Scribd
Upload
463 views43 pages

1 Integrate EBS With IDCS

The document provides instructions for configuring single sign-on (SSO) between Oracle E-Business Suite and Oracle Identity Cloud Service. The key steps include: 1. Registering the EBS Asserter application in Oracle Identity Cloud Service and retrieving the client ID and secret. 2. Creating a wallet file on the EBS Asserter WebLogic server to securely store the client credentials and Oracle Identity Cloud Service URL. 3. Updating the bridge.properties configuration file with the client credentials, wallet location, and other parameter values. 4. Deploying the updated EBS asserter WAR file to the WebLogic server.

Uploaded by

Kishore Adikar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
463 views43 pages

1 Integrate EBS With IDCS

The document provides instructions for configuring single sign-on (SSO) between Oracle E-Business Suite and Oracle Identity Cloud Service. The key steps include: 1. Registering the EBS Asserter application in Oracle Identity Cloud Service and retrieving the client ID and secret. 2. Creating a wallet file on the EBS Asserter WebLogic server to securely store the client credentials and Oracle Identity Cloud Service URL. 3. Updating the bridge.properties configuration file with the client credentials, wallet location, and other parameter values. 4. Deploying the updated EBS asserter WAR file to the WebLogic server.

Uploaded by

Kishore Adikar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 43

On cloud

On EBS
Register the E-Business Suite Asserter in Oracle Identity Cloud Service
EBS Asserter1
EBS Asserter Application
Application URL: http://erpr12.appsdba.info:7004/ebs

Display in My Apps: Select this check box.

In the Client pane, select Configure this application as a client now, and then enter the following
information:

Allowed Grant Types: Select Client Credentials and Authorization Code.

Redirect URL: http://erpr12.appsdba.info:7004/ebs/response

Logout URL: http://erpr12.appsdba.info:7004/ebs/logout

Post Logout Redirect URL: http://erpr12.appsdba.info:7004/ebs

Client ID bb445549a5e4947940c737c877dccbf

Client Secret 4d25f138-0cbb-4236-915b-72df436ca358

https://idcs-055292fbb80a4b179a84a35bb86bb85f.identity.oraclecloud.com
Create a WebLogic Wallet
For security purpose, you register the client ID, Secret, and Oracle Identity Cloud Service
URL as parameters in a wallet that is used by the EBS Asserter component.

1. Log in to the Oracle EBS's Asserter WebLogic server machine, and navigate to
the /opt/ebssdk folder.

Note: Use a user with enough privileges to perform the following actions.

2. Run the command  java -jar idcs-wallet-<version>.jar, and then provide


the following values when prompted:
o Enter Wallet Path: Enter the full path where you want to store the wallet file.
o Enter Client ID: Enter the Client ID generated in the previous section.
o Enter Client Secret: Enter the Client Secret for the client ID.
o Enter IDCS base URL: Enter Oracle Identity Cloud Service base URL. For
example: https://MYTENANT.identity.oraclecloud.com.
3. The command line creates a wallet file named cwallet.sso in the provided path

java -jar idcs-wallet-19.3.3-1.6.0.jar

Enter Wallet Path:

/d01/oracle/weblogic/stage

Enter Client ID:

bb445549a5e4947940c737c877dccbf

Enter Client Secret:

Enter IDCS base URL:

https://idcs-055292fbb80a4b179a84a35bb86bb85f.identity.oraclecloud.com

values saved successfully in wallet.

Update the Configuration File


From version 19.2.1-1.4.0 onward, the E-Business Suite Asserter contains a properties
file called bridge.properties. This file is located under the WEB-INF\ folder inside
the ebs.war file. You need to update the information in the bridge.properties file,
and then regenerate the ebs.war file, before deploying it to a WebLogic Server.

Note: For E-Business Suite Asserter versions before 19.1.4-1.4.0 release, the war file file
doesn't contain the bridge.properties file inside. You need to create this file in a
folder of the EBS Asserter's WebLogic server, update its content as per step 3, and then
set an environment variable before starting the WebLogic Sesrver, as per the following
example: export ebs_property_file="/opt/ebssdk/bridge.properties"

1. In the server where you downloaded the E-Business Suite Asserter zip file, navigate to
the location where you extracted the ebs.war file. See What Do You Need?
2. Using a zip utility, extract the content of the ebs.war file, locate the
the bridge.properties file, and open the file for editing:
3. Uncomment the properties by removing the # from the beginning of each line, and
update the values as follows:

4. ###########################################################
5. ## SSO Bridge for E-Business Suite
6. ###########################################################
7. # Properties File
8. app.url=https://ebsasserter.example.com:7002/ebs
9. app.serverid=APPL_SERVER_ID_value
10. ebs.url.homepage=https://ebs.example.com:8001/OA_HTML/
OA.jsp?OAFunc=OANEWHOMEPAGE
11. ebs.ds.name=visionDS
12. ebs.user.identifier=username
13. idcs.iss.url=https://identity.oraclecloud.com
14. idcs.aud.url=https://idcs-example.identity.oraclecloud.com
15. #post.logout.url=https://ebsasserter.example.com:7002/ebs
16. wallet.path=[PATH_OF_THE_WALLET]
17. whitelist.urls=https://ebs.example.com:8001/OA_HTML/
RF.jsp,https://ebs.example.com:8001/OA_HTML/OA.jsp,https://
ebs.example.com:8001/OA_HTML/BneApplicationService,https://
ebs.example.com:8001/OA_HTML/jsp/fnd/close.jsp
18. ebs.renew.session=true
19. proxy.mode=false
20. proxy.home.url=https://ebs.example.com:8001/OA_HTML/RF.jsp?
function_id=1031198&resp_id=-
1&resp_appl_id=0&security_group_id=0&lang_code=US
21. #istore.pages=ibeCZzdMinisites.jsp,ibeCAcpSSOLoginR.jsp
22. #idcs.user.identifier=email/username>
23. ###########################################################

Note:The following table provide the description for


each bridge.properties parameter and optional parameters supported by each
EBS Asserter version.
Cd /d01/oracle/weblogic

total 211900

drwxr-xr-x. 7 10 143 4096 Jul 4 2019 jdk1.8.0_221

-rw-r--r--. 1 weblogic oinstall 470 Feb 25 2020 Readme

-rw-r--r--. 1 weblogic oinstall 392 Feb 25 2020 FileInfo.json

drwxr-xr-x. 4 weblogic oinstall 4096 Feb 25 2020 WEB-INF

drwxr-xr-x. 2 weblogic oinstall 4096 Feb 25 2020 META-INF

drwxr-xr-x. 3 weblogic oinstall 4096 Feb 25 2020 build

-rw-r--r--. 1 root root 195094741 May 23 02:40 jdk-8u221-linux-x64.tar.gz

-rw-r--r--. 1 weblogic oinstall 10518713 May 23 02:59 ebsassert-19.3.3-2.2002250210.zip

-rw-r--r--. 1 weblogic oinstall 5430377 May 23 03:00 ebs.war

-rw-r--r--. 1 weblogic oinstall 5616737 May 23 03:00 idcs-wallet-19.3.3-1.6.0.jar

drwxr-x---. 3 weblogic oinstall 4096 May 23 03:22 product

drwxrwx---. 6 weblogic oinstall 4096 May 23 03:22 oraInventory

-rw-r--r--. 1 weblogic oinstall 273813 May 23 03:32 fndext-2.0.8.jar

drwxr-xr-x. 2 weblogic oinstall 4096 May 23 05:30 stage

cd WEB-INF

cat bridge.properties

app.url=http://erpr12.appsdba.info:7004/ebs

app.serverid=C132C2615A0D7CC9E0530501A8C08DA210728655872346491799281634883170

ebs.url.homepage=http://erpr12.appsdba.info:8010/OA_HTML/OA.jsp?OAFunc=OANEWHOMEPAGE

ebs.ds.name=PRODDS

ebs.user.identifier=username

idcs.iss.url=https://identity.oraclecloud.com/

idcs.aud.url=https://idcs-055292fbb80a4b179a84a35bb86bb85f.identity.oraclecloud.com

wallet.path=/d01/oracle/weblogic/stage/cwallet.sso
ebs.renew.session=true

proxy.mode=false

proxy.home.url=http://erpr12.appsdba.info:8010/OA_HTML/RF.jsp?function_id=1031198&resp_id=-
1&resp_appl_id=0&security_group_id=0&lang_code=US

whitelist.urls=http://erpr12.appsdba.info:8010/OA_HTML/RF.jsp,http://erpr12.appsdba.info:8010/
OA_HTML/OA.jsp,http://erpr12.appsdba.info:8010/OA_HTML/BneApplicationService

