Configure OSSO Agent for Oracle E-Business Suite with OAM 11g

Step by Step instructions to configure Oracle 10g Single Sign-On Server (OSSO) agent for EBS (R12) with Oracle Access Manager (OAM) 11g are detailed in this article. EBS integration with Oracle 10gAS has been very popular before Oracle 10gAS SSO gone out of support. Many customers are still left with Oracle 10gAS Integration: Oracle Apps SSO OID Registration (10gAS Integration). OAM Integration with EBS needs an EBS AccessGate, which is a WebLogic Application. Oracle Access Manager(OAM) 11g R1(11.1.1.5) with Oracle E-Business Suite(EBS) R12 describes AccessGate setup and OAM Integration with EBS. In this article, I am going to demonstrate registering EBS environment with OAM without AccessGate, still using mod_osso module (which is used in Oracle 10gAS Integration). This is quite useful if you have hundreds of EBS environments that are to be SSO enabled and creating a separate AccessGate for each EBS environment needs a lot of server resources and man hours.  Here is a quick list of differences with AccessGate and OSSO Agent configurations.

Installing and Configuring 11g Webgate with OHS 11g

Step by Step instructions to install and configure OAM 11g Webgate (11.1.1.5) with Oracle HTTP Server (OHS) 11g (11.1.1.5) are described in this article. OAM 11g Server supports 10g Webgates, 11g Webgates, and OSSO (mod_osso) agents. OAM WegGate 10g(10.1.4.3) Integration with OAM 11g R1 (11.1.1.5.1) Server would detail 10g Webgate installation and configuration with OAM 11g. 11g Webgate has got few security enhancements. Here is a quick list of differences between 10g and 11g Webgates.

Feature	11g Webgate	10g Webgate
Download Page	Oracle Identity Management 11g	Oracle Identity Management 10g (10.1.4.x)
Platform	Generic version for all platforms	Platform Specific
JDK	JDK is required	JDK is NOT required
GCC Libraries	Required	Required
Agent Registrations	Can be performed after Webgate installation	To be performed before Webgate installation
OHS Integration	to be performed after installation (manually)	Installer updates OHS configurations
Webgate Cookie	OAMAuthnCookie_<host:port>_<random number>	ObSSOCookie
OAM Server Cookie	OAM_ID	OAM_ID
Webgate Request Cookie	OAM_REQ	OAM_REQ

OAM Custom Login Forms / Pages in Oracle Access Manager 11g

Step by Step instructions to create an external OAM Custom Login Form, deploy it in WebLogic domain, and using it in OAM Authentication Scheme are described in this article. It is not uncommon to brand the SSO login form to match the company’s requirement. OAM Server needs two user inputs (username, and password) and a parameter (request_id) submission from OAM Custom Login Form. As long as these requirements are met, this form can be customized to any extent. This has to be a server page (JSP or ASP), not an HTML form. I am going to deploy a JSP file in to a WebLogic Server that runs in a separate server. This form can be deployed on OAM Server itself or externally on some other Application Server, where WebLogic or any J2EE server is installed. I would be calling Login form directly out of WebLogic, without an HTTP server in-front of the WebLogic.

Oracle Fusion Middleware 11g R1 Patchset Numbers

Oracle Fusion Middleware Upgrade needs the right patch set(PS) application to the environment. I have come up with a quick list of all the Fusion Middleware patches in this article. Oracle Fusion Middleware Patchsets (Patchset 2 onwards) are cumulative. For example: If you would like to upgrade Oracle HTTP Server 11g Release1 Patchset 3 (11.1.1.4.0) to PS5 11.1.1.6, you do NOT have to apply 11.1.1.5.0 and 11.1.1.6.0, rather you can directly apply 11.1.1.6.0 on top of 11.1.1.4.0.

Likewise, Oracle Fusion Middleware 11g Release 1 Patchset 5(11.1.1.6.0) can be applied to the following existing Oracle Fusion Middleware installations: 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0, or 11.1.1.5.0.  If you are currently using Oracle Fusion Middleware 11g Release 1 (11.1.1.1.0), then you must first update your environment to Oracle Fusion Middleware 11g Release 1 (11.1.1.2.0) before applying 11g Release 1 (11.1.1.6.0). Some of the new names are confusing, so, here the name again.

• Oracle Fusion Middleware 11g Release1 Patchset 5 (PS5) = 11.1.1.6.0
• Oracle Fusion Middleware 11g Release1 Patchset 4 (PS4) = 11.1.1.5.0
• Oracle Fusion Middleware 11g Release1 Patchset 3 (PS3) = 11.1.1.4.0
• Oracle Fusion Middleware 11g Release1 Patchset 2 (PS2) = 11.1.1.3.0
• Oracle Fusion Middleware 11g Release1 Patchset 1 (PS1) = 11.1.1.2.0

Configure Kerberos WNA for OAM 11g 11.1.1.5

Step by Step instructions to configure OAM 11g 11.1.1.5 with Kerberos for Windows Native Authentication (WNA), and Microsoft Active Directory as identity store are described in this article. Refer to Oracle Access Manager(OAM) 11g R1 11.1.1.5.1 Installation and Configuration for installation of OAM 11.1.1.5. If you’re planning to enable WNA for OAM 11.1.1.3, please refer: Configure Kerberos WNA for OAM 11g 11.1.1.3.  When using Windows Native Authentication, the user credentials must reside in Microsoft Active Directory, which must be registered as the user identity store for Oracle Access Manager. This must be set as a Default Store in OAM 11.1.1.5. OAM 11.1.1.5 offers two options (Default Store and System Store), unlike OAM 11.1.1.3, which treats primary store as both default and system stores. Another interesting thing about OAM 11.1.1.5 is that it can use OVD as the identity store.