Tuesday, October 10, 2017

JPS-01013: The credential store DN cn=CredentialStore,cn=IAM,cn=JPSContext,cn=jpsroot is missing in the store

Problem

If you are trying to start up the OAM AdminServer, you see the following error in the logs, then the server dies:
<Jun 20, 2017 6:46:03 PM GMT> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.JpsException: JPS-01013: The credential store DN cn=CredentialStore,cn=IAM,cn=JPSContext,cn=jpsroot is missing in the store; the target DN must be pre-configured.>
<Jun 20, 2017 6:46:03 PM GMT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.JpsException: JPS-01013: The credential store DN cn=CredentialStore,cn=IAM,cn=JPSContext,cn=jpsroot is missing in the store; the target DN must be pre-configured.
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.JpsException: JPS-01013: The credential store DN cn=CredentialStore,cn=IAM,cn=JPSContext,cn=jpsroot is missing in the store; the target DN must be pre-configured.
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
        at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:888)
        at weblogic.security.SecurityService.start(SecurityService.java:141)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsRuntimeException: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.JpsException: JPS-01013: The credential store DN cn=CredentialStore,cn=IAM,cn=JPSContext,cn=jpsroot is missing in the store; the target DN must be pre-configured.
        at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:190)
        at oracle.security.jps.internal.policystore.TenantJavaPolicyProvider.<init>(TenantJavaPolicyProvider.java:161)
        at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:306)
        at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:279)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsException: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.JpsException: JPS-01013: The credential store DN cn=CredentialStore,cn=IAM,cn=JPSContext,cn=jpsroot is missing in the store; the target DN must be pre-configured.
        at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:3180)
        at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3480)
        at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3466)
        at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:188)
        at oracle.security.jps.internal.policystore.TenantJavaPolicyProvider.<init>(TenantJavaPolicyProvider.java:161)
        Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.service.credstore.CredStoreException: JPS-01055: Could not create credential store instance. Reason oracle.security.jps.JpsException: JPS-01013: The credential store DN cn=CredentialStore,cn=IAM,cn=JPSContext,cn=jpsroot is missing in the store; the target DN must be pre-configured.
        at oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.init(LdapCredentialStore.java:177)
        at oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.<init>(LdapCredentialStore.java:166)
        at oracle.security.jps.internal.credstore.ldap.LdapCredentialStore.<init>(LdapCredentialStore.java:140)
        at oracle.security.jps.internal.credstore.ldap.LdapCredentialStoreProvider.getInstance(LdapCredentialStoreProvider.java:130)
        at oracle.security.jps.internal.credstore.rdbms.DbmsCredentialStoreProvider.getInstance(DbmsCredentialStoreProvider.java:78)
        Truncated. see log file for complete stacktrace
>
 
<Jun 20, 2017 6:46:03 PM GMT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
Solution

1. The DEV_OPSS schema either has no data, or it is a permission thing.

For example, running SELECT COUNT(1) FROM jps_attrs will return 0 records when there should be millions of records in that table.


References
  • Oracle Doc ID 2066916.1 


Applicable Versions
  • Oracle Access Manager 11g

 

5 comments:

SEO Services said...

This is my first time i visit here and I found so many interesting stuff in your blog especially it's discussion, thank you. anti captcha api

Unknown said...

I can see that you a an expert at ur field! I am launching a website soon, and your information will be very useful for me.. Thanks for all your help and wishing you all the success in your business.
security system provider

Anonymous said...

anti captcha api Very informative post . thanks for sharing.

ekaterinaabbe said...

Wynn Resort Atlantic City - MapyRO
Find 경기도 출장안마 Wynn 서울특별 출장샵 Resort Atlantic 이천 출장샵 City, New 성남 출장안마 Jersey, United States, ratings, photos, prices, expert advice, traveler reviews 제천 출장샵 and tips, and more information from  Rating: 7.3/10 · ‎1,537 reviews · ‎Price range: Call

2015 SECURITY SERVICES LTD said...

Awesome post, I read an interesting topic here, and I like your style. and please continue with effective work. Security Services London UK Thank you for sharing this blog here.