Integrate Oracle Apps (E-Business Suite) R12 with Oracle Access Manager (OAM) 11g for SSO

I discussed about support of EBS (Apps R12) integration with OAM 11g for Single Sing-on here, In this post I am going to cover high level steps to integrate Oracle Applications R12 with Oracle Access Manager 11g (for detailed analysis of EBS Access Gate, WebGate and what happens behind the scene including deploying Access Gate in High Availability check chapter 12 of my book OAM / OIM 11g for Administrators ).

High Level Steps for Oracle Apps R12 integration with OAM 11g

1. Install Oracle Access Manager 11g R1 (11.1.1.3) , check steps here  (OIM or SOA are optional component and not required for this integration)

2. Apply Patch BP02 (10368022) to Oracle Access manager and bring OAM to 11.1.1.3.2 using steps mentioned here

3. Install OID 11.1.1.3 (or higher) as mentioned here  (If you are installing OID 11.1.1.4 or 11.1.1.5 then do not use same MW_HOME as used by OAM else enterprise manager (EM) will fail to start)

4. Change Primary Identity Store of Oracle Access Manager from weblogic’s embedded LDAP server to Oracle Internet Directory (OID) as explained here

5. If you are on apps 12.1.1 then apply patch 8919489 & 9824524, for 12.0.6 apply patch 10220779 & 10257580, and for 12.1.2/12.1.3 apply patch 9454600

6.Install WebLogic server which will host E-Business Suite Access Gate and create weblogic domain (You can also use WebLogic Server used by OAM server). For steps on WebLogic Server Installation click here

7. Install OHS 11g server which will host webgate and also act as proxy server for WebLogic (via mod_wl_ohs), more on mod_wl_ohs here  (User will be redirected for authentication to this OHS server via profile option “Application Authenticate Agent” and  “Applications SSO Type“)

8. Create DBC file for machine hosting WebLogic server java oracle.apps.fnd.security.AdminDesktop <apps user>/<apps pwd> CREATE (If WebLogic server is hosted on same machine as R12 middle tier then you can use existing DBC file)

9. Download patch 10124068 (This patch contains Access Gate 1.1.0) on WebLogic Server machine and copy fndext.jar to weblogic’s $DOMAIN_HOME/lib directory and restart all servers running on weblogic domain.

10. Use ant -f txkEBSAuth.xml (xml file is part of 10124068) to deploy EBS Access Gate on weblogic domain created on step 6. This will deploy web application (war – Web Archive) and create JDBC in WebLogic server to connect to EBS database. (Web Application will contains login page OAMLogin.jsp)

11. Configure OHS (installed on step 7) to forward request to WebLogic server (installed on step 6) more steps to configure mod_wl_ohs here

12. Provision an Instance of 10g WebGate either using RREG or OAMConsole. For more information on RREG and registration using OAMConsole refer chapter 8 of my book OAM / OIM 11g for Admins or for 11g WebGate here (You can use either 10g webgate or 11g webgate, 10g Webgate is recommended for EBS R12)

13. Install 10g or 11gWebgate(depending on instance created in step 12) with OHS server (created on step 7)

14. Verify Authentication Modules, Schemes, Policies, Application Domain, Public and Protected Resource as explained in MOS Note 1309013.1 . For more information on these components of OAM, refer chapter 6 of book OAM/OIM 11g for Admins

15. Configure Profile Option  “Application Authenticate Agent” & “Applications SSO Type” for EBS R12

16.Configure EBS-OID synchronization (OID to EBS, EBS to OID or both using option provisiontype)

$FND_TOP/bin/txkrun.pl \
-script=SetSSOReg \
-registerinstance=yes \

and

$FND_TOP/bin/txkrun.pl \
-script=SetSSOReg \
-registeroid=yes \

17. Configure Log Out for EBS

18. Test Login to EBS (using user/password in OID) and Logout

We provided a dedicated module for Troubleshooting where we cover Logging in WebGate, OHS, EBS Accessgate, DIP, OAM, and OID in our EBS-OAM/OID Integration Training , more about training here

If you have not yet downloaded FREE eBook – 7 Docs every Oracle Apps DBA must read for EBS R12 integration with OAM/OID for SSO get a copy in your eMail.

banner__

Share This Post with Your Friends over Social Media!

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Oracle Gold Partner specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

79 comments
cutestgirl.mittal8 says June 30, 2011

DEAR SIR

I HAVE TO REQUIRE HELP REGARDING ORACLE APPS IN FUNCTIONAL AS WELL AS TECHNICAL SIDE.PLEASE DO SOME HELP.

Reply
vprvelu says July 4, 2011

Hi Atul,

Is it possible to integrate Oracle entitlement server & EBS ?

If possble kindly give me the integration path.

Thanks,
vprvelu

Reply
Ramasamy says July 31, 2011

Atul,

For integrating Oracle EBS R12(12.1.3) with Oracle Access Manager (OAM) 11g (11.1.1.3) for SSO using AccessGate), during the RCU install, do we need to select any schema other than OID (ODS)?

Thanks
Ramasamy

Reply
Atul Kumar says August 1, 2011

@Ramasamy,
You should select OAM schema (OAM policies will be stored in this schema). OID schema can be installed during domain configuration stage as well.

Reply
Atul Kumar says August 1, 2011

@vprvel,
I have not seen any OES integration with EBS yet (Though Fusion Apps uses OES for authorization)

More on Fusion Applications http://onlineappsdba.com/index.php/2011/06/15/install-oracle-fusion-applications-in-10-steps/

Reply
Ramasamy says August 1, 2011

Atul,

As part of integrating Oracle EBS R12(12.1.3) with Oracle Access Manager (OAM) 11g (11.1.1.3) for SSO using AccessGate, do we need to install/configure “Oracle WebCache” also as part OHS?

Thanks
Ramasamy

Reply
Atul Kumar says August 1, 2011

@ Ramasamy ,
Webcache is not required just OHS is enough.

Reply
Ramasamy says August 29, 2011

When I run the oamreg.sh, I am getting the following error:
Aug 27, 2011 11:23:05 PM oracle.security.am.engines.rreg.common.HTTPProtocolHandler sendRequest
SEVERE: HTTP Post Method failed.HTTP/1.1 500 Internal Server Error in main program… The remote registration process did not succeed! Please find the specific error message be low. HTTP Post Method failed: HTTP/1.1 500 Internal Server Error
Aug 27, 2011 11:23:05 PM oracle.security.am.engines.rreg.client.RegClient main
SEVERE: Exception encountered: RemoteAgentRegistrationException. Specific exception:HTTP Post Method failed: HTTP/1.1 500 Internal Server Error oracle.security.am.engines.rreg.common.RemoteAgentRegistrationException: HTTP Post Method failed: HTTP/1.1 500 Internal Server Error

I also noticed from the oamconsole, I could see the Agent Name under Policy configuration, but I am not seeing anything under System Configuration…

Any idea how to resolve this issue?

