E-Business Suite Integration with Oracle Identity Federation for SAML
Has anyone developed a way to use OIF for e-Business Suite authentication through SAML rather than using the standard Identity Management stack of apps?
Today we have Oracle e-Business Suite 115.10.2 using OSSO through OID with WNA for zero sign-on (no login, just pass-through, based on AD credentials). Our domain controllers are Windows 2003 but we are in the process of upgrading them to Windows 2008 R2, where the OSSO stack is not supported unless we globally set the 2008 R2 domain controllers to use DES encryption instead of the default AES encryption. (See Oracle note 1076018.1)
When deploying OSSO, we encountered a similar issue with Windows 7 workstations would not work with OSSO unless we set the workstation policy not to use AES encryption. (See Oracle note 973190.1)
We are not inclined to continue to use DES encryption and we have obstacles moving to 11g iDM/OAM/OID from OSSO. I am exploring the possibility continuing to keep one 2003 domain controller in production, and pointing OSSO to that, until we can move to the 11g iDM stack.
Meanwhile, we have ongoing frustration with how complicated SSO is with the e-Business Suite. Sure, it works, once you climb the mountain to set it up, and we don't have that many issues in production. But the implementation of SSO for e-Business Suite is simply complex. The trip from the workstation back to an EBS session is operationally somewhat brittle. I guess some of us relish complexity. Certainly there is pride in understanding something like this. But, after a while, when the trickle of tickets from the Help Desk never completely dries up, you get tired of complexity and you seek something simpler.
So, instead of this path:
Workstation > EBS > OID > AD / Kerberos > Workstation
(and I didn't even mention F5 switch with reverse proxy servers ...)
Why can't we have this?
Workstation with certificate > OIF with SAML > EBS session.
Has anyone done that?
Thank you for your help.
Hello JJ,
We are facing the same issue. Oracle has recommanded us to install
HTML-DB on the same database as our Apps 11i.
What we still have to figure out is whether is use APPS schema for the
HTML-DB workspaces, or use a different schema.
How is it configured at your site?
Moshe
Similar Messages
-
E-Business Suite Integration with Oracle Business Intelligence
Hi,
To integrate E-Business Suite with Oracle Business Intelligence I have done all the configurations as specified in DocId. *552735.1* of Metalink. I have tested the configurations by logging in from EBS and navigating to OBIEE Presentation Services. I'm able to navigate with no errors but not able to view Subject Areas in the Answers link. I'm testing this with 'Administrator' user. When I directly login to Presentation Serivices with the Administrator user I'm able to see the Subject Areas.
Can anyone have idea what is the problem?
Thanks in Advance,Hi,
Think I spotted the problem - probably specific to OBIA 7.9.5.
There is no "Authorization" initialization block: in previous incarnations (e.g. OBIA 7.9.4 and earlier I guess) there was a FndGetResp intialization block that assigned a value to the OBIEE "GROUP" system variable.
So I did the following and now I'm getting Subject Areas and Answers answers, but Dashboards still not working for me - maybe another issue.
1. Create system variable GROUP, temporarily with initialization block "Authentication"
2. Create initialization block "EBS Responsibility to Group" with query (note I've modified based on new session variable name RESP_ID goes to OLTP_EBS_RESP_ID in 7.9.5):
SELECT RESPONSIBILITY_KEY
FROM FND_RESPONSIBILITY
WHERE RESPONSIBILITY_ID = 'valueof(NQ_SESSION.OLTP_EBS_RESP_ID)'
Set the execution precendence to include EBS Security Context and EBS Single Sign-On Integration
NB: Had to create dummy variable GROUP_TMP for the "OK" button to come up, will replace that with real GROUP in next steps
3. Go back and edit System variable GROUP and change initialization block to EBS Responsibility to Group
4. Go back and edit initialization block EBS Responsibility to Group and remove variable GROUP_TMP
5. Created an OBIEE Group with name = responsibility key e.g. for my "SBA Administrator" responsibility, key = "SBA_ADMIN_KEY", so I created group named "SBA_ADMIN_KEY"
6. Made your new group (e.g. SBA_ADMIN_KEY) a member of the Administrators Group
7. Copy across rpd and restart sa / saw
Still awaiting response from Oracle Support ... so no guarantees this is correct and no guarantees that it won't break something else that Oracle suggests later!
