he most current version of this document can be obtained in My Oracle Support Knowledge Document 1614793.1.
Since the steps also need to be performed in the patch file system, set the environment to start the WebLogic Administration Console in the patch file system:
There is a change log at the end of this document.
In this document
- Section 1: Overview
- Section 2: Cloning Tasks for Single Sign-on Enabled Environments
- Section 3: Known Issues
- Change Log
Section 1: Overview
This knowledge document provides the information required to clone and configure single sign-on enabled Oracle E-Business Suite Release 12.2 environments. The instructions cover the removal of Oracle Internet Directory (OID) and Oracle Access Manager (OAM) configurations from a cloned Oracle E-Business Suite Release 12.2 environment, and the optional re-integration of a newly-cloned Oracle E-Business Suite Release 12.2 environment with OID and OAM.
Section 2: Cloning Tasks for Single Sign-on Enabled Environments
The main steps are:
- Clone Oracle E-Business Suite using Rapid Clone
- Deregister the Cloned Oracle E-Business Suite Instance from Oracle Access Manager and Remove Oracle E-Business Suite AccessGate
- Remove the Oracle Internet Directory Configuration from the Cloned Oracle E-Business Suite Instance
- Integrate the Cloned Oracle E-Business Suite Instance with Oracle Internet Directory
- Integrate the Cloned Oracle E-Business Suite Intance with Oracle Access Manager
- Reconfigure SSL (Optional)
2.1 Clone Oracle E-Business Suite using Rapid Clone
Use Rapid Clone to create template files for cloning on the source system. After the source system is copied to the target, Rapid Clone updates these templates to reflect the new target system configuration settings. To clone an Oracle E-Business Suite Release 12.2 instance, including the application and database tiers, follow the instructions in My Oracle Support Knowledge Document 1383621.1, Cloning Oracle E-Business Suite Release 12.2 with Rapid Clone.
Notes:
- On the target system, start only the Admin Server before running "perl adpreclone.pl appsTier" in preparation for cloning target Run File System to target Patch File System.
- Do not start all the services until you delete the old WebGate configurations, as mentioned in Step 2.2 below.
- After running Rapid Clone, ensure that the WebGate Oracle Home (both run and patch file systems) is successfully registered in the Oracle Inventory on the target system.
2.2 Deregister the Cloned Oracle E-Business Suite Instance from Oracle Access Manage and Remove Oracle E-Business Suite AccessGate
2.2.1 To deregister the cloned Oracle E-Business Suite from Oracle Access Manager and remove Oracle E-Business Suite AccessGate from the cloned Oracle E-Business Suite instance, follow the instructions in Appendix A of My Oracle Support Knowledge Document 1576425.1, Integrating Oracle E-Business Suite Release 12.2 with Oracle Access Manager 11gR2 (11.1.2) using Oracle E-Business Suite AccessGate.
Note: Do not remove any configurations (for example, Authentication Scheme, Authentication Module, and Identity Store) from the OAM Administration console, as all configurations are still being used by the source system.
2.2.2 Remove Oracle E-Business Suite AccessGate from the cloned Oracle E-Business Suite instance.
Note: You must remove Oracle E-Business Suite AccessGate from the run file system and the patch file system; consequently, the following steps must be executed on both the run and patch file systems.
2.2.2.1 Start the WebLogic Administration Console
Set the environment to start the WebLogic Administration Console in the run file system:
$ cd <EBS_BASE_HOME>
$ . EBSapps.env
$ echo $FILE_EDITION
When prompted, enter "r" to select the run file system environment. The command
echo $FILE_EDITION will return run to indicate that the run file system has been sourced.
Note: <EBS_BASE_HOME> points to the top-level directory where file system 1 (fs1) and file system 2 (fs2) are installed.
Execute the WebLogic Administration Console start command for the run file system:
$ $ADMIN_SCRIPTS_HOME/adadminsrvctl.sh start$ cd <EBS_BASE_HOME>
$ . EBSapps.env
$ echo $FILE_EDITION
When prompted, enter "p" to select the patch file system environment. The command
echo $FILE_EDITION will return patch to indicate that the patch file system has been sourced.
Execute the WebLogic Administration start command for the patch file system:
$ $ADMIN_SCRIPTS_HOME/adadminsrvctl.sh start forcepatchfs
2.2.2.2 Delete the Deployed Oracle E-Business Suite AccessGate application
In the WebLogic Administration Console on the run file system, navigate to EBS_domain_sid > Deployments, stop the Oracle E-Business Suite AccessGate application named "accessgate". Then delete the Oracle E-Business Suite AccessGate application named "accessgate".
In the WebLogic Administration Console on the patch file system, navigate to EBS_domain_sid > Deployments. Stop the Oracle E-Business Suite AccessGate application named "accessgate". Then delete the Oracle E-Business Suite AccessGate application named "accessgate".
In the WebLogic Administration Console on the patch file system, navigate to EBS_domain_sid > Deployments. Stop the Oracle E-Business Suite AccessGate application named "accessgate". Then delete the Oracle E-Business Suite AccessGate application named "accessgate".
Shut down the WebLogic Administration Server of the patch file system by executing the following command on the patch file system of the primary node.
$ $ADMIN_SCRIPTS_HOME/adadminsrvctl.sh stop
2.2.2.3 Delete Managed Server oaea_server
To delete the oaea_server from the domain, follow the instructions in "Removing a Managed Server", Chapter 3, Technical Configuration, of Oracle E-Business Suite Setup Guide.
2.3 Remove the Oracle Internet Directory Configuration from the Cloned Oracle E-Business Suite Instance
Perform the following steps to remove the old OID configurations from the recently cloned Oracle E-Business Suite instance:
2.3.1 In the recently cloned Oracle E-Business Suite instance, set the APPS_SSO_LDAP_SYNC profile option to "Disabled" at the site level.
2.3.2 Remove all references to the original OID/SSO instance. Follow the instructions from Appendix A, Section A3 of My Oracle Support Knowledge Document 1371932.1, Integrating Oracle E-Business Suite Release 12.2 with Oracle Internet Directory 11gR1.
2.3.3 Delink all Oracle E-Business Suite users that were linked to the original Oracle Internet Directory users (i.e. where FND_USER.USER_GUID is populated), since those old links are no longer valid. Later, after you have completed all the tasks in this document, the Oracle E-Business Suite user will be automatically linked to the corresponding account in the new Oracle Internet Directory instance when you log in to Oracle E-Business Suite for the first time.
2.3.1 In the recently cloned Oracle E-Business Suite instance, set the APPS_SSO_LDAP_SYNC profile option to "Disabled" at the site level.
2.3.2 Remove all references to the original OID/SSO instance. Follow the instructions from Appendix A, Section A3 of My Oracle Support Knowledge Document 1371932.1, Integrating Oracle E-Business Suite Release 12.2 with Oracle Internet Directory 11gR1.
2.3.3 Delink all Oracle E-Business Suite users that were linked to the original Oracle Internet Directory users (i.e. where FND_USER.USER_GUID is populated), since those old links are no longer valid. Later, after you have completed all the tasks in this document, the Oracle E-Business Suite user will be automatically linked to the corresponding account in the new Oracle Internet Directory instance when you log in to Oracle E-Business Suite for the first time.
The SQL script $FND_TOP/patch/115/sql/fndssouu.sql can be used by system administrators to unlink the user's GUID information from an FND_USER account. This script removes the link between the Oracle E-Business Suite and Oracle Internet Directory.
As the APPS user, run the script to unlink all Oracle E-Business Suite users:
SQL>@$FND_TOP/patch/115/sql/fndssouu.sql %
Note: Do not omit the "%" at the end of the command line.
2.4 Integrate the Cloned Oracle E-Business Suite Instance with Oracle Internet Directory
Note: You can create a new Oracle Internet Directory instance, or re-use the existing Oracle Internet Directory that is integrated with the source Oracle E-Business Suite system. If you are using the same Oracle Internet Directory, you can skip Steps 2.4.1 through to 2.4.3, and go directly to Step 2.4.4.
2.4.1 Install and configure a new Oracle Internet Directory Instance (Optional)
You can install and configure a new Oracle Internet Directory instance with the same version as the source instance, or any other version that is supported. Follow the instructions in the Installation Guide by choosing the corresponding version listed in http://www.oracle.com/technetwork/middleware/id-mgmt/documentation/index.html to install and configure a new Oracle Internet Directory instance.
2.4.2 Enforce Attribute Uniqueness for UID in Oracle Internet Directory (Optional)
Before performing any bulkloading of users into Oracle Internet Directory, create a Unique Constraint for the 'UID' attribute (this equates to USERNAME in Oracle E-Business Suite).
For detailed steps, refer to Section 3.4 of My Oracle Support Knowledge Document 1371932.1, Integrating Oracle E-Business Suite Release 12.2 with Oracle Internet Directory 11gR1.
