Hello there!

Need Help? We are right here!

miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Search Results:

×

Oracle EBS Azure AD Single Sign-On Integration


Oracle EBS Partner logo

Oracle E-Business Suite is a major product line of Oracle Corporation. Oracle E-Business (EBS) is a combined set of business applications for automating customer relationship management (CRM), Enterprise Resource Planning (ERP) and Supply Chain Management (SCM) which helps in automating the processes within organizations.

"miniOrange SSO connector enables Single Sign-On between Oracle EBS and Azure AD without the need to purchase and install Oracle Access Manager (OAM) and Oracle Internet Directory (OID) license."

Oracle EBS Azure AD Single Sign-On SSO integration is enabled with the help of miniOrange SSO Connector. This integration involves registering the miniOrange connector as a SAML Service Provider (SP) in Azure AD, and Azure AD as a SAML Identity Provider (IdP) in the miniOrange connector. The authentication flow works like this: when a user tries to login into Oracle EBS, the authentication is delegated to miniOrange, which redirects the user to Azure AD for Single Sign On Login. Upon successful authentication, the user is granted access to Oracle EBS. Oracle EBS can also be protected with Azure AD Multi-Factor. Oracle EBS URL can be added to Azure AD Applications Dashboard by Azure AD Admin, and users can launch it like any other Azure AD Application. miniOrange SSO connector can enable Azure AD SSO for the following supported Oracle EBS versions - R12 and R12.2 and it can also enable Oracle EBS integrations such as OBIEE, Hyperion/EPM Suite, ADF Applications, WebCenter and Agile. miniOrange SSO Connector can also enable Azure AD Cloud SSO for other Oracle Products as well such as Peoplesoft, Siebel and JD Edwards.

"As the miniOrange Oracle EBS SSO connector is officially listed on Microsoft Azure Marketplace and Oracle Cloud Marketplace, you can rest assured that all of our integrations on the Microsoft and Oracle Stack fulfill the highest competencies set by Oracle for their trusted advisors like miniOrange."



Oracle EBS Azure AD Single Sign-On SSO Authentication Flow with miniOrange Oracle EBS Solution:


Oracle EBS(E-Business Suite) Azure AD SSO Authentication

1. The User sends the request to access the Oracle E-Business Suite.

2. Oracle EBS redirects the request to the miniOrange SSO Connector for authentication.

3. The miniOrange SSO Connector redirects the user to Azure AD for authentication.

4. The user is prompted for their Azure AD credentials, and is authenticated upon a successful response.

5. The connector receives the user’s Oracle EBS registered username/email from Azure AD via SAML attributes.

6. The connector checks the value of the username/email received from Azure AD against the FND_USER table in the Oracle EBS Database & creates a session for them.

7. Upon successfully creating a session, user is redirected to the Oracle E-Business Suite portal as logged-in user



Connect with External Source of Users


miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Shibboleth, Ping, Okta, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more.



Prerequisites

  • Download the miniOrange Oracle EBS SSO Connector [Contact Us to request for the secure link].
  • Setup the Identity Server by following the steps in this document. The connector should be hosted on the same domain as your Oracle EBS Apps Tier; for example, if your Oracle EBS Web Entry FQDN is apps.example.com, the connector can be hosted on ebsauth.example.com.
  • Once the connector is set up, modify the file context.xml present under /conf & add the following line under the element:
  • <CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />
  • Your context.xml file should look like this:
  • Context XML

  • Restart the Apache Tomcat server for this change to take effect.

Follow the step-by-step Guide given below for Oracle E-Business Single Sign-On (SSO) with Azure AD

1. Create Oracle EBS User & Generate DBC File

  • Login to Oracle EBS as SYSADMIN (or a user with the User Management & Functional Administrator responsibilities).
  • Under the User Management responsibility, add a User Account. These user credentials will be configured in the miniOrange SSO Connector for connecting to the Oracle EBS database.
  • Add User Account

  • Assign the role ‘Apps Schema Connect’ to this user.
  • Apps Schema Connect Role

  • On the Oracle EBS Linux Environment, generate a new DBC file for use by the miniOrange SSO Connector. You will need the apps user credentials, and the default DBC file (under $FND_SECURE) used by the Apps Tier. The AdminDesktop utility can be used to generate the new DBC file. You’ll have to specify the name of a new Desktop Node for this DBC file:
  • java oracle.apps.fnd.security.AdminDesktop <apps-username>/<apps-password> CREATE NODE_NAME=<miniorange-sso-connector-fqdn> DBC=<path-to-existing-dbc-file>
  • This will generate a file called <$TWO_TASK>_<miniorange-sso-connector-fqdn>.dbc in the same location as where your ran the previous command.
  • Copy over this DBC file to the miniOrange SSO Connector server.

2. Setup miniOrange EBS SSO Connector Part-1

  • Login into oracle ebs with username, password and miniOrange Cloud IdP Base URL (either branding URL - https://.xecurify.com/moas OR https://login.xecurify.com/moas).
  • Oracle EBS Azure AD Single Sign-On: login

  • After Successful login you will be redirected to the configuration page. Here You have to enter the FND User name and FND User Password. For the DBC file path and Application server ID, you can manually fill these two or you can upload the file and it will automatically fetch these fields. Now click the Save button to save the configuration, then click Test DB Connection button to see if the filled-in details are correct.
  • Oracle EBS Azure AD Single Sign-On: Test DB connection

  • Copy the Redirect URI which will be used in further step.
  • Oracle EBS Azure AD Single Sign-On: Redirect uri

3. miniOrange OAuth Application Setup

  • Log in as a customer from the Admin Console.
  • Go to Apps. Click Add Application button at right corner of your screen.
  • Add SSO connector for Oracle EBS

  • In Choose Application Type click on Create App button in OAUTH/OIDC application type.
  •  Oracle EBS Azure AD SSO : Choose Application type

  • Click on the 'OAuth2/OpenID Connect’ App Type.
  • Oracle EBS Azure AD SSO : Select Oauth/OpenID

  • Now enter any client name. Paste the Redirect URI which we have copied earlier when we were setting oracle EBS SSO.
  • In Primary Identity Provider choose your configured External Identity Provider.
  • Oracle EBS Azure AD Single Sign-On: EBS connecotr

  • Now click on Save Button to save the configuration of the application. After saving click on the select tab and choose edit option here.
  • Oracle EBS Azure AD Single Sign-On

  • Note down Client id and Client secret, you will need this info for configuring the miniOrange EBS SSO connector.
  • Get Client ID and Secret for Oracle EBS Azure AD SSO

4. Setup miniOrange EBS SSO Connector Part-2

  • Now go back to the miniorange EBS SSO Connector and do rest of the configuration.
  • In the Identity Attribute you have two choices: Either you can choose username/guid or email. If you choose username/guid attribute then username will be considered attribute for login and same with the email as well. Both username or email must be unique.
  • Enter the following entities:
    Default Homepage URL https://apps.example.com:4443/OA_HTML/OA.jsp?OAFunc=OAHOMEPAGE
    Post Logout Redirect URI https://apps.example.com:4443

    Here Default Homepage URL is the landing page where you will be redirected after login.

  • Get Client ID and Secret for Oracle EBS Azure AD SSO

  • miniOrange Base URL and Customer ID will be automatically fetched by the application itself.

    In the Authentication Sources there are 3 choices: miniOrange, external and discovery.

  • miniOrange When miniOrange is the Identity Provider
    External When you have External Identity Provider
    Discovery When you have multiple Identity Provider

  • Redirect URI will be fetched by the application itself.
  • Paste Client ID and Client Secret here, that you have copied while setting the miniOrange Oauth application.
  • Get Client ID and Secret for Oracle EBS Azure AD SSO

  • After doing the configuration click on Save button to save the configuration. Now Click on Test Attribute Mapping to see the attribute mapping.
  • Finally to test the whole configuration. Click on the Test Connection button.

5. Oracle EBS Azure AD Single Sign-On Integration

  • Log in to Azure AD Portal
  • Select Azure Active Directory.
  • Oracle EBS Azure AD Single Sign-On: click on Azure AD

  • Select Enterprise Application.

  • Oracle EBS Azure AD Single Sign-On: Enterprise Applications

  • Click on New Application.

  • Oracle EBS Azure AD Single Sign-On: Adding New Application

  • Click on Create your own Application under Browse Azure AD Gallery.

  • Oracle EBS Azure AD Single Sign-On: create application

  • Enter the name for your app, then select Non-gallery application section and click on Create button.

  • Oracle EBS Azure AD Single Sign-On:  Non-gallery application

  • Click on Setup Single sign-on .

  • Oracle EBS Azure AD Single Sign-On: Single sign-on

  • Select the SAML  tab.

