Configure and Deploy the E-Business Suite Asserter

After registering the E-Business Suite Asserter in Oracle Identity Cloud Service, you must configure and deploy the E-Business Suite Asserter that will act as an interface between an identity token issued by Oracle Identity Cloud Service and a user session created in Oracle E-Business Suite.

Create a Wallet for the E-Business Suite Asserter

For security purpose, the E-Business Suite Asserter component uses a wallet to register the client ID, client secret, and Oracle Identity Cloud Service URL as parameters.

  1. Log in to the E-Business Suite Asserter application server machine.
  2. Run the command java -jar idcs-wallet-<version>.jar, and then provide the following values when prompted:
    • Enter Wallet Path: Enter the full path where you want to store the wallet file.
    • Enter Client ID: Enter the client ID generated while registering and activating the E-Business Suite Asserter in Oracle Identity Cloud Service.
    • Enter Client Secret: Enter the client secret for the client ID.
    • Enter IDCS base URL: Enter Oracle Identity Cloud Service base URL. For example: https://MYTENANT.identity.oraclecloud.com.
    The command line creates a wallet file named cwallet.sso in the provided path.

Update the E-Business Suite Asserter Configuration File

After you register the E-Business Suite Asserter, you can configure the E-Business Suite Asserter configuration file to connect with Oracle Identity Cloud Service during authentication.

From Identity Cloud Service E-Business Suite Asserter version 19.1.4-1.2.0 onward, the asserter contains a properties file called bridge.properties. This file is located inside the ebs.war file. You need to update the information in the bridge.properties file, and then regenerate the ebs.war file, before deploying it to a WebLogic Server.

If you are using a version of the Identity Cloud Service E-Business Suite Asserter before 19.1.4-1.2.0 release, then the war file doesn't contain the bridge.properties file inside. You need to create this file in a folder of the E-Business Suite Asserter's WebLogic server, update its content as per step 3, save the file, and then set an environment variable, as per the following example: export ebs_property_file="/opt/ebssdk/bridge.properties"

  1. In the server where you downloaded the E-Business Suite Asserter zip file, navigate to the location where you decompressed the ebs.war file.
  2. Using a zip utility, decompress the ebs.war file, locate the the bridge.properties file, and open the file for editing.
  3. Uncomment the following properties by removing the # from the beginning of each line, and update their values as follows:
    
    ###########################################################
    ## SSO Bridge for E-Business Suite
    ###########################################################
    # Properties File
    app.url=https://ebsasserter.example.com:7002/ebs
    app.serverid=APPL_SERVER_ID_value
    ebs.url.homepage=https://ebs.example.com:8001/OA_HTML/OA.jsp?OAFunc=OANEWHOMEPAGE
    ebs.ds.name=visionDS
    ebs.user.identifier=username
    idcs.iss.url=https://identity.oraclecloud.com
    idcs.aud.url=https://idcs-example.identity.oraclecloud.com
    ebs.renew.session=true
    post.logout.url=https://ebs.example.com:8001/OA_HTML/OA.jsp?OAFunc=OANEWHOMEPAGE
    wallet.path=[FULL_PATH_OF_THE_WALLET_FILE]
    whitelist.urls=https://ebs.example.com:8001/OA_HTML/RF.jsp,https://ebs.example.com:8001/OA_HTML/OA.jsp,https://ebs.example.com:8001/OA_HTML/BneApplicationService
    ###########################################################
    
