Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Statement of Direction
Oracle Statement of Direction—Oracle Single Sign-On 10gR3
Disclaimer
This document in any form, software or printed matter, contains proprietary information that is the exclusive
property of Oracle. Your access to and use of this confidential material is subject to the terms and conditions
of your Oracle Software License and Service Agreement, which has been executed and with which you agree
to comply. This document and information contained herein may not be disclosed, copied, reproduced or
distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of
your license agreement nor can it be incorporated into any contractual agreement with Oracle or its
subsidiaries or affiliates.
This document is for informational purposes only and is intended solely to assist you in planning for the
implementation and upgrade of the product features described. It is not a commitment to deliver any material,
code, or functionality, and should not be relied upon in making purchasing decisions. The development,
release, and timing of any features or functionality described in this document remains at the sole discretion
of Oracle.
Due to the nature of the product architecture, it may not be possible to safely include all features described in
this document without risking significant destabilization of the code.
Oracle Statement of Direction—Oracle Single Sign-On 10gR3
Purpose ............................................................................................. 2
Introduction ........................................................................................ 2
Future Direction ................................................................................. 3
Impact on Product Stacks .................................................................. 3
Support Information ........................................................................... 4
License Issues ................................................................................... 4
Oracle Fusion Middleware SSO Certification Matrix ........................... 5
Oracle Statement of Direction—Oracle Single Sign-On 10gR3
Purpose
The purpose of this document is to discuss the product plans and the future of Oracle Single
Sign-On (OSSO) 10gR3.
Introduction
OSSO 10gR3 has for some time been the preferred, recommended solution for authenticating
users and achieving single sign-on across multiple applications hosted on Oracle Application
Server - based on Oracle Container for J2EE (OC4J). This includes applications deployed on
standalone OC4J, Oracle Fusion Middleware-based applications such as
Portal/Forms/Reports/Discoverer, WebCenter, and etc., and enterprise applications such as
Oracle E-Business Suite.
As of the Oracle Fusion Middleware 11g release, Oracle’s preferred application server – and the
foundation of the middleware platform – is Oracle WebLogic Server. Oracle Access Manager
10gR3 (OAM 10.1.4.3.0) is the default, preferred authentication and SSO solution for Oracle
Fusion Middleware 11g and Fusion Applications.
Customers can continue to run OSSO 10gR3 on Oracle Application Server (OC4J) and integrate
with Fusion Middleware-based applications running on WebLogic Server 11g. Of course,
customers can also continue to integrate OSSO 10gR3 with applications running on Oracle
Application Server (OC4J) such as Oracle E-Business Suite. Oracle Fusion Middleware (OFM)
11g applications have been certified for integration with 10g OSSO, as summarized in the
certification matrix in “Oracle Fusion Middleware SSO Certification Matrix” section.
To summarize, Oracle Access Manager is Oracle’s strategic product for authentication and single
sign-on and as of the Oracle Fusion Middleware 11g release Oracle is not planning any further
enhancements to OSSO 10gR3. The implications of this product strategy include:
2
Oracle Statement of Direction—Oracle Single Sign-On 10gR3
• No further enhancements will be performed on OSSO 10gR3 server, but bug fixes will
continue as per the Oracle lifetime support policy.
Future Direction
At Oracle, there are 2 web single sign-on (SSO) products available: Oracle Single Sign-On 10gR3
(OSSO) and Oracle Access Manager 10gR3 (OAM). OSSO is available for customers that
purchase Oracle Fusion Middleware. The issue with OSSO is that it is certified on selected
Oracle infrastructure such as Oracle Application Server (OC4J), Oracle HTTP Server (OHS),
and Oracle Internet Directory (OID). For customers with heterogeneous environments with
various application servers, web servers, and LDAP directories, OAM is the recommended
solution. OAM has an extended certification matrix- that covers most popular enterprise
Operating System platforms and technologies.
