E-Business Suite Integrated with OAM 11g: User gets “An error occurred” when trying login page

This post covers high level steps about Oracle E-Business Suite(R12) integration with OAM for SSO from our EBS-OAM Integration Training.

High level steps about Oracle E-Business Suite(R12) integration with OAM for SSO:

1) Integrating E-Business Suite with OID for user provisioning

2) Integrating OAM with OID as Identity store for authentication

3) Previsioning webgate as agent with oam for request delegation

4) Access gate application deployment to act as channel between webgate and EBusiness suite

AccessGate is a Java application responsible for mapping a single sign-on user to an Oracle E-Business Suite user, and creating the Oracle E-Business Suite session for that user. This application is deployed to a WebLogic Server , and is separate from Oracle E-Business Suite.

When a user request for a protected E-Business Suite, he is presented with login page residing on access gate servers. Each time access to this access gate application is requested, it make a connection with E-Business suite database.

Issue:-  E-Business integrated with SSO (OAM 11g) works for 3-4 hours  and after that for every new login request to E-Business suite, users gets “An error occurred “ blank page.

This error occurs at time of presenting OAMLogin.jsp to user.

Accessgate log file (You define LoginConfig.properties parameter at time of access gate deployment, this file will contain location of Access Gate log file, by default log file goes to, /tmp/fndauth<n>.log )  shows errors as:-

FINE: EBizHelper::getEBizInstance()- SANITY_CHECK_SQL attempt 2

Oct 25, 2011 12:58:32 PM oracle.apps.fnd.ext.common.server.EBizHelper getEBizInstance
SEVERE: Fatal error while SANITY_CHECK_SQL checking ==>
java.sql.SQLRecoverableException: Closed Connection
at oracle.jdbc.driver.PhysicalConnection.prepareStatement(PhysicalConnection.java:4364)
at oracle.jdbc.driver.PhysicalConnection.prepareStatement(PhysicalConnection.java:4137)
at oracle.jdbc.OracleConnectionWrapper.prepareStatement(OracleConnectionWrapper.java:117)
at

Troubleshooting steps

Check DB log files- No error reported

Check R12 Oacore log files- No errors related to oamlogin.jsp reported.

Enable Debug in Access gate datasources– shows:-

[weblogic.jdbc.wrapper.PreparedStatement_oracle_jdbc_driver_OraclePreparedStatementWrapper@1a7] executeQuery(unknown) throws: java.sql.SQLRecoverableException: IO Error: Connection reset
at oracle.jdbc.driver.T4CPreparedStatement.executeForRows(T4CPreparedStatement.java:1106)
oracle.jdbc.driver.OraclePreparedStatement.executeQuery(OraclePreparedStatement.java:3806).java:85)
at oracle.apps.fnd.ext.common.server.EBizHelper.getEBizInstance(Unknown Source)
at jsp_servlet.__oamlogin._jspService(__oamlogin.java:312)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at Caused by: java.net.SocketException: Connection reset
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:96)
at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
at oracle.net.ns.DataPacket.send(DataPacket.java:202)

Cause– Connections used from the JDBC pool need to be closed after usage by the application code. If close() is not called, connections are not freed and not available for reuse , hence, any new connection request will result in timeout, giving fndauth error to user as it cant reach oamlogin.jsp page.

Solution:-Edit Access Gate Data sources from console to set parameters as below:-

1.Increase value of  “Maximum Capacity” parameter as per number of concurrent sessions expected for application.
2. In the Advanced section, make the following changes (if not already set)

     a. Check the box “Test Connections On Reserve

     b. “Test Frequency” =<set value as per your environment requirement>

c. “Test Table Name” = SQL SELECT 1 FROM DUAL

3. Re-start the eBiz AccessGate Managed Servers and Admin Server to ensure the change takes effect

Explanation

MaxCapacity parameter  allows enough concurrently active database connections as needed by the application.

If the data source is configured to test connections on reserve, when an application requests a database connection, WebLogic Server tests the connection, discovers that the connection is dead, and tries to replace it with a new connection to satisfy the request. Ordinarily, when the DBMS comes back online, the refresh process succeeds

We provided a dedicated module for Troubleshooting where we cover Logging in WebGate, OHS, EBS Accessgate, DIP, OAM, and OID in our EBS-OAM/OID Integration Training, more about training here

If you have not yet downloaded FREE eBook – 7 Docs every Oracle Apps DBA must read for EBS R12 integration with OAM/OID for SSO get a copy in your Email

banner__

About the Author Atul Kumar

Leave a Comment:

16 comments
oamadminuser says November 17, 2011

Hi, I cannot even get R12 to redirect to the OAMLogin.jsp page, after following EBS:R12- OID/OAM Integration eBook (excellent book). I can see from LiveHTTP Headers that R12 mid tier issues redirect to ebsauth_xxxxx/ssologin and OHS gives 404 page not found to that. What is this ssologin resource? Is it some intermediate redirect prior to OAMLogin.jsp? Thanks for any help.

Reply
Atul Kumar says November 17, 2011

@ oamadminuser,
Glad that you liked the book and finding it useful.

For your issue, please confirm that profile options are set as defined in book and middle tier bounced after that.

What is value of application authentication agent in EBS ?

Is EBS Access Gate application up and running ?

If you don’t know how to check this please drop a mail to ebook [at] onlineappsdba.com using ID from which you used to pay and our team should be able to help you.

Reply
oamadminuser says November 18, 2011

Hi Atul, I’ve actually cross-posted this in http://onlineappsdba.com/index.php/2011/01/10/part-ix-install-oam-agent-11g-webgate-with-oam-11g/#comment-169158. Sorry about that.

EBIS R12 database SID=XXXX
OHS with webgate host = YYYY

Application Authentication Agent profile option is http://YYYY.domain.com:7777/ebsauth_XXXX/

I’ve also emailed your ebook address.

Thanks.

Reply
Atul Kumar says November 18, 2011

@ OAMADMINUSER,
When you access EBS it should redirect to login page like http://YYYY.domain.com:7777/ebsauth_XXXX/yyyy , as this page (/ebsauth_XXXX/yyyy) is protected in OAM , it should redirect to Authentication Page http://YYYY.domain.com:7777/ebsauth_XXXX/OAMLogin.jsp

If you don’t see this longin page then verify that /ebsauth_XXXX/OAMLogin.jsp is public and you can access it by typing URL http://YYYY.domain.com:7777/ebsauth_XXXX/OAMLogin.jsp

If you can’t access this page then check under deployments (from OAM console) that state of this application is active. Also check managed server logs (server on which AccessGate apps is deployed) for any errors.

Log should be in $DOMAIN_HOME/servers//logs/

Reply
oamadminuser says November 19, 2011

Hi Atul, Yes the http://YYYY.domain.com:7777/ebsauth_XXXX/OAMLogin.jsp *does* appear in a browser when the url is typed in manually, even though the weblogic console shows deployment ebsauth_XXXX is in state “prepared”, not Active.

So I re-deployed as ant -f txkEBSAuth.xml deployApplication … same parameters … Now ebsauth_XXXX is “Active”. But, user still gets HTTP 404 in AppsLogin.

From HTTP headers I can see that E-Bis mid tier is redirecting to /ebsauth_XXXX/ssologin and then oam_server1-diagnostic.log gets “result DENY”:

privilege OAM11gApplication!GET resource //app/policy/OAM11gApplication/HTTP/..long string..%COLON%%2Febsauth_XXXX%2Fssologin result DENY

I don’t know what is this /ssologin; perhaps it should be defined as a protected resource (not a documented step anywhere) and see what happens.

Also, when we try to login manually as ASADMIN to OAMLogin.jsp, get messages like,
OAMSSA-14003: Policy Runtime failed.
OAMSSA-06191: The runtime request contains no resource.

Very much appreciated yr comments.

Reply
Atul Kumar says November 19, 2011

@ oamadmin,
What happens when you activate application ?

Can access gate contact EBS database ?

Check logs of server on which Accessgate is deployed to find if there is any error

Reply
oamadminuser says November 20, 2011

Hi Atul! After adding /ebsauth_XXXX/ssologin as a protected resource through the oamconsole, user login does get redirected to OAMLogin.jsp! Then entering the credentials of a user in OID that is linked to fnd_user gives the R12 homepage – so it’s working. Even the logout works (goes back to OAMLOgin.jsp)

I don’t see this step documented anywhere, so it may just be a fix for something unique in my environment, but it definitely made it work straight away.

About the app activation: ebsauth_XXXX changes to “Prepared” every time weblogic managed and admin servers are bounced. I have to redeploy to get it Active again. But before declaring ssologin as “protected”, user logins were not getting redirected to OAMLogin.jsp.

Very much appreciate all your help and suggestions!

Reply
Atul Kumar says November 20, 2011

@ oamadminuser,
Do you have a resource like /ebsauth_XXXX and /ebsauth_XXXX/…/* ?

(Second one i.e. * should cover /ebsauth_XXXX/ssologin as well)

Q: About the app activation: ebsauth_XXXX changes to “Prepared” :
AK: It should change state to ACTIVE, Check if there is any error message in managed/admin server on which EBSAccessGate is deployed.

Reply
irfankhan says July 28, 2012

Hi Atul / Neha

I did buy your book 2nd Edition Beta) and did like it a lot. It just makes first stab at the product very easy and comfortable.

I have successfully been able to get the login page for everything I expect , Access tester is also shows everything is fine.

Problem is after I login, it keeps looping back to Login page, So for any resource or EBS Login, I cannot go past login page, it gets sent back to login page as soon as I click “Login”

Is there anything else being called which should have been public and not protected and thus keeps sending me back to login??

Thanks
IK

Reply
    Atul Kumar says July 31, 2012

    @ irfankhan, Good to hear that you liked the eBook. Could you please enable debug in AccessGate .

    I am pasting content from book

    ant -f txkEBSAuth.xml \
    -Dwlshosturl=innowave12.com:7001 \
    -Dwlsuser=weblogic \
    .
    .
    .
    -DlogConfigfile=/u02/oracle/oam/appsutil/accessgate/prdr12/sample/LogConfig.properties

    Once done , restart everything and reproduce error then check log file mentioned in LogConfig.properties

    Reply
Nagesh says January 15, 2013

Hi Atul,
Integrated IDAM 11.1.1.5.0 with EBS r12 the sso was working fine but suddenly throwing error while accessing it Unable to redirect to sso login page. while accesing ebs sso loging page throwing following error
Error 500–Internal Server Error

java.lang.NoSuchMethodError: oracle.apps.fnd.ext.common.EBiz.getConnection()Ljava/sql/Connection;
at oracle.apps.fnd.ext.common.server.EBizHelper.getEBizInstance(Unknown Source)
at jsp_servlet.__oamlogin._jspService(__oamlogin.java:321)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178

Can you please help me how to resolve, where to check any pointers.

Thanks in advance…

Reply
Nagesh says January 16, 2013

Hi Atul,

Please help me how to resolve the above issue as its critical for us.

Thanks

Reply
santosh says January 17, 2013

Hi Atul,

I have integrated OAM11gr1 with EBS12.1.3 but while testing it redirect to custom login page but after entering the redential it redirect to OAM system error page.
Checked the oam server log –
Caused by: AuthorizationException: OAMSSA-14003: Policy runtime failed
oracle.security.am.common.policy.runtime.PolicyEvaluationException: OAMSSA-06191: The runtime request contains no resource.

I do not find any error in access gate server log.

Please help me to identity what could be wrong ?

Thanks

Reply
oliver says July 22, 2013

@oamadminuser
@santosh

Please verify if the browser is configured to allow cookies.

The WebGate sets a cookie with the target resource. If it fails to set the cookie e.g. because the browser does not allow cookies you end up with OAMSSA-06191.

Regards
Oliver

Reply
Atul Kumar says July 22, 2013

@ oamadminuser
@santosh

As oliver mentioned this could be either cookies allowed in browser or
– User end dated in EBS or disabled
– Unable to retireive GUID from user session (created by OAM)
– Unable to contact EBS database after OAM authentication to get an assertion from EBS for user authenticated via OAM

Reply
Fixor says November 20, 2014

Hi all,

I have a doubt I can’t figure on the book. EBS-OID integration should work after registering EBS with IAs and OID, or it begins working after profile options are configured at site/user level?

After synchronization, does existing EBS users be created on OID or I have to make a first load plan?

Thanks.

Reply
Add Your Reply

Not found