EBS Post Clone SSL SSO steps

Please open the below Load Balancer ticket from VSM, below are the details for EBSPRD/EBSUAT.
Load balancer EBSPRD VIP : ebsprd.apdba.com:
• Redirect http to https      
http://ebsprd.apdba.com redirect to https://ebsprd.apdba.com
• https traffic route
https://ebsprd.apdba.com send traffic to below SSL pass through
https://apdbablog01.apdba.com:4443
https://apdbablog02.apdba.com:4443
https://apdbablog03.apdba.com:4443
https://apdbablog04.apdba.com:4443
• Note: (Above port 4443 is derived from port pool 00.
If this changes please change this to "s_webssl_port" value from the context file)
Load balancer EBSUAT VIP : ebsuat.apdba.com:
• Redirect http to https      
http://ebsuat.apdba.com redirect to https://ebsuat.apdba.com
• https traffic route
https://ebsuat.apdba.com send traffic to below SSL pass through
https://apdbaappd02.apdba.com:4443
https://apdbaappd07.apdba.com:4443
https://apdbaappd08.apdba.com:4443
https://apdbaappd09.apdba.com:4443
• Note: (Above port 4443 is derived from port pool 00.
If this changes please change this to "s_webssl_port" value from the context file)
Copy the wallet/jks certificates
Source the RUN file system
. /<u11/home/ebsprd>/EBSapps.env run
cat $CONTEXT_FILE|grep s_web_ssl_directory
cd <s_web_ssl_directory>/
Example :
cd  /u11/home/ebsprd/fs_ne/inst/ebsprd_apdbablog01/certs
mv Apache Apache.orig
cp -r /patch/erp/SCALE/OHS_SSO/ebscerts Apache
Do the Same on other nodes, Execute 1 & 2 on all the nodes
Validate the certificates, export the below PATH
. /<u11/home/ebsprd>/EBSapps.env run
export PATH=$FMW_HOME/webtier/bin:$FMW_HOME/oracle_common/bin:$PATH
Source the below ENV
. $EBS_DOMAIN_HOME/bin/setDomainEnv.sh
cat $CONTEXT_FILE|grep s_web_ssl_directory
cd <s_web_ssl_directory>/Apache/
Example :
cd  </u11/home/ebsprd/fs_ne/inst/ebsprd_apdbablog01/certs/Apache>
java utils.ValidateCertChain -jks bgwildccert ebsidentity.jks
orapki wallet display -wallet . -pwd bg321456
Update b64InternetCertificate.txt
. /<u11/home/ebsprd>/EBSapps.env run
Backup the file
cp $ORACLE_HOME/sysman/config/b64InternetCertificate.txt $ORACLE_HOME/sysman/config/b64InternetCertificate.txt.orig
ll $ORACLE_HOME/sysman/config/b64InternetCertificate.txt*
Copy the certs to b64InternetCertificate.txt
cat $CONTEXT_FILE|grep s_web_ssl_directory
cd <s_web_ssl_directory>/Apache/
Example :
cd </u11/home/ebsprd/fs_ne/inst/ebsprd_apdbablog01/certs/Apache>
cat RootCA.cer >> $ORACLE_HOME/sysman/config/b64InternetCertificate.txt
cat RootIntCA.cer >> $ORACLE_HOME/sysman/config/b64InternetCertificate.txt
cat BIIBWildcard.cer >> $ORACLE_HOME/sysman/config/b64InternetCertificate.txt
Modify HTTP wallet on all the nodes
. /<u11/home/ebsprd>/EBSapps.env run
Node # 1
cat $CONTEXT_FILE|grep s_ohs_instance_loc
cd $IAS_ORACLE_HOME/instances/<EBS_web_pdhdev_OHS1>/config/OHS/<EBS_web_pdhdev>/keystores/
Example :
cd </u11/home/ebsprd/fs2/FMW_Home/webtier/instances/EBS_web_pdhdev_OHS/config/OHS/EBS_web_pdhdev/keystores>
mv default default.orig
cp -r /patch/erp/SCALE/OHS_SSO/ebscerts  default
Do the Same on Node # 2 /3
Do the Same on other nodes, Execute on all the nodes
Modify HTTP OPMN wallet
. /<u11/home/ebsprd>/EBSapps.env run
Node # 1
cat $CONTEXT_FILE|grep s_ohs_instance_loc
Example :
</u11/home/ebsprd/fs2/FMW_Home/webtier/instances/EBS_web_pdhint2_OHS1>
cd $IAS_ORACLE_HOME/instances/<EBS_web_pdhdev_OHS1>/config/OPMN/opmn>
