Eclipsys Blog

12.2.1.4 Oracle Access Manager Post Upgrade Issues – Eclipsys

Written by Anindita Kar | Aug 22, 2023 2:30:00 PM

The issues outlined and elaborated in this blog were specific to the environment and the Oracle Fusion Middleware configuration. Let’s go through a few scenarios.

 

OAM SSO Authentication Failure

Due to the tightening of the URI parsing method in Java SE 8 Update 331 (April 2022 CPU) and later, login fails with “Invalid Username or Password”.

 

From the OAM diagnostics log file notice the [] brackets which were not accepted due to Java security updates

[2023-05-01T12:37:58.699-04:00] [wls_oam1] [WARNING] [LIBOVD-40118] [oracle.ods.virtualization.engine.backend.jndi.adapter1.BackendJNDI] [tid: [ACTIVE].ExecuteThread: '47' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 005yeHku9YG7i4KayTaeMG000164000000,0:1:5:4:4] [APP: oam_server] [partition-name: DOMAIN] [tenant-name: GLOBAL] Could not automatically detect binary attribute list: Malformed IPv6 address at index 8: ldap://[directory.xxxxxxxx.yy]:636.

Apply LIB-OVD application patch 34065178 or April 2022 SBP for OAM 12.2.1.4. Refer Doc ID 2865793.1.

 

EM Manager Fusion Middleware Control Blank Login

You get a blank farm page after signing in with EM login credentials. This bug impacts environments upgraded from 12.2.1.3 to 12.2.1.4 and caused due to additional JAR files being added to the CLASSPATH environment variable, esp. after invoking $WL_HOME/server/bin/setWLSEnv.sh prior to starting WebLogic Admin server.

From emoms.log file you can see the below excerpt –

[2023-07-01T09:18:08.443-04:00] [AdminServer] [WARNING] [] [oracle.sysman.emSDK.view.errPopup.ErrorPopupUtil] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: abcd] [ecid: 005zqn3QC4J7i4KayTfd6G0000XK000007,0:5] [APP: em] [partition-name: DOMAIN] [tenant-name: GLOBAL] [[
java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at oracle.sysman.emSDK.conf.FMWControlConfigManager.getFederatedOracleHomeList(FMWControlConfigManager.java:2064)
... 112 more
Caused by: com.oracle.cie.gdr.external.InventoryException: com.oracle.cie.gdr.utils.GdrException: com.oracle.cie.dependency.DependencyException: java.lang.ExceptionInInitializerError
at com.oracle.cie.gdr.external.impl.OracleHomeInventoryImpl.<init>(OracleHomeInventoryImpl.java:65)
at com.oracle.cie.gdr.external.impl.OracleHomeInventoryFactory.createInventory(OracleHomeInventoryFactory.java:60)
at com.oracle.cie.gdr.external.InventoryFactory.getOracleHomeInventory(InventoryFactory.java:99)
at com.oracle.cie.gdr.external.InventoryUtil.<init>(InventoryUtil.java:77)
... 117 more
Caused by: com.oracle.cie.gdr.utils.GdrException: com.oracle.cie.dependency.DependencyException: java.lang.ExceptionInInitializerError
at com.oracle.cie.gdr.FeatureLoader.loadFeatureSets(FeatureLoader.java:407)
at com.oracle.cie.gdr.FeatureLoader.loadMetaData(FeatureLoader.java:243)
at com.oracle.cie.gdr.FeatureLoader.init(FeatureLoader.java:227)
at com.oracle.cie.gdr.FeatureLoader.<init>(FeatureLoader.java:155)

You can either apply the patch mentioned in Doc ID 2619679.1 and Doc ID 2681156.1 or in a new putty session, do not invoke setWLSEnv.sh before restarting the Admin server.

 

EM Manager Fusion Middleware Control Login Spinning on the Error Page

Log in to the WebLogic console and OAM console works fine but logging in to EM fails as can be seen in the Admin server diagnostic log –

[2023-05-18T18:54:20.287-04:00] [AdminServer] [WARNING] [LIBOVD-60024] [oracle.ods.virtualization.engine.backend.jndi.abcd_ldap_prod] [tid: [ACTIVE].ExecuteThread: '38' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: abcd] [ecid: 005yzyjKjKL7i4KayTfd6G00023D000019,0:5] [APP: em] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: 0000OWl4^7X7y0KayTaeMG1^Pdvp000009] Connection error: simple bind failed: directory.xxxxxx.yy:636.
[2023-05-18T18:54:20.288-04:00] [AdminServer] [NOTIFICATION] [] [oracle.adf.share.config.ADFContextMDSConfigHelperImpl] [tid: [ACTIVE].ExecuteThread: '38' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: abcd] [ecid: 005yzyjKjKL7i4KayTfd6G00023D000019,0:5] [APP: em] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: 0000OWl4^7X7y0KayTaeMG1^Pdvp000009] [[
oracle.adf.share.security.ADFSecurityIdentityProviderException:
Operations error: entity=ou=People,o=xxxxxxxx.yy op=search mesg=LDAP Error 2 : simple bind failed: directory.xxxxxxxx.yy:636
Caused by: oracle.igf.ids.LDAPConnectionException: Operations error: entity=ou=People,o=xxxxxxxx.yy op=search mesg=LDAP Error 2 : simple bind failed: directory.xxxxxxxx.yy:636  AdditionalInfo: LDAP Error 2 : simple bind failed: directory.xxxxxxxx.yy:636

Caused by: oracle.igf.ids.arisid.ArisIdConnectionException: Operations error: entity=ou=People,o=xxxxxxxx.yy op=search mesg=LDAP Error 2 : simple bind failed: directory.xxxxxxxx.yy:636 AdditionalInfo: LDAP Error 2 : simple bind failed: directory.xxxxxxxx.yy:636

Caused by: oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : simple bind failed: directory.uoguelph.ca:636

Caused by: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : simple bind failed: directory.uoguelph.ca:636

Caused by: javax.naming.CommunicationException: simple bind failed: directory.xxxxxxxx.yy:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]

Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Given that the external LDAP is set up for SSL communication and LDAP root certificate is imported into the custom WebLogic trust store, it must also be imported into the trust store used by LibOVD functionality.

 

Follow the below steps to create a Keystore and import the LDAP cert:

  • Set env variables ORACLE_HOME, WL_HOME, JAVA_HOME, PATH, DOMAIN_HOME.
  • Create Keystore by running libovdconfig.sh from $ORACLE_HOME/oracle_common/bin.
./libovdconfig.sh -host AdminHost -port 7001 -domainPath $DOMAIN_HOME -userName weblogic -createKeystore
  • Import root cert into libOVD keystore.
openssl s_client -showcerts -connect directory.xxxxxxxx.yy:636
keytool -import -alias EntrustRoot -trustcacerts -file server-cert -keystore $DOMAIN_HOME/config/fmwconfig/ovd/default/keystores/adapters.jks