Step By Step Integrating Oracle e-Business Suite 12.2.6 with Oracle Access Manager 12.2.1.3 and Oracle Internet Directory 12.2.1.3 using Windows Native Authentication

Step By Step Integrating Oracle e-Business Suite 12.2.6 with Oracle Access Manager 12.2.1.3 and Oracle Internet Directory 12.2.1.3 using Windows Native Authentication

Step 1: Enable TLS for OID

On Database Tier

-----------------

cd $ORACLE_HOME/appsutil 

mkdir wallet 

cd wallet/

orapki wallet create -wallet . -auto_login -pwd Oracle123

copy the Certificate from Oracle access manager server to the Oracle EBS database wallet directory and import the certificate 

scp oracle@oamserver1:/u01/oracle/private/config/domains/OIDDomain/config/fmwconfig/components/OID/admin/wallet/oid3wallet/*.cer .

orapki wallet add -wallet . -trusted_cert -cert SHA2-ICA01.cer -pwd Oracle123 -jsafe 

orapki wallet add -wallet . -trusted_cert -cert SHA2-ROOT.cer -pwd Oracle123 -jsafe

Step 2: Configure Oracle Internet Directory 12c with Oracle E-Business Suite

Application Tier

---------------

Before starting with the configuration start an Online Patching Cycle using ADOP

EBSapps.env patch

adop -status

adop phase=prepare

Run the Registration script from Patch File System

EBSapps.env patch

Execute below perl script on Patch File system

$FND_TOP/bin/txkrun.pl -script=SetSSOReg -registeroid=yes -provisiontype=1

Enter LDAP Host name? idstoreqa12c.nizamappsdba.com

Enter the LDAP Port on Oracle Directory server? 3061

Enter the LDAP Directory Administrator (orcladmin) Bind password? Oracle123

Enter the instance password that you would like to register this application instance with? Oracle123

Enter Oracle E-Business apps database user password ?apps

Execute below sql script on Patch File system

EBSapps.env patch

sqlplus apps@$TWO_TASK

@profile_change_oam1.sql

Script Content of profile_change_oam1.sql

-------------------------------------------

set serveroutput on 

DECLARE 

stat BOOLEAN; 

BEGIN 

stat := FND_PROFILE.SAVE('APPS_SSO_OID_IDENTITY','Y','SITE'); 

IF stat THEN 

dbms_output.put_line( 'Profile APPS_SSO_OID_IDENTITY updated with Enabled ' ); 

commit; 

ELSE 

dbms_output.put_line( 'Profile APPS_SSO_OID_IDENTITY could NOT be updated with Enabled' ); 

rollback; 

END IF; 

END; 

/ 

set serveroutput on 

DECLARE 

stat BOOLEAN; 

BEGIN 

stat := FND_PROFILE.SAVE('APPS_SSO_LINK_SAME_NAMES','Y','SITE'); 

IF stat THEN 

dbms_output.put_line( 'Profile APPS_SSO_LINK_SAME_NAMES updated with Enabled' ); 

commit; 

ELSE 

dbms_output.put_line( 'Profile APPS_SSO_LINK_SAME_NAMES could NOT be updated with Enabled' ); 

rollback; 

END IF; 

END; 

/ 

set serveroutput on 

DECLARE 

stat BOOLEAN; 

begin 

stat := FND_PROFILE.SAVE('APPS_SSO', 'SSWA_SSO', 'SITE'); 

IF stat THEN 

dbms_output.put_line( 'Profile APPS_SSO updated with SSWA_SSO' ); 

commit; 

ELSE 

dbms_output.put_line( 'Profile APPS_SSO could NOT be updated with SSWA_SSO' ); 

rollback; 

END IF; 

end; 

/ 

------------------------------

Run AutoConfig from the Patch File system

EBSapps.env patch

./adautocfg.sh

Perform adop cutover cycle

EBSapps.env run

adop phase=cutover

Integrating Oracle E-Business Suite Release 12.2 with Oracle Access Manager 12c (12.2.1.3.0)

Download and apply the following updates to your Oracle E-Business Suite Release 12.2 instance:

- R12.TXK.C Patch 26558863

- R12.TXK.C Patch 26401178

- R12.TXK.C Patch 26879682

Upload the patch zip files and unzip the patch file in a $PATCH_TOP on the application tier

adop phase=prepare

adop phase=apply patches=26401178,26879682

adop phase=finalize,cutover,cleanup

Download Oracle Access Manager OHS 11g WebGates 11.1.2.3 from Identity & Access Management 11gR2 Downloads. Download link below

https://www.oracle.com/middleware/technologies/identity-management/oam-webgates-downloads.html

Save the file to a temporary location on your Oracle E-Business Suite middle tier server node, and unzip it.

