This post covers issue while login at EBS R12.2 environment integrated with OAM/OID for Single Sign-On (SSO) encountered by one of trainee in EBS-OAM Integration Training.
Issue: After completing EBSR12.2 OAM integration, When trainee was trying to Login to EBS (http://<EBS_HOST>:<Port>) then after typing username/password, user was hitting below message.
“Internal Error: Webgate allowed access to protected page GUID=null”
Before we come to fix, lets understand what is GUID and what configuration we do as part of EBS-OAM related to GUID .
- User in Oracle Internet Directory (OID) has an attribute orclguid
- User in E-Business Suite R12 store user details FND_USER table and column USER_GUID
- User in EBS is mapped to user in OID using orclguid attribute of OID with USER_GUID column in FND_USER
- As part of Authentication via OAM, there are Response Headers in OAM’s Authentication (ATN) & Authorization (ATZ) policy to send orclguid value from OID to EBS-AccessGate
Check more about this from Oracle ACE & Author Atul Kumar’s post about GUID on his OnlineAppDBA blog here
Issue: There is Bug 19222741 : E-BUSINESS SUITE R12.2.3 WITH OAM 11.1.2.2 LOGIN FAILS WITH GUID=NULL
Fix: Fix is to change Response for USER_ORCLGUID from $user.attr.orclguid to $user.guid
Steps by Step instruction to fix
- Login to oamconsole (http://<HostName>:<OAM_Port>/oamconsole)
- Click on application domains and select your accessgate domain (For example: PRD12111_ebs01.k21technologies.com_8011 in below screenshot).Note: In Oracle EBS R12.2 when you register EBS with OAM, It creates application domain in OAM with $SID_<hostname>_<WebPort>
- Click on Authorization policies, then Protected Resource Policies and then Responses. (Note: Make the same changes under Authentication Policies as well as shown in below steps for Authorization Policies).
- Now change the value of USER_ORCLGUID from $user.attr.orclguid to $user.guid and click Apply.
- Make the same changes under Authentication policies as well.
- Now try again to access the link and login again. It should work now.
We provided a dedicated module for Troubleshooting where we cover Logging in WebGate, OHS, EBS Accessgate, DIP, OAM, and OID in our EBS-OAM/OID Integration Training , more about training here
If you have not yet downloaded FREE eBook – 7 Docs every Oracle Apps DBA must read for EBS R12 integration with OAM/OID for SSO get a copy in your Email
David says
I’ve made a correction similiar to this and it still did NOT work. Ended up putting orclguid into the prefetched attributes on the UserIdentityStore page and it worked!