Installing Oracle Application Server 10g with Oracle EBusiness Suite Release 11i (233436.1)
Last Updated : March, 2008
This document contains information for integrating Oracle Application Server 10g Enterprise Edition with Oracle E-Business Suite release 11i. You should read and understand all content described here before you begin your installation. The most current version of this document can be obtained in Metalink Note 233436.1. There is a change log at the end of this document.
Section 1: Overview Section 2: Features and Supported Architectures Section 3: Components and Build Versions Section 4: Before You Begin Section 5: Pre-Install Tasks Section 6: Implement Single Sign-On Support for the E-Business Suite Section 7: Configure Oracle Portal 10g with the E-Business Suite Section 8: Configure Oracle Discoverer 10g with the E-Business Suite Section 9: Using Oracle Applications Manager with Single Sign-On Section 10: Obtaining Technical Support Section 11: Available Documentation Section 12: Conventions and Important Directory Locations Appendix A: Product-Specific SSO Exceptions Appendix B: Summary of Bugs Fixed by Builds Appendix C: Advanced Configuration - Manual SSO/OID Registration
Advisory for E-Business Suite Customers using Oracle Application Server 10g
Oracle recommends that customers apply only OracleAS 10g Enterprise Edition releases and patches that have been certified with the E-Business Suite, as documented in the following Metalink Notes:
Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i (Note 233436.1) Using Oracle Portal 10g with Oracle E-Business Suite 11i (Note 305918.1)
�Using Discoverer 10.1.2 with Oracle E-Business Suite 11i (Note 313418.1) Installing and Configuring Oracle Application Server Web Cache with Oracle E-Business Suite 11i (Note 306653.1) Enabling SSL with Oracle Application Server 10g and the E-Business Suite (Note 340178.1)
There may be specific circumstances where it is necessary for E-Business Suite customers to apply uncertified OracleAS 10g Enterprise Edition one-offs, patchsets, or MLRs. Oracle strongly recommends applying such patches only if the circumstances clearly demand it. Customers apply uncertified OracleAS 10g Enterprise Edition patches at their own risk, and Oracle strongly recommends that customers take complete backups of their OracleAS 10g + E-Business Suite integrated environments prior to patch application. E-Business Suite customers may verify the certification status of specific OracleAS 10g Enterprise Edition patches by logging Service Requests via Oracle Metalink using the following information:
Product: "Oracle Applications Technology Stack" Type of Problem: "Oracle Application Server 10g"
Section 1: Overview
This document contains information for integrating Oracle Application Server 10g Enterprise Edition with the E-Business Suite. Benefits of this configuration include E-Business Suite support for the following AS components:
Oracle Single Sign-On (SSO) Oracle Internet Directory (OID) Oracle Portal 10g Oracle Discoverer 10g Third-party single sign-on solutions Third-party Lightweight Directory Access Protocol (LDAP) directories
These services may run on:
On one or more standalone servers external to the existing Oracle EBusiness Suite Release 11i environment In separate ORACLE_HOMEs on existing servers
Note
In this architecture, Oracle E-Business Suite Release 11i continues to use Oracle9i Application Server 1.0.2.2.2, but delegates to one or more standalone Oracle Application Server 10g Enterprise Edition servers for the services listed above.
Deploying this architecture does not upgrade the existing Oracle E-Business
�Suite Release 11i technology stack to Oracle Application Server 10g Enterprise Edition. The integration process consists of four phases:
Install Oracle Application Server 10g Enterprise Edition on a standalone server or in a separate ORACLE_HOMEs on an existing server. 2. Migrate an existing E-Business Suite application tier server node to the latest version of 9iAS Release 1. 3. Install interoperability patches to integrate the Oracle Application Server 10g Enterprise Edition server with the E-Business Suite environment. 4. Synchronize user information between the Oracle Application Server 10g Enterprise Edition server and the E-Business Suite environment.
1.
Section 2: Features and Supported Architectures
This section contains the following subsections: Accessing E-Business Suite Instances with Single Sign-On Using Oracle Portal to Access the E-Business Suite Integration with Third-Party Single Sign-On Services and LDAP Directories Using Discoverer 10g with the E-Business Suite Supported Architectures and Configurations
Accessing E-Business Suite Instances with Single Sign-On
Oracle Identity Management 10g (10.1.4.0.1) , Oracle Internet Directory , Oracle Single Sign-on Server , and the Oracle Single Sign-on Software Development Kit are required to enable Single Sign-On functionality for the EBusiness Suite.
Implementing Single Sign-On (SSO) functionality for the E-Business Suite allows organizations to share one user definition throughout multiple parts of their enterprise. Typically, the common user definition is stored in a Lightweight Directory Access Protocol (LDAP) repository such as Oracle Internet Directory (OID). Oracle Internet Directory serves as a central repository for user credentials and other user information for all Oracle products, including Oracle Application Server 10g Enterprise Edition and Oracle Portal. This user information is periodically synchronized with the E-Business Suite instance through a combination of Oracle Workflow and Oracle Applications patches. Oracle Single Sign-on Software Development Kit (SSOSDK) release 9.0.2 is required to support Oracle Single Sign-On 10g integration with the E-Business Suite. It allows the E-Business Suite to register as a partner application to the Oracle Single Sign-On Server, giving users the ability to access other registered partner applications with a single credential (for example, a
�username/password combination). It is expected that Oracle will upgrade this partner application integration method to use mod_osso in future versions of this integration. As a partner application, the E-Business Suite also supports Single Sign-Off. Release 11i users can simultaneously terminate a Single Sign-On session and log out of all active partner applications by logging out of whatever application they are working in. Selecting Logout in a partner application returns users to the Single Sign-Off page, where logout occurs.
Using Oracle Portal to Access the E-Business Suite
Oracle Application Server 10g Enterprise Edition , Oracle Internet Directory , Oracle Single Sign-on Server , Oracle Single Sign-on Software Development Kit and Oracle Portal are required to enable portal functionality for the E-Business Suite. Use of Oracle Portal is optional. However, Oracle Single Sign-On is a mandatory prerequisite for Oracle Portal. Oracle Portal can optionally be implemented to provide a single customized portal that allows access to one or more E-Business Suite instances. As part of Oracle9i Application Server, Oracle Portal can provide users with corporate and customized personal home pages accessible via Web browsers. These home pages may contain corporate announcements, stock tickers, news headlines, and links to other web-based services. Oracle Portal may connect to external applications (for example, Yahoo!) and partner applications that share their user authorization and session management models with Oracle Portal. Oracle Portal may be configured to access one or more E-Business Suite environments. Oracle Portal users may add links to their home pages to access E-Business Suite modules, and may display some information (for example, Oracle Workflow notifications) directly on their home pages. Users may access links from their Portal pages to predefined reports and analysis workbooks for E-Business Suite data using Discoverer 10g . E-Business Suite links and data are delivered to Oracle Portal via portlets. Portlets can be displayed on customized Oracle Portal home pages. Portlets installed on an E-Business Suite instance communicate with Oracle Portal via Web providers. E-Business Suite Web providers are registered in the Portal Repository.
Integration with Third-Party Access Management Systems and LDAP Directories
Organizations that have standardized on third-party access management systems (for example, Microsoft Windows/Kerberos or Netegrity SiteMinder) can optionally integrate them with Oracle Single Sign-On server . Integration is via APIs that enable the Oracle Single Sign-On server to act as an authentication gateway between third-party single sign-on systems and the E-Business Suite.
In this configuration, the Oracle Single Sign-On server, the third-party single sign-on server, and the partner application form a chain of trust. The Oracle Single Sign-On server delegates authentication to the third-party single sign-on server, becoming essentially a partner application to it. The E-Business Suite and other Oracle products continue to work only with the Oracle Single Sign-On server, and are unaware of the third-party single sign-on server. Implicitly, however, they trust the third-party server.
�Organizations that have standardized on third-party Lightweight Directory Access Protocol (LDAP) directories can optionally integrate them with Oracle Internet Directory. Oracle Internet Directory synchronizes with third-party metadirectory solutions. Please follow this link for further details. If you are using any prior versions of Oracle Internet Directory (for example, Oracle Internet Directory 3.0.1 from Oracle9i release 1), and you wish to use Oracle Portal 10g or Oracle Single Sign-On 10g, you must upgrade your Oracle Internet Directory instance to version 10g.
Using Discoverer 10g with the E-Business Suite
OracleAS Discoverer 10g is optional for E-Business Suite users. It can be implemented with Oracle Internet Directory , Oracle Single Sign-on Server , Oracle Single Sign-on Software Development Kit and Oracle Portal. It may also be implemented independently of those components. OracleAS Discoverer 10g, released as part of Oracle Application Server 10g, is an integrated business intelligence solution supporting intuitive ad hoc query, reporting, analysis, and web publishing. Oracle E-Business Suite Release 11i users can use Discoverer to analyze data from selected business areas in Financials, Operations, Human Resources, Purchasing, Process Manufacturing, Activity Based Management, and more. Existing Discoverer 4i content, including workbooks and End User Layers, can be easily upgraded to Discoverer 10g. It is strongly recommended that Discoverer 4i and 10g be installed on separate physical servers; see the Oracle Application Server 10g Release Notes for your operating system platform for more details.
Supported Architectures and Configurations
Note For details about supported configurations and roadmap, please review Oracle MetaLink Note 223927.1 "OracleAS Integration with Oracle EBusiness Suite: Statement of Direction" The following architectures and configuration options are certified and supported with this release:
1. Type of integration with Release 11i
A. B. C. D. SSO and OID only SSO and OID and Portal Discoverer only Discoverer with either A or B configurations above
2. Location of Oracle Application Server 10g Enterprise Edition install
�On existing Release 11i application tier server node (running Oracle9i Application Server 1.0.2.2.2) in separate ORACLE_HOMEs. Discoverer 4i and 10g cannot run simultaneously in this configuration. F. Physically separate standalone server
E.
3. Users are authenticated by
G. H. SSO External third-party access manager (e.g. Windows Native Authentication) I. Native E-Business Suite combined with one of the above J. Combination of the above
4. Master source-of-truth for user information
K. L. M. OID External third-party user repository (e.g. Microsoft Active Directory) Combination of the above
Note
Unlike in 9iAS Release 1 configurations using Login Server release 3.0.9 , FND_USER may not be used as the exclusive authentication source when Release 11i is integrated with Oracle Application Server 10g Enterprise Edition.
5. Direction of synchronization of user information with third-party user repository
N. O. P. From OID to third-party user repository From third-party user repository to OID Combination of the above
6. Method for initial population of user information in OID and Release 11i
From Release 11i to OID From OID to Release 11i From third-party user repository to OID to Release 11i Independently in OID, independently in Release 11i, then link on first sign-on with link-on-the-fly U. From third-party user repository to OID, independently in Release 11i, then link on first sign-on with link-on-the-fly V. Combination of the above Q. R. S. T.
7. Method for ongoing updates to user information
�W. X. Y. Z.
From Release 11i to OID From OID to Release 11i From third-party user repository to OID to Release 11i Combination of the above
For more detailed explanation, review Oracle MetaLink Note 261914.1 "Integrating Oracle EBusiness Suite Release 11i with Oracle Internet Directory and Oracle Single Sign-On"
8. What the user sees after sign-on
AA. BB. CC. Portal home page Oracle Applications Framework home page Either of the above, on a per-user basis
9. Other supported options
o
Allow user to associate OID account with multiple Release 11i accounts
Important Points and Limitations
This certification does not involve an upgrade of the underlying Release 11i 9iAS technology stack to Oracle Application Server 10g Enterprise Edition; the Release 11i instance remains based on a 9iAS 1.0.2.2.2 technology stack. Logging in directly to the E-Business Suite through Forms (JInitiator) does not, and will not, support Single Sign-On. This login method is only supported for bootstrap or debugging purposes. Using this method to log in will prevent access to HTML-based functions.
