Friday Jul 06, 2012

Building Extensions Using E-Business Suite SDK for Java

We’ve just released Version 2.0.1 of Oracle E-Business Suite SDK for Java.  This new version has several great enhancements added after I wrote about the first version of the SDK in 2010.  In addition to the AppsDataSource and Java Authentication and Authorization Service (JAAS) features that are in the first version, the Oracle E-Business Suite SDK for Java now provides:

  • Session management APIs, so you can share session information with Oracle E-Business Suite
  • Setup script for UNIX/Linux for AppsDataSource and JAAS on Oracle WebLogic Server
  • APIs for Message Dictionary, User Profiles, and NLS
  • Javadoc for the APIs (included with the patch)
  • Enhanced documentation included with Note 974949.1
Integration between custom apps and EBS

These features can be used with either Release 11i or Release 12. 

References

What's new in those references?

Note 974949.1 is the place to look for the latest information as we come out with new versions of the SDK.  The patch number changes for each release.  Version 2.0.1 is contained in Patch 13882058, which is for both Release 11i and Release 12.  Note 974949.1 includes the following topics:

  • Applying the latest patch
  • Using Oracle E-Business Suite Data Sources
  • Oracle E-Business Suite Implementation of Java Authentication and Authorization Service (JAAS)
  • Utilities
  • Error loggingSession management 
  • Message Dictionary
  • User profiles
  • Navigation to External Applications
  • Java EE Session Management Tutorial

For those of you using the SDK with Oracle ADF, besides some Oracle ADF-specific documentation in Note 974949.1, we also updated the ADF Integration FAQ as well.

EBS SDK for Java Use Cases

The uses of the Oracle E-Business Suite SDK for Java fall into two general scenarios for integrating external applications with Oracle E-Business Suite:

  1. Application sharing a session with Oracle E-Business Suite
  2. Independent application (not shared session)

With an independent application, the external application accesses Oracle E-Business  Suite data and server-side APIs, but it has a completely separate user interface. The external application may also launch pages from the Oracle E-Business Suite home page, but after the initial launch there is no further communication with the Oracle E-Business Suite user interface.

Shared session integration means that the external application uses an Oracle E-Business Suite session (ICX session), shares session context information with Oracle E-Business Suite, and accesses Oracle E-Business Suite data. The external application may also launch pages from the Oracle E-Business Suite home page, or regions or pages from the external application may be embedded as regions within Oracle Application Framework pages.

Both shared session applications and independent applications use the AppsDataSource feature of the Oracle E-Business Suite SDK for Java. Independent applications may also use the Java Authentication and Authorization (JAAS) and logging features of the SDK.

Applications that are sharing the Oracle E-Business Suite session use the session management feature (instead of the JAAS feature), and they may also use the logging, profiles, and Message Dictionary features of the SDK.  The session management APIs allow you to create, retrieve, validate and cancel an Oracle E-Business Suite session (ICX session) from your external application.  Session information and context can travel back and forth between Oracle E-Business Suite and your application, allowing you to share session context information across applications.

Note: Generally you would use the Java Authentication and Authorization (JAAS) feature of the SDK or the session management feature, but not both together.

Send us your feedback

Since the Oracle E-Business Suite SDK for Java is still pretty new, we’d like to know about who is using it and what you are trying to do with it.  We’d like to get this type of information:

  • customer name and brief use case
  • configuration and technologies (Oracle WebLogic Server or OC4J, plain Java, ADF, SOA Suite, and so on)
  • project status (proof of concept, development, production)
  • any other feedback you have about the SDK

You can send me your feedback directly at Sara dot Woodhull at Oracle dot com, or you can leave it in the comments below.  Please keep in mind that we cannot answer support questions, so if you are having specific issues, please log a service request with Oracle Support.

Happy coding!

Related Articles

Friday Jun 22, 2012

ATG Live Webcast June 28: Scrambling Sensitive Data in EBS 12 Cloned Environments

Securing the Oracle E-Business Suite includes protecting the underlying E-Business data in production and non-production databases.  While steps can be taken to provide a secure configuration to limit EBS access, a better approach to protecting non-production data is simply to scramble (mask) the data in the non-production copy.  

The Oracle E-Business Suite Template for Data Masking Pack can be used in situations where confidential or regulated data needs to be shared with other non-production users who need access to some of the original data, but not necessarily every table.  Examples of non-production users include internal application developers or external business partners such as offshore testing companies, suppliers or customers.

The Oracle E-Business Suite Template for Data Masking Pack is applied to a non-production environment with the Enterprise Manager Grid Control Data Masking Pack.  When applied, the Oracle E-Business Suite Template for Data Masking Pack will create an irreversibly scrambled version of your production database for development and testing. This ATG Live Webcast is your chance to come learn about the Oracle E-Business Suite Release 12.1.3 Template for Data Masking Pack from the experts.

Oracle E-Business Suite Release 12.1.3 Template for Data Masking

Example of Data Masking from Production to Non-Production Instance
The agenda for the Oracle E-Business Suite Template for Data Masking Pack webcast includes the following topics:

  • What does data masking do in E-Business Suite environments?
    • De-identify the data
    • Mask sensitive data
    • Maintain data validity
  • How can EBS customers use data masking?
  • References

Join Eric Bing, Senior Director and Elke Phelps, Senior Principal Product Manager, as they discusses the Oracle E-Business Suite Template for Data Masking Pack.

Date:                  Thursday, June 28, 2012
Time:                 8:00AM Pacific Standard Time
Presenters:     Eric Bing, Senior Director
                           Elke Phelps, Senior Principal Product Manager

Webcast Registration Link (Preregistration is optional but encouraged)

To hear the audio feed:
    Domestic Participant Dial-In Number:           877-697-8128
    International Participant Dial-In Number:      706-634-9568
Additional International Dial-In Numbers Link:
    Dial-In Passcode:                                              100865

To see the presentation:
    The Direct Access Web Conference details are:
    Website URL: https://ouweb.webex.com
    Meeting Number:  591170639

If you miss the webcast, or you have missed any webcast, don't worry -- we'll post links to the recording as soon as it's available from Oracle University.  You can monitor this blog for pointers to the replay. And, you can find our archive of our past webcasts and training here.

If you have any questions or comments, feel free to email Bill Sawyer (Senior Manager, Applications Technology Curriculum) at BilldotSawyer-AT-Oracle-DOT-com.

Tuesday May 29, 2012

Scrambling Sensitive Data in E-Business Suite Release 12 Cloned Environments

Securing the Oracle E-Business Suite includes protecting the underlying E-Business data in production and non-production databases.  While steps can be taken to provide a secure configuration to limit EBS access, a better approach to protecting non-production data is simply to scramble (mask) the data in the non-production copy. 

You can use the Oracle Data Masking Pack with Oracle Enterprise Manager today to scramble sensitive data in cloned environments. Due to data dependencies, scrambling E-Business Suite data is not a trivial task.  The data needs to be scrubbed in such a way that allows the application to continue to function. 

Using the Data Masking Pack in E-Business Suite environments is now easier with the release of new set of templates for E-Business Suite databases:

This template works with the Oracle Data Masking Pack and Oracle Enterprise Manager to obscure sensitive E-Business Suite information that is copied from production to non-production environments. 

Is there a charge for this?

Yes. You must purchase licenses for Oracle Enterprise Manager and the Oracle Data Masking Pack plug-in. The Oracle E-Business Suite 12.1.3 Template for the Data Masking Pack is included with the Oracle Data Masking Pack license.  You can contact your Oracle account manager for more details about licensing.

