Friday, July 21, 2017

BAM-00404 Authentication failed

Problem

Getting the following error in the BAM logs:
[2017-04-12T21:27:03.699+00:00] [bam_server1] [WARNING] [] [oracle.bam.adc.security] [tid: [ACTIVE].ExecuteThread: '87' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: 5e3db6b798b0c5d6:-6f4d0d44:15b6408a2e3:-8000-00000000000019b7,0] [APP: oracle-bam#11.1.1]  [100] Exception occurred in method Authenticator.setUserContext([[
BamSubject:
    BAM USER ID:      0
    User:            
        Name:        weblogic
        Class:       weblogic.security.principal.WLSUserImpl
    Anonymous User:   null
    Application Role:
        Name:        Administrator
        Class:       oracle.security.jps.service.policystore.ApplicationRole
        GUID:        9630B38048C811E3BFF9A38AAABA83CB
        Application: oracle-bam#11.1.1
   Application Role:
        Name:        authenticated-role
        Class:       oracle.security.jps.internal.core.principals.JpsAuthenticatedRoleImpl
        GUID:        null
        Application: null
    Group:           
        Name:        Operators
        Class:       weblogic.security.principal.WLSGroupImpl
    Group:           
        Name:        Administrators
        Class:       weblogic.security.principal.WLSGroupImpl
    Group:           
        Name:        OracleSystemGroup
        Class:       weblogic.security.principal.WLSGroupImpl
    Group:           
        Name:        CrossDomainConnectors
        Class:       weblogic.security.principal.WLSGroupImpl
    Group:           
        Name:        AdminChannelUsers
        Class:       weblogic.security.principal.WLSGroupImpl
    Group:           
        Name:        AppTesters
        Class:       weblogic.security.principal.WLSGroupImpl
    Group:           
        Name:        Monitors
        Class:       weblogic.security.principal.WLSGroupImpl
    Group:           
        Name:        Deployers
        Class:       weblogic.security.principal.WLSGroupImpl)
Exception: oracle.bam.common.security.authentication.AuthenticationException: . User is marked inactive.
  at oracle.bam.adc.security.authentication.Authenticator.synchronizeUser(Authenticator.java:1194)
  at oracle.bam.adc.security.authentication.Authenticator.setUserContext(Authenticator.java:804)
  at oracle.bam.adc.kernel.server.DataStoreServer.setUserContext(DataStoreServer.java:475)
  at oracle.bam.adc.ejb.BamAdcServerBean.interceptor(BamAdcServerBean.java:261)
  at sun.reflect.GeneratedMethodAccessor995.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:606)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  at com.oracle.pitchfork.intercept.JeeInterceptorInterceptor.invoke(JeeInterceptorInterceptor.java:68)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.oracle.pitchfork.intercept.MethodInvocationInvocationContext.proceed(MethodInvocationInvocationContext.java:103)
  at oracle.security.jps.ee.ejb.JpsAbsInterceptor$1.run(JpsAbsInterceptor.java:135)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:464)
  at oracle.security.jps.ee.ejb.JpsAbsInterceptor.runJaasMode(JpsAbsInterceptor.java:122)
  at oracle.security.jps.ee.ejb.JpsAbsInterceptor.intercept(JpsAbsInterceptor.java:193)
  at oracle.security.jps.ee.ejb.JpsInterceptor.intercept(JpsInterceptor.java:113)
  at sun.reflect.GeneratedMethodAccessor992.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:606)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  at com.oracle.pitchfork.intercept.JeeInterceptorInterceptor.invoke(JeeInterceptorInterceptor.java:68)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
  at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
  at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
  at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
  at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
  at com.sun.proxy.$Proxy249.ping(Unknown Source)
  at oracle.bam.adc.ejb.BamAdcServerBean_wf34ei_BamAdcServerRemoteImpl.__WL_invoke(Unknown Source)
  at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
  at oracle.bam.adc.ejb.BamAdcServerBean_wf34ei_BamAdcServerRemoteImpl.ping(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:606)
  at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:89)
  at com.sun.proxy.$Proxy150.ping(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:606)
  at oracle.bam.common.remoting.BamEjbClient.invoke(BamEjbClient.java:1546)
  at com.sun.proxy.$Proxy248.ping(Unknown Source)
  at oracle.bam.adc.api.client.BamAdcClient.ping(BamAdcClient.java:269)
  at oracle.bam.common.remoting.BamEjbClient.isADCServerAvailableForWebAppInit(BamEjbClient.java:1830)
  at oracle.bam.web.shared.WebPage.processRequest(WebPage.java:384)
  at oracle.bam.web.shared.WebPage.processRequest(WebPage.java:350)
  at jsp_servlet._19427.__startpage._jspService(__startpage.java:71)
  at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
  at oracle.bam.web.cache.ClientSideCache.doFilter(ClientSideCache.java:93)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
  at oracle.bam.web.filters.GZIPFilter.doFilter(GZIPFilter.java:97)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
  at oracle.bam.web.filters.ValidateBrowserSession.doFilter(ValidateBrowserSession.java:211)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
  at oracle.bam.web.redirect.Redirect.doFilter(Redirect.java:80)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
  at oracle.bam.web.filters.ValidateBrowserSupport.doFilter(ValidateBrowserSupport.java:138)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
  at oracle.bam.web.filters.CharsetFixupFilter.doFilter(CharsetFixupFilter.java:65)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
  at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:138)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:464)
  at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:121)
  at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:211)
  at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
  at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:138)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:464)
  at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:121)
  at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:211)
  at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
  at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3748)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3714)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2283)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2182)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1499)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

