• Home
• App Integrations
• Single Sign-On Integrations
• JD Edwards SSO

JD Edwards SSO is a feature that enables easy and seamless Single Sign-On into your Oracle JD Edwards application instance authenticating against any of your existing identity source (Azure AD, LDAP, or any IDP).

As we have officially been recognized as a Global Modernized Oracle Partner Network (OPN) Partner, you can rest assured that all of our integrations on the Oracle Stack fulfill the highest competencies set by Oracle for their trusted advisors like miniOrange.

"miniOrange Oracle JD Edwards SSO connector enables Single Sign-On (SSO) between Oracle JD Edwards and any IDPs without the need to purchase and install Oracle Access Manager (OAM) and Oracle Internet Directory (OID) license."

JD Edwards SSO connector enables the Single Sign-On (SSO) integration between any Oracle application and IDPs (Identity Providers) like miniOrange, ADFS, Active Directory, Azure AD, Google, Okta, Onelogin, Ping Idenity, Centrify and many more. It also provide SSO support for web applications which do not provide support for federated Single Sign-On (SSO) protocol such as SAML or OAuth 2.0. SSO connector gives you the flexibility of extending your existing SSO integration to Oracle JD Edwards as well. This is possible due to its capability to act as a broker between multiple IdP's & your configured applications. This states that you can perform seamless SSO integration for Oracle JD Edwards with your existing authentication platform.

Oracle JD Edwards SSO (Single Sign-On) Solution : Authentication Flow

Prerequisites

1. Applications involved in the deployment

• JD Edwards 9.2+
• This is the application into which users will login via SSO.
• Admin access of JD Edwards EnterpriseOne Server Manager Management console will be required.
• miniOrange Identity Server(Only for On-Premise)
• On-Premise Identity Server which will redirect users to Azure Active Directory for authentication & set an authentication cookie.

2. Port Configuration

• miniOrange Proxy Server
• Ports 443/8443- HTTPS - should be accessible from end-users' machines (for reverse proxy URL).
• JD Edwards EnterpriseOne Server
• HTTP/HTTPS ports used for accessing the JD Edwards Applications should be accessible from the miniOrange Proxy Server.

Follow the Step-by-Step Guide given below for Oracle JD Edwards SSO (Single Sign-On)

1. Configure JD Edwards in miniOrange

• Cloud
• On-Premise

• Login into miniOrange Admin Console.
• Go to Apps and click on Add Applicaton button.



• In Choose Application Type click on Create App button in OAUTH/OIDC application type.



• Search for JD Edwards in the list, if you don't find JD Edwards in the list then, search for OAuth2/OpenID Connect and you can set up your application via OAuth2/OpenID Connect App.



• Enter the Client Name of your app.
• Copy the Redirect-URL from miniOrange SSO connector.
• Adjust time validity for the tokens.
• Then, click on Save.



• To get the Client id,Client secret, OAuth endpoints and scope, you need to edit the application which you have created in the previous steps.

You can edit Application by using the following steps:

• Go to Apps.
• Search for your app and Click on the edit in Action menu against your app.



• Click on Click here to get the miniOrange endpoints.



• Note down all the parameters (Client id,Client secret,OAuth endpoints and scopes). You will need this info while configuring JD Edwards with miniOrange.

OAuth endpoints:

Authorization Endpoint:	https://login.xecurify.com/moas/idp/openidsso (Note: Use this endpoint only if you want to use miniorange as oauth identity server.) https://login.xecurify.com/moas/broker/login/oauth/260174 (Note: Use this enpoint only if you are configuring any Identity Provider in Identity Providers Menu and not using miniorange as IDP.)
Token Endpoint:	https://login.xecurify.com/moas/rest/oauth/token
User Info Endpoint:	https://login.xecurify.com/moas/rest/oauth/getuserinfo
Introspection Endpoint:	https://login.xecurify.com/moas/rest/oauth/introspect
Revoke Endpoint:	https://login.xecurify.com/moas/rest/oauth/revoke
OpenID Single Logout Endpoint:	https://login.xecurify.com/moas/idp/oidc/logout?post_logout_redirect_uri=<YOUR-APP-LOGOUT-URL>




OAuth Scopes:

email:	View email address of the user
profile:	View profile attributes of the user account
openid:	Retrieve JWT token for OpenID Connect

• Once the prerequisites are in place, the miniOrange Identity Server will be installed on the miniOrange Application Server.
• The miniOrange Identity Server consists of 2 components - a reverse proxy, and the Identity Server.
• You can find the steps for deploying the miniOrange Identity Server here.

2. Configure SSO in JD Edwards EnterpriseOne

• Open EnterpriseOne Server Manager from a browser.
• Select your EnterpriseOne HTML Server instance.
• Select Network Settings from the Configuration section.



• Select the Enable Oracle Access Manager option.
• Click Apply.
• At the prompt, click the Synchronize button to synchronize the changes in all .ini files.
• Stop and restart the HTML server.

3. Configure nginx as the reverse proxy

• Install nginx from here.
• Go to <nginx-installation-base-directory>/conf, and open nginx.conf for editing.
• Create the following HTTP server:
# HTTPS server # server { listen 8100 ssl; server_name localhost; ssl_certificate "<path-to-ssl-certificate-pem>"; ssl_certificate_key "<path-to-ssl-rsa-key>"; error_page 401 = @error401; location @error401 { return 302 https://sso.example.com:8443/auth/sso; } # location specifies the context path of jdEdwards relative to the server FQDN location /<context-path-of-jdEdwards> { auth_request /auth; proxy_set_header Host $host; proxy_pass https://jde.example.com:443/<context-path-of-JdEdwards-app>; proxy_set_header MO_REMOTE_USER $cookie_MO_REMOTE_USER; add_header MO_REMOTE_USER $cookie_MO_REMOTE_USER; } location / { proxy_set_header Host $host; proxy_set_header MO-REMOTE-USER $host; proxy_pass https://jde.example.com:443/; } location /auth { proxy_pass https://sso.example.com:8443/auth/check; } }

4. Test Configuration

• Access your JD Edwards application at the nginx reverse proxy URL (e.g. https://jde.example.com:8100/<context-path>).
• You will now be redirected to your configured Identity Source.
• After successful authentication, you will be logged in to your JD Edwards application.