02-May-2023 08:13
In order to protect a critical application (Oracle EBS), we went the AzureAD/OAuth2 pre-authentication way.
This mean that the users needs to have a valid M365 session in their browser to reach the application. They can then log in (again) and use the application.
The issue I'm facing is that Oracle EBS makes a large usage of java applications through JNLP. Once you download and launch the jnlp, the application doesn't start, because it cannot reach the application endpoint. This is caused by java not having the "oauth session" needed to access the application. the java application is actually redirected to the Microsoft login page. (The web-base application use the same url as the java applications. both uses for example https://my-ebs-app.organization.com/)
So I need a form of "App Tunnel" or ACL to allow thos JNLP to actually reach the application server for the users who have a valid oauth2 session.
Any Idea on a solution to this issue ?
04-May-2023 12:07
Hi @Olivier_Beytrison - hopefully someone from the community will answer first, but just in case nobody has helped by Monday, I'll feature your question in the weekly Highlights article in order to boost visibility to increase the chances someone will reply.
24-May-2023
02:30
- last edited on
25-May-2023
09:37
by
Leslie_Hubertus
one possible solution to the issue you're facing is to use a reverse proxy or application gateway that can handle the authentication and forwarding of requests to the Oracle EBS application server. This allows you to establish a secure connection between the client and the reverse proxy, while the proxy handles the authentication and forwards the requests to the application server.
Here's a high-level overview of how this solution could work:
Set up a reverse proxy or application gateway (e.g., Nginx, Apache HTTP Server, Azure Application Gateway) in front of the Oracle EBS application server.
Configure the reverse proxy to handle the authentication part using Azure AD and OAuth2. This typically involves configuring the proxy to validate the OAuth2 access tokens or session cookies from the M365 session.
When a client tries to access the Oracle EBS application through the JNLP, they will be redirected to the reverse proxy for authentication.
Once the client's M365 session is validated and authenticated, the reverse proxy can create a separate session or token specific to the Oracle EBS application.
The reverse proxy then forwards the requests from the client to the Oracle EBS application server, including the necessary authentication information (e.g., session token) required by the Java applications in the JNLP.
(Edited by Leslie Hubertus to remove spam link)
04-Jun-2023 18:49
Hi @Olivier_Beytrison ,
Could you please try and have a look at this F5 KB article which matches to your situation, please check if it helps:
https://my.f5.com/manage/s/article/K01781182