Migrate FND User Passwords to New Storage Mode

The Advanced Password Hashing feature for FND user passwords includes new Oracle E-Business Suite storage modes (FSHA256, FSHA385, FSHA512). The Oracle E-Business Suite FSHA storage modes provide compatibility for hashed FND user passwords with the Oracle Database parameters for FIPS 140-2. 

System administrators can use the new Password Security Administration page (as shown in the following figure) to select new FSHA storage modes and select or change the method for migrating FND user passwords.

Password Security Administration Page

The Password Storage Mode - User Totals section of the Password Security Administration page provides a table which lists currently utilized password storage modes and the number of accounts using those storage modes.  After the User Totals table is a statement regarding whether your Oracle E-Business Suite environment is compatible with the Oracle Database FIPS parameter. 

Passwords storage modes may still be migrated using the AFPASSWD utility; however, using the Password Security Administration page is recommended. FSHA storage modes are now the only modes available when the system administrator migrates FND user passwords with AFPASSWD.

For more information regarding this feature, see Oracle E-Business Suite Password Management in Basic DBA Tasks in the Oracle E-Business Suite Maintenance Guide.

Steps to Enable

This feature is available with Oracle E-Business Suite Release 12.2.15 or R12.ATG_PF.C.Delta 14. 

The following is a summary of the steps to migrate FND user passwords to one of the new FSHA storage modes (FSHA256, FSHA384, FSHA512):

1. Navigate to the Password Security Administration page.
2. Select one of the new secure hash algorithms (FSHA256, FSHA384, FSHA512) in the Storage Mode drop-down list.
3. Select one of the migration methods from the Migration Option drop-down list.
4. Click Save to apply the changes.

For the detailed steps and further information regarding this feature, see Oracle E-Business Suite Password Management in Basic DBA Tasks in the Oracle E-Business Suite Maintenance Guide.

Tips And Considerations

If it is a requirement for your environment to configure Oracle Database FIPS parameters, see: "Can I set Oracle Database FIPS parameters with Oracle E-Business Suite" in My Oracle Support Knowledge Document 2063486.1, FAQ: Oracle E-Business Suite Security.

Key Resources

• Allowed Resources Authorizations in Oracle Application Object Library Security in the Oracle E-Business Suite Security Guide.
• Allowed Resources in Oracle Application Object Library Security in the Oracle E-Business Suite Security Guide.