Oracle E-Business Suite (R12) Integration with OID/OAM 11g



Similar documents
Oracle IDM Integration with E-Business Suite & Middleware Technologies

Oracle E-Business Suite Single Sign On Using Oracle Access Manager

Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1

Oracle Fusion Middleware 11g Release 1 IDM Suite

Robert Honeyman Honeyman IT Consulting.

An Oracle White Paper January Integrating Oracle Application Express with Oracle Access Manager. Revision 1

Oracle Platform Security Services & Authorization Policy Manager. Vinay Shukla July 2010

Oracle Identity Manager (OIM) as Enterprise Security Platform - A Real World Implementation Approach for Success

Integrating OID/SSO with E- Business Suite and Third-Party SSO Solutions. Presented by Paul Jackson (Norman Leach)

DEPLOYMENT GUIDE Version 1.1. Deploying F5 with Oracle Fusion Middleware Identity Management 11gR1

Learn Oracle WebLogic Server 12c Administration For Middleware Administrators

An Oracle White Paper October Frequently Asked Questions for Oracle Forms 11g

1z0-102 Q&A. DEMO Version

Configuring Apache HTTP Server as a Reverse Proxy Server for SAS 9.3 Web Applications Deployed on Oracle WebLogic Server

Oracle WebLogic Foundation of Oracle Fusion Middleware. Lawrence Manickam Toyork Systems Inc

A Beginners Guide to Fusion Middleware

Oracle Access Manager

State of Vermont Guidance on the Re-use of Software Products, Shared Components, and Hosted Platform Environment Capabilities

Management. Oracle Fusion Middleware. 11 g Architecture and. Oracle Press ORACLE. Stephen Lee Gangadhar Konduri. Mc Grauu Hill.

OBIEE 11g Security it s as easy as 1-2-3!

JD Edwards EnterpriseOne 9.1 Clustering Best Practices with Oracle WebLogic Server

Oracle WebLogic Server 11g: Administration Essentials

Securing SAS Web Applications with SiteMinder

Oracle E-Business Suite - Oracle Business Intelligence Enterprise Edition 11g Integration

enterprise^ IBM WebSphere Application Server v7.0 Security "publishing Secure your WebSphere applications with Java EE and JAAS security standards

Integration Guide. SafeNet Authentication Service. Oracle Secure Desktop Using SAS RADIUS OTP Authentication

linux20 (R12 Server) R Single Node SID - TEST linux1 (10gAS Server) Oracle 10gAS ( ) with OID SID - asinf server name

Oracle Business Intelligence Enterprise Edition LDAP-Security Administration. White Paper by Shivaji Sekaramantri November 2008

CA Spectrum and CA Embedded Entitlements Manager

New Security Features in Oracle E-Business Suite 12.2

Oracle EXAM - 1Z Oracle Weblogic Server 11g: System Administration I. Buy Full Product.

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

Oracle WebCenter Content Service for Microsoft Exchange

Agenda. How to configure

White Paper DEPLOYING WDK APPLICATIONS ON WEBLOGIC AND APACHE WEBSERVER CLUSTER CONFIGURED FOR HIGH AVAILABILITY AND LOAD BALANCE

Configuring EPM System for SAML2-based Federation Services SSO

An Oracle White Paper January, Enterprise Manager Cloud Control 12c: Configuring External User Authentication Using Microsoft Active Directory

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

Configuring Apache HTTP Server as a Reverse Proxy Server for SAS 9.2 Web Applications Deployed on BEA WebLogic Server 9.2

Oracle Exam 1z0-102 Oracle Weblogic Server 11g: System Administration I Version: 9.0 [ Total Questions: 111 ]

OBIEE 11g Scaleout & Clustering

Oracle EBS Release 12.2 from A to Z. Real Experience of a Technical Upgrade

WebLogic Server System Administration Top Ten Fundamentals Concepts Session ID# 11579

Configuring Single Sign-On for Documentum Applications with RSA Access Manager Product Suite. Abstract

IBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide

5 Days Course on Oracle WebLogic Server 11g: Administration Essentials

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Oracle Fusion Middleware 11g 10 Reasons to Upgrade

<Insert Picture Here> E-Business Suite Technology Stack Certification Roadmap Steven Chan Senior Director, Applications Technology Integration

Oracle Fusion Middleware. 1 Oracle Identity Management Templates

Migration Best Practices for OpenSSO 8 and SAM 7.1 deployments O R A C L E W H I T E P A P E R M A R C H 2015

OpenAM. 1 open source 1 community experience distilled. Single Sign-On (SSO) tool for securing your web. applications in a fast and easy way

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

Oracle Access Manager. An Oracle White Paper

Oracle Access Manager

Deploying RSA ClearTrust with the FirePass controller

CA Nimsoft Service Desk

Manage Oracle Database Users and Roles Centrally in Active Directory or Sun Directory. Overview August 2008

CA Process Automation

GRAVITYZONE HERE. Deployment Guide VLE Environment

DEPLOYMENT ROADMAP March 2015

Install and Configure Fusion Applications - DBA perspective. Masthan Babu Phani Kottapalli AST Corporation August 14, 2014

Enterprise Manager 12c for Middleware

An Oracle White Paper March Integrating the SharePoint 2007 Adapter with WebCenter Spaces ( & )

CHAPTER 1 - JAVA EE OVERVIEW FOR ADMINISTRATORS

Novell Access Manager

Oracle WebLogic Server 11g Administration

Oracle Identity Analytics Architecture. An Oracle White Paper July 2010

Oracle Fusion Middleware

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Oracle Fusion Middleware

Basic TCP/IP networking knowledge of client/server concepts Basic Linux commands and desktop navigation (if don't know we will cover it )

CA Performance Center

TIBCO Spotfire Platform IT Brief

BusinessObjects Enterprise XI Release 2

INSTALLATION GUIDE VERSION

Oracle Fusion Middleware

Instant Chime for IBM Sametime High Availability Server Guide

Oracle's Hyperion Shared Services. Readme. Purpose. Release

Qualogy M. Schildmeijer. Whitepaper Oracle Exalogic FMW Optimization

DEPLOYMENT GUIDE Version 1.1. Deploying F5 with Oracle Application Server 10g

1Z Oracle Weblogic Server 11g: System Administration I. Version: Demo. Page <<1/7>>

WEBLOGIC SERVER MANAGEMENT PACK ENTERPRISE EDITION

Centralized Oracle Database Authentication and Authorization in a Directory

An Oracle White Paper September Oracle WebLogic Server 12c on Microsoft Windows Azure

SAP NetWeaver Identity Management Identity Services Configuration Guide

TIBCO Administrator User s Guide. Software Release March 2012

Oracle Identity Manager, Oracle Internet Directory

CA Technologies SiteMinder

WebLogic Server Admin

An Oracle White Paper Dec Oracle Access Management Security Token Service

WEBLOGIC ADMINISTRATION

LAE 5.1. Windows Server Installation Guide. Version 1.0

Oracle Managed File Getting Started - Transfer FTP Server to File Table of Contents

DIGIPASS Authentication for GajShield GS Series

Configuring IBM HTTP Server as a Reverse Proxy Server for SAS 9.3 Web Applications Deployed on IBM WebSphere Application Server

Perceptive Experience Single Sign-On Solutions

Transcription:

Oracle E-Business Suite (R12) Integration with OID/OAM 11g By: Atul Kumar & Neha Mittal ebook@onlineappsdba.com 1

Oracle E-Business Suite (R12) integration with OID/OAM 11g Copyright 2011 onlineappsdba.com All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the author and onlineappsdba.com, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor onlineappsdba.com, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. First published: August 2011 Last Update: October 2011 www.onlineappsdba.com 2

To my wife for her unconditional love and support and to my beautiful daughter for keeping mummy occupied and me entertained. Atul Kumar To Mom and Dad Without all your love, faith and support I would not be where I am today Neha Mittal 3

Send Us Your Comments We welcome your comments and suggestions on the quality and usefulness of this ebook. Your feedback is important, and helps us to meet your needs as user of our products. We would like to hear from you about Are the steps mentioned in this book correct and complete? Are the examples correct? Do you need more examples? Did you understand the context of content and the procedures mentioned on this ebook? Does the structure of the information help you with your tasks? Is your issue covered in troubleshooting section? Do you need any further explanation on any topics? If you find any errors or have any other suggestions for improvement, then please tell us page, chapter number by sending an email to ebook@onlineappsdba.com 4

About the Author Atul Kumar is an Oracle ACE and co-founder of Focusthread. Within the partnership, he works as a Consultant/Technical Architect. He has more than 11 years of experience working on Oracle Database, Oracle Applications DBA, and Oracle Fusion Middleware including Oracle Identity and Access Management. He is the technical architect, designing and implementing complex systems with high availability and disaster recovery. Atul Kumar also maintains a famous website http://onlineappsdba.com dedicated to Oracle Apps DBAs covering a vast range of Oracle products including Oracle E-Business Suite, OID, OVD, OAM, OIM, SSO, WebLogic, SOA, WebCenter, UCM, OHS, and Fusion applications. He is the author of another book Oracle Identity and Access Manager 11g for Administrators, for administrators and Technical Architects. Neha Mittal has more than 5 years of experience in designing and building enterprise-scale infrastructure systems for numerous global organizations and various commercial vendors. Her area of expertize ranges over Oracle E-Business Suite, WebLogic, UCM, Webcenter, OBIEE, OHS, OAM, OIM, SSO and Fusion Applications. Apart from the consultancy services, she is a partner in global IT firm where she leads the company's multi-national infrastructure development teams and specializes in database-driven line-of-business applications, Enterprise Solutions, and collaboration tools. Neha has Engineering degree in Electrical and attended executive Business Management program from IMT, India. If you would like to hire Neha Mittal for any of the services she offer, then get in touch to discuss more at neha@onlineappsdba.com. 5

Table of Contents 1 Introduction... 9 1.1 OAM EBS Integration Components... 10 1.1.1 Oracle Internet Directory (OID)... 10 1.1.2 Directory Integration Platform (DIP)... 10 1.1.3 Oracle Directory Services Manager (ODSM)... 10 1.1.4 Oracle WebLogic Server (WLS)... 10 1.1.5 Oracle Access Manager (OAM)... 11 1.1.6 Oracle HTTP Server (OHS)... 11 1.1.7 Web Gate... 11 1.1.8 mod_wl_ohs... 12 1.1.9 Oracle E-Business Suite Access Gate... 12 1.1.10 Profile Option... 12 1.2 Request flow for E-Business Suite integrated with Oracle Access Manager... 14 1.3 High Level Steps to integrate Oracle EBS R12 with OAM for Single Sign-On... 16 1.4 Installation Assumption... 17 2 Install OID/DIP/ODSM... 18 2.1 Prerequisite Step... 19 2.2 Installing JDK... 20 2.3 Install Weblogic 10.3.4... 24 2.4 Install OID 11.1.1.2... 31 2.5 Patch OID to 11.1.1.4... 36 2.6 Configuring OID Domain... 41 2.6.1 Test ODSM Configuration... 52 3 Install OAM... 55 3.1 Install JDK 1.6.0_24 for OAM... 56 3.2 Installing Weblogic 10.3.3... 57 3.3 Installing Schema for OAM using RCU... 62 3.4 Install OAM 11.1.1.3 software... 70 3.5 Configure OAM application... 76 3.6 Start Node Manager & Admin Server for OAM Domain... 87 3.7 Start Managed Server for OAM Domain... 89 3.8 Verify that OAM Managed Servers are RUNNING... 90 4 Integrate OAM with OID... 92 4.1 Create OAM Administrator user and group in OID... 93 4.2 Configure OID as identity Store in OAM... 94 4.3 Apply Patch BP02 for OAM 11g R1 (10368022)... 99 5 Integrate EBS with OID... 103 5.1 Register Instance with OID... 104 5.2 Register EBS with OID... 105 6

5.3 Set Profile option in E-Business Suite... 107 5.4 Test OID to EBS User Creation... 108 6 Install OHS Server... 110 6.1 Install Webtier 11.1.1.2 software... 111 6.2 Apply Webtier 11.1.1.4 patch... 116 6.3 Configure OHS... 121 7 Install WebGate... 127 7.1 Provision WebGate in OAM Server... 128 7.2 Install 10g Web Gate with OHS 11g... 131 8 Deploy EBS AccessGate... 147 8.1 Register External Node on which EBS AccessGate is to be deployed... 148 8.2 Create Managed Server for EBS Access Gate... 149 8.3 Deploy EBS AccessGate... 152 8.4 Configure OHS to forward request to WebLogic hosting EBS AccessGate... 155 8.5 Configure EBS Authentication Module/Scheme in OAM Console... 157 8.6 Update Authentication Policy for Application Domain prdr12_agent... 160 8.7 Configure Global log-out for EBS... 164 9 FAQ... 165 9.1 Architecture/Installation/Deployment FAQ... 166 9.2 OAM FAQ... 168 9.3 WebLogic FAQ... 170 9.4 EBS-OID FAQ... 171 9.5 OAM Integration with other external applications... 174 9.6 WebGate FAQ s... 175 10 Troubleshooting... 177 10.1 EBS-OID synchronization issue... 178 10.2 Access Gate Deployment issues... 182 11 References... 188 7

Preface Oracle E-Business Suite (R12) integration with OID/OAM 11g covers steps to installation OID 11g, OAM 11g, OHS 11g, WebGate 10g. This book also covers integration of OID-OAM, OID- EBS, and OAM-EBS for Single Sign-On including deployment of EBS AccessGate, FAQ for EBS-OID-OAM integration and troubleshooting tips. You can contact us as ebook@onlineappsdba.com if you are having a problem with any aspect of the book, and we will do our best to address it. What this book covers Chapter 1, Introduction, covers overview of various components like OID, DIP, ODSM, WebLogic Server, OHS, AccessGate and key profile options used in this EBS (R12) integration with OID/OAM for Single Sign-On Chapter 2, Install OID/DIP/ODSM, covers installation of WebLogic Server, OID, DIP, and ODSM. This chapter also covers patching OID to 11.1.1.4 and create configure WebLogic Domain to deploy DIP, ODSM, EM and WebLogic Console Application. Chapter 3, Install OAM, covers installation of WebLogic and OAM Server. This chapter also covers steps to create WebLogic Domain and deploy OAM Application. Chapter 4, Integrate OAM with OID, covers steps to integrate OAM with OID to configure OID as OAM s primary identity store. This chapter also covers apply 11.1.1.3.2 patch to OAM 11g which is prerequisite for OAM-EBS integration. Chapter 5, Integrate EBS with OID, covers integration of E-Business Suite with Oracle Internet Directory (OID) for user synchronization. Chapter 6, Install OHS, covers installation of Oracle HTTP Server (OHS) and patching OHS to 11.1.1.4 version. Chapter 7, Install WebGate, covers configuring WebGate instance using Remote Registration (RREG) tool and installation of 10g WebGate with Oracle HTTP Server (OHS). Chapter 8, Deploy EBS AccessGate, covers deploying EBS AccessGate on WebLogic server, configuring mod_wl_ohs, and global logout for EBS-OAM integration. Chapter 9, FAQ, covers frequently asked questions aroun integration E-Business Suite with OAM/IOID and common questions like how to find versions, how to find patches applied. Chapter 10, Troubleshooting, covers troubleshooting various integration points. Chapter 11, References, covers My Oracle Support Notes, Links to various blogs and websites, and books referred for integration. 8

1 Introduction E-Business Suite (EBS) integration with Oracle Access Manager (OAM) for Single Sign-On (SSO) involves integrating EBS with Oracle Internet Directory (OID) for user synchronization, pointing OAM s identity store to use OID, and delegating EBS authentication to OAM. This chapter is overview of components used in integration and request flow. In this chapter we will cover EBS-OAM Integration Components EBS Authentication request flow High-level integration steps Installation assumption used in this book 9

1.1 OAM EBS Integration Components In order to understand Oracle Access Manager (OAM) integration with Oracle E-Business Suite, let us first understand various components that are part of OAM-EBS integration. 1.1.1 Oracle Internet Directory (OID) Oracle Internet Directory (OID) is Lightweight Directory Access Protocol (LDAP) server from Oracle where all enterprise users are stored. Users in OID are synchronized with users in E- Business Suite (EBS) using Directory Integration Platform (DIP). Oracle Access Manager (OAM) should use OID (or Oracle Virtual Directory- OVD pointing to this OID) as its identity store for authentication. 1.1.2 Directory Integration Platform (DIP) Directory Integration Platform (DIP) 11g is J2EE application deployed on WebLogic server and used for provisioning/synchronization of users/groups across other LDAP servers and applications. DIP consists of two type of engine, Synchronization and Provisioning. Synchronization component is used to sync users/groups between OID and other LDAP servers like Microsoft Active Directory (MS-AD) or IBM Directory Server. Provisioning is used to sync OID with applications like EBS, Portal, Collaboration Suite. For user synchronization between OID and EBS, DIP uses its provisioning component. 1.1.3 Oracle Directory Services Manager (ODSM) Oracle Directory Services Manager (ODSM) is a web application deployed on WebLogic server and used to manage OID using web browser. Using ODSM you can configure/manage OID, and create/delete users/groups. 1.1.4 Oracle WebLogic Server (WLS) Oracle WebLogic Server (WLS) is J2EE Application Server from Oracle. WebLogic Domain is logical component in which all resources (Admin Server, Managed Server, Java Database Connectivity(JDBC), Java Messaging Server(JMS)) are deployed/configured. WebLogic Domain consists of one and only one Admin Server and zero or more managed server. In EBS- OAM deployment we will install two WebLogic Servers and two WebLogic Domain (one per installation). First WebLogic Installation (version 10.3.4) with Weblogic Domain will run DIP & ODSM Application (explained above). Second WebLogic Installation (version 10.3.3) with WebLogic Doamin will run OAM Server and EBS AccessGate (EBS-AG). It is possible to configure OAM Server on one WebLogic domain and EBS AccessGate on another WebLogic 10

Domain. The reason to select two different WebLogic versions a)10.3.4 WebLogic (for ODSM/DIP) and b) WebLogic 10.3..3 (for OAM) is because DIP/ODSM are from IDM 11.1.1.4 software where as OAM is from IAM 11.1.1.3 software. EBS AccessGate can be deployed in either 10.3.3 or 10.3.4 WebLogic server. If you wish to install OID 11.1.1.3 then all components (DIP/ODSM/OAM/EBS-AG) can be installed using single WebLogic server (10.3.3) and in single domain. 1.1.5 Oracle Access Manager (OAM) Oracle Access Manager is a J2EE application deployed on Weblogic Server and used as Authentication & Authorization Server. OAM Server consists of OAM Server deployed on WebLogic Managed Server (default port 14100). There is OAM-Proxy server running in background on default port 5575. Agents (WebGate) connect to OAM-Proxy Port OAMConsole is web application deployed on WebLogic Admin Server (default port 7001). OAM Console application is used to manage configuration, and define/manage policies, authentication schemes. OAM Configuration is stored in XML file (oam-config.xml) on server and contains all OAM configuration like servername, port, webgate details, audit store details. OAM Policy Store is a repository (database) which stores policy (details like which URL is protected and using what authentication/authorization schemes) 1.1.6 Oracle HTTP Server (OHS) Oracle HTTP Server is a Web Server from Oracle on which Web Gate is deployed. Users are redirected from EBS Middle Tier to this server for authentication (URL of this server is configured in EBS Profile option Application Authentication Agent ). OHS acts as proxy server to WebLogic Server on which EBS AccessGate (EBS-AG) is deployed. This OHS server also has mod_wl_ohs configured to forward request to WebLogic Server where Oracle E- Business Suite AccessGate (EBS-AG) is deployed. E-Business Suite R12 comes with its own OHS server, OHS server mentioned here is different OHS server than one shipped with EBS R12 technology stack. 1.1.7 Web Gate Web Gate is a web server plug-in (deployed with WebServer like Apache, OHS, IHS) which intercepts user's request and send it to Oracle Access Manager Server to check if user is authenticated/authorised to access requested resource. Web Gate is installed on same machine as WebServer (OHS) and webgate configuration settings are pointed OHS configuration file (httpd.conf). For Web Gate to work an instance of Web Gate must be configured in OAM Server using Remote Registration (REG) utility or OAMConsole and Web Gate must be installed with OHS using same user as OHS. 11

1.1.8 mod_wl_ohs This is module in Oracle HTTP Server (OHS) which forward request from OHS to WebLogic Server as defined in mod_wl_ohs.conf 1.1.9 Oracle E-Business Suite Access Gate EBS AccessGate (EBS-AG) is a Java EE Application that maps a Single Sign-On user (authenticated via OAM) to an Oracle E-Business Suite user (stored in FND_USER table), and creates E-Business Suite session for that user. EBS-AG is deployed on WebLogic Server using ANT script which creates a web application and JDBC connection to EBS Database. Login Page for E-Business Suite is also configured as part of EBS AG. There are currently two version of E- Business Suite Access Gate i.e. 1.0.2 is certified with OAM 10g R3 where as for OAM 11g R1 you should use Oracle E-Business Suite Access Gate 1.1.0.0. Oracle E-Business Suite Access Gate 1.1.0.0 is available via patch 10124068. If WebLogic Server (which hosts EBS-AG) is on different machine than EBS Middle Tier then you must register node (hosting EBS-AG) in EBS database, create DBC file and use this DBC file during EBS AccessGate deployment. 1.1.10 Profile Option Profile Option is used in E-Business Suite to update behaviour of environment, two profile option which are used in Oracle E-Business Suite are Application SSO Type and Application Authentication Agent Application SSO Type (APPS_SSO) - This profile option can be set only at site level from one of four values SSWA, Portal, SSWA w/sso or Portal w/sso. To inform E- Business Suite that Single Sign-On is configured and redirect user to Single Sign-On Page and not to Local Login page, set this profile option to either SSWA w/sso or Portal w/sso Application Authentication Agent (APPS_AUTH_AGENT) - When this profile option is set with "Application SSO Type", user is redirected page generated from this profile option. Lets assume value of profile option "Application SSO Type" is set to http://ohsserver:ohsport/ebsauth_dev/, then user will be redirected to page http://ohsserver:ohsport/ebsauth_dev/oamlogin.jsp. Value of profile option "Application Authentication Agent " is set to format http://server:port/<context_root> where server is name of server where Oracle HTTP Server (OHS) with Web Gate is installed, port is OHS Listen Port and context_root is context root defined during AccessGate configuration. 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information