Statement of Direction OSSO10g

Oracle Single Sign-On (OSSO) 10gR3

Statement of Direction

Oracle Statement of Direction—Oracle Single Sign-On 10gR3

Disclaimer

This document in any form, software or printed matter, contains proprietary information that is the exclusive

property of Oracle. Your access to and use of this confidential material is subject to the terms and conditions

of your Oracle Software License and Service Agreement, which has been executed and with which you agree

to comply. This document and information contained herein may not be disclosed, copied, reproduced or

distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of

your license agreement nor can it be incorporated into any contractual agreement with Oracle or its

subsidiaries or affiliates.

This document is for informational purposes only and is intended solely to assist you in planning for the

implementation and upgrade of the product features described. It is not a commitment to deliver any material,

code, or functionality, and should not be relied upon in making purchasing decisions. The development,

release, and timing of any features or functionality described in this document remains at the sole discretion

of Oracle.

Due to the nature of the product architecture, it may not be possible to safely include all features described in

this document without risking significant destabilization of the code.


Purpose ............................................................................................. 2

Introduction ........................................................................................ 2

Future Direction ................................................................................. 3

Impact on Product Stacks .................................................................. 3

Support Information ........................................................................... 4

License Issues ................................................................................... 4

Oracle Fusion Middleware SSO Certification Matrix ........................... 5


2

Purpose The purpose of this document is to discuss the product plans and the future of Oracle Single

Sign-On (OSSO) 10gR3.

Introduction OSSO 10gR3 has for some time been the preferred, recommended solution for authenticating users and achieving single sign-on across multiple applications hosted on Oracle Application Server - based on Oracle Container for J2EE (OC4J). This includes applications deployed on standalone OC4J, Oracle Fusion Middleware-based applications such as Portal/Forms/Reports/Discoverer, WebCenter, and etc., and enterprise applications such as Oracle E-Business Suite. As of the Oracle Fusion Middleware 11g release, Oracle’s preferred application server – and the foundation of the middleware platform – is Oracle WebLogic Server. Oracle Access Manager 10gR3 (OAM 10.1.4.3.0) is the default, preferred authentication and SSO solution for Oracle Fusion Middleware 11g and Fusion Applications. OSSO is made up of two components: a server component deployed as a J2EE application on Oracle Application Server (OC4J); and a web server plug-in, called mod_osso, for Apache–based Oracle HTTP Server (OHS). OSSO 10gR3 server is not supported on WebLogic Server (WLS) and as a consequence, OSSO 10gR3 server is being placed into maintenance mode starting with the OFM 11g release. OSSO’s web server plug-in components – mod_osso – are certified for OHS 11g. An additional client component, an OSSO Identity Assertion Provider [IAP], was introduced and is bundled with OFM 11g to facilitate integration with WebLogic Server 11g (WLS 10.3.1). Note that the OSSO Identity Assertion Provider is a WebLogic Server 11g (WLS 10.3.1) security provider that is used to insert the authenticated user into the JAAS subject of the WLS application container. Customers can continue to run OSSO 10gR3 on Oracle Application Server (OC4J) and integrate with Fusion Middleware-based applications running on WebLogic Server 11g. Of course, customers can also continue to integrate OSSO 10gR3 with applications running on Oracle Application Server (OC4J) such as Oracle E-Business Suite. Oracle Fusion Middleware (OFM) 11g applications have been certified for integration with 10g OSSO, as summarized in the certification matrix in “Oracle Fusion Middleware SSO Certification Matrix” section. To summarize, Oracle Access Manager is Oracle’s strategic product for authentication and single sign-on and as of the Oracle Fusion Middleware 11g release Oracle is not planning any further enhancements to OSSO 10gR3. The implications of this product strategy include:

• There is no WebLogic Server based 11g version of OSSO server.

• OSSO client components – mod_osso for OHS 11g and OSSO IAP for WLS 10.3.1 are available to facilitate integration between OSSO 10gR3 server and OFM 11g.


3

• No further enhancements will be performed on OSSO 10gR3 server, but bug fixes will continue as per the Oracle lifetime support policy.

