Oracle E-Business Suite Single Sign On Using Oracle Access Manager Session ID#: 301 Prepared by: Pierre Paniagua Consultant AST Corporation REMINDER Check in on the COLLABORATE mobile app
About Pierre Paniagua
Pierre Paniagua Worked with Oracle Products for over 2 years Successfully implemented EBS SSO using OAM at College of American Pathologists in multiple environments Supporting the entire IDM implementation at CAP involving OID, OVD, OAM, OIM and OES. Race Car Driver Problem Solver Think outside the box
Deepak Sharma More than 8 years in the IT industry Certified in Oracle Identity Governance Suite Certified Oracle SOA Suite Implementation Specialist Several Successful IDM and SOA Implementations
About AST Corporation
Specialized. Recognized. Preferred. The right partner makes all the difference. Our Services Oracle Partnership Oracle Specialized E-Business Suite Oracle Platinum Partner EBS Financial Management Business Intelligence/EPM Fusion Middleware CRM Managed Services Oracle University Project Advisory Services Pillar Partner SOA Business Intelligence Hyperion Oracle University Approved Education Center Oracle University Reseller Oracle Accelerator Implementer Certified OnDemand Implementer Small Business Strategy Council EBS Supply Chain Management EBS Human Capital Management BI Applications BI Foundation Hyperion Planning Service Oriented Architecture Application Development Framework Database Public Sector Oracle Excellence/Titan Award Winner 2013, 2011 & 2009 2011 Inc. Top Small Company Workplaces 2013, 2012 Inc. 5000 Fastest Growing Companies 2012 Best & Brightest Companies to Work For
Agenda Overview of IAM Suite Why SSO? Define Apply Questions
Oracle IAM Suite - Overview Access Control Oracle Access Manager Oracle Enterprise Single Sign-On Oracle Identity Federation Oracle Web Services Manager Oracle Adaptive Access Manager Identity Administration Oracle Identity Manager Oracle Identity Analytics Oracle Privileged Accounts Manager Audit & Compliance Directory Services Oracle Virtual Directory Oracle Internet Directory (with Directory Integration Platform) Oracle Unified Directory Oracle Identity & Access Management Suite
Why SSO? This is a subtitle or bulleted list
Why SSO? SSO is SSO Single Sign-On Eliminate the headache For end user Fluid workflow
Define Define basic steps needed
Define DBA Administrator EBS Tasks IAM Administrator OAM Configurations IDM Administrator OID Tasks
Apply This is a subtitle or bulleted list
Overview
Overview - AppDirector User Requests EBS AppDirector splits traffic
Overview OHS to OAM From AppDirector to OHS From OHS to OAM
Overview OAM to OID OAM Communicates to OID Communication via Identity Store OAM validates the user credentials against OID
Overview OAM to EBS Access Gate OAM Session Created OHS Proxy redirect EBS Access Gate EBS Database Details
Overview Whole Picture
Key Components EBS Profile Options OHS Oracle HTTP Server Web Gate Access Gate OID Oracle Internet Directory Oracle Weblogic Server
Software Required Access Management: Single Sign-On 1) Oracle Access Manager 2) Oracle Internet Directory 3) OHS Oracle HTTP Server & Web Gate 4) Access Gate
Apply DBA Administrator DBC File Service Account for OAM EBS Profile Options IAM Administrator EBS Access Gate EBS Data Source EBS FNDAUTH.WAR OHS / WebGate Configurations OAM Configurations IDM Administrator Return ORCLGUID from OID TEAMWORK!
Apply DBA Administrator FND Patch FND User No Responsibility OAM11GLOGIN Apps Schema Connect Role DBC File for the EBS Instance Activate the application server security system EBS Profile Options
Apply IAM Administrator Install EBS Access Gate $MW_HOME/appsutil/accessgate/ebsxxx Install EBS Data Source Deploy FNDAUTH.WAR Configure OHS Integrate with OAM Proxy Redirection Configure Global Logout Configure OAM Define Identity Store Authentication Scheme Application Domain Authentication Policies
Apply IAM Administrator Cont. Install EBS Access Gate Obtain patch for your EBS Instance Create /appsutil/accessgate/ebsxxx under $MW_HOME Copy contents of patch to /appsutil/accessgate/ebsxxx folder Copy over fndext.jar to $DOMAIN_HOME/lib Bounce WLS Admin Server Note: A separate /ebsxxx/ folder is required per EBS Instance of the same version
Apply IAM Administrator Cont. Install EBS Data Source From within either (or both) IAM / IDM WLS Admin DS_EBS JNDI: jdbc/ds_ebs Connection Pool URL: jdbc:oracle:thin:@hostname:port:service_name Driver Class Name: oracle.apps.fnd.ext.jdbc.datasource.appsdatasource Properties: user=oam11glogin dbcfile=/opt/ora/iamxxx/middleware/appsutil/accessgate/ebsxxx Password: xxx Test Connection on Reserved: Checked Maximum Capacity: 200 Test Data Source
Apply IAM Administrator Cont. Deploy FNDAUTH.WAR Install FNDAUTH.WAR from / /appsutil/accessgate/ebsxxx folder Use the overhauled Plan.XML as part of the deployment Deploy on Admin server (IAM / IDM Admin) Make the context root: /fndauth Context root must be unique per EBS Instance Bounce Admin Server Clear cache and tmp folders for changes to take effect
Apply IAM Administrator Cont. Configure OHS Set Environment Variables Register WebGate 11g on Oracle Access Manager 11g Configure redirection between OHS and Weblogic Server Instance Configure EBS.conf file / /OHS/ohs1/modfuleconf Proxy redirection Global Logout
Apply IAM Administrator Cont. Configure OAM Define OID Identity Store Verify/Configure Host Identifier Create Authentication Module Create Authentication Scheme Configure Application Domain Modify Authentication Policies Define Policy Responses Modify Authorization Policies Define Policy Responses
Apply IDM Administrator LDIF File Creation Execute LDIF OID_dsaconfig.ldif Return ORCLGUID for lookup requests Install EBS Access Gate $MW_HOME/appsutil/accessgate Install EBS Data Source Deploy FNDAUTH.WAR
Summary What did we learn? White Paper
QUESTIONS? This is a subtitle or bulleted list
Please complete the session evaluation Session ID: 301 We appreciate your feedback and insight You may complete the session evaluation either on paper or online via the mobile app
Thank You. Pierre Paniagua ppaniagua@astcorporation.com