Works, but not without issues and impacts to the user experience
November 07, 2017
Works, but not without issues and impacts to the user experience
Score 4 out of 10
Vetted Review
Verified User
Overall Satisfaction with Oracle Enterprise Single Sign-On
We use it to achieve single sign-on for other systems which aren't Active Directory federated. This allows IT users to avoid typing their passwords for different systems, since ESSO automatically types it for them when they go to the web page or thick client.
- Flexible to work with most web sites and thick clients
- Avoids users having to type their passwords repeatedly
- Fairly performant
- This tool is essentially a hack, making the user experience pretty weak. For example, we use it in an application which has a box to type your password. Every time you enter some data, ESSO steals the focus and types your password into the box, even if you aren't about to submit the form requiring the password.
- This tool creates a 2nd CN in the directory and this broke some of our applications which were only expecting a single CN per user in the directory. Why can't it use a traditional database instead?
- This tool caused performance issues with Putty. It would peg our CPUs at 100% if the user had Putty running. It took a very long time to resolve the issue.
- We spent a lot of time implementing it on different applications. However, because it uses screen scraping, every time our apps upgraded, it broke the integration with ESSO, so we had to keep fixing the integration. After a few years, we have stopped integrating new apps with it due to this headache.
- Okta, Development and Integration
There's no substitute for properly developed applications that delegate authentication to an external system like Active Directory or a cloud identity provider. That way, the issues with screen scraping and constantly-breaking integration are solved permanently.