Tuesday Apr 15, 2014

Quarterly E-Business Suite Upgrade Recommendations: April 2014 Edition

We've previously provided advice on the general priorities for applying EBS updates.  This article will help you understand your top priorities for major upgrades to EBS and its technology stack components.

The following is a summary of our latest upgrade recommendations for E-Business Suite updates and technology stack components.  These quarterly recommendations are based upon the latest updates to Oracle's product strategies, latest support timelines, and newly-certified releases. 

Upgrade Recommendations for April 2014

  1. EBS 11i users should upgrade to 12.1.3 or 12.2.  Before upgrading, 11i users should be on the minimum 11i patching baseline.

  2. EBS 12.0 users should upgrade to 12.1.3 or 12.2.  Before upgrading, 12.0 users should be on the minimum 12.0 patching baseline,

  3. EBS 12.1 users should upgrade to 12.1.3 or 12.2.

  4. Oracle Database 10gR2 and 11gR1 users should upgrade to 11.2.0.4 or 12.1.0.1

  5. EBS 12 users of Oracle Single Sign-On 10g users should migrate to OAM 11gR2 Patchset 1 11.1.2.1.0.

  6. EBS 11i users of  Oracle Single Sign-On 10g users should migrate to OAM 11gR2 Patchset 1 11.1.2.1.0.

  7. Oracle Internet Directory 10g users should upgrade to Oracle Internet Directory 11g 11.1.1.7.

  8. Oracle Discoverer users should migrate to Oracle Business Intelligence Enterprise Edition (OBIEE), Oracle Business Intelligence Applications (OBIA), or Discoverer 11g 11.1.1.7.

  9. Oracle Portal 10g users should migrate to Oracle WebCenter 11g 11.1.1.7 or upgrade to Portal 11g 11.1.1.6.

  10. All Windows desktop users should migrate from JInitiator and older Java releases to JRE 1.6.0_75 or later 1.6 updates or JRE 1.7.0_55 or later 1.7 updates.

  11. All EBS 11i, 12.0, 12.1, and 12.2 users must sign their environment's JAR files now.

  12. All Firefox users should upgrade to Firefox Extended Support Release 24.

  13. All EBS 11i, 12.0, 12.1, 12.2 users should apply the latest Critical Patch Update.

Related Articles

Wednesday Feb 12, 2014

Oracle Access Manager 11.1.2.2 Certified with Oracle E-Business Suite

I am happy to announce that Oracle Access Manager 11gR2 Patchset 2 (11.1.2.2.0) is now certified with Oracle E-Business Suite Release 11i (11.5.10.2) and 12 (12.0.6, 12.1.1+, 12.2.2+).  If you are implementing single sign-on for the first time, or are an existing Oracle Access Manager user, you may integrate with Oracle Access Manager 11gR2 using Oracle Access Manager WebGate and Oracle E-Business Suite AccessGate.

Choosing the Right Integration

Our previously published blog article and support note with single sign-on recommended and certified integration paths has been updated to include Oracle Access Manager 11gR2PS2:

References

You may refer to the following My Oracle Support Knowledge Documents for additional details regarding certified architectures and versions:

    Related Articles

    Tuesday Nov 19, 2013

    Quarterly E-Business Suite Upgrade Recommendations: November 2013 Edition

    We've previously provided advice on the general priorities for applying EBS updates.  This article will help you understand your top priorities for major upgrades to EBS and its technology stack components.

    The following is a summary of our latest upgrade recommendations for E-Business Suite updates and technology stack components.  These quarterly recommendations are based upon the latest updates to Oracle's product strategies, latest support timelines, and newly-certified releases. 

    Upgrade Recommendations for November 2013

    1. EBS 11i users should upgrade to 12.1.3 or 12.2.  Before upgrading, 11i users should be on the minimum 11i patching baseline.

    2. EBS 12.0 users should upgrade to 12.1.3 or 12.2.  Before upgrading, 12.0 users should be on the minimum 12.0 patching baseline,

    3. EBS 12.1 users should upgrade to 12.1.3 or 12.2.

    4. Oracle Database 10gR2 and 11gR1 users should upgrade to 11.2.0.4 or 12.1.0.1

    5. EBS 12 users of Oracle Single Sign-On 10g users should migrate to OAM 11gR2 Patchset 1 11.1.2.1.0.

    6. EBS 11i users of  Oracle Single Sign-On 10g users should migrate to OAM 11gR2 Patchset 1 11.1.2.1.0.

    7. Oracle Internet Directory 10g users should upgrade to Oracle Internet Directory 11g 11.1.1.7.

    8. Oracle Discoverer users should migrate to Oracle Business Intelligence Enterprise Edition (OBIEE), Oracle Business Intelligence Applications (OBIA), or Discoverer 11g 11.1.1.7.

    9. Oracle Portal 10g users should migrate to Oracle WebCenter 11g 11.1.1.7 or upgrade to Portal 11g 11.1.1.6.

    10. All Windows desktop users should migrate from JInitiator and older Java releases to JRE 1.6.0_65 or later 1.6 updates or JRE 1.7.0_45 or later 1.7 updates.

    11. All EBS 11i, 12.0, 12.1, and 12.2 users must sign their environment's JAR files now.

    12. All Firefox users should upgrade to Firefox Extended Support Release 24.

    13. All EBS 11i, 12.0, 12.1, 12.2 users should apply the latest Critical Patch Update.

      Related Articles

      Monday Jul 22, 2013

      Quarterly E-Business Suite Upgrade Recommendations: July 2013 Edition

      We've previously provided advice on the general priorities for applying EBS updates.  This article will help you understand your top priorities for major upgrades to EBS and its technology stack components.