Regards,
Gareth -
Coherence integration with oracle weblogic portal for Session management
Could you please let me know how to configure coherence integration with oracle weblogic portal for Session management. Its very urgent. please help.
Please take a look at the following web page -
http://coherence.oracle.com/display/COH35UG/Coherence*Web+Session+Management+Module
-Luk -
Java class integration with Oracle Identity Manager 9.1.0.2
Hello Friends,
I have a java class that is responsible for sending notifications, my question is how do the relationship of this class with the Oracle Identity Manager 9.1.0.2 so you can take the class and notify users when an application is approved or rejected.
Any recommendation for this process.
Thanks for the support
Edited by: JLK on Jun 12, 2012 5:20 PMHi
Java class integration with OIM happen through concept of adapters. You can go through OIM documentation of how to create adapters.
In your case you should create a process task adapetrs adn attach it on the Approved response code in your approval process.
Desingn Console --> Process management --> Process definition --> <Apprlication Process Ex: AD User>.
Alternatively you can also send notification using OIM OOTB email templates.
Regards
user12841694 -
Interoperability of Shibboleth 2.0 with Oracle Identity Federation (OIF)
Hi,
I am in the process of selecting an identity federation product to interact eventually, both as an IdP and a SP, with a "pure Shibboleth" federation. I know the easiest, most obvious solution would be to go with Shibboleth as well, but after a comparative analysis, it seems that OIF would better fit (internally) my needs than Shibboleth, so here comes my question :
Has anybody successfully made OIF 11g and Shibboleth 2.0 interoperate yet ?
I work in the higher education vertical, and it would help me a lot to justify the budget for a POC if I'd knew it can be done...
Cheers,
StephanePing Identity is another solution for you to look at if you're going the Shibboleth route. PingFederate and Shibboleth have the ability to interoperate. http://www.pingidentity.com/.
-
Oracle Identity Federation - High Availability
Hello,
We are trying to figure out the high availability options supported by the Oracle Identity Federation. While reading the documentation we find it a bit confusing. We read the OIF Administrator Guide here: http://download.oracle.com/docs/cd/E10773_01/doc/oim.1014/b25355/advtopics.htm#CHDBCDFG
In Section "9.4 High Availability" it said that "Oracle Identity Federation supports the Cold Failover Cluster (CFC) or active-passive high availability configuration,". In the Application Server 10g guide also said the same and explicitly said that the active-active configuration is not supported for the OIF.
Then in Section "9.5 Setting Up a Load Balancer with Oracle Identity Federation" it explains how to set up a load balancer for the OIF. When it explains this it says that we can have several instances of OIF in different machines, configured with a load balancer. All these instances share the same transient database where the sessions are stored.
Which is the difference between this load-balancer-based configuration and an active-active high availability configuration? If one node of the load-balancer configuration goes down, the sessions administered by him are lost? That is the difference?
Thanks!
LeonardoHi
I am not very sure about High Availability configuration but for Load balancer as mentioned in the document, You have to have both the instances sharing transient database where sessions will be stored.
If both the OIF instances are not sharing transient database and you have LB sharing load, It will not work as sessions will be store in memory. So sessions from one OIF instance will not be known and available to the other instance of OIF.
Thanks
Kiran Thakkar -
Oracle Identity and Access Management Suite Plus Integration with Oracle ADF
Hi All,
Kindly advice if Oracle Identity and Access Management Suite Plus can be integrated with Oracle ADF based applications to manage the end-to-end lifecycle of user accounts specifically addressing to roles/priviledges and security.
Request you to share links to documentation where I can study the steps to integrate both the frameworks.
