Oracle proxy authentication and federated trusted contexts
Create a physical connection to the Oracle data source, and then switch the connection to a different user on the same connection.
Using Oracle proxy authentication and federated trusted contexts reduces the network overhead of creating a separate network connection from the federated server to the Oracle database for each user, while still positively asserting the identity of the connected user to the Oracle data source. The application can switch from user to user, as required, to process transactions on the behalf of the users.
- On the Oracle server, use the Oracle ALTER USER statement to register
each proxy user. Here Mary, who is the proxy user, is granted permission
to use the proxy named BOSS and gains the role CLERK for the duration
of the connection:
ALTER USER MARY GRANT CONNECT THROUGH BOSS WITH ROLE CLERK - On the federated server, create the trusted context object:
CREATE TRUSTED CONTEXT MY_FED_TCX BASED UPON CONNECTION USING SYSTEM AUTHID BOSS ATTRIBUTES (ENCRYPTION 'NONE') WITH USE FOR MARY WITHOUT AUTHENTICATION ENABLE
With this configuration, the federated server can set up an end-to-end trusted connection from the client through the federated server to the Oracle data source. BOSS can establish a trusted connection, and MARY can reuse it.
To establish and reuse trusted connections, use the API that database provides.