Single sign on and JDE/OAS

msouterblight1

VIP Member
All,

I am in the process of reviewing Single Sign on, and I had some questions.

1. When using single sign-on, the users must still log in to something, what is it? Do they log in directly to OAS, and then can pass directly to EOne?

2. Is there a way to configure trusted connections between OAS and Windows, so that users can sign into Windows, and not have to sign in again to OAS or EOne??

Matthew
 
When using single sign-on, users would login to an Oracle SSO server, which is backed by an Oracle Internet Directory server. OID is basically an LDAP daemon process supported by an Oracle database server. OID can be synced to any LDAP compliant directory server, but plugins exist and are well documented for Active Directory (for instance).

Yes, the users are passed directly into EnterpriseOne upon completion of the SSO login, provided they have a matching E1 profile in JDE. You can choose to manage user accounts and roles in an LDAP directory, but it isn't required in order to implement SSO.

Yes, you can configure "trusted connections" between OAS and Windows. This is called "Windows Native Authentication". It is also available for Oracle Database, but not very many sites use it.

I implemented Oracle SSO, Oracle OID (with AD to OID one way sync) and Windows Native Authentication (WNA) on EnterpriseOne 8.11 SP1. WNA is not without its flaws, and can be tricky to setup and support (especially to setup on AIX), but it is well worth the effort when you see the users faces light up with joy upon realizing they no longer need to sign on multiple times.

Sure, single sign-on is good, but "Zero Authentication" is much, much better. Just be sure you have a policy to force screen saver locks after a period of inactivity on Windows workstaitons...otherwise you introduce a slight security risk with WNA.
 
Thank you VERY much for your reply. I agree that this will make the users very happy, and we are definitely going to head down this road. Is there anything similar to this available on WebSphere? From the short time we have been running OAS and WebSphere 6 together, it just seems like OAS is much easier to setup, not to mention it has performed much better in our environment. One thing to note though is that we use Oracle 10G as our Database...
 
Yes, SSO is available for WebSphere. Google search WebSphere SSO and "SPNEGO".

The key to the "WNA" feature of Oracle App Server SSO is the Kerberos 5 open standard (KRB5) and the KDC (Key Distribution Center).

I agree with your assesment that OAS is less complicated to install and manage.

For those who are curious, 10.1.2 is the current supported version of OAS, and the included Enterprise Manager tool is both familiar to Oracle database shops and easy to use. This changes somewhat with the 10.1.3 release, in that EM is not part of the OC4J and not a separate free standing component (though you only need one EM to manage your entire "farm" of OAS servers.

Note: 10.1.3 is not yet supported for JDE JAS...but I think something may be in the works based on the SOA features announced in the 8.97 Statement of Direction document you pulled from the Customer Connection).

If you're curious about any possible bias on my part, I must disclose that I've partnered with the JDE team in Denver and spoken about the management simplicity of OAS, as well as the Oracle SSO option, at the most recent Oracle OpenWorld and Collaborate Conferences. I have first hand experience with both WebSphere and OAS (and the briefly supported BEA WebLogic), but I must say I prefer OAS...all things considered.

If you're looking for real world examples of where this has been successfully implemented, I can provide some first hand experiences.
 
Back
Top