PAGE 1

Enabling Single Sign-On for Oracle Applications

Oracle Applications Users Group
Agenda

PAGE 2
Introduction

Organization
Speakers

Security Spectrum

Information Security Spectrum

Oracle Identity Management Platform

Access Control

Access Management Framework

Oracle Access Management System Architecture
Oracle Access Management Integration Architecture
Benefits Access Control System

Oracle Applications (E-Business) Integration

Support Architecture
Integration Flow
Integration of OID and E-Biz (GUID)
Access Gate integration
Third-party directories integration (AD)
Deployment Topology
Best Practices
 PAGE 3
Introduction
About BIAS Corporation

PAGE 4
Who We Are

Founded in 2000
Distinguished Oracle Leader
Technology Momentum Award
Portal Blazer Award
Titan Award Red Stack + HW Momentum Awards
Excellence in Innovation Award
Management Team is Ex-Oracle
Location(s): Headquartered in Atlanta; Regional office in Washington
D.C.; Offshore Hyderabad and Chennai, India
~250 employees with 10+ years of Oracle experience on
average
Inc.500|5000 Fastest Growing Private Company in the U.S.
for the 5th Time
Voted Best Place to work in Atlanta for 2nd year
30 Oracle Specializations spanning the entire stack
Speakers

PAGE 5
Profile

Kashif Dhatwani
Practice Director, Identity Management and Data Security
Enterprise and Solution Architect
15+ years of experience in delivering solutions around middleware technologies including Security,
SOA , Portal and Custom developed solutions
7+ years with BIAS Corporation and Previously held positions at Oracle and IBM
Focused on delivering solutions to provide best practices and industry standards based solution to
BIAS customers
Leading team of solution and technical architects for delivery of solutions across multiple industries

Madan Shah
Solution Architect, Identity Management & Data Security
15+ years of experience in middleware technologies
3+ years with BIAS Corporation
Solution Architect, Technical Architect Middleware Technologies including Java / J2EE, Portals, Data
Security and Identity & access Management
Leading Development teams to deliver Solutions for Identity & Access Management and Data Security
Oracle Access Management Suite Plus 11g Certified Implementation Specialist and Oracle Database
11g Security Certified Implementation Specialist
BIAS Practice Areas

PAGE 6
 PAGE 7
BIAS Corporation is a recognized leader in Identity & Access Management system assessment,
design and implementation. As an Oracle Platinum partner, BIAS Corporations IDM Practice
provides experienced architects who have expertise in assessment of environments, building
roadmaps, design systems with deep technical experience and implementing solutions using
experienced developers part of BIAS IDM practice.
 PAGE 8
Security Spectrum
Information Security Spectrum

PAGE 9
Identity Management Access Management Mobile Security Data Security
Governance Access Control Security Container Protect your data at Rest and
Compliance Authentication Single Sign-On in Transit
Single Source of Truth Authorization Application Management Data Access - Authentication
Provisioning / De- Single Sign-On Data Access Fine Grained
provisioning Multi-Factor Authentication Control
SoD Separation of Duties Auditing
Identity Management Portfolio 11gR2

PAGE 10
Modern, Innovative & Integrated

Governance Access Directory Mobile Security

Oracle Identity Oracle Access Oracle Unified Oracle Mobile

Manager (OIM) Manager (OAM) Directory (OUD) Security Suite
Oracle Privileged Oracle Adaptive Oracle Virtual (OMSS)
Account Manager Access Manager Directory (OVD) Oracle Access
(OPAM) (OAAM) Oracle Internet Manager (OAM)
Oracle API Gateway Directory (OID) Oracle Identity
(OEG) Manager (OIM)
Oracle Identity
Federation (OIF)
Oracle Security
Token Services
(OSTS)
Oracle Entitlement
Server (OES)
Oracle Enterprise
SSO (OeSSO)

Platform Security Services

Oracle Database Security Solutions

PAGE 11
Advanced Security, Data Audit Vault, Database Database Vault, Label
Masking Firewall Security

Transparent Data Encryption Database Activity Auditing Separation of Duties for DBAs
Network Encryption/Strong Auth Database Firewall Monitoring Protection Realms & Rules
Data Masking for Non-Production Centralized Audit Data Warehouse Label Based Access Control

Maturity of Database Environment

 PAGE 12
Access Control
Access Management Framework

PAGE 13
External
(partners, vendors)
Web Applications

Web Applications

Web Applications
Single User account

Cloud Providers
Single Logon

Single User account

Single Logon

Internal

LDAP
Oracle Access Management System

PAGE 14
Architecture
Access Management Integration Architecture

PAGE 15
Cloud Providers

Federation / SSO

Access Gate
Authentication / SSO

On Premise Apps
External
(partners, vendors)

