Register for Apps DBA Training
For Apps DBA Beginner's
  • Start From Here
  • Order of Apps Study
  • 11i Software
  • Apps Architecture
  • Install Apps 11i
  • Install Apps 11i Part II
  • Startup/Shutdown
  • Request Flow in Apps
  • Various TOP's
  • Cloning Basics
  • Cloning I
  • Cloning II
  • Autoconfig Basics
  • Autoconfig Config File
  • Template Files in Autoconfig
  • Discoverer Overview
  • Workflow Mailer in Apps
  • Printing Overview
  • Configuring Printers
  • Pasta Printing
  • Performance Overview
  • Install 10g Application Server
  • Apps DBA Certification
  • Common DBA Topics
  • Scared of RAC ?
  • Install RAC on your laptop part I
  • Step by Step build RAC part II
  • Step by Step install RAC using VMWare part III
  • Install Oracle RAC Database part IV
  • oraInventory Basics
  • Install Database
  • Upgarde DB to
  • Fusion
  • Is Fusion a conFusion ?
  • Fusion Middleware Overview I
  • Fusion Middleware Overview II
  • Application Integration Architecture
  • SOA Install Part I
  • SOA Install Part II
  • SOA Install Part III
  • Install BPEL Process Manager
  • Apps Integration OID/SSO
  • Management Qs for Apps Integration with SSO/OID
  • 25 things your DBA should know for Apps/SSO integration
  • Identity Management
  • COREid Overview
  • Oracle COREid or Idm & Access Mgmt overview
  • Installing Access Manager 10.1.4
  • WebGate request flow
  • Identity Manager Architecture
  • Installing Identity Manager
  • OAS-SSO Overview
  • OID Overview
  • OID Basics II
  • OID Cluster
  • OID Integration with Other LDAP Servers overview
  • Integrate OID with AD I
  • OID Replication Overview
  • Multi Master OID Replication
  • Migrate OID/SSO to new Host
  • Apps R 12
  • Socket or Servlet in R12
  • Startup/Shutdown Scripts in R12
  • Unified APPL_TOP
  • Apps R 12.0.1
  • Difference between 11i & R12 Technical
  • Prepare for R12 Installation
  • Install VMWare on Windows for Linux Install
  • Install Linux for Apps R12 Install
  • Install Apps R12 on Linux Virtual Machine
  • R12 Upgrade & database
  • R12 Fils System Changes
  • R12 Release Date
  • 10g Application Server
  • 10g AS Overview
  • Installing 10g AS
  • Start/Stop 10g AS
  • Web Cache Basics
  • Single Sign-On Overview
  • OID Overview
  • Cloning 10g AS
  • 10g AS Middle tier Cloning & Overview
  • OID Cluster Imp. Points
  • CPU Patch, Infra Tier
  • CPU Patch, Middle Tier
  • AS Guard / DR Overview
  • Oracle Apps 11i
  • My Site
  • Apps DBA Scripts
  • Apps DBA Interview Q's
  • 11i JVM's
  • Apps Training in India
  • 11i Health Check
  • Good Metalink Notes
  • About Me  
  • For Advanced Apps DBA
  • URL Firewall in DMZ Setup
  • Upgrade Apps to
  • Load Balancer Overview
  • Load Balancer Config
  • HTTP layer Load balancing in Apps 11i
  • Dataguard Overview
  • Configure Dataguard / Standby database
  • Standby Site for Apps 11i
  • How to change Hostname on Apps Instance
  • SSL Overview in Apps
  • Configure SSL to Web Server
  • Key Points for SSL in Apps
  • Reduce Patch Timing
  • Reduce Patch Timing II
  • Shared APPL_TOP Overview
  • Configure Shared APPL_TOP
  • 11i Database Upgrade I
  • 11i Database Upgrade II
  • Change Session TimeOut
  • Patching
  • Apps Patch Basics
  • Apps Patch Basics II
  • Apply Apps Patch
  • CPU Overview
  • Steps to Apply CPU Patch
  • CPU Patch on Infra Tier
  • CPU Patch on AS Middle Tier
  • Troubleshooting
  • Web Server TS Part I
  • Web Server TS Part II
  • CM Troubleshooting
  • 10g Discoverer with Apps
  • Discoverer Bascis in Apps
  • Discoverer 10g Upgarde Basics
  • Discoverer 10g Configuration Steps with 11i
  • Collaboration Suite
  • Collaboration Suite
  • Calendar Overview
  • Sync Calendar from Mobile I
  • Sync Calendar from Mobile II
  • OCS Mail Architecture
  • Apex / HTMLDB
  • Install Apex 2.2
  • Apex with SSO part I
  • Apex with SSO part II
  • SSO Authentication Schemes
  • Certification
  • Possible Certifications for DBA
  • Apps DBA Certification
  • 1Z0-311-OCA-10g OAS Overview
  • 1z0-312-OCP-10g OAS Overview
  • 1z0-312 - Managing Customization and Topology
  • 1z0-312 - Cloning and Staging OAS
  • Apps DBA Jobs
  • Working / Apps DBA in UK
  • Oracle Recruiting Apps DBA's
  • Apps DBA Jobs Updated Regularly
  • Apps Job at Satyam
  • Useful Links
  • Good Metalink Notes
  • petefinnigan's Oracle Security
  • Linux Basics
  • Atul Mehta's Oracle Links
  • Others
  • Apps DBA Training Institute
  • 1 Year Journey of this Blog
  • How To ?
  • Change APPS Password
  • Preserve Customizations
  • Blog Roll
    Apps / E-Business Suite
  • Steven Chan Apps
  • Anil Passi Technical
  • Fadi Apps DBA
  • Senthil Apps DBA
  • Bas Klaassen EBS DBA
  • Sam Apps DBA
  • Black Geek Apps DBA
  • Bandari Apps
  • Vikram ERP Architect
  • OraBiz
  • Eric Core DBA
  • SOA
  • Navdeep Saini Apps DBA
  • tugdualgrall Web Services
  • Mohan Dutt's Apps Certification
  • Nishant Kaushik's IdM
  • Nulli Blog, OAM
  • Identity Musing
  • Identity nd Access Management
    Core DBA
  • Vidya Bala DBA
  • Sabdar DBA
    Data Management
  • Ivan Pellegrin Data Management