Install Weblogic

Download from edelivery.oracle.com


useradd weblogic -g oinstall

[root@erpr12 ~]# cd /d01/oracle/

[root@erpr12 oracle]# mkdir weblogic

[root@erpr12 oracle]# chown -R weblogic:oinstall weblogic/

Install java

[root@erpr12 OAM12c]# cp jdk-8u221-linux-x64.tar.gz /d01/oracle/weblogic/

[root@erpr12 OAM12c]# cd /d01/oracle/weblogic/

[root@erpr12 weblogic]# ls -ltr

total 190524

-rw-r--r--. 1 root root 195094741 May 23 02:40 jdk-8u221-linux-x64.tar.gz

[root@erpr12 weblogic]# tar -xvzf jdk-8u221-linux-x64.tar.gz

cat > java.env


export JAVA_HOME=/d01/oracle/weblogic/jdk1.8.0_221
export PATH=$JAVA_HOME/bin:$PATH
cat /etc/oraInst.loc

inventory_loc=/d01/oracle/weblogic/oraInventory

inst_group=dba

cat > wls.env

ORACLE_BASE=/d01/oracle/weblogic; export ORACLE_BASE


ORACLE_HOME=$ORACLE_BASE/product/12.2.1.4; export ORACLE_HOME
MW_HOME=$ORACLE_HOME ; export MW_HOME
WLS_HOME=$MW_HOME/wlserver; export WLS_HOME
WL_HOME=$WLS_HOME ;export WLS_HOME
DOMAIN_HOME=/d01/oracle/weblogic/product/12.2.1.4/user_projects/domains/base_domain; export
DOMAIN_HOME
JAVA_HOME=/d01/oracle/weblogic/jdk1.8.0_221; export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH ; export PATH
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib
export CLASSPATH=$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib

[weblogic@erpr12 ~]$ . ./java.env

[weblogic@erpr12 ~]$ cd /d01/oracle/software/EBSASSERTOR

[weblogic@erpr12 EBSASSERTOR]$ ls

ebsassert-19.3.3-2.2002250210.zip fmw_12214_readme.html

fmw_12.2.1.4.0_infrastructure.jar V983368-01.zip

[weblogic@erpr12 EBSASSERTOR]$ java -jar fmw_12.2.1.4.0_infrastructure.jar


cp fndext-2.0.8.jar $DOMAIN_HOME/lib

cd /d01/oracle/weblogic/product/12.2.1.4/user_projects/domains/base_domain/lib

start weblogic

$DOMAIN_HOME/startWebLogic.sh
http://erpr12.appsdba.info:7004/console

Create DAtaSource
DECLARE
--By: Anil Passi
--When Jun-2001
v_session_id INTEGER := userenv('sessionid');
v_user_name VARCHAR2(30) := upper('KISHORE');
BEGIN
--Note, can be executed only when you have apps password.
-- Call the procedure to Creaet FND User
fnd_user_pkg.createuser(x_user_name => v_user_name
,x_owner => ''
,x_unencrypted_password => 'oracle123'
,x_session_number => v_session_id
,x_start_date => SYSDATE - 10
,x_end_date => SYSDATE + 100
,x_last_logon_date => SYSDATE - 10
,x_description => 'user'
,x_password_date => SYSDATE - 10
,x_password_accesses_left => 10000
,x_password_lifespan_accesses => 10000
,x_password_lifespan_days => 10000
,x_email_address => '[email protected]'
,x_fax => ''
,x_customer_id => ''
,x_supplier_id => '');
fnd_user_pkg.addresp(username => v_user_name
,resp_app => 'SYSADMIN'
,resp_key => 'SYSTEM_ADMINISTRATOR'
,security_group => 'STANDARD'
,description => 'Auto Assignment'
,start_date => SYSDATE - 10
,end_date => SYSDATE + 1000);
END;
/

FNDCPASS apps/apps 0 Y system/manager USER KISHORE Welcome1234


UMX|APPS_SCHEMA_CONNECT
oracle.apps.fnd.ext.jdbc.datasource.AppsDataSource
dbcFile=/d01/oracle/weblogic/stage/PROD.dbc
Configure Hostname Verification in
WebLogic Console
You can configure the hostname verification in Oracle WebLogic Server Administration
Console.

