Disco Security and Apps 11i?
Hi,
I don't understand how Disco works with existing Apps 11i responsibilities to control access
to the business data.
When you create a business area and then assign it to Apps responsibility, how do you know that
the responsibility can access the tables of the business area?
thanks
brh
Hi
The responsibility can access the business area because the Discoverer administrator said so.
Working in Apps mode is straight-forward. You install Discoverer into Apps mode using a database account, making sure you check the little box to install into Apps mode. Having created the EUL you make sure your connection settings are right by using Tools | Options | Connections.
You have to make sure that you have defined whether you will be connecting to Apps mode EULs only or a combination of Apps mode and standard mode. You therefore check either Connect to application EULs or Connect to both standard and application EULs. After this you need to make sure there are valid enties for the Gateway User ID and Foundation Name.
The standard entrie for these are:
Gateway User ID: applsyspub/pub
Foundation Name: apps
Next you grant admin rights to an Apps user - typically SYSADMIN. You the logout as the EUL owner and log in as the Apps user, making sure to check the little box that says you are connecting to Apps.
From here on you administer the EUL using the Apps account ONLY. You create EULs and assign access to those EULs using this account. The reason that most folks use the SYSADMIN account is because it can access the responsibilities and other users for ensuring access is correct.
I have a white paper on my website that will walk you through installing an Apps mode EUL. You might find it to be if interest and you will find it here: http://learndiscoverer.com/downloads/downloads.htm
Best wishes
Michael
Similar Messages
-
Dear all,
as you know IE7 dont work with apps 11.5.10 on vista, so what i did was that i follwoed note 124606.1 (Upgrading JInitiator with Oracle Applications 11i) and i changed my JInitiator vresion from 1.3.1.21 to 1.1.8.25 and now it is working fine on IE on vista (test instacne), so i was wodering if some knows what are the diffracne between 1.3.1.21 and 1.1.8.25 is there anybugs ..etc why the oracle note has the 2 vresions 1.3.1 and 1.1.8
thanks
fadi
http://oracle-magic.blogspot.comOracle Jinitiator 1.1.8.x is JDK 1.1 based while Oracle Jinitiator 1.3.x is JDK 1.3 based. Oracle Jinitiator 1.8.1.x is mainly intended for use with Release 11.0
JDK 1.1.8 has long been de-supported by Sun, Oracle will continue to provide critical updates to Jinitiator 1.1.8 through the de-support date for Release 11.0
For changes and differences between the two versions, check out the following links:
JDK v1.1 New Features Summary
http://java.sun.com/products/jdk/1.1/docs/relnotes/features.html
JDK v1.3 New Features and Enhancements page
http://java.sun.com/products/jdk/1.3/docs/relnotes/features.html -
Disco 10g with Apps 11.5.9. Financials Intelligence
Hello,
I'm reading through Metalink note "Using Discoverer 10.1.2 with Oracle E-Business Suite 11i" 313418.1. with a view of getting Apps 11.5.9 integrated with Disco for both Financials Intelligence and also custom business areas and folders created against the base Apps views and tables.
I have some queries relating to SSO and step 1.6 ( Implement Single Sign-On for Discoverer 10.1.2.0.2 (Optional) )
I want to understand better when this needs to be put in place. I essentially need to be able to use the Financials Intelligence responsibility in Apps so that when I click on one of the reports, say "Project Cost Analysis", this would launch Disco 10g directly without further sign on requests, or choosing a connection from the Discoverer Connections screen.
I would also want to launch additional custom reports based on the Apps 11.5.9 datamodel via Disco Plus/Viewer standalone, preferably by the Apps 11.5.9 menu. Can this be done, or do I need to launch the Discoverer plus/viewer URL directly to access the connections screen (presuming the default connections screen is mandatory)?
How does Oracle Apps work with the connections screen that is provided with Disco 10g so that it does not appear when a report is launched? Perhaps this is where the option step 1.6 assists with full SSO integration with the single signon server, so that it uses your Apps login to work out what Disco connection you have available to you.
We are not necessarily looking at using Oracle Portal, or requiring additional SSO integration with OID, if Disco can be fully integrated with Apps from a sign on perspective via other means.
I guess that if we can only launch custom disco worksheets from the connections screen (http://host:port/discoverer/viewer) which has a connection already registered for the user's connection using URL security (as you wouldn't want a financials reports made public) then we may need to consider SSO integration as described in step 1.6 if it allows us to use the same login details as used for Apps sign on.
Any pointers would be greatly appreciated.
Cheers,
JohnThanks for the reply.
I've looked at Section 6 - not sure which part you are specifically referring to as paragraph 3, but I am guessing you mean the heading titled "Verify Applications profile options in Oracle Applications".
I have a couple of further queries.
1. How do you integrate a new custom Disco worksheet into Apps 11i using form function security? I'm sure there is a current document on this somewhere. I found metalink note 278095.1 "How to Create a Link to a Discoverer Workbook in Apps11i", but this said that the author could not get this to work in 10g. Is there a document that is relevant to 10.1.2?
2. Section 1.2 in the original note I was referring to states:
If you are not planning to use features Discoverer Connection Management, Discoverer Portlet Provider, and Oracle SSO, you can choose to alternatively install Oracle Business Intelligence Server 10g Release 2 (10.1.2.0.2). This installation type does not require installation and association to OracleAS Identity Management Infrastructure 10g (10.1.4.0.1).
Does this not require an infrastructure tier at all? Does anyone have a URL that points to the documentation/product download page for this software? I can find the standard Apps Server 10g page. I am wondering whether this significantly reduces the time to get Disco installed and integrated with Apps 11i versus going down a full install, as the metalink note contains a large number of steps.
Cheers,
John -
OBIEE and Apps SSO implementation
Hi Gurus,
We are using apps 11i and OBIEE 10.1.3.4 . I would like to ask that is there any doc which could provide me steps of SSO implementation between both. Or if not in doc is there any body who incorporated the same. Here we dont have DAC and ETL as Informatica for etl we are using plsql. I want to make it work like when user types his id and password in Oracle E business , automatically he should be also directed to OBI also same user id and password could be used to the OBI. Please remember my OBI is not from apps package. It is EE and not OBI 7.9.6 So is it possible to implement SSO between OBIEE and apps 11i and how ?Hi Amol,
Check for this note 555254.1 in support.oracle.com. It contains the steps to implement SSO between EBS & OBIEE.
Regards, -
Apps 11i, Discoverer, and Security
Just an FYI for those out who are having problems picking up Apps Security when trying to implement Oracle Discoverer on top of Apps 11i. We have struggled over the past six weeks to have Discoverer pick up Apps Security and have finally found a combination that works. If anyone else is having a similar problem and would like the details of our configuration, please e-mail me at [email protected]
Hi,
If you have an issue with Discoverer and security, your best option is to post a question in the Discoverer forum (Discoverer
Rod West -
Install instructions for Search Modeler and integrating with Apps 11i
Below are all the steps I took for creating integrating Search Modeler with an Oracle E-Business Suite 11.5.10.2 ATG RUP 7 instance called ERNIE.
Much thanks to Oracle Support ( Rajesh Ghosh, Vikas Soolapani and Roger Ford), as this simply wouldn't have been possible without them.
There are a few things in this document that may not be pertinent to your environment if you're doing this. I've made attempts to clarify those possibly optional sections in the documentation.
