Wednesday Feb 12, 2014

Oracle Access Manager 11.1.2.2 Certified with Oracle E-Business Suite

I am happy to announce that Oracle Access Manager 11gR2 Patchset 2 (11.1.2.2.0) is now certified with Oracle E-Business Suite Release 11i (11.5.10.2) and 12 (12.0.6, 12.1.1+, 12.2.2+).  If you are implementing single sign-on for the first time, or are an existing Oracle Access Manager user, you may integrate with Oracle Access Manager 11gR2 using Oracle Access Manager WebGate and Oracle E-Business Suite AccessGate.

Choosing the Right Integration

Our previously published blog article and support note with single sign-on recommended and certified integration paths has been updated to include Oracle Access Manager 11gR2PS2:

References

You may refer to the following My Oracle Support Knowledge Documents for additional details regarding certified architectures and versions:

    Related Articles

    Tuesday Jun 04, 2013

    Oracle Internet Directory 11gR1 11.1.1.7 Certified with E-Business Suite

    Oracle E-Business Suite comes with native user authentication and management capabilities out-of-the-box. If you need more-advanced features, it's also possible to integrate it with Oracle Internet Directory and Oracle Single Sign-On or Oracle Access Manager, which allows you to link the E-Business Suite with third-party tools like Microsoft Active Directory, Windows Kerberos, and CA Netegrity SiteMinder. 


    For details about third-party integration architectures, see:

    Oracle Internet Directory 11.1.1.7 is now certified with Oracle E-Business Suite Release 11i, 12.0 and 12.1.  OID 11.1.1.7 is part of Oracle Fusion Middleware 11g Release 1 Version 11.1.1.7.0, also known as FMW 11g Patchset 6.  Certified E-Business Suite releases are:
    • EBS Release 11i 11.5.10.2 + ATG PH.H RUP 7 and higher
    • EBS Release 12.0.6 and higher
    • EBS Release 12.1.1 and higher

    Supported Configurations

    Oracle Internet Directory 11.1.1.7.0 can be integrated with these single sign-on solutions for EBS environments:

    • Oracle Internet Directory (OID) and Directory Integration Platform (DIP) from Fusion Middleware 11gR1 Patchset 6 (11.1.1.7.0) with Oracle Access Manager 11gR2 (11.1.2.0) with an Oracle E-Business Suite system (Release 11i, 12.0.6 or higher or 12.1.x).
    • Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 6 (11.1.1.7.0) with Oracle Access Manager 11gR1 Patchset 2 (11.1.1.7.0) with an Oracle E-Business Suite system (Release 12.0.6 or higher or 12.1.x).
    • Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 6 (11.1.1.7.0) with Oracle Access Manager 10g (10.1.4.3) with an existing Oracle E-Business Suite system (Release 11i or 12.1.x).
    • Oracle Internet Directory and Directory Integration Platform from Oracle Fusion Middleware 11gR1 Patchset 6 (11.1.1.7.0) with Oracle Single Sign-On Server and Oracle Delegated Administration Services Release 10g (10.1.4.3.0) with an existing Oracle E-Business Suite system (Release 11i, 12.0.6 or 12.1.x).
    Oracle Access Manager strongly recommended

    Oracle has two single sign-on solutions: Oracle Single Sign-On Server (OSSO) and Oracle Access Manager (OAM). Oracle strongly recommends that all new single sign-on implementations use Oracle Access Manager. Oracle Access Manager is the preferred solution going forward, and forms the basis of Oracle Fusion Middleware 11g. OSSO is no longer being actively developed and will not be ported to Oracle WebLogic Server.

    Platform certifications

    Oracle Internet Directory is certified to run on any operating system for which Oracle WebLogic Server 11g is certified. Refer to the Oracle Fusion Middleware 11g System Requirements for more details.

    For information on operating systems supported by Oracle Internet Directory and its components, refer to the Oracle Identity and Access Management 11gR1 certification matrix.

    Integration with Oracle Internet Directory involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.

    References

    Related Articles

    Thursday Dec 06, 2012

    Oracle Access Manager 11.1.2 Certified with E-Business Suite 12

    I am happy to announce that Oracle Access Manager 11gR2 (11.1.2) is now certified with E-Business Suite Releases 12.0.6 and 12.1. If you are implementing single sign-on for the first time, or are an existing Oracle Access Manager user, you may integrate with Oracle Access Manager 11gR2 using Oracle Access Manager WebGate and Oracle E-Business Suite AccessGate.

    Supported Architecture and Release Versions

    • Oracle Access Manager 11.1.2
    • Oracle E-Business Suite Release 12.0.6, 12.1.1+
    • Oracle Identity Management 11.1.1.5, 11.1.1.6
    • Oracle Internet Directory 11.1.1.6
    • Oracle WebLogic Server 10.3.5+
    What's New In This Oracle Access Manager 11gR2 Integration?
    • Simplified integration: We've simplified the instructions and cut the number of pages, while adding clarity to the steps.

    • Automation of configuration steps:  We've automated some of the required configuration steps. This is the first phase of automation and diagnostics that are part of our roadmap for this integration.

    • Use of default OAM Login page: We are reducing the required troubleshooting by delivering the default OAM Login page for the integration. A custom login page can still be created by using Oracle Access Manager.

    • Use of the Detached Credential collector in a Demilitarized Zone: We have certified the Detached Credential collector as part of a DMZ configuration. This will enhance the security of the underlying Oracle Access Manager and E-Business Suite components, which will now be required only within a company's intranet.  

    Choosing the Right Architecture

    Our previously published blog article and support note with single sign-on recommended and certified integration paths has been updated to include Oracle Access Manager 11gR2:

    Other References

    Related Articles

    Friday Jun 01, 2012

    Oracle Internet Directory 11gR1 11.1.1.6 Certified with E-Business Suite

    [June 7, 2012 Update: Corrected typo in "Supported Configurations" section]

    Oracle E-Business Suite comes with native user authentication and management capabilities out-of-the-box. If you need more-advanced features, it's also possible to integrate it with Oracle Internet Directory and Oracle Single Sign-On or Oracle Access Manager, which allows you to link the E-Business Suite with third-party tools like Microsoft Active Directory, Windows Kerberos, and CA Netegrity SiteMinder. 


    For details about third-party integration architectures, see either of these article for EBS 11i and 12:

    Oracle Internet Directory 11.1.1.6 is now certified with Oracle E-Business Suite Release 11i, 12.0 and 12.1.  OID 11.1.1.6 is part of Oracle Fusion Middleware 11g Release 1 Version 11.1.1.6.0, also known as FMW 11g Patchset 5.  Certified E-Business Suite releases are:
    • EBS Release 11i 11.5.10.2 + ATG PH.H RUP 7 and higher
    • EBS Release 12.0.6 and higher
    • EBS Release 12.1.1 and higher

    Supported Configurations

    Oracle Internet Directory 11.1.1.6.0 can be integrated with two single sign-on solutions for EBS environments:

    • Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 5 (11.1.1.6.0) with Oracle Access Manager 10g (10.1.4.3) with an existing Oracle E-Business Suite system (Release 11i or 12.1.x).
    • Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 5 (11.1.1.6.0) with Oracle Access Manager 11gR1 (11.1.1.5) with an existing Oracle E-Business Suite system (Release 12.0.6 or higher or 12.1.x).
    • Oracle Internet Directory (OID) and Directory Integration Platform (DIP) from Oracle Fusion Middleware 11gR1 Patchset 5  (11.1.1.6.0) with Oracle Single Sign-On Server and Oracle Delegated Administration Services Release 10g (10.1.4.3.0) with an existing Oracle E-Business Suite system (Release 11i, 12.0.6 or 12.1.x)

    Oracle Access Manager strongly recommended

    Oracle has two single sign-on solutions: Oracle Single Sign-On Server (OSSO) and Oracle Access Manager (OAM). Oracle strongly recommends that all new single sign-on implementations use Oracle Access Manager. Oracle Access Manager is the preferred solution going forward, and forms the basis of Oracle Fusion Middleware 11g. OSSO is no longer being actively developed and will not be ported to Oracle WebLogic Server.

    Platform certifications

    Oracle Internet Directory is certified to run on any operating system for which Oracle WebLogic Server 11g is certified. Refer to the Oracle Fusion Middleware 11g System Requirements for more details.

    For information on operating systems supported by Oracle Internet Directory and its components, refer to the Oracle Identity and Access Management 11gR1 certification matrix.

    Integration with Oracle Internet Directory involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.

    References

    Related Articles

    Tuesday May 08, 2012

    Understanding Options for Integrating Oracle Access Manager with E-Business Suite

    Integrating Oracle Access Manager with the E-Business Suite can be tricky.  This is especially true if you're upgrading from EBS 11i to 12, or perhaps also switching from the older Oracle Single Sign-On technology to Oracle Access Manager.  Thing can get even more complicated if you're interested in integrating the E-Business Suite with a third-party authentication system such Windows Kerberos, or managing your users in a third-party LDAP directory like Microsoft Active Directory.

    Understanding your options for integrating EBS with Oracle Access Manager and Oracle Internet Directory has just gotten a bit easier.  First, we've just published a new document that lays out the options and our recommendations:

    OAM Oracle Access Manager architecture diagram and flow

    This new document discusses:

    • Single sign-on concepts
    • Options for integrating single sign-on solutions for Oracle E-Business Suite including the following:
      • How the Oracle Access Manager Integration Works
      • How the Oracle Single Sign-On (OSSO) Integration Works
      • Integration with Third-Party Access Management Systems and LDAP
    • Considerations to take into account when choosing a single sign-on solution
    • Documentation roadmap specifying which document to follow dependent upon your integration goal
    • Reference architecture diagrams depicting example components by Oracle E-Business Suite release

    Reworked instructions for integrating Oracle Access Manager + E-Business Suite 

    In addition to the new overview document above, we've also made extensive revisions and updates to this previously-published document:

    The updated Note is the result of your emails, Service Requests, and feedback to us on how we can improve our documentation. This is still an admittedly-complex implementation, with many detailed and exacting steps.  We're examining ways of streamlining and possibly automating some of the implementation steps in a future update to this certification.

    Your feedback is welcome

    We've tried hard to make this complex area just a little bit more-accessible.  We would love to hear about your experiences with these components.  Your feedback regarding the new note and updated note is welcome.  Please either post a comment here or log a bug request against the note in My Oracle Support.

    References

    Related Articles

    (Special thanks to Allison Sparshott  and Hubert Ferst for their combined efforts in crafting these updates.)

    Friday Dec 30, 2011

    Limited Extended Support Available for Oracle Single Sign-On through 2012

    Premier Support for Oracle Single Sign-On 10gR3 ends on December 31, 2011.  This was originally slated to be the end of error correction support for Oracle Single Sign-On 10gR3. 

    Our Oracle Identity Management team has just revised that policy.  If you have an existing support contract, you will now be able to receive limited Extended Support for Oracle Single Sign-On from January 2012 through December 2012.  Only Severity 1 fixes for Oracle Single Sign-On will be released during the limited Extended Support period.  Critical Patch Updates (CPUs) for Oracle Single Sign-On will not be released during the limited Extended Support period. 

    These changes are published in:

    This is good news for those of you that have not been able to migrate to a single sign-on solution utilizing Oracle Access Manager and Oracle E-Business Suite Access Gate.  Keep in mind though, the clock is ticking and limited extended support will end in a mere 12 months.  It is strongly recommended that you use this additional time to integrate your single sign-on deployment with Oracle Access Manager and Oracle E-Business Suite Access Gate.  


    Our recommendations

    EBS 12 customers should move to a single sign-on solution using Oracle Access Manager 11g

    EBS 11i customers first upgrade to EBS Release 12.1.3, then integrate with Oracle Access Manager 11g.  If an R12 upgrade is not possible, then R11i customers are encouraged to migrate their single sign-on solution to Oracle Access Manager 10gR3

    EBS customers looking to deploy a single sign-on solution for the first time are strongly encouraged to deploy a solution using Oracle Access Manager 11g.

    References

    Related Articles

    Monday Oct 24, 2011

    Oracle Internet Directory 11gR1 11.1.1.5 Certified with E-Business Suite

    Oracle E-Business Suite comes with native user authentication and management capabilities out-of-the-box. If you need more-advanced features, it's also possible to integrate it with Oracle Internet Directory and Oracle Single Sign-On or Oracle Access Manager, which allows you to link the E-Business Suite with third-party tools like Microsoft Active Directory, Windows Kerberos, and CA Netegrity SiteMinder. 

    Architecture diagram showing Oracle Access Manager Oracle Internet Directory E-Business Suite AccessGate WebGate

    For details about third-party integration architectures, see either of these article for EBS 11i and 12:

    Oracle Internet Directory 11.1.1.5 is now certified with Oracle E-Business Suite Release 11i, 12.0 and 12.1.  OID 11.1.1.5 is part of Oracle Fusion Middleware 11g Release 1 Version 11.1.1.5.0, also known as FMW 11g Patchset 4.  Certified E-Business Suite releases are:
    • EBS Release 11i 11.5.10.2 + ATG PH.H RUP 7 and higher
    • EBS Release 12.0.6 and higher
    • EBS Release 12.1.1 and higher

    Supported Configurations

    Oracle Internet Directory 11.1.1.5.0 can be integrated with two single sign-on solutions for EBS environments:

      • Oracle Internet Directory (OID) and Directory Integration Platform (DIP) from Oracle Fusion Middleware 11gR1 Patchset 4 (11.1.1.5.0) with Oracle Single Sign-On Server and Oracle Delegated Administration Services Release 10g (10.1.4.3.0) with an existing Oracle E-Business Suite system (Release 11i, 12.0.6 or 12.1.x).
      • Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 4 (11.1.1.5.0) with Oracle Access Manager 10g (10.1.4.3) with an existing Oracle E-Business Suite system (Release 11i or 12.1.x).
      • Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 4 (11.1.1.5.0) with Oracle Access Manager 11gR1 (11.1.1.5) with an existing Oracle E-Business Suite system (Release 12.0.6 or higher or 12.1.x).

      Oracle Access Manager strongly recommended

      Oracle has two single sign-on solutions: Oracle Single Sign-On Server (OSSO) and Oracle Access Manager (OAM). Oracle strongly recommends that all new single sign-on implementations use Oracle Access Manager. Oracle Access Manager is the preferred solution going forward, and forms the basis of Oracle Fusion Middleware 11g. OSSO is no longer being actively developed and will not be ported to Oracle WebLogic Server.

      Platform certifications

      Oracle Internet Directory is certified to run on any operating system for which Oracle WebLogic Server 11g is certified. Refer to the Oracle Fusion Middleware 11g System Requirements for more details.

      For information on operating systems supported by Oracle Internet Directory and its components, refer to the Oracle Identity and Access Management 11gR1 certification matrix.

      Integration with Oracle Internet Directory involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.

      References

      Related Articles

      Wednesday Aug 03, 2011

      Why Does EBS Integration with Oracle Access Manager Require Oracle Internet Directory?

      The E-Business Suite has its own security and user-management capabilities.  You can use the E-Business Suite's native features to authenticate users, authorize users (i.e. assign responsibilities to them), and manage your EBS user repository.  The majority of E-Business Suite system administrators simply use these built-in capabilities for enabling access to the E-Business Suite.

