PURPOSE
-------
Why do I get a Yellow Warning Bar connecting to Applications Rel 11i?
How to Remove the Yellow Warning Bar in 11i?
SCOPE & APPLICATION
-------------------
Anyone using Oracle Applications Rel 11.5.x
HOW TO REMOVE THE YELLOW WARNING BAR IN ORACLE APPLICATIONS REL 11.5.x
------------------------------------------------------------ ----------
If you are connecting to an Oracle Applications Rel
11.5.1 Instance
and now see a Yellow Warning Bar in the bottom margin of your screens
I What does the Yellow Warning Bar mean
II Who does this affect?
III Where are all the files located
IV Why do I get it now, what changed?
V How to remove it.
I - What does the Yellow Warning Bar mean?
Oracle Applications Rel 11.5.1 (11i) requires that its code run in a
trusted mode, and uses JInitiator to run Java applets on a desktop client.
If an applet is "trusted," however, Java will extend the privileges of the
applet.
The Yellow Warning Bar is a warning that your applet is not running in a
trusted mode.
To indicate that an applet is trusted, it must be digitally signed using a
digital Certificate, so Oracle Applications requires that all Java archive
files must be digitally signed.
This is a REQUIRED Post Installation step that is often overlooked.
------------------------------------------------------------ -------------------
Note:
You must create your own digital certificate, (See Note 112176.1) which will be
used to sign JAR files whenever they are updated and rebuilt through AutoPatch.
DO THIS ONLY ONCE!!!
All Applications Java code should be signed using only one digital certificate,
unique to your site. If you have multiple web servers in your Release 11i
environment, It is strongly recommended that you copy
identitydb.obj and
adsign.txt to the appropriate directories on all other web servers.
DO NOT re-run the adjkey command on the other web servers.
Running adjkey multiple times will produce multiple certificates, causing each
web server to have JAR files with different signatures.
------------------------------------------------------------ -------------------
II - Who does/will this affect?
This affects all users that try to access Oracle Applications Rel 11i using
Jinitiator that have a different identitydb.obj on their client, or where an
instance never created the digital certificate, and signed their JAR files.
Creating a Digital Certificate and signing the JAR files is a required step in
the Post Installation process, but is often overlooked.
After you create the certificate, you must distribute it to all desktop clients
so it can be imported into an "identity database" that is maintained by
Jinitiator called IDENTITYDB.obj. When a jar file is downloaded, the owner of
the digital signature is compared against the entry in the identity databases.
If they match, the code contained in the archive is allowed to run in a trusted
mode.
Oracle Applications provides utilities to help you repackage Jinitiator with
your certificate, so that when users install Oracle JInitiator, the information
in your digital certificate will automatically be installed as well.
If Post Install steps were not done to Create the Digital Certificate and sign
the JAR files and users are currently using Jinitiator 11727 and connecting to
Applications 11i.
Let's say a patch is applied as mentioned above, and now users get the Yellow
Warning Bar, then ALL the users will need to fix their client PC in one of two
ways after the Post Install Steps have been done.
- Uninstall Jinitiator 1.1.7.27 and clear browser cache, and then
- Log back into Applications to get the new plugin, (oajinit.exe) including the
new identitydb.obj
- Install the Jinitiator on the Client PC and then
- Log into the apps to download the new signed JAR files
OR
- Sign(Add to) existing IDENTITYDB.obj with the new certificate file APPLTOP.cer
on each Client PC
- Clear the jcache directory on each client
- Clear the browser cache on each client
- Log into the apps to download the new signed JAR files
This should resolve the Yellow Warning Bar issue.
III - Where are all the necessary files located?
These are located on the Middle Tier, webserver - should be owned by APPLMGR
ADCERT.txt (certificate directive file)
UNIX : $APPL_TOP/admin/adcert.txt
NT : \oracle\prodappl\admin\adcert.txt
ADSIGN.txt (used to pass arguments to JRI for signing JAR files.)
UNIX : $APPL_TOP/admin/adsign.txt
NT : \oracle\prodappl\admin\adsign.txt
APPLTOP.cer (Certificate file that gets imported into the identitydb.obj
UNIX : $APPL_TOP/admin/appltop.cer
NT : \oracle\prodappl\admin\appltop.cer
OAJINIT.exe (Repackaged Jinitiator executeable that includes identitydb.obj)
UNIX : $OA_HTML/oajinit.exe
NT : \oracle\prodcomn\html\oajinit.exe
IDENTITYDB.obj (Identity Database File that holds trusted digital certificates)
UNIX : $HOME/identitydb.obj
NT : \identitydb.obj (usually the root c:\>)
This file is located on the Client's PC
IDENTITYDB.obj (identity database, holds trusted client digital certificates)
Win95\Win98\WinNT C:\Program Files\Oracle\identitydb.obj
Follow the Post Install Steps Ch 6 pages 6-6 to 6-10 and
Note 112176.1 to create
your digital certificate. When finished, adjkey creates your certificate
directive file in the admin directory of your APPL_TOP as a text file
(adcert.txt). It contains the name of your certificate's identity for signing
JAR files after patching them, and an identity database (identitydb.obj) in the
Applications user's home directory.
IV - Why do I get the Yellow Warning Bar now, what changed?
After installing Oracle Applications Release 11i, one of the post-install steps
is to create a Digital Certificate and to repackage the JInitiator with this
digital certificate.
The instructions can be found in Chapter 6 of Installing Oracle Applications,
Release 11i, pages 6-6 to 6-10. (Also See
Note 112176.1)
In 11i, if this is NOT done, then the Yellow Warning Bar may occur later for
several reasons?
Let's say a large corporation has created 2 separate Oracle Applications Rel 11I
instances, called PROD and TEST. A user can always access TEST with no problems,
and now they try to get to PROD and get the Yellow Warning Bar. They have never
accessed PROD before, and they get the Yellow Warning Bar on first logon, but
they can still access TEST with no problem.
Chances are this instance doesn't have the same identitydb.obj file that you
have on your client PC, or their JAR files have never been signed before,
meaning the Java security authorization has failed.
Another problem arises when applying a patch that modifies an existing JAR file.
Before an Oracle Applications Java patch (or any patch that modifies a JAR file)
can be applied to a Release 11I server, a digital certificate must exist. If
the digital certificate does not exist, you must create one before Java files
can be patched.
If all your users have already downloaded and connected to your Rel 11I instance
then they will need to reinstall Jinitiator to download the correct
identitydb.obj file, or manually get the file and clear their JAR cache.
(see How to Remove Yellow Warning Bar steps below)
If you did not have a digital certificate when you applied a Java patch, then
your Java files will not contain the signature, and your clients will not be
able to function properly, causing the Yellow Warning Bar and possibly a host
of other different FRM errors.
In 11i, the digital certificate WAS created, then the Yellow Warning Bar may
occur later for several reasons?
If the ct originally connected to another instance first to download Jinitiator
1.1.7.27 and thus has a different signature file, now the
identitydb.obj files
differ between client and server, and will not match creating an un-trusted
mode (Yellow Bar). If the user needs to connect to both instances then they
need to either synch the two instances by signing the JAR files with the SAME
digital certificate, or if they need to be different, keep a copy of each
identitydb.obj on the client PC renaming each file accordingly and clearing the
local jcache and browser cache before connecting to the individual instances.
If the certificate was created, but the JAR files were not signed, and users
logged in, and then later a patch was applied that required the JAR files be
signed, which they were. However, now get the Yellow Warning Bar because the
user's PCs have cached unsigned JAR files and need only clear their jcache and
browser cache to now download the signed JAR files.
V - How to REMOVE the Yellow Warning Bar when connecting to Oracle Rel 11i?.
You can Uninstall Jinitiator 1.1.7.27 off your PC and then connect to the Oracle
Applications 11I instance that has a digital certificate and signed Jar Files.
Download and install the Jinitiator PlugIn again, and this will load the new
Identitydb.obj file on your PC, and when you connect to Apps you will download
the new signed JAR files and run in "trusted" mode.
-- OR --
Follow these steps :
A.) Sign(Add to) existing
IDENTITYDB.obj with the new certificate file APPLTOP.cer
on each Client PC.
B.) Clear your browser Cache.
C.) Clear your jcache directory.
D.) Restart the browser session.
E.) Logon to 11.5.1
Applications again, and verify no more Yellow Bar Warning.
A.) Add the certificate file APPLTOP.cer to the Client file IDENTITYDB.obj
You will need to download the digital certificate file APPLTOP.cer from the
server $APPL_TOP/admin directory of the instance you are trying to connect to
onto your Client PC.
- Copy from the Middle Tier ( Webserver )
$APPL_TOP/admin/appltop.cer
to
c:\Program Files\oracle\Jinitiator
1.1.7.27 Export\bin\appltop.cer
- Open a DOS window and run the following commands from
c:\Program Files\oracle\Jinitiator 11727\bin
javakey ctrue (creates a new trusted applet called )
(in identitydb.obj )
javakey icappltop.cer (signs the new trusted applet)
( with the new certificate
appltop.cer )
javakey -l (will display your new trusted applet that has been signed)
(with the appropriate digital certificate file of the )
(instance you wish to connect to. )
If the have to access a different instance of Oracle Applications
which has another digital certificate repeat above steps for
the appltop.cer of other $APPL_TOP (ie. changeto )
B.) Clear your browser Cache
From your Broswer window:
Netscape : Edit > references > advanced > Cache and click both buttons
and
Internet Explorer : Tools ?nternet Options
Delete Temporary Internet Files
C.) Clear your jcache directory
Use Explorer to navigate to
c:\Program Files\Oracle\Jinitiator
1.1.7.27\jcache\
And delete all files in this directory
D.) Restart the browser session
Shutdown all browsers and restart a new browser session.
E.) Logon to 11.5.1 Applications again, and verify no Yellow Warning Bar.
As you well know, Oracle's Jinitiator is implemented as a plug-in (Netscape
Communicator) or ActiveX component (Microsoft Internet Explorer), and allows you
to specify the use of the Oracle Java Virtual Machine (JVM) on web clients
instead of having to use the Browser's default JVM.
When it is needed, the browser attempts to load Oracle JInitiator. If Oracle
Jinitiator has not been previously installed, the browser downloads the
necessary installation executable to the PC. Once installed, Oracle JInitiator
runs the Oracle Forms Java Applet and starts an Oracle Applications session.
Monday, May 28, 2007
How to Remove the Yellow Warning Bar in Release 11i
Subscribe to:
Post Comments (Atom)
1 comment:
very interesting post, thank you so much this is really helpful and gives specific information about the subject. i actually followed it and it helped me remove the yellow bar!
Post a Comment