r12 singel sign on

Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On

January 2010

This document contains information for integrating Oracle Application Server 10g Enterprise Edition with Oracle E-Business Suite release 12. You should read and understand all content described here before you begin your installation.

The most current version of this document can be obtained in Metalink Note 376811.1

There is a change log at the end of this document.

Section 1: Overview Section 2: Features and Supported Architectures Section 3: Components and Build Versions Section 4: Before You Begin Section 5: Pre-Install Tasks Section 6: Implement Oracle Single Sign-On Support for the E-Business Suite Section 7: Available Documentation Appendix A: Advanced Configuration - Manual OSSO/OID Registration Appendix B: Product-Specific OSSO Exceptions Appendix C: Known Issues

Conventions

Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On [ID 376811.1]

Modified 04-FEB-2010 Type HOWTO Status PUBLISHED

Convention Meaning

\ Represents 'line continuation character'. It can be used to to break command (in UNIX) into two or more lines.

Mono space text Represents command line text. Type this text exactly as shown.

Text enclosed in angled or square brackets represents a variable. Substitute an appropriate

of 42Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On

8/10/2010https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=376811.1

Important Directory Locations

This section helps you identify some important directories of E-Business suite Instance, which are relevant for this document. Make sure you understand the purpose and location of these directories as explained below:

[ ] or { } value for the variable text. Do not type the brackets.

Directory Paths

Directory paths in this document are relative to the top level installation directory for the Oracle E-Business Suite. e.g. if you installed the Oracle E-Business Suite under a directory named /my/appsinstall then [iAS_ORACLE_HOME]/Apache in this document will mean the fully qualified path: /my/appsinstall/apps/tech_st/10.1.3/Apache.

CONTEXT_FILE

Full path to the Applications context file on the application tier or database tier. The default locations are as follows.

Application tier context file: $INST_TOP/admin/[CONTEXT_NAME].xml Database tier context file: [RDBMS ORACLE_HOME]/appsutil/[CONTEXT_NAME].xml

CONTEXT_NAMEThe CONTEXT_NAME variable specifies the name of the Applications context that is used by AutoConfig. The default is [SID]_[hostname]. To find exact value of your instance CONTEXT_NAME you can refer variable s_contextname in Application tier context file.

Abbreviation Directory Location

[DB_ORACLE_HOME] The ORACLE_HOME where your applications database is installed. The default location is .../db/tech_st/10.2.0

[ORIGINAL_ORACLE_BASE]This is the directory under which the HTTP ORACLE_HOME and the 10.1.2 technology stack ORACLE_HOME is installed. The default location for this directory is [top level apps install directory]/apps/tech_st

[ORAHTTP_TOP] The directory where your HTTP Server is installed. The default location is [HTTP_ORACLE_HOME]/Apache



Advisory for E-Business Suite Customers using Oracle Application Server 10g

Oracle recommends that customers apply only OracleAS 10g Enterprise Edition releases and patches that have been certified with the E-Business Suite Release 12, as documented in the following Metalink Notes:

Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and OracleAS Single Sign-On (Note 376811.1) Using Discoverer 10.1.2 with Oracle E-Business Suite Release 12 (Note 373634.1) Enabling SSL in Oracle E-Business Suite Release 12 (Note 376700.1) Using Oracle Portal 10g with Oracle E-Business Suite Release 12 (Note 380484.1) Installing and Configuring Web Cache 10g and Oracle E-Business Suite 12 (380486.1)

There may be specific circumstances where it is necessary for E-Business Suite customers to apply uncertified OracleAS 10g Enterprise Edition one-offs, patchsets, or MLRs. Oracle strongly recommends applying such patches only if the circumstances clearly demand it. Customers apply uncertified OracleAS 10g Enterprise Edition patches at their own risk, and Oracle strongly recommends that customers take complete backups of their OracleAS 10g + E-Business Suite integrated environments prior to patch application.

E-Business Suite customers may verify the certification status of specific OracleAS 10g Enterprise Edition patches by logging Service Requests via OracleMetalink using the following information:

Product: "Oracle Applications Technology Stack" Type of Problem: "Oracle Application Server 10g"

Section 1: Overview

This document contains information for integrating Oracle Application Server 10g Enterprise Edition with the E-Business Suite. Benefits of this configuration include E-Business Suite support for the following services running on servers external to the E-Business Suite environment:

Oracle Single Sign-On (OSSO) 10g Oracle Internet Directory (OID) 10g

[HTTP_ORACLE_HOME] The ORACLE_HOME where 10.1.3.0 or your HTTP Server is installed. The default location is .../apps/tech_st/10.1.3

AS 10.1.2 ORACLE_HOME ORACLE_HOME installed by Oracle Applications on Application Tier used for forms/reports. Ex. [ORIGINAL_ORACLE_BASE]/10.1.2

AS 10.1.3 ORACLE_HOME ORACLE_HOME installed by Oracle Applications on Application Tier used for HTTP server and JAVA. Ex. [ORIGINAL_ORACLE_BASE]/10.1.3



Oracle Portal 10g Oracle Discoverer 10g Oracle Web Cache 10g Third-party single sign-on solutions Third-party Lightweight Directory Access Protocol (LDAP) directories

These services may run:

On one or more standalone servers external to the existing Oracle E-Business Suite Release 12 environment. In separate ORACLE_HOMEs on existing servers

These services may not run:

In the existing Oracle E-Business Suite Release 12 Oracle Application Server 10g 10.1.2 ORACLE_HOME for Forms and Reports In the existing Oracle E-Business Suite Release 12 Oracle Application Server 10g 10.1.3 ORACLE_HOME for Web and Java services

For more information about E-Business Suite Release 12 architectures, see Oracle Applications Concepts, Release 12 (Part No. B31450-01).

1. Install Oracle Application Server 10g Enterprise Edition on a standalone server or in a separate ORACLE_HOMEs on an existing server. 2. Install interoperability patches to integrate the Oracle Application Server 10g Enterprise Edition server with the E-Business Suite environment. 3. Synchronize user information between the Oracle Application Server 10g Enterprise Edition server and the E-Business Suite environment.

Section 2: Features and Supported Architectures

Accessing E-Business Suite Instances with Oracle Single Sign-On

Oracle Application Server 10g (10.1.4.01), Oracle Internet Directory , OracleAS Single Sign-on Server , are required to enable Single Sign-On functionalityfor the E-Business Suite.

Implementing Oracle Single Sign-On (OSSO) functionality for the E-Business Suite allows organizations to share one user definition throughout multiple parts of their enterprise. Typically, the common user definition is stored in a Lightweight Directory Access Protocol (LDAP) repository such as Oracle Internet Directory (OID). Oracle Internet Directory serves as a central repository for user credentials and other user information for all Oracle products, including Oracle Application Server 10g Enterprise Edition and Oracle Portal. This user information is periodically synchronized with the E-Business Suite instance through a combination of Oracle Workflow and Oracle Applications patches.

For Oracle E-Business Suite Release 12, mod_osso is used for Oracle Single Sign-On authentication. Mod_osso is an Oracle HTTP Server module that provides authentication to OracleAS applications. It replaces the Oracle Single Sign-On SDK used in earlier releases of Oracle Single Sign-On to integrate partner applications. It allows the E-Business Suite to register as a partner application to the Oracle Single Sign-On Server, giving users the ability to access other registered partner applications with a single credential (for example, a username/password combination).



