Following procedure shows registering Oracle E-Business suite R12 with OID and enabling SSO. This is based on metalink note ID 376811.1
There are three components that can be registered or de-registered in Release 12 with the SSO/OID registration utility. The utility automatically detects the registered components and performs registration for the un-registered components. So there is no need to pass individual registration arguments.
SSO-OID Registration can be done using a single command (Section 1.1). Even though it can be done in a single command it is divided into three parts.
- Oracle Home Registration.
- SSO Registration.
- OID Registration.
Here we will see registering each component individually.
Also we need to have Oracle Application server 10g installed before proceeding for OID/SSO registration. Here are the list of component and supported version.
Components
Oracle E-Business Suite R12
The following components must be used on the E-Business Suite instance:
| Component Name | Release |
|---|---|
| Oracle E-Business Suite Release 12 | 12.0.0 |
| Oracle 10g Application Server | 10.1.2 |
| Oracle 10g Application Server | 10.1.3 |
| Oracle Developer 10g (includes Oracle Forms) | 10.1.2 |
Oracle Application Server 10g Enterprise Edition
The following Oracle Application Server 10g Enterprise Edition components must be used on the standalone instance:
| Component Name | Release |
|---|---|
| Oracle Application Server 10g Enterprise Edition | 10.1.2.0.2 |
| Oracle Single Sign-On 10g | 10.1.2.0.2 |
| Oracle Internet Directory 10g | 10.1.2.0.2 |
| Oracle Portal 10g (optional) | 10.1.4 |
| Oracle Discoverer 10g (optional) | 10.1.2.0.2 |
Before registering make sure to change the following profiles with the values give as below.
- Applications SSO Type: SSWAw/SSO
- Applications SSO Auto Link User: Enable
- Applications SSO Login Types: Both
- Application SSO LDAP Synchronization: Enable
- Applications SSO Enable OID Identity Add Event: Enable
- Link Applications user with OID user with same username: Enable
Once the profiles are set, go ahead with OID/SSO registration.
Registering with OID/SSO
Oracle Home Registration
bash-2.05$ $FND_TOP/bin/txkrun.pl \
> -script=SetSSOReg \
> -registerinstance=yes
You are registering ORACLE HOME only.
Enter the host name where Oracle iAS Infrastructure database is installed ? ocvmrh2119.us.oracle.com
Enter the LDAP Port on Oracle Internet Directory server ? 389
Enter SSL LDAP Port on Oracle Internet Directory server ? 636
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? welcome1
Enter Oracle E-Business apps database user password ? apps
*** Log File = /dy/oracle/product/test12/inst/apps/test12_ap101fam/logs/appl/rgf/TXK/
txkSetSSOReg_Wed_Jun_20_05_14_34_2007.xml
Beginning input parameter validation for Oracle Home Instance registration.
Input parameter validation for Oracle Home Instance registration completed.
BEGIN ORACLE HOME INSTANCE REGISTRATION:
Oracle Home Instance preferences stored successfully.
Oracle Home Instance registered successfully.
End of /dy/oracle/product/test12/apps/apps_st/appl/fnd/12.0.0/patch/115/bin/
txkSetSSOReg.pl : No Errors encountered
SSO Registration
bash-2.05$ $FND_TOP/bin/txkrun.pl \
> -script=SetSSOReg \
> -registersso=yes
You are registering this instance with SSO Server.
Enter Oracle E-Business apps database user password ? apps
*** Log File = /dy/oracle/product/test12/inst/apps/test12_ap101fam/logs/appl/rgf/TXK/
txkSetSSOReg_Wed_Jun_20_05_16_22_2007.xml
Beginning input parameter validation for SSO registration.
Input parameter validation for SSO registration completed.
BEGIN SSO REGISTRATION:
Beginning to register partner application.
Partner application has been registered successfully.
Configuration file uploaded successfully.
Single Sign-On partner application registered successfully.
End of /dy/oracle/product/test12/apps/apps_st/appl/fnd/12.0.0/patch/115/bin/
txkSetSSOReg.pl : No Errors encountered
OID Registration
bash-2.05$ $FND_TOP/bin/txkrun.pl \
> -script=SetSSOReg \
> -registeroid=yes
You are registering this instance with OID Server.
Enter LDAP Host name ? ocvmrh2119.us.oracle.com
Enter the LDAP Port on Oracle Internet Directory server ? 389
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? welcome1
Enter the instance password that you would like to register this application instance with ? welcome1
Enter Oracle E-Business apps database user password ? apps
*** Log File = /dy/oracle/product/test12/inst/apps/test12_ap101fam/logs/appl/rgf/TXK/
txkSetSSOReg_Wed_Jun_20_05_17_54_2007.xml
Beginning input parameter validation for OID registration.
Input parameters validation for OID registration completed.
