We have tried to implement,integrate Oracle identity and access management with Oracle EBS R12.

Reference documents that helped us understand and completed the activity successfully.
————————————————————————————–
Registering Oracle E-Business Suite Release 12 with Oracle Internet Directory 11gR1 and Single Sign-On (Doc ID 1370938.1)
Overview of Single Sign-On Integration Options for Oracle E-Business Suite (Doc ID 1388152.1)
Integrating Oracle E-Business Suite Release 12 with Oracle Access Manager 11gR2 (11.1.2) using Oracle E-Business Suite AccessGate (Doc ID 1484024.1)
Using the Latest Oracle Internet Directory 11gR1 Patchset with Single Sign-on and Oracle E-Business Suite (Doc ID 876539.1)
————————————————————————————–
Pre-requisites :

  • Enterprise Linux 5.8 64 bit
  • Oracle Database 11.2.0.1
  • RCU for OID 11.1.1.7
  • OID 11.1.1.7
  • RCU for OAM 11.1.2.2
  • OAM 11.1.2.2
  • WebTier OHS 11.1.1.7
  • WebGate 11.1.2.2
  1. Install 11gr2 Database (11.2.0.1)
  2. Ensure that all of the processes are running for the database (into which you plan to install Oracle Internet Directory).
  3. Before running RCU 11.1.1.7.0, ensure that the database initialization parameter ‘Open_Cursors’ is set to a minimum of ‘500’.
  4. Run RCU 11.1.1.7.0 to create the necessary database schema: In the ‘Select Component’ page: Expand ‘Identity Management’ and select only ‘Oracle Internet Directory’ (‘Oracle Identity Federation’ is not required)
  5. Install RCU 11.1.1.7

IDM_1

 

 

 

 

IDM_2

 

 

IDM_3

 

 

 

 

 

IDM_4

 

 

 

IDM_5

 

 

 

 

 

IDM_6

 

 

 

 

IDM_7

 

 

 

IDM_8

 

 

 

IDM_9

 

 

 

 

IDM_10

 

 

 

Install WebLogic Server 10.3.6 (Full Installer)
(Later, you will also install an Oracle Identity Management Oracle home inside this Oracle Middleware home).
Download Java 6 Update 35 or later
Export JAVA Home

IDM_11

 

 

IDM_12

 

IDM_13

 

 

 

 

 

 

IDM_14

 

 

 

 

 

 

IDM_15

 

 

 

 

 

 

IDM_16

 

 

 

 

 

IDM_17

 

 

 

 

 

IDM_18

 

 

 

 

 

IDM_19

 

 

 

 

 

IDM_20

 

 

 

 

 

 

Install and Configure the Identity Management Products and Create a WebLogic Domain and Managed Server

IDM_21

 

 

 

IDM_22

 

 

 

 

 

 

 

During the configuration, in the ‘Configure Components’ screen:

• Select Oracle Internet Directory and Oracle Directory Integration Platform (the Oracle Directory Services Manager and Fusion Middleware Control management components are automatically selected for this installation):

(i.e. UNSELECT ‘Oracle Identity Federation Components’ and UNSELECT ‘Oracle Virtual Directory’)

• Ensure that only ‘Oracle Internet Directory’ and ‘Oracle Directory Integration Platform’ are selected and click Next.

• In the ‘Installation Summary’ screen, ensure that only the following are in the list of ‘Applications Selected for Configuration’:

a. Oracle Internet Directory

b. Oracle Directory Integration Platform

c. Enterprise Manager

d. Oracle Directory Services Manager

e. Click the ‘Configure’

IDM_21

 

 

 

IDM_22

 

 

 

 

 

 

 

IDM_23

 

 

 

 

IDM_24

 

 

 

 

 

 

IDM_25

 

 

 

 

 

 

IDM_26

 

 

 

 

 

 

IDM_27

 

 

 

 

 

 

IDM_28

 

 

 

 

 

 

IDM_29

 

 

 

 

 

 

IDM_30

 

 

 

 

 

 

 

IDM_31

 

 

 

 

 

 

IDM_32

 

 

 

 

 

 

IDM_33

 

 

 

 

 

 

IDM_34

 

 

 

 

 

IDM_35

 

 

 

IDM_36

 

IDM_37

 

 

 

 

 

IDM_38

 

 

 

 

 

 

IDM_39

 

 

 

 

 

 

 

Enforce Attribute Uniqueness for UID in Oracle Internet Directory 11gR1
Invoke Oracle Directory Services Manager and connect to the Oracle Internet Directory server.
http://egtapp02:7001/odsm
(determine the port by examining the wls_ods1.url file at $MW_Home/user_projects/domains//servers/wls_ods1/data/nodemanager/wls_ods1.url)

IDM_40

 

 

 

IDM_41

 

IDM_42

 

 

 

 

 

IDM_43

 

 

 

 

Click on the ‘Advanced’ tab

Expand ‘Attribute Uniqueness’ in the left pane (bottom of the left frame)

Click on the left hand ‘Create an attribute uniqueness constraint’ icon (below the ‘Attribute Uniqueness’ heading.

