Add an Oracle JD Edwards application
The purpose of this tutorial is to go through the process of setting up an Oracle JD Edwards application with Okta through the Access Gateway Admin UI.
This application is part of a class of applications which exchange user information using header variables. See Add a generic header application for more information about the Access Gateway generic header application.
Access Gateway also provides a sample header application. See Add a sample header application.
- Access Gateway is installed and configured for use.
See Manage Access Gateway deployment.
- Access Gateway has been configured to use your Okta tenant as IDP.
See Configure your Okta tenant as an Identity Provider for more information about configuring your Okta tenant as an IDP.
- You have administrator rights on your Okta tenant and can assign applications to users and create groups.
- You have access to the JD Edwards EnterpriseOne Server Manager Management console and can configure Single Sign-On.
- The external app version is supported. Supported Kerberos app versions include:
- v9 or later
- Enable Single Sign-On in JD Edwards EnterpriseOne console
- Create the application in Access Gateway
- Configure the application
- Test the application
To enable single sign-on in the JD Edwards environment:
- Sign in to the JD Edwards EnterpriseOne Server Manager Management console as an administrator.
- In Select Instance, select EnterpriseOne HTML Server.
- In the Configuration tile, select View as Advanced, and then click Security.
- Select the Enable Oracle Access Manager check box, and then enter
https://jde-appgate.example.com/spgwLogout in theOracle Access Manager Sign-Off URL field.
In the Security Server Configuration section, click Apply.
- In Select Instance, select EnterpriseOne HTML Server,
- Click Stop and confirm that you want to stop the managed instance.
If a message indicates that the web server configuration (jas.ini) is out-of-date, click Synchronize Configuration.
- Click Start and confirm that you want to start the managed instance.
To create the application in Access Gateway:
- Sign in to the Access Gateway Admin UI console.
Click the Applications tab.
Click +Add to add a new application.
From the Application menu, select Oracle JD Edwards Enterprise One, and click Create.
To configure the Access Gateway JD Edwards application.
- In the Essentials pane enter:
Field Value Label The name of the application,
For example: JD Edwards
Public Domain The external facing URL of the application.
For example: https://jde-external.<gateway.info>
Protected Web Resource The URL and port combination of the Oracle JD Edwards Implementation that is being protected.
For example: http://jde-app.domain.tld:7005
Post Login URL
Enter an appropriate target URL.
For example https://jde-external.<gateway.info>.com/jde/owhtml.
Note: Post Login URL may contain other elements specific to the implementation.
Group The group containing users who can access the JD Edwards instance.
- Expand the Certificates tab.
By default a wild card self signed certificate is created and assigned to the application when the application is initially created.
- Optional. Click Generate self-signed certificate
A self-signed certificate is created and automatically assigned to the application.
- Optional. Select an existing certificate from the list of provided certificates.
Use the Search field to narrow the set of certificates by common name.
Use the page forward (>)and backward(<) arrows to navigate through the list of available certificates.
Click Next. The Attributes pane appears.
For detailed information on the attribute options, see Application attributes .
- Confirm the IDP login attribute.
By default the JD Edwards application template login field as the JDE_SSO_UID header. Change the value of the header field if required. Add additional header fields required by the application.
Click Next. The Policies pane displays.
- On the root policy row, click the Edit icon.
- Expand the Advanced sub-tab.
- In the Custom configuration tab, enter a proxy redirect for the target JD Edwards application.
proxy_redirect http://jde-app.domain.tld:7005 https://$host:$server_port;
Click Not validated when complete.
If all values are entered correctly, the Not Validated button will change to Validated.
- Click Okay.
- Click Done.
While optional, Okta recommends that all applications include certificates.
See About Access Gateway Certificates for general information about certificate.
See Certificate management tasks for a general task flow for obtaining and assigning certificates.
Click Go to application and select SP Initiated or IDP Initiated from the drop-down box associated with the application.
Your Okta tenant administrator may need to assign the application to you.
Also, if you don't already have an active session for Okta open in your browser, you may be prompted to sign in to your Okta account and provide credentials.
- Verify that you are logged into Oracle JD Edwards application correctly.
- See Access Gateway supported application and version information for details of supported application and version information.
- See Add a generic header application.
- See Add a sample header application.
- See Add a sample policy application.
- See Troubleshoot applications.
- Add or review application essential settings. See About application essentials and Manage application essentials.
- Add application behaviors. See About application behaviors.
- Add fine grained policy to further protect resources. See About application policy and Manage access control application policy for an overview on user policy and for examples respectively.
- Extend existing policy using custom configuration. See Advanced Access Gateway policy.
- Associate a certificate with this application. See Manage certificates.
- Add supplemental database or LDAP based data stores. See Administer data stores.