Notes/Docs to integrate Apps 11i with 10g AS Portal/OID/SSO

In this post you’ll find metalink notes and related docs used in Integration of Oracle 10g Application Server (Portal, BI, Forms, OID, SSO) with Oracle E-Business Suite 11i. Soon I’ll focus on key points for integrating Oracle E-Business Suite with Oracle Single Sign-On (SSO) and Oracle Internet Directory (OID).

10g Application Server can be integrated with E-Business Suite 11i in case

1. You wish to use 10g AS Portal with E-Business Suite 11i (With Portal install, OID & SSO should already be installed)
2. You wish to use 10g Discoverer with E-Business Suite 11i (You have two option to configure Discoverer with 11i.
      i) with OID & SSO ii) without OID & SSO)
3. You wish to use OID & SSO (If you need only Single Sign-On access with E-Business Suite, you can integrate only SSO & OID and can ignore integrating Portal or Discoverer)
4. Integrate Oracle E-Business Suite (Oracle Applications 11i) with Webcache to improve performance
5. You wish to integrate E-Business Suite with third party authentication & authorization system (Netegrity Siteminder, Oracle Access Manager, Microsoft Active Directory) then integrate Apps with 10g Infrastructure tier (OID & SSO) and integrate with third party access management system.

Notes/Docs useful for integration of 10g AS with Oracle E-Business Suite
186981.1   Frequently Asked Questions Application Server with E-Business Suite
233436.1 Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i  (For overall installation & setup of 10g Application Server with Oracle applications 11i)
305918.1 Using Oracle Portal 10g with Oracle E-Business Suite 11i 
313418.1 Using Discoverer 10.1.2 with Oracle E-Business Suite 11i
306653.1 Installing and Configuring Oracle Application Server Web Cache with Oracle E-Business Suite 11i
261914.1  Integrating Oracle E-Business Suite Release 11i with Oracle Internet Directory and Oracle Single Sign-On
295606.1 Oracle Application Server 10g with Oracle E-Business Suite Release 11i Troubleshooting Guide
456456.1 How to Find the Oracle Application Server 10g Upgrade and Compatibility Guide

Oracle Application Server Installation Guide  
Integrating OID and SSO with Oracle Applications 11i 
Integrate Enterprise Application in to Oracle Application Server Portal  

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

16 comments
Syed says July 20, 2008

Dear Atual,

We plan to make our R12 Application to
Web Publishing, so i need required Meatalink DOC.

thanks atul.

Reply
ss says August 5, 2008

We have implemented R12

we want to ve OID?SSO integration with R12 .For this

Which versirson of 10gAS media we should ve for installtion of 10gAS ( which include oid/sso)

Reply
Atul says August 5, 2008

SS,
For Infrastructure tier use 10.1.4 Identity Management (Select Oracle Application Server Infrastructure 10g)

For Middle Tier (BI, Portal) select 10.1.2.0.2 or 10.1.2.2 software.

10.1.2.2/10.1.2.0.2 Portal/BI is certidfied with 10.1.4 Identity management (OID+SSO)

Reply
aisufi says September 22, 2008

Need help, I have integrated 10gAS with eBiz where SSO+OID and portal enabled.I want to give access to external customer through portal.All these are sitting in internal network.How can external user access some of the stuff through portal in a safe environment?In other way what components should I install in DMZ machine keeping my eBiz same?

Best Regards,

Reply
Atul says September 22, 2008

– Keep Portal Middle tier & Infra tier middle tier (oiddas & sso only) on DMZ for 10g AS side
– Keep Web Server for 11i in DMZ

Rest others in internal zone (safe zone)
– OID & Infra DB for 10g AS side
– Forms, CM & Reports, DB for 11i

Reply
aisufi says September 22, 2008

Hi Atul,

Thanks a lot for your quick post.Actually Atul do you think 11i web server to be in DMZ is must though F8 of Note Id 287176.1 suggest to have 11i mid-tier in DMZ after cloning but Oracle suggest you can have one mid-tier of 11i only sitting in internal network.I would like mention 2 point
1.I installed 10gAS and integrated with eBiz with sso enabled and portal installed and I can login to eBiz using sso and portal login as well.10gAS is sitting in one box.Now I would like to test this setup using reverse-proxy(in DMZ which is being setup) and putting installed 10gAS in DMZ though OID will also be in DMZ but it is just for testing.Since I will be putting 10gAS installed internal network and putting in DMZ will change ip address, is goingto make difference as I am usingmachine name rather ip address?This test will have any loophole?
2.When I do the same for PROD, I will keep mid-tier in DMZ and infra in internal network but without 11i mid-tier in DMZ, will this set be OK?

Best Regards,

Reply
Atul says September 22, 2008

For 11i, create two middle tier (one for internal team, both web & forms) & other for external node (only web) If your requirement is to grant forms access to external world then on external node change forms mode to forms listerner servlet (http) (defualt is socket mode in 11i).

There are N number of ways to setup 11i in DMZ as mentioned in note suggested by you above.

For 10g AS , setting reverse proxy is also good option. For Changing IP address in 10g (though I never faced any issue) but Oracle Documentation suggest to run chgiphost.sh script . Check http://onlineappsdba.com/index.php/2008/04/25/changing-hostnamedomainip-of-oracle-application-server/

2.When I do the same for PROD, I will keep mid-tier in DMZ and infra in internal network but without 11i mid-tier in DMZ, will this set be OK?

If you are not going to expose 11i middle tier (atleast one node) in DMZ, how your external nodes going to connect for 11i web server. You either need reverse proxy server in DMZ (for 11i) or expose one 11i middle tier to DMZ

Reply
aisufi says September 23, 2008

Hi Atul,
I appreciate for your time and very positive comments.I would like to mention here do we really need 11i mid-tier in DMZ, because through reverse-proxy external users will be connecting 10gAS mid tier which is sitting in DMZ and request will be forwarded via authentication and authorisation(through infra sitting in internal network) to eBiz sitting in internal network, moreover external users will not be using forms but portal only.
waiting for your valuable comments.

Regards,

Reply
Atul says September 23, 2008

Users initial url is going to be reverse proxy for portal ( proxyportal….) which will redirect to reverse proxy for sso (proxysso) for authentication. After login to sso user request to redirected back to reverse proxy for portal (proxyportal) i.e. portal page .

How is 11i deployed on portal ? (via html link on portal page or using portlet ?)

lot of my clients use 11i link on portal page and for this user should connect to 11i web server (either directly – one web server in DMZ) or via reverse proxy server (proxy11i)

Reply
aisufi says September 23, 2008

Basically customers(external users) are seeing their invoices through portal which I think through portlet.No internal users will be connecting from outside(externally).
Do you think setup I mention will not work?How to upload my proposed diagram here in this forum?If you permit I can email you my proposed diagram.

Thanks & Regards,

Reply
Sai says April 28, 2009

Hi Atul,
We are planning to integrate our ERP 11.5.10.2 environment with OID (with WNA enabled).
We are also planning to integrate our other Oracle products like OBIEE with this 10gAS (SSO) tech stack. For this we are seeing one issue. When we add a OBIEE user anywhere in OID, the user is also getting created in e-Biz. (we have enabled identity_add profiles in e-Biz). This is causing unwanted users creation in e-Biz. Is there a way where we can control the automatic provisioning of users to e-Biz by pointing ebiz to a specific container? (i.e the newly added OID user will get provisioned to e-Biz only when its created in a specific container (e.g. eBiz) and not in any other containers (e.g. OBIEE). This will help us in separating the different Oracle products users in OID and still have the automatic user management to e-Biz. Please help.

Reply
Atul Kumar says April 28, 2009

Sai,
I am assuming that you are provisioning users from OID to Apps (one way).

Now you would like to provision users from OID to Apps but not all and only when user is under specific tree in ldap (OID)

Did you look at provisioning template in eBusiness Suite (OIDtoApps.tmp) ?

Reply
Sai says April 29, 2009

Hi Atul,

Thanks a lot for your help.

Thanks

Sai

Reply
Sai says April 29, 2009

Hi Atul,

I have another question on the same topic, We have a working configuration of MSAD -> OID -> ERP with WNA enabled on OID. How to disable a user in ERP when the user is terminated in MSAD. When the user is terminated in MSAD, OID is not picking up the change. Also when we disable a user in OID manually, the same user is not end dated in FND_USER table in ERP. If we delete the user in OID then the user is end dated in FND_USER.

Thank You,

Sai

Reply
Raju Mogulapalli says June 10, 2009

Hi Atul,

We have implemented Zero-sign on approach on 11i EBS. For this we have integrated 11i EBS with Oracle 10g Identitiy Management (OID) and which inturn has been integrated with Microsoft Active Directory. We then enabled WNA in our environment.

The setup is working fine but has only one issue. The SSO login is working absolutely fine (User is not asked for the password as his credentials are taken from the Windows login – Kerberos configured). But for the Apps Local Login, the users are able to login on an intermittent basis. For example at a moment if they are not able to login let say, but when they retry in 10 seconds, they would be able to login. Are you aware of this issue ??

Regards,
Raju Mogulapalli

Reply
anothersuresh says June 29, 2012

Hi Atul,

We have a use case where we need to integrate OpenSSO/OpenAM with existing Oracle EBS suite for authentication. OpenSSO will use AD for user store.

The existing setup today is using OSSO, OID and EBS. I believe we will have to someone integrate OpenSSO with Oracle SSO server as Oracle EBS delegates authentication to OSSO?

Can you please advise how the integration can be done to use OpenSSO for single-sign on to Oracle EBS?

Thank you,
Suresh

Reply
Add Your Reply

Not found