Thanks
Ramasamy

Reply
Atul Kumar says August 29, 2011

@ Ramasamy,
What is error message in $DOMAIN_HOME/servers/AdminServer/logs ?

Do you see any new logs generated under $DOMAIN_HOME/servers/oam_server1/logs ?

Reply
Ramasamy says August 29, 2011

I am not seeing any entries in oam_server1 logs except the startup..

In the AdminServer logs, following messages are noticed.

[2011-08-28T23:13:44.005-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Returning string : APPSDBA_hrtest:null
[2011-08-28T23:13:44.006-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] hosts string : APPSDBA_hrtest:null
[2011-08-28T23:13:44.006-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Setting hosts : 1
[2011-08-28T23:13:44.006-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Returning attributes : [oracle.security.jps.internal.policystore.info.AttributeEntryImpl@14dc14dc, oracle.security.jps.internal.policystore.info.AttributeEntryImpl@10cb10cb, oracle.security.jps.internal.policystore.info.AttributeEntryImpl@6fdb6fdb]
[2011-08-28T23:13:45.097-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Created HostIdentifier : Host Identifier name=”APPSDBA_hrtest”, id=”a53fecdf662f747b29d912bb38b2d5fae”, desc=”Host Identifier created for agent during Remote Registration”, hostList=”[Host hostName:=”APPSDBA_hrtest”, port=null”]”
[2011-08-28T23:13:45.395-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Returning Host Identifier Store : oracle.security.am.common.policy.admin.provider.oes.OESHostIdentifierStore@57855785
[2011-08-28T23:13:45.428-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Hosts string : APPSDBA_hrtest:null
[2011-08-28T23:13:45.429-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Returning host list : [Host hostName:=”APPSDBA_hrtest”, port=null”]
[2011-08-28T23:13:45.444-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Returning Host Identifier Store : oracle.security.am.common.policy.admin.provider.oes.OESHostIdentifierStore@57855785
[2011-08-28T23:13:45.474-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Hosts string : APPSDBA_hrtest:null
[2011-08-28T23:13:45.474-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Returning host list : [Host hostName:=”APPSDBA_hrtest”, port=null”]
[2011-08-28T23:13:45.475-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Got Host Identifiers : [Host Identifier name=”APPSDBA_hrtest”, id=”a53fecdf662f747b29d912bb38b2d5fae”, desc=”Host Identifier created for agent during Remote Registration”, hostList=”[Host hostName:=”APPSDBA_hrtest”, port=null”]”]
[2011-08-28T23:13:45.489-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Returning Host Identifier Store : oracle.security.am.common.policy.admin.provider.oes.OESHostIdentifierStore@57855785
[2011-08-28T23:13:45.519-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Hosts string : APPSDBA_hrtest:null
[2011-08-28T23:13:45.520-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Returning host list : [Host hostName:=”APPSDBA_hrtest”, port=null”]
[2011-08-28T23:13:45.521-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Got Host Identifiers : [Host Identifier name=”APPSDBA_hrtest”, id=”a53fecdf662f747b29d912bb38b2d5fae”, desc=”Host Identifier created for agent during Remote Registration”, hostList=”[Host hostName:=”APPSDBA_hrtest”, port=null”]”]
[2011-08-28T23:13:45.535-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Returning Host Identifier Store : oracle.security.am.common.policy.admin.provider.oes.OESHostIdentifierStore@57855785
[2011-08-28T23:13:45.565-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Returning string : hrtest.hr.gsa.gov:7777;APPSDBA_hrtest:null
[2011-08-28T23:13:45.900-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Modified Host Identifier : Host Identifier name=”APPSDBA_hrtest”, id=”a53fecdf662f747b29d912bb38b2d5fae”, desc=”Host Identifier created for agent during Remote Registration”, hostList=”[Host hostName:=”APPSDBA_hrtest”, port=null”, Host hostName:=”hrtest.hr.gsa.gov”, port=7777″]”
[2011-08-28T23:13:45.951-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] returning Application Domain Store : oracle.security.am.common.policy.admin.provider.oes.OESApplicationDomainStore@de60de6
[2011-08-28T23:13:48.115-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXnzqEkJgGDEv1Fw1EMk9F00000o,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042] Returning created appDomain : ApplicationDomain name=”APPSDBA_WebGate”, id=”a422ecaabb9de421592728ee94c425401″, desc=”Application Domain created through Remote Registration”,
[2011-08-28T23:13:48.182-04:00] [AdminServer] [NOTIFICATION] [DFW-40101] [oracle.dfw.incident] [tid: [STANDBY].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXpAMEkJgGDEv1Fw1EMk9F00000p,0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000044] [arg: [problemKey=BEA-101020 [HTTP][java.lang.NullPointerException].incidentSource=SYSTEM incidentTime=Sun Aug 28 23:13:48 EDT 2011 errorMessage=BEA-101020 executionContextId=69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042]] An incident has been signalled with the incident facts: [problemKey=BEA-101020 [HTTP][java.lang.NullPointerException] incidentSource=SYSTEM incidentTime=Sun Aug 28 23:13:48 EDT 2011 errorMessage=BEA-101020 executionContextId=69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000042]
[2011-08-28T23:13:51.174-04:00] [AdminServer] [NOTIFICATION] [DFW-40104] [oracle.dfw.incident] [tid: [STANDBY].ExecuteThread: ‘2’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JXpAMEkJgGDEv1Fw1EMk9F00000p,0] [errid: 4] [detailLoc: /u76/oracle/sso/oam/user_projects/domains/appsdba_oam/servers/AdminServer/adr/diag/ofm/appsdba_oam/AdminServer/incident/incdir_4] [probKey: BEA-101020 [HTTP][java.lang.NullPointerException]] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-0000000000000044] incident 4 created with problem key “BEA-101020 [HTTP][java.lang.NullPointerException]”
[2011-08-28T23:15:08.061-04:00] [AdminServer] [NOTIFICATION] [OAM-400017] [oracle.oam.admin.console.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8^uEkJgGDEv1Fw1EMk9F00000w,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004c] Entered authenticated case
[2011-08-28T23:15:08.065-04:00] [AdminServer] [NOTIFICATION] [OAM-400014] [oracle.oam.admin.console.policy] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8^uEkJgGDEv1Fw1EMk9F00000w,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004c] Entered access allowed case
[2011-08-28T23:15:09.512-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] returning Application Domain Store : oracle.security.am.common.policy.admin.provider.oes.OESApplicationDomainStore@de60de6
[2011-08-28T23:15:09.559-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] Returning App Domain : ApplicationDomain name=”APPSDBA_WebGate”, id=”a422ecaabb9de421592728ee94c425401″, desc=”Application Domain created through Remote Registration”,
[2011-08-28T23:15:09.560-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] Application Domain List : [ApplicationDomain name=”APPSDBA_WebGate”, id=”a422ecaabb9de421592728ee94c425401″, desc=”Application Domain created through Remote Registration”, ]
[2011-08-28T23:15:09.566-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] Returning Host Identifier Store : oracle.security.am.common.policy.admin.provider.oes.OESHostIdentifierStore@57855785
[2011-08-28T23:15:09.582-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] Hosts string : hrtest.hr.gsa.gov:7777;APPSDBA_hrtest:null
[2011-08-28T23:15:09.582-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] Returning host list : [Host hostName:=”hrtest.hr.gsa.gov”, port=7777″, Host hostName:=”APPSDBA_hrtest”, port=null”]
[2011-08-28T23:15:09.582-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] Got Host Identifiers : [Host Identifier name=”APPSDBA_hrtest”, id=”a53fecdf662f747b29d912bb38b2d5fae”, desc=”Host Identifier created for agent during Remote Registration”, hostList=”[Host hostName:=”hrtest.hr.gsa.gov”, port=7777″, Host hostName:=”APPSDBA_hrtest”, port=null”]”]
[2011-08-28T23:15:09.597-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] Returning Authentication Scheme Store : oracle.security.am.common.policy.admin.provider.oes.OESAuthenticationSchemeStore@20cb20cb
[2011-08-28T23:15:09.598-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] Got Authentication Schemes : []
[2011-08-28T23:15:09.598-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] Returning Resource Type Store : oracle.security.am.common.policy.admin.provider.oes.OESResourceTypeStore@40e040e
[2011-08-28T23:15:09.598-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] Returning Resource Types : []
[2011-08-28T23:15:09.600-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] Returning Resource Type Store : oracle.security.am.common.policy.admin.provider.oes.OESResourceTypeStore@40e040e
[2011-08-28T23:15:09.608-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] Returning Host Identifier Store : oracle.security.am.common.policy.admin.provider.oes.OESHostIdentifierStore@57855785
[2011-08-28T23:15:09.614-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] Returning Resource Store : oracle.security.am.common.policy.admin.provider.oes.OESResourceStore@29202920
[2011-08-28T23:15:09.620-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] Returning Policy Store : oracle.security.am.common.policy.admin.provider.oes.OESPolicyStore@738f738f
[2011-08-28T23:15:09.620-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] Returning policy list : []
[2011-08-28T23:15:09.620-04:00] [AdminServer] [NOTIFICATION] [] [oracle.oam.engine.policy] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 0000J8JY8lTEkJgGDEv1Fw1EMk9F00000z,0] [APP: oam_admin#11.1.1.3.0] [dcid: 69190c8c3f9c7cdc:57aed145:13213820637:-8000-000000000000004f] Returning Policy Store : oracle.security.am.common.policy.admin.provider.oes.OESPolicyStore@738f738f

