View
218
Download
0
Category
Tags:
Preview:
Citation preview
confidential
Date
Project ONE CLICK
: 12/26/2006
Oracle Single Sign-On
Sridhar Gangapuram
Manager, Oracle Applications (Phoenix)
Roger Raj
Sr. Technical Director (Oracle)
2
Agenda
• Project Goals and Objectives• Previous Architecture• Current Architecture• Oracle Modules• Project Cycles• Challenges• Details of Technology Architecture• How Does Windows Native Authentication Work ?• Other Technology Elements• ONE CLICK Integration Road-Map• ONE CLICK Demo• Q&A
3
Project Goals and Objectives
Goals: Implement Oracle Apps Single Sign-on Implement Discoverer Single Sign-on
Objectives: On ONE CLICK get into Oracle Apps On ONE CLICK get into Oracle Discoverer
4
Previous Architecture
FormsServer
9i version
Reports Server
9i version
EssbaseServer
Linux Server – Oracle Apps Components
OptioReporting-Fax
Server
APRO EFTServer
Oracle & SFDCReporting
Server
HyperionServer
DiscovererServer
4i Version
5
Current Architecture
FormsServer
9i version
Reports Server
9i version
Oracle & SFDCReporting
Server
Linux Server – Oracle Apps Components
OptioReporting-Fax
Server
APRO EFTServer
EssbaseServer
HyperionServer
SINGLE
SIGN
ON
Linux Server – SSO
MicrosoftAD
OID
DBI
Portal
6
Oracle Modules
Oracle Modules
Finance Distribution Human Resources
Reporting
Accounts
Receivables
Order Management
Human Resources
Oracle Discoverer
Accounts Payables
Inventory Optio
Purchasing
Fixed Assets
Cash Management
General Ledger
7
Project Cycles
GO-LIVE
MOCK
UAT
CRP3
CRP2
CRP1 ITIT
IT + BusinessIT + Business
IT + BusinessIT + Business
IT + BusinessIT + Business
ITIT
IT + BusinessIT + Business
8
Challenges
• Business Test Cases• Business SOX Controls 250 plus• Apps Functionality All Modules• Custom Reports 100• Interfaces 10 in/out bound interfaces• Customer Facing Documents 20• Regions 4 Major Regions
• IT Test Cases• IT SOX Controls 50 plus• 10G Patching• EUL Patching• Oracle and AD Integration• Hardware New 10G Linux Server
9
Details of Technology Architecture
• ONE CLICK’s Integration with Windows Native Authentication• AD session created on login• Oracle 10g AS can use this information• Kerberos enables session verification• Similar to Windows Exchange server• No more login challenges! • Fully compliant with SmartCards or Common Access
cards• Session is controlled by MS-Windows Kerberos• Userids/passwords are controlled by MS-AD
10
1. User logs into the corporate network
Active directory
How Does Windows Native Authentication Work ?
ClientBrowser
2. Kerberos session
Ticket is created
PartnerApplication
OracleApplication
3. User requests a URL
Oracle 10gASSSO
Server
4. Partner redirects authentication to Oracle10gAS Server
5a. 10gAS queries Kerberos if the user has logged in
6. Sends success message to Partner
7. User is granted access to application
5b. Receives successful
ticket from Kerberos
11
Other Technology Elements
• Oracle 10g Application Server• Single sign-on component• Oracle Internet Directory for User’s Id and groups
• 10g Discoverer – Drake version• Allows capture of single sign-on id• Users CLIENT_IDENTIFIER • No need to create and manage DB users (as in the
past releases)• Tied to a web-based implementation• No client tools need to be installed on desktops!
12
ONE CLICK Integration Road-Map
• Make sure desktops are on XP-SP2 or above• Install 10g Application Server• Install 11i EBS 3.2 rollup patch (now 4.0 is available)• Make 11i a partner to 10gAS• Install Windows Native Auth support for 10gAS• Modify discoverer work pages to work with SSO-id• Test, document and migrate to production!
13
ONE CLICK Demo
Oracle Applications
Oracle Discoverer
14
Q&A
Q&Q U E S T I O N SQ U E S T I O N SA N S W E R SA N S W E R SA
Recommended