Troubleshoot Common Issues
Here are a few errors that you might encounter while integrating Oracle E-Business Suite with Oracle Identity Cloud Service using the E-Business Suite Asserter.
Resolve an Insufficient Privileges Error
After Oracle Identity Cloud Service authentication, instead of getting access to Oracle E-Business Suite, the user gets redirected back to Oracle E-Business Suite with the error message "You have insufficient privileges for the current operation." and prompts the user to sign in again.
Generally, when the Oracle E-Business Suite application throws this error, it means
that the cookie is set with an incorrect domain. To confirm this, check the
E-Business Suite Asserter debug log (<HOME
DIR>/ebsasserter.log
). The E-Business Suite Asserter debug log shows
that the sessionCookieDomain
has an incorrect value. The
CookieDomain
was set to .oracle.com
.
Aug 22, 2018 2:26:34 PM oracle.apps.fnd.ext.common.EBiz init
FINE: Ebiz init(): sessionCookieDomain =.oracle.com ; protocol=https:; ssoCookieName= ORASSO_AUTH_HINT
The ICX_PARAMETERS.SESSION_COOKIE_DOMAIN must not be set to a value of any kind. You must update the SESSION_COOKIE_DOMAIN setting in ICX_PARAMETERS.
Resolve an Internal Server Error While Logging Out
When you are logging out from Oracle E-Business Suite, the browser throws an error message "Internal Server Error".
This issue was due to an older version of AppsLogoutRedirect.java
in the Oracle E-Business Suite side.
Check the header for AppsLogoutRedirect.java
in the Oracle E-Business Suite side:
adident Header $JAVA_TOP/oracle/apps/fnd/sso/AppsLogoutRedirect.class
$Header AppsLogoutRedirect.java 120.10.12010000.7 2010/01/19 20:18:52 rsantis ship $
You must apply the latest Oracle E-Business Suite Release 12 Critical Patch Update Jan 2013 or above to fix this issue. This Critical Patch Update enables AppsLogoutRedirect.java
to leverage the APPS_SSO
and APPS_AUTH_AGENT
profiles. Check the Knowledge Document (July 2018) (Doc ID 2379675.1) for all the details to apply this patch.
Fix a Time Sync Issue
While you are accessing the E-Business Suite Asserter application URL, the Oracle E-Business Suite application login flow resulted in an internal server error.
The HTTP header trace looks like this:
GET https://xxxxxxxxxxxxxxxxxx.oracle.com:7002/ebs/response?code=AQIDBAVcZbun_M5qU4-t9LUCYDjAOgWYiDOrf1Kb5ndbWAEYd05C-uxDfSwP8Ejfn51WT-gTuYj6bLFFYAFHQEqgYy26MTEgRU5DUllQZZIIFFVElPTl9LRVkxNCB7djF9NCAFFFABCDEF= HTTP/1.1
Error 500--Internal Server Error
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.5.1 500 Internal Server Error
The server encountered an unexpected condition which prevented it from fulfilling the request
The E-Business Suite Asserter domain log looks like this:
####<Sep 23, 2018 6:53:31,380 PM AST> <Error> <HTTP> <ebshost01.oracle.com>
<AdminServer> <[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-
tuning)'> <<WLS Kernel>> <> <0b38f1ae-a3cb-48f6-80d9-00e3f3bdb263-000000a0>
<1537718011380> <[severity-value: 8] [rif: 0] [partition-id: 0] [partition-name:
DOMAIN]> <BEA-101020> <[ServletContext@44159983[app:ebs module:ebs.war
path:null spec-version:3.1]] Servelet failed with an Exception
The E-Business Suite Asserter log looks like this:
FINE: validateToken return with result {"user_result":"America\/New_York",
"at_hash":"1A3gT4BT0WoWCTLE3IFa5A","sub":"john.doe@oracle.com","user_locale":"en",
"idp_name":"localIDP","idp_guid":"localIDP","a mr":["USERNAME_PASSWORD"],
"iss":"https: \/\/identity.oraclecloud.com\/","user_tenantname":"idcs-a61feab148e248508205cd98cdea4232",
"client_id":"67179f2609ab46309a75e5ca1f582a53","sid":"18ee87ea-04cf-4469-a565-48ccc763caf9",
"authn_strength":"2","azp":"67179f2609ab46309a75e5ca1f582a53","auth_time":"1536180435",
"session_exp":1537715029,"user_lang":"en","exp":1536209235,"iat":1536180437"idp_type":"LOCAL",
"tenant":"idcs-a61feab148e248508205cd98cdea4232","jti":"ed7be32b-d4e1-4e72-9868-6df142f07c6b",
"user_displayname":"John Doe","sub_mappingattr":"userName","tok_type":"IT",
"aud":["https:\/\/identity.oraclecloud.com\/","67179f2609ab46309a75e5ca1f582a53"],
"user_id":"63bf3d3f96094a66a6b7714218338116"}
The session_exp
is set to 1537715029
. Use
EpochConverter
to convert the current Unix epoch time to a
human readable date and time. Hence, the expiry time in the token is set to
Sunday, September 23, 2018 3:03:49 PM GMT
. However, the time in
the E-Business Suite Asserter domain log is Sep 23, 2018 6:53:31,380 PM
AST
. Note that Greenwich Mean Time is 4 hours ahead of Atlantic
Standard Time. Hence the time set is Sep 23, 2018 10:53:31 PM GMT
.