]] 
Solution

1. Log in to the database as DEV_ORABAM.


2. Run the following query:
UPDATE dev_orabam.sysiteruser SET inactive = 0 WHERE username = 'weblogic'; 
COMMIT;
Applicable Versions
  • Oracle Business Activity Monitoring (BAM) 11g (11.1.1.9.0)

 

Getting "NZ Library Error: Unknown error" when starting up OHS

Problem

You may have received the following obscure error when trying to start up OHS. This error would repeat indefinitely in the ohs1.log file:
[2017-04-16T14:19:35.0074+00:00] [OHS] [ERROR:32] [] [core.c] [host_id: soahost1.raastech.com] [host_addr: 192.168.1.13] [pid: 10627] [tid: 139289152765702] [user: oracle] [VirtualHost: SOAHOST1:8898]  NZ Library Error: Unknown error 
Solution

1. Edit httpd.conf.

2. Add the following line at the bottom of the file. It must be the loopback address, and any available port:
Listen 127.0.0.1:9999

3. Restart OHS.

 
 
References
 
Applicable Versions
  • Oracle WebTier 11g (11.1.1.9.0)

 

Tuesday, July 18, 2017

Keytool usage and examples

List

keytool -list    -keystore cacerts

keytool -list -v -keystore cacerts

keytool -list -v -keystore raastech.jks -storepass changeit


Change Keystore Password

keytool -storepasswd -new changeit -keystore raastech.jks -storepass changeit


Import

keytool -import -trustcacerts -file CA.cer -alias ca -keystore cacerts

keytool -import -v -noprompt -trustcacerts -alias ca -file CA.cer -keystore trust.jks -storepass changeit


Import Keystore

keytool -importkeystore -srckeystore raastech.p12 -srcstoretype PKCS12 -destkeystore raastech.jks


Delete Alias from Keystore

keytool -delete -alias ca -keystore cacerts -storepass changeit



 

Sunday, July 16, 2017

Error while starting cluster: (Wrapped) java.io.IOException: Keystore was tampered with, or password was incorrect

Problem

Seeing the following in the log during startup of oam_server1:
[oam_server1] [ERROR] [] [Coherence] [tid: Logger@1725259747 3.7.1.1] [userId: ] [ecid: 0000Kcfv^DM7ECK6yVuXMG1KXY0q000002,0] [APP: oam_server#11.1.2.0.0] 2015-10-12 03:08:58.358/302741.698 Oracle Coherence GE 3.7.1.1 (thread=Configuration Store Observer, member=n/a): Error while starting cluster: (Wrapped) java.io.IOException: Keystore was tampered with, or password was incorrect.
Solution

The .cohstore.jks keystore file is corrupt and must be restored from backup.

If the password in the .cohstore.jks keystore file is corrupt, even though you may be able to get the password using a WLST command, it needs to be restored from backup.

1. Start the AdminServer.

2. Connect to Enterprise Manager (/em).

3. Locate the Domain in the left navigation panel.

4. Right click and select Security > Credentials.

5. Delete the credential Map key pair (OAM_STORE, coh).

6. Restart the AdminServer. This will re-create the Coherence Bootstrap artifact and reset the required password.

 
References
 
Applicable Versions
  • Oracle Access Manager 11g R2 PS2 (11.1.2.2.0)

 

Thursday, July 13, 2017

[Quick Tip] Jenkins: Skip the Wizard

If you are trying to setup Jenkins in an automated way you may setup the config files, but still get the setup screen despite not needing it.

You can simply add jenkins.install.runSetupWizard=false to the start up script and you're home free.

Enabling "Execution Tracing" and "Message Tracing" in OSB does not work

Problem

I enabled Execution Tracing and Message Tracing on an OSB proxy service, but nothing is appearing in the logs.


