Integrate Oracle Apps (E-Business Suite) R12 with Oracle Access Manager (OAM) 11g for SSO
I discussed about support of EBS (Apps R12) integration with OAM 11g for Single Sing-on here, In this post I am going to cover high level steps to integrate Oracle Applications R12 with Oracle Access Manager 11g (for detailed analysis of EBS Access Gate, WebGate and what happens behind the scene including deploying Access Gate in High Availability check chapter 12 of my book OAM / OIM 11g for Administrators ).
High Level Steps for Oracle Apps R12 integration with OAM 11g
1. Install Oracle Access Manager 11g R1 (11.1.1.3) , check steps here (OIM or SOA are optional component and not required for this integration)
2. Apply Patch BP02 (10368022) to Oracle Access manager and bring OAM to 11.1.1.3.2 using steps mentioned here
3. Install OID 11.1.1.3 (or higher) as mentioned here (If you are installing OID 11.1.1.4 or 11.1.1.5 then do not use same MW_HOME as used by OAM else enterprise manager (EM) will fail to start)
4. Change Primary Identity Store of Oracle Access Manager from weblogic’s embedded LDAP server to Oracle Internet Directory (OID) as explained here
5. If you are on apps 12.1.1 then apply patch 8919489 & 9824524, for 12.0.6 apply patch 10220779 & 10257580, and for 12.1.2/12.1.3 apply patch 9454600
6.Install WebLogic server which will host E-Business Suite Access Gate and create weblogic domain (You can also use WebLogic Server used by OAM server). For steps on WebLogic Server Installation click here
7. Install OHS 11g server which will host webgate and also act as proxy server for WebLogic (via mod_wl_ohs), more on mod_wl_ohs here (User will be redirected for authentication to this OHS server via profile option “Application Authenticate Agent” and “Applications SSO Type“)
8. Create DBC file for machine hosting WebLogic server java oracle.apps.fnd.security.AdminDesktop <apps user>/<apps pwd> CREATE (If WebLogic server is hosted on same machine as R12 middle tier then you can use existing DBC file)
9. Download patch 10124068 (This patch contains Access Gate 1.1.0) on WebLogic Server machine and copy fndext.jar to weblogic’s $DOMAIN_HOME/lib directory and restart all servers running on weblogic domain.
10. Use ant -f txkEBSAuth.xml (xml file is part of 10124068) to deploy EBS Access Gate on weblogic domain created on step 6. This will deploy web application (war – Web Archive) and create JDBC in WebLogic server to connect to EBS database. (Web Application will contains login page OAMLogin.jsp)
11. Configure OHS (installed on step 7) to forward request to WebLogic server (installed on step 6) more steps to configure mod_wl_ohs here
12. Provision an Instance of 10g WebGate either using RREG or OAMConsole. For more information on RREG and registration using OAMConsole refer chapter 8 of my book OAM / OIM 11g for Admins or for 11g WebGate here (You can use either 10g webgate or 11g webgate, 10g Webgate is recommended for EBS R12)
13. Install 10g or 11gWebgate(depending on instance created in step 12) with OHS server (created on step 7)
14. Verify Authentication Modules, Schemes, Policies, Application Domain, Public and Protected Resource as explained in MOS Note 1309013.1 . For more information on these components of OAM, refer chapter 6 of book OAM/OIM 11g for Admins
15. Configure Profile Option “Application Authenticate Agent” & “Applications SSO Type” for EBS R12
16.Configure EBS-OID synchronization (OID to EBS, EBS to OID or both using option provisiontype)
$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -registerinstance=yes \
and
$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -registeroid=yes \
17. Configure Log Out for EBS
18. Test Login to EBS (using user/password in OID) and Logout
We provided a dedicated module for Troubleshooting where we cover Logging in WebGate, OHS, EBS Accessgate, DIP, OAM, and OID in our EBS-OAM/OID Integration Training , more about training here
If you have not yet downloaded FREE eBook – 7 Docs every Oracle Apps DBA must read for EBS R12 integration with OAM/OID for SSO get a copy in your Email
