Integration Update 04/03/14:
An alternative Forms SSO method has been documented here:
https://philipnye.com/posts/oracle-ebs-r12-forms-sso-mk-ii/
Background
I was asked to look at the configuration for Forms SSO into Oracle E-business suite. They had updated from version 11 to version 12 and it wasn’t working with their old fsso.conf.
After some analysis, it seemed that the javascript on the login form was adding an additional value to the form before submitting.
The one on the left is with Javascript submit enabled, and on the right, with the onclick event disabled.
The subtle variation I can see is:
_FORM_SUBMIT_BUTTON
So, with a bit of Firebug magic, I tweaked the value of this to see if it was indeed the difference, and it was.
So I updated the fsso.conf with the additional static variable, and it all started working!
[forms-sso-login-pages] login-page-stanza = oracle-login-page [oracle-login-page] login-page = /OA_HTML/RF.jsp?function_id=1032925* login-form-action = * gso-resource = oraclesso argument-stanza = args-for-login-page-one [args-for-login-page-one] usernameField = gso:username passwordField = gso:password _FORM_SUBMIT_BUTTON = string:SubmitButton
EDIT (17/01/14):
It’s come to my attention that Oracle has introduced some new security features for CSRF amongst other things. This means that the if you follow the Oracle hardening guidlines, Javascript is necessary to make the login form work. Naturally this breaks the Forms SSO capabilities in WebSEAL.
The following settings were changed in the Oracle EBS Profiles to disable the need for javascript and the submission of a random string with a login:
OLD Settings:
Profile Name Set Value at Site Level
FND: Diagnostics N
FND Validation Level ERROR
FND Function Validation Level ERROR
Framework Validation Level ERROR
Restrict text input Y
The above profile settings are explained here:
http://appsdbastuff.blogspot.ae/2011/07/secure-configuration-of-oracle-e.html
By setting these profile parameters as follows prevents the Oracle EBS HTML Logon form requiring to submit the 8 character alpha-numeric dynamic string:
NEW Settings:
Profile Name Set Value at Site Level
FND: Diagnostics N
FND Validation Level NONE
FND Function Validation Level NONE
Framework Validation Level NONE
Restrict text input Y