- · pdf fileprovisioning (dip) templates ... authentication vs. authorization identifies the...

<Insert Picture Here>

Using Oracle Application Server 10g with Oracle E-Business Suite Steven ChanDirector, Applications Technology Group

Topics

• Supported Architectures• Features and Benefits• Technical Integration Overview• Integration with Third Party Access Managers & LDAP

Directories• Customer Snapshots

• Release 11i Certification Roadmap• Release 12 Technology Stack Plans• References

Last updated: Oct 22, 2006

Desupport NoticesOr, “Why You Should Plan for OracleAS 10g Now”

• Discoverer 4i October 2006

• Login Server 3.0.9• Portal 3.0.9 July 2007• Oracle Internet Directory 3.0.1

For more details:http://blogs.oracle.com/schan/desupport

However…

If Sun desupports JDK 1.3, the required prerequisite for 3.0.9, in ~ Fall 2006, then Sun’s desupport date overrides Oracle’s for these products.

Now Generally Available!

• E-Business Suite 11i integrations with Oracle Application Server 10g 10.1.2.0.2 and 10.1.2.1 are now certified and Generally Available

Simple Physical Architecture

ExternalUsers

(via VPN)

Release 11iDatabase

InternalUsers

IntranetFirewall

Oracle Application Server 10g• Portal• Single Sign-On• Oracle Internet Directory• Directory Integration & Provisioning• Delegated Administration Services• Discoverer• OracleAS Certificate Authority• OracleAS 10g Metadata Repository

Firewall

Release 11i9iAS 1.0.2.2.2Application Server

11i Integration with OracleAS 10g

• Release 11i instance runs Oracle9i Application Server 1.0.2.2.2

• 11i is integrated with a stand-alone Oracle Application Server 10g instance

• The existing Release 11i application-tier server nodes continue to run on Oracle9i Application Server 1.0.2.2.2

Distributed Architecture

FirewallFirewall

Internet ReverseProxy

Firewall

OracleAS 10gInfrastructure

Database

OracleInternet

DirectoryServer 10gInternal 9iAS 1.0.2

Server

Release 11iDatabase

InternalUsers

ExternalUsers

External9iAS 1.0.2

Server

SingleSign-On 10g

Portal10g

Distributed Architecture Benefits

Enterprise Portal ServerMay be scaled & managed by separate organizations responsiblefor corporate communications

Enterprise Security ServersMay be scaled & managed by separate organizations responsiblefor corporate security and identity management

Enterprise Application ServersMay be scaled & managed by separate organizations responsiblefor enterprise applications such as Oracle E-Business SuiteRelease 11i

OracleAS 10g Integration Benefits

1. Enable Single Sign-On for 11i2. Manage users in Oracle Internet Directory3. Access 11i via custom Portals4. Integrate 11i with third-party PKI, SSO & LDAP

directories, and legacy applications5. Analyse 11i with Discoverer workbooks6. Accelerate 11i performance with WebCache

Enable Single Sign-On for 11i

• E-Business Suite is a Single Sign-On partner application • Log on to Oracle Single Sign-On to get access to all registered partner

applications, including 11i• Log off any one partner application to log off all of them

E-Business Suite 11i Application Server

User

SingleSign-On 10g

Manage Users in Oracle Internet Directory

• Synchronise user credentials bidirectionally between Oracle Internet Directory and Release 11i (FND_USER)

• Set master “source of truth” as OID, Release 11i, or both• Manage user provisioning via powerful OID Directory Integration &

Provisioning (DIP) templates• Link an OID userid with one or more 11i userids “on-the-fly”

E-Business Suite 11i FND_USER

OracleInternetDirectory

DIP

DBMS_LDAP

Access 11i via custom Portals

• Access one or more E-Business Suite 11i instances from a single Oracle Portal instance

• Add 11i portlets to custom Portal pages• Display data in 11i portlets based on 11i responsibilities

OraclePortal 10g

E-BusinessSuite 11i

AppsPortlets

Release 11i Portlets

• Applications NavigatorAccess Applications menus based on user responsibilities

• Applications FavoritesBookmark specific Applications links for quick access

• Applications WorklistSummary of current workflow notifications

• Oracle Balanced ScorecardDisplay status of strategic and tactical business objectives

• Performance Management ViewerDisplay business intelligence key performance indicators in graphical and tabular format

