How to Deregister SSO/OID from Oracle Apps 11i/R12/12i

Your Oracle Apps 11i/R12/12i instance is currently integrated with Oracle Single Sign-On (SSO) & Oracle Internet Directory (OID) and you would like to remove integration (so that apps 11i/R12 instead of redirection to SSO, authentication happens at FND_USER).

Broad level steps to deregister apps (11i/R12) from SSO

1. Deregister Oracle Apps (11i/R12) from OID and SSO using
–> txkrun.pl -script=SetSSOReg -deregister=Yes

2. Remove any reference regarding SSO / OID from Oracle Apps (11i/R12)
–> txkrun.pl -script=SetSSOReg –removereferences=Yes

3. Change Profile Option at “Site level”
Application SSO Type” (APPS_SSO) -> Change it to “SSWA”
Application SSO Login Type” -> Change it to “Local”

4. Restart Services on Middle Tier

./adstpall.sh apps/apps_pass
./adstrtal.sh apps/apps_pass

5. Finally Reset password of all users whose ENCRYPTED_USER_PASSWORD is set to EXTERNAL

Identify users
SQL> select user_name , ENCRYPTED_USER_PASSWORD from fnd_user where ENCRYPTED_USER_PASSWORD=’EXTERNAL’;

and then reset password using (replace apps & sysyem password and VISION/WELCOME with username and user’s new password)

FNDCPASS apps/apps 0 Y system/manager USER   VISION  WELCOME

If you want only few users to login locally(default login method still SSO) then

1. Change Profile Option at User level
“Application SSO Type” (APPS_SSO) -> Change it to “SSWA”
“Application SSO Login Type” -> Change it to “Local”

2. Reset password of specific users  (If ENCRYPTED_USER_PASSWORD is set to EXTERNAL)

SQL> select user_name , ENCRYPTED_USER_PASSWORD from fnd_user where ENCRYPTED_USER_PASSWORD=’EXTERNAL’ and user_name like ‘&enter_User_Name’;

reset password using (replace apps & sysyem password and VISION/WELCOME with username and user’s new password)

FNDCPASS apps/apps 0 Y system/manager USER   VISION  WELCOME

3.Finally login using AppsLocalLogin URL

http(s)://hostname.domainname:port/OA_HTML/AppsLocalLogin.jsp

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

2 comments
Pavan Kumar says March 15, 2016

I have to implement the same use case of de-registering and allowing users back with their local password instead of SSO password. Is it possible? The query you have mentioned “FNDCPASS apps/apps 0 Y system/manager USER VISION WELCOME” resets the password of a single user. Is there any option of fetching the user’s local password.

Reply
    Atul Kumar says March 15, 2016

    @Pavan

    Q: I have to implement the same use case of de-registering and allowing users back with their local password instead of SSO password. Is it possible?
    A: Yes

    Q: Is there any option of fetching the user’s local password.
    A: You can’t fetch local password (I know there is way but don’t do that as this is security breach) , better reset their password after setting them from SSO to Local user

    Reply
Add Your Reply

Not found