My personal suggestions/thoughts are below.
I'd also suggest you to review Steven Chan's blog as a starting point (this is an excellent resource with lot of pointers to different areas) - https://blogs.oracle.com/stevenChan/entry/oracle_access_manager_11gr2ps2_certified
1. If i do this that mean all user must get from Microsoft Active Directory? what happen if i must create user not exists in Microsoft Active Directory? (sysadmin how it work in this case).
- Please note that you can have different provisioning profile depending on your need. For Sysadmin, it is a local user and the authentication of sysadmin will be handled locally within EBS. You'll control this by profile option Applications SSO Login Types and will be login in using AppsLocalLogin.jsp url
2. Can i login in both EBS username and password and domain username and password?
- My personal view is that this is not a suggested way to keep both avenues open. The more way you open, there are more security issues that you need to be concerned. However, you can set the profile Applications SSO Login Types at user level to achieve this. But you need to use different URLs. AppsLocalLogin.jsp will be for local authentication. The access gate URL will be your domain user access.
3. Any reflect at any module business if we go to this solution like iSupplier? from where we create username of supplier?
- You can implement isupplier and have a external webnode and should be able to configure that to handle authentication locally.
4. If i have oracle MAF solution connect with EBS, this solution open work list notification URL, in this case not required username and password?
- I'd suggest you to review Oracle E-Business Suite Mobile Apps Frequently Asked Questions (FAQ) (Doc ID 2064887.1)