E-Business Suite (Apps R12) integration with OAM 11g : inter component communication and Ports to open in FireWall
In this post we are going to cover various components which are part of EBS (Apps R12) integration with Oracle Access Manager and ports required to open across firewall for them from our EBS-OAM Integration Training..
Oracle Access Manager (OAM) 11g integration with EBS and Fusion Middleware (WebCenter, UCM & OBIEE) is covered in chapter 12 of Atul Kumar’s (Oracle ACE & Author) Book Oracle Identity and Access Manager 11g for Administrators.
EBS (R12) – OAM 11g integration components
a) Oracle E-Business Suite Middle Tier – consists of two ORACLE Homes (10.1.2 where forms/reports and 10.1.3 where Web Server or OHS run). When you type EBS R12 URL you hit Oracle HTTP Server (OHS) running from 10.1.3 Web Server. If there is firewall between Users and EBS Middle Tier then open 10.1.3 OHS Listener Port
b) Oracle E-Business Suite Database (DB) Tier – consists of database and database listener. Oracle EBS Middle Tier connect to DB Tier on database listener port. If there is firewall between EBS Middle Tier and Database then open Database listener Port
c) Oracle HTTP Server 11g with WebGate – This is another Web-Server (11g) deployed as part of EBS Integration with OAM with WebGate. Oracle E-Business Suite Profile Option “Application Authentication Agent” is set to this OHS and user is redirected to this URL for authentication. If there is firewall between Users and OHS 11g with WebGate then open OHS 11g Listener Port
d) WebGate – is Policy Enforcement Point (PEP) which interacts with OAM Server’s Proxy Port and forwards user request to OAM Server. WebGate is installed with Web Server (OHS 11g in this case) . If there is firewall between OHS 11g and OAM’s Proxy Server then open OAM Proxy Server Port (Note : OAM Server’s proxy port 5575 is different from WebLogic’s Managed Server Port 14100 on which OAM Server runs)
e) Oracle Internet Directory (OID) Server – OID server is LDAP server from Oracle where users are stored. OAM 11g is integrated with OID for Authentication. OID 11g by default listen on two ports LDAP (3060) and LDAPS (3131). Depending on OID port used for OAM-OID integration open OID port, if there is firewall between OID and a OAM then open OID (LDAP/LDAPS) port from OAM to OID server.
f) Directory Integration Platform (DIP) – is a J2EE application deployed on WebLogic Server (wls_ods1) and used by user provisioning engine for EBS/OID user synchronization. DIP Server communicates to Oracle E-Business Suite Database (DB) Tier on Database Listener Port, if there is firewall between DIP and Oracle E-Business Suite Database (DB) Tier then open EBS Database Port port from DIP to EBS-DB server. Note: In OID 10g, DIP is part of ODISRV daemon
g) E-Business Access Gate (EBS AG) – is a J2EE application deployed on WebLogic Server and used during Authentication to validate (identity assertion) a user in OID with User in E-Business Suite (FND_USER). EBS Access Gate communicates to Oracle E-Business Suite Database (DB) Tier on Database Listener Port, if there is firewall between EBS-AG and Oracle E-Business Suite Database (DB) Tier then open EBS Database Port port from EBS-AG node to EBS-DB server.
All requests to E-Business Access Gate (EBS AG) to proxied via OHS 11g with WebGate (explained in C) so if there is any firewall between OHS 11g(with WebGate) and WebLogic Server on which EBS Access Gate (EBS AG) is deployed, then open WebLogic Server port across firewall.
For request Flow for E-Business (Apps R12) integrated with OAM 11g check chapter 12 of Atul Kumar’s (Oracle ACE & Author) Book Oracle Identity and Access Manager 11g for Administrators (This chapter also cover steps to integrate OAM 11g with )
We provided a dedicated module for Troubleshooting where we cover Logging in WebGate, OHS, EBS Accessgate, DIP, OAM, and OID in our EBS-OAM/OID Integration Training, more about training here
If you have not yet downloaded FREE eBook – 7 Docs every Oracle Apps DBA must read for EBS R12 integration with OAM/OID for SSO get a copy in your Email
