Oracle Identity Manager (OIM) Provides assigning Proxy to some other user so that when a user is on leave or out of office, user can delegated task/approvals to someone else.
- To assign proxy in OIM: login to Self Service Console : My Profile -> Proxies -> Add Proxy
On Adding Proxy, users were getting error “The add proxy operation for user [user_name] failed with following error oracle. bpel. services. workflow. client. workflowServiceClientException javax.xml.ws.WebServiceException could not determine wsdl ports”
When you assign Proxy in OIM 11g, request is fulfilled by SOA server (SOA server is mandatory in OIM 11g). If you hit this error first thing to check is that SOA server is running and there are no errors in SOA server log file. In my case SOA server was running and there were no errors related to SOA service /soa-infra (STATE of deployment soa-infra in WebLogic Console was ACTIVE )
Message reported in OIM server out file was
_____
<24-Mar-2013 20:47:50 o’clock UTC> <Error> <oracle.iam.configservice.impl> <IAM-3020003> <The attribute PROXY_NAME does not exist!>
<24-Mar-2013 20:47:50 o’clock UTC> <Warning> <oracle.iam.selfservice.self.agentry> <BEA-000000> <IAM-3045001>
<24-Mar-2013 20:47:51 o’clock UTC> <Error> <oracle.iam.identity.usermgmt.impl> <IAM-3050062> <Failed setting proxy in BPEL. The operation will be rolled back.>
_____
Message reported in OIM Diagnostics log file was
_____
[2013-03-24T20:47:50.722+00:00] [WLS_OIM2] [NOTIFICATION] [IAM-1010010] [oracle.iam.platform.authz.impl] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: 004qB7DDy4I7u1W5Lzl3ie00053X000M4O,0:1] [APP: oim#11.1.1.3.0] [URI: /oim/faces/pages/Self.jspx] ********** Entering the Authorization Segment with parameters:: LoggedInUserId = 30, target resourceID = null, Feature = SELF_SERVICE_USER_MANAGEMENT, Action = MODIFY_SELF_USER_PROXY_PROFILE **********
[2013-03-24T20:47:50.722+00:00] [WLS_OIM2] [NOTIFICATION] [IAM-1010033] [oracle.iam.platform.authz.impl] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: 004qB7DDy4I7u1W5Lzl3ie00053X000M4O,0:1] [APP: oim#11.1.1.3.0] [URI: /oim/faces/pages/Self.jspx] OES Results are not found in cache with Key F: SELF_SERVICE_USER_MANAGEMENTS: 30P: MODIFY_SELF_USER_PROXY_PROFILEOESDefinition
[2013-03-24T20:47:51.696+00:00] [WLS_OIM2] [ERROR] [IAM-3050062] [oracle.iam.identity.usermgmt.impl] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: 004qB7DDy4I7u1W5Lzl3ie00053X000M4O,0:1] [APP: oim#11.1.1.3.0] [URI: /oim/faces/pages/Self.jspx] Failed setting proxy in BPEL. The operation will be rolled back.
_____
Here are some of the questions that came to my mind while troubleshooting this issue
How OIM knows which SOA server to connect (Where is SOA server URL defined in OIM) ?
What user OIM server uses to connect to SOA Server ?
Where is password stored for this user (used to connect to SOA server) ?
_____
SOA URL is defined in OIM’s Application Defined MBEAN (oracle.iam -> Server: <oim_server_name>, Application: oim -> XMLConfig -> Config -> XML.Config.SOAConfig -> SOAConfig)
- URL to connect to SOA server is defined by Attribute SoapURL and User that is used to connect is defined in attribute Username
- Password for username defined above is stored in credential store of OIM (Map : OIM ; key : SOAAdminPassword )
Root Cause : In my case SOA URL ( defined by SoapURL property) was not reachable from OIM server (blocked by firewall).
Related/References
- Setting Proxy User In OIM Fails with “Could not determine wsdl ports” Error [ID 1459121.1]
- Enable OIM to connect to SOA using LDAP User