In Oracle : Implement Single Sign-On (SSO) for Oracle Apps 11i

Oracle Applications EBS 11i, R12      Oracle Database      Data Warehouse & BI      Oracle Middleware      PL/SQL      Linux ...

Oracle Applications EBS

Oracle Apps 11i DBA (I) Oracle Apps 11i DBA (II) Oracle Apps 11i DBA (III) Oracle Apps 11i Sys Admin UPGRADE 11i Apps to R12 Oracle Apps R12 DBA

The last articles in the site (HOT)

The most visited articles in the site

In-Oracle.com  -> Oracle Applications (apps)  -> 11i

-> Implement Single Sign-On (SSO) for Oracle Apps 11i

 Implement Single Sign-On (SSO) for Oracle Apps 11i

 

 

1. Install Oracle Identity Management Infrastructure 10g (10.1.4)

2. Install E-Business Suite SSO 10g Integration Patch

 

 

1. Install Oracle Identity Management Infrastructure 10g (10.1.4)

 

For more information about this click here: Install Oracle Identity Management Infrastructure 10g

 

2. Install E-Business Suite SSO 10g Integration Patch

 

NOTE: The following steps are specific for Oracle Linux, and EBS 11.5.10.2. 

 

a) Apply 5903765: 11i.ATG_PF.H.RUP6. For more details click here: Apply 5903765: 11i.ATG_PF.H.RUP6.

 

b) Apply Patch 5502871: afscssodmz.sql fails when SSOSDK schema absent while applying 4775907

 

 

c) Apply Patch 6117031: 11i.ATG_PF.H RUP6 SSO 10g Integration

 

    For cheching if all the prerequisite patches are installed you can run AutoPatch using prerequisite checking:

    $ adpatch options=prereq

 

 

d) Use AD Administration (adadmin) and complete the following tasks

    - Generate message files

    - Compile APPS schema(s)

    - Compile flexfield data in AOL tables

    - Compile Menu Information

 

    Restart the middle tier services. 

 

e) Check the connection to the apps database

sqlplus <apps user>/<apps password>@<apps Db alias>

f) Run the Registration script: A perl script is used to register Oracle E-Business Suite instance with Oracle Single Sign-On and Oracle Internet Directory. This registration process allows the E-Business Suite to delegate user authentication to Oracle Single Sign-On, and for user information to be synchronized between Oracle Internet Directory and the E-Business Suite. 

On UNIX, you can split the command over multiple command lines, by entering the '\' continuation character followed by <Return>. Execute the following command if you want to use the default (simple) registration that uses the bidirectional provisioning template, ProvBiDirection.tmp:

[applmgr@apps bin]$ which txkrun.pl
/APPS_MI/visappl/fnd/11.5.0/bin/txkrun.pl


[applmgr@apps bin]$ txkrun.pl -script=SetSSOReg
Enter the host name where Oracle iAS Infrastructure database is installed ? mw.localdomain
Enter the Oracle iAS Infrastructure database port number ? 1521
Enter the Oracle iAS Infrastructure database SID ? oasdb1
Enter the LDAP Port on Oracle Internet Directory server ? 389
Enter Oracle E-Business apps database user password ? apps
Enter Oracle iAS Infrastructure database ORASSO schema password ? orasso
Enter Oracle E-Business SYSTEM database user password ? manager
Enter E-Business Suite existing SSOSDK schema password or choose a password to use with the new SSOSDK schema if the schema does not exist ? ssosdk
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? q1234
Enter the instance password that you would like to register this application instance with ? q1234
*** ALL THE FOLLOWING FILES ARE REQUIRED FOR RESOLVING RUNTIME ERRORS
*** Log File = /APPS_MI/viscomn/rgf/VIS_apps/sso/txkSetSSOReg_Sun_Apr_27_14_31_16_2008.log
Program : /APPS_MI/visappl/fnd/11.5.0/patch/115/bin/txkSetSSOReg.pl started @ Sun Apr 27 14:37:57 2008

*** Log File = /APPS_MI/viscomn/rgf/VIS_apps/sso/txkSetSSOReg_Sun_Apr_27_14_31_16_2008.log

######################## WARNING ########################################
This application works with SSOSDK version 9.0.2 or higher. If lower version
(3.0.9) of SSOSDK was installed in your system and you have a registered
partner application, this process will remove the 3.0.9 version of the SSOSDK
schema and install the 9.0.2 version.
######################## WARNING ########################################
Beginning input parameter validation for SSO registration.
Beginning loading SSO SDK into database if necessary.
Loading of SSO SDK into database completed successfully.
Input parameter validation for SSO registration completed.
Beginning input parameter validation for OID registration.
Input parameters validation for OID registration completed.

BEGIN SSO REGISTRATION:

Beginning to register partner application.
Partner application has been registered successfully.
Single Sign-On partner application registered successfully.


BEGIN OID REGISTRATION:

Beginning to register Application and Service containers if necessary.
Application and Service containers were created successfully.
Beginning to register application in Oracle Internet Directory.
Registration of application in Oracle Internet Directory completed successfully.
Beginning to register instance password in Oracle Internet Directory.
Registration of instance password in Oracle Internet Directory completed successfully.
Beginning to test application registration in Oracle Internet Directory.
Testing of application registration in Oracle Internet Directory completed successfully.
Beginning to register provisioning profile in Oracle Internet Directory.
Registration of provisioning profile in Oracle Internet Directory completed successfully.
Application is now registered successfully with provisioning in Oracle Internet Directory.
End of /APPS_MI/visappl/fnd/11.5.0/patch/115/bin/txkSetSSOReg.pl : No Errors encountered

 

NOTES: 

  • LDAP port on Oracle Internet Directory server could be found in $ORACLE_HOME/install/portlist.ini

  • To know the orasso password you can run:

set Infra $ORACLE_HOME 

$ORACLE_HOME/bin/ldapsearch -h <oid_host> -p <oid_port> -D "cn=orcladmin" \
-w <orcladmin_password> -b "cn=IAS,cn=Products,cn=OracleContext" \
-s sub \
-v "OrclresourceName=orasso"|grep orclpasswordattribute

$ORACLE_HOME/bin/ldapsearch -h linux1.localdomain -p 389 -D "cn=orcladmin" \
-w q1234 -b "cn=IAS,cn=Products,cn=OracleContext" \
-s sub \
-v "OrclresourceName=orasso"|grep orclpasswordattribute

  • Certain product families in the E-Business Suite require product-specific patches to enable use of Single Sign-On functionality. After you have applied the patches required for the Single Sign-On technology stack, you must perform the relevant product-specific tasks. For more details please see the Metalink note 233436.1: Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i

  • if ORASSO database account password is changed on the database (OAS Infrastructure database) after the installation of the OAS, chis change must be done in $ORACLE_HOME/Apache/modplsql/conf/dads.conf:

<Location pls/orasso>

      SetHandler pls_handler
      Order deny,allow
      Allow from All
      AllowOverride None
      PlsqlDatabaseUsername orasso
      PlsqlDatabasePassword orasso
      PlsqlDatabaseConnectString cn=oasdb,cn=oraclecontext NetServiceNameFormat
      PlsqlNLSLanguage AMERICAN_AMERICA.AL32UTF8
      PlsqlAuthenticationMode SingleSignOn
      PlsqlSessionCookieName orasso
      PlsqlDocumentTablename orasso.wwdoc_document
      PlsqlDocumentPath docs
      PlsqlDocumentProcedure orasso.wwdoc_process.process_download
      PlsqlDefaultPage orasso.home
      PlsqlPathAlias url
      PlsqlPathAliasProcedure orasso.wwpth_api_alias.process_download
</Location>

  • If you connect to the http://<OAS Infrastructure Host>:<Web server port>/pls/orasso/orasso.home you must see the Oracle applications registered with the SSO:

Implement Single Sign-On (SSO) for Oracle Apps 11i

 

 

 

In-Oracle.com  -> Oracle Applications (apps)  -> 11i 

-> Implement Single Sign-On (SSO) for Oracle Apps 11i

Oracle Applications EBS 11i, R12      Oracle Database      Data Warehouse & BI      Oracle Middleware      PL/SQL      Linux ...

 

     Copyright (c) 2011-2015  www.in-oracle.com  |  Disclaimer: The views expressed on this web site are my own and do not reflect the views of Oracle Corporation. You may use the information from this site only at your risk.