Skip navigation.

APPS Blogs

Oracle Fusion Applications 11.1.8 is now available

Online Apps DBA - Sun, 2014-03-09 12:37
Oracle yesterday (March 7) released version 11.1.8 of Fusion Applications  Documentation for Fusion Applications version 11.1.8 is available on OTN here Fusion Apps 11.1.8 software is available on eDelivery For new or changed features in 11.1.8 installation check here   .           Previous in series Related Posts for Fusion Apps Oracle Fusion Applications OverviewOracle Fusion Application for Apps DBAs –...

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

Focusthread offers Oracle Access Manager 11g Administrator Training starts on 15 March 2014 @Lowest price ever!!!

Online Apps DBA - Sat, 2014-03-08 01:01
Get trained from the best instructor known to have trained novices as experts in this field. Commencement Date : 15 March 2014 Training Schedule: 15, 16, 22, 23 & 29 March 2014 Training Duration: 5 Days Timings: 12:00 Noon GMT | 8:00AM EST | 5:00AM PST | 7:00AM CST | 6:00AM MST | 5:30PM IST | 01:00PM GMT+1 Course Fee: USD 799       Course Content & Registration Link :...

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

Oracle E-Business Suite Logging and Auditing: Page Access Tracking

Sign-On Audit only logs professional forms activity – it does not log Oracle Applications Framework (OAF) user activity.  Page Access Tracking is required to log OAF activity.  Once enabled, the level of logging needs to be set as well as flagging those applications to be logged and has negligible overhead.

To configure Page Access Tracking, use the following navigation: System Administration -> Oracle Applications Manager -> Site Map > Monitoring > Applications Usage Reports > Page Access Tracking.

Once enabled, Page Access Tracking requires two concurrent programs to be run.  The program Page Access Tracking Data Migration must be run to move data from the staging tables into the reporting tables.  This is usually done daily.  To purge data on a regular basis, run the program Page Access Tracking Purge Data.

The levels of logging are:

  • Session info
  • Session Info and Cookies
  • Session Info, Cookies and URL Parameters
  • Session Info, Cookies and All Parameters

Once configured, reports can be run for the following types of activity:

  • Session
  • Date
  • Form
  • User
  • Application
How to do you know if Page Access Tracking is enabled?
  • Check the system profile option JTF_PF_MASTER_ENABLED and if it set to TRUE for monitoring Web Access
  • Check the system profile option JTF_PF_LEVEL. This will be set for each Application. As well, it can be set for Responsibilities and users:

JTF_PF_LEVEL

Description

22

Session info

118

Session Info and Cookies

254

Session Info, Cookies and URL Parameters

126

Session Info, Cookies and All Parameters

 

What Tables Store Page Access Tracking Data?

The table below identified the tables used to store Page Access Tracking data. Remember that the concurrent programs Page Access Tracking Data Migration and Page Access Tracking Purge Data respectively insert data into and remove data from these tables.

Page Access Tracking Tables

JTF.JTF_PF_SES_ACTIVITY

JTF.JTF_PF_ANON_ACTIVITY

JTF.JTF_PF_APP_SUMM

JTF.JTF_PF_HOST_SUMM

JTF.JTF_PF_PAGE_SUMM

JTF.JTF_PF_USER_SUMM

Figure 1 - Page Access Tracking Configuration Page

 

Figure 2 - Page Access Tracking Configuration Screen

If you have questions, please contact us at info@integrigy.com

 -Michael Miller, CISSP-ISSMP

References Tags: AuditingOracle E-Business Suite
Categories: APPS Blogs, Security Blogs

Certification 1Z0-133 Monitoring WebLogic Server Transactions : WebLogic 12c Administration Certification

Online Apps DBA - Tue, 2014-03-04 19:19
In today’s post I am going to Monitoring WebLogic Server Transactions from topic Transactions  for WebLogic 12c Certification 1Z0-133 for Administrators .  If you have come directly on this post then first check first check WebLogic Server’s role in managing transactions Configure WebLogic Server transactions (JTA) Configure the WebLogic Server default store used for transaction logs  Configure Database persistent store for [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

