REMINDER
Check in on the COLLABORATE mobile app
Oracle E-Business Suite Single Sign On
Using Oracle Access Manager
Prepared by: Pierre Paniagua Consultant
AST Corporation
Pierre Paniagua
■
Worked with Oracle Products for over 2 years
▪ Successfully implemented EBS SSO using OAM at College of American Pathologists in multiple environments
▪ Supporting the entire IDM implementation at CAP involving OID, OVD, OAM, OIM and OES.
■
Race Car Driver
■
Problem Solver
Deepak Sharma
■
More than 8 years in the IT industry
■
Certified in Oracle Identity Governance Suite
■
Certified Oracle SOA Suite Implementation Specialist
Specialized. Recognized. Preferred.
The right partner makes all the difference.
Our Services Oracle Partnership Oracle Specialized
• E-Business Suite • Business Intelligence/EPM • Fusion Middleware • CRM • Managed Services • Oracle University
• Project Advisory Services
• Oracle Platinum Partner • Pillar Partner
• SOA
• Business Intelligence • Hyperion
• Oracle University Approved Education Center
• Oracle University Reseller
• Oracle Accelerator Implementer • Certified OnDemand Implementer • Small Business Strategy Council
• EBS Financial Management • EBS Supply Chain Management • EBS Human Capital Management • BI Applications
• BI Foundation • Hyperion Planning
• Service Oriented Architecture
• Application Development Framework • Database
• Public Sector
Oracle Excellence/Titan
Agenda
■
Overview of IAM Suite
■
Why SSO?
■
Define
■
Apply
Oracle IAM Suite - Overview
Directory
Services
Identity
Administration
Oracle Access Manager Oracle Enterprise
Single Sign-On
Oracle Identity Federation Oracle Web Services
Manager
Oracle Adaptive Access Manager
Oracle Identity Manager Oracle Identity Analytics Oracle Privileged Accounts
Manager
Oracle Virtual Directory Oracle Internet Directory (with Directory Integration
Platform)
Oracle Unified Directory
Oracle Identity & Access Management Suite
Audit & Compliance
Access
Why SSO?
Why SSO?
■
SSO is SSO
▪
Single Sign-On
■
Eliminate the headache
▪
For end user
Define
Define
■
DBA Administrator
▪
EBS Tasks
■
IAM Administrator
▪
OAM Configurations
■
IDM Administrator
▪
OID Tasks
Apply
Overview - AppDirector
■
User Requests EBS
Overview – OHS to OAM
■
From AppDirector to OHS
Overview – OAM to OID
■
OAM Communicates to OID
▪ Communication via Identity Store
Overview – OAM to EBS Access Gate
■
OAM
▪ Session Created
■
OHS
▪ Proxy redirect
■
EBS Access Gate
Key Components
■
EBS Profile Options
■
OHS – Oracle HTTP Server
■
Web Gate
■
Access Gate
■
OID – Oracle Internet Directory
Software Required
■
Access Management: Single Sign-On
▪ 1) Oracle Access Manager
▪ 2) Oracle Internet Directory
▪ 3) OHS – Oracle HTTP Server & Web Gate
Apply
■
DBA Administrator
▪ DBC File
▪ Service Account for OAM
▪ EBS Profile Options
■
IAM Administrator
▪ EBS Access Gate
▪ EBS Data Source
▪ EBS FNDAUTH.WAR
▪ OHS / WebGate Configurations
▪ OAM Configurations
■
IDM Administrator
▪ Return ORCLGUID from OID
Apply – DBA Administrator
■
FND Patch
■
FND User
▪ No Responsibility
▪ OAM11GLOGIN
▪ Apps Schema Connect Role
■
DBC File for the EBS Instance
■
Activate the application server security system
Apply – IAM Administrator
■
Install EBS Access Gate
▪ $MW_HOME/appsutil/accessgate/ebsxxx
■
Install EBS Data Source
■
Deploy FNDAUTH.WAR
■
Configure OHS
▪ Integrate with OAM
▪ Proxy Redirection
▪ Configure Global Logout
■
Configure OAM
▪ Define Identity Store
▪ Authentication Scheme
▪ Application Domain
Apply – IAM Administrator Cont.
■
Install EBS Access Gate
▪ Obtain patch for your EBS Instance
▪ Create /appsutil/accessgate/ebsxxx under $MW_HOME
▪ Copy contents of patch to /appsutil/accessgate/ebsxxx folder
▪ Copy over fndext.jar to $DOMAIN_HOME/lib
▪ Bounce WLS Admin Server
▪ Note: A separate /ebsxxx/ folder is required per EBS Instance of the same version
Apply – IAM Administrator Cont.
■
Install EBS Data Source
▪ From within either (or both) IAM / IDM WLS Admin
▪ DS_EBS
▪ JNDI: jdbc/DS_EBS
▪ Connection Pool
— URL: jdbc:oracle:thin:@hostname:port:service_name — Driver Class Name:
oracle.apps.fnd.ext.jdbc.datasource.AppsDataSource
— Properties: user=OAM11GLOGIN
dbcfile=/opt/ora/iamxxx/middleware/appsutil/accessgate/ebsxxx
— Password: xxx
— Test Connection on Reserved: Checked — Maximum Capacity: 200
Apply – IAM Administrator Cont.
■
Deploy FNDAUTH.WAR
▪ Install FNDAUTH.WAR from /…/appsutil/accessgate/ebsxxx folder
▪ Use the overhauled Plan.XML as part of the deployment
▪ Deploy on Admin server (IAM / IDM Admin)
▪ Make the context root: /fndauth
— Context root must be unique per EBS Instance
▪ Bounce Admin Server
Apply – IAM Administrator Cont.
■
Configure OHS
▪ Set Environment Variables
▪ Register WebGate 11g on Oracle Access Manager 11g
▪ Configure redirection between OHS and Weblogic Server Instance
▪ Configure EBS.conf file
— /…/OHS/ohs1/modfuleconf — Proxy redirection
Apply – IAM Administrator Cont.
■
Configure OAM
▪ Define OID Identity Store
▪ Verify/Configure Host Identifier
▪ Create Authentication Module
▪ Create Authentication Scheme
▪ Configure Application Domain
▪ Modify Authentication Policies
— Define Policy Responses
▪ Modify Authorization Policies
Apply – IDM Administrator
■
LDIF File Creation
■
Execute LDIF
▪ OID_dsaconfig.ldif
■
Return ORCLGUID for lookup requests
■
Install EBS Access Gate
▪ $MW_HOME/appsutil/accessgate
■
Install EBS Data Source
Summary
■
What did we learn?
QUESTIONS?
Please complete the session
evaluation
Session ID: 301
We appreciate your feedback and insight
You may complete the session evaluation either on paper or online via the mobile app