Google Search
Showing posts with label OIM 11G R2 PS1. Show all posts
Showing posts with label OIM 11G R2 PS1. Show all posts

Sunday, January 29, 2017

java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword" "read")

Issue:
java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword" "read")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
        at java.security.AccessController.checkPermission(AccessController.java:560)
        at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
        Truncated. see log file for complete stacktrace
Caused By: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword" "read")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
        at java.security.AccessController.checkPermission(AccessController.java:560)
        at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
        Truncated. see log file for complete stacktrace

Fix/Resolution:

1.       Take the backup of weblogic.policy file to recover easily in case of any issues.
a.        Go to $WLS_HOME/server/lib/weblogic.policy
b.       cp weblogic.policy weblogic.policy_backup

2.       Add the below lines(end of the file) into weblogic.policy file
                        grant codeBase "file:$MW_HOME/patch_wls1036/patch_jars/*" {
permission java.security.AllPermission;
};

3.       Take the backup of system-jazn-data.xml file to recover easily in case of any issues
a.        Go to $DOMAIN_HOME/config/fmwconfig/system-jazn-data.xml
b.       $cp system-jazn-data.xml system-jazn-data.xml_backup

4.       Add the below lines (end of the file) into $DOMAIN_HOME/config/fmwconfig/system-jazn-data.xml:

<grant>
  <grantee>
    <codesource>
      <url>file:${wls.home}/../../patch_wls1036/patch_jars/*</url>
    </codesource>
  </grantee>
        <permissions>
                        <permission>
 <class>oracle.security.jps.service.credstore.CredentialAccessPermission</class>
     <name>context=SYSTEM,mapName=oim,keyName=*</name>
     <actions>read,write</actions>
                        </permission>
   </permissions>
</grant>
5.        Restart Admin and managed servers.

            NOTE: Kindly note, MW_HOME will vary from environment to environment depends on your machine path.
                          Also, similar solution is applicable to any component like OAM/OIF/OID etc..

           Hope this post helps you to resolve this issue. 
          
           Thank you for reading out my blog !!
Posted by at No comments:

Saturday, December 31, 2016

OIM11g R2 PS2 (11.1.2.2) configuration steps throws Exception occurred while encrypting the configuration and database

Issue: 


When progressing through the Oracle Identity and Access Management Configuration, the 'Configure OIM Server' status would fail with the error Exception occurred while encrypting the configuration and database, step Configure OIM Server failed



Investigation: Try to find the error details from logs as per the screenshot. i.e... /home/oracle/app/oraInventory/logs/<latest log>.


As per log, (DEV_OIM.UK_MLS_LOCALE_MLS_LOCALE_CODE) violated error whilst accompanied with Caused by: java.lang.Exception: Exception occurred in updateMLSLocale method while updating Locale to OIM DB as well as Caused by: java.lang.Exception: Exception occurred while encrypting the database error
Fix: 

1. Simply take the backup of existing MLS_LOCALE table under DEV_OIM schema by following the below steps.
a.       Connect to your database using DEV_OIM schema(sql developer)
b.      Take the backup of MLS_LOCALE using below sql command
                Create table MLS_LOCALE_bkp as (select * from MLS_LOCALE);
c.       Truncate the original table name MLS_LOCALE
                Truncate table MLS_LOCALE;
2. Re-run the OIM configuration step
    Go to cd $OIM_HOME/bin (or) $MW_HOME/Oracle_IDM1/bin -> ./config.sh 

NOTE: If you are trying to connect to your database using sys account, then you have append Schema name before table. 

 Eg: truncate table DEV_OIM.MLS_LOCALE;  --- If you are using sys account in DB


It should fix the issue. 

Posted by at No comments:

Wednesday, December 9, 2015

Creating a wlfullclient.jar and Design console configuration


Use the following steps to create a wlfullclient.jar file :

   1. Change directories to the server/lib directory.

         $cd WL_HOME/server/lib

   2. Use the following command to create wlfullclient.jar in the server/lib directory:

         $java -jar wljarbuilder.jar

    3. wlfullclient.jar file will created under $WL_HOME/server/lib

   4.You can now copy and bundle the wlfullclient.jar to $OIM_HOME/designconsole/lib and

       $OIM_HOME/designconsole/ext folders.

   5.  Add the wlfullclient.jar to the client application's class path.

Note : For both Windows and Linux platforms, wlfullclient.jar file generation procedure is same in OIM.

Hope this will helps you !!
Posted by at No comments:

javax.security.auth.login.LoginException in OIM Design Console


Issue :

javax.security.auth.login.LoginException: java.lang.RuntimeException: Failed to instantiate MD5 SecureRandom: Unsupported algorithm

The javax.security.auth.login.LoginException: java.lang.RuntimeException: Failed to instantiate MD5 SecureRandom: Unsupported algorithm exception is thrown after clicking the Login Button in the Oracle Identity Manager Design Console.

Error:

Error Keyword: DAE.LOGON_DENIED
Description: Invalid Login.
Remedy: Contact your system administrator.
Action: E
Severity: H
Help URL:
Detail:
javax.security.auth.login.LoginException: java.lang.RuntimeException: Failed to instantiate MD5 SecureRandom: Unsupported algorithm, MD5Random, selected for FIPS140 mode: FIPS140_SSL
at com.certicom.tls.interfaceimpl.TLSSystem.getRandomNumberGenerator(Unknown Source)
at com.certicom.tls.record.handshake.MessageRandom.initialize(Unknown Source)
at com.certicom.tls.record.handshake.MessageRandom.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.startHandshake(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.startHandshake(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at java.io.DataOutputStream.flush(DataOutputStream.java:107)
at weblogic.rjvm.t3.MuxableSocketT3.connect(MuxableSocketT3.java:406)
at weblogic.rjvm.t3.ConnectionFactoryT3S.createConnection(ConnectionFactoryT3S.java:44)
at weblogic.rjvm.ConnectionManager.createConnection(ConnectionManager.java:1784)
at weblogic.rjvm.ConnectionManager.findOrCreateConnection(ConnectionManager.java:1424)
at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:443)
at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:322)
at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:254)
at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:197)
at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:238)
at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:200)
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:170)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:153)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:96)
at weblogic.security.auth.Authenticate.authenticate(Authenticate.java:80)
at weblogic.security.auth.login.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:184)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:684)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at Thor.API.Security.LoginHandler.weblogicLoginHandler.login(weblogicLoginHandler.java:62)
at oracle.iam.platform.OIMClient.login(OIMClient.java:134)
at oracle.iam.platform.OIMClient.login(OIMClient.java:114)
at com.thortech.xl.client.base.tcAppWindow.internalLogin(tcAppWindow.java:585)
at com.thortech.xl.client.base.tcAppWindow.login(tcAppWindow.java:504)
at com.thortech.xl.client.base.tcAppWindow.<init>(tcAppWindow.java:118)
at com.thortech.xl.client.base.tcAppWindow.main(tcAppWindow.java:174)

Solution 1:

The cryptoj.jar file is missing in the $WLS_HOME/lib directory. Copy the cryptoj.jar file from

$WLS_HOME/lib to $OIM_HOME/designconsole/ext directory.

Solution 2:

If crypto.jar file available, still you are getting an login issue means try the following options :

1. Try to create wlfullclient.jar file and copy it to design console lib and ext directories

2. Verify provided OIM Username and Password is correct

Hope this will helps you!

Posted by at No comments:

Monday, November 30, 2015

RCU 11g fails on Oracle Enterprise Linux 6.5 - RCU-6130 and RCU-6136:Error while trying to execute SQLPlus action

Issue:

While running the Repository Creation Utility 11g (RCU) from Oracle Enterprise Linux 6.5 (OEL6.5) 64bit, it is possible to have errors while creating the schema.

The Oracle Universal Installer will first throw errors in the graphical user interface such as RCU-6130 RCU-6136

Upon inspection of the RCU logs (RCU_HOME/rcu/log/logdir.date_timestamp/rcu.log), the following will be seen.
2015-11-13 11:16:47.199 ERROR rcu: oracle.sysman.assistants.rcu.backend.action.SQLPlusAction::perform: Error initializing SQLPlusEngine:
java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: Error initializing sqlplus.
    at oracle.sysman.assistants.common.dbutil.sqlplus.SQLPlusEngine.setDefaultEngineSettings(SQLPlusEngine.java:2144)
    at oracle.sysman.assistants.common.dbutil.sqlplus.SQLPlusEngine.initialize(SQLPlusEngine.java:352)
    at oracle.sysman.assistants.rcu.backend.action.SQLPlusAction.perform(SQLPlusAction.java:200)
    at oracle.sysman.assistants.rcu.backend.task.AbstractCompTask.execute(AbstractCompTask.java:243)
    at oracle.sysman.assistants.rcu.backend.task.ActualTask.run(TaskRunner.java:306)
    at java.lang.Thread.run(Thread.java:662)

2015-11-13 11:16:47.298 ERROR rcu: oracle.sysman.assistants.rcu.backend.task.ActualTask::run: RCU Operation Failed
oracle.sysman.assistants.common.task.TaskExecutionException: RCU-6136:Error while trying to execute SQLPlus action.
    at oracle.sysman.assistants.rcu.backend.task.AbstractCompTask.execute(AbstractCompTask.java:300)
    at oracle.sysman.assistants.rcu.backend.task.ActualTask.run(TaskRunner.java:306)
    at java.lang.Thread.run(Thread.java:662)
Caused by: oracle.sysman.assistants.common.task.ActionFailedException: RCU-6136:Error while trying to execute SQLPlus action.
    at oracle.sysman.assistants.rcu.backend.action.SQLPlusAction.perform(SQLPlusAction.java:211)
    at oracle.sysman.assistants.rcu.backend.task.AbstractCompTask.execute(AbstractCompTask.java:243)
    ... 2 more
Caused by: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: Error initializing sqlplus.
    at oracle.sysman.assistants.common.dbutil.sqlplus.SQLPlusEngine.setDefaultEngineSettings(SQLPlusEngine.java:2144)
    at oracle.sysman.assistants.common.dbutil.sqlplus.SQLPlusEngine.initialize(SQLPlusEngine.java:352)
    at oracle.sysman.assistants.rcu.backend.action.SQLPlusAction.perform(SQLPlusAction.java:200)
    ... 3 more
 These errors are most notably seen on Oracle Identity Management and Oracle Identity and Access Management schemas but can occur on any schema.

Resolution:

1. Please verify that Oracle Fusion Middleware is certified on your Linux Release

2. Please verify you have all of the required packages installed for your Operating System

3. Please give full permissions to RCU and it's sub folders before executing $./rcu command

     $cd RCU -> $chmod -R 777 * -> cd rcuHome/bin -> ./rcu

4. If the above steps do not solve the issue please try these potential workarounds.
Currently there is no fix for this issue on OEL6.5

a) Try downloading the Windows Version of the RCU and run it from a certified Windows platform.
b) Try using an older versioin of Linux such as OEL5
c) Try running the RCU from a 32-bit platform


Hope this will resolve your issue!
Posted by at No comments:

RCU 11g fails on MS Windows - RCU-6136:Error while trying to execute SQLPlus action

Error :

The Repository Creation Utility (RCU), running on MS Windows, fails when attempting to launch SQLPLUS.  The rcu.log shows the following errors:

NOTIFICATION rcu:
oracle.sysman.assistants.common.dbutil.jdbc.JDBCEngine::connect:
Connecting to database: user:jaltaie, role:SYSDBA,
connectString:(description=(address=(host=localhost)(protocol=tcp)(port=1521))(connect_data=(service_name=ORCLDW.MANAARNET.COM)(server=dedicated)))
2011-08-23 22:56:36.284 NOTIFICATION rcu: oracle.sysman.assistants.rcu.backend.action.SQLPlusAction::perform: paramString =
2015-11-23
22:56:36.452 ERROR rcu:
oracle.sysman.assistants.rcu.backend.action.SQLPlusAction::perform:
Error initializing SQLPlusEngine:
java.io.IOException:
java.io.IOException: java.io.IOException: java.io.IOException:
java.io.IOException: java.io.IOException: java.io.IOException:
java.io.IOException: java.io.IOException: java.io.IOException:
java.io.IOException: java.io.IOException: Error initializing sqlplus.
at oracle.sysman.assistants.common.dbutil.sqlplus.SQLPlusEngine.setDefaultEngineSettings(SQLPlusEngine.java:2113)
at oracle.sysman.assistants.common.dbutil.sqlplus.SQLPlusEngine.initialize(SQLPlusEngine.java:352)
at oracle.sysman.assistants.rcu.backend.action.SQLPlusAction.perform(SQLPlusAction.java:200)
at oracle.sysman.assistants.rcu.backend.task.AbstractCompTask.execute(AbstractCompTask.java:243)
at oracle.sysman.assistants.rcu.backend.task.ActualTask.run(TaskRunner.java:303)
at java.lang.Thread.run(Thread.java:619)

2015-11-23 22:56:36.454 ERROR rcu: oracle.sysman.assistants.rcu.backend.task.ActualTask::run: RCU Operation Failed
oracle.sysman.assistants.common.task.TaskExecutionException: RCU-6136:Error while trying to execute SQLPlus action.
at oracle.sysman.assistants.rcu.backend.task.AbstractCompTask.execute(AbstractCompTask.java:300)
at oracle.sysman.assistants.rcu.backend.task.ActualTask.run(TaskRunner.java:303)
at java.lang.Thread.run(Thread.java:619)
Caused by: oracle.sysman.assistants.common.task.ActionFailedException: RCU-6136:Error while trying to execute SQLPlus action.
at oracle.sysman.assistants.rcu.backend.action.SQLPlusAction.perform(SQLPlusAction.java:211)
at oracle.sysman.assistants.rcu.backend.task.AbstractCompTask.execute(AbstractCompTask.java:243)
... 2 more
Caused
by: java.io.IOException: java.io.IOException: java.io.IOException:
java.io.IOException: java.io.IOException: java.io.IOException:
java.io.IOException: java.io.IOException: java.io.IOException:
java.io.IOException: java.io.IOException: java.io.IOException: Errorinitializing sqlplus.
at oracle.sysman.assistants.common.dbutil.sqlplus.SQLPlusEngine.setDefaultEngineSettings(SQLPlusEngine.java:2113)
at oracle.sysman.assistants.common.dbutil.sqlplus.SQLPlusEngine.initialize(SQLPlusEngine.java:352)
at oracle.sysman.assistants.rcu.backend.action.SQLPlusAction.perform(SQLPlusAction.java:200)
... 3 more

Solution :

The msvcr71.dll is found under <RCU_HOME>\jdk\bin\

1. Copy <RCU_HOME>\jdk\bin\msvcr71.dll to the RCU_HOME bin directory

2. Launch the RCU program from the RCU_HOME bin directory

RCU_HOME/bin/rcu.bat

You may also need to set the ORACLE_HOME environment variable to your RCU home
Posted by at No comments:

Monday, November 9, 2015

OIM Interview Questions

  1. What are the new features in PS3?
  2. What are the differences between PS2 and PS3?
  3. How do you identify rogue account creation in target system?
  4. What is the high level architecture of OIM 11g R2?
  5. List out difference between OIM 9.1 and 11g and possibly 11gR2
  6. What are the new features in 11gR2 PS2 , PS3
  7. How do you save multi-valued attribute in process form and how the linking happens between process form & child form ,   1 child form per multi valued attribute
  8. Can we still use entity adapters in OIM 11g
  9. What is plugin service in oim 11g/ what is the orchestration service in oim 11g.
  10. What is the difference between entity match found and process match found?
  11. What are service accounts in oim?
  12. Why remote manager is used?
  13. What is a connector server and types of connector server available?
  14. What is ICF, ICF architecture?
  15. Why connector server (ICF) is used. Can connector server replace remote manager? Types of connector server.  Which OOTB connector is ICF based now - 11g?
  16. What is Lookup.USR_PROCESS_TRIGGERS, how data flow happens during provisioning.
  17. How will you develop a custom connector from scratch? List all the components involved.
  18. What are the different types of adapters and under which circumstances they are used.
  19. List some OIM API java classes.  How do we initialize the api before we can use them  (example tcUserOperationsIntf)
  20. List some differences in api classes / new classes from 11g point of view
  21. How you create a plugin in oim 11g (packaging, registration, MDS seeding etc.)
  22. Difference between execute and bulk Execute in post process handler and under which scenarios they are used?
  23. Can preprocess event handler be used during trusted user recon
  24. Email templates are now removed in oim 11g and how do we send emails in oim 11g?
  25. What are notification templates, notification resolvers, notification event xml file registration?
  26. Oim 9.1 - formmetadata.xml - why we use it and what all is possible by changing/configuring it.
  27. How do you modify self-registration page in 11g?
  28. A lot of questions on MDS , how we use it, what all configuration objects are stored, the structure of configuration objects , oim-config.xml, list some very common file names
  29. What is the difference between object form and process form (9.1)
  30. What has replaced object form in 11g?
  31. What is the difference between approval policy, authorization policy and access policy?
  32. How do we deploy the SOA workflows in 11g?
  33. What is basic Request Templates model, how are they extended to create custom ones, how authorization is enforced while defining new one,  Is it possible that certain set of users can only see the certain request templates (yes).
  34. How do you create a custom scheduled task in OIM 11g?
  35. How do you create a custom plugin in OIM 11g?
  36. What performance improvement measures have been implemented in OIM 11g in terms of reconciliation?
  37. How do you use task assignment adapter in OIM?
  38. Under what circumstances spml is used?
  39. Attestation - Why / what / when / how?
  40. Certification - Why / what / when / how?
  41. List out the difference between LDAP sync and OID Connector when both can essentially sync the user info between oim and OID (11g )
  42. How can you disable certain menu item on OIM 11g R2 PS2 based on the user's role?
  43. What is request dataset status change plugin and how do you use it?
  44. What is request dataset validator plugin and how do you use it?
  45. What are application instances, disconnected applications?
  46. What is a sandbox and how will you go about doing sandbox management, its issues and limitations?
  47. What is a dynamic organization and how do we use it ?
  48. Pre Process Event Handlers are applicable on what all entities and event types?
  49. What is a catalog, what all it contains, how do you publish item to a catalog, how will you do catalog management?
  50. What is a public task flow and how do you develop and use it in OIM?
  51. What is Access Policy Harvesting and how will you set it up?
  52. Difference between OIM 11g R1 and OIM 11g R2?
  53. Difference between OIM 10g and OIM 11g R2?
  54. What is Request Catalog?
  55. What is Request Profile?
  56. Difference between Application Instance and Resource Object?
  57. What are Admin Roles?
  58. Experience with UI Customization in OIM 11g R2?
  59. Experience with ICF Connector?
  60. Experience in upgrading existing OIM implementation to OIM 11g R2?
  61. List of connectors which you have worked on?
  62. High level steps for Custom Connector?
  63. What are Archival Utilities?
  64. How do you hide Admin Links for End Users from Identity Console?
  65. What are factors which one should keep in mind for upgrade project?
  66. How will you plan an upgrade project?
Hope the above interview questions will helps you!
Posted by at No comments:

OIM 11g R2 PS2 Support Interview Questions



Below are the basic level OIM support interview questions. Depends on the interviewer and depends on the project, questions may vary.

  1. What are the new features in PS3?
  2. What are the differences between PS2 and PS3?
  3. How do you identify rogue account creation in target system?
  4. What is the high level architecture of OIM 11g R2?
  5. What are the new features in 11gR2 PS2 , PS3
  6. What are Archival Utilities?
  7. What are factors which one should keep in mind for upgrade project?
  8. How will you plan an upgrade project?
  9. What are the high level steps to install OIM 11g R2 PS2 on High Availability Mode?
  10. What is the use of Node Manager?
  11. How many ways, we can start or stop the entire managed servers in OIM?
  12. How to verify the logs in OIM?
  13. How to troubleshoot the provisioning issues in OIM 11g R2 PS2?
  14. What are the high levels steps to perform performance tuning in OIM 11g R2 PS2?
  15. How to assign/remove admin privileges to a user in OIM 11g R2 PS2?
  16. How to troubleshoot Reconciliation issues in OIM 11g R2 PS2?
  17. How many schemas will be created while installing RCU for OIM?
  18. What is the use of Load Balancer and Clustering?
  19. List of table names you knows in OIM 11g R2 PS2?
  20. How many ways we can upload/register .jar files in OIM 11g R2 PS2?
  21. How to change the log levels in OIM 11g R2 PS2?
  22. How to resolve password issues in OIM 11g R2 PS2?
  23. How to assign/revoke specific group access to a user in OIM 11g R2 PS2?
  24. What is catalog and usage?
  25. What is Sandbox and usage?
  26. How do we get reports in OIM 11g R2 PS2?
Hope these questions will helps you!

Posted by at No comments:
Subscribe to: Posts (Atom)