Phase 1: Prerequisites & Patching
Step 1: Confirm ISG Availability
- ISG is included by default in Oracle EBS 12.2
- No separate installation required
Step 2: Apply Required Patches
2.1 Check applied patches
Run:
SELECT bug_number
FROM ad_bugs
WHERE bug_number IN ('relevant ISG patch numbers');
2.2 Apply missing patches
Run adop:
. ~/EBSapps.env run
adop phase=prepare
Then apply:
- ISG Consolidated Patch
- Latest AD & TXK Delta patches
- Required WebLogic patches
👉 Follow standard online patching cycle:
adop phase=apply
adop phase=finalize
adop phase=cutover
adop phase=cleanup
🔷 Phase 2: Core Configuration
Step 3: Change Signon Profile Options (Conditional)
- Login as SYSADMIN
-
Navigate:
System Administrator → Profile → System -
Query:
Signon Password% - Update:
| Profile Option | Level | Value |
|---|---|---|
| Signon Password Hard To Guess | ISGADMIN user | No |
| Signon Password Length | ISGADMIN user | 8 |
| Signon Password Custom | Site | NULL |
📌 Required because ISG setup script generates passwords that may violate policies.
Step 4: Create GLOBAL User
-
Navigate:
Security → User → Define -
Create:
- Username: GLOBAL
- Description: ISG Setup User
-
Run concurrent request:
Workflow Directory Services User/Role Validation
Step 5: Increase WebLogic Timeout
- Edit:
$FMW_HOME/webtier/instances/<instance>/config/OHS/<ohs>/mod_wl_ohs.conf
- Add/update:
<Location /webservices>
WLIOTimeoutSecs 900
</Location>
📌 Prevents REST service timeout.
Step 6: Increase OAFM Heap Size
- Login to WebLogic Admin Console
-
Navigate:
Environment → Servers → oafm_server1 - Click Lock & Edit
-
Go to:
Server Start → Arguments - Set:
-Xms4096m -Xmx4096m
- Save → Activate → Restart OAFM
Step 7: Run ISG REST Setup Script
👉 Run on WebLogic Admin node only
7.1 (Optional) Stop Concurrent Managers
. ~/EBSapps.env run
cd $ADMIN_SCRIPTS_HOME
./adcmctl.sh abort apps/<password>
7.2 Run script
cd /tmp
perl $FND_TOP/patch/115/bin/ISGRestSetup.pl
📌 Important:
- Script restarts services automatically
- Do NOT run on all nodes
Step 8: Configure ISG Data Source
- Login to WebLogic Console
-
Navigate:
Services → Data Sources → ISGDatasource -
Go to:
Connection Pool → Advanced - Configure:
| Parameter | Value |
|---|---|
| Test Connections On Reserve | Enabled |
| Test Frequency | 120 |
| Test Table Name | SQL SELECT 1 FROM DUAL |
| Seconds to Trust Idle Connection | 0 |
Step 9: Synchronize File Systems
Run:
adop phase=fs_clone workers=4
📌 Ensures patch and run file systems are aligned.
Step 10: Restore Signon Profile Options
- Revert Step 3 changes
- Optional: Keep relaxed settings for ISGADMIN user
🔷 Phase 3: Enable REST & Validation
Step 11: Enable Token-Based Authentication
Set profile option:
FND: Authn Service Token Scope = Header and Body
Step 12: Test REST Login Service
Open:
https://<host>:<port>/webservices/rest/login
Example:
https://r122.localdomain:4443/webservices/rest/login
- Enter credentials
- Verify response is returned
🔷 Phase 4: Post Configuration (Implicit in Guide)
Step 13: Verify Services
-
Confirm:
- OAFM is running
- WebLogic Admin/Managed servers up
- No errors in logs
Step 14: Start/Restart Services (if needed)
adstrtal.sh apps/<password>
✅ Final Execution Flow (Concise)
- Apply required patches
- Modify Signon profiles
- Create GLOBAL user
- Update WebLogic timeout
- Increase OAFM heap
- Run ISGRestSetup.pl
- Configure ISGDatasource
- Run fs_clone
- Restore profiles
- Enable token auth
- Test REST service
⚠️ Key Notes
- ISG is configuration-driven, not installation-based
- Script execution restarts application tier
- Always run script from Admin node only
- Required for REST service enablement in Integration Repository