What does data masking do in E-Business Suite environments?

Application data masking does the following:

  • De-identify the data:  Scramble identifiers of individuals, also known as personally identifiable information or PII.  Examples include information such as name, account, address, location, and driver's license number.
  • Mask sensitive data:  Mask data that, if associated with personally identifiable information (PII), would cause privacy concerns.  Examples include compensation, health and employment information.  
  • Maintain data validity:  Provide a fully functional application.

How can EBS customers use data masking?

The Oracle E-Business Suite Template for Data Masking Pack can be used in situations where confidential or regulated data needs to be shared with other non-production users who need access to some of the original data, but not necessarily every table.  Examples of non-production users include internal application developers or external business partners such as offshore testing companies, suppliers or customers.  

The Oracle E-Business Suite Template for Data Masking Pack is applied to a non-production environment with the Enterprise Manager Grid Control Data Masking Pack.  When applied, the Oracle E-Business Suite Template for Data Masking Pack will create an irreversibly scrambled version of your production database for development and testing.  


References

For additional information on the Oracle E-Business Suite Template for Data Masking Pack please refer to the following:

Related Articles

Tuesday May 08, 2012

Understanding Options for Integrating Oracle Access Manager with E-Business Suite

Integrating Oracle Access Manager with the E-Business Suite can be tricky.  This is especially true if you're upgrading from EBS 11i to 12, or perhaps also switching from the older Oracle Single Sign-On technology to Oracle Access Manager.  Thing can get even more complicated if you're interested in integrating the E-Business Suite with a third-party authentication system such Windows Kerberos, or managing your users in a third-party LDAP directory like Microsoft Active Directory.

Understanding your options for integrating EBS with Oracle Access Manager and Oracle Internet Directory has just gotten a bit easier.  First, we've just published a new document that lays out the options and our recommendations:

OAM Oracle Access Manager architecture diagram and flow

This new document discusses:

  • Single sign-on concepts
  • Options for integrating single sign-on solutions for Oracle E-Business Suite including the following:
    • How the Oracle Access Manager Integration Works
    • How the Oracle Single Sign-On (OSSO) Integration Works
    • Integration with Third-Party Access Management Systems and LDAP
  • Considerations to take into account when choosing a single sign-on solution
  • Documentation roadmap specifying which document to follow dependent upon your integration goal
  • Reference architecture diagrams depicting example components by Oracle E-Business Suite release

Reworked instructions for integrating Oracle Access Manager + E-Business Suite 

In addition to the new overview document above, we've also made extensive revisions and updates to this previously-published document:

The updated Note is the result of your emails, Service Requests, and feedback to us on how we can improve our documentation. This is still an admittedly-complex implementation, with many detailed and exacting steps.  We're examining ways of streamlining and possibly automating some of the implementation steps in a future update to this certification.

Your feedback is welcome

We've tried hard to make this complex area just a little bit more-accessible.  We would love to hear about your experiences with these components.  Your feedback regarding the new note and updated note is welcome.  Please either post a comment here or log a bug request against the note in My Oracle Support.

References

Related Articles

(Special thanks to Allison Sparshott  and Hubert Ferst for their combined efforts in crafting these updates.)

Tuesday Apr 17, 2012

Critical Patch Update for April 2012 Now Available

The Critical Patch Update (CPU) for April 2012 was released on April 17, 2012. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:

The next four Critical Patch Update release dates are:

  • July 17, 2012
  • October 16, 2012
  • January 15, 2013
  • April 16, 2013
E-Business Suite Releases 11i and 12 Reference

Monday Mar 19, 2012

Webcast Replay Available: E-Business Suite Data Protection

I am pleased to release the replay and presentation for the latest ATG Live Webcast:

E-Business Suite Data Protection (Presentation)

Screenshot of E-Business Suite Data Access auditing


Robert Armstrong, Product Strategy Security Architect and Eric Bing, Senior Director discussed the best practices and recommendations for securing your E-Business Suite data.

Finding other recorded ATG webcasts

The catalog of ATG Live Webcast replays, presentations, and all ATG training materials is available in this blog's Webcasts and Training section.

Tuesday Feb 21, 2012

ATG Live Webcast: E-Business Suite Data Protection

How do you address the security challenges within an E-Business Suite database? How should you make the best use of auditing, separation of duties, and other Oracle technologies with Oracle E-Business Suite? Join us for this week's ATG Live Webcast on Feb. 23, 2012:

E-Business Suite Data Protection

Join Robert Armstrong, Product Strategy Security Architect and Eric Bing, Senior Director, as they discuss the best practices and recommendations for securing your E-Business Suite data. The agenda for the E-Business Suite Data Protection webcast includes the following topics:

  • E-Business Suite Security Challenges
  • Auditing in E-Business Suite
  • Separation of Duties
  • Other Oracle Technologies for Data Security

Screenshot of E-Business Suite Data Access auditing

Date:               Thursday, February 23, 2012

Time:              8:00 AM - 9:00 AM Pacific Standard Time
Presenters:  Robert Armstrong, Product Strategy Security Architect
                        Eric Bing, Senior Director

Webcast Registration Link (Preregistration is optional but encouraged)

To hear the audio feed:
    Domestic Participant Dial-In Number:           1-877-697-8128
    International Participant Dial-In Number:      1-706-634-9568
    Dial-In Passcode:                                              99336

To see the presentation:
    The Direct Access Web Conference details are:
    Website URL: https://ouweb.webex.com
    Meeting Number:  593089134

If you miss the webcast, or you have missed any webcast, don't worry -- we'll post links to the recording as soon as it's available from Oracle University.  You can monitor this blog for pointers to the replay. And, you can find our archive of our past webcasts and training here.

If you have any questions or comments, feel free to email Bill Sawyer (Senior Manager, Applications Technology Curriculum) at BilldotSawyer-AT-Oracle-DOT-com.

Friday Jan 20, 2012

ATG Live Webcast: Oracle E-Business Suite Secure Configuration

Are you interested in the techniques and best practices to harden your E-Business Suite deployment for both internal and external users? If so, you need to attend the next install of our ATG Live Webcast series on Jan. 26, 2012:
Oracle E-Business Suite Secure Configuration
Join Erik Graversen, Senior Principal Software Engineer, for this wide-ranging discussion on the topic of hardening the security within E-Business Suite.

E-Business Suite architecture diagram showing firewalls and internal and external application servers

Secure deployment of your E-Business Suite begins with a secure platform, but it doesn't end there. It includes hardening your O/S with both proper patch levels and configuration, along with secure configuration of your network and firewall. Add to this foundation, best practices and vendor recommendations, and you are on your way to a secure E-Business Suite environment.

The agenda for the Oracle E-Business Suite Secure Configuration webcast includes the following topics:
  • Hardening Systems
  • General E-Business Suite Advice
  • Secure Configurations Guides from Oracle
  • Internal Deployment Considerations
  • External Deployment Considerations
Date:               Thursday, January 26, 2012
Time:              11:00 AM - 12:00 PM (NOON) Pacific Standard Time
Presenter:     Erik Graversen, Senior Principal Software Engineer

Webcast Registration Link (Preregistration is optional but encouraged)

To hear the audio feed:
    Domestic Participant Dial-In Number:           877-697-8128
    International Participant Dial-In Number:      706-634-9568
    Additional International Dial-In Numbers Link:
    Dial-In Passcode:                                              99326

To see the presentation:
    The Direct Access Web Conference details are:
    Website URL: https://ouweb.webex.com
    Meeting Number:  593599795

If you miss the webcast, or you have missed any webcast, don't worry -- we'll post links to the recording as soon as it's available from Oracle University.  You can monitor this blog for pointers to the replay. And, you can find our archive of our past webcasts and training here.