I've broken the document down into the following multiple parts
o Setting up a new RedHat 4.8 x86 server called ausSEARCHdev (The server is in AUStin, TX, is dedicated to SEARCH, and is for our DEV environment)
o SES (Secure Enterprise Search 10.1.8.2 install
o SES 10.1.8.4 patchset install
o SES CPU patch apply
o Standalone OC4J and ADF installation
o Search Modeler installation and configuration
o Configure ERNIE Apps instance to be on valid self-signed SSL certificate
o Import ERNIE SSL certificate into SES and Search Modeler
using aussearchdev initially
rh4 x86, default oracle build
** htop and collectl are open source free performance monitoring packages we utilize**
--start
install htop and collectl
wget http://dag.wieers.com/rpm/packages/htop/htop-0.7-1.el4.rf.i386.rpm
rpm -ivh htop-0.7-1.el4.rf.i386.rpm
wget http://downloads.sourceforge.net/project/collectl/collectl/collectl-3.4.0-4/collectl-3.4.0-4.noarch.rpm?use_mirror=voxel
rpm -ivh collectl-3.4.0-4.noarch.rpm
chkconfig collectl on
service collectl start
**We still need to install the necessary rpms so that collectl logs are compressed
--end
useradd -u 501 oracle
groupadd -g 504 dba
usermod -G 504 oracle
verification:
[root@aussearchdev ~]# su - oracle
[oracle@aussearchdev ~]$ id
uid=501(oracle) gid=501(oracle) groups=501(oracle),504(dba)
passwd oracle
** /mnt/oraclebackup is a network dumpspot we use to hold Software installs, RPMs, etc
** /mnt/rpms is a network dumpspot we use to hold ISOs for OS software such as Redhat Linux
mkdir /mnt/oraclebackup
mkdir /mnt/rpms
add the following to /etc/fstab
XXXXXXX:/patches/oraclebackup /mnt/oraclebackup nfs defaults,hard,nolock 0 0
XXXXXXX:/esxpress/nfs /mnt/rpms nfs rw,addr=XXX.XXX.XXX.XXX 0 0
mount /mnt/rpms
Next need to install various oracle needed RPMs.
cd /mnt/rpms/rh40_upd8/RedHat/RPMS/
rpm -ivh perl-Compress-Zlib-1.42-1.el4.i386.rpm
rpm -ivh libaio-devel-0.3.105-2.i386.rpm
rpm -ivh sysstat-5.0.5-25.el4.i386.rpm
rpm -ivh unixODBC-devel-2.2.11-1.RHEL4.1.i386.rpm
service collectl restart
cd /tmp
wget http://oss.oracle.com/el4/oracle-validated/oracle-validated-1.0.0-18.el4.i386.rpm
rpm -ivh oracle-validated-1.0.0-18.el4.i386.rpm
Now we should have all the RPMs we need.
cd /etc/sysconfig/oracle-validated
./oracle-validated-verify
cd /var/log/oracle-validated/results
more orakernel.log
uname -a
should return 2.6.9 or higher
rpm -qa|grep gcc-
should return 3.4.3 or higher
rpm -qa|grep glibc
should return 2.3.4-2.9 or higher
rpm -qa|grep make
should return 3.80 or higher
rpm -qa|grep binutils
should return 2.15.92.0.2 or higher
rpm -qa|grep openmotif
should return 2.2.3-9.RHEL4.1 or higher
rpm -qa|grep compat-db
should return 4.1.25-9 or higher
rpm -qa|grep setarch
should return 1.6-1 or higher
cat /proc/sys/kernel/sem
should return 250 32000 100 128 or higher (250 32000 100 142 in our case)
cat /proc/sys/kernel/shmall (1073741824 in our case)
should return 2097152 or higher
cat /proc/sys/kernel/shmmax
should return half the size of physical memory (4294967295 in our case - NO LARGER on 32-bit OS)
cat /proc/sys/kernel/shmmni
should return 4096
cat /proc/sys/fs/file-max
should return 65536 (327679 in our case)
cat /proc/sys/net/ipv4/ip_local_port_range
should return 1024 65000
values in /etc/security/limits.conf set by oracle-validated rpm, no changes necessary
add the following line to /etc/pam.d/login
session required /lib/security/pam_limits.so
add the following to /etc/profile
if [ $USER = "oracle" ]; then
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi
mkdir -p /d01/oracle
chmod 777 /d01/oracle
init 6 the box (aka reboot)
Time to start the SES 10.1.8.2 installer
running SES 10.1.8.2 installer
as oracle
cd /mnt/oraclebackup/deathstar_patches/SES/SES10182
./runInstaller
search server name sesprod
administrative password XXXXXXXX for dev,
http port 7777
destination path /d01/oracle/10.1.8/sesdev (dev)
data storage path /d01/oracle/sesdevdata (dev)
next
inventory /d01/oracle/oraInventory
dba group
run orainstroot.sh as requested
continue
all tests should pass, continue
finished clean
tried logging in to admin console at http://aussearchdev:7777/search/admin - worked fine
tried bringing up search query at http://aussearchdev:7777/search/query/search - worked fine
Now we need to get to 10.1.8.4 of SES
(yes, you need to keep the system up)
cd /mnt/oraclebackup/deathstar_patches/SES/SES10184/ses_10184pst_linux/
./runInstaller
Destination, choose sesdev
Next
Patchset successful
tried logging in to admin console at http://aussearchdev:7777/search/admin - worked fine
tried bringing up search query at http://aussearchdev:7777/search/query/search - worked fine
Apply CPU Patch to SES
CPU JAN 10 says patch 9119261 is required - but patch requires extended support contract
CPU OCT 09 says patch 8836540 is required - but patch requires extended support contract
CPU JUL 09 says patch 8534394 is required - but patch requires extended support contract
CPU APR 09 says patch 8290534 is required - and you can actually download it
Need opatch from 6880880
cp -r /mnt/oraclebackup/deathstar_patches/SES/CPUAPR09/OPatch $ORACLE_HOME
export PATH=$ORACLE_HOME/OPatch:$PATH
shut down everything
cd $ORACLE_HOME/bin
./searchctl stopall
cd /mnt/oraclebackup/deathstar_patches/SES/CPUAPR09/8290534
opatch apply
cd $ORACLE_HOME/cpu/CPUApr2009
**Note: your sys password is what you set for your administrative password above
sqlplus "sys/XXXXXX" as sysdba;
startup
@catcpu
@?/rdbms/admin/utlrp
shutdown immediate
exit
cd /d01/oracle/10.1.8/sesdev/cpu/view_recompile/
sqlplus "sys/XXXXXXX" as sysdba;
startup upgrade;
@view_recompile_jan2008cpu.sql
@?/rdbms/admin/utlrp
shutdown immediate
cd /d01/oracle/10.1.8/sesdev/jdk/jre/lib/ext
mv mail.jar $HOME/mail.jar.backup02222010
mv mailapi.jar $HOME/mailapi.jar.back02222010
cp /d01/oracle/10.1.8/sesdev/search/lib/mail.jar .
SES 10.1.8.4 is now installed and updated with latest available CPU
tried logging in to admin console at http://aussearchdev:7777/search/admin - worked fine
tried bringing up search query at http://aussearchdev:7777/search/query/search - worked fine
we're going to go with the standalone OC4j 10.1.3.3 and Oracle ADF 10.1.3.3 method
The URLs for these products are
http://blogs.oracle.com/ebssearch/2009/10/available_now_oracle_search_modeler_11_for_oracle_e-business_suite_11i.html
and specifically
OC4J - http://download.oracle.com/otn/java/oc4j/101330/oc4j_extended_101330.zip
ADF - http://www.oracle.com/technology/software/products/jdev/htdocs/adfinstaller10133.html
OC4J install
First you need to have Java 1.5 on the machine. Latest is 1.5.0_22. Package is in /mnt/oraclebackup/deathstar_patches/SES
as root on aussearchdev
cd /usr/local
cp /mnt/oraclebackup/deathstar_patches/SES/jdk-1_5_0_22-linux-i586.bin .
chmod 700 jdk-1_5_0_22-linux-i586.bin
./jdk-1_5_0_22-linux-i586.bin
yes
install OC4J just by copying over the directory
as oracle on aussearchdev
mkdir -p /d01/oracle/oc4j
cd /d01/oracle/oc4j
cp -r /mnt/oraclebackup/deathstar_patches/SES/oc4j/* .
