Wednesday Jul 10, 2013

How to Define Table-Validated Lists of Values in Web ADI

I am pleased to announce a new video tutorial on defining table-validated Lists of Values using the Oracle Web Application Desktop Integrator (Web ADI).  One of the common requirements for List of Values in a Web Application Desktop Integrator spreadsheet is to display user-friendly values in a desktop-based spreadsheet but upload a corresponding identifier or code to the E-Business Suite. You can learn how to do this in this new tutorial.

Using the List of Values component with Web ADI

Oracle Web Application Desktop Integrator supports Oracle E-Business Suite’s user interface components such as List of Values (LOV) in spreadsheets. In a Web Application Desktop Integrator spreadsheet, a List of Values can be displayed as a pop-list or as a standard Search and Select view. A table-validated List of Values is a type of List of Values that not only displays set of values from a table, but also ensures that the value uploaded to Web Application Desktop Integrator Interface is valid. 

The Desktop Integration Framework allows you to create custom desktop integrators for Web Application Desktop Integrator in E-Business Suite Release 12. You can define table-validated List of Values components for data uploaded from spreadsheets to the Oracle E-Business Suite.


What is in this tutorial?

This step-by-step video tutorial walks you through the following:

  1. Prepare Database Objects
  2. Create Custom Integrator
  3. Define Table List of Values Component
  4. Associate Table List of Values Component to Interface Attribute
  5. Define Layout for Integrator
  6. Preview Integrator
  7. Verify uploaded data

Your feedback is welcome

This is our first video tutorial and we're very interested in feedback.  Please post a comment here or drop us an email directly with your thoughts.

References

Related Articles

Tuesday Apr 23, 2013

Using SAML-based Authentication for Web Services with Integrated SOA Gateway

Web services provided by Oracle E-Business Suite Integrated SOA Gateway are secured at the transport level through SSL and at the message level through authentication tokens – Username Token and SAML Token (Sender Vouches). I will discuss SAML Token (Sender Vouches) here.

Brief on SAML, SAML Token, SAML Token Profile

Security Assertion Markup Language (SAML) is a XML-based framework to exchange security related information between Service Consumer, Identity Provider and Service Provider. The security information is expressed in terms of assertions. Statements about the subject or user form the SAML Token. 

WS-Security defines a set of security token profiles for different types of tokens embedded within the SOAP message as headers. SAML Token Profile is one of the WS-Security Token Profiles that describe the syntax and meaning of SAML Tokens. SAML Tokens are embedded within SOAP messages by placing assertion elements inside the SOAP Header.

As per WS-Security, there are three common methods to assure the Service Provider that the SOAP message came from the subject referenced in the token. The three common subject confirmation methods are Sender Vouches, Holder of Key, and Bearer. As of Oracle E-Business Suite Release 12.1.3, web services provided by Integrated SOA Gateway (inbound) support SAML Token using the Sender Vouches subject confirmation method.

SAML Token - Sender Vouches

SAML Tokens assert that the subject or user has already been authenticated. As the name suggests, in the Sender Vouches case, the Sender or SOAP web service client that sends the SOAP request message to SOAP web service vouches for the identity of the assertion’s subject.

SAML flow diagram

The SAML assertion may be provided by an external Identity Provider -- a SAML Authority or SAML Issuer. In this case, a client sends a SAML assertion request to a SAML Authority. The SAML Authority identifies the client, authenticates the subject, and sends SAML assertion as response to client. The client’s private key is used to sign both the assertion and the SOAP message body.

The E-Business Suite's Integrated SOA Gateway uses Oracle Application Server’s Web Services Security framework. It verifies the digital signature in a SOAP request and extracts the SAML Token. It validates the SAML assertion such as the issuer, validity period, and authentication statement. It extracts the SAML Subject Name Identifier and verifies the same with registered Oracle Internet Directory (OID) for single sign-on users or with FND_USER table in Oracle E-Business Suite (EBS) database for non-single sign-on users. It uses Oracle Internet Directory to map the single sign-on user with the equivalent EBS user. The EBS username is then used for the authorization check for the web service execution.

When to use SAML Sender Vouches based authentication for web services provided by Integrated SOA Gateway?

SAML Token with Sender Vouches is best used for following scenarios:

  • Single Sign On: As part of your business process, you may want to authenticate once and propagate the authenticated identity as a SAML assertion to subsequent EBS web service calls.
  • Subject or user needs to be authenticated locally (at web service client end) or centrally by Identity Provider (or SAML Authority), and propagate the assertion to an EBS web service.

How to use SAML Token Sender Vouches in Integrated SOA Gateway?

The steps to expose an EBS API as web service are described in Oracle E-Business Suite Integrated SOA Gateway Implementation Guide and Developer's Guide

  • Create Grant for EBS API methods that you want to expose as web service operations
  • Generate and Deploy the EBS API as web service with SAML Token (Sender Vouches) authentication type
  • Configure client and EBS (server) for SAML  

See Setting Up SAML Token Security for Oracle E-Business Suite Integrated SOA Gateway Release 12.1.3 [Note 1144313.1] 

This Note describes the steps to configure SOAP Web Service Client as well as Oracle E-Business Suite (SOAP Web Service Provider). In Integrated SOA Gateway, a SAML Token Sender Vouches policy is applied at the web service level or port level. You may have to configure EBS for SAML for all web services that are deployed with Authentication Type as SAML Token (Sender Vouches).

  • Invoke web service with SAML Token

The Note also describes steps to test web service invocation with a SAML Token. Depending upon the client program, you may programmatically insert SAML assertions or let web service security policy enforcement products such Oracle Web Services Manager (OWSM) insert a SAML Token in a SOAP request message.

