Thursday, November 26, 2009

ESB cluster: both ESBDT instances up.

In the documentation of the clustering is described that the opmn.xml must be changed.

The oc4j_esbdt container should look like:

<process-type id="OC4J_ESBDT" module-id="OC4J" service-failover="1" status="enabled">


And the numprocs entry should be removed:

<process-set id="default_group"/>


This change will still make it possible to have two esbdt applications live at the same time.

There must be made another change:
service-weight="value" should be added athe the process-type.


<process-type id="OC4J_ESBDT" module-id="OC4J" service-failover="1" service-weight="100" status="enabled">


The instances that run the actual service-failover processes are selected based upon the configured (or default) service-weight value. Instances with higher weights are selected over instances with lower weights.

The expected behavior is that upon startup (opmnctl startall) both ESB-DT instances will startup; however after a very short period of time the OPMN will shutdown the less weighted instance and it will keep running only the higher weighted one.

See metalink note: 733536.1

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Tuesday, November 24, 2009

ESB-DT: org.apache.slide.webdav.WebdavServlet - ERROR - org.apache.slide.webdav.WebdavException: Internal Server Error

The error: "org.apache.slide.webdav.WebdavServlet - ERROR - org.apache.slide.webdav.WebdavException: Internal Server Error" somethings is shown in the log file of the ESB-DT (design time) by deployment of Large ESB systems. On metalink we found the error: note: 863024.1


09/11/24 12:59:35 24 Nov 2009 12:59:35 - org.apache.slide.webdav.WebdavServlet - ERROR - org.apache.slide.webdav.WebdavException: Internal Server Error
09/11/24 12:59:35 org.apache.slide.webdav.WebdavException: Internal Server Error
09/11/24 12:59:35 at org.apache.slide.webdav.method.AbstractWebdavMethod.run(AbstractWebdavMethod.java:424)
09/11/24 12:59:35 at org.apache.slide.webdav.WebdavServlet.service(WebdavServlet.java:155)
09/11/24 12:59:35 at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
09/11/24 12:59:35 at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)
09/11/24 12:59:35 at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:400)
09/11/24 12:59:35 at java.security.AccessController.doPrivileged(Native Method)
09/11/24 12:59:35 at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
09/11/24 12:59:35 at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:414)
09/11/24 12:59:35 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:623)
09/11/24 12:59:35 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
09/11/24 12:59:35 at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
09/11/24 12:59:35 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
09/11/24 12:59:35 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:313)
09/11/24 12:59:35 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:199)
09/11/24 12:59:35 at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
09/11/24 12:59:35 at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:234)
09/11/24 12:59:35 at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:29)
09/11/24 12:59:35 at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:879)
09/11/24 12:59:35 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
09/11/24 12:59:35 at java.lang.Thread.run(Thread.java:595)



Solution:

1) In httpd.conf set timeout to 3600
2) $ORACLE_HOME/j2ee//config/transaction-manager.xml

set transaction-timeout="3600"
3) Restart SOA suite.


Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Thursday, November 19, 2009

An unhandled exception has been thrown in the ESB system. The exception reported is: "".

When the error An unhandled exception has been thrown in the ESB system. The exception reported is: "". occures by deployment of the ESB. It can be a problem in the source of the ESB / BPEL.

In our situation the SOAP Services and the ESB were not in sync, that gave the problems. So the source of the ESB and BPEL is changed, that solved the problem.


DeployESBSuitcase:
log4j:WARN No appenders could be found for logger (org.apache.commons.httpclient.params.DefaultHttpParams).
log4j:WARN Please initialize the log4j system properly.
Deployment Attempt Response :

Entity Deployment Failed


An unhandled exception has been thrown in the ESB system. The exception reported is: "".






Deployment Failed ...Unhandled Exception
java.lang.Exception: Deployment attempt failed, please review deployment attempt response above
at oracle.tip.esb.client.anttasks.DeploymentHelper.deploy(DeploymentHelper.java:112)
at oracle.tip.esb.client.anttasks.DeploymentHelper.deploy(DeploymentHelper.java:159)
at oracle.tip.esb.client.anttasks.DeployESBSuitcaseTask.execute(DeployESBSuitcaseTask.java:510)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)
at org.apache.tools.ant.Task.perform(Task.java:364)
at org.apache.tools.ant.Target.execute(Target.java:341)
at org.apache.tools.ant.Target.performTasks(Target.java:369)
at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216)
at org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(SingleCheckExecutor.java:37)
at org.apache.tools.ant.Project.executeTargets(Project.java:1068)
at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:382)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)
at org.apache.tools.ant.Task.perform(Task.java:364)
at org.apache.tools.ant.Target.execute(Target.java:341)
at org.apache.maven.plugin.antrun.AbstractAntMojo.executeTasks(AbstractAntMojo.java:108)
at org.apache.maven.plugin.antrun.AntRunMojo.execute(AntRunMojo.java:83)
at org.apache.maven.plugin.DefaultPluginManager.executeMojo(DefaultPluginManager.java:451)
at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoals(DefaultLifecycleExecutor.java:558)
at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoalWithLifecycle(DefaultLifecycleExecutor.java:499)
at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoal(DefaultLifecycleExecutor.java:478)
at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeGoalAndHandleFailures(DefaultLifecycleExecutor.java:330)
at org.apache.maven.lifecycle.DefaultLifecycleExecutor.executeTaskSegments(DefaultLifecycleExecutor.java:291)
at org.apache.maven.lifecycle.DefaultLifecycleExecutor.execute(DefaultLifecycleExecutor.java:142)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:336)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:129)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:287)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315)
at org.codehaus.classworlds.Launcher.launch(Launcher.java:255)
at org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430)
at org.codehaus.classworlds.Launcher.main(Launcher.java:375)

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Wednesday, November 11, 2009

Identity service cannot get roles in realm "{0}". BPEL identity service fails

We had problems while invoking the service getGrantees on /integration/services/IdentityService/identity.


Identity service cannot get roles in realm "{0}".
Error occurs while getting roles in realm "[REALM]".
Check the error stack and fix the cause of the error. Contact oracle support if error is not fixable.


After we did a new configure on both instances in the cluster:
$ORACLE_HOME/bpel/system/services/install/ant-tasks
./configure_oid.sh orcladmin [password] [port] false [realm] seedRequiredUsers oc4jadmin [password] oc4j_soa

And we checked the differences between the $ORACLE_HOME/j2ee/oc4j_soa/config/system-jazn-data.xml and $ORACLE_HOME/j2ee/home/config/system-jazn-data.xml. And changed some of the lines.

Another reason can be that the jazn.xml in the $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml is not correct. This file should automaticaly be changed by changing the security provider in em, sometimes this fails. You can change the security provider to the original value and after that back to the OID in em and look in $ORACLE_HOME/j2ee/home/config/jazn.xml. The contents should be changed with the correct values for your OID.

Everything worked again.






Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Form-Based Authentication for J2EE application, Netpoint/Oblix/CoreId/Oracle Access Manager, logon second time does not work

A customer of mine was using form based authetication with Oracle Access Manager. When the users logged in for the first time through the login.html screen everyting was ok. But when they logged out and tried to login again the form was not working anymore.

We used the logout.html code from the installation directory of the webgate. After some investigation we found out that the problem was that the registration of the webgates and access gates had different values for the cookie settings.

Primary HTTP Cookie Domain [hostname]
Preferred HTTP Host [virtual hostname]

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Friday, October 2, 2009

SOA 10.1.3.x: SOAP Endpoint URI returns 404 error

When the SOAP Endpoint URI returns an 404 error a possible solution can be: metalink note: 741792.1

1. Backup and edit $ORACLE_HOME/j2ee//config/default-web-site.xml
2. Change the ohs-routing value from false to true:

ohs-routing="true" />

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Friday, August 14, 2009

Apache error_log: mod_oc4j: request to OC4J [hostname]:[port] failed: Connect failed

I found out that the error below was caused by wrong configuration of the security provider of the application opm-public. When we changed jazn.xml in $ORACLE_HOME/j2ee/[oc4j_container]/config directory with the correct settings and that solved this problem.


[Thu Aug 13 16:09:08 2009] [error] [client 10.8.192.155] [ecid: 1250172548:10.9.8.44:23073:0:7,0] mod_oc4j: Failed to find a failover oc4j process for session request for destination: application://opm-public (no island or jgroup).
[Thu Aug 13 16:09:08 2009] [error] [client [ip_address]] [ecid: 1250172548:10.9.8.44:23073:0:7,0] mod_oc4j: request to OC4J [hostname]:[port] failed: Connect failed


Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Tuesday, August 11, 2009

Automatic BPEL deployment with ant error: A problem occured while connecting to server II

The following error can occur:

Embedded error: The following error occurred while executing this line:
[INSTALL_DIR]/ant/bpel/common-build.xml:84: A problem occured while connecting to server "[hostname]" using port "[port]": java.security.AccessControlException: access denied (com.collaxa.security.DomainPermission HetRotterdamseHuwelijk read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at com.collaxa.security.OC4JSecurityService.checkAccess(OC4JSecurityService.java:16)
at com.collaxa.security.SecurityService.checkDomainAccess(SecurityService.java:26)
at com.collaxa.cube.fe.util.ServletUtils.getLocatorWithoutUrlRewrite(ServletUtils.java:76)
at _deployHttpClientProcess._jspService(_deployHttpClientProcess.java:332)
at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:59)
at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:462)
at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:594)
at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:518)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)
at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:400)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:414)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:623)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:313)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:199)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:234)
at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:29)
at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:879)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)


This can be solved by change the orion-application.xml in the deploy_services application.

$ORACLE_HOME/j2ee/oc4j_soa/application-deployments/deploy_service/orion-application.xml and $ORACLE_HOME/j2ee/oc4j_soa/applications/deploy_service/META-INF/orion-application.xml



<jazn provider="XML" jaas-mode="doAsPrivileged" />


Replace by:


<jazn provider="LDAP" jaas-mode="doAsPrivileged" />


Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Monday, August 10, 2009

Automatic BPEL deployment with ant error: A problem occured while connecting to server

Our BPEL deployments with ant were always succesfull but after an while it was not working anymore during the deployment of an BPEL process we got the error as shown below:


[INFO] ------------------------------------------------------------------------
[ERROR] BUILD ERROR
[INFO] ------------------------------------------------------------------------
[INFO] Error executing ant tasks

Embedded error: The following error occurred while executing this line:
[INSTALL_DIR]/common-build.xml:82: A problem occured while connecting to server "[host]" using port "[port]":


Deployment of an BPEL process by placing it in the $ORACLE_HOME/bpel/domains/[BPEL_DOMAIN]/deploy was successfull.

After we enabled the verbose option I noticed which url is used to deploy the BPEL process http://hostname:port/integration/services/deploy/deployHttpClientProcess.jsp . The application used is deploy_services in the oc4j_soa container. When the url is executed in an browser an popup is shown on which you should log on. But we got an other error:


Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.


This error was caused by an change in the file $ORACLE_HOME/Apache/Apache/conf/mod_oc4j.conf. A while ago we put an line in this config file:


Oc4jUseOHSErrors on


After we removed Oc4jUseOHSErrors on. Everything worked like it supposed to.

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Wednesday, August 5, 2009

High Available Oracle Access Manager with BIG-F5

High Available Oracle Access Manager with BIG-F5

http://www.f5.com/pdf/deployment-guides/f5-oracle-oam-dg.pdf

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Wednesday, July 29, 2009

Find the orasso password

With the following command the ORASSO database user password can be obtained:

ldapsearch -D cn=orcladmin -w [ORCLADMIN PASSWORD] -p [LDAP_PORT] \
-h [LDAP_URL] -b "cn=IAS,cn=Products,cn=OracleContext" \
-s sub -v OrclresourceName=ORASSO | grep \
orclpasswordattribute


Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Ldap_Search: DSA Is Unwilling To Perform

Today I wanted to make an shell script that checks if an attribute of an user in the OID had a specific value. I tried to make an ldapsearch statement but it failed with the error:

DSA Is Unwilling To Perform
ldap_search: additional info: Function Not Implemented


I found out that it is not possible to search on an uncataloged (unindexed) attribute.

This can be fixed by:

Create an index on the attribute used in the search using catalog.

For this example:
$ORACLE_HOME/ldap/bin/catalog connect="[ORACLE_SID_METADATA REPOSITORY]" add=true attribute="[SEARCH ATTRIBUTE]"

Output:
This tool can only be executed if you know database user password for OID
Enter OID Password ::

Password of het orcladmin user should be entered now!



Restart the OID server.

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Thursday, July 23, 2009

SOA suite clustering FAQ document (feb 2009)

http://www.oracle.com/technology/tech/soa/pdf/oracle-soa-suite-ha-faq.pdf

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Wednesday, July 15, 2009

An unhandled exception has been thrown in the ESB system. The exception reported is: "java.io.IOException: Delete failed

When the following error occurs, it is possible to reset the oraesb schema in the database. The reset.sh is not recommended on a production system. First we had this problem on some development machines, we did a reset of the oraesb schema, this solved our issue.

But when we had this problem on production we first tried this:

Metalink note: 863024.1. The note describes another problem but it also helped us with the delete failed error.


[deployESBProjects] Deployment Attempt Response :
[deployESBProjects]
[deployESBProjects]
[deployESBProjects] An unhandled exception has been thrown in the ESB system. The exception reported is: "java.io.IOException: Delete failed
[deployESBProjects] at oracle.tip.esb.server.bootstrap.ESBBaseResourceAdapter.createIOException(ESBBaseResourceAdapter.java:630)
[deployESBProjects] at oracle.tip.esb.server.bootstrap.ESBBaseResourceAdapter.access$200(ESBBaseResourceAdapter.java:130)
[deployESBProjects] at oracle.tip.esb.server.bootstrap.ESBBaseResourceAdapter$2.delete(ESBBaseResourceAdapter.java:550)
[deployESBProjects] at oracle.tip.esb.lifecycle.AuxiliaryFileHandler.deleteProject(AuxiliaryFileHandler.java:555)
[deployESBProjects] at oracle.tip.esb.console.XMLConsoleManagerImpl.cleanSlideRepositoryForProject(XMLConsoleManagerImpl.java:2364)
[deployESBProjects] at oracle.tip.esb.console.XMLConsoleManagerImpl.commit(XMLConsoleManagerImpl.java:2405)
[deployESBProjects] at oracle.tip.esb.configuration.deployment.JDevDeploymentManager.deploy(JDevDeploymentManager.java:226)
[deployESBProjects] at oracle.tip.esb.configuration.deployment.DeploymentServlet.doPost(DeploymentServlet.java:120)
[deployESBProjects] at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
[deployESBProjects] at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
[deployESBProjects] at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)
[deployESBProjects] at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:400)
[deployESBProjects] at java.security.AccessController.doPrivileged(Native Method)
[deployESBProjects] at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
[deployESBProjects] at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:414)
[deployESBProjects] at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:623)
[deployESBProjects] at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
[deployESBProjects] at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
[deployESBProjects] at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
[deployESBProjects] at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:313)
[deployESBProjects] at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:199)
[deployESBProjects] at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
[deployESBProjects] at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:234)
[deployESBProjects] at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:29)
[deployESBProjects] at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:879)
[deployESBProjects] at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
[deployESBProjects] at java.lang.Thread.run(Thread.java:595)
[deployESBProjects] Caused by: Service org.apache.slide.store.impl.rdbms.J2EEStore@1966d52 access error : ORA-02292: integrity constraint (ORAESB.SYS_C005694) violated - child record found


[deployESBProjects] at org.apache.slide.macro.MacroImpl.delete(MacroImpl.java:522)
[deployESBProjects] at org.apache.slide.macro.MacroImpl.delete(MacroImpl.java:482)
[deployESBProjects] at org.apache.slide.macro.MacroImpl.delete(MacroImpl.java:463)
[deployESBProjects] at oracle.tip.esb.server.bootstrap.slide.DeleteFolder.delete(DeleteFolder.java:76)
[deployESBProjects] at oracle.tip.esb.server.bootstrap.slide.DeleteFolder.executeRequest(DeleteFolder.java:58)
[deployESBProjects] at oracle.tip.esb.server.bootstrap.slide.AbstractSlideMethod.execute(AbstractSlideMethod.java:142)
[deployESBProjects] at oracle.tip.esb.server.bootstrap.slide.SlideHandler.delete(SlideHandler.java:153)
[deployESBProjects] at oracle.tip.esb.server.bootstrap.ESBBaseResourceAdapter$2.delete(ESBBaseResourceAdapter.java:548)
[deployESBProjects] ... 24 more
[deployESBProjects] ".

[deployESBProjects]
[deployESBProjects]

[deployESBProjects]
[deployESBProjects]





Two timers need to be extended in order to make the registration successful. It is assumed here that the HTTP server being used is the Oracle HTTP Server.

(1) At the HTTP Server that is hosting the ESB Designtime container edit the following file:

$ORACLE_HOME/Apache/Apache/conf/httpd.conf

(2) Change the value of "Timeout" to a higher value, e.g. from:

Timeout 300

to:

Timeout 3600

A value of 3600 (seconds) is high enough to cover most cases, but it could be possible that a higher value may be needed.

(3) Restart the HTTP server to make the change affective.

(4) At the ESB Designtime container edit the following file:

$ORACLE_HOME/j2ee//config/transaction-manager.xml

(5) Change the value or transaction-timeout to a higher value, e.g. from:

transaction-timeout="30"

to:

transaction-timeout="3600"
In most cases this timeout should match that of the value set at the HTTP Server.

(6) Restart the SOA server or ESB Designtime container to make the change affective.

(7) Retry the large ESB project registration.


If this solution does not work you can try the reset.sh.

Before executing the command read the whole post!!!!! Otherwise your ESB can be corrupted.

With the following command you can clean up your oraesb schema:

cd $ORACLE_HOME/integration/esb/bin
./reset.sh -DDB_URL=jdbc:oracle:thin:@//db_host:db_port/sid -DDB_USER=oraesb -DDB_PASSWORD=oraesb


WATCH OUT when using this on SOA 10.1.3.4 MLR 8

It looks like the database schema of oraesb is corrupted after the reset.sh script. In our case the ESB deployments failed after this. I ran the sql script form the latest patch again and now everything seems fine.

During deployment this error can occur:


[deployESBProjects] Deployment Attempt Response :
[deployESBProjects]
[deployESBProjects] Entity Deployment Failed
[deployESBProjects]
[deployESBProjects]
[deployESBProjects] Failed to create Service "ProcesServic e".
[deployESBProjects] Ensure that the (a) Repository is available. ( b) The Connection information for the Repository is Valid. Verify the detailed c ause of error if available. Contact Oracle Support if error not fixable.
[deployESBProjects]

[deployESBProjects]

[deployESBProjects]



There is also another problem the BPELSystem in the ESB is gone.
Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Monday, July 6, 2009

Howto Configuring Canon MP620 on ubuntu

Today I found a site about configuring a Canon MP620 printer on ubuntu.

https://help.ubuntu.com/community/HardwareSupportComponentsPrintersCanonPrintersCanonMP620

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Wednesday, June 24, 2009

Oracle Application Server 10.1.3 Associate OID with OC4J instance

In the EM console of the Oracle Application Server you can connect an OID to an OC4J instance by doing the following:

Click on an oc4j instance - Click on link Administration: Under security you will find Identity Management.

This text is shown:

You can associate an installed Oracle Internet Directory with this OC4J instance. You can then choose to use this Oracle Internet Directory for runtime authentication and authorization for deployed applications.


I assumed that this means that you can associate multiple OID's to different OC4J instances but this is not true. When you change the OID here, it wil change the OID for all OC4J instances on this application server.

When you want to user different OID's for different applications you should put this in the orion-application.xml file of the application.

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Login Error with error message, Form-Based Authentication for Netpoint/Oblix/CoreId/Oracle Access Manager

When the login of Form-Based Authentication fails because the username/password combination is not correct. The default behavior is the serve the login html page.

But you want to give an error on this page. This can be achieved by putting an Redirection URL with an parameter in the link like this:
/login.jsp?LoginError=True

This should be done in the policy manager:
Default rules - Authentication Rule - Actions - Authentication Failure - Redirection URL.

