Monday, September 29, 2014

OAM 11G R2 PS2: Issue during Google Apps Integration using Identity Federation


Error: 

When you try google URL after configuring SSO you will get system error instead of Login page.





[2014-09-29T18:06:17.373-04:00] [oam_server1] [WARNING] [OAM-02073] [oracle.oam.controller] [tid: [ACTIVE].ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c30ad4bc9da0dbee:-1b2a6850:148b3c4478d:-8000-000000000003d3c6,0] [APP: oam_server#11.1.2.0.0] Error while checking if the resource is protected or not.
[2014-09-29T18:06:17.375-04:00] [oam_server1] [WARNING] [] [oracle.oam.binding] [tid: [ACTIVE].ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: c30ad4bc9da0dbee:-1b2a6850:148b3c4478d:-8000-000000000003d3c6,0] [APP: oam_server#11.1.2.0.0] OAM-02073


System error. Please re-try your action. If you continue to get this error, please contact the Administrator.

Cause: 

Basically while doing federation OAM looks for IAMSuiteAgent on port 80 and tries to apply policies that are created for IAMSuiteAgent on Google apps or any other federated application integration. 

This issue occurs only when IAMSuiteAgent was deleted in OAM Environment for some other reason. 

Solution: 

Create 10g Agent with the name IAMSuiteAgent


Modify Host Identifier and add port 80 because OAM check for port 80


Verify if policies for IAMSuiteAgent were created or not. 


Try hitting google apps URL: example mail.google.com/a/iamidm.com and you should get login page. 





Thursday, September 25, 2014

OIM 11G R2 PS2 Upgraded: Design Console Issue

Issue: 

Following issue while logging into design console.

javax.security.auth.login.LoginException: unable to find LoginModule class: org.jboss.security.ClientLoginModule



Solution: 










Try running xlclient.sh again.

Thanks !!!

Friday, September 19, 2014

Error While Creating Self-Signed Certificate in OHS

If you are creating self signed certificate as specified in Oracle documentation you may face following error :


Error:

Using configuration from openssl_silent_ohs11g.cnf
Error opening CA private key ./tools/openssl/simpleCA/cakey.pem
6089:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=unique_subject
6089:error:02001002:system library:fopen:No such file or directory:bss_file.c:276:fopen('./tools/openssl/simpleCA/cakey.pem','r')
6089:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278:
unable to load CA private key
Segmentation fault

When you are running: 

./openssl ca -config openssl_silent_ohs11g.cnf -policy policy_anything -batch -out aaa_cert.pem -infiles aaa_req.pem

Solution: 

Open the file openssl_silent_ohs11g.cnf using: 

$vi openssl_silent_ohs11g.cnf

Modify dir location to 

dir = ../openssl/simpleCA 

and re-run the command. 

./openssl ca -config openssl_silent_ohs11g.cnf -policy policy_anything -batch -out aaa_cert.pem -infiles aaa_req.pem

Oracle Doc: http://docs.oracle.com/cd/E28280_01/doc.1111/e38584/webgate_ohs.htm#CACIHHFA

Wednesday, September 17, 2014

Error: /identity and /sysadmin won't Come up after OIM Upgrade to 11g R2 PS2

Cause: 

If we start OIM server using node manager we won't get this error, we get this error because we are setting properties only in weblogic admin console which won't take effect if we are starting server without node manager. 

Error:

<Sep 17, 2014 11:18:57 AM EDT> <Error> <Deployer> <BEA-149205> <Failed to initialize the application 'oracle.iam.console.identity.sysadmin.ear [Version=V2.0]' due to error weblogic.management.DeploymentException: [J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml: [Extension-Name: oracle.iam.ui.model, exact-match: false], [Extension-Name: oracle.rules, exact-match: false]..
weblogic.management.DeploymentException: [J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml: [Extension-Name: oracle.iam.ui.model, exact-match: false], [Extension-Name: oracle.rules, exact-match: false].
at weblogic.application.internal.flow.CheckLibraryReferenceFlow.prepare(CheckLibraryReferenceFlow.java:26)
at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
at weblogic.application.internal.EarDeployment.prepare(EarDeployment.java:59)
Truncated. see log file for complete stacktrace
>
<Sep 17, 2014 11:18:57 AM EDT> <Emergency> <Deployer> <BEA-149259> <Server 'oim_server1' in cluster 'oim_Cluster' is being brought up in administration state due to failed deployments.>

Solution: 

Upgrade Process to Upgrade to R2PS2 could not take care of this and
setDomainEnv.sh was not modified as part of Upgrade Process. So it was
documented to add the UI performance parameters manually in the server
start-up params.