ADF install
vi /mnt/oraclebackup/deathstar_patches/SES/adf/adfinstaller.properties
change the following
OracleHome = /mnt/oraclebackup/deathstar_patches/SES/adf
DesHome = /d01/oracle/oc4j/
type = OC4J
as root
cd /usr/bin
rm java
(yes)
ln -s /usr/local/jdk1.5.0_22/bin/java
su - oracle
java -version should now return 1.5.0_22
export JAVA_HOME=/usr/local/jdk1.5.0_22
cd /mnt/oraclebackup/deathstar_patches/SES/adf
java -jar runinstaller.jar -version
returns The version for the ADF libraries being installed is 10.1.3.41.57 - yes, that is apparently 10.1.3.3.
java -jar runinstaller.jar adfinstaller.properties
output looks good, do not be concerned by
WARNING: 'Could not delete: /d01/oracle/oc4j/BC4J/redist/bc4j' whilst deleting bc4j application
WARNING: 'Could not delete: /d01/oracle/oc4j/BC4J/redist/datatags' whilst deleting datatags application
as it was trying to delete the old version that didn't exist
Start OC4J
as oracle on aussearchdev
export JAVA_HOME=/usr/local/jdk1.5.0_22
export ORACLE_HOME=/d01/oracle/oc4j
cd $ORACLE_HOME/bin
./oc4j -start
you will be prompted for password - we're setting it. use XXXXXXXXXX
after it's up, kill it (ctrl-c) and restart it with
nohup ./oc4j -start &
last lines in nohup.out is
Starting OC4J from /d01/oracle/oc4j/j2ee/home ...
10/02/23 03:22:38 Oracle Containers for J2EE 10g (10.1.3.3.0) initialized
So now on to search modeler installation, going by Installation steps in Note 781366.1
8326128 - This is not a patch to be applied to the Apps, keep reading
as oracle on aussearchdev
cd /mnt/oraclebackup/deathstar_patches/SES/8326128
mkdir -p /d01/oracle/oc4j/uploaded
vi build.properties, changing
installation.type=OC4J
oracle.home=/d01/oracle/oc4j
deploy.server=aussearchdev.domainname.com
deploy.port=23791
web.port=7777
password=XXXXXXXXX
extra.classpath=/d01/oracle/oc4j/uploaded
now set the following environment values in your ssh session
export ORACLE_HOME=/d01/oracle/oc4j
export JAVA_HOME=/usr/local/jdk1.5.0_22
export PATH=$ORACLE_HOME/ant/bin:$ORACLE_HOME/bin:$PATH
ant main
whole bunch of stuff to screen, errors due to undeploy something that doesn't exist. Finished after a minute with
BUILD SUCCESSFUL
Total time: 58 seconds
Now on to post install steps
restart OC4j
cd $ORACLE_HOME/bin
./modeler.sh -shutdown -port 23791 -password r*l*r*0*
export ORACLE_HOME=/d01/oracle/oc4j
export JAVA_HOME=/usr/local/jdk1.5.0_22
export PATH=$ORACLE_HOME/ant/bin:$ORACLE_HOME/bin:$PATH
nohup ./modeler.sh -start &
end of nohup.out should show
Starting OC4J from /d01/oracle/oc4j/j2ee/home ...
Try going to http://aussearchdev:8888/modeler/faces/ModelerHome.jsp
Should get login screen, but wait, we haven't installed Oracle Apps interface yet...
Next let's do the Apps side of things
Going by note 953378.1
Using ERNIE (a development instance of E-Business Suite running 11.5.10.2 ATG RUP 7)
as applmgr on ausernieapp (ausernieapp is our app tier)
shut down apps services
apps patch 8225631
verify all the pre-req patches are in ERNIE
select * from ad_bugs where bug_number = '5903765';
select * from ad_bugs where bug_number = '6372396';
select * from ad_bugs where bug_number = '3219567';
select * from ad_bugs where bug_number = '3264822';
select * from ad_bugs where bug_number = '3261254';
select * from ad_bugs where bug_number = '5161676';
select * from ad_bugs where bug_number = '3036401';
select * from ad_bugs where bug_number = '3263588';
select * from ad_bugs where bug_number = '3264818';
select * from ad_bugs where bug_number = '3218526';
select * from ad_bugs where bug_number = '3263645';
select * from ad_bugs where bug_number = '4206794';
select * from ad_bugs where bug_number = '3262486';
select * from ad_bugs where bug_number = '3261243';
select * from ad_bugs where bug_number = '2614213';
select * from ad_bugs where bug_number = '3262159';
select * from ad_bugs where bug_number = '2819091';
select * from ad_bugs where bug_number = '3412795';
patch went in smooth
Log in to ERNIE Apps GUI as sysadmin user responsibility
Give users such as sysadmin FND Search Crawler responsibility
Go to system profile options, set
set FND: Search Enabling Flag to Y at site level
as applmgr on ausernieapp
cd /d01/oracle/ernieappl/fnd/11.5.0/patch/115/sql
sqlplus apps/$APPS_PWD @AFSRCHCF
Enter SES endpoint URL [e.g. http://ap637atg.us.oracle.com:7780]: http://aussearchdev.domainname.com:7777
Enter Apps Admin username [e.g. sysadmin]: sysadmin
Enter Apps Admin password: sysadmin_password
Enter SES Admin username [e.g. eqsys]: eqsys
Enter SES Admin password: eqsyspassword <-- This is the same as sys's password
on aussearchdev as oracle
had to kill modeler and start all the processes, so
kill -9 the modeler oc4j process, then
cd $ORACLE_HOME/bin
./searchctl startall
enter the password when prompted
in IE browser go to
http://aussearchdev.domainname.com:7777/search/admin
log in with eqsys password
global settings tab
identity management setup
click circle next to oracle.search.plugin.security.identity.ebs.EBS12IdentityPliginMgr
(yes, we're going with 12 even though we use Oracle Apps 11i)
http end point https://ausernieapp.domainname.com:8443/webservices/AppSearch/SecurityService
username sysadmin
password XXXXXXX
finish
Global Settings
Federation Trusted Entitites
####entity name sysadmin
####Entity Password XXXXXXXX
According to web conference with Oracle, this should NOT be eqsys but instead be sysadmin from above.
Select the Use Entity Plug-in for authentication check box
add
Trying to go to http://aussearchdev.domainname.com:7777/search/query/search and login (sysadmin / password)
stop midtier on both SES and Apps
cd $ORACLE_HOME/bin
./searchctl stopall
./adstpall.sh apps/$APPS_PWD on EBS app tier
start midtier on both SES and Apps
cd $ORACLE_HOME/bin
./searchctl startall
./adstrtal.sh apps/$APPS_PWD on EBS app tier
Now try and log in to Oracle SES user interface to verify the configuration
http://aussearchdev.domainname.com:7777/search/query
Now start up modeler again
export JAVA_HOME=/usr/local/jdk1.5.0_22
export ORACLE_HOME=/d01/oracle/oc4j
export PATH=$ORACLE_HOME/bin:$PATH
cd $ORACLE_HOME/bin
nohup ./modeler.sh -start &
Works now.