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Friday, June 12, 2009

Oracle HTTP Server Version Information Not visable in Error pages

Default the users can see which Application Server is used to serve the pages, for security reasons this is not desirable.

These messages can be removed by setting Signature Off in the httpd.conf instead of Signature On.

Signature On:

Forbidden
You don't have permission to access /pls/orasso on this server.
  _____  

Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server Server at sso.someserver.com Port 443



Signature Off


Forbidden
You don't have permission to access /pls/orasso on this server.



But now the signature is still in the HTTP Headers. This can be disabled by adding the line:

ServerTokens Prod

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Thursday, June 11, 2009

Integrate Oracle BPEL (10.1.3.4) with OID (10.1.4.2)

When I tried to change the security provider in the AS console the following error occured in the browser:


Error

An error occurred while attempting to change the Oracle Internet Directory associated with this instance. Please ensure that the OID instance is indeed up and that the connect information provided is correct before retrying.
Error invoking method: associateOC4JWithOID on MBean: oc4j:j2eeType=Security,name=SecurityProvider,J2EEApplication=default,J2EEServer=standalone
Error invoking method: associateOC4JWithOID on MBean: oc4j:j2eeType=Security,name=SecurityProvider,J2EEApplication=default,J2EEServer=standalone


I ignored this error and continued with the configuration described in http://download-uk.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/service_config.htm#BABIBGFF with the chapter: 2.1.3.2 Task 2: Perform Configuration Procedures.

Error during executing of configure_oid.sh

bpel-grant-privileges:
[echo] Granting Server privileges to BPMSystemAdmin role...
[java] User [oc4jadmin] does not exist in system.

BUILD FAILED
$ORACLE_HOME/bpel/system/services/install/ant-tasks/oid-config.xml:235: Java returned: 255


To find the real reason for this problem you can create an new oc4j container put the logging on FINEST and try to change the security provider.

In the container logging in $ORACLE_HOME/opmn/logs/default_group~[CONTAINER_NAME]~default_group~1.log the following error:


changetype: add
objectclass: top
objectclass: person
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: orcluser
objectclass: orcluserv2
orclactivestartdate: 20090611000000z
sn: oc4jadmin
cn: oc4jadmin
uid: oc4jadmin
mail: oc4jadmin
description: OC4J administrator user
displayname: OC4J administrator
userpassword: [PASSWORD]
[LDAP: error code 19 - Password Policy Error :9003: GSL_PWDMINLENGTH_EXCP :Your Password must be at least 8 characters long.
]
at oracle.security.jazn.util.AssociateOID.uploadDefaultOIDData(AssociateOID.java:471)
at oracle.security.jazn.util.AssociateOID.configure(AssociateOID.java:267)
at oracle.security.jazn.jmx.SecurityProvider.associateOC4JWithOID(SecurityProvider.java:694)
at oracle.oc4j.admin.management.mbeans.SecurityProviderManager.associateOC4JWithOID(SecurityProviderManager.java:1493)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:36)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:239)
at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1071)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:953)
at oracle.oc4j.admin.jmx.server.mbeans.model.DefaultModelMBeanImpl.invoke(DefaultModelMBeanImpl.java:700)
at com.sun.jmx.mbeanserver.DynamicMetaDataImpl.invoke(DynamicMetaDataImpl.java:213)
at com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
at oracle.oc4j.admin.jmx.server.state.ApplicationStateFilterMBeanServer.invoke(ApplicationStateFilterMBeanServer.java:572)
at oracle.oc4j.admin.jmx.ejb.MBeanServerEjbBean.invoke(MBeanServerEjbBean.java:365)
... 24 more
Caused by: oracle.ldap.util.UtilException: NamingException encountered during loading of file: $ORACLE_HOME/j2ee/home/jazn/install/oidConfigForOc4j.sbsdn: cn=oc4jadmin,cn=users,dc=test,dc=com



Than I realised that I changed the password policy in the Oracle Internet Directory. This was the reason for the problem. My policy was that the password should be 8 characters long instead of 5.

When I changed this back to the default policy everything worked ok!

Reference:
Metalink: 398855.1
Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Get version Oracle BPEL

It is not so easy to determine the version of the Oracle BPEL application but I found an note on metalink: 419711.1

In order to find the versions, we have multiple ways for some components:

1. BPEL Process Manager:

We can find the version of BPEL Process Manager from front-end as well as back-end:

a) Finding the version from front-end:

Login to BPEL Console and we find the version on the BPEL Console on the right-hand bottom. The version of BPEL Console is same as BPEL version.

b) Finding the version from back-end:

Execute the obversion.sh located at $ORACLE_HOME/bpel/bin directory. ORACLE_HOME is the location where the SOA Suite is installed.

2. BPEL Repository:

During various stages of installation or upgradation of the BPEL Process Manager or in the process of applying patches to BPEL Process Manager, the Metadata repository would also be upgraded. The version of Metadata version is 2.0.2 or 2.0.3 in 10.1.2.x versions of BPEL Process Manager. The SOA Suite 10.1.3.1.0 version of BPEL Process Manager comes with 2.0.4 version of Metadata repository.

However, some patches would be run against the Metadata repository and we might need to know the versions of the Metadata repository. In such cases, we can use the following SQL to know the version:

SQL> conn orabpel/orabpel;

SQL> SELECT guid FROM version_server;

Reference:
metalink note: 419711.1

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Wednesday, May 27, 2009

invalid policy configuration Netpoint/Oblix/CoreId/Oracle Access Manager

If you made a mistake during the configuration of a policy in the policy manager and you locked yourself out of the system it is possible to undo this in the LDAP Directory.
Use an LDAP browser/editor (for example: LDAP browser) to find the entry:
realm
+-o=oblix
+---obapp=PSC
+-----obname=OBAutoSSO_XXXXXXX (find the one you last changed, normally the last created is added at the bottom)

Change the value of the attribute: obenabled from enabled to disabled. Restart the Access Manager and after that it should be possible to log in.

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Unsuccessfull/incomplete product setup: Howto: restart product setup of Identity Server/Policy Manager, Netpoint/Oblix/CoreId/Oracle Access Manager

If something goes wrong (Empty browser window, no response) during the product setup of the Identity Server/Policy Manager in the browser it is possible to restart the product setup by changing the setup.xml of the product. Set the status Value to incomplete instead of done and you can start over with the product setup.

Location of setup.xml:
WebPass: $WEBPASS_HOME/access/oblix/config
Identity server: $IDENTITY_HOME/identity/oblix/config

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Tuesday, May 19, 2009

wsrp oc4j container on Oracle AS 10.1.3.4 + wsrp-samples.ear

How to install wsrp in an OC4J container on Oracle AS 10.1.3.4 and deploy wsrp-samples.ear and test if everything works in Oracle AS portal 10.1.4.

Download the wsrp sources from metalink: Patch number: 7356288
WSRP-PREDEPLOY.JAR IS DUPLICATING ENTRIES FOR THE SPRING CONTEXT LOADER

Download wsrp-samples.ear application:
http://download.oracle.com/otndocs/tech/webcenter/files/pdksoftware.zip


createinstance -instanceName oc4j_wsrp -groupname default


Output:

Creating OC4J instance "oc4j_wsrp"...
Set OC4J administrator password for "oc4j_wsrp" (password text will not be displayed as it is entered):
Enter password:
Confirm password:
A new OC4J instance "oc4j_wsrp" is created in the group "default".


Do not start the container!!!!!!

Install the wsrp in the oc4j container

java -jar portlet-server-install-v1.jar $ORACLE_HOME/j2ee/oc4j_wsrp


Output:

File "$ORACLE_HOME/j2ee/oc4j_wsrp/config/global-web-application.xml" modified successfully
File "$ORACLE_HOME/j2ee/oc4j_wsrp/config/server.xml" modified successfully
Beginning install of libraries to "$ORACLE_HOME/j2ee/oc4j_wsrp/applib"
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/commons-logging.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/dom4j.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/jaxrpc-api.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/jaxrpc-ri-patched.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/namespace.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/ptlshare.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/relaxngDatatype.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/saaj-api.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/saaj-ri.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/wsrp-common.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/wsrp-container.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/xml.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/xmlmesg.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/xmlparserv2.jar"...
Extracting "$ORACLE_HOME/j2ee/oc4j_wsrp/applib/xsdlib.jar"...
Installing "$ORACLE_HOME/j2ee/home/jsp/lib/taglib/oracle-portlet-tags.jar"...
Install Complete


Start the oc4j container.

wsrp can work with an file based preference store or with an database as preference store. In this example we will user the file based option which is default.

Before we can deploy the wsrp-samples.ear we have to change the file $ORACLE_HOME/j2ee/oc4j_wsrp/config/server.xml import a jar. Under <shared-library name="oracle.wsrp" version="1.0"> add <import-shared-library name="oracle.ws.jaxrpc"/>.

Now unzip the downloaded pdk pdksoftware.zip.

Search for the wsrp-samples.ear (directory: pdk/portlet-container)

Deploy the ear file from the command line:

java -jar admin_client.jar deployer:oc4j:[HOSTNAME]:[OPMN_REQUEST_PORT] oc4jadmin [PASSWORD] -deploy -file wsrp-samples.ear -deploymentName sampleapp -bindAllWebApps


If everything is ok there should be a servlet:
http://[HOSTNAME]:[PORT]/portletapp/info

Now the provider can be registerd in portal with the WSDL:
http://[HOSTNAME]:[PORT]/portletapp/portlets?WSDL

If you want to make your application wsrp ready the following should be done to "infect" your ear file with the Oracle stuff:


java -jar wsrp-predeploy.jar


Refer:
http://download.oracle.com/docs/cd/B32110_01/webcenter.1013/b31074/jpsdg_java_intro.htm#BHCCCFID

Metalink note: 341922.1


Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Warning: View created with compilation errors.

During compilation of view I got the following error:

Warning: View created with compilation errors.

Show err gives No Errors.
SQL> SQL> show err
No errors.

