confidential

Date

Project ONE CLICK

: 12/26/2006

Oracle Single Sign-On

Sridhar Gangapuram

Manager, Oracle Applications (Phoenix)

Roger Raj

Sr. Technical Director (Oracle)

2

Agenda

• Project Goals and Objectives• Previous Architecture• Current Architecture• Oracle Modules• Project Cycles• Challenges• Details of Technology Architecture• How Does Windows Native Authentication Work ?• Other Technology Elements• ONE CLICK Integration Road-Map• ONE CLICK Demo• Q&A

3

Project Goals and Objectives

Goals: Implement Oracle Apps Single Sign-on Implement Discoverer Single Sign-on

Objectives: On ONE CLICK get into Oracle Apps On ONE CLICK get into Oracle Discoverer

4

Previous Architecture

FormsServer

9i version

Reports Server

9i version

EssbaseServer

Linux Server – Oracle Apps Components

OptioReporting-Fax

Server

APRO EFTServer

Oracle & SFDCReporting

Server

HyperionServer

DiscovererServer

4i Version

5

Current Architecture

FormsServer

9i version

Reports Server

9i version

Oracle & SFDCReporting

Server

Linux Server – Oracle Apps Components

OptioReporting-Fax

Server

APRO EFTServer

EssbaseServer

HyperionServer

SINGLE

SIGN

ON

Linux Server – SSO

MicrosoftAD

OID

DBI

Portal

6

Oracle Modules

Oracle Modules

Finance Distribution Human Resources

Reporting

Accounts

Receivables

Order Management

Human Resources

Oracle Discoverer

Accounts Payables

Inventory Optio

Purchasing

Fixed Assets

Cash Management

General Ledger

7

Project Cycles

GO-LIVE

MOCK

UAT

CRP3

CRP2

CRP1 ITIT

IT + BusinessIT + Business

IT + BusinessIT + Business

IT + BusinessIT + Business

ITIT

IT + BusinessIT + Business

8

Challenges

• Business Test Cases• Business SOX Controls 250 plus• Apps Functionality All Modules• Custom Reports 100• Interfaces 10 in/out bound interfaces• Customer Facing Documents 20• Regions 4 Major Regions

• IT Test Cases• IT SOX Controls 50 plus• 10G Patching• EUL Patching• Oracle and AD Integration• Hardware New 10G Linux Server

9

Details of Technology Architecture

• ONE CLICK’s Integration with Windows Native Authentication• AD session created on login• Oracle 10g AS can use this information• Kerberos enables session verification• Similar to Windows Exchange server• No more login challenges! • Fully compliant with SmartCards or Common Access

cards• Session is controlled by MS-Windows Kerberos• Userids/passwords are controlled by MS-AD

10

1. User logs into the corporate network

Active directory

How Does Windows Native Authentication Work ?

ClientBrowser

2. Kerberos session

Ticket is created

PartnerApplication

OracleApplication

3. User requests a URL

Oracle 10gASSSO

Server

4. Partner redirects authentication to Oracle10gAS Server

5a. 10gAS queries Kerberos if the user has logged in

6. Sends success message to Partner

7. User is granted access to application

5b. Receives successful

ticket from Kerberos

11

Other Technology Elements

• Oracle 10g Application Server• Single sign-on component• Oracle Internet Directory for User’s Id and groups

• 10g Discoverer – Drake version• Allows capture of single sign-on id• Users CLIENT_IDENTIFIER • No need to create and manage DB users (as in the

past releases)• Tied to a web-based implementation• No client tools need to be installed on desktops!

12

ONE CLICK Integration Road-Map

• Make sure desktops are on XP-SP2 or above• Install 10g Application Server• Install 11i EBS 3.2 rollup patch (now 4.0 is available)• Make 11i a partner to 10gAS• Install Windows Native Auth support for 10gAS• Modify discoverer work pages to work with SSO-id• Test, document and migrate to production!

13

ONE CLICK Demo

Oracle Applications

Oracle Discoverer

14

Q&A

Q&Q U E S T I O N SQ U E S T I O N SA N S W E R SA N S W E R SA