Reply
dvp says November 16, 2011

Hi Atul!
Is it possible to implement WNA (windows native authentication) for Oracle Apps (E-Business Suite) R12 with Oracle Access Manager (OAM) 11g integration? I find only “Bug 12416726: USE OF WNA IN OAM11G-EBS INTEGRATION” which look like “Enhancement request”. It is not impossibe now?

Reply
Atul Kumar says November 16, 2011

@ DVP,
check with Oracle support about certification . Technically you need to configure OAM with EBS and then OAM with WNA steps here http://download.oracle.com/docs/cd/E21764_01/doc.1111/e15740/wna.htm#sthref248

Reply
dvp says November 17, 2011

Some confusion about User-Identity Data Store in http://download.oracle.com/docs/cd/E21764_01/doc.1111/e15740/wna.htm#sthref248 and “How To Set Up Windows Native Authentication (WNA) With Oracle Access Manager 11g ? [ID 1175190.1]” also.

I was setup WNA according Note 1175190.1, except “Register Microsoft Active Directory as a User-Identity Data Store” because OID is User Data Source for OEBS. Also I was needed to set OID Data Source as Default Store

Reply
dvp says November 17, 2011

One more question about WNA:
In Oracle SSO 10g retrieving user login !!with domain!! and then search it in OID by krbPrincipalName.

In OAM 11g retrieving user login !!without domain!! and then search it in OID by uid.

Problem if there are many trust different AD domain with same user account, for exapmple johndoe@oracle.com and johndoe@sap.com. It will be identified by OAM as johndoe.

Question: How to setup OAM (KerberosScheme?) to retrieve from ticket user login WITH DOMAIN NAME ?

Reply
oamadminuser says November 27, 2011

Hello,
I am attempting to use OAM 11g with WNA and Kerberos tickets to achieve “zero-sign on” for E-Business R12. I’ve followed the FMW Integration Guide for OAM 11g, Chapter 7 Configuring OAM to use WNA (basis of Note 1175190.1), which ends with “confirm that access is granted with no additional login”.

If an E-Business user is not challenged by a login prompt, how does the system determine the responsilibites for that user? There must be some way to authorize the authenticated user that seems to be missing from these instructions.

Attempting to login to R12 now gives GUID=NOT_FOUND. I’ve heard that an attribute called orclguid is used associate logins across WNA, OID and E-Business’s FND_USER table, but where is this described? How is it implemented? Any comments appreciated.

TIA,

Reply
Atul Kumar says November 27, 2011

@ oamadminuser,
I have not tried WNA with EBS R12 using OAM 11g myself but this is how it should work (in theory)

a) EBS Integrated with OID
b) OAM integrated with OID
c) EBS integrated with OAM
d) OAM configured with WNA

If user already logged in to domain (AD) but without valid OAM cookie try to accept EBS, EBS should then redirect user to webgate protected by OAM . WebGate should then forward user to OAM for validate. OAM will see that this user has kerberos ticket so will create OAM session.

It will create cookie and pass it on to webgate. WebGate will then forward request to EBS AccessGate which will do identity assertion (as this stage AccessGate will take userid and GUID from OID) and validate it against EBS .

If user with same GUID matches then will create ICX session (in EBS), if user id matches in EBS but no GUID then it (EBSAccessGate) will update GUID column in FND_USER table .

Now if you are hitting GUID error then check if authorisation/authentication policy for EBS resources is configured (via Response tab) to return GUID attribute.

Reply
newbie says December 1, 2011

@oamadminuser,

EBS requires OID as identity store, where as WNA requires the identity store to be AD. Since your OAM is integrated with AD (for WNA), EBS doesn’t get GUID to map OAM user with EBS user and hence it fails.

Were you able to make this solution work? If yes, how?

Reply
dvp says December 2, 2011

> WNA requires the identity store to be AD
It is not true.
OID must be default User Store for OAM.
WNA only get Client principal name from Kerberos Ticket and then OAM run search by this name in the DEFAULT User Store (OID) by specified attribute (uid). Then linked to FND via orclguid – user_guid

Reply
oamadminuser says December 5, 2011

Hi DVP, Yes we found that out last week as well: Set OID as Default Store in OAM.

Also we changed User Attribute Name in that default store to orclsamaccountname, but for some reason at our site, orclsamaccountname is provisioned as “DEV.DOMAIN.COM$myusername”. I had to change that to just “myusername” to get the zero sign on to work.

