12.2.1.4 Oracle Access Manager Post Upgrade Issues

By: Anindita Kar
Topic: Oracle | Posted: Aug 22, 2023 at 1:00 PM EST
Share on:

The issues outlined and elaborated in this blog were specific to the environment and the Oracle Fusion Middleware configuration. Let’s go through a few scenarios.

 

OAM SSO Authentication Failure

Due to the tightening of the URI parsing method in Java SE 8 Update 331 (April 2022 CPU) and later, login fails with “Invalid Username or Password”.

oam

 

From OAM diagnostics log file notice the [] brackets which were not accepted due to Java security updates

[2023-05-01T12:37:58.699-04:00] [wls_oam1] [WARNING] [LIBOVD-40118] [oracle.ods.virtualization.engine.backend.jndi.adapter1.BackendJNDI] [tid: [ACTIVE].ExecuteThread: '47' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 005yeHku9YG7i4KayTaeMG000164000000,0:1:5:4:4] [APP: oam_server] [partition-name: DOMAIN] [tenant-name: GLOBAL] Could not automatically detect binary attribute list: Malformed IPv6 address at index 8: ldap://[directory.xxxxxxxx.yy]:636.

Apply LIB-OVD application patch 34065178 or April 2022 SBP for OAM 12.2.1.4. Refer Doc ID 2865793.1.

 

EM Manager Fusion Middleware Control Blank Login

You get a blank farm page after signing in with EM login credentials. This bug impacts environments upgraded from 12.2.1.3 to 12.2.1.4 and caused due to additional JAR files being added to the CLASSPATH environment variable, esp. after invoking $WL_HOME/server/bin/setWLSEnv.sh prior to starting WebLogic Admin server.

From emoms.log file you can see the below excerpt –

[2023-07-01T09:18:08.443-04:00] [AdminServer] [WARNING] [] [oracle.sysman.emSDK.view.errPopup.ErrorPopupUtil] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: abcd] [ecid: 005zqn3QC4J7i4KayTfd6G0000XK000007,0:5] [APP: em] [partition-name: DOMAIN] [tenant-name: GLOBAL] [[
java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
Caused by: java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
    at oracle.sysman.emSDK.conf.FMWControlConfigManager.getFederatedOracleHomeList(FMWControlConfigManager.java:2064)
    ... 112 more
Caused by: com.oracle.cie.gdr.external.InventoryException: com.oracle.cie.gdr.utils.GdrException: com.oracle.cie.dependency.DependencyException: java.lang.ExceptionInInitializerError
    at com.oracle.cie.gdr.external.impl.OracleHomeInventoryImpl.<init>(OracleHomeInventoryImpl.java:65)
    at com.oracle.cie.gdr.external.impl.OracleHomeInventoryFactory.createInventory(OracleHomeInventoryFactory.java:60)
    at com.oracle.cie.gdr.external.InventoryFactory.getOracleHomeInventory(InventoryFactory.java:99)
    at com.oracle.cie.gdr.external.InventoryUtil.<init>(InventoryUtil.java:77)
    ... 117 more
Caused by: com.oracle.cie.gdr.utils.GdrException: com.oracle.cie.dependency.DependencyException: java.lang.ExceptionInInitializerError
    at com.oracle.cie.gdr.FeatureLoader.loadFeatureSets(FeatureLoader.java:407)
    at com.oracle.cie.gdr.FeatureLoader.loadMetaData(FeatureLoader.java:243)
    at com.oracle.cie.gdr.FeatureLoader.init(FeatureLoader.java:227)
    at com.oracle.cie.gdr.FeatureLoader.<init>(FeatureLoader.java:155)

You can either apply the patch mentioned in Doc ID 2619679.1 and Doc ID 2681156.1 or in a new putty session, do not invoke setWLSEnv.sh before restarting the Admin server.

 

EM Manager Fusion Middleware Control Login Spinning on the Error Page

Log in to the WebLogic console and OAM console works fine but logging in to EM fails as can be seen in the Admin server diagnostic log –

[2023-05-18T18:54:20.287-04:00] [AdminServer] [WARNING] [LIBOVD-60024] [oracle.ods.virtualization.engine.backend.jndi.abcd_ldap_prod] [tid: [ACTIVE].ExecuteThread: '38' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: abcd] [ecid: 005yzyjKjKL7i4KayTfd6G00023D000019,0:5] [APP: em] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: 0000OWl4^7X7y0KayTaeMG1^Pdvp000009] Connection error: simple bind failed: directory.xxxxxx.yy:636.
[2023-05-18T18:54:20.288-04:00] [AdminServer] [NOTIFICATION] [] [oracle.adf.share.config.ADFContextMDSConfigHelperImpl] [tid: [ACTIVE].ExecuteThread: '38' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: abcd] [ecid: 005yzyjKjKL7i4KayTfd6G00023D000019,0:5] [APP: em] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: 0000OWl4^7X7y0KayTaeMG1^Pdvp000009] [[
oracle.adf.share.security.ADFSecurityIdentityProviderException:     
Operations error: entity=ou=People,o=xxxxxxxx.yy op=search mesg=LDAP Error 2 : simple bind failed: directory.xxxxxxxx.yy:636
Caused by: oracle.igf.ids.LDAPConnectionException: Operations error: entity=ou=People,o=xxxxxxxx.yy op=search mesg=LDAP Error 2 : simple bind failed: directory.xxxxxxxx.yy:636  AdditionalInfo: LDAP Error 2 : simple bind failed: directory.xxxxxxxx.yy:636

Caused by: oracle.igf.ids.arisid.ArisIdConnectionException: Operations error: entity=ou=People,o=xxxxxxxx.yy op=search mesg=LDAP Error 2 : simple bind failed: directory.xxxxxxxx.yy:636  AdditionalInfo: LDAP Error 2 : simple bind failed: directory.xxxxxxxx.yy:636

Caused by: oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : simple bind failed: directory.uoguelph.ca:636

Caused by: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : simple bind failed: directory.uoguelph.ca:636

Caused by: javax.naming.CommunicationException: simple bind failed: directory.xxxxxxxx.yy:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]

Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Given that the external LDAP is set up for SSL communication and LDAP root certificate is imported into the custom WebLogic trust store, it must also be imported into the trust store used by LibOVD functionality.

 

Follow the below steps to create a Keystore and import the LDAP cert:

  • Set env variables ORACLE_HOME, WL_HOME, JAVA_HOME, PATH, DOMAIN_HOME.
  • Create Keystore by running libovdconfig.sh from $ORACLE_HOME/oracle_common/bin.
./libovdconfig.sh -host AdminHost -port 7001 -domainPath $DOMAIN_HOME -userName weblogic -createKeystore
  • Import root cert into libOVD keystore.
openssl s_client -showcerts -connect directory.xxxxxxxx.yy:636
keytool -import -alias EntrustRoot -trustcacerts -file server-cert -keystore $DOMAIN_HOME/config/fmwconfig/ovd/default/keystores/adapters.jks
Share on:

More from this Author

Invalid Certificate Chain – Unable to Validate Signed Jar File
By: Anindita Kar
Topic: Oracle | Posted: Oct 26, 2023

Invalid Certificate Chain – Unable to Validate Signed Jar File

After a typical Oracle Forms installation, it is recommended to sign custom JAR files, including jacob.jar to avoid Java run time warning messages. ... Read More

Configure WebLogic Admin and Managed Servers as Native Windows Service
By: Anindita Kar
Topic: Oracle | Posted: Oct 16, 2023

Configure WebLogic Admin and Managed Servers as Native Windows Service

Following the installation of Oracle Fusion Middleware components, it is advisable to configure those as Windows operating system services. A typical ... Read More

Back to Top