References

Related Articles

Tuesday Oct 16, 2012

Hosted EBS 11i Integration Repository Temporarily Offline

Most developers know that they can integrate their external applications with the E-Business Suite via the business service interfaces and SOA service endpoints documented in the E-Business Suite's Integration Repository.  This is shipped as part of EBS 12.  Until recently, it was provided as a hosted environment on the Oracle.com domain for EBS 11i.

Screenshot of EBS 11i Integration Repository

Unfortunately, we identified some standards-related issues in the process of switching from the existing server that hosts the EBS 11i environment to a new one, notably in the area of accessibility. Some of those issues will require coding changes to resolve.  Given our focus on EBS 12.2 right now, it may take some time to prioritize this relative to our other existing commitments.

In the meantime, we are required to suspend access to the EBS 11i Integration Repository.  I don't have a firm schedule for getting this back online yet, but you're welcome to monitor or subscribe to this blog. I'll post updates here as soon as soon as they're available.   

Related Articles


Tuesday Oct 02, 2012

New Whitepaper: Primer on Integrating with EBS 12 with Other Applications

Oracle E-Business Suite offers several integration points and a variety of integration technologies. While a given integration point may be available through various technologies and products, it is important to select the best approach for your specific integration requirements. I am pleased to announce the publication of a new white paper that can help with this:

Overview of EBS integration technologies

This whitepaper reviews integration strategies for Oracle E-Business Suite applications that are available today. The intended audience is solution architects, integration consultants, and anyone else interested in learning about integration options with Oracle E-Business Suite.

The white paper outlines the following enterprise application integration styles:

  • Data-centric integration
  • Integration through native interfaces
  • Process-centric integration
  • Event-driven integration
  • B2B integration
  • Integration through web services 

The white paper also discusses Oracle E-Business Suite application layer products and technologies that address the specific needs of each of these integration styles. It concludes with criteria for selecting the appropriate integration-related tools and technologies for your requirements.

Attending OpenWorld 2012?

We have two sessions covering Oracle E-Business Suite integration. Please join us to hear more on this subject:

  • CON9005 - Oracle E-Business Suite Integration Best Practices ( Tuesday, Oct 2, 1:15 PM - 2:15 PM - Moscone West 2018)
  • CON8716 - Web Services and SOA Integration Options for Oracle E-Business Suite ( Thursday, Oct 4, 11:15 AM - 12:15 PM - Moscone West 2016)

 Related Articles


Wednesday Jul 18, 2012

New Whitepaper: Defining Web Applications Desktop Integrators That Return Error Messages

Oracle Web Application Desktop Integrator (Web ADI) is Oracle E-Business Suite's solution for integrating E-Business Suite applications with desktop applications such as Microsoft Excel, Word and Projects.  "Integrators" encapsulate the metadata and other information needed to integrate a particular Oracle E-Business Suite task with a desktop application.  You can use the Desktop Integration Framework (DIF) to create custom integrators for Oracle Web ADI in Oracle E-Business Suite Release 12.1.2. The ability to create custom importers was added in EBS 12.1.3.

I am pleased to announce the release of a new white paper that provides a step-by-step tutorial on how to use the Desktop Integration Framework to define a Microsoft Excel-based integrator.  The example in the tutorial shows how to define an importer that returns error messages for any spreadsheet rows that failed to import into an E-Business Suite database. It describes the steps in 3 phases: 

  • Preparing that database and application objects

This phase provides the sample code to create a custom table and PL/SQL package which will be used for importing the data from a Microsoft Excel spreadsheet into an E-Business Suite table. It also describes the steps to create an FND Lookup code and its value, which will be used to map error codes and their corresponding messages.

  • Phase A: Defining an integrator that downloads and uploads data

This phase provides the steps to create a basic integrator using the Web ADI Desktop Integration Framework. It describes the steps to define the integrator's Interface, Content, Uploader, Layout, and Mapping.

  • Phase B: Defining an integrator importer that returns error messages

This phase provides the steps to define importer. It extends the integrator definition to process the data uploaded in the interface table and return error messages back to the desktop document for any rows that failed to import.

Screenshot of SQL query definition screen

The intended audience of this document is custom desktop integrator developers who are familiar with Oracle E-Business Suite and Oracle Web Applications Desktop Integrator.

Your feedback is welcome

We are very interested in hearing about your experiences with this new tool.  Please post your comments here or drop me an email at email.jpg

Download the new whitepaper

The white paper is available in two places -- Oracle Learning Library (OLL) and My Oracle Support:

References

Related Articles

Friday Jul 06, 2012

Building Extensions Using E-Business Suite SDK for Java

We’ve just released Version 2.0.1 of Oracle E-Business Suite SDK for Java.  This new version has several great enhancements added after I wrote about the first version of the SDK in 2010.  In addition to the AppsDataSource and Java Authentication and Authorization Service (JAAS) features that are in the first version, the Oracle E-Business Suite SDK for Java now provides:

  • Session management APIs, so you can share session information with Oracle E-Business Suite
  • Setup script for UNIX/Linux for AppsDataSource and JAAS on Oracle WebLogic Server
  • APIs for Message Dictionary, User Profiles, and NLS
  • Javadoc for the APIs (included with the patch)
  • Enhanced documentation included with Note 974949.1
Integration between custom apps and EBS

These features can be used with either Release 11i or Release 12. 

References

What's new in those references?

