Updating the E-Business Suite Asserter Configuration File
After you register the IAM E-Business Suite Asserter (EBS Asserter), you can configure the asserter configuration file to connect with IAM during authentication.
Starting from IAM E-Business Suite Asserter version 19.1.4-1.4.0 onward, the asserter contains a properties file called bridge.properties. This file is located inside the ebs.war file. You must update the information in the bridge.properties file, and then regenerate the ebs.war file, before deploying it to a WebLogic Server.
For E-Business Suite Asserter versions before 19.1.4-1.4.0 release, the war file might not contain the
bridge.properties file inside. You must create this file in a folder of the E-Business Suite Asserter's WebLogic server, update its content as described in step 3, save the file, and then set an environment variable, as in the following example: export ebs_property_file="/opt/ebssdk/bridge.properties"-
In the server where you downloaded the E-Business Suite Asserter zip file, navigate
to the location where you decompressed the
ebs.warfile. -
Using a zip utility, decompress the
ebs.warfile, locate thebridge.propertiesfile, and open the file for editing. -
Uncomment the following properties by removing the # from the beginning of each
line, and update their values as follows:
########################################################### ## SSO Bridge for E-Business Suite ########################################################### # Properties File app.url=https://ebsasserter.example.com:7002/ebs app.serverid=APPL_SERVER_ID_value ebs.url.homepage=https://ebs.example.com:8001/OA_HTML/OA.jsp?OAFunc=OANEWHOMEPAGE ebs.ds.name=visionDS ebs.user.identifier=username idcs.iss.url=https://identity.oraclecloud.com idcs.aud.url=https://idcs-example.identity.oraclecloud.com #post.logout.url=https://ebs.example.com:8001/OA_HTML/OA.jsp?OAFunc=OANEWHOMEPAGE wallet.path=[FULL_PATH_OF_THE_WALLET_FILE] whitelist.urls=https://ebs.example.com:8001/OA_HTML/RF.jsp,https://ebs.example.com:8001/OA_HTML/OA.jsp,https://ebs.example.com:8001/OA_HTML/BneApplicationService,https://ebs.example.com:8001/OA_HTML/jsp/fnd/close.jsp ebs.renew.session=true proxy.mode=true proxy.home.url=https://ebs.example.com:8001/OA_HTML/RF.jsp?function_id=1031198&resp_id=-1&resp_appl_id=0&security_group_id=0&lang_code=US #istore.pages=ibeCZzdMinisites.jsp,ibeCAcpSSOLoginR.jsp #idcs.user.identifier=email/username ###########################################################The following table provides the description for each
bridge.propertiesparameter and optional parameters supported by each EBS Asserter version.Parameter Description EBS Asserter Version app.urlThe URL and port number for the E-Business Suite Asserter application. 19.1.4 onward app.serveridCorresponds to the APPL_SERVER_ID value in the .dbcfile generated while registering the E-Business Suite Asserter.19.1.4 onward ebs.url.homepageThe URL address for the Oracle E-Business Suite home page. 19.1.4 onward ebs.ds.nameThe data source name to be created in the Oracle WebLogic Server where the E-Business Suite Asserter is deployed. 19.1.4 onward ebs.user.identifierOracle E-Business Suite field used to match the IAM username. Allowed values are username (representing the FND_USERS.USER_NAME column) or email (representing the FND_USERS.EMAIL_ADDRESS column). Ensure that the attribute chosen here has unique values in FND_USERS otherwise the login fails. 19.1.4 onward idcs.iss.urlIAM issuer URL. This value can be found in the IAM Discovery Doc endpoint. The default value is https://identity.oraclecloud.com. This value must match the Issuer value set in the IAM OAuth settings. See Updating OAuth Settings.19.1.4 onward post.logout.urlThis is an optional parameter. Uncomment this parameter so that E-Business Asserter redirects to this URL after logging the user out from the Single Sign-On. This value must match the value of the Post Logout Redirect URL parameter in IAM App Configuration. 