Identity Management in Release 12

If you've been keeping up with our E-Business Suite Release 12 sneak previews, you know that this release will include Oracle Application Server 10g for the application tier.  Here are a few more details about identity management for this release.

Apps R12 Identity Management:

FND_USER Still The Default

Like Release 11i, Release 12 will use the local E-Business Suite user directory, FND_USER, for user authentication by default.  You may optionally integrate R12 with an external Oracle Application Server 10g instance and delegate user authentication to Single Sign-On 10g and Oracle Internet Directory 10g running externally. 

Integration with Third-Party LDAPs and Single Sign-On Solutions

It's possible to integrate R12 with a third-party LDAP (e.g. Microsoft Active Directory, SunONE/iPlanet) or single sign-on solution (e.g. Microsoft Windows Kerberos, Netegrity SiteMinder).  If you want to do this, you'll need to integrate those third-party solutions via an external Oracle Application Server 10g instance, as shown in the diagram above.

That creates a chain of trust:  R12 delegates user authentication to Oracle Single Sign-On; Oracle Single Sign-On delegates authentication to the third-party single sign-on solution.

Likewise, user information from the third-party LDAP must be synchronized with Oracle Internet Directory 10g, which synchronizes its users with the E-Business Suite's FND_USER directory.  Synchronization is handled by the Oracle Directory Integration Platform.

New Local Login Page

The Release 12 local login page will feature the new Swan look-and-feel, offer multiple languages, and support customizations.

SSO Integration With Portal & Discoverer

As in Release 11i, the R12 Single Sign-On integration allows logged-in E-Business Suite users to access Portal and Discoverer content without having to log in again.

Switch to mod_osso

Under the covers, the R12 Single Sign-On integration switches from the older SSO SDK used in 11i to the latest mod_osso technology available in Oracle Application Server 10g.

From an end-user's perspective, nothing has changed; they're still authenticated by Single Sign-On 10g.  From a security perspective, mod_osso centralizes partner application session management and allows for simpler debugging and administration.

The above is intended to outline our general product direction.  It is intended for information purposes only, and may not be incorporated into any contract.   It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision.  The development, release, and timing of any features or functionality described for Oracle's products remains at the sole discretion of Oracle. 


nice info thank you stev, i would like to ask dose the new release have 2 database one for the application server and one for the ebuz suite and is changing the defaul ports doable dose it by default installed on port 80.


Posted by Fadi Hasweh on August 01, 2006 at 08:00 PM PDT #

Hi Chan,
This is quite Useful for Us. I have started blog for Oracle Apps DBA beginners ( Oracle DBA's or anyone who want to become Oracle Apps DBA ) at . Is there any way I can put that linked to like other links at (Under Non Oracle Employee) .
Is there any criteria for your blog to be there ?
How to create a link of my blog to Oracle Blogs ?

I knwo you might be Busy but it can be useful for other Budding Apps DBA or Newbie.


Posted by Atul Kumar on August 01, 2006 at 09:21 PM PDT #

Atul, thanks for the feedback.  I've passed on your new blog URL to the team that maintains the page.  I believe that they'll get back to you directly if they have any questions.Welcome to the Apps blogging community; I look forward to reading your blog.Regards,Steven

Posted by Steven Chan on August 02, 2006 at 06:53 AM PDT #

Fadi,Release 12 does not have a metadata repository for Oracle Application Server 10g, so there's only one database.  I'd expect that it's possible to change the default ports, since this is possible in Release 11i today using AutoConfig.Regards,Steven

Posted by Steven Chan on August 02, 2006 at 06:56 AM PDT #

HI All,

Well , Our Prasent Envirnoment R12+10gAS10142 using SSO for R12 Working Fine.

Have to Implement BI on Above Envirnoment.
1)I want to know Which Version of Oracle BI is Certified.
2)I need Doc for BI with 10gAS1042+R12

Some 1 have an idea can please share the knowldge.

Posted by Syed on August 04, 2008 at 12:08 AM PDT #

Hi, Syed,

Glad to hear that your environment is working well.

1. OBIEE is the currently certified version for the E-Business Suite. You may wish to verify this with OBIEE Support via a formal Service Request.

2. Metalink 553423.1 covers your target scenario. You should be aware that that documentation is published directly by the OBIEE team, not my group. If you have any questions about that documentation, your best bet would be to log a Service Request against OBIEE.

Good luck with your implementation.


Posted by Steven Chan on August 04, 2008 at 02:38 AM PDT #

Hi Steven,

When we integrate, OID, SSO and 3rd partyLDAP(AD).
Here we authenticate all MS application, oracle application and some third party(ldap client).

1. Where all users info will be present?
OID or AD?
If AD why not OID.
2. Can i use OID for authenticating 3rd party application?
3. Can i authenticate all(above mentioned) applications including MS application with OID without using AD?


Posted by Lardy on December 12, 2010 at 07:20 PM PST #


You should understand that there's a limit to the kind of advice that we can offer via a blog. We're reaching that limit with some of your questions now, I'm afraid.

1. This depends upon your provisioning process. I can't answer that -- this is up to you to determine.

2. This depends upon whether your third-party applications are able to query any LDAP-compliant directory. You should follow up with the vendors of your third-party applications to validate the feasibility of this.

3. Same as #2.

Given the nature of your questions, I would strongly recommend that you engage a consultant who has experience with these types of multi-component security architectures.


Posted by Steven Chan on December 13, 2010 at 01:32 AM PST #

Post a Comment:
  • HTML Syntax: NOT allowed


« June 2016