2.4.3 Reconstruct the LDAP Namespace in the new Oracle Internet Directory Instance (Optional)
If you wish to integrate with a new Oracle Internet Directory instance, you may optionally wish to reconstruct your LDAP namespace in your new Oracle Internet Directory. To do so, you can choose one of the following three options:
You can install and configure a new Oracle Internet Directory instance with the same version as the source instance, or any other version that is supported. Follow the instructions in the Installation Guide by choosing the corresponding version listed in http://www.oracle.com/technetwork/middleware/id-mgmt/documentation/index.html to install and configure a new Oracle Internet Directory instance.
2.4.2 Enforce Attribute Uniqueness for UID in Oracle Internet Directory (Optional)
Before performing any bulkloading of users into Oracle Internet Directory, create a Unique Constraint for the 'UID' attribute (this equates to USERNAME in Oracle E-Business Suite).
For detailed steps, refer to Section 3.4 of My Oracle Support Knowledge Document 1371932.1, Integrating Oracle E-Business Suite Release 12.2 with Oracle Internet Directory 11gR1.
2.4.3 Reconstruct the LDAP Namespace in the new Oracle Internet Directory Instance (Optional)
If you wish to integrate with a new Oracle Internet Directory instance, you may optionally wish to reconstruct your LDAP namespace in your new Oracle Internet Directory. To do so, you can choose one of the following three options:
- Redo your bulkload from the Oracle E-Business Suite into Oracle Internet Directory.
- Export the LDAP namespace from original OID instance into an LDIF file, and import it into your new OID.
- Connect the original Oracle Internet Directory instance to your new Oracle Internet Directory instance via a connector, synchronizing the namespaces.
For more information, refer to Chapter 6, Single Sign-On Integration, of Oracle E-Business Suite Security Guide.
2.4.4 Integrate the recently Cloned Oracle E-Business Suite with Oracle Internet Directory
To integrate the recently cloned Oracle E-Business Suite with Oracle Internet Directory, Follow the instructions in Section 5 of My Oracle Support Knowledge Document 1371932.1, Integrating Oracle E-Business Suite Release 12.2 with Oracle Internet Directory 11gR1.
2.4.4 Integrate the recently Cloned Oracle E-Business Suite with Oracle Internet Directory
To integrate the recently cloned Oracle E-Business Suite with Oracle Internet Directory, Follow the instructions in Section 5 of My Oracle Support Knowledge Document 1371932.1, Integrating Oracle E-Business Suite Release 12.2 with Oracle Internet Directory 11gR1.
2.4.5 Set the Following Profile Options:
Set the value of profile "Application SSO LDAP Synchronization" = Enabled
Set the value of profile "Applications SSO Auto Link User" = Enabled
Set the value of profile "Application SSO LDAP Synchronization" = Enabled
Set the value of profile "Applications SSO Auto Link User" = Enabled
2.5 Integrate the Cloned Oracle E-Business Suite Intance with Oracle Access Manager
Note: You may install a new Oracle Access Manager or use a previously installed Oracle Access Manager.
2.5.1 Re-deploy Oracle E-Business Suite AccessGate to the recently cloned Oracle E-Business Suite instance. Refer to Section 4.2, "Deploy Oracle E-Business Suite AccessGate" in My Oracle Support Knowledge Document 1576425.1.
2.5.2 Register the recently cloned Oracle E-Business Suite AccessGate with Oracle Access Manager. Refer to Section 4.3, "Register Oracle E-Business Suite AccessGate with Oracle Access Manager" in My Oracle Support Knowledge Document 1576425.1.
2.6 Reconfigure SSL (optional)
Reconfigure SSL on the recently cloned Oracle E-Business Suite environment. Refer to Section 6.1, "Configure Secure Sockets Layer (SSL)" in My Oracle Support Knowledge Document 1576425.1, Integrating Oracle E-Business Suite Release 12.2 with Oracle Access Manager 11gR2 (11.1.2) using Oracle E-Business Suite AccessGate.
Section 3: Known Issues
The following table lists known issues in cloning Oracle E-Business Suite Release 12.2 single sign-on enabled environments.
| Issue | Workaround | Resolution |
|---|---|---|
| EBS profiles are not cleaned up after de-registering on the clone | Manually edit the EBS profiles and set them back to null/SSWA | Apply patch 17447435:R12.TXK.C |
Change Log
| Date | Comments |
|---|---|
| Jun 05, 2014 | In Section 2.1, replaced reference to Setup Guide with reference to Document 1383621.1. |
| Jan 17, 2014 | Initial publication. |
Knowledge Document 1614793.1 by Oracle E-Business Suite Development
No comments:
Post a Comment