Oracle Fusion Middleware & Application Server

Thursday, August 31, 2017

WebLogic Server 12.2.1.3.0 - First Look

Since last night the latest release of the Oracle WebLogic Server 12.2.1.3.0 is available.

I have already installed and configured the latest release, the installation process remains the same as in the previous release, so nothing really new.

The Configuration Wizard ($ORACLE_HOME/oracle_common/common/bin/config.sh) got a new cool neat feature. On the screen 2 of the Configuration Wizard (Templates), you will find a Filter Templates option. In this Filter Templates you can type in the Template you are searching for, which is really useful when you got a fully installed Oracle Fusion Middleware Product like SOA Suite and the Template list is really long.



When you apply a filter (it must only be a part of the string) like "Coher", you available Templates will be aligned accordingly.


The WebLogic Server Console remains the same as the previous releases, there are on the first look no changes and new sections.

Also a cool new feature is within the Data Sources (Active Grid Link AGL), that you can use now an alias from a referenced tnsnames.ora file.
You will need to the set the following system property "-Doracle.net.tns_directory=<path to your tnsnames.ora&gt" in which you point to the directory in which your tnsnames.ora is located. In the tnsnames.ora you just define as usual your tnsnames alias.

Furthermore you should have a closer look on the "What's New in Oracle WebLogic Server 12.2.1.3.0" documentation (http://docs.oracle.com/middleware/12213/wls/NOTES/whatsnew.htm#NOTES107), specially the Section "Patch Set 3". Under Deprecated Features you will find following:


JMS resource adapters will be removed in the next release of Oracle WebLogic Server, which might be 12.2.1.4.0 or 12.3.1.0.0 !

Wednesday, August 30, 2017

Oracle Fusion Middleware 12.2.1.3.0 available

Since today the latest release of the Oracle Fusion Middleware Stack is available for download under Oracle Technology Network.

The latest release of the Fusion Middleware Stack 12.2.1.3.0 contains various products:

Oracle WebLogic Server 12.2.1.3.0 can be found under http://www.oracle.com/technetwork/middleware/weblogic/downloads/index.html



Oracle Forms & Reports  12.2.1.3.0 can be found under http://www.oracle.com/technetwork/developer-tools/forms/downloads/index.html



Oracle SOA Suite 12.2.1.3.0 can be found under http://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html



Oracle Traffic Director 12.2.1.3.0 can be found under http://www.oracle.com/technetwork/middleware/otd/downloads/index.html



JDeveloper 12.2.1.3.0 can be found under http://www.oracle.com/technetwork/middleware/otd/downloads/index.html


And there is a lot more ...

The complete documentation set for the latest Oracle Fusion Middleware 12.2.1.3.0 Release can be found under http://docs.oracle.com/en/middleware/fusion-middleware/index.html



Happy download and testing :-)

Internet Explorer under Mac OS X

In case, you are like me regularly working with Web environments, you will need to test from time to time your stuff with different browser, e.g. Safari, Chrome, Firefox and Internet Explorer.

Under Mac OS X many Users are using for example Safari and switching the User Agent to Internet Explorer 11 or something like that to simulate an Internet Explorer.

Microsoft is providing for free (YES, its for FREE !!!) a Virtual Machine for 90 days. The Downloads can be found here: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ 

You can choose between following Internet Explorer Versions:

  • IE8 on Windows 7
  • IE9 on Windows 7
  • IE10 on Windows 7
  • IE11 on Windows 7
  • IE11 on Windows 81
  • MSEdge on Windows 10 Stable 15.15063
  • MSEdge on Windows 10 Preview 16.16257


And for all above Release combinations you have the choice between following VM-Types:

  • VirtualBox
  • Vagrant
  • HyperV (Windows)
  • VPC (Windows)
  • VMware (Windows, Mac)
  • Parallels (Mac)


After you are done with the download of your desired combination, just import the VM into your Environment, modify the settings if necessary, e.g. MAC address of Network card and start the VM.


And now you can perform your tests with an real Internet Explorer . .  .

Friday, August 25, 2017

Display Oracle Forms 12c Sessions with WLST

Sometimes you want to get a quick overview of the current connected Forms Sessions in your Oracle Forms 12c environment and the Fusion Middleware Control (http://<servername>:7001/em) is sometimes really slow reacting.

