Ebs sso shield appllocallogin. jsp Login

Note: The following are only personal tests and insights:

EBS version: 11.5.10.2 Background: http: // O sso-login is only allowed through single sign-on. The password is set to 'external' after a single sign-on account and an application account are linked.
O local-login is only allowed via Oracle E-Business Suite local login. Passwords must be retained in the Oracle E-Business Suite and the account cannot be linked to any Oracle Internet directory user.
O both-login can be through both single sign-on and Oracle E-Business Suite. since changes to the Oracle E-Business Suite password can be synchronized to Oracle Internet directory, but not vice versa, A user's Single Sign-On password will not necessarily be synchronized with his Oracle E-Business Suite password. test procedure: 1. Set Application SSO login types (system preset files in English environment) set the value to "SSO" 2. Create an EBS user test1/ABC123 3. Synchronize the data to the SSO Test Result: 1. After the SSO is synchronized, in the fnd_user table, encrypted_user_password and encrypted_foundation_password are changed to "external" 2. Enter the address http: // In addition, the matelink will reply to an inquiry when using this preset file for SSO login in R12

Able to login using locallogin. jsp inspite of applications SSO login types set to SSO [ID 468831.1]
		Modification time28-nov-2007TypeProblemStatusModerated

In this document
Symptoms
Cause
Solution
References

This document is being delivered to you via Oracle Support's rapid visibility (RAV) process, and therefore has not been subject to an independent technical review.

Applies:

Oracle Applications technology stack-version: 12.0
This problem can occur on any platform.
Symptoms

On release 12.0:
Integrated Oracle E-Business Suite with SSO and OID, provisioning enabled from applications to OID. Profile option "applications SSO login types" is set to SSO to prevent users from using the local login URL:

Http: //

Users are still able to login using the specified locallogin. jsp inspite of the profile option "applications SSO login types" being set to "SSO ".

Expected behavior
It shoshould not allow login using implements locallogin. jsp and display proper error message.

-- Steps to reproduce:
The issue can be reproduced at will with the following steps:

1. Create a test user from E-Business Suite and it shoshould also be created in OID.
2. encrypted_foundation_password and encrypted_user_password in fnd_user table is set to external.
3. User can login from the SSO login page as expected, but is also able to login successfully using locallogin. jsp.

Cause

SSO users are able to create local sessions.

Fix is provided by version sessionmgr. Java 120.36.12020.0.7 which will be available in 12.0.4.
Solution

-- To implement the solution, Please execute the following steps:
Please upgrade to release 12.0.4 when it is available to download via Oracle Metalink.

1. Please ensure that you have taken a backup of your system before applying the Recommended Patch.
2. always advisable to apply the patch in a test environment when available.
3. retest the issue.
4. migrate the solution as appropriate to other environments.