1. Start the Oracle WebLogic Server Administration Console by


entering http://wls_host:wls_port/console in the URL line of a web browser.
For example, https://ebsasserter.example.com:7002/console.
2. Log in to WebLogic console as an administrator.
3. In the left panel, click Lock & Edit, expand Environment, select Servers.
4. Click the name of the target server where you want to deploy the EBS Asserter. In this
example, AdminServer.
5. Click the SSL tab. Scroll down and expand the Advanced section.
6. Update the Hostname Verification parameter with the value None, and then
click Save.
7. Click Activate Changes.
8. Restart the servers.
Configure Keystores in WebLogic Console
cd /d01/oracle/weblogic/product/12.2.1.4/wlserver/server/lib

keytool -import -noprompt -trustcacerts -alias idcs -file /d01/oracle/weblogic/oracle.cer -keystore


DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase

cd /d01/oracle/weblogic/jdk1.8.0_221/jre/lib/security

keytool -importcert -noprompt -keystore cacerts -storepass changeit -alias idcs-root-ca -file
/d01/oracle/weblogic/oracle.cer

1. Rebuild the ebs.war file and make sure it contains the updated version of


the bridge.properties file. Below is the structure of the ebs.war file.

2. META-INF/
3. MANIFEST.MF
4. WEB-INF/
5. classes/
6. lib/
7. bridge.properties
8. web.xml

weblogic.xml

zip -r ebs.war META-INF WEB-INF

/d01/oracle/weblogic
Next next finish

Update Oracle E-Business Suite Profiles


Follow these steps to configure Oracle E-Business Suite to redirect non-E-Business-Suite-
authenticated users to E-Business Suite Asserter instead of using the Oracle E-Business
Suite local login page.

Update Oracle E-Business Suite Profiles


1. Access Oracle Applications Administration page in Oracle E-business Suite, click
the Core Services tab, and then click Profiles tab.
2. Enter APPS_AUTH_AGENT in the Search, Profile Values, Code field, and then
click Go.
3. On the list of Profile Values, click the pencil icon to update
the APPS_AUTH_AGENT code entry.
4. On the Define Profile Values: Application Authenticate Agent page enter E-
Business Suite Asserter's URL in the Site Value field, and then save it.
5. Back to the Profiles tab, enter APPS_SSO in the Search, update the APPS_SSO code
entry from SSWA to SSWAw/SSO, and save the profile.
6. Back to the Profiles tab, enter Oracle Applications Session% in the Search,
update the Oracle Applications Session code entry from HOST to DOMAIN, and
save the profile.
7. Re-start the Oracle E-Business Suite servers.

set serveroutput on

DECLARE
stat boolean;
BEGIN
dbms_output.disable;
dbms_output.enable(100000);
stat := FND_PROFILE.SAVE('APPS_SSO', 'SSWA_SSO' , 'SITE');
IF stat THEN
dbms_output.put_line( 'Stat = TRUE - profile updated' );
ELSE
dbms_output.put_line( 'Stat = FALSE - profile NOT updated' );
END IF;
commit;
END;
/
set serveroutput on
DECLARE
stat boolean;
BEGIN
dbms_output.disable;
dbms_output.enable(100000);
stat := FND_PROFILE.SAVE('APPS_AUTH_AGENT','http://erpr12.appsdba.info:7004/ebs', 'SITE');
IF stat THEN
dbms_output.put_line( 'Stat = TRUE - profile updated' );
ELSE
dbms_output.put_line( 'Stat = FALSE - profile NOT updated' );
END IF;
commit;
END;
/

Bounce services
Testing

http://erpr12.appsdba.info:7004/ebs
http://erpr12.appsdba.info:7004/ebs

Wrong client id

http://erpr12.appsdba.info:7004/ebs
{"error":"invalid_redirect_uri","error_description":"Client
5bb445549a5e4947940c737c877dccbf requested an invalid redirect URL:
http://erpr12.appsdba.info:7004/ebs/response. ECID: vXSRI1GnB00000000"}

Entries wrong in IDCS


References:

https://becomeoracleappsdba.wordpress.com/2020/04/02/oracle-ebs-integration-with-idcs-for-sso-in-
15-minutes-ebs-asserter-in-docker/

https://docs.oracle.com/en/solutions/secure-ebs-identity-cloud-ebs-asserter/update-oracle-e-business-
suite-profiles.html

https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/idcs/ebs_asserter_obe/ebs-
asserter.html

https://medium.com/@Maheshwar888/ebs-integration-with-idcs-in-15minutes-d7ea128a05ae

weblogic

https://dbasoumya.blogspot.com/2020/10/oracle-weblogic-server-12cr2-1224.html

https://oracle-base.com/articles/12c/weblogic-installation-on-oracle-linux-6-and-7-1221

You might also like