I will detail the steps required for patching OAM from 11.1.1.5 to BP03 version. To find out all the OAM patch versions then refer the metalink note 736372.1.
The BP03 patch number is 13473393.
Patching process:
- Stop OAM server and weblogic admin server and any other servers present in that domain.
- Set the ORACLE_HOME env variable to point to OAM (IAM suite)
- To find out the existing OAM version, execute the opatch lsinventory from ORACLE_HOME.
- Goto the location $DOMAIN_HOME/config/fmwconfig/mbeans/oam. Backup the jars mapstore.jar, lifecycle.jar, mapstore-coherence.jar, config.jar.
- Goto the location $DOMAIN_HOME/config/fmwconfig. Backup the RequestResponseXMLSchema.xsd file.
- Unzip patch file p13473393_111150_Generic.zip and goto the extracted folder. It contains etc and files folders.
- Run the opatch command from the extracted patch using command $ORACLE_HOME/OPatch/opatch apply. See the below screenshot.
- It prompts for “Is your local system ready for patching“. Answer Y and enter.
- Wait till you see the message “OPatch succeeded“
- Export DOMAIN_HOME env variable to point to weblogic domain.
- Goto location files /oam/server/scripts/opatch.
- Execute domainAutomation.sh script.
- Goto $DOMAIN_HOME/config/fmwconfig. Take backup of oam-config.xml.
- Start only WebLogic Admin Server and not OAM Server.
- Execute wlst.sh script from $ORACLE_HOME/common/bin.
- Connect to weblogic admin server using connect(‘weblogic’,'password’,'t3://localhost:7001′). Change the weblogic credentials and URL details as per your environment.
- Run the command patchUpgrade(path=”/u01/app/Oracle/Middleware/Oracle_IAM1″). Notice the message that oam-config.xml has been upgraded to new patch level. Refer the below screenshot.
- Restart the WebLogic Admin server.
- Start the OAM Managed server.
- Goto $DOMAIN_HOME/config/fmwconfig and open the oam-config.xml. Goto the end of file and verify the version of PatchLevel as 11.1.1.5.3.
Oracle WebLogic Administrator [USD 399]- 03rd Dec, 2011
Good hands-on exercises (installation, patching, cloning), very experienced trainer worth every penny 
8 users commented in " Patching Oracle Access Manager Server 11.1.1.5 "
Follow-up comment rss or Leave a TrackbackHi Mahendra,
I had done OAAM-OAM-OIM integration succesfully.
I even got the OAAM SSO page fronting the protected resources . But the problem is , whenever i enter the credentials to access the protected resources , am not successfully being authenticated , and a loop occurs , as am redirected again to the OAAM login page.
Is the problem incurring due to a bug related to OAM Bp02 TAP authentication scheme? Should i patch it to BP03? Will that solve the issue?
Early Help will be highly appreciated.
Thanks,
Adam
@ Adam,
Yes this is BUG in OAM BP02 , apply BP03 and it should fix this re-direct issue.
Hi Atul,
Thanks for the imminent response.
I successfully patched my current environment to BP03, but still am facing the same issue!!
Is it that , i have to create some additional rules in OAAM_Admin console, to bypass the OAAM SSO Login Page as it may be checking with its own policies in addition to the authentication policies defined in OAM?
Thanks,
Adam
@ Adam,
Are you saying that even after applying OAM BP03 you still get request redirecting (between OAM and OAAM infintely). If this is the case then ensure that you applied patch successfully.
I have OAM 11.1.1.5 BP03 and OAAM 11.1.1.5 BP01 integarted and working fine so this should work.
No additional rules are required in OAAM_Admin as default rukes in oaam_base_snapshot are enough (did you import oaam_base_snapshot )?
Share you exact issue with step by step instructions as what you see so that I can understand problem.
Hi Atul,
Thanks for the detailed response.
Yes, i did apply the patch successfully.
And I did import the oaam_base_snapshot as well!
Here’s the environment i had setup!
I had configured a domain to support OAM,OAAM,OIM.
I have the admin server running in one seperate machine.
OAM,OAAM managed servers in another machine.
And i have the LDAP store setup on another machine.
Recently i had integrated OAM with OIM , and fronted it with webgate11g .
Hence OAM was the SSO Page . But i neeeded strong authentication , hence went for OAAM integration with OAM and OIM.
Hence i get the OAAM SSO Page , but then , i face this issue that i cant bypass the SSO page with any of the credentials i have created.
Thanks,
Adam
Thanks
Hi Atul,
This is what i found in the Oaam_server_server1 log file .
[2012-10-08T03:11:44.416-07:00] [oaam_server_server1] [ERROR] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: ’0′ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000002eb7,0] [APP: oaam_server#11.1.1.3.0] Id mapping for DB_OBJ_QUERY_ERROR not found.