Future Direction

At Oracle, there are 2 web single sign-on (SSO) products available: Oracle Single Sign-On 10gR3 (OSSO) and Oracle Access Manager 10gR3 (OAM). OSSO is available for customers that purchase Oracle Fusion Middleware. The issue with OSSO is that it is certified on selected Oracle infrastructure such as Oracle Application Server (OC4J), Oracle HTTP Server (OHS), and Oracle Internet Directory (OID). For customers with heterogeneous environments with various application servers, web servers, and LDAP directories, OAM is the recommended solution. OAM has an extended certification matrix- that covers most popular enterprise Operating System platforms and technologies. Oracle Access Manager certification matrix:

• http://www.oracle.com/technology/products/id_mgmt/coreid_acc/pdf/oracle_access_manager_certification_10.1.4_r3_matrix.xls

As a key part of Oracle’s security product strategy, Oracle Access Manager (OAM) becomes the preferred single sign-on technology for Oracle Fusion Middleware, Oracle Applications, and heterogeneous 3rd party environments. Over a series of planned and projected releases, Oracle intends to converge the feature sets of OAM and OSSO, provide upgrades and migrations from previous OAM and OSSO releases, and provide backward compatibility support for OSSO customers by certifying both 10g and 11g versions of mod_osso and the 11g version of the OSSO identity assertion provider for WLS with OAM 11g servers. The short-term direction is to encourage customers to use OAM 10gR3 for most deployment scenarios. However, some Oracle products cannot use OAM 10gR3 due to dependencies on OSSO 10gR3 infrastructure. These products, such as Portal, Forms, Reports, and Discoverer will continue their dependency on OSSO 10gR3 even in their 11g release. For these customers, Oracle recommends using OSSO 10gR3 server with mod_osso for OHS 11g or OSSO IAP for WLS 11g for those products. If these same customers require SSO to any non Oracle stack of products, then Oracle recommends integrating OSSO 10gR3 with OAM 10gR3 using the well-documented integration methods.

Impact on Product Stacks

Oracle Fusion Middleware 11gR1

Both OAM 10gR3 and OSSO 10gR3 have been certified against Oracle Fusion Middleware

11gR1-based applications. However, OAM 10gR3 is not certified with Oracle Fusion

Middleware-based applications that have a hard dependency on OSSO 10gR3. These Oracle

Fusion Middleware-based applications include Classic Portal, Forms, Reports, and Discoverer.

All other Oracle Fusion Middleware 11g components – including SOA, WebCenter, Oracle


4

Application Development Framework (ADF), and Enterprise Manager – have been certified with

both SSO products.

E-Business Suite

Today, OSSO 10gR3, used in conjunction with Oracle Internet Directory (OID) 10g and Directory Integration Platform (DIP) 10g, provides authentication and single sign-on to Oracle E-Business Suite R11 and R12. Customers migrating to OID 11g and DIP 11g can continue to use OSSO 10gR3, which is certified to work with both products. Since OAM 10gR3 is the recommended SSO solution in the future, E-Business Suite is planning to certify multiple releases with OAM 10gR3. OAM 10gR3 may be used directly as a SSO solution with E-Business Suite and optionally in conjunction with OSSO 10gR3 to support integration with products in the E-Business Suite technology stack that do not support OAM such as Discoverer and Portal. Note that both SSO solutions, OSSO 10gR3 and OAM 10gR3, will work with the 10g and 11g versions of OID and DIP. More information about this integration will be available on the E-Business Suite website when the full certification process completes.

License Issues

There is a new license available named “Oracle Access Manager Basic” that is a direct replacement for the specific OSSO license included in the Oracle Fusion Middleware 10g package. Any customer that has licenses for OSSO can get OAM by converting their license to “OAM Basic”. The number of CPUs supported will be exactly the same and customers can purchase more if necessary. There are restrictions on usage for the “OAM Basic” license. The restriction is that customers can use OAM to integrate to only the Oracle stack of products. This means web servers must be OHS, application servers must be OC4J or WLS, and directory servers must be Oracle Internet Directory. For more information about the OAM Basic license, please see the licensing documentation for Oracle Fusion Middleware 11g:

• http://download.oracle.com/docs/cd/E12839_01/doc.1111/e14860/oam_basic.htm#CHDBECDJ

Support Information

Although OSSO 10gR3 will not receive any enhancements, Oracle will still investigate any issues and provide fixes once the issues are verified as product issues.


5

For more information on Oracle’s lifetime support policy and how that impacts OSSO, please visit:

• http://www.oracle.com/support/lifetime-support-policy.html Furthermore, for complete Oracle Fusion Middleware certification details please see the certification matrix page:

• http://www.oracle.com/technology/software/products/ias/files/fusion_certification.html.

Oracle Fusion Middleware SSO Certification Matrix

The figure below shows the various certifications between Oracle’s SSO products, OAM and

OSSO, with Oracle Fusion Middleware applications.

Statement of Direction

Oracle Single Sign-On 10gR3

Oracle Corporation

World Headquarters

500 Oracle Parkway

Redwood Shores, CA 94065

U.S.A.

Worldwide Inquiries:

Phone: +1.650.506.7000

Fax: +1.650.506.7200

oracle.com

Copyright © 2009, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and

the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other

warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or

fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are

formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any

means, electronic or mechanical, for any purpose, without our prior written permission.

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective

owners.

0109

Documents

Statement of Direction OSSO10g