Example:
cd </u11/home/ebsprd/fs2/FMW_Home/webtier/instances/EBS_web_pdhdev_OHS1/config/OPMN/opmn>
mv wallet wallet.orig
cp -r /patch/erp/SCALE/OHS_SSO/ebscerts  wallet
Do the Same on Node # 2 /3
Do the Same on other nodes, Execute on all the nodes
Modify Fusion Middleware Control Console
backup directory in case you wish to use them again in the future
. /<u11/home/ebsprd>/EBSapps.env run
mv $EBS_DOMAIN_HOME/opmn/<s_ohs_instance>/<s_ohs_component>/wallet $EBS_DOMAIN_HOME/opmn/<s_ohs_instance>/<s_ohs_component>/wallet.orig
Node # 1
Example : mv $EBS_DOMAIN_HOME/opmn/<EBS_web_pdhint2_OHS1>/<EBS_web_pdhint2>/wallet $EBS_DOMAIN_HOME/opmn/<EBS_web_pdhint2_OHS1>/<EBS_web_pdhint2>/wallet.orig
Node # 2
Example : mv $EBS_DOMAIN_HOME/opmn/<EBS_web_pdhint2_OHS2>/<EBS_web_pdhint2>/wallet $EBS_DOMAIN_HOME/opmn/<EBS_web_pdhint2_OHS2>/<EBS_web_pdhint2>/wallet.orig
mv  $EBS_DOMAIN_HOME/opmn/<s_ohs_instance>/wallet $EBS_DOMAIN_HOME/opmn/<s_ohs_instance>/wallet.orig
Node # 1
Example : mv  $EBS_DOMAIN_HOME/opmn/<EBS_web_pdhint2_OHS1>/wallet $EBS_DOMAIN_HOME/opmn/<EBS_web_pdhint2_OHS1>/wallet.orig
Node # 2
Example : mv  $EBS_DOMAIN_HOME/opmn/<EBS_web_pdhint2_OHS2>/wallet $EBS_DOMAIN_HOME/opmn/<EBS_web_pdhint2_OHS2>/wallet.orig
mv $FMW_HOME/webtier/instances/<s_ohs_instance>/config/OHS/<s_ohs_component>/proxy-wallet
$FMW_HOME/webtier/instances/<s_ohs_instance>/config/OHS/<s_ohs_component>/proxy-wallet.orig
Node # 1
Example :  mv $FMW_HOME/webtier/instances/<EBS_web_pdhint2_OHS1>/config/OHS/<EBS_web_pdhint2>/proxy-wallet
$FMW_HOME/webtier/instances/<EBS_web_pdhint2_OHS1>/config/OHS/<EBS_web_pdhint2>/proxy-wallet.orig
Node # 2
Example : mv $FMW_HOME/webtier/instances/<EBS_web_pdhint2_OHS2>/config/OHS/<EBS_web_pdhint2>/proxy-wallet
$FMW_HOME/webtier/instances/<EBS_web_pdhint2_OHS2>/config/OHS/<EBS_web_pdhint2>/proxy-wallet.orig
Do the Same on other nodes, Execute on all the nodes
Copy the certificates to wallet locations
. /<u11/home/ebsprd>/EBSapps.env run
cp -r /patch/erp/SCALE/OHS_SSO/ebscerts $EBS_DOMAIN_HOME/opmn/<s_ohs_instance>/<s_ohs_component>/wallet
Node # 1
Example : cp -r /patch/erp/SCALE/OHS_SSO/ebscerts $EBS_DOMAIN_HOME/opmn/EBS_web_pdhint2_OHS1/EBS_web_pdhint2/wallet
Node # 2
Example : cp -r /patch/erp/SCALE/OHS_SSO/ebscerts $EBS_DOMAIN_HOME/opmn/EBS_web_pdhint2_OHS2/EBS_web_pdhint2/wallet
cp -r /patch/erp/SCALE/OHS_SSO/ebscerts $EBS_DOMAIN_HOME/opmn/<s_ohs_instance>/wallet
Node # 1
Example : cp -r /patch/erp/SCALE/OHS_SSO/ebscerts $EBS_DOMAIN_HOME/opmn/EBS_web_pdhint2_OHS1/wallet
Node # 2
Example : cp -r /patch/erp/SCALE/OHS_SSO/ebscerts $EBS_DOMAIN_HOME/opmn/EBS_web_pdhint2_OHS2/wallet
cp -r /patch/erp/SCALE/OHS_SSO/ebscerts $FMW_HOME/webtier/instances/<s_ohs_instance>/config/OHS/<s_ohs_component>/proxy-wallet
Node # 1
Example : cp -r /patch/erp/SCALE/OHS_SSO/ebscerts $FMW_HOME/webtier/instances/EBS_web_pdhint2_OHS1/config/OHS/EBS_web_pdhint2/proxy-wallet
Node # 2
Example : cp -r /patch/erp/SCALE/OHS_SSO/ebscerts $FMW_HOME/webtier/instances/EBS_web_pdhint2_OHS2/config/OHS/EBS_web_pdhint2/proxy-wallet
Update the JDK cacerts file
. /<u11/home/ebsprd>/EBSapps.env run
cat $CONTEXT_FILE|grep s_fmw_jdk
cd <s_fmw_jdktop>/jre/lib/security
eg: cd /u11/home/ebsprd/fs2/EBSapps/comn/util/jdk64/jre/lib/security
cp  cacerts cacerts.orig
chmod u+w cacerts
cp /patch/erp/SCALE/OHS_SSO/ebscerts/RootCA.cer .
