Monday, February 12, 2018

Deregister Oracle EBS from Oracle Access Manager

Oracle Access Manager maintains a single registration for your Oracle E-Business Suite instance and does not distinguish between run and patch file systems. Hence removing the registration from Oracle Access Manager will affect the running system.


Below are the steps to deregister your Oracle E-Business Suite instance from Oracle Access Manager:


Source the Oracle E-Business Suite environment file of your run file system.
$ cd <EBS_BASE_HOME>
 $ . EBSapps.env
 $ echo $FILE_EDITION
EBS_BASE_HOME is the top directory where fs1, fs2, and others are installed.
Type "R" to select the run file system environment when prompted. Echo $FILE_EDITION returns "run" to indicate that the run file system is sourced. Ensure there is no active Online Patching cycle.


Stop the OHS server on the Oracle E-Business Suite Environment:


$ adapcctl.sh stop
Execute the following command to deregister Oracle E-Business Suite from Oracle Access Manager.


Reference:
Integrating Oracle E-Business Suite Release 12.2 with Oracle Access Manager 11gR2 (11.1.2) using Oracle E-Business Suite AccessGate (Doc ID 1576425.1)



[applmgr@ed-olapplin2 ~]$ txkrun.pl -script=SetOAMReg -deregisteroam=yes
*** ALL THE FOLLOWING FILES ARE REQUIRED FOR RESOLVING RUNTIME ERRORS
*** Log File = /u02/ebsdev/fs2/inst/apps/ebsdev_ed-olapplin1/logs/appl/rgf/TXK/txkSetOAMReg_Sun_Jan_28_14_07_54_2018.log
Enter OAM Console URL (for ex: http://myoam.us.oracle.com:7001): http://oamsrv1.wl.oracle.nz:7012
Enter OAM console user name (for ex: weblogic): weblogic
Enter OAM console password:
Enter APPS password:
######################################################################
oamHost                 = http://oamsrv1.wl.oracle.nz:7012
oamApplicationDomain    = ebsdev_f5url.wl.oracle.nz_443
oamHostIdentifier       = ebsdev_f5url.wl.oracle.nz_443
contextFile             = /u02/ebsdev/fs2/inst/apps/ebsdev_ed-olapplin1/appl/admin/ebsdev_ed-olapplin2.xml
webGateInternal         = Yes
ebsProfileLevel         = Site
webGateUrl              = https://f5url.wl.oracle.nz:443
contextRoot             = accessgate
######################################################################
Do you wish to continue (y|n)?
y


admanagedsrvctl.sh stop oaea_server1
perl $AD_TOP/patch/115/bin/adProvisionEBS.pl ebs-delete-managedserver -contextfile=$CONTEXT_FILE -managedsrvname=oaea_server1
perl $FND_TOP/patch/115/bin/txkSetAppsConf.pl -contextfile=$CONTEXT_FILE -configoption=removeMS -accessgate=ed-olapplin1.wl.oracle.nz:6801


[applmgr@ed-olapplin1 ~]$ txkrun.pl -script=SetOAMReg -deregisteroam=yes
*** ALL THE FOLLOWING FILES ARE REQUIRED FOR RESOLVING RUNTIME ERRORS
*** Log File = /u02/ebsdev/fs2/inst/apps/ebsdev_ed-olapplin1/logs/appl/rgf/TXK/txkSetOAMReg_Sun_Jan_28_14_07_54_2018.log
Enter OAM Console URL (for ex: http://myoam.us.oracle.com:7001): http://oamsrv1.wl.oracle.nz:7012
Enter OAM console user name (for ex: weblogic): weblogic
Enter OAM console password:
Enter APPS password:
######################################################################
oamHost                 = http://oamsrv1.wl.oracle.nz:7012
oamApplicationDomain    = ebsdev_f5url.wl.oracle.nz_443
oamHostIdentifier       = ebsdev_f5url.wl.oracle.nz_443
contextFile             = /u02/ebsdev/fs2/inst/apps/ebsdev_ed-olapplin1/appl/admin/ebsdev_ed-olapplin1.xml
webGateInternal         = Yes
ebsProfileLevel         = Site
webGateUrl              = https://f5url.wl.oracle.nz:443
contextRoot             = accessgate
######################################################################
Do you wish to continue (y|n)?
y

admanagedsrvctl.sh stop oaea_server1
perl $AD_TOP/patch/115/bin/adProvisionEBS.pl ebs-delete-managedserver -contextfile=$CONTEXT_FILE -managedsrvname=oaea_server1
perl $FND_TOP/patch/115/bin/txkSetAppsConf.pl -contextfile=$CONTEXT_FILE -configoption=removeMS -accessgate=ed-olapplin1.wl.oracle.nz:6802


Now run autoconfig on all nodes.


