140 likes | 298 Views
Oracle Single Sign-On Sridhar Gangapuram Manager, Oracle Applications (Phoenix) Roger Raj Sr. Technical Director (Oracle). Project ONE CLICK. : 12/26/2006. Agenda. Project Goals and Objectives Previous Architecture Current Architecture Oracle Modules Project Cycles Challenges
E N D
Oracle Single Sign-On Sridhar Gangapuram Manager, Oracle Applications (Phoenix) Roger Raj Sr. Technical Director (Oracle) Project ONE CLICK : 12/26/2006
Agenda • Project Goals and Objectives • Previous Architecture • Current Architecture • Oracle Modules • Project Cycles • Challenges • Details of Technology Architecture • How Does Windows Native Authentication Work ? • Other Technology Elements • ONE CLICK Integration Road-Map • ONE CLICK Demo • Q&A
Project Goals and Objectives Goals: Implement Oracle Apps Single Sign-on Implement Discoverer Single Sign-on Objectives: On ONE CLICK get into Oracle Apps On ONE CLICK get into Oracle Discoverer
Previous Architecture Forms Server 9i version Linux Server – Oracle Apps Components Reports Server 9i version Discoverer Server 4i Version Essbase Server Optio Reporting-Fax Server APRO EFT Server Oracle & SFDC Reporting Server Hyperion Server
Current Architecture S I N G L E S I G N O N Linux Server – SSO Linux Server – Oracle Apps Components Portal DBI OID Forms Server 9i version Reports Server 9i version Microsoft AD Oracle & SFDC Reporting Server Optio Reporting-Fax Server APRO EFT Server Essbase Server Hyperion Server
Project Cycles IT CRP1 IT + Business CRP2 CRP3 IT + Business UAT IT + Business IT MOCK IT + Business GO-LIVE
Challenges • Business Test Cases • Business SOX Controls 250 plus • Apps Functionality All Modules • Custom Reports 100 • Interfaces 10 in/out bound interfaces • Customer Facing Documents 20 • Regions 4 Major Regions • IT Test Cases • IT SOX Controls 50 plus • 10G Patching • EUL Patching • Oracle and AD Integration • Hardware New 10G Linux Server
Details of Technology Architecture • ONE CLICK’s Integration with Windows Native Authentication • AD session created on login • Oracle 10g AS can use this information • Kerberos enables session verification • Similar to Windows Exchange server • No more login challenges! • Fully compliant with SmartCards or Common Access cards • Session is controlled by MS-Windows Kerberos • Userids/passwords are controlled by MS-AD
Partner Application 3. User requests a URL ClientBrowser 7. User is granted access to application • User logs into • the corporate network 4. Partner redirects authentication to Oracle 10gAS Server Oracle Application 2. Kerberos session Ticket is created 5a. 10gAS queries Kerberos if the user has logged in 5b. Receives successful ticket from Kerberos 6. Sends success message to Partner Oracle 10gAS SSO Server Active directory How Does Windows Native Authentication Work ?
Other Technology Elements • Oracle 10g Application Server • Single sign-on component • Oracle Internet Directory for User’s Id and groups • 10g Discoverer – Drake version • Allows capture of single sign-on id • Users CLIENT_IDENTIFIER • No need to create and manage DB users (as in the past releases) • Tied to a web-based implementation • No client tools need to be installed on desktops!
ONE CLICKIntegration Road-Map • Make sure desktops are on XP-SP2 or above • Install 10g Application Server • Install 11i EBS 3.2 rollup patch (now 4.0 is available) • Make 11i a partner to 10gAS • Install Windows Native Auth support for 10gAS • Modify discoverer work pages to work with SSO-id • Test, document and migrate to production!
ONE CLICK Demo Oracle Applications Oracle Discoverer End Result is USERS are HAPPY !
Q & Q U E S T I O N S A N S W E R S Q&A A