EBS R12 Integration with OAM 11g – HTTP 404 Error : /ssologin not found

Recently we came across an issue while integrating EBS R12 with OAM 11g using 10g Webgate for one of our client. For detail step by step integration process please check our book  at  Oracle E-Business R12 integration with OID/OAM

On requesting the EBS URL , User was redirected to Authenticate Agent URL value  which is set as Profile option in EBS . This request was then intercepted by 10g Webgate on OHS and forwarded to OAM.
OAM after checking that  the requested resource is protected was suppose to apply the protected authentication policy and present the challenge page to User.
But instead of getting the Challenge page, user was experiencing HTTP 404 error:-

On enabling HTTP headers trace, it shows that on requesting /ssologin , OAM server responds back with 404 error:-

GET /ebsauth_visr12/ssologin HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

HTTP/1.1 302 Moved Temporarily

GET /oam/server/obrareq.cgi?wh%3Dvisr12_hostid %20wu%3D%2F ebsauth_visr12%2F ssologin %20wo%3D1%20rh%3D http%3A%2F%2F innowavexx .focusthread.com%20ru%3D%252Febsauth_visr1 2%252F ssologin HTTP/1.1
If-None-Match: “9696-8-4c626e271ac40″
Host: innowavexx.focusthread.com
Connection: Keep-Alive

HTTP/1.1 404 Not Found
Server: Oracle-Application-Server-11g
Content-Length: 188
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Under Oam diagnostic log file ( default location- $DOMAIN_HOME/servers/oam_server1/logs) , error was recorded as:-

oam_server1-diagnostic.log:[2012-08-01T11:16:24.338+01:00] [oam_server1] [TRACE] [] [oracle.oam.engine.policy] [tid: NioProcessor-1] [userId: <anonymous>] [ecid: 0000JZT1WPXBDCHMyufd6G1G5x0T000003,0] [APP: oam_server] [SRC_METHOD: fine] [SRC_CLASS: oracle.security.am.engines.common.adapters.OAMLoggerImpl] Called isResourceProtected () with resource : Resource Name: WebGateResource Type: HTTP URL: /ssologin RESULT DENY

Which clearly states that its trying to access /ssologin which is being denied by OAM and hence 404 error.

Reason – The issue was happening because of ‘DENY on Not Protected‘ flag on webgate agent registered with OAM.
The difference between 10g and 11g OAM is that in 11g, the default is that everything is protected once the webgate is installed (deny on protected is checked).
In 11g if you want a specific url to be not protected, you may need to create a public resource policy and protected via an anonymous auth scheme which will stop it from being protected.
In 10g the default behavior is to set the resource as allowed unless a specific policy is created for that resource.

If the ‘Deny On Not Protected’ flag is set in the Agent settings, HTTP-404 Not Found error occurs in the browser when the resource is accessed.

Solution – Uncheck the ‘DENY On Not Protected’ flag under oam console:-
1) Login to OAM Console http://oam_hostname:adminserver_port/oamconsole
2) System Configuration –>Access Manager Agents –> SSO Agents –> OAM Agents –> search for respective Agent
3)Uncheck ‘DENY on NOT Protected’
4)click Apply and Bounce the OHS of respective webgate

About the Author Neha Mittal

Leave a Comment:

11 comments
Priya says August 29, 2013

Hi Neha, Im working on integration of OAM with E-Business(+OID) using WNA. I have few clarifications related to this.
1. Whether to set OID or AD as default store in OAM?
2. For OAM with WNA, AD should be the default store, in that case do we need to send only userid in response headers?
3. What is the necessity to do DIP synch between AD and OID?

Thanks,
Priya

Reply
    Atul Kumar says August 29, 2013

    1. Whether to set OID or AD as default store in OAM?

    both should work as long as user exists in both AD & OID

    2. For OAM with WNA, AD should be the default store, in that case do we need to send only userid in response headers?

    again for WNA, OAM just send userid in kerberos token .

    3. What is the necessity to do DIP synch between AD and OID?
    So that users stay in sync between OID & AD. OID is only supported LDAP between EBS and OAM and for kerberos user must exist in AD .

    Reply
Priya says August 30, 2013

Thanks for the response.

1. Install OAM
2. Install OID, register oracle instance and OID with Ebiz, change OID to return orclguid paramter value during search operations.
3. Install Ebiz Access gate ie, deploy Ebiz access gate
4. Install and register web gate.
5. Integrate OAM with WNA, configure dip synch between oid and AD, send user id in response header.

Other than this, in a forum there is a mention about configuring external authentication plugin for OID to AD. Is this required? what is the need for this?
Am I done with the above listed configurations?

Reply
Purva says April 28, 2014

Hi Priya,

I have configured WNA with OAM 11gr2ps2 -EBS 12.1.3 integrated error. When I try to access EBS page, I am getting same error (404 not found for /ssologin)
I have protected /ssologin* and /ssologin/** with public resource policy for authentication and protected resource policy for authorizaion.

In headers, I can see the following:

GET /ebsauth_ebprd/ssologin HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: ebsdlxsrv2.ad.adco.net:7780
Cookie: EBSAuthCookie=7160|||N; OAMAuthnHintCookie=0@1398684205; OAM_ID=VERSION_4~EgwvIQQUx1q16Ij6DWmADw==~YP+RobC3qe4nlLiG5ldQxeohNj1Pv4xekxglFvCQmlZvfovNxWFhckljJ983Dan07elvK4pUoYBPK/dOdbCEzZ+8c/1dmT/fVaA20Zg8WxQcqFHbBO1Cba9JfJ/PC3ubT1ew9X7tj1s6/3Vq9IragSjPH8TIjWtkM82CSklifwM=; OAMAuthnCookie_ebsdlxsrv2.ad.adco.net:7780=KM4oD1B42rsNd0Rq%2BJR7hvOWigDUIty%2F%2FrxTKH4Xc0ugYpBGpur3SdxNI2sUzCduS0H2nCeXf8%2FWRMkrcCy6uiH4TgYXmylpsdY04SLpS%2Fmh3N6gZdwVn2aJ1%2B3U%2FuqQQkeMj%2FmPdZKk2bq2YrzGCXcUe5i9NWjTxWW0CBxfCVfFD7OrlbRq5htd%2BahrjaKM4U3HLgFU6iwzuGnW20QUiW6emhx3u4CVyZR3Hf94TM59m35TmeLv%2FQleWCpPa0JykNTdXo5nlDUwRW4XL12S8F0AQCIKkeXKfNKl2uLjSOV2DG18WoMNxtxJp6SedxWu

HTTP/1.1 404 Not Found
Date: Mon, 28 Apr 2014 11:23:25 GMT
Server: Oracle-Application-Server-11g
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 1164
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en

Also in 11gr2, we can not uncheck the flag – “Deny on not protected”

Could you please help me?

Thanks,
Purva

Reply
ashish19 says June 9, 2014

Hello,

I have followed all the directions, in your e-book about the OAM-EBS integration.

Initially the re-direction was working, to OAM login page.
But then the re-direction to the OAM login page is NOT working anymore.

In IE ,we get the following message:

HTTP 404 not found.

When we use , Firefox we get the following message

Not Found

The requested URL /ebsauth_EBSD4/ssologin was not found.

—————–

We are using

Sun – JDK – 1.6.0_45
WLS – 10.3.6
LDAP server – OID – 11.1.1.7
Web Server – OHS – webgate – SLES11-SP2
OAM version 11.1.2.2
OHS 11.1.1.7
EBS R12.1.3

Please help.

Thanks,

Ashish

Reply
    Atul Kumar says June 9, 2014

    @ Ashish19,
    What’s changed ? Did you reset passwords or changed anything ?

    Reply
Ashish19 says June 9, 2014

Hello Atul,

Thanks for your reply.

Nothing has changed.

We followed all the directions in the ebook.
Were able to integrate OID with the EBS.

Created new account in OID and that got propagated to EBS, fnd_users table.

Please tell some diagnostic, things we can check to see our configuration.

Regards,

Ashish

Reply
Ashish19 says June 12, 2014

Hoping this will provide more information, so you can help me.

I did the Test Webgate for public resource and it went well.

http://:7780/public/index.html

But when I do the test for Webgate for protected resource

http://:/index.html

The re-direction from Webgate to OAM login page happens, but when I enter the Userid/passwd, I get the following error.

‘System error. Please contact the System Administrator.’.

——————–

Please note , I have done the Webgate registration step post OID integration with EBS.

Thanks,

Ashish

Reply
Ashish19 says February 18, 2015

Hello Atul/Neha,

As I mentioned earlier I had bought your book and let me say, it was very helpful, especially for a person like me , who did not have much knowledge about OAM in the beginning.

Now we have configured our EBS R12.1.3 with OAM 11gR2 , OID using the AD credentials and it is working.

Now we are trying to configure WNA/Kerberos in this setup, so our users don’t have to enter their password.

Can you please point me , where I can find the information for configuring WNA/Kerberos.

Your book does not cover WNA/Kerberos configuration, right, at least the version I bought last year ?

Thanks,

Ashish

Reply
ramesh reddy says March 18, 2016

Login page error: 404 – The url /OA_HTML/AppsLogin not found

Pls tell me how to resolve

Reply
    Atul Kumar says March 22, 2016

    Compile the JSP and try again – Look at error_log in OHS

    Unable To Open The E-Business Suite Login HTTP-404 Error. Error_log Shows “File does not exist: $INST_TOP/portal/OA_HTML/AppsLogin” (Doc ID 1177264.1)

    R12.1.1: AppsLogin is failing with error ‘The webpage cannot be found’ – HTTP 404 after a restart of the Middle-Tier (Doc ID 1122804.1)

    Reply
Add Your Reply