Looking forward to hear from you soon.
Best Regards,
Ankit GuptaHi Sébastien,
I came across the below link for the required integrations -
Oracle&reg; Fusion Middleware Installation Guide for Oracle Identity and Access Management 11g Release 2 (11.1.2) - …
Oracle&reg; Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management 11g Release 2 (11.1.2) - Co…
Best Regards,
Ankit Gupta -
Integrating Oracle Identity Federation with homegrown SSO solutions
Hello,
We are trying to integrate Oracle Identity Federation with a home grown SSO solution.
The OIF FAQ document mentioned that Oracle provides programmatic interfaces to achieve this.
But I did not find any javadocs / samples on how this can be done.
Can anybody throw some insight into this..
ThanksHi Easwaran,
You need to upload the SAML 2.0 IdP/SP metadata for the peers you want to federate with. OIF will verify the metadata and add the peers in its Circle of Trust as IdP or SP depending on the metadata upoaded. If the peer is going to play both IdP and SP roles, you need to upload both the metadata files.
Similarly, in case you need to provide the peer your metadata, OIF makes this available at http(s)://host:port/fed/idp/metadatav20 (SAML 2.0 IdP metadata) or http(s)://host:port/fed/sp/metadatav20 (SAML 2.0 SP metadata) as required.
-Vinod -
Oracle SOA Suite integration with HP SOA Policy Enforcer
Has anyone tried integrating Oracle SOA Suite with HP SOA Policy Enforcer?
will appreciate your help.
Thanks,
VHi Vivek
Integration with Oracle Access Manager is possible. The documentation points to some custom handlers that can be used for the integration.
If you have addtional questions please feel free to contact me directly
Dutta Satadip -
Oracle Payroll Integration with Oracle Financials Suite 11i
I would be grateful if anyone can describe the relationship and flow cycle between Oracle Payroll & Oracle Financials Suite 11i 'GL, AP, FA & AR' if any.
Hi Suvi;
Similar issue mention here many times, please see:
SOA
Oracle Ebiz R12.1: Out of the Box Web services avialable
SOA-ebs integration
Re: Oracle SOA suite integration with EBS 11.5.10 SSA
If those are not helps than please update thread
Regard
Helios -
OIM Integration with Active Directory Federation Services (ADFS)
Hello friends
I have a question about the integration of Oracle Identity Manager with Active Directory which is federated with another external directory for ADFS. My question is:
What considerations should be to contemplate if I have an active directory federated environment when carrying out the integration with Identity Manager?
I use version 9.1.0.2 of Oracle Identity Manager with Microsoft Active Directory Connector User Management 9.1.1.7
Thanks for the support.First consideration is that the OIM's target ADFS - in the federated scenario, will that participate as a Service provider or identity provider. I would think identity provider.
Next consideration: What all attributes are required to be played in the SAML assertion to the other end-point? All these attributes must be present and should be provisioned to the AD in this case.
So, OIM should be set up (UDF etc) to provision all those attributes needed in the SAML.
Next consideration: What all scenario to support? IdP initiated or SP initiated? If SP initiated, then process will hv to be defined if a user id does not exist in the AD of the OIM target. Will the request be failed or a in-time provisioning should happen.
Hope this helps. -
Third party integration with Oracle Apps
Hi friends,
I have a dot net application and I would like to integrate that with oracle applications(specifically HR module). Can I do that? Does oracle apps provide any APIs to provide this third party integration with 3rd party software we have?
can you please post any links if there is one which helps me in this direction
thanksHello,
I am new on this forum and I have difficulty in beginning.
I'm working in a similar project, indeed I need an example or a document which can help me for using the HRMS api's of oracle e-business suite via a dotNet plateform or SharePoint application.
I have to work on a middelware allowing retreiving and persisting data from oracle e-business suite database using oracle HRMS api's like hr_appraisals_api. So haw can i call these api's from .NET application how can i use a .NET code to call these api's ?