19.1.4 onward wallet.pathThe full path of the wallet file, including the file name. 19.1.4 onward whitelist.urlsLists the URL E-Business Suite Asserter can accept as the requestUrlparameter value. If therequestUrlvalue doesn't match one of thewhitelist.urlsvalues, then the test scenario for SSO Using the E-Business Suite Asserter Direct URL with a Redirect Parameter fails.19.1.4 onward ebs.renew.sessionThis is an optional parameter. Use this parameter to control how the E-Business Suite Asserter manages the Oracle E-Business Suite session when the Oracle E-Business Suite cookie has expired. If you add this parameter to the bridge.propertiesfile, and set the value totrue, then the asserter refreshes the Oracle E-Business Suite Forms session after having reach the configured limit (ICX:Session Timeout). If the parameter is set tofalse, then after reaching the configured limit, the Forms session is invalidated closing all active Forms, however the Oracle E-Business Suite session in the browser will be active, allowing the user to reopen a new Forms session.19.2.1 onward proxy.modeThis is an optional parameter. Add this parameter to the bridge.propertiesfile, and set the value totrueto enable Oracle E-Business Suite Proxy User feature. Users trying to sign in as a proxy user, are redirected to the URL you provide in theproxy.home.urlparameter.19.3.3-1.7.0 onward proxy.home.urlThis attribute is mandatory if proxy.mode=true. After the user signs in to IAM, the EBS Asserter redirects the proxy user to this URL. Typically this URL is Oracle E-Business Suite's Switch User page. For example:https://ebs.example.com:8001/OA_HTML/RF.jsp?function_id=1031198&resp_id=-1&resp_appl_id=0&security_group_id=0&lang_code=US19.3.3-1.7.0 onward istore.pagesLists the comma-separated value of iStore pages E-Business Suite Asserter accepts. If the requestUrl matches one of the istore.pagesvalues, then user will be redirected to the requested iStore page post login. Add the iStore pages to the existing list ofistore.pages.19.3.3-1912170009 onward idcs.user.identifierThis is an optional parameter. The IAM user attribute used to match with
ebs.user.identifier. Allowed values are username (representing the username attribute in IAM), email (representing the email attribute in IAM), custom attribute name (representing the custom attribute of a user in IAM e.g:employee_no). If this value is not provided inbridge.properties, then it is defaulted to the value ofebs.user.identifier. Ensure that there is one-to-one mapping between theidcs.user.identifierattribute in IAM to theebs.user.attributeattribute inFND_USERSotherwise the login fails.Note: Ensure that the custom attribute used in
idcs.user.identifieris added to the user schema in IAM. The custom attribute feature is available in EBS Asserter version 20.1.3 onwards.19.3.3-1912170009 onward base.langThe Oracle Identity Cloud Service EBS Asserter supports the user's language configuration provided in EBS. If the
FND_OVERRIDE_SSO_LANGprofile option is enabled for a user in EBS, Asserter creates an EBS session based on the value of theICX_LANGUAGEprofile option of this user. If no language configuration is present for the users in EBS and the browser language needs to be overwritten across all the users of the application, thebase.langproperty can be set in thebridge.propertiesfile. For example, ifbase.langis set to US and the user does not possess any language-specific configuration in EBS, irrespective of the browser (with local languages) from which the user tries to sign in into EBS with Asserter, the EBS session is created in American English.Note: The
base.langconfiguration is relevant in case the EBS is enabled with multiple languages. If there's only one language enabled in EBS, the asserter creates the EBS session with the base installed language even without abase.langconfiguration.Oracle Identity Cloud Service release version -
Rebuild the
ebs.warfile and ensure it contains the updated version of thebridge.propertiesfile. The structure of theebs.warfile is as follows:META-INF/ MANIFEST.MF WEB-INF/ classes/ lib/ bridge.properties web.xml weblogic.xml