Reply
oamadminuser says December 7, 2011

Hello,
After integrating 11g OID/OAM/Webgate with an E-Business R12 for Single SignOn, how can an additional E-Business Suite instance be integrated to the same 11g Fusion Middleware instance (instead of building a fresh set of OID/OAM/Webgate) ?

As I see it, the minimum steps would be,
1. Register E-Business with OID (txkrun.pl –script = SetSSOReg)
2. Create a new “instance” in OHS with config.sh
3. From the ORACLE_HOME/new_instance run oamreg.sh to create host_id, agent, and protexted/public resources
4. Run deploywebgateInstance.sh
5. Create desktop dbc file in R12 midTier and copy to Access Gate server
6. Create DSN and deploy Access Gate with ant –f txkEBSAuth.xml
7. Create Authentication Scheme with Challenge url

Is this feasible or would a new installation of the 11g Middleware be required? Ultimately we want to zero signOn to both R12 instances from the same Middleware server.

Thanks,

Reply
Atul Kumar says December 7, 2011

oamadminuser,
Second OID/OAM is not required, you can configure multiple EBS to same OID/OAM.

You could use steps mentioned by you (+ additional step to deploy accessGate with new context root + log out configuration).

You can also skip OHS/WebGate and use existing webgate/ohs for new EBS (but with new context root).

Note: If you are using existing OHS/WebGate then you must create application domain, authentication policy, protected and pulic resource manually (similar to one you have created for first EBS but with different context root ebsauth_xxxxx

Reply
syadav says January 6, 2012

Guys,

we wanted to integrate EBS 11.5.10.2 with OAM 10g using Windows Native Authentication also we need to integrate OBIEE 10g with OAM 10g .

Currently we dont have any OID or SSO configuration. we are just having simple 2 Node 11.5.10.2

Pls.share the document or approach if possible.

Thanks
Sandeep

Reply
Atul Kumar says January 8, 2012

@ Sandeep,
OID is mandatory for EBS integration with OAM for SSO. Integrate EBS with OAM and OAM with AD for Native Authentication.

Reply
Sean says January 13, 2012

Hello Atul,
I’d like to comment on No3. The EM is the domain wise. If the OID’s domain and OAM’s domain have been created in different WLS domains, there should be no problem to share the same MW_HOME.

Thanks,

Sean

Reply
Atul Kumar says January 15, 2012

@ Sean,
In theory you are correct but if weblogic version is higher (10.3.4) and OAM is lower (11.1.1.3) then I’ve had issues starting EM

If you keep all three on same version, OID 11.1.1.3, OAM 11.1.1.3 and WebLogic 10.3.3 or OID 11.1.1.5, OAM 11.1.1.5 and WebLogic 10.3.5 then EM should be fine.

This is my personal experience though Oracle documentation my differ

Reply
Sean says January 30, 2012

Hello Atul,
I wonder if you have done the integration of EBS R12 with OAM 11.1.1.5.1?
I have completed the integration per note 1309013.1. The EBS’ access works fine and the global logout does the SSO log out, because new access to EBS will be challenged by the credential. However, the logout page is creahed with page no found error. Apparently it was redirected to OAM server page instead of EBS page. Not sure if you had had the same problem. I have gone through the troubleshot note [ID 1077460.1] and the problem stays. I have also had the SR open with Oracle. So far no progress.

Thanks,
Sean

Reply
Atul Kumar says January 30, 2012

@ Sean,
Yes I have done it for 11.1.1.5.1 and logout works fine for me and redirects back to OAMLogin.jsp

Did you follow all steps in metalink note you mentioned ?

This is also covered in our eBook

http://onlineappsdba.com/index.php/book/

Reply
Sean says January 30, 2012

Thanks Atul,
Does the EBS logout redirect to OAM login page instead of EBS login? My impression from oracle publications is to EBS login.
Yes, I have followed the Oracle note.
In you ebook, what webgate version, is 11g or 10g? and OAM 11.1.1.3 or 11.1.1.5? I may be interested in if webagete 10g and oam11.1.1.5 were used.

Thanks,
Sean

Reply
Atul Kumar says January 30, 2012

@ Sean,

Q: Does the EBS logout redirect to OAM login page instead of EBS login?

A: No, it redirects to OAM login page i.e. /ebsauth_[]/OAMLogin.jsp

Q: In you ebook, what webgate version, is 11g or 10g? and OAM 11.1.1.3 or 11.1.1.5? I may be interested in if webagete 10g and oam11.1.1.5 were used.

Q: We ship two eBooks for price of one .

First eBook is on OAM 11.1.1.5, OID 11.1.1.5 and WebGate 10.1.4.3
Second eBook is on OAM 11.1.1.3, OID 11.1.1.4 and WebGate 10.1.4.3

Reply
oamadminuser says January 30, 2012

Hi All, I have recently used 11.1.1.5 versions of OAM, OID and webgate with 10.3.5 weblogic server. All worked sucessfully. Also, the logout page definitely does go to the OAMLogin.jsp page, not to the standard E-Business Appslogin page.

Reply
GMH says March 6, 2012

I have purchased your e-book and it was a big help in setting up my first instance. I am trying to add an instance and have completed, I think, all the major steps. My question is about the ObAccessClient.xml. I don’t know how to add an instance to this file. On the AccessGate server there are 2 files one for each instance. How do I handle this file on the OHS server? Any suggestions.

Reply
Atul Kumar says March 6, 2012

@ GMH,
Glad that you liked this e-Book .

When you say “I am trying to add an instance and have completed”, does this mean you already have an OAM instance and now adding second OAM managed server (i.e. OAM instance) ?

Please clarify ?

What version of webgate 10g or 11g ?

Reply
GMH says March 6, 2012

I have the first r12 instance on sso. I went strickly by the ebook. I am now adding a second r12 instance. I am attempting to use the same OHS/Webgate 10g instance. I have created an application domain, authentication policy, protected and pulic resource manually under a new context root. The issue I have is that the redirection pages are not working. I mean I am unable to go directly to the the OHS pages that the new instance should be using. I am thinking it may have something to do with the ObAccessClient.xml. Maybe I am wrong but this file seems to have the information for the first instance prdr12 but nothing for the second instance of tstr12.

Reply
Atul Kumar says March 6, 2012

@ GMH,
No , you don’t have to modify ObAccessClient.xml .

You should deploy ebsAccess Gate with different URI and also create entry in mod_wl_ohs for new URI .

You also need few more configuration at OAM level so contact us via email from which you received eBook and we should be able to send you updated copy (free of cost) with additional steps in weeks time.

Reply
Ramasamy says March 6, 2012

Atul,

Your ebook is really a great help for integrating EBS R12 with AccessGate… However I have the following questions relating to maintenance…

1. Whenever we clone the EBS instance, APPL_SERVER_ID, ASADMIN user password, etc will be changed… Under this situation, what will be the impact of the cloned configuration? Do we need to re-run the txkEBSauth.xml with new DBC file and ASADMIN password on the AccessGate server?

2. Since every 60 days, we change the password of users such as ORCLADMIN, ASADMIN, etc, what are the tasks need to be completed, whenever we changes these passwords?

