R12.2 SSO issues and solution
Scenario #1 User will be able to login into EBS through SSO
Ideally, any SSO user will be able to login into EBS if it meets all the below criteria -
a. User exists in both EBS FND_USER and OID (USER_NAME in FND_USER table matches with UID attribute in OID)
b. The profile option “Applications SSO Login Types” at Site level is set to “Both”.
c. Make sure “Local” is Not Set at user level as this will override the site level value.
d. The user_guid in FND_USER table corresponding to the user is NULL.
e. Profile Option Applications SSO User Auto Link is set to enabled
f. Make sure user is not end dated in EBS (END_DATE in FND_USER table)
Scenario #2 User is able to login into EBS through SSO although “Applications SSO Login Types” is set to “Local” at user level
a. What happened here is the first time user logged in, the user_guid got synced in FND_USER with that in ldap and “Applications SSO Login Types” was set to “Both” at Site level.
b. However later someone might have updated the “Applications SSO Login Types” to “Local” for the user.
c. So, currently although the profile option “Applications SSO Login Types” at user level is set to “Local”, user is able to log in since user_guid in FND_USER is mapped with orclguid in ldap.
Scenario #3 User may face issue while accessing EBS through SSO - “Your Oracle EBS account has not been linked with SSO account”
Cause/Solution:
This may happen when –
a. The profile option “Applications SSO Login Types” at user level is set to “Local”.
b. User_guid for that user is NULL in FND_USER table in EBS
Solution is to set the profile option to NULL at user level. After that, ask user to close the previous session and retry accessing EBS through SSO. This will allow the user to authenticate through ldap, thereby updating user_guid in FND_USER to orclguid in ldap and the user will be able to access EBS.
Scenario #4
APDDEV oracle is getting redirected to production url after SSO authentication and user is not able to access APDDEV through SSO. The same configuration is working fine for APDTST both being configured with same OAM/OID.
Cause/Solution:
In brief, https://oracledev.apdba.com is getting redirected to SSO link https://oracleoamtest.apdba.com/oam as expected
However, after SSO authentication, it’s getting routed to https://oracle.apdba.com instead of https://oracledev.apdba.com
The accessgate port was incorrect in mod_wl_ohs.conf under $IAS_ORACLE_HOME/instances/EBS_web_<SID>_OHS<Active OHS number>/config/OHS/EBS_web_<SID>
Rectify the port information and bounce the EBS services. That resolved the issue.
[apdbadev@apdbasrv02 EBS_web_SUFDEV]$ diff mod_wl_ohs.conf.071316 mod_wl_ohs.conf
57c57
< WebLogicCluster apdbasrv02.apdba-blogspot.com:6896,orap02.apdba-blogspot.com:6803
> WebLogicCluster apdbasrv02.apdba-blogspot.com:6898
62c62
< WebLogicCluster apdbasrv02.apdba-blogspot.com:6896,orap02.apdba-blogspot.com:6803
> WebLogicCluster apdbasrv02.apdba-blogspot.com:6898
68c68
< WebLogicCluster apdbasrv02.apdba-blogspot.com:6896,orap02.apdba-blogspot.com:6803
> WebLogicCluster apdbasrv02.apdba-blogspot.com:6898
Scenario #5
OID/OAM issue: If OAM is configured with EBS and you see errors like below while opening https://oracleoamtest.apdba.com (although EBS non-SSO link https://oracletest.apdba.com/OA_HTML/AppsLocalLogin.jsp is working fine)
Cause/Solution:
Please check the following –
1. OAM and IDM services are up and running
2. Web OPMN services are up
cd $ORACLE_INSTANCE/bin
opmnctl status -l
Ideally, any SSO user will be able to login into EBS if it meets all the below criteria -
a. User exists in both EBS FND_USER and OID (USER_NAME in FND_USER table matches with UID attribute in OID)
b. The profile option “Applications SSO Login Types” at Site level is set to “Both”.
c. Make sure “Local” is Not Set at user level as this will override the site level value.
