1 Architecture Overview

This chapter contains this topic:

• Section 1.1, "JD Edwards EnterpriseOne and WebCenter Single Sign-On Architecture".

1.1 JD Edwards EnterpriseOne and WebCenter Single Sign-On Architecture

JD Edwards EnterpriseOne and WebCenter single sign-on (SSO) supports creating contextually linked group spaces in JD Edwards EnterpriseOne, and opening the group space in WebCenter for collaboration among authorized users. Contextually linked group spaces are group spaces that are tied to a JD Edwards EnterpriseOne application form. SSO enables one-time login with multiple access between EnterpriseOne and WebCenter Spaces.

To support JD Edwards EnterpriseOne and WebCenter Spaces SSO, you deploy three major Oracle components:

• EnterpriseOne HTML Web Server

• Oracle Access Manager Server (OAM)

• WebCenter Spaces

OAM ensures SSO security between JD Edwards EnterpriseOne and WebCenter. Oracle Web Service Manager (OWSM) ensures server-to-server security between JD Edwards EnterpriseOne and WebCenter Spaces.

1.1.1 Architecture Overview

This diagram shows the architecture for SSO between JD Edwards EnterpriseOne and Web Center:

Description of the illustration image002.gif

In summary:

1. Users access JD Edwards EnterpriseOne by entering their JD Edwards EnterpriseOne URL in a Web browser, and then entering their SSO user ID and password on the sign-on page.

2. The WebGate component on the Oracle HTTP Server (OHS) captures the user credentials and sends them to Oracle Access Manager (OAM) for authentication.

3. OAM compares the user credentials against the Oracle Internet Directory (OID).

If the SSO user credentials are not in OID, OAM notifies WebGate and the user is denied access to JD Edwards EnterpriseOne.

If OAM finds the SSO user credentials in OID, OAM authenticates the user credentials.

1. After successful authentication, the user accesses the JD Edwards EnterpriseOne HTML client. If the user is WebCenter enabled, the My Web Center Group Spaces link appears under the Action section of the EnterpriseOne menu. Clicking the link opens another browser that opens the WebCenter home page without requiring the user to sign in again.

2. The EnterpriseOne HTML client calls a Web Center web service through OWSM. For example, the EnterpriseOne HTML client fetches a list of group spaces from WebCenter. This creates group space links in the Related Information Application Framework. OWSM secures the communication.

3. When the user clicks the group space link in JD Edwards EnterpriseOne, a new Web browser opens and tries to connect to the WebCenter group space.

4. The WebGate on the WebCenter server determines that the user has been authenticated and allows the user to access the group space without logging in again.

1.1.2 Configuring the SSO Environment

One way to configure SSO is to deploy different components to three machines. The following diagram shows this configuration strategy:

Description of the illustration image003.gif

1.1.3 Software Versions

You download the software components from Oracle Technology Network (OTN). This table identifies the software versions that JD Edwards EnterpriseOne used to configure the SSO solution, and these software versions have been tested:

Software	Version
WebCenter Spaces	11.1.1.5
WebLogic Server	10.3.5.0
Repository Creation Utility (RCU)	11.1.1.5
Oracle Database	11.2.0.1
Oracle Internet Directory (OID)	11.1.1.5
Oracle Access Manager (OAM)	11.1.1.5
Oracle WebGate	11.1.1.5
OWSM (Oracle Web Services Manager) / SOA	11.1.1.5
FMW Web Tier (OHS)	11.1.1.5

The remaining chapters in this document, Chapters 2, 3, and 4, provide information for installing the Oracle software components on three different servers. These chapters are excerpts from the Oracle Fusion Middleware documents, which discuss how to install many other components that you do not need. You can use these three chapters as a guide for understanding which components you need to deploy for your platform. If you need more detail, you can find the component installation information in Oracle documents, which are located on Oracle Technology Network (OTN).

See Also:

• Oracle Fusion Middleware Installation Guide for Oracle Identity Management 11g Release 1 (11.1.1)

  http://docs.oracle.com/cd/E21764_01/install.1111/e12002/toc.htm

• Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager with Oracle Security Token Service 11g Release (11.1.l)

  http://docs.oracle.com/cd/E23943_01/doc.1111/e15478.pdf

• Oracle Fusion Middleware Installation Guide for Oracle WebCenter 11g Release 1 (11.1.1.5) on Oracle Technology Network

  http://docs.oracle.com/cd/E21764_01/install.1111/e12001/toc.htm

• Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter 11g Release 1 (11.1.1.5) on Oracle Technology Network

  http://docs.oracle.com/cd/E21764_01/webcenter.1111/e12405/toc.htm

• Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server 11g Release 1 (10.3.5) on Oracle Technology Network

  http://docs.oracle.com/cd/E21764_01/doc.1111/e14142/toc.htm