      The following is a summary of our latest upgrade recommendations for E-Business Suite updates and technology stack components.  These quarterly recommendations are based upon the latest updates to Oracle's product strategies, latest support timelines, and newly-certified releases. 

      Upgrade Recommendations for July 2013

      1. EBS 11i users should upgrade to 12.1.3, or -- if staying on 11i -- should be on the minimum 11i patching baseline,

      2. EBS 12.0 users should upgrade to 12.1.3, or -- if staying on 12.0 -- should be on the minimum 12.0 patching baseline,

      3. EBS 12.1 users should upgrade to 12.1.3.

      4. Oracle Database 10gR2 and 11gR1 users should upgrade to 11gR2 11.2.0.3.

      5. EBS 12 users of Oracle Single Sign-On 10g users should migrate to OAM 11gR2 Patchset 1 11.1.2.1.0 or OAM 11gR1 Patchset 2 11.1.1.7.

      6. EBS 11i users of  Oracle Single Sign-On 10g users should migrate to OAM 11gR2 Patchset 1 11.1.2.1.0 or Oracle Access Manager 10g 10.1.4.3.

      7. Oracle Internet Directory 10g users should upgrade to Oracle Internet Directory 11g 11.1.1.7.

      8. Oracle Discoverer users should migrate to Oracle Business Intelligence Enterprise Edition (OBIEE), Oracle Business Intelligence Applications (OBIA), or Discoverer 11g 11.1.1.7.

      9. Oracle Portal 10g users should migrate to Oracle WebCenter 11g 11.1.1.7 or upgrade to Portal 11g 11.1.1.6.

      10. All Windows desktop users should migrate from JInitiator and older Java releases to JRE 1.6.0_51 or later 1.6 updates , or JRE 1.7.0_25 or later 1.7 updates.

      11. All Firefox users should upgrade to Firefox Extended Support Release 17.

      Related Articles

      Thursday Jul 18, 2013

      Oracle Access Manager 11gR2 11.1.2.1.0 Certified With E-Business Suite

      I am happy to announce that Oracle Access Manager 11gR2  Patchset 1 (11.1.2.1.0) is now certified with E-Business Suite Releases 11i, 12.0 and 12.1.

      Choosing the Right Architecture

      If you are implementing single sign-on for the first time, or are an existing Oracle Access Manager user, you may integrate with Oracle Access Manager 11gR2 Patchset 1 using Oracle Access Manager WebGate and Oracle E-Business Suite AccessGate. If you are using Oracle Single Sign-On 10gR3 (10.1.4.3) you may migrate to Oracle Access Manager 11gR2 Patchset 1 with Oracle E-Business Suite Access Gate.

      Our previously published blog article and support note provides an overview of single sign-on integration options and recommendations:

      Platforms Certified

      The Oracle E-Business Suite AccessGate Java application is certified to run on any operating system for which Oracle WebLogic Server 11g is certified. Refer to the Oracle Fusion Middleware Release 11g (11.1.1.x) Certification Matrix for more details.

      For information on operating systems supported by Oracle Access Manager 11gR2 and its components, refer to the Oracle Identity and Access Management 11g Release 2 (11.1.2.1.0) Certification Matrix.

      Integration with Oracle Access Manager involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.

      References

        Related Articles

        (Article Contributor:  Allison Sparshott)

        Tuesday Jun 04, 2013

        Oracle Internet Directory 11gR1 11.1.1.7 Certified with E-Business Suite

        Oracle E-Business Suite comes with native user authentication and management capabilities out-of-the-box. If you need more-advanced features, it's also possible to integrate it with Oracle Internet Directory and Oracle Single Sign-On or Oracle Access Manager, which allows you to link the E-Business Suite with third-party tools like Microsoft Active Directory, Windows Kerberos, and CA Netegrity SiteMinder. 


        For details about third-party integration architectures, see:

        Oracle Internet Directory 11.1.1.7 is now certified with Oracle E-Business Suite Release 11i, 12.0 and 12.1.  OID 11.1.1.7 is part of Oracle Fusion Middleware 11g Release 1 Version 11.1.1.7.0, also known as FMW 11g Patchset 6.  Certified E-Business Suite releases are:
        • EBS Release 11i 11.5.10.2 + ATG PH.H RUP 7 and higher
        • EBS Release 12.0.6 and higher
        • EBS Release 12.1.1 and higher

        Supported Configurations

        Oracle Internet Directory 11.1.1.7.0 can be integrated with these single sign-on solutions for EBS environments:

        • Oracle Internet Directory (OID) and Directory Integration Platform (DIP) from Fusion Middleware 11gR1 Patchset 6 (11.1.1.7.0) with Oracle Access Manager 11gR2 (11.1.2.0) with an Oracle E-Business Suite system (Release 11i, 12.0.6 or higher or 12.1.x).
        • Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 6 (11.1.1.7.0) with Oracle Access Manager 11gR1 Patchset 2 (11.1.1.7.0) with an Oracle E-Business Suite system (Release 12.0.6 or higher or 12.1.x).
        • Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 6 (11.1.1.7.0) with Oracle Access Manager 10g (10.1.4.3) with an existing Oracle E-Business Suite system (Release 11i or 12.1.x).
        • Oracle Internet Directory and Directory Integration Platform from Oracle Fusion Middleware 11gR1 Patchset 6 (11.1.1.7.0) with Oracle Single Sign-On Server and Oracle Delegated Administration Services Release 10g (10.1.4.3.0) with an existing Oracle E-Business Suite system (Release 11i, 12.0.6 or 12.1.x).
        Oracle Access Manager strongly recommended

        Oracle has two single sign-on solutions: Oracle Single Sign-On Server (OSSO) and Oracle Access Manager (OAM). Oracle strongly recommends that all new single sign-on implementations use Oracle Access Manager. Oracle Access Manager is the preferred solution going forward, and forms the basis of Oracle Fusion Middleware 11g. OSSO is no longer being actively developed and will not be ported to Oracle WebLogic Server.

