Integrating Oracle E-Business Suite on Oracle Cloud Infrastructure Classic with Oracle Access Manager Using the EBS Cloud Admin Tool


Options



Before You Begin

Purpose

In this tutorial, you will use the EBS Cloud Admin Tool to integrate your Oracle Access Manager (OAM) and Oracle Internet Directory (OID) with your Oracle E-Business Suite installation running on Oracle Cloud Infrastructure Classic. OAM and OID may be running on-premises or on Oracle Cloud.

Time to Complete

A minimum of 20 minutes.

Background

The EBS Cloud Admin Tool automatically configures this integration for an environment created by either of the procedures described in the following Oracle by Example tutorials: Provisioning a New Oracle E-Business Suite Installation on Oracle Cloud Infrastructure Classic Using the EBS Cloud Admin Tool or Cloning Oracle E-Business Suite From On-Premises to Oracle Infrastructure Cloud Classic Using EBS Cloud Tools.

WebGate will be automatically provisioned as needed to the Oracle E-Business Suite Oracle HTTP Server (OHS) running in the Oracle E-Business Suite Application Tier VM.

We strongly recommend using an Oracle Cloud Virtual Private Network (VPN) solution when integration with an on-premises OAM and OID. For information regarding VPN options, see the "Oracle Cloud Infrastructure Networking Classic Offerings" on the Networking Classic page. If VPN is not utilized, then the on-premises OAM/OID must be made accessible to the Oracle E-Business Suite instance running on Oracle Cloud.

Certified Oracle E-Business Suite Release

The following release is certified for this integration.

Oracle E-Business Suite Release 12.2.3 or later, with the following patches:

Notes

What Do You Need?

To perform the steps in this tutorial, you need:

Process Overview

To integrate Oracle E-Business Suite with Oracle Access Manager (OAM) using Oracle E-Business Suite AccessGate, you must complete the following tasks:

  1. Validate connectivity requirements.
  2. Determine cloud service account details.
  3. Run the EBS Cloud Admin Tool to configure the integration of Oracle E-Business Suite with OAM and OID.
  4. Validate configuration was successful.

Note: Before you begin, record the OAM instance version (for example, 11.1.2.3) for later use.

Validating Connectivity Requirements

Open Ports Between Nodes

Note: The ports listed in this section and throughout this Oracle by Example tutorial are the default ports. Your configuration may differ if you have configured non-default ports.

The automation described in this tutorial will automatically create the security rules for the following:

  • Open HTTPS port 443 from Oracle E-Business Suite application tier node to EBS Cloud Admin Tools VM.
  • Open database port (e.g., port 1521) from the Oracle E-Business Suite database tier node to OID node.

When integrating Oracle E-Business Suite with Oracle Access Manager and Oracle Internet Directory, the following ports must be accessible between the various nodes:

  • Open port 22 from the EBS Cloud Admin Tools VM to OAM node.
  • Open OAM admin server port (e.g., port 7001) from the OAM node to the Oracle E-Business Suite application tier node.
  • Open OID LDAP port 3060 from the OID node to the Oracle E-Business Suite application tier node.
  • Open OID LDAP port 3060 from the OID node to the Oracle E-Business Suite database node.

If you are not using VPN, then the following ports must be accessible:

  • Open the OAM managed server port for end user login access.
  • Open the OAM proxy server port for end user login access.

Note: This access can be achieved by defining a security IP address list or security lists and security rules.

Set up SSH Between OAM and Oracle E-Business Suite Nodes

To set up SSH between OAM and the Oracle E-Business Suite nodes, see "Set Up Secure Shell Between Node" in the Oracle by Example tutorial Common Tasks for Oracle E-Business Suite on Oracle Cloud.

Determining Cloud Service Account Details

The EBS Cloud Admin Tool prompts you to enter cloud service account details, including the Compute Classic Service Instance ID as well as cloud service endpoints obtained when you provisioned your Oracle E-Business Suite instance.

Refer to the "Determine Cloud Service Account Details" section in the Oracle by Example tutorial Common Tasks for Oracle E-Business Suite in Oracle Cloud Infrastructure Classic to identify and record these account detals for later use.

  • Oracle Cloud Infrastructure Compute Classic REST Endpoint
  • Oracle Cloud Infrastructure Object Storage Classic REST Endpoint

Running the EBS Cloud Admin Tool to Configure the Integration of Oracle E-Business Suite with OAM and OID

In this section, you will use the EBS Cloud Admin Tool, ProvisionEBS.pl, to integrate your Oracle E-Business Suite environment running on Oracle Cloud with OAM and OID.

Note: If you have already deployed the EBS Cloud Admin Tool, you must ensure it is on the latest codeline by following the instructions in section "Update EBS Cloud Admin Tool to Latest Codeline" of the Oracle by Example tutorial Deploying the EBS Cloud Admin Tool to Oracle Cloud Infrastructure Classic.

  1. Log on to the EBS Cloud Admin Tool VM you provisioned, and switch from the opc user to the oracle user by running the following command:
    $ sudo su - oracle
  2. Set your current directory to /u01/install/APPS/apps-unlimited-ebs/.
    $ cd /u01/install/APPS/apps-unlimited-ebs/
  3. Start the EBS Cloud Admin Tool by running the following command:
    $ perl /u01/install/APPS/apps-unlimited-ebs/ProvisionEBS.pl
  4. On the first screen, choose option "3: Manage Environments":
    ===========================================
    Provision Oracle E-Business Suite - Options
    ===========================================
    
    Provision Oracle E-Business Suite - Enter Selection:
    1:  Create New Environment
    2:  Create Environment from Backup
    3:  Manage Environments
    4:  Administer Orchestration VM
    5:  Manage Oracle Storage Cloud Service (OSCS) Backups
    6:  Clean Up After a Failed Provisioning
    6:  Exit
    
    Enter your choice from above list:  3
  5. On the next screen, enter the Service Instance ID and REST endpoints identified in section "Determining Cloud Service Account Details," along with your credentials.
    The screen will show default values presented in brackets according to the values entered in the previous execution of the tool. If you do not enter a different response, the tool uses the default value.
    ==================================================================
    Provision Oracle E-Business Suite - Enter Oracle Cloud Credentials
    ==================================================================
    
    [Ctrl-B: Back, Ctrl-H: Main Menu]
    
    Oracle Compute Cloud Service Endpoint      [https://xxx.compute.us.oraclecloud.com]             : 
    Oracle Storage Cloud Service Endpoint      [https://xxx.storage.oraclecloud.com/v1/Storage-xxx] : 
    Oracle Cloud Compute Service Instance ID   [mycloudserviceid]                                   :
    Oracle Cloud Identity Domain               [myclouddomain]                                      : 
    Oracle Cloud Data Center Code (examples: em1, us2, ap3)       [em1]                             :
    Oracle Cloud User Name                     [john.smith@example.com]                             : 
    Oracle Cloud Password                                                                           :

    Note: The REST endpoints are used to identify the location of services at the site level within a data center. These endpoints are required in order to create the security artifacts associated with Oracle Compute Cloud instances (VMs). If the provisioning VM is located at a different site from your application tier VM (identified by the Compute Classic endpoint), you will be prompted to provide the provisioning VM REST endpoint, as seen below:

    Enter Oracle Compute Cloud Service Endpoint for Provisioning VM :
  6. Choose the Oracle E-Business Suite environment in which you want to integrate OAM.
    ================================================================
    Oracle E-Business Suite Manage Environments - Choose Environment
    ================================================================
    
    [Ctrl-B: Back, Ctrl-H: Main Menu]
    
    1:  myebsenv1
    2:  myebsenv2
    
    Choose installation from the above list: 1
  7. On the next screen, choose option "5: Configure Integrations."
    ===========================================
    Oracle E-Business Suite Manage Environments
    ===========================================
    
    Environment: myebsenv1
    
    [Ctrl-B: Back, Ctrl-H: Main Menu]
    
    1:  Clone Environment
    2:  Scale Environment
    3:  Delete Environment
    4:  Manage Backups
    5:  Configure Integrations
    6:  Refresh EBS From Backup
    
    Enter your choice: 5
  8. On the next screen, choose option "2: Integrating Oracle E-Business Suite with Oracle Access Manager (OAM)."
    =========================================================
    Integrations and Advanced Configurations - Enter Selection
    =========================================================
    
    Environment: myebsenv1
    
    [Ctrl-B: Back, Ctrl-H: Main Menu]
    
    1:  Integrate Oracle E-Business Suite with Oracle SOA Cloud Service
    2:  Integrate Oracle E-Business Suite with Oracle Access Manager (OAM)
    3:  Configure Oracle E-Business Suite Workflow Notification Mailer
    
    Enter your choice: 2
  9. Next, enter the Oracle E-Business Suite details for OAM integration:
    ===========================================================
    Oracle E-Business Suite OAM Integration - Enter EBS Details
    ===========================================================
    
    Environment: myebsenv1
    
    [Ctrl-B: Back, Ctrl-H: Main Menu]
    
    Enter APPS password for staged instance                           : <password>
    
    Enter WebLogic Server password for target instance                : <password>
    
    Enter AccessGate OAEA Managed Server Name (Default: oaea_server1) : oaea_server1
    Enter AccessGate OAEA Managed Server Port Number (Default: 6801)  : 6801
  10. Next, enter the OAM details:
    ===========================================================
    Oracle E-Business Suite OAM Integration - Enter OAM Details
    ===========================================================
    
    Environment: myebsenv1
    
    [Ctrl-B: Back, Ctrl-H: Main Menu]
    
    Enter OAM Instance Public IP                            : xx.xx.xx.xx
    Enter Full Path to Oracle Home of OAM instance          : /u02/oamsetup/fmwhome/oam/Middleware/Oracle_IDM1
    Enter Operating System user name of OAM Instance:       : oracle
    Enter Oracle WebLogic Server User Name for OAM Instance : weblogic
    Enter OAM Instance WebLogic Admin server port           : 7001
    Enter OAM Instance Managed server port                  : 14100
    Enter OAM Whitelist URL for OAM Console                 : http://xx.xx.xx.xx:nnnn
    Enter OAM console Password                              : <password>
    
    On OAM instance, did you upload the Public key pairing to Private key on Provisioning VM (Y/N)      : Y
    Enter Version of the OAM Instance                       : 11.1.2.3
    
    Select Weblogic connection protocol for OAM Instance    : 
    1:   t3
    2:   t3s
    
    Enter your choice: 2

    Note: Refer to section "6.1 Configure Transport Layer Security (TLS)" in My Oracle Support Knowledge Document 1576425.1, Integrating Oracle E-Business Suite Release 12.2 with Oracle Access Manager 11gR2 (11.1.2) using Oracle E-Business Suite AccessGate, to correctly configure TLS on Oracle E-Business Suite in OAM.

  11. On this next screen, enter the OID details:
    =======================================
    EBS OAM Integration - Enter IDM Details
    =======================================
    
    Environment: myebsenv1
    
    [Ctrl-B: Back, Ctrl-H: Main Menu]
    
    Enter Full Path to Oracle Home of IDM instance         : /u02/oidsetup/fmwhome/oid/Middleware/Oracle_IDM1 
    Enter Operating System user name of OID Instance       : oracle
    Enter OID username                                     : orcladmin
    Enter OID console Password                             : <password>
  12. Enter the LDAP details:
    ========================================
    EBS OAM Integration - Enter LDAP Details
    ========================================
    
    Environment: myebsenv1
    
    [Ctrl-B: Back, Ctrl-H: Main Menu]
    
    Enter Host IP address of LDAP instance                                       : 198.51.100.1
    Enter LDAP Instance port                                                     : 3060
    Enter LDAP Search Base (for example: cn=Users,dc=us,dc=oracle,dc=com)        : cn=Users,dc=compute-gededicatedpoc,dc=oraclecloud,dc=internal
    Enter LDAP Group Search Base (for example: cn=Groups,dc=us,dc=oralce,dc=com) : cn=Groups,dc=compute-gededicatedpoc,dc=oraclecloud,dc=internal
  13. The next screen displays the configuration details you entered. Review your entries and enter option "1: Yes" to confirm that you want to proceed with the configuration.
    ============================
    EBS OAM Integration - Review
    ============================
    
    Environment: myebsenv1
    
    [Ctrl-B: Back, Ctrl-H: Main Menu]
    
    OAM Instance Public IP                             : xx.xx.xx.xx
    Absolute Path of Oracle Home of OAM instance       : /u02/oamsetup/fmwhome/oam/Middleware/Oracle_IDM1
    Operating System user name of OAM Instance         : oracle
    OAM Instance weblogic user name                    : weblogic
    OAM Instance weblogic admin server port            : 7001
    OAM Instance Managed server port                   : 14100
    OAM Whitelist URL for OAM Console                  : http://xx.xx.xx.xx:nnnn
    Absolute path of Oracle Home of IDM instance       : /u02/oidsetup/fmwhome/oid/Middleware/Oracle_IDM1
    Operating System user name of OID Instance         : oracle
    OID username                                       : cn=orcladmin
    Host IP address of LDAP instance                   : 198.51.100.1
    LDAP Instance port                                 : 3060
    LDAP Search Base                                   : cn=Users,dc=compute-gededicatedpoc,dc=oraclecloud,dc=internal
    LDAP Group Base                                    : cn=Groups,dc=compute-gededicatedpoc,dc=oraclecloud,dc=internal
    OAEA Managed Server Name                           : oaea_server1
    OAEA Managed Server Port Number                    : 6801
    OAM Instance Version                               : 11.1.2.3
    Weblogic connection protocol                       : t3s
    EBS Environment Name                               : myebsenv1
    =====================================
    
