Google Search
Showing posts with label OIM 11g R2 PS2. Show all posts
Showing posts with label OIM 11g R2 PS2. Show all posts

Sunday, January 29, 2017

java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword" "read")

Issue:
java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword" "read")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
        at java.security.AccessController.checkPermission(AccessController.java:560)
        at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
        Truncated. see log file for complete stacktrace
Caused By: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword" "read")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
        at java.security.AccessController.checkPermission(AccessController.java:560)
        at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
        Truncated. see log file for complete stacktrace

Fix/Resolution:

1.       Take the backup of weblogic.policy file to recover easily in case of any issues.
a.        Go to $WLS_HOME/server/lib/weblogic.policy
b.       cp weblogic.policy weblogic.policy_backup

2.       Add the below lines(end of the file) into weblogic.policy file
                        grant codeBase "file:$MW_HOME/patch_wls1036/patch_jars/*" {
permission java.security.AllPermission;
};

3.       Take the backup of system-jazn-data.xml file to recover easily in case of any issues
a.        Go to $DOMAIN_HOME/config/fmwconfig/system-jazn-data.xml
b.       $cp system-jazn-data.xml system-jazn-data.xml_backup

4.       Add the below lines (end of the file) into $DOMAIN_HOME/config/fmwconfig/system-jazn-data.xml:

<grant>
  <grantee>
    <codesource>
      <url>file:${wls.home}/../../patch_wls1036/patch_jars/*</url>
    </codesource>
  </grantee>
        <permissions>
                        <permission>
 <class>oracle.security.jps.service.credstore.CredentialAccessPermission</class>
     <name>context=SYSTEM,mapName=oim,keyName=*</name>
     <actions>read,write</actions>
                        </permission>
   </permissions>
</grant>
5.        Restart Admin and managed servers.

            NOTE: Kindly note, MW_HOME will vary from environment to environment depends on your machine path.
                          Also, similar solution is applicable to any component like OAM/OIF/OID etc..

           Hope this post helps you to resolve this issue. 
          
           Thank you for reading out my blog !!
Posted by at No comments:

Saturday, December 31, 2016

OIM11g R2 PS2 (11.1.2.2) configuration steps throws Exception occurred while encrypting the configuration and database

Issue: 


When progressing through the Oracle Identity and Access Management Configuration, the 'Configure OIM Server' status would fail with the error Exception occurred while encrypting the configuration and database, step Configure OIM Server failed



Investigation: Try to find the error details from logs as per the screenshot. i.e... /home/oracle/app/oraInventory/logs/<latest log>.


As per log, (DEV_OIM.UK_MLS_LOCALE_MLS_LOCALE_CODE) violated error whilst accompanied with Caused by: java.lang.Exception: Exception occurred in updateMLSLocale method while updating Locale to OIM DB as well as Caused by: java.lang.Exception: Exception occurred while encrypting the database error
Fix: 

1. Simply take the backup of existing MLS_LOCALE table under DEV_OIM schema by following the below steps.
a.       Connect to your database using DEV_OIM schema(sql developer)
b.      Take the backup of MLS_LOCALE using below sql command
                Create table MLS_LOCALE_bkp as (select * from MLS_LOCALE);
c.       Truncate the original table name MLS_LOCALE
                Truncate table MLS_LOCALE;
2. Re-run the OIM configuration step
    Go to cd $OIM_HOME/bin (or) $MW_HOME/Oracle_IDM1/bin -> ./config.sh 

NOTE: If you are trying to connect to your database using sys account, then you have append Schema name before table. 

 Eg: truncate table DEV_OIM.MLS_LOCALE;  --- If you are using sys account in DB


It should fix the issue. 

Posted by at No comments:

Saturday, June 25, 2016

OPSS Unable to start WL Server XML20108 Fatal Error JPS02592 Failed To Push Ldap Config Data To LibOvd

Issue:

 Jun 21, 2016 7:03:16 PM oracle.security.jps.internal.igf.ovd.OvdIGFServiceProvider pushLdapNamesTolibOvd SEVERE: JPS-02592
<Jun 21, 2016 7:03:16 PM SGT> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-02592: Failed to push ldap config data to libOvd for service instance "idstore.ldap" in JPS context "default", cause: org.xml.sax.SAXException: Error Parsing at line #1: 1.org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; <Line 1, Column 1>: XML-20108: (Fatal Error) Start of root element expected.>
<Jun 21, 2016 7:03:16 PM SGT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-02592: Failed to push ldap config data to libOvd for service instance "idstore.ldap" in JPS context "default", cause: org.xml.sax.SAXException: Error Parsing at line #1: 1.org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; <Line 1, Column 1>: XML-20108: (Fatal Error) Start of root element expected.
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-02592: Failed to push ldap config data to libOvd for service instance "idstore.ldap" in JPS context "default", cause: org.xml.sax.SAXException: Error Parsing at line #1: 1.
org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; <Line 1, Column 1>: XML-20108: (Fatal Error) Start of root element expected.
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
        at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
        at weblogic.security.SecurityService.start(SecurityService.java:141)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsRuntimeException: JPS-02592: Failed to push ldap config data to libOvd for service instance "idstore.ldap" in JPS context "default", cause: org.xml.sax.SAXException: Error Parsing at line #1: 1.
org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; <Line 1, Column 1>: XML-20108: (Fatal Error) Start of root element expected.
        at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:172)
        at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:375)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        Truncated. See log file for complete stacktrace

Resolution:



1.       Please verify whether your file system having disk space issues ($df -h in case of Linux). One of the causes of XML files corruption is seen when there is a filesystem full condition.
2.       If it is not relates to file system space issues, then it might be because of corrupted adapters.os_xml
3.       As additional symptom $DOMAIN_HOME/config/fmwconfig/ovd/default/server.os_xml was detected as zero (0) bytes.
Corruption of the adapters.os_xml or server.os_xml under this LibOVD location file may lead to Weblogic server startup failure.
Please navigate to the fmwconfig folder and check the adapters.os_xml or server.os_xml file or both
$DOMAIN_HOME/config/fmwconfig/ovd/default/adapters.os_xml
There are chances the any of those xml file could be corrupted due to which the Weblogic server fails to start.
4.       In case the file is corrupted, please perform the following steps:
a.       Take a backup of $DOMAIN_HOME/config/fmwconfig/ovd/default/adapters.os_xml  or  server.os_xml
b.      Delete corrupted adapters.os_xml or server.os_xml files under
 $DOMAIN_HOME/config/fmwconfig/ovd/default/adapters.os_xml
c.       Copy adapters.os_xml or server.os_xml from
         $MW_HOME/oracle_common/modules/oracle.ovd_11.1.1/templates/ to
         $DOMAIN_HOME/config/fmwconfig/ovd/default/. Or restore files from backup.
5.        Restart the server. It should works!!

 Hope this post helps you to resolve this issue.

Posted by at No comments:

Wednesday, December 9, 2015

Creating a wlfullclient.jar and Design console configuration


Use the following steps to create a wlfullclient.jar file :

   1. Change directories to the server/lib directory.

         $cd WL_HOME/server/lib

   2. Use the following command to create wlfullclient.jar in the server/lib directory:

         $java -jar wljarbuilder.jar

    3. wlfullclient.jar file will created under $WL_HOME/server/lib

   4.You can now copy and bundle the wlfullclient.jar to $OIM_HOME/designconsole/lib and

       $OIM_HOME/designconsole/ext folders.

   5.  Add the wlfullclient.jar to the client application's class path.

Note : For both Windows and Linux platforms, wlfullclient.jar file generation procedure is same in OIM.

Hope this will helps you !!
Posted by at No comments:

javax.security.auth.login.LoginException in OIM Design Console


Issue :

javax.security.auth.login.LoginException: java.lang.RuntimeException: Failed to instantiate MD5 SecureRandom: Unsupported algorithm

The javax.security.auth.login.LoginException: java.lang.RuntimeException: Failed to instantiate MD5 SecureRandom: Unsupported algorithm exception is thrown after clicking the Login Button in the Oracle Identity Manager Design Console.

Error:

Error Keyword: DAE.LOGON_DENIED
Description: Invalid Login.
Remedy: Contact your system administrator.
Action: E
Severity: H
Help URL:
Detail:
javax.security.auth.login.LoginException: java.lang.RuntimeException: Failed to instantiate MD5 SecureRandom: Unsupported algorithm, MD5Random, selected for FIPS140 mode: FIPS140_SSL
at com.certicom.tls.interfaceimpl.TLSSystem.getRandomNumberGenerator(Unknown Source)
at com.certicom.tls.record.handshake.MessageRandom.initialize(Unknown Source)
at com.certicom.tls.record.handshake.MessageRandom.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.startHandshake(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.startHandshake(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
at java.io.DataOutputStream.flush(DataOutputStream.java:107)
at weblogic.rjvm.t3.MuxableSocketT3.connect(MuxableSocketT3.java:406)
at weblogic.rjvm.t3.ConnectionFactoryT3S.createConnection(ConnectionFactoryT3S.java:44)
at weblogic.rjvm.ConnectionManager.createConnection(ConnectionManager.java:1784)
at weblogic.rjvm.ConnectionManager.findOrCreateConnection(ConnectionManager.java:1424)
at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:443)
at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:322)
at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:254)
at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:197)
at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:238)
at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:200)
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:170)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:153)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:96)
at weblogic.security.auth.Authenticate.authenticate(Authenticate.java:80)
at weblogic.security.auth.login.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:184)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:684)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at Thor.API.Security.LoginHandler.weblogicLoginHandler.login(weblogicLoginHandler.java:62)
at oracle.iam.platform.OIMClient.login(OIMClient.java:134)
at oracle.iam.platform.OIMClient.login(OIMClient.java:114)
at com.thortech.xl.client.base.tcAppWindow.internalLogin(tcAppWindow.java:585)
at com.thortech.xl.client.base.tcAppWindow.login(tcAppWindow.java:504)
at com.thortech.xl.client.base.tcAppWindow.<init>(tcAppWindow.java:118)
at com.thortech.xl.client.base.tcAppWindow.main(tcAppWindow.java:174)