Applications Navigator PortletFlat Mode Tree Mode

Applications Favorites Portlet

Applications Worklist Portlet

Balanced Scorecard Portlets

Integrate 11i with…

• Over 250 adapters for Enterprise Application Integration with third-party applications

• J2EE and open standards-based integration, including:• E-Business Suite, third-party applications, database sources• XML, JMS, JCA• Web Services: SOAP, WSDL, UDDI• B2B Protocols: RosettaNet, HIPAA, EDI

Release 11iLegacyApplication

OracleIntegration

Analyse 11i with Discoverer 10g

• Access APPS_MODE End-User Layer via Business Intelligence System Discoverer workbooks secured by Applications responsibilities

• Provide powerful end-user reporting via ad hoc queries• Drill-down into data via tabular & graphical analytical tools• Run Discoverer on separate cluster for enhanced scalability, wide deployment

Discoverer

E-Business Suite End-User Layer

User

Why Upgrade Discoverer 4i to 10g?

It’s better• Automatic SQL trimming, per user

memory caps, faster, new features

It’s safe• Installation upgrades a copy of 4i

End-User Layer to 10g

It’s low-impact• TIP: Run Discoverer 4i and 10g on

different physical servers to avoid Visibroker conflicts

• Compare 4i and 10g workbooks side-by-side for User Acceptance Tests

It’s free• Your existing Business Intelligence

product license includes 10g

It’s supported• Discoverer 4i is desupported on

October 31, 2006

Start your upgrade now to avoid being

desupported

Tasty Carrots Big Stick

Accelerate 11i Performance with WebCache

• Cache and compress frequently used items• Reduce network consumption and accelerate response time• Can act as a reverse-proxy server• Can act as a load-balancer

WebCache 10g

User E-Business Suite 11i Application Server


Technical Integration Overview

Apps 11i Configuration Options

A. Single Sign-On ServerMinimum requirement for single sign-on support.Release 11i and regions via OA Framework

B. Portal and Single Sign-On ServerOptional.

C. DiscovererOptional. SSO also optional for Discoverer standalone implementations.

OracleAS 10g + 11i Integration Points

APPS_MODE End-User Layer in 11i databaseDiscoverer

Oracle Applications Framework Web Provider & portlets

Portal

Provisioning integrated application via Directory Integration & Provisioning Platform

OID

Single Sign-On partner application via SSO SDK 9.0.2

SSO

Logical Architecture

Ext OracleAS Metadata

SingleSign-On

OracleInternet

Directory

Apps WebProvider &

Portlets

9iAS1.0.2.2.2

11iDatabase(FND_USER)

PortalMetadata

OID UserRepository

DirectoryIntegration

Platform 10g

Third-PartyLDAP(optional)

Third-PartySSO

(optional)

Asynchronousprovisioning

Synchronousprovisioning(DBMS_LDAP)

SSO SDK

Portal

External OracleAS 10g

11i Application Server 11i Database Server

JDB

C/SQ

L*Net

JDB

C/SQ

L*Net

DiscovererMetadata

DiscovererEnd-User

Layer

Authentication vs. Authorization

Identifies the user

OracleSingle

Sign-On

E-BusinessSuite

Authentication Authorization

Identifies data & actions the user

can access

Checks user credentials

Checks user responsibilities

How Single Sign-On Works with 11iOverview

• Unauthenticated users attempting E-Business Suite access are automatically redirected to Oracle Single Sign-On 10g

Oracle SingleSign-On 10g

E-BusinessSuite 9iAS1.0.2.2.2

… delegates user authentication to …

How Single Sign-On Works with 11iOverview

E-Business Suite 11iDatabase

SingleSign-On 10g

Oracle InternetDirectory 10g

OracleAS 10gLDAP Directory

UserE-BusinessSuite 11iApplicationServer

How Single Sign-On Works with 11i

• Step 1: Unauthenticated user attempts to access the E-Business Suite


User


• Step 2: E-Business Suite redirects user to Single Sign-On 10g for authentication


User SingleSign-On 10g


• Step 3: Single Sign-On challenges the user with a logon form

UserSingleSign-On 10g

LogonForm


• Step 4: User provides her credentials via the logon form

UserSingleSign-On 10g

LogonForm


• Step 5: Single Sign-On passes user credentials to Oracle Internet Directory for validation

SingleSign-On10g



• Step 6: Oracle Internet Directory authenticates the user credentials against the OracleAS 10g LDAP Directory (in the OracleAS 10g Metadata Repository)




• Step 7: Single Sign-On provides the authenticated user with a security token

SingleSign-On 10g

User

SSO SecurityToken


• Step 8: User is redirected to E-Business Suite, which accepts the SSO security token as proof of an authenticated user

E-Business Suite 11iApplication Server

User

SSO SecurityToken


• Step 9: E-Business Suite’s application server checks the user’s authorization (i.e Apps responsibilities) in FND_USER


E-Business Suite 11iDatabase (FND_USER)


• Step 10: E-Business Suite issues its own Apps security tokens to the user, redirecting her to the requested Apps module


Apps SecurityToken


User



SingleSign-On 10g



UserE-BusinessSuite 11iApplicationServer

Oracle Internet Directory Integration

• Oracle Internet Directory and FND_USER must be kept synchronised• Supported synchronisation directions:

• From OID to FND_USER (Asynchronous via the Directory Integration & Provisioning Platform)

• From FND_USER to OID (Synchronous via dbms_ldap calls)• Bidirectionally

• Synchronisation events are raised via the Workflow-based Business Event System whenever users are added or modified

E-Business Suite 11i FND_USER

OracleInternetDirectory

DIP

DBMS_LDAP

Link Accounts

OracleInternet

Directory

Userid =“John.Smith”

Release 11i(FND_USER)

Userid =“jsmith”

One-time User Registration• Done at setup time by system administrator

• Optional: can be done by end-user on first logon (“Link on the fly”)

• Useful for situations where existing accounts in Oracle Internet Directory 10g or a third-party LDAP directory differ from existing accounts in Release 11i.

“Link Account”Global Unique Identifier (GUID)

Link to Multiple 11i Accounts

• Note: It’s not possible to link multiple OID accounts to the same 11i account

OracleInternet

Directory

Userid =“John.Smith”

Release 11i(FND_USER)

Userid =“jsmith”

“Link Account”

Userid =“testuser1”

Userid =“testuser2”

Portal Integration

Portal 10g

Apps 11i Portlet

OAF WebProvider

11i App Server

JPDK 3.0.9

Portal Metadata

User

Portal Integration

• Single Sign-On is a prerequisite for Portal

• Oracle Applications Framework Web Provider is registered in Portal 10g

• 11i Portlets communicate with 11i 9iAS 1.0.2.2.2 server:

• Oracle Applications Framework Web Provider

• JPDK 3.0.9

• 11i portlets are added to custom Portal pages• 11i portlet users must have a valid 11i responsibility, validated via ICX_SESSION

Discoverer Integration

• Discoverer 10g End-User Layer resides in 11i database• APPS_MODE option enforces Applications security for all Discoverer

users• Discoverer 10g Server is often deployed standalone for performance

DiscovererServer 10g

DiscovererEnd-User Layer forE-Business Suite

User

Full Discoverer 10g Support for Single Sign-On

• Earlier versions of Discoverer 10g did not support Single Sign-On & Oracle Internet Directory integration for E-Business Suite users

• Full SSO/OID support is now available

• No more dual-maintenance of E-Business Suite user passwords in both FND_USER and OID for standalone Discoverer connections

• See Metalink Note 313418.1 for details

Accelerate 11i Performance with WebCache

• Frequently used items (e.g. images, static text) are cached, compressed, and served by WebCache

• Secured data (I.e. requiring authorization) is not cached• Partial page refresh supported for Portal• Can act as a reverse-proxy server• Can act as a load-balancer

WebCache 10g

User E-Business Suite 11i Application Server


Integrating the E-Business Suite with Third-Party Access Management &LDAP Directories

Third-Party Single Sign-On Integration

Oracle SingleSign-On 10g

E-BusinessSuite 9iAS1.0.2.2.2

Third-PartySSO



Supported Third-Party SSO Integrations

Integrate Oracle Single Sign-On with• Windows Native Authentication via Kerberos• CA Entrust, CA Netegrity, IBM Tivoli, RSA • PKI X.509v3 Digital Certificates• Biometric and smartcard systems• Other SSO systems via custom adapters

• Oracle Identity Federation• Formerly Oblix COREid Federation• SAML, WS-Federation, Liberty Alliance

• Oracle Access Manager• Formerly Oblix COREid Access & Identity• Oracle Identity Federation

If you already have a third-party LDAP…

OracleInternetDirectory10g

E-BusinessSuite DB(FND_USER)

