Register for Apps DBA Training
For Apps DBA Beginner's
  • Start From Here
  • Order of Apps Study
  • 11i Software
  • Apps Architecture
  • Install Apps 11i
  • Install Apps 11i Part II
  • Startup/Shutdown
  • Request Flow in Apps
  • Various TOP's
  • Cloning Basics
  • Cloning I
  • Cloning II
  • Autoconfig Basics
  • Autoconfig Config File
  • Template Files in Autoconfig
  • Discoverer Overview
  • Workflow Mailer in Apps
  • Printing Overview
  • Configuring Printers
  • Pasta Printing
  • Performance Overview
  • Install 10g Application Server
  • Apps DBA Certification
  • Common DBA Topics
  • Scared of RAC ?
  • Install RAC on your laptop part I
  • Step by Step build RAC part II
  • Step by Step install RAC using VMWare part III
  • Install Oracle RAC Database part IV
  • oraInventory Basics
  • Install Database 10.2.0.1
  • Upgarde DB to 10.2.0.2
  • Fusion
  • Is Fusion a conFusion ?
  • Fusion Middleware Overview I
  • Fusion Middleware Overview II
  • Application Integration Architecture
  • SOA Install Part I
  • SOA Install Part II
  • SOA Install Part III
  • Install BPEL Process Manager
  • Apps Integration OID/SSO
  • Management Qs for Apps Integration with SSO/OID
  • 25 things your DBA should know for Apps/SSO integration
  • Identity Management
  • COREid Overview
  • Oracle COREid or Idm & Access Mgmt overview
  • Installing Access Manager 10.1.4
  • WebGate request flow
  • Identity Manager Architecture
  • Installing Identity Manager
  • OAS-SSO Overview
  • OID Overview
  • OID Basics II
  • OID Cluster
  • OID Integration with Other LDAP Servers overview
  • Integrate OID with AD I
  • OID Replication Overview
  • Multi Master OID Replication
  • Migrate OID/SSO to new Host
  • Apps R 12
  • Socket or Servlet in R12
  • Startup/Shutdown Scripts in R12
  • Unified APPL_TOP
  • Apps R 12.0.1
  • Difference between 11i & R12 Technical
  • Prepare for R12 Installation
  • Install VMWare on Windows for Linux Install
  • Install Linux for Apps R12 Install
  • Install Apps R12 on Linux Virtual Machine
  • R12 Upgrade & database
  • R12 Fils System Changes
  • R12 Release Date
  • 10g Application Server
  • 10g AS Overview
  • Installing 10g AS
  • Start/Stop 10g AS
  • Web Cache Basics
  • Single Sign-On Overview
  • OID Overview
  • Cloning 10g AS
  • 10g AS Middle tier Cloning & Overview
  • OID Cluster Imp. Points
  • CPU Patch, Infra Tier
  • CPU Patch, Middle Tier
  • AS Guard / DR Overview
  • Oracle Apps 11i
  • My Site
  • Apps DBA Scripts
  • Apps DBA Interview Q's
  • 11i JVM's
  • Apps Training in India
  • 11i Health Check
  • Good Metalink Notes
  • About Me  
  • For Advanced Apps DBA
  • URL Firewall in DMZ Setup
  • Upgrade Apps to 11.5.10.2
  • Load Balancer Overview
  • Load Balancer Config
  • HTTP layer Load balancing in Apps 11i
  • Dataguard Overview
  • Configure Dataguard / Standby database
  • Standby Site for Apps 11i
  • How to change Hostname on Apps Instance
  • SSL Overview in Apps
  • Configure SSL to Web Server
  • Key Points for SSL in Apps
  • Reduce Patch Timing
  • Reduce Patch Timing II
  • Shared APPL_TOP Overview
  • Configure Shared APPL_TOP
  • 11i Database Upgrade I
  • 11i Database Upgrade II
  • Change Session TimeOut
  • Patching
  • Apps Patch Basics
  • Apps Patch Basics II
  • Apply Apps Patch
  • CPU Overview
  • Steps to Apply CPU Patch
  • CPU Patch on Infra Tier
  • CPU Patch on AS Middle Tier
  • Troubleshooting
  • Web Server TS Part I
  • Web Server TS Part II
  • CM Troubleshooting
  • 10g Discoverer with Apps
  • Discoverer Bascis in Apps
  • Discoverer 10g Upgarde Basics
  • Discoverer 10g Configuration Steps with 11i
  • Collaboration Suite
  • Collaboration Suite
  • Calendar Overview
  • Sync Calendar from Mobile I
  • Sync Calendar from Mobile II
  • OCS Mail Architecture
  • Apex / HTMLDB
  • Install Apex 2.2
  • Apex with SSO part I
  • Apex with SSO part II
  • SSO Authentication Schemes
  • Certification
  • Possible Certifications for DBA
  • Apps DBA Certification
  • 1Z0-311-OCA-10g OAS Overview
  • 1z0-312-OCP-10g OAS Overview
  • 1z0-312 - Managing Customization and Topology
  • 1z0-312 - Cloning and Staging OAS
  • Apps DBA Jobs
  • Working / Apps DBA in UK
  • Oracle Recruiting Apps DBA's
  • Apps DBA Jobs Updated Regularly
  • Apps Job at Satyam
  • Useful Links
  • Good Metalink Notes
  • petefinnigan's Oracle Security
  • Linux Basics
  • Atul Mehta's Oracle Links
  • Others
  • Apps DBA Training Institute
  • 1 Year Journey of this Blog
  • How To ?
  • Change APPS Password
  • Preserve Customizations
  • Blog Roll
    Apps / E-Business Suite
  • Steven Chan Apps
  • Anil Passi Technical
  • Fadi Apps DBA
  • Senthil Apps DBA
  • Bas Klaassen EBS DBA
  • Sam Apps DBA
  • Black Geek Apps DBA
  • Bandari Apps
  • Vikram ERP Architect
  • OraBiz
  • Eric Core DBA
  • SOA
  • Navdeep Saini Apps DBA
  • tugdualgrall Web Services
  • Mohan Dutt's Apps Certification
    IdM
  • Nishant Kaushik's IdM
  • Nulli Blog, OAM
  • Identity Musing
  • Identity nd Access Management
    Core DBA
  • Vidya Bala DBA
  • Sabdar DBA
    Data Management
  • Ivan Pellegrin Data Management