      When EBS built-in capabilities aren't enough

      Some organisations have third-party user authentication systems in place.  These include CA Netegrity SiteMinder, Windows Kerberos, and others.  These organisations frequently use third-party LDAP directory solutions such as Microsoft Active Directory, OpenLDAP, and others. 

      We don't certify the E-Business Suite with those third-party products directly, and we don't have any plans to do so.  This article is intended to explain why Oracle Internet Directory (OID) is required when integrating with Oracle Access Manager (OAM), but you can safely infer that the same requirements prevent the use of third-party authentication products directly with the E-Business Suite.

      It's possible to integrate the E-Business Suite with those third-party solutions via Oracle Access Manager and Oracle Internet Directory.  See these articles:

      Before going on, I'd recommend reading one of those two third-party integration articles.  If you don't have those concepts under your belt, the rest of this article isn't going to make much sense.

      Architecture diagram showing Oracle Access Manager Oracle Internet Directory E-Business Suite AccessGate WebGate

      Why does EBS require OID with OAM?

      Oracle Access Manager itself doesn't require Oracle Internet Directory.  However, Oracle Internet Directory is a mandatory requirement when Oracle Access Manager is integrated with the E-Business Suite.

      Why?  The short answer is that the E-Business Suite has hardcoded dependencies on Oracle Internet Directory for this configuration. These dependencies mean that you cannot replace Oracle Internet Directory with any third-party LDAP directory for this particular configuration. 

      There are two cases of hardcoded dependencies on Oracle Internet Directory:

      1. Reliance on Oracle GUIDs

      From the articles linked above, you know that user authentication is handled by Oracle Access Manager, and user authorization is handled by the E-Business Suite itself.  This means that there are two different user namespaces. 

      These namespaces must be linked and coordinated somehow, to ensure that a particular user logging in via Oracle Access Manager is the same user represented within the E-Business Suite's own internal FNDUSER repository.

      We associate externally-managed Oracle Access Manager users with internally-managed E-Business Suite users via a Global Unique Identifier (GUID).  These Global Unique Identifiers are generated exclusively by Oracle Internet Directory. 

      The E-Business Suite has hardcoded functions to handle the mapping of these Global Unique Identifiers between Oracle Access Manager and the E-Business Suite.  These mapping functions are specific to Oracle Internet Directory; it isn't possible to replace Oracle Internet Directory with a generic third-party LDAP directory and still preserve this functionality.

      2. Synchronous user account creation

      The E-Business Suite is predominantly used internally within an organisation.  Certain E-Business Suite application modules can be made visible to users outside of an organisation.  These include iStore, iRecruitment, iSupplier, and other application modules where the users aren't necessarily restricted to an organisation's own employees.

      Users of some of those application modules expect to be able to register for a new account and use it immediately.  This makes sense.  If you're posting job openings via iRecruitment, potential applicants shouldn't need to hold off on submitting their resumes while your E-Business Suite sysadmin creates an account manually, assigns EBS responsibilities, and emails them the account login details. They'll be long gone before that happens.

      This means that EBS application modules that support self-registration must create user accounts synchronously.  A new account must be created within the E-Business Suite and the externalized directory at the same time, on demand.

      The E-Business Suite has hardcoded dependencies upon Oracle Internet Directory function calls that handle these synchronous account creation tasks.  These function calls are specific to Oracle Internet Directory; it isn't possible to replace Oracle Internet Directory with a generic third-party LDAP directory and still preserve this functionality.

      Sun is setting for Oracle Single Sign-On

      The older articles linked above refer to Oracle Single Sign-On.  All conceptual references to Oracle Single Sign-On apply equally to Oracle Access Manager.  Oracle Access Manager offers the same capabilities as Oracle Single Sign-On when integrated with the E-Business Suite.

      You may have noticed that I have specifically been referring to Oracle Access Manager rather than Oracle Single Sign-On in this article.  There's a very good reason for this.

      The Fusion Middleware Lifetime Support Policy shows that Premier Support for Oracle Single Sign-On 10gR2 ends on December 2011.  If you're using Portal 11gR1, Forms & Reports 11gR1, or Discoverer 11gR1, Premier Support for Oracle Single Sign-On 10gR2 is extended to December 2012. 

      Extended Support is not available for Oracle Single Sign-On 10gR2.  This is true regardless of whether you're using those other Fusion Middleware 11gR1 products or not.  These support policy timelines for Oracle Single Sign-On are not affected by the E-Business Suite's own support timelines.  There are no special exceptions from these Fusion Middleware support timelines for E-Business Suite customers. 

      Given that the Oracle Single Sign-On is nearing its end-of-life, anyone considering a new external authentication solution for the E-Business Suite should use Oracle Access Manager at this point.  If you're currently using Oracle Single Sign-On, I would recommend evaluating your plans for migrating to Oracle Access Manager as soon as possible.

      Related Articles


      Thursday May 12, 2011

      Oracle Internet Directory 11.1.1.4 Certified with EBS on AIX and Windows

      As a follow-up to our original announcement, Oracle Internet Directory 11g 11.1.1.4 (Patchset 3) is now certified with Oracle E-Business Suite for five additional platforms.  Certified E-Business Suite releases are:

      • E-Business Suite 11i 11.5.10.2 + ATG RUP 7 and higher 
      • E-Business Suite 12.0.6 and higher
      • E-Business Suite 12.1.1 and higher
      Architecture diagram showing Oracle Internet Directory and Oracle Access Manager configurations

      New platforms certified for R12

      • IBM AIX on Power Systems (64-bit) (5.3, 6.1)
      • Microsoft Windows Server (32-bit) (2003, 2008 for EBS 12.1.1 only)
      • Microsoft Windows x64 (2008 R2 for EBS 12.1.1 only)

      New platforms certified for 11i

      • IBM AIX on Power Systems (64-bit) (5.3, 6.1)
      • Microsoft Windows Server (32-bit) (2003)
      References
      Related Articles

      Friday Feb 18, 2011

      Oracle Internet Directory 11.1.1.4 Certified with E-Business Suite

      Oracle E-Business Suite comes with native user authentication and management capabilities out-of-the-box. If you need more-advanced features, it's also possible to integrate it with Oracle Internet Directory and Oracle Single Sign-On or Oracle Access Manager, which allows you to link the E-Business Suite with third-party tools like Microsoft Active Directory, Windows Kerberos, and CA Netegrity SiteMinder. 
      3rd_party_architecture.png
      For details about third-party integration architectures, see either of these article for EBS 11i and 12:
      Oracle Internet Directory 11.1.1.4 is now certified with Oracle E-Business Suite Release 11i, 12.0 and 12.1.  OID 11.1.1.4 is part of Oracle Fusion Middleware 11g Release 1 Version 11.1.1.4.0, also known as FMW 11g Patchset 3.  Certified E-Business Suite releases are:
      • EBS Release 11i 11.5.10.2 + ATG RUP 7 and higher
      • EBS Release 12.0.6 and higher
      • EBS Release 12.1.1 and higher
      Oracle Internet Directory 11.1.1.3.0 can be integrated with two single sign-on solutions for EBS environments:
      • With Oracle Single Sign-On Server 10g (10.1.4.3.0) with an existing Oracle E-Business Suite system (Release 11i, 12.0.x or 12.1.1)
      • With Oracle Access Manager 10g (10.1.4.3) with an existing Oracle E-Business Suite system (Release 11i or 12.1.x)
      Platforms certified for R12
      • Linux x86 (Oracle Linux 4, 5)
      • Linux x86 (Red Hat Enterprise Linux 4, 5)
      • Linux x86 (SLES 10)
      • Linux x86-64 (Oracle Linux 4, 5)
      • Linux x86-64 (Red Hat Enterprise Linux 4, 5)
      • Linux x86-64 (SLES 10)
      • Oracle Solaris on SPARC (64-bit) (9,10)
      Platforms certified for Release 11i
      • Linux x86 (Oracle Linux 4, 5)
      • Linux x86 (Red Hat Enterprise Linux 4, 5)
      • Linux x86 (SLES 10)
      • Oracle Solaris on SPARC (64-bit) (9,10)
      Other platform certifications still underway

      Certifications for other operating system platforms are still underway.  Oracle's Revenue Recognition rules prohibit us from discussing certification and release dates, but you're welcome to monitor or subscribe to this blog for updates, which I'll post as soon as soon as they're available.   