Third-PartyLDAP

… synchronizes user attributes with …

… synchronizes user attributes with …

Supported Third-Party LDAP Integrations

Integrate Oracle Internet Directory with• Microsoft Active Directory 2000/2003• Microsoft Exchange 2000/2003• Sun Java System Directory (Sun ONE / iPlanet) 5.2• Novell eDirectory 8.6 / 8.7• OpenLDAP 2.2• Any LDAP directory via LDIF files• Any other directory via custom DIP agent

• Oracle Identity Manager• Formerly Thor Xellerate Identity Provisioning

• Oracle Virtual Directory• Formerly OctetString Virtual Directory Engine

E-BusinessDatabase(FND_USER)

OracleInternet

Directory


User Password User Password User PasswordX X

Passwords Stored in Third-Party LDAP

• Third-party LDAP:• Handles user authentication, usually with a third-party authentication

solution• Commonly considered “Master” source-of-truth

• Oracle Internet Directory and E-Business Suite take minimal copies of master user definition -- excluding passwords

• E-Business Suite doesn’t maintain user passwords in this configuration


How Third-Party Identity Management works withthe E-Business Suite

Third-Party Integration Architecture

Single Sign-On 10g

OracleInternetDirectory 10g

EndUser

Third-PartySSO

Third-PartyLDAP

Apps 11i9iAS 1.0.2.2.2

Apps 11iDatabase(FND_USER)

How Third-Party Logons Work with 11i

• Step 1. User provides userid & password to third-party single sign-on system

Third-PartySSO


• Step 2. Third-party single sign-on sends user’s credentials to third-party LDAP for authentication

Third-PartyLDAP

Third-PartySSO


• Step 3. Third-party single sign-on provides authenticated user with third-party security token

Third-PartySSO

Third-PartyToken


• Step 4. User attempts to access E-Business Suite, and is redirected to Oracle Single Sign-On 10g

E-BusinessSuite

Single Sign-On10g


• Step 5. Oracle Single Sign-On recognizes the third-party security token, then issues its own

Single Sign-On 10g

SSO Security Token


• Step 6. User is redirected back to E-Business Suite, which recognizes the SSO security token and issues its own

Single Sign-On 10gApps

SecurityToken

E-BusinessSuite

Third-Party Integration Architecture

Single Sign-On 10g


EndUser

Third-PartySSO

Third-PartyLDAP

Apps 11i9iAS 1.0.2.2.2



Customer Case Studies

Customer Snapshots

• Over 1,000 customers deploying so far• At least 30 in production

Customer References Speaking at OpenWorld 2006• RAFAEL Armament Development Authority (S281389)• Regal Beloit Corporation (S283122)

Others Deployed in Production • Amdocs (Israel)• Alcoa (Europe)• Applied Materials (Israel)• Atento (Norway)• Berwind Pharmaceuticals (USA)• Bunnings (Australia)• CapGemini / Councils Online (Australia)• Central Bank of Nigeria• Cisco Systems• Cox Communications (USA)• Fiera Milano (Italy)• General Dynamics Land Sys• General Electric (USA)• Google (USA)

• Guandong Unicom (China)• Inter-Arab Investment Guarantee (Kuwait)• International Enterprises (Singapore)• International Institute for Applied Systems

Analysis (Austria)• Ireland Dept of Defence• Kansas State University• Libgo Travel (USA)• Mitac (Taiwan)• Phoenix Technologies (USA)• Putrajaya (Malaysia)• Telecom Italia Mobile (Italy)• Texas Instruments (USA)• Universal Weather & Aviation (USA)• Wind River Systems (USA)• World Wide Technology

These are not customer references

Integration with MicrosoftActive Directory Only

Single Sign-On10g


EndUser

MicrosoftActiveDirectory

Apps 11i9iAS 1.0.2.2.2


Integration with MicrosoftActive Directory & Kerberos

Single Sign-On 10g


EndUser

Microsoft WindowsNative Authenticationvia Kerberos

Microsoft ActiveDirectory

Apps 11i9iAS 1.0.2.2.2


Internal / External Configuration

FirewallFirewall


Firewall

External9iAS 1.0.2

Server

OracleAS 10gInfrastructure

Database

OracleInternet

DirectoryServer 10gInternal 9iAS

1.0.2 Server

Release 11iDatabase

InternalUsers

SingleSign-On 10g

ExternalUsers

Shared 11i Filesystem

RAC 1 RAC 2

Highly Available

FirewallFirewall

ExternalUsers


Firewall

InternalUsers

WebNode 3

WebNode 4

HTTP LBR2

HTTPLBR1

WebNode 2

WebNode 1

LBR1

SSONode 2

SSONode 1

OracleAS 10gInfrastructure DB

OID 1 OID 2

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.


