Step By Step Integrating Oracle e-Business Suite 12.2.6 with Oracle Access Manager 12.2.1.3 and Oracle Internet Directory 12.2.1.3 using Windows Native Authentication
Step 1: Enable TLS for OID
On Database Tier
-----------------
cd $ORACLE_HOME/appsutil
mkdir wallet
cd wallet/
orapki wallet create -wallet . -auto_login -pwd Oracle123
copy the Certificate from Oracle access manager server to the Oracle EBS database wallet directory and import the certificate
scp oracle@oamserver1:/u01/oracle/private/config/domains/OIDDomain/config/fmwconfig/components/OID/admin/wallet/oid3wallet/*.cer .
orapki wallet add -wallet . -trusted_cert -cert SHA2-ICA01.cer -pwd Oracle123 -jsafe
orapki wallet add -wallet . -trusted_cert -cert SHA2-ROOT.cer -pwd Oracle123 -jsafe
Step 2: Configure Oracle Internet Directory 12c with Oracle E-Business Suite
Application Tier
---------------
Before starting with the configuration start an Online Patching Cycle using ADOP
EBSapps.env patch
adop -status
adop phase=prepare
Run the Registration script from Patch File System
EBSapps.env patch
Execute below perl script on Patch File system
$FND_TOP/bin/txkrun.pl -script=SetSSOReg -registeroid=yes -provisiontype=1
Enter LDAP Host name? idstoreqa12c.nizamappsdba.com
Enter the LDAP Port on Oracle Directory server? 3061
Enter the LDAP Directory Administrator (orcladmin) Bind password? Oracle123
Enter the instance password that you would like to register this application instance with? Oracle123
Enter Oracle E-Business apps database user password ?apps
Execute below sql script on Patch File system
EBSapps.env patch
sqlplus apps@$TWO_TASK
@profile_change_oam1.sql
Script Content of profile_change_oam1.sql
-------------------------------------------
set serveroutput on
DECLARE
stat BOOLEAN;
BEGIN
stat := FND_PROFILE.SAVE('APPS_SSO_OID_IDENTITY','Y','SITE');
IF stat THEN
dbms_output.put_line( 'Profile APPS_SSO_OID_IDENTITY updated with Enabled ' );
commit;
ELSE
dbms_output.put_line( 'Profile APPS_SSO_OID_IDENTITY could NOT be updated with Enabled' );
rollback;
END IF;
END;
/
set serveroutput on
DECLARE
stat BOOLEAN;
BEGIN
stat := FND_PROFILE.SAVE('APPS_SSO_LINK_SAME_NAMES','Y','SITE');
IF stat THEN
dbms_output.put_line( 'Profile APPS_SSO_LINK_SAME_NAMES updated with Enabled' );
commit;
ELSE
dbms_output.put_line( 'Profile APPS_SSO_LINK_SAME_NAMES could NOT be updated with Enabled' );
rollback;
END IF;
END;
/
set serveroutput on
DECLARE
stat BOOLEAN;
begin
stat := FND_PROFILE.SAVE('APPS_SSO', 'SSWA_SSO', 'SITE');
IF stat THEN
dbms_output.put_line( 'Profile APPS_SSO updated with SSWA_SSO' );
commit;
ELSE
dbms_output.put_line( 'Profile APPS_SSO could NOT be updated with SSWA_SSO' );
rollback;
END IF;
end;
/
------------------------------
Run AutoConfig from the Patch File system
EBSapps.env patch
./adautocfg.sh
Perform adop cutover cycle
EBSapps.env run
adop phase=cutover
Integrating Oracle E-Business Suite Release 12.2 with Oracle Access Manager 12c (12.2.1.3.0)
Download and apply the following updates to your Oracle E-Business Suite Release 12.2 instance:
- R12.TXK.C Patch 26558863
- R12.TXK.C Patch 26401178
- R12.TXK.C Patch 26879682
Upload the patch zip files and unzip the patch file in a $PATCH_TOP on the application tier
adop phase=prepare
adop phase=apply patches=26401178,26879682
adop phase=finalize,cutover,cleanup
Download Oracle Access Manager OHS 11g WebGates 11.1.2.3 from Identity & Access Management 11gR2 Downloads. Download link below
https://www.oracle.com/middleware/technologies/identity-management/oam-webgates-downloads.html
Save the file to a temporary location on your Oracle E-Business Suite middle tier server node, and unzip it.
