Learn About Authenticating Oracle E-Business Suite with Oracle Identity Cloud Service Using the E-Business Suite Asserter

If you have an Oracle E-Business Suite instance, you can seamlessly authenticate with other applications that use Oracle Identity Cloud Service as their authentication mechanism using the Identity Cloud Service E-Business Suite Asserter component. This integration allows your Oracle E-Business Suite to participate in the single sign-on (SSO) provided by Oracle Identity Cloud Service.

To enhance security for the sign-in process, you can set up sign-in and identity provider policies, and configure multi-factor authentication. You can also enable adaptive security to provide strong authentication capabilities and risk analysis for your users across applications and Oracle E-Business Suite in Oracle Identity Cloud Service.

You have two options to integrate Oracle E-Business Suite with Oracle Identity Cloud Service. You can use the Identity Cloud Service E-Business Suite Asserter or you can rely on the App Gateway component. The Identity Cloud Service E-Business Suite Asserter option is used whenever your Oracle E-Business Suite environment has not been previously configured, through integration with Oracle Access Manager and Oracle E-Business Suite AccessGate, to deliver single sign-on.

Before You Begin

If your Oracle E-Business Suite is integrated with Oracle Access Manager, Oracle Internet Directory, E-Business Suite AccessGate, or uses any other SSO profile, then remove the integration between these components and Oracle E-Business Suite, and then restart the servers before using the Identity Cloud Service E-Business Suite Asserter.

Architecture

The Identity Cloud Service E-Business Suite Asserter is deployed to a separate Oracle WebLogic Server instance. The E-Business Suite Asserter interacts with Oracle Identity Cloud Service through Oracle Identity Cloud Service REST API and redirects the user's web browser to Oracle Identity Cloud Service and to Oracle E-Business Suite.

This architectural diagram shows how the E-Business Suite Asserter, Oracle E-Business Suite, and Oracle Identity Cloud Service interact.

Description of ebusiness-asserter-idcs-architecture.png follows

Description of the illustration ebusiness-asserter-idcs-architecture.png

The following diagrams show the login and logout flow when using the E-Business Suite Asserter to integrate Oracle E-Business Suite with Oracle Identity Cloud Service. These flow diagrams show the login and logout process starting with Oracle E-Business Suite, but the E-Business Suite Asserter approach also supports E-Business Suite Asserter and Oracle Identity Cloud Service initiated flow.

Description of login-flow-chart.png follows

Description of the illustration login-flow-chart.png

The user requests access to an Oracle E-Business Suite protected resource.
Oracle E-Business Suite redirects the user browser to the E-Business Suite Asserter application.
The E-Business Suite Asserter uses an Oracle Identity Cloud Service SDK to generate the authorization URL and then redirects the browser to Oracle Identity Cloud Service.
Oracle Identity Cloud Service presents its sign in page to the user.
The user submits credentials to Oracle Identity Cloud Service.
Oracle Identity Cloud Service issues an authorization code and redirects the user's browser to the E-Business Suite Asserter.
The E-Business Suite Asserter uses an Oracle Identity Cloud Service SDK to communicate with Oracle Identity Cloud Service to exchange the authorization code for an access token.
Oracle Identity Cloud Service issues an access token and an ID token to the E-Business Suite Asserter.
The E-Business Suite Asserter creates an Oracle E-Business Suite cookie and redirects the user's browser to Oracle E-Business Suite.
Oracle E-Business Suite presents the user requested protected resource.

The logout process described below refers to a user invoking logout from Oracle E-Business Suite. If the logout process is initiated in Oracle Identity Cloud Service, then only step 5 and 6 are executed.

Description of logout-flow-chart.png follows

Description of the illustration logout-flow-chart.png

The user selects to logout from Oracle E-Business Suite, requesting the /ebslogout URL.
Oracle E-Business Suite logs the user out and then redirects the user's browser to the E-Business Suite Asserter application.
The E-Business Suite Asserter uses an Oracle Identity Cloud Service SDK to obtain the Oracle Identity Cloud Service logout URL, and then redirects the user's browser to this URL
The user browser invokes the Oracle Identity Cloud Service logout URL.
Oracle Identity Cloud Service removes the user session and then redirects the user's browser to the E-Business Suite Asserter logout URL, which is defined in the application configuration.
The E-Business Suite Asserter logs the user out and redirects the user's browser to the Post Logout Redirect URL, which is defined in the application configuration.

About Required Services and Roles

An Oracle Identity Cloud Service administrator must be able to access the Oracle Identity Cloud Service console to download E-Business Suite Asserter and configure and activate applications.

You must have access to the following services and products:

Oracle Identity Cloud Service
Oracle E-Business Suite

You must have the following roles:

Role	Required to...
Oracle Identity Cloud Service: `Security administrator`	Access the Downloads page of the Oracle Identity Cloud Service console. From this page, you can download the Oracle Identity Cloud Service E-Business Suite Asserter.
Oracle Identity Cloud Service: `Application administrator`	Manage applications in Oracle Identity Cloud Service, which includes registering the sample mobile app with Oracle Identity Cloud Service.
Oracle E-Business Suite: `Server administrator`	Access the Oracle E-Business Suite installation folder, the Oracle WebLogic Server where you deploy the E-Business Suite Asserter, and the E-Business Suite Asserter machine as an operating system user.

See Oracle Products, Solutions, and Services to get what you need.