Release 11iCertification Roadmap

New Certifications Since OpenWorld 2005

Now Available

• SSO 10g Integration Rollup 4 (a.k.a Build 4.0)Full SSL, RAC, DMZ Support

• Oracle Application Server 10g Version 10.1.2.1

• Portal 10.1.4

• Critical Patch Updates (CPUs)• October 2005

• January, April, July, October 2006

Upcoming Certifications

• Oracle Identity Management 10g Ver. 10.1.4

• Oracle Application Server 10g Ver. 10.1.2.2

• Oracle Application Server 10g Ver. 10.1.3.1 Service Oriented Architecture Suite

• Business Intelligence 10g Ver. 10.1.3.2(Siebel Business Analytics, “Maui” release)

"This presentation is for informational purposes only and may not be incorporated into a contract or agreement"


Release 12Technology Stack Plans

Release 12 Technology Stack 3-Tier Logical Architecture

Application

JSP

Forms

Reports

BC4J

OC4J

Web

Lis

tene

rUIX

DatabaseClient

Data Guard

Partitioning

RAC & ASM

Global Single Data Model

JDB

C/SQ

L Net

HTTP / S

Application Tier Overall Structure

COMMON TOP

APPL TOP

Apache 1.3

OC4J

RSF 10.1

AS 10.1.3Java Oracle Home

Reports 10

Forms 10

RSF 10.1

Developer 10.1.2C Oracle Home

RDBMSComponents

RSF 10.2

DatabaseOracle Home

R12 Application Server Tier

• OracleAS 10g 10.1.2 for Forms & Reports Services• Replaces the 8.0.6-based Oracle_Home provided by iAS 1.0.2.2 in

11i

• OracleAS 10g 10.1.3 for Oracle Containers for Java (OC4J)• Replaces the 8.1.7-based Oracle_Home provided by iAS 1.0.2.2 in

11i

• Oracle JDeveloper 10.1.3• JDBC 10.2• JDK 5.0 for web & concurrent processing

Optional External Integrations

Ext OracleAS Metadata

SingleSign-On

OracleInternet

Directory

Apps WebProvider &

Portlets

OracleAS10.1.3

R12Database(FND_USER)

PortalMetadata

OID UserRepository

DirectoryIntegration

Platform 10g


Third-PartySSO

(optional)

Asynchronousprovisioning

Synchronousprovisioning(DBMS_LDAP)

mod_osso

Portal

External OracleAS 10g

R12 Application Server R12 Database Server

JDB

C/SQ

L*Net

JDB

C/SQ

L*Net

DiscovererMetadata

DiscovererEnd-User

Layer

Optional on External Servers for R12

• OracleAS 10g Single Sign-On & Oracle Internet Directory 10.1.2.x

• Discoverer 10.1.2.x• OracleAS 10g 10.1.3.1 SOA Suite• Portal 10.1.4• WebCache 10.1.2.x• Oracle Integration 10.1.2.x• Collaboration Suite 10gR2• Enterprise Manager 10gR2

Apps Portlets in Third-Party Portals

• E-Business Suite portlets expected to be releasedfor third-party portals

• WSRP / JSR-168 compatibility

New and Changed Features

• SSO integration using mod_osso• “SWAN” UI based new local login page• Support for adding custom local login pages• Synchronous provisioning from E-Business Suite to OID• Support for username changes• Pending user creation• On-demand user creation• Support for case-sensitive passwords• Support for E-Business Suite proxy user sessions

Local Login PageRelease 11i User Interface

Local Login PageRelease 12 “SWAN” User Interface

Local Login PageRelease 12 Login Assistance

Local Login Page Benefits

• Replaces the current local login page AppsLocalLogin.jsp• Ability to customize local login page• Automated password reset• Automated userid reminder• Accessibility mode for screen readers

