Leave a Comment:
19 comments
Unable to link account. This E-Business Suite user account is marked as a local account.
Dear Atual I implementing SSO on R12
Sapreate Node for APplication Server.
Install AS10g 10.1.4.2 Aplly Required Patches.
Run Registration Script txkrun.pl $FND_TOP/bin/txkrun.pl -script=SetSSOReg
Then i check url Getting SSO Login Page. when i use R12 user Ac. I got Below Error.
Unable to link account. This E-Business Suite user account is marked as a local account.
Thanks in Adv.
Replyselect USER_NAME, ENCRYPTED_FOUNDATION_PASSWORD, ENCRYPTED_USER_PASSWORD from fnd_user where user_name like ‘&UserName’;
Password should be set either to external or both.
Check profile option “Application SSO Login Types” at User, Server and Site level
This seems you had an exisiting E-Business Suite with some users already in. You need to migrate these users into OID using bulkload
Follow Deployment Scenario 3 (Page 33) : of Guide mentioned at https://metalink.oracle.com/metalink/plsql/docs/10g-Implementation.pdf
This Guide is for 11i with OID but same procedure can be used with R12
Check Page 69 of above guide to migrate users from Apps to OID
Other posts which I covered on this topic are
http://onlineappsdba.com/index.php/2008/04/17/migrate-users-tofrom-oid-and-oracle-apps-11ir12/
ReplyUnable to link account. This E-Business Suite user account is marked as a local account.
Dear Atual I implementing SSO on R12
Sapreate Node for APplication Server.
Install AS10g 10.1.4.2 Aplly Required Patches.
Run Registration Script txkrun.pl $FND_TOP/bin/txkrun.pl -script=SetSSOReg
Then i check url Getting SSO Login Page. when i use R12 user Ac. I got Below Error.
Unable to link account. This E-Business Suite user account is marked as a local account.
Thanks in Adv.
ReplyWe have got one problem, one of our user got removed from SSO, but we have no clue who did this, and how it was done, in this scenario how can you find / debug this issue??
regards
ReplyMehmood,
You need to enable auditing on ldap server (OID for SSO) to find out such cases in future.
1. Select audit for “delete” event in OID to record delete in OID
In OID Manager (oidadmin), expand Oracle Internet Directory Servers and select the directory server instance.
In the right pane, select the Audit Mask Levels tab page. This tab page lists the auditable events. Select
check box against “Delete” and click Apply
2. To search delete events in future
In OID Manager (oiddadmin), expand Oracle Internet Directory Servers and directory server instance.
Select Audit Log Management. In right pane search based on time
For full details check oracle guide here
ReplyHow do I know if I am using Oracle Portal?
I am using Oracle eBiz and this is the url that I use “http://hostname:port/oa_servlets/AppsLogin” this take to my sso login page. Our user is authenticate with Active Directory thru OID. The seting for your #4 does not work for me. Can you please help?
Peter,
Is password stored in OID as well (apart from AD) ?
or
its only in AD and you use OID-AD authentication plugin to authentication
If its later then you can reset password only in AD else use OIDDAS screen
ReplyOID only store user info but no password. We want to lock the user with “EXTERNAL” password after # of fail attemp. What do I need to do in OID?
Replyhi atul…
Iam really appriciate with your website …
I got much knoledge for apps fm your blogs..
wne I run bellow query i will reporting some errors
select USER_NAME||’ – ‘||MESSAGE||’ – ‘||to_char(LOG_DATE,’dd.mm.yyyy hh24:mi:ss’)||’ – ‘||IP_ADDRESS “Login Failures”
from ORASSO.WWSSO_AUDIT_LOG_TABLE$
where log_date > (sysdate – 7)
and MESSAGE = ‘Login failed’
order by log_date
/
from ORASSO.WWSSO_AUDIT_LOG_TABLE$
*
ERROR at line 2:
ORA-00942: table or view does not exist
pl let me know how to aviliable above table and run this script completly…
My inveronment is 11.5.10.2 db 9.2.0.6 on linux…
Tks
Srihari …
Reply@Srihari
ORASSO schema is under OID/SSO database and applicable only if your 11i (apps) is integrated with OID/SSO
Hi Atul,
Nice article! Do you, by any chance, know how would I notify user and an Admin via email that the account has been locked?
Thanx Roman
I am working as Oracle Apps DBA, I want to know how to unlock an user account, if the user complains on Lock, Please tell me the procedure to unlock the account from back-end or from sysadmin GUI Based.
ReplyI faced same issue today and this helped me..Good one Atul. Thanks..
ReplyWe are using OAM 10g and OVD 11g and OID 11g.
We have a requirement to lock the user account after 5 unsuccessful attempts for 30 minutes once its locked and should be unlocked automatically after 30 minutes. I have created the password policy in OAM and which is updating the “ob” attributes in OID.
Issue we have is, In OAM password policy we can give minimum 1 hour of account lock duration and in OID I can give 30 minutes as lockout time. How can I set account lock duration in OAM as 30 minutes?
@ Sandy,
For password policy and configuring lockout duration check http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12489/idconfig.htm#CBDGGGHE and http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12489/idconfig.htm#BABCHHFH
Hi Atul,
I’m trying to control and show to the user his bind attempts, but im doing this by checking the audit_log_table. The problem is that i have to control this in a cicle of 24 hours.
Is there a way to query for this value on OID tables to know how many attempts user still have?
Having a way to query for this value will work a lot better than just querying on audit_log_table. Since is the value of attempts on OID.
Thanks. Zeh
ReplyHi – Nice article. Do you know of a way in which we can programmatically lock the user account .
Details here – https://forums.oracle.com/forums/thread.jspa?threadID=2465724&tstart=0
Hi. I wonder if you can help me to point in the right direction. I implemented SSO , OID, OAM with R11. Now I’m trying to integrate it with WNA to allow unchallenged access to EBS. We used MS AD as identity store and samaccountname is not the same as user_name in FND_USER and we don’t have orclguid field in AD. May be you can advise how to integrate AD, OID. Or OID is supposed to be an integral part of any SSO implementation.
Thanks
Reply