Note 974949.1 is the place to look for the latest information as we come out with new versions of the SDK.  The patch number changes for each release.  Version 2.0.1 is contained in Patch 13882058, which is for both Release 11i and Release 12.  Note 974949.1 includes the following topics:

  • Applying the latest patch
  • Using Oracle E-Business Suite Data Sources
  • Oracle E-Business Suite Implementation of Java Authentication and Authorization Service (JAAS)
  • Utilities
  • Error loggingSession management 
  • Message Dictionary
  • User profiles
  • Navigation to External Applications
  • Java EE Session Management Tutorial

For those of you using the SDK with Oracle ADF, besides some Oracle ADF-specific documentation in Note 974949.1, we also updated the ADF Integration FAQ as well.

EBS SDK for Java Use Cases

The uses of the Oracle E-Business Suite SDK for Java fall into two general scenarios for integrating external applications with Oracle E-Business Suite:

  1. Application sharing a session with Oracle E-Business Suite
  2. Independent application (not shared session)

With an independent application, the external application accesses Oracle E-Business  Suite data and server-side APIs, but it has a completely separate user interface. The external application may also launch pages from the Oracle E-Business Suite home page, but after the initial launch there is no further communication with the Oracle E-Business Suite user interface.

Shared session integration means that the external application uses an Oracle E-Business Suite session (ICX session), shares session context information with Oracle E-Business Suite, and accesses Oracle E-Business Suite data. The external application may also launch pages from the Oracle E-Business Suite home page, or regions or pages from the external application may be embedded as regions within Oracle Application Framework pages.

Both shared session applications and independent applications use the AppsDataSource feature of the Oracle E-Business Suite SDK for Java. Independent applications may also use the Java Authentication and Authorization (JAAS) and logging features of the SDK.

Applications that are sharing the Oracle E-Business Suite session use the session management feature (instead of the JAAS feature), and they may also use the logging, profiles, and Message Dictionary features of the SDK.  The session management APIs allow you to create, retrieve, validate and cancel an Oracle E-Business Suite session (ICX session) from your external application.  Session information and context can travel back and forth between Oracle E-Business Suite and your application, allowing you to share session context information across applications.

Note: Generally you would use the Java Authentication and Authorization (JAAS) feature of the SDK or the session management feature, but not both together.

Send us your feedback

Since the Oracle E-Business Suite SDK for Java is still pretty new, we’d like to know about who is using it and what you are trying to do with it.  We’d like to get this type of information:

  • customer name and brief use case
  • configuration and technologies (Oracle WebLogic Server or OC4J, plain Java, ADF, SOA Suite, and so on)
  • project status (proof of concept, development, production)
  • any other feedback you have about the SDK

You can send me your feedback directly at Sara dot Woodhull at Oracle dot com, or you can leave it in the comments below.  Please keep in mind that we cannot answer support questions, so if you are having specific issues, please log a service request with Oracle Support.

Happy coding!

Related Articles

Tuesday Apr 03, 2012

Webcast Replay Available: SOA Integration Options for E-Business Suite

I am pleased to release the replay and presentation for the latest ATG Live Webcast:
SOA Integration Options for E-Business Suite (Presentation)
Screenshot of the Integration Repository for the Integrated SOA Gateway within Oracle E-Business Suite

Abhishek Verma, Manager, Applications Technology Group and Rajesh Ghosh, Group Manager, ATG Development discussed the web service and SOA integration options for Oracle E-Business Suite. The presentation covered Oracle's integration tools and technologies, including the Oracle Applications Adapter and the Integrated SOA Gateway.

Finding other recorded ATG webcasts

The catalog of ATG Live Webcast replays, presentations, and all ATG training materials is available in this blog's Webcasts and Training section.

Monday Feb 27, 2012

ATG Live Webcast: SOA Integration Options for Oracle E-Business Suite

Do you need to integrate your Oracle E-Business Suite with multiple data sources, including web services? Or do you need to expose Oracle E-Business Suite interfaces as SOA web services for other integrations? If so, you need to attend the next installment of our ATG Live Webcast series on Mar 1, 2012:

SOA Integration Options for Oracle E-Business Suite

Join Abhishek Verma, Manager, Applications Technology Group as he discusses the web service and SOA integration options for Oracle E-Business Suite. This presentation will cover Oracle's integration tools and technologies, including the Oracle Applications Adapter and the Integrated SOA Gateway.

Screenshot of the Integration Repository for the Integrated SOA Gateway within Oracle E-Business Suite


The agenda for the SOA Integration Options for Oracle E-Business Suite webcast includes the following topics:

  • Overview of Integration Tools and Technologies
  • Oracle Applications Adapter
  • Integrated SOA Gateway Service Provider
  • Integrated SOA Gateway Service Invocation Framework
  • Business Use Cases for Integrated SOA Gateway

Date:               Thursday, March 1, 2012
Time:              8:00 AM - 9:00 AM Pacific Standard Time
Presenter:    Abhishek Verma, Manager, Applications Technology Group

Webcast Registration Link (Preregistration is optional but encouraged)

To hear the audio feed:
    Domestic Participant Dial-In Number:           1-877-697-8128
    International Participant Dial-In Number:      1-706-634-9568
    Dial-In Passcode:                                              99338

To see the presentation:
    The Direct Access Web Conference details are:
    Website URL: https://ouweb.webex.com
    Meeting Number:  598839387

If you miss the webcast, or you have missed any webcast, don't worry -- we'll post links to the recording as soon as it's available from Oracle University.  You can monitor this blog for pointers to the replay. And, you can find our archive of our past webcasts and training here.

If you have any questions or comments, feel free to email Bill Sawyer (Senior Manager, Applications Technology Curriculum) at BilldotSawyer-AT-Oracle-DOT-com. 