With the following select statement it is possible to find the error:

select text from dba_errors where name = '[OBJECT_NAME]' and owner = '[OBJECT_OWNER]';

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Object id argument passed to DBMS_UTILITY.INVALIDATE is not legal

When executing the DBMS_UTILITY.COMPILE_SCHEMA procedure, the following errors are given:

ERROR at line 1:
ORA-20000:
ORA-06512: at "SYS.DBMS_UTILITY", line 347
ORA-24237: object id argument passed to DBMS_UTILITY.INVALIDATE is not legal
ORA-06512: at line 1

To check whether SYS has the required privileges, run the following query connected as SYS:

SQL> select username, privilege from user_sys_privs order by privilege;

If SYS does not have the following privileges, then grant them to SYS directly:

grant CREATE ANY DIMENSION to sys;
grant CREATE ANY EVALUATION CONTEXT to sys;
grant CREATE ANY INDEX to sys;
grant CREATE ANY INDEXTYPE to sys;
grant CREATE ANY LIBRARY to sys;
grant CREATE ANY MATERIALIZED VIEW to sys;
grant CREATE ANY OPERATOR to sys;
grant CREATE ANY PROCEDURE to sys;
grant CREATE ANY RULE to sys;
grant CREATE ANY RULE SET to sys;
grant CREATE ANY SYNONYM to sys;
grant CREATE ANY TRIGGER to sys;
grant CREATE ANY TYPE to sys;
grant CREATE ANY VIEW to sys;

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Friday, May 8, 2009

IdentityXML change password sample XML, Netpoint/Oblix/CoreId/Oracle Access Manager

With this XML sample it is possible to change the password of an user!


<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas-xmlsoap.org/soap/envelope/"
xmlns:oblix="http://www.oblix.com">
<SOAP-ENV:Body>
<oblix:authentication xmlns:oblix="http://www.oblix.com" type="basic">
<oblix:login>orcladmin</oblix:login>
<oblix:password>[PASSWORD]</oblix:password>
</oblix:authentication>
<oblix:request application="userservcenter" function="modifyUser"> <oblix:params>
<oblix:param name="uid">cn=[USERNAME],cn=users,dc=test,dc=com
</oblix:param>
<oblix:param name="attrName_1">userPassword</oblix:param>
<oblix:param name="attrValue_1">[NEW_PASSWORD]</oblix:param>
<oblix:param name="attrValue_1_confirm">[NEW_PASSWORD]</oblix:param>
<oblix:param name="attrValue_1_old">[OLD_PASSWORD]</oblix:param>
<oblix:param name="attrOperation_1">REPLACE</oblix:param>
<oblix:param name="noOfFields">1</oblix:param>
</oblix:params>
</oblix:request>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


Refer:
http://www.oracle.com/technology/sample_code/products/id_mgmt/accmgr/id_developer.pdf

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Thursday, May 7, 2009

IdentityXML example, Netpoint/Oblix/CoreId/Oracle Access Manager

In the project I was working on there was a question to find out how users could change their password without using the GUI of the identity server. An Oracle Sales Consultant pointed me to IdentityXML as a possible solution for this problem. Together with a colleague (JAVA consultant) of IT-eye, Ron Weverwijk we found out how this works.

This blog is a simple description how IdentityXML works and we used the Oracle documentation which you can find at the end of this blog.

In the documentation there is an sample JAVA program which we used:


/**
* This is a very simple SOAP example of how to invoke Oracle Access Manager
* through SOAP.
*
* This program will make a soap request (send the request in soap.xml)
* to the argument hostname:port/oblix/apps/corpdir/bin/corpdir.cgi
*
* Requirements:
* *** ObSoapClient, a complete http client library from innovation, is
* required to run this test. The software is free, and licensed under the
* GNU Lesser General Public License.
* HTTPClient is available at http://www.innovation.ch/java/HTTPClient
* This program has been tested with HTTPClient Version 0.3-2
*
* To run:
* *** java ObSoapClient [-h hostname] [-p port] [-f inputfile] [-u oblixurl]
*
*/

import java.net.URL;
import java.io.IOException;
import java.io.FileReader;
import java.io.BufferedReader;
import HTTPClient.CookieModule;
import HTTPClient.HTTPConnection;
import HTTPClient.HTTPResponse;
import HTTPClient.ModuleException;
import HTTPClient.NVPair;

public class ObSoapClient
{
static String hostname = "sunlight.oracle.com";
static String filename = "soap.xml";
static int port = 80;
static String oburl = "/identity/oblix/apps/userservcenter/bin/userservcenter.cgi";

public static void collectArgs(String args[])
{
for (int i = 0; i < args.length; i++) {
if (args[i].equals("-h") && args.length >= i+1)
hostname = args[i+1];
else if (args[i].equals("-f") && args.length >= i+1)
filename = args[i+1];
else if (args[i].equals("-p") && args.length >= i+1)
port = Integer.parseInt(args[i+1]);
else if (args[i].equals("-u") && args.length >= i+1)
oburl = args[i+1];
else if (args[i].equals("-h") || args[i].equals("-help")) {
System.out.println("Usage: java ObSoapClient [-h hostname] [-p port] [-f filename] [-u oblixurl] \n");
}
}
}

/**
* Read from soap.xml in current directory and return as string.
*/
public static String getRequestFromFile()
{
StringBuffer data = new StringBuffer();
try {
BufferedReader reader = new BufferedReader(new FileReader(filename));

for (String line = reader.readLine(); line != null;
line = reader.readLine()) {
data.append(line);
data.append("\r\n");
}
} catch (Exception e) {
System.out.println(e.toString());
}
return data.toString();
}

public static void main(String args[]) throws Exception
{
try {
CookieModule.setCookiePolicyHandler(null);

// initiate connection
collectArgs(args);
HTTPConnection con = new HTTPConnection(hostname, port);

// collect response
NVPair header[] = new NVPair[1];
header[0] = new NVPair("Content-Type", "text/xml");
HTTPResponse rsp =
con.Post(oburl,
getRequestFromFile(),
header);

// get status and act accordingly
if (rsp.getStatusCode() >= 300) {
System.err.println("Received Error: "+rsp.getReasonLine());
System.err.println(new String(rsp.getData()));
} else
System.out.println(new String(rsp.getData()));
} catch (IOException ioe) {
System.err.println(ioe.toString());
} catch (ModuleException me) {
System.err.println("Error handling request: " + me.getMessage());
} catch (Exception e) {
System.out.println(e.toString());
}
}

}

/*
NVPair form_data[] = new NVPair[2];

form_data[0] = new NVPair("login", "J.Smith");
form_data[1] = new NVPair("password", "J.Smith");
// form_data[2] = new NVPair("uid",
// "cn=John Smith,ou=Corporate,o=Company,c=US");
// form_data[3] = new NVPair("program", "personPage");
// form_data[4] = new NVPair("tab_id", "Employees");

// HTTPResponse rsp = con.Post("/oblix/apps/corpdir/bin/corpdir.cgi", form_data);

*/



This program needs a jar file http_client.jar this file can be found in a $ORACLE_HOME of an Oracle Application Server in the directory $ORACLE_HOME/j2ee/home/lib.

First this program needs to be compiled (We used a Linux client)
cd $HOME
mkdir IdentityXML
cd IdentityXML
cp $ORACLE_HOME/j2ee/home/lib/http_client.jar .
vi ObSoapClient.java

Fill this file with the code example.

Compile the java file:

javac -classpath .:http_client.jar ObSoapClient.java


Now you have an ObSoapClient.class file.

All you need to test if it works is an example SOAP messages which can be found in the identity server directory. In this directory are examples of messages which can be used.

$IDENTITY_HOME/identity/oblix/unsupported/integsvcs

For this example we will query the OID for the attribute sn of an user in the OID.
The example used is: um_view.xml

To keep it simple we chosed to use orcladmin as the user in the authentication part of the message. But if you want to use another username a workflow should be created in the identity server which gives the user the privilege to view attributes of other users.

Create an file soap.xml with and fill this with:


<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas-xmlsoap.org/soap/envelope/"
xmlns:oblix="http://www.oblix.com">
<SOAP-ENV:Body>
<oblix:authentication xmlns:oblix="http://www.oblix.com" type="basic">
<oblix:login>orcladmin</oblix:login>
<oblix:password>[PASSWORD]</oblix:password>
</oblix:authentication>
<oblix:request function="view">
<oblix:params>
<oblix:param name="uid">cn=[USER_NAME],cn=users,dc=test,dc=com</oblix:param>
<oblix:param name="attrName">sn</oblix:param>
</oblix:params>
</oblix:request>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


Now execute the java program:


java -classpath http_client.jar:. ObSoapClient -f soap.xml -h [HOSTNAME] -p [HTTP_PORT] -u /identity/oblix/apps/userservcenter/bin/userservcenter.cgi


Output of the program:

<?xml version="1.0" encoding="utf-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<Oblix xmlns:oblix="http://www.oblix.com/" xmlns="http://www.oblix.com/" oblang="en-us">
<ObProfile>
<ObPanel obname="defaultPanel" obpanelId="20090504T03484759854" obpanelClass="inetorgperson">
<ObAttribute obattrName="sn">
<ObDisplay obdisplayName="Last Name" obdisplayType="textS" obname="sn" obmode="view" obcanRequest="false" obrequired="false">
<ObTextS>
<ObValue>[LASTNAME]</ObValue>
</ObTextS>
</ObDisplay>
</ObAttribute>
</ObPanel>
<ObHeaderPanel></ObHeaderPanel>
<ObRequestInfo>158720928</ObRequestInfo>
<ObScripts>
<ObScript obname="../../../lang/en-us/msgctlg.js"></ObScript>
<ObScript obname="../../../lang/shared/i18n.js"></ObScript>
<ObScript obname="../../../lang/shared/nsiesetup.js"></ObScript>
<ObScript obname="../../../lang/shared/misc.js"></ObScript>
<ObScript obname="../../../lang/shared/miscsc.js"></ObScript>
<ObScript obname="../../../lang/shared/horizontalprofile.js"></ObScript>
<ObScript obname="../../../lang/shared/userservcenter.js"></ObScript>
</ObScripts>
<ObForm obname="profileForm" obmethod="post" obaction="userservcenter.cgi?tab_id=Employees&uid=cn%3D[USERNAME]%2Ccn%3Dusers%2Cdc%3Dtest%2Cdc%3Dcom%2C">
<ObInput obtype="hidden" obname="program" obvalue="view"></ObInput>
<ObInput obtype="hidden" obname="visiblePanel"></ObInput>
</ObForm>
<ObDisplay obdisplayName="ObTextMessage" obdisplayType="textS" obname="ObTextMessage" obmode="view" obcanRequest="false" obrequired="false">
<ObTextS>
<ObTextMessage></ObTextMessage>
</ObTextS>
</ObDisplay>
<ObTextMessage></ObTextMessage>
<ObSelectorInfoForm>
<ObForm obname=""></ObForm>
</ObSelectorInfoForm>
<ObButton obaction="initiateDeactivateUser"></ObButton>
<ObButton obaction="userreactivate"></ObButton>
<ObButton obaction="wfTicketDelete"></ObButton>
<ObButton obaction="userModify" obimageUrl="NAVmodify" obmouseOver="Modify this profile." obhref="../../userservcenter/bin/userservcenter.cgi?program=modify&tab_id=Employees&uid=cn%3D[USERNAME]%2Ccn%3Dusers%2Cdc%3Dtest%2Cdc%3Dcom"></ObButton>
<ObStatus>0</ObStatus>
</ObProfile>
<ObStatus>0</ObStatus>
</Oblix>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