Solution

1. Navigate to Servers > osb_server1 > Logging.

2. Click on Advanced.

3. Set Minimum severity to Log to "DEBUG".

4. Set Log file : Severity Level to "DEBUG".

5. Save and Activate changes.



Applicable Versions
  • Oracle Service Bus (OSB) 11g (11.1.1.9.0)

 

Tuesday, July 4, 2017

OID/LDAP command usage and examples

Set Environment
export ORACLE_INSTANCE=/u01/app/oracle/middleware/asinst_1 
export ORACLE_HOME=/u01/app/oracle/middleware/Oracle_OID
Bind Admin
$ORACLE_HOME/bin/ldapbind -h oidhost -p 3060 -D cn=orcladmin -w welcome1

$ORACLE_HOME/bin/ldapbind -h oidhost -p 3060 -D "cn=orcladmin,cn=users,dc=raastech" -w welcome1
Bind User
$ORACLE_HOME/bin/ldapbind -h oidhost -p 3060 -D "cn=ahmed,cn=users,dc=raastech" -w welcome1
Bind on SSL Port
$ORACLE_HOME/bin/ldapbind -h oidhost -p 3131 -U 1 -D cn=orcladmin -w welcome1
Search
$ORACLE_HOME/bin/ldapsearch -h oidhost -p 3131 -U 1 -D cn=orcladmin -s sub "(objectclass=*)" -w welcome1
Add User
Create file: oid_add_user.ldif

dn: cn=ahmed,cn=users,dc=raastech
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: ahmed
givenName: ahmed
sn: ahmed
cn: ahmed
mail: ahmed@ahmed.ahmed
userPassword: welcome1


$ORACLE_HOME/bin/ldapmodify -h oidhost -p 3060 -D cn=orcladmin -w welcome1 -f oid_add_user.ldif
Change Password
Create file: oid_update_password.ldif

dn: cn=ahmed,cn=users,dc=raastech
changetype: modify
replace: userPassword
userPassword: welcome1


$ORACLE_HOME/bin/ldapmodify -h oidhost -p 3060 -D cn=orcladmin -w welcome1 -f oid_update_password.ldif
Delete User
Create file: oid_delete_user.ldif

dn: cn=ahmed,cn=users,dc=raastech
changetype: delete

$ORACLE_HOME/bin/ldapmodify -h oidhost -p 3060 -D cn=orcladmin -w welcome1 -f oid_delete_user.ldif

 
Applicable Versions
  • Oracle Internet Directory (OID) 11g

 

WebLogic Routing Configuration in mod_wl_ohs.conf for OBIEE 11g

1. Edit this file:
/u01/app/oracle/middleware/Oracle_WT1/instances/obiee/config/OHS/ohs1/mod_wl_ohs.conf
2. Add these entries (modify hostnames accordingly):
<Location /analytics>
  SetHandler weblogic-handler
  WebLogicCluster obieehost1:9701,obieehost2:9701
  WLProxySSL ON
  WLProxySSLPassThrough ON
</Location>

<Location /xmlpserver>
  SetHandler weblogic-handler
  WebLogicCluster obieehost1:9701,obieehost2:9701
  WLProxySSL ON
  WLProxySSLPassThrough ON
</Location>
 
Applicable Versions
  • Oracle HTTP Server (OHS) 11g (11.1.1.9.0)
  • OBIEE 11g (11.1.1.9.0)

 

Monday, July 3, 2017

Convert a .p12 file to .pem

PEM files are fully encrypted. 

Openssl can turn a P12 file in a PEM file with both public and private keys using this command: 
openssl pkcs12 -in certinput.p12 -out certoutput.pem -nodes

References





Friday, June 30, 2017

[Quick Tip] Git: Intermediate versioning with the index.

If you use git on a daily basis then you're probably familiar with the typical:
git add somefile.txt
git commit
<Write your commit message>

One of the nice things has always been that you can do your commits locally before pushing it out to your remote repository (if you ever do that).  If you prefer expedience many people will skip the add step when they can by just using git commit -am "Commit Message". However sometimes when dealing with a non-trivial issue you may have many iterations that you can work with before what every you're doing is done. My typical method for this is to just commit and say WIP or work in progress. That way I can see where I know that the build might fail.

If I feel really motivated I may even go back to squash. However, let's say that you're not the type to commit until you have something fully working. Then I say you have a way. One of the nice features that I think many people overlook is the index. It sits in limbo between your working copy and the commit history. And it allows you to track your progress as you go along.


Wednesday, June 14, 2017

Getting "No exception handler was found for an application exception" when accessing BPM Worklist

Problem

The BPM Worklistapp used to come up, now it's not responding anymore. This is the URL we are accessing:
http://soahost1:8001/integration/worklistapp
This error keeps repeating indefinitely in soa_server1-diagnostic.log when trying to access the URL above:
[2017-03-09T04:22:28.948+00:00] [soa_server1] [ERROR] [ADFC-50018] [oracle.adfinternal.controller.application.AdfcExceptionHandler] [tid: [ACTIVE].ExecuteThread: '20' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 15cfa3f60e080317:21a68021:15ab1488662:-8000-0000000000006504,0] [APP: worklistapp] ADFc: No exception handler was found for an application exception.[[
com.sun.faces.mgbean.ManagedBeanCreationException: An error occurred performing resource injection on managed bean applicationPreferences
at com.sun.faces.mgbean.BeanBuilder.invokePostConstruct(BeanBuilder.java:229)
at com.sun.faces.mgbean.BeanBuilder.build(BeanBuilder.java:110)
at com.sun.faces.mgbean.BeanManager.createAndPush(BeanManager.java:406)