An early reply is highly appreciated.

Thanks
Ramasamy

Reply
Atul Kumar says March 6, 2012

@ Ramasamy,
Thanks , we will try to cover these queries as well in book in next version. we’ll try to add them by end of this week and send updated copy.

Reply
johngwheeler says April 12, 2012

Hi Atul,

I saw that on 7th December 11 you answered a question about using a single OAM installation to provide SSO for multiple EBS environments. I have tried this but found that the WebLogic server instance hosting the AccessGate application won’t start if multiple AccessGates are deployed (we have given each a separate context root). However, if we start the server with a single AccessGate, we are able to deploy additional ones once the server has started. If we restart WebLogic it fails as before.

Your previous answer implied that it is possible to deploy multiple Access Gates on the same WLS instance (& presumably to a WebLogic cluster as well).

Can you suggest what am I doing wrong?

Thanks and kind regards,

John

Reply
Atul Kumar says April 13, 2012

@ johngwheeler,
This use case (2 EBS on single OID/OAM) is covered in our eBook at http://onlineappsdba.com/index.php/book If you purchase this eBook or have already bought this eBook then send email to ID (from which you received eBook) and we will help you via email.

Reply
GK says September 5, 2012

Hi Atul,

While running ant -f txkEBSAuth.xml for creating datasource in EBS Accessgate domain got below error.

Error An error occurred during activation of changes, please see the log for details.
Error weblogic.application.ModuleException:
Error Could not connect to ‘oracle.apps.fnd.ext.jdbc.datasource.AppsDataSource’. The returned message is: ORA-01017: invalid username/password; logon denied It is likely that the login or password is not valid. It is also possible that something else is invalid in the configuration or that the database is not available.

I have followed the ML “Cannot Create Datasource: ORA-01017: Invalid Username/password [ID 1470788.1]” and re-generated the dbcfile, but no luck.

Can you suggest what am I doing wrong?

Thanks in Advance.
GK

Reply
ahmedalam says September 13, 2012

I have the same exact issue…did you find any fix for this? Recreating DBC file is not helping.

[wlst] Caused by: weblogic.common.resourcepool.ResourceSystemException:
[wlst] Could not connect to ‘oracle.apps.fnd.ext.jdbc.datasource.AppsDataSource’.
[wlst] The returned message is: ORA-01017: invalid username/password; logon denied
[wlst] It is likely that the login or password is not valid.
[wlst] It is also possible that something else is invalid in
[wlst] the configuration or that the database is not available.
[wlst] at weblogic.jdbc.common.internal.JDBCUtil.parseException(JDBCUtil.java:301)

Reply
najeeb says October 25, 2012

hi Atul,

Can we integrate enterprise grid control 10g with EBS 11.5.10.2 having 10.2.0.5 database…. and then configuring data vault and agent on the same database… If yes, cud u help me out with the link for it…

Reply
    Atul Kumar says October 25, 2012

    @ najeeb,
    Yes you can integrate enterprise grid control 10g with EBS 11.5.10.2 having 10.2.0.5 database. You would need Application Management Pack on EM for this.

    You can also configure data vault on EBS database , look at my oracle support note Integrating Oracle E-Business Suite Release 11i with Oracle Database Vault 10.2.0.5 [ID 1139844.1]

    Reply
najeeb says October 26, 2012

Thank u so much Atul…
I wud read that in detail, I hope if I stuck in somewhere wud get ur assistance… I wud really appreciate that…
Thanks….

Reply
Vivek Sharma says October 29, 2012

Hi Atul,

I bought your ebook from onlineappsdba.com, and could integrate my EBS with Access Manager successfully. However while reviewing Document 1309013.1, I am seeing that this step in the preinstall section is not in the book.
Configure Oracle Internet Directory to return operational attributes for lookup requests. This modification adds the orclguid attribute to records returned by Oracle Internet Directory when queried by Oracle Access Manager, allowing these records to be mapped to others that are uniquely identified by orclguid. To make this modification create an ldif file as detailed below and execute this command from the Oracle Home where Oracle Internet Directory is installed:

Create an ldif file (for example ‘change_attrs.ldif’) containing the following:

dn: cn=dsaconfig, cn=configsets,cn=oracle internet directory
changetype: modify
add: orclallattrstodn
orclallattrstodn: [DN]

Is this irrelevant? If it is relevant, what user should I use here oamadmin or orcladmin?
Thanks
Vivek

Reply
Atul Kumar says October 29, 2012

@ Vivek,
I never did that step in any intergartion and they all works and hence this step is not in eBook. If for completeness you would like to run this then use orcladmin as this user is used to connect form OAM to OID (bindDN in IDStore of OAM to OID)

Reply
Vivek Sharma says October 30, 2012

Hi Atul,

I have configured the OAM with EBSR12 using your ebook, but now have to configure with Active directory and kerberos etc. Can you please throw some light on the high level steps regarding this?

Thanks
Vivek

Reply
Vivek Sharma says November 1, 2012

Hi Atul,

I have configured the OAM with EBSR12 using your ebook, but I am unable to start/stop the managed servers using console? Is there a step that I am missing? I have to always start from command line, although I can stop from console. My node manager properties are set to startScript enabled to true?

Thanks
Vivek

Reply
Vivek Sharma says November 6, 2012

Ho Atul,

I got the eBook from online Apps DBA and could configure it successfully once. But since the Access manager and EBS were in diff domains, I was having issues, so I am redoing the whole thing, and this time when Configuring OHS to forward request to WebLogic server through mod_wl_ohs, and accessing the OAMLogin.jsp url to test the config, I am getting Failure of server APACHE bridge:No backend server available for connection: timed out after 10 seconds or idempotent set to OFF or method not idempotent. What could be wrong? All my weblogic components are up!
Thanks
Vivek

Reply
    Atul Kumar says November 6, 2012

    @ Vivek,
    Check if weblogic managed server is up and running and you can access OAMLogin.jsp directly from weblogic port. If you can then check if entry on OHS is correct and also there is no firewall blocking weblogic port from OHS to WebLogic server

    Reply
Vivek Sharma says November 6, 2012

Thanks Atul, I found that the mod_wl_ohs.conf port no was 8602 and the EBS access gate was listening on 7602 (a typo). Thanks for your input and knowledgeable help!

Reply
Vivek Sharma says November 6, 2012

Hi Atul,

I have followed your eBook and everything until page 149 has now worked great.
However the following is not working as expected, the logout is leading to a blank page, what could be the reason?:
“Login to EBS via OAM and then click on logout page. It should redirect you to logout page which you logoff user session. Try EBS URL again and this should redirect you to login page.”

thanks
Vivek

Reply
Vivek Sharma says November 6, 2012

Also the following URL is leading to the login page, instead of what is mentioned below?
Access URL http://fusionidm.marketsphere.com:7777/public/oacleanup.html (used as logout URL during EBS AccessGate deployment) from browser and it should be accessible without password prompt.