What Hashing Algorithm OID uses to store user Password : SSHA or MD5

Online Apps DBA - Mon, 2014-03-03 12:19
User’s password is stored in attribute userPassword and for security reasons value in password userPassword is hashed using SSHA (Salted Secure Hashing Algorithm) Algorithm . More on SHA here and Salt here Here are key points related to password in OID 1. User’s Password in OID are stored in attribute userPassword 2. User’s password can be [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

1Z0-133 Configure Database Store for TLogs : WebLogic 12c Administration Certification

Online Apps DBA - Sun, 2014-03-02 03:43
In today’s post I am going to Configure a database persistent store for TLogs from topic Transactions  for WebLogic 12c Certification 1Z0-133 for Administrators . If you have come directly on this post then first check first check WebLogic Server’s role in managing transactions Configure WebLogic Server transactions (JTA) Configure the WebLogic Server default store used for transaction logs    [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

Focusthread offers Online Quick Training on Hyperion Essbase starts on 08 March 2014 @Lowest price ever!!!

Online Apps DBA - Sat, 2014-03-01 03:34
Get trained from the best instructor known to have trained novices as experts in this field. Commencement Date: 08 March 2014 Training Schedule: 08 & 09 March 2014 Training Duration: 2 Days Timings : 12:00 Noon GMT | 7:00AM EST | 4:00AM PST | 6:00AM CST | 5:00AM MST | 5:30PM IST Course Fee: USD 199     Course Content [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

Oracle E-Business Logging and Auditing: PCI, SOX, HIPAA, 27001 and FISMA

Continuing this blog series on Oracle E-Business logging and auditing, Integrigy’s log and audit framework is based on our consulting experience. We have also based it on compliance and security standards such as Payment Card Industry (PCI-DSS), Sarbanes-Oxley (SOX), IT Security (ISO 27001), FISMA (NIST 800-53), and HIPAA.

The foundation of the framework is the set of security events and actions that should be audited and logged in all Oracle E-Business Suite implementations.  These security events and actions are derived from and mapped back to key compliance and security standards most organizations have to comply with.  We view these security events and actions as the core set and most organizations will need to expand these events and actions to address specific compliance and security requirements, such as functional or change management requirements.

Figure 1 - Integrigy's Framework for Auditing and Logging in Oracle E-Business Suite

Table 1 presents the core set of audits that, if implemented, will serve as a foundation for more advanced security analytics.  Implementing these audits will go a long way toward meeting logging and auditing requirements for most compliance and security standards like PCI requirement 10.2.  The numbering scheme used in Table 1 will be referenced throughout the framework.

 

Table 1 – Foundation Events for Logging and Security Framework

Security Events

and Actions

PCI

DSS 10.2

SOX (COBIT)

HIPAA

(NIST 800-66)

IT Security

(ISO 27001)

FISMA

(NIST  800-53)

E1 - Login

10.2.5

A12.3

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E2 - Logoff

10.2.5

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E3 - Unsuccessful login

10.2.4

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

A.11.5.1

AC-7

E4 - Modify authentication mechanisms

10.2.5

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E5 – Create user account

10.2.5

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E6 - Modify user account

10.2.5

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E7 - Create role

10.2.5

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E8 - Modify role

10.2.5

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E9 - Grant/revoke user privileges

10.2.5

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E10 - Grant/revoke role privileges

10.2.5

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E11 - Privileged commands

10.2.2

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

E12 - Modify audit and logging

10.2.6

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

AU-9

E13 - Objects:

Create object

Modify object

Delete object

10.2.7

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

AU-14

E14 - Modify configuration settings

10.2.2

DS5.5

DS5.6

DS9.2

164.312(c)(2)

A 10.10.1

AU-2

 

Integrigy’s Framework for Oracle E-Business Suite logging and auditing is fully documented in our whitepaper. The whitepaper is available for download in the link referenced below.