  • Oracle EBS Azure AD Single Sign-On: Select SAML

  • For Basic SAML configuration you need to get the Entity ID, ACS URL, and the Single Logout URL from miniOrange.(available in next step)
  • Oracle EBS Azure AD Single Sign-On: SAML configuration

  • Go to miniOrange Dashboard. Under Add Identity Source, click on Setup >> Add IDP
  • Oracle EBS Azure AD Single Sign-On

  • Now click on the Click here link to get miniOrange metadata as shown in Screen below.
  • Oracle EBS Azure AD Single Sign-On: get miniorange metadata

  • For SP -INITIATED SSO section Select Show Metadata Details.
  • Oracle EBS Azure AD Single Sign-On: SP intiated Metadata

  • Enter the values in basic SAML configuration as shown in below screen
  • Identifier (Entity ID) Entity ID or Issuer
    Reply URL (Assertion Consumer Service URL) ACS URL
    Sign on URL (optional required during IDP-initiated SSO) SSO Login URL
    Logout URL Single Logout URL

  • By default, the following Attributes will be sent in the SAML response. You can view or edit the claims sent in the SAML response to the application under the Attributes tab.

  • Oracle EBS Azure AD Single Sign-On: SAML attributes

  • Copy the App Federation Metadata Url to get the Endpoints required for configuring your Service Provider in step 2.

  • Oracle EBS Azure AD Single Sign-On: Federation metadata file

  • Assign users and groups to your SAML application.
    • As a security control, Azure AD will not issue a token allowing a user to sign in to the application unless Azure AD has granted access to the user. Users may be granted access directly, or through group membership.
    • Navigate to Users and groups tab and click on Add user/group.
    • Oracle EBS Azure AD Single Sign-On: Assign groups and users

    • Click on Users to assign the required user and then click on select.
    • Oracle EBS Azure AD Single Sign-On: Add users

    • You can also assign a role to your application under Select Role section. Finally, click on Assign button to assign that user or group to the SAML application. Your configuration is Azure AD is done.

6. Configure Azure AD as a SAML Identity Provider in the miniOrange Broker Agent

  • Go to miniOrange Admin Console.
  • From the left navigation bar select Identity Provider
  • Click on Add Identity Provider button.
  • Oracle EBS Azure AD SSO: Identity Provider

  • Select SAML. Click on Import IDP metadata.
  • Oracle EBS Azure AD Single Sign-On: IDP metadata

  • Choose appropriate IDP name.
  • The metadata URL is available in Above step. Choose URL and copy the metadata URL.
  • Click on Import.
  • Oracle EBS Azure AD Single Sign-On: Azure AD Import

  • As shown in the below screen the IDP Entity ID, SAML SSO Login URL, Single Logout URL and x.509 Certificate will be auto filled from the file imported.
  • Oracle EBS Azure AD Single Sign-On: SAML SSO Login URL and x.509 Certificate

  • Click on Save.

7. Test IdP-initiated Oracle EBS SSO

  • Open up a new browser or an incognito window, and paste the APPS_AUTH_AGENT Profile Value URL from Step 2, with ‘/ssologin’ appended to it, in the address bar. For example, if your APPS_AUTH_AGENT Profile Value URL is ‘https://ebsauth.example.com/osso/broker/1/app-uuid-value’, enter the following URL in the address bar: https://ebsauth.example.com/osso/broker/1/app-uuid-value/ssologin
  • You should be redirected to the Identity Source against which you’d like to authenticate.
  • Oracle EBS SSO Azure AD Integration

  • After a successful authentication from the Identity Source, you should be logged into Oracle EBS.
  • Oracle E-Business  SSO login successful

8. Configure Redirection to Oracle EBS for SSO

  • Login to Oracle EBS as SYSADMIN (or a user with the Functional Administrator responsibility).
  • Navigate to Functional Administrator → Core Services → Profiles, and make the following changes:
    • Search for the Profile with code APPS_SSO; change its site value from SSWA to SSWA w/SSO.
    • Search for the Profile with the code APPS_AUTH_AGENT; change its site value to the APPS_AUTH_AGENT Profile Value from Oracle EBS configuration (e.g. https://ebsauth.example.com/oracle/sso/<customerId>/<appUuid>).
    • Search for the Profile with the name Oracle Applications Session Cookie Domain; change its value from Host to Domain.
    • Bounce the Application Tier of the Oracle E-Business Suite to reflect the changes.

9. Test SP-initiated Oracle EBS SSO

  • Open up a new browser or an incognito window, and enter your Oracle EBS instance’s base URL in the address bar (e.g. https://apps.example.com:4443/), and press enter.
  • You should be redirected to the Identity Source configured for authentication.
  • azure AD login

  • After a successful authentication from the Identity Source, you should be logged into Oracle EBS.
  • Oracle E-Business  SSO login successful

  • You have now successfully configured the miniOrange SSO Connector for Single Sign-On (SSO) into Oracle EBS.


References

Want To Schedule A Demo?

Request a Demo
  



Our Other Identity & Access Management Products