Ariba 9r1 - Architecture Overview for FORUM.jpg

Version 1
    Click to view larger image

    Ariba Upstream and Downstream desired topology.


    I need the Suppliers to connect to the Upstream environment and use the credentials provided to them by invitation and be authenticated using the Ariba provided crypto auth mechanism.

    I need to internal users (employees and admins) using Buyer to authenticate using the Downstream environment and provide the credential to authenticate through Ariba against Active Directory.

    How can this be done and still have Upstream and Downstream modules be integrated? 

    If I was designing this from scratch it would be easy using a variety of mechanisms (TAI, tokens, WS-Security, etc.), but do not understand what has been done here. 

    Ariba Buyer has been around for years and now implementing Upstream is putting a dependency to route authentication through the Upstream environment.  Does not make sense or am I not understanding.

    Is what I am describing here doable?

    1. Internal users authenticate against AD and through separate web and app servers

    2. External users authenticate against Ariba and through separate web and app servers

    3. Any integration with Spend Analytics and Contract Management can be done through web service calls between Downstream and Upstream.


    Thank you