1. Security Configuration Guide
  2. Enabling SSO with Security Agents
  3. Configuring EPM System for Header-based SSO with Oracle Identity Cloud Services
  4. Prerequisites and Sample URLs

Prerequisites and Sample URLs

To establish header-based SSO with Oracle Identity Cloud Services:

  • A fully configured Oracle Enterprise Performance Management System.
  • A host or container with a fully configured Oracle App Gateway, which acts as a reverse proxy to protect EPM System by restricting unauthorized access.

    Oracle App Gateway should be configured to intercept HTTP requests to EPM System components and ensure that users are authenticated by Oracle Identity Cloud Services before forwarding requests toEPM System. While forwarding requests to EPM System components, Oracle App Gateway should propagate the authenticated user's identity through HTTP Header requests.

  • Domain Administrator access to Oracle Identity Cloud Services.

The following sample URLs are used in this discussion:

  • Fully Qualified Domain Name (FQDN) base URL of Oracle Identity Cloud Services server (identity provider):

    https://identity.server.example.com:443/

  • FQDN of Oracle App Gateway server (that hosts the gateway application):

    https://gateway.server.example.com:443/

  • Enterprise application URL for EPM System. This is the FQDN of Oracle App Gateway server appended with workspace/index.jsp:

    https://gateway.server.example.com:443/workspace/index.jsp

Note:

Oracle Identity Cloud Services and Oracle App Gateway are configured with HTTPS support. HTTPS support for EPM System is optional.

This discussion assumes that EPM System has been configured with HTTPS support.