As a key part of Oracle’s security product strategy, Oracle Access Manager (OAM) becomes the
preferred single sign-on technology for Oracle Fusion Middleware, Oracle Applications, and
heterogeneous 3rd party environments. Over a series of planned and projected releases, Oracle
intends to converge the feature sets of OAM and OSSO, provide upgrades and migrations from
previous OAM and OSSO releases, and provide backward compatibility support for OSSO
customers by certifying both 10g and 11g versions of mod_osso and the 11g version of the
OSSO identity assertion provider for WLS with OAM 11g servers.
The short-term direction is to encourage customers to use OAM 10gR3 for most deployment
scenarios. However, some Oracle products cannot use OAM 10gR3 due to dependencies on
OSSO 10gR3 infrastructure. These products, such as Portal, Forms, Reports, and Discoverer
will continue their dependency on OSSO 10gR3 even in their 11g release. For these customers,
Oracle recommends using OSSO 10gR3 server with mod_osso for OHS 11g or OSSO IAP for
WLS 11g for those products. If these same customers require SSO to any non Oracle stack of
products, then Oracle recommends integrating OSSO 10gR3 with OAM 10gR3 using the well-
documented integration methods.
3
Oracle Statement of Direction—Oracle Single Sign-On 10gR3
Application Development Framework (ADF), and Enterprise Manager – have been certified with
both SSO products.
E-Business Suite
Today, OSSO 10gR3, used in conjunction with Oracle Internet Directory (OID) 10g and
Directory Integration Platform (DIP) 10g, provides authentication and single sign-on to Oracle
E-Business Suite R11 and R12. Customers migrating to OID 11g and DIP 11g can continue to
use OSSO 10gR3, which is certified to work with both products.
Since OAM 10gR3 is the recommended SSO solution in the future, E-Business Suite is planning
to certify multiple releases with OAM 10gR3. OAM 10gR3 may be used directly as a SSO
solution with E-Business Suite and optionally in conjunction with OSSO 10gR3 to support
integration with products in the E-Business Suite technology stack that do not support OAM
such as Discoverer and Portal. Note that both SSO solutions, OSSO 10gR3 and OAM 10gR3,
will work with the 10g and 11g versions of OID and DIP. More information about this
integration will be available on the E-Business Suite website when the full certification process
completes.
License Issues
There is a new license available named “Oracle Access Manager Basic” that is a direct
replacement for the specific OSSO license included in the Oracle Fusion Middleware 10g
package. Any customer that has licenses for OSSO can get OAM by converting their license to
“OAM Basic”. The number of CPUs supported will be exactly the same and customers can
purchase more if necessary. There are restrictions on usage for the “OAM Basic” license. The
restriction is that customers can use OAM to integrate to only the Oracle stack of products. This
means web servers must be OHS, application servers must be OC4J or WLS, and directory
servers must be Oracle Internet Directory.
For more information about the OAM Basic license, please see the licensing documentation for
Oracle Fusion Middleware 11g:
• http://download.oracle.com/docs/cd/E12839_01/doc.1111/e14860/oam_basic.htm#
CHDBECDJ
Support Information
Although OSSO 10gR3 will not receive any enhancements, Oracle will still investigate any issues
and provide fixes once the issues are verified as product issues.
4
Oracle Statement of Direction—Oracle Single Sign-On 10gR3
For more information on Oracle’s lifetime support policy and how that impacts OSSO, please
visit:
• http://www.oracle.com/support/lifetime-support-policy.html
Furthermore, for complete Oracle Fusion Middleware certification details please see the
certification matrix page:
• http://www.oracle.com/technology/software/products/ias/files/fusion_certification.h
tml.
5
Statement of Direction
Oracle Single Sign-On 10gR3
Copyright © 2009, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and
the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other
Oracle Corporation
warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or
World Headquarters
fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are
500 Oracle Parkway
formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any
Redwood Shores, CA 94065
means, electronic or mechanical, for any purpose, without our prior written permission.
U.S.A.
Worldwide Inquiries: Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective
Fax: +1.650.506.7200
oracle.com 0109