PAGE 1

Enabling Single Sign-On for Oracle Applications

Oracle Applications Users Group

Introduction
Organization
Speakers
Security Spectrum
Information Security Spectrum
Oracle Identity Management Platform
Access Control

Access Management Framework

Oracle Access Management System Architecture
Oracle Access Management Integration Architecture
Benefits Access Control System

Oracle Applications (E-Business) Integration

Support Architecture
Integration Flow
Integration of OID and E-Biz (GUID)
Access Gate integration
Third-party directories integration (AD)
Deployment Topology
Best Practices

PAGE 2

Agenda

PAGE 3

Introduction

Who We Are

Founded in 2000
Distinguished Oracle Leader

Technology Momentum Award

Portal Blazer Award
Titan Award Red Stack + HW Momentum Awards
Excellence in Innovation Award

Management Team is Ex-Oracle

Location(s): Headquartered in Atlanta; Regional office in Washington
D.C.; Offshore Hyderabad and Chennai, India

~250 employees with 10+ years of Oracle experience on

average
Inc.500|5000 Fastest Growing Private Company in the U.S.
for the 5th Time
Voted Best Place to work in Atlanta for 2nd year
30 Oracle Specializations spanning the entire stack

PAGE 4

About BIAS Corporation

Profile

Kashif Dhatwani
Practice Director, Identity Management and Data Security
Enterprise and Solution Architect
15+ years of experience in delivering solutions around middleware technologies including Security,
SOA , Portal and Custom developed solutions
7+ years with BIAS Corporation and Previously held positions at Oracle and IBM
Focused on delivering solutions to provide best practices and industry standards based solution to
BIAS customers
Leading team of solution and technical architects for delivery of solutions across multiple industries

Madan Shah

Solution Architect, Identity Management & Data Security

15+ years of experience in middleware technologies
3+ years with BIAS Corporation
Solution Architect, Technical Architect Middleware Technologies including Java / J2EE, Portals, Data
Security and Identity & access Management
Leading Development teams to deliver Solutions for Identity & Access Management and Data Security
Oracle Access Management Suite Plus 11g Certified Implementation Specialist and Oracle Database
11g Security Certified Implementation Specialist

PAGE 5

Speakers

PAGE 6

BIAS Practice Areas

PAGE 7

BIAS Corporation is a recognized leader in Identity & Access Management system assessment,
design and implementation. As an Oracle Platinum partner, BIAS Corporations IDM Practice
provides experienced architects who have expertise in assessment of environments, building
roadmaps, design systems with deep technical experience and implementing solutions using
experienced developers part of BIAS IDM practice.

PAGE 8

Security Spectrum

PAGE 9

Information Security Spectrum

Identity Management

Access Management

Mobile Security

Data Security

Security Container
Single Sign-On
Application Management

Protect your data at Rest and

in Transit
Data Access - Authentication
Data Access Fine Grained
Control
Auditing

Governance
Compliance
Single Source of Truth
Provisioning / Deprovisioning
SoD Separation of Duties

Access Control
Authentication
Authorization
Single Sign-On
Multi-Factor Authentication

PAGE 10

Identity Management Portfolio 11gR2

Modern, Innovative & Integrated
Governance
Oracle Identity
Manager (OIM)
Oracle Privileged
Account Manager
(OPAM)

Oracle Access
Manager (OAM)
Oracle Adaptive
Access Manager
(OAAM)
Oracle API Gateway
(OEG)
Oracle Identity
Federation (OIF)
Oracle Security
Token Services
(OSTS)
Oracle Entitlement
Server (OES)
Oracle Enterprise
SSO (OeSSO)

Mobile Security

Directory

Access

Oracle Unified
Directory (OUD)
Oracle Virtual
Directory (OVD)
Oracle Internet
Directory (OID)

Platform Security Services

Oracle Mobile
Security Suite
(OMSS)
Oracle Access
Manager (OAM)
Oracle Identity
Manager (OIM)

Advanced Security, Data

Masking

Transparent Data Encryption

Network Encryption/Strong Auth
Data Masking for Non-Production

Audit Vault, Database

Firewall

Database Activity Auditing

Database Firewall Monitoring
Centralized Audit Data Warehouse

Maturity of Database Environment

PAGE 11

Oracle Database Security Solutions

Database Vault, Label
Security

Separation of Duties for DBAs

Protection Realms & Rules
Label Based Access Control

PAGE 12

Access Control

PAGE 13

Access Management Framework

External
(partners, vendors)
Web Applications
Web Applications

Single User account

Single Logon

Web Applications

Cloud Providers

Single User account

Single Logon

Internal
LDAP

Architecture

PAGE 14

Oracle Access Management System

Cloud Providers

Federation / SSO

Access Gate

Authentication / SSO

External
(partners, vendors)

