44 Configuring a Customized External Authentication Plug-in 44-1 44 Configuring a Customized External Authentication Plug-in You can store user security credentials in a repository other than Oracle Internet Directory—for example, a database or another LDAP directory—and use these credentials for user authentication to Oracle components. You do not need to store the credentials in Oracle Internet Directory and then worry about keeping them synchronized. Authenticating a user by way of credentials stored in an external repository is called external authentication. This chapter contains these topics: ■ Introduction to Configuring a Customized External Authentication Plug-in ■ Installing, Configuring, and Enabling the External Authentication Plug-in ■ Debugging the External Authentication Plug-in ■ Creating the PLSQL Package oidexaup.sql Introduction to Configuring a Customized External Authentication Plug-in Authentication that relies on security credentials stored in Oracle Internet Directory is called native authentication. When a user enters her security credentials, the directory server compares them with the credentials stored in Oracle Internet Directory. If the credentials match, then the directory server authenticates the user. By contrast, authentication that relies on security credentials stored in a directory other than Oracle Internet Directory is called external authentication. When a user enters her security credentials, the directory server compares them with the credentials stored in the other directory. This is done by using: ■ A PLSQL program that does the external authentication work ■ An external authentication plug-in that invokes this PLSQL program Installing, Configuring, and Enabling the External Authentication Plug-in This example uses the PLSQL program, oidexaup.sql. Creating the PLSQL Package oidexaup.sql on page 44-3 describes this program. This package is used for installing the external authentication plug-in PLSQL package. It contains: ■ Two plug-ins: namely, when_compare_replace and when_modify_replace Note: All references to Oracle Single Sign-On in this chapter refer to Oracle Single Sign-On 10g 10.1.4.3.0 or later.