        Platform certifications

        Oracle Internet Directory is certified to run on any operating system for which Oracle WebLogic Server 11g is certified. Refer to the Oracle Fusion Middleware 11g System Requirements for more details.

        For information on operating systems supported by Oracle Internet Directory and its components, refer to the Oracle Identity and Access Management 11gR1 certification matrix.

        Integration with Oracle Internet Directory involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.

        References

        Related Articles

        Friday May 10, 2013

        Oracle Access Manager 11gR1 Patchset 2 11.1.1.7 Certified with EBS 12

        Oracle Access Manager 11gR1 Patchset 2 (a.k.a. 11.1.1.7) is now certified with E-Business Suite Release 12.0 and 12.1.  Applying Oracle Access Manager 11gR1 Patchset 2 will provide you with the latest set of fixes for Oracle Access Manager 11gR1 which have been validated with Oracle E-Business Suite Release 12.0 and 12.1.

        Oracle has two single sign-on solutions, Oracle Single Sign-On Server (OSSO) and Oracle Access Manager. Oracle strongly recommends that all new single sign-on implementations use Oracle Access Manager. Oracle Access Manager is the preferred solution going forward, and forms the basis of Oracle Fusion Middleware 11g. Oracle Single Sign-On is no longer being actively developed and will not be ported to Oracle WebLogic Server.

        Prerequisites

        • Oracle E-Business Suite Release 12.1.1 and higher, Release 12.0 RUP 6 (12.0.6)
        • Oracle Internet Directory 11gR1 PS1 (11.1.1.2) or higher

        Platforms Certified

        Oracle Access Manager 11gR1 is certified to run on any operating system for which Oracle WebLogic Server 11g is certified. Refer to Oracle Fusion Middleware Supported System Configurations on the Oracle Technology Network (OTN):

        Integration with Oracle Access Manager involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.

        References

        The following documents have been updated to include a new table listing Oracle Access Manager 11gR1 bundle patches that have been certified with Oracle E-Business Suite Release 12:

        Related Articles

        Wednesday Mar 27, 2013

        Migrating from EBS 11i + Oracle Single Sign-On to EBS 12 + Oracle Access Manager

        Our Identity Management team has just published an important change in the Oracle Software Technical Support Policies document (March, 2013):

        "For customers with a current support contract for Oracle Single Sign-On 10gR3, Extended Support will be made available until December 2013 at then-current Extended Support fees. During this period, Extended Support will be limited to Severity 1 fixes only; critical patch updates will not be made available."

        This is important if you've been wondering how to deal with this challenge: 

        • You know that Oracle Access Manager has supplanted Oracle Single Sign-On.  
        • You integrated Oracle Single Sign-On 10g with your E-Business Suite 11i environment several years ago.  
        • You plan to switch from Oracle Single Sign-On to Oracle Access Manager as part of your EBS 12 upgrade.
        • You want to get to EBS 12, but want to perform your EBS upgrade and OAM migrations different downtimes.
        • You've been staring at the latest EBS support timelines and deliberating your options:

        Timeline showing updated EBS Support dates

        All of the crucial pieces for this are now in place:

        1. Oracle Access Manager 11.1.2 is certified with EBS 11.5.10.2.
        2. Support for Oracle Single Sign-On 10g has been extended to Dec. 31, 2013.
        3. EBS 11.5.10's Exception to Sustaining Support has been extended to Dec. 31, 2014.
        4. EBS 12.1's Extended Support has been extended to Dec. 31, 2018.

        This means that you have sufficient support coverage for all major components while you do this in a multi-phase implementation.  You can migrate your EBS 11i environment from Oracle SSO 10g to Oracle Access Manager 11.1.2 this year, in one initial downtime.  You can then upgrade that environment from EBS 11i to EBS 12.1.3 in a later downtime. 

        Your implementation phases will look like this:

        1. Today: EBS 11i + Oracle Single Sign-On 10.1.4.3
        2. Interim phase:  EBS 11i + Oracle Access Manager 11.1.2
        3. Final phase: EBS 12.1.3 + Oracle Access Manager 11.1.2

        Each of these undertakings can be fairly major initiatives on their own, so breaking the overall project into smaller parts helps you manage your risk.  I would be very interested in hearing about your experiences with this kind of combined migration + upgrade implementation approach.  Please feel free to post a comment here or drop me a line privately.

        Related Articles


        Monday Mar 18, 2013

        Oracle Access Manager 11.1.2 Certified With E-Business Suite 11i

        I am pleased to announce that Oracle Access Manager 11gR2 (11.1.2.0.0) is now certified with E-Business Suite Release 11.5.10.2.  If you are implementing single sign-on for the first time, or currently use Oracle Access Manager or Oracle Single Sign-On, you may integrate with Oracle Access Manager 11gR2 using Oracle Access Manager WebGate and Oracle E-Business Suite AccessGate.

        EBS Oracle Access Manager architecture

        Transitionary architecture for EBS 12 upgrades

        This new certification can be used as a intermediate architecture on your upgrade path to EBS 12. This may allow you to reduce your overall risk and downtimes by doing your upgrade in multiple phases.

