• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


    Company

  • Categories

  • Archive

  • Oracle Single Sign-On Server for Apps DBA

    Posted by "" in "10gAS, basics, sso" on 2006-11-15

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    Today lets discover Single Sign-On (SSO) like why its used , advantages of using it , what all different type of applications can use SSO including technical details of SSO .

    What is Single Sign-On Server (SSO) ?
    As name says Single-Sign On Server is set of services (Software) which enables login to Application once which will allow you to login to Ppartner Applications with no need to login again. Lets assume I have configured single SSO Server for Portal , E-Business Suite, Collaboration Suite plus some other other applications, Now if I login to any one of them & after that if I wish to login to other applications I should be able to login without supplying passwords again.

    How will I log off then ?
    This is called as Single Sign-Off which is part of SSO server , If you logout from any one application SSO server will log off from all applications.

    What are Technology Stack components of SSO Server ?
    SSO consist of OC4J_Security & HTTP Server which are part of Oracle Identity Management which inturn part of Oracle Infrastructure Server which in turn part of Oracle Application Server. SSO server uses Oracle Internet Directory to store User Credentials in encrypted format for Partner Applications . If some one ask you to bounce SSO server , you bounce either of them or both . Oracle components uses mod_osso which is part of Oracle HTTP Server to connect to SSO server.

    Partner Application & External Applications ?
    As mentioned above lot of time about Partner Applications ; Partner Applications are the one which delegates their authentication to SSO server (like Portal, Discoverer, E-Business Suite, Collaboration Suite) where as External Applications are applications which don’t delegate their authentication to SSO Server (like yahoo, google, hotmail applications).
    What does delegating Authentication means here ? Delegating authentication means partner application will ask sso to verify if a user is authenticated properly or not where as external application will check username/password at their end sso server will simply hold username/password in OID (If users select remember external application password)

    Request Flow when SSO is used …
    Very important to understand request flow when a application is configured with SSO & user tries to access Application .
    1) User first time tries to access application (like portal, collabsuite, apps 11i) configured with sso server
    2) Application checks that there is no login cookie set into User(Clients) browser so Application redirects it to Single Sign-On Server via mod_osso
    3) Single Sign-On Server returns login page to user & user enter his/her username/password
    4) SSO validates these password against one stored in Oracle Internet Directory
    5) If password matches then SSO return a token to client with list of all applications which user has access and return client back to original application
    6) This token is stored as part of cookie in user’s/client’s browser & further connections from client to applications will be allowed (as authentication token is already in cookie)

    Do you know how to access Single Sign-On server from browser or what is SSO URL ?
    Lot more on OID & Identity Management including IM Cluster coming soon …

    Related Posts for Apps SSO/OID Integration


    1. 25 Things Apps DBA should know for Apps 11i/R12 Integration with OID/SSO
    2. Questions for Oracle Apps 11i & R12 Integration with 10g AS/SSO
    3. Oracle Single Sign-On Server for Apps DBA
    4. Clone Apps 11i/R12/12i integrated with SSO
    5. Notes/Docs to integrate Apps 11i with 10g AS Portal/OID/SSO
    6. Migrate Users to/from OID and Oracle Apps 11i/R12
    7. User created in Apps 11i/R12/12i not sync to OID
    8. Apps 11i/R12/12i Registration/Deregistration with OID/SSO : internals
    9. Error while running SSO registration on 11i : txkrun.pl -script=SetSSOReg
    10. How to Deregister SSO/OID from Oracle Apps 11i/R12/12i
    11. Error adding new User (11i) – unable to call fnd_ldap _wrapper .create_user
    12. Unable to call fnd_ldap_wrapper . create_user / update_user ORA-20001
    13. Oracle Access Manager 11g is now certified with E-Business Suite (Apps) R12
    14. Integrate Oracle Apps (E-Business Suite) R12 with Oracle Access Manager (OAM) 11g for SSO
    15. EBusiness Suite (Apps R12) integration with OAM 11g : inter component communication and Ports to open in FireWall
    16. 10g WebGate Installation with OAM 11g : Access Server ID, Port and WebGate ID
    17. EBS R12 integration with WebCenter – Error retrieving WSDL at URL OA_HTML/ portlets/ WSRPBaseService?WSDL
    18. Integrate E-Business Suite with Oracle WebCenter (11.1.1.5) using OID and OAM (11g) as SSO
    19. EBS R12 integrated with SSO (OAM/OSSO) prompting for username / password again : Your Oracle E-Business Suite account has not been linked
    20. EBS OAM integration : Logout should re-direct to different URL

    37 Responses to “Oracle Single Sign-On Server for Apps DBA”

    1. Pravesh says:

      Hi Atul. Nice to read this brief document on SSO. Can you provide me any metalink DOC ID or any other pointer where i could see more basic to implementation level information.

