For an old 11.5.10.2 ERP, we are moving from the architecture of "EBS application server in DMZ" to the architecture of "Reverse Proxy in DMZ and EBS application server in intranet". After doing all configurations, we hit the classic issue where, you login through extranet url visible on public internet which redirects to intranet url.
So https://extranet.example.com asks for SSO details and after keying in SSO username and password goes to http://intranet.example.com.
The support.oracle.com article DMZ Configuration with Oracle E-Business Suite 11i (Doc ID 287176.1) has listed 4 checks which could be the reason for this issue:
H6: Redirection to an Incorrect Server During Login
If you are getting redirected to an incorrect server during the login process, check the following:
- Whether the hirearchy type of the profile options mentioned in Section 5.1 is set to SERVRESP .
- Whether the profile option values for the fnd profile options (APPS_FRAMEWORK_AGENT, APPS_WEB_AGENT, APPS_JSP_AGENT, APPS_SERVLET_AGENT) are pointing to the correct node. Replace the node_id with the node_id of the external and internal web tier. For example:
- Whether the dbc file pointed to by the JVM parameter (JTFDBCFILE) in jserv.properties exists.
- Whether the value of the parameter APPL_SERVER_ID set in the dbc file for the node is the same as the value of the server_id in the fnd_nodes table.
select node_name,node_id,server_id from fnd_nodes;
PROFILE_OPTION_NAME HIERARCHY_TYPEselect PROFILE_OPTION_NAME,HIERARCHY_TYPE from fnd_profile_options where profile_option_name in ('APPS_WEB_AGENT','APPS_SERVLET_AGENT','APPS_JSP_AGENT','APPS_FRAMEWORK_AGENT' ,'ICX_FORMS_LAUNCHER','ICX_DISCOVERER_LAUNCHER','ICX_DISCOVERER_VIEWER_LAUNCHER','HELP_WEB_AGENT','APPS_PORTAL','CZ_UIMGR_URL','ASO_CONFIGURATOR_URL','QP_PRICING_ENGINE_URL','TCF:HOST');
---------------------------------------- --------------------------------
APPS_FRAMEWORK_AGENT SERVRESP
APPS_JSP_AGENT SERVRESP
APPS_PORTAL SERVRESP
APPS_SERVLET_AGENT SERVRESP
APPS_WEB_AGENT SERVRESP
ASO_CONFIGURATOR_URL SERVRESP
CZ_UIMGR_URL SERVRESP
HELP_WEB_AGENT SERVRESP
ICX_DISCOVERER_LAUNCHER SERVRESP
ICX_DISCOVERER_VIEWER_LAUNCHER SERVRESP
ICX_FORMS_LAUNCHER SERVRESP
QP_PRICING_ENGINE_URL SERVRESP
TCF:HOST SERVRESP
All good on this point
This query returned https://extranet.example.comselect fnd_profile.value_specific('APPS_FRAMEWORK_AGENT',null,null,null,null,) from dual;
This was incorrect. It was pointing to the intranet jdbc file location.wrapper.bin.parameters=-DJTFDBCFILE=
I asked the DBA team to manually correct the dbc file name inside $IAS_CONFIG_HOME/Apache/Apache/Jserv/etc/jserv.properties
and create a file of that name in $FND_SECURE/$CONTEXT_NAME.dbc on the extranet node and bounce services. Once that was done, we tested and it worked. No more redirection to intranet URL.
Then I asked them to correct the s_dbc_file_name variable in the context file of extranet node. Run autoconfig on extranet, verify the value of dbcfile in jserv.properties DJTFDBCFILE parameter, verify that the DBC file had the server_id of the extranet node. Restart all services.
Checked again, and it worked again.
So apart from checking the values of context file variables like s_webentryhost, s_webentrydomain, s_active_port, you also need to check the value of s_dbc_file while verifying the setups for extranet configuration. This can happen in 11i , R12.1 and R12.2 also.