As a partner application, the E-Business Suite also supports Single Sign-Off. Release 12 users can simultaneously terminate a Oracle Single Sign-On session and log out of all active partner applications by logging out of a single partner application. Selecting Logout in a partner application returns users to the Single Sign-Off page, where logout occurs

Integration with Third-Party Access Management Systems and LDAP Directories

Organizations that have standardized on third-party access management systems (for example, Microsoft Windows/Kerberos or CA Netegrity SiteMinder) can optionally integrate them with Oracle Single Sign-On server. Integration is via APIs that enable the Oracle Single Sign-On server to act as an authentication gateway between third-party single sign-on systems and the E-Business Suite.

In this configuration, the Oracle Single Sign-On server, the third-party single sign-on server, and the partner application form a chain of trust. The Oracle Single Sign-On server delegates authentication to the third-party single sign-on server, becoming essentially a partner application to it. The E-Business Suite and other Oracle products continue to work only with the Oracle Single Sign-On server, and are unaware of the third-party single sign-on server. Implicitly, however, they trust the third-party server.

Organizations that have standardized on third-party Lightweight Directory Access Protocol (LDAP) directories can optionally integrate them with Oracle Internet Directory. Oracle Internet Directory synchronizes with third-party meta directory solutions.

Supported Architectures and Configurations

1. Type of integration with Release 12

A. OSSO and OID only B. OSSO and OID and Portal C. Discoverer only D. Discoverer with either A or B configurations above

2. Location of Oracle Application Server 10g Enterprise Edition install

A. On existing Release 12 application tier server node in separate ORACLE_HOMEs. B. Physically separate standalone server.

3. Users are authenticated by

A. OSSO B. External third-party access manager (e.g. Windows Native Authentication) C. Native E-Business Suite combined with one of the above D. Combination of the above

4. Master source-of-truth for user information



A. OID B. External third-party user repository (e.g. Microsoft Active Directory) C. Combination of the above

Note: FND_USER may not be used as the exclusive authentication source when Release 12 is integrated with Oracle Application Server 10g Enterprise Edition.

5. Direction of synchronization of user information with third-party user repository

A. From OID to third-party user repository B. From third-party user repository to OID C. Combination of the above

6. Method for initial population of user information in OID and Release 12

A. From Release 12 to OID B. From OID to Release 12 C. From third-party user repository to OID to Release 12 D. Independently in OID, independently in Release 12, then link on first sign-on with link-on-the-fly. E. From third-party user repository to OID, independently in Release 12, then link on first sign-on with link-on-the-fly F. Combination of the above

7. Method for ongoing updates to user information

A. From Release 12 to OID B. From OID to Release 12 C. From third-party user repository to OID to Release 12 D. Combination of the above

For more detailed explanation, See Oracle Application System Administrator's Guide-Security, Release 12 (Part No. B31451-03).

8. What the user sees after sign-on

A. Portal home page B. Oracle Applications Framework home page

(Depending on the configuration)

9. Other supported options



A. Allow user to associate OID account with multiple Release 12 accounts

Section 3: Components and Supported Versions

3.1. Components

Oracle E-Business Suite Release 12

The following components must be used on the E-Business Suite instance:

Oracle Application Server 10g Enterprise Edition

The following Oracle Application Server 10g Enterprise Edition components must be used on the standalone instance:

Section 4: Before You Begin

Before you proceed any further, ensure that you have obtained the following:

Component Name Release

Oracle E-Business Suite Release 12 12.0.x to 12.1.x

Oracle 10g Application Server 10.1.2

Oracle 10g Application Server 10.1.3

Oracle Developer 10g (includes Oracle Forms) 10.1.2

Component Name Release

Oracle Single Sign-On 10g 10.1.4.3.0

Oracle Internet Directory 10g 10.1.4.3.0

Oracle Portal 10g (optional) 10.1.4.2.0

Oracle Web Cache 10g (optional) 10.1.2.3.0

Oracle Discoverer 10g (optional) 10.1.2.3.0



From the Oracle Store or the Oracle Technology Network :

CD Pack for Oracle Application Server 10g Release 2 Enterprise Edition

From Oracle MetaLink:

Oracle Applications Concepts, Release 12 (Part No. B31450-03) Oracle Applications System Administrator's Guide-Security, Release 12 (Part No.B31451-03). Note 373634.1 - Using Discoverer 10.1.2 with Oracle E-Business Suite Release 12 Note 380486.1 - Installing and Configuring Web Cache 10g and Oracle E-Business Suite 12 Note 314422.1 - Remote Diagnostic Agent (RDA) 4 - User Guide Note 380484.1 - Using Oracle Portal 10g with Oracle E-Business Suite Release 12

Section 5: Pre-Install Tasks

Perform the following pre-install tasks before you start your installation:

Pre-Install Task 1: Install Oracle Remote Diagnostic Agent for E-Business Suite (optional)

Pre-Install Task 1, Step 1: Install Oracle Remote Diagnostic Agent

The Oracle Remote Diagnostic Agent may optionally be installed in your E-Business Suite environment to streamline the process of gathering diagnostic information when filing Service Requests (SR's) with Oracle Support. If you plan to enable Oracle Single Sign-On for multiple E-Business Suite instances, then each instance must have the Oracle Remote Diagnostic Agent installed.

Obtain Note 314422.1 Oracle Remote Diagnostic Agent (RDA) from Oracle MetaLink. Download and install the appropriate version of the Oracle Remote Diagnostic Agent for your operating system platform.

Pre-Install Task 2: Install OracleAS Identity Management Infrastructure 10g (10.1.4.0.1)

If you already have an existing OracleAS 10g (10.1.2.0.2) instance, skip this step and proceed directly to the next Pre-Install step.

Perform this task to install 'OracleAS Identity Management Infrastructure 10g (10.1.4.0.1)' for the first time.

This task creates the standalone Oracle Application Server 10g Enterprise Edition server that will be associated with the E-Business Suite server.

Pre-Install Task 2, Step 1:



Obtain the CD Pack for Oracle Application Server 10g Enterprise Edition for your operating system platform.

Note for OEL4.0 PLATFORM: Apply patch 6198537. Refer patch readme for more details.


Review Chapters 1, 2 and 3 of the Oracle Application Server 10g Installation Guide for your operating system platform. That documentation lists important architectural requirements for your Oracle Application Server 10g instance, some of which are:

Oracle Application Server 10g (10.1.4.0.1) provides a comprehensive Identity and Access Management solution. To enable Oracle Single Sign-On Support for E-Business suite Release 12, one need to select 'Oracle Application Server Infrastructure 10g' as a product during Install

The Oracle Application Server 10g application server installation and the Oracle Application Server 10g Infrastructure may reside on a single host or on separate hosts

The Oracle Application Server 10g application server installation and the Oracle Application Server 10g Infrastructure must be in separate ORACLE_HOMEs

The Oracle Application Server 10g Infrastructure must not be installed in the Oracle E-Business Suite Release 12 database. For more details, see Oracle MetaLink Note 251627.1, Installing an OracleAS Metadata Repository with an Oracle E-Business Suite Database.

The application server installation and the infrastructure must not be installed in the ORACLE_HOME of an existing Oracle E-Business Suite Release 12 application-tier server node

This is not a comprehensive list of architectural requirements for Oracle Application Server 10g Enterprise Edition. Review the documentation and release notes for your operating system platform for additional details.


