ShowDoc

https://metalink.oracle.com/metalink/plsql/f?p=130:14:9873231365054...

Bookmarks Admin Profile Feedback Sign Out Help

Headlines Knowledge Browser Knowledge Service Request Bug Search My Configs & Projects Patches & Updates Forums Certify

Advanced Search

Quick Find

Knowledge Base

6
Select

Go

Advanced

Saved Searches

Did this article help solve your problem?

Bookmark

Would you recommend this document to 6 others?

Go to End

Select

Apply

Doc ID: Note:280167.1 Subject: AS10g with Apps 11i - Summary of Login process Type: BULLETIN Status: REVIEW_READY

Content Type: Creation Date: Last Revision Date:

TEXT/X-HTML 06-AUG-2004 19-OCT-2005

IMPORTANT IMPORTANT ORACLE INTERNAL USE ONLY - DO NOT SEND TO CUSTOMERS IMPORTANT IMPORTANT This document is very much work in progress, and is currently more like some IMPORTANT notes I've made, rather than a note anyone can use ! IMPORTANT By all means try to use this information, but come back frequently to see how IMPORTANT I am getting on, as I do intend to make it more comprehensible IMPORTANT Note 295606.1 (Oracle Application Server 10g with Oracle E-Business Suite Release 11i Troubleshooting) is an External document for customer use IMPORTANT IMPORTANT ORACLE INTERNAL USE ONLY - DO NOT SEND TO CUSTOMERS

*** This article is being delivered in Draft form and may contain errors. Please use the MetaLink "Feedback" button to advise Oracle of any issues related to this article. ***

AS10g with Apps 11i

Summary of Login process
Initial entry point (unless Local Login users - see note below) (Apps Server) /oa_servlet/AppsLogin Login route determined by profile option "Applications SSO Type" (APPS_SSO) If using OID this should be set to "Portal w/SSO" or "SSWA w/SSO" (Apps Server) /oa_servlets/oracle.apps.fnd.sso.FNDSSOLoginRedirect Called if APPS_SSO profile set to one of the "w/SSO" types. (SSO Server) /pls/orasso/orasso.wwsso_app_admin.ls_login?site2pstoretoken= This URL is determined by the "Login_URL" specified when running "regapp.sql" against the Apps database. This can be checked using the "Check values defined in Apps for the SSO Server" SQL script listed in Appendix A Also refer SSO Task 1, Step 3.11 in Note 233436.1

1 of 7

1/11/2006 12:02 PM

ShowDoc

https://metalink.oracle.com/metalink/plsql/f?p=130:14:9873231365054...

(SSO Server) /sso/jsp/login.jsp?site2pstoretoken= This is the page where the user enters username and password details (SSO Server) /sso/auth This sets the SSO Cookie (Apps Server) /oa_servlets/AppsSSOServlet This URL is defined by the "Success URL" when registering Partner Application in SSO. Sets the Applications session cookie Can check by running "Check success URL, SITE_ID, etc in SSO Server configuration" SQL listed in Appendix A Also refer SSO Task 1, Step 3.1 in Note 233436.1 If Applications SSO Type (APPS_SSO) = "SSWA w/SSO" (Apps Server) /OA_HTML/OA.jsp?OAFunc=OAHOMEPAGE URL is determined by profile option "Self-Service Personal Home Page Mode" (APPLICATIONS_HOME_PAGE) If Applications SSO Type (APPS_SSO) = "Portal w/SSO" (AS 10g Middle Tier Server) /pls/portal/portal.home URL is determined by profile option "Applications Portal" (APPS_PORTAL) NOTE - this profile option currently gets overwritten by AutoConfig with Portal 3.0.9 URL, and needs to be manually reset.

Local login
A user may have "Applications SSO Login Types" (APPS_SSO_LOCAL_LOGIN) set to "LOCAL" which would preclude them from being authenticated by OID, so they would have to access Apps using a different initial URL, namely (Apps Server) /OA_HTML/AppsLocalLogin.jsp This provides direct access to Apps 11i, authenticating the user against the FND_USER table, instead of OID

Troubleshooting suggestions
General Hints
Make sure OID and SSO Server processes are running
This can be checked via the Enterprise Manager console Alternatively go to the Server URLs individually. The SSO Server will be : http://<host>.<domain>:<port>/pls/orasso/orasso.home then select "Login" and make sure you can signon Check the OID by going to the "Oracle Internet Directory Self Service Console" http://<host>.<domain>:<port>/oiddas/ then login, select Directory --> User and ensure you can complete a "User Search"

Make sure iAS 1.0.2.2.2 is up and running

Check HTTP server is running by navigating to the home page http://<host>.<domain>:<port>/

2 of 7

1/11/2006 12:02 PM

ShowDoc

https://metalink.oracle.com/metalink/plsql/f?p=130:14:9873231365054...

Also check JServ is running by trying the test page http://<host>.<domain>:<port>/servlets/Hello

Is the user name in OID and FND_USER

Check the OID by going to the "Oracle Internet Directory Self Service Console" http://<host>.<domain>:<port>/oiddas/ then login, select Directory --> User and do a "User Search" for the specific user Make sure the OID property "orclisenabled" is set to ENABLED and "orclactivestartdate" is the same as the START_DATE in FND_USERS table. Then use the SQL "List GUID, etc from FND_USERS table" listed in Appendix A to check for the same username concerned, but this checks the Apps side. The Start_date should be before todays date, and the end_date should be NULL or forward dated

You are getting the "Error: Authentication failed. Please try again" message on the SSO Login page
Applications has succesfully redirected to SSO, but SSO cannot authenticate the user and/or the password. This implies there is some issue with OID, so you should initally check OID to ensure the username and password are correct

Specific Issues
"Page not found" error after successful sign on
Several possibilities for this one : a) OID orclguid is missing from FND_USER.user_guid (where is NULL) You can use SQL script "List GUID, etc from FND_USERS table" in Appendix A to check for the Apps username concerned If GUID missing from FND_USER, but does exist in OID, a quick workaround may be to enable profile option "Applications SSO Auto Link User (APPS_SSO_AUTO_LINK_USER) The "Summary of provisioning" note will discuss troubleshooting issues where user information in FND_USERS and OID is not synchronised. b) Has the user login cookie been cleared OK Close all browser sessions and try again. This situation can happen if you have logged into SSO Server, or OID (as "orcladmin" user for example) but not logged out yet. As this is not a valid Apps username, but the SSO cookie is still set, it does not ask you to login again, you just get sent straight to Apps. c) Bug 4053247 Up to and including Build 2.2, the "Link on the fly" screen does not display and gives this error. Bug 4053247 gives the workaround to fix it. This would be an issue if you are not using "Auto Link User" or you are using "Auto Link" but have a username in OID that does not exist in FND_USER4053247 gives the workaround to fix it. This would be an issue if you are not using "Auto Link User" or you are using "Auto Link" but have a username in OID that does not exist in FND_USER

"The system is set to run in Single Sign-On mode, but the configuration is incomplete for this mode. Please contact your System Administrator." error
You do not even see the SSO Sign on page in this case This could be because "regapp.sql" was not run correctly, or incorrect values were entered Use the scripts in Appendix A to get the values entered for the SSO Server and also the Apps server, and

3 of 7

1/11/2006 12:02 PM

ShowDoc

https://metalink.oracle.com/metalink/plsql/f?p=130:14:9873231365054...

make sure all the values entered were correct. If may also be worth setting the profile option "Applications SSO Partner Application Listener Token" (APPS_SSO_LISTENER_TOKEN) to the value of "<Hostname>_<ContextName>" and re-test. The value entered should be the same as the value returned by the SQL "select fnd_web_config.database_id from dual" Note 286768.1 also discusses this issue when using Clusters, such as HP ServiceGuard

Additional Diagnostics
Install the AS10g Diagnostics patch 4067949 - E-Business Suite Single Sign-On Diagnostic Utility (available soon)

Appendix A - SQL scripts

Check success URL, SITE_ID, etc in SSO Server configuration
REM START OF SQL REM Script to check success URL in SSO Server configuration REM Run as ORASSO or SYSADMIN database user account REM connected to SSO database REM set pagesize 132 set linesize 90 set feedback on select SITE_NAME, SUCCESS_URL, HOME_URL, LOGOUT_URL, SITE_ID, SITE_TOKEN, ENCRYPTION_KEY from orasso.WWSSO_PAPP_CONFIGURATION_INFO$ / REM END OF SQL

Check values defined in Apps for the SSO Server

REM START OF SQL REM Script to check values defined in Apps for the SSO Server REM Run as APPS or SSOSDK database user on the Apps 11i database REM set pagesize 132; set serveroutput on declare l_listener_token varchar2(255); l_site_token varchar2(255); l_site_id varchar2(255); l_login_url varchar2(2000); l_logout_url varchar2(2000); l_cookie_version varchar2(80); l_encryption_key varchar2(1000); l_ip_check varchar2(10); begin select apps.fnd_web_config.database_id into l_listener_token from dual; wwsec_sso_enabler.get_enabler_config ( l_listener_token ,l_site_token ,l_site_id ,l_login_url ,l_logout_url ,l_cookie_version ,l_encryption_key ,l_ip_check ); dbms_output.put_line('------------------------------------------------ '); dbms_output.put_line('Values from Apps 11i Server ');

4 of 7

1/11/2006 12:02 PM

ShowDoc

https://metalink.oracle.com/metalink/plsql/f?p=130:14:9873231365054...

dbms_output.put_line('------------------------------------------------ '); dbms_output.put_line('Host_SID Identifier: ' || l_listener_token); dbms_output.put_line('Site id : ' || l_site_id); dbms_output.put_line('Site token : ' || l_site_token); dbms_output.put_line('Encryption key : ' || l_encryption_key); dbms_output.put_line('Login URL : ' || l_login_url); dbms_output.put_line('Logout URL : ' || l_logout_url); dbms_output.put_line('IP check : ' || l_ip_check); dbms_output.put_line('------------------------------------------------ '); exception when others then dbms_output.put_line('------------------------------------------------ '); dbms_output.put_line('ERROR....'); dbms_output.put_line('Exception: ' || sqlerrm); dbms_output.put_line('l_listener_token: ' || l_listener_token); dbms_output.put_line('------------------------------------------------ '); end; / REM END OF SQL

Update values defined in Apps for the SSO Server

REM START OF SQL REM Script to update values defined in Apps for the SSO Server REM Run as APPS or SSOSDK database user on the Apps 11i database REM REM IMPORTANT NOTE : REM Using this script is not recommended or supported REM Only use under strict guidance from Oracle Support REM and in any case should NEVER be run against a REM production system REM You can get the same result from re-running "regapp.sql" REM REM NOTE : If you get "Exception: User-Defined Exception" when REM running this make sure the 'Login_URL' you enter REM is correct as this is validated REM set pagesize 132; set define on set serveroutput on set verify off declare l_listener_token varchar2(255); l_site_token varchar2(255); l_site_id varchar2(255); l_login_url varchar2(2000); l_logout_url varchar2(2000); l_cookie_version varchar2(80); l_encryption_key varchar2(1000); l_ip_check varchar2(10); begin l_site_id := '&Site_ID'; l_site_token := '&Site_Token'; l_login_url := '&Login_URL'; l_cookie_version := 'v1.2'; l_encryption_key := '&Encryption_Key'; l_ip_check := 'N'; select apps.fnd_web_config.database_id into l_listener_token from dual; wwsec_sso_enabler.modify_enabler_config ( p_lsnr_token => l_listener_token ,p_site_token => l_site_token ,p_site_id => l_site_id ,p_ls_login_url => l_login_url ,p_ls_logout_url => ''

5 of 7

1/11/2006 12:02 PM

ShowDoc

https://metalink.oracle.com/metalink/plsql/f?p=130:14:9873231365054...

,p_url_cookie_version => l_cookie_version ,p_encryption_key => l_encryption_key ,p_ipaddr_check => l_ip_check ); wwsec_sso_enabler.get_enabler_config ( p_lsnr_token => l_listener_token ,p_site_token => l_site_token ,p_site_id => l_site_id ,p_ls_login_url => l_login_url ,p_ls_logout_url => l_logout_url ,p_url_cookie_version => l_cookie_version ,p_encryption_key => l_encryption_key ,p_ipaddr_check => l_ip_check ); dbms_output.put_line('------------------------------------------------ '); dbms_output.put_line('New values now in operation (Apps 11i Server) '); dbms_output.put_line('------------------------------------------------ '); dbms_output.put_line('Host_SID Identifier: ' || l_listener_token); dbms_output.put_line('Site id : ' || l_site_id); dbms_output.put_line('Site token : ' || l_site_token); dbms_output.put_line('Encryption key : ' || l_encryption_key); dbms_output.put_line('Login URL : ' || l_login_url); dbms_output.put_line('Logout URL : ' || l_logout_url); dbms_output.put_line('IP check : ' || l_ip_check); dbms_output.put_line('------------------------------------------------ '); exception when others then dbms_output.put_line('------------------------------------------------ '); dbms_output.put_line('ERROR....'); dbms_output.put_line('Exception: ' || sqlerrm); dbms_output.put_line('l_listener_token: ' || l_listener_token); dbms_output.put_line('------------------------------------------------ '); end; / commit; set verify on show errors REM END OF SQL

List GUID, etc from FND_USERS table

REM START OF SQL REM Script to list GUID, etc from FND_USERS table REM Run as APPS user on Apps 11i database REM set feedback on set pagesize 132 set linesize 80 col user_name form a20 col start_date form a10 col end_date form a10 col user_guid form a35 select user_name, to_char(start_date, 'DD-MON-RR') Start_Date, to_char(end_date, 'DD-MON-RR') End_Date, user_guid from fnd_user where upper(user_name) like upper('%&enter_username%') order by USER_GUID, end_date, user_name / REM END OF SQL

Appendix B - Related Documents

Note 273449.1 - Diagnosing Login Problems with Apps 11.5.9 (FND.G)

6 of 7

1/11/2006 12:02 PM

ShowDoc

https://metalink.oracle.com/metalink/plsql/f?p=130:14:9873231365054...

Note 233436.1 - Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i Note 295606.1 - Oracle Application Server 10g with Oracle E-Business Suite Release 11i Troubleshooting Note tba - AS10g with Apps 11i - Summary of provisioning (this note will hopefully be written soon!) @ TAR 4049950.994 - VALIDATE SSO PRODUCE JSP ERROR

Last updated : 19th October 2005

Bookmarks Admin Profile Feedback Sign Out Help

Copyright 2005, Oracle. All rights reserved. Legal Notices and Terms of Use | Privacy Statement

7 of 7

1/11/2006 12:02 PM