      References
      Related Articles

      Monday Sep 06, 2010

      Oracle Internet Directory 11g (11.1.1.3) Certified with EBS on 15 New Platforms

      Oracle E-Business Suite comes with native user authentication and management capabilities out-of-the-box. If you need more-advanced features, it's also possible to integrate it with Oracle Internet Directory and Oracle Single Sign-On or Oracle Access Manager, which allows you to link the E-Business Suite with third-party tools like Microsoft Active Directory, Windows Kerberos, and CA Netegrity SiteMinder.

      oam_architecture.jpg

      As a follow-on to our original certification announcement, Oracle Internet Directory 11gR1 Patchset 2 (version 11.1.1.3.0) is now certified with Oracle E-Business Suite Release 11i, 12.0 and 12.1 on the following additional platforms:

      For Oracle E-Business Suite 11i:

      • HP-UX PA-RISC (64-bit) (11.23, 11.31)
      • IBM AIX on Power Systems (64-bit) (5.3, 6.1)

      For Oracle E-Business Suite 12.0.x and 12.1.x:

      • Linux x86-64 (Oracle Enterprise Linux 4, 5)
      • Linux x86-64 (RHEL 4, 5)
      • Linux x86-64 (SLES 10)
      • HP-UX Itanium (11.23, 11.31)
      • HP-UX PA-RISC (64-bit) (11.23, 11.31)
      • IBM AIX on Power Systems (64-bit) (5.3, 6.1)

      Two options for external authentication

      Oracle Inter net Directory 11gR1 Patchset 2 version 11.1.1.3.0 can be integrated with one of two single sign-on solutions:

      • Oracle Internet Directory (OID) and Directory Integration Platform (DIP) from Oracle Fusion Middleware 11gR1 Patchset 2 (11.1.1.3.0) with Oracle Single Sign-On Server and Oracle Delegated Administration Services Release 10g (10.1.4.3.0) with an existing Oracle E-Business Suite system (Release 11i, 12.0.x or 12.1.1).
      • Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 2 (11.1.1.3.0) with Oracle Access Manager 10g (10.1.4.3) with an existing Oracle E-Business Suite system (Release 11i or 12.1.x).
      References
      Related Articles

      Tuesday Aug 31, 2010

      Oracle Internet Directory and Single Sign-On Certified with EBS 12.1.2 on IBM Linux on System z

      logo_ibm.jpg
      Applications Release 12 users can configure their environments to delegate user authentication to an external Single Sign-On 10g instance. In this optional configuration, Single Sign-On validates E-Business Suite user credentials against an external Oracle Internet Directory instance.

      Oracle Single Sign-On (SSO) and Oracle Internet Directory (OID) 10g version 10.1.2.3 are now certified with Oracle E-Business Suite Release 12 (12.1.2) on the IBM: Linux on System z platform. This platform was recently announced as a fully certified R12 platform - this is the first certification of an optional external technology component for the platform.
      The operating systems certified on this platform with SSO and OID are:
      • Red Hat Enterprise Linux (RHEL) version 5 (64-bit)
      • Novell SUSE Linux Enterprise Server (SLES) version 9 (64-bit)
      • Novell SUSE Linux Enterprise Server (SLES) version 10 (64-bit)
      More certifications coming for this platform

      Other external certifications (AS 10g Portal, Discoverer, WebCache, BPEL) as well as AS 10g Release 3 Patch Set 5 (10.1.3.5) on this platform are planned or in progress. 

      Oracle's Revenue Recognition rules prohibit us from discussing certification and release dates, but you're welcome to monitor or subscribe to this blog for updates on these additional external certifications for IBM: Linux on System z, which I'll post as soon as soon as they're available.   

      References
      Related Articles
      The preceding is intended to outline our general product direction.  It is intended for information purposes only, and may not be incorporated into any contract.   It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision.  The development, release, and timing of any features or functionality described for Oracle's products remains at the sole discretion of Oracle.

      Wednesday Aug 11, 2010

      Oracle Internet Directory 11g (11.1.1.3) Certified with E-Business Suite

      Oracle E-Business Suite comes with native user authentication and management capabilities out-of-the-box. If you need more-advanced features, it's also possible to integrate it with Oracle Internet Directory and Oracle Single Sign-On or Oracle Access Manager, which allows you to link the E-Business Suite with third-party tools like Microsoft Active Directory, Windows Kerberos, and CA Netegrity SiteMinder.

      3rd_party_architecture.png
      I'm pleased to let you know that Oracle Internet Directory 11gR1 Patchset 2 (version 11.1.1.3.0) is now certified with Oracle E-Business Suite Release 11i, 12.0 and 12.1.  Oracle Internet Directory 11.1.1.3.0 can be integrated with two single sign-on solutions for EBS environments:
      • With Oracle Single Sign-On Server 10g (10.1.4.3.0) with an existing Oracle E-Business Suite system (Release 11i, 12.0.x or 12.1.1)
      • With Oracle Access Manager 10g (10.1.4.3) with an existing Oracle E-Business Suite system (Release 11i or 12.1.x)
      Certified Platforms
      Oracle E-Business Suite 11i and 12
      • Linux x86 (Oracle Enterprise Linux 4, 5)
      • Linux x86 (RHEL 4, 5)
      • Linux x86 (SLES 10)
      • Sun Solaris SPARC (64-bit) (9, 10)
      • Microsoft Windows Server (32-bit) (2003)
      Oracle E-Business Suite 12.1.x
      • Linux x86 (Oracle Enterprise Linux 4, 5)
      • Linux x86 (RHEL 4, 5)
      • Linux x86 (SLES 10)
      • Sun Solaris SPARC (64-bit) (9, 10)
      • Microsoft Windows Server (32-bit) (2003, 2008)
      Platform certifications still underway
      Oracle E-Business Suite 11i:
      • HP-UX PA-RISC (64-bit) (11.23, 11.31)
      • IBM AIX on Power Systems (64-bit) (5.3, 6.1)
      Oracle E-Business Suite 12.0.x and 12.1.x:
      • Linux x86-64 (Oracle Enterprise Linux 4, 5)
      • Linux x86-64 (RHEL 4, 5)
      • Linux x86-64 (SLES 10)
      • HP-UX Itanium (11.23, 11.31)
      • HP-UX PA-RISC (64-bit) (11.23, 11.31)
      • IBM AIX on Power Systems (64-bit) (5.3, 6.1)
      Oracle's Revenue Recognition rules prohibit us from discussing certification and release dates, but you're welcome to monitor or subscribe to this blog for updates, which I'll post as soon as soon as they're available.   

      What About Oracle Single Sign-On?