Reference:
Integrating Oracle E-Business Suite Release 12.2 with Oracle Access Manager 11gR2 (11.1.2) using Oracle E-Business Suite AccessGate (Doc ID 1576425.1)


$ txkrun.pl -script=SetOAMReg -deregisteroam=yes -ebsProfileLevel=[Site|Server]


This will switch back the Oracle E-Business Suite profile options Application Authenticate Agent (APPS_AUTH_AGENT) and Applications SSO Type (APPS_SSO) to local login.


 Specify -ebsProfileLevel=Server if you registered the instance at server level. This will not affect the site level profiles, and only remove the profiles at server level for the server that you deregister.


The script will prompt for the following information.

•Enter OAM console URL (for example: http://myoam.us.oracle.com:7001)
•Enter OAM console user name (for example: weblogic)
•Enter OAM console password
•Enter APPS password
Enter the required information when prompted.


The script will provide a summary of input values. Confirm that these are correct and start the deregistration.


Do you wish to continue (y|n)? y


The script will now perform the following main tasks automatically:
•Deregister Oracle E-Business Suite AccessGate with Oracle Access Manager.
•Disable WebGate in your Oracle E-Business Suite webtier.
•Clear Oracle E-Business Suite profile options Application Authenticate Agent
(APPS_AUTH_AGENT) and Applications SSO Type (APPS_SSO) to switch back to local login. If you registered the instance with -ebsProfileLevel=Site (default), deregistration will clear the profiles at SITE level. If you registered the instance with -ebsProfileLevel=Server, deregistration will clear the profiles at SERVER level.


Alternatively, you can execute the script with parameters. For example:


$ txkrun.pl -script=SetOAMReg -deregisteroam=yes \
 -oamHost=http://myoam.us.oracle.com:7001 \
 -oamUserName=weblogic \
 -skipConfirm=yes


The script must complete successfully. Review the log files for any error messages.


The script will not automatically delete the following entries, as you may have also used these for other partner applications:

•Authentication Scheme (by default named EBSAuthScheme)
•Authentication Module (by default named LDAP_EBS)
•Identity Store (by default named OIDIdentityStore)


If you exclusively used these entries for the Oracle E-Business Suite instance that you deregistered, you may delete the Authentication Scheme, Authentication Module, and Identity Store in the order listed, using your OAM Administration Console.


After de-registering your Oracle E-Business Suite instance from Oracle Access Manager, you no longer need the Oracle E-Business Suite AccessGate deployment. Delete your Oracle E-Business Suite AccessGate using your WebLogic Administration Console, for example:
http://ebshost.example.com:7001/console


In the WebLogic Administration Console, navigate to EBS_domain_sid > Deployments, stop then delete the Oracle E-Business Suite AccessGate application named "accessgate". Ensure that you click 'Activate Changes' in the 'Change Center' pane, for the changes to take effect.


If you do not use the data source "OAEADatasource" for any other application, you may also delete the datasource. Navigate to EBS_domain_sid > Services > Data Sources, and delete data source "OAEADatasource". Ensure that you click 'Activate Changes' in the 'Change Center' pane, for the changes to take effect.


Delete the managed server on which accessgate was deployed:

1.If the managed server oaea_server1 is currently running, shut it down as follows:

$ sh $ADMIN_SCRIPTS_HOME/admanagedsrvctl.sh stop oaea_server1
The script will prompt for the following passwords:
•Enter the WebLogic Admin password.
Enter the required information when prompted.


2.Run the command below on the application tier node where the oaea_server1 managed server resides. This will delete the managed server, and also update the respective context variables that contain references to the deleted managed server:

$ perl $AD_TOP/patch/115/bin/adProvisionEBS.pl \
 ebs-delete-managedserver \
 -contextfile=$CONTEXT_FILE -managedsrvname=oaea_server1
The script will prompt for the following passwords:
•Enter the APPS Schema password.
•Enter the WebLogic AdminServer password.
Enter the required information when prompted.
The following confirmation message will be displayed: ManagedServer oaea_server1 deleted successfully.


3.Remove the managed server and port from the mod_wl_ohs.conf configuration:

$ perl $FND_TOP/patch/115/bin/txkSetAppsConf.pl \
 -contextfile=$CONTEXT_FILE \
 -configoption=removeMS \
 -accessgate=<host>.<domain>:<port>
To determine the value of the Port that was used for the oaea_server1 managed server, search for 's_wls_oaeaport' in $CONTEXT_FILE.


Stop and restart the Oracle E-Business Suite Application Tier services.


Reference:Integrating Oracle E-Business Suite Release 12.2 with Oracle Access Manager 11gR2 (11.1.2) using Oracle E-Business Suite AccessGate (Doc ID 1576425.1)