[2017-03-09T13:24:24.418+00:00] [soa_server1] [ERROR] [] [org.springframework.web.context.ContextLoader] [tid: [ACTIVE].ExecuteThread: '65' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: 40fc29145d7eb718:6df988fe:15ab33350ce:-8000-000000000000f3d3,0] [APP: soa-infra] Context initialization failed[[
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'bpmUserAuthenticationService' defined in URL [zip:/u01/app/oracle/middleware/Oracle_SOA1/soa/modules/oracle.bpm.runtime_11.1.1/oracle.bpm.bpm-services.implementation.jar!/oracle/bpm/services/config/spring-applicationContext.xml]: Cannot resolve reference to bean 'bpmUserAuthenticationServiceImplementation' while setting bean property 'target'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'bpmUserAuthenticationServiceImplementation' defined in URL [zip:/u01/app/oracle/middleware/Oracle_SOA1/soa/modules/oracle.bpm.runtime_11.1.1/oracle.bpm.bpm-services.implementation.jar!/oracle/bpm/services/config/spring-applicationContext.xml]: Initialization of bean failed; nested exception is org.springframework.beans.TypeMismatchException: Failed to convert property value of type [com.sun.proxy.$Proxy294 implementing oracle.bpel.services.workflow.verification.IVerificationService,org.springframework.aop.SpringProxy,org.springframework.aop.framework.Advised] to required type [oracle.bpel.services.workflow.verification.IVerificationService] for property 'verificationService'; nested exception is java.lang.IllegalArgumentException: Cannot convert value of type [com.sun.proxy.$Proxy294 implementing oracle.bpel.services.workflow.verification.IVerificationService,org.springframework.aop.SpringProxy,org.springframework.aop.framework.Advised] to required type [oracle.bpel.services.workflow.verification.IVerificationService] for property 'verificationService': no matching editors or conversion strategy found
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:275)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'bpmUserAuthenticationServiceImplementation' defined in URL [zip:/u01/app/oracle/middleware/Oracle_SOA1/soa/modules/oracle.bpm.runtime_11.1.1/oracle.bpm.bpm-services.implementation.jar!/oracle/bpm/services/config/spring-applicationContext.xml]: Initialization of bean failed; nested exception is org.springframework.beans.TypeMismatchException: Failed to convert property value of type [com.sun.proxy.$Proxy294 implementing oracle.bpel.services.workflow.verification.IVerificationService,org.springframework.aop.SpringProxy,org.springframework.aop.framework.Advised] to required type [oracle.bpel.services.workflow.verification.IVerificationService] for property 'verificationService'; nested exception is java.lang.IllegalArgumentException: Cannot convert value of type [com.sun.proxy.$Proxy294 implementing oracle.bpel.services.workflow.verification.IVerificationService,org.springframework.aop.SpringProxy,org.springframework.aop.framework.Advised] to required type [oracle.bpel.services.workflow.verification.IVerificationService] for property 'verificationService': no matching editors or conversion strategy found
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:480)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)

Caused by: org.springframework.beans.TypeMismatchException: Failed to convert property value of type [com.sun.proxy.$Proxy294 implementing oracle.bpel.services.workflow.verificat
 Doing a wget showed the following:
oracle@soahost1:/tmp> wget http://soahost1:8001/integration/worklistapp
 --2017-03-09 12:52:13-- http://soahost1:8001/integration/worklistapp
 Resolving soahost1 (soahost1)... 192.168.0.10
 Connecting to soahost1 (soahost1)|192.168.0.10|:8001... connected.
 HTTP request sent, awaiting response... 302 Moved Temporarily
 Location: http://soahost1:8001/integration/worklistapp/ [following]

 --2017-03-09 12:52:13-- http://soahost1:8001/integration/worklistapp/
 Reusing existing connection to soahost1:8001.
 HTTP request sent, awaiting response... 302 Moved Temporarily
 Location: http://soahost1:8001/integration/worklistapp/faces/login.jspx [following]

 --2017-03-09 12:52:13-- http://soahost1:8001/integration/worklistapp/faces/login.jspx
 Reusing existing connection to soahost1:8001.
 HTTP request sent, awaiting response... 302 Moved Temporarily
 Location: http://soahost1:8001/integration/worklistapp/faces/login.jspx?_adf.ctrl-state=118tn4s5c5_4 [following]

 --2017-03-09 12:52:13-- http://soahost1:8001/integration/worklistapp/faces/login.jspx?_adf.ctrl-state=118tn4s5c5_4
 Reusing existing connection to soahost1:8001.
 HTTP request sent, awaiting response... 302 Moved Temporarily
 Location: http://soahost1:8001/integration/worklistapp/faces/helppages/errorPage.jspx [following]