Ensure that the target host meets hardware requirements for Oracle Application Server 10g Enterprise Edition. Also ensure that all operating system and software prerequisites have been met, including the latest version of Java 2 Standard Edition.


Follow the Oracle Application Server 10g Installation Guide for your operating system platform for instructions on installing an OracleAS 10g Infrastructure into its own ORACLE_HOME. The OracleAS 10g Infrastructure includes the following OracleAS Metadata repository and Oracle Identity Management Components:

If you wish to use OracleAS 10g to enable single sign-on for Release 12 environments, you will require (at minimum):

"Metadata Repository" option of the OracleAS Infrastructure 10g 10.1.4.0.1 Installation. "Identity Management" option of the OracleAS Infrastructure 10g 10.1.4.0.1 Installation. The "Identity Management" option includes



Identity Management components like Oracle Internet Directory, Oracle Single Sign-On, and Delegated Administration Services, and may be installed at the same time as the "Metadata Repository"

Pre-Install Task 3:Upgrade OracleAS 10g Infrastructure (10.1.2.0.2) to Oracle Identity Management 10g (10.1.4.0.1)


Before starting your upgrade, make a complete backup of your environment. In particular, ensure that you have backed up the Oracle Application Server 10g, the Oracle Application Server 10g infrastructure, and the inventory location.


If you have an existing OracleAS 10.1.2.0.2 Infrastructure, upgrade it to Oracle Identity Management 10g (10.1.4.0.1) referring 'Upgrade and Compatibility Guide' for your operating system platform. Refer 'Chapter 3: Understanding Version Compatibility' in particular, to identify existing Oracle Homes to upgrade.

Keep existing 10.1.2.0.2 Middle-Tier Instance(s) as it is. They will continue to function as normal with Oracle Identity Management 10g (10.1.4.0.1)

No additional steps are required to refresh existing OSSO, OID, Portal and/or Discoverer registrations performed with E-Business suite Release 12 using previous versions. These will be preserved and will continue to function as normal after upgrade to 10.1.4.0.1.

Pre-Install Task 4: Apply the latest certified Application Server Patchset

Oracle E-Business Suite Release 12 is certified with the Application Server Patch Sets listed in the table below:

Follow the installation instructions provided in the patch README to install the patch on your Identity Management Server and to check supported operating systems.

Certified AS Patchset Download Location Onde

Oracle Identity Management 10g Release 3 Patch Set 1 (10.1.4.2) 5983637

Oracle Identity Management 10g Release 3 Patch Set 2 (10.1.4.3) 7215628

Oracle Application Server and Oracle Developer Suite 10g Release 2 (10.1.2) Patch Set 2 (10.1.2.2.0) 4960210

Oracle Application Server and Oracle Developer Suite 10g Release 2 (10.1.2) Patch Set 3 (10.1.2.3.0) 5983622



Oracle always recommends latest certified AS patchset for E-Business Suite customers.

Pre-Install Task 5: Apply patch 6652745 (Windows Platform Only)

Windows customers need to download the patch 6652745 from OracleMetalink and follow the install instructions in patch README.

Pre-Install Task 6: Apply patch 7362662

Customers need to download the patch 7362662 from OracleMetalink and follow the install instructions in patch README.

Pre-Install Task 7: Test your Oracle Application Server 10g environment

At a minimum, the following test is recommended to ensure that the Identity Management infrastructure is working correctly.

Start Oracle Internet Directory Delegated Administration Services by going to:

http://[host_name].[domain]:[Infrastructure http port number]/oiddas

Log in using the orcladmin userid Navigate to Directory > Create. Create a test userid, supplying a password and other user information. Click Submit. Log out. Log into Oracle Internet Directory Delegated Administration Services using the newly created test userid. Ensure the Directory Integration and Provisioning Platform Server is running. The command ps -ef | grep odi should show a process called

$ORACLE_HOME/bin/odisrv running.

Pre-Install Task 8: Make a complete backup of your environment

After successfully testing your installation, make a complete backup of your environment. In particular, ensure that you have backed up the Oracle Application Server 10g, the Oracle Application Server 10g infrastructure, and the inventory location.

Section 6: Implement Oracle Single Sign-On Support For the E-Business Suite

OSSO Task 1: Install E-Business Suite OSSO 10g Integration Patch

The E-Business Suite Release 12 Rapid Install includes all patches required for integration with Oracle Single Sign-On and Oracle Internet Directory 10g. No additional patches are required.



Note: If you are integrating Oracle 10gAS OSSO/OID with AIX based Oracle E-Business Suite Release 12, then OID registration will fail with following error. Apply patch 5855635 to AS 10.1.3 ORACLE_HOME of Release 12. See known issue section and patch readme for more details. java.lang.UnsatisfiedLinkError: jmisc (A file or directory in the path name does not exist.)

OSSO Task 2: Configure Oracle Identity Management 10g (10.1.4.x) Components with E-Business Suite

Note: See Oracle Applications System Administrator's Guide - Security, Release 12 (Part No. B31451-03) , which provides various scenarios for synchronizing user information between Oracle E-Business Suite and Oracle Internet Directory. The following steps create a default configuration employing bidirectional synchronization of user information between Oracle Internet Directory and the E-Business Suite. This default configuration meets the majority of customer requirements, but before proceeding further, you should review Oracle Applications System Administrator's Guide - Security, Release 12 (Part No. B31451-03) to evaluate whether an alternate configuration better meets your needs. If so, you may elect to perform a manual configuration, as detailed in Appendix A.

Perform the following steps on all application-tier web node(s).

OSSO Task 2, Step 1: Choose Registration Type - Default (Simple) or Advanced

The registration script automates both OSSO and OID registration. To simplify the registration process, the script defaults many parameters. The default (Simple) registration process will result in a configuration that meets the needs of the majority of users.

System administrators should review the default settings to determine whether they apply to their environment. The features of the default simple registration are:

10.1.3 Oracle Home Registration Registers AS 10.1.3 Oracle Home in OID before OSSO or OID registration. 10.1.3 Oracle Home registration will happen only once per E-Business Suite deployment including multinode deployments. In

multi node configuration it can be done on any node. OSSO Registration

Creates a single OSSO partner application Listener Token is set to the site level value of profile option, Applications Database ID (APPS_DATABASE_ID)

OID Registration Registers E-Business Suite with OID using the provisioningtype=1 provisioning profile. This will enable Bidirectional user

synchronization with user creation. Requires that you have not changed the default OID password policy, i.e., at least 5 characters with 1 numeric character.

If you need to use different settings, please refer to Appendix A: Advanced Configuration - Manual OSSO/OID Registration



OSSO Task 2, Step 2: Compile Parameter Checklist

Before running the registration script, make sure you've gathered all the information in the following checklist.

Parameter Checklist:

Sr. No Parameter Description Example Comments

1

Hostname of Oracle Application Server Infrastructure database {mandatory}

alpha.company.com Fully qualified name recommended, e.g. alpha.company.com rather than just alpha

2LDAP port of Oracle Internet Directory{mandatory}

389 Check for LDAP port number in $ORACLE_HOME/install/portlist.ini

3LDAP SSL port of Oracle Internet Directory {mandatory}

636 Check for LDAP port number in $ORACLE_HOME/install/portlist.ini

4

Password of Oracle E-Business Suite database user, "APPS" {mandatory}

[password] APPS user password.

5

Password of Oracle Internet Directory admin user, "orcladmin {mandatory}

welcome123 No comment needed.

6

Password to register E-Business Suite instance with Oracle Internet Directory {mandatory}

welcome123 No comment needed.

7Oracle Internet Directory administration user name.

orcladmin OID superuser name. Default value is "cn=orcladmin".

8 apps name s_contextnameThis instance will be registered with OID Server with this appname. Default value of appname s_contextname.



OSSO Task 2, Step 3: Refresh Environment Settings

As the owner of the application-tier file system,source the file $APPL_TOP/APPS[context_name].env to set the environment correctly.

OSSO Task 2, Step 4: Check Specific Environment Settings

OSSO Task 2, Step 4.1 - Ability to connect to E-Business Suite database

9 svcname s_contextnameThis instance will be registered with OID Server with this svcname. Default value of appname s_contextname.

11 Provisiontype 1

It specifies provisioning type between instance and OID Server. Allowed values are 1,2,3,4. This are for 1. Bidirectional, 2.Instance to OID Server, 3.OID Server to Instance, 4.Bidirectional no creation. Default value is 1.

12 ldaphost beta.company.com

For Non-Colocated Infrastructure, i.e. if ldaphost is different from infradbhost, pass value of ldaphost for this parameter in command line. Default value of ldaphost is infradbhost.

12 dbldapauthlevel 0

authentication level between E-Business database and OID Server for provisioning purpose. Values are, 0 - Non-SSL Communication, 1 - SSL with no authentication, 2 - SSL with server authentication, 3 - SSL with Client and Server authentication.

13 dbwalletdir FND_DB_WALLET_DIR

E-Business database wallet directory. This is must if dbldapauthlevel > 1. Default dbwalletdir is the value of site level profile FND_DB_WALLET_DIR

14 dbwalletpass [password] E-Business database wallet password. This is must if dbldapauthlevel > 1

15 rdbmsdnRDBMS DN of this E-Business database instance that is registered with OID Server e.g. cn=OracleContext



Check that the environment variable TWO_TASK (or LOCAL on Windows) is set correctly, by executing the command

sqlplus [apps user]/[apps password]@[two_task or local]

This will confirm that you are able to connect to the E-Business Suite database.

OSSO Task 2, Step 5: Run the Registration script

A perl script is used to register Oracle E-Business Suite instance with OracleAS Single Sign-On and Oracle Internet Directory. This registration process allows the E-Business Suite to delegate user authentication to Oracle Single Sign-On, and for user information to be synchronized between Oracle Internet Directory and the E-Business Suite.

For debugging purposes, it is strongly recommended that you keep careful records of all information entered in this step.

UNIX

On UNIX, you can split the command over multiple command lines, by entering the '\' continuation character followed by [Return]. Execute the following command if you want to use the default (simple) registration that uses the bidirectional provisioning:

$FND_TOP/bin/txkrun.pl -script=SetSSOReg

Execute the following command if you want to use the default (simple) registration, but with a different provisioning type:

$FND_TOP/bin/txkrun.pl -script=SetSSOReg \ -provisiontype=[Provision Type]

where [Provision Type] corresponds to the provisioning type that you wish to use.

WINDOWS

On Windows, you must pass all the arguments on a single command line, pressing [Return] once at the end. Execute the following command if you want to use the default (simple) registration that uses bidirectional provisioning:

%ADPERLPRG% %FND_TOP%\bin\txkrun.pl -script=SetSSOReg

Execute the following command if you want to use the default (simple) registration, but with a different provisioning type:



%ADPERLPRG% %FND_TOP%\bin\txkrun.pl -script=SetSSOReg \ - provisiontype=[Provision Type]

where [Provision Type] corresponds to the provisioning type that you wish to use.

Parameter Prompts:

The registration script will prompt for several parameters. Use the parameter values from the Parameter Checklist that you compiled. The script will prompt for the parameters in the following order:

Enter the host name where Oracle iAS Infrastructure database is installed ? ap6013atg.us.oracle.com Enter the LDAP Port on Oracle Internet Directory server ? 13061 Enter SSL LDAP Port on Oracle Internet Directory server ? 13131 Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? manager2 Enter the instance password that you would like to register this application instance with ? test123 Enter Oracle E-Business apps database user password ? APPS

Note: You can use the default (simple) registration and still chose a different provisioning type. You can do so by passing provisioningtype=[1-4] as part of script execution. For more details about Provisioning Types, please refer Appendix A: Section 4: Provisioning

Here is an example that chooses OutBound Provisioning instead of the default: UNIX

WINDOWS

If you need to override additional registration parameters, please refer to Appendix A: Advanced Configuration - Manual OSSO/OID Registration

$FND_TOP/bin/txkrun.pl -script=SetSSOReg -provisiontype=3

%ADPERLPRG% %FND_TOP%\bin\txkrun.pl -script=SetSSOReg \ - provisiontype=3



OSSO Task 2, Step 6: Confirm Successful Script Completion

When the registration script completes successfully, it will print the following line:

End of [FND_TOP]/patch/115/bin/txkSetSSOReg.pl : No Errors encountered

If you do not see this confirmation, examine the following file to investigate the problem:

$APPLRGF/TXK/txkSetSSOReg_[timestamp].xml

OSSO Task 2, Step 7: Enable SQL*Net Access to the E-Business Suite Database for OracleAS 10g Hosts (Conditional)

Perform this step if your E-Business Suite environment has enabled the "Enable Restricted Access" feature. This security feature restricts SQL*Net access to the E-Business Suite Release 12 database based on a white list of authorized hosts. If you already enabled this feature in Release 12 and you are enabling Oracle Single Sign-On for the first time, you must add the Oracle Application Server 10g application tier hosts to the SQL*Net white list before user information can be synchronized between Oracle Internet Directory and the E-Business Suite.

Oracle Applications Manager provides a wizard to restrict SQL*Net access to the database from your middle-tier hosts. If you enable the SQL*Net Access security option, you can select which hosts have SQL*Net access to the database. (Navigation: Oracle Applications Manager=>Applications Dashboard=>Security=>Manage Security Options)

Using this wizard you can specify a list of hosts that can access the Oracle Applications Database via SQL*Net. To do so, you need to complete the following tasks.

1. Run this wizard 2. Run AutoConfig on Database Tier 3. Bounce the TNS Listener for the new settings to take effect

Note: All virtual hosts must be manually reconciled with the appropriate physical mapping. Individual physical machines must be registered. You cannot specify subnet masks. You must register a resolvable network address.

OSSO Task 2, Step 8: Run Autoconfig

Execute adautocfg.sh script available under $ADMIN_SCRIPTS_HOME directory, on your E-Business suite middle-tier.

OSSO Task 2, Step 9: Restart Middle-tier services



The Oracle E-Business Suite Oracle HTTP Server must be stopped and restarted for your changes to take effect. For information about autoconfig, stopping and starting Applications processes, see Using AutoConfig to Manage System Configurations with Oracle E-Business Suite Release 12 (Oracle Metalink Note 387859.1)

OSSO Task 3: Validate that Oracle Single Sign-On is Working Correctly

To validate that Oracle E-Business Suite Release 12 has been properly registered as a partner application to Oracle Single Sign-On 10.1.2.0.2, perform the following steps:

OSSO Task 3, Step 1: Run the Diagnostic Utility

OSSO Task 3, Step 1.1: Login locally to the E-Business Suite

Login as user "sysadmin" to the E-Business Suite locally using this URL:

http[s]://[server][:port]/OA_HTML/AppsLocalLogin.jsp

Where [server] and [port] reflect the correct values for your environment.

OSSO Task 3, Step 1.2: Launch Diagnostics

Select the responsibility "CRM HTML Administration" from the Navigator's left pane Select the function "Diagnostics" from the Navigator's right pane. This will launch a new window. If you do not see a new window,

make sure any browser pop-up blockers are disabled.

OSSO Task 3, Step 1.3: Run OSSO Diagnostics

For 12.0.x Customers

Click on the "Basic" tab Choose "Application Object Library" from the Applications drop down Click on "SSO Setup Tests" - Click on "Run Without Pre-Requisite" All the tests should complete successfully Click on the "Report" icon for each test and verify the results

For 12.1.1.x Customers

Click "Selection Application" button



Enter "%Object%" in the field alongside "Search by Application Name" and click "Go" button Check "Select" in the 'Application Object Library' row of the "Results" table and click "Select" button Expand "SSO Setup Tests" Select all of the tests and click "Execute" button Click "Test Inputs" icon in the "E-Business account SSO Information" row Click "Add Another Row" in the "Custom Inputs" table Verify that "sysadmin2 is displayed in the "ebizAccount" field and click "Apply" button Select all of the tests and click "Submit" button Click "Refresh" button until all tests have completed All Tests should complete successfully If any errors are encountered click "View Report" icon for further details

Note: SSO Diagnostics will fail if E-Business Suite is SSL Enabled or using SSL Accelerator. You can ignore the error. Please refer known issues: 5765693 and 8773543 for more details.

OSSO Task 3, Step 1.4: Run OID Diagnostics

For 12.0.x Customers

Click on "OID Setup" - Click on "Run Without Pre-Requisite" All the tests should complete successfully Click on the "Report" icon for each test and verify the results

For 12.1.1.x Customers

Click "Selection Application" button Enter "%Object%" in the field alongside "Search by Application Name" and click "Go" button Check "Select" in the 'Application Object Library' row of the "Results" table and click "Select" button Expand "OID Setup" Select the test and click "Execute" button Click "Submit" button Click "Refresh" button until the test has completed The Test should complete successfully If any errors are encountered click "View Report" icon for further details

OSSO Task 3, Step 2 Verify OSSO integration with Oracle E-Business Suite

OSSO Task 3, Step 2.1

Request the appropriate E-Business Suite login link, of the form:



http://[host]:[port]/OA_HTML/AppsLogin

Where [host] and [port] reflect the correct values for your environment. This should direct you to the Oracle Single Sign-On Login screen.

OSSO Task 3, Step 2.2:

Enter the username and password for a valid account in Oracle Internet Directory. You should be directed to either the Oracle E-Business Suite home page or a page that shows "More Information Requested".


Click on the logout link on whichever of the pages that you see. You should now be directed to the Oracle Single Sign-On Logout page. If so, then Oracle Single Sign-On integration has been carried out correctly.

Also see Single Sign-On Processes

OSSO Task 3, Step 3: Verify that your Oracle E-Business Suite instance is correctly integrated with Oracle Internet Directory.

OSSO Task 3, Step 3.1:

Check that there are no errors in the Oracle Internet Directory log files for the E-Business Suite instance you have just configured. These files are on the machine that hosts Oracle Internet Directory, under $ORACLE_HOME/ldap/odi/log. There are two log files for each provisioning direction, so there will either be two or four in total. The files for provisioning from Oracle Internet Directory to E-Business Suite end with _E.aud and _E.trc. The files for provisioning from E-Business Suite to Oracle Internet Directory end with _I.aud and _I.trc.


Depending on how provisioning has been configured, try to create a user from either E-Business Suite or Oracle Internet Directory. If you used the default registration process, you may create a user in either E-Business Suite or Oracle Internet Directory and see the newly-provisioned user appear in the other system within about two minutes. The user details should also be visible in the relevant .aud log file mentioned above. If so, then provisioning configuration for Oracle Internet Directory has been performed correctly.

Also see Directory-Enabled Oracle Single Sign-On

Section 7: Available Documentation



Documentation for creating the standalone Oracle Application Server 10g instance

Oracle Application Server 10g Documentation Library

Appendix A: Advanced Configuration - Manual OSSO/OID Registration

This appendix provides an overview of OSSO-OID Registration tools to register E-Business instance with OSSO Server and OID Server. It contains the following sections:

Concepts Section 1: Registration

To register E-Business instance with OSSO and OID servers. Section 1.1: Register All

To register Oracle Home, with OSSO Server, instance with OID server in a single command. Section 1.2. Register Instance

To Register Oracle Home only. Section 1.3: Register OSSO

To register instance with OSSO Server only. Section 1.4: Register OID

To register instance with OID Server only. Section 2: Deregistration

To deregister E-Business instance with OSSO and OID servers. Section 2.1: Deregister All

To deregister instance from OID Server, instance from OSSO server and Oracle Home in a single command. Section 2.2: Deregister OID

To deregister instance from OID Server only. Section 2.3: Deregister OSSO

To deregister instance from OSSO Server only. Section 2.4: Deregister Instance

To deregister Oracle Home only. Section 3: Remove References Section 4: Provisioning Section 5: Troubleshooting

Attention: Source the E-Business Suite environment file as the owner of the application tier file system before executing the utility for registration or de-registration purpose.

Concepts



There are three components that can be registered or de-registered in Release 12 with the OSSO/OID registration utility. The utility automatically detects the registered components and performs registration for the un-registered components. So there is no need to pass individual registration arguments.

If you have a Single Node deployment then run the utility for OSSO/OID Registration as after sourcing the Application Tier environment file:

txkrun.pl -script=SetSSOReg

And for Deregistration:

txkrun.pl -script=SetSSOReg -deregister=Yes

And if you have a Multi-node deployment then run the utility as above on each Web Node for Registration or De-Registration. Services needs to be restarted after Registration and De-Registration.

Details about the three components are below.

Three Components

Oracle Home Registration

10.1.3 Oracle Home needs to be registered in the Infrastructure instance before either OID or OSSO registration can be attempted. We refer to this as registering an Oracle Home instance i.e. "registerinstance". Oracle Home needs to be registered only once per EBusiness Deployment including multinode deployments. In a multi node deployment, it can be done on any node.

Oracle Single Sign-On Registration

Single Sing-On registration involves registering EBusiness as a mod_osso based OSSO Partner Application. In the [ORA_CONFIG_HOME]/10.1.3/Apache/Apache/conf/httpd.conf file, the directive to include "mod_osso.conf" is uncommented to enable the mod_osso authentication. This is controlled by the Application Context variable "s_mod_osso_conf_comment" which should not have any value if EBusiness instance is integrated with OSSO server. Otherwise it defaults to "#".

2.1 MultiNode Single Web Entry URL Deployment

In a multi node Load Balanced deployment scenario when there is only one Web Entry URL, only one partner application is registered in the OSSO server. The OSSO configuration file generated from the partner application registration will be used on all the nodes. To achieve this, you will have to run the registration utility on every



node. The registration utility automatically detects the components needs to be registered and performs registration. When the OSSO configuration file is generated from the first node on which the utility is run, the file gets uploaded to FND_LOBS table in the EBusiness Database. From other nodes, the OSSO registration is detected and the file is pulled from the FND_LOBS table and copied to the config home.

2.2 DMZ Deployments With Multiple Web Entry URLs

In a multi node DMZ deployment, there are external Web Entry URL and internal Web Entry URLs. One mod_osso based OSSO partner application is required for each Web Entry URL. The partner applications are determined based on the unique APPS_FRAMEWORK_AGENT values from the FND_PROFILE_OPTION_VALUES table. The utility performs partner application registration if that specific partner application is not registered and uploads OSSO configuration files to the FND_LOBS table. When the utility is run on other nodes, it detects the registration and gets the correct OSSO configuration file from the FND_LOBS table and copies it to the CONFIG_HOME.

Oracle Internet Directory Registration

Oracle Internet Directory Synchronization and Provisioning needs to be done only once for any EBusiness Deployment. There are four choices for the provisioning which is controlled by " provisiontype " command line option which takes one of four values i.e. 1, 2 , 3 or 4.

For details about provisioning see Section "Provisioning" below.

Section 1: Registration

OSSO-OID Registration can be done using a single command (Section 1.1). Even though it can be done in a single command it is divided into three parts.

Oracle Home Registration. OSSO Registration. OID Registration.

Provision Type Description

-provisiontype=1 This is the default which enables BiDirectional Provisioning

-provisiontype=2 This enables InBound Provisioning i.e. EBusiness to OID

-provisiontype=3 This enables OutBound Provisioning i.e. OID to EBusiness

-provisiontype=4 This enables BiDiNoCreation Provisioning.



Attention: If you are trying to integrate an Oracle E-Business Suite Release 12 Vision instance created by Rapid Install with Oracle Single Sign-On or Oracle Internet Directory of Oracle AS 10g, following error will be displayed by the registration utility: *** ERROR : Previous registration detected with application name : Vision la4008 See known issues section for workaround and other details.

Section 1.1: Register All

Section 1.1.1: Interactive Mode

$FND_TOP/bin/txkrun.pl -script=SetSSOReg

It prompts for required arguments as follows:

Enter the host name where Oracle iAS Infrastructure database is installed ? ap6013atg.us.oracle.com

Enter the LDAP Port on Oracle Internet Directory server ? 13061

Enter SSL LDAP Port on Oracle Internet Directory server ? 13131

Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? manager2

Enter the instance password that you would like to register this application instance with ? test123

Enter Oracle E-Business apps database user password ? APPS

It does following things:

It validates the arguments

Registers this instance with infrastructure host.

Registers this instance as a partner application to the OSSO Server.

Registers this instance with OID server



Creates the provisioning.

Note: 1. User need to restart the middle-tier services 2. If it fails to register instance itself, user can rerun this command with valid arguments. 3. If it fails after instance registration user can do OSSO Registration as explained in Section 1.3 and OID Registration as explained in Section 1.4

Section 1.1.2: Non Interactive Mode

$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -infradbhost=ap6013atg.us.oracle.com \ -ldapport=13061 \ -ldapportssl=13131 \ [-ldaphost=ap6014atg.us.oracle.com \] [-oidadminuser=cn=orcladmin \] -oidadminuserpass=manager2 \ -appspass=APPS \ -instpass=test123 \ [-appname=[s_dbSid] \] [-svcname=[s_dbSid] \] [-provisiontype=1 \] [-dbldapauthlevel=1 \] [-dbldapport=13130 \] [-dbwalletpass= \] [-dbwalletdir= \] [-rdbmsdn= ]

Purpose of optional arguments:

oidadminuser: This is OID admin DN. Default value is cn=orcladmin.

appname: This instance will be registered with OID Server with this appname. Default value of appname is [s_dbSid].

svcname: This instance will be registered with OID Server with this svcname. Default value of appname is [s_dbSid].

provisiontype: It specifies the provisioning type between instance and OID Server. Default value is 1. Allowed values are as follows.

1 - Bidirectional. This is the default value.



2 - Instance to OID Server 3 - OID Server to Instance 4 - Bidirectional no creation

dbldapauthlevel: This is the selected authentication level between E-Business database and OID Server for provisioning purpose.

0 - Non-SSL Communication. This is the default value 1 - SSL with no authentication. 2 - SSL with server authentication 3 - SSL with Client and Server authentication.

dbldapport: Port on OID Server used by E-Business database for provisioning. default value is ldapport.

ldaphost: For Non-Colocated Infrastructure, i.e. if ldaphost is different from infradbhost, pass value of ldaphost for this parameter in command line. Default value of ldaphost is infradbhost.

dbwalletpass: E-Business database wallet password. This is must if dbldapauthlevel > 1

dbwalletdir: E-Business database wallet directory. This is must if dbldapauthlevel > 1. Default dbwalletdir is the value of site level profile FND_DB_WALLET_DIR

rdbmsdn: RDBMS DN of this E-Business database instance that is registered with OID Server e.g. cn=OracleContext

Section 1.2: Register Instance

1.2.1: Interactive Mode

$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -registerinstance=yes


Enter the host name where Oracle iAS Infrastructure database is installed ? ap6013atg.us.oracle.com


Enter SSL LDAP Port on Oracle Internet Directory server ? 13131







It registers this instance with Infrastructure host.

1.2.2: Non Interactive Mode

$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -registerinstance=yes \ -infradbhost=ap6013atg.us.oracle.com \ -ldapport=13061 \ -ldapportssl=13131 \ [-ldaphost=ap6014atg.us.oracle.com \] [-oidadminuser=cn=orcladmin \] -oidadminuserpass=manager2 \ -appspass=APPS


Purpose of all the optional arguments explained in Section 1.1.2: Purpose of optional arguments

Section 1.3: Register OSSO

1.3.1. Interactive Mode

$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -registersso=yes







It registers this instance as a partner application to the OSSO Server.

Note: 1. User needs to restart the services. 2. Instance should be registered with Infrastructure DB host already. Otherwise register the instance as explained in Section 1.2 and then try to register OSSO.

1.3.2. Non Interactive Mode

$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -registersso=yes \ -appspass=APPS

Section 1.4: Register OID


$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -registeroid=yes

It prompts for required arguments as follows

Enter LDAP Host name ? ap6013atg.us.oracle.com



Enter the instance password that you would like to register this application instance with ? test123






It registers this instance with OID Server. Also creates provisioning.


$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -registeroid=yes \ -ldaphost=ap6013atg.us.oracle.com \ -ldapport=13061 \ [-oidadminuser=cn=orcladmin \] -oidadminuserpass=manager2 \ -appspass=APPS \ -instpass=test123 \ [-appname=contextname \] [-svcname=contextname \] [-provisiontype=1 \] [-dbldapauthlevel=1 \] [-dbldapportssl=13130 \] [-dbwalletpass= \] [-dbwalletdir= \] [-rdbmsdn= ]


Purpose of all the optional arguments explained in Section 1.1.2 Purpose of optional arguments:

Section 2: Deregistration

OSSO-OID Deregistration can be done using a single command (2.1). Even though it can be done in a single command it is divided into three parts

OID Deregistration OSSO Deregistration Instance Deregistration

Section 2.1: Deregister All




$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -deregister=yes



Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? manager

[ Enter LDAP Host name ? ap6013atg.us.oracle.com ]

[ Enter the LDAP Port on Oracle Internet Directory server ? 13061 ]


It validates the arguments.

