Configure Oracle E-Business Suite for Rapid SSO and create DBC file

The Configure E-Business Suite (EBS) environment section only applies to integrations using Access GatewayRapid SSO integration. If you are integrating with Oracle EBS classic (using Oracle AccessGate and Oracle Internet Directory/Universal Directory) skip this section.

Create required user and assign roles

  1. Browse to the Oracle E-Business Suite console and sign in as sysadmin. For example: http://ebs-internal.example.com:8000/OA_HTML/AppsLogin
  2. From the Oracle E-Business Suite Home page, scroll down the Navigator panel and expand User Management.
  3. Click Users. The User Maintenance page appears.
  4. Select User Account from the Register dropdown list, then click Go. The Create User account page opens.
  5. Enter the following details to create the OAGSSOUSER user, and then click Submit:
    FieldValue
    User NameOAGSSOUSER
    PasswordAn appropriate password
    DescriptionOAG User account for SSO
    Password ExpirationNone
  6. Click Assign Roles. The Update User page appears.
  7. Click Assign Roles.
  8. In the Search field enter APPS_SCHEMA_CONNECT and click Go. This role grants the user the right to communicate with the EBS database.
  9. Enter an appropriate Justification (for example, Required for OAG SSO), an Active From date of the current date, and click Apply.
  10. Leave the browser window open, we will return to it later.

Enable EBS for Single Sign-On

  1. From the Windows or the appropriate OS-specific menu, start the Java Control Panel and the select the Security tab.
  2. Add your Oracle E-Business Suite host to the exception list.
  3. Return to the to the to Oracle E-Business Suite console browser
  4. In the Navigation pane, scroll to System Administrator and expand System Administrator > Profile > System. A Java applet launches.
  5. If a security warning appears, click I accept the risk and then Run. This warning may appear twice.
  6. Select System Administrator > Profile > System and search for the Application Authenticate Agent profile.
  7. Update the Site to the EBS route that Access Gateway will use to authenticate the user (for example, https://ebssso.example.com). This field must contain the fully qualified domain name of the application protected by Access Gateway. Click Save.
  8. From the Window menu, select Find System Profile Values. Alternatively, select System Administrator > Profile > System.
  9. Search for the Applications SSO Type.
  10. Change Applications SSO Type from SSWA to SSWA/w SSO. Click Save.
  11. From the Window menu, select Find System Profile Values. Alternatively, select System Administrator > Profile > System.
  12. Search for the Applications SSO Logins Type.
  13. Verify that Applications SSO Login Types is set to BOTH. Click Save.
  14. From the Window menu, select Find System Profile Values. Alternatively, select System Administrator > Profile > System.
  15. Search for %Session Cookie%.
  16. Change Oracle Applications Session Cookie Domain to DOMAIN. Click Save.
  17. Exit the Java applet.
  18. Exit the console.
  19. Reboot Oracle E-Business Suite. This can take 15 to 30 minutes.

Access Gateway uses the E-Business Suite API to communicate with the E-Business Suite database. Confirm with your E-Business Suite administrator what port this communication uses and ensure it is open between Access Gateway and the back end E-Business Suite database. Typically this is port 1521, but other ports are possible.

Register Okta Access Gateway With Oracle E-Business Suite

  1. On your Oracle E-Business Suite server, locate and uncompress the ebs.war web application. You can download the app from the Oracle Identity Cloud Service console.

  2. Extract the fndext.<Major>.<minor>.<revision>.jar file located in the WEB-INF/lib folder inside the ebs.war file. Depending on installed products, the findext.jar may already be unpacked.

    $find . -name 'fundext*.jar. /u01/install/APPS/fs1/EBSapps/comn/java/classes/oracle/apps/fnd/jar/fndext.jar
  3. Open a command prompt and change directory to the location where the zip was unpacked.
  4. Copy the fndext-M.m.rev.jar file to the E-Business Suite host using a command similar to this one:

    scp fndext-2.0.8.jar oracle@<EBS_IP>:/home/oracle

  5. Open a secure shell session into the EBS host using a command similar to this one:

    ssh oracle@<EBS_IP>

  6. Configure the environment for E-Business Suite using a command similar to this one:

    . /u01/install/APPS/EBSapps.env run

  7. Prepare the EBSSDK directory using a command similar to this one:

    cd $HOME; mkdir EBSSDK; mv fndext-2.0.8.jar; cd EBSSDK

  8. Configure desktop app security using a command similar to this one. Replace <your ebs domain name> with the address of your EBS domain:

    java oracle.apps.fnd.security.AdminDesktop apps/apps CREATE NODE_NAME=<your ebs domain name> DBC=/u01/install/APPS/fs1/inst/apps/EBSDB_apps/appl/fnd/12.0.0/secure/EBSDB.dbc

  9. Confirm that a DBC file was created using a command similar to this one:

    cat EBSDB.dbc

    Running this command presents results similar to this output:

    #Desktop DB Settings #Tue Nov 19 20:15:56 EST 2019 FNDNAM=APPS APPL_SERVER_ID=97BDEC3E76E2113EE05304FD140A235E23699099323052021210255403175980 APPS_JDBC_URL=jdbc\:oracle\:thin\:@(DESCRIPTION\=( ADDRESS_LIST\=(LOAD_BALANCE\=YES) (FAILOVER\=YES) (ADDRESS\= (PROTOCOL\=tcp) (HOST\=apps.example.com) (PORT\=1521))) (CONNECT_DATA\=(SERVICE_NAME\=EBSDB))) GWYUID=APPLSYSPUB/PUB

You will need the contents of this file when creating the Rapid EBS app in Access Gateway.

Test

  1. Confirm local authentication by accessing http://ebs.example.com:8000/OA_HTML/AppsLocalLogin.jsp
  2. Secure shell into the host running the EBS database using a command similar to this one:

    ssh oracle@<EBS_IP>

  3. Navigate to the directory containing listener.ora.
  4. Run this command to examine the contents of listener.ora:

    tcp.validnode_checking = NO tcp.invited_nodes = ( ebs.example.com )

  5. Restart the listener.