Step by Step instructions to configure Oracle 10g Single Sign-On Server (OSSO) agent for EBS (R12) with Oracle Access Manager (OAM) 11g are detailed in this article. EBS integration with Oracle 10gAS has been very popular before Oracle 10gAS SSO gone out of support. Many customers are still left with Oracle 10gAS Integration: Oracle Apps SSO OID Registration (10gAS Integration). OAM Integration with EBS needs an EBS AccessGate, which is a WebLogic Application. Oracle Access Manager(OAM) 11g R1(184.108.40.206) with Oracle E-Business Suite(EBS) R12 describes AccessGate setup and OAM Integration with EBS. In this article, I am going to demonstrate registering EBS environment with OAM without AccessGate, still using mod_osso module (which is used in Oracle 10gAS Integration). This is quite useful if you have hundreds of EBS environments that are to be SSO enabled and creating a separate AccessGate for each EBS environment needs a lot of server resources and man hours. Here is a quick list of differences with AccessGate and OSSO Agent configurations.
Step by Step instructions to install and configure OAM 11g Webgate (220.127.116.11) with Oracle HTTP Server (OHS) 11g (18.104.22.168) are described in this article. OAM 11g Server supports 10g Webgates, 11g Webgates, and OSSO (mod_osso) agents. OAM WegGate 10g(10.1.4.3) Integration with OAM 11g R1 (22.214.171.124.1) Server would detail 10g Webgate installation and configuration with OAM 11g. 11g Webgate has got few security enhancements. Here is a quick list of differences between 10g and 11g Webgates.
|Feature||11g Webgate||10g Webgate|
|Download Page||Oracle Identity Management 11g||Oracle Identity Management 10g (10.1.4.x)|
|Platform||Generic version for all platforms||Platform Specific|
|JDK||JDK is required||JDK is NOT required|
|Agent Registrations||Can be performed after Webgate installation||To be performed before Webgate installation|
|OHS Integration||to be performed after installation (manually)||Installer updates OHS configurations|
|Webgate Cookie||OAMAuthnCookie_<host:port>_<random number>||ObSSOCookie|
|OAM Server Cookie||OAM_ID||OAM_ID|
|Webgate Request Cookie||OAM_REQ||OAM_REQ|
Step by Step instructions to create an external OAM Custom Login Form, deploy it in WebLogic domain, and using it in OAM Authentication Scheme are described in this article. It is not uncommon to brand the SSO login form to match the company’s requirement. OAM Server needs two user inputs (username, and password) and a parameter (request_id) submission from OAM Custom Login Form. As long as these requirements are met, this form can be customized to any extent. This has to be a server page (JSP or ASP), not an HTML form. I am going to deploy a JSP file in to a WebLogic Server that runs in a separate server. This form can be deployed on OAM Server itself or externally on some other Application Server, where WebLogic or any J2EE server is installed. I would be calling Login form directly out of WebLogic, without an HTTP server in-front of the WebLogic.
Oracle Fusion Middleware Upgrade needs the right patch set(PS) application to the environment. I have come up with a quick list of all the Fusion Middleware patches in this article. Oracle Fusion Middleware Patchsets (Patchset 2 onwards) are cumulative. For example: If you would like to upgrade Oracle HTTP Server 11g Release1 Patchset 3 (126.96.36.199.0) to PS5 188.8.131.52, you do NOT have to apply 184.108.40.206.0 and 220.127.116.11.0, rather you can directly apply 18.104.22.168.0 on top of 22.214.171.124.0.
Likewise, Oracle Fusion Middleware 11g Release 1 Patchset 5(126.96.36.199.0) can be applied to the following existing Oracle Fusion Middleware installations: 188.8.131.52.0, 184.108.40.206.0, 220.127.116.11.0, or 18.104.22.168.0. If you are currently using Oracle Fusion Middleware 11g Release 1 (22.214.171.124.0), then you must first update your environment to Oracle Fusion Middleware 11g Release 1 (126.96.36.199.0) before applying 11g Release 1 (188.8.131.52.0). Some of the new names are confusing, so, here the name again.
- Oracle Fusion Middleware 11g Release1 Patchset 5 (PS5) = 184.108.40.206.0
- Oracle Fusion Middleware 11g Release1 Patchset 4 (PS4) = 220.127.116.11.0
- Oracle Fusion Middleware 11g Release1 Patchset 3 (PS3) = 18.104.22.168.0
- Oracle Fusion Middleware 11g Release1 Patchset 2 (PS2) = 22.214.171.124.0
- Oracle Fusion Middleware 11g Release1 Patchset 1 (PS1) = 126.96.36.199.0
Step by Step instructions to configure OAM 11g 188.8.131.52 with Kerberos for Windows Native Authentication (WNA), and Microsoft Active Directory as identity store are described in this article. Refer to Oracle Access Manager(OAM) 11g R1 184.108.40.206.1 Installation and Configuration for installation of OAM 220.127.116.11. If you’re planning to enable WNA for OAM 18.104.22.168, please refer: Configure Kerberos WNA for OAM 11g 22.214.171.124. When using Windows Native Authentication, the user credentials must reside in Microsoft Active Directory, which must be registered as the user identity store for Oracle Access Manager. This must be set as a Default Store in OAM 126.96.36.199. OAM 188.8.131.52 offers two options (Default Store and System Store), unlike OAM 184.108.40.206, which treats primary store as both default and system stores. Another interesting thing about OAM 220.127.116.11 is that it can use OVD as the identity store.