Issue:
In an EBS-SSO integrated environment - User Account is active in EBS and the SSO account is also provisioned, but still unable to authenticate from the EBS-OAM login console.
Solution :
1. Make sure the profile option "Applications SSO Login Types" is set to "SSO" at “User” level.
2. Map the USER_GUID of FND_USER table in EBS with ORACLE_GUID of OID in SSO.
Extract oracle_guid from OID :
ldapsearch -h <sso_host> -p 3060 -D "cn=orcladmin" -s sub -L -b "cn=users,dc=xxxx,dc=com" -w "<passwd>""uid=scott" uid oracle_guid orclsamaccountname
Update in EBS:
SQL> conn apps/apps
SQL> update FND_USER set USER_GUID="xxxxxxxxxxx" where USER_NAME='SCOTT';