The New Constraint window is displayed.

Enter the following values to ensure that the UID field is unique in Oracle Internet Directory:

Enter ‘UID_UNIQUE’ in ‘Attribute Uniqueness Constraint Name’
Ensure that ‘Enable Unique Attribute’ is Checked (i.e. Yes)
Enter ‘uid’ in ‘Unique Attribute Name’
Enter ‘ inetorgperson’ in ‘ Unique Attribute Objectclass’
Select ‘One Level’ in ‘Unique Attribute Scope’
Enter the Realm Distinguished Name (DN), e.g. ‘cn=Users,dc=us,dc=oracle,dc=com’ in ‘Unique Attribute Subtree’

Choose OK. The entry you just created appears in the list of attribute uniqueness constraint entries in the left frame.

Click on the ‘UID_UNIQUE’ name in the left frame (below ‘Attribute Uniqueness’) and the record is displayed in the main frame.

Click the ‘Apply’ button to apply this constraint

IDM_44

 

 

 

 

IDM_45

 

 

 

 

 

 

Configure Oracle Internet Directory to return operational attributes
Configure Oracle Internet Directory to return operational attributes for lookup requests. This modification adds the orclguid attribute to records returned by Oracle Internet Directory when queried by Oracle Access Manager, allowing these records to be mapped to others that are uniquely identified by orclguid. To make this modification create an ldif file as detailed below and execute this command from the Oracle Home where Oracle Internet Directory is installed:
Create an ldif file (for example ‘change_attrs.ldif’) containing the following:

vi change_attrs.ldif
dn: cn=dsaconfig, cn=configsets,cn=oracle internet directory
changetype: modify
add: orclallattrstodn
orclallattrstodn: orcladmin

Run the following to execute the command from the newly created ldif file:

$ORACLE_HOME/bin/ldapmodify -h egtapp02.ods.local -p 3060 -D cn=orcladmin -w Oracle_123 -v -f change_attrs.ldif

IDM_46

 

 

 

 

 

Install Oracle Access Manager
Configure OAM Schema using RCU 11.1.2.2

IDM_46

 

 

 

 

IDM_47

 

 

 

 

IDM_48

 

 

IDM_49

 

 

 

 

IDM_50

 

 

 

IDM_51

 

 

 

 

 

IDM_52

 

 

 

IDM_53

 

 

 

 

IDM_54

 

 

 

 

 

IDM_55

 

 

IDM_56

 

 

 

 

 

IDM_57

 

 

 

 

Install Oracle Access Manager 11.1.2.2

IDM_58

 

 

 

 

 

IDM_59

 

 

 

 

 

IDM_60

 

 

 

 

 

 

IDM_61

 

 

 

 

 

 

IDM_62

 

 

 

 

 

IDM_64

 

 

 

 

 

Configure OAM Domain

IDM_65

 

 

 

 

IDM_66

 

 

 

 

 

IDM_67

 

 

 

 

IDM_68

 

 

 

 

IDM_69

 

 

 

 

IDM_70

 

 

 

 

 

IDM_71

 

 

 

 

 

IDM_72

 

 

 

 

IDM_73

 

 

 

IDM_74

 

 

 

 

IDM_75

 

 

 

 

IDM_76

 

 

 

 

IDM_77

 

 

 

 

 

IDM_78

 

 

 

 

 

IDM_79

 

 

Configure Security Store for OAM Domain to Database
Create DB security store – Mandatory step to start Admin Server for OAM server.
Configure OAM Domain to use database as security store using –m create option like

$DOMAIN_HOME/bin/setDomainEnv.sh
cd $MW_HOME/oracle_common/common/bin
./wlst.sh /u01/weblogic/fmw/Oracle_IAM1/common/tools/configureSecurityStore.py -p /u01/weblogic/fmw/user_projects/domains/IAMDomain/ -c IAM -m create -p Oracle_123

IDM_80

 

 

 

 

IDM_81

 

 

 

 

 

 

IDM_82

 

 

 

 

 

Upgrade OPSS schema

IDM_90

 

IDM_83

 

 

 

 

 

IDM_84

 

 

 

IDM_85

 

 

 

 

IDM_86

 

 

 

IDM_87

 

 

 

IDM_88

 

 

 

IDM_89

 

 

\

Create boot.properties to start WebLogic Administration and Managed Server

mkdir -p /u01/weblogic/fmw/user_projects/domains/IAMDomain/servers/oam_server1/security
vi boot.properties
username=weblogic
password=Oracle_123

Create boot.properties for Admin Server

mkdir -p /u01/weblogic/fmw/user_projects/domains/IAMDomain/servers/AdminServer/security
vi boot.properties
username=weblogic
password=Oracle_123

Start Weblogic Admin server and managed server(oam_server1)

IDM_91

 

tail -f nohup.out

IDM_92

 

IDM_93

tail -f nohup.out

IDM_94

 

 

 

Configure Identity Store
Oracle E-Business Suite requires Oracle Internet Directory as the identity store. To setup Oracle Internet Directory as the identity store for Oracle E-Business Suite create a dedicated Oracle Internet Directory identity store for Oracle E-Business Suite
Logon to the OAM Console
http://egtapp02:7002/oamconsole
IDM_95

 

 

 

 

 

 

 

Create User Identity Store
In the OAM Console, under the Launch Pad, navigate to Configuration > User Identity Stores
Click the “*” (Create) icon under the ‘OAM ID Stores’
In the window that opens, enter the attributes for your new identity store, for example:

Store Name- EBSIdStore
Store Type- OID: Oracle Internet Directory
Description- Directory for Oracle E-Business Suite Application
Location- egtapp02:3060
Bind DN- cn=orcladmin
Password- Oracle_123
User Name Attribute- uid
User Search Base- cn=Users,dc=ods,dc=local
Group Search Base- cn=Groups,dc=com

IDM_96

 

 

 

 

IDM_97

 

 

 

 

 

IDM_98

 

 

 

 

 

 

IDM_99

 

 

 

Create Authentication Module
In the OAM Console, under the Launch Pad, navigate to Access Manager –> Authentication Modules
Click the “*” (Create Authentication Module) icon > Select ‘Create LDAP Authentication Module’ from the drop-down:
Enter the following information in the Create LDAP Authentication Module region, and click Apply:
Name = LDAP_EBS
User Identity Store = EBSIdStore

IDM_100

 

 

 

 

 

IDM_101

 

IDM_102

 

 

 

Create Authentication Scheme
In the OAM Console, under the Launch Pad, navigate to Access Manager >
Authentication Schemes

Click the “*” (Create Authentication Scheme) icon.

Enter the following information in the Authentication Schemes region, and click Apply:

Name = EBSAuthScheme
Description = Authentication Scheme for E-Business Suite
Authentication Level = 2
Default =
Challenge Method = FORM
Challenge Redirect URL = /oam/server/
Authentication Module = LDAP_EBS
Challenge URL = /pages/login.jsp
Context Type = default
Context Value = /

IDM_103

 

 

 

 

 

IDM_104

 

 

 

 

 

IDM_105

 

 

 

 

Registering Oracle E-Business Suite Release 12 with Oracle Internet Directory 11gR1
Oracle E-Business Suite is required to integrate with OID so that users can be synchronized
between FND_USER (in e-Business Suite) and users in OID. EBS-OID synchronization can be
configured in one of following four ways
a) OID to EBS: Users are synchronized from OID to E-Business Suite
b) EBS to OID: User are synchronized from E-Business Suite to OID
c) EBS to OID and OID to EBS two way: User are synchronized two way i.e. from OID to
E-Business Suite and E-Business Suite to OID
d) Bi-Directional but no creation: User are synchronized two way i.e. from OID to E-Business Suite and E-Business Suite to OID but if user is missing in one of the two systems them it will not be created.

EBS version apply following additional patches for 12.1.1 version on EBS Middle Tier

Patch 7651166 and 12408233

Register Instance

$FND_TOP/bin/txkrun.pl -script=SetSSOReg -registerinstance=yes -infradbhost=egtapp02 -ldapport=3060 -ldapportssl=3061 -ldaphost=egtapp02 -oidadminuser=cn=orcladmin -oidadminuserpass=Oracle_123 -appspass=apps

IDM_106

 

 

 

Register OID

$FND_TOP/bin/txkrun.pl -script=SetSSOReg -registeroid=yes -ldaphost=egtapp02 -ldapport=3060 -oidadminuser=cn=orcladmin -oidadminuserpass=Oracle_123 -appspass=apps -instpass=Oracle_123 -appname=VIS -svcname=VIS -provisiontype=1 -dbldapauthlevel=0

IDM_107

 

 

 

SELECT PREFERENCE_NAME, PREFERENCE_VALUE FROM APPS.FND_USER_PREFERENCES WHERE MODULE_NAME='LDAP_SYNCH';
SELECT * FROM fnd_user_preferences WHERE user_name='#INTERNAL' AND module_name='OID_CONF';

If the above script returns no rows then execute the below statement and re-check

execute fnd_oid_plug.setPlugin;

Install and Configure WebGate on the WebTierRun the WebGate 11g Installer to install WebGate 11g.

Execute deployWebgateInstance.sh and EditHttpConf to associate WebGate with the WebTier, for example

Run the WebTier 11g Installer to install and configure Oracle HTTP Server.

Install OHS WebTier 11.1.1.7

IDM_108

 

 

 

 

 

IDM_109

 

 

 

 

IDM_110

 

 

 

 

IDM_111

 

 

 

IDM_112

 

 

 

IDM_113

 

 

 

 

IDM_114

 

 

 

IDM_115

 

 

 

IDM_116

 

 

 

IDM_117

 

 

 

 

 

IDM_118

 

 

 

 

Install OAM WebGate 11.1.2.2

IDM_119

 

 

 

 

 

IDM_120

 

 

 

IDM_121

 

 

 

IDM_122

 

 

 

 

IDM_123

 

 

 

 

IDM_124

 

 

 

 

Deploy Webgate
Set OHS environment

IDM_125

 

cd /u01/weblogic/fmw/Oracle_OAMWebGate1/webgate/ohs/tools/deployWebGate

./deployWebGateInstance.sh -w /u01/weblogic/fmw/Oracle_WT1/instances/instance1/config/OHS/ohs1 -oh /u01/weblogic/fmw/Oracle_OAMWebGate1

IDM_126

 

 

Set LD_LIBRARY_PATH

IDM_127

 

IDM_128

 

 

Register the WebGate Agent with Oracle Access Manager

After installing the WebGate on the WebTier, you also need to register the WebGate agent.

Follow the steps below to register the WebGate agent on the machine where Oracle Access Manager is installed using the oamreg tool that is available in the <Oracle_IAM>/oam/server/rreg directory:

. oam.env

cd $MW_HOME/iam/oam/server/rreg/input/

cp OAM11GRequest_short.xml VIS.xml

IDM_129

 

 

IDM_130

 

 

 

 

 

Create a new file named VIS.oam.conf to serve as URIs file to the oamreg tool.

IDM_131

 

 

 

 

 

 

 

 

IDM_132

 

 

 

./bin/oamreg.sh inband input/VIS.xml

When prompted for the admin username and password, enter the credentials for your Oracle Access Manager Administrator, by default user “weblogic”.

You may optionally set a password for your WebGate.

When prompted “Do you want to import an URIs file?(y/n)”, enter “y”.

Enter the full path for the URIs file that you just created as <RREG_Home>/input/VIS.oam.conf.

The script will output Success INFO messages and should complete successfully with a Request summary..

IDM_133

 

 

 

 

Copy the generated registration artifacts to your WebTier

IDM_134

Verify registration using OAM Console

Logon to the OAM Console

Verify that the following artifacts are visible now in the OAM Console, under Launch Pad:.

Access Manager section > Click on SSO Agents > Under Webgates tab > Search for {Identifier for your WebGate}

Access Manager section > Click on Host Identifiers > Search for {Identifier for your WebGate}

Access Manager section > Click on Application Domains > Search for {Identifier for your WebGate}

IDM_135

 

 

IDM_136

 

 

 

IDM_137

 

 

 

Test WebGate

IDM_138

 

Access a public resource

IDM_139

 

Access a protected resource

http://egtapp02:7780/index.html

You should be redirected to OAM login page

http://egtapp02:14100/oam/server/obrareq.cgi?

Set Authentication Scheme

Login to OAM Console à Application Domains à VIS_agent à Authentication Policies à Protected Resource Policy

Change Authentication Scheme to EBSAuthScheme

IDM_140

 

 

Configure Response Headers

Oracle E-Business Suite integration with Oracle Access Manager uses two specific response headers. Configure Oracle Access Manager to set these response headers as follows.

Add Response Headers to the Authentication Policies

In the OAM Console,under the Launch Pad, navigate to Access Manager > Application Domain > VIS_agent > Authentication Policies > Protected Resource Policy.

Click the Protected Resource Policy.

In the Authentication Policy configuration window, click on the Responses tab. Use the “+” icon and add the following two rows.

IDM_141

 

 

Add Response Headers to the Authorization Policies

In the OAM Console,under the Launch Pad, navigate to Access Manager > Application Domain > VIS_agent > Authorization Policies > Protected Resource Policy.

Click the Protected Resource Policy.

In the Authentication Policy configuration window, click on the Responses tab. Use the “+” icon and add the following two rows.

IDM_142

 

 

Test Response Headers

Test that Oracle Access Manager sets the response headers as specified, for example by adding the printenv script to your protected resources and accessing the script from your browser as authenticated user. On a WebTier 11g, you will find the printenv script in your $ORACLE_INSTANCE/config/OHS/ohs1/cgi-bin directory.

You may create a symbolic link and add this resource to your protected resources. For example:

cd $ORACLE_INSTANCE/config/OHS/ohs1/htdocs ln -s ../cgi-bin cgi-bin chmod 755 cgi-bin/printenv

IDM_143

In the OAM Console,under the Launch Pad, navigate to Access Manager > Application Domain > Search for {Identifier for your WebGate} > Resources tab.

Click the “New Resource” button at the upper right hand side of the window.

Enter the following information in the Create Resource region, and click Apply:

IDM_144

 

 

IDM_145

 

 

 

 

 

 

 

IDM_146

 

Configure OAM to support long URLs

Long URLs may exceed a cookie limit on your Internet browser. Configure Oracle Access Manager to support long URLs by changing the serverRequestCacheType from COOKIE to FORM in Oracle Access Manager configuration file $DOMAIN_HOME/config/fmwconfig/oam-config.xml:

<Setting Name=”serverRequestCacheType” Type=”xsd:string”>FORM</Setting>

Restart Admin and Managed server to pickup the new changes

Create WebLogic Domain for Oracle E-Business Suite AccessGate

cd $WLHOME/common/bin ./config.sh

IDM_147

 

 

 

 

IDM_148

 

 

 

 

IDM_149

 

 

 

IDM_150

 

 

 

 

IDM_151

 

 

 

 

IDM_152

 

 

 

IDM_153

 

 

 

IDM_154

 

 

IDM_155

 

 

 

IDM_156

 

Download and extract Oracle E-Business Suite AccessGate

Download Oracle E-Business Suite AccessGate available from Patch 18131618 and unzip it to $MW_HOME/appsutil/accessgate/VIS. For example:

mkdir -p $MW_HOME/appsutil/accessgate/myEBS cd $MW_HOME/appsutil/accessgate/myEBS unzip [location to patch 18131618]/p18131618_R12_GENERIC.zip

IDM_157

IDM_158

 

 

Copy oacleanup.html to WebTier

Copy the samplecleanup.html from $MW_HOME/appsutil/accessgate/VIS/sample to the /public directory that you created on your WebTier and rename the file to oacleanup.html.

$ORACLE_INSTANCE/config/OHS/ohs1/htdocs/public/oacleanup.html

IDM_159

 

Access the page from your browser:

http://egtapp02:7780/public/oacleanup.html

IDM_160

 

 

 

You should be able to access this test page without authentication, because we specified this page in the URIs file during WebGate registration with Oracle Access Manager as public resource. At this point you will only see an empty page. We will use this URL when deploying E-Business Suite AccessGate in the next step.

Copy library

Copy the file $MW_HOME/appsutil/accessgate/{instance}/fndext.jar to your $DOMAIN_HOME/lib directory. For example:

cd $MW_HOME/appsutil/accessgate/myEBS cp fndext.jar /d01/Oracle/Middleware/user_projects/domains/eag_domain/lib

Restart the Oracle WebLogic Server processes. This allows the Oracle WebLogic Server to include fndext.jar on the classpath during startup.

IDM_161

 

Generate DBC file

Login to Oracle EBS Machine (VIS) and generate a dbc file using below command

java oracle.apps.fnd.security.AdminDesktop apps/<apps password> CREATE \ NODE_NAME=eaghost.example.com [IP_ADDRESS=<IP address of external application server>] DBC=$FND_SECURE/VIS.dbc


IDM_162

 

 

 

 

IDM_163

 

 

 

Set Up Necessary Oracle E-Business Suite Users

Set up a necessary Oracle E-Business Suite user with role UMX|APPS Schema Connect, logon locally to Oracle E-Business Suite as the user with role UMX|Apps Schema Connect.

http://<ebshost>.<domain>:<port>/OA_HTML/AppsLocalLogin.jsp

If this user has just been created, you will be prompted on logon to Oracle E-Business Suite to reset the password. Reset the password.

Verify that you can successfully logon locally with the new password as the user with role UMX|Apps Schema Connect.

Deploy Oracle E-Business Suite AccessGate using txkEBSAuth.xml

Navigate to System Administrator Responsibility aàSecurity : Usersà Define

Username- EBSADMIN
Password- Password1
Description- E-business AccessGate User

Switch to User Management Responsibilty àUsers

Search for “EBSADMIN” user and click Update

On Update User screen, click Assign Roles

On next screen , select Role from drop down and search for “APPS%SCHEMA%”

Select the “APPS SCHEMA CONNECT ROLE”

Click Save

On Next Screen, give justification for user as shown below and click Apply

After setting up the user, logon locally to Oracle E-Business Suite as the user with role UMX|Apps Schema Connect.

IDM_164

 

 

 

 

IDM_165

 

 

 

 

IDM_166

 

 

 

 

 

Deploy Oracle E-Business Suite AccessGate using txkEBSAuth.xml

Set the environment, for example:

. $MW_HOME/wlserver_10.3/server/bin/setWLSEnv.sh

Change to the directory where you installed Oracle E-Business Suite AccessGate in the previous step. For example:

cd $MW_HOME/appsutil/accessgate/VIS

Execute the txkEBSAuth.xml ant script to create your data source and deploy the Oracle E-Business Suite AccessGate Java application.

IDM_167

 

ant -f txkEBSAuth.xml \
-Dwlshosturl=egtapp02.qia.local:7041 \
-Dwlsuser=weblogic \
-Dwlspwd=Oracle_123 \
-DdataSourceName=VIS \
-DdataSourceJNDIName=jdbc/VIS \
-DasadminUser=EBSADMIN \
-DasadminPassword=Oracle_123 \
-DdbcFile=/u01/weblogic/fmw/appsutil/accessgate/VIS/VIS_EGTAPP02.ODS.LOCAL.dbc \
-DserverName=eag_server1 \
-DdeploymentName=ebsauth_VIS \
-DcontextRoot=/ebsauth_VIS \
-DfndauthWarFile=/u01/weblogic/fmw/appsutil/accessgate/VIS/fndauth.war \
-DplanPath=/u01/weblogic/fmw/appsutil/accessgate/VIS/plan/Plan.xml \
-DSSOServerRelease=11 \
-DSSOServerURL=http://egtapp02.ods.local:14100 \
-DWebgateLogoutURL=http://egtapp02.ods.local:7780/public/oacleanup.html \
-DlogConfigFile=/u01/weblogic/fmw/appsutil/accessgate/VIS/sample/logging.properties
echoOFF:
getDataSourceDetails:
[input] skipping input as property dataSourceName has already been set.
[input] skipping input as property dataSourceJNDIName has already been set.
[input] skipping input as property dbcFile has already been set.
[input] skipping input as property asadminUser has already been set.
getASADMINPasswordWindows:
getASADMINPasswordUnix:
echoON:
[input] skipping input as property asadminPassword has already been set.
echoOFF:
getTargetServerDetails:
[input] skipping input as property serverName has already been set.
getDeploymentDetails:
[input] skipping input as property deploymentName has already been set.
[input] skipping input as property contextRoot has already been set.
[input] skipping input as property fndauthWarFile has already been set.
[input] skipping input as property planPath has already been set.
[input] skipping input as property dbcFile has already been set.
[input] skipping input as property dataSourceJNDIName has already been set.
getOAMDetails:
[input] skipping input as property WebgateLogoutURL has already been set.
[input] skipping input as property SSOServerRelease has already been set.
[input] skipping input as property SSOServerURL has already been set.
getAllParameters:
checkDBCExists:
checkWarExists:
checkFndextWarExits:
checkPlanDirExists:
all:
findOS:
getServerDetails:
[input] skipping input as property wlshosturl has already been set.
[input] skipping input as property wlsuser has already been set.
getWLSAdminPasswordWindows:
getWLSAdminPasswordUnix:
echoON:
[input] skipping input as property wlspwd has already been set.
echoOFF:
getDataSourceDetails:
[input] skipping input as property dataSourceName has already been set.
[input] skipping input as property dataSourceJNDIName has already been set.
[input] skipping input as property dbcFile has already been set.
[input] skipping input as property asadminUser has already been set.
getappsDBDetails:
[echo] DBC File is /u01/weblogic/fmw/appsutil/accessgate/VIS/VIS_EGTAPP02.QIA.LOCAL.dbc
[echo] APPS_JDBC_URL is APPS_JDBC_URL=jdbc\:oracle\:thin\:@(DESCRIPTION\=(ADDRESS_LIST\=(LOAD_BALANCE\=YES)(FAILOVER\=YES)(ADDRESS\=(PROTOCOL\=tcp)(HOST\=idm.ods.local)(PORT\=1525)))(CONNECT_DATA\=(SID\=VIS)))
[echo]
[echo] Following values are retrieved from DBC File:
[echo] SID/SERVICE:VIS
[echo] APPS_JDBC_URL:jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(LOAD_BALANCE=YES)(FAILOVER=YES)(ADDRESS=(PROTOCOL=tcp)(HOST=idm.ods.local)(PORT=1525)))(CONNECT_DATA=(SID=VIS)))
getASADMINPasswordWindows:
getASADMINPasswordUnix:
echoON:
[input] skipping input as property asadminPassword has already been set.
echoOFF:
getTargetServerDetails:
[input] skipping input as property serverName has already been set.
getDataSourceParameters:
checkDBCExists:
checkFndextWarExits:
createDataSource:
[echo] ********************************************************************
[echo] STEP 1: CREATING DATA SOURCE
[echo] ********************************************************************
[wlst] Connecting to server using username:weblogic url:egtapp02.ods.local:7041
[wlst] Connecting to t3://egtapp02.ods.local:7041 with userid weblogic ...
[wlst] Successfully connected to Admin Server 'AdminServer' that belongs to domain 'eag_domain'.
[wlst]
[wlst] Warning: An insecure protocol was used to connect to the
[wlst] server. To ensure on-the-wire security, the SSL port or
[wlst] Admin port should be used instead.
[wlst]
[wlst] Check if data source VIS already exits
[wlst]
[wlst]
[wlst] Check if JNDI Name jdbc/VIS already exists
[wlst]
[wlst] Changing to Edit Mode
[wlst] Location changed to edit tree. This is a writable tree with
[wlst] DomainMBean as the root. To make changes you will need to start
[wlst] an edit session via startEdit().
[wlst]
[wlst] For more help, use help(edit)
[wlst] You already have an edit session in progress and hence WLST will
[wlst] continue with your edit session.
[wlst]
[wlst] Starting an edit session ...
[wlst] Started edit session, please be sure to save and activate your
[wlst] changes once you are done.
[wlst]
[wlst] Creating data source : VIS
[wlst]
[wlst] Setting JDBCDataSourceParams for the data source VIS
[wlst]
[wlst] Setting JNDI name for the data source VIS
[wlst]
[wlst] Setting JDBCDriverParams for the data source VIS
[wlst]
[wlst] Setting User and dbcFile properties for the data source VIS
[wlst]
[wlst] Setting JDBCConnectionPoolParams for the data source VIS
[wlst]
[wlst] Setting GlobalTransactionsProtocol for the data source VIS
[wlst]
[wlst] Setting target for the data source VIS
[wlst]
[wlst] Saving all your changes ...
[wlst] Saved all your changes successfully.
[wlst] Activating all your changes, this may take a while ...
[wlst] The edit lock associated with this edit session is released
[wlst] once the activation is completed.
[wlst] Activation completed
[wlst] Successfully created data source VIS.
[wlst] Disconnected from weblogic server: AdminServer
findOS:
getServerDetails:
[input] skipping input as property wlshosturl has already been set.
[input] skipping input as property wlsuser has already been set.
getWLSAdminPasswordWindows:
getWLSAdminPasswordUnix:
echoON:
[input] skipping input as property wlspwd has already been set.
echoOFF:
getTargetServerDetails:
[input] skipping input as property serverName has already been set.
getDeploymentDetails:
[input] skipping input as property deploymentName has already been set.
[input] skipping input as property contextRoot has already been set.
[input] skipping input as property fndauthWarFile has already been set.
[input] skipping input as property planPath has already been set.
[input] skipping input as property dbcFile has already been set.
[input] skipping input as property dataSourceJNDIName has already been set.
getOAMDetails:
[input] skipping input as property WebgateLogoutURL has already been set.
[input] skipping input as property SSOServerRelease has already been set.
[input] skipping input as property SSOServerURL has already been set.
getDeploymentParameters:
checkWarExists:
checkDBCExists:
copyDeploymentPlan:
[echo] Copying fndauth_deployment_plan.tmp to /u01/weblogic/fmw/appsutil/accessgate/VIS/plan/Plan.xml
[copy] Copying 1 file to /u01/weblogic/fmw/appsutil/accessgate/VIS/plan
checkPlanDirExists:
creatPlandirAndWeblogicXML:
[touch] Creating /u01/weblogic/fmw/appsutil/accessgate/VIS/plan/plan/WEB-INF/weblogic.xml
checkPlanExists:
getAPPServerID:
updateDeploymentPlan:
[echo] Updating Deployment Plan
deployApplication:
[echo] ********************************************************************
[echo] STEP 2: DEPLOYING APPLICATION
[echo] ********************************************************************
[wlst] Connecting to server using username:weblogic url:egtapp02.ods.local:7041
[wlst]
[wlst] Connecting to t3://egtapp02.ods.local:7041 with userid weblogic ...
[wlst] Successfully connected to Admin Server 'AdminServer' that belongs to domain 'eag_domain'.
[wlst]
[wlst] Warning: An insecure protocol was used to connect to the
[wlst] server. To ensure on-the-wire security, the SSL port or
[wlst] Admin port should be used instead.
[wlst]
[wlst]
[wlst] Check if deployment ebsauth_VIS already exists.
[wlst]
[wlst] Location changed to serverRuntime tree. This is a read-only tree with ServerRuntimeMBean as the root.
[wlst] For more help, use help(serverRuntime)
[wlst]
[wlst]
[wlst]
[wlst]
[wlst] Deploying application to eag_server1
[wlst]
[wlst] Changing to Edit Mode
[wlst] Location changed to edit tree. This is a writable tree with
[wlst] DomainMBean as the root. To make changes you will need to start
[wlst] an edit session via startEdit().
[wlst]
[wlst] For more help, use help(edit)
[wlst]
[wlst] Starting an edit session ...
[wlst] Started edit session, please be sure to save and activate your
[wlst] changes once you are done.
[wlst] Deploying application from /u01/weblogic/fmw/appsutil/accessgate/VIS/fndauth.war to targets eag_server1 (upload=false) ...
[wlst]
[wlst] You have an edit session in progress, hence WLST will not
[wlst] block for your deployment to complete.
[wlst] Started the Deployment of Application. Please refer to the returned WLSTProgress object or variable LAST to track the status.
[wlst]
[wlst] Successfully deployed fndauth.war application.
[wlst]
[wlst] Saving all your changes ...
[wlst] Saved all your changes successfully.
[wlst] Activating all your changes, this may take a while ...
[wlst] The edit lock associated with this edit session is released
[wlst] once the activation is completed.
[wlst] Activation completed
[wlst] Disconnected from weblogic server: AdminServer
[wlst] &lt;WLContext.close() was called in a different thread than the one in which it was created.&gt;
BUILD SUCCESSFUL
Total time: 31 seconds

