Leave a Comment:
10 comments
Hi Mahendra,
I had done OAAM-OAM-OIM integration succesfully.
I even got the OAAM SSO page fronting the protected resources . But the problem is , whenever i enter the credentials to access the protected resources , am not successfully being authenticated , and a loop occurs , as am redirected again to the OAAM login page.
Is the problem incurring due to a bug related to OAM Bp02 TAP authentication scheme? Should i patch it to BP03? Will that solve the issue?
Early Help will be highly appreciated.
Thanks,
Adam
@ Adam,
Yes this is BUG in OAM BP02 , apply BP03 and it should fix this re-direct issue.
Hi Atul,
Thanks for the imminent response.
I successfully patched my current environment to BP03, but still am facing the same issue!!
Is it that , i have to create some additional rules in OAAM_Admin console, to bypass the OAAM SSO Login Page as it may be checking with its own policies in addition to the authentication policies defined in OAM?
Thanks,
Adam
@ Adam,
Are you saying that even after applying OAM BP03 you still get request redirecting (between OAM and OAAM infintely). If this is the case then ensure that you applied patch successfully.
I have OAM 11.1.1.5 BP03 and OAAM 11.1.1.5 BP01 integarted and working fine so this should work.
No additional rules are required in OAAM_Admin as default rukes in oaam_base_snapshot are enough (did you import oaam_base_snapshot )?
Share you exact issue with step by step instructions as what you see so that I can understand problem.
Reply Hi Atul,
Thanks for the detailed response.
Yes, i did apply the patch successfully.
And I did import the oaam_base_snapshot as well!
Here’s the environment i had setup!
I had configured a domain to support OAM,OAAM,OIM.
I have the admin server running in one seperate machine.
OAM,OAAM managed servers in another machine.
And i have the LDAP store setup on another machine.
Recently i had integrated OAM with OIM , and fronted it with webgate11g .
Hence OAM was the SSO Page . But i neeeded strong authentication , hence went for OAAM integration with OAM and OIM.
Hence i get the OAAM SSO Page , but then , i face this issue that i cant bypass the SSO page with any of the credentials i have created.
Thanks,
Adam
Thanks
Reply Hi Atul,
This is what i found in the Oaam_server_server1 log file .
[2012-10-08T03:11:44.416-07:00] [oaam_server_server1] [ERROR] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000002eb7,0] [APP: oaam_server#11.1.1.3.0] Id mapping for DB_OBJ_QUERY_ERROR not found.
[2012-10-08T03:11:44.416-07:00] [oaam_server_server1] [ERROR] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000002eb7,0] [APP: oaam_server#11.1.1.3.0] Caught exception. getUser() loginId=weblogic[[
DB_OBJ_QUERY_ERROR=select vcryptUser from VCryptUser vcryptUser where vcryptUser.loginId = :value_0 and vcryptUser.groupId = :value_1, java.lang.RuntimeException: javax.crypto.BadPaddingException: Given final block not properly padded
at com.bharosa.common.util.cipher.DESedeCipher.decrypt(DESedeCipher.java:137)
at com.bharosa.common.util.BharosaCipher.decrypt(BharosaCipher.java:482)
at com.bharosa.vcrypt.auth.util.VCryptPassword.decrypt(VCryptPassword.java:46)
at com.bharosa.common.toplink.TOPLinkPasswordAttributeTransformer.buildObjectValue(TOPLinkPasswordAttributeTransformer.java:16)
at com.bharosa.common.toplink.TOPLinkAttributeTransformer.convertDataValueToObjectValue(TOPLinkAttributeTransformer.java:71)
at org.eclipse.persistence.mappings.foundation.AbstractDirectMapping.valueFromRow(AbstractDirectMapping.java:1263)
at org.eclipse.persistence.mappings.DatabaseMapping.readFromRowIntoObject(DatabaseMapping.java:1283)
at org.eclipse.persistence.internal.descriptors.ObjectBuilder.buildAttributesIntoObject(ObjectBuilder.java:342)
at org.eclipse.persistence.internal.descriptors.ObjectBuilder.buildWorkingCopyCloneNormally(ObjectBuilder.java:616)
at org.eclipse.persistence.internal.descriptors.ObjectBuilder.buildObject(ObjectBuilder.java:502)
at org.eclipse.persistence.internal.descriptors.ObjectBuilder.buildObject(ObjectBuilder.java:454)
at org.eclipse.persistence.queries.ObjectLevelReadQuery.buildObject(ObjectLevelReadQuery.java:723)
at org.eclipse.persistence.queries.ReadAllQuery.executeObjectLevelReadQuery(ReadAllQuery.java:420)
at org.eclipse.persistence.queries.ObjectLevelReadQuery.executeDatabaseQuery(ObjectLevelReadQuery.java:1076)
at org.eclipse.persistence.queries.DatabaseQuery.execute(DatabaseQuery.java:740)
at org.eclipse.persistence.queries.ObjectLevelReadQuery.execute(ObjectLevelReadQuery.java:1036)
at org.eclipse.persistence.queries.ReadAllQuery.execute(ReadAllQuery.java:380)