Now go to http://aussearchdev.domainname.com:8888/modeleradmin/AdminHome.jsp log in as oc4jadmin/XXXXXXX
Configure new target
Target Type 11i
Description ERNIE
Name ERNIE
EBS Database Host Name auserniedb
EBS Database Port 1521
EBS Database SID ERNIE
username apps
password XXXXXXXXx
oc4jadmin XXXXXXXx
export JAVA_HOME=/usr/local/jdk1.5.0_22
export ORACLE_HOME=/d01/oracle/oc4j
export PATH=$ORACLE_HOME/bin:$PATH
cd $ORACLE_HOME/j2ee/home
java -jar admin_client.jar deployer:oc4j:aussearchdev oc4jadmin XXXXXXXXX -addDataSourceConnectionPool -name "ERNIE2-pool" -factoryClass "oracle.jdbc.pool.OracleDataSource" -dbUser "apps" -dbPassword "XXXXXXX" -url "jdbc:oracle:thin:@auserniedb.domainname.com:1521:ERNIE" -applicationName appsearch
java -jar admin_client.jar deployer:oc4j:aussearchdev oc4jadmin XXXXXXX -addManagedDataSource -name "ERNIEDS" -jndiLocation "jdbc/ERNIEDS" -connectionPoolName "ERNIE2-pool" -applicationName appsearch
http://aussearchdev.domainname.com:8888/modeler/faces/ModelerHome.jsp
So, creating a self signed SSL certificate for ERNIE EBS instance (this will not work if you use an SSL certificate for another server like say, PROD)
doing this on ausernieapp
openssl genrsa -des3 -out ausernieapp.key 1024
PEM key is ausernieapp
openssl req -new -key ausernieapp.key -out ausernieapp.csr
PEM key is ausernieapp
Country US
State Texas
Locality Austin
Organization Name Corporation
Organizational Unit Name Information Technology
Common Name ausernieapp.domainname.com
Email address [email protected]
No challenge password
No optional company name
Now let's remove the passphrase from the key
cp ausernieapp.key ausernieapp.key.orig
openssl rsa -in ausernieapp.key.orig -out ausernieapp.key
Now let's generate a self-signed certificate
openssl x509 -req -days 1000 -in ausernieapp.csr -signkey ausernieapp.key -out ausernieapp.crt
Install the private key and certificate
cd $IAS_ORACLE_HOME/Apache/Apache/conf/ssl.crt
cp server.crt server.crt.backup.03102010
chown applmgr:applmgr server.crt.backup.03102010
cp $HOME/ausernieapp.crt /d01/oracle/ernieora/new/iAS/Apache/Apache/conf/ssl.crt/server.crt
cd $IAS_ORACLE_HOME/Apache/Apache/conf/ssl.key/
cp server.key server.key.backup.03102010
cp $HOME/ausernieapp.key /d01/oracle/ernieora/new/iAS/Apache/Apache/conf/ssl.key/server.key
chown applmgr:applmgr server.key.backup.03102010
bounce apache as applmgr
cd /d01/oracle/erniecomn/admin/scripts/ERNIE_ausernieapp
./adapcctl.sh stop
./adapcctl.sh start
In IE
https://ausernieapp.domainname.com:8443
Continue
Click on Certificate Error next to URL bar
Install Certificate -> Next-> Place all certificates in the following store -> trusted root certificate authorities ->finish
close browser, back to https://ausernieapp.domainname.com:8443
no errors,
Next step will be to import key into the SES and Search modelers
as oracle on aussearchdev
cd /d01/oracle/10.1.8/sesdev/jdk/jre/lib/security/
cp cacerts cacerts.backup.03102010
scp root@ausernieapp:/root/ausernieapp.crt .
export LANG=c
export PATH=$ORACLE_HOME/jdk/bin:$PATH
keytool -keystore ./cacerts -storepass changeit -alias rootausernieapp -import -trustcacerts -file ausernieapp.crt
--output
Owner: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Issuer: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Serial number: b4e92089cf73076f
Valid from: Wed Mar 10 13:22:38 CST 2010 until: Tue Dec 04 13:22:38 CST 2012
Certificate fingerprints:
MD5: 2C:6B:EE:1A:63:6D:XX:A6:05:90:F6:XX:DD:88:F7:80
SHA1: F8:DC:E5:2A:3E:68:XX:E1:EA:E4:75:AE:CC:4F:4A:10:2F:8A:FE:9B
Trust this certificate? [no]: yes
Certificate was added to keystore
Now load our cert
keytool -keystore ./cacerts -import -trustcacerts -file ausernieapp.crt
keytool -list -v -keystore ./cacerts now shows
Alias name: rootausernieapp
Creation date: Mar 10, 2010
Entry type: trustedCertEntry
Owner: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Issuer: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Serial number: b4e92089cf73076f
Valid from: Wed Mar 10 13:22:38 CST 2010 until: Tue Dec 04 13:22:38 CST 2012
Certificate fingerprints:
MD5: 2C:6B:EE:1A:63:6D:CB:XX:05:90:F6:78:DD:88:F7:80
SHA1: F8:DC:E5:2A:3E:68:9C:CE:EA:4E:75:AE:CC:FA:9E:10:2F:8A:FE:9B
Now we need to load it into the search modeler keystore
as root on aussearchdev
export JAVA_HOME=/usr/local/jdk1.5.0_22/
export PATH=$JAVA_HOME/bin:$PATH
cd /usr/local/jdk1.5.0_22/jre/lib/security/
scp root@ausernieapp:/root/ausernieapp.crt .
output
keytool -keystore ./cacerts -import -trustcacerts -file ausernieapp.crt
Enter keystore password: changeit
Owner: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Issuer: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Serial number: b4e92089cf73076f
Valid from: Wed Mar 10 13:22:38 CST 2010 until: Tue Dec 04 13:22:38 CST 2012
Certificate fingerprints:
MD5: 2C:6B:EE:1A:63:6D:CB:A1:05:90:F6:78:DD:88:F7:80
SHA1: F8:DC:E5:2A:3E:68:9C:CE:EA:4E:75:AE:CC:4F:9E:10:2F:8A:FE:9B
Trust this certificate? [no]: yes
Certificate was added to keystore
[root@aussearchdev security]#
output
For troubleshooting, if you go to end of /d01/oracle/10.1.8/sesdev/search/data/config/crawler.dat
you can modify the logLevel from the default of 4 to 2 to get better debug data. No services need to be restarted, it will become active with the next crawl.
While talking with Oracle, they mentioned the following patches
The patches identified 8321527 and 7586924 are SES patches to help with indexing
They also identified patch 9103851 which is an apps patch dealing with responsibilities <-- This is not yet available
Applying patch 7586924
as oracle on aussearchdev
cd $ORACLE_HOME/bin
./searchctl stopall
cd /mnt/oraclebackup/deathstar_patches/SES/post_patches/7586924
opatch apply
cd $ORACLE_HOME/bin
./searchctl startall
sqlplus eqsys/XXXXXX@SESDEV
define SCH_NAME=EQSYS
define PROXY_USER=EQPROXY
define INST_USER=EQ_TEST
@$ORACLE_HOME/search/admin/eq0pkh.sql
@$ORACLE_HOME/search/admin/eq0plb.sql
@$ORACLE_HOME/search/admin/eq0bug_7586924.sql
cd $ORACLE_HOME/search/data/config/
cp crawler.dat crawler.dat.backup.03102010
vi crawler.dat
We're using the Oracle E-Business Suite R12 crawler, so we will add the line
USE_IN_MEMORY_QUEUE Oracle E-Business Suite R12
as the line immediately preceding IMPORT -
so the end of the file looks like this:
# system properies: separated by space for multiple system properties or define multiple SYSTEM_PROPERTIES
# logLevel values: DEBUG(2), INFO(4), WARN(6), ERROR(8), FATAL(10)
SYSTEM_PROPERTIES -Doracle.search.logLevel=4 -Doracle.search.log=oracle.search.util.Log4jImpl
USE_IN_MEMORY_QUEUE Oracle E-Business Suite R12
IMPORT -
Now on to patch 8321527
cd /mnt/oraclebackup/deathstar_patches/SES/post_patches/8321527
cd $ORACLE_HOME/bin
./searchctl stopall
cd -
opatch apply
cd $ORACLE_HOME/bin
./searchctl startall
sqlplus eqsys/XXXXXXX@SESDEV
define SCH_NAME=EQSYS
define PROXY_USER=EQPROXY
select object_name from user_objects where status = 'INVALID';
--should be no rows selected
@$ORACLE_HOME/search/admin/eq0pkh.sql
@$ORACLE_HOME/search/admin/eq0plb.sql
--should be no rows selected
restart SES
cd -
./searchctl stopall
./searchctl startallBelow are all the steps I took for creating integrating Search Modeler with an Oracle E-Business Suite 11.5.10.2 ATG RUP 7 instance called ERNIE.