      Thanks,
      Praveshgupta@rediffmail.com

    2. Atul Kumar says:

      Hi Pravesh,
      Thanks a lot. You need implementation of SSO which 10g Application Server or E-Business Suite or any other oracle product ?

      Regards
      Atul Kumar

    3. Aljafree says:

      Hi Atul,
      Can you guide me in seting up PKI on oracle 10g (part of sso) as I am unable to edit the httpd.conf as the file format was not .crl but.crt, maybe a step by step

      Thanks
      aljafree.alias@mimos.my

    4. Atul Kumar says:

      Hi
      If you want to configure SSL then use OWM Oracle wallet manager & in ssl.conf use directive

      SSLWallet file {locationOfWallet}

      If this is for OCA , Oracle Certifying Authority this is compltere separate component on Application Server

      Atul

    5. agostino_neto says:

      Hi Atul,
      Can we avoid using SSO and let application automatically recognize user id we type when starting our computer ?
      Thanks

    6. Atul Kumar says:

      Neto,
      Yes you can do by implementing windows Native Authentication via kerbros . This is mentioned in SSO Administration Guide.

      Atul

    7. agostino_neto says:

      Hi Atul,
      Can you tell me where I can find SSO Administration Guide ?
      I didn’t find it on OTN with other books.
      Thanks.

    8. agostino_neto says:

      Hi Atul,
      Thanks, I’ve seen this document but is there a pdf document?
      It will be easier to find string (like Kerberos for example).
      Are you heart that someone has successfully implemented windows Native Authentication via Kerberos so that anyone can connect to eBusiness Suite without entering user name or user password?

    9. Atul Kumar says:

      Neto,
      To be frank I have not seen anyone implemented windows native authentication or better to say zero sign on on E-Business suite login but you can try on Test Server

    10. Priya says:

      Hi Atul,

      i am Priya working as Apps DBA.I have implemented Windows native authentication with oracle where you can lgoin directly to applicationw ithout username/password.

    11. Atul Kumar says:

      Hi Priya,
      Thats a good thing. Cheers … Is this for 10g Application server only or also intergrated this with E-Business suite ?

    12. sanchit says:

      Hi Pervesh,

      Some Info Integrating Oracle E-Business Suite Release 11i with Oracle Internet Directory and Oracle Single Sign-On can be had from Note:261914.1

    13. RD says:

      Hi Atul,

      Can you give me some guide lines on Implementing SSO with other “Applications like Mail, 3rd party appl, WNA etc”

      Yathish

    14. Atul Kumar says:

      Yatish,
      Each application has its own sso mechanism another check is if that application support SSO or not . Most of Oracle application use mod_osso for sso access. Kindly check each application’s document for configuring it with SSO Server

    15. Hank says:

      Hi, Atul,

      What is I have different passwords in in different applications (supposed I have the same user name for all apps), will SSO validates all these passwords?

      Thanks,

      Hank

    16. Atul Kumar says:

      If various applications share same SSO instance then they will have same password (Though different username can be mapped to single account in various applications )

    17. Anonymous says:

      Hi Atul,

      Can we integrate a single Oracle 10gAS for SSO with peoplesoft,JD Edwards and E-business suite? If yes, can you suggest me any doc. or white paper on this topic and how to implement the same?

    18. Atul Kumar says:

      For Integrating 10g AS SSO with E-Business Suite check

      233436.1 Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i

      https://metalink.oracle.com/metalink/plsql/docs/10g-Implementation.pdf (11i with SSO build 4)

      For integration with peoplesoft and Siebel I’ll cover in near fture here

    19. Vinkal says:

      Hi Atul,

      A very good brief doc on SSO.It helped me to understand the basics.
      Can u help me for how to login to portal which is SSO enabled. When i try to login it asks me for SSO login/pwd. what should i enter. I am using 10gAS(9.0.4) with OID running on separate host(infra server). I tried with username=orcladmin and password=deafult passwd(manager1) but it is givin error as “Your password has expired. Please contact administrator to reset it”

    20. Anonymous says:

      Hi Atul,
      I want SSO put in login the last username entered, how can do this?

    21. c.raja says:

      hi can u guide me how to install SSO SDK iam not clear in that part

    22. Poornima says:

      Hi Atul,

      I have Installed 10g Application server 10.1.2 and SOA. Now my user wants me to use SSO Fot Authentication all the components of SOA. Any Suggestions on How to Integrate them I am Quite new to this and your suggestion would be most helpful.

      Thanks,
      Poornima.

    23. Poornima says:

      Can you point me to IOD user management Doc.

      Thanks,
      Poornima.

    24. Atul Kumar says:

      Check OIDDAS for OID user management .

      http://download.oracle.com/
      docs/cd/B28196_01/idmanage.1014/b15996/das_admin.htm#CHDGFFGG

    25. Atul Kumar says:

      For installing SSOSDK check metalink Note

      182701.1 Install and Configure SSO SDK and Servlet Partner Application

    26. Rama says:

      Hello Atul,
      We have 9i AS and 11.5.10.2, and we are planning to implement SSO. Is that possible to do “SSO” on 9iAS? If so, how can we do that?
      I read somewhere that, for “SSO”, minimum requirement is 10g AS.
      Thanks in Adv,
      Miriyala

    27. Massimo says:

      Atul,

      Two questions:
      1) o you usually install SSO on a separate host or on the same host as the middle tier?
      2) In the second case, if you use SSL, you’ll need to have separate ports for SSO and middle tier web servers. Correct?

      Thanks,

      Massimo

    28. Atul Kumar says:

      Massimo,
      Default installation of sso is with OID (infrastructure tier)

      but for security point of view I would prefer SSO on middle tier.

      2) In the second case, if you use SSL, you’ll need to have separate ports for SSO and middle tier web servers. Correct?

      Yes, thats right.

    29. Poornima says:

      Atul,

      I am using 10.1.2 as my 10g AS. So does this doc hold good for it ???

      regards,
      Poornima.

    30. Atul Kumar says:

      Yes Poornima

    31. Syed says:

      Dear Atual,

      I integrate & configure SSO with R12 and its working.
      1) When i use R12 url it re-directing to sso page. On SSo page i supply orcladmin/oracle123 then i directly login to R12 user A/C (aman) . i even not supply any userid/passwd for user aman.
      when ever i use R12 URL it directing to sso,
      when i login orcladmin it directly login to aman a/c. I cant use other R12 user’s

      oidprovtool operation=MODIFY \
      ldap_host=my.india.com \
      ldap_port=389 \
      ldap_user_dn=cn=orcladmin \
      ldap_user_password=oracle123 \
      application_dn=”orclApplicationCommonName=prod,
      cn=EBusiness,cn=Products,
      cn=OracleContext,
      dc=india,dc=com” \
      > orclLastAppliedChangeNumber=15731

      bulkload -connect orcl -load=true file=/export/home/
      userapp/usersinfo.ldif
      All pre-Req & Post Req Sucessfull.

      How to find R12 users in OID

    32. Atul says:

      $ORACLE_HOME/ldap/bin/ldifwrite connect=”” basedn=”cn=users,dc=” ldiffile=”$HOME/users.ldif”

      So assume tns alias to connect to your OID DB is orcl and your default realm is oracle.com (also called as namespace This you provide during OID installation) then to list all users in OID use

      $ORACLE_HOME/ldap/bin/ldifwrite connect=”orcl” basedn=”cn=users,dc=oracle,dc=com” ldiffile=”$HOME/users.ldif”

      or as mentioned in your other comment, use oiddas screen

    33. Дайна says:

      Друган дал ссылку, я обычно подобное не читаю, но не пожалел!

    34. eduardo says:

      Hi Atul.

      I am using E Business Suite R12 on demand and OBIEE locally installed is it posible to configure SSO under this scheme?

      I have read some notes and it says that it is a prerequsite to have both applications under the same domain.

      How can I get SSO implemented

    35. Atul Kumar says:

      @Eduardo,

      Only certified option for SSO integration with R12 is to use Oracle Identity Manegement – OID/SSO (10.1.4 and higher)

      For OBIEE – There are various options available configure SSO

      In my opinion install Oracle Identity Manegement 10.1.4.X (OID/SSO – OAS Infrastructure Part) and use that as SSO engine for both R12 and OBIEE (You need to install OBIEE as “advanced install” option with HTTP Server)

    36. brsinha says:

      Hi Sir,

      Orcladmin passwoard expire,

      How to change Orcladmin Password.

      Thank you..

      BHAGWAT SINHA

    Leave a Reply



  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.
  • CONTACTS

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP