Apps 11i/R12/12i Registration/Deregistration with OID/SSO : internals

Q. If you have multiple nodes with multiple URL’s ( , in apps (11i/R12), how many times you have to run OID/SSO Registration Process ?
Q. In which table (in Apps), Single Sign-On URL’s are stored ?
Q. In which table (in SSO), all partner applications (including apps stored) ?
Q. Where is OID, apps 11i/R12 details are stored (which tree) ?
Q. If you change apps password in Apps (11i/R12) instance integrated with OID & SSO what additional steps you need to follow ?
Q. How to clone Apps (11i/R12) instance integrated with OID & SSO ?

Well if you looking for answer to these and many more interesting questions have a look at four days Apps 11i integration with 10gAS (OID/SSO/Portal) training here

Q. Which script to use for manual OID/SSO registration/deregistration with Apps 11i ? -script=SetSSOReg where is in $FND_TOP/bin

Q. What are other important files being called from ?


Q. Where are registration/deregistration related logs stored ?
1. $APPLRGF/sso/  where $APPLRGF defaults to $COMMON_TOP/rgf/$CONTEXT_NAME
2. $COMMON_TOP/rgf/$CONTEXT_NAME/sso(Above two location are same)

txkSetSSOReg_$day_$Mon_$DD_$timestamp.log – Apps to SSO/OID registration/ deregistration log file


What happens when you run “ -script=SetSSOReg” ?

Above script is to register Apps with OID & SSO using default template file. Here are steps in background

Validation Phase   –  Above script

i) Checks if script can connect to orasso schema in SSO Repository using
java oracle.apps.fnd.txk.TXKTestJDBCConn
ii) Checks if script can connect to apps schema in apps (11i/R12) Repository using
java oracle.apps.fnd.txk.TXKTestJDBCConn
iii) Extract & Validate “Apps Framework Agent” Value from database at all level (Site, Server, User)
iv) Create and load “SSOSDK” schema in Apps Database
v) Extracts into $APPLRGF/sso/sso/902sdk
vi) Checks if any application URL (from step iii) is already registered (If not go to step vii)

If it finds any application URL (from step iii) already registered with SSO, registration script will fail with error “This partner application is already registered” (Common issue in reregistration after cloning)

Fix : is to deregister application URL from SSO using -script=SetSSOReg -deregister=Yes -script=SetSSOReg -removereferences=Yes

vii) does OID validation like,
Is template file available ?
Can script bind to ldap (OID) server?
Can orcladmin modify entry in OID ?
Validates AppsName is correct with valid character ?
Validates apps password is correct ?
Checks that application name is not already registered in OID ?

Execution Phase   –  Above script

viii) If validation for SSO and OID is successful then script start with SSO registration using
java -mode ADD -ssoc …

Register all Apps URL stored in “Apps Framework Agent” (at Site, Server, User, Responsibility level)

ix) Register Apps in OID by adding apps container under
cn=EBusiness, cn=Products, cn=OracleContext, $your_default_realm_in_OID

x) Create ldif file of format $APPLRGF/ AppsOIDRegistration_$Day$dd_$timestamp.ldif using template file $FND_TOP/ admin/ template/ XXXXRegistration.tmp

xi) Load ldif file (in above step) & provisioning profile ldif file in to OID using ldapmodify

Finally you should see output like “End of $FND_TOP/patch/115/bin/ No Errors encountered

What happens when you run “ -script=SetSSOReg -deregister=Yes” ?

Above script is to deregister SSO & OID from Apps & 10g AS Infrastructure Tier. Here are steps in background

SSO validation phase   –  Above script

i) Checks if ssosdk schema exists
ii) Checks if script can connect to orasso schema in SSO database
iii) Checks if script can connect to apps schema in apps database

OID Validation Phase   –  Above script

iv) Checks if script can bind to LDAP (OID) server using SSL OID port
v) Validates orcladmin password in OID using ldapbind
vi) Checks if orcladmin account can delete entry in OID (not actually deleting any entry)
vii) Validates Apps Name, Service Name, Instance Password and ACCOUNTS from OID

SSO deregistration Phase  –  Above script
viii) Extract ssosdk_902.zipinto $APPLRGF/sso/sso/902sdk
ix) Checks if any partner application (Apps Framework Agent) already registered
x) Removes entry (partner application related to apps ) from SSO (SSOSDK in 11i & ORASSO in SSO Server) using “java -mode REMOVE…..
OID Deregistration Phase –  Above script
xi) Checks provisioning profile which are candidate for deregistration and create LDIF file of type $APPLRGF/ sso/ RemoveGUID_$GUID_$Day$dd_$timestamp.ldif using template file $FND_TOP/admin/template/ProvDeRegistration.tmp
xii) Runs ldapdelete using above ldif file to delete any provisioning profile from OID
xiii) Creates ldif file of format DeRegistration_$Day$dd_$timestamp.ldif to list application to deregister from OID and then run ldapdelete to delete application (11i/r12) from OID

Share This Post with Your Friends over Social Media!

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

Paul says August 20, 2008

Hi Atul,

While creating a user I get the following error in Apps 11i:

Obsolete user exit call

Any thoughts on this error?


Atul says August 21, 2008

Check FNDSCAUS.fmx and try to regenerate it (adadmin).

Paul says August 22, 2008


Very good article.

Thank You.

» Error while running SSO registration on 11i : -script=SetSSOReg Online Apps DBA: One Stop Shop for Apps DBA’s says October 11, 2008

[…] To know role of Application Framework Agent in 11i/R12-SSO registration Click Here […]

Satya says November 13, 2009

In 11i we faced this issue on FNDSCAUS.fmx version 115.104 and got it resolved by applying the patch 7169718 gives form FNDSCAUS.fmb version 115.112.

Satya says November 13, 2009

In 11i,

we faced this issue on FNDSCAUS.fmx version 115.104 and got it resolved by applying the patch 7169718 gives form FNDSCAUS.fmb version 115.112.

change user password or create a new user from define -> user

OBSOLETE USER EXIT CALL dialog box appeared.

Satya says November 13, 2009

The above is for OBSOLTE USER EXIT CALL issue on DEFINE -> USER Form

santosh says March 24, 2010


I am getting following error while changing password –

Change Password

Error : Oracle error 6503: java.sql.SQLException: ORA-06503: PL/SQL: Function returned without value ORA-06512: at “APPS.FND_OID_PLUG”, line 1137 ORA-06512: at line 1 ORA-06512: at “APPS.FND_LDAP_WRAPPER”, line 1530 ORA-06512: at “APPS.FND_SSO_MANAGER”, line 244 ORA-06512: at “APPS.FND_WEB_SEC”, line 1425 ORA-06512: at “APPS.FND_WEB_SEC”, line 1250 ORA-06512: at line 1 has been detected in SessionManager.changePassword(String, String, String, String, Connection).

Change Password

* Indicates Required Field

*Current Password

*New Password

*Re-enter New Password
TIP Password must be at least 8 characters long.


Narendra says May 25, 2011

Hi Atul,

I am trying to integrate EBS 12.1.1 and Demantra 7.3.

I install the integration patch 8671721 after that I

login into the ebs as sysadmin/sysadmin and add the

Demand Management System Administrator responsibilty


Now I navigate as the following to submit a request..

DMSA–>Other–>Requests–>Find request—Submit a new

Request—->Single request—>
then in the Name textbox I browse for “Update

Synonyms” then I press Submit…..

Here it is showing an error message……

ERROR: Enter a value for schema Name parameter…

but the parameter field was disabled…..

And How to Know whether the patch installed successfully or not ?

Thanks & Regards,

Atul Kumar says May 25, 2011

You can try adadmin to update/recreate – Synonyms (raise an SR with Oracle for ERROR: Enter a value for schema Name parameter)

How to Know whether the patch installed successfully or not ?

Check patch log files (file entered during adpatch execution) and there should not be any errors reported in this log file.

Ather Hussain says September 28, 2011

Dear Atul,

I have to Integrate OID with EBS R12 – 12.1.3, on solaris machine and db version is

I have 2 server one for application and another for DB.

How to start Integration, can you give some important details ( from which server i.e application or db server from where I can start 1st step), what need to setup first.

Thanks for your co-operation,

Best Regards,
Ather Hussain
Chennai – India

Atul Kumar says September 28, 2011

@ Ather,
Register it from any one node.

Do you want to register with just OID or any other integration requirement like SSO (OAM )

Check our R12 integration book at

This book covers installation of OID 11g, integration of EBS with OID 11g using DIP and OAM 11g integration for Single sign-On (step by step instructions).

Ather Hussain says September 29, 2011

Hi Atul,

Thanks for quick reply,

I want to use OID to merely authenticate the user’s password via OID to be able to log into EBS (much like an LDAP server), with the rest of the security relying on what currently exists in EBS (responsibilities, etc). We won’t be doing SSO or automated logins or authentication of any kind. That is, as simple as possible.

I request you kindly give some details urgently to start.

As you refer to buy book, how can I buy book in India, they do shipping also ?

Ather Hussain

Atul Kumar says September 29, 2011

@ Ather Hussain,
I am not sure what you are trying to achieve (validating username/password against OID and not FND_USER) can be done with-out single sign-on solution like OSSO or OAM.