Deletes the Provisioning.

Deregisters this instance with OID Server.

Deregisters this instance with OSSO Server.

Deregisters this instance with Infrastructure host.

Note: 1. Prompts for ldaphost and ldapport if those are not existing in the database as fnd user preferences. 2. If it fails to deregister this instance, same command can be executed by passing valid arguments. 3. If it fails to deregister this instance with OSSO server, the deregister this instance with OSSO server as explained in Section 2.3 and deregister this instance with infrastructure host as explained in Section 2.4 4. If it fails to deregister this instance with infrastructure host, then deregister this instance with infrastructure host as explained in Section 2.4

2.1.2: Non Interactive Mode



$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -deregister=yes \ -appspass=APPS \ [-oidadminuser=cn=orcladmin \] -oidadminuserpass=manager2 \ [-ldaphost=ap6013atg \] [-ldapport=13061 \] [-appname=[s_dbSid] \] [-svcname=[s_dbSid] ]


Purpose of all the optional arguments explained in Section 1.1.2: Purpose of optional arguments

Note: appname, svcname should be provided if provided at the time of registration.

Section 2.2: Deregister OID


$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -deregisteroid=yes



[ Enter LDAP Host name ? ap6013atg.us.oracle.com ]

[ Enter the LDAP Port on Oracle Internet Directory server ? 13061 ]






It deletes the provisioning.

Deregisters this instance with OID Server.

Note: Prompts for ldaphost and ldapport if those are not existing in the database as fnd user preferences.


$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -deregisteroid=yes \ -appspass=APPS \ [-ldaphost=ap6013atg \] [-ldapport=13061 \] [-oidadminuser=cn=orcladmin \] -oidadminuserpass=manager2 \ [-appname=[s_dbSid] \] [-svcname=[s_dbSid] \]

Section 2.3: Deregister OSSO


$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -deregistersso=yes





Deregisters this instance with OSSO Server. User needs to restart the services.




$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -deregistersso=yes \ -appspass=APPS

Section 2.4: Deregister Instance


$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -deregisterinstance=yes






It deregisters this instance with infrastructure host.


$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -deregisterinstance=yes \ [-oidadminuser=cn=orcladmin \] -oidadminuserpass=manager2 -appspass=APPS


The purpose of all of the optional arguments is explained in Section 1.1.2: Purpose of optional arguments



Section 3: Remove References

OSSO-OID Registration stores a set of preferences on E-Business Database. If E-Business Instance is cloned from OSSO/OID Registered E-Business Instance, cloned environment has same preferences as the source environment and throws errors while OSSO/OID Registration. So following command should be called in post cloning phase or before proceeding for OSSO/OID Registration to remove all the preferences or settings from cloned environments.

3.1 Interactive Mode

$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -removereferences=Yes




It validates the arguments It removes the Oracle Home Instance preferences, OSSO Preferences and Site level profiles, and OID preferences from E-Business

Database.

3.2. Non Interactive Mode

$FND_TOP/bin/txkrun.pl \ -script=SetSSOReg \ -removereferences=yes \ -appspass=APPS

Section 4: Provisioning

There are four types of provisioning provided by the registration utility. These provisioning can be later customized to suit your needs.

4.1 BiDirectional Provisioning (-provisiontype=1)



This is set by "-provisiontype=1" command line argument during OID registration. This is the default provisioning type set by the registration utility.

4.2 InBound Provisioning

This is set by "-provisiontype=2" command line argument during OID registration.

4.3 OutBound Provisioning


4.4. BiDiNoCreation Provisioning


4.5 Customizing Provisioning

If there is a need to customize the provisioning settings, then "oidprovtool" utility can be used to modify the existing provisioning. You must ensure that OID registration must have completed successfully before you can modify the provisioning.

4.5.1 Determine from where you want to run "oidprovtool"

"oidprovtool" can be used from E-Business Suite RDBMS Oracle Home. Source the environment file under RDBMS ORACLE_HOME.

OR

"oidprovtool" can be used from Infrastructure Oracle Home. Set the environment ensuring ORACLE_HOME is set and ORACLE_HOME/bin is in PATH.

4.5.2 Ensure that provisioning is present in the OID before modification

See Oracle Metalink Note 295606.1, Section 6.12 "List Provisioning profiles" how to list provisioning profiles

4.5.3 Modify Provisioning Profile Using "oidprovtool"

The syntax for "oidprovtool" can be found in the "Oracle? Identity Management User Reference" guide. For example the 10gR2 the guide is available at the following location.



Choose "profile_mode" from the following table:

Here is an "example" to change an "INBOUND" or provisioning_type=2 type profile and realm is "dc=us,dc=oracle,dc=com".

$ORACLE_HOME/bin/oidprovtool \ operation=modify \ ldap_host=[LDAP_HOST] ldap_port=[LDAP_PORT] \ ldap_user_dn="cn=orcladmin" ldap_user_password=[ORCLADMIN PASS] \ profile_mode=INBOUND \ application_dn=orclApplicationCommonName=[SID OF YOUR DB or appName],cn=EBusiness,cn=Products, cn=OracleContext, dc=us, dc=oracle, dc=com \ event_permitted_operations="IDENTITY:dc=us,dc=oracle,dc=com:ADD(cn,sn,mail,userpassword,description, facsimiletelephonenumber, orclactivestartdate,orclactiveenddate, orclisenabled, telephonenumber, street, postalcode, physicaldeliveryofficename, ou, st,l, displayname, employeenumber,employeetype, givenname, homephone, manager, o,uid,c,postaladdress, title )" \ event_permitted_operations="SUBSCRIPTION:dc=us,dc=oracle,dc=com:ADD(*)" \ event_mapping_rules=FND::cn=users,dc=us,dc=oracle,dc=com \ event_mapping_rules=HR::cn=users,dc=us,dc=oracle,dc=com \ event_mapping_rules=TCA::cn=users,dc=us,dc=oracle,dc=com

4.5.4: Execute the step in 4.5.2 to ensure that provisioning has been modified as per the command.

Section 5: Troubleshooting Tips

1. Note that "ldap" utilities e.g. "ldapsearch", "ldapbind" are not available in the 10.1.3 Oracle Home. You can use those utilities from the RDBMS Oracle Home or Infrastructure Oracle Home.

2. See the "$ORA_CONFIG_HOME/10.1.3/config/ias.properties" has the following properties defined correctly.

If Provisioning Type is Then profile_mode is

1 BOTH

2 INBOUND

3 OUTBOUND

4 BOTH



OIDhost=[Host of the OID Server] OIDport=[LDAP port for OID Server] OIDsslport=[SSL LDAP port for OID Server] IASname=[Instance name] IASpassword=[Encrypted String automatically generated during registration]

If the above properties are missing then the ORACLE_HOME has not been registered.

3. If registering for OSSO, verify that [ORA_CONFIG_HOME]/10.1.3/Apache/Apache/conf/httpd.conf has the directive to include "mod_osso.conf" is uncommented.

