If you’ve been keeping up with our E-Business Suite Release 12 sneak previews, you know that this release will include Oracle Application Server 10g for the application tier.  Here are a few more details about identity management for this release.

Apps R12 Identity Management:


FND_USER Still The Default

Like Release 11i, Release 12 will use the local E-Business Suite user directory, FND_USER, for user authentication by default.  You may optionally integrate R12 with an external Oracle Application Server 10g instance and delegate user authentication to Single Sign-On 10g and Oracle Internet Directory 10g running externally. 

Integration with Third-Party LDAPs and Single Sign-On Solutions

It’s possible to integrate R12 with a third-party LDAP (e.g. Microsoft Active Directory, SunONE/iPlanet) or single sign-on solution (e.g. Microsoft Windows Kerberos, Netegrity SiteMinder).  If you want to do this, you’ll need to integrate those third-party solutions via an external Oracle Application Server 10g instance, as shown in the diagram above.

That creates a chain of trust:  R12 delegates user authentication to Oracle Single Sign-On; Oracle Single Sign-On delegates authentication to the third-party single sign-on solution.

Likewise, user information from the third-party LDAP must be synchronized with Oracle Internet Directory 10g, which synchronizes its users with the E-Business Suite’s FND_USER directory.  Synchronization is handled by the Oracle Directory Integration Platform.

New Local Login Page

The Release 12 local login page will feature the new Swan look-and-feel, offer multiple languages, and support customizations.
SSO Integration With Portal & Discoverer

As in Release 11i, the R12 Single Sign-On integration allows logged-in E-Business Suite users to access Portal and Discoverer content without having to log in again.

Switch to mod_osso

Under the covers, the R12 Single Sign-On integration switches from the older SSO SDK used in 11i to the latest mod_osso technology available in Oracle Application Server 10g.

From an end-user’s perspective, nothing has changed; they’re still authenticated by Single Sign-On 10g.  From a security perspective, mod_osso centralizes partner application session management and allows for simpler debugging and administration.

The above is intended to outline our general product direction.  It is intended for information purposes only, and may not be incorporated into any contract.   It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision.  The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.