The following table describes the connection properties used to configure authentication.

Table 1. Authentication properties
Property Characteristic
AuthenticationMethod Determines which authentication method the driver uses when establishing a connection.

If set to auto, the driver uses user ID/password, Kerberos, or NTLM authentication when establishing a connection. The driver selects an authentication method based on a combination of criteria, such as whether the application provides a user ID, the driver is running on a Windows platform, and the driver can load the DLL required for NTLM authentication.

If set to kerberos, the driver uses Kerberos authentication. The driver ignores any user ID or password specified.

If set to kerberosUIDPassword, the driver first uses Kerberos to authenticate the user. Next, the driver reauthenticates the user using user ID/password authentication. If a user ID and password are not specified, the driver throws an exception. If either Kerberos or user ID/password authentication fails, the connection attempt fails and the driver throws an exception.

If set to ntlm, the driver uses NTLM authentication if the DLL required for NTLM authentication can be loaded. If the driver cannot load the DLL, the driver throws an exception.

If set to client, the driver uses the user ID of the user logged onto the system on which the driver is running to authenticate the user to the database.

If set to EntraIDAccessToken, the driver uses an Entra ID access token to authenticate to the server. If an access token is not specified, the driver throws an exception.

If set to ssl, the driver uses SSL certificate information to authenticate the client with the server when using Oracle Wallet.

If set to sslUIDPassword, the driver uses user ID/password and SSL authentication to connect with the server when using Oracle Wallet.

If set to userIdPassword, the driver uses user ID/password authentication. If a user ID and password are not specified, the driver throws an exception.

The default is auto.
GSSCredential

Specifies the GSS credential object used to instantiate Kerberos constrained delegation. Constrained delegation is a Kerberos mechanism that allows a client application to delegate authentication to a second service.

Important: Because the value of this property is a Java object, it cannot be specified in a connection URL. It can only be passed as a Properties or DataSource object.
ImpersonateUser Specifies the user used for impersonation. When specified, the driver first authenticates based on the AuthenticationMethod property setting. Once the initial connection is established, the driver reauthenticates as the impersonated user.
ImpersonateUserPassword Specifies the password used for impersonation. When specified with the ImpersonateUser property, the driver first authenticates based on the AuthenticationMethod property setting. Once the initial connection is established, the driver reauthenticates using the impersonated user and password.
LoadLibraryPath Specifies the directory for the DLL for NTLM authentication. The driver looks for the DLL in the specified directory.
NewPassword Changes a user’s password when a connection is established. This property can be used to comply with corporate security policies that require a regularly occurring password change or to ensure access to the database if Oracle has let the user’s password expire.
Password Specifies a password that is used to connect to the database or instance.
RandomGenerator Specifies the type of random number generator the database uses for secure seeding. Oracle uses a random number generator for secure seeding when establishing connections.
SecureRandomAlgorithm Specifies the SecureRandom number generation algorithm used for secure seeding when the RandomGenerator connection property is set to secureRandom.
User Specifies the user ID for user ID/password authentication or the domain user name for NTLM authentication.
EntraAccessToken Specifies the access token for Entra ID access token authentication.