Oracle Access Manager 11.1.2 Certified With E-Business Suite 11i

I am pleased to announce that Oracle Access Manager 11gR2 (11.1.2.0.0) is now certified with E-Business Suite Release 11.5.10.2.  If you are implementing single sign-on for the first time, or currently use Oracle Access Manager or Oracle Single Sign-On, you may integrate with Oracle Access Manager 11gR2 using Oracle Access Manager WebGate and Oracle E-Business Suite AccessGate.

EBS Oracle Access Manager architecture

Transitionary architecture for EBS 12 upgrades

This new certification can be used as a intermediate architecture on your upgrade path to EBS 12. This may allow you to reduce your overall risk and downtimes by doing your upgrade in multiple phases.

For example, you might be using Oracle Single Sign-On with your EBS 11i environment today.  You will need to switch from Oracle Single Sign-On to Oracle Access Manager as part of your upgrade.  You can use the following strategy to phase in this new component:

  1. Today: EBS 11i + Oracle Single Sign-On 10.1.4.3
  2. Interim phase:  EBS 11i + Oracle Access Manager 11.1.2
  3. Final phase: EBS 12.1.3 + Oracle Access Manager 11.1.2
Supported Architecture and Release Versions
  • Oracle Access Manager 11.1.2
  • Oracle E-Business Suite Release 11.5.10.2 + ATG Rollup Patchset 6 (11i.ATG_PF.H.delta.6) and higher.
  • Oracle Internet Directory 11.1.1.6
  • Oracle WebLogic Server 10.3.5+

References

Related Articles

Comments:

Hi Steven. I'm working on POC for Oracle EBS R11.5.10 single sign on. Is there a solution for EBS R11i which allows bypassing SSO login screen and login directly into EBS using Windows network credentials? Thanks in advance.

Posted by Mark on April 09, 2013 at 07:30 PM PDT #

Hi Steven,

Is OAM 11.1.2.1.0 certified with 11.5.10.2 Ebiz? The Metalink Note 1536941.1 states OAM 11.1.2 is certified. Does that mean 11.1.2.0.0, 11.1.2.1.0 are all supported? I could not find the 11.1.2.0.0 media in e-delivery anymore so just wanted to double-confirm.

Thanks
Subhajit

Posted by Subhajit on April 18, 2013 at 09:29 AM PDT #

Subhajit,

Thanks for the inquiry. E-Business Suite Release 11.5.10.2 is certified with Oracle Access Manager 11.1.2.0.0. If you have certification questions, the key is to search the Certificaiton Matrix on My Oracle Support.

We are actively working on the certificaiton of E-Business Suite Release 11.5.10.2 with Oracle Access Manager 11.1.2.1.0. Due to Oracle's revenue recognition policies, I cannot provide a time line or dates for the pending certification.

Once a new product is generally available, the prior version of the product is no longer available on eDelivery for download. For example, when OAM 11.1.2.1.0 was announced as generally avaialble, the media for it was avialble on eDelivery and OAM 11.1.2.0.0 was no longer avaialble. In order to receive the OAM 11.1.2.0.0 media, please open an SR with Oracle Support.

Regards,
Elke

Posted by Elke Phelps (Oracle Development) on April 24, 2013 at 08:39 AM PDT #

Hello Elke. I'm trying to implement 11i SSO solution. We don't have OID currently installed. Does this require using 11.1.1.6 RCU for OID and 11.1.2 RCU for OAM? Or I can use 11.1.2 RCU for OID and OAM? Thank you

Posted by Mark on April 29, 2013 at 10:24 AM PDT #

In regards to Mark's question, does the Implementation of Access Manager (as it requires an OID installed) also require a license of Oracle Identity Manager as well, or does an Access Manager License cover the IDM components required for this implementation of SSO between AM <-> EBS?

Thanks
Andras

Posted by Andras on May 28, 2013 at 05:52 AM PDT #

Mark,

Thanks for your inquiry. Currently the E-Business Suite Release 11i integration with Oracle Access Manager is certified with Oracle Internet Directory 11.1.1.6.

As we are continously certifying Fusion Middleware components, the best way to determine the certified version is to use the Certificaiton Matrix available on the My Oracle Support website.

Good luck with your deployment.
Regards,
Elke

Posted by Elke Phelps (Oracle Development) on June 03, 2013 at 06:47 AM PDT #

Andras,

The integration of E-Business Suite with Oracle Access Manager does not require Oracle Identity Manager. The integration does require the installation of Oracle Internet Directory.

Note that integrating E-Business Suite with Oracle Identity Manager is optional. If your organization needs the additional features provided by integrating with Oracle Identity Manager, then additional licensing is required. Please consult with your Sales Account Manager if this is the case.

