The issues outlined and elaborated in this blog were specific to the environment and the Oracle Fusion Middleware configuration. Let’s go through a few scenarios.
Due to the tightening of the URI parsing method in Java SE 8 Update 331 (April 2022 CPU) and later, login fails with “Invalid Username or Password”.
From the OAM diagnostics log file notice the [] brackets which were not accepted due to Java security updates
[2023-05-01T12:37:58.699-04:00] [wls_oam1] [WARNING] [LIBOVD-40118] [oracle.ods.virtualization.engine.backend.jndi.adapter1.BackendJNDI] [tid: [ACTIVE].ExecuteThread: '47' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 005yeHku9YG7i4KayTaeMG000164000000,0:1:5:4:4] [APP: oam_server] [partition-name: DOMAIN] [tenant-name: GLOBAL] Could not automatically detect binary attribute list: Malformed IPv6 address at index 8: ldap://[directory.xxxxxxxx.yy]:636.
Apply LIB-OVD application patch 34065178 or April 2022 SBP for OAM 12.2.1.4. Refer Doc ID 2865793.1.
You get a blank farm page after signing in with EM login credentials. This bug impacts environments upgraded from 12.2.1.3 to 12.2.1.4 and caused due to additional JAR files being added to the CLASSPATH environment variable, esp. after invoking $WL_HOME/server/bin/setWLSEnv.sh prior to starting WebLogic Admin server.
From emoms.log file you can see the below excerpt –
[2023-07-01T09:18:08.443-04:00] [AdminServer] [WARNING] [] [oracle.sysman.emSDK.view.errPopup.ErrorPopupUtil] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: abcd] [ecid: 005zqn3QC4J7i4KayTfd6G0000XK000007,0:5] [APP: em] [partition-name: DOMAIN] [tenant-name: GLOBAL] [[
java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at oracle.sysman.emSDK.conf.FMWControlConfigManager.getFederatedOracleHomeList(FMWControlConfigManager.java:2064)
... 112 more
Caused by: com.oracle.cie.gdr.external.InventoryException: com.oracle.cie.gdr.utils.GdrException: com.oracle.cie.dependency.DependencyException: java.lang.ExceptionInInitializerError
at com.oracle.cie.gdr.external.impl.OracleHomeInventoryImpl.<init>(OracleHomeInventoryImpl.java:65)
at com.oracle.cie.gdr.external.impl.OracleHomeInventoryFactory.createInventory(OracleHomeInventoryFactory.java:60)
at com.oracle.cie.gdr.external.InventoryFactory.getOracleHomeInventory(InventoryFactory.java:99)
at com.oracle.cie.gdr.external.InventoryUtil.<init>(InventoryUtil.java:77)
... 117 more
Caused by: com.oracle.cie.gdr.utils.GdrException: com.oracle.cie.dependency.DependencyException: java.lang.ExceptionInInitializerError
at com.oracle.cie.gdr.FeatureLoader.loadFeatureSets(FeatureLoader.java:407)
at com.oracle.cie.gdr.FeatureLoader.loadMetaData(FeatureLoader.java:243)
at com.oracle.cie.gdr.FeatureLoader.init(FeatureLoader.java:227)
at com.oracle.cie.gdr.FeatureLoader.<init>(FeatureLoader.java:155)
You can either apply the patch mentioned in Doc ID 2619679.1 and Doc ID 2681156.1 or in a new putty session, do not invoke setWLSEnv.sh before restarting the Admin server.
Log in to the WebLogic console and OAM console works fine but logging in to EM fails as can be seen in the Admin server diagnostic log –
[2023-05-18T18:54:20.287-04:00] [AdminServer] [WARNING] [LIBOVD-60024] [oracle.ods.virtualization.engine.backend.jndi.abcd_ldap_prod] [tid: [ACTIVE].ExecuteThread: '38' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: abcd] [ecid: 005yzyjKjKL7i4KayTfd6G00023D000019,0:5] [APP: em] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: 0000OWl4^7X7y0KayTaeMG1^Pdvp000009] Connection error: simple bind failed: directory.xxxxxx.yy:636.
[2023-05-18T18:54:20.288-04:00] [AdminServer] [NOTIFICATION] [] [oracle.adf.share.config.ADFContextMDSConfigHelperImpl] [tid: [ACTIVE].ExecuteThread: '38' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: abcd] [ecid: 005yzyjKjKL7i4KayTfd6G00023D000019,0:5] [APP: em] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: 0000OWl4^7X7y0KayTaeMG1^Pdvp000009] [[
oracle.adf.share.security.ADFSecurityIdentityProviderException:
Operations error: entity=ou=People,o=xxxxxxxx.yy op=search mesg=LDAP Error 2 : simple bind failed: directory.xxxxxxxx.yy:636
Caused by: oracle.igf.ids.LDAPConnectionException: Operations error: entity=ou=People,o=xxxxxxxx.yy op=search mesg=LDAP Error 2 : simple bind failed: directory.xxxxxxxx.yy:636 AdditionalInfo: LDAP Error 2 : simple bind failed: directory.xxxxxxxx.yy:636
Caused by: oracle.igf.ids.arisid.ArisIdConnectionException: Operations error: entity=ou=People,o=xxxxxxxx.yy op=search mesg=LDAP Error 2 : simple bind failed: directory.xxxxxxxx.yy:636 AdditionalInfo: LDAP Error 2 : simple bind failed: directory.xxxxxxxx.yy:636
Caused by: oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : simple bind failed: directory.uoguelph.ca:636
Caused by: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : simple bind failed: directory.uoguelph.ca:636
Caused by: javax.naming.CommunicationException: simple bind failed: directory.xxxxxxxx.yy:636 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Given that the external LDAP is set up for SSL communication and LDAP root certificate is imported into the custom WebLogic trust store, it must also be imported into the trust store used by LibOVD functionality.
./libovdconfig.sh -host AdminHost -port 7001 -domainPath $DOMAIN_HOME -userName weblogic -createKeystore
openssl s_client -showcerts -connect directory.xxxxxxxx.yy:636
keytool -import -alias EntrustRoot -trustcacerts -file server-cert -keystore $DOMAIN_HOME/config/fmwconfig/ovd/default/keystores/adapters.jks