Questions for Oracle Apps 11i & R12 Integration with 10g AS/SSO

Here are few questions which you should think/ask/discuss for Oracle Applications 11i & R12 Integration with 10g Application Server (Portal, Discoverer, SSO, OID)

Do you need 10g Portal component of 10g AS with Oracle Applications 11i & R12 ?
(*Integration of 10g AS can be without portal and dicoverer as well i.e. OID & SSO only. For 10g portal Integration you must have SSO and OID)

Do you need 10g Discoverer component of 10g AS with Oracle Application 11i ?
(* You can have discoverer with or without SSO access)

Do you need SSO and OID component of 10g AS with Oracle Applications 11i / R12 ?
(*You can configure only SSO/OID for Single Sign-On access with or without Portal and Discoverer)

Do you need 10g Web Cache component of 10g AS with Oracle Applications 11i ?
(*You can configure webcache with or without Portal/OID/SSO. With Portal webcache is default)

Do you have third party access management (Netegrity SiteMinder, Oblix COREid) for Single Sign-On ?
(* You can configure 10g SSO with third party access management via Oracle SSO)

Source of Authentication in Oracle Apps 11i / R12?
(* –You can configure authentication at E-Business Suite, Oracle SSO, Third party SSO or combination of above.
–Configuring authentication, local to E-Business for some users and for others SSO is also supported

Do you have third party LDAP directory (Microsoft Active Directory, Sun iPlanet) which you want to synch with OID and E-Business Suite ?
(* You can use third party ldap server for user store integrated with OID and then synched to E-Business Suite Users)
—– If third party LDAP Server is in place check following things for OID to third party integration (DIT, Default Realm, nickname attribute)
—–As of Integration build 5 synching users from E-Business to OID is supported with default realm only. Take special care if you have multiple realms in LDAP Server

One SSO User account can be mapped to Multiple Users in E-Business Suite (other way is not supported), Do you need this ?

Multiple E-Business Suite can use Single OID/SSO Instance or each E-Business Suite Instance can be registered with its own OID/SSO. For Dev & Test E-Business Suite you may be interested in registering them to single OID/SSO Instance.

User Creation/Management/Updates : From OID to Apps, Apps to OID or bidirectional

Attributes to synch during ongoing Updates
* All user attribute sync can’t be updated between OID & E-Business Suite. Check provisioning profile used for synch between Apps & OID
* Check if TCA tables are updated as required with User Updates in OID

Decide on how Users will be loaded Initially :
—-From OID to E-Business (Users are already in OID but E-Business Suite is new implementation)
—- E-Business Suite to OID (Users are already in E-Business Suite but OID is new implementation)
—- In both E-Business Suite & OID (OID and E-Business both has user base but not in sync) You can reconcile user base in Apps & OID

E-Business Suite Home Page (Portal or Framework)

— Is Password Policy in E-Business Suite different from Password policy in SSO ? Things like
—-User should change password on first time login
—-Password Strength, minimum number of characters & at least few some number
—-Password will expire after n number of days

Idle Session Time out for SSO
* By default there is no Idle Session timeout in Oracle SSO Server (There is default Global Session Time Out set at SSO with value 8 hours) but E-Business Suite is configured with Idle Session time out of 30 minutes. To set Idle Session time out value to desired value in SSO Server check Oracle SSO Admin Guide

More on 10g Application Server (OID/SSO) integration with E-Business Suite coming soon..

——–User creation/update/synch flow in OID-Apps(E-Business Suite) Integrated instances and troubleshooting user creation/update issues ?

——-User login flow in OID-Apps(E-Business Suite) Integrated Instances and troubleshooting login issues ?

——-Common tasks for which Apps DBA’s should take extra care in Apps/OID/SSO integrated instances (Cloning, changing apps password, patching…)

Share This Post with Your Friends over Social Media!

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

Nalluri says September 27, 2007

Hi ,
we are implementing oracle ebusiness suite with sigle sign on and discover and planning to intergrate microsoft active directory to oid. Is it possible to login to oracle apps without entering the password after he login to windows xp ?

Atul Kumar says September 27, 2007

Hi Nalluri,
Yes this is possible by using kerberos (windows native authentication) . Integrate Oracle SSO for windows native authentication and E-Business suite to SSO . This is not direct by can be achieved.

Rajesh Chaware says September 23, 2008

Can you please send me the pre-requiremnt and steps to integrate Kerberos with Oracle Access Manager running on Linux server?

Add Your Reply