EBSapps.env run

cd  /export/home/appldev/oam

unzip ofm_webgates_generic_11.1.2.3.0_disk1_1of1.zip -d webgate

Execute the following command to install Oracle Access Manager WebGates:

txkrun.pl -script=SetOAMReg -installWebgate=yes -webgatestagedir=/export/home/appldev/oam/webgate

Apply Oracle Access Manager Bundle Patch to Oracle Access Manager WebGate 11gR2

Download and apply Oracle Access Manager WebGate Bundle Patch 31710235. Download the patch into a temporary location

unzip p31710235_111230_SOLARIS64.zip

cd 31710235

export ORACLE_HOME= /erp_appl/apps/fs2/FMW_Home/Oracle_OAMWebGate1

$ORACLE_HOME/OPatch/opatch apply

Integrate Oracle E-Business Suite with Oracle Access Manager

Deploy Oracle E-Business Suite AccessGate

. EBSapps.env run

perl $AD_TOP/patch/115/bin/adProvisionEBS.pl ebs-create-oaea_resources -contextfile=$CONTEXT_FILE -deployApps=accessgate -SSOServerURL=https://ssoqa12c.wip.etisalat.corp.ae -logfile=/tmp/deployeag.log

Register Oracle E-Business Suite with Oracle Access Manager

. EBSapps.env run

txkrun.pl -script=SetOAMReg -registeroam=yes

Enter OAM Console URL (for example: http://myoam.us.oracle.com:7001): http://oamadminqavhn12c.nizamappsdba.com:7001

Enter OAM console user name (for example: weblogic):oamadmin

Enter OAM console password: Oracle123

Enter LDAP URL (for example: ldap://myoid.us.oracle.com:3060): ldap://idstoreqa12c.nizamappsdba.com:3061

Enter OID console user name (for example: cn=orcladmin): cn=orcladmin

Enter OID console password: Oracle123

Enter LDAP Search Base (for example: cn=Users,dc=us,dc=oracle,dc=com):cn=Users,dc=nizamappsdba,dc=com,dc=com

Enter LDAP Group Search Base (for example: cn=Groups,dc=us,dc=oracle,dc=com):cn=Groups,dc=nizamappsdba,dc=com,dc=com

Enter APPS password: apps

Perform fs_clone

. EBSapps.env run

adop phase=fs_clone

Migrate users into OID 12c

Login into the application tier of your e-Business Suite instance and source the run filesystem:

. EBSapps.env run

Then execute the following command to export all users into a temporary file:

java oracle.apps.fnd.oid.AppsUserExport -v -dbc $INST_TOP/appl/fnd/12.0.0/secure/NIZAMDBA.dbc -o /export/home/nizamappsdba/oam/useroid.dat -pwd apps -g -l /export/home/nizamappsdba/oam/oidlog.log

where:

- <INSTANCE_NAME> - is the name of the e-Business Suite instance

- <temp_export_file> - is the full path of the file in which the users will be exported

- <apps_password> - is the password for apps

- <log_file> - is the location of a log file of the entire export operation

The export file needs to be shared with IDM Dev team in order for them to import the users into OID 12c.

Bounce application tier

It is best practice to bounce the entire application tier in order to remove any old/cached values

Knows issue and Solutions:

• Re-copy the webgate artifacts from Oracle Access manager server      (u01/oracle/shared/config/domains/IADDomain/output/UAT_uatebs.nizamblogspot.corp.ae_4443) into the webgate/config directory on the EBS instance. For some reason the artifacts were not copied properly during the registration command.
• Restarted just the apache server of EBS
• Changed the authentication scheme on OAMConsole from user/password form to Kerberos