Reply
Vivek Sharma says November 7, 2012

Hi Atul,
After completing the integration of Access Manager with EBS R12, using your ebook, I am trying to integrate with AD. Your website has steps for that too, but when I am trying to use em to access DIP, I see that the Quartz scheduler and MBean are down. What could be the reason? without these, I cannot do the integration!

Thanks

vivek

Reply
Atul Kumar says November 7, 2012

@ Vivek,
Check errors in weblogic managed server wls_ods[1] where DIP is deployed.

Reply
Vivek Sharma says November 7, 2012

Thanks Atul, following are the errors. If I search metalink,Note 1500919.1 says the order of starting may be wrong, or the versions may be mismatched. But I use exactly the same versions as in the ebook.

<ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase RENDER_RESPONSE 6
javax.el.ELException: java.lang.NullPointerException
at javax.el.BeanELResolver.getValue(BeanELResolver.java:266)
at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:173)
at com.sun.faces.el.DemuxCompositeELResolver.getValue(DemuxCompositeELResolver.java:200)
at com.sun.el.parser.AstValue.getValue(Unknown Source)
at com.sun.el.parser.AstNot.getValue(Unknown Source)
at com.sun.el.ValueExpressionImpl.getValue(Unknown Source)
at org.apache.myfaces.trinidad.bean.FacesBeanImpl.getProperty(FacesBeanImpl.java:68)
at oracle.adf.view.rich.render.RichRenderer.getVisible(RichRenderer.java:1830)
at oracle.adf.view.rich.render.RichRenderer.renderRootStyleAttributes(RichRenderer.java:884)
at oracle.adf.view.rich.render.RichRenderer.renderRootStyleAttributes(RichRenderer.java:852)
at oracle.adf.view.rich.render.RichRenderer.renderRootStyleAttributes(RichRenderer.java:819)
at oracle.adf.view.rich.render.RichRenderer.renderAllRootAttributes(RichRenderer.java:781)
at oracle.adf.view.rich.render.RichRenderer.renderAllRootAttributes(RichRenderer.java:760)
at oracle.adfinternal.view.faces.renderkit.rich.OutputTextRenderer.encodeAll(OutputTextRenderer.java:171)
at oracle.adf.view.rich.render.RichRenderer.encodeAll(RichRenderer.java:1396)
at org.apache.myfaces.trinidad.render.CoreRenderer.encodeEnd(CoreRenderer.java:341)
at org.apache.myfaces.trinidad.component.UIXComponentBase.encodeEnd(UIXComponentBase.java:767)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:938)
at org.apache.myfaces.trinidad.render.CoreRenderer.encodeChild(CoreRenderer.java:406)
at oracle.adf.view.rich.render.RichRenderer.encodeChild(RichRenderer.java:2633)
at oracle.adfinternal.view.faces.renderkit.rich.customizable.ShowDetailFrameRenderer.encodeContent(ShowDetailFrameRenderer.java:1648)
at oracle.adfinternal.view.faces.renderkit.rich.customizable.ShowDetailFrameRenderer.encodeAll(ShowDetailFrameRenderer.java:825)
at oracle.adf.view.rich.render.RichRenderer.encodeAll(RichRenderer.java:1396)
at org.apache.myfaces.trinidad.render.CoreRenderer.encodeEnd(CoreRenderer.java:341)
at org.apache.myfaces.trinidad.component.UIXComponentBase.encodeEnd(UIXComponentBase.java:767)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:938)
at org.apache.myfaces.trinidad.render.CoreRenderer.encodeChild(CoreRenderer.java:406)
at oracle.adf.view.rich.render.RichRenderer.encodeChild(RichRenderer.java:2633)
at oracle.adfinternal.view.faces.renderkit.rich.customizable.PanelCustomizableRenderer.encodeChildrenVertically(PanelCustomizableRenderer.java:1041)
at oracle.adfinternal.view.faces.renderkit.rich.customizable.PanelCustomizableRenderer.encodeAll(PanelCustomizableRenderer.java:352)

Reply
sree says December 11, 2012

Hi Atul,

Earlier we used to just install OAS/OID and proceed with configuring SSO. Now we need to have these many components to be installed for OAM ?

My client wants to integrate existing applications using SAML and SSO with R12. Any notes/pointers for this.

Thanks in advance.
sree

Reply
    Atul Kumar says December 11, 2012

    @ Sree,
    OAM 11g is recommended SSO these days for SSO with R12.

    Reply
Endeca says April 30, 2013

Hi,

I am integrating OAM/OID with EBS,when ever i tried to login EBS URL its re-directinog to OAM login then after enter password, its showing blank, here is error message,

java.sql.SQLException: ORA-01465: invalid hex number

at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:462)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:931)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:481)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:205)
at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:548)
at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:217)
at oracle.jdbc.driver.T4CPreparedStatement.executeForDescribe(T4CPreparedStatement.java:947)
at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:1283)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1441)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3769)
at oracle.jdbc.driver.OraclePreparedStatement.executeQuery(OraclePreparedStatement.java:3823)
at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeQuery(OraclePreparedStatementWrapper.java:1671)
at weblogic.jdbc.wrapper.PreparedStatement.executeQuery(PreparedStatement.java:135)
at oracle.apps.fnd.ext.jdbc.utils.QueryRunner.query(QueryRunner.java:92)
at oracle.apps.fnd.ext.sso.SsoUser.calculateAppsUsers(Unknown Source)
at oracle.apps.fnd.ext.sso.SsoUser.(Unknown Source)
at oracle.apps.fnd.ext.sso.SsoUser.(Unknown Source)
at oracle.apps.fnd.ext.sso.OamSsoUser.(Unknown Source)
at oracle.apps.fnd.ext.sso.AppsHttpServletRequestWrapper.(Unknown Source)
at oracle.apps.fnd.ext.sso.FndSsoFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
Apr 28, 2013 3:30:02 PM oracle.apps.fnd.ext.sso.SsoUser calculateAppsUsers
SEVERE: SEVERE exception while finding AppsUser details for GUID NOT_FOUND –>
java.sql.SQLException: ORA-01465: invalid hex number

at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:462)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:931)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:481)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:205)
at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:548)
at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:217)
at oracle.jdbc.driver.T4CPreparedStatement.executeForDescribe(T4CPreparedStatement.java:947)
at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:1283)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1441)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3769)
at oracle.jdbc.driver.OraclePreparedStatement.executeQuery(OraclePreparedStatement.java:3823)
at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeQuery(OraclePreparedStatementWrapper.java:1671)
at weblogic.jdbc.wrapper.PreparedStatement.executeQuery(PreparedStatement.java:135)
at oracle.apps.fnd.ext.jdbc.utils.QueryRunner.query(QueryRunner.java:92)
at oracle.apps.fnd.ext.sso.SsoUser.calculateAppsUsers(Unknown Source)
at oracle.apps.fnd.ext.sso.SsoUser.(Unknown Source)
at oracle.apps.fnd.ext.sso.SsoUser.(Unknown Source)
at oracle.apps.fnd.ext.sso.OamSsoUser.(Unknown Source)
at oracle.apps.fnd.ext.sso.AppsHttpServletRequestWrapper.(Unknown Source)
at oracle.apps.fnd.ext.sso.FndSsoFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

Apr 28, 2013 3:30:02 PM oracle.apps.fnd.ext.sso.AppsHttpServletRequestWrapper
SEVERE: Cannot retrieve LDAP information for guid=’NOT_FOUND’
[OHS@oam ~]$

Reply
Endeca says April 30, 2013

and I checked MOS and checked oam-config.xml SSOOnlyMode is set to false.