Thursday Aug 26, 2010

Securing E-Business Suite Web Services with Integrated SOA Gateway

The Oracle E-Business Suite Integrated SOA Gateway service-enables Oracle E-Business Suite public APIs for Service Oriented Architecture.  This feature was released in Oracle E-Business Suite Release 12.1.1. 

One of the most common questions that Oracle E-Business Suite developers have is, "How do you secure E-Business Suite web services?"  Generally, web service security consists of authentication, message integrity and confidentiality.  I'll discuss the authentication aspect of web service security in this article.
The WS-Security specification describes enhancements to SOAP that increase the protection and confidentiality of messages. It provides this protection by defining mechanisms for associating tokens with Simple Object Access Protocol (SOAP) messages.

AuthenticationType.jpg
To secure and authenticate Oracle E-Business Suite web service operations, the E-Business Suite Integrated SOA Gateway supports Username Token-based WS-Security.  In addition, it supports SAML Token (Sender Vouches) based security in Oracle E-Business Suite 12.1.3 and higher.

An Oracle E-Business Suite Integration Repository administrator can select the appropriate authentication type for each Web service-enabled interface.  The authentication type should be selected before deploying the API as a standard web service.  Integration Repository administrators can grant user access to E-Business Suite web service operations.

Username Token based security
The username token carries basic authentication information.  The username-token element propagates user name and password information to authenticate the message.  The information provided in the token and the trust relationship provides the basis for establishing the identity of the user.

A typical WS-Security header in a SOAP Request looks like this:

wsheader.jpg
When invoking Oracle E-Business Suite Web services through SOA Provider using username token-based security, these security headers should be passed along with the SOAP request. The username/password discussed here in wsse:security is the Oracle E-Business Suite username/password (or the username/password created through the Users window in defining an application user).

SAML Token-based security

SAML security tokens (Sender Vouches) are composed of assertions: one or more statements about a user, such as an authentication or attribute statement.  SAML tokens are attached to SOAP messages by placing assertion elements inside the header. SAML security tokens enable interoperable single-sign-on and federated identity for E-Business Suite Web services.

When invoking Oracle E-Business Suite Web services through SOA Provider using SAML Tokens, the SOAP request should contain a sender-vouches SAML assertion. The Assertion and the Body elements should be digitally signed.  A reference to the certificate used to verify the signature should be provided in the header.  The basis of trust is the Web service Requester's certificate.  The Requester's private key is used to sign both the SAML Assertion and the message Body. The SOA Provider relies on the Web service Requester, who vouches for the contents of the User message and the SAML Assertion.

Your Feedback is Welcome

We're extremely interested in hearing about your use cases and your experiences with our Integrated SOA Gateway.  If you've used this product -- or are evaluating it -- please post a comment here or drop us a line with your thoughts.

References
Related Articles

Friday Feb 12, 2010

Build Custom WebADI Integrators with EBS 12.1.2 Desktop Integration Framework

[Nov. 22, 2010 Update:  Office 2010 (32-Bit) is now certified with the E-Business Suite; see this article for details]

Oracle Web Application Desktop Integrator (Web ADI) is Oracle E-Business Suite's solution for integrating E-Business Suite applications with desktop applications such as Microsoft Excel, Word and Projects.  "Integrators" encapsulate the metadata and other information needed to integrate a particular Oracle E-Business Suite task with a desktop application.

I'm pleased to announce the availability of Oracle E-Business Suite Desktop Integration Framework (DIF), a design time framework that you can use to create custom integrators for Oracle Web ADI in Oracle E-Business Suite Release 12.1.2.

Several Oracle E-Business Suite applications provide seeded integrators out-of-the-box. You can now use the Desktop Integration Framework to define custom integrators for tasks of your own.

dif1.jpg

Oracle E-Business Suite Desktop Integration Framework provides a graphical user interface which you can use to define integrators and associated supporting objects.  You can reduce development time by using the GUI instead of working directly with the underlying Oracle Web ADI tables and APIs.  This user interface makes it easier to maintain your integrators, too.  The Desktop Integration Framework supports native Oracle Application Framework (OAF) UI widgets like Flex-fields, List Of Values, Pop-lists and Date pickers.

dif2.jpg
The Desktop Integration Framework allows you to:
  • Create Integrators using a wizard-based user interface
  • Define Integrators to upload data through PL/SQL APIs or directly to tables
  • Define Integrators to download data from text files or using SQL Queries
  • Define data validation rules
  • Embed UI widgets (List of values, Pop lists, Date pickers, Flexfields) in spreadsheets
  • Use the Oracle E-Business Suite Security Model
  • Define layouts and mappings for custom integrators
Your feedback is welcome

We are very interested in hearing about your experiences with this new tool.  Please post your comments here or drop me an email at email.jpg

Wednesday Sep 02, 2009

Critical Rollup Update for E-Business Suite Integrated SOA Gateway Release 12.1.1

A critical Rollup Update for Oracle E-Business Suite Integrated SOA Gateway Release 12.1.1 was released on August 21, 2009. It is a consolidated one-off fix to address some open issues in Oracle E-Business Suite Integrated SOA Gateway Release 12.1.1. Patch 8459663 for Integrated SOA Gateway R12.1.1 is now available for download.

patch_8459663.png

Overview

Oracle E-Business Suite Integrated SOA Gateway (ISG) was released with Oracle E-Business Suite Release 12.1.1. It allows Oracle E-Business Suite public integration interfaces to be exposed as standard web services. It allows integration between heterogeneous applications and allows you to deploy web services for consumption via standard web service clients.

Why is this Rollup Update Important?

This Rollup Update fixes outstanding bugs in ISG R12.1.1 and introduces key changes in SOAHeader elements. SOAHeader elements are SOAP Header elements defined by Integrated SOA Gateway for Web services through SOA Provider. It is used for setting appropriate application context for executing PL/SQL APIs in Oracle E-Business Suite.

Oracle highly recommends that all customers who have installed the Oracle E-Business Suite Integrated SOA Gateway Release 12.1.1 upgrade to this one-off patch as soon as possible

Key Enhancements and Fixes in Rollup Update
isg_oneoff.jpg
One of the key changes with this release is change in SOAHeader elements in SOAP Requests for PL/SQL and Concurrent Program services. There are changes in element names and expected values in SOAHeader. Now instead of language dependent names, language independent key values should be sent in SOAP Request.  Other key enhancements & fixes include:
  • Support for SSL-based Web Service Invocation Over HTTPS
Service Invocation Framework now supports SSL-based Web service invocation using Server Authentication method.
  • Web Service NLS Compliance
In ISG R12.1.1, although we had the NLSLanguage element in SOAHeader, it was not used. Now, ISG supports Web service NLS compliance and it can consume SOAP requests in the language specified in the SOAHeader.
  • Security Grant on Overloaded Functions
Each of the overloaded function in a package can now be uniquely granted to a specific user, user group, or all users.
  • Standalone script to generate services for IREP interfaces
Some interfaces take long time to generate WSDL, and the Integration Repository UI may time out. Now, there's a standalone script to generate Web service artifacts.
  • Check to restrict simultaneous 'Generate Service' requests
Multiple requests to generate Web service for an integration interface are now restricted. 

References

For more information on mandatory consolidated one-off release, see:

Thursday Jan 15, 2009

Update: Using EBS 12 Portlets in Third-Party Portals

I've been puzzled by a resurgence in questions about the compatibility of E-Business Suite Release 12 portlets with third-party portals.  I thought that I'd already covered this FAQ a few times on this blog, but searching through our archives, I see that I haven't revisited this topic formally since R12 was released.  It's time for a quick refresher and update on what's supported in this release.

11i Apps Navigator: [Read More]

Wednesday Oct 29, 2008

Java Authentication + Authorization Services (JAAS) for E-Business Suite (OpenWorld 2008 Recap)

I'm highlighting OpenWorld 2008 presentations that cover some of the most popular E-Business Suite technology stack topics. A catalog of all of the Applications Technology track sessions with links to the presentations is available here:

Our Applications Technology Group announced an important set of new authentication capabilities for Java-based E-Business Suite extensions and custom programs at OpenWorld this year.  Veshaal Singh, Director in our Applications Technology Group, discusses the new capabilities and how they relate to the E-Business Suite's existing security model in this presentation:

Architecture diagram showing authentication and authorization flow for new JAAS LoginModule for E-Business Suite

[Read More]

Wednesday Aug 06, 2008

In-Depth: Using Third-Party Identity Managers with E-Business Suite Release 12

This article is an updated R12 version of an earlier one written for Oracle E-Business Suite Release 11i.

Like most of our customers, you probably already have a corporate identity management system in place. And, you've probably not been enjoying the experience of redundantly administering the same user in your corporate identity management system as well as the E-Business Suite. If this describes your environment, this in-depth article about integrating Oracle E-Business Suite Release 12, Oracle Single Sign-On and Oracle Internet Directory with third-party identity management systems will show you a better way of managing your EBS users.

[Read More]

Tuesday May 06, 2008

E-Business Suite + Fusion Middleware Best Practices Center Launched

If you've been watching Oracle's ERP strategy, you'll notice that there's been a profound shift in emphasis over the last few years.  The E-Business Suite is now acknowledged to be only one part of your organization's overall software environment, and we're investing heavily in integration technologies such as Service-Oriented Architecture (SOA).

FMW Best Practices Screenshot: Screenshot of Oracle E-Business Suite + Fusion Middleware Best Practices Center

My colleagues in the Fusion Middleware group have just launched a new Oracle E-Business Suite & Fusion Middleware Best Practice Center.  This site has step-by-step tutorials covering topics that include:
They've also started a blog that already has a rich set of deep technical articles covering topics such as:
If you're already developing SOA-based applications involving the E-Business Suite, or just curious about what's now possible with our latest tools, this site is worth a look.

Related Articles

Thursday Oct 25, 2007

Integrating Apps 12 Portlets with Third-Party Portals

Here's the latest update on the ever-popular subject of integrating the E-Business Suite Release 12 with third-party portals. 

11i Apps Navigator:

What's Possible in Release 11i Today

You already know that the E-Business Suite Release 11i portlets are written to work exclusively with Oracle Portal.  These portlets can't be plugged into third-party portal solutions.  We don't have any plans to rewrite these portlets for Release 11i, so what you see is what you will get for the foreseeable future for 11i.

Before we look ahead to the future and Release 12, here's a two-word summary of what's possible today in terms of third-party portal integration with Release 11i:  bookmarkable links.

If someone who hasn't logged in attempts to access protected E-Business Suite content, they're automatically redirected to either the E-Business Suite login page or Oracle Single Sign-On, the latter if the environment has been integrated with Oracle Application Server 10g.  Once the user logs in, she's redirected back to the protected E-Business Suite content that she was originally trying to reach.

Links to E-Business Suite content, therefore, can be bookmarked -- either in a browser, or added as links on a third-party portal page.  Admittedly, this might be pretty thin gruel for those of you expecting more, but that's what's available in Release 11i today.

