Tuesday, December 9, 2014

OIM DB Tables for Lookups

Query to see Lookups in OIM Database: 


select LKV_ENCODEd, LKV_DECODED,lku.lku_type_string_key from LKV, LKU WHERE  lkv.lku_key = lku.lku_key and lku_type_string_key like 'Lookup.USR_PROCESS_TRIGGERS'

Thanks !!! 

OIM Mobile Self-Service from Techdemocracy LLC

Wednesday, December 3, 2014

Issue After OAM upgrade: java.lang.NoSuchFieldError: TIVOLI

Cause: 

 <Error> <Deployer> <BEA-149231> <Unable to set the activation state to true for the application 'oam_server [Version=11.1.2.0.0]'.
weblogic.application.ModuleException: [HTTP:101216]Servlet: "AMInitServlet" failed to preload on startup in Web application: "oam".
java.lang.NoSuchFieldError: TIVOLI


Solution: 

This issue is mainly caused because of missing patches. Some time patching fails during the process of upgrade so please reinstall all the required patches.

Patches for OAM Without Issue:



Patches for OAM With Issue:


Sameway check on oracle_common

Need to apply patch, refer Doc ID 1902297.1

Tuesday, December 2, 2014

OIM Export: Missing Permissions manifest attribute in main jar: detect.jar

Missing Permissions manifest attribute in main jar: http://host:Port/xlWebApp/ClientClassServlet/xlWebApp/detect.jar
Nexaweb Client 3.3.1072

Need to do following steps:



This can be bypassed by updating the security information in the Java Console. To do so:

  1. Open the Java Console (Start --> Control Panel)
  2. Click the Security tab and click on Edit Sites 
  3. Add the site name, which is in the following format:http://HOST:PORT/xlWebApp/DeploymentManager/loadDU.do





If you don't see Edit Sites List you need to update your Java Version.

Try exporting now. 

Thanks 


OAM WNA Logout Issue

Users won't be able to Logout using WNA Authentication:

Reason:
  1. This is expected behavior.
  2. The issue is with the Browser and the basic authn.
  3. The browser stores the basicauthn credentials, so even if you log out of OAM, and it cookies are deleted/removed, when you go to authenticate again, the browser passes the basic authn credentials that were provided earlier in the browse session.
  4. The only way to stop this is to close the browser.
  5. This can be confirmed by viewing the http headers
  6. The issue is not specific to OAM or Kerberos autn, but to the basic authn and the browser.
  7. The same issue occurs if the Kerberos authentication scheme or with the Basic Scheme.

Source : Oracle

Sunday, November 30, 2014

OIM Reports:OIM Users Without Managers

Query for Users Without Managers


select distinct
usr1.usr_login,
usr1.usr_manager AS "Manager Name",
usr1.USR_CREATED
from usr usr1,usr usr2
where
usr1.usr_manager_key is null
union
select distinct
usr1.usr_login,
  usr2.usr_first_name || ' '|| usr2.usr_middle_name|| ' '|| usr2.usr_last_name AS "Manager Name",
  usr1.USR_CREATED
from usr usr1,usr usr2
where
 usr1.usr_manager_key = usr2.usr_key
and usr1.usr_status not in ('Disabled', 'Deleted')
AND ((usr2.usr_status in ('Disabled', 'Deleted')))

Thanks!!!

OIM Report:Proxy Users

OIM Query to find  Proxy Users:


SELECT DISTINCT usr.usr_login AS "User_Login",
  usr.usr_first_name          AS "First_Name",
  usr.usr_last_name           AS "Last_Name" ,
  pu.usr_first_name           AS "Proxy_First_Name",
  pu.usr_last_name            AS "Proxy_Last_Name",
  pu.usr_status               AS "Proxy_Status",
  p.pxd_start_date            AS "Proxy_Start_Date",
  p.pxd_end_date              AS "Proxy_End_Date",
  pa.usr_first_name           AS "Proxy_Admin_First_Name",
  pa.usr_last_name            AS "Proxy_Admin_Last_Name"
FROM pxd p,
  usr,
  usr pu,
  usr pa
WHERE p.pxd_orig_usr_key = usr.usr_key
AND p.pxd_proxy_key      = pu.usr_key
and p.pxd_createby       = pa.usr_key
and (nvl(:usr_login,null) is null or upper(usr.usr_login) like upper('%' || :usr_login || '%'))
and (nvl(:usr_first_name,null) is null or upper(usr.usr_first_name) like upper('%' || :usr_first_name || '%'))
and (NVL(:usr_last_name,null) is null or UPPER(usr.usr_last_name) like UPPER('%' || :usr_last_name || '%'))

Thanks !!! 

OIM Reports:Open Provisioning Tasks

Query for Open Provisioning Tasks:

Query to see the Open Tasks under Administration Tab on the Left pane in the OIM.

select distinct 
oti.sch_key as TaskKey,
mil.mil_name as TaskName,
oti.sta_bucket as TaskStatus,
oti.request_key,
obj.obj_name,
app_instance.app_instance_display_name as AppInstance,usr.usr_login as Beneficiary,
assigned_to_ugp.ugp_name AS assigned_to,
oti.osi_assign_type,
oti.osi_assigned_date 
from OTI,obj,mil,usr,orc,app_instance,oiu,oug,ugp assigned_to_ugp
  \where oti.obj_key=obj.obj_key and mil.mil_key=oti.mil_key and orc.orc_key=oti.orc_key and orc.usr_key=usr.usr_key and app_instance.app_instance_key=oiu.app_instance_key and app_instance.object_key = oug.obj_key
  and obj.obj_key=app_instance.object_key and app_instance_is_soft_delete='0'  AND assigned_to_ugp.ugp_key = oti.osi_assigned_to_ugp_key 
  and oti.osi_assign_type     = 'Group'   
  AND oti.sta_bucket         IN ('Pending', 'Rejected')
and oti.osi_assign_type =:AssignType
and oti.sta_bucket =:TaskStatus
  union 
  select distinct oti.sch_key as TaskKey,mil.mil_name as TaskName,oti.sta_bucket as TaskStatus,oti.request_key,obj.obj_name,app_instance.app_instance_display_name as AppInstance,usr.usr_login as Beneficiary,assigned_to_usr.usr_login AS assigned_to,
  oti.osi_assign_type,oti.osi_assigned_date from OTI,obj,mil,usr ,orc,app_instance,oiu,oug,usr assigned_to_usr
  where oti.obj_key=obj.obj_key and mil.mil_key=oti.mil_key and orc.orc_key=oti.orc_key and orc.usr_key=usr.usr_key and app_instance.app_instance_key=oiu.app_instance_key and app_instance.object_key = oug.obj_key
  and obj.obj_key=app_instance.object_key and app_instance_is_soft_delete='0'  AND assigned_to_usr.usr_key = oti.osi_assigned_to_usr_key 
and oti.osi_assign_type     = 'User' 
 AND oti.sta_bucket         IN ('Pending', 'Rejected')
 --and oti.osi_assign_type =:AssignType
 --and oti.sta_bucket =:TaskStatus
 and (NVL(:AssignType,null) is null or UPPER(oti.osi_assign_type) like UPPER(:AssignType))
 and (NVL(:TaskStatus,null) is null or UPPER(oti.sta_bucket) like UPPER(:TaskStatus))

Thanks !!!

OIM Reports:Closed Provisioning Tasks

Query for Closed Provisioning Tasks:


select distinct(SELECT usr_login FROM usr WHERE usr_key = oiu.usr_key)                   AS "target_user",    
                    obj.obj_name               AS "resource_name",    
                    mil.mil_name               AS "task_name",        
                    sta.sta_bucket             AS "task_status",      
                    usr.usr_login                AS "assigned_to_user",  
                    sch.sch_actual_start       AS "task_created_date",
                    sch.sch_actual_end         AS "task_completed_date"
    From OSI,MIL,ORC,SCH,STA,USR,OSH,OIU,OBI,OBJ,PKG
Where osh.sta_key              = sta.sta_key
AND sch.sch_key                  = osh.sch_key
AND sch.sch_key                  = osi.sch_key
AND osi.mil_key = mil.mil_key
                                      AND   sch.sch_key                  = osh.sch_key
                                      AND   sch.sch_key                  = osi.sch_key
                                      AND   osi.mil_key                  = mil.mil_key
                                      AND   osi.orc_key                  = orc.orc_key
                                      AND orc.orc_key                   = oiu.orc_key
                                       AND obi.obi_key                   = oiu.obi_key
                                      AND obj.obj_key                   = obi.obj_key
                                      AND sta.sta_bucket               = 'Completed'
                                      AND mil.mil_name                != 'System Validation'
                                      AND osh.osh_assigned_to_usr_key = usr.usr_key
                                       AND osh.osh_assigned_to_usr_key IS NOT NULL
                                      AND osh.osh_assigned_to_usr_key != '1'
                                       AND pkg.pkg_type = 'Provisioning'
                                  AND usr.usr_login not in ('OIMINTERNAL','XELSYSADM')
                                AND sch.sch_actual_end between  :from_date and :todate

Thanks !!!

OIM Reports : Closed Provisioning Tasks Counts


Query for Closed Provisioning Tasks Counts:

select assigned_to_usr.usr_login as "Completed By",
    assigned_to_usr.usr_first_name || ' ' || assigned_to_usr.usr_last_name as "Full Name",
    count(assigned_to_usr.usr_login)
  FROM osi,mil,orc,sch,sta,usr assigned_to_usr, usr target_usr,pkg,oiu,obi,obj
  WHERE oiu.usr_key           = target_usr.usr_key
  AND osi.mil_key             = mil.mil_key
  AND osi.orc_key             = orc.orc_key
  AND sch.sch_key             = osi.sch_key
  and sta.sta_status          = sch.sch_status
  AND assigned_to_usr.usr_key = sch.sch_updateBY
  AND pkg.pkg_key             = osi.pkg_key
  AND osi.orc_key             = orc.orc_key
  AND orc.orc_key             = oiu.orc_key
  AND obi.obi_key             = oiu.obi_key
  and obj.obj_key             = obi.obj_key
  and sta.sta_bucket         ='Completed'
 and pkg.pkg_type = 'Provisioning'
  and  assigned_to_usr.usr_login not in ('XELSYSADM','OIMINTERNAL')
  and sch.sch_actual_start between :task_completed_date_from and :task_completed_date_to
  group by assigned_to_usr.usr_login, assigned_to_usr.usr_first_name || ' ' || assigned_to_usr.usr_last_name

Thanks !!!

OIM Reports :Pending Approvals Tasks for Groups


Query for Pending Approvals Tasks for Groups:

SELECT "WFASSIGNEE"."ASSIGNEETYPE"   AS "ASSIGNEETYPE",
  "WFASSIGNEE"."ASSIGNEE"            AS "ASSIGNEE",
  "WFPRODUCTIVITY_VIEW"."TASKNAME"   AS "TASKNAME",
  "WFPRODUCTIVITY_VIEW"."TASKNUMBER" AS "TASKNUMBER",
  "WFPRODUCTIVITY_VIEW"."STATE"      AS "STATE",
  "WFTASK"."ASSIGNEDDATE"            AS "ASSIGNEDDATE"
FROM "PROD_SOAINFRA"."WFPRODUCTIVITY_VIEW" "WFPRODUCTIVITY_VIEW",
  "PROD_SOAINFRA"."WFTASK" "WFTASK",
  "PROD_SOAINFRA"."WFASSIGNEE" "WFASSIGNEE"
WHERE "WFTASK"."TASKNUMBER"     ="WFPRODUCTIVITY_VIEW"."TASKNUMBER"
AND "WFASSIGNEE"."TASKID"       ="WFTASK"."TASKID"
AND "WFTASK"."STATE"            ="WFPRODUCTIVITY_VIEW"."STATE"

Thanks!!!

OIM Reports:Pending Approvals Tasks for Users






Query for Pending Approvals Tasks for Users :



SELECT "WFASSIGNEE"."ASSIGNEETYPE"   AS "ASSIGNEETYPE",
  "WFASSIGNEE"."ASSIGNEE"            AS "ASSIGNEE",
  "WFPRODUCTIVITY_VIEW"."TASKNAME"   AS "TASKNAME",
  "WFPRODUCTIVITY_VIEW"."TASKNUMBER" AS "TASKNUMBER",
  "WFPRODUCTIVITY_VIEW"."STATE"      AS "STATE",
  "WFTASK"."ASSIGNEDDATE"            AS "ASSIGNEDDATE"
   FROM "PROD_SOAINFRA"."WFPRODUCTIVITY_VIEW" "WFPRODUCTIVITY_VIEW",
  "PROD_SOAINFRA"."WFTASK" "WFTASK",
  "PROD_SOAINFRA"."WFASSIGNEE" "WFASSIGNEE"
WHERE "WFTASK"."TASKNUMBER"     ="WFPRODUCTIVITY_VIEW"."TASKNUMBER"
AND "WFASSIGNEE"."TASKID"       ="WFTASK"."TASKID"
AND "WFTASK"."STATE"            ="WFPRODUCTIVITY_VIEW"."STATE"

Thanks!!! 

Tuesday, November 25, 2014

apr_proc_mutex_lock failed. Attempting to shutdown process gracefully

Error:
#####

[OHS] [INCIDENT_ERROR:10] [OHS-9999] [core.c] VirtualHost: main] (37)No locks available:  apr_proc_mutex_lock failed. Attempting to shutdown process gracefully.

This is what yo will see in the OHS log and http://ohshost:ohsport/ will give a 404.

This happens mostly when you install OHS instance on a shared drive (i.e., NFS). the lock file is the culprit.

OHS version: 11.1.1.7
OS: RHEL 6.6

Solution:
#######
Take a backup of httpd.conf
Locate module mpm_prefork_module and mpm_worker_module in httpd.conf. Observe that the LockFile is pointing to the path on shared drive.
This needs to be changed to a folder local to the server where you have your OHS instance running.

Modify it as below

<IfModule mpm_prefork_module>
StartServers         5
MinSpareServers      5
MaxSpareServers     10
MaxClients         150
MaxRequestsPerChild  0
AcceptMutex fcntl
LockFile " <LOCAL_DISK_PATH>"
</IfModule>

<IfModule mpm_worker_module>
StartServers         2
MaxClients         150
MinSpareThreads     25
MaxSpareThreads     75
ThreadsPerChild     25
MaxRequestsPerChild  0
AcceptMutex fcntl
LockFile " <LOCAL DISK_PATH>"

Save the httpd.conf file and start OHS.

Thursday, November 13, 2014

Oracle HTTP Server 12.1.3 Installation & Configuration

OHS 12.1.3 have some minor changes in the installation process. It now has the flexibility to create any number of instances in one shot while configuring it.

Although this installation is straight forward, the installer will halt during configuration.

Download fmw_12.1.3.0.0_ohs_linux64.bin from Oracle website

OHS installation:
=============

[oracle@demo ~]$ cd /oracle/softwares/OHS_12.1.3
[oracle@demo OHS_12.1.3]$ chmod +x fmw_12.1.3.0.0_ohs_linux64.bin
[oracle@demo OHS_12.1.3]$ ./fmw_12.1.3.0.0_ohs_linux64.bin
0%....................................................................................................100%
Launcher log file is /oracle/tmp/OraInstall2014-11-13_07-28-32PM/launcher2014-11-13_07-28-32PM.log.
Starting Oracle Universal Installer

Checking if CPU speed is above 300 MHz.   Actual 2691.389 MHz    Passed
Checking monitor: must be configured to display at least 256 colors.   Actual 16777216    Passed
Checking swap space: must be greater than 512 MB.   Actual 10698748 MB    Passed
Checking if this platform requires a 64-bit JVM.   Actual 64    Passed (64-bit not required)
Checking temp space: must be greater than 300 MB.   Actual 15850 MB    Passed


Preparing to launch the Oracle Universal Installer from /oracle/tmp/OraInstall2014-11-13_07-28-32PM

Log: /oracle/tmp/OraInstall2014-11-13_07-28-32PM/install2014-11-13_07-28-32PM.log










OHS Configuration:
===============

Navigate to /oracle/middleware_ohs_1213/oracle_common/common/bin
./config.sh









Installation will hang at 33% for sometime. approximately 2 to 4 minutes.

If you check the logs under /oracle/middleware_ohs_1213/logs you will notice the below


2014-11-13 19:39:59,373 INFO  [1] com.oracle.cie.wizard.internal.wcf.WCFWrapper - Overriding task definition summary_gui
2014-11-13 19:40:02,810 INFO  [12] com.oracle.cie.domain.DomainRegistryWrapper - need to initialize domainRegistrydocument object
2014-11-13 19:40:47,888 INFO  [12] com.oracle.cie.domain.WLSTemplateBuilder - No config groups xml found in template
2014-11-13 19:40:51,759 INFO  [12] com.oracle.cie.domain.AbstractTemplate - Adding component reference
2014-11-13 19:40:51,953 WARNING [12] com.oracle.cie.domain.AbstractTemplate - Could not find component name 'wlserver' version '0.0.0.0'
2014-11-13 19:40:52,081 INFO  [12] com.oracle.cie.domain.WLSTemplateBuilder - No config groups xml found in template
2014-11-13 19:40:52,154 INFO  [12] com.oracle.cie.domain.AbstractTemplate - Adding component reference
2014-11-13 19:40:52,163 WARNING [12] com.oracle.cie.domain.AbstractTemplate - Could not find component name 'ohs' version '0.0.0.0'

2014-11-13 19:40:52,211 WARNING [12] com.oracle.cie.domain.AbstractTemplate - Could not find component name 'ohs' version '0.0.0.0'

DON'T PANIC !!!!!

The installation will go forward





Logs after successful installation:
=========================

2014-11-13 19:39:59,373 INFO  [1] com.oracle.cie.wizard.internal.wcf.WCFWrapper - Overriding task definition summary_gui
2014-11-13 19:40:02,810 INFO  [12] com.oracle.cie.domain.DomainRegistryWrapper - need to initialize domainRegistrydocument object
2014-11-13 19:40:47,888 INFO  [12] com.oracle.cie.domain.WLSTemplateBuilder - No config groups xml found in template
2014-11-13 19:40:51,759 INFO  [12] com.oracle.cie.domain.AbstractTemplate - Adding component reference
2014-11-13 19:40:51,953 WARNING [12] com.oracle.cie.domain.AbstractTemplate - Could not find component name 'wlserver' version '0.0.0.0'
2014-11-13 19:40:52,081 INFO  [12] com.oracle.cie.domain.WLSTemplateBuilder - No config groups xml found in template
2014-11-13 19:40:52,154 INFO  [12] com.oracle.cie.domain.AbstractTemplate - Adding component reference
2014-11-13 19:40:52,163 WARNING [12] com.oracle.cie.domain.AbstractTemplate - Could not find component name 'ohs' version '0.0.0.0'
2014-11-13 19:40:52,211 WARNING [12] com.oracle.cie.domain.AbstractTemplate - Could not find component name 'ohs' version '0.0.0.0'
2014-11-13 19:47:23,047 INFO  [38] com.oracle.cie.domain.security.OracleWalletHelper - Creating default oracle wallet at /oracle/middleware_ohs_1213/user_projects/domains/base_domain/security
2014-11-13 19:47:23,661 WARNING [38] com.oracle.cie.domain.startup.StartupGroupHelper - No server groups for server: AdminServer
2014-11-13 19:47:23,661 WARNING [38] com.oracle.cie.domain.startup.ServerStartupConfigEnv - Unable to specify startup groups
2014-11-13 19:47:23,668 WARNING [38] com.oracle.cie.domain.startup.StartupPlanHelper - Not generating startupEnv startscript.
2014-11-13 19:47:23,923 INFO  [38] com.oracle.cie.domain.DomainGeneratorStandAlone - Domain Generation Successful!


OHS Start/Stop:
=============

[oracle@demo bin]$ cd /oracle/middleware_ohs_1213/user_projects/domains/base_domain/bin/
[oracle@demo bin]$ nohup ./startNodeManager.sh &

If you run nohup for starting the OHS instance, it will FAIL !!! because it will ask for NodeManager password.

[oracle@demo bin]$ nohup ./startComponent.sh ohs_instance1 &
[2] 11211
[oracle@demo bin]$ nohup: ignoring input and appending output to `nohup.out'

[oracle@demo bin]$ tail -f nohup.out
<Nov 13, 2014 8:11:01 PM EST> <INFO> <Secure socket listener started on port 5556, host localhost/127.0.0.1>
Starting system Component ohs_instance1 ...

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Reading domain from /oracle/middleware_ohs_1213/user_projects/domains/base_domain


Please enter Node Manager password:Error: Failed to get value from Standard Input: Bad file descriptor
Error: java.lang.NullPointerException


Exiting WebLogic Scripting Tool.

Done


Correct way to start OHS:
====================

[oracle@demo bin]$ ./startComponent.sh ohs_instance1
Starting system Component ohs_instance1 ...

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Reading domain from /oracle/middleware_ohs_1213/user_projects/domains/base_domain


Please enter Node Manager password:
Connecting to Node Manager ...
Successfully Connected to Node Manager.
Starting server ohs_instance1 ...
Successfully started server ohs_instance1 ...
Successfully disconnected from Node Manager.


Exiting WebLogic Scripting Tool.

Done
[oracle@demo bin]$


 Logs for OHS located at
/oracle/middleware_ohs_1213/user_projects/domains/base_domain/servers/ohs_instance1/logs

 Launch the page


Cheers :)

Friday, November 7, 2014

OAMSSA-20007: Unable to connect to the User Store


OAMSSA-20007: Unable to connect to the User Store

Illegal character in path at index 3

This is the error you see in the OAM diagnostic log when you try to authenticate against your custom userstore if you create it with spaces in its name.

For example, If you create userstore with name "AD userstore", authentication wont work and you will notice the below error.

Fix:
#####
Simple. DO NOT USE ANY SPACES. :)   Make it like "ADuserstore"

This is a bug in 11gr2ps2 which has been reported to oracle (Doc ID 1645954.1). This post is for people who want to google the error than checking it in metalink.
Who would expect a space in the userstore name will break the entire thing? lol

Error:
######

oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20007: Unable to connect to the User Store. User Store OID userstore with initParams {GROUP_SEARCH_BASE=cn=Groups, dc=example,dc=com, GroupCacheEnabled=false, USER_SCHEMA=none, NATIVE=false, USER_SEARCH_BASE=cn=Users, dc=example,dc=com, ENABLE_PASSWORD_POLICY=true, MAX_CONNECTIONS=50, GroupCacheTTL=0, SECURITY_PRINCIPAL=cn=orcladmin, Description=OID in DEV, ConnectionRetryCount=3, USER_NAME_ATTRIBUTE=uid, IsSystem=false, IsPrimary=false, ConnectionWaitTimeout=120, Name=OID userstore, SearchTimeLimit=0, MIN_CONNECTIONS=10, USER_PASSWORD_ATTRIBUTE=userPassword, LDAP_PROVIDER=OID, LDAP_URL=ldap://mdcovm04.na.ops.local:3060, ReferralPolicy=follow, GroupCacheSize=10000, UserIdentityProviderType=OracleUserRoleAPI} could not be initialized due to null.
        at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.init(IdentityProviderImpl.java:319)
        at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.init(IdentityProviderImpl.java:241)
        at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.authenticateUserByName(IdentityProviderImpl.java:1209)
        at oracle.security.am.engines.common.identity.provider.impl.OracleUserIdentityProvider.authenticateUserByName(OracleUserIdentityProvider.java:477)
        at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.execute(AuthenticationModuleExecutor.java:226)
        ... 41 more
Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException
        at oracle.security.am.engines.common.identity.provider.impl.ids.IDSLDAPConfigurator.getIDSInstance(IDSLDAPConfigurator.java:484)
        at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.init(IdentityProviderImpl.java:281)
Caused by: oracle.igf.ids.IDSException: Illegal character in path at index 3: OID userstore
        at oracle.igf.ids.IdentityDirectory.<init>(IdentityDirectory.java:169)
        at oracle.igf.ids.IdentityDirectoryFactory.getIdentityDirectory(IdentityDirectoryFactory.java:153)
        at oracle.security.am.engines.common.identity.provider.impl.ids.IDSLDAPConfigurator.getIDSInstance(IDSLDAPConfigurator.java:479)
        ... 46 more
Caused by: oracle.igf.ids.IDSException: Illegal character in path at index 3: OID userstore
        at oracle.igf.ids.arisid.ArisIdServiceManager.initialize(ArisIdServiceManager.java:1014)
        at oracle.igf.ids.arisid.ArisIdServiceManager.<init>(ArisIdServiceManager.java:308)
        at oracle.igf.ids.IdentityDirectory.<init>(IdentityDirectory.java:161)
        ... 48 more
Caused by: java.net.URISyntaxException: Illegal character in path at index 3: OID userstore
        at java.net.URI$Parser.fail(URI.java:2810)
        at java.net.URI$Parser.checkChars(URI.java:2983)
        at java.net.URI$Parser.parseHierarchical(URI.java:3067)
        at java.net.URI$Parser.parse(URI.java:3025)
        at java.net.URI.<init>(URI.java:577)
        at oracle.igf.ids.arisid.ArisIdServiceManager.initialize(ArisIdServiceManager.java:474)
        ... 50 more

Tuesday, November 4, 2014

OIM Upgrade: Database MDS Upgrade Issue:

Error:
[2014-11-04T18:37:57.138-05:00] [RCU] [ERROR] [upgrade.RCU.jdbcEngine] SQLException: ORA-20005: object statistics are locked (stattype = ALL)[[
ORA-06512: at "SYS.DBMS_STATS", line 3683
ORA-06512: at "SYS.DBMS_STATS", line 4516
ORA-06512: at "SYS.DBMS_STATS", line 11564
ORA-06512: at line 10

]]
[2014-11-04T18:37:57.138-05:00] [RCU] [ERROR] [upgrade.RCU.jdbcEngine] [[
java.sql.SQLException: ORA-20005: object statistics are locked (stattype = ALL)
ORA-06512: at "SYS.DBMS_STATS", line 3683
ORA-06512: at "SYS.DBMS_STATS", line 4516
ORA-06512: at "SYS.DBMS_STATS", line 11564
ORA-06512: at line 10

                at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:462)
                at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
                at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:931)
                at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:481)
                at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:205)
                at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:548)
                at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:217)

                at oracle.jdbc.driver.T4CPreparedStatement.executeForRows(T4CPreparedStatement.java:1115)


Solution: 

exec dbms_stats.unlock_schema_stats('QA_MDS'); 
exec dbms_stats.unlock_schema_stats('SYS'); 
exec dbms_stats.unlock_table_stats('QA_MDS','MDS_TXN_LOCKS');

commit; 

Friday, October 31, 2014

OAM 11G R2 PS2 Upgrade Issue:

Error:
oracle.security.am.admin.config.util.DataConnectionUtility getConnection
WARNING: Failed to get connection
java.sql.SQLException: ORA-01017: invalid username/password; logon denied

        at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:445)
        at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:389)
        at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:382)
        at oracle.jdbc.driver.T4CTTIfun.processError(T4CTTIfun.java:600)
        at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:445)
        at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:450)
        at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:192)
        at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:380)
        at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:760)
        at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:401)
        at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:546)
        at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:236)
        at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
        at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
        at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:280)
        at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:207)
        at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:157)
        at oracle.security.am.admin.config.util.DataConnectionUtility.getConnection(DataConnectionUtility.java:139)
        at oracle.security.am.upgrade.framework.psfe.util.PSFEUtils.validateDBConnectionDetails(PSFEUtils.java:232)
        at oracle.security.am.upgrade.framework.psfe.PSFEFramework.processOffline(PSFEFramework.java:193)
        at oracle.security.am.wlst.util.WLSTServerUtil.executeCommand(WLSTServerUtil.java:230)
        at oracle.security.am.wlst.WLSTWrapper.executeCommand(WLSTWrapper.java:152)
        at oracle.security.am.wlst.WLSTWrapper.execute(WLSTWrapper.java:107)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.python.core.PyReflectedFunction.__call__(Unknown Source)
        at org.python.core.PyReflectedFunction.__call__(Unknown Source)
        at org.python.core.PyObject.__call__(Unknown Source)
        at org.python.core.PyObject.invoke(Unknown Source)
        at OamInternal_handler$py.patchUpgradeImpl$78(/Middleware/Oracle_IDM1/common/script_handlers/OamInternal_handler.py:1313)
        at OamInternal_handler$py.call_function(/Middleware/Oracle_IDM1/common/script_handlers/OamInternal_handler.py)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyFunction.__call__(Unknown Source)
        at org.python.core.PyObject.invoke(Unknown Source)
        at Oam_common$py.upgradeConfig$73(/Middleware/Oracle_IDM1/common/script_handlers/Oam_common.py:883)
        at Oam_common$py.call_function(/Middleware/Oracle_IDM1/common/script_handlers/Oam_common.py)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyFunction.__call__(Unknown Source)
        at org.python.core.PyObject.__call__(Unknown Source)
        at org.python.core.PyObject.invoke(Unknown Source)
        at org.python.pycode._pyx49.upgradeConfig$74(/Middleware/Oracle_IDM1/common/wlst/Oam.py:553)
        at org.python.pycode._pyx49.call_function(/Middleware/Oracle_IDM1/common/wlst/Oam.py)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyFunction.__call__(Unknown Source)
        at org.python.core.PyObject.__call__(Unknown Source)
        at org.python.pycode._pyx65.f$0(<console>:1)
        at org.python.pycode._pyx65.call_function(<console>)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyCode.call(Unknown Source)
        at org.python.core.Py.runCode(Unknown Source)
        at org.python.core.Py.exec(Unknown Source)
        at org.python.util.PythonInterpreter.exec(Unknown Source)
        at org.python.util.InteractiveInterpreter.runcode(Unknown Source)
        at org.python.util.InteractiveInterpreter.runsource(Unknown Source)
        at org.python.util.InteractiveInterpreter.runsource(Unknown Source)
        at weblogic.management.scripting.WLST.main(WLST.java:188)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at weblogic.WLST.main(WLST.java:29)
Oct 30, 2014 11:59:25 PM oracle.security.am.upgrade.framework.psfe.PSFEFramework processOffline
SEVERE: Database connection details are incorrect
Oct 30, 2014 11:59:25 PM oracle.security.am.wlst.WLSTWrapper execute
SEVERE: Unable to execute the WLST Command
java.lang.Exception: upgradeConfig failed
        at oracle.security.am.wlst.util.WLSTServerUtil.executeCommand(WLSTServerUtil.java:232)
        at oracle.security.am.wlst.WLSTWrapper.executeCommand(WLSTWrapper.java:152)
        at oracle.security.am.wlst.WLSTWrapper.execute(WLSTWrapper.java:107)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.python.core.PyReflectedFunction.__call__(Unknown Source)
        at org.python.core.PyReflectedFunction.__call__(Unknown Source)
        at org.python.core.PyObject.__call__(Unknown Source)
        at org.python.core.PyObject.invoke(Unknown Source)
        at OamInternal_handler$py.patchUpgradeImpl$78(/Middleware/Oracle_IDM1/common/script_handlers/OamInternal_handler.py:1313)
        at OamInternal_handler$py.call_function(/Middleware/Oracle_IDM1/common/script_handlers/OamInternal_handler.py)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyFunction.__call__(Unknown Source)
        at org.python.core.PyObject.invoke(Unknown Source)
        at Oam_common$py.upgradeConfig$73(/Middleware/Oracle_IDM1/common/script_handlers/Oam_common.py:883)
        at Oam_common$py.call_function(/Middleware/Oracle_IDM1/common/script_handlers/Oam_common.py)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyFunction.__call__(Unknown Source)
        at org.python.core.PyObject.__call__(Unknown Source)
        at org.python.core.PyObject.invoke(Unknown Source)
        at org.python.pycode._pyx49.upgradeConfig$74(/Middleware/Oracle_IDM1/common/wlst/Oam.py:553)
        at org.python.pycode._pyx49.call_function(/Middleware/Oracle_IDM1/common/wlst/Oam.py)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyFunction.__call__(Unknown Source)
        at org.python.core.PyObject.__call__(Unknown Source)
        at org.python.pycode._pyx65.f$0(<console>:1)
        at org.python.pycode._pyx65.call_function(<console>)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyCode.call(Unknown Source)
        at org.python.core.Py.runCode(Unknown Source)
        at org.python.core.Py.exec(Unknown Source)
        at org.python.util.PythonInterpreter.exec(Unknown Source)
        at org.python.util.InteractiveInterpreter.runcode(Unknown Source)
        at org.python.util.InteractiveInterpreter.runsource(Unknown Source)
        at org.python.util.InteractiveInterpreter.runsource(Unknown Source)
        at weblogic.management.scripting.WLST.main(WLST.java:188)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at weblogic.WLST.main(WLST.java:29)
Unable to execute the commandupgradeConfig failed

Solution: 

Make sure the schema details are in UPPER case(SYS,PREFIX_OAM) and password is correct.
   

Monday, October 27, 2014

Error Code: 28001 org.eclipse.persistence.exceptions.DatabaseException Internal Exception: java.sql.SQLException: ORA-28001: the password has expired

Error:
######

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Info: Data source is: opss-DBDS
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
[EL Severe]: 2014-10-14 09:42:20.49--ServerSession(957605646)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: ORA-28001: the password has expired

Error Code: 28001
Oct 14, 2014 9:42:20 AM oracle.security.jps.internal.credstore.ldap.LdapCredentialStore init
WARNING: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-10000: There was an internal error in the policy store.
JPS-01055: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-10000: There was an internal error in the policy store.
Error: Diagnostics data was not saved to the credential store.
Error: Validate operation has failed.
Need to do the security configuration first!


Solution:
#########

Run the below queries

SELECT owner, comp_name, version, status, upgraded FROM schema_version_registry WHERE comp_name like '%Oracle%';esukl

Result:
#######

PROFILE                RESOURCE_NAME                                RESOURCE LIMIT
------------------------------ -------------------------------- ------------------------------------
DEFAULT                FAILED_LOGIN_ATTEMPTS              PASSWORD10
DEFAULT                PASSWORD_LIFE_TIME                     PASSWORDUNLIMITED
DEFAULT                PASSWORD_REUSE_TIME                 PASSWORDUNLIMITED
DEFAULT                PASSWORD_REUSE_MAX                  PASSWORDUNLIMITED
DEFAULT                PASSWORD_VERIFY_FUNCTION     PASSWORDNULL
DEFAULT                PASSWORD_LOCK_TIME                   PASSWORD1
DEFAULT                PASSWORD_GRACE_TIME                PASSWORDUNLIMITED
         
select USERNAME,EXPIRY_DATE,LOCK_DATE,ACCOUNT_STATUS from dba_users where username like '%DEV%';

Result:
#######

USERNAME               EXPIRY_DA LOCK_DATE    ACCOUNT_STATUS
------------------------------ --------- -----------------------------------------
DEV_SOAINFRA         OPEN
DEV_OIF                      OPEN
DEVBI_MDS                OPEN
DEV_IAU_APPEND    OPEN
DEV_ORASDPM         OPEN
DEV_IAU                     OPEN
DEVBI_BIPLATFORM    OPEN
DEV_IAU_VIEWER    OPEN
DEV_OAAM                OPEN
DEV_MDS                   OPEN
DEV_OAM                  OPEN
DEV_OPSS               09-OCT-14    EXPIRED

12 rows selected.

Per above result, it is evident that DEV_OPSS password has been expired. so we need to reset that

> alter user DEV_OPSS identified by Password123;

Restart everything :)

Tuesday, October 21, 2014

OIM Important Queries.

User Details:

  • select * from USR where UPPER(usr_login)='username'
AUDIT: 
  • select * from dev_oim.UPA_FIELDS UPA_FIELDS LEFT outer JOIN dev_oim.upa_usr  upa_USR ON upa_fields.upa_usr_key=upa_USR.UPA_USR_KEY where UPPER(upa_usr.usr_login) like 'userlogin'
Resource Audit: 
  • select * from dev_oim.UPA_RESOURCE
Plugins Info: 
  • select * from dev_oim.plugins
Audit Table: 
  •   select * from dev_oim.UPA where usr_key='userkey' order by upa_key desc
Jar file: 
  • select * from dev_oim.oimhome_jars

Plugins:
  •   select * from dev_oim.plugins

Wednesday, October 15, 2014

OIM SOAP Error: Bad response: 404 Not Found from url http://:14000/reqsvc/reqsvc

Error
Oct 15, 2014 5:50:49 PM EDT> <Warning> <oracle.integration.platform.blocks.soap> <BEA-000000> <Unable to invoke endpoint URI "http://:14000/reqsvc/reqsvc" successfully due to: Unable to invoke endpoint URI "http://:14000/reqsvc/reqsvc" successfully due to: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Bad response: 404 Not Found from url http://:14000/reqsvc/reqsvc>
<Oct 15, 2014 5:50:49 PM EDT> <Error> <oracle.soa.bpel.engine.ws> <BEA-000000> <got FabricInvocationException
javax.xml.soap.SOAPException: Bad response: 404 Not Found from url http://:14000/reqsvc/reqsvc
        at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection.processHttpResponseCode(HttpSOAPConnection.java:636)
        at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection.post2(HttpSOAPConnection.java:501)
        at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection$PrivilegedPost.run(HttpSOAPConnection.java:1287)
        at java.security.AccessController.doPrivileged(Native Method)
        at oracle.j2ee.ws.saaj.client.p2p.HttpSOAPConnection.call2(HttpSOAPConnection.java:229)
        at oracle.j2ee.ws.common.transport.HttpTransport.transmit(HttpTransport.java:75)
        at oracle.j2ee.ws.common.async.MessageSender.call(MessageSender.java:67)
        at oracle.j2ee.ws.common.async.Transmitter.transmitSync(Transmitter.java:134)
        at oracle.j2ee.ws.common.async.Transmitter.transmit(Transmitter.java:90)
        at oracle.j2ee.ws.common.async.RequestorImpl.transmit(RequestorImpl.java:273)


Solution: 

Deploy following jar on OIM server.

OIM_HOME/server/webapp/optional/reqsvc.ear.

Monday, September 29, 2014

OAM 11G R2 PS2: Issue during Google Apps Integration using Identity Federation


Error: 

When you try google URL after configuring SSO you will get system error instead of Login page.





[2014-09-29T18:06:17.373-04:00] [oam_server1] [WARNING] [OAM-02073] [oracle.oam.controller] [tid: [ACTIVE].ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c30ad4bc9da0dbee:-1b2a6850:148b3c4478d:-8000-000000000003d3c6,0] [APP: oam_server#11.1.2.0.0] Error while checking if the resource is protected or not.
[2014-09-29T18:06:17.375-04:00] [oam_server1] [WARNING] [] [oracle.oam.binding] [tid: [ACTIVE].ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c30ad4bc9da0dbee:-1b2a6850:148b3c4478d:-8000-000000000003d3c6,0] [APP: oam_server#11.1.2.0.0] OAM-02073


System error. Please re-try your action. If you continue to get this error, please contact the Administrator.

Cause: 

Basically while doing federation OAM looks for IAMSuiteAgent on port 80 and tries to apply policies that are created for IAMSuiteAgent on Google apps or any other federated application integration. 

This issue occurs only when IAMSuiteAgent was deleted in OAM Environment for some other reason. 

Solution: 

Create 10g Agent with the name IAMSuiteAgent


Modify Host Identifier and add port 80 because OAM check for port 80


Verify if policies for IAMSuiteAgent were created or not. 


Try hitting google apps URL: example mail.google.com/a/iamidm.com and you should get login page. 





Thursday, September 25, 2014

OIM 11G R2 PS2 Upgraded: Design Console Issue

Issue: 

Following issue while logging into design console.

javax.security.auth.login.LoginException: unable to find LoginModule class: org.jboss.security.ClientLoginModule



Solution: 










Try running xlclient.sh again.

Thanks !!!

Friday, September 19, 2014

Error While Creating Self-Signed Certificate in OHS

If you are creating self signed certificate as specified in Oracle documentation you may face following error :


Error:

Using configuration from openssl_silent_ohs11g.cnf
Error opening CA private key ./tools/openssl/simpleCA/cakey.pem
6089:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=unique_subject
6089:error:02001002:system library:fopen:No such file or directory:bss_file.c:276:fopen('./tools/openssl/simpleCA/cakey.pem','r')
6089:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278:
unable to load CA private key
Segmentation fault

When you are running: 

./openssl ca -config openssl_silent_ohs11g.cnf -policy policy_anything -batch -out aaa_cert.pem -infiles aaa_req.pem

Solution: 

Open the file openssl_silent_ohs11g.cnf using: 

$vi openssl_silent_ohs11g.cnf

Modify dir location to 

dir = ../openssl/simpleCA 

and re-run the command. 

./openssl ca -config openssl_silent_ohs11g.cnf -policy policy_anything -batch -out aaa_cert.pem -infiles aaa_req.pem

Oracle Doc: http://docs.oracle.com/cd/E28280_01/doc.1111/e38584/webgate_ohs.htm#CACIHHFA

Wednesday, September 17, 2014

Error: /identity and /sysadmin won't Come up after OIM Upgrade to 11g R2 PS2

Cause: 

If we start OIM server using node manager we won't get this error, we get this error because we are setting properties only in weblogic admin console which won't take effect if we are starting server without node manager. 

Error:

<Sep 17, 2014 11:18:57 AM EDT> <Error> <Deployer> <BEA-149205> <Failed to initialize the application 'oracle.iam.console.identity.sysadmin.ear [Version=V2.0]' due to error weblogic.management.DeploymentException: [J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml: [Extension-Name: oracle.iam.ui.model, exact-match: false], [Extension-Name: oracle.rules, exact-match: false]..
weblogic.management.DeploymentException: [J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml: [Extension-Name: oracle.iam.ui.model, exact-match: false], [Extension-Name: oracle.rules, exact-match: false].
at weblogic.application.internal.flow.CheckLibraryReferenceFlow.prepare(CheckLibraryReferenceFlow.java:26)
at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
at weblogic.application.internal.EarDeployment.prepare(EarDeployment.java:59)
Truncated. see log file for complete stacktrace
>
<Sep 17, 2014 11:18:57 AM EDT> <Emergency> <Deployer> <BEA-149259> <Server 'oim_server1' in cluster 'oim_Cluster' is being brought up in administration state due to failed deployments.>

Solution: 

Upgrade Process to Upgrade to R2PS2 could not take care of this and
setDomainEnv.sh was not modified as part of Upgrade Process. So it was
documented to add the UI performance parameters manually in the server
start-up params.

If these params are not getting picked up by node manager, one can
resort to editing the setDomainEnv.sh and provide these params in
EXTRA_JAVA_PROPERTIES

EXTRA_JAVA_PROPERTIES=" ${EXTRA_JAVA_PROPERTIES}
-DXL.HomeDir=${OIM_ORACLE_HOME}/server -Dscheduler.disabled=false
-Djava.security.auth.login.config=${OIM_ORACLE_HOME}/server/config/authwl.conf

-Dorg.owasp.esapi.resources=${OIM_ORACLE_HOME}/server/apps/oim.ear/APP-INF/cla
sses -Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1
-Djbo.ampool.maxavailablesize=120 -Djbo.recyclethreshold=60
-Djbo.ampool.timetolive=-1 -Djbo.load.components.lazily=true
-Djbo.doconnectionpooling=true -Djbo.txn.disconnect_level=1
-Djbo.connectfailover=false -Djbo.max.cursors=5
-Doracle.jdbc.implicitStatementCacheSize=5
-Doracle.jdbc.maxCachedBufferSize=19"
export EXTRA_JAVA_PROPERTIES

and check following libraries and other libraries after upgrade:


Other Posts