Reset The Last Applied Change Number in a Provisioning Profile

Issue faced
EBS provisioning profile trying to retrieve number of changes are more than size limit. Time to search all changes taken more than 3600ms i.e maximum time allowed for a search to complete.

image

You can check above configuration from enterprise manager or check “orcltimelimit “ “orclsizelimit” in cn=oid,cn=osdldapd,cn=subconfigsubentry

Verification

ldapsearch -h <hostname> -p <port> -D cn=orcladmin -w xxxxxx -b “” -s base “objectclass=*” lastchangenumber

ldapsearch -h <hostname> -p <port> -D cn=orcladmin -w xxxxxx -b “cn=provisioning profiles,cn=changelog subscriber,cn=oracle internet directory” -s sub objectclass=* | grep orcllastappliedchangenumber

lastchangenumber – orcllastappliedchangenumber > Maximum number of entries to be returned by search

Solution

Reset the last applied change number in provisioning profile.

oidprovtool operation=modify ldap_host=”<hostname>” ldap_port=”<port>” \
ldap_user_dn=”cn=orcladmin” ldap_user_password=”xxxx” application_dn= \
“orclApplicationCommonName=PROD,cn=EBusiness,cn=Products,cn=OracleContext,dc=domain”\
lastchangenumber=”XXXX”

At prompt, enter following details
Interface Connection information –> <Apps_DB_host>:<Apps_DB_Port>:<Apps_SID>:<Apps_schema_user>:<apps_password>

Advertisements

Weblogic SSL Configuration

Steps to configure weblogic SSL

1. Create identity store

keytool -genkey -alias weblogicServer -keyalg RSA -keysize 1024 -keystore weblogic_identity.jks

Where Weblogic_identity.jks is name of identity store which will be created and weblogicServer is the private key alias name.

2. Create CSR

keytool -certreq -alias weblogicServer -file device.csr -keystore weblogic_identity.jks

Where device.csr is the certificate signing request created.

3. Submit Signing request

Now submit this CSR to any certification authorities to get public certificate and root/intermediate certificates.

If using internal CA using openssl execute below command to generate signed certificate from CSR.

openssl x509 -req -in device.csr -CA ca_root_cert.pem -CAkey ca_privkey.pem -CAcreateserial -out device.pem –days 3650

Where ca_root_cert.pem is CA root certificate and ca_privkey.pem is CA private key.

4. Create trust store and import root certificate to trust store

keytool -import -trustcacerts -alias myRoot -file /path/to/ca_root_cert.pem -keystore weblogic_trust.jks

Where ca_root_cert.pem is CA root certificate and myRoot is the root alias name for trust store.

5. Import root certificate to identity store

keytool -import -trustcacerts -alias entRoot -file /path/to/ca_root_cert.pem -keystore weblogic_identity.jks

Where ca_root_cert.pem is CA root certificate and entRoot is the root alias name for identity store.

6. Import signed certificate to identity store

keytool -import -trustcacerts -alias weblogicServer -file /path/to/device.pem -keystore weblogic_identity.jks

Where device.pem is the signed certificate and weblogicServer is private key alias name.

Follow below steps to configure weblogic server to use above keystores:

1. Login to admin console

2. Navigate to servers>[server_name]>Configuration>Keystores

3. Select Custom Identity and Custom Trust and provide below details:

a. -Custom Identity Keystore: /path/to/weblogic_identity.jks

b. -Custom Identity Keystore Type: jks

c. -Custom Identity Keystore Passphrase:<password>

d. -Confirm Custom Identity Keystore Passphrase:<password>

e. -Custom Trust Keystore: /path/to/weblogic_trust.jks

f. -Custom Trust Keystore Type: jks

g. -Custom Trust Keystore Passphrase:<password>

h. -Confirm Custom Trust Keystore Passphrase:<password>

4. Then click on SSL tab next to Keystores and provide values for below parameters:

a. -Private Key Alias: weblogicServer

b. -Private Key Passphrase: <password>

c. -Confirm Private Key Passphrase: <password>

5. Then enable SSL port for that particular weblogic server by navigating servers>[server_name]>Configuration>General

6. Enable SSL port for that particular weblogic server by navigating servers>[server_name]>Configuration>General

7. Save and activate changes.

Note: If SSL port is enabled for first time you need to restart server.

Weblogic Security Realm WLST import and export

Export
$DOMAIN_HOME/bin/setDomainEnv.sh
java weblogic.WLST
connect(‘weblogic’,’weblogic’, ‘t3://adminhostname:7001’)
domainRuntime()
cd(‘/DomainServices/DomainRuntimeService/DomainConfiguration/IDMDomain/SecurityConfiguration/IDMDomain/DefaultRealm/myrealm/AuthenticationProviders/DefaultAuthenticator’)
cmo.exportData(‘DefaultAtn’,’/u01/export/export.ldif’, Properties())

 

Import
$DOMAIN_HOME/bin/setDomainEnv.sh
java weblogic.WLST
connect(‘weblogic’,’weblogic’, ‘t3://adminhostname:7001’)
domainRuntime()
cd(‘/DomainServices/DomainRuntimeService/DomainConfiguration/IDMDomain/SecurityConfiguration/IDMDomain/DefaultRealm/myrealm/AuthenticationProviders/DefaultAuthenticator’)
cmo.importData(‘DefaultAtn’,’/u01/export/import.ldif’, Properties())

EBS–OAM Integration: Webgate allowed access to protected page GUID=null

When a user attempts to login to Oracle E-Business Suite, after entering their credentials the following error is displayed in the browser:
Internal Error: Webgate allowed access to protected page GUID=null

or

When testing response headers in step 4.4.3 a null value is returned for USER_ORCLGUID, instead of a valid value

Bug 19438948

As a workaround specify ‘orclguid’ as a ‘Prefetched Attribute’ in Oracle Access Manager:
Logon to the OAM Console:
http://<oamserver&gt;.<domain>:<adminport>/oamconsole
Click ‘User Identity Stores’ (in the ‘Configuration’ section) > select the Identity Store with a type of ‘OID’ (e.g. ‘EBSIdStore’ or ‘OIDIdentityStore’) in the ‘OAM ID Stores’ table >
Click ‘Edit’ > Enter orclguid in the ‘Prefetched Attributes’ field and click ‘Apply’ to save