Cloud and Mobile Security

Tuesday, March 12, 2019

jython-modules.jar/Lib/socket.py", line 338,in gethostname gaierror: (20001, 'getaddrinfo failed')

Failed on while creating a domain Security Processing.

ERROR Logs:

2019-03-12 21:27:54,853 SEVERE [85] com.oracle.cie.domain.progress.AbstractProgressGenerator - Error occurred in phase {Security Processing} execution.

Traceback (innermost last):

File "<iostream>", line 43, in ?

File "/app/middleware/wlserver/common/wlst/modules/jython-modules.jar/Lib/socket.py", line 338, in gethostname

gaierror: (20001, 'getaddrinfo failed')

at org.python.core.Py.makeException(Py.java:1163)

at socket$py.gethostname$37(/app/middleware/wlserver/common/wlst/modules/jython-modules.jar/Lib/socket.py:338)

at socket$py.call_function(/app/middleware/wlserver/common/wlst/modules/jython-modules.jar/Lib/socket.py)

at org.python.core.PyTableCode.call(Unknown Source)

at org.python.core.PyTableCode.call(Unknown Source)

at org.python.core.PyFunction.__call__(Unknown Source)

at org.python.core.PyObject.invoke(Unknown Source)

at org.python.pycode._pyx31.f$0(<iostream>:43)

at org.python.pycode._pyx31.call_function(<iostream>)

at org.python.core.PyTableCode.call(Unknown Source)

at org.python.core.PyCode.call(Unknown Source)

at org.python.core.Py.runCode(Py.java:1226)

at org.python.util.PythonInterpreter.execfile(Unknown Source)

at org.python.util.PythonInterpreter.execfile(Unknown Source)

at com.oracle.cie.domain.script.ScriptHelper.executeEmbeddedTemplateScript(ScriptHelper.java:1766)

at com.oracle.cie.domain.DomainChecker.executeEmbeddedScript(DomainChecker.java:1924)

at com.oracle.cie.domain.DomainChecker.runCustomWLSTScript(DomainChecker.java:1906)

at com.oracle.cie.domain.DomainChecker.preprocessOutput(DomainChecker.java:113)

at com.oracle.cie.domain.progress.domain.generation.DomainSecurityPhase.execute(DomainSecurityPhase.java:53)

at com.oracle.cie.domain.progress.AbstractProgressGenerator.run(AbstractProgressGenerator.java:94)

at java.lang.Thread.run(Thread.java:748)

Solution:

Type hostname on server
sudo su root
vi /etc/hosts
Change from --> 127.0.0.1 localhost locahost.localdomain localhost4 localhost4.localdomain4
To --> 127.0.0.1 HostName HostName.localdomain localhost4 localhost4.localdomain4
ex- 127.0.0.1 OIG OIG.localdomain localhost4 localhost4.localdomain4

-Arihant

Monday, March 11, 2019

oracle.iam.oimupgrade.exceptions.OIMUpgradeException: Error in running target :migrateJazn-unix

Error while running OIM Post Patching script : sh patch_oim_wls.sh

ERROR Logs:

[java] INFO: buffer : migrateSecurityStore.py -type policyStore -dst default -configFile /app/oracle/middleware/Oracle_IDM1/server/patching/policiestomigrate/jps-config-jse_patching.xml -src jazn-data-oim.xml
[java] oracle.iam.oimupgrade.exceptions.OIMUpgradeException: Error in running target :migrateJazn-unix
[java] at oracle.iam.oimupgrade.standalone.utils.AntUtil.runTargetWithNoProcessing(AntUtil.java:150)
[java] at oracle.iam.oimupgrade.standalone.utils.OfflineUpgradeUtil.migrateSecurityStore(OfflineUpgradeUtil.java:813)
[java] at oracle.iam.oimupgrade.standalone.utils.OfflineUpgradeUtil.migrateJAZN(OfflineUpgradeUtil.java:760)
[java] at oracle.iam.patching.authz.AuthzPolicyMigration.migrateJaznFilesToPolicyStore(AuthzPolicyMigration.java:149)
[java] at oracle.iam.patching.authz.AuthzPolicyMigration.main(AuthzPolicyMigration.java:99)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[java] at java.lang.reflect.Method.invoke(Method.java:606)
[java] at org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:217)
[java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:152)
[java] at org.apache.tools.ant.taskdefs.Java.run(Java.java:764)
[java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:218)
[java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:132)
[java] at org.apache.tools.ant.taskdefs.Java.execute(Java.java:105)
[java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)
[java] at sun.reflect.GeneratedMethodAccessor1.invoke(Unknown Source)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

[java] at java.lang.reflect.Method.invoke(Method.java:606)

Solution:

1) Open file $WL_HOME/server/lib/weblogic.policy for edit

2) Search for the string For standard extensions directories and add after the comment and before the grant codeBase "file:/opt/oracle/Middleware/wlserver_10.3/common/lib/ext/*" { the following grant:

grant codeBase "file:/opt/oracle/Middleware/patch_wls1036/patch_jars/*" {

permission java.security.AllPermission;
};

Once the change done , restart the weblogic servers and rerun sh patch_oim_wls.sh

-Arihant

java.security.AccessControlException: access denied ("javax.management.MBeanTrustPermission" "register")

Error while running OIM Post Patching script : sh patch_oim_wls.sh

ERROR Logs:

[oracle@oracle bin]$ tail -f patch_oim_wls.log
tail: cannot open ‘nohup.out’ for reading: No such file or directory
==> patch_oim_wls.log <==
[java] Mar 11, 2019 2:02:47 PM oracle.iam.oimupgrade.standalone.utils.WriteLog writeMessage
[java] INFO: Updating the JPS Config File
[java] Mar 11, 2019 2:02:48 PM oracle.iam.oimupgrade.standalone.utils.WriteLog writeMessage
[java] INFO: Update of JPS Config Complete
[java] Mar 11, 2019 2:02:48 PM oracle.iam.oimupgrade.standalone.utils.WriteLog writeMessage
[java] INFO: Policy Backup Required :: false
[java] Mar 11, 2019 2:02:48 PM oracle.iam.oimupgrade.standalone.utils.WriteLog writeMessage
[java] INFO: AuthorizationMAPIUtil : JPS COnfig Location:/app/oracle/middleware/Oracle_IDM1/server/patching/policiestomigrate/jps-config-jse_patching.xml
[java] Mar 11, 2019 2:02:48 PM oracle.iam.oimupgrade.standalone.utils.WriteLog writeMessage
[java] INFO: AuthorizationMAPIUtil : Domain Home Location:/app/oracle/middleware/user_projects/domains/base_domain
[java] Mar 11, 2019 2:02:51 PM oracle.jdbc.driver.OracleDriver registerMBeans
[java] WARNING: Error while registering Oracle JDBC Diagnosability MBean.
[java] java.security.AccessControlException: access denied ("javax.management.MBeanTrustPermission" "register")
[java] at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
[java] at java.lang.SecurityManager.checkPermission(SecurityManager.java:585)

Solution:

Add the following lines to java.policy file under $JAVA_HOME/jre/lib/security and re-run the script.

grant {
permission javax.management.MBeanTrustPermission "register";
};

-Arihant

Sunday, February 24, 2019

Neither able to connect to Primary Domain Controller nor to any of Back up Domain Controllers.

OIM to AD Provisioning Issue.

Error :

<Feb 25, 2019 3:11:37,441 AM GMT> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER> <BEA-000000> <oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user
org.identityconnectors.framework.common.exceptions.ConnectorException: Neither able to connect to Primary Domain Controller nor to any of Back up Domain Controllers.
at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$13.createException(CommonObjectHandlers.java:265)
at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$13.createException(CommonObjectHandlers.java:262)
at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$ThrowableHandler.deserialize(CommonObjectHandlers.java:115)
at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162)
at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313)
at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObjectField(BinaryObjectDecoder.java:417)
at org.identityconnectors.framework.impl.serializer.MessageHandlers$5.deserialize(MessageHandlers.java:156)
at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder$InternalDecoder.readObject(BinaryObjectDecoder.java:162)
at org.identityconnectors.framework.impl.serializer.binary.BinaryObjectDecoder.readObject(BinaryObjectDecoder.java:313)
at org.identityconnectors.framework.impl.api.remote.RemoteFrameworkConnection.readObject(RemoteFrameworkConnection.java:153)
at org.identityconnectors.framework.impl.api.remote.RemoteOperationInvocationHandler.invoke(RemoteOperationInvocationHandler.java:101)

Solution:

Login to sysadmin console
Click on IT Resource
Search for AD IT Resource
Copy the AD Machine Name by going into Control Panel\All Control Panel Items\System and copy Computer Name
Update the name in LDAPHostName
Test retry failed create user event or provision of a new user.

-Arihant

Saturday, February 23, 2019

Error libawt_xawt.so: libXtst.so.6

ERROR:

Preparing to launch the Oracle Universal Installer from /tmp/OraInstall2019-02-24_07-35-48AM
Exception in thread "main" java.lang.UnsatisfiedLinkError: /app/binaries/jdk1.8.0_131/jre/lib/amd64/libawt_xawt.so: libXtst.so.6: cannot open shared object file: No such file or directory
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1941)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1824)
at java.lang.Runtime.load0(Runtime.java:809)
at java.lang.System.load(System.java:1086)
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1941)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1845)
at java.lang.Runtime.loadLibrary0(Runtime.java:870)
at java.lang.System.loadLibrary(System.java:1122)
at java.awt.Toolkit$3.run(Toolkit.java:1636)
at java.awt.Toolkit$3.run(Toolkit.java:1634)
at java.security.AccessController.doPrivileged(Native Method)
at java.awt.Toolkit.loadLibraries(Toolkit.java:1633)
at java.awt.Toolkit.<clinit>(Toolkit.java:1668)
at java.awt.Component.<clinit>(Component.java:593)
at oracle.sysman.oio.oioc.OiocOneClickInstaller.main(OiocOneClickInstaller.java:643)

Solution:

Login as root
Run yum install libXext* command. It will install required packages.
Re-run the setup

-Arihant

./wrapper-linux-x86-32: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory

Install below RPM in order to resolve this issue.

yum install glibc.i686

How To Enable TRACE Logging For OAM 11g Server and 10g or 11g WebGate ?

Setting OAM 11g Logger Levels

The following steps assume the name of the OAM Managed Server is 'oam_server1', replace accordingly.

1. Navigate to the OAM $ORACLE_HOME and execute the wlst.sh script in $ORACLE_HOME/common/bin

Example path: /home/Middleware/Oracle_IDM1/common/bin

$ORACLE_HOME/common/bin/./wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands
2. Connect to the WebLogic Admin Server as the WebLogic Administrator

wls:/offline> connect()
Please enter your username :weblogic
Please enter your password :
Please enter your server URL [t3://localhost:7001] :
Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'base_domain'.
3. Set the logger level of the OAM Managed Server (e.g. oam_server1) to TRACE:32 with persist="0".

wls:/base_domain/serverConfig> domainRuntime()
wls:/base_domain/domainRuntime> setLogLevel(logger="oracle.oam", target="oam_server1", level="TRACE:32", persist="0")

Note: Use persist="1" to enable the log level to "persist" after OAM Managed Server restarts.
4. Verify the logger level was set by listing the current value and checking the OAM Managed Server log contains "TRACE:32".

wls:/base_domain/domainRuntime> listLoggers(pattern="oracle.oam", target="oam_server1")
-----------+-----------------
Logger | Level
-----------+-----------------
oracle.oam | TRACE:32

grep -m 1 -o 'TRACE:32' $DOMAIN_HOME/servers/oam_server1/logs/oam_server1-diagnostic.log

Expected Output:
TRACE:32

5. To return the OAM Managed Server to the default logger level use the following setLogger command or restart the Managed Server.

wls:/base_domain/domainRuntime> setLogLevel(logger="oracle.oam", target="oam_server1", level="NOTIFICATION:1", persist="0")

Setting 11g WebGate Logger Levels

Configuring Different Threshold Levels for Different Types of Data

1. Backup the following file: $MW_HOME/$ORACLE_WEBTIER/instances/<instance>/config/OHS/<ohs_instance>/webgate/config/oblog_config_wg.xml

Example path: /refresh/home/Middleware/Oracle_WT1/instances/instance1/config/OHS/ohs1/webgate/config/oblog_config_wg.xml

2. In the original oblog_config_wg.xml change Value from "LOGLEVEL_WARNING" to "LOGLEVEL_TRACE".

<NameValPair
ParamName="LOG_THRESHOLD_LEVEL"
Value="LOGLEVEL_TRACE">
</NameValPair>
In the same file change the BUFFER_SIZE Value to "4" so that WebGate log entries are flushed to file promptly.

<NameValPair
ParamName="BUFFER_SIZE"
Value="4">
</NameValPair>

Note: Do not modify any other LOGLEVEL settings in oblog_config_wg.xml.

3. The log level change may take a couple of minutes to be reflected in the logs, restarting the WebServer is not necessary.

4. To disable the WebGate TRACE logging simply replace the original oblog_config_wg.xml file with backup taken in Step 1.

Setting 10g WebGate Logger Levels

1. Backup the following file: $WEBGATE_HOME/access/oblix/config/oblog_config_wg.xml

Example path: /refresh/home/OAM10wg/access/oblix/config

2. In the original oblog_config_wg.xml change Value from "LOGLEVEL_WARNING" to "LOGLEVEL_TRACE".

<NameValPair
ParamName="LOG_THRESHOLD_LEVEL"
Value="LOGLEVEL_TRACE">
</NameValPair>
In the same file change the BUFFER_SIZE Value to "4" so that WebGate log entries are flushed to file promptly.

<NameValPair
ParamName="BUFFER_SIZE"
Value="4">
</NameValPair>
Note: Do not modify any other LOGLEVEL settings in oblog_config_wg.xml.

3. The log level change may take a couple of minutes to be reflected in the logs, restarting the WebServer is not necessary.

4. To disable the WebGate TRACE logging simply replace the original oblog_config_wg.xml file with backup taken in Step 1.

Regardes,
Arihant

How to enable Auditing in OAM PS3?

High-Level Steps:

1) Run an RCU and create an IAU Schema form Auditing

2) Enable a Filtered Enabled from OAM common setting

3) Create an IAU data source in OAM Weblogic console

4) Enable the auditing from EM console by attaching the IAU data source

5) Update the jps-config.xml file with DB as a file store

6) Restart the Admin and OAM server

7) Connect to IAU scheme and check the IAU_Base Table and check the data

<serviceInstance name="audit" provider="audit.provider" location="./audit-store.xml">
<description>Audit Service</description>
<property name="audit.filterPreset" value=""/>
<property name="audit.maxDirSize" value="0"/>
<property name="audit.maxFileSize" value="104857600"/>
<property name="audit.timezone" value="utc"/>
<property name="audit.loader.jndi" value="jdbc/AuditDB"/>
<property name="audit.loader.interval" value="15"/>
<property name="audit.loader.repositoryType" value="DB"/>
<property name="auditstore.type" value="DB"/>
</serviceInstance>

\\\

/app/oracle/middleware/user_projects/domains/base_domain/servers/oam_server1/logs/auditlogs/OAM/audit.log

How to save the password for 12 OHS start services?

Step for setting up the password.

Avoid entering password each time when you start OHS, you can save the password in encrypted file with parameter storeUserConfig:

Run the below command, It will prompt for password once and it will generate a nm-cfg-ohs_domain.props and nm-key-ohs_domain.props. files.

./startComponent.sh ohs1 storeUserConfig

[oracle@oracle ~]$ cd /app/oracle/middleware/user_projects/domains/ohs_domain/bin/
[oracle@oracle bin]$ ll
total 28
-rwxr-x---. 1 oracle oracle 994 Aug 2 14:56 setNMJavaHome.sh
-rwxr-x---. 1 oracle oracle 2285 Aug 2 14:56 startComponent.sh
-rwxr-x---. 1 oracle oracle 1129 Aug 2 14:56 startNodeManager.sh
-rwxr-x---. 1 oracle oracle 711 Aug 2 14:56 startRSDaemon.sh
-rwxr-x---. 1 oracle oracle 1949 Aug 2 14:56 stopComponent.sh
-rwxr-x---. 1 oracle oracle 1073 Aug 2 14:56 stopNodeManager.sh
-rwxr-x---. 1 oracle oracle 853 Aug 2 14:56 stopRSDaemon.sh
[oracle@oracle bin]$ ./startComponent.sh ohs1 storeUserConfig
Starting system Component ohs1 ...

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Reading domain from /app/oracle/middleware/user_projects/domains/ohs_domain

Please enter Node Manager password:
Creating the key file can reduce the security of your system if it is not kept in a secured location after it is created. Creating new key...
The username and password that were used for this WebLogic NodeManager connection are stored in /home/oracle/.wlst/nm-cfg-ohs_domain.props and /home/oracle/.wlst/nm-key-ohs_domain.props.
Connecting to Node Manager ...
Successfully Connected to Node Manager.
Starting server ohs1 ...
Successfully started server ohs1 ...
Successfully disconnected from Node Manager.

Exiting WebLogic Scripting Tool.

Done

Arihant Baid

Steps to check OHS version

Locate to the below location

/u01/Middleware_WT/Oracle_WT1/ohs/bin

Export the below path

export LD_LIBRARY_PATH=/u01/Middleware_WT/Oracle_WT1/lib

Now run the below command

[oracle@arihant bin]$ ./httpd -version
Server version: Oracle-HTTP-Server/2.2.22 (Unix)
Server built: Aug 20 2015 15:15:27
Server label: APACHE_11.1.1.7.0_LINUX.X64_RELEASE

Regards,
Arihant

Nexaweb Error Message while accessing OIM Import or export (Deployment Manager)

Error:

Nexaweb Error Message:
You don't have JAVA enabled or installed, click here for more info.

Solution:

Chrome, Firefox and IE latest version doesn't support Java TM

Firefox 45.0.2
http://filehippo.com/download_firefox/67317/

Download old version of Firefox, restart, and validate add-on should have java.

Try to access OIM import and export.

Regards,
Arihant

How to enable TRACE logging for both Oracle Access Manager (OAM) 11g Server and 10g or 11g Webgate ?

1. To enable TRACE logging for 10g WebGate:

Reference: How To Turn On Trace/Logging Oracle Access Manager (OAM)/COREid (Doc ID 403118.1)

First backup file <OAM component install dir>/oblix/config/oblog_config_wg.xml.

Then in the original oblog_config_wg.xml set:

<SimpleList>
<NameValPair
ParamName="LOG_THRESHOLD_LEVEL"
Value="LOGLEVEL_TRACE"></NameValPair>
</SimpleList>

NOTE: Do not modify any other LOGLEVEL settings in that file.

Also change the BUFFER_SIZE in the oblog config file, so that log entries are flushed to file promptly.

<NameValPair
ParamName="BUFFER_SIZE"
Value="4"></NameValPair>

WebGate webserver restart is not necessary.

To disable the TRACE logging simply replace the original oblog_config_wg.xml file.

2. To enable TRACE logging for 11g WebGate:

First backup file ORACLE_INSTANCE/config/OHS/OHS_INSTANCE_NAME/webgate/config/oblog_config_wg.xml

Then in the original oblog_config_wg.xml set:

<SimpleList>
<NameValPair
ParamName="LOG_THRESHOLD_LEVEL"
Value="LOGLEVEL_TRACE"></NameValPair>
</SimpleList>

NOTE: Do not modify any other LOGLEVEL settings in that file.

Also change the BUFFER_SIZE in the oblog config file, so that log entries are flushed to file promptly.

<NameValPair
ParamName="BUFFER_SIZE"
Value="4"></NameValPair>

WebGate webserver restart is not necessary.

To disable the TRACE logging simply replace the original oblog_config_wg.xml file.

3) To enable OAM 11g Server TRACE logging:

On the OAM Server run:

cd OAM_ORACLE_HOME/common/bin

./wlst.sh
wls:/offline>> connect() --- connect to the AdminServer port with weblogic credentials
wls> domainRuntime()
wls> setLogLevel(target='oam_server1',logger='oracle.oam',level='TRACE:32',persist="0",addLogger=1)
wls> exit()

Verify that there are now TRACE entries written to the OAM managed server diagnostic log. The log file location is: OAM_MW_HOME/user_projects/domains/DOMAIN_NAME/servers/OAM_MGD_SERVER_NAME/logs

To return the logging level to default run setLogLevel again with level='NOTIFICATION:1' or restart the OAM managed server.

Regards,
Arihant Baid

How to enable the /cgi-bin/printenv in OAM?

Steps

1) Locate to the following location

/app/oracle/middleware/user_projects/domains/ohs_domain/config/fmwconfig/components/OHS/instances/ohs1/cgi-bin/

Update the permisison to 775 for printenv

2) Type which perl, Copy the path and update that in printenv.

[oracle@oracle cgi-bin]$ cat printenv
#!/usr/bin/perl
##
## printenv -- demo CGI program which just prints its environment
##

print "Content-type: text/plain\n\n";
foreach $var (sort(keys(%ENV))) {
$val = $ENV{$var};
$val =~ s|\n|\\n|g;
$val =~ s|"|\\"|g;
print "${var}=\"${val}\"\n";
}

3) Type printenv and very its working

3) Now try accessing protected url

http://oracle.demo.com:7777/protected/protected.html it will redirect to oam login page, provide the login details, once we get the protected page.

4) Now try accessing below url in anpther tab

http://oracle.demo.com:7777/cgi-bin/printenv

Thanks,
Arihant Baid

LDAP: error code 53 - User passwords may not be provided in pre-encoded

Error:

LDAP: error code 53 - User passwords may not be provided in pre-encoded form OUD

Solution:

Locate to /app/oracle/middleware/asinst_1/OUD/bin and runt he below command

./dsconfig -h localhost -p 4444 -D "cn=Directory manager" -X set-password-policy-prop --policy-name "Default Password Policy" --set allow-pre-encoded-passwords:true --advanced

Regards,
Arihant

How to find the version and patch Inventory for 12.2.1.3.x Oracle Identity Governance

Steps to Capture Weblogic, OIM and SOA Patch Inventory.

Option 1

[oracle@arihant.com bin]$ pwd
/u01/app/oracle/fmw/user_projects/domains/base_domain/bin
[oracle@arihant.com bin]$ . set
setDomainEnv.sh setNMJavaHome.sh setSOADomainEnv.sh setStartupEnv.sh
[oracle@arihant.com bin]$ . setDomainEnv.sh
*****************************************************
** Setting up SOA specific environment...
*****************************************************
EXTRA_JAVA_PROPERTIES= -da:org.apache.xmlbeans...
.
LD_LIBRARY_PATH=::/u01/app/oracle/fmw/wlserver/server/native/linux/x86_64:/u01/app/oracle/fmw/wlserver/server/native/linux/x86_64/oci920_8
.
*****************************************************
** End SOA specific environment setup
*****************************************************
[oracle@arihant.com base_domain]$ cd bin/
[oracle@arihant.com bin]$ cd $MW_HOME/oui/bin
[oracle@arihant.com bin]$ pwd
/u01/app/oracle/fmw/oui/bin
[oracle@arihant.com bin]$ ./viewInventory.sh > fullInventory.txt
[oracle@arihant.com bin]$ vi fullInventory.txt
[oracle@arihant.com bin]$ pwd
/u01/app/oracle/fmw/oui/bin
[oracle@arihant.com bin]$

Option 2

[oracle@arihant.com OPatch]$ pwd
/u01/app/oracle/fmw/OPatch
[oracle@arihant.com OPatch]$ export ORACLE_HOME=/u01/app/oracle/fmw
[oracle@arihant.com OPatch]$ ./opatch lspatches
26355633;One-off
26287183;One-off
26261906;One-off
26051289;One-off

OPatch succeeded.

Option 3

[oracle@arihant.com OPatch]$ ./opatch lsinventory
Oracle Interim Patch Installer version 13.9.2.0.0
Copyright (c) 2017, Oracle Corporation. All rights reserved.

Oracle Home : /u01/app/oracle/fmw
Central Inventory : /home/oracle/oraInventory
from : /u01/app/oracle/fmw/oraInst.loc
OPatch version : 13.9.2.0.0
OUI version : 13.9.2.0.0
Log file location : /u01/app/oracle/fmw/cfgtoollogs/opatch/opatch2017-10-19_11-49-30AM_1.log

OPatch detects the Middleware Home as "/u01/app/oracle/fmw"

Lsinventory Output file location : /u01/app/oracle/fmw/cfgtoollogs/opatch/lsinv/lsinventory2017-10-19_11-49-30AM.txt

--------------------------------------------------------------------------------
Local Machine Information::
Hostname: arihant.com.
ARU platform id: 226
ARU platform description:: Linux x86-64

Interim patches (4) :

Patch 26355633 : applied on Tue Oct 03 19:30:56 EDT 2017
Unique Patch ID: 21447583
Patch description: "One-off"
Created on 1 Aug 2017, 21:40:20 hrs UTC
Bugs fixed:
26355633

Patch 26287183 : applied on Tue Oct 03 19:30:35 EDT 2017
Unique Patch ID: 21447582
Patch description: "One-off"
Created on 1 Aug 2017, 21:41:27 hrs UTC
Bugs fixed:
26287183

Patch 26261906 : applied on Tue Oct 03 19:30:07 EDT 2017
Unique Patch ID: 21344506
Patch description: "One-off"
Created on 12 Jun 2017, 23:36:08 hrs UTC
Bugs fixed:
25559137, 25232931, 24811916

Patch 26051289 : applied on Tue Oct 03 19:29:51 EDT 2017
Unique Patch ID: 21455037
Patch description: "One-off"
Created on 31 Jul 2017, 22:11:57 hrs UTC
Bugs fixed:
26051289

--------------------------------------------------------------------------------

OPatch succeeded.

-Arihant

oracle.iam.platform.utils.NoSuchServiceException: java.lang.reflect.InvocationTargetException

ERROR:

Exception in thread "main" oracle.iam.platform.utils.NoSuchServiceException: java.lang.reflect.InvocationTargetException
at oracle.iam.platform.OIMClient.getServiceDelegate(OIMClient.java:282)
at oracle.iam.platform.OIMClient.getService(OIMClient.java:259)
at oimcode.ClosePendingRequests.closeReq(ClosePendingRequests.java:64)
at oimcode.ClosePendingRequests.main(ClosePendingRequests.java:57)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at oracle.iam.platform.OIMClient.getServiceDelegate(OIMClient.java:278)
... 3 more
Caused by: java.lang.NoClassDefFoundError: org/eclipse/persistence/indirection/ValueHolderInterface
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:169)
at $Proxy2.<clinit>(Unknown Source)
at sun.reflect.GeneratedSerializationConstructorAccessor22.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.io.ObjectStreamClass.newInstance(ObjectStreamClass.java:924)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1736)

Solution:

Copy eclipselink.jar from /app/oracle/middleware/oracle_common/modules/oracle.toplink_11.1.1/eclipselink.jar
Add jar file in your project.
Re-run the code.

-Arihant

Friday, September 22, 2017

12C RCU failed on Oracle Identity Manager Schema

Error:

Wed Sep 13 14:36:54.103 EDT 2017 ERROR assistants.rcu.backend.task.PrereqTask: oracle.sysman.assistants.rcu.backend.task.PrereqTask::execute: Prereq Evaluation Failed
oracle.sysman.assistants.rcu.backend.validation.PrereqException:
ERROR - RCU-6083 Prerequisite check failed for selected component:
CAUSE - RCU-6083 Prerequisite check failed for selected component.
ACTION - RCU-6083 Refer to the RCU logs for additional details. Make sure that the prerequisite requirements are met.OIM
Refer to RCU log at /tmp/RCU2017-09-13_14-34_472068822/logs/rcu.log for details.
at oracle.sysman.assistants.rcu.backend.validation.PrereqEvaluator.executePrereqTask(PrereqEvaluator.java:713)
at oracle.sysman.assistants.rcu.backend.task.PrereqTask.execute(PrereqTask.java:68)
at oracle.sysman.assistants.rcu.backend.task.ActualTask.run(TaskRunner.java:346)
at java.lang.Thread.run(Thread.java:748)

Wed Sep 13 14:36:54.103 EDT 2017 ERROR assistants.rcu.backend.task.ActualTask: oracle.sysman.assistants.rcu.backend.task.ActualTask::run: RCU Operation Failed
oracle.sysman.assistants.common.task.TaskExecutionException:
ERROR - RCU-6083 Prerequisite check failed for selected component:
CAUSE - RCU-6083 Prerequisite check failed for selected component.
ACTION - RCU-6083 Refer to the RCU logs for additional details. Make sure that the prerequisite requirements are met.OIM
Refer to RCU log at /tmp/RCU2017-09-13_14-34_472068822/logs/rcu.log for details.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Error: Views/Synonyms required for XA transaction support are missing in this Database 12c.
These views/synonyms are required by the OIM Schema.
Action: Refer Oracle Database Administrator's Guide to install XA transaction recovery views/synonyms
using the script xaview.sql. Contact your DBA.
For Database12c CDB config: execute xaview.sql from PDB SYS user
For Database12c NON-CDB config: execute xaview.sql from CDB SYS user
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

at oracle.sysman.assistants.rcu.backend.task.PrereqTask.execute(PrereqTask.java:77)
at oracle.sysman.assistants.rcu.backend.task.ActualTask.run(TaskRunner.java:346)
at java.lang.Thread.run(Thread.java:748)

Screenshot:

Solution:

1) Login in "sys as sydba" user from putty

2) Run the below Script

@/u01/oracle/product/12.1.0.2/db_1/rdbms/admin/xaview.sql

3) Re-run the RCU Again. It will resolve the Issue.

Regards,

Arihant

FMW 12c Has Been Released (OIM,OAM,OID AND OUD)

Oracle Fusion Middleware 12c Release has been released. For more information about the product follow the below Links.

Documentations:

http://docs.oracle.com/middleware/12213/idmsuite/index.html

Binaries/Software Files:

http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/oid-11gr2-2104316.html

Certification Matrix:

http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

Regards,

Arihant

Error in invoking target 'all' of make file /lib/ins_asha.mk during IDM 11.1.1.9 installation (RHEL 7.2)

Error in invoking target 'all' of makefile '/app/oracle/middleware/Oracle_IDM2/lib/ins_asha.mk (RHEL 7.2)

To resolve the error please run the command,
$ gcc -o /app/oracle/middleware/Oracle_IDM1/bin/hasocket -L /app/oracle/middleware/Oracle_IDM1/lib -L /app/oracle/middleware/Oracle_IDM1/lib -L /usr/lib64 -L /app/oracle/middleware/Oracle_IDM1/lib/stubs /app/oracle/middleware/Oracle_IDM1/lib/s0hasocket.o /app/oracle/middleware/Oracle_IDM1/lib/libhasocket.so -ldl -L/usr/lib -lirc -lpthread -lrt

It will create the hasocket file, check the file using below command and continue the error

$ cat /app/oracle/middleware/Oracle_IDM1/bin/hasocket
/app/oracle/middleware/Oracle_IDM1/bin/hasocket: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=e45g6468a872fffc860b831b60120c2bf6cfa1358, not stripped

Regards,
Arihant

Sunday, May 28, 2017

OIM 11G R2 PS3 Lab 13: How to hide tiles in OIM 11g R2 PS3?

1) Login to Identity console and create a sandbox

2) Press Home button then click on customize

3) Click on Structure, blank space, select the gridcell of the tile you want to hide and click on edit button

4) Click on show component's drop down arrow and click on expressions

5) Below is the old condition

6) Replace with below condition

#{oimcontext.currentUser.roles['SYSTEM ADMINISTRATORS'] != null}

7) Click on ok button

6) Select the sandbox which is used for this customization and click on Publish button

7) Click on Yes button

Testing

8) Login with End user

9) End user wont be able to see Provisioning Tasks and Pending Approvals Tiles, Since we hide those tiles. Only Administrator can see that.

Thanks,
Arihant

Tuesday, September 27, 2016

How do you find the Oracle Coherence Product version and apply a new Coherence vresion ?

Applicable versions. - Oracle Coherence - Version 3.5.0 to 12.2.1.1.0 [Release AS10g to 12c]

Steps to find the current coherence version :

Location: MW_HOME/oracle_common/modules/oracle.coherence/coherence.jar

To find the exact Version of Coherence Product and to identify the patch level, you can check the MANIFEST.MF within COHERENCE_HOME/lib/coherence.jar -> META-INF directory. MANIFEST.MF shows the product version and patch level.

Steps to apply a new coherence :

1. Download coherence patch 3.7.1.15 from Note:1405110.1
2. Shutdown all the servers.
3. On the each Server including the admin server, do the following.
a. Unzip the contents of the patch to tmp folder.
b. Backup the jar that exists at the location MW_HOME/oracle_common/modules/oracle.coherence/coherence.jar
c. copy the jar tmp/coherence/lib/coherence.jar to the folder MW_HOME/oracle_common/modules/oracle.coherence
d. Backup the folder $Domain/config and all its nested contents.
4. Start the Admin Server
5. Log into weblogic console
6. Lock configuration
7. Select Deployments and locate the coherence library
8. Select the library and press the Delete button.
9. Release Configuration and apply changes.
10. Lock configuration
11. Select Deployments and press the Install button.
12. Select the coherence jar in the file path. Ensure that the library name is "coherence". Hit the next button till you finish deployments.
13. Save and release the configuration.
14. Stop And Start the Admin Server. Verify the the oam_admin deployment is started.

Steps to recovery on failure to install
1. Stop all servers.
2. Restore the $Domain/config folder.
3. Restore the coherence.jar.
4. Restart

Regards,
Arihant Baid

Sunday, September 25, 2016

Exception When Opening a User view page After Upgrading Oracle Identity Manager from OIM R2 PS1 to OIM R2 PS3

Steps to Reproduce :

1) Upgrade OIM R2 PS1 to OIM R2 PS3

2) Bring up the servers Weblogic, SOA and OIM

3) Login on Identity page and click on any existing user or create any new and click view page

4) On view page you will get "JBO-26000: A Generic exception occurred during loading Customizations"

Enable the below logger.

oracle.jbo logger on trace32

Steps the resolve this issue:

1) Please download oracle.iam.console.identity.self-service.ear_V2.0_metadata.zip from weblogic EM console by using below steps,

a) Login to Weblogic EM console --> Expand "Application Deployments" --> oracle.iam.console.identity.self-service.ear(V2.0) (sever1) --> from right side click on "Application Deployments" drop down --> click on " MDS Configuration" --> Select "Export metadata documents to an archive on the machine where this web browser is running." and click on "Export". You will get file "oracle.iam.console.identity.self-service.ear_V2.0_metadata.zip" locally.

2) Take a backup of above file to some other location locally

3) Unzip above file, navigate to "\oracle.iam.console.identity.self-service.ear_V2.0_metadata\oracle\iam\ui\manageusers\pages\mdssys\cust\site\site" location

4) Remove reference tag of "Description" both XML's i.e userdetails.jsff.xml, userdetailsPageDef.xml.xml

Remove following entries from userdetails.jsff.xml, userdetailsPageDef.xml.xml

userdetailsPageDef.xml.xml

<mds:insert
parent="userdetailsPageDef(xmlns(mds_ns1=http://xmlns.oracle.com/adfm/uimodel))/mds_ns1:bindings" position="last">
<attributeValues IterBinding="UserVO1Iterator" id="description"
xmlns="http://xmlns.oracle.com/adfm/uimodel">
<AttrNames>
<Item Value="description"/>
</AttrNames>
</attributeValues>
</mds:insert>
.
and the following from user-details.jsff

<mds:insert parent="pfl3" position="last">
<af:panelLabelAndMessage xmlns:af="http://xmlns.oracle.com/adf/faces/rich"
label="#{bindings.description.hints.label}" id="dtrt_dc_9587735860">
<af:outputText xmlns:af="http://xmlns.oracle.com/adf/faces/rich"
value="#{bindings.description.inputValue}"/>
</af:panelLabelAndMessage>
</mds:insert>

5) Zip the file again as like earlier folder structure and naming convention.

6) Import the ZIP file again to env.

a) Login to Weblogic EM console --> Expand "Application Deployments" --> oracle.iam.console.identity.self-service.ear(V2.0) (sever1) --> from right side click on "Application Deployments" drop down --> click on " MDS Configuration" --> Select "Import metadata documents from an archive on the machine where this web browser is running." --> select new ZIP file and Import to env.

7) After successful import. Please stop all servers including managed servers and remove contents in tmp, cache, stage folders

8) Restart all the servers

9) Finally Test and let us know if issue further persistence.

Thanks,

Arihant Baid

Friday, September 16, 2016

SOA PSA Failed When Upgrading PROD_SOAINFRA schema While Upgrading OIM From R2PS1 To R2PS3

Server Details:

OIM Upgrade from Oracle Identity Manager 11g Release 2 (11.1.2.1.0) to 11g Release 2 (11.1.2.3.0).
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 -64bit Producation

Error:

"[2016-09-16T00:16:46.793-04:00] [RCU] [ERROR] [] [upgrade.RCU.jdbcEngine] [tid: 13] [ecid: 0000LSlDRudATOLLuQH7iX1Nqr7V000004,0] Error encountered executing SQL statement FileName: '/u01/oracle/middleware/Oracle_SOA1/rcu/integration/soainfra//sql/upgrade_soainfra_111161_111170_oracle.tsql' LineNumber: '2278' Script log file: null
[2016-09-16T00:16:46.794-04:00] [SOA] [ERROR] [] [upgrade.SOA.SOA1] [tid: 13] [ecid: 0000LSlDRudATOLLuQH7iX1Nqr7V000004,0] UPGAST-00221: unexpected error uprading schema
[2016-09-16T00:16:46.794-04:00] [SOA] [ERROR] [] [upgrade.SOA.SOA1] [tid: 13] [ecid: 0000LSlDRudATOLLuQH7iX1Nqr7V000004,0] [[
oracle.sysman.assistants.common.dbutil.SQLFatalErrorException: java.sql.SQLSyntaxErrorException: ORA-00942: table or view does not exist

at oracle.sysman.assistants.common.dbutil.jdbc.JDBCEngine.onException(JDBCEngine.java:869)
at oracle.sysman.assistants.common.dbutil.jdbc.JDBCEngine.executeSql(JDBCEngine.java:833)
at oracle.sysman.assistants.common.dbutil.jdbc.JDBCEngine.executeSql(JDBCEngine.java:773)
at oracle.sysman.assistants.common.dbutil.jdbc.OracleDDLStatement.execute(ANSISQLStatementType.java:711)
at oracle.sysman.assistants.common.dbutil.jdbc.JDBCEngine.executeNextSQLStatement(JDBCEngine.java:1468)
at oracle.sysman.assistants.common.dbutil.jdbc.JDBCEngine.parseNexecuteScript(JDBCEngine.java:1372)
at oracle.ias.update.plugin.UpgradePlugin.executeJDBCEngineScript(UpgradePlugin.java:971)
at oracle.ias.update.plugin.UpgradePlugin.executeJDBCEngineScript(UpgradePlugin.java:846)
at oracle.ias.update.plugin.soa.SOAINFRAPlugin.upgrade_soainfra_one_patchset(SOAINFRAPlugin.java:390)
at oracle.ias.update.plugin.soa.SOAINFRAPlugin.upgrade_soainfra(SOAINFRAPlugin.java:331)
at oracle.ias.update.plugin.soa.SOAINFRAPlugin.upgrade(SOAINFRAPlugin.java:226)
at oracle.ias.update.plugin.Plugin.upgrade(Plugin.java:352)
at oracle.ias.update.plan.PlanStep.upgrade(PlanStep.java:294)
at oracle.ias.update.UpgradeDriver.doUpgrades(UpgradeDriver.java:476)
at oracle.ias.update.gui.UAUpgradeThread.run(UAUpgradeThread.java:41)
Caused by: java.sql.SQLSyntaxErrorException: ORA-00942: table or view does not exist

at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:462)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:931)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:481)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:205)
at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:548)
at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:217)
at oracle.jdbc.driver.T4CPreparedStatement.executeForRows(T4CPreparedStatement.java:1115)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1488)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3769)
at oracle.jdbc.driver.OraclePreparedStatement.execute(OraclePreparedStatement.java:3954)
at oracle.jdbc.driver.OraclePreparedStatementWrapper.execute(OraclePreparedStatementWrapper.java:1539)
at oracle.sysman.assistants.common.dbutil.jdbc.JDBCEngine.runSqlStatement(JDBCEngine.java:1090)
at oracle.sysman.assistants.common.dbutil.jdbc.JDBCEngine.callRunSqlStatement(JDBCEngine.java:779)
at oracle.sysman.assistants.common.dbutil.jdbc.JDBCEngine.executeSql(JDBCEngine.java:794)
... 13 more

"
----------------------------------------------------------------------------------------------------------------------

While upgrading the PROD_SOAINFRA schema its failed with above error.

Below steps need to be performed in order to resolve the issue.

1. Restore SOAINFRA from backup (the one taken before the upgrade) --No need to restore the other schemas

2. Provide the below permission

Permissions:

grant dba to PROD_SOAINFRA;
grant execute on sys.dbms_lob to PROD_SOAINFRA;
CREATE OR REPLACE PUBLIC SYNONYM "SCHEMA_VERSION_REGISTRY" FOR "SYSTEM"."SCHEMA_VERSION_REGISTRY";
GRANT execute on utl_file to PROD_SOAINFRA;
GRANT execute on sys.dbms_lob to PROD_SOAINFRA;
GRANT EXECUTE ON DBMS_LOCK TO PROD_SOAINFRA;
GRANT CREATE JOB TO PROD_SOAINFRA;
GRANT CREATE EXTERNAL JOB TO PROD_SOAINFRA;

grant dba to FMW;
grant execute on DBMSLOB to FMW with grant option;
grant execute on DBMS_OUTPUT to FMW with grant option;
grant execute on DBMS_STATS to FMW with grant option;
grant execute on sys.dbms_aq to FMW with grant option;
grant execute on sys.dbms_aqadm to FMW with grant option;
grant execute on sys.dbms_aqin to FMW with grant option;
grant execute on sys.dbms_aqjms to FMW with grant option;
grant execute on sys.dbms_aqadm to FMW with grant option;
grant execute on sys.dbms_aq to FMW with grant option;
grant execute on utl_file to FMW with grant option;
grant execute on dbms_lock to FMW with grant option;
grant select on sys.V$INSTANCE to iamupgrade with grant option;
grant select on sys.GV$INSTANCE to iamupgrade with grant option;
grant select on sys.V$SESSION to iamupgrade with grant option;
grant select on sys.GV$SESSION to iamupgrade with grant option;
grant select on dba_scheduler_jobs to FMW with grant option;
grant select on dba_scheduler_job_run_details to FMW with grant option;
grant select on dba_scheduler_running_jobs to FMW with grant option;
grant select on dba_aq_agents to FMW with grant option;
grant execute on sys.DBMS_SHARED_POOL to FMW with grant option;
grant select on dba_2pc_pending to FMW with grant option;
grant select on dba_pending_transactions to FMW with grant option;
grant execute on DBMS_FLASHBACK to FMW with grant option;
grant execute on dbms_crypto to FMW with grant option;
grant execute on DBMS_REPUTIL to FMW with grant option;
grant execute on dbms_job to FMW with grant option;
grant select on pending_trans$ to FMW with grant option;
grant select on dba_scheduler_job_classes to FMW with grant option;
grant select on SYS.DBA_DATA_FILES to FMW with grant option;
grant select on SYS.V$ASM_DISKGROUP to FMW with grant option;
grant select on v$xatrans$ to FMW with grant option;
grant execute on sys.dbms_system to FMW with grant option;
grant execute on DBMS_SCHEDULER to FMW with grant option;
grant select on dba_data_files to FMW with grant option;
grant execute on UTL_RAW to FMW with grant option;
grant execute on DBMS_XMLDOM to FMW with grant option;
grant execute on DBMS_APPLICATION_INFO to FMW with grant option;
grant execute on DBMS_UTILITY to FMW with grant option;
grant execute on DBMS_SESSION to FMW with grant option;
grant execute on DBMS_METADATA to FMW with grant option;
grant execute on DBMS_XMLGEN to FMW with grant option;
grant execute on DBMS_DATAPUMP to FMW with grant option;
grant execute on DBMS_MVIEW to FMW with grant option;

3. Run PSA again

Ref: https://docs.oracle.com/middleware/11119/core/PATCH/patch_set_assistant.htm#PATCH678

Thanks,
Arihant