Much thanks to Oracle Support ( Rajesh Ghosh, Vikas Soolapani and Roger Ford), as this simply wouldn't have been possible without them.
There are a few things in this document that may not be pertinent to your environment if you're doing this. I've made attempts to clarify those possibly optional sections in the documentation.
I've broken the document down into the following multiple parts
o Setting up a new RedHat 4.8 x86 server called ausSEARCHdev (The server is in AUStin, TX, is dedicated to SEARCH, and is for our DEV environment)
o SES (Secure Enterprise Search 10.1.8.2 install
o SES 10.1.8.4 patchset install
o SES CPU patch apply
o Standalone OC4J and ADF installation
o Search Modeler installation and configuration
o Configure ERNIE Apps instance to be on valid self-signed SSL certificate
o Import ERNIE SSL certificate into SES and Search Modeler
using aussearchdev initially
rh4 x86, default oracle build
** htop and collectl are open source free performance monitoring packages we utilize**
--start
install htop and collectl
wget http://dag.wieers.com/rpm/packages/htop/htop-0.7-1.el4.rf.i386.rpm
rpm -ivh htop-0.7-1.el4.rf.i386.rpm
wget http://downloads.sourceforge.net/project/collectl/collectl/collectl-3.4.0-4/collectl-3.4.0-4.noarch.rpm?use_mirror=voxel
rpm -ivh collectl-3.4.0-4.noarch.rpm
chkconfig collectl on
service collectl start
**We still need to install the necessary rpms so that collectl logs are compressed
--end
useradd -u 501 oracle
groupadd -g 504 dba
usermod -G 504 oracle
verification:
[root@aussearchdev ~]# su - oracle
[oracle@aussearchdev ~]$ id
uid=501(oracle) gid=501(oracle) groups=501(oracle),504(dba)
passwd oracle
** /mnt/oraclebackup is a network dumpspot we use to hold Software installs, RPMs, etc
** /mnt/rpms is a network dumpspot we use to hold ISOs for OS software such as Redhat Linux
mkdir /mnt/oraclebackup
mkdir /mnt/rpms
add the following to /etc/fstab
XXXXXXX:/patches/oraclebackup /mnt/oraclebackup nfs defaults,hard,nolock 0 0
XXXXXXX:/esxpress/nfs /mnt/rpms nfs rw,addr=XXX.XXX.XXX.XXX 0 0
mount /mnt/rpms
Next need to install various oracle needed RPMs.
cd /mnt/rpms/rh40_upd8/RedHat/RPMS/
rpm -ivh perl-Compress-Zlib-1.42-1.el4.i386.rpm
rpm -ivh libaio-devel-0.3.105-2.i386.rpm
rpm -ivh sysstat-5.0.5-25.el4.i386.rpm
rpm -ivh unixODBC-devel-2.2.11-1.RHEL4.1.i386.rpm
service collectl restart
cd /tmp
wget http://oss.oracle.com/el4/oracle-validated/oracle-validated-1.0.0-18.el4.i386.rpm
rpm -ivh oracle-validated-1.0.0-18.el4.i386.rpm
Now we should have all the RPMs we need.
cd /etc/sysconfig/oracle-validated
./oracle-validated-verify
cd /var/log/oracle-validated/results
more orakernel.log
uname -a
should return 2.6.9 or higher
rpm -qa|grep gcc-
should return 3.4.3 or higher
rpm -qa|grep glibc
should return 2.3.4-2.9 or higher
rpm -qa|grep make
should return 3.80 or higher
rpm -qa|grep binutils
should return 2.15.92.0.2 or higher
rpm -qa|grep openmotif
should return 2.2.3-9.RHEL4.1 or higher
rpm -qa|grep compat-db
should return 4.1.25-9 or higher
rpm -qa|grep setarch
should return 1.6-1 or higher
cat /proc/sys/kernel/sem
should return 250 32000 100 128 or higher (250 32000 100 142 in our case)
cat /proc/sys/kernel/shmall (1073741824 in our case)
should return 2097152 or higher
cat /proc/sys/kernel/shmmax
should return half the size of physical memory (4294967295 in our case - NO LARGER on 32-bit OS)
cat /proc/sys/kernel/shmmni
should return 4096
cat /proc/sys/fs/file-max
should return 65536 (327679 in our case)
cat /proc/sys/net/ipv4/ip_local_port_range
should return 1024 65000
values in /etc/security/limits.conf set by oracle-validated rpm, no changes necessary
add the following line to /etc/pam.d/login
session required /lib/security/pam_limits.so
add the following to /etc/profile
if [ $USER = "oracle" ]; then
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi
mkdir -p /d01/oracle
chmod 777 /d01/oracle
init 6 the box (aka reboot)
Time to start the SES 10.1.8.2 installer
running SES 10.1.8.2 installer
as oracle
cd /mnt/oraclebackup/deathstar_patches/SES/SES10182
./runInstaller
search server name sesprod
administrative password XXXXXXXX for dev,
http port 7777
destination path /d01/oracle/10.1.8/sesdev (dev)
data storage path /d01/oracle/sesdevdata (dev)
next
inventory /d01/oracle/oraInventory
dba group
run orainstroot.sh as requested
continue
all tests should pass, continue
finished clean
tried logging in to admin console at http://aussearchdev:7777/search/admin - worked fine
tried bringing up search query at http://aussearchdev:7777/search/query/search - worked fine
Now we need to get to 10.1.8.4 of SES
(yes, you need to keep the system up)
cd /mnt/oraclebackup/deathstar_patches/SES/SES10184/ses_10184pst_linux/
./runInstaller
Destination, choose sesdev
Next
Patchset successful
tried logging in to admin console at http://aussearchdev:7777/search/admin - worked fine
tried bringing up search query at http://aussearchdev:7777/search/query/search - worked fine
Apply CPU Patch to SES
CPU JAN 10 says patch 9119261 is required - but patch requires extended support contract
CPU OCT 09 says patch 8836540 is required - but patch requires extended support contract
CPU JUL 09 says patch 8534394 is required - but patch requires extended support contract
CPU APR 09 says patch 8290534 is required - and you can actually download it
Need opatch from 6880880
cp -r /mnt/oraclebackup/deathstar_patches/SES/CPUAPR09/OPatch $ORACLE_HOME
export PATH=$ORACLE_HOME/OPatch:$PATH
shut down everything
cd $ORACLE_HOME/bin
./searchctl stopall
cd /mnt/oraclebackup/deathstar_patches/SES/CPUAPR09/8290534
opatch apply
cd $ORACLE_HOME/cpu/CPUApr2009
**Note: your sys password is what you set for your administrative password above
sqlplus "sys/XXXXXX" as sysdba;
startup
@catcpu
@?/rdbms/admin/utlrp
shutdown immediate
exit
cd /d01/oracle/10.1.8/sesdev/cpu/view_recompile/
sqlplus "sys/XXXXXXX" as sysdba;
startup upgrade;
@view_recompile_jan2008cpu.sql
@?/rdbms/admin/utlrp
shutdown immediate
cd /d01/oracle/10.1.8/sesdev/jdk/jre/lib/ext
mv mail.jar $HOME/mail.jar.backup02222010
mv mailapi.jar $HOME/mailapi.jar.back02222010
cp /d01/oracle/10.1.8/sesdev/search/lib/mail.jar .