What's Possible in Release 12

The E-Business Suite Release 12.0 ships with WSRP 1.0-compliant versions of the following portlets:
  • Applications Navigator
  • Applications Favorites
  • Applications Worklist
WSRP-compliant versions of other product team portlets (e.g. Balanced Scorecard) have not been released yet.  If you're interested in finding out the status of those product-specific portlets, your best bet would be to log a formal Service Request via Oracle Metalink against the specific Applications product in question.  This has the additional benefit of letting the product team know that you're interested in these upgrades, too.  You'd be amazed the effect that even a few of these Service Requests can have.

Not Supported:  Embedding Page Regions in Third-Party Portals

Many Applications 12 screens are based on the Oracle Applications Framework (OAF).  These screens are displayed in HTML and appear in certified browsers like IE and Firefox. 

It's tempting to assume that it would be possible to take regions of these screens -- or even the entire pages themselves -- and embed them in third-party portals.  More advanced readers will be musing about things like IFRAMES right about now. 

Unfortunately, this is not supported -- either for Release 11i or Release 12.  OA Framework based pages assume that they own the top of the Document Object Model (DOM).  This is not true if the pages are embedded in a third-party portal.  Attempting to do this will cause a range of unpredictable behavior.

This is a known restriction with the versions of OA Framework provided with Apps 11i and 12.  Our OAF team is looking into ways of changing this in future releases.  I don't have details about their plans that can be shared here yet, unfortunately.  As usual, you're welcome to monitor or subscribe to this column for updates on this.

Related

The above is intended to outline our general product direction.  It is intended for information purposes only, and may not be incorporated into any contract.   It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision.  The development, release, and timing of any features or functionality described for Oracle's products remains at the sole discretion of Oracle. 

Friday May 26, 2006

Process Management in Release 12

Oracle executives have been justifiably devoting a lot of slides in recent customer briefings to Oracle BPEL Process Manager: it's the cornerstone for our corporate integration strategy.  This begs the obvious question: what's going to be included in Release 12?


Workflow in Release 12

The Rapid Install for Release 12 will include Oracle Workflow out-of-the-box.  At present, we expect that the version included will be Workflow 2.6, but as always, this is subject to change. 

The practical implication of including Workflow in Release 12 is that all of your existing customized workflows will continue to function with minimal disruption and effort if you're upgrading from Release 11i.

Optional R12 Integration with BPEL Process Manager

If you're excited about working with BPEL Process Manager, you'll have the option of doing that, too. 

BPEL Logical Architecture:

Given that the E-Business Suite provides standard SOA web services, all that you'll need to do is to install OracleAS 10g and and BPEL Process Manager on a separate instance and point it to business service endpoints available from the E-Business Suite Release 12. 

Getting Started with BPEL Process Manager and Release 11i

The BPEL Process Manager is considered a standalone tool outside of the E-Business Suite space, so you don't need to wait until Release 12.  You can use BPEL Process Manager and other Oracle Integration connectors with Release 11i today.  That's a good way of getting a headstart if you plan to upgrade to the combination of Release 12 and BPEL Process Manager in the future, or if you'd like to kick the tires and take this for a test drive today.

The above is intended to outline our general product direction.  It is intended for information purposes only, and may not be incorporated into any contract.   It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision.  The development, release, and timing of any features or functionality described for Oracle's products remains at the sole discretion of Oracle.

Wednesday May 24, 2006

Release 12 and Third-Party Portals

Apr 3, 2007 Update:  Release 12.0 includes WSRP 1.0-compliant versions of the following E-Business Suite portlets:  Applications Navigator, Applications Favorites, Applications Worklist.

I've briefly alluded to our Release 12 plans for portlets, but your feedback suggests that it's worth discussing our plans in more detail.


11i Apps Navigator:

What's Possible in Release 11i Today

You already know that the E-Business Suite Release 11i portlets are written to work exclusively with Oracle Portal.  These portlets can't be plugged into third-party portal solutions.  We don't have any plans to rewrite these portlets for Release 11i, so what you see is what you will get for the foreseeable future for 11i.

Before we look ahead to the future and Release 12, here's a two-word reminder of what's possible today in terms of third-party portal integration with Release 11i:  bookmarkable links.

If someone who hasn't logged in attempts to access protected E-Business Suite content, they're automatically redirected to either the E-Business Suite login page or Oracle Single Sign-On, the latter if the environment has been integrated with Oracle Application Server 10g.  Once the user logs in, she's redirected back to the protected E-Business Suite content that she was originally trying to reach.

Links to E-Business Suite content, therefore, can be bookmarked -- either in a browser, or added as links on a third-party portal page.  Admittedly, this might be pretty thin gruel for those of you expecting more, but that's what's available in Release 11i today.

Release 12, JSR-168, and WSRP

We're still in the process of beefing up our portlet infrastructure for Release 12, so I need to preface what follows with the usual disclaimer:  this is subject to change without notice

JSR-168 Diagram:

With that out of the way, I can say that our plans are to rewrite our existing Oracle Applications Framework Web Provider to JSR-168 and WSRP standards.  This means switching from the existing Java Portlet Development Kit (JPDK 3.0.9) to the new JSR-168 Oracle Java Portlet Container.

If all goes according to plan, this means that you will be able to plug the Release 12 E-Business Suite portlets into any third-party portal that supports the JSR-168 and WSRP standards.

Curves In The Road Ahead

Given the inherent limitations of web-based protocols, it shouldn't come as a surprise to learn that the JSR-168 and WSRP standards aren't quite as feature-rich as the existing JPDK libraries. 