Webgate
Authentication / SSO

Web Applications

Internal
Web Applications

Web Applications

Oracle Access Manager

LDAP
Identity Management

PAGE 16
Overview
Benefits

PAGE 17
Centralized Access Management
A centralized security enforcement
A centralized policy control on application access

Single Sign-On
Use one (1) set of credentials to access all your applications
No need to remember multiple user-IDs and passwords
Reduced risk to compromise credentials
One Time login to your first application
Navigate securely to multiple applications

Federation
Single Sign-On for Third-Party application partners
Single Sign-On for Cloud based applications

User Repositories
Integration with multiple user repositories
Support for commonly used LDAPs and Microsoft Active Directory

Productivity
Increase productivity of employees
Maintain compliance standards
Capability to self service such as self password management
 PAGE 18
Oracle e-Business Application
Single Sign-On
Oracle E-Business and Access Manager

PAGE 19
Support Architecture

E-Business Oracle Access Manager 11.1.2.2

Suite Oracle Identity Management 11.1.1.7
12.2.2+
Oracle Web Gate 11.1.2.2

Oracle Access Manager

E-Business 11.1.2.2

Suite 12 Oracle Identity Management 11.1.1.7.0

Oracle Access Manager Webgate 11.1.2.2.0
Oracle E-Business Suite Access Gate 1.2.3.4

11.5.10.2 12.2

12.1.3
Integration Architecture

PAGE 20
1. User Requests protected resource

Oracle Oracle
E-Business E-Business
Suite Suite

2. User redirected to 8. EBS access gate identifies the

EBS Access Gate EBS user linked to authenticated OID user
Protected by OAM

4. Webgate connects user to EBS Access Gate

To collect credentials

7. OAM returns user identifier to EBS

access gate
WebServer E-Business Suite
Webgate Access Gate
3. Webgate Intercepts
Per OAM policies

6. OAM verifies credentials against user repository

5. User Submits Credentials to OAM Server

Oracle Oracle
Access Internet
Manager Directory
 EBS Access Gate

PAGE 21
JAVA EE
Application
Deployed on
WebLogic Domain

UID + UID +
Oracle Access Manager Web Gate FND_USR Link
ORCLGUID ORCLGUID E-Business Suite Instance
Database

Oracle E-Business Suite AccessGate

Oracle Internet Directory

Every User
record has
unique
ORCLGUID

FND_USR Link
Deployment Topology (Clustered)

PAGE 22
Oracle E-Business Suite Release 12.2 single sign-on

EBS
AccessGate
Oracle Database
WebGate
Load Balancer

User
Oracle E-Business
Suite Release 12.2.2+

Oracle HTTP Server

Web Server 1
Web Server 2

Oracle Access Manager Server Oracle Internet Directory

Load Balancer
OAM Server1 OAM Server 2
OID 1 OID 2
Third-Party LDAP Integration

PAGE 23
Third-Party Access Management

PAGE 24
Architectural Considerations

PAGE 25
Key Decisions

Provisioning
Unidirectional Provisioning
From Oracle Internet Directory to Oracle E-Business Suite only
From Oracle E-Business Suite to Oracle Internet Directory only
Bi-Directional Provisioning
From Oracle Internet Directory to Oracle E-Business Suite
From Oracle E-Business Suite to Oracle Internet Directory

Corporate User Repositories

Microsoft Active Directory
LDAPs
Databases

Authorization
EBS responsibilities are managed within EBS

Upgrade
Existing environment can upgrade from OSSO to OAM

Co-Existence
Multiple E-Business systems using same Security Framework (Access Manager)
Best Practices

PAGE 26
SSO Infrastructure
High Availability
Disaster Recovery Environment
Performance Considerations
OAM Detached Credential Collector vs Embedded Credential Collector
Multi Factor Authentication and Risk-based Authentications

End To End SSL

Encrypt all HTTP and LDAP Traffic

TLS 1.2/TLS 1.1

Auditing

Out of the Box Auditing functionality provided by OAM for User Authentications
BI Publisher Reports
 PAGE 27
Oracle created the OPN Specialized Program to showcase the Oracle partners who have achieved expertise in Oracle product areas and reached
specialization status through competency development, business results, expertise and proven success. BIAS is proud to be specialized in 30
areas of Oracle products, which include the following:
Contact Us

PAGE 28
Kashif Dhatwani

Practice Director - Identity Management & Data Security

770-685-6240

Kashif.Dhatwani@biascorp.com
PAGE 29