      Sharp-eyed readers might have noticed that Fusion Middleware 11g does not include Oracle Single Sign-On.  For more details about this, see:
      References
      Related Articles

      Thursday Jul 22, 2010

      EBS Sysadmin Primer: Oracle Identity Management 11gR1

      [Editor: This is the third in a multi-part series from Nirzari Raichura, a senior member of our ATG Certification team, on essential Fusion Middleware concepts and tools for the EBS sysadmin]

      Oracle Identity Management (OIM) 11gR1 is part of Fusion Middleware 11gR1.   Oracle Identity Management 11gR1 provides the following components as part of its default installation:
      Oracle Directory Services Components
      • OID - Oracle Internet Directory
      • DIP -  Oracle Directory Integration Platform
      • OVD - Oracle Virtual Directory
      Oracle Identity Federation Components
      • OIF - Oracle Identity Federation
      Management Components
      • EM - Enterprise Manager
      • ODSM - Oracle Directory Service Manager

      oim_architecture.png
      In order to use Oracle Identity Management 11gR1 with E-Business suite, you need OID and DIP products at a minimum.  Oracle Identity Management 11gR1 doesn't contain Oracle Single Sign-on.  You have the choice of either of the following two tools for for authentication: 
      • Oracle Single Sign-On 10gR3
      • Oracle Access Manager 10gR3

      Oracle Access Manager 10gR3 is the preferred authentication solution going forward.  However, if you have plans to integrate any other products like Oracle Portal, Forms, Reports or Discoverer with E-Business Suite, you must select the Oracle Single Sign-On 10gR3 option. These products have hard dependencies on Oracle Single Sign-On 10gR3 and cannot be authenticated directly by Oracle Access Manager (you can do so indirectly, but that's a topic for a future article).

      If you have already integrated your E-Business Suite environment with Oracle Single Sign-On and Oracle Internet Director 10gR3, you can upgrade Oracle Internet Directory 10gR3 to Oracle Internet Directory 11gR1 (which is part of Oracle Identity Management 11gR1). Your existing integration remains intact after the upgrade.


      Oracle Identity Management 11gR1 Integration with E-Business Suite using OSSO 10gR3

      Unlike Oracle Internet Directory 10g, which is tightly integrated with with Oracle Application Server 10g and and the Oracle database (to store its metadata repository), Oracle Identity Management 11gR1 provides various integration options. 

      There is an option to manage it through the Oracle Fusion Middleware management framework by registering it with a local or a remote WebLogic Server administration domain.  You can do this during installation or via the command-line after installation. As I mentioned in my previous blog article, you can also install and configure it without WebLogic Server. In that case, you can manage Oracle Internet Directory using command-line tools and ODSM.

      This table describes the components required for Oracle Identity management 11gR1 installation:

      fmw_table.png
      Useful Tools to administer and manage OIM 11gR1

      OIM11gR1

      Tool

      Default Value

      Oracle Enterprise Manager Fusion Middleware Control

      http://host:port/em

      Oracle Directory Services Manager (ODSM)

      http://host:port/odsm

      Oracle WebLogic Server Administrative Console

      http://host:port/console/

      Command-Line Utilities

      OPMN

      $ORACLE_INSTANCE/bin/opmnctl

      Standard LDAP utilities

      ORACLE_HOME/ldap

      OIDPASSWD

      WebLogic Scripting Tool (wlst)

      ORACLE_HOME/common/bin/wlst.sh

      OIDCTL For backward compatibility

      References

      Related Articles

      Thursday Jan 14, 2010

      Oracle Internet Directory 11g (11.1.1.2) Certified on Eight New Platforms for EBS

      [Jan 19, 2010 Update:  Added additional certifications for HP-UX Itanium]

      We certified Oracle Internet Directory 11g Version 11.1.1.2 with the E-Business Suite on four platforms a few weeks ago
      3rd_party_architecture.png
      Our Applications Platforms Group has just certified eight additional operating system platforms for this configuration, bringing the total set of certified platforms to:
      • Linux x86 (Oracle Enterprise Linux 4, 5)
      • Linux x86 (RHEL 4, 5)
      • Linux x86 (SLES 10)
      • Linux x86-64 (Oracle Enterprise Linux 4, 5) -- for EBS Releases 12.0 and 12.1 only
      • Linux x86-64 (RHEL4, 5) -- for EBS Releases 12.0 and 12.1 only
      • Linux x86-64 (SLES 10) -- for EBS Releases 12.0 and 12.1 only
      • HP-UX PA-RISC (64-bit) (11.23, 11.31)
      • HP-UX Itanium (11.23, 11.31) -- for EBS Releases 12.0 and 12.1 only
      • IBM AIX on Power Systems (64-bit) (5.3, 6.1)
      • Microsoft Windows Server (32-bit) (2003; 2008 for EBS Release 12.1 only)
      • Sun Solaris SPARC (64-bit) (9, 10)
      What About Oracle Single Sign-On?

      Sharp-eyed readers might have noticed that Fusion Middleware 11g does not include Oracle Single Sign-On.  For more details about this, see:
      References
      Related Articles

      Tuesday Dec 29, 2009

      Oracle Internet Directory 11g (11.1.1.2) Certified with E-Business Suite

      Oracle E-Business Suite comes with native user authentication and management capabilities out-of-the-box.  If you need more-advanced features, it's also possible to integrate it with Oracle Single Sign-On and Oracle Internet Directory, which allows you to link the E-Business Suite with third-party tools like Microsoft Active Directory, Windows Kerberos, and CA Netegrity SiteMinder.

      EBS Architecture diagram showing third-party integration deployment using OID SSO third-party LDAP and third-party authentication system
      I'm pleased to announce that Oracle Internet Directory 11g 11.1.1.2 is now certified with Oracle E-Business Suite Releases 11i, 12.0, and 12.1.

      Certified Configurations

      Two different architectures are certified:
      1. E-Business Suite Release 11i, 12.0, 12.1.1:  Oracle Internet Directory (OID) and Directory Integration Platform (DIP) from Oracle Fusion Middleware 11gR1 (11.1.1.2.0) with Oracle Single Sign-On Server and Oracle Delegated Administration Services Release 10g (10.1.4.3.0).
         
      2. E-Business Suite Release 12.1.2:  Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 (11.1.1.2.0) with Oracle Access Manager 10g (10.1.4.3).
      Certified Operating System Platforms
      • Linux x86 (Oracle Enterprise Linux 4, 5)
      • Linux x86 (RHEL 4, 5)
      • Linux x86 (SLES 9, 10)
      • Microsoft Windows Server (32-bit) (2003, 2008)
      Certifications for other operating system platforms are currently underway and will be announced shortly.  Oracle's Revenue Recognition rules prohibit us from discussing certification and release dates, but you're welcome to monitor or subscribe to this blog for updates.

      What About Oracle Single Sign-On?

      Sharp-eyed readers might have noticed that Fusion Middleware 11g does not include Oracle Single Sign-On.  For more details about this, see:
      References
      Related Articles

      Friday Oct 16, 2009

      Using Oracle Application Server 10g with E-Business Suite (OpenWorld 2009 Recap)

      [Oct 19 2009 Update: If you registered for OpenWorld, here's a link to the OpenWorld On Demand page where you can download or listen to the live recording of this session as well as the presentation materials.]

      Every year I provide an OpenWorld update on the various ways that E-Business Suite users can use different Oracle Application Server 10g components.  This presentation covers many of the topics that I visit regularly on this blog, neatly summarizing them in a single package with the latest Fusion Middleware certified versions (and desupport notices) in one place:

      Architecture diagram showing sso oid and third-party LDAP integration with E-Business Suite

      This presentation covers:

      • A quick overview of the various Oracle Application Server 10g products that can be optionally integrated with the E-Business Suite, including:
        • Oracle Single Sign-On and Oracle Internet Directory
        • Oracle Access Manager and Oracle Identity Manager
        • Web Center and Portal
        • Oracle Business Intelligence Enterprise Edition and Discoverer
        • Web Cache
        • Oracle SOA Suite
        • Oracle Enterprise Manager
      • How Oracle Single Sign-On works with the E-Business Suite
      • How EBS users can be managed using Oracle Internet Directory
      • How EBS can be integrated via Oracle Single Sign-On with third-party authentication systems such as:
        • Windows Native Authentication via Kerberos
        • Netegrity Siteminder
        • IBM Tivoli Access Manager
        • PKI X.509v3 Digital Certificates
      • How EBS can be integrated via Oracle Internet Directory with third-party LDAP directories such as:
        • Microsoft Active Directory
        • Sun Java System Directory
        • Novell eDirectory
        • OpenLDAP
      Related Articles

      I've covered all of these topics already on this blog, with articles discussing the conceptual topics as well as new certification announcements.  See:

      Thursday Apr 23, 2009

      Premier Support for SSO + OID 10.1.4.2 Ending in November 2009

      Oracle E-Business Suite Release 11i is certified with Oracle Single Sign-On and Oracle Internet Directory 10.1.4.  Single Sign-On and Oracle Internet Directory are part of Oracle Application Server (OracleAS) 10g 10.1.4.  We certified EBS with the Oracle Application Server 10.1.4.2 patchset in early 2008, and followed this up with EBS certifications with the Oracle Application Server 10.1.4.3 patchset in February 2009.

      OracleAS10143.png

      You should be aware that the OracleAS 10.1.4.2 grace period will end in November 2009.  After November 2009, you will still be able to download existing OracleAS 10.1.4.2 patches, but new patches will be issued only for the latest 10.1.4.3 release.

      If you've integrated your E-Business Suite environment with Single Sign-On and Oracle Internet Directory 10.1.4.2, I would strongly recommend that you plan an upgrade to the most-current certified OracleAS release. As of today, that's OracleAS 10.1.4.3.  Future readers coming across this article should refer to this blog's one-page Certifications summary for the latest certified configurations.

      Want To Know More About Support Policies?

      The Server Technologies support policies have recently changed in some important ways.  I've discussed the E-Business Suite implications of those changes in these articles: 

      Your Thoughts?

      I don't represent the Server Technologies organization (I'm in E-Business Suite Development), but I'm happy to pass on your thoughts and feedback about Oracle's support policies to management teams in those groups.  Feel free to post a comment below or send me a private email.

      Related Articles

      Wednesday Aug 06, 2008

      In-Depth: Using Third-Party Identity Managers with E-Business Suite Release 12

      This article is an updated R12 version of an earlier one written for Oracle E-Business Suite Release 11i.

      Like most of our customers, you probably already have a corporate identity management system in place. And, you've probably not been enjoying the experience of redundantly administering the same user in your corporate identity management system as well as the E-Business Suite. If this describes your environment, this in-depth article about integrating Oracle E-Business Suite Release 12, Oracle Single Sign-On and Oracle Internet Directory with third-party identity management systems will show you a better way of managing your EBS users.

      [Read More]

      Thursday Mar 27, 2008

      Oracle Single Sign-On and Oracle Internet Directory 10g 10.1.4.2 Certified with Release 11i

      Looks like another good week for certification announcements. Close on the heels of announcing Database 11gR1 certification,  we are announcing the certification of Oracle Single Sign-On and Oracle Internet Directory 10g 10.1.4.2 with Oracle E-Business Suite Release 11i. Existing 11i environments using earlier version of SSO & OID can be upgraded to the 10.1.4.2 Patch Set. Customers on 10.1.2.0.2 version of SSO & OID must first upgrade to 10.1.4.0.1 and then apply the 10.1.4.2 Patch Set.

      10142Patchset:

      Certified Operating System Platforms

      • Linux x86-32
      • Sun Sparc Solaris
      • HP-UX PARisc
      • IBM AIX
      • Microsoft Windows 2003

      The latest certified configuration is documented in:

      Related Articles

      Thursday Jan 24, 2008

      Single Sign-On 10g 10.1.4.2 Certified with Release 12

      New Apps certifications are just flying out of our labs this week.  I'm pleased to announce that the latest versions of Single Sign-On and Oracle Internet Directory 10g 10.1.4.2 are now certified with the E-Business Suite Release 12.  Existing Release 12 environments using earlier versions of SSO & OID 10g may be upgraded to 10.1.4.2.[Read More]

      Friday Aug 10, 2007

      Using Single Sign-On 10g (10.1.4.0.1) with Release 12

      Single Sign-On & Oracle Internet Directory 10g (10.1.4.0.1) are now certified with Oracle E-Business Suite Release 12.  Existing Release 12 environments using Single Sign-On & Oracle Internet Directory 10g 10.1.2.0.2 may be upgraded to the latest version.

      Release 12 OracleAS 10g Integration: Diagram showing integration between E-Business Suite Release 12 and a standalone Oracle Application Server 10g (OracleAS 10g) server Diagram showing integration between E-Business Suite Release 12 and a standalone Oracle Application Server 10g (OracleAS 10g) server

      Applications Release 12 users can configure their environments to delegate user authentication to an external Single Sign-On 10g 10.1.4.0.1 instance.  In this optional configuration, Single Sign-On validates E-Business Suite user credentials against an external Oracle Internet Directory 10g 10.1.4.0.1 instance.[Read More]

      Monday May 07, 2007

      OracleAS 10g Upgrade Paths

      [May 9, 2007 Update:  Corrected legend typo from OCSM to OCMS.  "OCMS" represents Oracle Communication & Mobility Server.  Elaborated on certification stance to remind readers that although OracleAS 10g 10.1.3 is part of Release 12's techstack, it can't be upgraded in place right now.]


      There are a lot of Oracle Application Server 10g releases.  I find it challenging to keep them straight myself, so I can only imagine how hard it must be for you to sort out upgrade paths between the various releases.  In response to popular demand at this year's Collaborate conference, here are my personal cheatsheet diagrams that I use to find upgrade paths between the various OracleAS 10g releases. 



      A Hand-Drawn Map Through the Woods

      A word of caution:  I've reviewed this information with our Oracle Application Server Release Managers, but these charts don't represent official documentation from Oracle Application Server Development.  In fact, I'm not sure that any single piece of official documentation captures this kind of information.  So, if there are any conflicts between what I show here and the official documentation, the latter prevails (and let me know, so I can fix my own diagrams).

      Distinguishing Between the Two Major OracleAS 10g Releases

      There are a couple of things you should bear in mind before reading these:


      1. The OracleAS 10g components used by the E-Business Suite -- Single Sign-On, Oracle Internet Directory, Discoverer, Business Intelligence, Portal, Web Cache, and Oracle Integration (including BPEL 10g) -- are released in the 10.1.2/10.1.4 codeline. 


      2. The OracleAS 10g 10.1.3.x codeline is the J2EE-only subset of OracleAS 10g.  These products are released on their own codeline and have a completely separate upgrade roadmap.  We don't certify any integrations between the E-Business Suite Release 11i and these products, although Release 12 includes 10.1.3 as its Java ORACLE_HOME.   I'm including my diagrams for this group, too, so you can see how the releases relate to each other.
      How to Read the Diagrams

      Here's a legend for reading the following diagrams:


      Updated Legend:


      If you haven't installed any OracleAS 10g releases before, you can start with any of the fresh install versions (marked with solid borders).  You can only apply incremental patchsets (marked with dashed borders) to an existing environment previously built with a fresh install version.

      Releases Useful for E-Business Suite Integrations

      The following chart shows upgrade paths between releases that are relevant to E-Business Suite sysadmins interested in using Oracle Application Server 10g components.  These components include Single Sign-On, Oracle Internet Directory, Discoverer, Business Intelligence, Portal, Web Cache, and Oracle Integration (including BPEL 10g and Business Activity Monitoring 10g).


      Oracle Application Server 10g Upgrade Paths:

      (click on the diagram for a larger version)

      Reading the chart, you can see that it's possible to upgrade from Oracle Application Server 10g 10.1.2.0.0 to the 10.1.2.2.0 Patchset.   Once you've done that, it's possible to install Portal 10.1.4.0.0 on top of that upgraded environment.

      A different path shows that it's possible to upgrade your OracleAS 10g 10.1.2.0.2 environment to the 10.1.2.2.0 Patchset. 

      Likewise, if you've installed OracleAS 10g 10.1.2.0.2 and upgraded that environment to use the latest Oracle Identity Management 10.1.4.0.1 release (marked as "IM"), you can upgrade that environment, in turn, to the 10.1.2.2.0 Patchset.

      The "Other" OracleAS 10g Release

      The diagram below is relevant for customers who are building their own J2EE applications using OracleAS 10g development tools, including Business Process Execution Language (BPEL), Business Activity Monitoring (BAM), Oracle Web Services Manager (OWSM), and Enterprise Service Bus (ESB).  With the exception of BPEL and BAM, E-Business Suite Release 11i users don't generally use any of the following releases, but I'm including this chart for the sake of completeness.  Release 12 includes OracleAS 10g 10.1.3 in its techstack but it can't be upgraded in place to a later version right now.


      J2EE Upgrade Paths:

      (click on the diagram for a larger version)

      A Final Word about Version Numbers

      For reasons too tortuous to go into here (and because I don't really understand them myself), Oracle Application Server version numbers don't necessarily correspond to the order in which a particular patchset was released.  They also don't mean that you can apply a higher version on top of an older version. 

      For example, the 10.1.3.2.0 Patchset was released after the 10.1.4.0.1 Identity Management (IM) release.  Since they're on separate codelines, you can't apply the 10.1.4.0.1 Identity Management release on top of the 10.1.3.2.0 Patchset.  That's not a meaningful combination since they're different products entirely. 

      When in Doubt, Contact Oracle Support

      It is not without some misgivings that I post this information here.  As is usually the case when wading into this area, these charts and their accompanying examples might have helped some of you but confused others. 

      Remember, I'm part of E-Business Suite Development, not Oracle Application Server Development.  In some ways, I'm a passerby in these parts, just like you.  So, if you do need more help in assessing the viability of a particular upgrade for your environment, it's advisable to go directly to the source:  Oracle Support is always your best option for getting a definitive answer to your questions.

      Related


      Monday Apr 23, 2007

      OracleAS 10g 10.1.2.2 Certified with Apps 11i

      The wait is over, at least for Linux platforms:  Oracle Application Server 10g 10.1.2.2 has been certified with the E-Business Suite Release 11i. 

      DMZ + OracleAS 10g + E-Business Suite Architecture:

      Just to ensure that there's no confusion about what's been certified, the full name of this patchset is:
      This latest certification includes the use of the following Oracle Application Server 10g components with Apps 11i:
      • Discoverer 10g
      • Portal 10g
      • Web Cache 10g
      Just for Linux... For Now

      This patchset has been certified for Linux platforms only

      We're working on the 10.1.2.2 certification for other platforms for E-Business Suite environments, but as usual, I don't have have a firm schedule for these other certifications or the other platforms yet.  You're welcome to monitor or subscribe to this blog for updates on the remaining certifications.

      Related


      Friday Jan 12, 2007

      Oracle Identity Management 10.1.4 Certified with Applications 11i

      I'm very pleased to announce that Oracle Identity Management 10.1.4 has been certified for use with E-Business Suite Release 11i.

      Apps 11i + OracleAS 10g Architecture:

      Like earlier certifications with OracleAS 10g 10.1.2.0.2, this certification allows you to delegate authentication of E-Business Suite Release 11i users to an external Oracle Identity Management 10g 10.1.4.0.1 instance.  Users are authenticated by Single Sign-On 10g 10.1.4.0.1, and user information can be managed in Oracle Internet Directory 10g 10.1.4.0.1.

      Integration with Third-Party Identity Management Systems

      You can also integrate this configuration with a third-party authentication manager such as Microsoft Kerberos, and third-party LDAP directories such as Microsoft Active Directory, in an architecture like this:

      Simple Third-Party LDAP SSO Integration:

      For a more in-depth discussion of third-party integration options, see In-Depth: Using Third-Party Identity Managers with the E-Business Suite Release 11i.

      Upgrading OracleAS 10g Instances Already Integrated with Apps 11i

      If you already have an E-Business Suite Release 11i environment that has been successfully integrated with Oracle Application Server 10g 10.1.2.0.2, Single Sign-On 10g 10.1.2.0.2, and Oracle Internet Directory 10g 10.1.2.0.2, you'll likely be relieved to hear that you can upgrade your Oracle Application Server 10g instance to 10.1.4.0.1 without having to refresh or change your existing provisioning or partner application registrations.  No new Apps interoperability patches are required.  In other words, you can simply upgrade your external OracleAS 10g 10.1.2.0.2 instance to 10.1.4 without changing anything on the Apps side.

      Related


      Monday Nov 06, 2006

      Using OracleAS 10g With The E-Business Suite

      Editor Jan. 12, 2007 Update:  Oracle Identity Management 10g 10.1.4.0.1 is now certified with the E-Business Suite. 

      No matter how hard I try to avoid it, my inbox always seem to pay for any time spent away, regardless of whether the time taken is for work or pleasure.  This is doubly true for time taken for conferences, since they tend to generate even more email.  That's life in the information era, I suppose.

      Apps 11i + OracleAS 10g Architecture:

      So, in a belated attempt to quell the tide from interested readers and conference goers, here's a pointer to the presentation materials for my session (S281709):
      Remember that the OpenWorld 2006 Content Catalog requires the following credentials to download conference materials:
      In my presentation you'll find coverage on:
      • Features and benefits of integrating the E-Business Suite with:
        • Single Sign-On & Oracle Internet Directory 10g
        • Discoverer 10g
        • Portal 10g
        • Web Cache 10g
      • Technical integration overview, covering:
        • Simple and advanced physical architectures
        • Logical architectures
      • Integration with third-party single sign-on and LDAP products
      • Release 11i application tier certification roadmap
      • Release 12 technology stack plans
      • Selected snapshots of customer architectures, including the use of :
        • Microsoft Active Directory
        • Windows Native Authentication (Kerberos)
        • Highly Available configurations
      Related

      Wednesday Sep 13, 2006

      Using OracleAS 10g and Apps in an Enterprise Configuration

      I've been receiving a number of questions about integration architectures from customers who have multiple ERP systems.  These long-suffering system administrators are getting awfully tired of maintaining overlapping user namespaces for each of these systems separately. 

      Now that all Oracle applications, including the E-Business Suite, have been certified with Oracle Application Server 10g, it's possible to use a single instance to provide identity management services across your enterprise.

      Shared Enterprise Oracle Application Server 10g:

      Shared OracleAS 10g Services Across the Enterprise

      As shown above, you can now install a single instance of Oracle Application Server 10g and use it to provide unified identity management and portal services to applications across your enterprise.  Applications that delegate user authentication to this central Oracle Application Server 10g instance are called partner applications.

      The E-Business Suite, PeopleSoft, and Oracle Collaboration Suite can all be registered as partner applications with Oracle Application Server 10g.

      Users log onto Oracle Single Sign-On 10g, which provides access to all registered partner applications.  A single user definition is maintained centrally by Oracle Internet Directory 10g, which is much more efficient (and safer) than maintaining overlapping user namespaces in each of the individual partner applications.

      If you're so inclined, you can create a portlet in Oracle Portal that links to specific functions in each of the partner applications.

      Integration with Third-Party Identity Management Systems

      The centrally-shared Oracle Application Server 10g instance can be integrated with third-party identity management systems.  I've covered this integration already, so rather than repeating myself here, see this article if you'd like more details about how that works:
      Taking No Chances

      As the axiom goes, if you put all of your eggs in one basket, you'd better watch that basket carefully.  The same goes for centralizing all of your identity management and portal services.  If that system goes down, the outage now affects all registered partner applications. 

      High Availability Shared Enterprise Apps Architecture:

      To avoid those awkward morning-after discussions with your executives, you should ensure that your central Oracle Application Server 10g environment is:
      • Scaled to handle the combined peak loads of all partner applications
      • Has failover capabilities for both the application tier as well as the database tier
      Related

      Thursday Aug 24, 2006

      DMZs, SSL and RAC for OracleAS 10g + Release 11i

      I know that many of you have been waiting for this announcement for a long time, so it's a real pleasure (and relief) to be able to tell you that Build 4.0 is finally here.


      A new version of the OracleAS 10g integration with the E-Business Suite has been released for use with ATG Family Pack H Rollup 4.  This long-awaited integration patch, also known as Build 4.0, includes full support for three additional configurations:  DMZs, RAC, and SSL.

      Demilitarized Zones and OracleAS 10g Integrations

      In prior releases, there were a number of challenges to integrating an OracleAS 10g instance with an E-Business Suite environment deployed in a demilitarized zone (DMZ) configuration with multiple web entry points.  Some awkward workarounds existed, but they were incomplete, technically clumsy, and didn't work consistently in all circumstances.

      With this latest release, full support for OracleAS 10g + E-Business Suite + DMZ configurations is now available.  This release allows you to register multiple E-Business Suite application servers (e.g. internal and external Oracle9i Application Server 1.0.2.2.2 instances) with an OracleAS 10g and Single Sign-On instance, supporting the proper redirection of traffic to the appropriate server after authentication. 

      This means that architectures like this are now fully supported:

      DMZ + OracleAS 10g + E-Business Suite Architecture:

      Registration with SSL-Enabled Oracle Internet Directory Hosts

      In prior releases, it wasn't possible to register your E-Business Suite environment with an Oracle Internet Directory host deployed in a Secure Sockets Layer (SSL) configuration.

      In this latest release, if your Oracle Internet Directory host is configured for SSL-enabled LDAP operations, you can use wallets in Oracle Wallet Manager to secure all LDAP operations.

      Oracle Internet Directory Integration with RAC-Enabled Release 11i Databases

      In prior releases, if your E-Business Suite database was configured to use Real Application Clusters (RAC), the synchronisation of user information between Oracle Internet Directory and FND_USER was handled by a specific database server in your RAC cluster.

      If that database node failed, the synchronisation of user attributes between Oracle Internet Directory and the E-Business Suite wouldn't failover to other database server nodes.  Updates of user information in either direction would be suspended until the designated RAC database node came back online.

      In this latest release, the E-Business Suite RAC service name is used when registering the Release 11i instance with Oracle Internet Directory.  All user synchronisation events are handled by the E-Business Suite RAC cluster now, so if a given RAC node fails, synchronisation of user information will continue as long as other RAC nodes are still running.

      References

      Thursday Aug 17, 2006

      In-Depth: Synchronizing Oracle HRMS with OID

      Editor Jan. 12, 2007 Update:  Oracle Identity Management 10g 10.1.4.0.1 is now certified with the E-Business Suite. 

      I've now devoted several articles to managing E-Business Suite users with Oracle Internet Directory 10g.  But what about situations where you need to manage Oracle Human Resources employees in Oracle Internet Directory?  Or create E-Business Suite accounts automatically for new employees?  That's where the Oracle HR Agent comes into the picture.


      Oracle HR Agent Screenshot:

      Users vs. Employees

      For starters, let's distinguish between users and employees:

      USER:  An E-Business Suite user is someone who needs to be able to log into Apps.  That user might need to file expense reports, view her payslip, or file purchase requisitions.  All E-Business Suite users have userids and records in the FND_USER repository, and have associated responsibilities that govern what the functions and data that they can access.

      EMPLOYEE:  An employee is someone whose information is managed by the Human Resources module in the E-Business Suite.  Oracle Human Resources tracks information like employee numbers, manager hierarchies, and other personally identifiable information like birthdates.

      Employees aren't Necessarily Users



      Not all employees are users, and vice versa.  For example, a major retailer might use the E-Business Suite's Human Resources modules to manage employee information for their cashiers, but those cashiers may not be authorized to log into the E-Business Suite at all.


      When Worlds Overlap

      From an organizational standpoint, this distinction makes a lot of sense.  The HR department manages employees, and the IT department manages E-Business Suite accounts. 

      But what happens when those worlds overlap?  Following the example above, what about a scenario where the cashiers are permitted to view their payslips via the Self-Service Human Resources module?

      In this scenario, the same person would be represented in two places:
      1. In the Human Resources module
      2. In the Apps FND_USER repository
      For E-Business Suite environments that aren't integrated with Oracle Internet Directory, user records need to be individually maintained in each location.

      Creating Employee Entries in Oracle Internet Directory

      It's possible to use the Oracle Internet Directory Human Resources connector to push employee information from Oracle HR to Oracle Internet Directory.

      HRMS to OID:

      You can export a subset of employee data from Oracle Human Resources into Oracle Internet Directory.  The connector includes both a prepackaged integration profile and an Oracle Human Resources agent that handles communication with Oracle Internet Directory.

      You can schedule the Oracle Human Resources connector to run at any time, configuring it to extract incremental changes from the Oracle Human Resources system. You can also set and modify mapping between column names in Oracle Human Resources and attributes in Oracle Internet Directory.

      Exportable HR Attributes

      There's a long list of HR employee attributes that you can send to Oracle Internet Directory, including:
      • First name, last name
      • Title
      • Sex
      • Date of birth
      • Employee number
      • Email address
      • Others...
      Making A Round Trip

      If you recall from a previous article, you can synchronize user information between Oracle Internet Directory and the E-Business Suite's FND_USER like this:

      OID to FND_USER Sync:

      Therefore, it's possible for employee information to make a round-trip like this:

      HR to OID to FND_USER:

      Not In the Opposite Direction

      This architecture would support a business flow where a new employee is registered in E-Business Suite Human Resources by the HR department.  That employee's information is then propagated via Oracle Internet Directory to FND_USER, where an IT administrator grants the appropriate Apps responsibilities to the user.

      The opposite direction is not supported.  It is not possible to have an employee created in Oracle HR based upon a new user entry in Oracle Internet Directory.

      Useful for You?

      I've heard anecdotal reports that this is a common use case, but actual customer sightings of this in the wild have been rare.  If you're using this setup now, or are interested in using this setup, please drop me a line; I'd be very interested in hearing about your requirements.

      Related

      Tuesday Aug 15, 2006

      Oracle Identity Management 10g (10.1.4.0.1) and Release 11i

      Editor Jan. 12, 2007 Update:  Oracle Identity Management 10g 10.1.4.0.1 is now certified with the E-Business Suite. 

      Oracle Identity Management 10g (10.1.4.0.1) is now available for download.  This release marks a milestone release for Oracle Identity Management, offering significant enhancements and fixes in terms of performance, stability, integration, usability and platform support.


      E-Business Suite Certification Underway

      The Applications Technology Group is certifying E-Business Suite Release 11i with Oracle Identity Management 10.1.4.0.1 now.  I don't have firm schedules for the certification yet, but feel free to subscribe to this site if you'd like to be automatically notified when it's completed. 

      In the meantime, Oracle Identity Management 10g (10.1.2.0.2) is the latest certified version for E-Business Suite Release 11i customers.

      About

      Search

      Categories
      Archives
      « April 2014
      SunMonTueWedThuFriSat
        
      1
      4
      5
      6
      7
      8
      9
      10
      11
      12
      13
      14
      15
      16
      17
      18
      19
      20
      21
      22
      23
      24
      25
      26
      27
      28
      29
      30
         
             
      Today