E-Business Suit (R12) Integration with OAM 11g – HTTP 404 Error : /ssologin not found

Recently we came across an issue while integrating EBS R12 with OAM 11g using 10g Webgate for one of our trainee in EBS-OAM Integration Trainnig.

Issue:- On requesting the EBS URL , User was redirected to Authenticate Agent URL value  which is set as Profile option in EBS. This request was then intercepted by 10g Webgate on OHS and forwarded to OAM.
OAM after checking that  the requested resource is protected was suppose to apply the protected authentication policy and present the challenge page to User.

But instead of getting the Challenge page, user was experiencing HTTP 404 error:-

On enabling HTTP headers trace, it shows that on requesting /ssologin , OAM server responds back with 404 error:-

GET /ebsauth_visr12/ssologin HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

HTTP/1.1 302 Moved Temporarily

GET /oam/server/obrareq.cgi?wh%3Dvisr12_hostid %20wu%3D%2F ebsauth_visr12%2F ssologin %20wo%3D1%20rh%3D http%3A%2F%2F innowavexx .focusthread.com%20ru%3D%252Febsauth_visr1 2%252F ssologin HTTP/1.1
If-None-Match: “9696-8-4c626e271ac40”
Host: innowavexx.focusthread.com
Connection: Keep-Alive

HTTP/1.1 404 Not Found
Server: Oracle-Application-Server-11g
Content-Length: 188
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Under Oam diagnostic log file ( default location- $DOMAIN_HOME/servers/oam_server1/logs) , error was recorded as:-

oam_server1-diagnostic.log:[2012-08-01T11:16:24.338+01:00] [oam_server1] [TRACE] [] [oracle.oam.engine.policy] [tid: NioProcessor-1] [userId: <anonymous>] [ecid: 0000JZT1WPXBDCHMyufd6G1G5x0T000003,0] [APP: oam_server] [SRC_METHOD: fine] [SRC_CLASS: oracle.security.am.engines.common.adapters.OAMLoggerImpl] Called isResourceProtected () with resource : Resource Name: WebGateResource Type: HTTP URL: /ssologin RESULT DENY

Which clearly states that its trying to access /ssologin which is being denied by OAM and hence 404 error.


The issue was happening because of ‘DENY on Not Protected‘ flag on webgate agent registered with OAM.
The difference between 10g and 11g OAM is that in 11g, the default is that everything is protected once the webgate is installed (deny on protected is checked).

In 11g if you want a specific url to be not protected, you may need to create a public resource policy and protected via an anonymous auth scheme which will stop it from being protected.
In 10g the default behavior is to set the resource as allowed unless a specific policy is created for that resource.

If the ‘Deny On Not Protected’ flag is set in the Agent settings, HTTP-404 Not Found error occurs in the browser when the resource is accessed.


Uncheck the ‘DENY On Not Protected’ flag under oam console:-
1) Login to OAM Console http://oam_hostname:adminserver_port/oamconsole
2) System Configuration –>Access Manager Agents –> SSO Agents –> OAM Agents –> search for respective Agent
3)Uncheck ‘DENY on NOT Protected’
4)click Apply and Bounce the OHS of respective webgate

We provided a dedicated module for Troubleshooting where we cover Logging in WebGate, OHS, EBS Accessgate, DIP, OAM, and OID in our EBS-OAM/OID Integration Training , more about training here

If you have not yet downloaded FREE eBook – 7 Docs every Oracle Apps DBA must read for EBS R12 integration with OAM/OID for SSO get a copy in your eMail.


Share This Post with Your Friends over Social Media!

About the Author Neha Mittal

Leave a Comment:

Priya says August 29, 2013

Hi Neha, Im working on integration of OAM with E-Business(+OID) using WNA. I have few clarifications related to this.
1. Whether to set OID or AD as default store in OAM?
2. For OAM with WNA, AD should be the default store, in that case do we need to send only userid in response headers?
3. What is the necessity to do DIP synch between AD and OID?


    Atul Kumar says August 29, 2013

    1. Whether to set OID or AD as default store in OAM?

    both should work as long as user exists in both AD & OID

    2. For OAM with WNA, AD should be the default store, in that case do we need to send only userid in response headers?

    again for WNA, OAM just send userid in kerberos token .

    3. What is the necessity to do DIP synch between AD and OID?
    So that users stay in sync between OID & AD. OID is only supported LDAP between EBS and OAM and for kerberos user must exist in AD .

Priya says August 30, 2013

Thanks for the response.

1. Install OAM
2. Install OID, register oracle instance and OID with Ebiz, change OID to return orclguid paramter value during search operations.
3. Install Ebiz Access gate ie, deploy Ebiz access gate
4. Install and register web gate.
5. Integrate OAM with WNA, configure dip synch between oid and AD, send user id in response header.

Other than this, in a forum there is a mention about configuring external authentication plugin for OID to AD. Is this required? what is the need for this?
Am I done with the above listed configurations?

Purva says April 28, 2014

Hi Priya,

I have configured WNA with OAM 11gr2ps2 -EBS 12.1.3 integrated error. When I try to access EBS page, I am getting same error (404 not found for /ssologin)
I have protected /ssologin* and /ssologin/** with public resource policy for authentication and protected resource policy for authorizaion.

In headers, I can see the following:

GET /ebsauth_ebprd/ssologin HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: ebsdlxsrv2.ad.adco.net:7780
Cookie: EBSAuthCookie=7160|||N; OAMAuthnHintCookie=0@1398684205; OAM_ID=VERSION_4~EgwvIQQUx1q16Ij6DWmADw==~YP+RobC3qe4nlLiG5ldQxeohNj1Pv4xekxglFvCQmlZvfovNxWFhckljJ983Dan07elvK4pUoYBPK/dOdbCEzZ+8c/1dmT/fVaA20Zg8WxQcqFHbBO1Cba9JfJ/PC3ubT1ew9X7tj1s6/3Vq9IragSjPH8TIjWtkM82CSklifwM=; OAMAuthnCookie_ebsdlxsrv2.ad.adco.net:7780=KM4oD1B42rsNd0Rq%2BJR7hvOWigDUIty%2F%2FrxTKH4Xc0ugYpBGpur3SdxNI2sUzCduS0H2nCeXf8%2FWRMkrcCy6uiH4TgYXmylpsdY04SLpS%2Fmh3N6gZdwVn2aJ1%2B3U%2FuqQQkeMj%2FmPdZKk2bq2YrzGCXcUe5i9NWjTxWW0CBxfCVfFD7OrlbRq5htd%2BahrjaKM4U3HLgFU6iwzuGnW20QUiW6emhx3u4CVyZR3Hf94TM59m35TmeLv%2FQleWCpPa0JykNTdXo5nlDUwRW4XL12S8F0AQCIKkeXKfNKl2uLjSOV2DG18WoMNxtxJp6SedxWu

HTTP/1.1 404 Not Found
Date: Mon, 28 Apr 2014 11:23:25 GMT
Server: Oracle-Application-Server-11g
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 1164
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en

Also in 11gr2, we can not uncheck the flag – “Deny on not protected”

Could you please help me?


ashish19 says June 9, 2014


I have followed all the directions, in your e-book about the OAM-EBS integration.

Initially the re-direction was working, to OAM login page.
But then the re-direction to the OAM login page is NOT working anymore.

In IE ,we get the following message:

HTTP 404 not found.

When we use , Firefox we get the following message

Not Found

The requested URL /ebsauth_EBSD4/ssologin was not found.


We are using

Sun – JDK – 1.6.0_45
WLS – 10.3.6
LDAP server – OID –
Web Server – OHS – webgate – SLES11-SP2
OAM version
EBS R12.1.3

Please help.



    Atul Kumar says June 9, 2014

    @ Ashish19,
    What’s changed ? Did you reset passwords or changed anything ?

Ashish19 says June 9, 2014

Hello Atul,

Thanks for your reply.

Nothing has changed.

We followed all the directions in the ebook.
Were able to integrate OID with the EBS.

Created new account in OID and that got propagated to EBS, fnd_users table.

Please tell some diagnostic, things we can check to see our configuration.



Ashish19 says June 12, 2014

Hoping this will provide more information, so you can help me.

I did the Test Webgate for public resource and it went well.


But when I do the test for Webgate for protected resource


The re-direction from Webgate to OAM login page happens, but when I enter the Userid/passwd, I get the following error.

‘System error. Please contact the System Administrator.’.


Please note , I have done the Webgate registration step post OID integration with EBS.



Ashish19 says February 18, 2015

Hello Atul/Neha,

As I mentioned earlier I had bought your book and let me say, it was very helpful, especially for a person like me , who did not have much knowledge about OAM in the beginning.

Now we have configured our EBS R12.1.3 with OAM 11gR2 , OID using the AD credentials and it is working.

Now we are trying to configure WNA/Kerberos in this setup, so our users don’t have to enter their password.

Can you please point me , where I can find the information for configuring WNA/Kerberos.

Your book does not cover WNA/Kerberos configuration, right, at least the version I bought last year ?



ramesh reddy says March 18, 2016

Login page error: 404 – The url /OA_HTML/AppsLogin not found

Pls tell me how to resolve

    Atul Kumar says March 22, 2016

    Compile the JSP and try again – Look at error_log in OHS

    Unable To Open The E-Business Suite Login HTTP-404 Error. Error_log Shows “File does not exist: $INST_TOP/portal/OA_HTML/AppsLogin” (Doc ID 1177264.1)

    R12.1.1: AppsLogin is failing with error ‘The webpage cannot be found’ – HTTP 404 after a restart of the Middle-Tier (Doc ID 1122804.1)

AJ Akain says May 4, 2017

Does anyone know what the EBSAuthCookie does? I believe the AccessGate creates this cookie.

Thank you!

Add Your Reply