 --2017-03-09 12:52:13-- http://soahost1:8001/integration/worklistapp/faces/helppages/errorPage.jspx
 Reusing existing connection to soahost1:8001.
 HTTP request sent, awaiting response... 302 Moved Temporarily
 Location: http://soahost1:8001/integration/worklistapp/faces/login.jspx [following]

 --2017-03-09 12:52:13-- http://soahost1:8001/integration/worklistapp/faces/login.jspx
 Reusing existing connection to soahost1:8001.
 HTTP request sent, awaiting response... 302 Moved Temporarily
 Location: http://soahost1:8001/integration/worklistapp/faces/login.jspx?_adf.ctrl-state=118tn4s5c5_8 [following]

 --2017-03-09 12:52:13-- http://soahost1:8001/integration/worklistapp/faces/login.jspx?_adf.ctrl-state=118tn4s5c5_8
 Reusing existing connection to soahost1:8001.
 HTTP request sent, awaiting response... 302 Moved Temporarily
 Location: http://soahost1:8001/integration/worklistapp/faces/helppages/errorPage.jspx [following]

 --2017-03-09 12:52:13-- http://soahost1:8001/integration/worklistapp/faces/helppages/errorPage.jspx
 Reusing existing connection to soahost1:8001.
 HTTP request sent, awaiting response... 302 Moved Temporarily
 Location: http://soahost1:8001/integration/worklistapp/faces/login.jspx [following]

 --2017-03-09 12:52:13-- http://soahost1:8001/integration/worklistapp/faces/login.jspx
 Reusing existing connection to soahost1:8001.
 HTTP request sent, awaiting response... 302 Moved Temporarily
 Location: http://soahost1:8001/integration/worklistapp/faces/login.jspx?_adf.ctrl-state=118tn4s5c5_12 [following]
We DISABLED the following setting on both "soa_server1" and "soa_server2" managed servers:
SSL Listen Port Enabled.
You will find that this is the SAME EXACT error described in this Oracle documentation troubleshooting guide in section B.2.3:
http://docs.oracle.com/cd/E25178_01/admin.1111/e10226/appx_trouble.htm
We increased the FacadeFinderBean "Transaction Timeout" on the WebLogic Console from 600 to 10000, but this did not help.


Solution

1. Log in to the EM Console

2. Expand WebLogic Domain

3. Right-click on soadomain

4. Navigate to Security > Credentials

5. Expand SOA

6. Edit the entry and modify the password to the keystore password


 
Applicable Versions
  • Oracle SOA Suite 11g (11.1.1.9.0)

 



Monday, June 12, 2017

Example using orapki

Here is a quick example demonstrating how to list the contents of the default Oracle Wallet in Oracle WebTier 12c using orapki.

Keep in mind the following:
  • The default wallet is auto-login enabled, so it is not necessary to use the -pwd option to include the password.
  • orapki requires Java, so make sure to set your Java environment appropriately.
  • In some products, the default password for the default wallet is "welcome".

-----

oracle@soahost1:/u01> export MW_HOME=/u01/app/oracle/products/fmw1221

oracle@soahost1:/u01> export JAVA_HOME=/u01/jdk1.8.0_102

oracle@soahost1:/u01> export PATH=$JAVA_HOME/bin:$PATH

oracle@soahost1:/u01> $MW_HOME/oracle_common/bin/orapki wallet display -wallet $MW_HOME/user_projects/domains/ohs_domain/config/fmwconfig/components/OHS/instances/ohs1/keystores/default -complete

Oracle PKI Tool : Version 12.2.1.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Found Auto Login Only (ALO) wallet.
Option -pwd is not recognized and ignored.
Requested Certificates:
User Certificates:
Subject:        CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY
Issuer:         CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY
Serial Number:  00
Key Length      1024
MD5 digest:     80:81:B2:49:CC:1E:1A:3C:6B:C6:23:C5:DF:BF:C3:32
SHA digest:     80:3E:47:A3:6D:8C:78:D0:00:99:48:FA:C9:1D:E2:2F:F8:FE:B0:D1

Trusted Certificates:
Subject:        CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY
Issuer:         CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY
Serial Number:  00
Key Length      1024
MD5 digest:     80:81:B2:49:CC:1E:1A:3C:6B:C6:23:C5:DF:BF:C3:32
SHA digest:     80:3E:47:A3:6D:8C:78:D0:00:99:48:FA:C9:1D:E2:2F:F8:FE:B0:D1


References





Thursday, June 1, 2017

Getting OAM-02073 when WebGate agent communicates to Oracle Access Server 11.1.2.3

Problem

In this particular scenario, you are trying to single sign-on an OHS server against OAM 11g. The products currently installed are Oracle Access Manager 11.1.2.3.0 and Oracle HTTP Server 11.1.1.9 with Oracle WebGate 11.1.2.1.0 deployed to it.

