SSO with AD

Hello list. This question may have been posted before so forgive me if it has.

I'm looking to implement Oracle SSO. Does it have to use Oracle Internet Directory to authenticate against or can it use Microsoft AD? From the documentation I found so far it only talks about using OID.

Thank you.

You can use AD as well.

To clarify:

You can use AD for the login/password matching but the user is still prompted to login with using windows information.

Not sure if you can do complete passthrough though.

Thanks. Are there any documents that talk about how to set it up using AD instead of OID?

Documentation is always lacking in tools areas.

For the most part it was the same. Getting it to auth against users in a specific group and not an entire OU took a little bit to get straight.

If I may chime in, with our SSO solution, you can do the complete promptless pass-through (or not, if you want the users to be prompted, either way, it's configurable)...

A few recommendations:
1. Look up keywords LDAP + E1 on Oracle support for a white paper on the setup.
2. SSO means a lot of different things to a lot of different people. SSO is a slightly different animal than LDAP. It is not really supported with E1 w/o 3rd party products.
3. Don't waste too much energy trying to eliminate the login complete. Its not really worth it. Get AD tied in first.
4. 3rd party products will not eliminate the need to learn LDAP. Search the web for LDAP documentation.
5. Get an LDAP query tool (eg. Softerra LDAP browser is free) and everything will be easier to understand.

Can we eliminate the manual login completely for JDE with SSO? I read it as users still need to log in so they get authenticated against the Oracle SSO server.

We are also looking into the Everest solution so we many have to go that route to eliminate the manual login which is what the boss is trying to accomplish.

I know others can put this more clearly than I, but the answer, in a word, is "no" it can't be done without 3rd party products.

Having said that, you would probably find threads on this topic in jdelist.com pertaining to kerberos integration and on using the E1 portal as a front-end.

The problem is that there isn't a direct link between your Windows credentials and the E1 JAS app. The E1 portal has portlets provided by IBM or Oracle that can provide the user id and password to the JAS server. They tie into the F00927 table. I have heard others talk of using kerberos but I have yet to see any documents that demonstrate that this is possible. Another solution I have seen mentioned is SPNEGO but I have not seen any documents explaining how it can be used with E1.

If you are going to go with a 3rd party, it seems to me that you would want a comprehensive solution like WebSeal or Oracle SSO that can be used with all kinds of authentication systems and web servers? Why spend money on a single purpose solution?

Hi,

If you want to configure SSO with JDE using Oracle Application Server SSO component, then it will require OID and will not work with AD, as Oracle SSO can only be integrate with OID, not with any other LDAP server.
But, you can use Oracle Access Manager to configure SSO with JDE. With OAM you can use Active Directory as your LDAP server.
I hope it helps.
Regards,
Ankur