SES 10.1.8.4 is now installed and updated with latest available CPU
tried logging in to admin console at http://aussearchdev:7777/search/admin - worked fine
tried bringing up search query at http://aussearchdev:7777/search/query/search - worked fine
we're going to go with the standalone OC4j 10.1.3.3 and Oracle ADF 10.1.3.3 method
The URLs for these products are
http://blogs.oracle.com/ebssearch/2009/10/available_now_oracle_search_modeler_11_for_oracle_e-business_suite_11i.html
and specifically
OC4J - http://download.oracle.com/otn/java/oc4j/101330/oc4j_extended_101330.zip
ADF - http://www.oracle.com/technology/software/products/jdev/htdocs/adfinstaller10133.html
OC4J install
First you need to have Java 1.5 on the machine. Latest is 1.5.0_22. Package is in /mnt/oraclebackup/deathstar_patches/SES
as root on aussearchdev
cd /usr/local
cp /mnt/oraclebackup/deathstar_patches/SES/jdk-1_5_0_22-linux-i586.bin .
chmod 700 jdk-1_5_0_22-linux-i586.bin
./jdk-1_5_0_22-linux-i586.bin
yes
install OC4J just by copying over the directory
as oracle on aussearchdev
mkdir -p /d01/oracle/oc4j
cd /d01/oracle/oc4j
cp -r /mnt/oraclebackup/deathstar_patches/SES/oc4j/* .
ADF install
vi /mnt/oraclebackup/deathstar_patches/SES/adf/adfinstaller.properties
change the following
OracleHome = /mnt/oraclebackup/deathstar_patches/SES/adf
DesHome = /d01/oracle/oc4j/
type = OC4J
as root
cd /usr/bin
rm java
(yes)
ln -s /usr/local/jdk1.5.0_22/bin/java
su - oracle
java -version should now return 1.5.0_22
export JAVA_HOME=/usr/local/jdk1.5.0_22
cd /mnt/oraclebackup/deathstar_patches/SES/adf
java -jar runinstaller.jar -version
returns The version for the ADF libraries being installed is 10.1.3.41.57 - yes, that is apparently 10.1.3.3.
java -jar runinstaller.jar adfinstaller.properties
output looks good, do not be concerned by
WARNING: 'Could not delete: /d01/oracle/oc4j/BC4J/redist/bc4j' whilst deleting bc4j application
WARNING: 'Could not delete: /d01/oracle/oc4j/BC4J/redist/datatags' whilst deleting datatags application
as it was trying to delete the old version that didn't exist
Start OC4J
as oracle on aussearchdev
export JAVA_HOME=/usr/local/jdk1.5.0_22
export ORACLE_HOME=/d01/oracle/oc4j
cd $ORACLE_HOME/bin
./oc4j -start
you will be prompted for password - we're setting it. use XXXXXXXXXX
after it's up, kill it (ctrl-c) and restart it with
nohup ./oc4j -start &
last lines in nohup.out is
Starting OC4J from /d01/oracle/oc4j/j2ee/home ...
10/02/23 03:22:38 Oracle Containers for J2EE 10g (10.1.3.3.0) initialized
So now on to search modeler installation, going by Installation steps in Note 781366.1
8326128 - This is not a patch to be applied to the Apps, keep reading
as oracle on aussearchdev
cd /mnt/oraclebackup/deathstar_patches/SES/8326128
mkdir -p /d01/oracle/oc4j/uploaded
vi build.properties, changing
installation.type=OC4J
oracle.home=/d01/oracle/oc4j
deploy.server=aussearchdev.domainname.com
deploy.port=23791
web.port=7777
password=XXXXXXXXX
extra.classpath=/d01/oracle/oc4j/uploaded
now set the following environment values in your ssh session
export ORACLE_HOME=/d01/oracle/oc4j
export JAVA_HOME=/usr/local/jdk1.5.0_22
export PATH=$ORACLE_HOME/ant/bin:$ORACLE_HOME/bin:$PATH
ant main
whole bunch of stuff to screen, errors due to undeploy something that doesn't exist. Finished after a minute with
BUILD SUCCESSFUL
Total time: 58 seconds
Now on to post install steps
restart OC4j
cd $ORACLE_HOME/bin
./modeler.sh -shutdown -port 23791 -password r*l*r*0*
export ORACLE_HOME=/d01/oracle/oc4j
export JAVA_HOME=/usr/local/jdk1.5.0_22
export PATH=$ORACLE_HOME/ant/bin:$ORACLE_HOME/bin:$PATH
nohup ./modeler.sh -start &
end of nohup.out should show
Starting OC4J from /d01/oracle/oc4j/j2ee/home ...
Try going to http://aussearchdev:8888/modeler/faces/ModelerHome.jsp
Should get login screen, but wait, we haven't installed Oracle Apps interface yet...
Next let's do the Apps side of things
Going by note 953378.1
Using ERNIE (a development instance of E-Business Suite running 11.5.10.2 ATG RUP 7)
as applmgr on ausernieapp (ausernieapp is our app tier)
shut down apps services
apps patch 8225631
verify all the pre-req patches are in ERNIE
select * from ad_bugs where bug_number = '5903765';
select * from ad_bugs where bug_number = '6372396';
select * from ad_bugs where bug_number = '3219567';
select * from ad_bugs where bug_number = '3264822';
select * from ad_bugs where bug_number = '3261254';
select * from ad_bugs where bug_number = '5161676';
select * from ad_bugs where bug_number = '3036401';
select * from ad_bugs where bug_number = '3263588';
select * from ad_bugs where bug_number = '3264818';
select * from ad_bugs where bug_number = '3218526';
select * from ad_bugs where bug_number = '3263645';
select * from ad_bugs where bug_number = '4206794';
select * from ad_bugs where bug_number = '3262486';
select * from ad_bugs where bug_number = '3261243';
select * from ad_bugs where bug_number = '2614213';
select * from ad_bugs where bug_number = '3262159';
select * from ad_bugs where bug_number = '2819091';
select * from ad_bugs where bug_number = '3412795';
patch went in smooth
Log in to ERNIE Apps GUI as sysadmin user responsibility
Give users such as sysadmin FND Search Crawler responsibility
Go to system profile options, set
set FND: Search Enabling Flag to Y at site level
as applmgr on ausernieapp
cd /d01/oracle/ernieappl/fnd/11.5.0/patch/115/sql
sqlplus apps/$APPS_PWD @AFSRCHCF
Enter SES endpoint URL [e.g. http://ap637atg.us.oracle.com:7780]: http://aussearchdev.domainname.com:7777
Enter Apps Admin username [e.g. sysadmin]: sysadmin
Enter Apps Admin password: sysadmin_password
Enter SES Admin username [e.g. eqsys]: eqsys
Enter SES Admin password: eqsyspassword <-- This is the same as sys's password
on aussearchdev as oracle
had to kill modeler and start all the processes, so
kill -9 the modeler oc4j process, then
cd $ORACLE_HOME/bin
./searchctl startall
enter the password when prompted
in IE browser go to
http://aussearchdev.domainname.com:7777/search/admin
log in with eqsys password
global settings tab
identity management setup
click circle next to oracle.search.plugin.security.identity.ebs.EBS12IdentityPliginMgr
(yes, we're going with 12 even though we use Oracle Apps 11i)
http end point https://ausernieapp.domainname.com:8443/webservices/AppSearch/SecurityService
username sysadmin
password XXXXXXX
finish
Global Settings
Federation Trusted Entitites
####entity name sysadmin
####Entity Password XXXXXXXX
According to web conference with Oracle, this should NOT be eqsys but instead be sysadmin from above.