cp /patch/erp/SCALE/OHS_SSO/ebscerts/RootIntCA.cer .
cp /patch/erp/SCALE/OHS_SSO/ebscerts/BIIBWildcard.cer .
keytool -import -alias rootcaebs  -file RootCA.cer  -keystore cacerts -storepass changeit
keytool -import -alias rootintcaebs -file RootIntCA.cer -keystore cacerts -storepass changeit
keytool -import -alias BIIBWildcard -file BIIBWildcard.cer -keystore cacerts -storepass changeit
chmod u-w cacerts
32 bit JDK
cd $OA_JRE_TOP/lib/security
chmod u+w cacerts
cp /patch/erp/SCALE/OHS_SSO/ebscerts/RootCA.cer .
cp /patch/erp/SCALE/OHS_SSO/ebscerts/RootIntCA.cer .
cp /patch/erp/SCALE/OHS_SSO/ebscerts/BIIBWildcard.cer .
keytool -import -alias rootcaebs  -file RootCA.cer  -keystore cacerts -storepass changeit
keytool -import -alias rootintcaebs -file RootIntCA.cer -keystore cacerts -storepass changeit
keytool -import -alias BIIBWildcard -file BIIBWildcard.cer -keystore cacerts -storepass changeit
chmod u-w cacerts
Update the WLS JKS File
. /<u11/home/ebsprd>/EBSapps.env run
cd $FMW_HOME/wlserver_10.3/server/lib/
cp DemoTrust.jks DemoTrust.jks.orig
cp DemoIdentity.jks DemoIdentity.jks.orig
cp cacerts cacerts.orig
cp /patch/erp/SCALE/OHS_SSO/ebscerts/RootCA.cer .
cp /patch/erp/SCALE/OHS_SSO/ebscerts/RootIntCA.cer .
cp /patch/erp/SCALE/OHS_SSO/ebscerts/BIIBWildcard.cer .
keytool -import -alias rootcaebs  -file RootCA.cer  -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase
keytool -import -alias rootintcaebs -file RootIntCA.cer -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase
keytool -import -alias BIIBWildcard -file BIIBWildcard.cer -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase
keytool -import -alias rootcaebs  -file RootCA.cer  -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase
keytool -import -alias rootintcaebs -file RootIntCA.cer -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase
keytool -import -alias BIIBWildcard -file BIIBWildcard.cer -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase
keytool -import -alias rootcaebs  -file RootCA.cer  -keystore cacerts -storepass changeit
keytool -import -alias rootintcaebs -file RootIntCA.cer -keystore cacerts -storepass changeit
keytool -import -alias BIIBWildcard -file BIIBWildcard.cer -keystore cacerts -storepass changeit
Validate/perform the below related steps on all nodes
. /<u11/home/ebsprd>/EBSapps.env run
cat $CONTEXT_FILE|grep s_web_ssl_directory
$IAS_ORACLE_HOME/instances/<EBS_web_pdhdev_OHS1>/config/OHS/<EBS_web_pdhdev>/keystores/default
$IAS_ORACLE_HOME/instances/<EBS_web_pdhdev_OHS1>/config/OPMN/opmn/wallet
$EBS_DOMAIN_HOME/opmn/<s_ohs_instance>/<s_ohs_component>/wallet
$EBS_DOMAIN_HOME/opmn/<s_ohs_instance>/wallet