    The descriptions for the bridge.properties parameters are as follows:
    • app.url is the URL and port number for the E-Business Suite Asserter application.
    • app.serverid corresponds to the APPL_SERVER_ID value in the .dbc file generated while registering the E-Business Suite Asserter.
    • ebs.url.homepage is the URL address for the Oracle E-Business Suite home page.
    • ebs.ds.name is the data source name to be created in the Oracle WebLogic Server where the E-Business Suite Asserter is deployed.
    • ebs.user.identifier is the Oracle E-Business Suite field used to match the Oracle Identity Cloud Service user name. Allowed values are user name (representing the FND_USERS.USER_NAME column) or email (representing the FND_USERS.EMAIL_ADDRESS column).
    • idcs.iss.url is the issuer URL, leave this property with its default value.
    • ebs.renew.session controls how the E-Business Suite Asserter manages the Oracle E-Business Suite session when the Oracle E-Business Suite cookie has expired. If the parameter is set to true, then the E-Business Suite Asserter tries to renew the existent Oracle E-Business Suite session. If the parameter is set to false, then the E-Business Suite Asserter creates a new Oracle E-Business Suite session for the user.
    • post.logout.url is the URL to where the EBS Asserter redirects the user after signing out. This value must match the value of the Post Logout Redirect URL parameter in Oracle Identity Cloud Service.
    • wallet.path is the full path of the wallet file, including the file name.
    • whitelist.urls allows bypass for the URLs. This example also enables Single Sign-On for Oracle Web Applications Desktop Integrator and Oracle Workflow.
    • Optionally, you can also include the property ebs.renew.session=true. This property controls how the Asserter manages the Oracle E-Business Suite (EBS) Forms session time out. Setting this parameter to true results in refreshing the EBS Forms session after having reach the configured limit (ICX:Session Timeout). If the parameter is set to false, after reaching the configured limit, the EBS Forms session is invalidated closing all active Forms, however the EBS session in the browser will still active, allowing the user to reopen a new Forms session.
  4. Rebuild the ebs.war file and make sure it contains the updated version of the bridge.properties file. Below is the structure of the ebs.war file:
    META-INF/
       MANIFEST.MF
    WEB-INF/
       classes/
       lib/
       bridge.properties
       web.xml
       weblogic.xml

Import the Oracle Identity Cloud Service Certificate into WebLogic and Java Keystores

Export the SSL certificate from the Oracle Identity Cloud Service UI and import it into Oracle WebLogic Server identity keystore. This step is required for Oracle E-Business Suite to communicate with Oracle Identity Cloud Service by using HTTPS.

  1. Log in to the E-Business Suite Asserter WebLogic Server machine.
  2. Run the commands echo $JAVA_HOME and echo $WL_HOME, and then make note of the value that is set for each:
    • JAVA_HOME: /usr/java/jdk1.8.0_121
    • WL_HOME: /u01/oracle/wlserver
    If the values of the commands $JAVA_HOME and $WL_HOME aren't set, request that the WebLogic administrator set them.
  3. Install the Java Cryptography Extension file:
    1. Unzip the Java Cryptography Extension file you have previously downloaded.
    2. Copy both the US_export_policy.jar and local_policy.jar files to the $JAVA_HOME/jre/lib/security folder on the E-Business Suite Asserter WebLogic Server.
  4. Export the Oracle Identity Cloud Service SSL certificate using the web browser (for example, Chrome):
    1. Access Oracle Identity Cloud Service console or the sign in page.
    2. In the browser address bar, click View website information (locker icon), click Valid, click Details tab.
    3. In the Details Tab, click Copy to File, click Next, select Base-64 encoded X.509 (.CER), click Next.
    4. Browse to a folder, name the file and save the certificate as oracle.cer, click Next and then Finish.
  5. Copy the oracle.cer file to the /opt/ebssdk folder.
  6. Run the following command to import the Oracle Identity Cloud Service certificate:
    cd /u01/oracle/wlserver/server/lib
    keytool -import -noprompt -trustcacerts -alias idcs -file /opt/ebssdk/idcs.cer -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase
    
    cd /usr/java/jdk1.8.0_121/jre/lib/security
    keytool -importcert -noprompt -keystore cacerts -storepass keystore-password -alias idcs-root-ca -file /opt/ebssdk/idcs.cer

    The keytool command uses the default password of the keystore. If these passwords have been changed, contact your WebLogic administrator.