Solution 1:

The cryptoj.jar file is missing in the $WLS_HOME/lib directory. Copy the cryptoj.jar file from

$WLS_HOME/lib to $OIM_HOME/designconsole/ext directory.

Solution 2:

If crypto.jar file available, still you are getting an login issue means try the following options :

1. Try to create wlfullclient.jar file and copy it to design console lib and ext directories

2. Verify provided OIM Username and Password is correct

Hope this will helps you!

Posted by at No comments:

Monday, November 30, 2015

RCU 11g fails on Oracle Enterprise Linux 6.5 - RCU-6130 and RCU-6136:Error while trying to execute SQLPlus action

Issue:

While running the Repository Creation Utility 11g (RCU) from Oracle Enterprise Linux 6.5 (OEL6.5) 64bit, it is possible to have errors while creating the schema.

The Oracle Universal Installer will first throw errors in the graphical user interface such as RCU-6130 RCU-6136

Upon inspection of the RCU logs (RCU_HOME/rcu/log/logdir.date_timestamp/rcu.log), the following will be seen.
2015-11-13 11:16:47.199 ERROR rcu: oracle.sysman.assistants.rcu.backend.action.SQLPlusAction::perform: Error initializing SQLPlusEngine:
java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: Error initializing sqlplus.
    at oracle.sysman.assistants.common.dbutil.sqlplus.SQLPlusEngine.setDefaultEngineSettings(SQLPlusEngine.java:2144)
    at oracle.sysman.assistants.common.dbutil.sqlplus.SQLPlusEngine.initialize(SQLPlusEngine.java:352)
    at oracle.sysman.assistants.rcu.backend.action.SQLPlusAction.perform(SQLPlusAction.java:200)
    at oracle.sysman.assistants.rcu.backend.task.AbstractCompTask.execute(AbstractCompTask.java:243)
    at oracle.sysman.assistants.rcu.backend.task.ActualTask.run(TaskRunner.java:306)
    at java.lang.Thread.run(Thread.java:662)

2015-11-13 11:16:47.298 ERROR rcu: oracle.sysman.assistants.rcu.backend.task.ActualTask::run: RCU Operation Failed
oracle.sysman.assistants.common.task.TaskExecutionException: RCU-6136:Error while trying to execute SQLPlus action.
    at oracle.sysman.assistants.rcu.backend.task.AbstractCompTask.execute(AbstractCompTask.java:300)
    at oracle.sysman.assistants.rcu.backend.task.ActualTask.run(TaskRunner.java:306)
    at java.lang.Thread.run(Thread.java:662)
Caused by: oracle.sysman.assistants.common.task.ActionFailedException: RCU-6136:Error while trying to execute SQLPlus action.
    at oracle.sysman.assistants.rcu.backend.action.SQLPlusAction.perform(SQLPlusAction.java:211)
    at oracle.sysman.assistants.rcu.backend.task.AbstractCompTask.execute(AbstractCompTask.java:243)
    ... 2 more
Caused by: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: java.io.IOException: Error initializing sqlplus.
    at oracle.sysman.assistants.common.dbutil.sqlplus.SQLPlusEngine.setDefaultEngineSettings(SQLPlusEngine.java:2144)
    at oracle.sysman.assistants.common.dbutil.sqlplus.SQLPlusEngine.initialize(SQLPlusEngine.java:352)
    at oracle.sysman.assistants.rcu.backend.action.SQLPlusAction.perform(SQLPlusAction.java:200)
    ... 3 more
 These errors are most notably seen on Oracle Identity Management and Oracle Identity and Access Management schemas but can occur on any schema.

Resolution:

1. Please verify that Oracle Fusion Middleware is certified on your Linux Release

2. Please verify you have all of the required packages installed for your Operating System

3. Please give full permissions to RCU and it's sub folders before executing $./rcu command

     $cd RCU -> $chmod -R 777 * -> cd rcuHome/bin -> ./rcu

4. If the above steps do not solve the issue please try these potential workarounds.
Currently there is no fix for this issue on OEL6.5

a) Try downloading the Windows Version of the RCU and run it from a certified Windows platform.
b) Try using an older versioin of Linux such as OEL5
c) Try running the RCU from a 32-bit platform


Hope this will resolve your issue!
Posted by at No comments:

RCU 11g fails on MS Windows - RCU-6136:Error while trying to execute SQLPlus action

Error :

The Repository Creation Utility (RCU), running on MS Windows, fails when attempting to launch SQLPLUS.  The rcu.log shows the following errors:

NOTIFICATION rcu:
oracle.sysman.assistants.common.dbutil.jdbc.JDBCEngine::connect:
Connecting to database: user:jaltaie, role:SYSDBA,
connectString:(description=(address=(host=localhost)(protocol=tcp)(port=1521))(connect_data=(service_name=ORCLDW.MANAARNET.COM)(server=dedicated)))
2011-08-23 22:56:36.284 NOTIFICATION rcu: oracle.sysman.assistants.rcu.backend.action.SQLPlusAction::perform: paramString =
2015-11-23
22:56:36.452 ERROR rcu:
oracle.sysman.assistants.rcu.backend.action.SQLPlusAction::perform:
Error initializing SQLPlusEngine:
java.io.IOException:
java.io.IOException: java.io.IOException: java.io.IOException:
java.io.IOException: java.io.IOException: java.io.IOException:
java.io.IOException: java.io.IOException: java.io.IOException:
java.io.IOException: java.io.IOException: Error initializing sqlplus.
at oracle.sysman.assistants.common.dbutil.sqlplus.SQLPlusEngine.setDefaultEngineSettings(SQLPlusEngine.java:2113)
at oracle.sysman.assistants.common.dbutil.sqlplus.SQLPlusEngine.initialize(SQLPlusEngine.java:352)
at oracle.sysman.assistants.rcu.backend.action.SQLPlusAction.perform(SQLPlusAction.java:200)
at oracle.sysman.assistants.rcu.backend.task.AbstractCompTask.execute(AbstractCompTask.java:243)
at oracle.sysman.assistants.rcu.backend.task.ActualTask.run(TaskRunner.java:303)
at java.lang.Thread.run(Thread.java:619)

2015-11-23 22:56:36.454 ERROR rcu: oracle.sysman.assistants.rcu.backend.task.ActualTask::run: RCU Operation Failed
oracle.sysman.assistants.common.task.TaskExecutionException: RCU-6136:Error while trying to execute SQLPlus action.
at oracle.sysman.assistants.rcu.backend.task.AbstractCompTask.execute(AbstractCompTask.java:300)
at oracle.sysman.assistants.rcu.backend.task.ActualTask.run(TaskRunner.java:303)
at java.lang.Thread.run(Thread.java:619)
Caused by: oracle.sysman.assistants.common.task.ActionFailedException: RCU-6136:Error while trying to execute SQLPlus action.
at oracle.sysman.assistants.rcu.backend.action.SQLPlusAction.perform(SQLPlusAction.java:211)
at oracle.sysman.assistants.rcu.backend.task.AbstractCompTask.execute(AbstractCompTask.java:243)
... 2 more
Caused
by: java.io.IOException: java.io.IOException: java.io.IOException:
java.io.IOException: java.io.IOException: java.io.IOException:
java.io.IOException: java.io.IOException: java.io.IOException:
java.io.IOException: java.io.IOException: java.io.IOException: Errorinitializing sqlplus.
at oracle.sysman.assistants.common.dbutil.sqlplus.SQLPlusEngine.setDefaultEngineSettings(SQLPlusEngine.java:2113)
at oracle.sysman.assistants.common.dbutil.sqlplus.SQLPlusEngine.initialize(SQLPlusEngine.java:352)
at oracle.sysman.assistants.rcu.backend.action.SQLPlusAction.perform(SQLPlusAction.java:200)
... 3 more

Solution :

The msvcr71.dll is found under <RCU_HOME>\jdk\bin\

1. Copy <RCU_HOME>\jdk\bin\msvcr71.dll to the RCU_HOME bin directory

2. Launch the RCU program from the RCU_HOME bin directory

RCU_HOME/bin/rcu.bat

You may also need to set the ORACLE_HOME environment variable to your RCU home
Posted by at No comments:
Subscribe to: Posts (Atom)