Reply
Atul Kumar says April 30, 2013

@ Endeca,
Check what is GUID for user in OID(LDAP) and what is entry in FND table for this user ?

If there is any GUID in FND_USER table (that matches with GUID of user in OID) then set GUID to null in FND_USER for this user and try again.

Reply
Endeca says April 30, 2013

Hi Atul,

can you tell me how to check GUID in OID,

i have changed GUID in FND_USER for one user.

select user_name,end_date,user_guid from fnd_user where user_name=’DBADIRECT’

USER_NAME END_DATE USER_GUID
————— ——— ——————————–
OAMDBA DB5169D1C4D37831E040A8C00B0128B5

update fnd_user set user_guid = null where user_name=’OAMDBA’ ;

1 row updated.

SQL> commit;

Commit complete.

SQL> select user_name,end_date,user_guid from fnd_user where user_name=’OAMDBA’
2 ;

USER_NAME END_DATE USER_GUID
————— ——— ——————————–
OAMDBA

after that OAMDBA is not able to populate USER_guid

Reply
Atul Kumar says April 30, 2013

Use ldap search mentioned at

http://onlineappsdba.com/index.php/2008/02/20/oid-quesries-scripts-faq/

Q: How to search for various user attributes ?
A.ldapsearch -v -h “${Host}” -p ${Port} -D “cn=orcladmin” -w “${OIDManagerPasswd}” -b “” -s sub “uid=${AppsUser}*” uid orclguid orclactivestartdate orclactiveenddate orclisenabled

Reply
Atul Kumar says April 30, 2013

@ Endeca If you now try to access EBS URL and then login using OAMDBA t OAM URL then check what message you get in EBS AccessGate logs.

was logging enabled during AccessGate deployment ?

Reply
Endeca says April 30, 2013

Hi Atul,

I am not sure if logging is enabled during AG Deployment.
I am getting below error message.
———————————

java.sql.SQLException: ORA-01465: invalid hex number

at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:462)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:931)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:481)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:205)
at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:548)
at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:217)
at oracle.jdbc.driver.T4CPreparedStatement.executeForDescribe(T4CPreparedStatement.java:947)
at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:1283)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1441)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3769)
at oracle.jdbc.driver.OraclePreparedStatement.executeQuery(OraclePreparedStatement.java:3823)
at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeQuery(OraclePreparedStatementWrapper.java:1671)
at weblogic.jdbc.wrapper.PreparedStatement.executeQuery(PreparedStatement.java:135)
at oracle.apps.fnd.ext.jdbc.utils.QueryRunner.query(QueryRunner.java:92)
at oracle.apps.fnd.ext.sso.SsoUser.calculateAppsUsers(Unknown Source)
at oracle.apps.fnd.ext.sso.SsoUser.(Unknown Source)
at oracle.apps.fnd.ext.sso.SsoUser.(Unknown Source)
at oracle.apps.fnd.ext.sso.OamSsoUser.(Unknown Source)
at oracle.apps.fnd.ext.sso.AppsHttpServletRequestWrapper.(Unknown Source)
at oracle.apps.fnd.ext.sso.FndSsoFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
Apr 28, 2013 3:30:02 PM oracle.apps.fnd.ext.sso.SsoUser calculateAppsUsers
SEVERE: SEVERE exception while finding AppsUser details for GUID NOT_FOUND –>
java.sql.SQLException: ORA-01465: invalid hex number

at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:462)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:931)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:481)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:205)
at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:548)
at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:217)
at oracle.jdbc.driver.T4CPreparedStatement.executeForDescribe(T4CPreparedStatement.java:947)
at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:1283)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1441)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3769)
at oracle.jdbc.driver.OraclePreparedStatement.executeQuery(OraclePreparedStatement.java:3823)
at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeQuery(OraclePreparedStatementWrapper.java:1671)
at weblogic.jdbc.wrapper.PreparedStatement.executeQuery(PreparedStatement.java:135)
at oracle.apps.fnd.ext.jdbc.utils.QueryRunner.query(QueryRunner.java:92)
at oracle.apps.fnd.ext.sso.SsoUser.calculateAppsUsers(Unknown Source)
at oracle.apps.fnd.ext.sso.SsoUser.(Unknown Source)
at oracle.apps.fnd.ext.sso.SsoUser.(Unknown Source)
at oracle.apps.fnd.ext.sso.OamSsoUser.(Unknown Source)
at oracle.apps.fnd.ext.sso.AppsHttpServletRequestWrapper.(Unknown Source)
at oracle.apps.fnd.ext.sso.FndSsoFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

Apr 28, 2013 3:30:02 PM oracle.apps.fnd.ext.sso.AppsHttpServletRequestWrapper
SEVERE: Cannot retrieve LDAP information for guid=’NOT_FOUND’
[OHS@oam ~]$

Reply
Atul Kumar says April 30, 2013

@ Endeca,
This error “Cannot retrieve LDAP information for guid=’NOT_FOUND” means that OAM is not returning GUID for signed in user.

There is a step in integration where OAM is ocnfigured with RESPONSE to retrive GUID for logged in user . This is set both at AUthentication and Authorization level.

Check if RESPONSE is configured correctly in OAM.

Reply
Endeca says April 30, 2013

HI Atul,

i am trying to find GUID from OID,but getting error.

[oracle@oam config]$ /u01/Middleware/Oracle_IDM1/bin/ldapsearch -v -h “oam.reg.com” -p 3060 -D “cn=orcladmin” -w “welcome1” -b “” -s sub “uid=apps” uid orclguid orclactivestartdate orclactiveenddate orclisenabled
Context Initialization Error [

Reply
Endeca says April 30, 2013

please ignore my privious post.
—————————-
here is GUID from OID.

[oid@oam ~]$/u01/Middleware/Oracle_IDM1/bin/ldapsearch -v -h oam.reg.com -p 3060 -D cn=orcladmin -w welcome1 -b “” -s sub uid=dbadirect uid orclguid orclactivestartdate orclactiveenddate orclisenabled
ldap_open( oam.reg.com, 3060 )
filter pattern: uid=dbadirect
returning: uid orclguid orclactivestartdate orclactiveenddate orclisenabled
filter is: (uid=dbadirect)
cn=DBADIRECT,cn=Users,dc=reg,dc=com
uid=DBADIRECT
orclguid=DB5169D1C4D37831E040A8C00B0128B5
orclisenabled=ENABLED
1 matches
[oid@oam ~]$

Reply
Endeca says May 1, 2013

Hi,

here is GUID information from OID.

here is GUID from OID.