If these params are not getting picked up by node manager, one can
resort to editing the setDomainEnv.sh and provide these params in
EXTRA_JAVA_PROPERTIES

EXTRA_JAVA_PROPERTIES=" ${EXTRA_JAVA_PROPERTIES}
-DXL.HomeDir=${OIM_ORACLE_HOME}/server -Dscheduler.disabled=false
-Djava.security.auth.login.config=${OIM_ORACLE_HOME}/server/config/authwl.conf

-Dorg.owasp.esapi.resources=${OIM_ORACLE_HOME}/server/apps/oim.ear/APP-INF/cla
sses -Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1
-Djbo.ampool.maxavailablesize=120 -Djbo.recyclethreshold=60
-Djbo.ampool.timetolive=-1 -Djbo.load.components.lazily=true
-Djbo.doconnectionpooling=true -Djbo.txn.disconnect_level=1
-Djbo.connectfailover=false -Djbo.max.cursors=5
-Doracle.jdbc.implicitStatementCacheSize=5
-Doracle.jdbc.maxCachedBufferSize=19"
export EXTRA_JAVA_PROPERTIES

and check following libraries and other libraries after upgrade:


Friday, September 12, 2014

OAM 11g R2 PS2 upgrade Error

Error: 

Follow error occurs when you try to start Admin server and managed server after OAM upgrade from 11g r2 to 11g r2 ps2


<Sep 12, 2014 2:20:52 PM EDT> <Error> <Coherence> <BEA-000000> <2014-09-12 14:20:52.688/592.329 Oracle Coherence GE 3.7.1.1 <Error> (thread=JMX Framework document pooling thread, member=n/a): Error while starting cluster: java.lang.UnsupportedOperationException: Multicast is not supported by SSLSocketProvider(auth=two-way, identity=SunX509/file:/opt/oam/Oracle/11.1.2.0/Middleware/user_projects/domains/iam_domain/config/fmwconfig/.cohstore.jks, trust=PeerX509/file:/opt/oam/Oracle/11.1.2.0/Middleware/user_projects/domains/iam_domain/config/fmwconfig/.cohstore.jks), consider enabling well-known-addresses

<Sep 12, 2014 2:20:52 PM EDT> <Error> <oracle.oam.config> <BEA-000000> <Configuration initial load failed for /opt/oam/Oracle/11.1.2.0/Middleware/user_projects/domains/iam_domain/config/fmwconfig/oam-config.xml.>
<Sep 12, 2014 2:20:52 PM EDT> <Warning> <oracle.as.config.notification.filesystem.WatchingDocumentChangeNotifier> <BEA-000000> <Exception during change of document /opt/oam/Oracle/11.1.2.0/Middleware/user_projects/domains/iam_domain/config/fmwconfig/mbeans/oam/oam-dummy-config.xml.

oracle.security.am.admin.config.mgmt.exceptions.ConfigManagementRuntimeException: Configuration initial load failed for /opt/oam/Oracle/11.1.2.0/Middleware/user_projects/domains/iam_domain/config/fmwconfig/oam-config.xml.

Solution: 

To fix the "java.lang.RuntimeException: Jar definition /user_projects/domains/oam_domain/config/fmwconfig/mapstore-coherence.jar provided is invalid. " error seen when starting the admin server, edit the oam-config.xml file and do the following changes:

a) Increment the version, search Name="Version"
e.g
 <Setting Name="Version" Type="xsd:integer">18</Setting>
to
<Setting Name="Version" Type="xsd:integer">19</Setting>
 b)Search for the JMXConfig component, that is the line "<Setting Name="JMXConfig" Type="htf:map">".
Below the "<Setting Name="FileSet1" Type="htf:map"> line replace the line
 "<Setting Name="LibraryOffset" Type="xsd:string">${COMMON_COMPONENTS_HOME}/modules/oracle.coherence</Setting>"
by
"<Setting Name="LibraryOffset"
Type="xsd:string">${common.components.home}/modules/oracle.coherence</Setting>"

and below <Setting Name="FileSet2" Type="htf:map"> replace the line
 "<Setting Name="LibraryOffset" Type="xsd:string"></Setting>"
 by
"<Setting Name="LibraryOffset" Type="xsd:string">${OAM_ORACLE_HOME}/server/lib/jmx</Setting>" 



Reference: Doc ID 1677978.1

Issue while upgrading 11gR2 to 11g R2 PS2


Issue:

Cause for the issue is because of difference in database details in different files. We need to make sure all files got same details.

During the process of upgrade when you run:


upgradeConfig('' ' ' ' '' ); as a process of system 

Internal Exception: java.sql.SQLException: Listener refused the connection with the following error:
ORA-12514, TNS:listener does not currently know of service requested in connect descriptor

Error Code: 12514
Sep 12, 2014 12:08:57 PM oracle.security.jps.internal.credstore.ldap.LdapCredentialStore init
WARNING: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-10000: There was an internal error in the policy store.
Sep 12, 2014 12:08:57 PM oracle.security.am.common.utilities.crypto.OAMKeyStore <init>
WARNING: Failed to initialize keystoreJPS-01055: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-10000: There was an

internal error in the policy store.
Sep 12, 2014 12:08:57 PM oracle.security.am.common.utilities.crypto.OAMKeyStore <init>
WARNING: Failed to get KeyStoreEntrynull
Sep 12, 2014 12:08:57 PM oracle.security.am.common.utilities.crypto.OAMKeyStore <init>
WARNING: Failed to initialize coherence keynull
Sep 12, 2014 12:08:57 PM oracle.security.am.common.utilities.crypto.OAMKeyStore <init>
WARNING: Failed to initialize OAM assertion keynull
Sep 12, 2014 12:08:57 PM oracle.security.am.common.utilities.crypto.OAMKeyStore getCoherenceKeyStorePassword
INFO: Cache value null for  coherenceKeyStorePwd, hence fetching from CSF
Sep 12, 2014 12:08:57 PM oracle.security.am.foundation.mapimpl.coherence.CoherenceMapImpl configureGlobalProperties
INFO: Value for Well known address enable setting :true
Sep 12, 2014 12:08:57 PM oracle.security.am.foundation.mapimpl.coherence.CoherenceMapImpl configureGlobalProperties
INFO: Value for encryption enable setting  :true
Sep 12, 2014 12:08:57 PM oracle.security.am.common.utilities.crypto.OAMKeyStore getCoherenceKeyStorePassword
INFO: Cache value null for  coherenceKeyStorePwd, hence fetching from CSF
Sep 12, 2014 12:08:57 PM oracle.security.am.upgrade.framework.psfe.PSFEFramework process
SEVERE: Exception has occurred while processing featureID: CoherenceAddLicenseMode. Stopping the process after calling rollback.
oracle.security.am.admin.config.exceptions.ObjectCreationException: Cannot get implementation for type Locks.
        at oracle.security.am.admin.config.util.GenericFactory.readObject(GenericFactory.java:256)
        at oracle.security.am.admin.config.util.GenericFactory.validateAndGetObjectForMap(GenericFactory.java:126)
        at oracle.security.am.admin.config.util.GenericFactory.getInstance(GenericFactory.java:176)
        at oracle.security.am.admin.config.util.locks.CohLockProvider.getMap(CohLockProvider.java:81)
        at oracle.security.am.admin.config.util.locks.CohLockProvider.lock(CohLockProvider.java:168)
        at oracle.security.am.admin.config.util.locks.ConfigLockManager.lock(ConfigLockManager.java:213)
        at oracle.security.am.admin.config.BasicFileConfigurationStore.applyUpdates(BasicFileConfigurationStore.java:397)
        at oracle.security.am.admin.config.BasicFileConfigurationStore.applyUpdates(BasicFileConfigurationStore.java:620)
        at oracle.security.am.lifecycle.config.upgrade.ConfigurationUpgradeTransformer.applyConfiguration(ConfigurationUpgradeTransformer.java:309)
        at oracle.security.am.lifecycle.config.upgrade.ConfigurationUpgradeTransformer.apply(ConfigurationUpgradeTransformer.java:441)
        at oracle.security.am.upgrade.framework.psfe.PSFEFramework.transformConfigXML(PSFEFramework.java:171)
        at oracle.security.am.upgrade.framework.psfe.PSFEFramework.process(PSFEFramework.java:323)
        at oracle.security.am.upgrade.framework.psfe.PSFEFramework.processOffline(PSFEFramework.java:195)
        at oracle.security.am.wlst.util.WLSTServerUtil.executeCommand(WLSTServerUtil.java:230)
        at oracle.security.am.wlst.WLSTWrapper.executeCommand(WLSTWrapper.java:152)
        at oracle.security.am.wlst.WLSTWrapper.execute(WLSTWrapper.java:107)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.python.core.PyReflectedFunction.__call__(Unknown Source)
        at org.python.core.PyReflectedFunction.__call__(Unknown Source)
        at org.python.core.PyObject.__call__(Unknown Source)
        at org.python.core.PyObject.invoke(Unknown Source)
        at OamInternal_handler$py.patchUpgradeImpl$78(/opt/oam/Oracle/11.1.2.0/Middleware/Oracle_IDM1/common/script_handlers/OamInternal_handler.py:1313)
        at OamInternal_handler$py.call_function(/opt/oam/Oracle/11.1.2.0/Middleware/Oracle_IDM1/common/script_handlers/OamInternal_handler.py)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyFunction.__call__(Unknown Source)
        at org.python.core.PyObject.invoke(Unknown Source)
        at Oam_common$py.upgradeConfig$73(/opt/oam/Oracle/11.1.2.0/Middleware/Oracle_IDM1/common/script_handlers/Oam_common.py:883)
        at Oam_common$py.call_function(/opt/oam/Oracle/11.1.2.0/Middleware/Oracle_IDM1/common/script_handlers/Oam_common.py)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyFunction.__call__(Unknown Source)
        at org.python.core.PyObject.__call__(Unknown Source)
        at org.python.core.PyObject.invoke(Unknown Source)
        at org.python.pycode._pyx55.upgradeConfig$74(/opt/oam/Oracle/11.1.2.0/Middleware/Oracle_IDM1/common/wlst/Oam.py:553)
        at org.python.pycode._pyx55.call_function(/opt/oam/Oracle/11.1.2.0/Middleware/Oracle_IDM1/common/wlst/Oam.py)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyFunction.__call__(Unknown Source)
        at org.python.core.PyObject.__call__(Unknown Source)
        at org.python.pycode._pyx65.f$0(<console>:1)
        at org.python.pycode._pyx65.call_function(<console>)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyCode.call(Unknown Source)
        at org.python.core.Py.runCode(Unknown Source)
        at org.python.core.Py.exec(Unknown Source)
        at org.python.util.PythonInterpreter.exec(Unknown Source)
        at org.python.util.InteractiveInterpreter.runcode(Unknown Source)
        at org.python.util.InteractiveInterpreter.runsource(Unknown Source)
        at org.python.util.InteractiveInterpreter.runsource(Unknown Source)
        at weblogic.management.scripting.WLST.main(WLST.java:188)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at weblogic.WLST.main(WLST.java:29)
Caused by: java.lang.RuntimeException: java.lang.NullPointerException
        at oracle.security.am.foundation.mapimpl.coherence.CoherenceMapImpl.configureSystemProperties(CoherenceMapImpl.java:331)
        at oracle.security.am.foundation.mapimpl.coherence.CoherenceMapImpl.init(CoherenceMapImpl.java:236)
        at oracle.security.am.foundation.mapimpl.coherence.CoherenceMapImpl.<init>(CoherenceMapImpl.java:225)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
        at oracle.security.am.admin.config.util.GenericFactory.getManager(GenericFactory.java:352)
        at oracle.security.am.admin.config.util.GenericFactory.getManager(GenericFactory.java:336)
        at oracle.security.am.admin.config.util.GenericFactory.readObject(GenericFactory.java:246)
        ... 58 more
Caused by: java.lang.NullPointerException
        at oracle.security.am.common.utilities.crypto.OAMKeyStore$6.run(OAMKeyStore.java:513)
        at java.security.AccessController.doPrivileged(Native Method)
        at oracle.security.am.common.utilities.crypto.OAMKeyStore.getCoherenceKeyStorePassword(OAMKeyStore.java:510)
        at oracle.security.am.foundation.mapimpl.coherence.CoherenceMapImpl.setSSLProperties(CoherenceMapImpl.java:640)
        at oracle.security.am.foundation.mapimpl.coherence.CoherenceMapImpl.configureGlobalProperties(CoherenceMapImpl.java:616)
        at oracle.security.am.foundation.mapimpl.coherence.CoherenceMapImpl.configureSystemProperties(CoherenceMapImpl.java:326)
        ... 67 more
Sep 12, 2014 12:08:57 PM oracle.security.am.wlst.WLSTWrapper execute
SEVERE: Unable to execute the WLST Command
java.lang.Exception: upgradeConfig failed
        at oracle.security.am.wlst.util.WLSTServerUtil.executeCommand(WLSTServerUtil.java:232)
        at oracle.security.am.wlst.WLSTWrapper.executeCommand(WLSTWrapper.java:152)
        at oracle.security.am.wlst.WLSTWrapper.execute(WLSTWrapper.java:107)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at OamInternal_handler$py.patchUpgradeImpl$78(/opt/oam/Oracle/11.1.2.0/Middleware/Oracle_IDM1/common/script_handlers/OamInternal_handler.py:1313)
        at OamInternal_handler$py.call_function(/opt/oam/Oracle/11.1.2.0/Middleware/Oracle_IDM1/common/script_handlers/OamInternal_handler.py)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyFunction.__call__(Unknown Source)
        at org.python.core.PyObject.invoke(Unknown Source)
        at Oam_common$py.upgradeConfig$73(/opt/oam/Oracle/11.1.2.0/Middleware/Oracle_IDM1/common/script_handlers/Oam_common.py:883)
        at Oam_common$py.call_function(/opt/oam/Oracle/11.1.2.0/Middleware/Oracle_IDM1/common/script_handlers/Oam_common.py)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyFunction.__call__(Unknown Source)
        at org.python.core.PyObject.__call__(Unknown Source)
        at org.python.core.PyObject.invoke(Unknown Source)
        at org.python.pycode._pyx55.upgradeConfig$74(/opt/oam/Oracle/11.1.2.0/Middleware/Oracle_IDM1/common/wlst/Oam.py:553)
        at org.python.pycode._pyx55.call_function(/opt/oam/Oracle/11.1.2.0/Middleware/Oracle_IDM1/common/wlst/Oam.py)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyTableCode.call(Unknown Source)
        at org.python.core.PyFunction.__call__(Unknown Source)
        at org.python.core.PyObject.__call__(Unknown Source)
        at org.python.pycode._pyx65.f$0(<console>:1)
        at org.python.pycode._pyx65.call_function(<console>)
        at org.python.core.PyTableCode.call(Unknown Source)
        at weblogic.WLST.main(WLST.java:29)
Unable to execute the commandupgradeConfig failed
wls:/offline> Sep 12, 2014 12:09:21 PM oracle.security.am.foundation.mapimpl.coherence.CoherenceM

Solution:

Follow:

  • Change jdbc configuration via WLS admin console
  • There are two DataSource that need to be modified with new hostname-  oamDS and opss-DBDS
  • WLS Admin console ->Services -> DataSources -> oamDS -> Connection Pool
  • If WLS console is not not accessable then we can modify  oam-db-jdbc.xml and opss-jdbc.xml in  /config/jdbc

Example-

<Middleware>/user_projects/domains/base_domain/config/jdbc
Refer- Task 6 Change the System Data Source
http://docs.oracle.com/cd/E27559_01/core.1112/e28516/host.htm#CHDJBHJH


2. Make sure to  modify below config files too -
   
/config/fmwconfig/jps-config-jse.xml 
/config/fmwconfig/jps-config-migration.xml,
/config/fmwconfig/jps-config.xml


Reference: 
OAM 11gR2PS2 Admin and managed Servers Fail To Start After Database Hostname Change (Doc ID 1641424.1)

Other Posts