Users Receive Blank Screen when logging into EBS in a SSO Integrated System

Hello All,

Last week was such a hectic one with one kind of a peculiar problem not seen before.
Users created after a particular date,logging into Oracle Apps via third party authentication,integrated with OID/SSO were getting blank pages.

On analysis we found that the user_guid column with the 'FND_USER' table was null for these users.
Verified OID the attribute 'orclguid' was there ,but it was not synching with FND_USER table,inspite the profile option 'Applications SSO Auto Link User" (APPS_SSO_AUTO_LINK_USER)' was set to 'ENABLED'
at site level.

I had a very hard feeling that the linking between EBS and OID was broken.To my surprise that was the case .
I dont know how many of you are aware of an user named 'AppsDN'.This "AppsDN" user is a special administration account which eBiz uses to connect
to OID for management and administrative tasks when integrating with OID/SSO.

- Determine the 'AppsDN' username/password connected to EBS as apps user

SQL> select fnd_preference.get('#INTERNAL', 'LDAP_SYNCH','USERNAME') Apps_Instance_OID_Account from dual;

APPS_INSTANCE_OID_ACCOUNT
--------------------------------------------------------------------------------
orclapplicationcommonname=prod,cn=ebusiness,cn=products,cn=oraclecontext,dc=thirdparty,dc=users

SQL> select fnd_preference.eget('#INTERNAL', 'LDAP_SYNCH','EPWD','LDAP_PWD') Apps_Password from dual;

APPS_PASSWORD
--------------------------------------------------------------------------------
1applin


- Test the username/password.Use the following command on your node where OID is running to confirm if the password works or not

'ldapbind -D 'Apps Instance OID Account' -w 'Apps Password' -h 'OIDserver' -p 'OIDport' '

Eg:-
===
ldapbind -D orclapplicationcommonname=prod,cn=ebusiness,cn=products,cn=oraclecontext,dc=thirdparty,dc=users -w 1applin -h server11 -p 389


- On executing the above ldapbind command you should recieve 'Bind Successful'.In my case it was returning 'Password Policy Error :9000: GSL_PWDEXPIRED_EXCP :Your Password has expired'

- Navigate through the "Entry Management" tree to the appropriate context (the reversed path of the orclApplcationCommonName)
Follow the below steps to set the password in OID

1) Launch oidadmin console
2) Login as user ‘orcladmin’
3) Select and expand ‘Entry Management’
4) Select and expand ‘dc=users’
5) Select and expand ‘dc=thirdparty’ under ‘dc=users’
6) Select and expand ‘cn=OracleContext’ under ‘dc=thirdparty’
7) Select and expand ‘cn=Products’
8) Select and expand ‘cn=EBusiness’
9) Select orclApplicationCommonName=PROD
10) Under the Properties tab update the 'userpassword' attribute with the password from SQL Query in my case '1applin'
11) Click on ‘Apply’

- Then bounce the OID components.

- Now we requested the users to login into Oracle Apps and they no longer get the blank screen and OID was synching up the guid to FND_USER table.