Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Allowing JNLP access to an application protected by APM/Oauth2

Olivier_Beytrison
Altostratus
Altostratus

‎02-May-2023 08:13

In order to protect a critical application (Oracle EBS), we went the AzureAD/OAuth2 pre-authentication way.

This mean that the users needs to have a valid M365 session in their browser to reach the application. They can then log in (again) and use the application.

The issue I'm facing is that Oracle EBS makes a large usage of java applications through JNLP. Once you download and launch the jnlp, the application doesn't start, because it cannot reach the application endpoint. This is caused by java not having the "oauth session" needed to access the application. the java application is actually redirected to the Microsoft login page. (The web-base application use the same url as the java applications. both uses for example https://my-ebs-app.organization.com/)

So I need a form of "App Tunnel" or ACL to allow thos JNLP to actually reach the application server for the users who have a valid oauth2 session. 

Any Idea on a solution to this issue ?

 

Labels:
0 Kudos
3 REPLIES 3

Leslie_Hubertus
Community Manager
Community Manager

‎04-May-2023 12:07

Hi @Olivier_Beytrison - hopefully someone from the community will answer first, but just in case nobody has helped by Monday, I'll feature your question in the weekly Highlights article in order to boost visibility to increase the chances someone will reply. 

0 Kudos

423685
Nimbostratus
Nimbostratus

‎24-May-2023 02:30 - last edited on ‎25-May-2023 09:37 by Community Manager

one possible solution to the issue you're facing is to use a reverse proxy or application gateway that can handle the authentication and forwarding of requests to the Oracle EBS application server. This allows you to establish a secure connection between the client and the reverse proxy, while the proxy handles the authentication and forwards the requests to the application server. 

Here's a high-level overview of how this solution could work:

  1. Set up a reverse proxy or application gateway (e.g., Nginx, Apache HTTP Server, Azure Application Gateway) in front of the Oracle EBS application server.

  2. Configure the reverse proxy to handle the authentication part using Azure AD and OAuth2. This typically involves configuring the proxy to validate the OAuth2 access tokens or session cookies from the M365 session.

  3. When a client tries to access the Oracle EBS application through the JNLP, they will be redirected to the reverse proxy for authentication.

  4. Once the client's M365 session is validated and authenticated, the reverse proxy can create a separate session or token specific to the Oracle EBS application.

  5. The reverse proxy then forwards the requests from the client to the Oracle EBS application server, including the necessary authentication information (e.g., session token) required by the Java applications in the JNLP.

    (Edited by Leslie Hubertus to remove spam link)

0 Kudos

F5_Design_Engineer
MVP
MVP

‎04-Jun-2023 18:49

Hi  @Olivier_Beytrison  , 

Could you please try and have a look at this F5 KB article which matches to your situation, please check if it helps:

K01781182: Not able to access Oracle ERP applications via BIG-IP APM.

https://my.f5.com/manage/s/article/K01781182

K01781182: Not able to access Oracle ERP applications via BIG-IP APM.

0 Kudos
Copyright © 2023 Khoros, LLC