In other words, there are things we can do today with the JPDK that will require considerably more ingenuity to pull off with JSR-168 and WSRP.  For example, dynamic portlet generation and invalidation-based caching have less-powerful equivalents in the new standards.

Until we work through these issues, it's safe to expect that the existing E-Business Suite portlets may look and function a bit differently in Release 12.

Preserving Your Existing Portlets

We're planning to certify and include the latest JPDK 10.1.2 libraries in the Release 12 Rapid Install, too.  If you've invested in building custom JPDK portlets for the E-Business Suite, this means that those portlets will continue to work, providing you with some breathing space during your Release 12 migration. 

The above is intended to outline our general product direction.  It is intended for information purposes only, and may not be incorporated into any contract.   It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision.  The development, release, and timing of any features or functionality described for Oracle's products remains at the sole discretion of Oracle. 

Thursday May 18, 2006

Certification and Support for Third-Party Products

One of the most frequently asked questions I answer daily is this:  "Is my third-party product __________ certified with the E-Business Suite?"

The short answer is, "No, it's not."  But wait...don't leave just yet!  That doesn't mean that you can't use these products with the E-Business Suite, it just means that we haven't certified them ourselves.

To understand how this affects you, we need to make a distinction between certification and support for third-party products in E-Business Suite environments.

How Are Technology Stack Components Certified?

From an E-Business Suite standpoint, our certification process looks like this:

Phase 1:  Applications Technology Group Testing
  • Creation of formal installation documentation and patches
  • Installation into one or more Linux-based technology stack testbed environments, testing upgrade paths from previous older configurations, and compatibility testing with other architectural deployment options such as load-balancers and firewalls
  • Manual and automated regression testing of core technology stack functions and a subset of key Apps business flows
Phase 2:  E-Business Suite Division-Wide Testing
  • Installation into one or more Linux-based testbed environments shared by all Applications products
  • Testing by one or more Applications product teams, including manual and automated regression tests of key product functionality
Phase 3:  Platform-Specific Testing
  • Installation into testbed environments running on other platforms, such as HP-UX, Sun Solaris, IBM AIX, and Microsoft Windows
  • Manual and automated regression tests of key product functionality
Phase 4:  Early Adopter Program Testing

For highly-complex or potentially disruptive new technologies, we sometimes include this final phase:
Once all of the phases are passed successfully, we release the associated documentation and patches and the configuration is considered Generally Available and certified.

We Support More Than We Certify

The number of possible configurations and third-party components far exceeds the number of things that we certify through the process above. 

Our general policy is that our generic documentation should apply to all third-party components, even if we haven't certified those products specifically. 

For example:

We support the use of demilitarized zones and firewalls with the E-Business Suite. 

It isn't possible for us to put every single commercial firewall through the certification process above, so we've developed generic patches and documentation for this configuration.  These generic patches and documentation should apply to all firewall vendors' products.  Regardless of what firewall you choose, the E-Business Suite should work the same way. 

So, all firewalls are supported with the E-Business Suite, provided that they meet the minimum functional requirements listed in our DMZ documentation.

What Does "Support" Really Mean?

If you encounter a problem with a third-party component, the odds are that we won't have a setup that's identical to yours.  Here's what you can expect when logging a Service Request for a third-party component in your E-Business Suite environment:
  1. Oracle Support will check that you've followed the standard configuration documentation in setting up your environment.

  2. Oracle Support may attempt to replicate your issue in a generic environment that most-closely resembles your environment.
  3. Oracle Support may work with you to see if the problem goes away when the third-party component is temporarily removed or deactivated.
  4. If the problem exists in a generic environment or when the third-party component is temporarily deactivated, then Oracle Support will attempt to identify a patch or workaround for the issue.  A bug may be logged to request a new patch.
  5. If the problem disappears when the third-party product is removed, then it suggests that the third-party product is the source of the issue.  If so, Oracle Support may suggest that you contact the third-party vendor for their help in debugging their product.
Third-Party Hardware and Software

The processes and policies that I've described above apply to nearly all third-party products in E-Business Suite environments.   This includes software (like Citrix) and hardware (like F5 or Cisco load-balancers) alike.

Escalate As Needed

A major part of my job is working directly with customers, and I know that you can sometimes find these integration issues frustrating to work through. 

Remember:  we won't turn your Support Requests away -- we'll do our best to reproduce and isolate the issue in a generic environment. 

If you get stuck or feel that your Service Request is going around in circles, don't hesitate to contact an Oracle Support Duty Manager and ask for your Service Request to be escalated.  Sometimes, trickier architecture issues may require direct help from us in the Applications Technology Group; Support will log a bug in those cases to get us engaged.

Reference:

Wednesday May 03, 2006

In-Depth: Using Third-Party Identity Managers with the E-Business Suite Release 11i

Like most of our customers, you probably already have a corporate identity management system in place.  And, you've probably not been enjoying the experience of redundantly administering the same user in your corporate identity management system as well as the E-Business Suite. 


If this describes your environment, this post should come as good news to you. 

No More Redundant User Administration

With the certification of Oracle Application Server 10g and Single Sign-On 10g, it is now possible to integrate the E-Business Suite with existing third-party LDAP and single sign-on solutions, like this:

Simple Third-Party LDAP SSO Integration:

Third-party single sign-on solutions can be integrated with Oracle Single Sign-On 10g, and third-party LDAP directories can be integrated with Oracle Internet Directory 10g.  From there, it's a short hop to the E-Business Suite.

Example Scenario:  The Deluxe "Zero Sign-On" Approach

A user logs on their PC using their Windows userid and password.  Wanting to avoid real work, the user decides to file a long-overdue expense report for last year's OpenWorld conference.  He starts Internet Explorer, opens Favorites, and selects a bookmarked link for the E-Business Suite's Self-Service Expenses.