Note: SSO solution is used for just authentication (with OID as user repository) and authroization still lies with EBS via responsibility.

My eBook doesn’t cover just login via OID (without any SSO solution) but includes solution using Oracle Access Manager 11g . I am cusrious to know if what you are trying to achive is possible without any customization and without any single sign-on product.

Book is not hard copy but a eBook (soft copy) in PDF with around 200 pages including screenshots.

Chandra says October 2, 2013

Your method of describing all in this article is actually fastidious, every one can without difficulty be aware of it, Thanks a lot.

itsras says July 20, 2015

We have OAM automation in 12.2 using -script=SetOAMReg

Sso Ldap | says June 9, 2016

[…] Apps 11i/R12/12i Registration/Deregistration with OID/SSO … – Q. If you have multiple nodes with multiple URL’s ( , in apps (11i/R12), how many times you have to run OID/SSO Registration Process ? Q. […]

deepti says December 21, 2016

Hi Atul,
orclguid isnt mapping with fnd_guid at ebs end. We are getting the below error in logs. please assist..

Dec 21, 2016 12:59:02 PM oracle.apps.fnd.ext.sso.SsoUser updateUserGuid
SEVERE: SEVERE exception while updating user GUID –>
java.sql.SQLException: ORA-31203: DBMS_LDAP: PL/SQL – Init Failed.
ORA-06512: at “APPS.FND_OID_UTIL”, line 2320
ORA-06512: at line 1

at oracle.jdbc.driver.T4CTTIoer.processError(
at oracle.jdbc.driver.T4CTTIoer.processError(
at oracle.jdbc.driver.T4C8Oall.processError(
at oracle.jdbc.driver.T4CTTIfun.receive(
at oracle.jdbc.driver.T4CTTIfun.doRPC(
at oracle.jdbc.driver.T4C8Oall.doOALL(
at oracle.jdbc.driver.T4CCallableStatement.doOall8(
at oracle.jdbc.driver.T4CCallableStatement.executeForRows(
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(
at oracle.jdbc.driver.OraclePreparedStatement.execute(
at oracle.jdbc.driver.OracleCallableStatement.execute(
at oracle.jdbc.driver.OraclePreparedStatementWrapper.execute(
at weblogic.jdbc.wrapper.PreparedStatement.execute(
at oracle.apps.fnd.ext.jdbc.utils.QueryRunner.executeCallable(
at oracle.apps.fnd.ext.jdbc.utils.QueryRunner.executeNoOutCallable(
at oracle.apps.fnd.ext.sso.SsoUser.updateUserGuid(Unknown Source)
at oracle.apps.fnd.ext.sso.FndSsoLogin.ssologin2(Unknown Source)
at oracle.apps.fnd.ext.sso.FndSsoLogin.doPost(Unknown Source)
at oracle.apps.fnd.ext.sso.FndSsoLogin.doGet(Unknown Source)
at javax.servlet.http.HttpServlet.service(
at javax.servlet.http.HttpServlet.service(
at weblogic.servlet.internal.StubSecurityHelper$
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(
at weblogic.servlet.internal.ServletStubImpl.execute(
at weblogic.servlet.internal.TailFilter.doFilter(
at weblogic.servlet.internal.FilterChainImpl.doFilter(
at oracle.apps.fnd.ext.sso.FndSsoFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(
at weblogic.servlet.internal.WebAppServletContext$
at weblogic.servlet.internal.WebAppServletContext.securedExecute(
at weblogic.servlet.internal.WebAppServletContext.execute(

Dec 21, 2016 12:59:02 PM oracle.apps.fnd.ext.sso.FndSsoLogin ssologin2

Donald says March 10, 2017

we run “$FND_TOP/bin/ -script=SetSSOReg -registersso=Yes ”
We are getting oracle.ias.repository.schema.SchemaException: Unable to establish connection to the Oracle Internet Directory Server ldap:// Base Exception : javax.naming.AuthenticationException: [LDAP: error code 49 – Invalid Credentials]
The values in the FND tables are over riding the command line LDAP server name entry.
Is there a way to test the LDAP connection the script will utilize?

Ranjit says November 27, 2017

Hi, we have prod SSO and DEV SSO in different domain and after clone when we are running deregister in cloned DEV instance to de-register prod SSO and to continue with registering it against DEV SSO. While we do this step we are seeing the corresponding EBS PROD ldif file from OID goes off from tree causing the issues with production authentication. we have to manually import the ldif file exported before to fix the issue.

Any possible fix to avoid this issue?

Ranjit Kumar

Add Your Reply