Well.. Let me give full credit to wordpress blogger "streethawkz" for his great blog onsetting up AD with weblogic and mapping AD groups with WLS roles.
The blog explains in detail how to map the AD users and groups with the roles available in weblogic.
https://wls4mscratch.wordpress.com/2010/05/29/101/
Thursday, November 16, 2017
Tuesday, October 24, 2017
Encrypt and Decrypt text in Weblogic
Encryption and Decryption in Weblogic
2 Options to Encrypt
|
1 method for Decryption
|
|
Opt 1
|
.
/u01/app/oracle/product/fmw/user_projects/domains/<your
domain>/bin/setDomainEnv.sh
java weblogic.security.Encrypt <user name to be encrupted w/o quotes> |
. /u01/app/oracle/product/fmw/user_projects/domains/<your
domain>/bin/setDomainEnv.sh
Not Applicable; as weblogic.security.Decrypt method in unavailable |
Opt2
|
/u01/app/oracle/product/fmw/wlserver_10.3/common/bin/wlst.sh
wls:/offline> domain="/u01/app/oracle/domains/<your domain>" wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain) wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service) wls:/offline> print encryption.encrypt("Welcome1") {AES}DY2vfJ80wx72i8GUhNYFgiPsxr2ImFBrpOmUYcfMFBo= |
/u01/app/oracle/product/fmw/wlserver_10.3/common/bin/wlst.sh
wls:/offline> domain="/u01/app/oracle/domains/<your domain>" wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain) wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service) wls:/offline> print encryption.decrypt("{AES}DY2vfJ80wx72i8GUhNYFgiPsxr2ImFBrpOmUYcfMFBo=") Welcome1 |
Traceback (innermost last):
File "<console>", line 1, in ?
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:139)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:187)
at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
Saturday, October 7, 2017
Cannot read the default policy store. config/fmwconfig/work/AdminServer/policyA/mac Permission denied
Cannot read the default policy store. config/fmwconfig/work/AdminServer/policyA/mac (Permission denied)
OIM Weblogic
Admin Server Failed to start with below error. Sometimes,
Admin server may start but the managed server may FAIL to Restart,
with similar errors.
|
<Notice> <Log Management>
<BEA-170019> <The server log file
/u01/app/oracle/product/fmw/user_projects/domains/oim_domain/servers/AdminServer/logs/AdminServer.log
is opened. All server side log events will be written to this file.> Dec 10, 2017 2:04:16 AM oracle.security.jps.az.internal.runtime.service.PDPServiceImpl
oracle.security.jps.az.internal.runtime.service.PDPServiceImpl SEVERE: Cannot read the
default policy store. oracle.security.jps.service.policystore.PolicyStoreException: java.io.FileNotFoundException:
/u01/app/oracle/product/fmw/user_projects/domains/oim_domain/config/fmwconfig/work/AdminServer/policyA/mac
(Permission denied) at
oracle.security.jps.az.internal.runtime.pd.receiver.FileCacheHelper.writeStateCheck(FileCacheHelper.java:241) … …
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221) Caused by: java.io.FileNotFoundException:
/u01/app/oracle/product/fmw/user_projects/domains/oim_domain/config/fmwconfig/work/AdminServer/policyA/mac
(Permission denied)
at java.io.FileOutputStream.open(Native
Method)
at java.io.FileOutputStream.<init>(FileOutputStream.java:221)
at java.io.FileOutputStream.<init>(FileOutputStream.java:171)
at oracle.security.jps.az.internal.runtime.pd.receiver.FileCacheHelper.writeMac(FileCacheHelper.java:633)
at
oracle.security.jps.az.internal.runtime.pd.receiver.FileCacheHelper.writeMac(FileCacheHelper.java:606) |
Resolution:
-
Change
permission of the file from root to oracle (or the application owner)
-
$
chown oracle:oracle /u01/app/oracle/product/fmw/user_projects/domains/oim_domain/config/fmwconfig/work/AdminServer/policyA/mac
-
Also
remove (backup) the stage, data, tmp and cache
folders from AdminServer. Do the same for managed
servers if they were started as well, following the Adminserver
startup with root user
-
Restart
the Admin and managed servers
Cause:
-
It
appears the Admin server was started using root user
Saturday, August 5, 2017
OHS not running; But Opmnctl status shows OHS proc is running with pid=xxxx
OHS not running; But Opmnctl status shows OHS proc is running with pid=xxxx
Observations
- Command ps -ef | grep “<pid xxxx>” returns empty.
- The http.pid file doesn’t exists in ORACLE_INSTANCE/diagnostics/logs/OHS/wcp_ohs1
- Console~OHS~1.log has below entries
“17/11/27 10:57:33 Stop process--------/u01/app/oracle/product/fmw/Oracle_WT1/ohs/bin/apachectl hardstop: httpd (no pid file) not running”
- Opmnctl status is as in below screenshot
- Some cases, even the OHS.log (i.e. <OHS component name>.log) file is not present to get this log
Resolution:
- Even if the ps –ef | grep pid returns blank
- Go ahead and execute kill -9 <OHS PID> with oracle user
- You’ll see that all the opmnctl managed processes get a new PID assigned.
Friday, April 14, 2017
OIM plugin registration error Class not found: oracle.iam.platform.utils.ant.PasswordInputHandler
Error during plugin registration:
/u01/app/oracle/product/fmw/modules/org.apache.ant_1.7.1/bin/ant
-f pluginregistration.xml register
Class not found: oracle.iam.platform.utils.ant.PasswordInputHandler
Steps leading to the error:
|
[oracle@xxxxxxxx plugin_utility]$
/u01/app/oracle/product/fmw/modules/org.apache.ant_1.7.1/bin/ant
-f pluginregistration.xml register Buildfile: pluginregistration.xml register: [echo] [echo]
******************************************************************************* [echo] REGISTRATION TOOL TO
REGISTER [echo]
******************************************************************************* [echo] This tool can be
used to register or unregister plugins to OIM. [echo] [echo] Edit the ant.properties file to set the properties. [echo] Invoke the
corresponding ant targets (register or unregister) to perform registration or
unregistration correspondingly. [echo] [echo] Following are the
additional system properties accepted by the utility. They would be prompted
if not passed at the time of
invoking the utility. [echo] [echo] OIM.Username
(User ID of the oim user) [echo] ServerURL
(URL of the server. WLS : t3://<host>:<port> WAS : corbaloc:iiop:<host>:<port> ) [echo] PluginZipToRegister
(Complete name with path of the plugin file. Required for registering a
plugin.) [echo] [echo] Set the other
properties in ant.properties file: [echo] wls.home/was.home [echo] oim.home [echo] login.config [echo] [echo] [echo]
/u01/app/oracle/product/fmw/Oracle_IDM1/ext/spring.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/ext/jakarta-commons/commons-logging.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/ext/internal/toplink.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/platform/iam-platform-context.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/platform/iam-platform-utils.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/platform/iam-platform-auth-client.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/platform/iam-platform-pluginframework.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/client/oimclient.jar:/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/wlfullclient.jar:/u01/app/oracle/product/fmw/oracle_common/modules/oracle.jrf_11.1.1/jrf-api.jar [input] Enter the oim user id: xelsysadm BUILD FAILED /u01/app/oracle/product/fmw/Oracle_IDM1/server/plugin_utility/pluginregistration.xml:72:
Class not found: oracle.iam.platform.utils.ant.PasswordInputHandler |
Solution: Rebuild the wljarbuilder.jar
|
cd $MW_HOME/wlserver_10.3/server/lib/ pwd /u01/app/oracle/product/fmw/wlserver_10.3/server/lib/ java -jar
wljarbuilder.jar |
RE-Execute, no errors this time
|
[oracle@xxxxxxxxx plugin_utility]$
/u01/app/oracle/product/fmw/modules/org.apache.ant_1.7.1/bin/ant
-f pluginregistration.xml register Buildfile: pluginregistration.xml register: [echo] [echo]
******************************************************************************* [echo] REGISTRATION TOOL TO REGISTER [echo]
******************************************************************************* [echo] This tool can be
used to register or unregister plugins to OIM. [echo] [echo] Edit the ant.properties file to set the properties. [echo] Invoke the
corresponding ant targets (register or unregister) to perform registration or
unregistration correspondingly. [echo] [echo] Following are the
additional system properties accepted by the utility. They would be prompted
if not passed at the time of
invoking the utility. [echo] [echo] OIM.Username
(User ID of the oim user) [echo] ServerURL
(URL of the server. WLS : t3://<host>:<port> WAS : corbaloc:iiop:<host>:<port> ) [echo] PluginZipToRegister
(Complete name with path of the plugin file. Required for registering a
plugin.) [echo] [echo] Set the other
properties in ant.properties file: [echo] wls.home/was.home [echo] oim.home [echo] login.config [echo] [echo] [echo]
/u01/app/oracle/product/fmw/Oracle_IDM1/server/ext/spring.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/ext/jakarta-commons/commons-logging.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/ext/internal/toplink.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/platform/iam-platform-context.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/platform/iam-platform-utils.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/platform/iam-platform-auth-client.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/platform/iam-platform-pluginframework.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/client/oimclient.jar:/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/wlfullclient.jar:/u01/app/oracle/product/fmw/oracle_common/modules/oracle.jrf_11.1.1/jrf-api.jar [input] Enter the oim user id: xelsysadm [input]Enter the oim user password: [input] Enter the server url [WLS : t3://<host>:<port> WAS : corbaloc:iiop:<host>:<port> )]: t3://lzbvidmpdoimms1.na.lzb.hq:14000 [input] Enter name
(complete file name with path) of the plugin file: LzbOimExtensions.zip -register-to-was-server: -register-to-wls-server: [delete] Deleting:
/u01/app/oracle/product/fmw/Oracle_IDM1/server/plugin_utility/20170601174013.tmp [echo] [echo] classpath=/u01/app/oracle/product/fmw/Oracle_IDM1/server/ext/spring.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/ext/jakarta-commons/commons-logging.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/platform/iam-platform-context.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/platform/iam-platform-utils.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/platform/iam-platform-auth-client.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/platform/iam-platform-pluginframework.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/client/oimclient.jar:/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/wlfullclient.jar:/u01/app/oracle/product/fmw/oracle_common/modules/oracle.jrf_11.1.1/jrf-api.jar [echo] [echo] [echo] was_home=null [echo] [echo] [echo] client_home=null [echo] [echo] [echo] xl_home=null [echo] [echo] [echo] mw_home=null [echo] [echo] [echo]
newClasspath=/u01/app/oracle/product/fmw/Oracle_IDM1/server/ext/spring.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/ext/jakarta-commons/commons-logging.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/platform/iam-platform-context.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/platform/iam-platform-utils.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/platform/iam-platform-auth-client.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/platform/iam-platform-pluginframework.jar:/u01/app/oracle/product/fmw/Oracle_IDM1/server/client/oimclient.jar:/u01/app/oracle/product/fmw/wlserver_10.3/server/lib/wlfullclient.jar:/u01/app/oracle/product/fmw/oracle_common/modules/oracle.jrf_11.1.1/jrf-api.jar.:/sample:null/ext/ojdbc14.jar:null/ext/ucp.jar:null/oracle_common/modules/oracle.jmx_11.1.1/jmxspi.jar:null/lib/oimclient.jar:null/server/lib/wlfullclient.jar:null/ext/jakarta-commons/commons-logging.jar:null/ext/commons-logging.jar:null/ext/spring.jar:null/ext/spring.jar:null/server/lib/webserviceclient+ssl.jar:null/platform/iam-platform-utils.jar:null/server/lib/wlclient.jar:null/server/lib/weblogic.jar:null/platform/iam-platform-auth-client.jar:null/features/iam-features-system-configuration.zip:null/features/iam-features-identity.zip:null/features/iam-features-platformservice.zip:null/ext/log4j-1.2.8.jar:null/lib/XellerateClient.jar:null/lib/xlAPI.jar:null/lib/xlLogger.jar:null/lib/xlVO.jar:null/lib/xlUtils.jar:null/lib/xlCrypto.jar:null/lib/xlAuthentication.jar:null/lib/xlDataObjectBeans.jar:null/ext/oscache.jar:null/ext/javagroups-all.jar:null/lib/xlFvcUtil.jar:../../../iam/iam-lib/internal/jrf-api.jar:null/oracle_common/modules/oracle.jrf_11.1.1/jrf-api.jar:null/ext/jrf-api.jar:null/oracle_common/webservices/wsclient_extended.jar:null/oracle_common/modules/oracle.xdk_11.1.0/xmlparserv2.jar:null/oracle_common/modules/oracle.jmx_11.1.1/jmxspi.jar:null/oracle_common/modules/oracle.jmx_11.1.1/jmxframework.jar [echo] Plugin com.lzb.identity.evt.handlers.SomAdminAdminRoleExtension
version 1.0 Registered BUILD SUCCESSFUL Total time: 38 seconds |
Other Possible causes of the issue include:
WL_HOME not set correctly; incorrect entries in ant.properties file
Subscribe to:
Posts (Atom)