EBSapps.env run
cd /export/home/appldev/oam
unzip ofm_webgates_generic_11.1.2.3.0_disk1_1of1.zip -d webgate
Execute the following command to install Oracle Access Manager WebGates:
txkrun.pl -script=SetOAMReg -installWebgate=yes -webgatestagedir=/export/home/appldev/oam/webgate
Apply Oracle Access Manager Bundle Patch to Oracle Access Manager WebGate 11gR2
Download and apply Oracle Access Manager WebGate Bundle Patch 31710235. Download the patch into a temporary location
unzip p31710235_111230_SOLARIS64.zip
cd 31710235
export ORACLE_HOME= /erp_appl/apps/fs2/FMW_Home/Oracle_OAMWebGate1
$ORACLE_HOME/OPatch/opatch apply
Integrate Oracle E-Business Suite with Oracle Access Manager
Deploy Oracle E-Business Suite AccessGate
. EBSapps.env run
perl $AD_TOP/patch/115/bin/adProvisionEBS.pl ebs-create-oaea_resources -contextfile=$CONTEXT_FILE -deployApps=accessgate -SSOServerURL=https://ssoqa12c.wip.etisalat.corp.ae -logfile=/tmp/deployeag.log
Register Oracle E-Business Suite with Oracle Access Manager
. EBSapps.env run
txkrun.pl -script=SetOAMReg -registeroam=yes
Enter OAM Console URL (for example: http://myoam.us.oracle.com:7001): http://oamadminqavhn12c.nizamappsdba.com:7001
Enter OAM console user name (for example: weblogic):oamadmin
Enter OAM console password: Oracle123
Enter LDAP URL (for example: ldap://myoid.us.oracle.com:3060): ldap://idstoreqa12c.nizamappsdba.com:3061
Enter OID console user name (for example: cn=orcladmin): cn=orcladmin
Enter OID console password: Oracle123
Enter LDAP Search Base (for example: cn=Users,dc=us,dc=oracle,dc=com):cn=Users,dc=nizamappsdba,dc=com,dc=com
Enter LDAP Group Search Base (for example: cn=Groups,dc=us,dc=oracle,dc=com):cn=Groups,dc=nizamappsdba,dc=com,dc=com
Enter APPS password: apps
Perform fs_clone
. EBSapps.env run
adop phase=fs_clone
Migrate users into OID 12c
Login into the application tier of your e-Business Suite instance and source the run filesystem:
. EBSapps.env run
Then execute the following command to export all users into a temporary file:
java oracle.apps.fnd.oid.AppsUserExport -v -dbc $INST_TOP/appl/fnd/12.0.0/secure/NIZAMDBA.dbc -o /export/home/nizamappsdba/oam/useroid.dat -pwd apps -g -l /export/home/nizamappsdba/oam/oidlog.log
where:
- <INSTANCE_NAME> - is the name of the e-Business Suite instance
- <temp_export_file> - is the full path of the file in which the users will be exported
- <apps_password> - is the password for apps
- <log_file> - is the location of a log file of the entire export operation
The export file needs to be shared with IDM Dev team in order for them to import the users into OID 12c.
Bounce application tier
It is best practice to bounce the entire application tier in order to remove any old/cached values
Knows issue and Solutions:
- Re-copy the webgate artifacts from Oracle Access manager server (u01/oracle/shared/config/domains/IADDomain/output/UAT_uatebs.nizamblogspot.corp.ae_4443)
into the webgate/config directory on the EBS instance. For some reason the
artifacts were not copied properly during the registration command.
- Restarted just the apache server of EBS
- Changed the authentication scheme on OAMConsole from
user/password form to Kerberos