How to debug OID : LDAP Error code 50 – Insufficient Access Rights

I recently configured access control in OID to grant READ/WRITE access on one of the OU in OID to a group. This post cover steps to debug Access Control issues (READ/DELETE/MODIFY) in OID.

  • If you encounter “Insufficient Access Rights” in OID then enable Debug in OID (Set orcldebugflag to 8192 and orcldebugop to 8 to OID instance) using ODSM

Note: For value of orcldebugflag (8192 is for Access Control List Processing) & orcldebugop (8 is for DELETE ) follow Note # 1239943.1  How To Set OID Debug / Trace Levels for 11g

 

Replicate issue and check OID logs at $ORACLE_INSTANCE/ diagnostics/ OID/ oid/ oidldapds[NNNNN].log 

_______

2014-01-23T23:45:00+00:00] [OID] [TRACE:16] [] [OIDLDAPD] [host: oidhost.oiddomain] [pid: 17878] [tid: 10] [ecid: 004wAjKOjRu6aMW_Lxo2ye0004NM00001V,0] ServerWorker (REG):[[
BEGIN
ConnID:77 mesgID:34 OpID:33  OpName:delete ConnIP:192.168.1.12 ConnDN:cn=atul kumar,ou=internal,cn=users,dc=onlineappsdba,dc=com
gslaudegGetNearestACP:Parsing the node cn=testuser1,ou=external,cn=users,dc=onlineappsdba,dc=com
2014-01-23T23:45:00 * gslaudegGetNearestACP:Parsing the node ou=merchant users,ou=testou,ou=external,cn=users,dc=onlineappsdba,dc=com
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Operation id:(33) Entry DN: (cn=testuser1,ou=external,cn=users,dc=onlineappsdba,dc=com)
2014-01-23T23:45:00 * gslaudeeEntryEvaluation: Operation id:(33) User DN: (cn=atul kumar,ou=internal,cn=users,dc=onlineappsdba,dc=com)
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Op id:(33) Visiting ACP at: (ou=users,ou=testou,ou=external,cn=users,dc=onlineappsdba,dc=com)
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Op id:(33) Visiting ACP at: (ou=testou,ou=external,cn=users,dc=onlineappsdba,dc=com)
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Op id:(33) Visiting ACP at: (ou=external,cn=users,dc=onlineappsdba,dc=com)
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Op id:(33) Visiting ACP at: (cn=users,dc=onlineappsdba,dc=com)
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Op id:(33) Entry Accees denied by ACP:(cn=users,dc=onlineappsdba,dc=com)
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Operation id:(33) User has Privilege groups Evaluation continues
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Op id:(33) Visiting ACP at: (dc=onlineappsdba,dc=com)
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Op id:(33) Entry Accees denied by ACP:(dc=onlineappsdba,dc=com)
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Operation id:(33) User has Privilege groups Evaluation continues
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Op id:(33) Visiting ACP at: (dc=com)
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Op id:(33) Entry Accees denied by ACP:(dc=com)
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Operation id:(33) User has Privilege groups Evaluation continues
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Op id:(33) Visiting ACP at: (cn=root)
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Op id:(33) Entry Accees denied by ACP:(cn=root)
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Operation id:(33) User has Privilege groups Evaluation continues
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Op id:(33) Enforcing Server Def Access Policy
2014-01-23T23:45:00 * gslaudeeEntryEvaluation:Operation id:(33) Access to Entry (cn=testuser1,ou=External,cn=Users,dc=onlineappsdba,dc=com) not allowed by ACP at: (Deafault Policy)
END
]]

_______

 

If you notice Access Control Policy checked it all the way from ou=external,cn=users,dc=onlineappsdba,dc=com –> cn=users,dc=onlineappsdba,dc=com –> dc=onlineappsdba,dc=com –> dc=com –> cn=root

 

Fix: I defined ACL at level dc=onlineappsdba,dc=com and granted access to group “cn=oimadministrators…” and added user cn=atul kuma…. to group cn=oimadministrators

  • For more information on ACL in OID 11g click here

 

 

Log after defining ACL

 