[oid@oam ~]$/u01/Middleware/Oracle_IDM1/bin/ldapsearch -v -h oam.reg.com -p 3060 -D cn=orcladmin -w welcome1 -b “” -s sub uid=dbadirect uid orclguid orclactivestartdate orclactiveenddate orclisenabled
ldap_open( oam.reg.com, 3060 )
filter pattern: uid=dbadirect
returning: uid orclguid orclactivestartdate orclactiveenddate orclisenabled
filter is: (uid=dbadirect)
cn=DBADIRECT,cn=Users,dc=reg,dc=com
uid=DBADIRECT
orclguid=DB5169D1C4D37831E040A8C00B0128B5
orclisenabled=ENABLED
1 matches
[oid@oam ~]$

Reply
Atul Kumar says May 1, 2013

As mentioned earlier , Did you check if RESPONSE is configured correctly in OAM

Reply
Endeca says May 1, 2013

Hi Atul,

Response configuration looks fine i believe for both(authorization/authentication),is there any other way to test this configuration is working fine.
here is config information
—————————
USER_ORCLGUID
Header $user.attr.orclguid
USER_NAME
Header $user.userid

=======

Value
USER_ORCLGUID
Header $user.attr.orclguid
USER_NAME
Header $user.userid

Reply
user says May 6, 2013

We are trying to integrate EBS R1213 with OID/OAM and i am referring Integrating Oracle E-Business Suite Release 12 with Oracle Access Manager 11gR1 (11.1.1.5) using Oracle E-Business Suite AccessGate [ID 1309013.1]

As per document
1)installed WLS
2)using RCU created metadata schemas
3)installed/configured OID Domain
4)enabled user provisining between OID/EBS working fine.
5)Configure Oracle Internet Directory to return operational attributes for lookup requests
6)installed and Configured OAM Domain
7)generated DBC file and copied to OAM server.
8)Deploy and Configure Oracle E-Business Suite AccessGate
created db source using TxkEBSAuth.xml

here is my confusion part, do i need to install OHS(Webtier) and configre before (Deploy and Configure Oracle E-Business Suite AccessGate) step of after this step..?,MOS is not clear about OHS installation.

and i am confused step Provision and Install Oracle Access Manager WebGate

Reply
user says May 6, 2013

Hi Atul,

We are trying to integrate EBS R1213 with OID/OAM and i am referring Integrating Oracle E-Business Suite Release 12 with Oracle Access Manager 11gR1 (11.1.1.5) using Oracle E-Business Suite AccessGate [ID 1309013.1]

As per document
1)installed WLS
2)using RCU created metadata schemas
3)installed/configured OID Domain
4)enabled user provisining between OID/EBS working fine.
5)Configure Oracle Internet Directory to return operational attributes for lookup requests
6)installed and Configured OAM Domain
7)generated DBC file and copied to OAM server.
8)Deploy and Configure Oracle E-Business Suite AccessGate
created db source using TxkEBSAuth.xml

here is my confusion part, do i need to install OHS(Webtier) and configre before (Deploy and Configure Oracle E-Business Suite AccessGate) step of after this step..? , MOS is not clear about OHS installation.

and i am confused step Provision and Install Oracle Access Manager WebGate

Reply
Brian says June 25, 2013

Greetings

Would it be possible to integrate EBS R1213 with Oracle Access Manager without using the APPS password? We are required to reset the APPS password every xxx days, and whenever we do we need to create a new DBC file and install it on the SSO/OID server. We’d rather create a dummy account with only the necessary privileges needed for it to communicate with the EBS system.

Regards
Brian

Reply
Atul Kumar says June 25, 2013

@ Brian,
You don’t use APPS password for day-to-day OAM/EBS inetgration run time. EBS accessgate uses an application user (similar to ASADMIN). Apps Schema password is used just to create DBC file once (during configuration).

Regards
Atul Kumar

Reply
lavinia_dobrovolschi says December 21, 2013

Hi Atul,

Thank you for the useful post. I am trying to integrate EBS with OIM (it is already integrated with OAM in the same way you mentioned in your post) and my question is the following: if OIM will provision user identities to OID (and treat it as a target source) and OIM will use the EBS User Management Connector in an SSO enabled mode to connect with the EBS system (the connector in SSO mode looks first in OID to retrieve the orclguid for that specific user and uses that value when creating a new user in FND_USER table). That would totally mess up with the registration of instance and OID that you described earlier. Would the SSO still work with the new OIM integration if I stop the one way synch (provisiontype=3 OID to instance) that is currently configured?

Many thanks,
Lavinia

Reply
    Atul Kumar says December 22, 2013

    @ lavinia_dobrovolschi,
    If user already exist in EBS (created in EBS or synced from OID) or OID (created in OID or synced from EBS) and when OIM is integrated with OID (using LDAPSync), this means user is in all three repository.

    During next reconciliation run (between OIM & EBS), user in OIM will get linked to EBS user and it will be visible in OIM as EBS resource . SSO should work as long as GUID in OID and GUID in EBS matches (or if value in EBS is blank then on first time login value in EBS will be set to value in OID).

    You must configure provisiontype to value depneding on your requirement (what is master source of user)

    Please share your requirement, product should work and be configured based on your requirement and not other way .

    Reply
Chandra says July 2, 2014

how to integrate OAM With OBIEE11.1.1.7.140114 , DAC7.9.6.3 and Informatica9.0.1 for SSO? Is it possible ?

Reply
Chandra says July 2, 2014

how to integrate OAM With OBIEE 11.1.1.7.140114 , DAC7.9.6.3 and Informatica9.0.1 for SSO? Is it possible ?

Reply
daniesh says August 10, 2014

Hi Atul,

Thanks for this post as it is very useful.

I am planing to integrate OAM SSO with Oracle EBS R12. In my case Oracle apps Database is a 2 node RAC database. I am a bit confused a am refering node ID- 1370938.1. In Appendix B, Appendix B: Special Procedure for RAC-Enabled Oracle E-Business Suite Instances. It says that If you have a RAC-enabled Oracle E-Business Suite environment, register it with Oracle Internet Directory by executing the following steps:
B1 Configure your database for directory usage

Do we need to follow this step on RAC EBS Node

Repeat steps 1 to 8 for each database node in the cluster:
Again steps 1 to 8 also we have to follow on Oracle EBS database.

One more point, We have install OAM and OID on one server and EBS is hosted on another server.
OAM Webgate needs to be installed on EBS Node/OAM server.
On which server, Oracle access gate needs to be installed.

AS i am working on OAM for the first time.
Please suggest.

Thanks

Reply
Add Your Reply

[index]
[index]
[523.251,1046.50]
[523.251,1046.50]
[523.251,1046.50]
[523.251,1046.50]
[i]
[i]
[index]
[index]
[523.251,1046.50]
[523.251,1046.50]