        For example, you might be using Oracle Single Sign-On with your EBS 11i environment today.  You will need to switch from Oracle Single Sign-On to Oracle Access Manager as part of your upgrade.  You can use the following strategy to phase in this new component:

        1. Today: EBS 11i + Oracle Single Sign-On 10.1.4.3
        2. Interim phase:  EBS 11i + Oracle Access Manager 11.1.2
        3. Final phase: EBS 12.1.3 + Oracle Access Manager 11.1.2
        Supported Architecture and Release Versions
        • Oracle Access Manager 11.1.2
        • Oracle E-Business Suite Release 11.5.10.2 + ATG Rollup Patchset 6 (11i.ATG_PF.H.delta.6) and higher.
        • Oracle Internet Directory 11.1.1.6
        • Oracle WebLogic Server 10.3.5+

        References

        Related Articles

        Thursday Dec 06, 2012

        Oracle Access Manager 11.1.2 Certified with E-Business Suite 12

        I am happy to announce that Oracle Access Manager 11gR2 (11.1.2) is now certified with E-Business Suite Releases 12.0.6 and 12.1. If you are implementing single sign-on for the first time, or are an existing Oracle Access Manager user, you may integrate with Oracle Access Manager 11gR2 using Oracle Access Manager WebGate and Oracle E-Business Suite AccessGate.

        Supported Architecture and Release Versions

        • Oracle Access Manager 11.1.2
        • Oracle E-Business Suite Release 12.0.6, 12.1.1+
        • Oracle Identity Management 11.1.1.5, 11.1.1.6
        • Oracle Internet Directory 11.1.1.6
        • Oracle WebLogic Server 10.3.5+
        What's New In This Oracle Access Manager 11gR2 Integration?
        • Simplified integration: We've simplified the instructions and cut the number of pages, while adding clarity to the steps.

        • Automation of configuration steps:  We've automated some of the required configuration steps. This is the first phase of automation and diagnostics that are part of our roadmap for this integration.

        • Use of default OAM Login page: We are reducing the required troubleshooting by delivering the default OAM Login page for the integration. A custom login page can still be created by using Oracle Access Manager.

        • Use of the Detached Credential collector in a Demilitarized Zone: We have certified the Detached Credential collector as part of a DMZ configuration. This will enhance the security of the underlying Oracle Access Manager and E-Business Suite components, which will now be required only within a company's intranet.  

        Choosing the Right Architecture

        Our previously published blog article and support note with single sign-on recommended and certified integration paths has been updated to include Oracle Access Manager 11gR2:

        Other References

        Related Articles

        Monday Nov 05, 2012

        Oracle Access Manager 11gR1 BP04 Certified with EBS 12

        I'm pleased to announce that the Oracle Access Manager team has certified Oracle Access Manager 11gR1 Bundle Patch 4 (a.k.a. 11.1.1.5.4 or BP04) with E-Business Suite Release 12.  Applying Oracle Access Manager 11gR1 BP04 will provide you with the latest set of fixes for Oracle Access Manager 11gR1 which have been validated with Oracle E-Business Suite Release 12.


        References

        Later Oracle Access Manager Bundle Patches may be applied on top of certified configurations. However, unless noted explicitly in Oracle E-Business Suite documentation, these later Bundle Patches have not been tested with Oracle E-Business Suite. These are considered to be uncertified configurations.

        The following documents have been updated to include record of the Oracle Access Manager 11gR1 BP04 certification with Oracle E-Business Suite Release 12:

        Related Articles

        Thursday Jul 26, 2012

        Oracle Access Manager 11gR1 BP03 Certified with EBS 12

        I'm pleased to announce that the Oracle Access Manager team has certified Oracle Access Manager 11gR1 Bundle Patch 3 (a.k.a. 11.1.1.5.3 or BP03) with E-Business Suite Release 12.  Applying Oracle Access Manager 11gR1 BP03 will provide you with the latest set of fixes for Oracle Access Manager 11gR1 which have been validated with Oracle E-Business Suite Release 12.

        References

        The following documents have been updated to include a new table listing Oracle Access Manager 11gR1 bundle patches that have been certified with Oracle E-Business Suite Release 12:

        Related Articles

        Friday Jun 01, 2012

        Oracle Internet Directory 11gR1 11.1.1.6 Certified with E-Business Suite

        [June 7, 2012 Update: Corrected typo in "Supported Configurations" section]

        Oracle E-Business Suite comes with native user authentication and management capabilities out-of-the-box. If you need more-advanced features, it's also possible to integrate it with Oracle Internet Directory and Oracle Single Sign-On or Oracle Access Manager, which allows you to link the E-Business Suite with third-party tools like Microsoft Active Directory, Windows Kerberos, and CA Netegrity SiteMinder. 


        For details about third-party integration architectures, see either of these article for EBS 11i and 12:

        Oracle Internet Directory 11.1.1.6 is now certified with Oracle E-Business Suite Release 11i, 12.0 and 12.1.  OID 11.1.1.6 is part of Oracle Fusion Middleware 11g Release 1 Version 11.1.1.6.0, also known as FMW 11g Patchset 5.  Certified E-Business Suite releases are:
        • EBS Release 11i 11.5.10.2 + ATG PH.H RUP 7 and higher
        • EBS Release 12.0.6 and higher
        • EBS Release 12.1.1 and higher

        Supported Configurations

        Oracle Internet Directory 11.1.1.6.0 can be integrated with two single sign-on solutions for EBS environments:

        • Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 5 (11.1.1.6.0) with Oracle Access Manager 10g (10.1.4.3) with an existing Oracle E-Business Suite system (Release 11i or 12.1.x).
        • Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 5 (11.1.1.6.0) with Oracle Access Manager 11gR1 (11.1.1.5) with an existing Oracle E-Business Suite system (Release 12.0.6 or higher or 12.1.x).
        • Oracle Internet Directory (OID) and Directory Integration Platform (DIP) from Oracle Fusion Middleware 11gR1 Patchset 5  (11.1.1.6.0) with Oracle Single Sign-On Server and Oracle Delegated Administration Services Release 10g (10.1.4.3.0) with an existing Oracle E-Business Suite system (Release 11i, 12.0.6 or 12.1.x)

        Oracle Access Manager strongly recommended

        Oracle has two single sign-on solutions: Oracle Single Sign-On Server (OSSO) and Oracle Access Manager (OAM). Oracle strongly recommends that all new single sign-on implementations use Oracle Access Manager. Oracle Access Manager is the preferred solution going forward, and forms the basis of Oracle Fusion Middleware 11g. OSSO is no longer being actively developed and will not be ported to Oracle WebLogic Server.