If you have any questions or comments, feel free to email Bill Sawyer (Senior Manager, Applications Technology Curriculum) at BilldotSawyer-AT-Oracle-DOT-com. 

Wednesday Jan 18, 2012

Critical Patch Update for January 2012 Now Available

The Critical Patch Update (CPU) for January 2012 was released on January 17, 2012. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:

The next four Critical Patch Update release dates are:

  • April 17, 2012
  • July 17, 2012
  • October 16, 2012
  • January 15, 2013

Friday Jan 06, 2012

Enabling Case-Sensitive Passwords with E-Business Release 12

Password security and complexity is often a concern for security and audit teams.  With the recent release of patch 12964564, Oracle E-Business Suite Release 12.1.1 with a minimum database level of 11gR1 now supports password case sensitivity.  Let's review this database feature in greater detail.  

Password case sensitivity was introduced with Oracle Database 11gR1.  Passwords were not case sensitive in earlier versions.  For Oracle database versions prior to 11gR1, the passwords "Manager", "MANAGER", and "manager" were all equivalent.  In an 11gR1 database and higher with password case sensitivity turned on, each of these passwords, "Manager", "MANAGER" and "manager" are unique passwords with unique hash values.  

Password case sensitivity is turned on by default for any newly created 11gR1 or higher database .  The database parameter for this feature is SEC_CASE_SENSITIVE_LOGON:

  • When this parameter is set to TRUE, password case sensitivity is enabled.
  • When set to FALSE, it is disabled.  
The DBA_USERS view now has a PASSWORD_VERSIONS column that indicates the database release in which the password was created or last modified. 

If you have migrated from a prior database version to 11gR1 and SEC_CASE_SENSITIVE_LOGON is set to true, the default behavior is as follows:
  • Existing users must first initiate a password change for password case sensitivity to be enforced
  • New users created in the 11g database will automatically use password case sensitivity 

The following example on a generic database -- not an E-Business Suite database -- illustrates how the password case sensitivity feature works in 11g.

First, a new user, "newuser1",  is created in an 11g database.

Next, information from the DBA_USERS view is displayed.

The following shows behavior of a migrated 10g user, "system" and an newly created 11g user, "newuser1" when password case sensitivity is disabled.

Finally, the following  shows behavior of a migrated 10g user, "system" and an newly created 11g user, "newuser1" when password case sensitivity is enabled.


For instructions on how to enable password case sensitivity with EBS R12.1.1 running on the 11gR1 Database and higher, please refer to the following MOS documentation:

Related Articles

Monday Nov 14, 2011

11gR2 11.2.0.3 Database Certified with E-Business Suite

[Nov 15, 2011 Update: Added TDE Tablespace and Column Encryption to the list of certified options]

The 11gR2 11.2.0.2 Database was certified with E-Business Suite (EBS) 11i and EBS 12 almost one year ago today.  I’m pleased to announce that 11.2.0.3, the second patchset for the 11gR2 Database is now certified. Be sure to review the interoperability notes for R11i and R12 for the most up-to-date requirements for deployment.

This certification announcement is important as you plan upgrades to the technology stack for your environment. For additional upgrade direction, please refer to the recently published EBS upgrade recommendations article. Database support implications may also be reviewed in the database patching and support article.


Oracle E-Business Suite Release 11i

Prerequisites
  • 11.5.10.2 + ATG PF.H RUP 6 and higher
Certified Platforms
  • Linux x86 (Oracle Linux 4, 5)
  • Linux x86 (RHEL 4, 5)
  • Linux x86 (SLES 10)
  • Linux x86-64 (Oracle Linux 4, 5) -- Database-tier only
  • Linux x86-64 (RHEL 4, 5) -- Database-tier only
  • Linux x86-64 (SLES 10--Database-tier only)
  • Oracle Solaris on SPARC (64-bit) (10)
  • Oracle Solaris on x86-64 (64-bit) (10) -- Database-tier only
Pending Platform Certifications
  • Microsoft Windows Server (32-bit)
  • Microsoft Windows Server (64-bit)
  • HP-UX PA-RISC (64-bit)
  • HP-UX Itanium
  • IBM: Linux on System z 
  • IBM AIX on Power Systems
Oracle E-Business Suite Release 12
Prerequisites
  • Oracle E-Business Suite Release 12.0.4 or later; or,
    Oracle E-Business Suite Release 12.1.1 or later
Certified Platforms
  • Linux x86 (Oracle Linux 4, 5)
  • Linux x86 (RHEL 4, 5)
  • Linux x86 (SLES 10)
  • Linux x86-64 (Oracle Linux 4, 5)
  • Linux x86-64 (RHEL 4, 5)
  • Linux x86-64 (SLES 10)
  • Oracle Solaris on SPARC (64-bit) (10)
  • Oracle Solaris on x86-64 (64-bit) (10)  -- Database-tier only
Pending Platform Certifications
  • Microsoft Windows Server (32-bit)
  • Microsoft Windows Server (64-bit)
  • HP-UX PA-RISC (64-bit)
  • IBM: Linux on System z
  • IBM AIX on Power Systems
  • HP-UX Itanium
Database Feature and Option Certifications
The following 11gR2 11.2.0.3 database options and features are supported for use:
About the pending certifications

Oracle's Revenue Recognition rules prohibit us from discussing certification and release dates, but you're welcome to monitor or subscribe to this blog for updates, which I'll post as soon as soon as they're available.    

EBS 11i References
EBS 12 References
Related Articles
The preceding is intended to outline our general product direction.  It is intended for information purposes only, and may not be incorporated into any contract.   It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision.  The development, release, and timing of any features or functionality described for Oracle's products remains at the sole discretion of Oracle.

Wednesday Oct 19, 2011

Critical Patch Update for October 2011 Now Available

The Critical Patch Update (CPU) for October 2011 was released on October 18, 2011. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:

The next four Critical Patch Update release dates are:

  • January 17, 2012
  • April 17, 2012
  • July 17, 2012
  • October 16, 2012

Wednesday Aug 03, 2011

Why Does EBS Integration with Oracle Access Manager Require Oracle Internet Directory?

The E-Business Suite has its own security and user-management capabilities.  You can use the E-Business Suite's native features to authenticate users, authorize users (i.e. assign responsibilities to them), and manage your EBS user repository.  The majority of E-Business Suite system administrators simply use these built-in capabilities for enabling access to the E-Business Suite.

When EBS built-in capabilities aren't enough

Some organisations have third-party user authentication systems in place.  These include CA Netegrity SiteMinder, Windows Kerberos, and others.  These organisations frequently use third-party LDAP directory solutions such as Microsoft Active Directory, OpenLDAP, and others. 

We don't certify the E-Business Suite with those third-party products directly, and we don't have any plans to do so.  This article is intended to explain why Oracle Internet Directory (OID) is required when integrating with Oracle Access Manager (OAM), but you can safely infer that the same requirements prevent the use of third-party authentication products directly with the E-Business Suite.

It's possible to integrate the E-Business Suite with those third-party solutions via Oracle Access Manager and Oracle Internet Directory.  See these articles:

Before going on, I'd recommend reading one of those two third-party integration articles.  If you don't have those concepts under your belt, the rest of this article isn't going to make much sense.

Architecture diagram showing Oracle Access Manager Oracle Internet Directory E-Business Suite AccessGate WebGate

Why does EBS require OID with OAM?