If you have questions, please contact us at info@integrigy.com

 -Michael Miller, CISSP-ISSMP

 

References Tags: AuditingSecurity Strategy and StandardsComplianceSarbanes-Oxley (SOX)PCIFISMA/DODHIPAAOracle E-Business SuiteAuditor
Categories: APPS Blogs, Security Blogs

ORA-20010: ERROR: Unable to acquire lock on ad_adop_sessions table. ORA-06512: at "APPS.AD_ZD_ADOP", line 523

Vikram Das - Wed, 2014-02-26 21:37
I reported this error to Oracle on an SR:

The adop phase=prepare fails before generating any log files. Whatever we get on the screen is what we have. I'll paste it for you again:

$ adop phase=prepare

Enter the APPS password:
Enter the SYSTEM password:
Enter the WLSADMIN password:

Please wait. Validating credentials...


RUN file system context file: $INST_TOP/appl/admin/tsoadba1_alpgetapp049d.xml
PATCH file system context file: $INST_TOP/appl/admin/tsoadba1_alpgetapp049d.xml


************* Start of session *************
version: 12.2.0
started at: Sun Feb 23 2014 20:55:38

APPL_TOP is set to $APPL_TOP
[STATEMENT] Using 48 workers (Default: 48, Recommended maximum limit: 696)
[EVENT] [START 2014/02/23 20:55:48] Verify SSH
Logfile location $INST_TOP/logs/appl/rgf/TXK/verifyssh.log
xml output = $INST_TOP/logs/appl/rgf/TXK/out.xml
[EVENT] [END 2014/02/23 20:55:54] Verify SSH
[ERROR] Failed to execute sql statement :
begin
AD_ZD_ADOP.LOCK_SESSIONS_TABLE('server1',60,0);
end;

[ERROR] SQLPLUS error: buffer=
SQL*Plus: Release 10.1.0.5.0 - Production on Sun Feb 23 20:55:59 2014
Copyright (c) 1982, 2005, Oracle. All rights reserved.
SQL> SQL> Connected.
SQL> begin
*
ERROR at line 1:
ORA-20010: ERROR: Unable to acquire lock on ad_adop_sessions table.
ORA-06512: at "APPS.AD_ZD_ADOP", line 523
ORA-06512: at line 2
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP,
Data Mining and Real Application Testing options

[UNEXPECTED]Unable to acquire lock on sessions table

adop exiting with status = 2 (Fail)

Oracle asked me to confirm whether I had run adconfig on both run and patch environments. I had forgotten to run adconfig on patch environment.  After running adconfig on the patch environment, I retried and it worked.


Categories: APPS Blogs

Response contains no valid assertions: Ping Federate

Online Apps DBA - Wed, 2014-02-26 18:33
Hi All One of the partners for which they are PingFederate integrated already were getting below error while performing Single Sign-On. We are IDP and partner is SP and PingFederate is used at both ends using Artifact profile. If you observe closely it is complaining about Time Condition. Thumb rule is that IDP and SP [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

1Z0-133 Configure WebLogic Server Default Store for TLogs : : WebLogic 12c Administration Certification

Online Apps DBA - Tue, 2014-02-25 14:40
In today’s post I am going to cover topic Configure WebLogic Server Default Store for TLogs from Transactions  for WebLogic 12c Certification 1Z0-133 for Administrators . If you have come directly on this post then first check WebLogic Server’s role in managing transactions and Configure WebLogic Server transactions (JTA)   1. Transaction Log in WebLogic is defined/configured at Server Level : Servers -> [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

1Z0-133 Configure WebLogic Server Transactions (JTA) : WebLogic 12c Administrator Certification

Online Apps DBA - Mon, 2014-02-24 15:06
In today’s post I am going to cover Configure WebLogic Server transactions (JTA) from topic Transactions  for WebLogic 12c Certification 1Z0-133 for Administrators . If you have come directly on this post then first check WebLogic Server’s role in managing transactions     1. To configure Transactions in WebLogic Server : Go to WebLogic Console -> Click Domain -> [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

