Add an Oracle JD Edwards Application
The purpose of this tutorial is to walk through the process of setting up an Oracle JD Edwards application with Okta through the Access Gateway Admin UI.
- Access Gateway is installed and configured for use.
See Deploy Access Gateway Using an OVA Image
- Access Gateway has been configured to use your Okta tenant as iDPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta..
See Configure your Okta tenant as an Identity Provider for more information about configuring your Okta tenant as an idP.
- You have administrator rights on your Okta tenant and can assign applications to users, and create groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups..
- You have access to the JD Edwards EnterpriseOne Server Manager Management console and can configure Single Sign on
- Enable Single sign-on in JD Edwards EnterpriseOne Console
- Create the Application in Access Gateway
- Configure the Application
- Test the Application
To enable single sign-on in the JD Edwards environment:
- Sign in to the JD Edwards EnterpriseOne Server Manager Management console as an administrator.
- In Select Instance, select EnterpriseOne HTML Server.
- In the Configuration tile, select View as Advanced, and then click Security.
- Select the Enable Oracle Access Manager check box, and then enter
https://jde-appgate.example.com/spgwLogout in the Oracle Access Manager Sign-Off URL field.
- Click Apply in the Security Server Configuration section.
- In Select InstanceAn instance, or computer instance, is a virtual machine (VM) or individual physical computer, used to host a software appliance., select EnterpriseOne HTML Server,
- Click Stop, and confirm that you want to stop the managed instance.
If a message indicates that the web server configuration (jas.ini) is out-of-date, click Synchronize Configuration.
- Click Start and confirm that you want to start the managed instance.
To create the application in Access Gateway:
Navigate to your Access Gateway Instance.
In the Access Gateway AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. UI, login as an administrator.
Click the Applications tab.
Click + Add to add a new application.
Select Oracle JD Edwards Enterprise One from the application menu, and click Create.
To configure the Access Gateway JD Edwards application.
- In the Essentials pane enter:
Field Value Label The name of the application,
For example: JD Edwards
Public Domain The externally facing URL of the application.
For example: https://jde-external.<gateway.info>
Protected Web Resource The URL and port combination of the Oracle JD Edwards Implementation being protected.
For example: http://jde-app.domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https)..tld:7005
Post Login URL Enter an appropriate target URL.
For example https://jde-external.<gateway.info>.com/jde/owhtml.
Note that the post login URL may contain other elements specific to the implementation.
Group The group containing users who can access the JD Edwards instance.
The Attributes tab displays.
For detailed information on the attribute options, see Application Attributes .
- Confirm the IDP login field.
By default the JD Edwards application template send the login field as the JDE_SSO_UID header.
Change the value of the header field if required.
In addition, you may add any additional header fields required by the application
The Policies tab displays.
For detailed information on the advanced policy directives see Advanced Policy
- On the root policy row click the Pencil icon.
- Expand the Advanced sub-tab.
- In the Custom configuration tab enter a proxy redirect for the target JD Edwards application.
proxy_redirect http://jde-appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in..domain.tld:7005 https://$host:$server_port;
Click Not validated when complete.
If all values are entered correctly the Not Validated button will change to green/Validated.
- Click Okay.
- Click Done.
Select SPAn acronym for service provider. Generally, an SP is a company, usually providing organizations with communications, storage, processing, and a host of other services. Within Okta, it is any website that accepts SAML responses as a way of signing in users, and has the ability to redirect a user to an IdP (e.g., Okta) to begin the authentication process. Initiated or IDP Initiated from the drop down menu associated with the application.
Your Okta tenant administrator may need to assign the application to you.
In addition, if you do not already have an active session for Okta open in your browser, you may be prompted to log in to your Okta account and provide credentials.
- Verify that you are logged into Oracle JD Edwards application correctly.
- Add or review application settings. For more details see Application Settings.
- Add application behaviors. For details and examples of behaviors see Administer Behaviors
- Add fine grained policy to further protect resources.
An overview of user policy can be found in Application Policy User Overview.
For details and examples of policy see Administration User Policy Guide.
- Extend existing policy using Custom configuration, see Advanced Policy.
- Define one or more certificates for use with this application. See Certificate Management
- Add supplemental database or LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. based data stores. For more information see Administer DataStores