$FMW_HOME/webtier/instances/<s_ohs_instance>/config/OHS/<s_ohs_component>/proxy-wallet
Validate/perform/Redo the steps for Instance location on all nodes
cat $CONTEXT_FILE|grep s_web_ssl_directory
$IAS_ORACLE_HOME/instances/<EBS_web_pdhdev_OHS1>/config/OHS/<EBS_web_pdhdev>/keystores/default
$IAS_ORACLE_HOME/instances/<EBS_web_pdhdev_OHS1>/config/OPMN/opmn/wallet
$EBS_DOMAIN_HOME/opmn/<s_ohs_instance>/<s_ohs_component>/wallet
$EBS_DOMAIN_HOME/opmn/<s_ohs_instance>/wallet
$FMW_HOME/webtier/instances/<s_ohs_instance>/config/OHS/<s_ohs_component>/proxy-wallet
Update the Context File and Config Files
You need to validate your SSL.conf value for the SSL port used
Example :
cat  /u11/home/ebsprd/fs2/FMW_Home/webtier/instances/EBS_web_pdhint2_OHS1/config/OHS/EBS_web_pdhint2/ssl.conf|grep Listen
. /<u11/home/ebsprd>/EBSapps.env run
cp $CONTEXT_FILE $CONTEXT_FILE.b4ssl
Edit the context file
Depending on the port pool & Load balancer entry update the below
Context Variables Vales
s_url_protocol  https
s_local_url_protocol   https
s_webentryurlprotocol   https
s_webssl_port     4503  ( dervied from Port Pool)
s_https_listen_parameter 4503  ( dervied from Port Pool)
s_active_webport        443
s_webentryhost    <ebspatdev>( Load balancer Value)
s_webentrydomain         apdba.com
s_enable_sslterminator   #
s_login_page      https://<ebspatdev>.apdba.com/OA_HTML/AppsLogin
s_external_url  https://<ebspatdev>.apdba.com
Sync the CONTEXT_FILE
. /<u11/home/ebsprd>/EBSapps.env run
perl $AD_TOP/bin/adSyncContext.pl contextfile=$CONTEXT_FILE
Enter the APPS user password:
Enter the WebLogic AdminServer password:
Add a redirect rule
. /<u11/home/ebsprd>/EBSapps.env run
Node # 1
cat $CONTEXT_FILE|grep s_ohs_instance_loc
Example:
cd /u11/home/ebsprd/fs2/FMW_Home/webtier/instances/<EBS_web_pdhint2_OHS1>/config/OHS/<EBS_web_pdhint2>
Edit custom.conf, Update the below values
Add the Load balanced https url below
vi  custom.conf
RewriteCond %<HTTPS> !=on
RewriteRule ^/(.*) https://<pdhint2>.apdba.com/$1 [R,L]
Stop application All the  nodes
Run adautocfg.sh on All the nodes
. /<u11/home/ebsprd>/EBSapps.env run
cd $ADMIN_SCRIPTS_HOME
adautocfg.sh
Restart the Application Tier Services/ Start application after regenerating jar
ADD the above modified file in adop_sync.drv
Backup the file
. /<u11/home/ebsprd>/EBSapps.env run
cp $APPL_TOP_NE/ad/custom/adop_sync.drv  $APPL_TOP_NE/ad/custom/adop_sync.drv.bssl
Edit the adop_sync.drv, add the below entries
vi $APPL_TOP_NE/ad/custom/adop_sync.drv
#SSL SECTION - START
## Required for SSL setup migration from RUN to PATCH file-system.
## Please alter the commands in the event that rsync is not available or the platform does not support the example syntax.
