Visit the Below Website to access unlimited exam questions for all IT vendors and Get Oracle Certifications for FREE
http://www.free-online-exams.com
http://www.free-online-exams.com
Problem:
Basic checks for user integration when using Oracle E-Business Suite 11i with Oracle AS 10g
Symptoms:
When integrating eBiz with SSO, the user record is stored in both OID and eBiz. Issues with user login problems can be due to either the user record not being provisioned/created in either OID or eBiz, or the linking of the user account between these two data sources
This document describes some basic checks you can perform to confirm the nature and extent of a user login problem, so you may find useful if you have issues with user provisioning or a user cannot login to eBusiness suite and/or SSO
Solution:
Software Requirements/Prerequisites
This note is for customers who have implemented E-Business integration with AS10g SSO as described in note 233436.1 Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i
Configuring the Script
No special steps required
Running the Script
1. Confirm if the user can login to OIDDAS
This will check the basic SSO username/password is functioning
Use the following URL to login as the specific user that is having difficulties
http://OID_host.domain:port/oiddas
2. Confirm if the user can login to eBiz locally
NOTE - this will only work if the user has been configured to login locally
Use the following URL to login as the specific user that is having difficulties
http://eBiz_host.domain:port/OA_HTML/AppsLocalLogin.jsp
3. Run the following SQL against the eBiz database
This script will list the most relevant information about the user from the eBiz user repository (FND_USER)
REM
REM START OF SQL
REM
set echo on
set timing on
set feedback on
set pagesize 132
set linesize 100
col user_id form 9999999999
col user_name form a30
col start_date form a12
col end_date form a12
col user_guid form a90
col encrypted_foundation_password form a12
col encrypted_user_password form a12
select
user_id,
user_name,
to_char(start_date, 'DD-MON-RRRR') start_date,
decode(end_date,NULL,'*** NULL ***',to_char(end_date, 'DD-MON-RRRR') ) end_date,
decode(encrypted_foundation_password, 'EXTERNAL', 'EXTERNAL', 'LOCAL_LOGIN') encrypted_foundation_password,
decode(encrypted_user_password,'EXTERNAL', 'EXTERNAL', 'LOCAL_LOGIN') encrypted_user_password,
decode(user_guid,NULL, '*** NULL ***',user_guid) user_guid
from fnd_user
where user_name like upper('%&enter_username%')
order by user_name
/
REM
REM END OF SQL
REM
Interpretation of the output
• start_date should be todays date or earlier
• end_date should be NULL or later than todays date
• if the user password is set to EXTERNAL, this user can only login to eBiz via SSO
4. Run the following script from the Infrastructure node
#####################################################################
### START OF SCRIPT : ldapsearch_appsuser.sh ###
#####################################################################
##
(
echo "****************************************************"
date
echo "****************************************************"
if [ "$OIDManagerName" == "" ]; then
echo -n "Please enter the OID Manager username (default=orcladmin) : "
read OIDManagerName
fi
if [ "$OIDManagerName" == "" ]; then
OIDManagerName="orcladmin"
fi
echo "you entered " $OIDManagerName
if [ "$OIDManagerPasswd" == "" ]; then
echo -n "Please enter the OID Manager password : "
read OIDManagerPasswd
fi
if [ "$Host" == "" ]; then
echo -n "Please enter the OID Server hostname (default=`eval hostname` ) : "
read Host
fi
if [ "$Host" == "" ]; then
Host=`eval hostname`
fi
echo "you entered " $Host
if [ "$Port" == "" ]; then
echo -n "Please enter the OID Server Port (default=389) : "
read Port
fi
if [ "$Port" == "" ]; then
Port="389"
fi