Oracle Access Manager itself doesn't require Oracle Internet Directory.  However, Oracle Internet Directory is a mandatory requirement when Oracle Access Manager is integrated with the E-Business Suite.

Why?  The short answer is that the E-Business Suite has hardcoded dependencies on Oracle Internet Directory for this configuration. These dependencies mean that you cannot replace Oracle Internet Directory with any third-party LDAP directory for this particular configuration. 

There are two cases of hardcoded dependencies on Oracle Internet Directory:

1. Reliance on Oracle GUIDs

From the articles linked above, you know that user authentication is handled by Oracle Access Manager, and user authorization is handled by the E-Business Suite itself.  This means that there are two different user namespaces. 

These namespaces must be linked and coordinated somehow, to ensure that a particular user logging in via Oracle Access Manager is the same user represented within the E-Business Suite's own internal FNDUSER repository.

We associate externally-managed Oracle Access Manager users with internally-managed E-Business Suite users via a Global Unique Identifier (GUID).  These Global Unique Identifiers are generated exclusively by Oracle Internet Directory. 

The E-Business Suite has hardcoded functions to handle the mapping of these Global Unique Identifiers between Oracle Access Manager and the E-Business Suite.  These mapping functions are specific to Oracle Internet Directory; it isn't possible to replace Oracle Internet Directory with a generic third-party LDAP directory and still preserve this functionality.

2. Synchronous user account creation

The E-Business Suite is predominantly used internally within an organisation.  Certain E-Business Suite application modules can be made visible to users outside of an organisation.  These include iStore, iRecruitment, iSupplier, and other application modules where the users aren't necessarily restricted to an organisation's own employees.

Users of some of those application modules expect to be able to register for a new account and use it immediately.  This makes sense.  If you're posting job openings via iRecruitment, potential applicants shouldn't need to hold off on submitting their resumes while your E-Business Suite sysadmin creates an account manually, assigns EBS responsibilities, and emails them the account login details. They'll be long gone before that happens.

This means that EBS application modules that support self-registration must create user accounts synchronously.  A new account must be created within the E-Business Suite and the externalized directory at the same time, on demand.

The E-Business Suite has hardcoded dependencies upon Oracle Internet Directory function calls that handle these synchronous account creation tasks.  These function calls are specific to Oracle Internet Directory; it isn't possible to replace Oracle Internet Directory with a generic third-party LDAP directory and still preserve this functionality.

Sun is setting for Oracle Single Sign-On

The older articles linked above refer to Oracle Single Sign-On.  All conceptual references to Oracle Single Sign-On apply equally to Oracle Access Manager.  Oracle Access Manager offers the same capabilities as Oracle Single Sign-On when integrated with the E-Business Suite.

You may have noticed that I have specifically been referring to Oracle Access Manager rather than Oracle Single Sign-On in this article.  There's a very good reason for this.

The Fusion Middleware Lifetime Support Policy shows that Premier Support for Oracle Single Sign-On 10gR2 ends on December 2011.  If you're using Portal 11gR1, Forms & Reports 11gR1, or Discoverer 11gR1, Premier Support for Oracle Single Sign-On 10gR2 is extended to December 2012. 

Extended Support is not available for Oracle Single Sign-On 10gR2.  This is true regardless of whether you're using those other Fusion Middleware 11gR1 products or not.  These support policy timelines for Oracle Single Sign-On are not affected by the E-Business Suite's own support timelines.  There are no special exceptions from these Fusion Middleware support timelines for E-Business Suite customers. 

Given that the Oracle Single Sign-On is nearing its end-of-life, anyone considering a new external authentication solution for the E-Business Suite should use Oracle Access Manager at this point.  If you're currently using Oracle Single Sign-On, I would recommend evaluating your plans for migrating to Oracle Access Manager as soon as possible.

Related Articles


Wednesday Jul 20, 2011

Critical Patch Update for July 2011 Now Available

The Critical Patch Update (CPU) for July 2011 was released on July 19, 2011. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported Products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:

The next four Critical Patch Update release dates are:

  • October 18, 2011
  • January 17, 2012
  • April 17, 2012
  • July 17, 2012

Thursday May 19, 2011

Critical Patch Update for April 2011 Now Available

The Critical Patch Update (CPU) for April 2011 was released on April 19, 2011. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported Products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:

The next four Critical Patch Update release dates are:

  • July 19, 2011
  • October 18, 2011
  • January 17, 2012
  • April 17, 2012

Monday May 16, 2011

TDE Tablespace Encryption 11.2.0.2 Certified with E-Business Suite

Oracle Advanced Security is an optional licenced Oracle 11g Database add-on. Oracle Advanced Security Transparent Data Encryption (TDE) offers two different features: column encryption and tablespace encryption. TDE Tablespace Encryption 11.2.0.2 is now certified with Oracle E-Business Suite Release 11i (11.5.10.2 + ATG PF.H RUP 6 and higher) and Release 12 (Releases 12.0.6 and higher and 12.1.1 and higher).

What is Transparent Data Encryption (TDE) ?

Oracle Advanced Security Transparent Data Encryption (TDE) allows you to protect data at rest. TDE helps address privacy and PCI requirements by encrypting personally identifiable information (PII) such as Social Security numbers and credit card numbers.

TDE is completely transparent to existing applications with no triggers, views or other application changes required. Data is transparently encrypted when written to disk and transparently decrypted after an application user has successfully authenticated and passed all authorization checks. Authorization checks include verifying the user has the necessary select and update privileges on the application table and checking Database Vault, Label Security and Virtual Private Database enforcement policies.

Existing database backup routines will continue to work, with the data at rest remaining encrypted in the backup. For encryption of entire database backups, TDE can be used in combination with Oracle RMAN.

What is Tablespace Encryption ?

TDE Key Management architectureNew in Oracle Database 11g, the Oracle Advanced Security now includes support for tablespace encryption.

When a tablespace is created through Enterprise Manager or on the command line, an option now exists to specify that the file be encrypted on the file system. When new data is added to the new tablespace using the insert command or datapump, entire tables will be transparently encrypted. When the database reads data blocks from the encrypted tablespace it will transparently decrypt the data blocks.

With this certification, Oracle E-Business Suite environments can be migrated to the latest 11gR2 version of encrypted tablespaces. For more information, see:

This database option is certified for all EBS platforms on which Oracle Database 11.2.0.2 is certified.  You can refer to the Certifications system on My Oracle Support for details about certified EBS platforms for this database release.

Related Articles



Tuesday Jan 18, 2011

Critical Patch Update for January 2011 Now Available

The Critical Patch Update (CPU) for January 2011 was released on January 18, 2011. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported Products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:

The next four Critical Patch Update release dates are:

  • April 19, 2011
  • July 19, 2011
  • October 18, 2011
  • January 17, 2012

Monday Nov 15, 2010

11gR2 11.2.0.2 Database Certified with E-Business Suite

[Jan 20, 2011 Update: Removed erroneous Linux x86-64 SLES 9 database tier reference]

[Nov 18, 2010 Update: Added HP-UX Itanium to the EBS 11i list of pending certifications]


We certified the 11gR2 11.2.0.1 Database with E-Business Suite 11i and EBS 12 late in 2009.  It's taken a little longer than we had hoped to certify 11.2.0.2, the first patchset for the 11gR2 Database.  The reasons: the release cycle for 11.2.0.2 overlapped with our EBS 12.1.3 release cycle, and some of the ports for this patchset weren't released until just before Halloween.  Our Server Technologies team is as-yet working on other ports, too.