d. The user_guid in FND_USER table corresponding to the user is NULL.
e. Profile Option Applications SSO User Auto Link is set to enabled
f. Make sure user is not end dated in EBS (END_DATE in FND_USER table)
Scenario #2 User is able to login into EBS through SSO although “Applications SSO Login Types” is set to “Local” at user level
a. What happened here is the first time user logged in, the user_guid got synced in FND_USER with that in ldap and “Applications SSO Login Types” was set to “Both” at Site level.
b. However later someone might have updated the “Applications SSO Login Types” to “Local” for the user.
c. So, currently although the profile option “Applications SSO Login Types” at user level is set to “Local”, user is able to log in since user_guid in FND_USER is mapped with orclguid in ldap.
Scenario #3 User may face issue while accessing EBS through SSO - “Your Oracle EBS account has not been linked with SSO account”
Cause/Solution:
This may happen when –
a. The profile option “Applications SSO Login Types” at user level is set to “Local”.
b. User_guid for that user is NULL in FND_USER table in EBS
APDDEV oracle is getting redirected to production url after SSO authentication and user is not able to access APDDEV through SSO. The same configuration is working fine for APDTST both being configured with same OAM/OID.
Cause/Solution:
In brief, https://oracledev.apdba.com is getting redirected to SSO link https://oracleoamtest.apdba.com/oam as expected
However, after SSO authentication, it’s getting routed to https://oracle.apdba.com instead of https://oracledev.apdba.com
The accessgate port was incorrect in mod_wl_ohs.conf under $IAS_ORACLE_HOME/instances/EBS_web_<SID>_OHS<Active OHS number>/config/OHS/EBS_web_<SID>
Rectify the port information and bounce the EBS services. That resolved the issue.
[apdbadev@apdbasrv02 EBS_web_SUFDEV]$ diff mod_wl_ohs.conf.071316 mod_wl_ohs.conf
57c57
< WebLogicCluster apdbasrv02.apdba-blogspot.com:6896,orap02.apdba-blogspot.com:6803
> WebLogicCluster apdbasrv02.apdba-blogspot.com:6898
62c62
< WebLogicCluster apdbasrv02.apdba-blogspot.com:6896,orap02.apdba-blogspot.com:6803
> WebLogicCluster apdbasrv02.apdba-blogspot.com:6898
68c68
< WebLogicCluster apdbasrv02.apdba-blogspot.com:6896,orap02.apdba-blogspot.com:6803
> WebLogicCluster apdbasrv02.apdba-blogspot.com:6898
Scenario #5
OID/OAM issue: If OAM is configured with EBS and you see errors like below while opening https://oracleoamtest.apdba.com (although EBS non-SSO link https://oracletest.apdba.com/OA_HTML/AppsLocalLogin.jsp is working fine)
Please check the following –
1. OAM and IDM services are up and running
2. Web OPMN services are up
opmnctl status -l
3. Check if Access gate is deployed in EBS and services are up and running.
a. First check the port on which access gate is running.
b. Now check if services are running on that port or not.
OR
wget apdbasrv02.apdba.com:6802/accessgate/OAMLogin.jsp
c. You can also check the url from front end –
http://apdbasrv02.apdba.com:6802/accessgate/OAMLogin.jsp
d. If you see the services are not running,
Re-ran below script to deploy accessgate again
perl $AD_TOP/patch/115/bin/adProvisionEBS.pl ebs-create-oaea_resources -contextfile=$CONTEXT_FILE -deployApps=accessgate -SSOServerURL=https://oracleoamtest.apdba.com:443 -logfile=/tmp/deployeag_dep.log3
Next, you need to bring up the oaea_server1 managed service from EBS weblogic console
Go to http://apdbasrv02.apdba.com:7002/console and start the oaea_server1 managed service
Click on Yes.
This should resolve the issues.
Subscribe to:
Post Comments
(
Atom
)
No comments :
Post a Comment
Note: only a member of this blog may post a comment.