_______

2014-01-23T23:45:00+00:00] [OID] [TRACE:16] [] [OIDLDAPD] [host: oidhost.oiddomain] [pid: 17878] [tid: 10] [ecid: 004wAjKOjRu6aMW_Lxo2ye0004NM00001V,0] ServerWorker (REG):[[
BEGIN
ConnID:77 mesgID:34 OpID:33  OpName:delete ConnIP:192.168.1.12 ConnDN:cn=atul kumar,ou=internal,cn=users,dc=onlineappsdba,dc=com
gslaudegGetNearestACP:Parsing the node cn=testuser1,ou=external,cn=users,dc=onlineappsdba,dc=com
2014-01-23T23:59:00 * gslaudegGetNearestACP:Parsing the node ou=merchant users,ou=testou,ou=external,cn=users,dc=onlineappsdba,dc=com
2014-01-23T23:59:00 * gslaudeeEntryEvaluation:Operation id:(33) Entry DN: (cn=testuser1,ou=external,cn=users,dc=onlineappsdba,dc=com)
2014-01-23T23:59:00 * gslaudeeEntryEvaluation: Operation id:(33) User DN: (cn=atul kumar,ou=internal,cn=users,dc=onlineappsdba,dc=com)
2014-01-23T23:59:00 * gslaudeeEntryEvaluation:Op id:(33) Visiting ACP at: (ou=users,ou=testou,ou=external,cn=users,dc=onlineappsdba,dc=com)
2014-01-23T23:59:00 * gslaudeeEntryEvaluation:Op id:(33) Visiting ACP at: (ou=testou,ou=external,cn=users,dc=onlineappsdba,dc=com)
2014-01-23T23:59:00 * gslaudeeEntryEvaluation:Op id:(33) Visiting ACP at: (ou=external,cn=users,dc=onlineappsdba,dc=com)
2014-01-23T23:59:00 * gslaudeeEntryEvaluation:Op id:(33) Visiting ACP at: (cn=users,dc=onlineappsdba,dc=com)
2014-01-23T23:59:00 * gslaudeeEntryEvaluation:Op id:(33) Entry Accees denied by ACP:(cn=users,dc=onlineappsdba,dc=com)
2014-01-23T23:59:00 * gslaudeeEntryEvaluation:Operation id:(33) User has Privilege groups Evaluation continues
2014-01-23T23:59:00 * gslaudeeEntryEvaluation:Op id:(33) Visiting ACP at: (dc=onlineappsdba,dc=com)

2014-01-23T23:59:00 * gslaudeeEntryEvaluation:Op id:(33) Enforcing Server Def Access Policy

2014-01-23T23:59:00 * gslaudeeEntryEvaluation:Operation id:(33) Access to Entry (cn=testuser1,ou=External,cn=Users,dc=onlineappsdba,dc=com)  allowed by ACP at: (dc=onlineappsdba,dc=com)
END
]]

_______

References

About the Author Masroof Ahmad

Leave a Comment:

5 comments
IdmRockstar says January 28, 2014

Hi Atul,
I am facing an issue related to exporting request templates in OIM.
-> I used the export functionality in OIM console , and the Nexaweb app loads up ,and under resources i selected the list of request templates i need to import.

-> Now, when i click on the select children tab, it enters a stuck stage.

->Also , i tried to retrieve the same using WLST to import from meta data , but found that request templates arent exported through that.