[2012-10-08T03:11:44.416-07:00] [oaam_server_server1] [ERROR] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: ’0′ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000002eb7,0] [APP: oaam_server#11.1.1.3.0] Caught exception. getUser() loginId=weblogic[[
DB_OBJ_QUERY_ERROR=select vcryptUser from VCryptUser vcryptUser where vcryptUser.loginId = :value_0 and vcryptUser.groupId = :value_1, java.lang.RuntimeException: javax.crypto.BadPaddingException: Given final block not properly padded
at com.bharosa.common.util.cipher.DESedeCipher.decrypt(DESedeCipher.java:137)
at com.bharosa.common.util.BharosaCipher.decrypt(BharosaCipher.java:482)
at com.bharosa.vcrypt.auth.util.VCryptPassword.decrypt(VCryptPassword.java:46)
at com.bharosa.common.toplink.TOPLinkPasswordAttributeTransformer.buildObjectValue(TOPLinkPasswordAttributeTransformer.java:16)
at com.bharosa.common.toplink.TOPLinkAttributeTransformer.convertDataValueToObjectValue(TOPLinkAttributeTransformer.java:71)
at org.eclipse.persistence.mappings.foundation.AbstractDirectMapping.valueFromRow(AbstractDirectMapping.java:1263)
at org.eclipse.persistence.mappings.DatabaseMapping.readFromRowIntoObject(DatabaseMapping.java:1283)
at org.eclipse.persistence.internal.descriptors.ObjectBuilder.buildAttributesIntoObject(ObjectBuilder.java:342)
at org.eclipse.persistence.internal.descriptors.ObjectBuilder.buildWorkingCopyCloneNormally(ObjectBuilder.java:616)
at org.eclipse.persistence.internal.descriptors.ObjectBuilder.buildObject(ObjectBuilder.java:502)
at org.eclipse.persistence.internal.descriptors.ObjectBuilder.buildObject(ObjectBuilder.java:454)
at org.eclipse.persistence.queries.ObjectLevelReadQuery.buildObject(ObjectLevelReadQuery.java:723)
at org.eclipse.persistence.queries.ReadAllQuery.executeObjectLevelReadQuery(ReadAllQuery.java:420)
at org.eclipse.persistence.queries.ObjectLevelReadQuery.executeDatabaseQuery(ObjectLevelReadQuery.java:1076)
at org.eclipse.persistence.queries.DatabaseQuery.execute(DatabaseQuery.java:740)
at org.eclipse.persistence.queries.ObjectLevelReadQuery.execute(ObjectLevelReadQuery.java:1036)
at org.eclipse.persistence.queries.ReadAllQuery.execute(ReadAllQuery.java:380)
at org.eclipse.persistence.queries.ObjectLevelReadQuery.executeInUnitOfWork(ObjectLevelReadQuery.java:1122)
at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.internalExecuteQuery(UnitOfWorkImpl.java:2910)
at com.bharosa.common.toplink.OAAMPerformanceProfiler.profileExecutionOfQuery(OAAMPerformanceProfiler.java:96)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1289)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1273)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1247)
at org.eclipse.persistence.internal.jpa.EJBQueryImpl.executeReadQuery(EJBQueryImpl.java:479)
at org.eclipse.persistence.internal.jpa.EJBQueryImpl.getResultList(EJBQueryImpl.java:714)
at com.bharosa.common.toplink.TopLink11gBaseDAO$ExecuteDBQueryAction.internalPerformAction(TopLink11gBaseDAO.java:197)
at com.bharosa.common.toplink.TopLink11gBaseDAO$DBAction.performAction(TopLink11gBaseDAO.java:100)
at com.bharosa.common.toplink.TopLink11gDBMgr.executeDBQuery(TopLink11gDBMgr.java:238)
at com.bharosa.vcrypt.dataaccess.impl.VCryptUserDataAccessImpl.getVCryptUserByLoginId(VCryptUserDataAccessImpl.java:493)
at com.bharosa.vcrypt.auth.impl.VCryptAuthImpl.createUser(VCryptAuthImpl.java:586)
at com.bharosa.vcrypt.auth.impl.VCryptAuthMonitorImpl$13.perform(VCryptAuthMonitorImpl.java:134)
at com.bharosa.common.monitoring.MonitorInterceptor.performAction(MonitorInterceptor.java:331)
at com.bharosa.common.monitoring.MonitorInterceptor.performActionNoFingerprint(MonitorInterceptor.java:371)
at com.bharosa.vcrypt.auth.impl.VCryptAuthMonitorImpl.createUser(VCryptAuthMonitorImpl.java:137)
at com.bharosa.vcrypt.auth.impl.VCryptAuthFilterImpl.createUser(VCryptAuthFilterImpl.java:119)
at com.bharosa.vcryptclient.proxy.impl.BharosaProxyImpl.createUser(BharosaProxyImpl.java:265)
at com.bharosa.uio.actions.LoginAction.initUser(LoginAction.java:296)
at com.bharosa.uio.actions.LoginAction.bharosaExecute(LoginAction.java:78)
at com.bharosa.uio.actions.UIOBaseAction.execute(UIOBaseAction.java:81)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:421)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:226)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1166)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:417)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.wls.filter.SSOSessionSynchronizationFilter.doFilter(SSOSessionSynchronizationFilter.java:277)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: java.lang.RuntimeException: javax.crypto.BadPaddingException: Given final block not properly padded
... 65 more
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.DESedeCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at com.bharosa.common.util.cipher.DESedeCipher.decrypt(DESedeCipher.java:128)
... 64 more
]]
[2012-10-08T03:11:44.416-07:00] [oaam_server_server1] [WARNING] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: ’0′ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000002eb7,0] [APP: oaam_server#11.1.1.3.0] Error creating user, requestId=56_5890da09c0a2953baac663197f8f5e1eb4201e364ded6037070def276051dee5
[2012-10-08T03:11:44.416-07:00] [oaam_server_server1] [ERROR] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: ’0′ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000002eb7,0] [APP: oaam_server#11.1.1.3.0] Unable to find client user in session. Sending user to login page.
[2012-10-08T03:11:44.416-07:00] [oaam_server_server1] [NOTIFICATION] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: ’0′ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000002ebb,0] [APP: oaam_server#11.1.1.3.0] getURLFromCookie Cookie is null
[2012-10-08T03:11:44.416-07:00] [oaam_server_server1] [NOTIFICATION] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: ’0′ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000002ebb,0] [APP: oaam_server#11.1.1.3.0] OAM Redirect URL not found in request parameter or in cookie.
[2012-10-08T03:11:44.431-07:00] [oaam_server_server1] [NOTIFICATION] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: ’0′ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000002ebb,0] [APP: oaam_server#11.1.1.3.0] Returning InitStatus as [true]
[2012-10-08T03:12:31.729-07:00] [oaam_server_server1] [NOTIFICATION] [] [oracle.oaam] [tid: Timer-5] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000000002,1:22761] [APP: oaam_server#11.1.1.3.0] com.bharosa.common.db.BharosaDBMgr: current queue size=0, processed 3 in 60 seconds with per second=0.05, total till now=10, reseted 0 times
[2012-10-08T03:12:31.729-07:00] [oaam_server_server1] [NOTIFICATION] [] [oracle.oaam] [tid: Timer-5] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000000002,1:22761] [APP: oaam_server#11.1.1.3.0] DynamicActionsExecutor_0: current queue size=0, processed 2 in 60 seconds with per second=0.03333333333333333, total till now=6, total processed till now=6, reseted 0 times
[2012-10-08T03:12:31.729-07:00] [oaam_server_server1] [NOTIFICATION] [] [oracle.oaam] [tid: Timer-5] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000000002,1:22761] [APP: oaam_server#11.1.1.3.0] com.bharosa.vcrypt.tracker.rules.logs.data.AsyncDBLogger: current queue size=0, processed 6 in 60 seconds with per second=0.1, total till now=18, reseted 0 times
[2012-10-08T03:16:57.668-07:00] [oaam_server_server1] [NOTIFICATION] [] [oracle.oaam] [tid: Timer-5] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000000002,1:22761] [APP: oaam_server#11.1.1.3.0] Removed 1 requestIds from cache. There are 0 sessions in the cache. Cache time to live is 5 minutes
Thanks,
Adam
Hi Adam,
Is your problem resolved or still getting issues?
What Authentication scheme you are using? If using Basic, then there is an issue with Basic authentication scheme, after applying BP02 and BP03 patch.
It’s manual work around is to make some entries in Basic authentication scheme on OAMCONSOLE as mentioned below and it will work.
1. Access OAM Console from a browser by going to the OAM Admin URL. (Eg: http://:/oamconsole )
Make sure the Admin server is up
2. Click on ‘Policy Configuration’
3. Double click on ‘BasicScheme’ from the section ‘Authentication Schemes’
4. Update this scheme based on the below parameters:
Add the following to the text field called ‘Challenge Parameters’:
contextType=default
contextValue=/oam
challenge_url=/CredCollectServlet/BASIC
and apply the changes.
Hope it will work for you as well !!!
Hi,
Will this patch permit us to install Oracle Forms and Reports 11g R2 with SSO without any problem; Because I am facing this bug :
Bug 14053429 : FORMS 11.1.2.0.0 UNABLE TO CONNECT TO OAM 11.1.1.5.0BP02.
Did you try to installa F&R 11gR2 with SSO and get this problem ?
Regards,
Amine
Leave A Reply