4. Ensure that the DBC file has been generated correctly under $FND_SECURE directory. 5. Additional Notes in Oracle MetaLink Note 295606.1

Appendix B: Product-Specific OSSO Exceptions

Product ID Product Name OSSO Exception Comments

229 Oracle Marketing Yes While scripting components of Marketing do not use OSSO, other components can do so.

937 Oracle iLearning (Standalone) Yes

Oracle iLearning is a standalone product and is not part of E-Business Suite. It is not OSSO Compliant. Oracle Learning Management is part of the E-Business Suite and is certified with OSSO.

1129 Oracle Mobile Supply chain Application Yes

OSSO does not support authentication using anything but browsers. There is no API to validate users for client/server style applications. Locally managed users is a workaround for this issue.

1293 Oracle Projects Yes The Oracle Projects API login is not OSSO compatible. The Application OSSO Login Types must be set to 'Local' for Public API users.

1009 Oracle Sales Offline Yes

Sales Offline requires the Application OSSO Login Types to be set to 'Local' for users. This is documented in "Oracle Sales Offline Implementation Guide Release 12.1 Part No. E13565-02"

385 Oracle Warehouse Management Yes OSSO does not support authentication using anything but browsers. There is no API to validate users for



Appendix C: Known Issues

client/server style applications. Locally managed users is a workaround for this issue.

1193 Oracle iRecruitment Yes Application OSSO Login Types must be set to 'Local' for users.

174 Oracle Workflow Yes

If sign-on functionality is implemented for your site through Oracle Internet Directory, and you want to use password-based signatures, you must set the Applications SSO Login Types profile option to either Local or Both at user level for all users who need to enter password-based signatures, and ensure that these users have valid passwords defined in Oracle Application Object Library.

757 Oracle XML Gateway Yes Application OSSO Login Types must be set to 'Local' for users.

Bug No. Problem Workaround

9151196 Getting error while creating new user in Oracle E-Business suite Release 12 after enabling OSSO

1) Connect to DB using APPS schema user 2) Run fnd_oid_plug.setPlugin as shown below: SQL> execute fnd_oid_plug.setPlugin(default_user_repository =>'cn=Users,dc=us,dc=oracle,dc=com');

7704258 Passwords are not properly synchronized between E-Business Suite and OID This issue is fixed in 12.1.1

5765834

Applies only to 12.0.x:

If you are trying to integrate an Oracle E-Business Suite Release 12 Vision instance created by Rapid Install with Oracle Single Sign-On or Oracle Internet Directory of Oracle AS 10g, following error will be displayed by the registration utility:

Run the following command only once before performing the OSSO or OID registration to remove the invalid registration settings: txkrun.pl -script=SetSSOReg \-removereferences=Yes



Change Log

la4008

6058405 Registering two applications with same sid is not supported on 10.1.4.0.1 IDM NA

5440880 OSSO Partner application registration script create duplicate partner application, even if partner application with same name already exists

Remove already existing partner application manually using /pls/orasso

5765693 "SSO Setup Tests" under SSO Diagnostics fails with errors ie. "/AppsLogin MUST be mapped to java.lang.Class" NA

5855635 (IBM/AIX 5L)

AIX customers on base Release 12, OID registration will fail with below exception:

java.lang.UnsatisfiedLinkError: jmisc (A file or directory in the path name does not exist.)

Apply patch 5855635

Date Description

Jan 24, 2007 Initial document creation

Feb 23, 2007 Updated AIX platform requirement and patch detail.



July 23, 2007

*Corrected 'Oracle Workflow' link to point it to note: "396314.1 - Oracle Workflow Documentation Resources, Release 12".

*Modified link under "Integration with Third-Party Access Management Systems and LDAP Directories", as it was incorrect, to "http://download-west.oracle.com/docs/cd/B28196_01/idmanage.1014/b15988/tpsso.htm#Integration"

July 23, 2007 Modified table under Under "Section 3: Components and Supported Versions, Section 3.1, Oracle Application Server 10g Enterprise Edition"

July 23, 2007

Under Section 5: Pre-Install Tasks: *Modified section title to "Pre-Install Task 2: Install OracleAS Identity Management Infrastructure 10g (10.1.4.0.1)" and matter below it, *Added section "Pre-Install Task 3:Upgrade OracleAS 10g Infrastructure (10.1.2.0.2) to Oracle IDM 10g (10.1.4.0.1)" *Removed "Pre-Install Task 2, Step 5, as it is only IDM Installation"

July 23, 2007

Under "Section 6: Implement Oracle Single Sign-On Support For the E-Business Suite":

*OSSO Task 2, Step 2: Compile Parameter Checklist

Added following comment: (w/a for bug 5999577) "IMP: For Non-Colocated Infrastructure, ie. if ldaphost is different from infradbhost, pass value of ldaphost instead of infradb host for this parameter", For: Parameter "Hostname of Oracle Application Server Infrastructure database {mandatory}" * OSSO Task 2, Step 5: Run the Registration script, Parameter Prompts:

Corrected: From: "Enter LDAP Host name ? ap6013atg.us.oracle.com" To: Enter the host name where Oracle iAS Infrastructure database is installed ? ap6013atg.us.oracle.com *Added "OSSO Task 2, Step 8: Run Autoconfig"

July 23, 2007 Removed notebox under "Appendix A: Advanced Configuration - Manual OSSO/OID Registration, Section 2: Deregistration", as bug 5754706 is already fixed.

July 23, 2007 Added bugs 5999577, 6058405 and 5440880 as Known issues with w/a wherever available.



Note 376811.1 by Oracle E-Business Suite Development Copyright 2007 Oracle Corporation Last updated : January 29, 2010

Aug 08, 2007 Removed Option C for "Supported Architectures and Configurations, 8. What the user sees after sign-on"

Oct 10, 2007 Added patch 6198537 details for "OEL4.0 PLATFORM", under Section 5, Pre-Install Task 2, Step 1.

Oct 10, 2007 Modified Section 3, 3.1- For Discoverer component version.

Nov 14, 2007

Added ldaphost parameter details under following sections: 1. Section 6, OSSO Task 2, Step 2: Compile Parameter Checklist 2. Appendix A, Section 1.1.2 3. Appendix A, Section 1.2.2

Jan 03, 2008 Added 10.1.4.2 patchset information as Pre-Install Task 4 in Section 5

Aug 28, 2008 Modified Section 3, 3.1- For AS components latest certified versions

Aug 28, 2008 Added Section "Pre-Install Task 4: Apply the latest certified Application Server Patchset" under "Section 5: Pre-Install Tasks" to provide information about all certified patchsets

Jan 23, 2009 Removed all references of provisioning templates from note

Mar 06, 2009 Added bug 7362662 with w/a under 'Known Issues'

Apr 30, 2009 Added 12.1.1 release related details

Oct 06, 2009Added column 'One-off Patch details (if any)' in table under "Section 5, Pre-Install Task 4: Apply the latest certified Application Server Patchset" Added information about patch 8811442

Nov 30, 2009 Updated known issues section with Bug#9151196.

Jan 15, 2010 Added 'Appendix B - Product-Specific OSSO Exceptions' Added details about bug 5765693 and 8773543

Related

Products



Back to top

Oracle E-Business Suite > Applications Technology > Technology Components > Oracle Applications Technology Stack

Keywords

JAVA.LANG.UNSATISFIEDLINKERROR; UPGRADE TO 10.1.4.0.1



r12 singel sign on

Documents

oracle internet directory

http oracle

oracle application server

ebusiness suite section

technology stack oracle

business suite instance

application tier context

instance context