  • We have moved to kindly check http://onlineAppsDBA.comin future
    25 Things Apps DBA should know for Apps 11i/R12 Integration with OID/SSO
    Thursday, September 13, 2007
    Register for R12 upgrade
    Check below 25 points which Apps DBA should know for Apps(11i/R12) integration with SSO/OID (Single Sign-On/Oracle Internet Directory)

    1. If you change APPS password using FNDCPASS utility, update provisioning profile with new password using OIDPROVTOOL. (More on OID Scripts & Tools coming soon). This is required as APPS password is stored in provisioning profile in OID.

    2. If you clone E-Business Suite Instance,
    ------2.1 Deregister old E-Business Suite details from target OID Instance,
    ------2.2 Deregister Integration details from cloned target E-Business Suite instance
    ------2.3 Reregister target E-Business Suite Instance to target OID and SSO instance
    (More on cloning Oracle Apps instance integrated with OID/SSO coming soon)

    3. Session Idle Timeout value in E-Business/Apps is set to 30 minute by default but there is NO Session Idle timeout value set on SSO (There is Global Timeout value set to 8 hours in Oracle SSO which is different from Idle Timeout). If session is Idle for more than 30 minutes in Apps/E-Business suite, users will be redirected to SSO and user can get back to Apps "without" entering username password as user session cookie is still valid on SSO Server .
    For global Idle Session time out to work properly set Idle timeout value to required value in Oracle SSO server and match that with E-Business Suite Instance.

    4. User with Name USER1 in FND_USERS can be linked to username USER2 in OID , so username need not to be same. Users in E-Business Suite/Apps are linked to Users in OID/SSO via GUID.

    5. User mapping between OID & E-Business/Apps -> Login name in OID is identified by attribute "orclcommonnicknameattribute" which by default is "uid". To understand this better, think of user User "Atul Kumar" in OID with various attribute like first name, lastname, phonenumber, cn, sn, uid .... If for "Atul Kumar" value of attribute uid is set to "akumar" then user should use "akumar" to login.
    This "akumar" (value of attribute "uid") is mapped to USER_NAME column of table FND_USER and "orclguid" attribute in OID should have same value as USER_GUID column value in FND_USER table. As mentioned in point 4, users in OID & Apps are linked via GUID and this value should be same. (More on user mapping and authentication flow with SSO coming soon )

    6. Currently supported nickname attribute to be mapped to FND_USER table are "uid" and "mail"

    7. If naming convention of your users in OID is different from users in E-Business/Apps (like atul.kumar in OID but kumaratul in apps/E-Business Suite) then disable profile "Applications SSO Auto Link User"

    8. Not all attributes for users can be integrated/synchronized from OID to E-Business Suite or Vice Versa. For list of attributes supported currently (as of build 5) check Appendix C on Page 88 of Integration guide.

    9. Updates to email ID in Oracle Internet Directory are not correctly reflected in the E-Business Suite HZ_CONTACT_POINTS in TCA unless the PERSON_PARTY_ID foreign key in the FND_USER table has been defined. Furthermore, if PERSON_PARTY_ID is changed i.e. user is linked to another person in TCA, information stored in OID can overwrite this other person’s information during provisioning.

    10. As of build 5, logout from OAM (Oracle Application Manager) results in page not found, though users can logout successfully from professional forms and self service web applications.

    11. Users can be provisioned from E-Business/11i/R12 (FND_USER) to OID, OID to E-Business Suite, and two way. (How to find current user provisioning direction coming soon in OID Scripts post)

    12. User Provisioning from TCA (Trading Community Architecture) to OID is not yet supported (as of build 5). Provisioning of HR to OID, FND_USER to OID or from OID to FND_USER is supported.

    13. If provisioning profile includes password to be provisioned from E-Business Suite/Apps to OID, password policy in E-Business Suite should be atleast as restrictive as OID else when you create user in E-Business Suite/Apps without password not not in line with password policy, you will get non descriptive error message.

    14. User can login to E-Business Suite Locally (NO SSO, directly from FND_USER) or to SSO (authentication via SSO) or BOTH. Set profile option "Applications SSO Login Types" to LOCAL or BOTH at userlevel and use

    http(s)://(hostname).(domainname):(port)/ OA_HTML/ AppsLocalLogin.jsp

    For SSO authentication use URL

    15. It is possible to register multiple E-Buisness Suite Instance (Test, Dev, UAT) to single OID/SSO Instance. (How to find list of E-Business Suite instance registered against OID, coming soon in OID Scripts)

    16. If you have OID with multiple Realm (How to find default and all available realms in OID, coming soon in OID scripts), E-Business Suite/11i/R12 can be registered against default OID realm only (As of SSO build 5).

    17. It is possible to link multiple E-Business Suite accounts to single SSO account but vice versa is not possible/supported. i.e. User1 and User2 in E-Business account can be linked to user3 in OID/SSO (For more
    information Check Profile Option "Applications SSO Allow Multiple Accounts"

    18. It is possible to synch User Password from E-Business Suite to OID but vice versa is not allowed. This is because passwords in E-Buisness Suite/Apps/11i/R12 are encrypted but are hashed in OID.

    19. If you are palnning to implement SSO Integration with E-Business /11i/R12 in enterprise where E-Business Suite and OID are already implemented and working independently, it is possible to bulkload user from OID to E-Business(Users which are already in OID but not in E-Business Suite) or from E-Busienss to OID (Users which are already in E-Business Suite but not in OID) and map common users.

    20. For bulk migrating users from E-Business Suite to OID or from OID to E-Business Suite, check AppsUserExport, LDAPUserImport, ldifmigrator, utility

    21. When users are imported (initial load) from OID to E-Business/Apps 11i/R12 using LDAPUserImport, all user "attributes" can't be imported.

    22. If hashing method in OID is not MD5, bulkload of users to OID (initial set of users migrated from Apps/E-Business Suite) . (How to find default hasing method in OID, coming soon in OID Scripts..)

    23. During initial load of users from E-Business Suite to OID (using, password policy in OID is not verified . This is because E-Business Suite passwords are encrypted in dump file and bulk load tool can't check passwords.

    24. Oracle Application Server (SSO/OID) & Apps/E-Business Suite database server system clocks should be in synch else users will face issue during login/logoff


    Leave your comments on what you think is important for Apps/11i/R12 integration with OID/SSO to fill point no. 25

    Management Questions for Apps Integration with OID/SSO

    More on OID/SSO Integration with authentication & user provisioning flow coming soon...

    Labels: ,

    We have moved to

    kindly check in future

    add to  ¦  digg thisDigg This  ¦  My Yahoo!My Yahoo  ¦  RedditReddit  ¦  add to BlinkListBlinkList   ¦  Furl ItFurl It  ¦  Email This Email This  ¦     Leave Your Comments
    posted by Atul Kumar @ 6:40 PM  
    • At 4:10 PM, Anonymous Anonymous said…

      Hi atul,
      we have an issue in which When we change the password of an user in the ebussiness suite...But that does get reflected in OID .The user does have its password change in oid?

      FRIENDS has anyone of our groupd faced this issue??


    • At 5:26 PM, Anonymous Anonymous said…

      I have on $IAS_ORACLE_HOME with SSO integration patch (RUP7) SDK, but I do not find or all these binaries on 10g AS infrastructire with SSO and OID side, is there any patch or update I am missing to get these installed ?

    • At 2:47 PM, Blogger Apps said…

      Hi Atul,

      Recently, I came across a weird scenario. The environment is SSO implemented along with portal. When an user tries logging in to the system, he's getting the message
      Only one user is getting such error message. I have checked the guid of the user in fnd_user table, PORTAL and OID. They are matching. I have checked the wf_local_roles and used ldapsearch (found no duplicate entries).

      Can you please suggest what could be the possible reason for this?


    Post a Comment
    << Home
    About Me

    Name: Atul Kumar
    Home: London, United Kingdom

    About Me: I am Independent Oracle consultant. If you wish to hire me on Contract or to Quote on project basis contact me at
    atul @

    See my complete profile

    View Atul Kumar's profile on LinkedIn

    E-mail Subscription

    Enter your email address:

    Delivered by FeedBurner

    Only search this Blog
  • Advanced Topics
  • Application Server
  • Apex / HTMLDB
  • Apps 11i
  • Apps R12
  • Autoconfig
  • Basics
  • Certification
  • Cloning
  • Discoverer
  • Fusion
  • OID
  • Patching
  • Printer
  • Single Sign-On
  • Useful Sites & Forum
  • Previous Post
    Add On

    Add to Technorati Favorites



    Add to Google


    Add to My AOL


    Subscribe in Bloglines


    Subscribe in NewsGator Online

    Powered by

    Hits Since 30, Jul 06

    Blog Counter

    Technology Blogs - Blog Top Sites
    Copyright © 2006 All rights reserved Presented by Atul Kumar