On Premise Apps

Webgate

Authentication / SSO

Web Applications

Internal

Web Applications
Web Applications

Oracle Access Manager

LDAP

PAGE 15

Access Management Integration Architecture

Overview

PAGE 16

Identity Management

Centralized Access Management

A centralized security enforcement
A centralized policy control on application access

Single Sign-On

Use one (1) set of credentials to access all your applications

No need to remember multiple user-IDs and passwords
Reduced risk to compromise credentials
One Time login to your first application
Navigate securely to multiple applications

Federation
Single Sign-On for Third-Party application partners
Single Sign-On for Cloud based applications

User Repositories
Integration with multiple user repositories
Support for commonly used LDAPs and Microsoft Active Directory

Productivity
Increase productivity of employees
Maintain compliance standards
Capability to self service such as self password management

PAGE 17

Benefits

PAGE 18

Oracle e-Business Application

Single Sign-On

Support Architecture

E-Business
Suite
12.2.2+
E-Business
Suite 12

Oracle Access Manager

11.1.2.2

Oracle Identity Management

11.1.1.7

Oracle Web Gate

11.1.2.2

Oracle Access Manager

11.1.2.2

Oracle Identity Management

11.1.1.7.0

Oracle Access Manager Webgate

11.1.2.2.0

Oracle E-Business Suite Access Gate

1.2.3.4

11.5.10.2

12.2
12.1.3

PAGE 19

Oracle E-Business and Access Manager

PAGE 20

Integration Architecture
1. User Requests protected resource

Oracle
E-Business
Suite

Oracle
E-Business
Suite

2. User redirected to
EBS Access Gate
Protected by OAM

8. EBS access gate identifies the

EBS user linked to authenticated OID user

4. Webgate connects user to EBS Access Gate

To collect credentials

7. OAM returns user identifier to EBS

access gate

E-Business Suite
Access Gate

3. Webgate Intercepts
Per OAM policies

WebServer
Webgate

6. OAM verifies credentials against user repository

5. User Submits Credentials to OAM Server

Oracle
Access
Manager

Oracle
Internet
Directory

PAGE 21

EBS Access Gate

JAVA EE
Application
Deployed on
WebLogic Domain

Oracle Access Manager

UID +
ORCLGUID

Web Gate

UID +
ORCLGUID

FND_USR Link

Oracle E-Business Suite AccessGate

Oracle Internet Directory

Every User
record has
unique
ORCLGUID

FND_USR Link

E-Business Suite Instance

Database

PAGE 22

Deployment Topology (Clustered)

Oracle E-Business Suite Release 12.2 single sign-on

EBS
AccessGate
WebGate

Oracle Database

Load Balancer

User
Oracle E-Business
Suite Release 12.2.2+

Oracle HTTP Server

Web Server 1
Web Server 2

Oracle Access Manager Server

OAM Server1 OAM Server 2

Oracle Internet Directory

Load Balancer

OID 1

OID 2

PAGE 23

Third-Party LDAP Integration

PAGE 24

Third-Party Access Management

Key Decisions
Provisioning
Unidirectional Provisioning
From Oracle Internet Directory to Oracle E-Business Suite only
From Oracle E-Business Suite to Oracle Internet Directory only
Bi-Directional Provisioning
From Oracle Internet Directory to Oracle E-Business Suite
From Oracle E-Business Suite to Oracle Internet Directory

Corporate User Repositories

Microsoft Active Directory
LDAPs
Databases

Authorization
EBS responsibilities are managed within EBS

Upgrade
Existing environment can upgrade from OSSO to OAM

Co-Existence
Multiple E-Business systems using same Security Framework (Access Manager)

PAGE 25

Architectural Considerations

SSO Infrastructure

High Availability
Disaster Recovery Environment
Performance Considerations
OAM Detached Credential Collector vs Embedded Credential Collector
Multi Factor Authentication and Risk-based Authentications

End To End SSL

Encrypt all HTTP and LDAP Traffic
TLS 1.2/TLS 1.1
Auditing
Out of the Box Auditing functionality provided by OAM for User Authentications
BI Publisher Reports

PAGE 26

Best Practices

PAGE 27

Oracle created the OPN Specialized Program to showcase the Oracle partners who have achieved expertise in Oracle product areas and reached
specialization status through competency development, business results, expertise and proven success. BIAS is proud to be specialized in 30
areas of Oracle products, which include the following:

PAGE 28

Contact Us

Kashif Dhatwani
Practice Director - Identity Management & Data Security
770-685-6240
Kashif.Dhatwani@biascorp.com

PAGE 29