Integration of E-Business suite with Oracle Single Sign-on

I have done the integration of E-Business suite with Oracle Single Sign-on today and would like to post few integration details of the same.

In my case, I am using EBS 12.0.6 and the pre-requisites is that OID should be upgraded to 10.1.4.3. The patch 5855635 should be applied in E-Business Suite machine if the E-Business suite is running on AIX machine.

Note: You might need to check the certification matrix the exact OID version compatible for E-Business version.

All we need is to register the OID with the E-Business instance. A script txkrun.pl needs to be run for this, which will register the E-Business application in Oracle Single Sign-On server of the OID instance and registers the OID details in E-Business Suite database.

For eg:

$FND_TOP/bin/txkrun.pl -script=SetSSOReg

Note: Several other parameters can be provided in the above command based on your requirement. Investigate that in the metalink article given below.

The sample output of the above script is shown below.

Enter the host name where Oracle iAS Infrastructure database is installed ? OID_HOSTNAME
Enter the LDAP Port on Oracle Internet Directory server ? OID_PORT

Enter SSL LDAP Port on Oracle Internet Directory server ? OID_SSL_PORT
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ?
Enter the instance password that you would like to register this application instance with ?
Enter Oracle E-Business apps database user password ?

You can observe that first input to be given is the hostname where Oracle iAS Infrastructure database is installed. This means you should enter the Database hostname if OID and DB are residing on different machines which is the same in our case. In fact, we should provide the OID hostname and not DB hostname.

After OID registration is completed successfully, check the OSSO application whether the EBS is registered as partner application or not and restart the OC4J_Security service.

Create an EBS user in OID (not an admin user) as shown below,

for e.g. username=operations, password=welcome1

When you access the E-Business console, it will display OSSO login page for login details and upon submitting those details, it will show another login page which is to map the operations user in E-Business, the second login page will appear only for the first time you access the E-Business console after OID registration.

For subsequent access of E-Business console, any OID user trying to login will be mapped to operations user of E-Business application.

Helpful Articles:

Metalink Note: 376811.1

We provided a dedicated module for Troubleshooting where we cover Logging in WebGate, OHS, EBS Accessgate, DIP, OAM, and OID in our EBS-OAM/OID Integration Training , more about training here

If you have not yet downloaded FREE eBook – 7 Docs every Oracle Apps DBA must read for EBS R12 integration with OAM/OID for SSO get a copy in your eMail.

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

13 comments

Shilu says August 25, 2010

Very informative Mahendra thanks for the post.

sagar says November 2, 2010

Hey Mahendra,
How about the steps for enabling OID 11g/ sso 10g with EBS R 12 ?
can you please through some light on that ?

Thanks,
Sagar

Mahendra says November 4, 2010

Sagar,

This integration is for integrating SSO 10g with EBS R12.

Please check the metalink article 376811.1 if same steps are applicable for OID 11g or not.

-Mahendra.

Murat says January 31, 2011

Hi Mahendra ,

We’ve integrated eBS – OID via SunOne iPlanet and want to use SSL.
Can you comment on enabling SSL feature on OID ?

Thanks in advance,
Murat

Atul Kumar says January 31, 2011

@ Murat,
OID by default runs on both ssl and non ssl. For OID 10g SSL port is 636 and port 11g OID ssl port is 3131.

For using SSL : From EBS to OID during registration using txkrun.pl use SSL port.

I am assuming you are using DIP for OID SunOne iPlanet integration and pulling users from SunOne.

For EBS integration with OID/SSO internals check http://onlineappsdba.com/index.php/2008/08/20/apps-11ir1212i-registrationderegistration-with-oidsso-internals/

Revert back in case of any doubts

Mahendra says February 1, 2011

Murat,

You can check this documentation http://download.oracle.com/docs/cd/E12839_01/oid.1111/e10031/odip_server.htm#CHDJDJIC for configuring OID in SSL mode.

If you are specific about this integration, What Atul told is correct.

Murat says February 1, 2011

Hi ,

We’re using the credentials from iPlanet , used DIP and java based plugins for integration.

I’ll check the docs.
Thanks for your feedback.
Murat

mhlavani says April 18, 2011

Can anyone provide suggestions on how to back-out EBS (11.5.10.2) integration from SSO?

Thanks,
Manesh

Atul Kumar says April 18, 2011

@ mhlavani,
I assume that you are using 10g OSSO (not OAM)

Use option -deregister=Yes or -deregistersso=yes with txkrun.pl script

233436.1 Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i

261914.1 Integrating Oracle E-Business Suite Release 11i with Oracle Internet Directory and Oracle Single Sign-On

mhlavani says April 29, 2011

Thanks Atul and sorry for not getting back to your reply as I was off tracked for few days.

In addition to deregistration, How about the interop Patch we installed as per the 261914.1 doc and how can I change the users back to Local? After changing the system profile “Applications SSO Login Types” to LOCAL, I was not able to reset the user passwords until I changed the user to Local. Is tehre a better way to also chnage all users to Local?

Thanks,
Manesh

Atul Kumar says April 29, 2011

@mhlavani,
As applicable for other apps patches, it is not possible to un-install patch. (leaving patch in system should not be an issue)

If you de-register properly and follow all steps mentioned in this doc then account should be changed from external to local.

zuber says September 20, 2016

Can you please explain the meaning of OID_HOSTNAME?
In my environment I have OID server on one server (X) repository created on server (Y).In my case what will be the OID_HOSTNAME.

Mike says January 20, 2019

Hey Mahendra, Great Post!!! I have read your blog and it’s very informative & really impressed.
Here is another solution: https://www.ssogen.com/oracle-ebs-sso-integrations/

Add Your Reply