their respective owners. The Programs may provide links to Web sites and access to content, products, and services from third parties. Oracle is not responsible for the availability of, or any content provided on, third-party Web sites. You bear all risks associated with the use of such content. If you choose to purchase any products or services from a third party, the relationship is directly between you and the third party. Oracle is not responsible for: (a) the quality of third-party products or services; or (b) fulﬁlling any of the terms of the agreement with the third party, including delivery of products or services and warranty obligations related to purchased products or services. Oracle is not responsible for any loss or damage of any sort that you may incur from dealing with any third party. Portions of this document are from "The C LDAP Application Program Interface," an Internet Draft of the Internet Engineering Task Force (Copyright (C) The Internet Society (1997-1999). All Rights Reserved), which expires on 8 April 2000. These portions are used in accordance with the following IETF directives: "This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modiﬁed in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights deﬁned in the Internet Standards process must be followed, or as required to translate it into languages other than English." RSA and RC4 are trademarks of RSA Data Security. Portions of Oracle Internet Directory have been licensed by Oracle Corporation from RSA Data Security. Oracle Directory Manager requires the JavaTM Runtime Environment. The JavaTM Runtime Environment, Version JRE 1.1.6. ("The Software") is developed by Sun Microsystems, Inc. 2550 Garcia Avenue, Mountain View, California 94043. Copyright (c) 1997 Sun Microsystems, Inc. This product contains SSLPlus Integration SuiteTM version 1.2, from Consensus Development Corporation. iPlanet is a registered trademark of Sun Microsystems, Inc. v Contents Send Us Your Comments .................................................................................................................... xxiii Preface ............................................................................................................................................................. xxv Audience................................................................................................................................................... xxv Documentation Accessibility................................................................................................................. xxv Structure................................................................................................................................................... xxvi Related Documents ................................................................................................................................ xxvii Conventions ........................................................................................................................................... xxviii What’s New in the SDK?..................................................................................................................... xxxiii New Features in the Release 10.1.2 SDK............................................................................................ xxxiii New Features in the Release 9.0.4 SDK.............................................................................................. xxxiii Part I Programming for Oracle Identity Management 1 Developing Applications for Oracle Identity Management Beneﬁts of Integrating with Oracle Identity Management.............................................................. 1-1 Oracle Identity Management Services Available for Application Integration............................ 1-2 Integrating Existing Applications with Oracle Identity Management.......................................... 1-2 Integrating New Applications with Oracle Identity Management ................................................ 1-3 Integrating J2EE Applications with Oracle Identity Management ................................................ 1-4 Directory Programming: An Overview................................................................................................ 1-4 Programming Languages Supported by the SDK......................................................................... 1-4 SDK Components............................................................................................................................... 1-4 Application Development in the Directory Environment ........................................................... 1-4 Architecture of a Directory-Enabled Application .................................................................. 1-5 Directory Interactions During the Application Life Cycle.................................................... 1-5 Services and APIs for Integrating Applications with Oracle Internet Directory............... 1-6 Integrating Existing Applications with Oracle Internet Directory ...................................... 1-8 Integrating New Applications with Oracle Internet Directory............................................ 1-8 Other Components of Oracle Internet Directory........................................................................... 1-9 2 Developing Applications with Standard LDAP APIs History of LDAP....................................................................................................................................... 2-1 vi LDAP Models........................................................................................................................................... 2-1 Naming Model.................................................................................................................................... 2-2 Information Model............................................................................................................................. 2-3 Functional Model ............................................................................................................................... 2-3 Security Model.................................................................................................................................... 2-4 Authentication............................................................................................................................. 2-4 Access Control and Authorization ........................................................................................... 2-5 Data Integrity............................................................................................................................... 2-6 Data Privacy................................................................................................................................. 2-6 Password Policies........................................................................................................................ 2-6 About the Standard LDAP APIs............................................................................................................ 2-7 API Usage Model ............................................................................................................................... 2-7 Getting Started with the C API ........................................................................................................ 2-7 Getting Started with the DBMS_LDAP Package........................................................................... 2-8 Getting Started with the Java API.................................................................................................... 2-8 Initializing an LDAP Session ................................................................................................................ 2-8 Initializing the Session by Using the C API ................................................................................... 