Create application like ebsauth_VIS which is visible under deployments in WebLogic Console

 

 

IDM_168

 

 

Verify Oracle E-Business Suite AccessGate deployment

Logon to WebLogic Administration Console, for example:

http://egtapp02:7041/console

In the WebLogic Administration Console, navigate to EAGdomain > Environment > Servers, and verify that the Oracle E-Business Suite AccessGate managed server “eag_server1” is running on the specified port, for example port 7043.

Navigate to EAGdomain > Deployments, and verify that the Oracle E-Business Suite AccessGate application named “ebsauth_VIS” is deployed, with State: Active and Health: OK.

Navigate to Services > DataSources, and verify that the DataSource that you created during deployment, for example “ebsDSVIS” exists, and is targeted to your managed server, for example eag_server1. Click on the data source to review its settings.

IDM_169

 

In the Connection Pool tab, observe it has the correct values for Properties user and dbcFile that you specified during deployment in parameters -DasadminUser and -DdbcFile respectively.

IDM_170

 

 

 

 

 

 

 

In the Monitoring tab, observe that the data source is enabled and running.

IDM_171

 

 

Verify that you can access following Oracle E-Business Suite AccessGate URL from your browser, for example:

http://egtapp02:7043/ebsauth_VIS/ssologout_callback

You should see an empty page at this point.

IDM_172

 

 

 

Redirect HTTP Server to WebLogic Server for Oracle E-Business Suite AccessGate

Configure the HTTP server on which WebGate is running to act as a proxy for authentication requests for Oracle E-Business Suite resources. After a request for authentication is successfully handled by WebGate, the request will be processed by the Oracle E-Business Suite AccessGate application that is deployed on your WebLogic Server instance.

If you are using Oracle HTTP Server 11g, you will find the configuration for the mod_weblogic plugin in the mod_wl_ohs.conf file, which is included in httpd.conf by default.

Modify the file and include the configuration to redirect HTTP server requests to your WebLogic Server. For example:

<IfModule mod_weblogic.c>
 WebLogicHost egtapp02.ods.local
 WebLogicPort 7043
 </IfModule>
 <Location /ebsauth_VIS>
 SetHandler weblogic-handler
 </Location>

IDM_173

 

 

 

Restart your HTTP Server.

Verify that you can access following Oracle E-Business Suite AccessGate resource via your HTTP server and WebGate from your browser, for example:

http://egtapp02:7780/ebsauth_VIS/ssologout_callback

You should be able to access this test page without authentication, because we specified the ssologout_callback resource in the URIs file during WebGate registration with Oracle Access Manager as public resource.

Your HTTP server will now act as a proxy and your Oracle E-Business Suite AccessGate application will process the request.

You should see an empty page at this point.

IDM_174

 

 

 

Set Oracle E-Business Suite profile options

Set the following Oracle E-Business Suite profile options.

Application Authenticate Agent (APPS_AUTH_AGENT)

IDM_175

 

 

 

Applications SSO Type (APPS_SSO)

IDM_176

 

 

 

Applications Single Sign On Hint Cookie Name (APPS_SSO_HINT_COOKIE_NAME)s

IDM_177

 

 

Stop and restart the applications services on your Oracle E-Business Suite middle tier. Then stop and restart the Oracle WebLogic Server where Oracle E-Business Suite AccessGate is deployed.

Test Single Sign-On with Oracle E-Business Suite

You have completed integrating Oracle E-Business Suite with Oracle Access Manager 11.1.2 using Oracle E-Business Suite AccessGate.

Test single sign-on integration now.

Logon to Oracle E-Business Suite

http://idm:8004/OA_HTML/AppsLogin

You will be re-directed to your OAM single sign-on page. Login using valid OID user credentials. After successful authentication, you will be re-directed to your Oracle E-Business Suite home page.

IDM_178

 

 

 

 

 

IDM_179

 

 

 

 

IDM_180

 

 

 

 

 

Tagged with →  
Share →
1 comments
konovalenkovitaliy
konovalenkovitaliy

in script change_attrs.ldif

instead of 

              orclallattrstodn: orcladmin

should be 

                orclallattrstodn: cn=orcladmin

Skip to toolbar