This Post Covers High-Level Steps to integrate Oracle E-Business Suite Release R12 (12.2 & 12.1) with Oracle Identity & Access Management 12c Release 2 Patchset 3 (12.2.1.3.0). First, begin with Identity & Access Management Overview.
Identity & Access Management Overview
- Oracle Identity & Access Management 12c Consists of Various Products like OAM, OID, OUD, OVD, ORM OWSM, OIF, eSSO, OES, OAAM. To know more about these Products Click here
- In Oracle Identity Management 12c PS3 (12.2.1.3.0) 4 Products are in use as OAM, OIM/OIG, OID & OUD. To know more about these Products Click here
- Oracle Access Manager is for Single Sign-On (SSO) Solution for Oracle E-Business Suite R12.
- If you are implementing single sign-on for the first time, or are an existing Oracle Access Manager user, you may now integrate with Oracle Access Manager 12c using Oracle Access Manager WebGate and Oracle E-Business Suite AccessGate.
- OID or OUD will be used to integrate EBS with OAM as an LDAP Server.
- DIP is used for synchronization between Users in EBS Integration
E-Business Suite (EBS) integration with Oracle Access Manager (OAM) for Single Sign-On (SSO) involves integrating EBS with Oracle Internet Directory (OID) for user synchronization, pointing OAM’s identity store to use OID, and delegating EBS authentication to OAM.
Before you begin integration, you should read and understand all the high-level content described in this blog.
Note: Currently on 20th August 2018 Oracle E-Business Suite Release 12.2.7 and higher with Oracle Unified Directory 12c is in the process to see when it will available check EBS technology certification announcements.
Software Component Required
- Oracle Access Manager –>12.2.1.3
- Oracle E-Business Suite Release 12–>12.2.2+
- Oracle Access Manager WebGate–>11.1.2.3
- Oracle Identity Management –>11.1.1.9, 12.2.1.3
For information about which platforms are supported by Oracle Access Manager, refer to the Oracle Identity and Access Management 12c (12.2.1.3.0) Certification Matrix.
Pre Requisite Installation & Configuration
- Install & Configure OID & DIP 12c (12.2.1.3.0)
- Apply some patches to Oracle Directory Platform DIP, OID 12c Bundle Patch.
- Integrate Oracle Internet Directory 12c with Oracle E-Business Suite Release 12.2.
- Configure Oracle Internet Directory to return operational attributes
- Install and Configure Oracle Access Manager 12c, Check the Blog Part I & Part II for Installation & Configuration of OAM 12c (12.2.1.3.0)
- Download and apply Oracle Access Manager Bundle Patch.
Pre Requisite on EBS 12.2 Instance
- Apply the Latest AD and TXK Delta Release Update Packs.
- Oracle E-Business Suite Application Tier JDK to a minimum of JDK 7 update 131 (January 2017 CPU)
Integrate Oracle E-Business Suite (R12) with Oracle Internet Directory
- Make sure all required OID and EBS Patched are already installed on Instance
- Ensure that EBS DB and Listner is up and running
- Run the ADOP Prepare Phase
- Configure OID with EBS (R12) from patch file system
$FND_TOP/bin/txkrun.pl -script=SetSSOReg -registeroid=yes -appname=$CONTEXT_NAME -svcname=$CONTEXT_NAME
- Run the ADOP Cutover Phase
Note: This finishes registration of Oracle E-Business Suite (R12) with Oracle Internet Directory (OID).
Download and Install Oracle Access Manager WebGates
As per Oracle Fusion Middleware Release Notes for HTTP Server, Oracle WebGate version 11.1.2.3 for Oracle HTTP Server supports only Oracle HTTP Server version 11.1.1.9.
- To download Oracle Access Manager OHS 11g WebGates 11.1.2.3 Click here
- Install Oracle Access Manager WebGates on your run file system (if there is no active Online Patching cycle
- Execute the following command to install Oracle Access Manager WebGates
$ txkrun.pl -script=SetOAMReg -installWebgate=yes -webgatestagedir=<webgate stage directory>
Integrate Oracle E-Business Suite (R12) with Oracle Access Manager
Step 1: Deploy E-Business Suite Access Gate
Oracle E-Business Suite AccessGate will be protected by Oracle Access Manager and creates an Oracle E-Business Suite session based on a valid Oracle Access Manager session.
Step 2: Source the EBS Environment on RUN (R) File System Echo $FILE_EDITION returns “run”. Ensure there is no active Online Patching cycle.
Step 3: Execute the following command to deploy Oracle E-Business Suite AccessGate.
$ perl $AD_TOP/patch/115/bin/adProvisionEBS.pl ebs-create-oaea_resources \
-contextfile=$CONTEXT_FILE \
-deployApps=accessgate \
-SSOServerURL=<OAM Server URL> \
-logfile=<logfile>
Note After successful completion of the script, ensure that your WebLogic AdminServer is running.
Step 4: Register EBS with Oracle Access Manager
Source the EBS Environment on RUN (R) File System Echo $FILE_EDITION returns “run”. Ensure there is no active Online Patching cycle.
If Oracle E-Business Suite is integrated with Oracle Internet Directory
$ txkrun.pl -script=SetOAMReg -registeroam=yes \
-oamHost=<OAM_URL>:<OAM_PORT> \
-oamUserName=<Username> \
-ldapUrl=<LDAP URL:PORT> \
-oidUserName=cn=orcladmin \
-skipConfirm=yes \
-ldapSearchBase=cn=Users,dc=example,dc=com \
-ldapGroupSearchBase=cn=Groups,dc=example,dc=com
Step 5: You should only allow browsers to access Oracle WebLogic Server through your known web entry points.
Step 6: Test single sign-on integration now.
Login to Oracle E-Business Suite
http://<ebshost>.<domain>:<port>/OA_HTML/AppsLogin
You will be re-directed to your Oracle Access Manager single sign-on page. Login using valid OID user credentials. After successful authentication, you will be re-directed to your Oracle E-Business Suite home page.
Note: Perform a fs_clone to synchronize the changes to your patch file system before you start the next Oracle E-Business Suite Release 12.2 Online Patching cycle. In this Blog, we have mentioned steps on RUN File System.
That’s all for today!! These are the High-level steps to Integrating Oracle E-Business Suite Release 12.2 with Oracle Access Manager 12c (12.2.1.3.0).
In our EBS-OAM/OID Integration training we provide the dedicated module for EBS – OAM/OID R12 Integration also we provide a module for WebGate, OHS, EBS Accessgate, DIP, OAM, and OID Architecture Deployment Installation & Configuration & lot more..
Watch out our FREE Facebook Live session with Oracle ACE & Author Atul Kumar, On Oracle EBS (R12) Integration with Microsoft Active Directory (MS-AD), OAM/OID/OVD for Single Sign-On: Customer Case Study & Lessons Learned. Click Here
Related Post
- Oracle EBS (R12) – OAM Integration for SSO Click Here
- Oracle EBS (R12) – OAM/OID Integration for SSO: Self Study Click Here
- Oracle EBS (R12) OAM/OID/OUD/SSO Integration: Activity Guides from Training Click Here
- Integration of E-Business suite with Oracle Single Sign-on Click here
- Oracle EBS Integration with OIM (Identity Manager): Things you should know Click Here
- Oracle E-Business Suite (R12) Integration with OID/OAM 11g Click Here
- Overview of Single Sign-On Integration Options for Oracle E-Business Suite Click Here
- Oracle Single Sign-on for Apps DBA Click Here
- EBS-OAM Integration: OAMSSA-20142: Authentication Failure for OID user Click Here
- [Video] Oracle EBS R12 – OAM/OID/OUD Integration: Request Flow & Troubleshoot Login Errors Click Here
- [Video] EBS (R12)-OAM/OID/OUD Integration for SSO: Architecture & Components Click Here
- Oracle EBS R12.2-OAM Integration: Internal Error: Webgate allowed access to protected page GUID=null Click Here
Next Task For You
Want to move ahead in your career and want to get a higher Earning Job?