Select the Use Entity Plug-in for authentication check box
add
Trying to go to http://aussearchdev.domainname.com:7777/search/query/search and login (sysadmin / password)
stop midtier on both SES and Apps
cd $ORACLE_HOME/bin
./searchctl stopall
./adstpall.sh apps/$APPS_PWD on EBS app tier
start midtier on both SES and Apps
cd $ORACLE_HOME/bin
./searchctl startall
./adstrtal.sh apps/$APPS_PWD on EBS app tier
Now try and log in to Oracle SES user interface to verify the configuration
http://aussearchdev.domainname.com:7777/search/query
Now start up modeler again
export JAVA_HOME=/usr/local/jdk1.5.0_22
export ORACLE_HOME=/d01/oracle/oc4j
export PATH=$ORACLE_HOME/bin:$PATH
cd $ORACLE_HOME/bin
nohup ./modeler.sh -start &
Works now.
Now go to http://aussearchdev.domainname.com:8888/modeleradmin/AdminHome.jsp log in as oc4jadmin/XXXXXXX
Configure new target
Target Type 11i
Description ERNIE
Name ERNIE
EBS Database Host Name auserniedb
EBS Database Port 1521
EBS Database SID ERNIE
username apps
password XXXXXXXXx
oc4jadmin XXXXXXXx
export JAVA_HOME=/usr/local/jdk1.5.0_22
export ORACLE_HOME=/d01/oracle/oc4j
export PATH=$ORACLE_HOME/bin:$PATH
cd $ORACLE_HOME/j2ee/home
java -jar admin_client.jar deployer:oc4j:aussearchdev oc4jadmin XXXXXXXXX -addDataSourceConnectionPool -name "ERNIE2-pool" -factoryClass "oracle.jdbc.pool.OracleDataSource" -dbUser "apps" -dbPassword "XXXXXXX" -url "jdbc:oracle:thin:@auserniedb.domainname.com:1521:ERNIE" -applicationName appsearch
java -jar admin_client.jar deployer:oc4j:aussearchdev oc4jadmin XXXXXXX -addManagedDataSource -name "ERNIEDS" -jndiLocation "jdbc/ERNIEDS" -connectionPoolName "ERNIE2-pool" -applicationName appsearch
http://aussearchdev.domainname.com:8888/modeler/faces/ModelerHome.jsp
So, creating a self signed SSL certificate for ERNIE EBS instance (this will not work if you use an SSL certificate for another server like say, PROD)
doing this on ausernieapp
openssl genrsa -des3 -out ausernieapp.key 1024
PEM key is ausernieapp
openssl req -new -key ausernieapp.key -out ausernieapp.csr
PEM key is ausernieapp
Country US
State Texas
Locality Austin
Organization Name Corporation
Organizational Unit Name Information Technology
Common Name ausernieapp.domainname.com
Email address [email protected]
No challenge password
No optional company name
Now let's remove the passphrase from the key
cp ausernieapp.key ausernieapp.key.orig
openssl rsa -in ausernieapp.key.orig -out ausernieapp.key
Now let's generate a self-signed certificate
openssl x509 -req -days 1000 -in ausernieapp.csr -signkey ausernieapp.key -out ausernieapp.crt
Install the private key and certificate
cd $IAS_ORACLE_HOME/Apache/Apache/conf/ssl.crt
cp server.crt server.crt.backup.03102010
chown applmgr:applmgr server.crt.backup.03102010
cp $HOME/ausernieapp.crt /d01/oracle/ernieora/new/iAS/Apache/Apache/conf/ssl.crt/server.crt
cd $IAS_ORACLE_HOME/Apache/Apache/conf/ssl.key/
cp server.key server.key.backup.03102010
cp $HOME/ausernieapp.key /d01/oracle/ernieora/new/iAS/Apache/Apache/conf/ssl.key/server.key
chown applmgr:applmgr server.key.backup.03102010
bounce apache as applmgr
cd /d01/oracle/erniecomn/admin/scripts/ERNIE_ausernieapp
./adapcctl.sh stop
./adapcctl.sh start
In IE
https://ausernieapp.domainname.com:8443
Continue
Click on Certificate Error next to URL bar
Install Certificate -> Next-> Place all certificates in the following store -> trusted root certificate authorities ->finish
close browser, back to https://ausernieapp.domainname.com:8443
no errors,
Next step will be to import key into the SES and Search modelers
as oracle on aussearchdev
cd /d01/oracle/10.1.8/sesdev/jdk/jre/lib/security/
cp cacerts cacerts.backup.03102010
scp root@ausernieapp:/root/ausernieapp.crt .
export LANG=c
export PATH=$ORACLE_HOME/jdk/bin:$PATH
keytool -keystore ./cacerts -storepass changeit -alias rootausernieapp -import -trustcacerts -file ausernieapp.crt
--output
Owner: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Issuer: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Serial number: b4e92089cf73076f
Valid from: Wed Mar 10 13:22:38 CST 2010 until: Tue Dec 04 13:22:38 CST 2012
Certificate fingerprints:
MD5: 2C:6B:EE:1A:63:6D:XX:A6:05:90:F6:XX:DD:88:F7:80
SHA1: F8:DC:E5:2A:3E:68:XX:E1:EA:E4:75:AE:CC:4F:4A:10:2F:8A:FE:9B
Trust this certificate? [no]: yes
Certificate was added to keystore
Now load our cert
keytool -keystore ./cacerts -import -trustcacerts -file ausernieapp.crt
keytool -list -v -keystore ./cacerts now shows
Alias name: rootausernieapp
Creation date: Mar 10, 2010
Entry type: trustedCertEntry
Owner: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Issuer: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Serial number: b4e92089cf73076f
Valid from: Wed Mar 10 13:22:38 CST 2010 until: Tue Dec 04 13:22:38 CST 2012
Certificate fingerprints:
MD5: 2C:6B:EE:1A:63:6D:CB:XX:05:90:F6:78:DD:88:F7:80
SHA1: F8:DC:E5:2A:3E:68:9C:CE:EA:4E:75:AE:CC:FA:9E:10:2F:8A:FE:9B
Now we need to load it into the search modeler keystore
as root on aussearchdev
export JAVA_HOME=/usr/local/jdk1.5.0_22/
export PATH=$JAVA_HOME/bin:$PATH
cd /usr/local/jdk1.5.0_22/jre/lib/security/
scp root@ausernieapp:/root/ausernieapp.crt .
output
keytool -keystore ./cacerts -import -trustcacerts -file ausernieapp.crt
Enter keystore password: changeit
Owner: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Issuer: [email protected], CN=ausernieapp.domainname.com, OU=Information Technology, O=Corporation, L=Austin, ST=Texas, C=US
Serial number: b4e92089cf73076f
Valid from: Wed Mar 10 13:22:38 CST 2010 until: Tue Dec 04 13:22:38 CST 2012
Certificate fingerprints:
MD5: 2C:6B:EE:1A:63:6D:CB:A1:05:90:F6:78:DD:88:F7:80
SHA1: F8:DC:E5:2A:3E:68:9C:CE:EA:4E:75:AE:CC:4F:9E:10:2F:8A:FE:9B
Trust this certificate? [no]: yes
Certificate was added to keystore
[root@aussearchdev security]#
output
For troubleshooting, if you go to end of /d01/oracle/10.1.8/sesdev/search/data/config/crawler.dat
you can modify the logLevel from the default of 4 to 2 to get better debug data. No services need to be restarted, it will become active with the next crawl.
