Customers who are planning to upgrade Oracle eBusiness 11.5.10 to R12 and desire single sign on capabilities between each EBS module and/or between EBS and other business applications will need to integrate with Oracle Access Manager 11.1.1.5.0 (OAM 11g) and Oracle Internet Directory 11.1.1.5.0 (OID 11g).
Many Oracle eBusiness 11.5.10 customers who plan on upgrading to R12 are faced with the fact that R12 is no longer offering OSSO for native single sign on capabilities. If you are a customer already using OSSO in EBS 11.x, then you will need Oracle Access Manager 11.1.5.0 to retain those single sign on capabilities.
Most of our customers are moving forward with a co-existence strategy that uses Oracle Access Manager for both environments (11i & R12), and also utilizes Oracle’s directory solution; Oracle Internet Directory 11.1.1.5.0, in order to synchronize Active Directory with native EBS users residing in the FND_USER table. Oracle Internet Directory has a native synchronization capability called DIP that allows you to create profiles which synchronize the two directories. Since Oracle Internet Directory can integrate with EBS, and Active Directory can’t, this allows customers to leverage Active Directory credentials during the EBS single sign on process.
However, customers who do want to pursue a co-existence strategy and already leverage the native Oracle Single Sign On (OSSO 10g) capabilities within their Oracle Application Server environment, will need to integrate with Oracle Access Manager 11.1.1.5.0 by redirecting users to OSSO, which will operate as a proxy between EBS 11i and OAM 11g. Oracle Internet Directory is then used to handle external authentication by synchronizing with Active Directory and EBS FND_USER.
Pursuing this strategy allows for a gradual transition from your EBS 11i environment to R12 without impacting the end user community or removing any single sign on capabilities that user community already benefits from and experiences using EBS today.
To understand more about Oracle’s support policy for Oracle Single Sign On, please refer to this link: http://www.oracle.com/us/support/library/057419.pdf. Oracle’s official recommendation is to integrate EBS 11i with Oracle Access Manager 10g, since integration with Oracle Access Manager 11g is not supported. However, we have been able to do this with other customers who wanted to simplify their web access management infrastructure and did not want to stand up two separate Access Management versions/environments.
Ideally, for customers who want to make the most of their Access Manager investment, they will consider utilizing Oracle Access Manager for more than just single sign on for Oracle EBS. They will leverage OAM as their WAM solution across all of their web applications for SSO across the enterprise.