-> Later i found this wierd error in oim_diagnostic log ,

[2014-01-27T04:04:42.221-06:00] [oim_server1] [ERROR] [] [XELLERATE.DATABASE] [tid: [ACTIVE].ExecuteThread: ‘5’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: 115e31ed66999315:29907a9a:143c3c3851f:-8000-0000000000003355,0] [APP: oim#11.1.1.3.0] Class/Method: DirectDB/getConnection encounter some problems: Error while retrieving database connection.Please check for the follwoing[[
Database srever is running.
Datasource configuration settings are correct. java.sql.SQLException: Unexpected exception while enlisting XAConnection java.sql.SQLException: Transaction rolled back: Transaction timed out after 601 seconds
BEA1-41A49551D662C3D47EF8
at weblogic.jdbc.jta.DataSource.enlist(DataSource.java:1616)
at weblogic.jdbc.jta.DataSource.refreshXAConnAndEnlist(DataSource.java:1503)
at weblogic.jdbc.jta.DataSource.getConnection(DataSource.java:446)
at weblogic.jdbc.jta.DataSource.connect(DataSource.java:403)
at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:364)
at oracle.iam.platform.utils.vo.OIMDataSource.getConnection(OIMDataSource.java:57)
at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:217)
at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:148)
at com.thortech.xl.ddm.repositories.rdbms.impl.RDBMSRepository.getConnection(RDBMSRepository.java:656)
at com.thortech.xl.ddm.repositories.rdbms.impl.RDBMSRepository.createSchemaInstance(RDBMSRepository.java:233)
at com.thortech.xl.ejb.beansimpl.tcExportOperationsBean.fetchChildrenInfo(tcExportOperationsBean.java:808)
at com.thortech.xl.ejb.beansimpl.tcExportOperationsBean.fetchChildrenInfo(tcExportOperationsBean.java:858)
at com.thortech.xl.ejb.beansimpl.tcExportOperationsBean.retrieveChildren(tcExportOperationsBean.java:704)
at Thor.API.Operations.tcExportOperationsIntfEJB.retrieveChildrenx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy502.retrieveChildrenx(Unknown Source)
at Thor.API.Operations.tcExportOperationsIntf_iai7l_tcExportOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at Thor.API.Operations.tcExportOperationsIntf_iai7l_tcExportOperationsIntfRemoteImpl.retrieveChildrenx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy506.retrieveChildrenx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy521.retrieveChildrenx(Unknown Source)
at Thor.API.Operations.tcExportOperationsIntfDelegate.retrieveChildren(Unknown Source)
at com.thortech.xl.webclient.actions.LoadDeploymentUtilityAction.getSelectChildren(LoadDeploymentUtilityAction.java:364)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:523)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:253)
at com.nexaweb.server.servlet.NexawebRequestDispatcher.doClientRequest(NexawebRequestDispatcher.java:346)
at com.nexaweb.server.servlet.NexawebRequestDispatcher.forwardClientRequest(NexawebRequestDispatcher.java:114)
at com.nexaweb.server.servlet.JspProcessor.processRequest(JspProcessor.java:137)
at com.nexaweb.server.servlet.RequestProcessor.dispatchRequest(RequestProcessor.java:463)
at com.nexaweb.server.servlet.RequestProcessor.processClientEvent(RequestProcessor.java:710)
at com.nexaweb.server.services.protocol.NexawebProtocolHandler.handleProcessEventCommand(NexawebProtocolHandler.java:1026)
at com.nexaweb.server.services.protocol.NexawebProtocolHandler.dispatchCommand(NexawebProtocolHandler.java:140)
at com.nexaweb.server.NexawebServer.doService(NexawebServer.java:420)
at com.nexaweb.server.NexawebServer.doGet(NexawebServer.java:335)
at com.nexaweb.server.admin.ServerAdmin.callNexawebServer(ServerAdmin.java:378)
at sun.reflect.GeneratedMethodAccessor4444.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.nexaweb.loader.xMethodInvoker.runInThread(xMethodInvoker.java:69)
at com.nexaweb.server.api.admin.ServerAdminProxy.callNexawebServer(ServerAdminProxy.java:551)
at com.nexaweb.redirect.RedirectServlet.doGet(RedirectServlet.java:18)
at com.nexaweb.redirect.RedirectServlet.doPost(RedirectServlet.java:28)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:108)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: weblogic.transaction.TimedOutException: Transaction timed out after 601 seconds
BEA1-41A49551D662C3D47EF8
at weblogic.jdbc.jta.DataSource.enlist(DataSource.java:1614)
… 128 more