  7. Start the Oracle WebLogic Server Administration Console by entering http://wls_host:wls_port/console in the URL line of a web browser.
  8. Log in with your WebLogic administrative user name and password.
  9. In the left panel of the Console, click Lock & Edit, expand Environment and select Servers.
  10. Click the name of the target server where you want to deploy the E-Business Suite Asserter. In this example, AdminServer.
  11. Click the SSL tab. Scroll down and expand the Advanced section.
  12. Update the Hostname Verification parameter with the value None, and then click Save.
  13. Click Activate Changes.
  14. Restart the servers.

Define the Data Source

In the Oracle WebLogic Server where E-Business Suite Asserter is deployed, you must configure database connectivity by adding data sources to your WebLogic domain. WebLogic Java Database Connectivity (JDBC) data sources provide database access and database connection management.

  1. Enter the following URL in a web browser, replacing host:port with the host name and port for the WebLogic Administration Console:
    http://wls_host:wls_port/console

    For example, https://ebsasserter.example.com:7002/console.

  2. Log in with your WebLogic administrative user name and password.
  3. In the administration console under Domain Structure, expand Services and then click Data Sources.
  4. Under the Data Sources table heading, click the New drop-down list, and then select Generic Data Source.
  5. In the JDBC Data Source Properties section, specify the following appropriate values, and then click Next:
    • Name: visionDS
    • JNDI Name: visionDS
    • Database Type: oracle
    The value of the Name parameter must match the ebs.ds.name parameter in the E-Business Suite Asserter configuration file.
  6. Select a database driver, and then click Next.
    • If you are using an XA data source, select *Oracle's Driver (Thin XA) for Instance connections; Versions:any
    • If you are using a non-XA data source, select *Oracle's Driver (Thin) for Instance connections; Versions:Any
  7. In the Transaction Options section, perform one of the following, and click Next:
    • For a non-XA data source, uncheck the Supports Global Transactions check box
    • For an XA data source, leave the check box checked
  8. In the Connection Properties section, specify the following appropriate values and then click Next.
    • Database Name: EBSDB
    • Host Name: ebs.example.com
    • Port: 1521
    • Database User Name: Enter the username you created earlier
    • Password: Enter the password for the username
  9. In the Driver Class Name field, enter one of the following:
    • oracle.apps.fnd.ext.jdbc.datasource.AppsDataSource if you use a non-XA data source
    • oracle.apps.fnd.ext.jdbc.datasource.AppsXADataSource if you are using an XA data source
    You can use the oracle.jdbc.OracleDriver drive instead, but you need to provide administrative database credentials during configuration. If you don't want to expose administrative database credentials to WebLogic administrators, use one of the previous values.
  10. In the Properties text box, enter dbcFile=/opt/ebssdk/EBSDB_ebsasserter.example.com.dbc.
  11. Review the data source properties values, confirm that the database is running, and click Test Configuration.
  12. When you see the Connection test succeeded message, click Next.
  13. In the Select Targets section, select the target server (for example, AdminServer), and click Finish.
  14. In the Change Center, click the Activate Changes button.

Deploy the E-Business Suite Asserter on Oracle WebLogic Server

You must deploy the E-Business Suite Asserter to the Administration Server instance of Oracle WebLogic Server for the purpose of performing end-to-end testing of the integration.

  1. Copy the E-Business Suite Asserter war file (ebs.war) to the working folder in the Oracle WebLogic Server /opt/ebssdk.
  2. Enter the following URL in a web browser, replacing host:port with the host name and port for the Oracle WebLogic Server Administration Console:
    http://wls_host:wls_port/console

    For example, https://ebsasserter.example.com:7002/console.

  3. Log in with your WebLogic administrative user name and password.
  4. In the Change Center, click the Lock & Edit button.
  5. Under Domain Structure, click Deployments.
  6. On the right, under Deployments, click the Install button.
  7. Enter the path for the E-Business Suite Asserter war file as /opt/ebssdk.
  8. Select the ebs.war file and click Next to continue.
  9. Select Install this deployment as an application, and then click Next.
  10. Select the target server (for example, AdminServer) and then click Next.
  11. Accept the default values and click Finish.
  12. Click Activate Changes.