certified approach for achieving this is through the deployment and integration with
Oracle Access Manager and either Oracle Internet Directory (OID) or Oracle
Unified Directory (OUD),
For SSO you need to deploy Access Manager, a Directory, a WebGate, an
AccessGate, and configure each to integrate with EBS
======================================================
Oracle EBS Single Sign On Profiles that matter most for Oracle EBS SSO Integration
are shown below.
EBS Release 12.2.x
EBS SSO URL http://ebs.example.com:8000/OA_
EBS Backdoor/Local Login http://ebs.example.com:8000/OA_
Application Authenticate Agent http://ebs.example.com:8000/acce
Applications SSO Type SSWA w/SSO
Applications SSO Auto Link User Enabled
Application SSO LDAP Synchronization Disabled
Applications Override SSO Server Language Override SSO Server Language
Applications SSO User Creation and Updation Allowed Enabled
Applications SSO Login Types BOTH
======================================================
Verify Oracle EBS SSO Profiles
The following profiles are very important for EBS SSO Functionality:
select fpot.user_profile_option_name,
fpov.profile_option_value,fpov.last_update_date,fu.user_name
from apps.fnd_profile_options fpo, apps.fnd_profile_options_tl
fpot, apps.fnd_profile_option_values fpov, apps.fnd_user fu
where fpo.profile_option_id = fpov.profile_option_id
and fpov.level_id=10001
and fpov.last_updated_by=fu.user_id
and fpo.profile_option_name=fpot.profile_option_name
and fpot.language='US'
and fpo.profile_option_name in(
'APPS_FRAMEWORK_AGENT',
'APPS_AUTH_AGENT',
'APPS_SSO',
'APPS_SSO_LOCAL_LOGIN',
'APPS_SSO_AUTO_LINK_USER',
'APPS_SSO_ALLOW_MULTIPLE_ACCOUNTS',
'APPS_SSO_USER_CREATE_UPDATE',
'APPS_SSO_LDAP_SYNC',
'APPS_SSO_LINK_TRUTH_SRC',
'FND_OVERRIDE_SSO_LANG')
order by 1;
======================================================
IMPORTANT URL’s
# https://www.ssogen.com/oracle-ebs-sso-ldap/
# https://blog.pythian.com/differences-between-r12-1-and-r12-2-integration-with-oam/
# Integrating Oracle E-Business Suite Release 12.2 with Oracle Access Manager
11gR2 (11.1.2) using Oracle E-Business Suite AccessGate (Doc ID
1576425.1)
# “Overview of Single Sign-On Integration Options for Oracle E-Business Suite (Doc
ID 1388152.1)”
======================================================
Why is Oracle EBS SSO important?
Users don’t have to remember dozens of passwords for Oracle e-Business Suite – 11i, 12.1, and
12.2.
Weak passwords in Applications are no longer allowed. Welcome123 and Oracle123 are the
most popular weak passwords in Oracle EBS.
Access to Oracle EBS is terminated instantly, when an employee/contractor leaves. This is a
requirement Audit requirement.
Passwords alone are not secure enough these days, multi-factor authentication is a must have
for Oracle EBS today.
Enforce user to change SSO password periodically to follow security guidelines.
Users don’t have to login multiple times, resulting in a better productivity and better user
experience.
EBS Password reset calls to Helpdesk would be greatly reduced, and Oracle EBS Support teams
are relieved.
IT Security Audits demand Single Sign On for Oracle EBS 11i, R12, and 12.2.
Users don’t have to remember Applications URLs anymore, as URLs change from time to time.
======================================================
Differences between the R12.1 and R12.2.
In R12.1, Oracle E-Business Suite is deployed on iAS 10.1.3 Oracle Containers for J2EE (OC4J).
But In R12.2 Oracle E-Business Suite is deployed on FMW 11g 11.1.1.6 (PS5), WebLogic Server
11g 10.3.6 (PS5).
In R12.1, EBS JDK 6.0_10 Oracle JRockit support Not Applicable to Oracle E-Business Suite 12.1
technology stack. But In R12.2 JRockit 1.6.0_22, JDK 1.6.0_21, Oracle JRockit JVM certified and
recommended on Linux and Windows. Target JDK 1.7.
In R12.1 Oracle Database Enterprise Edition from 10g to 11gR2. But In R12.2 Oracle Database
Enterprise Edition, 11g 11.2.0.3 with edition based redefinition.
In R12.1 Oracle JSP Compiler 10.1.3 is used.But In R12.2 WebLogic JSP Compiler 11g 10.3.6 is
use.
In R12.1 Apache 1.3.34 is used. But In R12.2 the new Apache 2.2 is using.
In R12.1 Java Object Cache 10.1.3 is used.But In R12.2 FMW 11g 11.1.1.6 is used.
In R12.1, Oracle JDBC Thin Drivers 11gR2 repackaged and delivered via Oracle E-Business Suite.
$OAD_TOP/*jdbc*.zip But In R12.2 Oracle JDBC Thin Drivers 11gR2 used directly from Fusion
Middleware installation. 11g iAS Ojdbc6dms.jar
In R12.1 Oracle SSL Libraries is used. But In R12.2 Java Secure Socket Extension (JSSE) is used.
Note: In both R12.1 and R12.2 common is Forms / Reports iAS 10.1.2 is used.
====================================================