at weblogic.jdbc.jta.DataSource.refreshXAConnAndEnlist(DataSource.java:1522)
at weblogic.jdbc.jta.DataSource.getConnection(DataSource.java:446)
at weblogic.jdbc.jta.DataSource.connect(DataSource.java:403)
at weblogic.jdbc.common.internal.RmiDataSource.getConnection(RmiDataSource.java:364)
at oracle.iam.platform.utils.vo.OIMDataSource.getConnection(OIMDataSource.java:57)
at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:217)
at com.thortech.xl.util.DirectDB.getConnection(DirectDB.java:148)
at com.thortech.xl.ddm.repositories.rdbms.impl.RDBMSRepository.getConnection(RDBMSRepository.java:656)
at com.thortech.xl.ddm.repositories.rdbms.impl.RDBMSRepository.createSchemaInstance(RDBMSRepository.java:233)
at com.thortech.xl.ejb.beansimpl.tcExportOperationsBean.fetchChildrenInfo(tcExportOperationsBean.java:808)
at com.thortech.xl.ejb.beansimpl.tcExportOperationsBean.fetchChildrenInfo(tcExportOperationsBean.java:858)
at com.thortech.xl.ejb.beansimpl.tcExportOperationsBean.retrieveChildren(tcExportOperationsBean.java:704)
at Thor.API.Operations.tcExportOperationsIntfEJB.retrieveChildrenx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy502.retrieveChildrenx(Unknown Source)
at Thor.API.Operations.tcExportOperationsIntf_iai7l_tcExportOperationsIntfRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at Thor.API.Operations.tcExportOperationsIntf_iai7l_tcExportOperationsIntfRemoteImpl.retrieveChildrenx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy506.retrieveChildrenx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy521.retrieveChildrenx(Unknown Source)
at Thor.API.Operations.tcExportOperationsIntfDelegate.retrieveChildren(Unknown Source)
at com.thortech.xl.webclient.actions.LoadDeploymentUtilityAction.getSelectChildren(LoadDeploymentUtilityAction.java:364)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
at com.thortech.xl.webclient.actions.tcAction.execute(tcAction.java:213)
at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:523)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:253)
at com.nexaweb.server.servlet.NexawebRequestDispatcher.doClientRequest(NexawebRequestDispatcher.java:346)
at com.nexaweb.server.servlet.NexawebRequestDispatcher.forwardClientRequest(NexawebRequestDispatcher.java:114)
at com.nexaweb.server.servlet.JspProcessor.processRequest(JspProcessor.java:137)
at com.nexaweb.server.servlet.RequestProcessor.dispatchRequest(RequestProcessor.java:463)
at com.nexaweb.server.servlet.RequestProcessor.processClientEvent(RequestProcessor.java:710)
at com.nexaweb.server.services.protocol.NexawebProtocolHandler.handleProcessEventCommand(NexawebProtocolHandler.java:1026)
at com.nexaweb.server.services.protocol.NexawebProtocolHandler.dispatchCommand(NexawebProtocolHandler.java:140)
at com.nexaweb.server.NexawebServer.doService(NexawebServer.java:420)
at com.nexaweb.server.NexawebServer.doGet(NexawebServer.java:335)
at com.nexaweb.server.admin.ServerAdmin.callNexawebServer(ServerAdmin.java:378)
at sun.reflect.GeneratedMethodAccessor4444.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.nexaweb.loader.xMethodInvoker.runInThread(xMethodInvoker.java:69)
at com.nexaweb.server.api.admin.ServerAdminProxy.callNexawebServer(ServerAdminProxy.java:551)
at com.nexaweb.redirect.RedirectServlet.doGet(RedirectServlet.java:18)
at com.nexaweb.redirect.RedirectServlet.doPost(RedirectServlet.java:28)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:76)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:108)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

-> Hence it could be understood from the above logs that , a time out occured while trying to contact with the OIM DB.

–> Hence, is there any other way to exports the request templates from OIM console or through WLST ? or is it only possible to be retrieved from the DB as it resides there and not in MDS?

Imminent help would be highly appreciated.

Reply
    Atul Kumar says January 29, 2014

    Check if there are any locks in database when you export request templates in OIM.

    If you have too many request templates then import could take long so try incresing STRUCK Thread wait time for OIM managed server (default I think is 300 sec)

    Reply
Tanmoy says January 30, 2014

Need help to integrate the custom ADF application with OAM11g SSO functionality.

Hi Atul,

I am one of the follower on your sites.
Your knowledge always helpful in real life scenarios.
I need one help from you.
Currently I am integrating OAM11g SSO functionality for custom ADF applications.
After enabling the SSO functionality when I tried to open the application URL(ex- http://rana.fusn.com:7777/TestAdfSecurity/faces/Home.jsf) it’s redirecting the Oracle Access Manager 11g page. After given the credential it’s redirecting the ADF application home page (http://rana.fusn.com:7777/TestAdfSecurity/faces/Home.jsf?_afrLoop=5045192333888&Adf-Window-Id=w0&_afrWindowMode=0&_adf.ctrl-state=6xc35fyj5_3&_afrRedirect=5045264247027).
But Home page showing blank.
If we access the ADF application home page using admin server port(we deployed the ADF application in Admin server) then it’s open and content of the adf application home page showing correctly it’s not showing blank.

Could you please help me to resolve the issue. I followed the steps mentioned at chapter-12 (OAM Integration with Fusion Middleware and EBS R12).

Waiting for your reply.

Thanks,
Tanmoy

Reply
    Atul Kumar says January 30, 2014

    @ Tanmoy,
    Install IE HTTP Header and also debug on your application to see if you notice anything being blocked.

    Is there any security that you defined in your application ?

    Reply
Varadaraj says June 21, 2017

Hi Atul,

How do I apply ACI on the ACP allowing a entry to get full access on all the sub entries.

For Eg:

I have the below DIT, I want the user cn=test1 to gain access to all the sub entries by applying ACI on cn=users,dc=example,dc=com

cn=users,dc=example,dc=com
|
|
|_______cn=apps,cn=users,dc=example,dc=com
| |
| |
| |_____cn=appdata,cn=apps,cn=users,dc=example,dc=com
|
|
|_______ cn=iamuser,cn=users,dc=example,dc=com

Thanks,
Varada

Reply
Add Your Reply