Can you help me please ? i'm waiting for your answers if possible and this is my e-mail address if necessary "[email protected]" .
I would be so grateful if someone can help me. Thank you in advance.
Cordially. -
OBIEE 11.1.1.3.0 integrated with Oracle EBS R12
Hi,
I have Oracle EBS Vision Instance v R12.1 installed on Redhat 5 and wanted to install OBIEE latest version. Can some please point to system architecture diagram as i am conflicted with installation. I do not have complete idea but writing here what i actually know.
Oracle EBS R12 on Linux
OBIEE V 11.X on Linux
Now install prepackeged analystical function on windows machine and using BI tool deploy/use them with Oracle EBS.
Please point me to a note which describes the components and what does it take to make up and running in conjuction with Oracle.
Thanks in advance
PrashantPlease see these docs.
Integrating Oracle Business Intelligence Applications with Oracle E-Business Suite [ID 555254.1]
What documentation do I need to review when installing and configuring a OBI Apps 7.9.6.x environment with EBS? [ID 1221764.1]
Master Note for OBIEE Integration issues with EBS, Siebel, SSO, Portal Server [ID 1248939.1]
Oracle SSO E-Business Suite Applications Integration with Oracle Business Intelligence [ID 553423.1]
Oracle EBS integration with OBIEE [ID 733137.1]
Document for implementing security OBIEE Apps with EBS and Siebel CRM as sources [ID 756851.1]
What Application must be chosen for Responsibility within EBS when integrating with OBIEE [ID 1246464.1]
Also, search Steven Chan's Blog and you should get couple of hits -- http://blogs.oracle.com/stevenChan/
Thanks,
Hussein -
Can OBI EE be integrated with Oracle Coherence
Can we have Oracle Coherence as one of the data sources?
Regards,
Vikram RHi Srinivas ,
Yes , ECM can be integrated with Oracle EBS (enterprise business suite) and other Oracle Apps as well like Peoplesoft , Siebel etc .
Details can be read from the following link : http://docs.oracle.com/cd/E23943_01/doc.1111/e17953/toc.htm
Thanks
Srinath -
OPA (Oracle Policy Automation)integration with Oracle Application R12
Hi,
We want to know checklist for OPA integration with Oracle Applocations( Ebussiness Suite). It is urgent, Can anybody help us on this.
It is very urgent. Any one can help us to integrate OPA (Oracle Policy Automation) with R12 Ebs.
Thanks in advance
Edited by: Venkat K.V on Sep 7, 2010 2:59 AMThe OPA team doesn't maintain a check-list of integration steps for EBS, but this should be a pretty standard web services integration using Oracle Determinations Server.
You might also want to check out this tutorial:
http://www.oracle.com/technetwork/apps-tech/policy-automation/overview/opa10-4.zip, which shows an example of how to integrate the OPA Oracle Web Determinations component with E-Business Suite.
Davin Fifield
Maybe you are looking for
-
How to pass a single element in an array to XSL from BPEL
In a bpel (2.0) process I have a for-each loop iterating through a list in the original input document. Within that loop I need to construct an input document for a call to a web service based on data in the current node of the list objects I am l
-
Working with target groups in ChaRM?
Has really nobody worked with transport groups in ChaRM??
-
How do I pass username and password to the Citrix client via netlet
I have managed to call a Citrix managed application from the portal via netlet (via InitialProgram within citrix_start.html) - thankyou William Geurts. How do I use the Portal's single sign-on functionality to pass the username and password through t
-
Does iTunes Store have a Genius button?
I mean does iTunes Store have, like, recommendations for songs that would go great together? Well, if, say, I'm interested in this one song, and I click somewhere, and it will tell me some other songs that are going great with the song that i'm think
-
Tiger Server and Leopard workstatiger and Lepard workstons - Print Services
Good morning. We are running Tiger server with a 'mixed economy' of Tiger and Leopard workstations. I am finding that Workgroup Manager does not manage the print queues for users at Leopard workstations. They can see and use all the printer queues ma