The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

New E-Business Suite Technology Stack Blog

http://blogs.oracle.com/schan

• Certification, desupport announcements• Discussion architectures, advanced

configurations• Early Adopter Programs• Statements of Direction• Supports RSS feedreaders• Discuss Apps techstack topics with

senior Development Architects

OracleAS + E-Business Suite Resources

• Frequently Asked Questions Note 186981.1

• SSO/OID Installation Guide Note 233436.1

• SSO/OID Implementation Guide Note 261914.1

• Portal Installation Guide Note 305918.1

• Discoverer Installation Guide Note 313418.1

• Documentation Roadmap Note 207159.1

• Statement of Direction Note 223927.1


Release 12More SSO/OID Integration Features

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

Synchronous Provisioning Description

• Synchronous user creation and modification• Users can be created or updated in the E-Business Suite

e.g. iStore• This feature provides the capability to create and update users

synchronously in Oracle Internet Directory• Useful for self service user registration applications, especially for

external users • Users can login immediately after self-registration

R12Database(FND_USER)

OID UserRepository

Synchronous provisioning(DBMS_LDAP)

• Eliminates delays in provisioning user attribute changes from the E-Business Suite to Oracle Internet Directory

• Users can log in immediately after self-registration in E-Business Suite applications like iStore

• Reduces potential confusion of users due to lags in the provisioning process

Synchronous Provisioning Benefits

User Name ChangesDescription & Benefits

Description• This feature provides the ability to change the fnd_user username.

• Optionally triggers updates to user entries in Oracle Internet Directory• Username updates are made to the Oracle Internet

Directory attribute designated as the nickname

Benefits• Useful for updating user names in the event of marital status

changes

Pending UsersDescription

• Pending users are optionally created by selected E-Business Suite modules:• User Management (UMX)• Applications that support self-registration (e.g. iStore)

• Pending users are created with a future start and end date• Not activated until approved by a system administrator• If approved, the E-Business user’s dates are updated and the

user is enabled in Oracle Internet Directory• If rejected, the E-Business and OID users are deleted

On-Demand User Creation Description

Possible Scenario• An Oracle Internet Directory instance exists with a large number of

users (e.g. 6 million registered users)• A small subset of those registered OID users require access to the

E-Business Suite (e.g. only 600,000 users)

Implementation Problem• It’s unnecessary and a waste of resources to create equivalent E-

Business Suite accounts for all registered OID users

On-Demand User Creation Description

Solution• On-Demand User Creation creates E-Business Suite accounts for

a registered OID user only if needed

Functional Flow1. User logs into Single Sign-On with their account registered in Oracle

Internet Directory2. User requests access to an E-Business Suite function

(e.g. iStore, iRecruitment)3. An E-Business Suite account is automatically created for the registered

OID user. The two accounts are linked.4. User is permitted immediate access to the requested E-Business Suite

function (e.g. iStore, iRecruitment)

Case-Sensitive PasswordsDescription

• Users must enter passwords in the correct case• Example

• Password stored in user account: “OpenSesame”• User enters “opensesame”: login is rejected• User enters “OpenSesame”: login is accepted

• This setting can be enabled at the site-level

Case-Sensitive PasswordsChanging Passwords

When this feature is enabled:

• A change password hint, FND_SENSITIVE_PASSWORD_CHANGE,reminds the user that their password is case-sensitive

• The hint is displayed on:• SSO “Change Password” dialog for expired passwords• OA Framework “Preferences” page• “Change Password” popup in Forms

Support for Proxy Users

• Allows a user to grant permission to another user to perform a limited set of actions in their name

• Scenario:• Sharon, a vice-president, is going on vacation• Sharon gives permission to John, her secretary, to approve

expense reports in her absence• John logs on using his own account, but temporarily can

access Sharon’s “approve expense report” responsibility• By proxy, John approves expense reports submitted for

Sharon’s review

The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

New E-Business Suite Technology Stack Blog

http://blogs.oracle.com/schan

• Certification, desupport announcements• Discussion architectures, advanced

configurations• Early Adopter Programs• Statements of Direction• Supports RSS feedreaders• Discuss Apps techstack topics with

senior Development Architects

OracleAS + E-Business Suite Resources

• Frequently Asked Questions Note 186981.1

• SSO/OID Installation Guide Note 233436.1

• SSO/OID Implementation Guide Note 261914.1

• Portal Installation Guide Note 305918.1

• Discoverer Installation Guide Note 313418.1

• Documentation Roadmap Note 207159.1

• Statement of Direction Note 223927.1

- · pdf fileprovisioning (dip) templates ... authentication vs. authorization identifies the...

Documents