Refer:
http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b25346/idxmlows.htm

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Thursday, April 23, 2009

Oracle XE change HTTP and FTP Port

Login on SQL*Plus with the system user:


SQL*Plus: Release 10.2.0.1.0 - Production on Thu Apr 23 11:40:05 2009

Copyright (c) 1982, 2005, Oracle. All rights reserved.

SQL> conn system/[PASSWORD]
Connected.
SQL> select dbms_xdb.gethttpport as "HTTP-Port"
, dbms_xdb.getftpport as "FTP-Port" from dual;

HTTP-Port FTP-Port
---------- ----------
8080 0

SQL> begin
2 dbms_xdb.sethttpport('8585');
3 end;
4 /

PL/SQL procedure successfully completed.

SQL> select dbms_xdb.gethttpport as "HTTP-Port"
, dbms_xdb.getftpport as "FTP-Port" from dual;

HTTP-Port FTP-Port
---------- ----------
8585 0


Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Install java SDK on linux

Download the bin file from the java website:
http://java.sun.com/products/archive/

Install the package as root:

su - root

Change the execute rights:

chmod 700 jdk_*.bin

Execute the bin:

./jdk_*.bin

Java will be installed in /usr/java/

export JAVA_HOME=/usr/java/jdk...
export PATH=$JAVA_HOME/bin:$PATH

Now you can check if everthing is ok by:
which java
java -version

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Wednesday, April 22, 2009

ORA-39165: Schema TMP was not found and ORA-31655: no data or metadata objects selected for job

These errors can occur if the user exists and owns objects but when there are no records in any of the tables.

Error:

expdp system/[PASSWORD]@[ORACLE_SID] directory=[EXPORT_DIR] logfile=[LOG_FILE].log content=DATA_ONLY dumpfile=[DUMP_FILE].dmp schemas=[TMP]

Export: Release 11.1.0.6.0 - Production on Wednesday, 22 April, 2009 16:26:37

Copyright (c) 2003, 2007, Oracle. All rights reserved.

Connected to: Oracle Database 11g Release 11.1.0.6.0 - Production
Starting "SYSTEM"."SYS_EXPORT_SCHEMA_01": system/********@[ORACLE_SID] directory=[EXPORT_DIR] logfile=[LOG_FILE].log content=DATA_ONLY dumpfile=[DUMP_FILE].dmp schemas=[TMP]
Estimate in progress using BLOCKS method...
Processing object type SCHEMA_EXPORT/TABLE/TABLE_DATA
Total estimation using BLOCKS method: 0 KB
ORA-39165: Schema [TMP] was not found.
ORA-31655: no data or metadata objects selected for job
Job "SYSTEM"."SYS_EXPORT_SCHEMA_01" completed with 2 error(s) at 16:26:41


Solution:
Remove the DATA_ONLY option, only the METADATA will be exported!!

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Monday, April 20, 2009

Manual installation ultrasearch in Oracle database

Manual installation of database component ultrasearch in an Oracle database:

set echo on
spool ultrasearch.log
@$ORACLE_HOME/ultrasearch/admin/wk0setup.sql [ORACLE_HOME] "" SYS [PASSWORD SYS] "as sysdba" wksys SYSAUX TEMP "" "FALSE" DATABASE "" [ORACLE_HOME]/jdbc/lib/classes12.zip [ORACLE_HOME]/jlib/orai18n.jar [ORACLE_HOME]/jdk/bin/java /appl/oracle/db_10.2.0.4.0/ctx/bin/ctxhx [DB_HOSTNAME]:[DB_PORT]:[DB_SID] [DB_HOSTNAME]:[DB_PORT]:[DB_SID] [ORACLE_HOME]
spool off
exit


Check if the option is installed:

select comp_name, version, status from dba_registry
where COMP_ID='WK';


Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Register database by listener

When you want to register an database to an listener you can do this like this:


sqlplus / as sysdba
alter system register


Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Thursday, April 16, 2009

Redhat Linux IP configuration eth0

Find the file ifcfg-eth0 normally in the directory /etc/sysconfig/network-scripts/

If an static ip address is used it should look something like:


DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
NETWORK=10.0.1.0
NETMASK=255.255.255.0
IPADDR=10.0.1.27
USERCTL=no


When DHCP is used it should look like:

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes


After the ifcfg-eth0 file is changed the network must be restarted this can be done with the following command:

service network restart

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Share host folders on Virtual Linux machine

In VMWare Workstation select the properties of the Virtual Machine and click on options. You can see an Shared Folders property. Enable this option and choose a folder on your host which you want to share.

VMWare tools need to be installed for this feature.

Now restart your virtual machine.

When the virtual machine is started you can access the shared folder in the directory /mnt/hgfs/[NAME OF THE SHARE]

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Split vmware files (vmdk) files in smaller chunks

There is an application availible that makes it possible to split up files VMware vmdk files in smaller parts (this is part of vmware workstation vmware-diskmanager.exe). There is also een gui build for this: the application can be found on:

http://vmxbuilder.com/vmware-diskmanager-gui

If you want to change the name of the master vmdk file than you also need to change the vmx file. (Do not forget to copy the vmx file to the directory where the split up files are placed).

Change the entry:
scsi0:0.fileName = "NEW NAME.vmdk"

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Install VMWare tools on a linux VM

First you select the option VM > Install VMWare Tools... in VMWare workstation. Than an virtual CD is mounted in your Virtual linux machine (/media/VMware_Tools). If this does not happen you should mount the cdrom manually: mount /media/cdrom. This can give an failure but this is error can be ignored.

execute the rpm file:

rpm -ivh VMwareTools-*.rpm


After the rpm is installed the configure perl script can be executed:

cd /usr/bin/
./vmware-config-tools.pl


Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Tuesday, April 14, 2009

Install Oracle XE on Linux and configure database XE

Download the rpm from the Oracle Website:
http://www.oracle.com/technology/software/products/database/xe/htdocs/102xelinsoft.html

Execute the RPM

rpm -ihv oracle-xe-univ-10.2.0.1-1.0.i386.rpm


Configure the database

su - root
cd /etc/init.d
./oracle-xe configure


Refer:
http://www.oracle.com/technology/software/products/database/xe/files/install.102/b25144/toc.htm

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Friday, April 10, 2009

Documentation, Netpoint/Oblix/CoreId/Oracle Access Manager

Documentation Library Oracle Access Manager:
http://download-uk.oracle.com/docs/cd/B28196_01/index.htm

Oracle® Application Server Best Practices Guide
http://download-uk.oracle.com/docs/cd/B28196_01/core.1014/b31762/accessmgr.htm

Oracle® Access Manager Access Administration Guide
http://download-uk.oracle.com/docs/cd/B28196_01/idmanage.1014/b25990/v2config.htm#BHADBAGE

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Thursday, April 9, 2009

Integration BPEL / OID 10.1.4 Migration of LDIF data failed. Not all the entries are successfully

In the document: http://download-uk.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/service_config.htm#BABIBGFF is mentioned how the integration between BPEL and OID can be configured. But when this is done with OID version 10.1.4 some problems occur:

Migration of LDIF data failed. Not all the entries are successfully.
If the script configure_oid.sh is executed like this:

(Pay attention on a production system choose the option seedRequiredUsers instead of SeedAllUsers, otherwise all test users are in the OID)


cd $ORACLE_HOME/bpel/system/services/install/ant-tasks
./configure_oid.sh orcladmin <PASSWORD> 389 false us seedRequiredUsers oc4jadmin <PASSWORD> oc4j_soa
Buildfile: oid-config.xml

config-oid:
[echo] Configuring OID...
[mkdir] Created dir: $ORACLE_HOME/ldap/install
[java] Install Configuration
[java] Install Type: ConfigureOID
[java] Oracle Home: $ORACLE_HOME
[java] JDK Home: $ORACLE_HOME/jdk
[java] Proxy Required: false
[java] Database Vendor: oracle
[java] OID Host: ${oid.host}
[java] OID Port: 389
[java] OID Realm: us
[java] OID Seed: seedRequiredUsers
[java] Admin User: orcladmin

[java] ***************************************************************
[java] Trying to obtain OID specific details from configuration files.
[java] Warning: You would encounter problems if you have not associated your instance with an OID.
[java] ***************************************************************
[java] OID Host is: ldap.test.nl
[java] OID Port is: 389
[java] Seeding users/roles in OID realm : us...
[java] Buildfile: bpminstall.xml

[java] seed-oid:

[java] init:

[java] seed-oid:
[java] Seeding system users/roles into OID ...
[java] Migration of LDIF data failed. Not all the entries are successfully migrated
[java] Seeding demo users/roles into OID ...
[java] Migration of LDIF data failed. Not all the entries are successfully migrated

[java] BUILD SUCCESSFUL
[java] Total time: 5 seconds
[java] Exit: 0
[java] Configuring BPEL identity service configuration file ...
[java] Adding jaas-mode attribute to hw_services orion-application.xml
[java] Adding jaas-mode attribute to orabpel orion-application.xml

bpel-grant-privileges:
[echo] Granting Server privileges to BPMSystemAdmin role...
[echo] Granting Domain privileges to BPMDefaultDomainAdmin role...

all:

BUILD SUCCESSFUL
Total time: 11 seconds
Done


After some investigation I noticed that the ldif script that is inserted in the OID is in the directory: $ORACLE_HOME/bpel/system/services/config/ldap.

Then I tried to insert the users with the ldapadd commando an error occured:

ldapadd -h ldap.test.nl -p 389 -D cn=orcladmin -w <PASSWORD> -f system-oid_xxx.ldif
adding new entry cn=bpeladmin,cn=users, dc=us,dc=test,dc=nl
ldap_add: Constraint violation
ldap_add: additional info: Password Policy Error :9004: GSL_PWDNUMERIC_EXCP :Your Password must contain at least 1 numeric characters.


The conclusion is that there is een password policy in the OID, when this policy is changed the ldapadd works like a charm.

Change the policy in the OID:
start oidadmin > login with orcladmin > Password Policy Management > cn=pwdPolicies, cn=Common, cn=Product, cn=OracleContext > Password Policy for Realm dc=us,dc=test,dc=nl > tab Password Syntax

Change Number of Numeric Characters: 0



or you can change all passwords in the *.ldif file. But then the ant script is not working only because the ldif file is generated during the ant script.

The ldapadd command is working after the change in de oid and also when the passwords are changed:


ldapadd -h ldap.test.nl -p 389 -D cn=orcladmin -w <PASSWORD> -f system-oid_xxxx.ldif
adding new entry cn=bpeladmin,cn=users, dc=us,dc=test,dc=nl
adding new entry cn=default,cn=users, dc=us,dc=test,dc=nl
adding new entry cn=guest,cn=users, dc=us,dc=test,dc=nl
modifying entry cn=BPMSystemAdmin,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMDefaultDomainAdmin,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMWorkflowAdmin,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMWorkflowReassign,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMWorkflowSuspend,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMWorkflowViewHistory,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=rule-administrators,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMAnalyst,cn=Groups, dc=us,dc=test,dc=nl
modifying entry cn=BPMPublic,cn=Groups, dc=us,dc=test,dc=nl


Now also the configure_oid.sh works like it supposed to. But when you use this script you must change all passwords because default the passwords are CHANGE_ME. The passwords are defined in the file: $ORACLE_HOME/bpel/system/services/config/ldap/system-oid.sbs.

You can verifiy everything is working fine by invoking the BPEL identity service:
http://<hostname>:<port>/integration/services/IdentityService/identity?operation=lookupUser

If the execution of this request results in this error:


Identity Service cannot find user. Error occurs while getting user "[USER]" in realm "jazn.com" Verify that user "[USER]" exits in realm "jazn.com". Contact oracle support if error is not fixable.


Adjust the file $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml.


Line : provider="XML" location="./system-jazn-data.xml" default-realm="jazn.com"


Line :

provider="LDAP" location="ldap://test.nl:389" default-realm="us"


Change the $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml the same as $ORACLE_HOME/j2ee/home/config/jazn.xml


There is another problem in the integration of BPEL and OID.
Hint : LOGON TO THE BPEL ADMIN CONSOLE FAILS - INSUFFICIENT PRIVILEGES / NO DOMAIN

There are two OC4J homes in the environment ($ORACLE_HOME/j2ee/home and $ORACLE_HOME/j2ee/oc4j_soa).
OC4J instance is associated with OID through EM.

This modifies the $ORACLE_HOME/j2ee/home/config/jazn.xml. However, it does not modify the $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml file correctly.

$ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml


Line : provider="XML" location="./system-jazn-data.xml" default-realm="jazn.com"


Line :

provider="LDAP" location="ldap://test.nl:389" default-realm="us"


Change the $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml the same as $ORACLE_HOME/j2ee/home/config/jazn.xml

Refers:
http://download-uk.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/service_config.htm#BABIBGFF

Oracle HTTP Server on port under 1024 on Linux

Execute the following commands as the root user


cd $ORACLE_HOME/Apache/Apache/bin/

chown root .apachectl
chmod 6750 .apachectl


Pay attention to the dots in front of the apachectl!!!!!!!!!!!!!!!!!

Tuesday, April 7, 2009

"Address already in use: make_sock: could not bind to address 127.0.0.1 port 7200", Netpoint/Oblix/CoreId/Oracle Access Manager

When in the error log of the HTTP_Server ($ORACLE_HOME/Apache/Apache/logs/error_log.xxxxx) this error occures:


[Thu Mar 12 16:16:18 2009] [crit] (98)Address already in use: make_sock: could not bind to address 127.0.0.1 port 7200


Some processes of the HTTP_Server are still running and need to be killed.

"*** glibc detected *** realloc(): invalid size: 0x081a61f8 ***", Netpoint/Oblix/CoreId/Oracle Access Manager

After the installation of the Access Server component of Oracle Access Manager the HTTP_Server needs to be restarted.

It is possible that the following error occures:

[Mon Feb 16 14:42:44 2009] [warn] pid file $ORACLE_HOME/Apache/Apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
*** glibc detected *** realloc(): invalid size: 0x081a61f8 ***


This can be solved by changing the httpd.conf file:
exclude two modules:


#LoadModule perl_module libexec/libperl.so
#LoadModule php4_module libexec/libphp4.so

Invalid Credentials Error OAM After Applying 10.1.4.3 Patchset to OID

After applying patchset 10.1.4.3 to the OID, Login to Oracle Access Manager (OAM) access server/identity server/ policy manager fails with invalid credentials.

Applying OID 10.1.4.3 patchset modifies the OID attribute orclinmemfiltprocess. The new value is not correct and causes the described problem.

Execute the following query in the OID

For OID 10.1.4.3


$ORACLE_HOME/bin/ldapmodify –h <OID_HOST> -p <OID_PORT> –D cn=orcladmin –w <PASSWORD> -v <EOF
dn: cn=dsaconfig,cn=configsets,cn=oracle internet directory
changetype: modify
replace: orclinmemfiltprocess
orclinmemfiltprocess:(|(!(obuseraccountcontrol=*))(obuseraccountcontrol=activated))
orclinmemfiltprocess:(|(obuseraccountcontrol=activated)(!(obuseraccountcontrol=*)))
orclinmemfiltprocess:(obapp=groupservcenter)(!(obdynamicparticipantsset=*))
orclinmemfiltprocess:(objectclass=oblixworkflowinstance)
orclinmemfiltprocess:(objectclass=inetorgperson)
orclinmemfiltprocess:(objectclass=oblixorgperson)
orclinmemfiltprocess:(objectclass=oblixworkflowstepinstance)
EOF


Refers: metalink note: 558040.1

Migration has failed. Please try to manually run the migration program by invoking

Error during text based Installation of the Dutch Language Pack for Identity server on RedHat Linux

./Oracle_Access_Manager10_1_4_0_1_NL_linux_LP_Identity_System

Migrating language...


Migration has failed. Please try to manually run the migration program by
invoking
$ORACLE_ACCESS_MANAGER/identity/oblix/tools/migration_tools/start_obmigratenp
-c LP -f ERROR: could not read property fromMigrationVersion for bean
dsInfoInputbecause the following error occurred:
java.lang.NullPointerExceptionERROR: could not read property
fromFirstMinorVersion for bean dsInfoInputbecause the following error occurred:
java.lang.NullPointerException -t 1014 -s "ERROR: could not read property
destination for bean backupOblixDirBeanbecause the following error occurred:
java.lang.NullPointerException" -d "/appl/oracle/ident_10.1.4/identity" -i
"$ORACLE_ACCESS_MANAGER/identity".


Made an SR by Oracle Support and the solution to this problem is starting the installation with the -gui option.

Monday, April 6, 2009

Form-Based Authentication Single Sign On for Oracle SOA suite 10.1.3.x ESB console, Netpoint/Oblix/CoreId/Oracle Access Manager

1. Configure ESB console with OAM

see my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application)

All the files that need to be changed are located in $ORACLE_HOME/j2ee/oc4j_soa/*

1.1 system-jazn-config.xml
Change the system-jazn-config.xml see Chapter 3.5 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application

The application name should be: esb

1.2 orion-application.xml
Change the orion-application.xml files in both directories: (applications and application-deployments) see Chapter 3.3 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application.

Replace this code:

<jazn provider="XML" location="../../config/system-jazn-data.xml" default-realm="jazn.com" jaas-mode="doAsPrivileged" />


By this code:


<jazn provider="XML" default-realm="jazn.com" jaas-mode="doAsPrivileged">
<jazn-web-app auth-method="COREIDSSO"/>
</jazn>


1.3 web.xml
Change the web.xml see Chapter 3.1 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application.

Location:
/appl/oracle/soa_10.1.3/j2ee/oc4j_soa/applications/esb-dt/esb_console/WEB-INF

In the web.xml the following code must be replaced:


<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login_error.jsp</form-error-page>
</form-login-config>
</login-config>


Replace by:


<login-config>
<realm-name>ascontrol</realm-name>
</login-config>


1.4 opmn.xml
Change the opmn.xml see Chapter 2.1 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application.

1.5 Policy Domain
Configure a policy domain for /em see Chapter 3.4 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application.

The only difference is that /esb needs to be protected instead of: /callerInfo/callerInfoB

Form-Based Authentication Single Sign On for Oracle SOA suite 10.1.3.x asconsole, Netpoint/Oblix/CoreId/Oracle Access Manager

I will explain how SSO / OAM / Oracle SOA suite 10.1.3 asconsole can be configured.

1. Configure asconsole with OAM /em
First I will configure the asconsole, this is very easy. Before you can start configuring you need to create the user and groups in the OID this can be achieved with a trick.

1.1 Add User and Groups in the OID
Log in on the asconsole of the SOA suite with the oc4jadmin user:

http://hostname:port/em
Click on the home container > tab Administration > Identity Management

Fill in the OID settings of your OID, then automaticly the users and groups are added to the OID.

After this it is easy (see my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application)

All the files that need to be changed are located in the directory: $ORACLE_HOME/j2ee/home/*

1.2 system-jazn-config.xml
Change the system-jazn-config.xml see Chapter 3.5 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application

The application name should be: asconsole

1.3 orion-application.xml
Change the orion-application.xml files in both directories: (applications and application-deployments) see Chapter 3.3 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application.

Replace this code:


<!-- %BEGINGOVERNSSO%

<jazn provider="XML">
<jazn-web-app auth-method="CUSTOM_AUTH"/>
</jazn>

%ENDGOVERNSSO% -->


By the following code:


<jazn provider="XML" default-realm="jazn.com" jaas-mode="doAsPrivileged">
<jazn-web-app auth-method="COREIDSSO"/>
</jazn>


1.3 web.xml
Change the web.xml see Chapter 3.1 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application.

In the web.xml the following code must be replaced:


<login-config>
<auth-method>FORM</auth-method>
<realm-name>ascontrol</realm-name>
<form-login-config>
<form-login-page>/console/logon</form-login-page>
<form-error-page>/logon_failed.html</form-error-page>
</form-login-config>
</login-config>


Replace by:


<login-config>
<realm-name>ascontrol</realm-name>
<auth-method>BASIC</auth-method>
</login-config>


1.4 opmn.xml
Change the opmn.xml see Chapter 2.1 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application.

1.5 Policy Domain
Configure a policy domain for /em see Chapter 3.4 of my post CoreId/Oracle Access Manager Form-Based Authentication for J2EE application.

The only difference is that /em needs to be protected instead of: /callerInfo/callerInfoB

Friday, April 3, 2009

Invoking ESB Service From BPEL Fails With Error "exception on JaxRpc invoke: HTTP transport error: javax.xml.soap.SOAPException"

When the ESB service is called in an BPEL process and the next error occurs (Oracle ESB 10.1.3.x):

Invoking ESB Service From BPEL Fails With Error "exception on JaxRpc invoke: HTTP transport error: javax.xml.soap.SOAPException"

Metalink note: 427452.1

There are two options to resolve this issue:

Option 1: Configure the virtualhost and port number for a particular ESB system where services got registered.

1. Click the ESB system then configure Virtual host and Port number,
Set Virtual host to ESB Runtime Server's hostname
Set Port to ESB Runtime Server's http listening port
2. Apply the change

Option 2: Use ESB bindings to invoke ESB services.
1. Login to ESB console, and click the Routing Service which BPEL is attempting to invoke.
2. Go to "Definition" tab, and uncheck "Can be invoked from an external service"
3. Click apply.
4. Go to BPEL Console and clear the WSDL Cache.
5. Restart SOA suite

Friday, March 27, 2009

RedHat linux monitor network traffic from and to an host

Interessed in what is sent over the network to an host from an progam use tcpdump:


/usr/sbin/tcpdump src host IP_ADDRESS_HOST or dst host IP_ADDRESS_HOST


IP_ADDRESS_HOST is the address of the host to which the requests are sent.

Wednesday, March 25, 2009

Form-Based Authentication for J2EE application, Netpoint/Oblix/CoreId/Oracle Access Manager

This blog describes the steps which are needed to configure OAM/CoreId 10.1.4.2 with a sample J2EE application with Form-Based Authentication on Oracle Application Server 10.1.3 (Oracle HTTP Server 1.x)

Download the sample application callerInfo from the Oracle Website http://www.oracle.com/technology/sample_code/tech/java/codesnippet/security/jaznldap/JAZNLDAP.zip.

Install Oracle Access Manager components.

Install an Oracle Application Server for example 10.1.3.1 (Oracle HTTP Server 1.x/Apache 1.3.x)

Install WebGate 10.1.4.2 BP03 (THIS IS VERY IMPORTANT, there are some important bug fixes in BP03 WebGate see metalink note: 736372.1 for version / patchsets)

Install AccessGate 10.1.4.2 BP06 (THIS IS VERY IMPORTANT, there are some important bug fixes in BP06 AccessGate see metalink note: 736372.1 for version / patchsets)

Create an OC4J container and deploy the callerInfo.ear file.

Create users en groups in the OID:
http://www.oracle.com/technology/sample_code/tech/java/codesnippet/security/jaznldap/UsingDAS.html

1. Configure Oracle Access Manager
1. Configure Oracle Access Manager Form-Based Authentication
2. Configure Oracle Access Manager Basic Authentication
3. Configure the Resource Type
4. Protect the Action URL

1.1 Configure Oracle Access Manager Form-Based Authentication
For Single Sign-On functionality, a form-based authentication scheme must protect the resources.

1.1.1 Create a Login Form
The login form can be a very simple HTML page with an FORM in the page
- The action of the form can be an bogus link (in this example /oam/access/test.html) but this must be the same as in the authentication scheme which is created later on.
- The userid and password can be chosen freely but these will also be used in the authentication sheme.

login1.html


<HTML>
<HEAD>
</HEAD>
<body>
<center>
<h1>User Login</h1>
<br>
<br>
<form name="myForm" action="/oam/access/test.html" method="post">
Username: <input type="text" name="userid" width="20"><br />
Password: <input type="password" name="password" width="20"><br />
<input type="submit" value="OK">
</form>
</body>
<html>


This login1.html file can be placed in $ORACLE_HOME/Apache/Apache/htdocs/public.

1.1.2 Define Form-Based Authentication in Policy Manager

Go to the Access Manager GUI: http://hostname:port/access/oblix and click the Access System Console link, login with the administrator account.

Access System Console > Access System Configuration > Authentication Management



Click button Add to create an Form Based Authentication.

Fill in the entries like this:
(pay attention:

Name: COREidSSOform (choose freely)
Description: COREid SSO Form Based (choose freely)
Level: 1
Challenge Method: Form
Challenge Parameter: form: /public/login1.html (see the location in step 1.1.1)
creds: userid password (use the same variable names as in the login1.html in step 1.1.1)
action: /oam/access/test.html (use the same action as in the login1.html in step 1.1.1)
passthrough: No
SSL Required: No
Challenge Redirect Enabled: Yes



1.1.3 Configure the credential_mapping Plug-In for Form-Based Authentication

Now you have to configure the credential_mapping plugin_in for form-based authentication.

Click on tab plugin and click the button add.

First configure the credential_mapping (this is important, if password is the first plugin it will not work) select the plugin in the drop down box.

For Plugin Parameters:

obMappingBase="cn=users,dc=us,dc=oracle,dc=com",obMappingFilter="(&(&
(objectclass=inetorgperson)(uid=%userid%))(|(!
(obuseraccountcontrol=*)) (obuseraccountcontrol=ACTIVATED)))"


The value for uid must match the variable specified for user name in the login1.html form and in the creds part of the Form Based Authentication.

This also corresponds to the value of the coreid.name.attribute option in the Oracle Access Manager login module configuration in OC4J.

1.1.4 Configure the validate_password Plug-In for Form-Based Authentication

Now configure the validate_password plug-in select validate_password in the drop down box.

The Plugin Parameters:

obCredentialPassword="password"


The value for obCredentialPassword must match the variable specified for password in the login1.html form and in the creds part of the Form Based Authentication.

This also corresponds to the value of the coreid.password.attribute option in the Oracle Access Manager login module configuration.



1.1.5 Create Host Identifier
Access System Configuration > Host Identifiers

Click Add

Name: Hostname
Description: (Choose freely)
Hostname variations: hostname:port
ip address:port



1.2 Configure Oracle Access Manager Basic Authentication

You must configure the Oracle Access Manager basic authentication scheme, which must not be password protected (only credential_mapping plug-in). This scheme will protect two resources
- A URL assouciated with resource type (myresourcetype). The Oracle Access Manager
login module will use this URL to communicate to the Access Server through the
Access Manager SDK.
- The Action URL in the login1.html (/oam/access/test.html) page. This is so submitted form requests can be
intercepted by WebGate in order to enforce rules for submitted credentials.

However the application itself must be protected by form-based authentication (steps 1.1.1 and 1.1.2)

1.2.1 Define Basic Authentication in Policy Manager
Go to the Access Manager GUI: http://hostname:port/access/oblix and click the Access System Console link, login with the administrator account.

Access System Console > Access System Configuration > Authentication Management



Click button Add to create Basic Authentication.

Fill in the entries like this:
(pay attention:

Name: COREidSSONoPwd (choose freely)
Description: Authentication without Password (choose freely)
Level: 1
Challenge Method: Basic
Challenge Parameter: realm:NetPoint Basic Over LDAP
SSL Required: No
Challenge Redirect
Enabled: Yes



1.2.2 Configure the credential_mapping Plug-In for Basic Authentication
Now you have to configure the credential_mapping plugin_in for form-based authentication.

Click on tab plugin and click the button add.

First configure the credential_mapping (this is important, if password is the first plugin it will not work) select the plugin in the drop down box.

For Plugin Parameters:

obMappingBase="cn=users,dc=us,dc=oracle,dc=com",obMappingFilter="(&(&
(objectclass=inetorgperson)(uid=%userid%))(|(!
(obuseraccountcontrol=*)) (obuseraccountcontrol=ACTIVATED)))"


The value for uid must match the variable specified for user name in the login1.html form and in the creds part of the Form Based Authentication.

This also corresponds to the value of the coreid.name.attribute option in the Oracle Access Manager login module configuration.



1.3 Configure the Resource Type

In Oracle Access Manager, a resource type describes the kind of resource to be protected, including its associated operations. Operations associated with a resource are tied to its type. You must configure an Oracle Access Manager resource type for your resource, and then protect your resource type, action URL, and application.

The Oracle Access Manager login module will need information for the resource type, as will be noted. OC4J uses the resource type to retrieve user information based on the Oracle Access Manager ObSSOCookie or the user name, using APIs of the Access Manager SDK.

1.3.1 Configure the Name and Operation of the Resource Type

Access System Console > Access System Configuration > Common Information Configuration > Resource Type Definitions

On the page that lists all resource types, choose to add a new resource type.