echo "you entered " $Port
if [ "$AppsUser" == "" ]; then
echo -n "Please enter the Applications username (default=all) : "
read AppsUser
echo "you entered " ${AppsUser}
fi
if [ "$AppsUser" == "" ]; then
echo "you entered all users"
fi
### The following lines are the read work of the script
ldapsearch -v -h "${Host}" -p ${Port} -D "cn=${OIDManagerName}" -w "${OIDManagerPasswd}" -b "" -s sub "uid=${AppsUser}*" uid orclguid orclactivestartdate orclactiveenddate orclisenabled
###
echo "***********************************************"
###
ldapsearch -v -h "${Host}" -p ${Port} -D "cn=${OIDManagerName}" -w "${OIDManagerPasswd}" -b "cn=Provisioning Profiles, cn=Changelog Subscriber, cn=Oracle Internet Directory" -s sub "objectclass=*"
###
) 2>&1 | tee -a mzLdapAppsUser.out
##
#####################################################################
### END OF SCRIPT ###
#####################################################################
Interpretation of the output
• orclisenabled should be ENABLED
• orclactivestartdate should be todays date or earlier
• orclactiveenddate should have no value
• orclguid should be same as FND_USER user_guid from step (3) above
5. Run the following SQL against the eBiz database to check the relevant profile options
REM
REM START OF SQL
REM
set echo on
set feedback on
set pagesize 132
set linesize 120
column SHORT_NAME format A30
column NAME format A40
column LEVEL_SET format a15
column CONTEXT format a30
column VALUE format A60 wrap
--
select p.profile_option_name SHORT_NAME,
n.user_profile_option_name NAME,
decode(v.level_id,
10001, 'Site',
10002, 'Application',
10003, 'Responsibility',
10004, 'User',
10005, 'Server',
'UnDef') LEVEL_SET,
decode(to_char(v.level_id),
'10001', '',
'10002', app.application_short_name,
'10003', rsp.responsibility_key,
'10005', svr.node_name,
'10006', org.name, '10004', usr.user_name,
'UnDef') "CONTEXT",
v.profile_option_value VALUE
from fnd_profile_options p,
fnd_profile_option_values v,
fnd_profile_options_tl n,
fnd_user usr,
fnd_application app,
fnd_responsibility rsp,
fnd_nodes svr,
hr_operating_units org
where p.profile_option_id = v.profile_option_id (+)
and p.profile_option_name = n.profile_option_name
and n.language = 'US'
and upper(p.profile_option_name) in (
'APPS_SSO',
'APPLICATIONS_HOME_PAGE',
'APPS_LOCAL_LOGIN_URL',
'APPS_PORTAL',
'APPS_PORTAL_LOGOUT',
'APPS_SSO_AUTO_LINK_USER',
'APPS_SSO_LINK_SAME_NAMES',
'APPS_SSO_ALLOW_MULTIPLE_ACCOUNTS',
'APPS_SSO_LOCAL_LOGIN',
'APPS_LOCAL_CHANGE_PWD_URL',
'APPS_SSO_CHANGE_PWD_URL',
'APPS_SSO_LDAP_SYNC',
'APPS_SSO_OID_IDENTITY',
'APPS_SSO_FORGOT_PWD_URL',
'APPS_SSO_LISTENER_TOKEN',
'APPS_DATABASE_ID',
'PASSWORD_CASE_OPTION',
'SIGNON_PASSWORD_CASE',
'SIGNON_PASSWORD_LENGTH',
'APPS_PORTAL_MODPLSQL_URL',
'APPS_SSO_MODPLSQL_URL',
'APPS_SSO_POSTLOGOUT_HOME_URL',
'APPS_AUTH_AGENT',
'APPS_AUTH_FORGOT_PASSWORD_LINK')
and usr.user_id (+) = v.level_value
and rsp.application_id (+) = v.level_value_application_id
and rsp.responsibility_id (+) = v.level_value
and app.application_id (+) = v.level_value
and svr.node_id (+) = v.level_value
and org.organization_id (+) = v.level_value
order by user_profile_option_name, level_set;
REM
REM END OF SQL
REM
Interpretation of the output
• APPS_SSO should be either SSWA_SSO or SSO_SDK
• APPS_LOCAL_LOGIN_URL should only be set at SITE level
• APPS_PORTAL should only be set at SITE level
• APPS_SSO_LOCAL_LOGIN normally set to SSO or BOTH for a user
• APPS_SSO_LDAP_SYNC should be set to "Y" at SITE level
References:
Basic checks for user integration when using Oracle E-Business Suite 11i with Oracle AS 10g [ID 444573.1]
NOTE:233436.1 - Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i
NOTE:261914.1 - Integrating Oracle E-Business Suite Release 11i with Oracle Internet Directory and Oracle Single Sign-On