        Platform certifications

        Oracle Internet Directory is certified to run on any operating system for which Oracle WebLogic Server 11g is certified. Refer to the Oracle Fusion Middleware 11g System Requirements for more details.

        For information on operating systems supported by Oracle Internet Directory and its components, refer to the Oracle Identity and Access Management 11gR1 certification matrix.

        Integration with Oracle Internet Directory involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.

        References

        Related Articles

        Tuesday May 08, 2012

        Understanding Options for Integrating Oracle Access Manager with E-Business Suite

        Integrating Oracle Access Manager with the E-Business Suite can be tricky.  This is especially true if you're upgrading from EBS 11i to 12, or perhaps also switching from the older Oracle Single Sign-On technology to Oracle Access Manager.  Thing can get even more complicated if you're interested in integrating the E-Business Suite with a third-party authentication system such Windows Kerberos, or managing your users in a third-party LDAP directory like Microsoft Active Directory.

        Understanding your options for integrating EBS with Oracle Access Manager and Oracle Internet Directory has just gotten a bit easier.  First, we've just published a new document that lays out the options and our recommendations:

        OAM Oracle Access Manager architecture diagram and flow

        This new document discusses:

        • Single sign-on concepts
        • Options for integrating single sign-on solutions for Oracle E-Business Suite including the following:
          • How the Oracle Access Manager Integration Works
          • How the Oracle Single Sign-On (OSSO) Integration Works
          • Integration with Third-Party Access Management Systems and LDAP
        • Considerations to take into account when choosing a single sign-on solution
        • Documentation roadmap specifying which document to follow dependent upon your integration goal
        • Reference architecture diagrams depicting example components by Oracle E-Business Suite release

        Reworked instructions for integrating Oracle Access Manager + E-Business Suite 

        In addition to the new overview document above, we've also made extensive revisions and updates to this previously-published document:

        The updated Note is the result of your emails, Service Requests, and feedback to us on how we can improve our documentation. This is still an admittedly-complex implementation, with many detailed and exacting steps.  We're examining ways of streamlining and possibly automating some of the implementation steps in a future update to this certification.

        Your feedback is welcome

        We've tried hard to make this complex area just a little bit more-accessible.  We would love to hear about your experiences with these components.  Your feedback regarding the new note and updated note is welcome.  Please either post a comment here or log a bug request against the note in My Oracle Support.

        References

        Related Articles

        (Special thanks to Allison Sparshott  and Hubert Ferst for their combined efforts in crafting these updates.)

        Friday Dec 30, 2011

        Limited Extended Support Available for Oracle Single Sign-On through 2012

        Premier Support for Oracle Single Sign-On 10gR3 ends on December 31, 2011.  This was originally slated to be the end of error correction support for Oracle Single Sign-On 10gR3. 

        Our Oracle Identity Management team has just revised that policy.  If you have an existing support contract, you will now be able to receive limited Extended Support for Oracle Single Sign-On from January 2012 through December 2012.  Only Severity 1 fixes for Oracle Single Sign-On will be released during the limited Extended Support period.  Critical Patch Updates (CPUs) for Oracle Single Sign-On will not be released during the limited Extended Support period. 

        These changes are published in:

        This is good news for those of you that have not been able to migrate to a single sign-on solution utilizing Oracle Access Manager and Oracle E-Business Suite Access Gate.  Keep in mind though, the clock is ticking and limited extended support will end in a mere 12 months.  It is strongly recommended that you use this additional time to integrate your single sign-on deployment with Oracle Access Manager and Oracle E-Business Suite Access Gate.  


        Our recommendations

        EBS 12 customers should move to a single sign-on solution using Oracle Access Manager 11g

        EBS 11i customers first upgrade to EBS Release 12.1.3, then integrate with Oracle Access Manager 11g.  If an R12 upgrade is not possible, then R11i customers are encouraged to migrate their single sign-on solution to Oracle Access Manager 10gR3

        EBS customers looking to deploy a single sign-on solution for the first time are strongly encouraged to deploy a solution using Oracle Access Manager 11g.

        References

        Related Articles

        Monday Oct 24, 2011

        Oracle Internet Directory 11gR1 11.1.1.5 Certified with E-Business Suite

        Oracle E-Business Suite comes with native user authentication and management capabilities out-of-the-box. If you need more-advanced features, it's also possible to integrate it with Oracle Internet Directory and Oracle Single Sign-On or Oracle Access Manager, which allows you to link the E-Business Suite with third-party tools like Microsoft Active Directory, Windows Kerberos, and CA Netegrity SiteMinder. 

