Accessing E-Business Suite Instances with Single Sign-On

Accessing E-Business Suite Instances with Single Sign-On

Oracle Application Server 10g Enterprise Edition, Oracle Internet Directory , Oracle Single Sign-on Server , and the Oracle Single Sign-on Software Development Kit are required to enable Single Sign-On functionality for the E-Business Suite.

Implementing Single Sign-On (SSO) functionality for the E-Business Suite allows organizations to share one user definition throughout multiple parts of their enterprise. Typically, the common user definition is stored in a Lightweight Directory Access Protocol (LDAP) repository such as Oracle Internet Directory (OID). Oracle Internet Directory serves as a central repository for user credentials and other user information for all Oracle products, including Oracle Application Server 10g Enterprise Edition and Oracle Portal. This user information is periodically synchronized with the E-Business Suite instance through a combination of Oracle Workflow and Oracle Applications patches.

Oracle Single Sign-on Software Development Kit (SSOSDK) release 9.0.2 is required to support Oracle Single Sign-On 10g integration with the E-Business Suite. It allows the E-Business Suite to register as a partner application to the Oracle Single Sign-On Server, giving users the ability to access other registered partner applications with a single credential (for example, a username/password combination). It is expected that Oracle will upgrade this partner application integration method to use mod_osso in future versions of this integration.

As a partner application, the E-Business Suite also supports Single Sign-Off. Release 11i users can simultaneously terminate a Single Sign-On session and log out of all active partner applications by logging out of whatever application they are working in. Selecting Logout in a partner application returns users to the Single Sign-Off page, where logout occurs.

SSO Components

– Applications

– Partner

– External

– Centralized SSO Server

– Verfies SSO password

– Sets SSO cookie at client

– External app username/password store

– Username/Password managed in LDAP directory

– Oracle Internet Directory (OID)

– Other LDAPv3 directory requires OiD gateway

– Users provisioned through OID Delegated Administrative Services (DAS)