Configure Oracle E-Business Suite for Rapid SSO and create the DBC file
This topic only applies to integrations using Access Gateway Rapid Single Sign-On (SSO) integration. If you're integrating with Oracle EBS classic (using Oracle AccessGate and Oracle Internet Directory or Universal Directory), skip this topic.
Create the required user and assign roles
- Go to the Oracle E-Business Suite console and sign in as sysadmin. The URL may resemble this example: http://ebs-internal.example.com:8000/OA_HTML/AppsLogin.
- On the Oracle E-Business Suite Home page, scroll down the Navigator panel and expand the User Management section.
- Click Users. The User Maintenance page appears.
- Select User Account from the Register dropdown.
- Click Go. The Create User account page appears.
- Enter the following details to create the OAGSSOUSER user:
- User Name: Use the OAGSSOUSER account.
- Password: Use a secure password.
- Description: Enter a description, such as OAG user account for SSO.
- Password Expiration: Select None.
- Click Submit.
- Click Assign Roles. The Update User page appears.
- Click Assign Roles.
- In the Search field enter APPS_SCHEMA_CONNECT and then click Go. This role grants the user the right to communicate with the EBS database.
- Enter an appropriate Justification, such as Required for OAG SSO.
- Select the current date for the Active From date.
- Click Apply.
- Leave this browser window open so you can return to it when you perform the Enable Oracle E-Business Suite for single sign-on procedure.
Enable Oracle E-Business Suite for single sign-on
- Start the Java Control Panel from your operating system menu.
- Select the Security tab.
- Add your Oracle E-Business Suite host to the exception list.
- Return to the Oracle E-Business Suite console browser window.
- In the Navigation pane, scroll to System Administrator and expand . A Java applet launches.
- If a security warning appears, click I accept the risk and then click Run. This warning may appear twice.
- Select Application Authenticate Agent profile. and search for the
- Update the Site to the EBS route that Access Gateway uses to authenticate the user, such as https://ebssso.example.com. This field must contain the fully qualified domain name of the app protected by Access Gateway.
- Click Save.
- In the Window menu, select Find System Profile Values. Alternatively, select .
- Search for the Applications SSO Type.
- Change Applications SSO Type from SSWA to SSWA/w SSO.
- Click Save.
- From the Window menu, select Find System Profile Values. Alternatively, select .
- Find Applications SSO Logins Type and verify that it's set to BOTH.
- Click Save.
- In the Window menu, select Find System Profile Values. Alternatively, select .
- Search for %Session Cookie%.
- Change Oracle Applications Session Cookie Domain to DOMAIN.
Access Gateway only supports a value of DOMAIN for this setting. Using any other value can cause accessibility issues for all EBS apps connected to the same Access Gateway system.
- Click Save.
- Exit the Java applet.
- Exit the Oracle E-Business Suite console.
- Reboot Oracle E-Business Suite. This can take 15–30 minutes.
Access Gateway uses the E-Business Suite API to communicate with the E-Business Suite database. Confirm with your E-Business Suite administrator which port this communication uses and ensure that it's open between Access Gateway and the back end E-Business Suite database. Typically this connection uses port 1521, but other ports may be used.
Register Access Gateway with Oracle E-Business Suite
- On your Oracle E-Business Suite server, find and uncompress the ebs.war web app. You can download this app from the Oracle Identity Cloud Service console.
-
Extract the fndext.<Major>.<minor>.<revision>.jar file in the WEB-INF/lib folder inside the ebs.war file. The findext.jar may have been unpacked for a previous app installation.
$find . -name 'fundext*.jar. /u01/install/APPS/fs1/EBSapps/comn/java/classes/oracle/apps/fnd/jar/fndext.jar - Open a command prompt and change the directory to the location where the file was unpacked.
- Copy the fndext-M.m.rev.jar file to the E-Business Suite host using a command similar to this one:
scp fndext-2.0.8.jar oracle@<EBS_IP>:/home/oracle
- Open a Secure Shell session into the EBS host using a command similar to this one:
ssh oracle@<EBS_IP>
- Configure the environment for E-Business Suite using a command similar to this one:
. /u01/install/APPS/EBSapps.env run
- Prepare the EBSSDK directory using a command similar to this one:
cd $HOME; mkdir EBSSDK; mv fndext-2.0.8.jar; cd EBSSDK
- Configure desktop app security using a command similar to this one. Replace <your ebs domain name> with the address of your EBS domain:
java oracle.apps.fnd.security.AdminDesktop apps/apps CREATE NODE_NAME=<your ebs domain name> DBC=/u01/install/APPS/fs1/inst/apps/EBSDB_apps/appl/fnd/12.0.0/secure/EBSDB.dbc
- Confirm that a DBC file was created using a command similar to this one:
cat EBSDB.dbc
Running this command presents results similar to this output:
#Desktop DB Settings #Tue Nov 19 20:15:56 EST 2019 FNDNAM=APPS APPL_SERVER_ID=97BDEC3E76E2113EE05304FD140A235E23699099323052021210255403175980 APPS_JDBC_URL=jdbc\:oracle\:thin\:@(DESCRIPTION\=( ADDRESS_LIST\=(LOAD_BALANCE\=YES) (FAILOVER\=YES) (ADDRESS\= (PROTOCOL\=tcp) (HOST\=apps.example.com) (PORT\=1521))) (CONNECT_DATA\=(SERVICE_NAME\=EBSDB))) GWYUID=APPLSYSPUB/PUB
You need the contents of this file when you create the Rapid EBS app in Access Gateway.
The string EBSDB in (CONNECT_DATA\=(SERVICE_NAME\=EBSDB) becomes the cookie name for the EBS app. Verify that these cookie names are unique for each EBS app. If two or more EBS apps use the same cookie name, an invalid session ID error message appears when you attempt to sign in to any of those apps.
Test the connection
- Confirm local authentication by accessing http://ebs.example.com:8000/OA_HTML/AppsLocalLogin.jsp.
- Open a Secure Shell session into the host running the EBS database using a command similar to this one:
ssh oracle@<EBS_IP>
- Go to the directory that contains listener.ora.
- Run this command to examine the contents of listener.ora:
tcp.validnode_checking = NO tcp.invited_nodes = ( ebs.example.com )
- Restart the listener.