Documente Academic
Documente Profesional
Documente Cultură
When we login to applications,initially oracle applications connect to public schema, APPLSYSPUB. This schema has sufficient privileges to perform the
authentication of an Applications User (FND user), which includes running PL/SQL packages to verify the username/password combination and the
privilege to record the success or failure of a login attempt.
The public ORACLE username and password that grants access to the Oracle E-Business Suite initial sign-on form. The default is APPLSYSPUB/PUB.
Once we change the APPLSYSPUB password must propagate the change to application tier configuration files. If the instance is Autoconfig enabled,
must edit the CONTEXT file on each tier prior to running Autoconfig.
In the CONTEXT file, locate the autoconfig variable “s_gwyuid_pass” and set it to the new password, then run AutoConfig in each applications nodes.
When Autoconfig is not being used:
If you are not using Autoconfig you must manually edit the following configuration files :
1) FND_TOP/resource/appsweb.cfg
2) OA_HTML/bin/appsweb.cfg
3) FND_TOP/secure/HOSTNAME_DBNAME.dbc
Both apps & applsys need to have same password because when you sign on to apps, initially it connects to a public schema called APPLSYSPUB. This
validates AOL name and password that we enter (operations/welcome). Once this is verified we select responsibility, this is validated by APPLSYS schema
and then it connects to apps schema.
During signon process it uses both applsys and apps, hence this expects both the password to be identical. If the password for applsys & apps are not
identical (Different) Try changing apps password to something else and try to login, the validation at the last stage would fail. This would result in failure of
application login.
1.Webserver receives the user request for the particular port number. Web server Binds the request with the port number.
2.Based on the cookie webserver serves the request by sending login page
4.DB connection is established using APPLSYSPUB user. This user “APPLSYSPUB” is having access to fnd_user view and a small set of other public
tables needed to establish the initial connection.
6.Using GUEST/ORACLE password combination and ENCRYPTED_FOUNDATION_PASSWORD string obtained from 2 above, we get Apps schema
password.
7.Internally it tries to connect to Apps schema with the password retrieved in step 3 above. If the connection fails, then
8.Using Apps password obtained in Step 3 and ENCRYPTED_USER_PASSWORD string from FND_USER table, password for Application user (e.g.
SYSADMIN) is obtained.
9. The Application user password obtained in Step 5 is compared to the application user password entered by user in login screen. If both passwords
match then user is allowed to get into self-service.
10. A list of responsibilities assigned to that user is shown. The user picks one of the responsibilities listed.
11. The responsibility and application name is validated by connecting to Applsys schema(fnd_Responsibility, fnd_application…….)
Note: Here we should remember the difference between applsys and apps schema. Applsys schema contains ad,fnd objects whereas apps schema is a
global schema contains all application objects.
12. Once the application is validated , Connecting to apps schema to get access application tables. This is the reason why we should have apps and
applsys passwords should be same
13. Once a particular form is selected the .dbc file is accessed to get the information about the GUEST username/pwd
============
Note: Oracle doesn't store the hash value of the passwords. It just store the whole password in the encrypted format and get stored in FND_USER
table(encrypted_user_password). Thus during authentication of a front end user, it is done on the stored password. Decryption of the stored password
takes place FND_WEB_SEC package which is found under apps schema. The decryption key for the user password is the decrypted
“ENCRYPTED_FOUNDATION_PASSWORD” of the guest user. Meaning that the first step to decrypt the user password is to decrypt the foundation
password of the guest user.
There are certain changes for EBS 12.2 as 10.1.3 application server is replaced by Weblogic server. Thus the login flow will be slight
different
When a HTTP request is made for EBS, the request is received by the Oracle HTTP Server (OHS).
When the configuration of OHS is for a resource that needs to be processed by Java, such as logging into EBS, the OHS configuration will redirect the
request to the Web Logic Server (WLS) Java process (OACore in this case).
WLS determines the J2EE application that should deal with the request, which is called “oacore”.
This J2EE application needs to be deployed and available for processing requests in order for the request to succeed. The J2EE application needs to
access a database and does this via a datasource which is configured within WLS.
Here is the processing in terms of URL(Login HTTP headers)
When the EBS login works OK, the browser will be redirected to various different URLs in order for the login page to be displayed. The page flow below
shows the URLs that will be called to display the login page:
/OA_HTML/AppsLogin
EBS Login URL
/OA_HTML/AppsLocalLogin.jsp
Redirects to local login page
/OA_HTML/RF.jsp?
function_id=1032925&resp_id=-1&resp_appl_id=-1&security_group_id=0&lang_code=US&oas=3TQG_dtTW1oYy7P5_6r9ag..¶ms=5LEnOA6Dde-
bxji7iwlQUg
Renders the login page
The URLs after the user enters username and password, then clicks the “login” button are shown below/OA_HTML/OA.jsp?
page=/oracle/apps/fnd/sso/login/webui/MainLoginPG&_ri=0&_ti=640290175&language_code=US&requestUrl=&oapc=2&oas=4hoZpUbqVSrv9IE0iJdY1g..
/OA_HTML/OA.jsp?OAFunc=OANEWHOMEPAGE
/OA_HTML/RF.jsp?function_id=MAINMENUREST&security_group_id=0
Renders user home page
Once the users home page is displayed, the logout flow also redirects to several different URL before returning to the login page:
/OA_HTML/OALogout.jsp?menu=Y
Logout icon has been clicked
/OA_HTML/AppsLogout
/OA_HTML/AppsLocalLogin.jsp?langCode=US&_logoutRedirect=y
Redirects to the login page
/OA_HTML/RF.jsp?function_id=1032925&resp_id=-1&resp_appl_id=-1&security_group_id=0&lang_code=US&oas=r6JPtR7-a4n5U2H3–
ytEg..¶ms=1JU-PCsoyAO7NMAeJQ.9N6auZoBnO8UYYXjUgSPLHdpzU3015KGHA668whNgEIQ4
Reference:http://johanlouwers.blogspot.in/2006/12/oracle-applications-passwords.html
12.2 E-Business Suite Technology Stack Summary Of The iAS / HTTP Server Login Process And What To Expect When One Of The Login
Components Fails (Doc ID 1984710.1)