Get 7+ Courses for DBAs & Apps DBA in a bundle program and learn from the Industry’s best Experts.
vprvelu says
Dear Atul,
Is it possible to use EBS RBAC option with SSO , we are in the process of OAM 12c & R12.2 integration for sso.
Your guidance will help us to move next level.
Atul Kumar says
Vprvelu,
EBS Authorization will be handled at EBS side only, though OAM can do very high level (course grained) authorization like allow a group of users while deny others.
Provisioning of these roles can be managed centrally by Oracle Identity Governance (OIG) earlier Identity Manager.
Mike says
Hello Atul Kumar, We enjoyed your post. Good stuff on Integrating Oracle E-Business Suite.
Is it possible to run two or more adpatch sessions simultaneously for one EBS instance?
My client wants us to implement Ebs for SSOgen.
1. https://www.ssogen.com/oracle-ebs-sso-integrations/
2. https://www.ssogen.com/peoplesoft-okta-sso-integration/
3. https://www.ssogen.com/oracle-ebs-sso-ldap/
Any recommendations please.
robab says
Do we require any special process to synchronize users and their passwords from EBS to OID?
Surbhi Sharma says
Hi Robab,
Make Sure the user sync is enabled & follow the Profile options.
Regards,
Surbhi
Team K21
robab haider says
Thanks Surbhi.
Can you please elaborate the process or share a link here.
Rohit Pathak says
Hi Robab,
You need to do EBS to OID bidirectional integration for user sysc from EBS To OID & OID To EBS and that can be done using DIP.
Thanks & Regards.
Rohit (K21Academy)
RObab says
Thanks Rohit.
I also have one another question, regarding integration of OAM with SAP CRM ( hosted on netweaver and has native authentication ).
How do I go about synchronizing the users and passwords.
Rohit Pathak says
Hi Robab,
Please check the below doc for the same.
https://docs.oracle.com/cd/E28280_01/admin.1111/e15478/oam11_1_2_sap_6_7.htm#AIAAG8832
Thanks & Regards,
Rohit
robab says
Thanks Rohit.
The article says “Ensure that the users exist in the Oracle Access Manager LDAP directory as well as on the SAP R3 system database”
How do we achieve this, esp for the existing users of SAP
Sharib says
Can IOD and OUD both be used for OIM and PAM integration with EBS
Surbhi Sharma says
Hi Sharib
Yes both can be used
Regards,
Surbhi
Team K21
mark says
HI,
Can OIM and OAM on premise integrate to Oracle EBS on the cloud?
If yes, can you please elaborate.
Rohit Pathak says
Hi Mark,
Its the same process as you doing in on-premise, there was a option if you using EBS Cloud Admin tool for managing EBS , however for OCI it is the same process but also check with Oracle in parallel.
if your EBS is in Oracle Cloud Infrastructure Classic, check below link.
https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/compute-iaas/integrating-ebs-with-oam/12oam/12oam.html
Thanks & Regards,
Rohit (TeamK21)
Sreenivas says
Hi,
Please provide some guidance how to implement sso for external users with ebs R12.1.3 using SAML assertion
Thanks,
Varsha Sharma says
Hi Sreenivas,
Please check below the documentation link for the same:
https://www.ssogen.com/oracle-ebs-sso-saml/
Regards
Varsha
(Team K21)
Rajesh says
We followed the same process for OAM /OUD integration with EBS R12.2.10. OAM login is working fine. But users sync is not working. Users are importing from AD to OUD but not from OUD to EBS.
Kindly suggest.
Rahul Dangayach says
Hi Rajesh,
In this case, we suggest you enable the debug on the sink between the dip make sure you have a dip in the process in between.
Also, that Dip should be connected to OUD and EBS and that could fail the number freezes.
The best you can do is to enable the debugging dip so that you will get to know the reason for failure as there are multiple reasons why it could fail.
Especially the workflow notification mailer or workflow queues etc. could impact it.
We would suggest you raise an SR with Oracle Support as they will help you in a better way.
Hope this helps.
Thanks and Regards
Rahul Dangayach
Team K21Academy
Hugues says
Hello,
Have you ever manage to do such integration with oebs R12.2 tls enabled ?
I am trying to but it doesn’t work.