I know that some of you have been eager to apply this latest patchset to your E-Business Suite databases, so I'm very pleased to announce that Oracle Database 11gR2 Patchset 1 Version 11.2.0.2 is now certified with the E-Business Suite. 

Screenshot of 11-2-0-2 11gR2 database patchset 1 Patchset 10098816 download page db_11202_screenshot.png

Oracle E-Business Suite Release 11i
Prerequisites
  • Oracle E-Business Suite Release 11.5.10.2
Certified Platforms
  • Linux x86 (Oracle Linux 4, 5)
  • Linux x86 (RHEL 4, 5)
  • Linux x86 (SLES 10)
  • Linux x86-64 (Oracle Linux 4, 5) -- Database-tier only
  • Linux x86-64 (RHEL 4, 5) -- Database-tier only
  • Linux x86-64 (SLES 10--Database-tier only)
  • Oracle Solaris on SPARC (64-bit) (10)
  • Oracle Solaris on x86-64 (64-bit) (10) -- Database-tier only
Pending Platform Certifications
  • Microsoft Windows Server (32-bit)
  • Microsoft Windows Server (64-bit)
  • HP-UX PA-RISC (64-bit)
  • HP-UX Itanium
  • IBM: Linux on System z 
  • IBM AIX on Power Systems
Oracle E-Business Suite Release 12
Prerequisites
  • Oracle E-Business Suite Release 12.0.4 or later; or,
    Oracle E-Business Suite Release 12.1.1 or later
Certified Platforms
  • Linux x86 (Oracle Linux 4, 5)
  • Linux x86 (RHEL 4, 5)
  • Linux x86 (SLES 10)
  • Linux x86-64 (Oracle Linux 4, 5)
  • Linux x86-64 (RHEL 4, 5)
  • Linux x86-64 (SLES 10)
  • Oracle Solaris on SPARC (64-bit) (10)
  • Oracle Solaris on x86-64 (64-bit) (10)  -- Database-tier only
Pending Platform Certifications
  • Microsoft Windows Server (32-bit)
  • Microsoft Windows Server (64-bit)
  • HP-UX PA-RISC (64-bit)
  • IBM: Linux on System z
  • IBM AIX on Power Systems
  • HP-UX Itanium
Database Feature and Option Certifications
The following 11gR2 11.2.0.2 database options and features are supported for use:
Certification of the following database options and features is still underway:
  • Transparent Data Encryption (TDE) Tablespace Encryption 11gR2 version 11.2.0.2
About the pending certifications

Oracle's Revenue Recognition rules prohibit us from discussing certification and release dates, but you're welcome to monitor or subscribe to this blog for updates, which I'll post as soon as soon as they're available.    

EBS 11i References
EBS 12 References
Related Articles
The preceding is intended to outline our general product direction.  It is intended for information purposes only, and may not be incorporated into any contract.   It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision.  The development, release, and timing of any features or functionality described for Oracle's products remains at the sole discretion of Oracle.

Tuesday Oct 12, 2010

Critical Patch Update for October 2010 Now Available

The Critical Patch Update (CPU) for October 2010 was released on October 12th, 2010. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported Products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:

The next four Critical Patch Update release dates are:

  • January 18, 2011
  • April 19, 2011
  • July 19, 2011
  • October 18, 2011

Thursday Jul 22, 2010

EBS Sysadmin Primer: Oracle Identity Management 11gR1

[Editor: This is the third in a multi-part series from Nirzari Raichura, a senior member of our ATG Certification team, on essential Fusion Middleware concepts and tools for the EBS sysadmin]

Oracle Identity Management (OIM) 11gR1 is part of Fusion Middleware 11gR1.   Oracle Identity Management 11gR1 provides the following components as part of its default installation:
Oracle Directory Services Components
  • OID - Oracle Internet Directory
  • DIP -  Oracle Directory Integration Platform
  • OVD - Oracle Virtual Directory
Oracle Identity Federation Components
  • OIF - Oracle Identity Federation
Management Components
  • EM - Enterprise Manager
  • ODSM - Oracle Directory Service Manager

oim_architecture.png
In order to use Oracle Identity Management 11gR1 with E-Business suite, you need OID and DIP products at a minimum.  Oracle Identity Management 11gR1 doesn't contain Oracle Single Sign-on.  You have the choice of either of the following two tools for for authentication: 
  • Oracle Single Sign-On 10gR3
  • Oracle Access Manager 10gR3

Oracle Access Manager 10gR3 is the preferred authentication solution going forward.  However, if you have plans to integrate any other products like Oracle Portal, Forms, Reports or Discoverer with E-Business Suite, you must select the Oracle Single Sign-On 10gR3 option. These products have hard dependencies on Oracle Single Sign-On 10gR3 and cannot be authenticated directly by Oracle Access Manager (you can do so indirectly, but that's a topic for a future article).

If you have already integrated your E-Business Suite environment with Oracle Single Sign-On and Oracle Internet Director 10gR3, you can upgrade Oracle Internet Directory 10gR3 to Oracle Internet Directory 11gR1 (which is part of Oracle Identity Management 11gR1). Your existing integration remains intact after the upgrade.


Oracle Identity Management 11gR1 Integration with E-Business Suite using OSSO 10gR3

Unlike Oracle Internet Directory 10g, which is tightly integrated with with Oracle Application Server 10g and and the Oracle database (to store its metadata repository), Oracle Identity Management 11gR1 provides various integration options. 

There is an option to manage it through the Oracle Fusion Middleware management framework by registering it with a local or a remote WebLogic Server administration domain.  You can do this during installation or via the command-line after installation. As I mentioned in my previous blog article, you can also install and configure it without WebLogic Server. In that case, you can manage Oracle Internet Directory using command-line tools and ODSM.

This table describes the components required for Oracle Identity management 11gR1 installation:

fmw_table.png
Useful Tools to administer and manage OIM 11gR1

OIM11gR1

Tool

Default Value

Oracle Enterprise Manager Fusion Middleware Control

http://host:port/em

Oracle Directory Services Manager (ODSM)

http://host:port/odsm

Oracle WebLogic Server Administrative Console

http://host:port/console/

Command-Line Utilities

OPMN

$ORACLE_INSTANCE/bin/opmnctl

Standard LDAP utilities

ORACLE_HOME/ldap

OIDPASSWD

WebLogic Scripting Tool (wlst)

ORACLE_HOME/common/bin/wlst.sh

OIDCTL For backward compatibility

References

Related Articles

Thursday Jul 15, 2010

Oracle E-Business Suite AccessGate Release 1.0.2 Now Available

We are pleased to announce an update to the Oracle E-Business Suite AccessGate component, which provides integration with Oracle Access Manager 10gR3. The latest version, Release 1.0.2, provides several bug fixes, improved automation, and support for the use of Oracle E-Business Suite portlets. Oracle E-Business Suite AccessGate is available at no charge to customers who have already licensed both Oracle E-Business Suite and Oracle Access Manager.

For those of you that have already deployed Oracle Access Manager elsewhere in your company, we strongly recommend that you evaluate this integration. We believe that this latest release provides improvements in quality and usability over our previous release.

What About Oracle Single Sign-On Server?

If you are running Oracle E-Business Suite today with Oracle Single Sign-On Server (OSSO), you may continue to do so. However, this product is quickly approaching its end-of-life, so we are now recommending that new implementations evaluate Oracle Access Manager for single sign-on authentication. If you are already using Oracle Access Manager today in your enterprise, then now is the perfect time to begin migrating your Oracle E-Business Suite single sign-on to Oracle Access Manager with the help of Oracle E-Business Suite AccessGate.