        Architecture diagram showing Oracle Access Manager Oracle Internet Directory E-Business Suite AccessGate WebGate

        For details about third-party integration architectures, see either of these article for EBS 11i and 12:

        Oracle Internet Directory 11.1.1.5 is now certified with Oracle E-Business Suite Release 11i, 12.0 and 12.1.  OID 11.1.1.5 is part of Oracle Fusion Middleware 11g Release 1 Version 11.1.1.5.0, also known as FMW 11g Patchset 4.  Certified E-Business Suite releases are:
        • EBS Release 11i 11.5.10.2 + ATG PH.H RUP 7 and higher
        • EBS Release 12.0.6 and higher
        • EBS Release 12.1.1 and higher

        Supported Configurations

        Oracle Internet Directory 11.1.1.5.0 can be integrated with two single sign-on solutions for EBS environments:

          • Oracle Internet Directory (OID) and Directory Integration Platform (DIP) from Oracle Fusion Middleware 11gR1 Patchset 4 (11.1.1.5.0) with Oracle Single Sign-On Server and Oracle Delegated Administration Services Release 10g (10.1.4.3.0) with an existing Oracle E-Business Suite system (Release 11i, 12.0.6 or 12.1.x).
          • Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 4 (11.1.1.5.0) with Oracle Access Manager 10g (10.1.4.3) with an existing Oracle E-Business Suite system (Release 11i or 12.1.x).
          • Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 4 (11.1.1.5.0) with Oracle Access Manager 11gR1 (11.1.1.5) with an existing Oracle E-Business Suite system (Release 12.0.6 or higher or 12.1.x).

          Oracle Access Manager strongly recommended

          Oracle has two single sign-on solutions: Oracle Single Sign-On Server (OSSO) and Oracle Access Manager (OAM). Oracle strongly recommends that all new single sign-on implementations use Oracle Access Manager. Oracle Access Manager is the preferred solution going forward, and forms the basis of Oracle Fusion Middleware 11g. OSSO is no longer being actively developed and will not be ported to Oracle WebLogic Server.

          Platform certifications

          Oracle Internet Directory is certified to run on any operating system for which Oracle WebLogic Server 11g is certified. Refer to the Oracle Fusion Middleware 11g System Requirements for more details.

          For information on operating systems supported by Oracle Internet Directory and its components, refer to the Oracle Identity and Access Management 11gR1 certification matrix.

          Integration with Oracle Internet Directory involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.

          References

          Related Articles

          Tuesday Oct 11, 2011

          Oracle Access Manager 11.1.1.5 Certified with E-Business Suite 12

          Oracle Access Manager 11g Patchset 1 (OAM 11.1.1.5) is now certified for use with Oracle E-Business Suite Release 12.

          As with our original 11g certification, there are two possible ways to integrate with Oracle Access Manager 11g.

          First Time Users and Existing Users

          If you are implementing single sign-on for the first time, or are an existing OAM 11g user, you may integrate with Oracle Access Manager using OAM WebGate and the Oracle E-Business Suite AccessGate Java application, which has now been upgraded to version 1.1.1.0.


          [Read More]

          Wednesday Aug 03, 2011

          Why Does EBS Integration with Oracle Access Manager Require Oracle Internet Directory?

          The E-Business Suite has its own security and user-management capabilities.  You can use the E-Business Suite's native features to authenticate users, authorize users (i.e. assign responsibilities to them), and manage your EBS user repository.  The majority of E-Business Suite system administrators simply use these built-in capabilities for enabling access to the E-Business Suite.

          When EBS built-in capabilities aren't enough

          Some organisations have third-party user authentication systems in place.  These include CA Netegrity SiteMinder, Windows Kerberos, and others.  These organisations frequently use third-party LDAP directory solutions such as Microsoft Active Directory, OpenLDAP, and others. 

          We don't certify the E-Business Suite with those third-party products directly, and we don't have any plans to do so.  This article is intended to explain why Oracle Internet Directory (OID) is required when integrating with Oracle Access Manager (OAM), but you can safely infer that the same requirements prevent the use of third-party authentication products directly with the E-Business Suite.

          It's possible to integrate the E-Business Suite with those third-party solutions via Oracle Access Manager and Oracle Internet Directory.  See these articles:

          Before going on, I'd recommend reading one of those two third-party integration articles.  If you don't have those concepts under your belt, the rest of this article isn't going to make much sense.

          Architecture diagram showing Oracle Access Manager Oracle Internet Directory E-Business Suite AccessGate WebGate

          Why does EBS require OID with OAM?

          Oracle Access Manager itself doesn't require Oracle Internet Directory.  However, Oracle Internet Directory is a mandatory requirement when Oracle Access Manager is integrated with the E-Business Suite.

          Why?  The short answer is that the E-Business Suite has hardcoded dependencies on Oracle Internet Directory for this configuration. These dependencies mean that you cannot replace Oracle Internet Directory with any third-party LDAP directory for this particular configuration. 

          There are two cases of hardcoded dependencies on Oracle Internet Directory:

          1. Reliance on Oracle GUIDs

          From the articles linked above, you know that user authentication is handled by Oracle Access Manager, and user authorization is handled by the E-Business Suite itself.  This means that there are two different user namespaces. 

          These namespaces must be linked and coordinated somehow, to ensure that a particular user logging in via Oracle Access Manager is the same user represented within the E-Business Suite's own internal FNDUSER repository.

          We associate externally-managed Oracle Access Manager users with internally-managed E-Business Suite users via a Global Unique Identifier (GUID).  These Global Unique Identifiers are generated exclusively by Oracle Internet Directory. 

          The E-Business Suite has hardcoded functions to handle the mapping of these Global Unique Identifiers between Oracle Access Manager and the E-Business Suite.  These mapping functions are specific to Oracle Internet Directory; it isn't possible to replace Oracle Internet Directory with a generic third-party LDAP directory and still preserve this functionality.