#
##10.1.2 b64InternetCertificate.txt
rsync -zr %s_current_base%/EBSapps/10.1.2/sysman/config/b64InternetCertificate.txt %s_other_base%/EBSapps/10.1.2/sysman/config/b64InternetCertificate.txt
#
##Oracle HTTP Server Wallet - cwallet.sso
rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/keystores/default %s_other_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/keystores/default
#
##OPMN Wallet - cwallet.sso
rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OPMN/opmn/wallet %s_other_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OPMN/opmn/wallet
#
##Fusion Middleware Control Wallets - cwallet.sso
rsync -zr %s_current_base%/FMW_Home/user_projects/domains/EBS_domain_%s_dbSid%/opmn/%s_ohs_instance%/%s_ohs_component%/wallet %s_other_base%/FMW_Home/user_projects/domains/EBS_domain_%s_dbSid%/opmn/%s_ohs_instance%/%s_ohs_component%/wallet
#
rsync -zr %s_current_base%/FMW_Home/user_projects/domains/EBS_domain_%s_dbSid%/opmn/%s_ohs_instance%/wallet %s_other_base%/FMW_Home/user_projects/domains/EBS_domain_%s_dbSid%/opmn/%s_ohs_instance%/wallet
#
rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/proxy-wallet %s_other_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/proxy-wallet
#WLS JKS
rsync -zr %s_current_base%/FMW_Home/wlserver_10.3/server/lib/*.jks %s_other_base%/FMW_Home/wlserver_10.3/server/lib/*.jks
#JDK keystore
rsync -zr --include=jdk* --include=jdk*/jre --include=jdk*/jre/lib --include=jdk*/jre/lib/security --include=cacerts --exclude=* %s_current_base%/EBSapps/comn/util/ %s_other_base%/EBSapps/comn/util/
#SSL SECTION – END
Regenerate JAR files
Stop application All the  nodes
adadmin
Chose > Generate Applications Files menu
Chose > Generate product JAR files
Exit
Restart the Application Tier Services
Load wallet into the Database node
Log into all the DB nodes as oracle user
cd $ORACLE_HOME/appsutil
mv wallet wallet.old
cp -r /erp_admin/app/ssl/ebscerts wallet
 Validate the SSL EBS URL
https://ebsprd.apdba.com
SSO Steps
Remove EBS Source AccessGate ( Required for cloned env)
Start the WebLogic Administration Console on the primary node
Execute the below command
Start the Admin console on run system
EBSapps.env run
cd $ADMIN_SCRIPTS_HOME
./adadminsrvctl.sh start
Start the Admin console on patch system
EBSapps.env patch
cd $ADMIN_SCRIPTS_HOME
./adadminsrvctl.sh start forcepatchfs
Delete the Deployed EBS AccessGate
In the WebLogic Administration Console on the run file system,
Navigate to EBS_domain_sid > Deployments,
Stop the Oracle E-Business Suite AccessGate application named "accessgate".
Then delete the Oracle E-Business Suite AccessGate application named "accessgate".
In the WebLogic Administration Console on the patch file system,
Navigate to EBS_domain_sid > Deployments.
Stop the Oracle E-Business Suite AccessGate application named "accessgate".
Then delete the Oracle E-Business Suite AccessGate application named "accessgate".
STOP the PATCH console
cd $ADMIN_SCRIPTS_HOME
./adadminsrvctl.sh start forcepatchfs
De-register the EBS instance from OID for TEST to TEST clone.
Note:
*** : DO NOT execute this step   without the APPNAME parameter
cd <EBS_BASE_HOME>
Source RUN   EBSapps.env run
$FND_TOP/bin/txkrun.pl  \
-script=SetSSOReg  \
-deregisteroid=yes  \
-ldapport=3060  \
-ldaphost=ssooiddev.apdba.com  \
-oidadminuserpass=bg321456   \
-appspass=appss2015  \
-appname=<ebsint1>
Enter the valid
apps password
orcladmin password
appname/ svcname to $TWO_TASK
Note **: Please ignore any error proceed to next step
Log into the EBS middle tier with applmgr
cd <EBS_BASE_HOME>
Execute the below command
EBSapps.env run
echo $CONTEXT_FILE
Backup  the  echo $CONTEXT_FILE
cp < CONTEXT_FILE path >  <backup location path>
Log into the EBS middle tier with applmgr
cd <EBS_BASE_HOME>
Execute the below command
EBSapps.env run
$FND_TOP/bin/txkrun.pl   \
-script=SetSSOReg  \
-removereferences=Yes \
-appspass=appss2015
Enter the apps password when prompted
Log into the EBS middle tier with applmgr
cd <EBS_BASE_HOME>
Execute the below command
EBSapps.env run