In my previous article, announcing the initial release of Oracle E-Business Suite AccessGate, we mentioned that some products, such as Oracle Discoverer and Oracle Portal, do not support Oracle Access Manager 10gR3, and continue to require Oracle Single Sign-On Server for single sign-on authentication. That limitation continues to exist, and the latest version of Oracle E-Business Suite AccessGate does not change that. However, as I also noted then, you can "link" the two authentication systems for easier administration.

In this scenario, OSSO can delegate authentication duties to Oracle Access Manager, so users will only see a single UI whenever they are prompted for single sign-on credentials. Once the user is authenticated and it is determined he is authorized to access the requested resource, Oracle Access Manager returns the user's identity in an HTTP header variable, which OSSO recognizes and trusts. OSSO then sets its own single sign-on cookie in the browser without having to ask for another set of credentials.

Prerequisites for Oracle E-Business Suite AccessGate

The requirements for Oracle E-Business Suite AccessGate are unchanged from the original release:

  • E-Business Suite Release 12.1.2, 12.1.1; or,
    E-Business Suite Release 11i 11.5.10 CU2 (with ATG RUP 6 or higher)
  • Oracle Access Manager 10gR3 (10.1.4.3)
  • Oracle Internet Directory 10gR3 (10.1.4.3), or
    Oracle Internet Directory 11gR1 Patchset 1 (11.1.1.2)
  • Oracle WebLogic Server 10.3.1 or higher

And, as before, Oracle E-Business Suite AccessGate is supported on any operating system platform that supports Oracle WebLogic Server 10.3.1. For Oracle Access Manager and its components, such as WebGate, any operating system and HTTP server supported by it may be used for this integration.

References

Related Articles

Wednesday Jul 14, 2010

Critical Patch Update for July 2010 Now Available

The Critical Patch Update (CPU) for July 2010 was released on July 13, 2010. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported Products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:
The next four Critical Patch Update release dates are:
  • October 12, 2010
  • January 18, 2011
  • April 19, 2011
  • July 19, 2011

Wednesday May 19, 2010

TDE Tablespace Encryption 11.2.0.1 Certified with EBS 12

Oracle Advanced Security is an optional licenced Oracle 11g Database add-on.  Oracle Advanced Security Transparent Data Encryption (TDE) offers two different features:  column encryption and tablespace encryption.  11.2.0.1 TDE Column encryption was certified with E-Business Suite 12 as part of our overall 11.2.0.1 database certification.  As of today, 11.2.0.1 TDE Tablespace encryption is now certified with Oracle E-Business Suite Release 12.

What is Transparent Data Encryption (TDE) ?

Advanced_Security_Overview.gif

Oracle Advanced Security Transparent Data Encryption (TDE) allows you to protect data at rest. TDE helps address privacy and PCI requirements by encrypting personally identifiable information (PII) such as Social Security numbers and credit card numbers.

TDE is completely transparent to existing applications with no triggers, views or other application changes required. Data is transparently encrypted when written to disk and transparently decrypted after an application user has successfully authenticated and passed all authorization checks. Authorization checks include verifying the user has the necessary select and update privileges on the application table and checking Database Vault, Label Security and Virtual Private Database enforcement policies.

Existing database backup routines will continue to work, with the data at rest remaining encrypted in the backup. For encryption of entire database backups, TDE can be used in combination with Oracle RMAN.

What is Tablespace Encryption ? TDE_Key_Management_Architecture.png

New in Oracle Database 11g, the Oracle Advanced Security now includes support for tablespace encryption.

When a tablespace is created through Enterprise Manager or on the command line, an option now exists to specify that the file be encrypted on the file system. When new data is added to the new tablespace using the insert command or datapump, entire tables will be transparently encrypted. When the database reads data blocks from the encrypted tablespace it will transparently decrypt the data blocks.

With this certification, Oracle E-Business Suite Release 12 environments can be migrated to the latest 11gR2 11.2.0.1 version of encrypted tablespaces. For more information, please refer to:

Prerequisites

  • Oracle E-Business Suite Release 12.0.4 and higher
  • Oracle E-Business Suite Release 12.1.1 and higher
Platforms certified for Apps 12
  • Linux x86 (Oracle Enterprise Linux 4, 5)
  • Linux x86 (RHEL 4, 5)
  • Linux x86 (SLES 10)
  • Linux x86-64 (Oracle Enterprise Linux 4, 5)
  • Linux x86-64 (RHEL 4, 5)
  • Linux x86-64 (SLES 10)
  • Oracle Solaris on SPARC (64-bit) (Solaris 10) 
  • Oracle Solaris on x86-64 (64-bit)
  • IBM AIX on Power Systems (64-bit) (5.3 and 6.1) 
  • HP-UX Itanium (11.31)
Pending Platform Certifications

Certifications for the following platforms are still underway:
  • HP-UX PA-RISC (64-bit) (11.31)
  • Microsoft Windows Server (32-bit) (2003, 2008) 
  • Microsoft Windows x64 (64-bit) (2003, 2008, 2008 R2)
Oracle's Revenue Recognition rules prohibit us from discussing certification and release dates, but you're welcome to monitor or subscribe to this blog for updates, which I'll post as soon as soon as they're available.   

References

Related Articles


Friday Apr 30, 2010

Database Vault 11gR2 11.2.0.1 Certified with Oracle E-Business Suite

Oracle Database Vault allows security administrators to protect a database from privileged account access to application data.  Database objects can be placed in protected realms, which can be accessed only if a specific set of conditions are met. 

Oracle Database Vault 11gR2 11.2.0.1 is now certified with Oracle E-Business Suite Release 11i and 12.

DBVault11107-new.png
You can now enable Database Vault 11gR2 on your existing E-Business Suite 11.2.0.1 Database instance.  If you already have DB Vault 10gR2 or 11gR1 enabled in your E-Business Suite environment, you can now upgrade to the 11gR2 Database.  We also support EBS patching with Database Vault 11.2.0.1 enabled. Our DB Vault realm creation and grants-related scripts have been updated to reduce patching downtimes.

Prerequisites
  • Oracle E-Business Suite Release 11i 11.5.10.2 or higher
  • Oracle E-Business Suite Release 12.0.4 or higher
  • Oracle E-Business Suite Release 12.1.1 or higher
Certified Platforms for Oracle E-Business Suite Release 12
  • Linux x86 (Oracle Enterprise Linux 4, 5)
  • Linux x86 (RHEL 4, 5)
  • Linux x86 (SLES 10)
  • Linux x86-64 (Oracle Enterprise Linux 4, 5)
  • Linux x86-64 (RHEL 4, 5)
  • Linux x86-64 (SLES 10)
  • Oracle Solaris on SPARC (64-bit) (Solaris 10)
  • Oracle Solaris on x86-64 (64-bit) (Solaris 10) (Database-tier only)
  • IBM AIX on Power Systems (64-bit) (5.3, 6.1)
  • HP-UX Itanium (11.31)
Certified Platforms for Oracle E-Business Suite Release 11i
  • Linux x86 (Oracle Enterprise Linux 4, 5)
  • Linux x86 (RHEL 4, 5)
  • Linux x86 (SLES 10)
  • Linux x86-64 (Oracle Enterprise Linux 4, 5) (Database-tier only)
  • Linux x86-64 (RHEL 4, 5) (Database-tier only)
  • Linux x86-64 (SLES 10) (Database-tier only)
  • Oracle Solaris on SPARC (64-bit) (Solaris 10)
  • Oracle Solaris on x86-64 (64-bit) (Solaris 10) (Database-tier only)
  • IBM AIX on Power Systems (64-bit) (5.3, 6.1)
Certifications still underway