  • We have moved to http://onlineAppsDBA.com kindly check http://onlineAppsDBA.comin future
    Oracle Single Sign-On Server for Apps DBA
    Wednesday, November 15, 2006
    Register for R12 upgrade
    Today lets discover Single Sign-On (SSO) like why its used , advantages of using it , what all different type of applications can use SSO including technical details of SSO .

    What is Single Sign-On Server (SSO) ?
    As name says Single-Sign On Server is set of services (Software) which enables login to Application once which will allow you to login to Ppartner Applications with no need to login again. Lets assume I have configured single SSO Server for Portal , E-Business Suite, Collaboration Suite plus some other other applications, Now if I login to any one of them & after that if I wish to login to other applications I should be able to login without supplying passwords again.

    How will I log off then ?
    This is called as Single Sign-Off which is part of SSO server , If you logout from any one application SSO server will log off from all applications.

    What are Technology Stack components of SSO Server ?
    SSO consist of OC4J_Security & HTTP Server which are part of Oracle Identity Management which inturn part of Oracle Infrastructure Server which in turn part of Oracle Application Server. SSO server uses Oracle Internet Directory to store User Credentials in encrypted format for Partner Applications . If some one ask you to bounce SSO server , you bounce either of them or both . Oracle components uses mod_osso which is part of Oracle HTTP Server to connect to SSO server.

    Partner Application & External Applications ?
    As mentioned above lot of time about Partner Applications ; Partner Applications are the one which delegates their authentication to SSO server (like Portal, Discoverer, E-Business Suite, Collaboration Suite) where as External Applications are applications which don't delegate their authentication to SSO Server (like yahoo, google, hotmail applications).
    What does delegating Authentication means here ? Delegating authentication means partner application will ask sso to verify if a user is authenticated properly or not where as external application will check username/password at their end sso server will simply hold username/password in OID (If users select remember external application password)

    Request Flow when SSO is used ...
    Very important to understand request flow when a application is configured with SSO & user tries to access Application .
    1) User first time tries to access application (like portal, collabsuite, apps 11i) configured with sso server
    2) Application checks that there is no login cookie set into User(Clients) browser so Application redirects it to Single Sign-On Server via mod_osso
    3) Single Sign-On Server returns login page to user & user enter his/her username/password
    4) SSO validates these password against one stored in Oracle Internet Directory
    5) If password matches then SSO return a token to client with list of all applications which user has access and return client back to original application
    6) This token is stored as part of cookie in user's/client's browser & further connections from client to applications will be allowed (as authentication token is already in cookie)

    Do you know how to access Single Sign-On server from browser or what is SSO URL ?
    Lot more on OID & Identity Management including IM Cluster coming soon ...

    Labels: , ,


    We have moved to

    http://onlineAppsDBA.com

    kindly check onLineAppsDBA.com in future

    add to del.icio.usdel.icio.us  ¦  digg thisDigg This  ¦  My Yahoo!My Yahoo  ¦  RedditReddit  ¦  add to BlinkListBlinkList   ¦  Furl ItFurl It  ¦  Email This Email This  ¦     Leave Your Comments
    posted by Atul Kumar @ 9:34 AM  
    44 Comments:
    • At 6:50 PM, Anonymous Anonymous said…

      Hi Atul. Nice to read this brief document on SSO. Can you provide me any metalink DOC ID or any other pointer where i could see more basic to implementation level information.

      Thanks,
      Praveshgupta@rediffmail.com

       
    • At 7:02 PM, Blogger Atul Kumar said…

      Hi Pravesh,
      Thanks a lot. You need implementation of SSO which 10g Application Server or E-Business Suite or any other oracle product ?

      Regards
      Atul Kumar

       
    • At 1:15 PM, Blogger Atul Kumar said…

      Hi
      If you want to configure SSL then use OWM Oracle wallet manager & in ssl.conf use directive

      SSLWallet file {locationOfWallet}



      If this is for OCA , Oracle Certifying Authority this is compltere separate component on Application Server

      Atul

       
    • At 3:50 PM, Anonymous Anonymous said…

      Hi Atul,
      Can we avoid using SSO and let application automatically recognize user id we type when starting our computer ?
      Thanks

       
    • At 5:25 PM, Blogger Atul Kumar said…

      Neto,
      Yes you can do by implementing windows Native Authentication via kerbros . This is mentioned in SSO Administration Guide.

      Atul

       
    • At 7:39 AM, Anonymous Anonymous said…

      Hi Atul,
      Can you tell me where I can find SSO Administration Guide ?
      I didn't find it on OTN with other books.
      Thanks.

       
    • At 7:46 AM, Blogger Atul Kumar said…

      http://download-uk.oracle.com/docs/cd/B14099_19/idmanage.1012/b14078/toc.htm


      Atul

       
    • At 7:47 AM, Anonymous Anonymous said…

      Hi Atul,
      Thanks, I've seen this document but is there a pdf document?
      It will be easier to find string (like Kerberos for example).
      Are you heart that someone has successfully implemented windows Native Authentication via Kerberos so that anyone can connect to eBusiness Suite without entering user name or user password?

       
    • At 9:51 AM, Blogger Atul Kumar said…

      Neto,
      To be frank I have not seen anyone implemented windows native authentication or better to say zero sign on on E-Business suite login but you can try on Test Server

       
    • At 10:21 PM, Anonymous Anonymous said…

      Hi Atul,

      i am Priya working as Apps DBA.I have implemented Windows native authentication with oracle where you can lgoin directly to applicationw ithout username/password.

       
    • At 11:03 PM, Blogger Atul Kumar said…

      Hi Priya,
      Thats a good thing. Cheers ... Is this for 10g Application server only or also intergrated this with E-Business suite ?

