If your mobile users need to access Oracle E-Business Suite mobile apps over the Internet, your Oracle E-Business Suite environment must be set up in a demilitarized zone (DMZ) configuration.
To set up Oracle E-Business Suite mobile apps in a DMZ configuration, ensure that you complete the required tasks for your app:
Note: Oracle Field Service for EBS and Oracle Mobile SCM for EBS (MSCA) currently do not support for accessing these two apps over the Internet. The information described in this chapter does not apply to these two apps.
To set up Oracle E-Business Suite mobile apps in a DMZ configuration, ensure that you complete the following required tasks:
Before performing mobile app specific setup tasks, you need to ensure Oracle E-Business Suite is in a DMZ configuration.
For DMZ configuration instructions, see My Oracle Support Knowledge Document 1375670.1, Oracle E-Business Suite Release 12.2 Configuration in a DMZ.
Note: For any responsibility to which you have assigned the mobile app access role, as described in Setting Up Mobile App Access to Responsibilities (for Oracle Self-Service HR for EBS and Oracle Timecards for EBS), to allow mobile users to access the responsibility from an external node in a DMZ configuration, set the "Responsibility Trust Level" profile value to External for that responsibility at the responsibility level.
Please note that any responsibility with this profile value set to External will also be exposed on all other nodes in the DMZ. Any standard web tier set up in the DMZ for limited access will now have this responsibility visible.
For more information on setting the trust level, refer to My Oracle Support Knowledge Document 1375670.1, Section 4.4 Update List of Responsibilities.
Perform the following tasks to complete the app-specific setup for Oracle Approvals for EBS, Oracle Timecards for EBS, and Oracle Self-Service HR for EBS:
For these three Oracle JET-based apps (Oracle Approvals for EBS, Oracle Timecards for EBS, and Oracle Self-Service HR for EBS) in an Oracle E-Business Suite environment with a DMZ configuration, the web entry points should be defined in oracle.apps.fnd.sso.WebEntries in $INST_TOP/appl/admin/oacore_wls.properties.
By default, the property is commented in $INST_TOP/appl/admin/oacore_wls.properties. Uncomment the property and provide comma-separated Oracle E-Business Suite URLs as:
oracle.apps.fnd.sso.WebEntries=http(s)://<EBS Internal Host>:<port>,http(s)://<EBS External Host>:<port>
Use the following steps to add multiple web entry points to this property:
Copy the original oacore_wls_properties.tmp file from <FND_TOP>/admin/template to <FND_TOP>/admin/template/custom, if the customized template file does not already exist. Create the custom directory if it does not exist.
Modify oacore_wls_properties.tmp in the custom directory. Uncomment the property oracle.apps.fnd.sso.WebEntries and provide comma-separated EBS URLs as:
oracle.apps.fnd.sso.WebEntries=http(s)://<EBS Internal Host:port>,http(s)://<EBS External Host:port>
Run AutoConfig in the application tier and restart the servers.
To ensure the change is preserved through patching and server restarts, follow the instructions in the "Customizing AutoConfig-Managed Configurations" section of the Technical Configuration chapter in Oracle E-Business Suite Setup Guide.
If your Oracle E-Business Suite is configured for DMZ with URL Firewall enabled, then to access browser-based mobile apps over the Internet, add the following URL patterns to the allowlist in the URL Firewall configuration file (url_fw.conf).
Note: Note that url_fw.conf will be generated on all the application tiers by the AutoConfig utility.
In order to preserve the configuration, perform the following steps to customize the template file:
Copy the original url_fw_conf_FMW.tmp file from <FND_TOP>/admin/template to <FND_TOP>/admin/template/custom, if the customized template file does not already exist. Create the custom directory if it does not exist.
Modify url_fw_conf_FMW.tmp in the custom directory. Perform the following steps to modify the existing rule and add new rules in the following URL patterns in STATIC block to make it accessible in the external web tier:
Check for the existing rule: RewriteRule ^/OA_HTML/.*\.(gif|jpg|jpeg|bmp|png)$ - [L]
Comment it and modify the existing rule to include ico and svg extensions as:
#RewriteRule ^/OA_HTML/.*\.(gif|jpg|jpeg|bmp|png)$ - [L]
RewriteRule ^/OA_HTML/.*\.(gif|jpg|jpeg|bmp|png|ico|svg)$ - [L]
Add new rules:
RewriteRule ^/OA_HTML/.*\.(ttf|woff|woff2)$ - [L]
RewriteRule ^/OA_HTML/.*\.(webmanifest)$ - [L]
Run AutoConfig in the application tier and restart the servers.
For more information, refer to the "Customizing AutoConfig-Managed Configurations" section of the Technical Configuration chapter in Oracle E-Business Suite Setup Guide.
Perform the following tasks to complete the setup for Oracle Maintenance for EBS in a DMZ configuration:
Before performing mobile app specific setup tasks, you need to ensure Oracle E-Business Suite is in a DMZ configuration.
For DMZ configuration instructions, see My Oracle Support Knowledge Document 1375670.1, Oracle E-Business Suite Release 12.2 Configuration in a DMZ.
Note: For any responsibility to which you have assigned the mobile app access role, as described in Setting Up Mobile App Access to Responsibilities, to allow mobile users to access the responsibility from an external node in a DMZ configuration, set the "Responsibility Trust Level" profile value to External for that responsibility at the responsibility level.
Please note that any responsibility with this profile value set to External will also be exposed on all other nodes in the DMZ. Any standard web tier set up in the DMZ for limited access will now have this responsibility visible.
For more information on setting the trust level, refer to My Oracle Support Knowledge Document 1375670.1, Section 4.4 Update List of Responsibilities.
Important: For Oracle Maintenance for EBS, before setting up your mobile app with any of the advanced configurations, ensure basic mobile app configuration is performed and validated. See: Validating the Configuration.
Additionally, before connecting the mobile app using DMZ configuration, ensure that the app works with Service Endpoint (APPS_MOBILE_AGENT) set to an internal server of Oracle E-Business Suite. For information on the Service Endpoint (APPS_MOBILE_AGENT) parameters, see Configuring Parameters for the Apps Local Login Authentication Type.
For Oracle Maintenance for EBS, when setting up the configuration file for this app, ensure that the value of the Service Endpoint parameter is set to your external web entry point.
For information on configuring your mobile app, see Enabling a Mobile App Individually and Specifying the Configuration Through the UI Pages.
Note: If you use the Configure Mobile Applications page to set up the configuration parameters, note that the value for the Service Endpoint parameter defaults to the current value of the APPS_FRAMEWORK_AGENT profile option. However, if you are accessing this page from your intranet, then the current value of the APPS_FRAMEWORK_AGENT profile option will be your internal web entry point. In this case, to allow access from mobile apps to Oracle E-Business Suite over the Internet, you must manually specify an override value for the Service Endpoint parameter to set it to the external web entry point.