NOTE:295606.1 - Oracle Application Server 10g with Oracle E-Business Suite Release 11i Troubleshooting
Basic checks for user integration when using Oracle E-Business Suite 11i with Oracle AS 10g
Symptoms:
When integrating eBiz with SSO, the user record is stored in both OID and eBiz. Issues with user login problems can be due to either the user record not being provisioned/created in either OID or eBiz, or the linking of the user account between these two data sources
This document describes some basic checks you can perform to confirm the nature and extent of a user login problem, so you may find useful if you have issues with user provisioning or a user cannot login to eBusiness suite and/or SSO
Solution:
Software Requirements/Prerequisites
This note is for customers who have implemented E-Business integration with AS10g SSO as described in note 233436.1 Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i
Configuring the Script
No special steps required
Running the Script
1. Confirm if the user can login to OIDDAS
This will check the basic SSO username/password is functioning
Use the following URL to login as the specific user that is having difficulties
http://OID_host.domain:port/oiddas
2. Confirm if the user can login to eBiz locally
NOTE - this will only work if the user has been configured to login locally
Use the following URL to login as the specific user that is having difficulties
http://eBiz_host.domain:port/OA_HTML/AppsLocalLogin.jsp
3. Run the following SQL against the eBiz database
This script will list the most relevant information about the user from the eBiz user repository (FND_USER)
REM
REM START OF SQL
REM
set echo on
set timing on
set feedback on
set pagesize 132
set linesize 100
col user_id form 9999999999
col user_name form a30
col start_date form a12
col end_date form a12
col user_guid form a90
col encrypted_foundation_password form a12
col encrypted_user_password form a12
select
user_id,
user_name,
to_char(start_date, 'DD-MON-RRRR') start_date,
decode(end_date,NULL,'*** NULL ***',to_char(end_date, 'DD-MON-RRRR') ) end_date,
decode(encrypted_foundation_password, 'EXTERNAL', 'EXTERNAL', 'LOCAL_LOGIN') encrypted_foundation_password,
decode(encrypted_user_password,'EXTERNAL', 'EXTERNAL', 'LOCAL_LOGIN') encrypted_user_password,
decode(user_guid,NULL, '*** NULL ***',user_guid) user_guid
from fnd_user
where user_name like upper('%&enter_username%')
order by user_name
/
REM
REM END OF SQL
REM
Interpretation of the output
• start_date should be todays date or earlier
• end_date should be NULL or later than todays date
• if the user password is set to EXTERNAL, this user can only login to eBiz via SSO
4. Run the following script from the Infrastructure node
#####################################################################
### START OF SCRIPT : ldapsearch_appsuser.sh ###
#####################################################################
##
(
echo "****************************************************"
date
echo "****************************************************"
if [ "$OIDManagerName" == "" ]; then
echo -n "Please enter the OID Manager username (default=orcladmin) : "
read OIDManagerName
fi
if [ "$OIDManagerName" == "" ]; then
OIDManagerName="orcladmin"
fi
echo "you entered " $OIDManagerName
if [ "$OIDManagerPasswd" == "" ]; then
echo -n "Please enter the OID Manager password : "
read OIDManagerPasswd
fi
if [ "$Host" == "" ]; then
echo -n "Please enter the OID Server hostname (default=`eval hostname` ) : "
read Host
fi
if [ "$Host" == "" ]; then
Host=`eval hostname`
fi
echo "you entered " $Host
if [ "$Port" == "" ]; then
echo -n "Please enter the OID Server Port (default=389) : "
read Port
fi
if [ "$Port" == "" ]; then
Port="389"
fi
echo "you entered " $Port
if [ "$AppsUser" == "" ]; then
echo -n "Please enter the Applications username (default=all) : "
