Wednesday, June 24, 2009

Oracle Application Server 10.1.3 Associate OID with OC4J instance

In the EM console of the Oracle Application Server you can connect an OID to an OC4J instance by doing the following:

Click on an oc4j instance - Click on link Administration: Under security you will find Identity Management.

This text is shown:

You can associate an installed Oracle Internet Directory with this OC4J instance. You can then choose to use this Oracle Internet Directory for runtime authentication and authorization for deployed applications.


I assumed that this means that you can associate multiple OID's to different OC4J instances but this is not true. When you change the OID here, it wil change the OID for all OC4J instances on this application server.

When you want to user different OID's for different applications you should put this in the orion-application.xml file of the application.

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Login Error with error message, Form-Based Authentication for Netpoint/Oblix/CoreId/Oracle Access Manager

When the login of Form-Based Authentication fails because the username/password combination is not correct. The default behavior is the serve the login html page.

But you want to give an error on this page. This can be achieved by putting an Redirection URL with an parameter in the link like this:
/login.jsp?LoginError=True

This should be done in the policy manager:
Default rules - Authentication Rule - Actions - Authentication Failure - Redirection URL.

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Friday, June 12, 2009

Oracle HTTP Server Version Information Not visable in Error pages

Default the users can see which Application Server is used to serve the pages, for security reasons this is not desirable.

These messages can be removed by setting Signature Off in the httpd.conf instead of Signature On.

Signature On:

Forbidden
You don't have permission to access /pls/orasso on this server.
  _____  

Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server Server at sso.someserver.com Port 443



Signature Off


Forbidden
You don't have permission to access /pls/orasso on this server.



But now the signature is still in the HTTP Headers. This can be disabled by adding the line:

ServerTokens Prod

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Thursday, June 11, 2009

Integrate Oracle BPEL (10.1.3.4) with OID (10.1.4.2)

When I tried to change the security provider in the AS console the following error occured in the browser:


Error

An error occurred while attempting to change the Oracle Internet Directory associated with this instance. Please ensure that the OID instance is indeed up and that the connect information provided is correct before retrying.
Error invoking method: associateOC4JWithOID on MBean: oc4j:j2eeType=Security,name=SecurityProvider,J2EEApplication=default,J2EEServer=standalone
Error invoking method: associateOC4JWithOID on MBean: oc4j:j2eeType=Security,name=SecurityProvider,J2EEApplication=default,J2EEServer=standalone


I ignored this error and continued with the configuration described in http://download-uk.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/service_config.htm#BABIBGFF with the chapter: 2.1.3.2 Task 2: Perform Configuration Procedures.

Error during executing of configure_oid.sh

bpel-grant-privileges:
[echo] Granting Server privileges to BPMSystemAdmin role...
[java] User [oc4jadmin] does not exist in system.

BUILD FAILED
$ORACLE_HOME/bpel/system/services/install/ant-tasks/oid-config.xml:235: Java returned: 255


To find the real reason for this problem you can create an new oc4j container put the logging on FINEST and try to change the security provider.

In the container logging in $ORACLE_HOME/opmn/logs/default_group~[CONTAINER_NAME]~default_group~1.log the following error:


changetype: add
objectclass: top
objectclass: person
objectclass: inetorgperson
objectclass: organizationalperson
objectclass: orcluser
objectclass: orcluserv2
orclactivestartdate: 20090611000000z
sn: oc4jadmin
cn: oc4jadmin
uid: oc4jadmin
mail: oc4jadmin
description: OC4J administrator user
displayname: OC4J administrator
userpassword: [PASSWORD]
[LDAP: error code 19 - Password Policy Error :9003: GSL_PWDMINLENGTH_EXCP :Your Password must be at least 8 characters long.
]
at oracle.security.jazn.util.AssociateOID.uploadDefaultOIDData(AssociateOID.java:471)
at oracle.security.jazn.util.AssociateOID.configure(AssociateOID.java:267)
at oracle.security.jazn.jmx.SecurityProvider.associateOC4JWithOID(SecurityProvider.java:694)
at oracle.oc4j.admin.management.mbeans.SecurityProviderManager.associateOC4JWithOID(SecurityProviderManager.java:1493)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:36)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:239)
at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1071)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:953)
at oracle.oc4j.admin.jmx.server.mbeans.model.DefaultModelMBeanImpl.invoke(DefaultModelMBeanImpl.java:700)
at com.sun.jmx.mbeanserver.DynamicMetaDataImpl.invoke(DynamicMetaDataImpl.java:213)
at com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
at oracle.oc4j.admin.jmx.server.state.ApplicationStateFilterMBeanServer.invoke(ApplicationStateFilterMBeanServer.java:572)
at oracle.oc4j.admin.jmx.ejb.MBeanServerEjbBean.invoke(MBeanServerEjbBean.java:365)
... 24 more
Caused by: oracle.ldap.util.UtilException: NamingException encountered during loading of file: $ORACLE_HOME/j2ee/home/jazn/install/oidConfigForOc4j.sbsdn: cn=oc4jadmin,cn=users,dc=test,dc=com



Than I realised that I changed the password policy in the Oracle Internet Directory. This was the reason for the problem. My policy was that the password should be 8 characters long instead of 5.

When I changed this back to the default policy everything worked ok!

Reference:
Metalink: 398855.1
Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.

Get version Oracle BPEL

It is not so easy to determine the version of the Oracle BPEL application but I found an note on metalink: 419711.1

In order to find the versions, we have multiple ways for some components:

1. BPEL Process Manager:

We can find the version of BPEL Process Manager from front-end as well as back-end:

a) Finding the version from front-end:

Login to BPEL Console and we find the version on the BPEL Console on the right-hand bottom. The version of BPEL Console is same as BPEL version.

b) Finding the version from back-end:

Execute the obversion.sh located at $ORACLE_HOME/bpel/bin directory. ORACLE_HOME is the location where the SOA Suite is installed.

2. BPEL Repository:

During various stages of installation or upgradation of the BPEL Process Manager or in the process of applying patches to BPEL Process Manager, the Metadata repository would also be upgraded. The version of Metadata version is 2.0.2 or 2.0.3 in 10.1.2.x versions of BPEL Process Manager. The SOA Suite 10.1.3.1.0 version of BPEL Process Manager comes with 2.0.4 version of Metadata repository.

However, some patches would be run against the Metadata repository and we might need to know the versions of the Metadata repository. In such cases, we can use the following SQL to know the version:

SQL> conn orabpel/orabpel;

SQL> SELECT guid FROM version_server;

Reference:
metalink note: 419711.1

Did this post help you in any way can you please leave a comment? This will motivate me writing more posts.