    ==================================
    Proceed with selected action?
    ==================================
    Environment: myebsenv1
    
    1: Yes
    2: No
    
    Enter your choice: 1
  14. Next, perform fs_clone.
    1. Stop the oaea managed server on the run file system.
      $ admanagedsrvctl.sh stop oaea_server1
    2. Perform an fs_clone to synchronize the changes to your patch file system before you start the next Oracle E-Business Suite Release 12.2 Online Patching cycle.
    3. After running fs_clone successfully, restart the oaea managed server.
      $ admanagedsrvctl.sh start oaea_server1
  15. Next, if applicable, update the Security Rule with the public/private IP address for the OID VM. This step is only required if OID is deployed to Oracle Cloud Infrastructure Compute Classic after successful completion of steps 1-14 in this section.
    1. Navigate to the Oracle Compute Cloud Service console by following these steps:
      1. Sign in to the Oracle Cloud My Services application by navigating to https://cloud.oracle.com/sign-in.
      2. In the Cloud Account region, select the "Traditional Cloud Account" option in the account type drop-down list.
      3. Then, select your data center from the data center drop-down list.
      4. Click My Services.
      5. On the next screen, enter your identity domain. Click Go.
      6. Enter your sign in credentials. Click Sign In. This takes you to the Oracle Cloud My Services Dashboard.
      7. Click the menu button near the upper left corner of the Dashboard page to bring up the Navigation menu.
      8. Select Compute Classic to view the Compute Classic console.
    2. Then, select the Network tab > Security IP Lists.
    3. Search for the security IP list's name (for example, <myebs>-seciplist-oid).
    4. Click on the security IP list to display the Update Security IP List pop-up.
    5. Update the list with both the public and private IP addresses of your OID VM.
    6. Click Update to save your changes.
    7. To cross-check this, the SECIP lists would be attached to security rule <yourebs>-secrule-oam-db-listener-port.

Validating the Configuration

To validate the successful integration of OAM, log in to Oracle E-Business Suite using a client web browser. You should automatically be redirected to the OAM page.

After logging in, click Logout. The page should again redirect you to the OAM Login screen instead of the Oracle E-Business Suite "AppsLocalLogin.jsp" page.

Want to Learn More?

Change Log

Date Description
2019-04-24
  • Updated footer.
2018-06-29
  • Minor formatting enhancements.

2018-02-20

  • Updated screenshots and content in "Running the EBS Cloud Admin Tool to Configure the Integration of Oracle E-Business Suite with OAM and OID" for 18.1.1 release updates.
  • Changed section titled "Determining Cloud Service REST Endpoints" to "Determining Cloud Service Account Details." Updated section content.

2017-11-08

  • Made various updates in document to reflect updates in product/service name changes as well as UI updates.

2017-09-27

  • Updated screens in section "Running the EBS Cloud Admin Tool to Configure the Integration of Oracle E-Business Suite with OAM and OID" for 1.7.3 release.

2017-08-15

  • Updated "Before You Begin" section with new "Certified" subsection.
  • Updated various sections and EBS Admin Tool UI screens throughout document for 1.7.2 release.

2017-06-08

  • Updated screens in "Running the EBS Cloud Admin Tool to Configure the Integration of Oracle E-Business Suite with OAM and OID" section.

2017-05-02

  • Updated section "Running the EBS Cloud Admin Tool to Configure the Integration of Oracle E-Business Suite with OAM and OID" to include note about updating the EBS Cloud Admin Tool to the latest codeline.
  • Minor edits to "Opening Ports Between Nodes" section.
  • Updated to 03/28/17 OBE template.

2017-04-19

  • Updated Certified Oracle E-Business Suite and Database Releases table in Background section, changing references from AD-TXK Delta 8 to AD-TXK Delta 9.

2017-03-30

  • Updated table in "Background" by adding ExaCS.

2017-03-17

  • Updated titles of referenced OBEs.
  • Added "Determining Cloud Service Endpoints" section.

2017-03-06

  • Updated "Validating Connectivity Requirements" and "What Do You Need?" sections.

2017-03-03

  • Initial publication.