Self-Service Expenses starts up, and the user begins the process of assembling rationalizations to justify that $450 dinner at Jardiniere with their favorite Oracle blogger.

(This is a fictional example, of course; nobody takes bloggers out to dinner)

We sometimes call this "zero sign-on" because the user never actually logged on to any Oracle systems at all; their Windows Kerberos ticket gave them an all-access pass to the E-Business Suite automatically.

Magic?  What Really Happened?

Brace yourself: some of the following material might require a couple of passes to sink in.

The scenario above illustrates the following integrations:
  • Microsoft Active Directory with Oracle Internet Directory 10g
  • Microsoft Kerberos Authentication with Oracle Single Sign-On 10g
  • Oracle Application Server 10g with the E-Business Suite
MS AD + Kerberos Integration:

The user logged on to their PC, which authenticated them against Microsoft Active Directory.  As part of that logon process, Microsoft Kerberos Authentication issued a valid Kerberos ticket to the user.

When the user attempted to access Self-Service Expenses via his bookmarked link, he was redirected to Oracle Single Sign-On 10g.  Oracle Single Sign-On 10g recognized the Microsoft Kerberos ticket, issued its own Oracle security tokens to the user, and redirected the user back to the E-Business Suite.

The E-Business Suite recognized the Oracle Single Sign-On 10g security tokens and looked up the user's assigned Applications Responsibilities to ensure that he was authorized to access Self-Service Expenses.  That done, it issued its own E-Business Suite security tokens and then passed the user through to Self-Service Expenses without requiring any additional logons.

Integration with Microsoft Active Directory Only

Not everyone uses Microsoft Kerberos Authentication.  A simpler integration option omits Kerberos and includes only Microsoft Active Directory and Oracle Internet Directory, like this:

MS AD Only - No Kerberos:

In this simpler architecture, when the user attempts to access Self-Service Expenses via his bookmarked link, he's redirected to Oracle Single Sign-On OracleAS 10g. Single Sign-On displays a login screen and collects the user's ID and password.

Single Sign-On passes the user's supplied ID and password to Oracle Internet Directory for validation.  Oracle Internet Directory uses the Windows NT External Authentication plug-in (sometimes also called the Windows Native Authentication plug-in) to delegate user authentication to Microsoft Active Directory.

Microsoft Active Directory looks up the user's ID and password in its database, and informs Oracle Internet Directory that this is an authenticated user.  Oracle Internet Directory informs Single Sign-On that the user was successfully authenticated. 

Single Sign-On issues the user a set of security tokens and redirects the user to the E-Business Suite.  The E-Business Suite recognizes the Single Sign-On security tokens and looks up the user's assigned Applications Responsibilities to ensure that he's authorized to access Self-Service Expenses.  That done, it issues its own E-Business Suite security tokens and then passes the user through to Self-Service Expenses.

"Out-of-the-box" Third-Party LDAP Integration with Oracle Internet Directory

Due to the popularity of Microsoft Active Directory, Oracle Internet Directory provides a prebuilt connector out-of-the box, ready to use.

Oracle Internet Directory also provides a prebuilt connector for the SunONE (iPlanet) Directory Server, ready-to-use.  You should note that Sun (like Oracle, following its myriad recent acquisitions) has rebranded its identity management products, so there's a new name for the Sun LDAP directory now.  I'll update this post with the latest name as soon as my Sun contacts provide me with that information.

Synchronization of User Credentials with Third-Party LDAP Directories

If you've been paying close attention so far, you have likely gathered that user credentials need to be synchronized between the third-party LDAP, Oracle Internet Directory, and the E-Business Suite.  The synchronization architecture looks like this:

Third-Party LDAP User Sync:

In this configuration, only the user name needs to be synchronized; the user's password is stored in the third-party LDAP directory.  None of the Oracle products need to store the user's password, since they delegate user authentication to the third-party LDAP solutions.

The key concept here is that user authentication is still separated from user authorization even when a third-party LDAP is in place.  So, the E-Business Suite still grants authenticated users access to E-Business Suite protected content based on the users' Applications Responsibilities, which are managed in the E-Business Suite exclusively.

Integration With Other Single Sign-On Solutions

It is also possible to integrate Oracle Single Sign-On 10g with other single sign-on solutions, including:
When integrated with other single sign-on solutions, a chain of trust is established between the third-party, Oracle Single Sign-On, and the E-Business Suite.  Users logging on via the third-party single sign-on solution are passed through transparently to Oracle Single Sign-On and the E-Business Suite.

Bringing It All Together

Assuming I haven't lost you so far, the following diagram shouldn't be too overwhelming:

Combined 3rd Party LDAP SSO:

This combines all of the concepts we've covered:
  • Third-party LDAP integration with Oracle Internet Directory
  • Third-party SSO integration with Oracle Single Sign-On
  • Synchronization of user credentials via the Oracle Internet Directory's Oracle Directory & Provisioning Platform to the E-Business Suite
Relax, It's Easy and Fun

Well, maybe not... but at least it's technically feasible.  You might find it reassuring to note that a number of E-Business Suite customers are running this configuration in production already. 

This is about as much detail as I think is appropriate for now.  Feel free to post comments if you have questions about this topic. 

There are many more options for integration with the E-Business Suite, including options for linking OID userids to different E-Business Suite userids, and so on.  If you're really interested, I'd recommend a careful reading of this document:
Related Articles:

About

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
4
5
6
7
8
9
10
11
12
13
14
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today