2-8 Initializing the Session by Using DBMS_LDAP ............................................................................ 2-9 Initializing the Session by Using JNDI......................................................................................... 2-10 Authenticating an LDAP Session....................................................................................................... 2-10 Authenticating an LDAP Session by Using the C API .............................................................. 2-11 Authenticating an LDAP Session by Using DBMS_LDAP ....................................................... 2-11 Searching the Directory........................................................................................................................ 2-12 Program Flow for Search Operations........................................................................................... 2-12 Search Scope..................................................................................................................................... 2-13 Filters................................................................................................................................................. 2-14 Searching the Directory by Using the C API............................................................................... 2-15 Searching the Directory by Using DBMS_LDAP ....................................................................... 2-16 Terminating the Session....................................................................................................................... 2-17 Terminating the Session by Using the C API.............................................................................. 2-17 Terminating the Session by Using DBMS_LDAP....................................................................... 2-17 3 Developing Applications with Oracle Extensions to the Standard APIs Using Oracle Extensions to the Standard APIs .................................................................................. 3-1 Using the API Extensions in PL/SQL ............................................................................................. 3-3 Using the API Extensions in Java..................................................................................................... 3-3 The oracle.java.util Package ...................................................................................................... 3-3 PropertySetCollection, PropertySet, and Property Classes .................................................. 3-3 How the Standard APIs and The Oracle Extensions Are Installed ............................................ 3-4 Creating an Application Identity in the Directory ............................................................................ 3-4 Creating an Application Identity..................................................................................................... 3-4 Assigning Privileges to an Application Identity ........................................................................... 3-5 User Management Functionality........................................................................................................... 3-5 User Operations Performed by Directory-Enabled Applications............................................... 3-5 User Management APIs .................................................................................................................... 3-6 Java API for User Management ................................................................................................ 3-6 C API for User Management..................................................................................................... 3-6 vii PL/SQL API for User Management......................................................................................... 3-6 User Authentication........................................................................................................................... 3-6 Java API for User Authentication............................................................................................. 3-7 PL/SQL API for User Authentication...................................................................................... 3-7 C API for User Authentication.................................................................................................. 3-7 User Creation...................................................................................................................................... 3-7 Java API for User Creation ........................................................................................................ 3-7 PL/SQL API for User Creation................................................................................................. 3-8 C API for User Creation............................................................................................................. 3-8 User Object Retrieval ......................................................................................................................... 3-8 Java API for User Object Retrieval ........................................................................................... 3-8 PL/SQL API for User Object Retrieval.................................................................................... 3-9 C API for User Object Retrieval ................................................................................................ 3-9 Group Management Functionality ....................................................................................................... 3-9 Identity Management Realm Functionality........................................................................................ 3-9 Realm Object Retrieval for the Java API......................................................................................... 3-9 Server Discovery Functionality .......................................................................................................... 3-10 Benefits of Oracle Internet Directory Discovery Interfaces....................................................... 3-10 Usage Model for Discovery Interfaces......................................................................................... 3-11 Determining Server Name and Port Number From DNS......................................................... 3-12 Mapping the DN of the Naming Context............................................................................. 3-12 Search by Domain Component of Local Machine............................................................... 3-12 Search by Default SRV Record in DNS................................................................................. 3-12 Environment Variables for DNS Server Discovery.................................................................... 3-13 Programming Interfaces for DNS Server Discovery.................................................................. 3-13 Java APIs for Server Discovery ..................................................................................................... 3-13 Examples: Java API for Directory Server Discovery.................................................................. 3-14 SASL Authentication Functionality .................................................................................................. 3-15 SASL Authentication by Using the DIGEST-MD5 Mechanism................................................ 3-15 Steps Involved in SASL Authentication by Using DIGEST-MD5..................................... 3-15 JAVA APIs for SASL Authentication by Using DIGEST-MD5 ......................................... 3-16 SASL Authentication by Using External Mechanism................................................................ 3-16 Proxying on Behalf of End Users uploads/s1/ developer-guide.pdf