When we start up OHS, this error keeps repeating every 20 seconds in ohs1.log:
[2017-02-28T22:00:51.0079+00:00] [OHS] [ERROR:32] [OHS-9999] [core.c] [client_id: ::1] [host_id: toadsprod555555.com] [host_addr: 192.168.1.12] [tid: 140187036239616] [user: oracle] [ecid: 000Fzzx0g00009Ya05IPtKHC04Fw00000a] [rid: 0] [VirtualHost: main] The Access Server has returned a fatal error with no detailed information.
This also shows up in oblog.log:
2017/02/28@21:59:51.00782 39099 39114 ACCESS_SDK ERROR 0x0000182D /ade/aime_ngamac_497961/ngamac/src/palantir/access_api/src/obresource_request.cpp:299 "The Access Server has returned a fatal error with no detailed information." raw_code^302  
2017/02/28@21:59:51.00789 39099 39114 ACCESS_GATE ERROR 0x0000151A /ade/aime_ngamac_497961/ngamac/src/palantir/webgate2/src/isprotected.cpp:296 "Failure to connect to Access Server" HTTPStatus^500 Error^The Access Server has returned a fatal error with no detailed information.  
2017/02/28@21:59:51.00793 39099 39114 WEB ERROR 0x0000151F /ade/aime_ngamac_497961/ngamac/src/palantir/commonlib/src/apache2_req_info.cpp:226 "WebGate Error Report" Message^The Access Server has returned a fatal error with no detailed information. ReqReq^HEAD /index.html HTTP/1.1 ReqProto^HTTP/1.1 ReqHost^toadsprod555555.com ReqStatLine^ ReqStatus^200 ReqRawUri^/index.html ReqUri^/index.html ReqFilename^/u01/app/oracle/middleware/Oracle_WT1/instances/ohs1/config/OHS/ohs1/htdocs/index.html ReqPath^ ReqArgs^ 
This is the error that appears in oam_server1.out managed server log:
<Feb 28, 2017 9:59:11 PM GMT> <Warning> <oracle.oam.controller> <OAM-02073> <Error while checking if the resource is protected or not. 
<Feb 28, 2017 9:59:11 PM GMT> <Error> <oracle.oam.proxy.oam> <OAM-04029> <Error in generating AMEvent. Details Event Response status is STATUS_FAIL for GET_AUTHN_SCHEME event. Error code OAM-02073 status fail isExcluded false 
<Feb 28, 2017 9:59:11 PM GMT> <Error> <oracle.oam.proxy.oam> <OAM-04020> <Exception encountered while processing the request message:
oracle.security.am.proxy.oam.requesthandler.OAMProxyException: Event Response status is STATUS_FAIL for GET_AUTHN_SCHEME event. Error code OAM-02073 status fail isExcluded false
at oracle.security.am.proxy.oam.requesthandler.NGProvider.checkProtected(NGProvider.java:4859)
at oracle.security.am.proxy.oam.requesthandler.NGProvider.getIsRescProtectedResponse(NGProvider.java:1481)
at oracle.security.am.proxy.oam.requesthandler.NGProvider.getResponse(NGProvider.java:385)
at oracle.security.am.proxy.oam.requesthandler.RequestHandler.handleRequest(RequestHandler.java:366)
at oracle.security.am.proxy.oam.requesthandler.RequestHandler.handleMessage(RequestHandler.java:170)
at oracle.security.am.proxy.oam.requesthandler.ControllerMessageBean.getResponseMessage(ControllerMessageBean.java:122)
at oracle.security.am.proxy.oam.requesthandler.ControllerMessageBean_eo7ylc_MDOImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.MDOMethodInvoker.invoke(MDOMethodInvoker.java:35)
at oracle.security.am.proxy.oam.requesthandler.ControllerMessageBean_eo7ylc_MDOImpl.getResponseMessage(Unknown Source)
at oracle.security.am.proxy.oam.mina.ObClientToProxyHandler.messageReceived(ObClientToProxyHandler.java:231)
at org.apache.mina.common.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:743)
at org.apache.mina.common.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:405)
at org.apache.mina.common.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:40)
at org.apache.mina.common.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:823)
at org.apache.mina.common.IoFilterEvent.fire(IoFilterEvent.java:54)
at org.apache.mina.common.IoEvent.run(IoEvent.java:62)
at oracle.security.am.proxy.oam.mina.CommonJWorkImpl.run(CommonJWorkImpl.java:41)
at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:184)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>
Solution

1. Check out these Oracle Support docs to see if it solves your problem:
  • Doc ID 1678095.1
  • Doc ID 1556223.1
  • Doc ID 1492637.1
  • Doc ID 1662513.1
2. If none of the solutions above works for you, then check out your Host Identifier configuration. You may have incorrectly deleted the row as shown in this screenshot:


Applicable Versions
  • Oracle Access Manager 11.1.2.3.0
  • Oracle HTTP Server 11.1.1.9
  • Oracle WebGate 11.1.2.1.0

 

Tuesday, May 30, 2017

Raastech @ BGOUG

Will you be attending BGOUG this June 2-4 in Pravets, Bulgaria? If so, then check out some of the presentations we'll be giving!



Title
Oracle Compute Cloud vs. Amazon Web Services EC2 – A Hands-On Showdown
Description
We walk through the end-to-end process of provisioning an Oracle Compute Cloud instance from scratch - adding storage, defining firewall rules, creating a private key, and connecting through VNC. Then we do the same thing with Amazon Web Services (AWS) EC2. Speed of provisioning is one of the benefits of the cloud, so let's embark on this live walkthrough together, see how easy it is to get up and running, and compare the IaaS offering from Oracle and Amazon.
Date
Sat, June 3, 2017
Time
12:30pm - 1:30pm
Presenter



Title
Developing Web Services from Scratch – For DBAs and Developers
Description
WSDL. XSD. SOAP. Namespaces. Port types. If these terms make little sense, this presentation is for you. By the end of this presentation, you will completely understand how to dissect and decipher a web service interface, understand key design patterns, and learn how to develop top-down and bottom-up web services in technologies such as Java and Oracle SOA Suite. Want to know how to expose a PL/SQL package as a web service? This technical presentation, one of my most popular, is intended for DBAs and database developers who want to know what it takes to design and create web services.
Date
Sat, June 3, 2017
Time
4:00pm - 5:00pm
Presenter





See you there!

Wednesday, May 24, 2017

Source Control: Why Commit Messages Matter.

This was post was first inspired by the Erlang Repo.

While I may not always be the best at following this wisdom. I have significantly increased my ratio of "good" commit messages to "bad" commit messages.

Past Tense vs Present
Since I know this can turn into a bit of a holy war I will just cover it and move on.
Most people are trying answer the question: What did this commit do?
Added files
Deleted files
 but for my commit messages I tend towards the question: What does this commit do? OR What will this commit do?
Add files
Delete files
I believe that a lot of this comes from the fact that when a developer is working on code. That are thinking about what they just did. That's valid, and so I understand why so many trend towards past tense. However, if you are thinking about it from a merging and patching perspective it takes on a lot of different meaning.

Ok, so now that we are beyond that why should we have good messages? If I look back through the commit log and all I see is, "Minor Fix", "Changed Names", "Did some refactoring". When I come back next week or later, those changes aren't going to mean anything to me. Then you have to take the time to delve through all the commits and figure out what has happened.

Instead making commit messages that look like "Update MyTrigger to only accept parameters with a minimum length of 5" or if you're grouping larger efforts you can say things like:
Change Collection Module logging from OkLogger to SuperLogger 

- Refactor log statements to abide with the different signature of SuperLogger
- Change dependency from OkLogger to SuperLogger

This may not sound like it would take too much effort, but you would not be live the amount of time that I've saved by having good commit messages. Just like any advice you can take it or leave it, but a little extra time on commit messages can save a lot more later when you're trying to track down why all of a sudden you're getting references to frameworks you thought you removed ages ago.



Tuesday, May 16, 2017

Maven: Digging Deeper with -X

While I like many people sometimes I have to run over to StackOverflow to figure out an issue. I have made a habit of working through the issue myself first. So when I encounter an error like this one below.


A lot of times people will just take goal org.apache.maven.plugins:maven-enforcer-plugin:1.3.1:enforce failed. NullPointerException and place it into the search engine trying to figure out what the issue is, by going through a few of the links seeing if they have solutions. Maybe try them, get down a further whole, etc. Let's do it different this time.

Take the solution into our own hands. The first thing you need to do is just read the rest of the output. If you notice there's an option -X which provides full debug output, so our command should look something like mvn clean install -X where the -X it simply appended to your original command. Now as a forewarning this will output a TON, so be prepared for that. If your cli window starts clipping history too soon you may want to opt for redirecting the output to a file. For example: mvn clean install -X > output.log This should give you the ability to browse through the output and search for potential issues.

Now with the command completed again we can look for the issue. I generally like to start from the bottom. So if you are using vi you can use the :$ command to go the the last line, and begin paging up from there. In most cases since the solution can be found by seeing just the error. In more complex situation you may want to see what warnings occur further up in the output that may clue into what may actually be causing the error. So what is our issue in this case?


It appears that something is wrong with one of our libraries, and it appears to be corrupt. This was likely caused by an incomplete retrieval of the dependency. To solve this simply remove the parent folder with rm -rf /Users/harolddost/.m2/repository/com/sun/jersey/jersey-core/1.5 and then run maven again.


Success!

I hope that this guide has been helpful, and maybe a little bit inspiring to not just look for solutions others have come up with, but to come up with your own.

Happy Troubleshooting!

Monday, May 8, 2017

Getting "Invalid method in request \x16\x03\x03" after configuring SSL in OHS

Problem

You may have received the following obscure error when trying to start up OHS after configuring SSL. This error would appear in the ohs1.log file:
[2017-05-26T03:36:34.5467+00:00] [OHS] [ERROR:32] [OHS-9999] [core.c] [client_id: 192.168.1.14] [host_id: ohshost2.raastech.com] [host_addr: 192.168.1.12] [tid: 148714440300748] [user: oracle] [ecid: 005ILyaQOA000E8d09q0yige6aMWV00028] [rid: 0] [VirtualHost: main]  Invalid method in request \x16\x03\x03 
Solution

"This error is due to a misconfiguration of VirtualHost with SSL. The server is trying to respond to a request on port 443 with unencrypted HTTP. In other words, your browser is expecting SSL, but the server is sending plain HTTP on port 443." (Source)

1. Edit ssl.conf.

2. Confirm that the Listen and VirtualHost tags are using the same hosts and ports, and correct them if necessary:
WRONG:
Listen 443
<VirtualHost *:8080>
RIGHT:
Listen 443
<VirtualHost *:443>
3. Restart OHS.
 
4. If that does not work, try putting the fully qualified domain name:
OLD:
Listen 443
<VirtualHost *:443>
NEW:
Listen ohshost2.raastech.com:443
<VirtualHost ohshost2.raastech.com:443>



Applicable Versions
  • Oracle WebTier 11g (11.1.1.9.0)

 

Thursday, May 4, 2017

Check if an XML file is well-formed in Linux

Do you want to know if a particular XML file is well-formed or malformed in Linux? Consider using xmllint.

If the return result is 0, then the XML file is well-formed:
oracle@soahost1:/tmp> xmllint --noout config.xml; echo $? 
0

If the return result is 1, then the XML is malformed:
oracle@soahost1:/tmp> xmllint --noout config.xml; echo $? 
config.xml:7: parser error : Opening and ending tag mismatch: domain line 2 and configuration-property 
  </configuration-property> 
                           ^ 
config.xml:8: parser error : Extra content at the end of the document 
  <domain-version>12.2.1.1.0</domain-version> 
  ^ 
1

If you want to recursively check all XML files, this command will do it for you:

for i in `find . -name "*.xml"`; do echo $i; xmllint --noout $i; echo $?; done




Thursday, April 13, 2017

Installing the Oracle APM Java Agent on WebLogic

Oracle Application Performance Monitoring (APM) Cloud Service provides development and operations teams with the information that they need to find and fix application issues fast. All your application performance information (with associated application logs) are brought together into Oracle Management Cloud’s unified platform.

This blog post describes how to install the Oracle APM Java Agent for WebLogic, so that you can immediately start monitoring your WebLogic environments.


Get the Agent registration key

The Agent "registration key" is required during the installation of the agent. This identifies the APM Cloud Service that the agent is supposed to connect to.

1. Login to the Oracle Cloud My Services:
https://myservices.us2.oraclecloud.com/mycloud/<identitydomain>/faces/dashboard.jspx
2. Open the APM Service Console:


3. Click on the Application navigator icon:
4. Under Administration, click on Agents.

5. Click on Registration Keys.

6. Copy your Registration Key Value.


Download the Agent onto the Linux server running WebLogic

The Agent is normally downloaded from the Oracle Management Cloud service (it is a small zip file), and must be manually copied to your Linux server. For simplicity, the instructions below allow you to easily download it from a hosted environment directly to your server.

7. Copy the Agent to your Linux server.
AgentInstall.sh


Install and configure the Agent

Installing the Agent simply involves executing a few command line scripts, modifying the WebLogic startup script, and bouncing the WebLogic managed servers.

8. Set the environment in preparation of installing the APM Agent:
export STAGE_DIR=/u01/app/oracle/apm_agent
export DOMAIN_HOME=/u01/app/oracle/user_projects/domains/base_domain
export REG_KEY=<your registration key>
export GW_HOST=
export GW_PORT=
9. Install the APM Agent:
./AgentInstall.sh AGENT_TYPE=apm_java_as_agent STAGE_LOCATION=${STAGE_DIR} AGENT_REGISTRATION_KEY=${REG_KEY}
10. Provision the APM Agent:
cd ${STAGE_DIR} 
chmod +x ProvisionApmJavaAsAgent.sh
./ProvisionApmJavaAsAgent.sh -d ${DOMAIN_HOME}
11. When prompted, enter "Y" and press ENTER.
Do you wish to proceed with these values? Y
12. Edit the WebLogic startup script:
vi ${DOMAIN_HOME}/bin/startWebLogic.sh
13. Add the Java agent line right after the "setDomainEnv.sh" call:
JAVA_OPTIONS="${JAVA_OPTIONS} -javaagent:${DOMAIN_HOME}/apmagent/lib/system/ApmAgentInstrumentation.jar"

14. Restart the AdminServer and all managed servers:
cd $DOMAIN_HOME/bin 
./stopWebLogic.sh 
nohup ${DOMAIN_HOME}/startWebLogic.sh >> ${DOMAIN_HOME}/AdminServer.out &


Here is the Oracle documentation for installing the Oracle APM Java Agent on WebLogic.


-----

This blog post is part of a series of blog posts related to the Oracle Management Cloud: