Wednesday, September 14, 2011

Oracle EBS R12 with OID 11g and SSO 10gR2

The Oracle premier support for this configuration will be end at Dec 2011, if you are using Oracle Discoverer, Portal then the premier support will be end at Dec 2012(http://blogs.oracle.com/stevenChan/entry/why_does_ebs_integration_with). This means Oracle won't come out certification with new products like Windows8. The replacement for this is Oracle Access Manager 11g.

The MOS notes that I am followed are:

  • Using the Latest Oracle Internet Directory 11gR1 Patchset with Single Sign-on and Oracle E-Business Suite (Doc ID 876539.1)
  • Active Directory OID 11g Synchronization Quick Start Guide (Doc ID 1263918.1)
  • Oid 11g: Source Attribute 'SamAccountName' Doesn't Belong To Object Class 'User' (Doc ID 1186999.1)
  • How to Setup Java External Authentication Plugins in OID 11g (Doc ID 1270329.1)
  • Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On (Doc ID 376811.1)
  • WNA OC4J_SECURITY...Unable To Communicate With The Directory Or Naming Service (Doc ID 468705.1)
  • How to use the 'ssoca wna...' command to configure SSO WNA (338560.1)


My steps:
 step 1-8 are in Doc ID 876539.1
1. create database
2. install rcu   go to rcuHome/bin
   ./rcu
    Run RCU 11.1.1.4.0 to create the necessary database schema: In the 'Select Component' page:
    Expand 'Identity Management' and select only 'Oracle Internet Directory' ('Oracle Identity Federation' is not required)
    And select discoverer.
3. install weblogic 11.1.4.0    download and install jdk
    export PATH=jdk_install_dir/bin:$PATH
    java -d64 -jar wls1034_generic.jar
4. Install (but do not configure) Oracle Internet Directory and Oracle Directory Integration Platform 11gR1 (11.1.1.2.0)
5. Patch IDM, patch 11060980
6. config IDM   http://download.oracle.com/docs/cd/E17904_01/install.1111/e12002/oid002.htm#BABGDJFC
   set the environment, go to wls_home/server/bin
   . setWLSEnv.sh
  
   During the configuration, in the 'Configure Components' screen:
 Select Oracle Internet Directory and Oracle Directory Integration Platform (the Oracle Directory Services Manager and Fusion Middleware Control          management components are automatically selected for this installation):
 (i.e. UNSELECT 'Oracle Identity Federation Components' and UNSELECT 'Oracle Virtual Directory')
 Ensure that only 'Oracle Internet Directory' and 'Oracle Directory Integration Platform' are selected and click Next.
 In the 'Installation Summary' screen, ensure that only the following are in the list of 'Applications Selected for Configuration':
 •Oracle Internet Directory
 •Oracle Directory Integration Platform
 •Enterprise Manager
 •Oracle Directory Services Manager
        Click the 'Configure' button
7. Install SSO server
    run op1
   export PATH=/oracle/middleware/wls/Oracle_IDM1/perl/bin:$PATH
   export ORACLE_HOME=/oracle/middleware/wls/Oracle_IDM1
   export ORACLE_INSTANCE=/oracle/middleware/wls/asinst_1
   cd $ORACLE_HOME/ldap/bin
   perl inspre11.pl host port -ssl oid1 oiddb ods_password orcladmin_password -op1
   Install repository MRCA,
   download the MRCA into windows, and run on windows.
   and you may need to change some database settings.
   alter system set db_cache_size=145M scope=both;
   alter system set java_pool_size=120M scope=both;
   alter system set shared_pool_size=175M scope=both;
   alter system set pga_aggregate_target=96m scope=both;
  
   reset ods password
   alter user ods identified by password
   /oracle/middleware/wls/Oracle_IDM1/ldap/bin/oidpasswd  connect=OIDDB create_wallet=true
  
   restart the OID server
   cd $ORACLE_INSTANCE/bin
   ./opmnctl stopall
   ./opmnctl startall
   run op2
   cd $ORACLE_HOME/ldap/bin
   perl inspre11.pl host port -ssl oid1 oiddb ods_password orcladmin_password -op2

   Install sso server
   linux32 bash
   ./runInstaller -ignoreSysPrereqs
   before run root.sh
   export ORACLE_HOME=/oracle/middleware/wls/sso_10g
   export PATH=/oracle/middleware/wls/sso_10g/OPatch:$PATH
   apply patches:
   p6880880_101000_LINUX.zip
   p5649850_10105_GENERIC.zip
  

   alter index xdb.XDB$ACL_XIDX rebuild
 

8 patch sso server to 10.1.4.3
  apply patch 6265268
         For IAS 10.1.4.3 :
          DBConnectQueries.jar 
      Disk1/stage/Queries/DBConnectQueries/8.4/1/DBConnectQueries.jar
          IP_DBQueries.jar
             Disk1/stage/Queries/IP_DBQueries/3.0/1/IP_DBQueries.jar
    cp DBConnectQueries.jar $10.1.4.3_SSO_OH/inventory/Queries21/DBConnectQueries/8.4
    cp IP_DBQueries.jar $10.1.4.3_SSO_OH/inventory/Queries21/IP_DBQueries/3.0
 
9 Document TitleActive Directory OID 11g Synchronization Quick Start Guide (Doc ID 1263918.1)
  Oid 11g: Source Attribute 'SamAccountName' Doesn't Belong To Object Class 'User' (Doc ID 1186999.1)
  How to Setup Java External Authentication Plugins in OID 11g (Doc ID 1270329.1)

  force enable profile:
   oidhome/manageSyncProfiles activate -h host -p port -D weblogic -pf profile_name -fa true

  Bootstrap: 
   oidhome/syncProfileBootstrap -host host -port port -D weblogic -profile profile_name -lp 5
 
10 config wna: How to use the 'ssoca wna...' command to configure SSO WNA (338560.1)

  if not working, checn sso_oracle_home/opmn/log, and if it says something like this:
   Authentication Failed
   Broken pipe
  then go to: WNA OC4J_SECURITY...Unable To Communicate With The Directory Or Naming Service (Doc ID 468705.1)
  and when restart opmn, the dcm may not start at same time, start it using: opmnctl startproc ias-component=dcm-daemon

11. follow note: Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On (Doc ID 376811.1)
     to configure the EBS R12.
Posted by at

1 comment:

Subscribe to: Post Comments (Atom)