While talking with Oracle, they mentioned the following patches
The patches identified 8321527 and 7586924 are SES patches to help with indexing
They also identified patch 9103851 which is an apps patch dealing with responsibilities <-- This is not yet available
Applying patch 7586924
as oracle on aussearchdev
cd $ORACLE_HOME/bin
./searchctl stopall
cd /mnt/oraclebackup/deathstar_patches/SES/post_patches/7586924
opatch apply
cd $ORACLE_HOME/bin
./searchctl startall
sqlplus eqsys/XXXXXX@SESDEV
define SCH_NAME=EQSYS
define PROXY_USER=EQPROXY
define INST_USER=EQ_TEST
@$ORACLE_HOME/search/admin/eq0pkh.sql
@$ORACLE_HOME/search/admin/eq0plb.sql
@$ORACLE_HOME/search/admin/eq0bug_7586924.sql
cd $ORACLE_HOME/search/data/config/
cp crawler.dat crawler.dat.backup.03102010
vi crawler.dat
We're using the Oracle E-Business Suite R12 crawler, so we will add the line
USE_IN_MEMORY_QUEUE Oracle E-Business Suite R12
as the line immediately preceding IMPORT -
so the end of the file looks like this:
# system properies: separated by space for multiple system properties or define multiple SYSTEM_PROPERTIES
# logLevel values: DEBUG(2), INFO(4), WARN(6), ERROR(8), FATAL(10)
SYSTEM_PROPERTIES -Doracle.search.logLevel=4 -Doracle.search.log=oracle.search.util.Log4jImpl
USE_IN_MEMORY_QUEUE Oracle E-Business Suite R12
IMPORT -
Now on to patch 8321527
cd /mnt/oraclebackup/deathstar_patches/SES/post_patches/8321527
cd $ORACLE_HOME/bin
./searchctl stopall
cd -
opatch apply
cd $ORACLE_HOME/bin
./searchctl startall
sqlplus eqsys/XXXXXXX@SESDEV
define SCH_NAME=EQSYS
define PROXY_USER=EQPROXY
select object_name from user_objects where status = 'INVALID';
--should be no rows selected
@$ORACLE_HOME/search/admin/eq0pkh.sql
@$ORACLE_HOME/search/admin/eq0plb.sql
--should be no rows selected
restart SES
cd -
./searchctl stopall
./searchctl startall -
How to install the EUL5 Business Area and seeded reports for Ora Apps 11i
Hi All,
We have to install the EUL5 Business Area and seeded reports for Ora Apps 11i.
I think there are scripts which need to be executed to create the BA and the Disco seeded reports. I am kind of confused about the whole think. Any pointers as to where to look foe the scripts would be really appreciated.
I am using disco version 10.1.2.48.18.
Thanks.Hi,
You need to work though Metalink Note 313418.1.
Rod West -
Need solution for using Symbol LRT3840 with Apps 10.7 and/or 11i?
Any suggestions for using Symbol's scanner/terminal with Oracle 10.7 and/or 11i? The symbol unit runs a telnet session (with a 1/4 viewable area). I'm looking for some alternate screen templates and/or a software solution that will allow me to remap the existing full screen forms so all critical information is displayed on the symbol unit in the allowable viewing area. I understand that version 11i of Oracle Apps does not support character-based telnet sessions, so I'm also interested in a fix that will be transparent to my material handlers when we upgrade from 10.7 to 11i. Any help would be greatly appreciated.
Hi
We are developing solutions in that area.
If we can know more of the exisitng solution you have implemented or PDA and how it is integrated with Oracle Application(whether it is a third party tool?)
then we can discuss about arriving at a solution.
My mail-id is [email protected]
Thanks and Regards,
Bibs -
Registering oracle forms and reports in oracle apps 11i
Hi all
I am a newbie to oracle apps
could someone please help me with registering oracle forms and reports in oracle apps 11i
thanking in advance
regards
oracle userHi,
regarding adding (Add (C:\ABC) to FORMS60_PATH in the registry) could you please explain
compilation is by f60gen @ (is this right?)Correct, the syntax of using f60gen is explained in (Note: 130686.1 - How to Generate Form, Library and Menu for Oracle Applications).
The place where i am working has apps installed in IBM AIX server .. so how do i access Apps
or can i access Apps via TOAD.You will have to access the server using ftp to download the pll files to your local machine. TOAD can be used to access the database objects only (not the physical application files).
Regards,
Hussein -
What is Oracle Apps and Oracle Financials and Oracle 11i.
Hi All,
right now I am working on Oracle PL/SQL stored procedures (Version 8) wants to learn/shift to Oracle Apps. Dont know actually what is what and what are the Differences between Oracle Apps and Oracle Financials and Oracle 11i
Can any one brief me about those.
Thanks in Advance
[email protected]What exactly are you intending to do to Oracle Apps ? You suggest you are a developer, but Oracle Apps are already developed, by Oracle. Do you want to develop peripheral applications, or become an administrator, or what ?
-
I have and iphone 6 with iOS 8.1. My contacts and whats app messages are shown on my sister's iphone! She have iPhone 6 and and iOS as well. How can I secure my iphone and have a high level of security and privacy! Her Contacts are shown in my iphone as well! Setting in mac and iphone are a bit presice and sensitive. Is there any way to solve my issue and increase the safety, security and privacy in my iPhone and its data?
Your problem is that she used your icloud ID to connect to icloud and thus had all your data synced to her device. Contacts are not saved in a backup to icloud, since they are stored independently in the Contacts section of icloud. If someone deletes them, they are gone. If you had them on the PC would they be available in some backup you frequently make of the PC?
-
Difference between oracle Apps 11i and R12
What is the difference between oracle Apps 11i and R12?
user1121252 wrote:
What is the difference between oracle Apps 11i and R12?https://forums.oracle.com/forums/search.jspa?threadID=&q=11i+vs+R12&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
https://forums.oracle.com/forums/search.jspa?threadID=&q=11i+AND+R12+AND+Functional&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
https://forums.oracle.com/forums/search.jspa?threadID=&q=11i+AND+R12+AND+Technical&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
Thanks,
Hussein -
I have downloaded an update for my ipod 4th, and after that all my songs, pictures and apps have been erased, Is there some way to recover all my information without have done a security copy?
I supsect you did the update on other than your syncing computer. If yu did the app, music and synced photo will not be on the iPod after the update since those items are not in the backup that iTunes makes. See:
iOS 5: Updating your device to iOS 5
The above applies to all updates performedvia USB on a computer. To get stuff back, restore from backup on the syncing computer.
The above in my educated guess since you provided litle information about how you did the update.
You can redownload many iTunes purchases by:
Downloading past purchases from the App Store, iBookstore, and iTunes Store -
I cannot get Facebook on my phone. It says "secure connection cannot be found" all other internet sites and apps are working. Can anyone help?
mjdorsey, you've reached the right place for help! Are you accessing Facebook from the application or browser on your device?
Are you currently connected to Wi-Fi when accessing Wi-Fi? Disable Wi-Fi, connect to our network, and try to access Facebook again. Keep us posted. We're standing by to further assist if you need us.
LasinaH_VZW
Follow us on Twitter @VZWSupport -
HELP!! cant install non app store programs and security and privacy stuck
hi guys really need help.
I cant install non apple approved programs cos the (see below);
"Open System Preferences > Security and Privacy > General, and choose "Anywhere" under "Allow applications downloaded from"
this function is stuck..... I cant unlock it even after inputting the correcct Admin password.....
Please advise
Thanks so much!!!Deloren19 wrote:
"Open System Preferences > Security and Privacy > General, and choose "Anywhere" under "Allow applications downloaded from"
Does not exist under 10.6.8.
Maybe you are looking for
-
How do you bookmark to a folder with the keyboard?
Since getting in to the habit of better organizing my bookmarks, I have bookmark folders that are up to three levels deep. How can I save a bookmark to a specific folder without having to use the mouse or click "Choose..."? It would be nice if there
-
30 Gig Video iPod reboots when playing certain podcasts
Hi everyone, I listen to an audio podcast called Diggnation. I usually put it on my iPod so I can listen to it in the car on my way to/from work. I have posted about this over at the Revision 3 forums. Here is the thread for anyone who may be interes
-
Not printing in color at all...
I am a teacher and have been trying to print in color on my printer and everything is coming out in black and white. I have already changed the toner cartidges and ran test pages and "cleaned" it. Each color cartidge is showing at 100% but no matter
-
I do not see my music and videos icon....how do I make them appear?
-
Dear Guru's, I need to develop a report CS13 for multiple material selection.Is it possible, Kindly provide ur expert input for this. With Regards,