Under the My Oracle Support (MOS) Note 1580517.1 you can find a small handy Python Script, which should display you all informations about your current Forms Sessions against a specific Managed Server hosting your Forms Application. But with Oracle Forms 12c this is not longer working out of box.

Under Oracle Forms 12c the DMS nouns are not converted to MBeans by default and the MOS Script is based on an access to "oracle.dms:type=FormsRuntimeInfo".

So at first you need to enable the DMS Nouns MBeans on your Managed Server hosting your Oracle Forms Application. For this simply connect with WLST to your Admin Server of your WebLogic Server and perform following steps:

$ORACLE_HOME/oracle_common/common/bin/wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

# Replace Username, Password, Server plus Port with your settings
wls:/offline> connect('weblogic','welcome1','localhost:7001')
Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server "FRTESTAdminServer" that belongs to domain "FRTEST".

Warning: An insecure protocol was used to connect to the server.
To ensure on-the-wire security, the SSL port or Admin port should be used instead.

wls:/FRTEST/serverConfig/> updateDMSEventRoute(destinationid="mbeanCreationDestination", enable="true", server="<Servere Name>")
# For example
wls:/FRTEST/serverConfig/> updateDMSEventRoute(destinationid="mbeanCreationDestination", enable="true", server="WLS_FORMS;")
wls:/FRTEST/serverConfig/> exit()

After that restart your Managed Server and from now on you have the DMS nouns converted to MBeans which can be accessed via WLST.

In addition, I found from an unknown author a nice modification of the provided script from the MOS Note 1580517.1, which can be found here http://yong321.freeshell.org/oranotes/FormsServerSessionMonitor.txt (in case you are the author or you know the author, please drop me a comment here, merci)

This script, is quite nice, but I modified it on top, so that you get for each execution of the script a logfile with timestamp in the logfile name and I added a more secure way for the connect data to your Managed Server.

What you will need now are 2 file:
  • domain.properties: which contains your connection details to your Managed Server and the location of the logfile
  • mon_frm_sessions.py: Python Script which retrieves the current running Forms Sessions including Client IP, DB Username, DB Session ID, Forms Session PID, Forms Section Name (from formsweb.cfg)
Create the property file named domain.properties and set the permission to 600 (chmod 600 domain.properties):

# Replace with your hostname and Port of Managed Server
admin.url=localhost:9001
# Replace with your Password
admin.password=welcome1
# Replace with your Username
admin.username=weblogic
# Replace with your preferred Logfile Location
# Please note, the trailing slash at the end is needed !
logfile.location=/u00/app/oracle/logs/

As next create the mon_frm_sessions.py

import sys
import re
import os
from datetime import datetime
from java.io import File
from java.io import FileOutputStream
from java.io import FileInputStream

# Load Connection Properties
propInputStream = FileInputStream("domain.properties")
configProps = Properties()
configProps.load(propInputStream)
adminURL=configProps.get("admin.url")
adminPassword=configProps.get("admin.password")
adminUser=configProps.get("admin.username")
logFileLocation=configProps.get("logfile.location")

# Construct the Logfile with Timestamp
LogFileName = logFileLocation +'mon_frm_sessions-%s.log'%datetime.now().strftime('%Y_%m_%d_%H_%M_%S')

redirect('/dev/null', 'false')
# Perform connection to Managed Server hosting Forms App
connect(adminUser,adminPassword,adminURL)
custom()
cd ('oracle.dms')
children = ls()
childList = children.split("\n");
f = open(LogFileName, 'a')
f.write("\n" + datetime.now().strftime("%Y-%m-%d %H:%M:%S") + "\n")
f.write("Config\tDBName\tDBSessID\tClientIP\tPID\tUser\n")
# Printout for stdout
print "Config\tDBName\tDBSessID\tClientIP\tPID\tUser"
for child in childList:
  childInfo = child.split(' ');
  length = len(childInfo);
  if (len(childInfo) > 2 and re.match('oracle.dms:type=FormsRuntimeInfo,name=/frmDMS/\d',childInfo[3])):
     cd(childInfo[3]);
     attrs = ls();
     attrList = attrs.split("\n");
     for attr in attrList:
       if (attr.find("config_value") != -1 or attr.find("dbname_value") != -1 or attr.find("dbsessid_value") != -1 or attr.find("ip_value") != -1 or attr.find("pid_value") != -1 or attr.find("user_value") != -1):
          try:
            vl = attr.split()[2]+'\t'
          except IndexError:
            vl = '\t'
          f.write(vl)
          sys.stdout.write(vl)
     f.write("\n")
     print
     cd ('..')
print " "
print "Logfile are generated: " + LogFileName
disconnect()

And now you can execute the above Python Script with WLST

$ORACLE_HOME/oracle_common/common/bin/wlst.sh mon_frm_sessions.py
Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Config  DBName  DBSessID        ClientIP        PID     User
test    DB122   1145            172.18.46.11    10313   scott
demo    DB122   1234            172.18.46.11    21330   scott

Logfile are generated: /u00/app/oracle/logs/mon_frm_sessions-2017_08_25_15_40_54.log

Enjoy displaying your current Forms Sessions without connecting to the Fusion Middleware Control :-)

Thursday, August 24, 2017

Oracle Forms 12c and FRM-93652

I am currently working on a huge migration project for Oracle Forms 11g to Oracle Forms 12c (12.2.1.2.0) and we experience some nice FRM-93652 errors in several Forms.

We had several Forms masks on which we executed a query over the menu, data is displayed in the Forms mask afterwards we clicked a button to exit the Forms and the complete Forms session crashed with FRM-93652 :-)

In the underlying formsapp-diagnostic.log in $DOMAIN_HOME/servers/<servername>/logs directory, I only could see following 3 lines:

[2017-08-24T11:16:50.300+02:00] [MS_FORMS] [ERROR] [FRM-93546] [oracle.forms.servlet] [tid: 21] [userId: <anonymous>] [ecid: b629152b-5758-4998-8aac-f6d306179e0f-000000f0,0] [APP: formsapp] [partition-name: DOMAIN] [tenant-name: GLOBAL] [FORMS_SESSION_ID: MS_FORMS.formsapp.6] [SRC_CLASS: oracle.forms.servlet.RunformProcess] [SRC_METHOD: fromFrmwebToODL] external message from runtime process: In-flux value for a pin at 0x29d0290
[2017-08-24T11:16:50.300+02:00] [MS_FORMS] [ERROR] [FRM-93546] [oracle.forms.servlet] [tid: 21] [userId: <anonymous>] [ecid: b629152b-5758-4998-8aac-f6d306179e0f-000000f0,0] [APP: formsapp] [partition-name: DOMAIN] [tenant-name: GLOBAL] [FORMS_SESSION_ID: MS_FORMS.formsapp.6] [SRC_CLASS: oracle.forms.servlet.RunformProcess] [SRC_METHOD: fromFrmwebToODL] external message from runtime process: kgepop: no error frame to pop to for error 600
[2017-08-24T11:16:50.306+02:00] [MS_FORMS] [ERROR] [FRM-93652] [oracle.forms.servlet] [tid: 21] [userId: <anonymous>] [ecid: b629152b-5758-4998-8aac-f6d306179e0f-000000f0,0] [APP: formsapp] [partition-name: DOMAIN] [tenant-name: GLOBAL] [FORMS_SESSION_ID: MS_FORMS.formsapp.6] [SRC_CLASS: oracle.forms.servlet.BaseServlet] [SRC_METHOD: logConnectionException] The runtime process has terminated abnormally.

The important parts are:

. . . [FRM-93546] . . . external message from runtime process: In-flux value for a pin at 0x29d0290
. . . [FRM-93546] . . . external message from runtime process: kgepop: no error frame to pop to for error 600
. . . [FRM-93652] . . . logConnectionException] The runtime process has terminated abnormally.

After some investigations in My Oracle Support (MOS), I only found a MOS Note for Oracle Forms 11g "Forms Crash With Error FRM-93652 After 11g Upgrade (Doc ID 1096125.1)". This MOS Note is providing a solution who to avoid the above mentioned FRM-93652 error by setting the menu property "Share Library with Form"= Yes or apply a Patch 9965029. But this MOS Note is exclusively for Oracle Forms 11g (11.1.1.2.0 to 11.1.2.2.0) and the referenced Patch is a One-Off-Patch Oracle Database 11g (11.1.0.70 to 11.2.0.3.7).

Every Oracle Forms & Reports Software Home is also containing Oracle Database Required Support Files, so I simply cross checked my ORACLE_HOME which Version are the Database Components in my Oracle Forms and Reports 12.2.1.2.0 Release:

$ORACLE_HOME/oui/bin/viewInventory.sh | grep "FeatureSet: db_clientFR"
     FeatureSet: db_clientFR 11.2.0.3.0

I downloaded the Patch 9965029 for Linux and Oracle Release 11.2.0.3.0, stopped all processes from the Oracle Forms & Reports environment (Managed Servers, OHS, AdminServer and Node Manager) and applied the Patch 9965029 to my Oracle Forms & Reports Software Home with the opatch utility under $ORACLE_HOME/OPatch, started my complete Oracle Forms & Reports Environment and tested once again if the FRM-93652 error comes up again . . . and the problem was solved :-)

I hope that Oracle Support or Oracle Product Management for Forms & Reports will update the My Oracle Support Note 1096125.1, that the provided Patch can also be used for Oracle Forms & Reports 12c.

Update 25th August 2017: I received a confirmation from My Oracle Support, that the above mentioned patch can be used for Oracle Forms & Reports Release 12.2.1.2.0



Tuesday, August 22, 2017

Parsing Named Arguments into Python Scripts

If you are coming from the Shell Script World, you are used to parse Named Arguments into your Shell Script, e.g "-u" for Username, "-p" for Password and so on. With Python Scripts you normally pass ordered arguments into your Python Script, so you are bond with the arguments in a fixed order, while passing Named Arguments you can reshuffle them in any order.

A typical Shell Script Snippet would look like that:

export UserName=""
export PassWord=""
export URL=""

while getopts u:p:c: CurOpt; do
    case ${CurOpt} in
        u) UserName="${OPTARG}"  ;;
        p) PassWord="${OPTARG}"  ;;
        c) URL="${OPTARG}"       ;;
        ?) Usage                 ;;
    esac
done

shift $((${OPTIND}-1))

# Call a function for checking of given Parameter Values
CheckInputParams

The same you can achieve for your Python Scripts to be used with the Oracle WebLogic Server command line tool wlst.

import sys

uname=''
pword=''
url=''

def helpUsage():
   print 'Usage: test.py [-help]'
   print '      [-username] Username for the connect'
   print '      [-password] Password for the connect User'
   print '      [-url] URL for the connect'
   exit()

for i in range(len(sys.argv)):
   if sys.argv[i] in ("-help"):
           helpUsage()
   elif sys.argv[i] in ("-url"):
           if i+1 < len(sys.argv):
                   url = sys.argv[i+1]
   elif sys.argv[i] in ("-username"):
           if i+1 < len(sys.argv):
                   uname = sys.argv[i+1]
   elif sys.argv[i] in ("-password"):
           if i+1 < len(sys.argv):
                   pword = sys.argv[i+1]

if len(uname)==0 or len(pword)==0 or len(url)==0:
   print 'Missing required arguments (-url, -username, -password)'
   print ' '
   helpUsage()


connect(uname,pword,url)

#
# Perform your Tasks
#

exit()

Now you can call your Python Script with wlst and provide the required Named Arguments in any order you like, e.g.:

# Using Named Argument -help
wlst.sh test.py -help

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Usage: test.py [-help]
      [-username] Username for the connect
      [-password] Password for the connect User
      [-url] URL for the connect

Exiting WebLogic Scripting Tool.


# Using Named Arguments -username / -password / -URL
wlst.sh test.py -username weblogic -url t3://localhost:7001 -password Welcome1

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to t3://localhost:7001 with userid weblogic ...
. . .
. . .
Successfully connected to Admin Server "DEMOAdminServer" that belongs to domain "DEMODomain".

Exiting WebLogic Scripting Tool.


# Using Named Arguments, but forgot to pass a value for Argument -Password
wlst.sh test2.py -username weblogic -url t3://localhost:7001 -password

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Missing required arguments (-url, -username, -password)

Usage: test.py [-help]
      [-uname] Username for the connect
      [-password] Password for the connect User
      [-url] URL for the connect

Exiting WebLogic Scripting Tool.

With a simple small Python Block you can easily pass Named Arguments into your Python Scripts in the same way you know it with Shell Scripts.

Monday, August 21, 2017

Configure Single Sign On for Cloud Control 13c against Active Directory

In many cases you want to use your Microsoft Active Directory Login to be authenticated against your Oracle Cloud Control 13c.

Here is a step by step solution how to implement Single Sign On for your Oracle Cloud Control against Microsoft Active Directory.

Lets assume following Environment:

  • AD Domain = DEMO.COM
  • Microsoft AD Server = adserver.demo.com
  • AD LDAP Port = 389
  • Cloud Control 13c Server = cloudcontrol13c.demo.com

Windows Steps


Connect to the Windows Server Hosting your Active Directory and execute following steps

1. Create a corresponding Service Account for the Oracle Management Server (OMS) in your Active Directory:


Name the to be created Service Account = your Cloud Control Server
dsadd user="cn=<ServiceAccountName>,cn=users,dc=<Domain>,dc=<TLD>" -disabled no -pwd <Password for ServiceAccountName> -canchpwd no -mustchpwd no -pwdneverexpirer yes

# For Example
dsadd user="cn=cloudcontrol13c,cn=users,dc=demo,dc=com" -disabled no -pwd Welcome1 -canchpwd no -mustchpwd no -pwdneverexpirer yes

2. Create a keytab file:


ktpass -princ HTTP/<ServiceAccountName>.<Domain>.<TLD>@;.<Domain>.<TLD> -mapuser <ServiceAccountName> -crypto all -ptype KRB5_NT_PRINCIPAL -out c:\temp\krb5.keytab

# For Example:
ktpass -princ HTTP/cloudcontrol13c.demo.com@DEMO.COM -mapuser cloudcontrol13c -crypto all -ptype KRB5_NT_PRINCIPAL -out c:\temp\krb5.keytab

Afterwards transfer the above created keytab file named krb5.keytab to your Cloud Control 13c Server.

Cloud Control Steps


Now connect to your Server which is Hosting your Oracle Cloud Control 13c and perform following steps.

1. Create the Active Directory Authentication Provider


emctl config auth ad -ldap_host "<AD-Servername>" -ldap_port "<LDAP-PORT>" \
ldap_principal "cn=<ServiceAccountName>,cn=users,dc=<Domain>,dc=<TLD>" -ldap_credential "<Password for ServiceAccountName>" \
-user_base_dn "cn=users,dc=<Domain>,dc=<TLD>" -Group_base_dn "cn=groups,dc=<Domain>,dc=<TLD>" \
-sysman_pwd "<SYSMAN Password>"

# For Example:
emctl config auth ad -ldap_host "adserver.demo.com" -ldap_port "389" \
ldap_principal "cn=cloudcontrol13c,cn=users,dc=demo,dc=com" -ldap_credential "Welcome1" \
-user_base_dn "cn=users,dc=demo,dc=com" -Group_base_dn "cn=groups,dc=demo,dc=com" \
-sysman_pwd "Welcome1"

# Now restart your OMS
emctl stop oms -all
emctl start oms

After the restart of your OMS, connect to the WebLogic Server Console of your Oracle Cloud Control 13c, usually its the SSL Port 7101 (https://<CloudControlServer>:7101/console )
Select in the Domain Structure "Security Realms" and navigate to "Providers / Authentication"


Open the Authentication Provider EM_AD_Provider and navigate to "Configuration / Provider Specific"



Align following Attributes (activate at first in the Change Center the "Lock & Edit" Mode):

Original Attributes:
  • All Users Filter: <empty>
  • User From Name Filter: (&cn=%u) (objectclass=user))
  • User Name Attribute: cn
  • User Object Class: user
New Attributes:
  • All Users Filter: (&(sAMAccountName=*) (objectclass=user))
  • User From Name Filter: (&(sAMAccountName=%u) (objectclass=user))
  • User Name Attribute: sAMAccountName
  • User Object Class: user
Save the modifications and Activate them in the Change Center.

2. Create the JAAS Configuration File krb5Login.conf

The next step is to create the required JAAS Configuration File krb5Login.conf within the DOMAIN_HOME of your Cloud Control 13c.

# for Oracle (SUN) JDK
com.sun.security.jgss.krb5.initiate {
    com.sun.security.auth.module.Krb5LoginModule required
    principal="HTTP/cloudcontrol13c.demo.com@DEMO.COM"
    useKeyTab=true keyTab=/etc/krb5.keytab
    storeKey=true debug=true;
};
com.sun.security.jgss.krb5.accept {
    com.sun.security.auth.module.Krb5LoginModule required
    principal="HTTP/cloudcontrol13c.demo.com@DEMO.COM"
    useKeyTab=true keyTab=/etc/krb5.keytab
    storeKey=true debug=true;
};

# For IBM JDK (under AIX)
com.ibm.security.jgss.krb5.initiate {
    com.ibm.security.auth.module.Krb5LoginModule REQUIRED
    principal="http/cloudcontrol13c.demo.com"
    useKeytab="FILE:/etc/krb5.keytab"
    credsType=initiator
    debug=true;
};
com.ibm.security.jgss.krb5.accept {
    com.ibm.security.auth.module.Krb5LoginModule REQUIRED
    principal="http/cloudcontrol13c.demo.com"
    useKeytab="FILE:/etc/krb5.keytab"
    credsType=acceptor
    debug=true;
};

3. Align setDomainEnv.sh

Now we need to align the setDomainEnv.sh in the DOMAIN_HOME/bin directory. Search for the 2 lines:
EXTRA_JAVA_PROPERTIES="-Djavax.management.builder.initial=weblogic.management.jmx.mbeanserver.WLSMBeanServerBuilder ${EXTRA_JAVA_PROPERTIES}"
export EXTRA_JAVA_PROPERTIES
and add below this 2 lines following block:

if [ "${SERVER_NAME}" = "EMGC_OMS1" ] ; then
     EXTRA_JAVA_PROPERTIES="-Djava.security.krb5.realm=%lt;Domain>.<TLD> -Djava.security.krb5.kdc=<AD-Servername> -Djava.security.auth.login.config=<Path to krb5Login.conf>/krb5Login.conf -Djavax.security.auth.useSubjectCredsOnly=false -Dweblogic.security.enableNegotiate=true ${EXTRA_JAVA_PROPERTIES}"
     export EXTRA_JAVA_PROPERTIES
fi

# For Example:
if [ "${SERVER_NAME}" = "EMGC_OMS1" ] ; then
     EXTRA_JAVA_PROPERTIES="-Djava.security.krb5.realm=DEMO.COM -Djava.security.krb5.kdc=adserver.demo.com -Djava.security.auth.login.config=/u00/app/oracle/product/gc_inst_13cR1/user_projects/domains/GCDomain/krb5Login.conf -Djavax.security.auth.useSubjectCredsOnly=false -Dweblogic.security.enableNegotiate=true ${EXTRA_JAVA_PROPERTIES}"
     export EXTRA_JAVA_PROPERTIES
fi

5. Configure Single Sign On within OMS

The next step is to create an external role within OMS, this external role must be named exactly the same as your corresponding AD Group for the OMS Users

emcli create_role -name="oracle_dba" -type="EXTERNAL_ROLE" -desc="Active Directory Group for oracle_dba"

Now configure the SSO for the OMS

emctl set property -name oracle.sysman.core.security.sso.type -value "OTHER"
emctl set property -name oracle.sysman.core.security.auth.is_external_authentication_enabled -value "true"
emctl set property -name oracle.sysman.emSDK.sec.DirectoryAuthenticationType -value "SSO"
emctl set property -name oracle.sysman.core.security.auth.autoprovisioning -value "true"

After that perform a restart of your OMS:

emctl stop oms -all
emctl start oms

Now, when you are connecting the first time to the Cloud Control 13c and logging in with your AD-User, there will be automatically created the SSO User within your Cloud Control 13c and you can connect with your AD-User and corresponding AD-Password.