Section 3: Components and Builds
3.1. Components
Oracle E-Business Suite Release 11i
The following components must be used on the E-Business Suite instance: Component Name Release
Oracle E-Business Suite Release 11i Oracle9i Application Server Release 1 Enterprise Edition
11.5.9 or above 1.0.2.2.2
Supported operating system platforms are: Solaris, HP-UX, AIX, Linux and Windows.
Compatibility with E-Business Suite Consolidated Updates
�All patches described in this documentation may be applied to E-Business Suite environments either before or after the installation of the latest Consolidated Updates.
Oracle Application Server 10g Enterprise Edition
The following latest certified Oracle Application Server 10g Enterprise Edition components can be used on the standalone instance. If you are upgrading only Oracle Identity Management 10g (10.1.4.0.1), you may keep existing 10.1.2.0.2 Middle-Tier Instances as it is. They will continue to function as normal with Oracle Identity Management 10g (10.1.4.0.1). You can check note 305918.1 Using Oracle Portal 10g with Oracle E-Business 11i and note 313418.1 Using Discoverer 10.1.2 with Oracle E-Business Suite 11i for any Identify Management dependency information. Component Name Release
Oracle Single Sign-On Oracle Internet Directory Oracle Portal (optional) Oracle Discoverer (optional)
10.1.4.2 10.1.4.2 10.1.4.1 10.1.2.2
3.2. Upgrading from Previous Builds
Upgrading Oracle E-Business Suite Release 11i Instances
The Oracle E-Business Suite Release 11i SSO 10g Integration Patch released on October 2007.
The latest SSO 10g Integration Patch is 6117031"SSO 10G Integration for 11.5.10 ATG Rollup 6." Builds 1.0, 2.1, 2.2, and 3.0, 3.1, 3.2, 4.0, 5.0 are superseded by this latest patch build. If you are currently on Build 1.0, 2.1, 2.2 or 3.1 follow steps as mentioned below: 1. De-register existing SSO Partner application 2. Apply the patch 6117031. Follow instructions in patch readme to apply it on your apps instance. 3. Re-Register the SSO Partner application. If you are currently on Build 3.0, then you need to reload the SSO SDK using txkrun.pl -script=SetSSOReg -loadssosdkonly=yes If you are currently at Build 3.2, 4.0, 5.0 then there is no need to run the registration utility. Note: These steps are required on already registered application, to update Single Sign-On SDK delivered by this latest patch build. Please follow Option 3 under Appendix C: Advanced Configuration Manual SSO/OID Registration, to de-register and re-register SSO Partner application.
�Former Early Adopter Program participants must upgrade to the Generally Available configuration to continue to receive support.
Upgrading Oracle Application Server 10g 10.1.2.0.0 and 10.1.2.0.2 Instances
Upgrade existing Oracle Application Server 10g (10.1.2.0.2) Infrastructure to Oracle Identity Management 10g (10.1.4) referring 'Upgrade and Compatibility Guide' for your operating system platform. Refer 'Chapter 3: Understanding Version Compatibilty' in particular, to identify existing Oracle Homes to upgrade. Existing 10.1.2.0.2 Middle-Tier Instances will continue to function as normal with Oracle Identity Management 10g (10.1.4.0.1) , but Oracle always recommends to upgrade with latest Patchset available.
Note
Customers currently running on 10.1.4.0.1 can now upgrade to Oracle Identity Management 10g Release 3 patchset 1 (10.1.4.2) delivered via patch 5983637 available on OracleMetalink for download. No additional steps are required to refresh existing SSO, OID, Portal and/or Discoverer registrations performed with E-Business suite 11i using previous versions. These will be preserved and will continue to function as normal after upgrade to 10.1.4.2. To understand compatibiity and upgrade of Oracle Application Server 10g 10.1.2.0.0, with Oracle Identity Management 10g (10.1.4), refer 'Upgrade and Compatibility Guide' for your operating system platform
3.3. Support Policy for Previous Configurations
Former participants in the OracleAS 10g + Release 11i Early Adopter Program may have deployed earlier versions of the E-Business Suite interoperability patches or OracleAS 10g versions. Due to the nature of rapid technology changes inherent to Early Adopter Programs, bug fixes or new features included with the latest certified configuration will not be backported to previous versions. This support policy applies to issues found in both testbed and production environments. Scenario 1: Latest Oracle Application Server 10g release required 1. A customer opts to deploy Build 6.0 with Oracle Application Server 10g 10.1.4.0.1 Infrastructure 2. They encounter a problem that cannot be reproduced with Build 6.0 and Oracle Identity Management 10g 10.1.4.2. 3. The customer will be asked to upgrade to Oracle Identity Management 10g 10.1.4.2 and validate whether the problem still occurs. Scenario 2: Latest Build required
�1. A customer opts to deploy Build 5.0 with Oracle Application Server 10g 10.1.4.0.1 IDM 2. They encounter a problem that cannot be reproduced with Build 6.0 and Oracle Identity Management 10g 10.1.4.0.1. 3. The customer will be asked to upgrade to Build 6.0 and validate whether the problem still occurs.
Section 4: Before You Begin
Before you proceed any further, ensure that you have obtained the following:
From the Oracle Store or the Oracle Technology Network :
CD Pack for Oracle Identity Management 10g. CD Pack for Oracle Application Server 10g Release 2 Enterprise Edition. CD Pack for Oracle9i Application Server Release 1.0.2.2.2 Enterprise Edition.
To check if the correct version of Oracle9i Application Server 1.0.2.2.2 is already installed on your system:
Execute the following command in the $iAS_HOME/Apache/Apache/bin directory: % httpd -v If the reported version number is 1.3.19 then you do not need the Oracle9i Application Server Release 1.0.2.2.2 CD Pack.
From OracleMetaLink :
Note 233436.1 - Installing Oracle Application Server 10g with Oracle EBusiness Suite Release 11i (the latest version of this document) Note 261914.1 - Implementing Oracle Application Server 10g with Oracle E-Business Suite Release 11i Note 313418.1 - Using Discoverer 10.1.2 with Oracle E-Business Suite 11i Note 305918.1 - Using Oracle Portal 10g with Oracle E-Business Suite 11i Note 146468.1 - Installing Oracle9i Application Server with Oracle EBusiness Suite Release 11i Note 186981.1 - Oracle9i Application Server (9i Application Server) with Oracle E-Business Suite Release 11i Frequently Asked Questions Note 295606.1 - Oracle Application Server 10g with Oracle E-Business Suite Release 11i Troubleshooting Guide Note 175853.1- Oracle Remote Diagnostic Agent (RDA)
�Section 5: Pre-Install Tasks
This section contains the following subsections:
Install Oracle AutoConfig Install DBMS_LDAP on E-Business Suite Install Oracle Remote Diagnostic Agent for E-Business Suite (optional) Upgrade to Application Server Release 1.0.2.2.2 Install Oracle Identity Management Infrastructure 10g (10.1.4) Upgrade Oracle Application Server Infrastructure (10.1.2.0.2) to Oracle IDM 10g (10.1.4)
Perform the following pre-install tasks before you start your installation:
Pre-Install Task 1: Install Oracle AutoConfig
Pre-Install Task 1, Step 1: Install Oracle AutoConfig AutoConfig must be implemented in your system and updated with the latest patches. Please ensure you are running the latest version of Autoconfig by reviewing MetaLink note 165195.1 titled "Using AutoConfig to Manage System Configurations with Oracle Applications 11i". The most current AutoConfig patches are documented in this note. Additional information about AutoConfig can be obtained from Oracle MetaLink Note 218089.1, "Frequently Asked Questions About Using AutoConfig With Oracle Applications Release 11i".
Pre-Install Task 2: Install DBMS_LDAP on E-Business Suite
Pre-Install Task 2, Step 1: Install DBMS_LDAP on E-Business Suite Database-Tier Server Node The Oracle database must be installed with the Oracle Internet Directory option to support synchronization of user information between Oracle Internet Directory and the E-Business Suite. Check your version-specific and platform-specific Database Installation Guide for details. Perform this task on the database tier server node for your E-Business Suite environment, with your ORACLE_HOME environment variable pointing to your DB_ORACLE_HOME:
Source the file [DB_ORACLE_HOME]/.env to set the environment correctly 2. Start SQL*Plus as SYSDBA and execute the following command: desc DBMS_LDAP 3. If the package does not exist, run catldap.sql located in $ORACLE_HOME/rdbms/admin/ as SYSDBA 1.
�Pre-Install Task 3: Install Oracle Remote Diagnostic Agent for E-Business Suite (optional)
Pre-Install Task 3, Step 1: Install Oracle Remote Diagnostic Agent The Oracle Remote Diagnostic Agent may optionally be installed in your E-Business Suite environment to streamline the process of gathering diagnostic information when filing Service Requests (SRs) with Oracle Support. If you plan to enable Single Sign-On for multiple E-Business Suite instances, then each instance must have the Oracle Remote Diagnostic Agent installed. Obtain Note 175853.1 Oracle Remote Diagnostic Agent (RDA) from OracleMetaLink. Download and install the appropriate version of the Oracle Remote Diagnostic Agent for your operating system platform.
Pre-Install Task 4: Upgrade to Application Server Release 1.0.2.2.2
Pre-Install Task 4, Step 1: Upgrade E-Business Suite to Oracle9i Application Server release 1.0.2.2.2 Enterprise Edition The Oracle E-Business Suite Release 11i technology stack must have the Oracle9i Application Server Release 1.0.2.2.2 Enterprise Edition installed before integrating Release 11i with the standalone instance of Oracle Application Server 10g Enterprise Edition release 10.1.2.0.2.
If your environment was created with the 11.5.7 or above Rapid Installs: Your technology stack is already at the Oracle9i Application Server release 1.0.2.2.2 Enterprise Edition level. You may skip this pre-install task. If your environment was created using the 11.5.1 to 11.5.5 Rapid Installs: You must upgrade your environment to Oracle9i Application Server release 1.0.2.2.2 Enterprise Edition level. Follow OracleMetaLink Note 146468.1, "Installing Oracle9i Application Server with Oracle E-Business Suite Release 11i". Do not execute post installation steps titled "Install and Configure Enterprise Single Sign-On and Portal 3i" as those steps are replaced by installing Oracle Application Server 10g Single Sign-On and Portal 10g.
Pre-Install Task 5: Install Oracle Identity Management Infrastructure 10g (10.1.4)
If you already have an existing Oracle Application Server 10g instance, skip this step and proceed directly to the next Pre-Install task. Perform this task to install 'Oracle Identity Management Infrastructure 10g (10.1.4.0.1)' for the first time. This task creates the standalone Oracle Application Server Infrastructure 10g that will be associated with the E-Business Suite server.
�Pre-Install Task 5, Step 1: Download software for 'Oracle Identity Management Infrastructure and Oracle Identity Federation' for your operating system platform. Pre-Install Task 5, Step 2: Review Chapters 2 and 3 of the Oracle Application Server 10g Installation Guide for your operating system platform. That documentation lists important architectural requirements for your Oracle Application Server 10g instance, some of which are:
Oracle Application Server 10g (10.1.4.0.1) provides a comprehensive Identity and Access Management solution. To enable Single Sign-On Support for E-Business suite 11i, one need to select 'Oracle Application Server Infrastructure 10g' as a product during Install. The Oracle Application Server 10g Infrastructure must not be installed in the Oracle E-Business Suite Release 11i database. For more details, see Oracle MetaLink Note 251627.1, "Installing an Oracle Application Server Metadata Repository with an Oracle E-Business Suite Database." The Infrastructure and Middle-tier(s) ORACLE_HOME(s) should be different than the ORACLE_HOME of an existing Oracle E-Business Suite Release 11i application-tier server node. This is not a comprehensive list of architectural requirements for Oracle Application Server 10g Enterprise Edition. Review the documentation and release notes for your operating system platform for additional details.
Note
Discoverer 4i was included in Oracle9i Application Server 1.0.2.2.2. Discoverer 10g was included in Oracle Application Server 10g Enterprise Edition. These two versions of Discoverer have dependencies on different versions of Visibroker, individual versions of which are included with their respective releases.
If both Discoverer 4i and Discoverer 10g need to be run concurrently (e.g. for user acceptance or system testing purposes), it is strongly recommended that different physically separate servers avoid conflicts between the two Visibroker releases. Pre-Install Task 5, Step 3: Ensure that the target host meets hardware requirements for Oracle Application Server 10g Enterprise Edition. Also ensure that all operating system and software prerequisites have been met, including the latest version of Java 2 Standard Edition Version 1.4.X. Pre-Install Task 5, Step 4: Follow the Oracle Application Server 10g Installation Guide for your operating system platform, for instructions on installing an Oracle Application Server 10g Infrastructure into its own ORACLE_HOME. The Oracle Application Server 10g Infrastructure includes the following Oracle Application Server Metadata repository and Oracle Identity Management Components: Oracle Internet Directory, OracleAS Single Sign-On, Oracle Directory Integration Platform, Oracle Delegated Administration Services, OracleAS Metadata Repository, Oracle Enterprise Manager 10g Application Server Control Console and Oracle Application Server Certificate Authority (optional).
�If you wish to use Oracle Application Server 10g to enable single sign-on for Release 11i environments, you will require (at minimum):
"Metadata Repository" option of the Oracle Application Server Infrastructure 10g 10.1.4.0.1 Installation. "Identity Management" option of the Oracle Application Server Infrastructure 10g 10.1.4.0.1 Installation. The "Identity Management" option includes Identity Management components like Oracle Internet Directory, Single Sign-On, and Delegated Administration Services, and may be installed at the same time as the "Metadata Repository"
Pre-Install Task 5, Step 5: Apply the latest certified Identity Management Patchset.Customers who are using 10.1.4.0.1 Identity Management can now upgrade to Oracle Identity Management 10g Release 3 patchset 1 (10.1.4.2). Apply Oracle Identity Management 10g Release 3 patchset 1 (10.1.4.2) delivered via patch 5983637 available on OracleMetalink for download. Follow the installation instructions provided in the patch README to install the patch on your Identity Management Server.
Pre-Install Task 6: Upgrade Oracle Application Server 10g Infrastructure (10.1.2.0.2) to Oracle Identity Management 10g (10.1.4)
Pre-Install Task 6, Step 1: Before starting your upgrade, make a complete backup of your environment. In particular, ensure that you have backed up the Oracle Application Server 10g, the Oracle Application Server 10g infrastructure, and the inventory location. Pre-Install Task 6, Step 2: Upgrading Oracle Application Server 10g Infrastructure (10.1.2.0.2) to Oracle IDM 10g (10.1.4)
If you have an existing Oracle Application Server 10.1.2.0.2 Infrastructure, upgrade it to Oracle Identity Management 10g (10.1.4.0.1) referring 'Upgrade and Compatibility Guide' for your operating system platform. Refer 'Chapter 3: Understanding Version Compatibilty' in particular, to identify existing Oracle Homes to upgrade. Existing 10.1.2.0.2 Middle-Tier Instances will continue to function as normal with Oracle Identity Management 10g (10.1.4.0.1) , but Oracle always recommends to upgrade with latest Patchset available. Apply the latest certified Identity Management Patchset. Apply Oracle Identity Management 10g Release 3 patchset 1 (10.1.4.2) delivered via patch 5983637 available on OracleMetalink for download. Follow the installation instructions provided in the patch README to install the patch on your Identity Management Server. No additional steps are required to refresh existing SSO, OID, Portal and/or Discoverer registrations performed with E-Business suite 11i using previous versions. These will be preserved and will continue to function as normal after upgrade to 10.1.4.2.
�Pre-Install Task 7: Test your Oracle Application Server 10g environment
At minimum, the following test is recommended to ensure that the Identity Management infrastructure is working correctly:
Start Oracle Internet Directory Delegated Administration Services by going to: http://.:/oiddas Log in using the orcladmin userid Navigate to Directory > Create. Create a test userid, supplying a password and other user information. Click Submit. Log out. Log into Oracle Internet Directory Delegated Administration Services using the newly created test userid. Ensure the Directory Integration and Provisioning Platform Server is running. The command ps -ef | grep odi should show a process called $ORACLE_HOME/bin/odisrv running.
Pre-Install Task 8: Make a complete backup of your environment
After successfully testing your installation, make a complete backup of your environment. In particular, ensure that you have backed up the Oracle Application Server 10g, the Oracle Application Server 10g infrastructure, and the inventory location.
Section 6: Implement Single Sign-On Support For the E-Business Suite
This section contains the following subsections:
SSO Task 1: Install E-Business Suite SSO 10g Integration Patch and fix 5589902 SSO Task 2: Configure Oracle Identity Management (10.1.4) Components SSO Task 3: Install E-Business Suite Product Family SSO Patches SSO Task 4: Validate that Single Sign-On is Working Correctly
SSO Task 1: Install E-Business Suite SSO 10g Integration Patch and fix 5589902
�IMPORTANT Do not apply this patch if you want to retain your existing Login Server 3.0.9 and Portal 3.0.9 deployments. This patch includes Oracle Application Server 10g libraries that are incompatible with Login Server 3.0.9. This patch should be applied only if you want to integrate your E-Business Suite instance with Oracle Application Server 10g. Perform the steps in this task on your application tier server node tier with your ORACLE_HOME environment variable pointing to your [ORIGINAL_8.0_ORACLE_HOME]. SSO Task 1, Step 1: Source the file $APPL_TOP/APPS.env to set the environment correctly. SSO Task 1, Step 2: Obtain patch 6117031 "SSO 10G Integration for 11.5.10 ATG Rollup 6 (Build 6.0)" SSO Task 1, Step 3: Follow the instructions in the patch to apply it to your system using AutoPatch. Mandatory prerequisites for patch 6117031 are listed here for reference only. As of AD.I.2 and higher, if you want prerequisites to be checked, you now must explicitly pass the parameter options=prereq to AutoPatch in addition to any other parameters that you may already be passing. For example:
$ adpatch options=prereq
You do not need to download these unless prompted to do so during the installation of patch 6117031:
5903765 - 11i.ATG_PF.H.RUP6 3219567 - Patch 11i.TXK.B Technology Stack Minipack B (also in 11.5.10) 3264822 - Patch 11i.CAC.B 3261254 - Patch 11i.ALR.G 5161676 - MINIPACK 11I.AD.I.5 3036401 - Mini-Pack 11i.HZ.L 3263588 - Patch 11i.XDO.H 3264818 - Patch 11i.UMX.H 3218526 - Patch 11i.BNE.D 3263645 - Patch 11i.AK.G 4206794 - Patch 11i.FRM.H 3262486 - 11i.JTA.F
�2614213 - AME PATCH :DELIVERY OF GA AND RULE PRIORITY FUNCTIONALITY 3261243 - Patch 11i.EC.G 3262159 - Patch 11i.FND.H 3412795 - ADSPLICE PATCH FOR XDO 2819091 - Patch 11i.BNE.C
SSO Task 2: Configure Oracle Identity Management (10.1.4) Components
Review Metalink Note 261914.1 Review Oracle MetaLink Note 261914.1 "Integrating Oracle E-Business Suite Release 11i with Oracle Internet Directory and Oracle Single Sign-On", which provides various scenarios for synchronizing user information between Oracle E-Business Suite and Oracle Internet Directory. The following steps create a default configuration employing bidirectional synchronization of user information between Oracle Internet Directory and the E-Business Suite. This default configuration meets the majority of customer requirements, but before proceeding further, you should review Note 261914.1 to evaluate whether an alternate configuration better meets your needs. If so, you may elect to perform a manual configuration, as detailed in Appendix C. Perform the following steps in any application-tier web node. SSO Task 2, Step 1: Choose Registration Type - Default (Simple) or Advanced The new registration script now automates both SSO and OID registration. To simplify the registration process, the script defaults many parameters. The default (Simple) registration process will result in a configuration that meets the needs of the majority of users. System administrators should review the default settings to determine whether they apply to their environment. The features of the default simple registration are:
SSO Registration Creates a single SSO partner application Listener Token is set to the site level value of profile option, Applications Database ID (APPS_DATABASE_ID) OID Registration Registers E-Business Suite with OID using the ProvBiDirection.tmp provisioning profile. This will enable Bidirectional user synchronization with user creation. Requires that you have not changed the default OID password policy, i.e., at least 5 characters with 1 numeric character.
If you need to use different settings, please refer to Appendix C: Advanced Configuration Manual SSO/OID Registration
�SSO Task 2, Step 2: Compile Parameter Checklist Before running the registration script, make sure you've gathered all the information in the following checklist. Parameter Checklist: # Parameter Description Hostname of Oracle Example
1 Application Server
Infrastructure database
alpha.company.com 1521
Fully qualified name recommended
Port of Oracle 2 Application Server Infrastructure database Database SID of Oracle 3 Application Server Infrastructure database LDAP port of Oracle 4 Internet Directory Password of Oracle E5 Business Suite database user, "APPS"
infra1 3060 apps
Check for LDAP port number in $O
Check with your system administrator o (OID) server:
set Infra $ORACLE_HOME Password of Oracle Application Server 6 Infrastructure database user, "ORASSO"
C8atE7O0
$ORACLE_HOME/bin/ldapsearc -p \ -D "cn=orcladmin" \ -w \ -b "cn=IAS,cn=Products,cn= -s sub \ -v "OrclresourceName=orass
Note: If you do not set the variable for O
Password of Oracle E7 Business Suite database manager user, "SYSTEM" Password of E-Business ssosdk 8 Suite database user, "SSOSDK" Password of Oracle welcome123 9 Internet Directory admin user, "orcladmin" Password that you would 10 welcome123 like to register your E-
If the user does not exist, a new us
This is the master password used t Directory. Release 11i services use
�Business Suite instance with Oracle Internet Directory
validations. This is a critical passwo instance to Oracle Internet Director
This is the first time that this password is c passwords.
The Name with the fully -provtmp = By default the Bidirectional templ qualified path of the $FND_TOP/admin/template/ 11 Provisioning Profile want to use a different template, yo ProvOIDToApps.tmp Template
SSO Task 2, Step 3: Refresh Environment Settings As the owner of the application-tier file system, source the file $APPL_TOP/APPS.env to set the environment correctly. SSO Task 2, Step 4: Check Specific Environment Settings SSO Task 2, Step 4.1 - Check perl settings Ensure perl from the /bin directory is in the path. If not, apply the latest AutoConfig rollup patch. See Oracle MetaLink Note 165195.1 for details. You must ensure your perl version is 5.005 or higher. You can check the version with the command:
perl -v
SSO Task 2, Step 4.2 - Ability to connect to E-Business Suite database Check that the environment variable TWO_TASK (or LOCAL on Windows) is set correctly, by executing the command:
sqlplus /@
This will confirm that you are able to connect to the E-Business Suite database. SSO Task 2, Step 5: Run the Registration script A perl script is used to register Oracle E-Business Suite instance with Oracle Single Sign-On and Oracle Internet Directory. This registration process allows the E-Business Suite to delegate user authentication to Oracle Single Sign-On, and for user information to be synchronized between Oracle Internet Directory and the E-Business Suite. For debugging purposes, it is strongly recommended that you keep careful records of all information entered in this step. UNIX
�On UNIX, you can split the command over multiple command lines, by entering the '\' continuation character followed by . Execute the following command if you want to use the default (simple) registration that uses the bidirectional provisioning template, ProvBiDirection.tmp:
txkrun.pl -script=SetSSOReg
Execute the following command if you want to use the default (simple) registration, but with a different provisioning template:
txkrun.pl -script=SetSSOReg \ -provtmp=$FND_TOP/admin/template/ where corresponds to the provisioning template that you wish to use.
Windows On Windows, you must pass all the arguments on a single command line, pressing once at the end. Execute the following command if you want to use the default (simple) registration that uses the provisioning template, ProvBiDirection.tmp:
%ADPERLPRG% %FND_TOP%\bin\txkrun.pl -script=SetSSOReg
Execute the following command if you want to use the default (simple) registration, but with a different provisioning template:
%ADPERLPRG% %FND_TOP%\bin\txkrun.pl -script=SetSSOReg \ provtmp=$FND_TOP/admin/template/ where corresponds to the provisioning template that you wish to use, ie. ProvOIDtoApps.tmp
Tip: Executing Registration Process in case of separate LDAP and InfraDB Host If your Oracle Application Server 10g Infrastructure is configured with separate LDAP and Metadata Repository Database hosts, each of these hosts need to be individually registered with SSO and OID by: Following Option 3 and Option 4 as provided under Appendix C: Advanced Configuration Manual SSO/OID Registration Parameter Prompts: The registration script will prompt for several parameters. Use the parameter values from the Parameter Checklist that you compiled. The script will prompt for the parameters in the following order:
Enter the host name where Oracle iAS Infrastructure database is installed ? Enter the Oracle iAS Infrastructure database port number ? Enter the Oracle iAS Infrastructure database SID ?
�Enter the LDAP Port on Oracle Internet Directory server ? Enter Oracle E-Business apps database user password ? Enter Oracle iAS Infrastructure database ORASSO schema password ? Enter Oracle E-Business SYSTEM database user password ? Enter E-Business Suite existing SSOSDK schema password or choose a password to use with the new SSOSDK schema if the schema does not exist ? Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? Enter the password that you would like to register this E-Business instance with ?
SSO Task 2, Step 6: Confirm Successful Script Completion When the registration script completes successfully, it will print the following line:
End of /patch/115/bin/txkSetSSOReg.pl: No errors encountered.
If you do not see this confirmation, examine the following file to investigate the problem:
$APPLRGF/sso/txkSetSSOReg_[timestamp].log
Troubleshooting Tips
For more troubleshooting tips, see Oracle Application Server 10g with Oracle E-Business Suite Release 11i Troubleshooting Guide (Metalink Note 295606.1). This note contains additional troubleshooting tips, known issues, and workarounds.
SSO Task 2, Step 7: Enable SQL*Net Access to the E-Business Suite Database for Oracle Application Server 10g Hosts (Conditional) Perform this step if your E-Business Suite environment was created using the 11.5.10 Rapid Install. The 11.5.10 Rapid Install introduced a security feature that restricts SQL*Net access to the EBusiness Suite database based on a whitelist of authorized hosts. If you are enabling Single Sign-On in an 11.5.10 Rapid Install environment, you must add the Oracle Application Server 10g application-tier hosts to the SQL*NET whitelist before user information can be synchronized between Oracle Internet Directory and the E-Business Suite. See the "Managed SQL*Net Access from Hosts" section in Additional Features in Oracle Applications Manager in Oracle Applications Release 11.5.10 (Note 281758.1) for instructions on authorizing hosts for access to the E-Business Suite database. For additional information about E-Business Suite security, see Best Practices for Securing Oracle E-Business Suite (Note 189367.1). SSO Task 2, Step 8: Stop and restart the Oracle E-Business Suite 1li Oracle HTTP Server
�The Oracle E-Business Suite Oracle HTTP Server must be stopped and restarted for your changes to take effect. For information about stopping and starting Applications processes, see Using AutoConfig to Manage System Configurations with Oracle Applications 11i (Oracle MetaLink Note 165195.1)
SSO Task 3: Install E-Business Suite Product Family SSO Patches
Perform the steps in this task on your application tier server node tier with your ORACLE_HOME environment variable pointing to your [ORIGINAL_8.0_ORACLE_HOME]. Certain product families in the E-Business Suite require product-specific patches to enable use of Single Sign-On functionality. After you have applied the patches required for the Single Sign-On technology stack, you must perform the relevant product-specific tasks listed if you use any of the following products.
Oracle CRM Gateway for Mobile Devices
If you use Oracle CRM Gateway for Mobile Devices in your E-Business Suite environment, then you must do the following:
Release 11.5.9 - Download patch 3213495 from Oracle MetaLink for your operating system platform and follow the instructions in the readme file for applying the patch to your environment. Release 11.5.10 - No additional patch is required.
Oracle Customers Online
If you use Oracle Customers Online in your E-Business Suite environment, then you must do the following:
Release 11.5.9 - Download patch 3161885 from Oracle MetaLink for your operating system platform and follow the instructions in the readme file for applying the patch to your environment. Release 11.5.10 - No additional patch is required.
Oracle Field Service
If you use Oracle Field Service in your E-Business Suite environment, then you must do the following:
Release 11.5.9 - Download patch 3845260 from Oracle MetaLink for your operating system platform and follow the instructions in the readme file for applying the patch to your environment.
Oracle Human Resources
If you use Oracle Human Resources in your E-Business Suite environment:
�The minimum prerequisite for enabling Single Sign-On with Human Resources is HRMS Family Pack F, Patch 2968701. If you already have this patch level installed, no further patches are required to enable Single Sign-On support for Oracle Human Resources. If you do not already have HRMS Family Pack F installed, you must install the latest released HRMS Family Pack (Patch 3233333 or higher) from Oracle MetaLink for your operating system platform. Follow the instructions in the readme file for applying the patch to your environment.
Oracle iProcurement
If you use iProcurement in your E-Business Suite environment, then you must do the following:
Release 11.5.8 - Download patch 2790869 from Oracle MetaLink for your operating system platform and follow the instructions in the readme file for applying the patch to your environment. Release 11.5.9 - Download patch 3304714 from Oracle MetaLink for your operating system platform and follow the instructions in the readme file for applying the patch to your environment. Release 11.5.10 - No additional patch is required.
Oracle iRecruitment
If you use Oracle iRecruitment in your E-Business Suite environment, then you must do the following:
Release 11.5.9 - Download patch 3197168 from Oracle MetaLink for your operating system platform and follow the instructions in the readme file for applying the patch to your environment. Release 11.5.10 - No additional patch is required.
Oracle iStore
If you use iStore in your E-Business Suite environment, then you must do the following:
Release 11.5.9 - Download patch 3597271 from Oracle MetaLink for your operating system platform and follow the instructions in the readme file for applying the patch to your environment. Release 11.5.10 - No additional patch is required.
Oracle iSupplier Portal
If you use Oracle iSupplier Portal in your E-Business Suite environment, then you must do the following:
�Release 11.5.9 - Download patch 3443876 from Oracle MetaLink for your operating system platform and follow the instructions in the readme file for applying the patch to your environment. Release 11.5.10 - No additional patch is required.
Oracle iSupport
If you use iSupport in your E-Business Suite environment, then you must do the following:
Release 11.5.9 - Download patch 3428657 from Oracle MetaLink for your operating system platform and follow the instructions in the readme file for applying the patch to your environment. Release 11.5.10 - No additional patch is required.
Oracle Knowledge Management
If you use Oracle Knowledge Management in your E-Business Suite environment, then you must do the following:
Release 11.5.9 - Download patch 3428657 from Oracle MetaLink for your operating system platform and follow the instructions in the readme file for applying the patch to your environment. Release 11.5.10 - No additional patch is required.
Oracle Mobile Application Foundation
If you use Oracle Mobile Applications in your E-Business Suite environment, then you must do the following:
Release 11.5.9 - Download patch 3213495 from Oracle MetaLink for your operating system platform and follow the instructions in the readme file for applying the patch to your environment. Release 11.5.10 - No additional patch is required.
Oracle Quality
If you use Oracle Quality in your E-Business Suite environment, then you must do the following:
Release 11.5.9 - Download patch 3093055 from Oracle MetaLink for your operating system platform and follow the instructions in the readme file for applying the patch to your environment. Release 11.5.10 - No additional patch is required.
Oracle Scheduler
If you use Scheduler in your E-Business Suite environment, then you must do the following:
�Release 11.5.8 - Download patch 3297371 from Oracle MetaLink for your operating system platform and follow the instructions in the readme file for applying the patch to your environment. Release 11.5.9 - Download patch 3933581 from Oracle MetaLink for your operating system platform and follow the instructions in the readme file for applying the patch to your environment. Release 11.5.10 - No additional patch is required.
Oracle Student Systems
If you use Oracle Student Systems in your E-Business Suite environment, then you must do the following:
Releases 11.5.8,11.5.9, 11.5.10 - Download patch 4252503 from Oracle MetaLink for your operating system platform and follow the instructions in the readme file for applying the patch to your environment.
Product-Specific SSO Exceptions
Please see Appendix A for other Release 11i products for which there are known issues with Single Sign-On interoperability.
SSO Task 4: Validate that Single Sign-On is Working Correctly
To validate that Oracle E-Business Suite Release 11i has been properly registered as a partner application to Single Sign-On, perform the following steps: SSO Task 4, Step 1: Run the Diagnostic Utility SSO Task 4, Step 1.1: Login locally to the E-Business Suite
Login as user "sysadmin" to the E-Business Suite locally using this URL: http[s]://[:port]/OA_HTML/AppsLocalLogin.jsp Where and reflect the correct values for your environment.
SSO Task 4, Step 1.2: Launch Diagnostics
Select the responsibility "CRM HTML Administration" from the Navigator's left pane Select the function "Diagnostics" from the Navigator's right pane. This will launch a new window. If you do not see a new window, make sure any browser pop-up blockers are disabled.
SSO Task 4, Step 1.3: Run SSO Diagnostics
Click on the "Basic" tab
�Choose "Application Object Library" from the Applications drop down Click on "SSO Setup Tests" - Click on "Run Without Pre-Requisite" All the tests should complete successfully Click on the "Report" icon for each test and verify the results
SSO Task 4, Step 1.4: Run OID Diagnostics
Click on "OID Setup" - Click on "Run Without Pre-Requisite" All the tests should complete successfully Click on the "Report" icon for each test and verify the results
SSO Task 4, Step 2: Verify that your Oracle E-Business Suite instance is correctly integrated with Oracle Single Sign-on server. SSO Task 4, Step 2.1: Request the appropriate E-Business Suite login link, of the form:
http://[host]:[port]/oa_servlets/AppsLogin
Where and reflect the correct values for your environment. This should direct you to the Single Sign-On Login screen. SSO Task 4, Step 2.2: Enter the username and password for a valid account in Oracle Internet Directory. You should be directed to either the Oracle E-Business Suite home page or a page that shows "More Information Requested". SSO Task 4, Step 2.3: Click on the logout link on whichever of the pages that you see. You should now be directed to the Single Sign-On Logout page. If so, then Single Sign-On integration has been carried out correctly. Also see Single Sign-On Processes and Troubleshooting . SSO Task 4, Step 3: Verify that your Oracle E-Business Suite instance is correctly integrated with Oracle Internet Directory. SSO Task 4, Step 3.1: Check that there are no errors in the Oracle Internet Directory log files for the E-Business Suite instance you have just configured. These files are on the machine that hosts Oracle Internet Directory, under $ORACLE_HOME/ldap/odi/log. There are two log files for each provisioning direction, so there will either be two or four in total. The files for provisioning from Oracle Internet Directory to E-Business Suite end with _E.aud and _E.trc. The files for provisioning from E-Business Suite to Oracle Internet Directory end with _I.aud and _I.trc. SSO Task 4, Step 3.2: Depending on how provisioning has been configured, try to create a user from either E-Business Suite or Oracle Internet Directory. If you used the default registration process, you may create a user either in E-Business Suite or Oracle Internet Directory and see the newly-provisioned user appear in the other system within about two minutes. The user details should be visible in the relevant .aud log files for users created from Oracle Internet Directory to E-Business Suite. If so, then provisioning configuration for Oracle Internet Directory has been performed correctly.
�Also see Directory-Enabled Single Sign-On and Troubleshooting . Decision Required
The prerequisite infrastructure for Single Sign-On and Oracle Internet Directory integration with the E-Business Suite has now been successfully installed.
The remaining steps in this document (Note 233436.1) should be followed only if you wish to enable Oracle Portal, Oracle Discoverer, or Oracle Application Manager functionality.
Section 7: Configure Oracle Portal 10g with Oracle EBusiness Suite 11i (optional)
Section 7 is optional and intended only for those customers who wish to integrate Oracle Portal 10g with the E-Business Suite. You must have previously completed the Single Sign-On and Oracle Internet Directory integrations detailed in the previous sections above. To integrate Oracle Portal 10g with the E-Business Suite 11i, you must follow the instructions in Oracle MetaLink Note 305918.1 Using Portal10g with Oracle Applications 11i.
Section 8: Configure Oracle Discoverer 10g with the E-Business Suite 11i (optional)
Discoverer 10g may optionally be used to generate end-user reports for Oracle E-Business Suite Release 11i environments. If you would like to use Discoverer 10g (10.1.2.0.2) with Oracle EBusiness Suite Release 11i, you must follow the instructions in Oracle MetaLink Note 313418.1, Using Discoverer 10g with Oracle E-Business Suite Release 11i. Existing users of Discoverer 10g (9.0.4) may upgrade to Discoverer 10g (10.1.2.0.2) by following Note 313418.1, or upgrade to Discoverer 10g (9.0.4.1) by following Note 257798.1.
Section 9: Using Oracle Applications Manager with Single Sign-On (optional)
If you wish to use Oracle Applications Manager with your Single Sign-On-enabled E-Business Suite instance, see Oracle MetaLink Note 258330.1, About Oracle Applications Manager Minipack 11i.OAM.H.
Section 10: Obtaining Technical Support
To receive support, file a Service Request (SR) with Oracle Support via MetaLink using the following identifying information to ensure that your issue is routed correctly:
�MetaLink SR entry screen #1 Product: Oracle Applications Technology Stack MetaLink SR entry screen #2 Type of Problem: Oracle Application Server 10g When describing the problem, provide as many details as possible, including the current Build that you're working with. For example, which step of which installation document was being performed when the problem arose? What was the command issued or action taken immediately prior to the error? What was the exact error message displayed or logged? Upload your .xml, config.txt, and appropriate log files with the SR. To escalate a particular SR, call Oracle Support and ask to speak with the current Support Duty Manager.
Section 11: Available Documentation
Documentation for migrating Release 11i to 9iAS Release 1 Version 1.0.2.2.2
Oracle9i Application Server (9iAS) with Oracle E-Business Suite Release 11i Documentation (Note 207159.1)
Documentation for creating the Oracle Application Server Instance
Oracle Identity Management Server 10g Documentation Library Oracle Application Server 10g Release 2 Docomentation Library
Documentation for integration the standalone Oracle Application Server 10g with Oracle EBusiness Suite Release 11i
Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i (Note 233436.1) Integrating Oracle Application Server 10g with Oracle E-Business Suite Release 11i (Note 261914.1) Using Portal 10g with Oracle E-Business Suite Release 11i (Note 305918.1) Using Discoverer 10g with Oracle E-Business Suite Release 11i (Note 313418.1)
Section 12: Conventions and Important Directory Locations
The following typographical conventions are used in this document: Convention Meaning
�Represents 'line continuation character'. It can be used to to break command (in UNIX) into two or more lines. Mono space Represents command line text. Type this text exactly as text shown. Text enclosed in angled or square brackets represents a or [] variable. Substitute an appropriate value for the variable text. Do not type the brackets. Directory paths in this document are relative to the top level installation directory for the Oracle E-Business Suite. e.g. if you installed the Oracle E-Business Suite under a directory named /my/appsinstall and are pointing to Directory Paths an Oracle E-Business Suite Release 11i database named mytestdb, then ora/iAS/Apache in this document will mean the fully qualified path: /my/appsinstall/mytestdbora/iAS/Apache Full path to the Applications context file on the application tier or database tier. The default locations are as follows. Application tier context file: CONTEXT_FILE /admin/.xml Database tier context file: /appsutil/.xml The CONTEXT_NAME variable specifies the name of the Applications context that is used by AutoConfig. The default is _. For systems installed with CONTEXT_NAME Rapid Install 11.5.8 or earlier, the context name will typically be . To find exact value of your instance CONTEXT_NAME you can refer variable s_contextname in Application tier context file. \
Important Directory Locations
This section helps you identify some important directories of E-Business suite Instance, which are relevant for this document. Make sure you understand the purpose and location of these directories as explained below: Abbreviation Directory Location
[DB_ORACLE_HOME]
[ORIGINAL_ORACLE_BASE]
The ORACLE_HOME where your applications database is installed. The default location is ...db/8.1.7 This is the directory under which the HTTP ORACLE_HOME and the 8.0.6 technology stack ORACLE_HOME is installed. The default location for this directory is /ora This is the ORACLE_HOME currently used to link and run Oracle E-Business [ORIGINAL_8.0_ORACLE_HOME] Suite executables and apply patches. The default location is [ORIGINAL_ORACLE_BASE]/8.0.6 The directory where your HTTP Server [ORAHTTP_TOP] is installed. The default location is [HTTP_ORACLE_HOME]/Apache The ORACLE_HOME where 9iAS or your HTTP Server is installed. The [HTTP_ORACLE_HOME] default location is ...ora/iAS
Appendix A - Product-Specific SSO Exceptions
Some products in the Oracle E-Business Suite do not yet implement Single Sign-On functionality and therefore cannot be configured to use Single Sign-On. The current list of such products is as follows: Product ID Product Name Exception Exception Comments in 11.5.9 in 11.5.10
325
Oracle ClientServer Application Desktop Integrator (ADI)
Yes
Yes
937
Oracle iLearning (standalone)
Yes
Yes
The Web-based edition of the Application Desktop Integrator is SSOcompliant. Users of the Client-Server version of the Application Desktop Integrator are advised to upgrade to the Webbased edition of the Application Desktop Integrator. Oracle iLearning 11i (Oracle Learning Management System) is single sign-on compliant. Users of iLearning (standalone) who require Single Sign-On support are advised to upgrade to Oracle iLearning 11i
�841
Oracle iSetup
Yes
Yes
229
Oracle Marketing
Yes
Yes
1129
Oracle Mobile Supply chain Application
Yes
Yes
1293
Oracle Projects
Yes
Yes
1009
Oracle Sales Offline
Yes
Yes
(Oracle Learning Management System). Oracle iSetup is being replaced by an SSO compliant version in future release of the Oracle EBusiness Suite. While scripting components of Marketing do not use SSO, other components can do so. SSO does not support authentication using anything but browsers. There is no API to validate users for client/server style applications. Locally managed users is a workaround for this issue. The Oracle Projects API login is not SSO compatible. The Application SSO Login Types must be set to 'Local' for Public API users. This is documented in the Projects 11i APIs Reference (Part Number B12427-01). Sales Offline requires the Application SSO Login Types to be set to 'Local' for users.
SSO does not support authentication using anything but browsers. There is no API to validate users for client/server style applications. Locally managed users is a workaround for this issue.
385
Oracle Warehouse Management
Yes
Yes
174
Oracle Workflow
Yes
Yes
If sign-on functionality is implemented for your site through Oracle Internet Directory, and you want to use password-based signatures, you must set the Applications SSO Login Types profile option
�757
Oracle XML Gateway
Yes
Yes
to either Local or Both at user level for all users who need to enter password-based signatures, and ensure that these users have valid passwords defined in Oracle Application Object Library. Application SSO Login Types must be set to 'Local' for users.
Appendix B: Summary of Bugs Fixed by Build
Summary of Bugs Fixed and known issues in Build 6.0
Refer the readme of patch 6117031
Summary of Bugs Fixed and known issues in Build 5.0
Refer the readme of patch 5674941
Summary of Bugs Fixed and known issues in Build 4.0
Refer the readme of patch 4775907
Summary of Bugs Fixed and known issues in Build 3.1
Refer the readme of patch 4344912
Summary of Bugs Fixed and known issues in Build 3.0
Refer the readme of Patch 4364537
Summary of Bugs Fixed and known issues in Build 2.0
Refer the readme of Patch 3500912
�Appendix C: Advanced Configuration - Manual SSO/OID Registration
This appendix describes manual procedures for overriding the default Oracle E-Business Suite Release 11i registration with Oracle Single Sign-On server and Oracle Internet Directory. The registration utility script txkSetSSOReg.pl is used to integrate an Oracle E-Business Suite 11i instance with Oracle Single Sign-On and Oracle Internet Directory in an Oracle Application Server 10g Infrastructure instance. This registration utility has several command-line parameters that may be used to override its default behavior to adapt the registration process to accomodate different architectures, scenarios, and configuration requirements.
Changes from Previous Versions
1. Reduction of arguments The following arguments are defaulted to these values during registration :
appname : svcname : provtmp : $FND_TOP/admin/template/ProvBiDirection.tmp is determined by the following SQL query from the E-Business Suite
database:
select name from v$database
These parameters can overridden by passing them in the command line arguments (see below). During de-registration, appName and svcName are obtained from the E-Business Suite database. If not found, the user is prompted for these parameters. 2. Validation improvement While performing the registration, the script checks if the application name or the service names are already registered. If so, the registration script will return an error message to choose a different name or deregister the existing application name. Validates that the instance password should comply with the default Oracle Internet Directory password policy of 5 characters minimum and one numeric character. 3. De-Registration improvement All active user subscriptions are deleted on deregistration of an existing instance from Oracle Internet Directory. A warning message is shown, and the user is prompted for confirmation before deletion of subscriptions. Any provisioning profiles with missing application names will be deleted, allowing the deregistration to clean up residual remnants from previous Builds' failed deregistration.
�Deregistration scenario An application name "appName1" is registered with a provisioning profile. If "appName1" is deregistered but the provisioning profile entries are not deleted, then the log files will be created and will contain errors. If "appName1" is registered again with a different provisioning profile, the log files will be populated with errors from the previous dangling provisioning profile and success messages from the successful registered provisioning profile. In earlier versions of the deregistration script, the provisioning profiles were not deleted during deregistration. This resulted in log files containing error messages from the previous dangling provisioning entries. In this version of the utility, the provisioning profiles are deleted. 4. Support for integrating DMZ-enabled E-Business Suite environments with Oracle Application Server 10g E-Business Suite environments may be configured with multiple web-entry points, which are commonly used to accomodate different internal and external 9iAS servers in a demilitarized zone (DMZ) architecture; see Note 287176.1 for details. As of Build 4.0, these types of EBusiness configurations may be integrated with external Oracle Application Server 10g instances for the use of Single Sign-On, Oracle Internet Directory, Portal, and Discoverer. 5. Support for integrating RAC-enabled E-Business Suite with Oracle Application Server 10g E-Business Suite environments may be enabled to use Real Application Clusters on the database tier. As of Build 4.0, when a RAC-enabled E-Business Suite environment has been integrated with Oracle Internet Directory, the synchronization of user attributes takes advantage of the transparent load-balancing and failover capabilities of the RAC-enabled E-Business Suite database. 6. Support for integrating E-Business Suite environments with SSL-enabled Oracle Internet Directory Servers Oracle Internet Directory environments may be configured to support Secure Sockets Layer encryption options. As of Build 4.0, it is possible to integrate these SSL-enabled Oracle Internet Directory servers with the E-Business Suite.
Manual Procedures for SSO/OID Registration and Deregistration
This utility should be run from one of the Oracle E-Business Suite Release 11i application tier server nodes to register the E-Business Suite in Single Sign-On and Oracle Internet Directory in the Oracle Application Server 10g infrastructure database. If you have multiple application tier server nodes, this utility only needs to be run once, on a single application tier server node. You can choose one or more of these options to suit your needs: Command line argument Option to use When to Use
�register=Yes
Option Use this option to register an E1 Business Suite instance simultaneously as: A partner application in Oracle Single Sign-On A provisioning application in Oracle Internet Directory
deregister=Yes
Option Use this option to deregister an 2 E-Business Suite instance simultaneously from Oracle Internet Directory and Single Sign-On.
This option:
Removes an E-Business Suite's partner application registration from Oracle Single Sign-On Removes an E-Business Suite's provisioning application registration from Oracle Internet Directory registersso=Yes deregistersso=Yes Option Use this option to register or 3 deregister an E-Business Suite instance as a partner application with Oracle Single Sign-On.
When run with the registersso=Yes command-line parameter, this option can be used:
To register an EBusiness Suite instance as a partner application with Oracle Single Sign-On Server
When run with the deregistersso=Yes command-line parameter, this option:
Removes an E-Business Suite's partner application registration from Oracle
�Single Sign-On Server registeroid=Yes deregisteroid=Yes Option Use this option to registering or 4 deregister an E-Business Suite instance as a provisioning application with Oracle Internet Directory.
When run with the registeroid=Yes command-line parameter, this option can be used:
To register your EBusiness Suite instance as a provisioning application in Oracle Internet Directory To register the EBusiness Suite instance when you have installed Oracle Identity Management (Internet Directory components) on a different node than MetaData Repository database node
When run with the deregisteroid=Yes command-line parameter, this option can be used:
To deregister an EBusiness Suite instance's unsuccessful OID provisioning application registration that may have failed during a combined SSO/OID registration. To deregister an EBusiness Suite instance's unsuccessful OID provisioning application deregistration that may have failed during a combined SSO/OID deregistration loadssosdkonly=yes Option Use this option to upgrade the 5 currently installed SSOSDK packages in your E-Business Suite instance to the latest
�version.
This option has no effect on:
Existing E-Business Suite partner application registrations in Oracle Single Sign-On Existing E-Business Suite provisioning application registrations in Oracle Internet Directory removereferences=Yes removereferencessso=Yes 1. removereferencesoid=Yes Successfully registered an E-Business Suite instance (InstanceA) as a partner application in Oracle Single Sign-On 2. Successfully registered an E-Business Suite instance (InstanceA) as a provisioning application in Oracle Internet Directory 3. Successfully cloned your E-Business Suite InstanceA, resulting in a new EBusiness Suite InstanceB
The new E-Business Suite InstanceB has residual references in the EBusiness Suite database to Single Sign-On and Oracle Internet Directory registrations such as LDAP host and port information. These references only apply to InstanceA. These references need to be removed from the newly-cloned E-Business Suite InstanceB. This option allows you to remove both Single Sign-On and Oracle Internet Directory references at the same time. You may also selectively remove only Single Sign-On or Oracle Internet Directory references.
Option Use this option to if you have 6 done the following in sequence:
�When run with the removereferences=Yes commandline parameter, this option can be used:
To remove all residual InstanceA references to Single Sign-On and Oracle Internet Directory registrations from your cloned E-Business Suite InstanceB
After executing this option with the removereferences=Yes commandline parameter, your cloned EBusiness Suite InstanceB may be registered with Oracle Single Sign-On and Oracle Internet Directory via Option 1, or a combination of Options 3 and 4. When run with the removereferencessso=Yes command-line parameter, this option can be used:
To remove all residual InstanceA references to Single Sign-On registrations from your cloned E-Business Suite InstanceB After executing this option with the removereferencessso=Yes command-line parameter, your cloned E-Business Suite InstanceB may be registered with Oracle Single Sign-On via Option 3.
When run with the removereferencesoid=Yes command-line parameter, this option can be used:
To remove all residual InstanceA references to Oracle Internet Directory registrations from your cloned
�E-Business Suite InstanceB After executing this option with the removereferencesoid=Yes command-line parameter, your cloned E-Business Suite InstanceB may be registered with Oracle Internet Directory via Option 4. Option Use this option if your E-Business 7 Suite environment is configured with
multiple web-entry points, which are commonly used to accomodate different internal and external 9iAS servers in a demilitarized zone (DMZ) architecture; see Note 287176.1 for details about supported DMZ configurations. If your E-Business Suite environment has already been enabled to use DMZs and multiple web-entry points, then registration and deregistration of SSO partner applications within a DMZ setup configuration does not require any special command line arguments. Command line arguments listed in Option 1,2,3,4 detect DMZ setup automatically.
Option Use this option if your Erdbmsdn=cn=OracleContext 8 Business Suite environment has been configured to use Real Application Clusters (RAC) on the database tier.
When a RAC-enabled E-Business Suite environment has been integrated with Oracle Internet Directory, the synchronization of user attributes takes advantage of the transparent load-balancing and failover capabilities of the RAC-enabled E-Business Suite database.
-ldapauthlevel= Option Use this option if your Oracle 9 Internet Directory has been configured to use Secure dbldapauthlevel= Sockets Layer (SSL) encryption.
This option requires additional command-line parameters to allow the
�E-Business Suite to authenticate itself securely to the Oracle Internet Directory server.
-infraconnstr= 10 your E-Business Suite with a Single Sign-On server that is associated with a RAC-enabled Oracle Application Server 10g Infrastructure database.
Option 1
Use this option to register an E-Business Suite instance simultaneously as: A partner application in Oracle Single Sign-On A provisioning application in Oracle Internet Directory
1.1 Source the Applications environment file as the owner of the application tier file system Source the file $APPL_TOP/APPS.env to set the environment correctly. You can either use the interactive mode of operation or the non-interactive mode to register Oracle E-Business Suite 11i instance. 1.2. Interactive mode of execution The interactive mode of execution will prompt you to enter each required parameter. Execute the registration script as follows: UNIX
txkrun.pl -script=SetSSOReg
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg
The script will prompt for the parameters in the following order:
Enter the host name where Oracle iAS Infrastructure database is installed ? Enter the Oracle iAS Infrastructure database port number ? Enter the Oracle iAS Infrastructure database SID ? Enter the LDAP Port on Oracle Internet Directory server ? Enter Oracle E-Business apps database user password ? Enter Oracle iAS Infrastructure database ORASSO schema
�password ? Enter Oracle E-Business SYSTEM database user password ? Enter E-Business Suite existing SSOSDK schema password or choose a password to use with the new SSOSDK schema if the schema does not exist ? Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? Enter the password that you would like to register this EBusiness instance with ?
Sample Output From Running In Interactive Mode:
Enter the host name where Oracle iAS Infrastructure database is installed ? ap627atg Enter the Oracle iAS Infrastructure database port number ? 1521 Enter the Oracle iAS Infrastructure database SID ? infra1 Enter the LDAP Port on Oracle Internet Directory server ? 3060 Enter Oracle E-Business apps database user password ? apps Enter Oracle iAS Infrastructure database ORASSO schema password ? C8atE7O0 Enter Oracle E-Business SYSTEM database user password ? manager Enter E-Business Suite existing SSOSDK schema password or choose a password to use with the new SSOSDK schema if the schema does not exist ? ssosdk Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? welcome123 Enter the password that you would like to register this EBusiness instance with? welcome123 ######################## WARNING ######################################## This application works with SSOSDK version 9.0.2 or higher. If lower version (3.0.9) of SSOSDK was installed in your system and you have a registered partner application, this process will remove the 3.0.9 version of the SSOSDK schema and install the 9.0.2 version. ######################## WARNING ########################################
�*** ALL THE FOLLOWING FILES ARE REQUIRED FOR RESOLVING RUNTIME ERRORS *** Log File = /d3/user4/11510/ap616s04comn/rgf/ap616s04_ap616sun/txkSetSS OReg_Mon_Feb_14_19_17_00_2005.log Program : /d3/user4/11510/ap616s04appl/fnd/11.5.0/patch/115/bin/txkSe tSSOReg.pl started @ Mon Feb 14 19:17:00 2005 *** Log File = /d3/user4/11510/ap616s04comn/rgf/ap616s04_ap616sun/txkSetSS OReg_Mon_Feb_14_19_17_00_2005.log Beginning input parameter validation for SSO registration. Input parameter validation for SSO registration completed. Beginning loading SSO SDK into database if necessary. Loading of SSO SDK into database completed successfully. Beginning to register partner application. Partner application has been registered successfully. SSO registration completed successfully. Beginning input parameter validation for OID registration. Input parameters validation for OID registration completed. Beginning to register Application and Service containers if necessary. Application and Service containers were found and thus not created. Beginning to register application in Oracle Internet Directory. Registration of application in Oracle Internet Directory completed successfully. Beginning to register instance password in Oracle Internet Directory. Registration of instance password in Oracle Internet Directory completed successfully. Beginning to test application registration in Oracle Internet Directory. Testing of application registration in Oracle Internet Directory completed successfully. Beginning to register provisioning profile in Oracle Internet Directory. Registration of provisioning profile in Oracle Internet Directory completed successfully.
�Application is registered successfully with provisioning in Oracle Internet Directory. End of /d3/user4/11510/ap616s04appl/fnd/11.5.0/patch/115/bin/txkSe tSSOReg.pl : No Errors encountered
1.3. Non-interactive mode of execution The non-interactive mode of execution accepts each required parameter as a command-line parameter. All the arguments must be passed in one line and the registration script should be invoked as follows: UNIX
txkrun.pl -script=SetSSOReg \ -register=Yes \ -appspass=apps \ -infradbhost=ap627atg \ -infradbport=1521 \ -infradbsid=infra1 \ -orassopass=C8atE7O0 \ -systempass=manager \ -ssosdkpass=ssosdk \ -orcladminpass=welcome123 \ -instpass=welcome123 \ -ldapport=3060 \ -appname="EBiz test" \ -svcname="This is the test instance for EBusiness"
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -register=Yes appspass=apps -infradbhost=ap627atg -infradbport=1521 infradbsid=infra1 -orassopass=C8atE7O0 -systempass=manager -ssosdkpass=ssosdk -orcladminpass=welcome123 instpass=welcome123 -ldapport=3060 -appname="EBiz test" svcname="This is the test instance for EBusiness"
1.4 Stop and restart the Oracle E-Business Suite 1li HTTP Server for the changes to take effect. Option 2
�Use this option to deregister an E-Business Suite instance simultaneously from Oracle Internet Directory and Single Sign-On.
This option:
Removes an E-Business Suite's partner application registration from Oracle Single Sign-On Removes an E-Business Suite's provisioning application registration from Oracle Internet Directory
2.1 Source the Applications environment file as the owner of the application tier file system. Source the file $APPL_TOP/APPS.env to set the environment correctly. You can either use the interactive mode of operation or the non-interactive mode to register Oracle E-Business Suite 11i instance. 2.2. Interactive mode of execution The interactive mode of execution will prompt you to enter each required parameter. Execute the script as follows: UNIX
txkrun.pl -script=SetSSOReg -deregister=Yes
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -deregister=Yes
2.2. Non-interactive mode of execution The non-interactive mode of execution accepts each required parameter as a command-line parameter. All the arguments must be passed in one line and the registration script should be invoked as follows: UNIX
txkrun.pl -script=SetSSOReg \ -deregister=Yes \ -appspass=apps \ -orassopass=C8atE7O0 \ -ssosdkpass=ssosdk \ -orcladminpass=welcome123
�Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -deregister=Yes appspass=apps -orassopass=C8atE7O0 -ssosdkpass=ssosdk orcladminpass=welcome123
2.4 Stop and restart the Oracle E-Business Suite 1li HTTP Server for the changes to take effect. Option 3
Use this option to register or deregister an E-Business Suite instance as a partner application with Oracle Single Sign-On.
When run with the registersso=Yes command-line parameter, this option can be used:
To register separate E-Business Suite application tier server nodes as individual partner applications in a DMZ deployment.
When run with the deregistersso=Yes command-line parameter, this option:
Removes an E-Business Suite's partner application registration from Oracle Single Sign-On
3.1 Source the Applications environment file as the owner of the application tier file system. Source the file $APPL_TOP/APPS.env to set the environment correctly. You can either use the interactive mode of operation or non-interactive mode to register or deregister an Oracle E-Business Suite 11i instance. 3.2 Registration option: Interactive mode The interactive mode of execution will prompt you to enter each required parameter. Execute the script as follows: UNIX
txkrun.pl -script=SetSSOReg -registersso=Yes
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -registersso=Yes
Non-interactive mode
�The non-interactive mode of execution accepts each required parameter as a command-line parameter. All the arguments must be passed in one line and the registration script should be invoked as follows: UNIX
txkrun.pl -script=SetSSOReg \ -registersso=Yes \ -appspass=apps \ -infradbhost=ap627atg \ -infradbport=1521 \ -infradbsid=infra1 \ -orassopass=C8atE7O0 \ -systempass=manager \ -ssosdkpass=ssosdk \
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -registersso=Yes appspass=apps -infradbhost=ap627atg -infradbport=1521 infradbsid=infra1 -orassopass=C8atE7O0 -systempass=manager -ssosdkpass=ssosdk
3.3 Deregistration option: Interactive mode The interactive mode of execution will prompt you to enter each required parameter. Execute the script as follows: UNIX
txkrun.pl -script=SetSSOReg -deregistersso=Yes
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -deregistersso=Yes
Non-interactive mode The non-interactive mode of execution accepts each required parameter as a command-line parameter. All the arguments must be passed in one line and the registration script should be invoked as follows:
�UNIX
txkrun.pl -script=SetSSOReg \ -deregistersso=Yes \ -appspass=apps \ -orassopass=C8atE7O0 \ -ssosdkpass=ssosdk \
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -deregistersso=Yes -appspass=apps -orassopass=C8atE7O0 -ssosdkpass=ssosdk
3.4 Stop and restart the Oracle E-Business Suite 1li HTTP Server for the changes to take effect. Option 4
Use this option to registering or deregister an E-Business Suite instance as a provisioning application with Oracle Internet Directory.
When run with the registeroid=Yes command-line parameter, this option can be used:
To register your E-Business Suite instance as a provisioning application in Oracle Internet Directory To register the E-Business Suite instance when you have installed Oracle Identity Management (Internet Directory components) on a different node than MetaData Repository database node
When run with the deregisteroid=Yes command-line parameter, this option can be used:
To deregister an E-Business Suite instance's unsuccessful OID provisioning application registration that may have failed during a combined SSO/OID registration. To deregister an E-Business Suite instance's unsuccessful OID provisioning application deregistration that may have failed during a combined SSO/OID deregistration IMPORTANT: During execution of this script, value of ''infradbhost' parameter should be 'Identity Management Hostname' which is having OID Server Installed.
4.1 Source the Applications environment file as the owner of the application tier file system. Source the file $APPL_TOP/APPS.env to set the environment correctly.
�You can either use the interactive mode of operation or the non-interactive mode to register or deregister an Oracle E-Business Suite 11i instance. Registration option: Interactive mode The interactive mode of execution will prompt you to enter each required parameter. Execute the script as follows: UNIX
txkrun.pl -script=SetSSOReg -registeroid=Yes
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -registeroid=Yes
Non-interactive mode The non-interactive mode of execution accepts each required parameter as a command-line parameter. All the arguments must be passed in one line and the registration script should be invoked as follows: UNIX
txkrun.pl -script=SetSSOReg \ -registeroid=Yes \ -appspass=apps \ -infradbhost=ap627atg \ -orcladminpass=welcome123 \ -instpass=welcome123 \ -ldapport=3060 \ -appname="EBiz test" \ -svcname="This is the test instance for EBusiness"
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -registeroid=Yes appspass=apps -infradbhost=ap627atg orcladminpass=welcome123 -instpass=welcome123 ldapport=3060 -appname="EBiz test" -svcname="This is the test instance for EBusiness"
Deregistration option:
�Interactive mode The interactive mode of execution will prompt you to enter each required parameter. Execute the script as follows: UNIX
txkrun.pl -script=SetSSOReg -deregisteroid=Yes
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -deregisteroid=Yes
Non-interactive mode The non-interactive mode of execution accepts each required parameter as a command-line parameter. All the arguments must be passed in one line and the registration script should be invoked as follows: UNIX
txkrun.pl -script=SetSSOReg \ -deregisteroid=Yes \ -appspass=apps \ -orcladminpass=welcome123
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -deregisteroid=Yes -appspass=apps -orcladminpass=welcome123
Option 5
Use this option to upgrade the currently installed SSOSDK packages in your EBusiness Suite instance to the latest version.
This option has no effect on:
Existing E-Business Suite partner application registrations in Oracle Single Sign-On Existing E-Business Suite provisioning application registrations in Oracle Internet Directory
5.1 Source the Applications environment file as the owner of the application tier file system.
�Source the file $APPL_TOP/APPS.env to set the environment correctly. You can either use the interactive mode of operation or the non-interactive mode to upgrade the currently installed SSOSDK packages on an Oracle E-Business Suite 11i instance. 5.2 loadssosdkonly option: Interactive mode The interactive mode of execution will prompt you to enter each required parameter. Execute the script as follows: UNIX
txkrun.pl -script=SetSSOReg -loadssosdkonly=yes
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -loadssosdkonly=yes
Non-interactive mode The non-interactive mode of execution accepts each required parameter as a command-line parameter. All the arguments must be passed in one line and the registration script should be invoked as follows: UNIX
txkrun.pl -script=SetSSOReg \ -loadssosdkonly=yes \ -systempass=manager \ -appspass=apps \ -ssosdkpass=ssosdk
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -loadssosdkonly=yes -systempass=manager -appspass=apps -ssosdkpass=ssosdk
Option 6
Use this option to if you have done the following in sequence: 1. Successfully registered an E-Business Suite instance (InstanceA) as a partner application in Oracle Single Sign-On
�2.
Successfully registered an E-Business Suite instance (InstanceA) as a provisioning application in Oracle Internet Directory 3. Successfully cloned your E-Business Suite InstanceA, resulting in a new E-Business Suite InstanceB
The new E-Business Suite InstanceB has residual references in the E-Business Suite database to Single Sign-On and Oracle Internet Directory registrations such as LDAP host and port information. These references only apply to InstanceA. These references need to be removed from the newly-cloned E-Business Suite InstanceB. This option allows you to remove both Single Sign-On and Oracle Internet Directory references at the same time. You may also selectively remove only Single Sign-On or Oracle Internet Directory references. When run with the removereferences=Yes command-line parameter, this option can be used:
To remove all residual InstanceA references to Single Sign-On and Oracle Internet Directory registrations from your cloned E-Business Suite InstanceB
After executing this option with the removereferences=Yes command-line parameter, your cloned E-Business Suite InstanceB may be registered with Oracle Single Sign-On and Oracle Internet Directory via Option 1, or a combination of Options 3 and 4. When run with the removereferencessso=Yes command-line parameter, this option can be used:
To remove all residual InstanceA references to Single Sign-On registrations from your cloned E-Business Suite InstanceB After executing this option with the removereferencessso=Yes command-line parameter, your cloned E-Business Suite InstanceB may be registered with Oracle Single Sign-On via Option 3.
When run with the removereferencesoid=Yes command-line parameter, this option can be used:
To remove all residual InstanceA references to Oracle Internet Directory registrations from your cloned E-Business Suite InstanceB After executing this option with the removereferencesoid=Yes command-line parameter, your cloned E-Business Suite InstanceB may be registered with Oracle Internet Directory via Option 4.
6.1 Source the Applications environment file as the owner of the application tier file system. Source the file $APPL_TOP/APPS.env to set the environment correctly.
�You can either use the interactive mode of operation or the non-interactive mode to remove prior registration references from an Oracle E-Business Suite 11i instance. 6.2 "removereferences=Yes" option - removes both SSO and OID references You can use either interactive mode or non-interactive mode to remove both SSO & OID references. Interactive mode The interactive mode of execution will prompt you to enter each required parameter. Execute the script as follows: UNIX
txkrun.pl -script=SetSSOReg -removereferences=yes
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg removereferences=yes
Non-interactive mode The non-interactive mode of execution accepts each required parameter as a command-line parameter. All the arguments must be passed in one line and the registration script should be invoked as follows: UNIX
txkrun.pl -script=SetSSOReg \ -removereferences=yes \ -systempass=manager \ -appspass=apps \
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg removereferences=yes -systempass=manager -appspass=apps
6.3 "removereferencessso=Yes" option - removes references for only SSO You can use either interactive mode or non-interactive mode to remove SSO references. Interactive mode The interactive mode of execution will prompt you to enter each required parameter.
�Execute the script as follows: UNIX
txkrun.pl -script=SetSSOReg -removereferencessso=yes
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg removereferencessso=yes
Non-interactive mode The non-interactive mode of execution accepts each required parameter as a command-line parameter. All the arguments must be passed in one line and the registration script should be invoked as follows: UNIX
txkrun.pl -script=SetSSOReg \ -removereferencessso=yes \ -systempass=manager \ -appspass=apps \
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg removereferencessso=yes -systempass=manager -appspass=apps
6.4 "removereferencesoid=Yes" option - removes references for only OID You can use either interactive mode or non-interactive mode to remove OID references. Interactive mode The interactive mode of execution will prompt you to enter each required parameter. Execute the script as follows: UNIX
txkrun.pl -script=SetSSOReg -removereferencesoid=yes
Windows
�%ADPERLPRG% txkrun.pl -script=SetSSOReg removereferencesoid=yes
Non-interactive mode The non-interactive mode of execution accepts each required parameter as a command-line parameter. All the arguments must be passed in one line and the registration script should be invoked as follows: UNIX
txkrun.pl -script=SetSSOReg \ -removereferencesoid=yes \ -systempass=manager \ -appspass=apps \
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg removereferencesoid=yes -systempass=manager -appspass=apps
Option 7 Use this option if your E-Business Suite environment is configured with multiple web-entry points, which are commonly used to accomodate different internal and external 9iAS servers in a demilitarized zone (DMZ) architecture; see Note 287176.1 for details about supported DMZ configurations. If your E-Business Suite environment has already been enabled to use DMZs and multiple webentry points, then registration and deregistration of SSO partner applications within a DMZ setup configuration does not require any special command line arguments. Command line arguments listed in Option 1,2,3,4 detect DMZ setup automatically. Option 8
Special Procedures for RAC-enabled E-Business suite Instances It is possible to integrate Oracle Internet Directory with an E-Business Suite 11i environment running on a database which has Real Application Clusters (RAC) enabled. When integrated, Oracle Internet Directory synchronises users with the E-Business Suite by transparently load-balancing between all available RAC nodes. If you have a RAC-enabled E-Business Suite environment, register it with OID and OracleAS 10g by executing the following steps: 1. Create the directory server usage file (ldap.ora) by using the Netca utility:
�Set TNS_ADMIN environment variable pointing to $ORACLE_HOME/network/admin on all databases nodes in the cluster. Copy listener.ora and tnsnames.ora files from $ORACLE_HOME/network/admin/ to $ORACLE_HOME/network/admin and restart the database listener process on nodes in the cluster. Launch Netca from $ORACLE_HOME on database nodes and choose "Real Application Clusters". Make sure that you select all nodes in the cluster. Choose "Configure Directory service usage". Complete the steps in the wizard to create the ldap.ora file on all database nodes in the cluster.
2.
Register the Ebusiness suite database to OID using the DBCA utility: Launch DBCA from $ORACLE_HOME on database nodes and choose "Real Application Clusters Database". Choose "Configure Database options" from the list of choices. Complete the steps in the wizard to register the database with OID
3.
Verify the database registration using the oidadmin utility on the OID server: Run the oidadmin utility and manually set the orclnetdescstring attribute for the rdbms_server_dn to the value from the context variable s_apps_ jdbc_connect_descriptor.
The value of orclnetdescstring should be similar to the following example, shown on separate lines for readibility: 4. (DESCRIPTION= 5. (LOAD_BALANCE=YES)(FAILOVER=YES) 6. (ADDRESS_LIST= 7. (ADDRESS=(PROTOCOL=tcp) 8. (HOST= ) 9. (PORT= )) 10. (ADDRESS=(PROTOCOL=tcp) 11. (HOST=database node2) 12. (PORT=database port no))) (CONNECT_DATA=(SERVICE_NAME= ))) 13. Register the Oracle E-business Suite 11i instance as a provisioning application with Oracle Internet Directory by using the following command-line parameters:
�txkrun.pl -script=SetSSOReg -register=Yes rdbmsdn=cn=OracleContext
Known Issues & Workarounds for RAC-enabled Environments
1.
Bug 5462103: "TNS-04412 /4406 ERROR WHILE REGISTERING THE RAC DATABASE WITH OID & 10gR2" Workaround: If you encounter this issue with E-Business Suite environments on the 10gR2 (10.2.0.2) database, do the following to create the ldap.ora directory server usage file and register the E-business suite database with OID:
Set TNS_ADMIN setting on database nodes to $ORACLE_HOME/network/admin 2. Bug 5464633 "DBCA incorrectly registers the E-business suite RAC database with OID & 10gR2" Workaround: If you encounter this issue with E-Business Suite environments on the 10gR2 (10.2.0.2), run the oidadmin utility and manually set the orclnetdescstring attribute for the rdbms_server_dn to the value from the context variable s_apps_ jdbc_connect_descriptor. The value of orclnetdescstring should be similar to the following example, shown on separate lines for readibility: (DESCRIPTION= (LOAD_BALANCE=YES)(FAILOVER=YES) (ADDRESS_LIST= (ADDRESS=(PROTOCOL=tcp) (HOST= ) (PORT= )) (ADDRESS=(PROTOCOL=tcp) (HOST=database node2) (PORT=database port no))) (CONNECT_DATA=(SERVICE_NAME= )))
Option 9
LDAP authentication level during registration and de-registration when Oracle Internet Directory is SSL-enabled It is possible to integrate an E-Business Suite environment with an SSL-enabled Oracle Internet Directory server. If the Oracle Internet Directory server in the
�Oracle Infrastructure database is SSL-enabled, then use the following additional command-line parameters argument to indicate the LDAP authentication level during registration and deregistration: -ldapauthlevel= -dbwalletpass= -dbldapauthlevel= [-dbwalletdir=] Where: corresponds to the "SSL Authentication Levels" described in the Chapter 13.4.2 of Oracle Internet Directory Administrator's Guide, 10g Release 2 (10.1.2). is one of the following: 0: default value 1: No SSL Authentication. Neither the client nor the server authenticates itself to the other. No certificates are sent or exchanged. Only SSL encryption and decryption is used.
corresponds to the "SSL Authentication Levels" described in the Chapter 13.4.2 of Oracle Internet Directory Administrator's Guide, 10g Release 2 (10.1.2).
is one of the following: 0: default value 1: No SSL Authentication. Neither the client nor the server authenticates itself to the other. No certificates are sent or exchanged. Only SSL encryption and decryption is used. 2: SSL Server Authentication. The directory server authenticates itself to the client. The directory server sends the client a certificate verifying that the server is authentic. 3: SSL Client and Server Authentication. The client and server authenticate themselves to each other and send certificates to each other. is the password for the database wallets. This parameter is required if is 2 or 3.
is the location for the database wallet. This parameter is optional. This parameter is required if is 2 or 3. The default value for dbwalletdir is /appsutil/wallets. For additional information on creating/managing database wallets, follow A Guide to Understanding and Implementing SSL for Oracle Applications (Note:123718.1) For example: UNIX
�txkrun.pl -script=SetSSOReg -registeroid=Yes ldapauthlevel=1 txkrun.pl -script=SetSSOReg -registeroid=Yes ldapauthlevel=1 -dbldapauthlevel=2 dbwalletpass=VerySecurePassword
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -registeroid=Yes ldapauthlevel=1 %ADPERLPRG% txkrun.pl -script=SetSSOReg -registeroid=Yes ldapauthlevel=1 -dbldapauthlevel=2 dbwalletpass=VerySecurePassword
Option 10 Special Procedures for RAC-enabled SSO Servers If your SSO server is associated with a OracleAS 10g Infrastructure database that is RACenabled, you can pass connect string containing the SERVICE_NAME information for the RACenabled OracleAS 10g infrastructure database during SSO registration or deregistration. Use the following argument (shown on separate lines for readability):
infraconnstr="(DESCRIPTION=(LOAD_BALANCE=YES)(FAILOVER=YES) (ADDRESS_LIST= (ADDRESS=(PROTOCOL=tcp)(HOST=racserver1.company.com)(PORT=1 521)) (ADDRESS=(PROTOCOL=tcp)(HOST=racserver2.company.com)(PORT=1 521))) (CONNECT_DATA=(SERVICE_NAME=ASDB.company.com)))"
Note that if -infraconnstr is passed to the utility, the registration utility asks for Infrastructure Database Host, Port and SID information. However, the value passed in the infraconnstr parameter is always used, and the information supplied in response to the prompts will be ignored. For example (shown on separate lines for readibility): UNIX
txkrun.pl -script=SetSSOReg -registersso=Yes infraconnstr="(DESCRIPTION=(LOAD_BALANCE=YES) (FAILOVER=YES)(ADDRESS_LIST=(ADDRESS=(PROTOCOL=tcp)(HOST=ra cserver1.company.com)(PORT=1521))
�(ADDRESS=(PROTOCOL=tcp)(HOST=racserver2.company.com)(PORT=1 521))) (CONNECT_DATA=(SERVICE_NAME=ASDB.company.com)))"
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -registersso=Yes infraconnstr="(DESCRIPTION=(LOAD_BALANCE=YES)(FAILOVER=YES) (ADDRESS_LIST=(ADDRESS=(PROTOCOL=tcp)(HOST=racserver1.compa ny.com)(PORT=1521)) (ADDRESS=(PROTOCOL=tcp)(HOST=racserver2.company.com)(PORT=1 521))) (CONNECT_DATA=(SERVICE_NAME=ASDB.company.com)))"
Important Usage Notes
Note 1. Use double quotes for arguments containing spaces Arguments which allow spaces can be passed to both registration and de-registration script. If you want to pass an argument that contains spaces then you should use double quotes as in the following example:
txkrun.pl -script=SetSSOReg \ -appname="Test instance" \ -svcname="This is the test instance"
Note 2. Choosing your application name and service name to register for OID By default, the registration utility uses the Oracle E-Business Suite 11i database sid as the Application name as well as the service name. If you want a different name, you may pass the following arguments:
-appname="" \ -svcname=""
must be less than 24 characters. must be less than 80 characters Both of the above parameters can be used at both registration and deregistration times. For example, UNIX
txkrun.pl -script=SetSSOReg -appname="Test instance" svcname="This is the test instance"
Windows
�%ADPERLPRG% txkrun.pl -script=SetSSOReg -appname="Test instance" -svcname="This is the test instance"
Note 3. Deleting existing user subscriptions When deregistering an E-Business Suite instance, if active user subscriptions are detected then the user is prompted with the following:
----------------------------------------------------------Following is the number of user subscriptions found to be deleted : 24 "******************************** WARNING ********************************** This de-registration process will automatically delete all user subscriptions that you may have. For better performance it is advisable to use bulk delete utility as described in OID admin guide, before running the de-registration. This script will delete the subscriptions one at a time. Depending upon number of subscriptions, this action might take a long time but you can watch the progress in the following log file in another terminal window. "******************************** WARNING ********************************** Do you want to continue ?
----------------------------------------------------------------In batch mode operation, you can force the deletion of user subscriptions at the de-registration time by passing the following argument:
-forcedeletesubscriptions=Yes
For example, UNIX
txkrun.pl -script=SetSSOReg -deregisteroid=Yes forcedeletesubscriptions=Yes
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -deregisteroid=Yes -forcedeletesubscriptions=Yes
�Note 4. Overriding Default Oracle Internet Directory Password Policies Oracle Internet Directory's default password policy require the password used to register an E-Business Suite instance to be minimum of 5 characters and contain at least one numeric character. This default policy is enforced by the registration utility. If you have changed the default OID password policy, then:
You should make sure that you enter a correct instance password complying with your password policy. 2. At the registration time use the following command-line option to override the password enforcement check: -passpolicyoverride=Yes
UNIX
1.
txkrun.pl -script=SetSSOReg -registeroid=Yes passpolicyoverride=Yes
Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg -registeroid=Yes passpolicyoverride=Yes
Note 5. Specifying that the APPS user is other than the default "APPS" When running the registration script, the apps username is defaulted to "APPS". If the default apps username is not used on the E-Business instance an error may occur when running the script. The error may contain the following:
*******FATAL ERROR******* Error in retrieving the database name. Please make sure that the following are correct. APPS USER: APPS APPS PASS: password TWO_TASK:
To resolve this issue at the registration time use the following option to override the APPS user:
-appsUser=
Where is the name of your custom apps username. For example: UNIX
txkrun.pl -script=SetSSOReg -appsUser=MyAppsUsername
�Windows
%ADPERLPRG% txkrun.pl -script=SetSSOReg appsUser=MyAppsUsername
Troubleshooting SSO and OID Registration Issues
Tip 1: During registration of SSO partner application, if you receive an error like this:
*******FATAL ERROR******* PROGRAM : /d1/user1/11510/ap683s01appl/fnd/11.5.0/patch/115/bin/txkSe tSSOReg.pl(/d1/user 1/11510/ap683s01appl/fnd/11.5.0/bin/txkrun.pl) TIME : Tue Feb 22 07:02:17 2005 FUNCTION: TXK::advconfig::SSO::installSSOSDK [ Level 1 ] ERRORMSG: Could not drop SSOSDK schema.
Cause: If there a user or application is currently logged on to the ssosdk schema, the schema cannot be dropped. Action: Ensure that no one has logged into SSOSDK schema. You can also drop the schema manually from sqlplus connecting as SYSTEM user by following command:
drop user SSOSDK cascade;
