Setting up Windows Native Authentication (with Kerberos) Single Sign-On (SSO) within WebLogic can be tricky. One way to accomplish this is to use IIS to front-end the WebLogic cluster. You need to use an IISIdentityAsserter in this scenario. Using an Identity Asserter based on HTTP headers has security implications and it’s important to ensure the communications are locked down between the IIS front-end to the WebLogic cluster. I don’t have much time to type more about this, but was excited about some recent work and wanted to get a quick post up in reference to this.

When installing 10g OID on OEL5, if you run into the following error, you can run the below commands to address the issue:

Error:

OPMN HTTP process fails to start.  When you look in the log file, it says:
/Apache/Apache/bin/httpd: error while loading shared libraries: libdb.so.2: cannot open shared object file:  No such file or directory

To fix, run the following commands:

# ln -s /usr/lib/libgdbm.so.2.0.0 /usr/lib/libdb.so.2
# chmod 755 /usr/lib/libgdbm.so.2.0.0
# chmod 755 /usr/lib/libdb.so.2

We have recently been working on and completed an entire Oracle Fusion Middleware 11g environment setup for a customer:

• Identity Management
• WebCenter (Framework and Services)
• SOA Suite
• UCM

This article is part of the recent work short blurb series.

We recently integrated Oracle IdM with the SAML SSO Service from Google Apps. Now customers can continue to authenticate against OID even while accessing Google Apps assets!

I’m registered and attending the Official Fusion Middleware 11g Launch in DC on July 1.

In a recent press release, Oracle promoted Oracle Identity Manager (OIM) focusing on the hot-pluggable nature of the product and it’s ability to handle, among other challenges, compliance and demands of SAP.

Oracle has already made a few strategic moves in the identity management space, and…

The Challenge

ABC, a publicly traded services and manufacturing organization, has leveraged Oracle E-Business Suite (EBS) to manage a variety of back-office functions, including their suppliers. Suppliers have been provided data from EBS manually by internal teams — the data sent has varied in both content and as well as format.

Internal teams spend valuable time generating reports manually for external supplier organizations and suppliers are left with the tedious process of generating their own reports. All the while, both groups may be relying on measures out of line with ABC’s priorities.

The Solution

We took a systematic approach to the issue, addressing:

1. EBS/Data
   
2. Discoverer/Reporting Logic
   
3. Portal/UI
   

The Results

Finally, by setting up proper SSO and hooks from Portal to Discoverer and integrating end-to-end all the way down into the database, users in Portal (regardless of whether they are internal or external users) see only what their user account can see. Additionally, by leveraging the latest Portal 10.1.4 features, we were able to provide ABC with a portal that had a completely customized look-and-feel matching their external website exactly.

Within days, the entire solution was architected, designed, and developed. We were all excited about the quick progress and all of ABC’s expectations were exceeded.

M&S has taken our years of Identity Management with products from companies like Oracle to integrate with Google’s popular “Google Apps” offering.  By leveraging an existing Identity Management infrastructure, organizations can seamlessly integrate with Google Apps assets like calendar, mail, documents, sites, and more without requiring their users to login, let alone even have any knowledge of Googe Apps usernames/passwords.

M&S is comfortable with the SAML protocol that Google relies on and can implement an appropriate handshake with a variety of tools and languages, including Java, .NET, PHP, and Perl.

Contact us if you are an existing Google Apps Premier or Education Edition customer that wants to leverage Single Sing-On (SSO).

While using SSO, in order to create a public connection to Oracle Discoverer for Oracle Applications, I suggest creating a service account (user) in EBS and marking that user for LOCAL authentication (instead of SSO).

There may not be many reasons to create a public connection in this scenario, but I did come across one recently and it is not well-documented, so I thought I would share.

Of course, with Oracle BI Discoverer (non-Oracle-Applications), connections are made by database users and creating a public connection doesn’t require any EBS changes.

Bringing together many components of the Oracle Fusion Middleware Suite, as well as Oracle Applications (via E-Business Suite), M&S is uniquely positioned to delivery immense value in a short amount of time.

M&S is designing and implementing a security, integration, and user presentation architecture with Oracle’s EBS, Discoverer, Portal, and Identity Management.