Is Oracle EBS SSO (single sign-on) possible without purchasing an OAM and OID license?_非侵入式套用SSO解決方案

根據國外論壇討論上，Oracle EBS原生是不提供關於SSO支援的。

Oracle E-Business Suite (EBS) 本身不支援單一登入 (SSO)，除非購買 Oracle Access Manager (OAM) 和 Oracle Internet Directory (OID) 的額外授權。

OAM 是 Oracle 的網頁訪問管理和用戶身份驗證解決方案，而 OID 是 Oracle 的 LDAP 目錄服務。

要在未購買 OAM 和 OID 授權的情況下為 Oracle EBS 實現 SSO，通常需要依賴第三方 SSO 解決方案或自定義開發。然而，Oracle 推薦且支持的方法是將 EBS 與 OAM 和 OID 整合來實現 SSO。

可以在不購買 OAM 和 OID 授權的情況下實現 Oracle EBS 單一登入 (SSO)。

一些第三方SSO供應商如 SSOGen、Okta 等

通過使用 Oracle EBS AccessGate 來實現這一點，但這需要購買 EBS AccessGate 模組。

這些解決方案提供者作為外部身份提供者 (IDP) 和 AccessGate 之間的中介，以實現 EBS SSO。

方案1.SSO Without OAM/OID License-「miniOrange」

一種不需要購買任何額外的 Oracle 模組來實現 SSO 的替代解決方案是來自 miniOrange。他們的解決方案直接與 Oracle EBS 集成，並作為外部 IDP 和 EBS 之間的中介。您可以在他們的網站上找到有關該解決方案的更多詳情。

Authentication flow for miniOrange Oracle EBS SSO (Single Sign-On) Authentication

Oracle EBS SSO solution by miniOrange allows enabling the Single Sign-On between Oracle EBS - 11i, 12.1, and 12.2.x and Active Directory, IDPs and directories without having to buy and install Oracle Access Manager (OAM) and Oracle Internet Directory (OID) license.

Oracle EBS SSO is an authentication solution that allows users to log in via LDAP authentication, AD passwords, or existing Identity Providers, instead of the Oracle E-Business Suite local password authentication. Oracle EBS SSO integration can be done with IDPs (Identity Providers) like miniOrange, Active Directory, Azure AD, Google, Okta, OneLogin, Ping Identity, Centrify, and many more. Here, the Oracle EBS SSO connector delegates the authentication to the SSO Server, which performs the authentication on behalf of Oracle EBS. EBS SSO connector gives you the flexibility of extending your existing SAML SSO integration to Oracle E-Business Suite as well. Oracle EBS SSO is strongly advised for better user experience and improved Security. Single Sign-On (SSO) is additionally a prerequisite for Oracle E-Business Suite IT Security Audits.




Setup SSO for Oracle EBS Integration - Complete IAM Solution

https://www.youtube.com/watch?v=Wn39QL4aj68&ab_channel=miniOrange

https://www.miniorange.com/iam/integrations/oracle-ebs-single-sign-on-sso

方案2.採用 IDCS(Oracle Identity Cloud Service) 的簡化架構

Oracle EBS integration with IDCS on left and with OAM/OID on right
https://oamoim.blogspot.com/2020/06/oracle-e-business-suite-ebs-integration.html

https://blogs.oracle.com/cloudsecurity/post/how-to-simplify-sso-to-oracle-ebusiness-suite-in-just-3-steps

無需使用 Oracle Access Manager (OAM) Access Gate 或 OAM 設定 。

Oracle E-Business Suite 即可與 Oracle Identity Cloud Service 整合Identity Cloud Service 。

E-Business Suite Asserter 取代了 OAM Access Gate 作為 Oracle E-Business Suite 的身份驗證機制。唯一需要部署的元件是 EBS 斷言器。它充當 IDCS 頒發的身份令牌與 EBS 中建立的使用者會話之間的介面。

什麼是 EBS 斷言者(EBS Asserter)？

• 是一個輕量級 Java 應用程序，稱為 Identity Cloud Service Asserter for E-Business Suite。
• 透過 E-Business Suite 斷言器，您可以為 Oracle e-Business Suite 和其他應用程式實作 SSO。 
• IDCS EBS 斷言器充當 IDCS 頒發的身份令牌與 EBS 中建立的使用者會話之間的介面。
• 它實際上是一個 war 文件，您需要將其部署到 WebLogic 伺服器上。
• 無需更改 Oracle e-Business Suite 環境中的設定。
• 需要使用安全通訊 (SSL/TLS) 部署在 WebLogic Server 12c 中

Ref:

3 Ways to Streamline Auth, Access & Security for Oracle EBS

https://securityboulevard.com/2023/05/3-ways-to-streamline-auth-access-security-for-oracle-ebs/

ADFS/AD for SSO with eBS

https://forums.oracle.com/ords/apexds/post/adfs-ad-for-sso-with-ebs-3472

How to Simplify SSO to Oracle eBusiness Suite in Just 3 Steps

https://blogs.oracle.com/cloudsecurity/post/how-to-simplify-sso-to-oracle-ebusiness-suite-in-just-3-steps

https://www.quora.com/Is-Oracle-EBS-SSO-single-sign-on-possible-without-purchasing-an-OAM-and-OID-license

Oracle EBSR12 integration with OAM OID for SSO

https://www.youtube.com/watch?v=zMEv1RDIrKo&ab_channel=FirozHussainKonidela

Integrate Oracle E-Business Suite (EBS) R12 with OAM/OID/OUD 12c (12.2.1.3.0) High level Steps

https://k21academy.com/oracle-ebs-oam-integration/integrate-oracle-e-business-suite-ebs-r12-with-oamoidoud-12c/

miniorange Oracle EBS SSO: Oracle E-Business Suite Single Sign-On Integration

https://www.miniorange.com/iam/integrations/oracle-ebs-single-sign-on-sso?utm_source=medium&utm_medium=medium&utm_campaign=oracle-ebs-single-sign-on-(sso)

Oracle EBS SSO Integration with Azure AD

https://miniorange.medium.com/oracle-ebs-sso-integration-with-azure-ad-ad9070c2b776

Microsoft Entra SSO integration with Oracle Access Manager for Oracle E-Business Suite

https://learn.microsoft.com/en-us/entra/identity/saas-apps/oracle-access-manager-for-oracle-ebs-tutorial

EBS ADFS SSO Integration

https://www.miniorange.com/iam/integrations/configure-oracle-ebs-adfs-sso

單一認證系統SSO與ADFS的整合應用

https://www.cc.ntu.edu.tw/chinese/epaper/0025/20130620_2509.html

使用 Microsoft Active Directory Federation Services (AD FS) 配置單一登入

https://www.ibm.com/docs/zh-tw/flashsystem-5x00/8.5.x?topic=css-configuring-single-sign-microsoft-active-directory-federation-services-ad-fs-5