Thanks.
Elke

Posted by Elke Phelps (Oracle Development) on June 03, 2013 at 06:53 AM PDT #

We have integrated Ebiz with OAM 11.1.2 and OID 11.1.1.6.

First instance registered with The OAM works perfectly fine.

Second instance Registered with the same OAM infrastructure ..

We followed the Integrating Oracle E-Business Suite Release 12 with Oracle Access Manager 11gR2 (11.1.2) using Oracle E-Business Suite AccessGate [ID 1484024.1].txt

Per note we can register multiple instances and followed the same.

Second instance has the following

1) Access gate deployed on seperate managed server
2) Resources defined separately.
3 All SSO profiles have been defined as appropriate
4) Redirect to the Application Authentication Agent happening properly .
5) However after the OAM authentication ( We use AD Active Directory for authentication) AD --> Synched to OID and AD plugin configured and authentication works perfectly fine.

6) Once authenticated it does not generate correct url for the Link on Fly Page .

Note: Our AD and Ebiz usernames are different and cannot be corrected ..
reason we have large Ebiz users about 60k+ and its practically difficult to correct from either side i.e AD or Ebiz.

Link on fly is generated using the oam hostname instead of ebiz host.

http://yyyyyyy.jacobs.com:7777/int_ebsauth_etest/RF.jsp?function_id=18648&resp_id=-1&resp_appl_id=-1&security_group_id=0&lang_code=US&

which is incorrect as its generates using the oamhost and not the ebiz host.

http://xxxxxxx.jacobs.com:8023/OA_HTML/RF.jsp?function_id=18648&resp_id=-1&resp_appl_id=-1&security_group_id=0&lang_code=US& -- This one is correct url

I am masking hostnames for Security purpose

xxxxxx --> Ebiz Hostname

yyyyy --> OAM/OID/Webgate host

Problem Summary

When access EBS URL : http://xxxxxx.jacobs.com:8023 it redirect to OAM login page . After authentication it redirect to http://yyyy.jacobs.com:7777/int_ebsauth_etest/RF.jsp?function_id=18648&resp_id=-1&resp_appl_id=-1&security_group_id=0&lang_code=US& and get 404 error.

In browser if we change URL to http://xxxxxxx.jacobs.com:8023/OA_HTML/RF.jsp?function_id=18648&resp_id=-1&resp_appl_id=-1&security_group_id=0 user get user link page which is expected behavior.

1) Access Ebiz Single signon Page http://xxxxxxx.jacobs.com:8023

2) Application Authentication agent is set to http://yyyyyyy.jacobs.com:7777/int_ebsauth_etest/

3) As this is protected resource ... Global signon page is presented where i input my OID ( AD account) and its gets authenticated

4) Redirection url must be link on fly as this is my first time login

Access Gate Generates

http://yyyyyyy.jacobs.com:7777/int_ebsauth_etest/RF.jsp?function_id=18648&resp_id=-1&resp_appl_id=-1&security_group_id=0&lang_code=US&

which is incorrect as its generates using the oamhost and not the ebiz host.

http://xxxxxxx.jacobs.com:8023/OA_HTML/RF.jsp?function_id=18648&resp_id=-1&resp_appl_id=-1&security_group_id=0&lang_code=US& -- This one is correct url

xxxxxxx ----> yyyyyyy
8023 ----> 7777
OA_HTML ---> int_ebsauth_etest

We have logged an SR and its over a week and not able to get an appropriate resource ..

Have anyone encountered a similar situation ?

Posted by Prasad Kakarla on August 15, 2013 at 07:44 AM PDT #

Hello, Prasad,

I'm sorry to hear that you've encountered an issue with this.

We can provide general conceptual guidance here, but I'm afraid that this blog isn't the best place to get technical support for specific issues like the one that you're working through.

Please feel free to forward your Service Request number. We can follow up with your Support engineer and have updates posted directly to your Service Request instead of this blog.

Regards,
Steven

Posted by Steven Chan on August 15, 2013 at 08:22 AM PDT #

Thanks for your help. Below is the SR no .. Sev1 and Escalated with no luck from past 3 days.

SR 3-7647415731 : Registered second EBiz instance in OAM and getting FND-9930

As a last attempt posted the here.

we enabled debug fndauth does not show any errors / webgate logs does not show any errors / access gate managed severs logs does not go into detail/errors.

Was looking to see if there was an Advanced debugging at the Access Gateway deployment, Since you guys are from Ebiz Development. We already set the setting Fine at $FMW_HOME/appsutil/accessgate/<EBS_SID>/log/LogConfig.properties and used the same during deployment.

Per the http headers dologin call generates a wrong LOFL ( Link on Fly)..

i.e instead of using ebiz host uses oam/webgate host

Thanks again , I will follow up with the SR

Posted by prasad kakarla on August 15, 2013 at 08:38 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
4
5
6
7
8
9
10
11
12
13
14
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today