Professional Documents
Culture Documents
OAM EBS OSSO Integration PDF
OAM EBS OSSO Integration PDF
ERP Solution is a key and mission critical within most organizations, but it is one of many
applications. As organizations adapting to a web based approach for all their applications, the
need to extend SSO across the enterprise has become a requirement. Organizations are also
looking to standardize and centralize the security management. Demand for access to business
resources continues to increase; organizations require internal applications and information to be
accessible in a secure fashion to an increasing number of employees, customers, and partners.
This Technical white paper discusses how the Oracle access manager Integrates with Oracle E-
Business Suite allowing customer to realize SSO across their entire web-based applications.
Features
Oracle Access Manager has two major systems: Identity System and Access System.
Identity System allows workflow driven user management and access clearance using
administrative, delegated and self-service functions. The Access System enforces access policies for
web resources using Webgate and AccessGate for legacy systems.
For Oracle E-Business Suite Release 12, mod_osso, an Oracle HTTP Server module, is used for
Single Sign-On authentication. It allows the E-Business Suite to register as a partner application to
the Oracle Single Sign-On Server, giving users the ability to access other registered partner
applications with a single credential (for example, a username/password combination). As a
partner application, the E-Business Suite also supports Single Sign-Off.
Oracle AS SSO Server, Oracle Access Manager and E-Business Suite form a chain of trust. Oracle
AS SSO Server delegates authentication to Oracle Access Manager. Implicitly E-Business Suite
trusts the Oracle Access Manager even though E-Business Suite only works with Oracle AS SSO
Server.
Simple Architecture with Oracle AS SSO, E Business Server and Access server Installed on Separate
Server
Customers
Partners Internet
Supply Chain
Process overview: Integration of Oracle Access Manager, Oracle AS Single Sign-On and Oracle
E-Business Suite
Install E-Business Suite SSO 10g Integration Patch, If needed. (Integration Patch is included in
R12 Rapid install)
On the E-Business Suite (EBS) application tier set the environment to $FND_TOP and run the
following command
Ex. To provision user from Apps to EBS use ProvOIDtoApps.tmp template.
Chmod 755 $FND_TOP/admin/template/ProvOIDtoApps.tmp
Grant connect , resource to ssosdk
$txkrun.pl -script=SetSSOReg -
provtmp=$FND_TOP/admin/template/ProvOIDtoApps.tmp
The script prompts for the following information:
Enter the host name where Oracle AS Infrastructure database is installed: <OAS Infra host>
Enter the Oracle AS Infrastructure database port number : 1521
Enter the Oracle AS Infrastructure database SID: <OID SID>
Enter the LDAP Port on Oracle Internet Directory server: 389
Enter Oracle E-Business apps database user password: <Apps password>
Enter Oracle AS Infrastructure database ORASSO schema password:
Enter Oracle E-Business SYSTEM database user password: <DB Password>
Enter E-Business Suite existing SSOSDK schema password or choose a password to use
with the new SSOSDK schema if the schema does not exist: <SSOSDK Password>
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password: <password>
Enter the password that you would like to register this E-Business instance with:
<password>
Using LDAPUserImport or use the Oracle Internet Directory provisioning solution to move users
into Oracle E-Business Suite.
LinktheeBSAccountswithSSOuser
Set SSO related profile in EBS to enable Single Sign On, setup link option for existing users.
LogintoeBSthroughhttp://<EBSServerName>:<port>/oa_servlets/AppsLogin.EBSredirectstotheOracle
ASSSOpage.
Enter Userid and password and Oracle SSO after authentication redirects back to EBS.
Install Oracle Access Manager and Install Webgate on Oracle AS HTTP Server.
Click the Actions subtab to configure authentication success or failure actions. Click Add and
configure Return Attributes for Authentication Success with the following information. Click
Save when done
Create the Authorization Rule, and allow access to any one. Enable policy domain related sso.
CompilethefileinLinux,includingORACLE_HOME/sso/lib/ipastoolkit.jarintheclasspath.
Usethecommandasshownbelow
ORACLE_HOME/jdk/bin/javac -classpath
ORACLE_HOME/sso/lib/ipastoolkit.jar:ORACLE_HOME/lib/servlet.jar -d
ORACLE_HOME/sso/plugin SSOOblixAuth.java
Register the Java class for integration by editing the policy.properties file in the following
location:
OracleAS_install_dir/sso/conf
In the OracleAS Single Sign-On policy.properties file, replace the simple authentication plug-in
with the plug-in that you created in the previous steps. In this class, navigate to the line
MediumSecurity_AuthPlugin:
MediumSecurity_AuthPlugin = oracle.security.sso.server.auth.SSOServerAuth
Comment out the existing line and add a new line to register your Java class, as follows:
MediumSecurity_AuthPlugin = oblix.security.ssoplugin.SSOOblixAuth
When editing policy.properties, take care not to insert blank space at the end of a line.
Restart the single sign-on middle tier, and restart the OC4J instance OC4J_SECURITY to have
your changes to take effect:
Harish R Jangada
Harish.Jangada@identris.com
Identris
499 Thornall Street
Edison,NJ