BEGIN OID REGISTRATION:
Beginning to register Application and Service containers if necessary.
Application and Service containers were created successfully if necessary.
Beginning to register application in Oracle Internet Directory.
Registration of application in Oracle Internet Directory completed successfully.
-> LOADING: /dy/oracle/product/test12/apps/apps_st/appl/fnd/12.0.0/admin/template
/AppsOIDRegistration.tmp
Beginning to register provisioning profile in Oracle Internet Directory.
Registration of provisioning profile in Oracle Internet Directory completed successfully.
Application is now registered successfully with provisioning in Oracle Internet Directory.
End of /dy/oracle/product/test12/apps/apps_st/appl/fnd/12.0.0/patch/115/bin/
txkSetSSOReg.pl : No Errors encountered
Users are automatically synched up from local repository to OID repository. So when you create a user in local using AppsLocalLogin.jsp it will be automatically reflected in SSO.
Try to login to AppsLocalLogin.jsp and create a new user. Please note that if you dont give any numeric value in password then you may encounter following error.
Unable to call fnd_ldap_wrapper.create_user due to the following reason:
.
ORA-20001: Unable to call fnd_ldap_wrapper.create_user due to the following
reason:
An unexpected error occurred. Please contact your System Administrator
Example if you give your password as welcome, then you may get above error. For this, you need to give a numberic value in your password like welcome1. This behaviour is because while creating users in Apps (even via Forms) by logging via AppsLocalLogin.jsp, it will send the user to OID. In attempting to do so, it will check the OID’s password policies. According to the policies, a password should be alpha numeric.
De-Registrating OID/SSO
Deregister OID
bash-2.05$ $FND_TOP/bin/txkrun.pl \
> -script=SetSSOReg \
> -deregisteroid=yes
You are deregistering this instance from OID Server.
===============================================================
WARNING: You have selected to deregister individual components.
This might leave some components still at registered state
which might create inconsistencies at run time.
It is recommended that you use “-deregister=Yes” to completely deregister
the Oracle EBusiness instance from OID server
OR
Individually deregister components using “-deregisteroid=Yes”,
”-deregistersso=Yes” and “-deregisterinstance=Yes”.
===============================================================
Enter Oracle E-Business apps database user password ? apps
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? welcome1
*** Log File = /dy/oracle/product/test12/inst/apps/test12_ap101fam/logs/appl/rgf/TXK/
txkSetSSOReg_Thu_Jun_21_00_12_25_2007.xml
Beginning input parameter validation for OID de-registration.
Input parameters validation for OID de-registration completed.
BEGIN OID DE-REGISTRATION:
Beginning to delete provisioning profile for this application.
Provisioning profile for this application has been deleted successfully.
Beginning to de-register this application from Oracle Internet Directory.
This application has been de-registered successfully from Oracle Internet Directory.
-> LOADING: /dy/oracle/product/test12/apps/apps_st/appl/fnd/12.0.0/admin/template
/AppsOIDDeRegistration.tmp
Removing OID References Started.
Removing OID References Completed Successfully.
OID DE-REGISTRATION COMPLETED.
End of /dy/oracle/product/test12/apps/apps_st/appl/fnd/12.0.0/patch/115/bin/
txkSetSSOReg.pl : No Errors encountered
Deregister SSO
bash-2.05$ $FND_TOP/bin/txkrun.pl \
> -script=SetSSOReg \
> -deregistersso=yes
You are deregistering this instance from SSO Server.
===============================================================
WARNING: You have selected to deregister individual components.
This might leave some components still at registered state
which might create inconsistencies at run time.
It is recommended that you use “-deregister=Yes” to completely deregister
the Oracle EBusiness instance from OID server
OR
Individually deregister components using “-deregisteroid=Yes”,
”-deregistersso=Yes” and “-deregisterinstance=Yes”.
===============================================================
Enter Oracle E-Business apps database user password ? apps
*** Log File = /dy/oracle/product/test12/inst/apps/test12_ap101fam/logs/appl/rgf/TXK/
txkSetSSOReg_Thu_Jun_21_00_14_52_2007.xml
Beginning input parameter validation for SSO de-registration.
Input parameters validation for SSO de-registration completed.
BEGIN SSO DE-REGISTRATION:
Partner application registered with SSO Server and will be de-registered.
Partner application has been de-registered successfully.
Configuration file deleted successfully.
SSO DE-REGISTRATION COMPLETED.
End of /dy/oracle/product/test12/apps/apps_st/appl/fnd/12.0.0/patch/115/bin/
txkSetSSOReg.pl : No Errors encountered
Deregister Instance
bash-2.05$ $FND_TOP/bin/txkrun.pl \
> -script=SetSSOReg \
> -deregisterinstance=yes
You are deregistering ORACLE HOME only.
===============================================================
WARNING: You have selected to deregister individual components.
This might leave some components still at registered state
which might create inconsistencies at run time.
It is recommended that you use “-deregister=Yes” to completely deregister
the Oracle EBusiness instance from OID server
OR
Individually deregister components using “-deregisteroid=Yes”,
”-deregistersso=Yes” and “-deregisterinstance=Yes”.
===============================================================
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? welcome1
Enter Oracle E-Business apps database user password ? apps
*** Log File = /dy/oracle/product/test12/inst/apps/test12_ap101fam/logs/appl/rgf/TXK/
txkSetSSOReg_Thu_Jun_21_00_16_25_2007.xml
Beginning input parameter validation for Oracle Home Instance de-registration.
Input parameter validation for Oracle Home Instance de-registration completed.
BEGIN ORACLE HOME INSTANCE DE-REGISTRATION:
Oracle Home Instance de-registered successfully from Infrastructure Host.
Oracle Home Instance preferences removed successfully
ORACLE HOME INSTANCE DE-REGISTRATION COMPLETED.
End of /dy/oracle/product/test12/apps/apps_st/appl/fnd/12.0.0/patch/115/bin/
txkSetSSOReg.pl : No Errors encountered
Once these 3 steps are done, bounce the application system middle tier, login to application and change the profile options back to original value. Following values should be made for the profile options.
- Applications SSO Type: SSWAw/SSO
- Applications SSO Auto Link User: Disable
- Applications SSO Login Types: Local
- Application SSO LDAP Synchronization: Disable
- Applications SSO Enable OID Identity Add Event: Disable
- Link Applications user with OID user with same username: Disable
goog one..i faced the following problem for IRC
ORA-20001: Unable to call fnd_ldap_wrapper.create_user due to the following
your solution resolved the issue..
thanks
Comment by narayana — November 22, 2007 @ 3:49 am |
Very good steps. better thn oracle doc 376811.1
Comment by sri — December 12, 2007 @ 11:31 am |
Great work ….would like to know , if the synchronization happens on both sides from OID to FND and viceversa.
Or do i need to migrate the old users as we do in 11i….
Please explain …Thnx
Comment by Anitha — March 17, 2008 @ 10:45 am |
Synchronization happens from FND to OID and not viceversa. You need to set following profiles while enabling OID.
- Applications SSO Type: SSWAw/SSO
- Applications SSO Auto Link User: Enable
- Applications SSO Login Types: BOTH
- Application SSO LDAP Synchronization: Enable
- Applications SSO Enable OID Identity Add Event: Enable
- Link Applications user with OID user with same username: Enable
“Application SSO LDAP Synchronization” profile is the one which will do the synchronization of FND and OID.
Comment by advait — March 17, 2008 @ 11:34 am |
Hi,I have a requirement to implement(integrate) sso with Windows Active directory(LDAP). Sync should be one directional from Windows Active directory through OID to Application.
Comment by Vishal — July 15, 2008 @ 6:11 pm |
Hi,I have a requirement to implement(integrate) sso with Windows Active directory(LDAP). Sync should be one directional from Windows Active directory through OID to Application.Please share the knowledge how can i achieve this task.My email id is vishalkot@gmail.com
Comment by Vishal — July 15, 2008 @ 6:11 pm |
HI,
Some Question Related to SSO&OID to R12 EBS
1) What is Bi-Directional provision
2 Command to know which provision is implemented.
3) What GUID. In OID & R12
4) Steps to AppUserExport…………..bulkload data.
5) How to verify BulkLoad ldif file loaded Sucessfully.
6) Can we login (R12 users) by SSO after loaded ldif file
IF somebdy have an Idea About this , PLease Share Knowladge.
Thanks Thanks…….
Comment by Syed — July 29, 2008 @ 11:07 am |
Has anyone succcessfuly executed this scripts against RAC enabled OID INFRA database..
where INFRA Database ( DB1 and DB2 ) are on two separate server and and OID/SSO on separate server . .I am getting error
ERRORMSG: Either Infrastructure host name or LDAP port number is incorrect
Comment by sanjay — May 11, 2009 @ 3:21 pm |
Hi,
I would like to say that provisiontype is important in synchronizing users across OID to FND (both ways). By default, it will be bidirectional as the profile_type is always 1.
To answer Vishal, if you require OID to Application you must specify the provisiontype as 3.
If you require to change the provision from default setting to Uni-directional (in case OID to ERP) then you can use the profile_mode option in oidprovtool which can be used from $INFRA_HOME/bin/
Hope this helps!!
Thanks,
Bala
Comment by Bala — May 22, 2009 @ 5:48 am |
Definetely helps. Interesting topic and nice sharing. Thanks for same.
Comment by Rahul — December 21, 2009 @ 6:50 pm |