Last updated on JUNE 28, 2017
Applies to:Oracle Configurator - Version 184.108.40.206 and later
Information in this document applies to any platform.
When implementing CZ and Contracts (OKC) together the following security issue is encountered:
1) Followed the CZ Implementation Guide, Chapter 9 "Session Initialization" and used custom servlet in $IAS_ORACLE_HOME/Apache/Jserv/Servlets to invoke configurator.
2) Current (default) settings are:
FND Validation Level -> None
FND Function Validation Level ->Error
3) With the settings above, when calling runtime configurator from external application, the following error is seen:
"Error: You are trying to access a page that is no longer active. The referring page may have come from a previous session. Please select Home to proceed."
If the profile options are set to the following:
FND Validation Level = Error
FND Function Validation Level = Error
a different error is encountered:
"You have insufficient privileges...."
If the profile option is set to the following:
FND Validation Level = None
FND Function Validation Level = None
Configurator works correctly.
It is expected that the profile options should be set according to AOL <Note.946372.1>: "Secure Configuration of E-Business Suite Profiles" which states that "Oracle strongly recommends the following settings for Security Profiles":
FND Validation Level -> ERROR
FND Function Validation Level ->ERROR
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms