Integrate an Oracle E-Business Suite application with Access Gateway

Oracle E-Business Suite (EBS) applications differ from traditional applications in that Access Gateway creates and provides an EBS session cookie used by subsequent EBS calls. Access Gateway doesn't reverse proxy all EBS requests as it does with other application types.

There are two ways to integrate an EBS application with Access Gateway:

  • Classic process flow
  • Rapid process flow

This topic describes the architecture of these process flows and provides instructions for implementing them.

This application uses header variables to exchange user information. You can use the Access Gateway sample header application. See Add a generic header application and Add a sample header application.

Architecture

EBS Rapid process flow EBS Classic process flow
EBS Rapid flow EBS Classic Flow
  1. The user signs in.
  2. Okta sends the user identity to EBS.
  3. Access Gateway verifies the EBS user and generates an EBS session.
  4. The user is redirected to EBS with the EBS session cookie.
  1. The user signs in.
  2. Okta sends the user identity to EBS.
  3. Access Gateway looks up the GUID using the EBS user identity.
  4. Access Gateway sends the GUID (header) or Oracle AccessGate, which generates an EBS cookie.
  5. The user is redirected to EBS with the EBS session cookie.
See Oracle E-Business Suite with Access Gateway Rapid SSO reference architecture. See Oracle E-Business Suite with Access Gateway Classic SSO reference architecture.

Before you begin

Ensure that you meet these requirements before you begin this procedure.

  • Verify that Access Gateway is installed and configured. See Manage Access Gateway deployment.
  • Verify that Access Gateway uses your Okta org as an Identity Provider (IdP). See Configure an Identity Provider in Access Gateway.
  • Verify that you have administrator rights on your Okta org and can create groups and assign applications.
  • Verify that the EBS version is supported. Access Gateway supports the following EBS versions:
    • v12.1
    • v12.2
  • If you use the EBS Classic process flow, verify that EBS is configured with Oracle AccessGate and Oracle Internet Directory (OID) or Oracle User Directory (OUD).
  • If you use the EBS Rapid process flow, verify that EBS is configured and available.
  • If you use the EBS Rapid process flow, verify that EBS_USER is mapped to an Okta org user.
  • If you use the EBS Rapid process flow, verify that the EBS owner has created a DBC file and that it's available to the Access Gateway owner. See Integrate an Oracle E-Business Suite application with Access Gateway for instructions on how to configure EBS for Rapid single sign-on (SSO).

    Rapid EBS SSO uses domain cookies to communicate between Access Gateway and the EBS server. The domain used by the protected service and the externally facing instance of the gateway must share the same domain.

Workflow

  1. Optional. Create a group to assign to the application. See Add an Okta org group.
  2. Rapid process flow only: configure EBS for use with Access Gateway and generate the required DSC file. See Configure Oracle E-Business Suite for Rapid SSO and create the DBC file.
  3. Create an application for either Rapid or Classic EBS SSO. See Create the Rapid or Classic EBS application .
  4. Test the integration. See Test the Oracle E-Business Suite integration.
  5. Troubleshoot the integration. See Troubleshoot Oracle E-Business Suite applications.