Best Best Practices Practices FFoorr Implementing ... Best Best Practices Practices FFoorr...

download Best Best Practices Practices FFoorr Implementing ... Best Best Practices Practices FFoorr Implementing

of 9

  • date post

    24-Mar-2020
  • Category

    Documents

  • view

    14
  • download

    0

Embed Size (px)

Transcript of Best Best Practices Practices FFoorr Implementing ... Best Best Practices Practices FFoorr...

  • Best Best Practices Practices FFor or

    Implementing Implementing SSO SSO

    on on EBS R12EBS R12

    August 09

    Milton Estrada

    Technical Management Consultant

    estradam@tusc.com

  • AgendaAgenda

    � Overview

    � Features and Supported Architectures

    � Components and Build Versions

    � Implement Single Sign-On Support for EBS R12

    � Know Issues

    August 09 / Slide 2 / EBSR12 SSO

    � Know Issues

    � Q/A

    � References

  • OverviewOverview � This presentation will cover the integration of Oracle Application Server 10g Enterprise

    Edition with Oracle E-Business Suite R12

    � The following services running on external servers to EBS R12 are supported: � Oracle Single Sign-On (SSO) 10g

    � Oracle Internet Directory (OID) 10g

    � Oracle Portal 10g

    � Oracle Discoverer 10g

    � Oracle Web Cache 10g

    � Third party single sign-on solutions

    � Third party Lightweight Directory Access Protocol (LDAP) directories

    August 09 / Slide 3 / EBS R12 SSO

    � Third party Lightweight Directory Access Protocol (LDAP) directories

    � These services may run: � One or more standalone servers external to existing EBS R12 environment

    � In separate Oracle Homes on existing EBS R12 Servers

    � These services may not run: � In the existing EBS R12 Application Server 10g 10.1.2 Oracle Home for the Forms and Reports

    � In the existing EBS R12 Application Server 10g 10.1.3 Oracle Home for the Web and Java services

    � For more information about EBS R12 Architectures see Oracle Applications Concepts, Release 12 (Part N0. B31450-01)

  • Features and Supported ArchitecturesFeatures and Supported Architectures � Accessing EBS R12 with SSO

    � Oracle Application Server 10g (10.1.4.0.1), Oracle Internet Directory and Oracle Single Sign-On Server are required to enable SSO functionality for EBS R12

    � Implementing SSO for EBS R12 allows organizations to share one user definition throughout multiple parts of the enterprise

    � For EBS R12 mod_osso is used for SSO authentication, replacing SSO SDK used in previous versions

    � SSO for EBS R12 also support Single Sign-Off, which allow users to simultaneously terminate all active partner applications

    � Integration with Third-Party Access Management Systems and LDAP Directories � Organizations can use their existing third-party access management system to integrate with SSO.

    August 09 / Slide 4 / EBS R12 SSO

    � Organizations can use their existing third-party access management system to integrate with SSO. With this method SSO becomes a partner application to the third-party system, delegating the authentication process to it.

    � Organizations that have standardized on third-party LDAP directories can optionally integrate that

    with Oracle Internet Directory (OID).

  • Components and Build VersionsComponents and Build Versions Components listed below most be used when integrating EBS R12 with SSO

    � Oracle E-Business Suite R12

    Component Name Release

    Oracle E-Business Release 12 12.0.X to 12.1.1.X

    Oracle 10g Application Server 10.1.2

    Oracle 10g Application Server 10.1.3

    Oracle Developer 10g (Includes Oracle Forms) 10.1.2

    August 09 / Slide 5 / EBS R12 SSO

    • Oracle Application Server 10g Enterprise Edition

    Component Name Release

    Oracle Single Sign-On 10g 10.1.4.3.0

    Oracle Internet Directory 10g 10.1.4.3.0

    Oracle Portal 10g (optional) 10.1.4.2.0

    Oracle Web Cache 10g (optional) 10.1.2.3.0

    Oracle Discoverer 10g (optional) 10.1.2.3.0

  • Implement Single SignImplement Single Sign--On Support for EBS R12On Support for EBS R12 � SSO Task 1: Install E-Business Suite SSO 10g Integration patch

    � If you are using IBM/AIX for EBS R12, apply patch 5855635 to 10.1.3 Oracle Home

    � SSO Task 2: Configure Oracle Identity Management 10g (10.1.4.x) Components with EBS R12 � Chose registration type – Default (simple) or Advanced

    � Compile Parameter List Check List

    � Refresh environment settings

    � Check that TWO_TASK variable is set correctly

    � Run the Registration Script o $FND_TOP/bin/txkrun.pl -script=SetSSOReg

    � Restart Middle-Tier Services

    August 09 / Slide 6 / EBS R12 SSO

    � Restart Middle-Tier Services

    � SSO Task 3: Validate that Single Sign-On is Working Correctly � Run the Diagnostic Utility

    o Login locally to the E-Business Suite by opening http[s]://[:port]/OA_HTML/AppsLocalLogin.jsp

    o Launch Diagnostics

    o Run SSO Diagnostics

    o Run OID Diagnostics

    � Verify SSO Integration with Oracle E-Business Suite o http://[host]:[port]/OA_HTML/AppsLogin

    � Verify that SSO is correctly integrated with OID

    o $ORACLE_HOME/ldap/odi/log

  • Know IssuesKnow Issues • ORA-20001: Unable to call fnd_ldap_wrapper.update_user

    � Update 10.1.3_OH/Apache/Apache/bin/iasobf file and set ORACLE_HOME variable

    � Deregister/register instance again

    • To stop “Customer” field from been populated disable following business views: � For business event oracle.apps.fnd.identity.add disable subscription

    fnd_oid_subscriptions.hz_identity_add

    � For business event oracle.apps.fnd.identity.modify disable subscription fnd_oid_subscriptions.hz_identity_modify

    � For business event oracle.apps.fnd.subscription.add disable subscription fnd_oid_subscriptions.hz_subscription_add

    August 09 / Slide 7 / EBS R12 SSO

    fnd_oid_subscriptions.hz_subscription_add

    • To allow a user to bypass SSO authentication � Set system profile option “Applications SSO Login Types” to “Local” at user level

    � Use http://[host]:[port]/OA_HTML/AppsLogin URL

    • When Cloning run command listed below on target instance before registering with SSO/OID

    � $FND_TOP/bin/txkrun.pl -script=SetSSOReg -removereferences=Yes

  • Q/A

    August 09 / Slide 8 / EBS R12 SSO

  • ReferencesReferences

    � Oracle Metalink Note ID 376811.1 Titled “Integrating Oracle E- Business Suite Release 12 with 10g AS Oracle Internet Directory and Oracle Single Sign-On”

    August 09 / Slide 9 / EBS R12 SSO