Leave a Comment:
16 comments
Dear Atual,
We plan to make our R12 Application to
Web Publishing, so i need required Meatalink DOC.
thanks atul.
ReplyWe have implemented R12
we want to ve OID?SSO integration with R12 .For this
Which versirson of 10gAS media we should ve for installtion of 10gAS ( which include oid/sso)
ReplyNeed help, I have integrated 10gAS with eBiz where SSO+OID and portal enabled.I want to give access to external customer through portal.All these are sitting in internal network.How can external user access some of the stuff through portal in a safe environment?In other way what components should I install in DMZ machine keeping my eBiz same?
Best Regards,
ReplyHi Atul,
Thanks a lot for your quick post.Actually Atul do you think 11i web server to be in DMZ is must though F8 of Note Id 287176.1 suggest to have 11i mid-tier in DMZ after cloning but Oracle suggest you can have one mid-tier of 11i only sitting in internal network.I would like mention 2 point
1.I installed 10gAS and integrated with eBiz with sso enabled and portal installed and I can login to eBiz using sso and portal login as well.10gAS is sitting in one box.Now I would like to test this setup using reverse-proxy(in DMZ which is being setup) and putting installed 10gAS in DMZ though OID will also be in DMZ but it is just for testing.Since I will be putting 10gAS installed internal network and putting in DMZ will change ip address, is goingto make difference as I am usingmachine name rather ip address?This test will have any loophole?
2.When I do the same for PROD, I will keep mid-tier in DMZ and infra in internal network but without 11i mid-tier in DMZ, will this set be OK?
Best Regards,
ReplyFor 11i, create two middle tier (one for internal team, both web & forms) & other for external node (only web) If your requirement is to grant forms access to external world then on external node change forms mode to forms listerner servlet (http) (defualt is socket mode in 11i).
There are N number of ways to setup 11i in DMZ as mentioned in note suggested by you above.
For 10g AS , setting reverse proxy is also good option. For Changing IP address in 10g (though I never faced any issue) but Oracle Documentation suggest to run chgiphost.sh script . Check http://onlineappsdba.com/index.php/2008/04/25/changing-hostnamedomainip-of-oracle-application-server/
2.When I do the same for PROD, I will keep mid-tier in DMZ and infra in internal network but without 11i mid-tier in DMZ, will this set be OK?
If you are not going to expose 11i middle tier (atleast one node) in DMZ, how your external nodes going to connect for 11i web server. You either need reverse proxy server in DMZ (for 11i) or expose one 11i middle tier to DMZ
ReplyHi Atul,
I appreciate for your time and very positive comments.I would like to mention here do we really need 11i mid-tier in DMZ, because through reverse-proxy external users will be connecting 10gAS mid tier which is sitting in DMZ and request will be forwarded via authentication and authorisation(through infra sitting in internal network) to eBiz sitting in internal network, moreover external users will not be using forms but portal only.
waiting for your valuable comments.
Regards,
ReplyUsers initial url is going to be reverse proxy for portal ( proxyportal….) which will redirect to reverse proxy for sso (proxysso) for authentication. After login to sso user request to redirected back to reverse proxy for portal (proxyportal) i.e. portal page .
How is 11i deployed on portal ? (via html link on portal page or using portlet ?)
lot of my clients use 11i link on portal page and for this user should connect to 11i web server (either directly – one web server in DMZ) or via reverse proxy server (proxy11i)
ReplyBasically customers(external users) are seeing their invoices through portal which I think through portlet.No internal users will be connecting from outside(externally).
Do you think setup I mention will not work?How to upload my proposed diagram here in this forum?If you permit I can email you my proposed diagram.
Thanks & Regards,
ReplyHi Atul,
We are planning to integrate our ERP 11.5.10.2 environment with OID (with WNA enabled).
We are also planning to integrate our other Oracle products like OBIEE with this 10gAS (SSO) tech stack. For this we are seeing one issue. When we add a OBIEE user anywhere in OID, the user is also getting created in e-Biz. (we have enabled identity_add profiles in e-Biz). This is causing unwanted users creation in e-Biz. Is there a way where we can control the automatic provisioning of users to e-Biz by pointing ebiz to a specific container? (i.e the newly added OID user will get provisioned to e-Biz only when its created in a specific container (e.g. eBiz) and not in any other containers (e.g. OBIEE). This will help us in separating the different Oracle products users in OID and still have the automatic user management to e-Biz. Please help.
Sai,
I am assuming that you are provisioning users from OID to Apps (one way).
Now you would like to provision users from OID to Apps but not all and only when user is under specific tree in ldap (OID)
Did you look at provisioning template in eBusiness Suite (OIDtoApps.tmp) ?
ReplyHi Atul,
I have another question on the same topic, We have a working configuration of MSAD -> OID -> ERP with WNA enabled on OID. How to disable a user in ERP when the user is terminated in MSAD. When the user is terminated in MSAD, OID is not picking up the change. Also when we disable a user in OID manually, the same user is not end dated in FND_USER table in ERP. If we delete the user in OID then the user is end dated in FND_USER.
Thank You,
Sai
ReplyHi Atul,
We have implemented Zero-sign on approach on 11i EBS. For this we have integrated 11i EBS with Oracle 10g Identitiy Management (OID) and which inturn has been integrated with Microsoft Active Directory. We then enabled WNA in our environment.
The setup is working fine but has only one issue. The SSO login is working absolutely fine (User is not asked for the password as his credentials are taken from the Windows login – Kerberos configured). But for the Apps Local Login, the users are able to login on an intermittent basis. For example at a moment if they are not able to login let say, but when they retry in 10 seconds, they would be able to login. Are you aware of this issue ??
Regards,
Raju Mogulapalli
Hi Atul,
We have a use case where we need to integrate OpenSSO/OpenAM with existing Oracle EBS suite for authentication. OpenSSO will use AD for user store.
The existing setup today is using OSSO, OID and EBS. I believe we will have to someone integrate OpenSSO with Oracle SSO server as Oracle EBS delegates authentication to OSSO?
Can you please advise how the integration can be done to use OpenSSO for single-sign on to Oracle EBS?
Thank you,
Suresh