       
    • At 10:59 AM, Blogger Sanchit Jindal said…

      Hi Pervesh,

      Some Info Integrating Oracle E-Business Suite Release 11i with Oracle Internet Directory and Oracle Single Sign-On can be had from Note:261914.1

       
    • At 2:17 PM, Blogger Yathish said…

      Hi Atul,

      Can you give me some guide lines on Implementing SSO with other "Applications like Mail, 3rd party appl, WNA etc"

      Yathish

       
    • At 2:20 PM, Blogger Atul Kumar said…

      Yatish,
      Each application has its own sso mechanism another check is if that application support SSO or not . Most of Oracle application use mod_osso for sso access. Kindly check each application's document for configuring it with SSO Server

       
    • At 4:55 PM, Blogger Hank said…

      Hi, Atul,

      What is I have different passwords in in different applications (supposed I have the same user name for all apps), will SSO validates all these passwords?

      Thanks,

      Hank

       
    • At 8:59 AM, Blogger Atul Kumar said…

      If various applications share same SSO instance then they will have same password (Though different username can be mapped to single account in various applications )

       
    • At 12:31 PM, Anonymous Anonymous said…

      Hi Atul,

      Can we integrate a single Oracle 10gAS for SSO with peoplesoft,JD Edwards and E-business suite? If yes, can you suggest me any doc. or white paper on this topic and how to implement the same?

       
    • At 12:47 PM, Blogger Atul Kumar said…

      For Integrating 10g AS SSO with E-Business Suite check

      233436.1 Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i

      https://metalink.oracle.com/metalink/plsql/docs/10g-Implementation.pdf (11i with SSO build 4)



      For integration with peoplesoft and Siebel I'll cover in near fture here

       
    • At 11:34 AM, Blogger vinkal desai said…

      Hi Atul,

      A very good brief doc on SSO.It helped me to understand the basics.
      Can u help me for how to login to portal which is SSO enabled. When i try to login it asks me for SSO login/pwd. what should i enter. I am using 10gAS(9.0.4) with OID running on separate host(infra server). I tried with username=orcladmin and password=deafult passwd(manager1) but it is givin error as "Your password has expired. Please contact administrator to reset it"

       
    • At 3:08 PM, Anonymous Anonymous said…

      Hi Atul,
      I want SSO put in login the last username entered, how can do this?

       
    • At 11:56 AM, Anonymous Anonymous said…

      hi can u guide me how to install SSO SDK iam not clear in that part

       
    • At 2:02 PM, Blogger Unknown said…

      Hi Atul,

      I have Installed 10g Application server 10.1.2 and SOA. Now my user wants me to use SSO Fot Authentication all the components of SOA. Any Suggestions on How to Integrate them I am Quite new to this and your suggestion would be most helpful.

      Thanks,
      Poornima.

       
    • At 2:03 PM, Blogger Unknown said…

      Can you point me to IOD user management Doc.

      Thanks,
      Poornima.

       
    • At 12:03 AM, Blogger Atul Kumar said…

      Check OIDDAS for OID user management .

      http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b15996/das_admin.htm#CHDGFFGG

       
    • At 12:03 AM, Blogger Atul Kumar said…

      http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b15996/toc.htm

       
    • At 9:57 AM, Blogger Atul Kumar said…

      For installing SSOSDK check metalink Note

      182701.1 Install and Configure SSO SDK and Servlet Partner Application

       
    • At 5:02 PM, Blogger Rama said…

      Hello Atul,
      We have 9i AS and 11.5.10.2, and we are planning to implement SSO. Is that possible to do "SSO" on 9iAS? If so, how can we do that?
      I read somewhere that, for "SSO", minimum requirement is 10g AS.
      Thanks in Adv,
      Miriyala

       
    • At 11:53 PM, Blogger Massimo said…

      Atul,

      Two questions:
      1) o you usually install SSO on a separate host or on the same host as the middle tier?
      2) In the second case, if you use SSL, you'll need to have separate ports for SSO and middle tier web servers. Correct?

