Tuesday, October 10, 2017

JPS-01013: The credential store DN cn=CredentialStore,cn=IAM,cn=JPSContext,cn=jpsroot is missing in the store

Problem

If you are trying to start up the OAM AdminServer, you see the following error in the logs, then the server dies:
<Jun 20, 2017 6:46:03 PM GMT> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.JpsException: JPS-01013: The credential store DN cn=CredentialStore,cn=IAM,cn=JPSContext,cn=jpsroot is missing in the store; the target DN must be pre-configured.>
<Jun 20, 2017 6:46:03 PM GMT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.JpsException: JPS-01013: The credential store DN cn=CredentialStore,cn=IAM,cn=JPSContext,cn=jpsroot is missing in the store; the target DN must be pre-configured.
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.JpsException: JPS-01013: The credential store DN cn=CredentialStore,cn=IAM,cn=JPSContext,cn=jpsroot is missing in the store; the target DN must be pre-configured.
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
        at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:888)
        at weblogic.security.SecurityService.start(SecurityService.java:141)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsRuntimeException: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.JpsException: JPS-01013: The credential store DN cn=CredentialStore,cn=IAM,cn=JPSContext,cn=jpsroot is missing in the store; the target DN must be pre-configured.
        at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:190)
        at oracle.security.jps.internal.policystore.TenantJavaPolicyProvider.<init>(TenantJavaPolicyProvider.java:161)
        at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:306)
        at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:279)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsException: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.JpsException: JPS-01013: The credential store DN cn=CredentialStore,cn=IAM,cn=JPSContext,cn=jpsroot is missing in the store; the target DN must be pre-configured.
        at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:3180)
        at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3480)
        at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3466)
        at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:188)
        at oracle.security.jps.internal.policystore.TenantJavaPolicyProvider.<init>(TenantJavaPolicyProvider.java:161)
        Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.service.credstore.CredStoreException: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.JpsException: JPS-01013: The credential store DN cn=CredentialStore,cn=IAM,cn=JPSContext,cn=jpsroot is missing in the store; the target DN must be pre-configured.
        at oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.init(LdapCredentialStore.java:177)
        at oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.<init>(LdapCredentialStore.java:166)
        at oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.<init>(LdapCredentialStore.java:140)
        at oracle.security.jps.internal.credstore.ldap.LdapCredentialStoreProvider.getInstance(LdapCredentialStoreProvider.java:130)
        at oracle.security.jps.internal.credstore.rdbms.DbmsCredentialStoreProvider.getInstance(DbmsCredentialStoreProvider.java:78)
        Truncated. see log file for complete stacktrace
>
 
<Jun 20, 2017 6:46:03 PM GMT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
Solution

1. The DEV_OPSS schema either has no data, or it is a permission thing.

For example, running SELECT COUNT(1) FROM jps_attrs will return 0 records when there should be millions of records in that table.


References
  • Oracle Doc ID 2066916.1 


Applicable Versions
  • Oracle Access Manager 11g

 

No comments: