An Oracle blog about Access Management

  • December 3, 2012

E-Business Integration with SSO using AccessGate

Moving away from the legacy Oracle SSO, Oracle E-Business Suite (EBS) came up with EBS AccessGate as the way forward to provide Single Sign On with Oracle Access Manager (OAM). As opposed to AccessGate in OAM terminology, EBS AccessGate has no specific connection with OAM with respect to configuration. Instead, EBS AccessGate uses the header variables sent from the SSO system to create the native user-session, like any other SSO enabled web application.

E-Business Suite Integration with Oracle Access Manager

It is a known fact that E-Business suite requires Oracle Internet Directory (OID) as the user repository to enable Single Sign On. This is due to the fact that E-Business Suite needs to be registered with OID to for Single Sign On. Additionally, E-Business Suite uses “orclguid” in OID to map the Single Sign On user with the corresponding local user profile. During authentication, EBS AccessGate expects SSO system to return orclguid and EBS username (stored as a user-attribute in SSO user store) in two header variables USER_ORCLGUID and USER_NAME respectively.

Following diagram depicts the authentication flow once SSO system returns EBS Username and orclguid after successful authentication:

EBS AccessGate and OAM

Join the discussion

Comments ( 3 )
  • guest Monday, July 8, 2013

    I have couple of questions from the last line you have made in the blog:

    "If SSO System is using a different user store then:

    Use DIP or OIM to synch orclsguid from E-Business Suite OID to SSO user store

    Use OVD to provide an LDAP view where orclguid from E-Business Suite OID is part of the user entity in the user store referred by SSO System


    Q1) Is that mean if I have OAM authenticating against a thirdparty ldap(user store), should i include orclguid as one of the operational attribute in the third party ldap and sync the orclguid from OID to third party ldap?

    Q2)Note:1536941.1, section 7.Configuring Multiple Oracle E-Business Suite Instances.

    This note says that for enabling single-sign-on for multiple ebiz environments with ebiz accessgate, separate managed servers need to be created on ebiz accessgate weblogic instance. If i have 50 ebiz to be integrated, do i need to maintain 50 managed servers on the ebiz accessgate? is it practically feasible solution?


  • guest Tuesday, April 12, 2016

    It is not necessary. Each ebiz instance must have its own OAM agent created under single OAM managed server. Of course you need to make sure host server has enough resources to handle transaction volume.

  • Pete Thursday, April 28, 2016

    Sajeesh -

    My colleague came across your post, and the diagram does a wonderful job showing the flow through the eBS login process.

    Does this flow still apply to OAM (based on the date, I assume it was written for 11gR1) Any difference with eBS 12.2?


Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.