Certifications for the following platforms are still pending.  Oracle's Revenue Recognition rules prohibit us from discussing certification and release dates, but you're welcome to monitor or subscribe to this blog for updates, which I'll post as soon as soon as they're available.   
Pending Platforms for Oracle E-Business Suite Release 12
  • HP-UX PA-RISC (64-bit)
  • Microsoft Windows Server (32-bit)
  • Microsoft Windows x64 (64-bit) (Database-tier only)
Pending Platforms for Oracle E-Business Suite Release 11i
  • HP-UX PA-RISC (64-bit)
  • HP-UX Itanium (Database-tier only)
  • Microsoft Windows Server (32-bit)
  • Microsoft Windows x64 (64-bit) (Database-tier only)
References
Related Articles

Tuesday Apr 13, 2010

Critical Patch Update for April 2010 Now Available

The Critical Patch Update (CPU) for April 2010 was released on April 13, 2010. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported Products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:
The next four Critical Patch Update release dates are:
  • July 13, 2010
  • October 12, 2010
  • January 18, 2011
  • April 19, 2011

TDE Tablespace Encryption 11.2.0.1 Certified with EBS 11i

Oracle Advanced Security is an optional licenced Oracle 11g Database add-on.  Oracle Advanced Security Transparent Data Encryption (TDE) offers two different features:  column encryption and tablespace encryption.  TDE Tablespace Encryption 11.2.0.1 is now certified with Oracle E-Business Suite Release 11i.

What is Transparent Data Encryption (TDE) ?

Advanced_Security_Overview.gif

Oracle Advanced Security Transparent Data Encryption (TDE) allows you to protect data at rest. TDE helps address privacy and PCI requirements by encrypting personally identifiable information (PII) such as Social Security numbers and credit card numbers.

TDE is completely transparent to existing applications with no triggers, views or other application changes required. Data is transparently encrypted when written to disk and transparently decrypted after an application user has successfully authenticated and passed all authorization checks. Authorization checks include verifying the user has the necessary select and update privileges on the application table and checking Database Vault, Label Security and Virtual Private Database enforcement policies.

Existing database backup routines will continue to work, with the data at rest remaining encrypted in the backup. For encryption of entire database backups, TDE can be used in combination with Oracle RMAN.

What is Tablespace Encryption ? TDE_Key_Management_Architecture.png

New in Oracle Database 11g, the Oracle Advanced Security now includes support for tablespace encryption.

When a tablespace is created through Enterprise Manager or on the command line, an option now exists to specify that the file be encrypted on the file system. When new data is added to the new tablespace using the insert command or datapump, entire tables will be transparently encrypted. When the database reads data blocks from the encrypted tablespace it will transparently decrypt the data blocks.

With this certification, Oracle E-Business Suite Release 11i environments can be migrated to the latest 11gR2 version of encrypted tablespaces. For more information, please refer to:

Prerequisites

  • Oracle E-Business Suite Release 11i version 11.5.10.2 or higher

Platforms certified for 11i

  • Linux x86 (Oracle Enterprise Linux 4, 5)
  • Linux x86 (RHEL 4, 5)
  • Linux x86 (SLES 10)
  • Linux x86-64 (Oracle Enterprise Linux 4, 5)
  • Linux x86-64 (RHEL 4, 5)
  • Linux x86-64 (SLES 10)
  • Oracle Solaris on SPARC (64-bit) (Solaris 10)
  • IBM AIX (5.3 and 6.1)

References

Related Articles

Thursday Mar 25, 2010

Oracle Access Manager 10gR3 Certified with E-Business Suite

Oracle Access Manager 10gR3 (10.1.4.3) is now certified for use with E-Business Suite Releases 11.5.10 and 12.1, using the new component, Oracle E-Business Suite AccessGate. For information on how to obtain, install, and configure this new component, see:

About Oracle Access Manager

Oracle Access Manager is Oracle's next-generation identity and access management platform, and is a key component in Oracle's Fusion Middleware Identity Management solution. It provides a set of authentication and authorization features, including support for single sign-on authentication, and integration with other identity management offerings such as Oracle Identity Federation and Oracle Adaptive Access Manager.

Oracle E-Business Suite AccessGate integration architecture


Oracle Access Manager Benefits

Previously, E-Business Suite only supported single sign-on capabilities through Oracle Single Sign-On Server. While it was possible to integrate with Oracle Access Manager, this still required Oracle Single Sign-On Server as an intermediary, and did not allow access to the full feature set of Oracle Access Manager.

With the release of Oracle E-Business Suite AccessGate, this is no longer the case. E-Business Suite AccessGate is a Java EE application that resides on a separate application server, and provides direct integration between E-Business Suite and Oracle Access Manager. This direct integration also opens the door to the full set of authentication features in Oracle Access Manager, as well as integration with other products in Oracle's portfolio, such as Oracle Identity Federation or Oracle Adaptive Access Manager.

I'll be posting another article in the future that describes more about how integration with Oracle Access Manager works through Oracle E-Business Suite AccessGate.

Oracle Access Manager vs. Oracle Single Sign-On Server

Our primary audience for this release of Oracle E-Business Suite AccessGate (and Oracle Access Manager) is users who have Oracle Access Manager deployed in their enterprise, and want to expand its coverage to include E-Business Suite.

E-Business Suite users that are currently integrated with Single Sign-On Server do not necessarily need to migrate to Oracle Access Manager, and, in fact, may not want to at this time, as not all products in the E-Business Suite technology stack support Oracle Access Manager today. Oracle Access Manager and Oracle Single Sign-On Server may be used together, however, and this, too, will be covered in more detail in a future article. For more details from the Fusion Middleware Identity Management team, see:

Prerequisites for Oracle E-Business Suite AccessGate
  • E-Business Suite Release 12.1.2, 12.1.1; or,
    E-Business Suite Release 11i 11.5.10 CU2 (with ATG RUP 6 or higher)
  • Oracle Access Manager 10gR3 (10.1.4.3)
  • Oracle Internet Directory 10gR3 (10.1.4.3) or 11gR1 Patchset 1 (11.1.1.2)
  • Oracle WebLogic Server 10.3.1 or higher

Oracle E-Business Suite AccessGate is supported on any operating system platform that supports Oracle WebLogic Server 10.3.1. For Oracle Access Manager and its components, such as WebGate, any operating system and HTTP server supported by it may be used for this integration.

References

Related Articles


Monday Jan 25, 2010

Switching to Cumulative Critical Patch Updates for E-Business Suite 11i

[Editor:  This article is written by Krishna Kappaganti, a Director in our Applications Technology Integration group.  Krishna is part of the team that produces the quarterly Critical Patch Updates for E-Business Suite.]

oracle_cpu_website.png

Historically with Oracle E-Business Suite Release 11i, you were required to apply individual patches in the order specified in the E-Business suite Critical Patch Updates Knowledge document for that Critical Patch Update (CPU).  If you missed one or more Critical Patch Updates, you needed to review E-Business Suite Critical Patch Updates Knowledge documents related to all those missed CPUs and apply all listed patches one-by-one to come up to the latest required prerequisites.

Compare that process to applying Critical Patch Updates to Oracle E-Business Suite Release 12 (12.0 and 12.1), Oracle Database, and Oracle Fusion Middleware:  those products' CPUs are cumulative.  You can simply apply a single patch that contains all the fixes from previous Oracle security alerts and Critical Patch Updates and be at the latest CPU level.

With the introduction of CPU Cumulative Patches for Oracle E-Business Suite Release 11i10 CU2, starting with CPUJan2010, things have changed in an important way.  E-Business Suite Release 11i sysadmins now have a convenient way of getting up-to-date on the latest Critical Patch Updates with a single patch.

What are CPU Cumulative Patches?

As you might infer from their name, CPU Cumulative Patches include the latest versions of all patches produced for the Oracle E-Business Suite baseline since the beginning of Critical Patch Updates on that baseline.  In other words, they include:
  • Patches contained in prior Critical Patch Updates for Oracle E-Business Suite Release 11i10 CU2 on the baseline
  • Patches from previous Oracle security alerts applicable for Oracle E-Business Suite Release 11i10 CU2 on the baseline
  • Latest patches needed for the present Critical Patch Update

The CPU Cumulative Patches on the Oracle E-Business Suite Release 11i10 CU2 baseline are similar to those produced for Oracle E-Business Suite Release 12 (12.0 and 12.1).

How many Baselines do we have?

There are two baselines available for Oracle E-Business Suite Release 11i10 CU2: ATG RUP 6 and ATG RUP 7.

The CPU Cumulative Patch on Oracle E-Business Suite Release 11i10 CU2 ATG RUP 6 can be applied by all Oracle E-Business Suite Release 11i10 CU2 customers who have applied ATG RUP 6 to their environments.  Similarly the CPU Cumulative Patch on Oracle E-Business Suite Release 11i10 CU2 ATG RUP 7 can be applied by all Oracle E-Business Suite Release 11i10 CU2 customers who have applied ATG RUP 7 to their environments.

Oracle E-Business Suite Release customers on the 11i10 baseline without Consolidated Update 2 continue to receive individual patches for Critical Patch Updates; no cumulative patch exists for that baseline.

[Editor: as of November 2010, EBS 11.5.10 Consolidated Update 2 will be part of the new minimum prerequisites for Extended Support for Apps 11i.  If you're not already running 11.5.10 CU2, you should make plans to apply this patch as soon as possble.]

How to apply the CPU Cumulative Patch

CPU Cumulative Patches can be applied like any other patch. The sequence is:

  1. Review the E-Business Suite CPU Knowledge document for the CPU.
  2. Apply all Database and Fusion Middleware patches applicable following the E-Business Suite CPU Knowledge document instructions and referring the other relevant CPU Knowledge documents.
  3. Identify the applicable Cumulative Patch for your E-Business Suite environment (ATG RUP 6 or ATG RUP 7)
  4. Apply the prerequisite patches following instructions in the README of the CPU Cumulative Patch. Note that the pre-requisite patches may vary depending on the products installed in your E-business Suite environment. It may sometimes be necessary for customers using certain products to move to a minimum supported level for that product.
  5. Apply the CPU Cumulative Patch.
  6. Apply the post-install patches following the instructions in README of the CPU Cumulative Patch. Note that the prerequisite patches may vary depending on the products installed in your E-business Suite environment.
References
Related Articles

Wednesday Jan 13, 2010

AppsDataSource and Java Authentication and Authorization Service for Oracle E-Business Suite

simplified architecture diagram showing client - app tier - database tier

[March 1, 2010: Patch 8571001 also includes extended error logging routines for use with external Java EE programs.  Patch  8571001 hasn't changed, but Note 974949.1 has just been updated to include documentation for error logging, as well as some improvements based on feedback I've been getting.  Keep that feedback coming!]

Oracle Application Object Library recently added new standard Java datasource and Java Authentication and Authorization Service (JAAS) features to Oracle E-Business Suite in Patch 8571001. These features are meant for use with Java EE programs deployed in application servers on external nodes; that is, nodes other than those where Oracle E-Business Suite middle tier is installed. These are lightweight implementations that can be used on an external application server without needing to install an entire Oracle E-Business Suite instance on the application server machine.

These features can be used with either Release 11i or Release 12.  For details, see:

AppsDataSource

The AppsDataSource standard data source enables access to the Oracle E-Business Suite APPS database schema from external Java EE environments without sharing the APPS schema password. Since the APPS database password is typically changed frequently, using these data sources insulates such programs from having to change their authentication information. Using these data sources also helps prevent wide exposure of the APPS password.

Using these standard data sources lets you control access to Oracle E-Business Suite data at the APPS schema level. For example, you can use AppsDataSource with BPEL processes and Oracle Service Bus services in Oracle Fusion Middleware. Within Oracle E-Business Suite, the AppsDataSource is used to control APPS database access as part of the integration of Oracle E-Business Suite with Oracle Access Manager using Oracle E-Business Suite AccessGate.

When using the AppsDataSource feature, access to the APPS database is controlled using a dedicated Oracle E-Business Suite user name and password ("applications user", also known as an "FND user") instead of the APPS password. This allows centralized maintenance of the APPS password and provides additional controls on who can access the APPS account.

Java Authentication and Authorization Service (JAAS)

Oracle E-Business Suite contains a repository of application users (FND users) and their associated roles (authorization for access to certain functional areas of the product). If you are developing a custom or third-party Java EE application to integrate with Oracle E-Business Suite, and you want to use that existing repository of users and roles for authentication and authorization for your Java EE application, you can use the Oracle E-Business Suite implementation of Java Authentication and Authorization Service (JAAS). This feature is intended to secure an HTTP resource or piece of application functionality at the Oracle E-Business Suite user level.

Authenticating a Java application via JAAS

For example, suppose you want to build a Java EE application using Oracle Fusion Middleware to integrate with Oracle E-Business Suite data. You would use both AppsDataSource and JAAS so you can secure who has access to your application functionality based on usernames and roles already in Oracle E-Business Suite.

The following diagram shows the relationship between the AppsDataSource and JAAS features and how users and roles are used in the JAAS and AppsDataSource setups:

Relationship between AppsDataSource and JAAS features and how users and roles are used in their setups

  • There are two different users, A (with Specialist role) and B (with Manager role), accessing a protected custom application (through a URL) on an external application server.
  • The custom application has a web.xml file that allows access for the Manager role as part of the JAAS setup.
  • User A does not have the Manager role, so is not allowed access to the custom application.
  • The external application server has an AppsDataSource set up to allow access to the Oracle E-Business Suite database using the dedicated AppsDataSource user that has the special UMX|APPS_SCHEMA_CONNECT role assigned to the dedicated user.
  • A repository of users and roles resides inside the Oracle E-Business Suite database.

Knowledge Document Topics

The Knowledge" Document 974949.1: "AppsDataSource, Java Authentication and Authorization Service, and Utilities for Oracle E-Business Suite" includes the following topics:

  • Applying Patch 8571001
  • Using Oracle E-Business Suite Data Sources
    • Configuring AppsDataSource on an OC4J Instance and on an Oracle WebLogic Server (WLS) Instance
    • Using AppsDataSource Directly from Java Programs
  • Oracle E-Business Suite Implementation of Java Authentication and Authorization Service (JAAS)
    • JAAS configuration for OC4J and Oracle WebLogic Server
    • Global Access for All Authenticated Oracle E-Business Suite Users
  • Utilities

Lightweight Tools for Java EE Applications

The lightweight implementations of AppsDataSource and JAAS are useful tools for easier integration of custom Java EE applications with Oracle E-Business Suite.

We'll be adding more information to the document about additional Oracle Application Object Library Java features in the coming several months, so check Knowledge" Document 974949.1 every so often. Happy coding!

Related Articles

Critical Patch Update for January 2010 Now Available

[Read More]
About

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
4
5
6
7
8
9
10
11
12
13
14
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today