Make entries such as the following to define a new resource type:

Resource Name: myresourcetype (choose freely)
Display Name: myresourcetype (choose freely)
Resource Matching: Case Insensitive
Resource Operation: MYRESOURCEOPERATRION (choose freely)

You can choose any names for the resource type and resource operation, but you must use the same names for the coreid.resource.type and coreid.resource.operation option values in the Oracle Access Manager login module configuration.

1.3.2 Configure and Protect the URL of the Configured Resource Type

After authentication, OC4J requires access to the user's roles in order to check for authorization. To enable this, you must set up an Oracle Access Manager "return action" that allows Oracle Access Manager to return the appropriate roles to OC4J for the user after successful authentication.

To set up the return action in Oracle Access Manager, navigate as follows:

Policy Manager > Create Policy Domain



Policy Manager > My Policy Domains > myresourcetype > tab Resources

Create Resource for myresource type

Click button Add


Resource Type: myresourcetype (step 3.1)
Host Identifiers: hostname (step 1.5)
URL Prefix: /myresourceurl (choose freely)
Description: (choose freely)
Button Save

The URL prefix must start with a "/" and is the designated URL of the resource type. This must match the value of the coreid.resource.name option in the Oracle Access Manager login module configuration.

1.3.3 Configure the Return Action Attributes

After authentication, OC4J requires access to the user's roles in order to check for authorization. To enable this, you must set up an Oracle Access Manager "return action" that allows Oracle Access Manager to return the appropriate roles to OC4J for the user after successful authentication.

To set up the return action in Oracle Access Manager, navigate as follows:

Policy Manager > My Policy Domains > MyResourceType > Authorization Rules tab

Click button Add

Name: MyResourceType (choose freely)
Description (choose freely)
Enabled Yes
Allow takes precedence No

Click button Save



Under the Authorization Success tab section, add the following entries (continuing the preceding example using myresourcetype):

Return Type: myresourcetype
Return Name: myresourcetype
Return Attribute: ObMyGroups



1.4 Protect the Action URL

Create Resource for http type action url (/oam/access/test.html)

Policy Manager > My Policy Domains > myresourcetype > tab Resources

Create Resource for myresource type

Click button Add

Resource Type http
Host Identifiers hostname (step 1.5)
URL Prefix /oam/access/test.html action URL in login1.html
Description (choose freely)



IMPORTANT:
Do not forget to enable the policy:
My Policy Domains > MyResourceType > General

Click modify
Set Enable to Yes and click save.


Overview:


2. Configure OC4J with the Access Manager SDK
After that the SDK is installed the SDK needs be registered against the Access Server and the already installed WebGate. Pay attention the order of configuring is important. First the Access Server then the WebGate.

Configure SDK against Access Server:

Go to the directory
cd SDK_HOME/AccessServerSDK/oblix/tools/configureAccessGate


./configureAccessGate -i /SDK_HOME/AccessServerSDK/ -t AccessGate -w NAME_WEBGATE -m open -S -P PASSWORD -h ACCESS_SERVER_HOSTNAME -p ACCESS_SERVER_PORT -a ACCESS_SERVER_NAME


Output:

Preparing to connect to Access Server. Please wait.
AccessGate installed Successfully.


Configure SDK against WebGate:


./configureAccessGate -i /SDK_HOME/AccessServerSDK/ -t AccessGate -w SDK_NAME -m open -S -P PASSWORD -h HOSTNAME_WEBGATE -p ACCESS_SERVER_PORT -a ACCESS_SERVER_NAME


Output:

Preparing to connect to Access Server. Please wait.

AccessGate installed Successfully.


2.1 Configure the Access Manager SDK to Each OC4J Instance
You will need Oracle Access Manager SDK, one installation for each OC4J instance, on the same system as OC4J. The Access Manager SDK is required by OC4J at runtime to communicate with Access Server. OC4J must be given the Access Manager SDK location during startup (through the java.library.path property), so that it can initialize the SDK. Note this initialization occurs only if at least one application is using Oracle Access Manager as the security provider.

2.1.1 Copy jobaccess
Copy the Oracle Access Manager file jobaccess.jar from the Access Manager SDK to the OC4J path. You will find this file in the SDK_HOME/AccessServerSDK/oblix/lib directory. Create the directory ORACLE_HOME/j2ee/home/lib/ext (if it does not already exist) and copy the jobaccess.jar to that directory.

2.2 Configure the Access Manager SDK Library Path for Each OC4J Instance

Configuring opmn.xml for Oracle Access Manager

Where OC4J is managed by OPMN, add settings to opmn.xml for Oracle HTTP Server and OC4J, as follows, when you use Oracle Access Manager:

1. Set the LD_ASSUME_KERNEL environment variable to the value "2.4.19".
2. Set the LD_LIBRARY_PATH environment variable to point to the AccessServerSDK library path.
3. Add the AccessServerSDK library path to java.library.path as a start parameter.

Then restart the OC4J instances.

Following is an opmn.xml example for the OC4J home instance. Repeat these settings for the OC4J_SOA instance and any other OC4J instances as appropriate:

<ias-component id="OC4J">
<process-type id="oc4j_callerinfo" module-id="OC4J" status="enabled">
<environment>
<variable id="LD_ASSUME_KERNEL" value="2.4.19"/>
<variable id="LD_LIBRARY_PATH"
value="/SDK_HOME/AccessServerSDK/oblix/lib" append="true"/>
</environment>
<module-data>
<category id="start-parameters">
<data id="java-options" value="-server ...
-Djava.library.path=/SDK_HOME/AccessServerSDK/oblix/lib
... />
</category>
...
</module-data>
...
</process-type>
...
</ias-component>

3. Configure the CallerInfo Application

3.1 Protect the Application URL's in web.xml
The first step in protecting your application is to protect appropriate URLs or URL prefixes through settings in the web.xml file, using standard J2EE features.

These are the same URLs that you will you protect through Oracle Access Manager.

And add the following code:

<login-config>
<auth-method>BASIC</auth-method>
</login-config>


3.2 Settings for Application Deployment
In Oracle Application Server 10.1.3.x implementations, Application Server Control does not yet support Oracle Access Manager as a security provider. When you deploy your application using the Application Server Control Console, choose the file-based provider. This will be overridden through the configuration steps documented in this blog.

3.3 Configure Oracle Access Manager SSO in orion-application.xml
To use Oracle Access Manager Single Sign-On as the authentication method for Web applications, set the auth-method attribute to "COREIDSSO" in the element in the OC4J orion-application.xml files ($ORACLE_HOME/j2ee/CONTAINER_NAME/applications and in $ORACLE_HOME/j2ee/CONTAINER_NAME/application-deployments). You can do this as either a pre-deployment step (packaged in the EAR file) or a post-deployment step.


<jazn provider="XML" default-realm="jazn.com" jaas-mode="doAsPrivileged">
<jazn-web-app auth-method="COREIDSSO"/>
</jazn>


You also need to add the mapping between de application role and the OID group:


<!-- mapping for realm "jazn.com" -->
<security-role-mapping name="sr_manager">
<group name="managers" />
</security-role-mapping>
<security-role-mapping name="sr_developer">
<group name="developers" />
</security-role-mapping>


3.4 Protect the Application URL's in Oracle Access Manager

Policy Manager > Create Policy Domain
Name : callerInfoB
Description: callerInfoB

Click button save



Tab Resources

Resource Type http
Host Identifiers hostname
URL Prefix /callerInfo/callerInfoB
Description caller info B (choose freely)

Click button Save


Tab Authorisation Rules > SubTab General

Name Everyone (choose freely)
Description Everyone (choose freely)
Enabled Yes
Allow takes precedence No

Click Save



Tab Authorisation Rules > SubTab Allow Access

Role Any one
Click Save



Tab Default Rules > SubTab Authentication Rule > SubSubTab General

Name: Form Login
Description: Form Login
Authentication Scheme: COREidSSOform



Tab Default Rules > SubTab Authorization Expression > SubSubTab Expression

Select Authorization Rule: Everyone
Click button Add > Click button Save



IMPORTANT:
Do not forget to enable the policy:
My Policy Domains > CallerInfoB > General

Click modify
Set Enable to Yes and click save.



3.5 Configure the Oracle Access Manager Login Module

For a Web application, the OC4J implementation to support Oracle Access Manager requires the login module CoreIDLoginModule, supplied by Oracle. The following template shows the general form of the configuration, in the system-jazn-data.xml file.

$ORACLE_HOME/j2ee/CONTAINER_NAME/config/system-jazn-data.xml


<application>
<name>callerinfo</name>
<login-modules>
<login-module>
<class>oracle.security.jazn.login.module.coreid.CoreIDLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>coreid.password.attribute</name>
<value>password</value>
</option>
<option>
<name>coreid.name.attribute</name>
<value>userid</value>
</option>
<option>
<name>addAllRoles</name>
<value>true</value>
</option>
<option>
<name>coreid.resource.operation</name>
<value>MYRESOURCEOPERATION</value>
</option>
<option>
<name>coreid.resource.type</name>
<value>myresourcetype</value>
</option>
<option>
<name>coreid.resource.name</name>
<value>/myresourceurl</value>
</option>
</options>
</login-module>
</login-modules>
</application>


3.6 Test the application

WebGate will intercept this request and will check the authentication scheme for this URL. The configuration shown earlier in this chapter will result in the user being prompted with the login.html login form from "Create a Login Form". Then the following sequence will take place:

1. WebGate will capture the user name and password from the login form and communicate to Access Server.
2. Access Server will communicate to Oracle Internet Directory (or other LDAP repository that you use).
3. After the user is authenticated, the Oracle Access Manager SSO token will be returned to WebGate.
4. WebGate will set the ObSSOCookie and pass the cookie and other HTTP headers to mod_oc4j, which will route the request to the appropriate OC4J instance.
5. OC4J will take the cookie and validate it, or retrieve roles for the user associated with this cookie from Access Server using the Access Manager SDK configured on OC4J.

http://hostname:port/callerInfo

Application:


Click on the link for managers: callerInfoB

Login screen (login1.html):

Login as manager/password


Application shows roles:


Refers:
http://download.oracle.com/docs/cd/B31017_01/web.1013/b28957/coreid.htm#BJEBJCCF

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.