sqlplus apps/pass@["two_task]
delete from fnd_user_preferences WHERE user_name='#INTERNAL' and module_name='LDAP_SYNCH';
delete from fnd_user_preferences WHERE user_name='#INTERNAL' and module_name='OID_CONF';
commit;
exit;
Log into the EBS middle tier with applmgr
cd <EBS_BASE_HOME>
Execute the below command
EBSapps.env run
 echo $FILE_EDITION
Substitute right apps/instance password below
txkrun.pl -script=SetSSOReg \
-registeroid=yes \
-ldapport=3060  \
-ldaphost=ssooiddev.apdba.com  \
-oidadminuser=cn=orcladmin  \
-oidadminuserpass=bg321456   \
-instpass=appss2015  \
-appspass=appss2015  \
-provisiontype=3
Validate the registration
Log into the EBS middle tier with applmgr
cd <EBS_BASE_HOME>
Execute the below command
EBSapps.env run
 echo $FILE_EDITION
sqlplus apps/pass@["two_task]
execute fnd_oid_plug.setPlugin;
select fnd_sso_registration.getdefaultrealm from dual;
exit;
Ensure this patch is already applied
R12.TXK.C  Patch  # 19767816
Validate if the patch is applied
Log into the EBS middle tier with applmgr
cd <EBS_BASE_HOME>
Execute the below command
EBSapps.env run
echo $FILE_EDITION
commands to apply this patch
select * from ad_appl_tops;
Use the appl_top_id (85) for the current NAME (ebspat) in the below query
select bug_number from ad_bugs where bug_number='19767816';
SQL> select appl_top_id from ad_appl_tops where name='<ebsint1>';
APPL_TOP_ID
-----------
        104
select ad_patch.is_patch_applied('R12',104,19767816) from dual;
select ad_patch.is_patch_applied('R12',104,19197270) from dual;
select ad_patch.is_patch_applied('R12',104,19330775) from dual;
All are applied in ebsint1
Log into the EBS middle tier with applmgr
cd <EBS_BASE_HOME>
Execute the below command
EBSapps.env run
echo $FILE_EDITION
Run the below command to install
 Validate the webgate install
cd $FMW_HOME
ls -lrt Oracle_OAMWebGate1
If Oracle_OAMWebGate1 (webgate) exists  SKIP this step
If WebGate not found Install:
txkrun.pl -script=SetOAMReg  \
-installWebgate=yes  \
-webgatestagedir=/patch/erp/SCALE/SSO
Log into the EBS middle tier with applmgr, execute these steps  only on Internal WEB nodes
cd <EBS_BASE_HOME>
Execute the below command
EBSapps.env run
sqlplus apps/pass@["two_task]
show parameter %UTL%
exit
Make sure utl_file_dir is present
echo $FILE_EDITION
The script will prompt for the following passwords:
Enter the APPS Schema password.
Enter the WebLogic AdminServer password.
Log into the EBS middle tier with applmgr
cd <EBS_BASE_HOME>
Execute the below command
EBSapps.env run
sqlplus apps/pass@["two_task]
show parameter %UTL%
exit
Make sure utl_file_dir is present
Execute these steps  only on all Internal WEB nodes
echo $FILE_EDITION
The script will prompt for the following passwords:
Enter the APPS Schema password.
Enter the WebLogic AdminServer password.
perl $AD_TOP/patch/115/bin/adProvisionEBS.pl \
ebs-create-oaea_resources  \
-contextfile=$CONTEXT_FILE  \
-deployApps=accessgate  \
-managedsrvname=oaea_server1 \
-managedsrvport=6801 \
-SSOServerURL=https://ssoimdev.apdba.com  \
-logfile=/tmp/deployeag_dep.log
Based on the port pool replace the value for managedsrvport parameter
For Port Pool 00 the value of  managedsrvport=6801 replace accordingly
For Port Pool 10 the value of  managedsrvport=6811 replace accordingly
On Additional nodes, please add/change the parameter “managedsrvname”. For additional nodes add the parameter  & use the same port
-managedsrvname=oaea_server(n) \
-managedsrvport=6801 \
Execute the following on the second node # 2 :
source EBSapps.env run
perl $AD_TOP/patch/115/bin/adProvisionEBS.pl \
ebs-create-oaea_resources  \
-managedsrvname=oaea_server2 \
-managedsrvport=6801 \
-contextfile=$CONTEXT_FILE  \
-deployApps=accessgate  \
-SSOServerURL=https://ssoimdev.apdba.com  \
-logfile=/tmp/deployeag_dep.log
Execute the following on the second node # 3 :
Based on the port pool replace the value for managedsrvport parameter
For Port Pool 00 the value of  managedsrvport=6801 replace accordingly
For Port Pool 10 the value of  managedsrvport=6811 replace accordingly
On Additional nodes, please add/change the parameter “managedsrvname”. For additional nodes add the parameter  & use the same port
-managedsrvname=oaea_server(n) \
-managedsrvport=6801 \
source EBSapps.env run
perl $AD_TOP/patch/115/bin/adProvisionEBS.pl \
ebs-create-oaea_resources  \
-managedsrvname=oaea_server3 \
-managedsrvport=6801 \
-contextfile=$CONTEXT_FILE  \
-deployApps=accessgate  \
-SSOServerURL=https://ssoimdev.apdba.com  \
-logfile=/tmp/deployeag_dep.log
Execute the following on the second node # 4 :
Based on the port pool replace the value for managedsrvport parameter
For Port Pool 00 the value of  managedsrvport=6801 replace accordingly
For Port Pool 10 the value of  managedsrvport=6811 replace accordingly
On Additional nodes, please add/change the parameter “managedsrvname”. For additional nodes add the parameter  & use the same port
-managedsrvname=oaea_server(n) \
-managedsrvport=6801 \
source EBSapps.env run
perl $AD_TOP/patch/115/bin/adProvisionEBS.pl \
ebs-create-oaea_resources  \
-managedsrvname=oaea_server4 \
-managedsrvport=6801 \
-contextfile=$CONTEXT_FILE  \
-deployApps=accessgate  \
-SSOServerURL=https://ssoimdev.apdba.com  \
-logfile=/tmp/deployeag_dep.log
Execute these steps  only on all Internal WEB nodes
 ( Change the hostname to server name & port to the OAEA server port used above)
perl $FND_TOP/patch/115/bin/txkSetAppsConf.pl \
-contextfile=$CONTEXT_FILE \
-configoption=addMS \
-accessgate=<host>.<domain>:<port>
Example :
Login to web node apdbaappd02
. EBSapps.env run
perl $FND_TOP/patch/115/bin/txkSetAppsConf.pl \
-contextfile=$CONTEXT_FILE \
-configoption=addMS \
-accessgate=apdbaappd02.apdba.com:6811
Login to web node apdbaappd07
. EBSapps.env run
perl $FND_TOP/patch/115/bin/txkSetAppsConf.pl \
-contextfile=$CONTEXT_FILE \
-configoption=addMS \
-accessgate=apdbaappd07.apdba.com:6811
Login to web node apdbaappd08
. EBSapps.env run
perl $FND_TOP/patch/115/bin/txkSetAppsConf.pl \
-contextfile=$CONTEXT_FILE \
-configoption=addMS \
-accessgate=apdbaappd08.apdba.com:6811
Login to web node apdbaappd09
. EBSapps.env run
perl $FND_TOP/patch/115/bin/txkSetAppsConf.pl \
-contextfile=$CONTEXT_FILE \
-configoption=addMS \
-accessgate=apdbaappd09.apdba.com:6811
Validate the mod_ohs_wl.conf for correct entry on all the web nodes.
. EBSapps.env run
cat $CONTEXT_FILE|grep ohs_instance_loc
cd cd /u17/home/ebsuat/fs2/FMW_Home/webtier/instances/EBS_web_ebsuat_OHS1/config/OHS/EBS_web_ebsuat/
validate mod_wl_ohs.conf for
<Location /accessgate>
SetHandler weblogic-handler
WebLogicCluster apdbaappd02.apdba.com:6801
WLTempDir ${ORACLE_INSTANCE}/tmp
</Location>
Make sure pointing to active internal web node only.
Login into Weblogic console of RUN file system
Example:
http://<apdbaappd07>.apdba.com:7071/console/login/LoginForm.jsp
Increase the Data Source parameters
Login to weblogic console as admin
Go to the EBS weblogic  Console Tree panel on the left hand side and
Navigate to
EBS_domain_sid > Services > Data Sources, and verify that a data source "OAEADatasource" is available
Select ""Services"-->JDBC-->Datasources---> OAEADatasource >Connection pool > Advanced )
Select >  Lock and Edit
Modify
• Test Connections On Reserve - Check the box
• Inactive Connection Timeout to 10 seconds
Save  & Activate the changes
Verify successful deployment
logon to EBS WebLogic Administration Console on RUN, for example:
http://ebshost.example.com:7001/console
In the WebLogic Administration Console, navigate to EBS_domain_sid > Environment > Servers, and verify that a managed server "oaea_server1" is available.
Navigate to EBS_domain_sid > Deployments, and verify that the Oracle E-Business Suite AccessGate application named "accessgate" is deployed.
Register EBS with OAM
Log into the EBS middle tier with applmgr
cd <EBS_BASE_HOME>
Execute the below command
EBSapps.env run
echo $FILE_EDITION
Execute the following command to register Oracle E-Business Suite with Oracle Access Manager. The below command needs to be executed on all the nodes.
Execute these steps  only on all Internal WEB nodes
txkrun.pl -script=SetOAMReg  \
-registeroam=yes  \
-oamHost=http://ssoadmdev.apdba.com:7003 \
-oamUserName=oamadmin  \
-ldapUrl=ldap://ssooiddev.apdba.com:3060  \
-oidUserName=cn=orcladmin  \
-skipConfirm=yes  \
-ldapSearchBase="ou=all users,dc=corp,dc=apdba,dc=com"  \
-ldapGroupSearchBase="cn=Groups, dc=corp,dc=apdba,dc=com" \
-authScheme=KerberosScheme \
-authSchemeMode=reference
Execute these steps  only on all Internal WEB nodes
Enable EBS System Profile Options for SSO
1. Login to EBS instance as user with system administrator
2. System administrator - Profiles - system
3. Query for the below profile and make changes on the site level
4. Change following profile options:
Application SSO LDAP SYNC  Enabled
Application SSO Auto Link Enabled
Applications SSO Enable OID Identity Add Event Disabled
Application SSO Login Types   Both
Application SSO Type   SSWA W/SSO
Application Logout URL http://inet.apdbaidec.com
Applications SSO User Creation and Updation Allowed Disabled
Configure Secure Sockets Layer (SSL
If EBS is on SSL , if not ignore this step
Then
When using WebLogic Server Release 10.3.4 and above and enabling SSL,  this is generic EBS SSL steps, we need to able to extend this to AccessGate server also
Ensure that the following are enabled in the WebLogic Server Administration Console:
WebLogic Plug-In
Client Cert Proxy
To verify this:
Navigate to 'Environments' > 'Servers' > 'AdminServer(Admin)'
Access the 'General' tab
Expand the 'Advanced' section and check the checkboxes for:
WebLogic Plug-In Enabled
Client Cert Proxy Enabled
Navigate to 'Environments' > 'Servers' > oaea_server’s'
Access the 'General' tab
Expand the 'Advanced' section and check the checkboxes for:
WebLogic Plug-In Enabled
Client Cert Proxy Enabled
Restart all the Managed servers once
cd $ADMIN_SCRIPTS_HOME
adstpall.sh
adstrtal.sh
Log into the EBS middle tier with applmgr
cd <EBS_BASE_HOME>
Execute the below command
EBSapps.env run
echo $FILE_EDITION
sqlplus apps/pass@["two_task]
• Run to clear USER_GUID from FND_USER table ( NOT FOR BULK updates)
Below command is for individual user , for BULK update follow the next step
sqlplus apps @$FND_TOP/patch/115/sql/fndssouu.sql <USER_NAME>
• Backup the tabled before BULK changes
1. Login to EBS database as apps user
2. Run the below command to back fnd_user and fnd_oracle_userid table
create table fnd_user_backup as select * from fnd_user;
create table FND_ORACLE_USERID_backup as select * from FND_ORACLE_USERID;
select query to cross check the user count is same on the base table and in backup table
select count(*) from  fnd_user;
select count(*) from  fnd_user_backup;
select count(*) from  FND_ORACLE_USERID;
select count(*) from  FND_ORACLE_USERID_backup;
Update the USER_GUID to NULL  for BULK change
Log into the EBS middle tier with applmgr
cd <EBS_BASE_HOME>
Execute the below command
EBSapps.env run
echo $FILE_EDITION
sqlplus apps/pass@["two_task]
update fnd_user set USER_GUID=null;
commit;
exit
Validate SSO and SSL configuration and release the instance
Validate SSO URL login
http://<hostname.domain.com:port>
Perform the post clone step for Workflow Status Diagram Not Showing Up in R12.2 (Doc ID 2024395.1)
• Bring up the WLS Admin console for the EBS instance ->
http://host:port/console and login as the weblogic user.
• Click on Lock & Edit
• Under the Domain Structure, navigate to EBS Domain -> Environment -> Servers.
• Click on all oacore_server1/oacore_server2/oacore_server3/oacore_server4, and click on the SSL tab.
• Click on Advanced to expand that section.
• Look for the 'Use JSSE SSL' parameter and enable this by placing a check in the box next to it.
• Click on Activate Changes.
• Restart the managed server...
#Perform fs_clone
EBSapps.env run
Sync context on all nodes
perl $AD_TOP/bin/adSyncContext.pl contextfile=$CONTEXT_FILE
echo $FILE_EDITION
Run the fs_clone force=yes
adop phase=fs_clone force=yes
End of Test Steps