          2. Synchronous user account creation

          The E-Business Suite is predominantly used internally within an organisation.  Certain E-Business Suite application modules can be made visible to users outside of an organisation.  These include iStore, iRecruitment, iSupplier, and other application modules where the users aren't necessarily restricted to an organisation's own employees.

          Users of some of those application modules expect to be able to register for a new account and use it immediately.  This makes sense.  If you're posting job openings via iRecruitment, potential applicants shouldn't need to hold off on submitting their resumes while your E-Business Suite sysadmin creates an account manually, assigns EBS responsibilities, and emails them the account login details. They'll be long gone before that happens.

          This means that EBS application modules that support self-registration must create user accounts synchronously.  A new account must be created within the E-Business Suite and the externalized directory at the same time, on demand.

          The E-Business Suite has hardcoded dependencies upon Oracle Internet Directory function calls that handle these synchronous account creation tasks.  These function calls are specific to Oracle Internet Directory; it isn't possible to replace Oracle Internet Directory with a generic third-party LDAP directory and still preserve this functionality.

          Sun is setting for Oracle Single Sign-On

          The older articles linked above refer to Oracle Single Sign-On.  All conceptual references to Oracle Single Sign-On apply equally to Oracle Access Manager.  Oracle Access Manager offers the same capabilities as Oracle Single Sign-On when integrated with the E-Business Suite.

          You may have noticed that I have specifically been referring to Oracle Access Manager rather than Oracle Single Sign-On in this article.  There's a very good reason for this.

          The Fusion Middleware Lifetime Support Policy shows that Premier Support for Oracle Single Sign-On 10gR2 ends on December 2011.  If you're using Portal 11gR1, Forms & Reports 11gR1, or Discoverer 11gR1, Premier Support for Oracle Single Sign-On 10gR2 is extended to December 2012. 

          Extended Support is not available for Oracle Single Sign-On 10gR2.  This is true regardless of whether you're using those other Fusion Middleware 11gR1 products or not.  These support policy timelines for Oracle Single Sign-On are not affected by the E-Business Suite's own support timelines.  There are no special exceptions from these Fusion Middleware support timelines for E-Business Suite customers. 

          Given that the Oracle Single Sign-On is nearing its end-of-life, anyone considering a new external authentication solution for the E-Business Suite should use Oracle Access Manager at this point.  If you're currently using Oracle Single Sign-On, I would recommend evaluating your plans for migrating to Oracle Access Manager as soon as possible.

          Related Articles


          Tuesday May 24, 2011

          Oracle Access Manager 11.1.1.3 Certified with E-Business Suite 12

          Oracle Access Manager 11gR1 (11.1.1.3) is now certified for use with E-Business Suite Releases 12.0.6 and 12.1.1 and up.

          Architecture diagram showing Oracle Access Manager and E-Business Suite

          There are two certification paths available: one for new users, and one for users upgrading from Oracle Single Sign-On Server 10gR3 (OSSO).

          • First Time Users:  Users who are implementing single sign-on for the first time may integrate OAM 11gR1 using Oracle E-Business Suite AccessGate Release 1.1. Oracle E-Business Suite AccessGate is a Java EE application that resides on a separate application server (Oracle WebLogic Server), and provides direct integration between Oracle E-Business Suite and Oracle Access Manager through OAM WebGate. Oracle E-Business Suite AccessGate is available at no cost to licensed Oracle E-Business Suite customers.

          • Upgrading from SSO:  Users who are upgrading from OSSO 10gR3 can leverage their existing integration by using OAM 11gR1 with the mod_osso agent. This option allows you to migrate your existing partner application registrations from OSSO 10gR3 to OAM 11gR1, with minimal disruption to existing application integration and functionality. This integration does not require Oracle E-Business Suite AccessGate, and is supported for upgrading users only.
          Prerequisites
          • Oracle E-Business Suite Release 12.1 RUP 1 (12.1.1) or higher; Release 12.0 RUP 6 (12.0.6)
          • Oracle Access Manager 11gR1 (11.1.1.3) with Bundle Patch 02 (BP02)
          • Oracle Internet Directory 11gR1 PS2 (11.1.1.3) or higher
          • Oracle WebLogic Server 11gR1 PS2 (10.3.3) or higher

          Certification of Oracle Access Manager 11gR1 with Oracle E-Business Suite Release 11i is not scheduled at this time.

          Certified Platforms

          The Oracle E-Business Suite AccessGate Java application is certified to run on any operating system for which Oracle WebLogic Server 11g is certified. Refer to the Oracle Fusion Middleware 11g System Requirements for more details.

          Integration with mod_osso is supported on all fully certified Oracle E-Business Suite Release 12 platforms. Refer to the My Oracle Support Certifications section for more details.

          For information on operating systems supported by Oracle Access Manager and its components, refer to the Oracle Identity and Access Management 11gR1 certification matrix.

          Integration with Oracle Access Manager involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.

          References

          Related Articles


          Friday Mar 28, 2008

          Downtime and Apache Restricted Mode in E-Business Suite Release 11i

          As I started writing down the steps for my recent post Downtime and Apache Restricted Mode in Release 12,  Steven and I exchanged some conversations which made me realize that there would be questions about the availability of the same feature Release 11i. And, it turns out to be fairly accurate realization. So, this one is for those enthusiastic pals of mine on this community. I will try to do this differently, hence making it relatively shorter in content.

          Is this feature available in 11i?

          Yes. Check out the documentation in the References section.

          Is the procedure to configure the same?

          Yes. As you might have understood already, there are two pieces in this puzzle.
          1. Creation of downtime
          2. Managing Apache in Restricted Mode
          Answering the question based on these two tasks,
          • Step '1' is pretty much the same in 11i and Release 12. Hence, I am not recreating the screen shots for you here. Check out the steps in the table below.
          • Step '2' is automated in Release using the perl script where as in Release 11i, the administrator has to go through some manual steps and run Autoconfig.

          What are the exact steps in Release 11i?.

          Thanks to our OAM team, these are well documented. And, they work like charm. Below are the sequence of steps for my DBA friends.

          Note: Navigation in 11i for the downtime page creation is slightly different than Release 12.

          S.No
          Task
          How to?
          1.
          Schedule System Downtime and warn your end users of an impending downtime Use OAM to schedule downtime:
          • ( Navigation: Sitemap=>Maintenance=>Patching and utilities=>Schedule Downtime)
          2.
          Complete the required one-time setups to monitor patch in progress
          • Use OAM Autoconfig editor to edit the variable < s_trusted_admin_client_nodes > to include the list of hosts that can access OAM in restricted mode. Run autoconfig to ensure that the new settings take effect.
          • Ensure that you have enabled the the monitoring user account by unlocking the ad_monitor user account and setting the password by using the following commands:
            • alter user ad_monitor account unlock;
            • Login to SQL*Plus as user ad_monitor. Default password is lizard. Reset the password.
          3.
          Shutdown all Applications services
          Use the standard ad script from $COMMON_TOP/admin/scripts/<context_name> directory:
          • adstpall.sh <apps user>/<password>
          4.
          Enable maintenance mode for your Applications system
          Run adadmin, and:

          1. Select option 5 'Change Maintenance Mode'
          2. Select option 1 'Enable Maintenance Mode'
          5.
          Start OAM in restricted mode to monitor patching in progress
          From the $COMMON_TOP/admin/scripts/<context_name> directory, run:

          • adaprstctl.sh start
          6.
          Begin applying patch
          Run adpatch (hotpatch=n)
          7.
          Monitor patching in progress
          1. Access OAM in restricted mode from the following URL : http://host:port/servlets/weboamLocal/oam/oamLogin
          2. Login into OAM using the ad_monitor user
          3. Navigation: Sitemap=>Maintenance=>Patching and utilities=>Timing Reports
          8.
          Confirm the end of scheduled downtime upon patch completion
          From within OAM in restricted mode:
          • Navigation: Sitemap=>Maintenance=>Patching and utilities=>Manage Downtime Schedules=>Select "Complete" button.
          9.
          Bring your Applications System to normal mode.
          Run adadmin, and:
          1. Select option 5 'Change Maintenance Mode'
          2. Select option 2 'Disable Maintenance Mode'
          10.
          Shutdown Apache in restricted mode and Restart all services
          From the $COMMON_TOP/admin/scripts/<context_name> directory, run:
          • adaprstctl.sh stop
          • adstrtall.sh <apps user>/<password>

          References

          1. About Oracle Applications Manager Mini-pack 11i.OAM.H
          2. Chapter 6, Section 'Managing Downtime in Restricted Mode' of Oracle Applications System Administrator's Guide - Maintenance - Release 11i (Part No B13924-04)

          Friday Jun 23, 2006

          OAM: A Toolbox for E-Business Suite Administrators

          There are a lot of tools and products in the Apps Division.  Reviewing the suite sometimes feels like painting the Golden Gate Bridge -- by the time you've finished, it's time to start all over again.


          Oracle Applications Manager 11i Screenshot:

          By way of explanation, that's why it's somewhat of a surprise to see how far along the Oracle Applications Manager (OAM) has come since the last time I looked at it.  It's matured into a pretty impressive set of tools for Apps system administrators and DBAs.

          A Toolkit for Sysadmins

          The Oracle Applications Manager provides a set of tools for configuring your E-Business Suite environment (including tight integration with AutoConfig), monitoring the health of a running environment (as shown in the screenshot above), notifying you with alerts if performance metrics cross specified thresholds:

          Oracle Applications Manager 11i Alerts Screenshot:

          helping you diagnose system performance and other issues via diagnostic scripts and reports:

          Oracle Applications Manager 11i Diagnostic Tests Screenshot:

          New Features for 11.5.10

          The list of new features in the latest 11.5.10 release is impressively long:
          • JServ Monitoring
          • Business Flow monitoring
          • Concurrent Processing Charts
          • Forms Runaway Process monitoring
          • Applications Dashboard
          • Advanced Configuration wizards
          • Host Based Service Management
          • Monitoring Applications DBA Utility running jobs
          • Patch History Database enhancements
          • Patch Advisor InfoBundle and Patch Download from MetaLink
          • Enhanced Patch Impact Analysis
          • Restricted Mode Access
          • Enhanced Navigation
          • Single Sign-On 10g Integration
          • Rule Based Tracing and Profiling Controls
          • User Initiated System Alerts
          • Client Side Advisor for diagnosing problems with end-user PC configurations
          • Support Cart for sending reports to Oracle Support
          • New Logging Management Interface in Oracle Applications Manager
          • New Dedicated Security Page in the Applications Dashboard
          • Page access tracking for Oracle Applications Framework pages
          • Integration with Sign-on Auditing
          What do you mean by "free"? 

          Oracle Applications Manager is included in your E-Business Suite licencing, so you don't have to wrestle with your Procurement department before getting started with it.  Just install the latest patch and you're off to the races.

          References

          About

          Search

          Categories
          Archives
          « April 2014
          SunMonTueWedThuFriSat
            
          1
          4
          5
          6
          7
          8
          9
          10
          11
          12
          13
          14
          19
          20
          21
          22
          23
          24
          25
          26
          27
          28
          29
          30
             
                 
          Today