Often there used to be requirements in enterprises to configure SSO for multiple EBS instances whether it be Dev, UAT, Prod instances or multiple production environments using the same access manager.In such cases mutiple instances can be secured using one application domain,SSO agent and webgate.
Adding Policies to an existing WebGate and Application Domain
Follow the steps below to add the required policies for additional Oracle E-Business Suite integration to an existing WebGate and Application Domain.
- Change directories to <RREG_Home>/input.
- Create a new file named EBS_OAM_PolicyUpdate.xml or use the existing to serve as a parameter file to the oamreg tool. Below is a sample.
<?xml version="1.0" encoding="UTF-8"?>
<PolicyRegRequest>
<serverAddress>{protocol}://{oam_admin_server_host}:{oam_admin_server_port}</serverAddress>
<hostIdentifier>{Identifier for your existing WebGate}</hostIdentifier>
<applicationDomainName>{Identifier for your existing WebGate}</applicationDomainName>
</PolicyRegRequest>
- Replace {protocol} with either http, or https if the component has been SSL enabled.
- Replace {oam_admin_server_host} with the fully qualified name for your OAM host.
- Replace {oam_admin_server_port} with the weblogic administration server port (the SSL port if the Admin Server has been SSL enabled).
- Replace {Identifier for your existing WebGate} within both the <hostIdentifier> and <applicationDomainName> elements with the Identifier for your existing WebGate.
Create a new file named ebs.oam.conf to serve as URIs file to the oamreg tool.Change directories to <RREG_Home> and run the following command to add the new policies.
./bin/oamreg.sh policyUpdate input/EBS_OAM_PolicyUpdate.xml
When prompted for the admin username and password, enter the credentials for your Oracle Access Manager Administrator, by default user "web logic".
When prompted "Do you want to import an URIs file?(y/n)", enter "y".
Enter the full path for the URIs file that you just created as <RREG_Home>/input/ebs.oam.
The script should complete successfully with a Request summary. Login to the OAM console and check if the URIs are added for the new instance.
Configuring Access gate for multiple EBS Instances
The access gate can be deployed on dedicated managed server as eag_server1 protecting ebs_instance1, eag_server2 protecting ebs_instance2 or can be done on the same weblogic server with different context root.A unique name need to be used for each application deployment.For example: ebsauth_myEBS1, ebsauth_myEBS2.Also the deployment for each Oracle E-Business Suite environment is performed from a separate file system directory.For example: <MW_HOME>/appsutil/accessgate/
Below entry is required on the OHS with the webgate for redirecting to the corresponding access gate.
<Location /ebsauth_myEBS1>
SetHandler weblogic-handler
WebLogicHost eaghost.example.com
WebLogicPort 8099
</Location>
<Location /ebsauth_myEBS2>
SetHandler weblogic-handler
WebLogicHost eaghost.example.com
WebLogicPort 8099
</Location>
Cleanup for Logout from Oracle E-Business Suite
On the WebTier, locate the file oacleanup.html that you copied during Oracle E-Business Suite AccessGate installation to the /public subdirectory on your htdocs root directory.For example $ORACLE_INSTANCE/config/OHS/
Edit the file and replace CONTEXT_ROOT with the value of the context root for any deployment of Oracle E-Business Suite AccessGate protected by this WebGate. For example:
<script type="text/javascript" src='/ebsauth_myEBS/ssologout_
Search for the following line and add a callback for each additional logout callback.
function doLoad()
{
logoutHandler.addCallback('/ebsauth_myEBS/ssologout_callback');
logoutHandler.addCallback('http://webgatehost2.example.com:7780/ebsauth_myEBS2/ssologout_callback');
No comments:
Post a Comment