Certification 1Z0-133 : Transactions – WebLogic Server’s role in managing transactions : WebLogic 12c Administrator Certification

Online Apps DBA - Sun, 2014-02-23 14:37
In today’s post I am going to cover WebLogic Server’s role in managing transactions from topic Transactions  for WebLogic 12c Certification 1Z0-133 for Administrators   1. Transaction is a group of operations as single unit of work. For example when you transfer money from bank account then Operation 1 – Debit money from one account Operation 2- Credit money [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

Focusthread- Online Hyperion Essbase Training Weekend Batch- 01 March 2014

Online Apps DBA - Sun, 2014-02-23 06:59
Essbase is market leader in OLAP database and used for analysis of huge data with the speed of thought. Most of the Fortune companies implemented Hyperion for analysis & reporting.   This training will include:   *Understanding Multidimensional Databases *Lab : Installation & Configuration, Essbase administration Services, Shared Services, Hyperion Provider server, Hyperion Essbase Server, [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

Focusthread- Oracle Apps DBA R12 Training Weekend Batch- 01 March 2014

Online Apps DBA - Sun, 2014-02-23 06:56
Our training offers hands-on exercises on day-to-day Apps DBA activities such as Installation, Patching, Cloning etc. We also provide support to your queries/issues for 1 months after training completion.   Commencement Date : 01 March 2014   Training Schedule: 01, 02, 08, 09, 15, 16, 22 March 2014   Training Duration : 7 Days   [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

Certification : OCA WebLogic Server 12c : 1Z0-133 – Interested ?

Online Apps DBA - Sat, 2014-02-22 22:36
    Oracle last month announced Oracle Certified Associates (OCA) for WebLogic 12c Administrators. If you are WebLogic/Fusion Middleware/IAM Administrator or Oracle Apps DBA then I would highly recommend this certification.  For certification path and training click here Note: Currently this example is in BETA phase (1Z1-133) till March first so exam fee is just 50 [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

New OAMConsole in OAM 11gR2 PS2 : Enabling Federation, STS, Mobile & Social in Oracle Access Management Suite 11.1.2.2

Online Apps DBA - Sat, 2014-02-22 02:01
I discussed about availability of IAM 11gR2 PS2 (11.1.2.2), installation changes in 11.1.2.2 here and lessons learned to upgrade to 11gR2 PS2 here . I also discussed new feature OAM High Availability across Data Centres introduced in 11gR2 PS2 (11.1.2.2). OAMConsole (Admin Console to configure & manage OAM) has changed in OAM 11GR2 PS2 (11.1.2.2), more information here [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

Unprotecting URIs without using OAM Anonymous authentication

Online Apps DBA - Fri, 2014-02-21 00:00
I am pretty sure you might have had the requirement to unprotect certain URI context in an application URL using OAM. This is in regards to OAM 10.1.4.3. The usual procedure to unprotect an URI context is to define the resource in OAM Policy Domain. Create a separate policy for that URI and specify Anonymous [...]

This is a content summary only. Visit my website http://onlineAppsDBA.com for full links, other content, and more!
Categories: APPS Blogs

Product Restrictions during R12.2 online patching

Vikram Das - Thu, 2014-02-20 23:34
This information is from page 75 of Oracle® E-Business Suite Maintenance Guide Release 12.2 Part No. E22954-13, published in July 2013 available here  http://docs.oracle.com/cd/V39571_01/current/acrobat/122ebsmt.zip

For patches that have manual steps, the patch readme file instructs you to use Oracle Patch Application Assistant (PAA) to create customized instructions for your system. PAA consolidates and displays only the relevant manual steps for all the patches you want to apply, including steps that you have completed. It also automatically merges the contents of individual patch readme files for a merged patch.

Create Checklist of Product Functionality Disabled in Online Patching Cycle:
During an online patching cycle, the following product restrictions will apply. Before you commence patching, you should therefore ensure there will be no requirement for any these actions or features until the cycle is complete.
  • Payroll
    • Users will not be able to define Fast Formulas or use the Fast Formula Assistant.
    • Users will not be able to perform dynamic trigger maintenance.
    • Users will not be able to create, update, or delete US Cities.
    • Data Pump meta-mapper generator will be disabled.
    • The Japanese Balance Dimensions concurrent program will be deferred to after the cutover phase is complete.
    • Pension Calculation Setup cannot be used.
    • US localization earnings and deduction setup cannot be used.
    • Tax Withholding Rules Setup cannot be used.
    • Wage Attachment Earnings Rules Setup cannot be used.
    • Garnishment Rules Setup cannot be used.
    • Quick Paint Reports cannot be used.
    • Quantum Program Update Installer execution is unavailable.
  • Order Management:
    • Creation of a new Defaulting Condition in the Attribute Defaulting Rules form is disabled, unless the same seeded condition already exists for a given attribute.
  • Warehouse Management:
    • WMS Rule creation is restricted.
  • Inventory:
    • Concurrent program "Generate Stock Locator Flexfield Definition for Mobile Transactions" will be disabled.
  • Public Sector Financials International:
    • Users will not be able to run the following concurrent programs:
      • Subledger Security: Apply Security
      • Subledger Security: Import/Export Data Fix
  • Subledger Accounting:
    • Users will not be able to Validate the Application Accounting definitions.
  • Accounts Receivable:
    • Users will not be able to create new Transaction Sources.
  • Incentive Compensation:
    • Transaction collection process for new mappings will not be available and any changed mapping will continue to use previous mapping rules.
    • Users will not be able to run the "Synchronize Classification Rulesets" program.
    • Users will not be able to use the "Formula Generation" feature.
    • Users will not be able to specify new formulas or changes to compensation rules.
  • Oracle Demand Planning:
    • Demand plans will not be available for users.
Categories: APPS Blogs

Oracle E-Business Logging and Auditing, CMM and SIEM

Most Oracle E-Business Suite implementations do not fully take advantage of the auditing and logging features. These features are sophisticated and are able to satisfy most organization’s compliance and security requirements. 

The default Oracle E-Business Suite installation only provides a basic set of logging functionality.  In Integrigy’s experience, the implementation of database and application logging seldom exceeds meeting the needs of basic debugging.  Most organizations do not know where to start or how to leverage the built-in auditing and logging features to satisfy their compliance and security requirements.

Even organizations already using centralized logging or Security Incident and Event Management (SIEM) solutions, while being more advanced in the Common Maturity Model (CMM), in Integrigy’s experience are commonly challenged by the E-Business Suite’s auditing and logging features and functionality.

This guide presents Integrigy’s framework for auditing and logging in the Oracle E-Business Suite.  This framework is a direct result of Integrigy’s consulting experience and will be equally useful to both those wanting to improve their capabilities as well as those just starting to implement logging and auditing.  Our goal is to provide a clear explanation of the native auditing and logging features available, present an approach and strategy for using these features and a straight-forward configuration steps to implement the approach.

Integrigy’s framework is also specifically designed to help clients meet compliance and security standards such as Sarbanes-Oxley (SOX), Payment Card Industry (PCI), FISMA, and HIPAA.  The foundation of the framework is PCI DSS requirement 10.2.

To make it easy for clients to implement, the framework has three maturity levels – which level a client starts at depends on the infrastructure and policies already in place.

The three levels are:

  • Level 1 – Enable baseline auditing and logging for application/database and implement security monitoring and auditing alerts
  • Level 2 – Send audit and log data to a centralized logging solution outside the Oracle Database and E-Business Suite
  • Level 3 – Extend logging to include functional logging and more complex alerting and monitoring

This blog series will be reviewing the Framework in detail. The full whitepaper is available for download – the link is referenced below.

If you have questions, please contact us at info@integrigy.com

 -Michael Miller, CISSP-ISSMP

References Tags: AuditingSecurity Strategy and StandardsComplianceOracle E-Business Suite
Categories: APPS Blogs, Security Blogs