The system where the E-Business Suite Asserter is deployed, is not in time sync with
Oracle Identity Cloud
Service, as a result the token passed by Oracle Identity Cloud
Service is effectively out of the validity period and hence the error "Token
Expired".
Ensure the date and time on the system where the E-Business Suite Asserter is deployed is in time sync with NTP servers and hence the Oracle Identity Cloud Service host.
Handle Java Error ExceptionInInitializerError
While you are accessing the E-Business Suite Asserter application URL, the Oracle E-Business Suite application throws the java.lang.ExceptionInInitializerError error.
The E-Business Suite Asserter debug log shows the following Java error:
<Feb 26, 2019 2:17:16,884 PM PST> <Error> <HTTP> <BEA-101020>
<[ServletContext@2100554246[app:ebs module:ebs.war path:null spec-version:3.1]] Servlet failed with an Exception
java.lang.ExceptionInInitializerError
at com.oracle.ebs.sso.ConnectionProvider.getConnection(ConnectionProvider.java:36)
at com.oracle.ebs.sso.RequestWrapperFilter.doFilter(RequestWrapperFilter.java:34)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
This occurs due to incorrect settings in the bridge.properties
file.
Verify the bridge.properties
file and check that it has the
required configuration. Also, check that the path specified in
wallet.path
in the bridge.properties
file is
valid.
Handle Java Error RuntimeException
While you are accessing the E-Business Suite Asserter application URL, the Oracle E-Business Suite application throws java.lang.RuntimeException.
The E-Business Suite Asserter debug log shows the following Java error:
<Feb 26, 2019 2:01:33,454 PM PST> <Error> <HTTP> <BEA-101020>
<[ServletContext@1207779454[app:ebs module:ebs.war path:null spec-version:3.1]] Servlet failed with an Exception
java.lang.RuntimeException: javax.naming.NameNotFoundException: Unable to resolve 'visionDS1'. Resolved ''; remaining name 'visionDS1'
at com.oracle.ebs.sso.ConnectionProvider.getConnection(ConnectionProvider.java:42)
at com.oracle.ebs.sso.RequestWrapperFilter.doFilter(RequestWrapperFilter.java:34)
Check that the ebs.ds.name
value set corresponds to the datasource name created in WebLogic.
Fix a Deep Link Issue
After Oracle Identity Cloud Service authentication, instead of getting access to Oracle E-Business Suite, the user gets redirected back to Oracle E-Business Suite and prompts the user to sign in again.
This occurs because the deep link is not working.
Check that the whitelist.urls
bridge property is configured. If the
issue persists, specify the port numbers explicitly in the
whitelist.urls
configuration. For example,
whitelist.urls=http://ebs.oracle.com:80/OA_HTML…
. You can also
check the JSESSION ID Cookie Name of the E-Business Suite Asserter App in the
weblogic.xml
file. If there is any other web app in the
WebLogic with the same cookie name, it will conflict.
Issues During Log Out
If you find issues during the logout process verify the Post Logout Redirect URL parameter value in Oracle Identity Cloud
Service and the post.logout.url parameter value in the bridge.properties
file.
The post.logout.url in the bridge.properties
file is an optional parameter and by default you don't need to provide a value. You use this parameter to make the E-Business Suite Asserter application redirect the user browser to the specified URL after E-Business Suite Asserter finishes the logout process.
If enabled, the value of the post.logout.url in the bridge.properties
file must match the value of the Post Logout Redirect URL parameter for E-Business Suite Asserter application in Oracle Identity Cloud
Service.
- Open the E-Business Suite Asserter application in Oracle Identity Cloud Service and update the Post Logout Redirect URL value.
- Open the
ebs.war
file, update thebridge.properties
file, regenerate the war file, and redeploy the file to the WebLogic server. Make sure the value of this parameter matches the Post Logout Redirect URL parameter in Oracle Identity Cloud Service.