This post covers issue encountered during EBS logon using Oracle Access Manager (OAM) as Single Sign-On Engine from our EBS-OAM Integration Trainnig.
Issue: User trying to access EBS (integrated with OAM for SSO) is re-directed to login page (deployed on EBS AccessGate) . On typing username password, user is redirected to EBS page with message “Your Oracle E-Business Suite Account has not been linked with the Single Sign-On Account that you just entered. Please enter your Oracle E-Business Suite information.”
First understand how SSO user (user stored in OID) is linked to EBS User (FND_USER).
1. Oracle Access Manager (OAM) by default validates username/password against weblogic’s embedded LDAP server. During EBS integration you point OAM to OID for username password validation. To change OAM 22.214.171.124 identity store to OID click here and for OAM 126.96.36.199 to OID integration steps click here
2. OID contains username/password and also referred as SSO user or SSO Account.
3. Users are synced between OID and EBS (FND_USER and optionally HR & TCA account) either using DIP or OIM (EBS UM connector). More on Oracle EBS integration with OIM using EBS-UM connector later
4. User in EBS is linked with OID using value in column USER_GUID from table FND_USER in EBS with attribute ORCLGUID in OID.
5. If for any user
i) USER_NAME in FND_USER table matches with UID attribute in OID
ii) USER_GUID is NULL in FND_USER for this user
iii) EBS Profile Option Applications SSO User Auto Link is set to enbaled
then EBS AccessGate will update USER_GUID (in FND_USER table) from ORCLGUID value retrieved from OID. This process is called Auto Linking of EBS user with OID.
Coming back to our issue – After OAM Logon user is redirected to EBS page with message “Your Oracle E-Business Suite Account has not been linked with the Single Sign-On Account that you just entered. Please enter your Oracle E-Business Suite information” could occur in following cases:
1. There is no user in EBS with USER_GUID (in FND_USER table) value same as ORCGUID in OID, and EBS Profile Option Applications SSO User Auto Link is set to blank or disabled (auto link is disabled)
2. EBS Profile Option Applications SSO User Auto Link is set to enabled but there is no user in EBS with USER_NAME (in FND_USER table) value same as UID attribute in OID. This means user is not synced from OID to EBS.
3. There is user in EBS with USER_GUID (in FND_USER table) value same as ORCGUID in OID but user is end dated in EBS (END_DATE in FND_USER table) – In this case you should see message “Error Occurred” after typing username/password in EBSAccessGate logon page.
If you have not yet downloaded FREE eBook – 7 Docs every Oracle Apps DBA must read for EBS R12 integration with OAM/OID for SSO get a copy in your eMail.
Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.