read AppsUser
echo "you entered " ${AppsUser}
fi
if [ "$AppsUser" == "" ]; then
echo "you entered all users"
fi
### The following lines are the read work of the script
ldapsearch -v -h "${Host}" -p ${Port} -D "cn=${OIDManagerName}" -w "${OIDManagerPasswd}" -b "" -s sub "uid=${AppsUser}*" uid orclguid orclactivestartdate orclactiveenddate orclisenabled
###
echo "***********************************************"
###
ldapsearch -v -h "${Host}" -p ${Port} -D "cn=${OIDManagerName}" -w "${OIDManagerPasswd}" -b "cn=Provisioning Profiles, cn=Changelog Subscriber, cn=Oracle Internet Directory" -s sub "objectclass=*"
###
) 2>&1 | tee -a mzLdapAppsUser.out
##
#####################################################################
### END OF SCRIPT ###
#####################################################################
Interpretation of the output
• orclisenabled should be ENABLED
• orclactivestartdate should be todays date or earlier
• orclactiveenddate should have no value
• orclguid should be same as FND_USER user_guid from step (3) above
5. Run the following SQL against the eBiz database to check the relevant profile options
REM
REM START OF SQL
REM
set echo on
set feedback on
set pagesize 132
set linesize 120
column SHORT_NAME format A30
column NAME format A40
column LEVEL_SET format a15
column CONTEXT format a30
column VALUE format A60 wrap
--
select p.profile_option_name SHORT_NAME,
n.user_profile_option_name NAME,
decode(v.level_id,
10001, 'Site',
10002, 'Application',
10003, 'Responsibility',
10004, 'User',
10005, 'Server',
'UnDef') LEVEL_SET,
decode(to_char(v.level_id),
'10001', '',
'10002', app.application_short_name,
'10003', rsp.responsibility_key,
'10005', svr.node_name,
'10006', org.name, '10004', usr.user_name,
'UnDef') "CONTEXT",
v.profile_option_value VALUE
from fnd_profile_options p,
fnd_profile_option_values v,
fnd_profile_options_tl n,
fnd_user usr,
fnd_application app,
fnd_responsibility rsp,
fnd_nodes svr,
hr_operating_units org
where p.profile_option_id = v.profile_option_id (+)
and p.profile_option_name = n.profile_option_name
and n.language = 'US'
and upper(p.profile_option_name) in (
'APPS_SSO',
'APPLICATIONS_HOME_PAGE',
'APPS_LOCAL_LOGIN_URL',
'APPS_PORTAL',
'APPS_PORTAL_LOGOUT',
'APPS_SSO_AUTO_LINK_USER',
'APPS_SSO_LINK_SAME_NAMES',
'APPS_SSO_ALLOW_MULTIPLE_ACCOUNTS',
'APPS_SSO_LOCAL_LOGIN',
'APPS_LOCAL_CHANGE_PWD_URL',
'APPS_SSO_CHANGE_PWD_URL',
'APPS_SSO_LDAP_SYNC',
'APPS_SSO_OID_IDENTITY',
'APPS_SSO_FORGOT_PWD_URL',
'APPS_SSO_LISTENER_TOKEN',
'APPS_DATABASE_ID',
'PASSWORD_CASE_OPTION',
'SIGNON_PASSWORD_CASE',
'SIGNON_PASSWORD_LENGTH',
'APPS_PORTAL_MODPLSQL_URL',
'APPS_SSO_MODPLSQL_URL',
'APPS_SSO_POSTLOGOUT_HOME_URL',
'APPS_AUTH_AGENT',
'APPS_AUTH_FORGOT_PASSWORD_LINK')
and usr.user_id (+) = v.level_value
and rsp.application_id (+) = v.level_value_application_id
and rsp.responsibility_id (+) = v.level_value
and app.application_id (+) = v.level_value
and svr.node_id (+) = v.level_value
and org.organization_id (+) = v.level_value
order by user_profile_option_name, level_set;
REM
REM END OF SQL
REM
Interpretation of the output
• APPS_SSO should be either SSWA_SSO or SSO_SDK
• APPS_LOCAL_LOGIN_URL should only be set at SITE level
• APPS_PORTAL should only be set at SITE level
• APPS_SSO_LOCAL_LOGIN normally set to SSO or BOTH for a user
• APPS_SSO_LDAP_SYNC should be set to "Y" at SITE level
References:
Basic checks for user integration when using Oracle E-Business Suite 11i with Oracle AS 10g [ID 444573.1]
NOTE:233436.1 - Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i
NOTE:261914.1 - Integrating Oracle E-Business Suite Release 11i with Oracle Internet Directory and Oracle Single Sign-On
NOTE:295606.1 - Oracle Application Server 10g with Oracle E-Business Suite Release 11i Troubleshooting
No comments:
Post a Comment