How to enable SSO for Oracle EBS 12.2?
Oracle E-business Suite – EBS and LDAP SSO Integration is explained here with a simplified approach of SSOGEN SSO Solution. As Oracle EBS does not directly work with enterprise SSO such as Microsoft Active Directory Authentication, Single Sign On solution such as Oracle Access Manager – OAM or SSOgen is necessary to complete Oracle EBS Single Sign On with Microsoft Active Directory.
Oracle OAM and Oracle Single Sign On – OSSO 10g are the traditional Single Sign On options for Oracle EBS.
SSOgen is a modern, and NextGen Single Sign On solution that offers many benefits. Oracle EBS Authentication is greatly simplified with SSO Implementation, which allows users to perform SSO or Network ID or Active Directory Logins to Oracle EBS. SSOgen does not need need OID or OAM or IDCS to accomplish EBS SSO Integration.
EBS SSO Integrations – LDAP and SSO Gateway options
Read more about EBS SSO Integrations with Active Directory, other LDAP Servers, Okta SSO, Azure ADFS, Shibboleth, PING, and MFA
Oracle EBS LDAP SSO Integration procedure
Oracle EBS 12.2 SSO Integration is detailed here with step by step instructions. If this is the first time enabling SSO on EBS, the following patches need to be applied. Also, make sure that FS Clone is complete and online patching cycle is NOT active.
|Patch Name||Patch Number||Description|
|R12.2 EBS Patch||20735848|
|EBS AccessGate||24008856||Check 2202932.1 for the latest patch|
- SSOGEN Support team sends out customer specific scripts for the registration. Please upload ssogen.zip and ssogen_modules.zip to $NE_BASE/sso, and unzip ssogen.zip
- Oracle e-Business Suite AccessGate – EAG: fndauth.war deployment is now part of 12.2 WebLogic Domain itself, and it deployed to oaea_server1.
- SSO Registration: Enable SSO on all Web Nodes
- If there are DMZ/iSupplier nodes, please repeat the above step, with function dmzreg
- Bounce all EBS Services on Web Tiers and test the SSO logins.
- For deploying access gate, you may follow Oracle standard, adProvisionEBS.pl ebs-create-oaea_resources. However, deployag script does call the same script for your convenience
$ cd $NE_BASE/sso $ ls ssogen.zip ssogen $
If there are multiple Web Nodes configured for High Availability, the above script has to be run on all Web Tiers, with the node no# matching oaea_server#. For example:
Node1: ./ssogen .. deployag node1 Node2: ./ssogen .. deployag node2
Please use -managedsrvport flag to specify port number explicitly. For example: .
/ssogen .. deployag node1 -managedsrvport=6821
If deploag fails for any reason, please run undeployag to clean up the previous deployment, and run deployag to complete the deployment. This post-clone step may be necessary in some cases.
./ssogen ... undeployag ./ssogen ... deployag
Cleanup previous SSO LDAP references
Run Cleanup to register previous SSO/LDAP references in the databasae, FND_USER_PREFERENCES..etc
./ssogen ... cleanup
Register SSO with Oracle EBS
SSO Registration is the process in which EBS URL is registered with SSO for logins.
./ssogen ... reg
Example: ./ssogen EBSDEV DEV Welcome1 reg
Restart all Oracle EBS Services and test SSO Login at /OA_HTML/AppsLogin
- Undeploy Oracle e-Business Suite AccessGate – EAG on all Web Nodes
- Disable SSO on all Web Nodes
- If there are DMZ/iSupplier nodes, please repeat the above step, with function dmzdereg
./ssogen ... undeployag [node1|node2] ./ssogen ... dereg
Bounce all Oracle EBS Services on Web Tiers and check the logins.
Oracle E-Business Suite Release 12 Single Sign-On Profile Options
Oracle EBS Single Sign On Profiles that matter most for Oracle EBS SSO Integration are shown below.
|EBS SSO URL||http://ebs.example.com:8000/OA_HTML/AppsLogin|
|EBS Backdoor/Local Login||http://ebs.example.com:8000/OA_HTML/AppsLocalLogin.jsp|
|Application Authenticate Agent||http://ebs.example.com:8000/accessgate/|
|Applications SSO Type||SSWA w/SSO|
|Applications SSO Auto Link User||Enabled|
|Application SSO LDAP Synchronization||Disabled|
|Applications Override SSO Server Language||Override SSO Server Language|
|Applications SSO User Creation and Updation Allowed||Enabled|
|Applications SSO Login Types||BOTH|
Oracle EBS SSO Troubleshooting
Application SSO LDAP Synchronization profile may impact user creation process
ORA-20001: Unable to call fnd_ldap_wrapper.create_user due to following reason: Oracle Internet Directory is not registered correctly.
Please make sure that system profile Application SSO LDAP Synchronization is set to DISABLED. Also, ensure other SSO profile