oracle access manager
DESCRIPTION
OAMTRANSCRIPT
Oracle Single Sign On
Date : 28th Aug 2013
Venue : Group IT
Name : Saroj Subramanian
Department: Group IT
• Overview• Integration with Oracle EBS• Integration with Third party LDAP• Choosing Single Sign On solution for AWR• Q & A
AGENDA
Single sign-on (SSO)is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.
A few SSO options are
•Oracle Access Manager (OAM)•Oracle Application Server Single Sign-On (OSSO)•SAML-based SSO
Overview
OAM delivers various components, primarily grouped into either Access System and Identity Systems. Access system provides
• Centralized authentication• Authorization• Auditing• Secure access across enterprise resources.
Main Components Involved (For EBS):• Oracle Access Manager: 11.1.2.0• Oracle Identity Management: 11.1.1.6• Oracle Access Manager WebGate: 11.1.2.0• Oracle E-Business Suite AccessGate: 1.2• Oracle Fusion Middleware WebTier 11.1.1.7• Oracle Database for RCU: 11.2.0.3• Oracle E-Business Suite Release 12: 12.1.3
Overview
Oracle Access Manager WebGate is a component of Oracle Access Manager that intercepts HTTP requests and redirects them to the Oracle Access Manager server to determine if and how the resources are allowed to be accessed, and to authenticate the current user if authentication is required.
Oracle E-Business Suite AccessGate is a Java EE application responsible for mapping a single sign-on user to an Oracle E-Business Suite user, and creating the Oracle E-Business Suite session for that user. This application is deployed to a WebLogic Server instance, and is separate from Oracle E-Business Suite.
Overview
Integration with Oracle Access Manager 11g is achieved through agents and integration with Oracle E-Business Suite can be performed using one of two methods:
Method 1: Uses the WebGate agent, in conjunction with Oracle E-
Business Suite AccessGate.
Method 2: Uses the mod_osso agent, and is only for users upgrading
from Oracle Single Sign-On Server 10gR3.
Integration with Oracle EBS
Integration with WebGate and Oracle E-Business Suite AccessGate
Why Does EBS Integration with Oracle Access Manager Require Oracle Internet Directory?
Oracle has not certified E-Business Suite with third-party products directly.E-Business Suite has hardcoded dependencies on Oracle Internet Directory for this configuration.These Global Unique Identifiers are generated exclusively by Oracle Internet Directory.
Integration with Third party LDAP
Easy way to get documents into SharePoint rather than saving locally and performing an upload.
Challenges
Software:New technologies.Integration with existing applications.Authentication scheme changes (Centralized).Certification and compatibility.Challenges if integrating to Active Directory.
Hardware:Infrastructure changes.