      Thanks,

      Massimo

       
    • At 7:25 AM, Blogger Atul Kumar said…

      Massimo,
      Default installation of sso is with OID (infrastructure tier)

      but for security point of view I would prefer SSO on middle tier.

      2) In the second case, if you use SSL, you'll need to have separate ports for SSO and middle tier web servers. Correct?

      Yes, thats right.

       
    • At 11:07 AM, Blogger Unknown said…

      Atul,

      I am using 10.1.2 as my 10g AS. So does this doc hold good for it ???

      regards,
      Poornima.

       
    • At 7:35 PM, Blogger Atul Kumar said…

      Yes Poornima

       
    • At 11:07 PM, Anonymous Anonymous said…

      Hi Atul,

      Its nice to read details on Oracle products.

      My question.
      Can we upgrade OID database version from 10.1.0.5 to 10gR2?

      (Oracle AS Infrastructure 10g 10.1.4.0.1)

      Thank you.

       
    • At 8:26 PM, Blogger Atul Kumar said…

      Yes 10.1.4 OID is certified with 10.2.X database as well check certification track at

      http://www.oracle.com/technology/software/products/ias/files/idm_certification_101401.html#BABIDJBH

      We are moving to http://OnLineAppsDBA.com so in future kindly contact me on On Line Apps DBA site

       
    • At 12:19 PM, Anonymous Anonymous said…

      Hello Atul,
      We have 9i AS and 11.5.10.2, and we are planning to implement SSO. Is that possible to do "SSO" on 9iAS? If so, how can we do that?
      I read somewhere that, for "SSO", minimum requirement is 10g AS.
      and can you please adv. how to check the 9i AS version from backend.

      Thanks in Adv,
      Will be waiting

      Rahman

       
    • At 12:21 PM, Anonymous Anonymous said…

      Hello Atul,
      We have 9i AS and 11.5.10.2, and we are planning to implement SSO. Is that possible to do "SSO" on 9iAS? If so, how can we do that?
      I read somewhere that, for "SSO", minimum requirement is 10g AS.
      can you please also advice how to check the 9i as version from backend
      Thanks in Adv,


      Rahman

       
    • At 12:42 PM, Blogger Atul Kumar said…

      Rahman,
      You should have minimum 10.1.2.0.2 and with latest patchset of SSO-Apps Integration 10.1.4 Identity Management should be installed

      For more info check our new site http://onLineAppsDBA.com

       
    • At 11:35 AM, Blogger Hitesh said…

      Hi Atul

      I was successful in configuring Windows Native Authentication on a single node network of App-Infra Server. However I am unable to do so for a load balanced network.

      I have 2 infra servers say server1.mydomain.com and server2.mydomain.com and the load balancer hostname is server.mydomain.com

      Now the service account as well as the keytab should be created individually for the 2 servers i.e. server1 and server2 or for the load balanced one i.e. server

      I tried with server because the Oracle 10.1.4 doc says so. However, this does not work. I am confused as to how will each server authenticate itself against the KDC i.e. how will the server decide that it needs to authenticate using the load balancer's credentials against the KDC ?

      Regards,
      Hitesh

       
    • At 12:04 PM, Blogger B P Kothari said…

      Hi Atul,

      We are trying to integrate Oracle EBS with IBM Tivoli Access Manager (TAM) using TAM's virtual junction. IBM does not support any other junction for EBS integration.

      We have externalized the authentication module and implemented necessary interface (IPASAuthInterface).

      From TAM/webSEAL we are passing iv-user http header which is user id. But in custom authenticaion module we are not getting http headers.

      In custom auth class if we use hardcoded user it works.

      In TAM/webseal log it is clear that user id is being passed as http header but somewhere its stripped off.

      I would also share some URLs from Oracle forum, where other people also facing the issue:-
      http://forums.oracle.com/forums/thread.jspa?threadID=692699&tstart=90
      http://forums.oracle.com/forums/thread.jspa?threadID=374411

      http://blogs.oracle.com/stevenChan/2006/05/indepth_using_thirdparty_ident.html

       
    • At 6:33 PM, Blogger Harmeet said…

      Hi Atul,

      I have a question. I am integrating EBS with OSSO/OID. But the final authentication will be delegated to 2 Tivoli LDAPs. And all users will be in these 2 Tivoli LDAPs. So, how do I make DNs in OID,
      a> Should I make 2 DNs in OID to store users from both the LDAPs separately?
      b> Or should I just make 1 common DN container?

      Now, why I am asking this is because I am unsure that if I make 2 different or 1 single DN in OID, how will OID decide that a particular user is in which Tivoli LDAP and delegate authentication to it?

      Regards,
      Harmeet

       
    • At 10:04 AM, Anonymous Anonymous said…

      I have followed the steps APEX with SSO integration and getting error, any idea what to investigate
      [OSSO] E34: Unable to assure integrity of communication with SSO server

       
    • At 5:06 PM, Anonymous Anonymous said…

      Hi,

      We are trying to integrate Oracle AS/Form Server (with RMS module) with IBM Tivoli Access Manager (TAM) using TAM's virtual junction.

      We have externalized the authentication module and implemented necessary interface (IPASAuthInterface).

      From TAM/webSEAL we are passing iv-user http header which is user id. But in custom authenticaion module we are not getting http headers.

      When Id is hardcoded in custom auth class it works perfectly fine.

      In TAM/webseal log it is clear that user id is being passed as http header but somewhere its stripped off.

      I would also share some URLs from Oracle forum, where other people also facing the issue:-
      http://forums.oracle.com/forums/thread.jspa?threadID=692699&tstart=90
      http://forums.oracle.com/forums/thread.jspa?threadID=374411

      http://blogs.oracle.com/stevenChan/2006/05/indepth_using_thirdparty_ident.html

      Is there anyway we can circumvent OAS/SSO stripping out Http Header information. or do you recommend any other solution to overcome this issue.

      You can send info at vikas_kadam@ahold.com or vikas_kadam@hotmail.com
      Thanks.

       
    • At 11:21 PM, Blogger Kumar said…

      Hi Hitesh,

      I'm running into same issue,configuring WNA with LBR hostname.Could you please post if there are any updates on that issue.

      Thanks,
      kumar.

       
    • At 12:24 PM, Anonymous Anonymous said…

      hi atul,
      im new to OAS.im trying to configure OAS with SSO.But my basic questions are,
      1)how to create partner application in OAS ?
      2)After creating partner application
      OAS creates Login/Logout URL how to use them?
      3)when t(OSSO) will shows me single sign on window( login window)?

       
    • At 12:24 PM, Blogger Shrinivas said…

      hi atul,
      im new to OAS.im trying to configure OAS with SSO.But my basic questions are,
      1)how to create partner application in OAS ?
      2)After creating partner application
      OAS creates Login/Logout URL how to use them?
      3)when t(OSSO) will shows me single sign on window( login window)?

       
    Post a Comment
    << Home
     
    About Me


    Name: Atul Kumar
    Home: London, United Kingdom

    About Me: I am Independent Oracle consultant. If you wish to hire me on Contract or to Quote on project basis contact me at
    atul @ onlineappsdba.com

    See my complete profile

    View Atul Kumar's profile on LinkedIn

    E-mail Subscription

    Enter your email address:

    Delivered by FeedBurner

    Search
    Only search this Blog
    Categories
  • Advanced Topics
  • Application Server
  • Apex / HTMLDB
  • Apps 11i
  • Apps R12
  • Autoconfig
  • Basics
  • Certification
  • Cloning
  • Discoverer
  • Fusion
  • OID
  • Patching
  • Printer
  • Single Sign-On
  • Useful Sites & Forum
  • Previous Post
    Archives
    Add On
     

    Add to Technorati Favorites

     

     

    Add to Google

     

    Add to My AOL

     

    Subscribe in Bloglines

     

    Subscribe in NewsGator Online

     
    Powered by



    Hits Since 30, Jul 06

    Blog Counter

    Technology Blogs - Blog Top Sites
    Comments
    ADs
    Copyright © 2006 teachmeoracle.com All rights reserved Presented by Atul Kumar