How to autopopulate user_guid in fnd_user table ( EBS Blank Page)

 Issue: 

EBS Local Login url is working fine. When accessing sso url, users are getting error as below appended to the url. And login page will be blank.

One of the reason could be : OAM Authentication is fine but during authorization process, OAM is unable to map guid from oid to user_guid in fnd_user. This can be due to user_guid being null in fnd_user table.
As per the process, when user logins for the first time, user_guid need to be populated automatically (from oid)

Query guid from oid and update fnd_user table with that.

ldapsearch -h oidhost.appsolworld.com -p 3060 -D "cn=orcladmin" -w orcladmpwd -b "cn=Users,dc=dc,dc=online,dc=org" -s sub "(uid=$1)" orclsamaccountname krbprincipalname mail orcluserprincipalname orclguid

Pass userid to this command which gives guid along with other details.

Update fnd_user table with above guid :

update fnd_user  set user_guid='' where user_name like '';

Solution: 

As per the process, when user logins for the first time, user_guid need to be populated automatically.
So, why is this not happening. This can be due to binding issue from oid to EBS.
You can verify as below :

"AppsDN" user is a special administration account which ebs uses to connect to OID for integration tasks when integrating with OID.


- Determine the 'AppsDN' username/password connected to EBS as apps user
select fnd_preference.get('#INTERNAL', 'LDAP_SYNCH','USERNAME') Apps_Instance_OID_Account from dual;

Output :                               orclapplicationcommonname=ebsinstancename,cn=ebusiness,cn=products,cn=oraclecontext,dc=dc,dc=online,dc=org


select fnd_preference.eget('#INTERNAL', 'LDAP_SYNCH','EPWD','LDAP_PWD') Password from dual;
Output :    *****

** This is the password which you gave when registering oid with EBS for the prompt :
"Enter the instance password that you would like to register this application instance with?"


Use the above outputs and test the bind as below from EBS:

ldapbind -D orclapplicationcommonname=ebsinstancename,cn=ebusiness,cn=products,cn=oraclecontext,dc=dc,dc=online,dc=org -w ****** -h idhost.appsolworld.com -p 3060



(idhost.appsolworld.com is the server where oid is installed)
ldap_bind: Invalid credentials
ldap_bind: additional info: Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired. Please contact the Administrator to change your password.


Note : 

 To resolve this, password need to be updated in ODSM (default port 7005 for odsm):


Go to “Data Browser” -> “Root” -> dc=org -> dc=online -> dc=dc -> cn=OracleContext -> cn=Products -> cn=EBusiness -> select respective orclApplicationCommonName
  in this case, "ebsinstancename"

In the right window, update “userpassword” with password  (result of abov query) and click apply.
Then, check the bind again:

ldapbind -D orclapplicationcommonname=ebsinstancename,cn=ebusiness,cn=products,cn=oraclecontext,dc=dc,dc=online,dc=org -w **** -h idhost.appsolworld.com -p 3060

bind successful

Steps to test:

Nullify a user guid in EBS :  update fnd_user  set user_guid=null where user_name like 'USER';
Access EBS SSO URL : For ex, http://appsolworld.com
Once Home page is shown, check the user_guid column from fnd_user table, it should be populated same as from oid.
select user_guid from fnd_user where user_name like 'USER';

Comments

Popular posts from this blog

How to fix Oracle SQL Developer connection issue "Got minus one from a read call"

Few Important steps of Oracle Database Clone

How to troubleshoot Long Running Concurrent Request in EBS 12.2