at org.eclipse.persistence.queries.ObjectLevelReadQuery.executeInUnitOfWork(ObjectLevelReadQuery.java:1122)
at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.internalExecuteQuery(UnitOfWorkImpl.java:2910)
at com.bharosa.common.toplink.OAAMPerformanceProfiler.profileExecutionOfQuery(OAAMPerformanceProfiler.java:96)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1289)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1273)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1247)
at org.eclipse.persistence.internal.jpa.EJBQueryImpl.executeReadQuery(EJBQueryImpl.java:479)
at org.eclipse.persistence.internal.jpa.EJBQueryImpl.getResultList(EJBQueryImpl.java:714)
at com.bharosa.common.toplink.TopLink11gBaseDAO$ExecuteDBQueryAction.internalPerformAction(TopLink11gBaseDAO.java:197)
at com.bharosa.common.toplink.TopLink11gBaseDAO$DBAction.performAction(TopLink11gBaseDAO.java:100)
at com.bharosa.common.toplink.TopLink11gDBMgr.executeDBQuery(TopLink11gDBMgr.java:238)
at com.bharosa.vcrypt.dataaccess.impl.VCryptUserDataAccessImpl.getVCryptUserByLoginId(VCryptUserDataAccessImpl.java:493)
at com.bharosa.vcrypt.auth.impl.VCryptAuthImpl.createUser(VCryptAuthImpl.java:586)
at com.bharosa.vcrypt.auth.impl.VCryptAuthMonitorImpl$13.perform(VCryptAuthMonitorImpl.java:134)
at com.bharosa.common.monitoring.MonitorInterceptor.performAction(MonitorInterceptor.java:331)
at com.bharosa.common.monitoring.MonitorInterceptor.performActionNoFingerprint(MonitorInterceptor.java:371)
at com.bharosa.vcrypt.auth.impl.VCryptAuthMonitorImpl.createUser(VCryptAuthMonitorImpl.java:137)
at com.bharosa.vcrypt.auth.impl.VCryptAuthFilterImpl.createUser(VCryptAuthFilterImpl.java:119)
at com.bharosa.vcryptclient.proxy.impl.BharosaProxyImpl.createUser(BharosaProxyImpl.java:265)
at com.bharosa.uio.actions.LoginAction.initUser(LoginAction.java:296)
at com.bharosa.uio.actions.LoginAction.bharosaExecute(LoginAction.java:78)
at com.bharosa.uio.actions.UIOBaseAction.execute(UIOBaseAction.java:81)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:421)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:226)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1166)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:417)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.wls.filter.SSOSessionSynchronizationFilter.doFilter(SSOSessionSynchronizationFilter.java:277)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: java.lang.RuntimeException: javax.crypto.BadPaddingException: Given final block not properly padded
… 65 more
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.DESedeCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at com.bharosa.common.util.cipher.DESedeCipher.decrypt(DESedeCipher.java:128)
… 64 more
]]
[2012-10-08T03:11:44.416-07:00] [oaam_server_server1] [WARNING] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000002eb7,0] [APP: oaam_server#11.1.1.3.0] Error creating user, requestId=56_5890da09c0a2953baac663197f8f5e1eb4201e364ded6037070def276051dee5
[2012-10-08T03:11:44.416-07:00] [oaam_server_server1] [ERROR] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000002eb7,0] [APP: oaam_server#11.1.1.3.0] Unable to find client user in session. Sending user to login page.
[2012-10-08T03:11:44.416-07:00] [oaam_server_server1] [NOTIFICATION] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000002ebb,0] [APP: oaam_server#11.1.1.3.0] getURLFromCookie Cookie is null
[2012-10-08T03:11:44.416-07:00] [oaam_server_server1] [NOTIFICATION] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000002ebb,0] [APP: oaam_server#11.1.1.3.0] OAM Redirect URL not found in request parameter or in cookie.
[2012-10-08T03:11:44.431-07:00] [oaam_server_server1] [NOTIFICATION] [] [oracle.oaam] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000002ebb,0] [APP: oaam_server#11.1.1.3.0] Returning InitStatus as [true]
[2012-10-08T03:12:31.729-07:00] [oaam_server_server1] [NOTIFICATION] [] [oracle.oaam] [tid: Timer-5] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000000002,1:22761] [APP: oaam_server#11.1.1.3.0] com.bharosa.common.db.BharosaDBMgr: current queue size=0, processed 3 in 60 seconds with per second=0.05, total till now=10, reseted 0 times
[2012-10-08T03:12:31.729-07:00] [oaam_server_server1] [NOTIFICATION] [] [oracle.oaam] [tid: Timer-5] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000000002,1:22761] [APP: oaam_server#11.1.1.3.0] DynamicActionsExecutor_0: current queue size=0, processed 2 in 60 seconds with per second=0.03333333333333333, total till now=6, total processed till now=6, reseted 0 times
[2012-10-08T03:12:31.729-07:00] [oaam_server_server1] [NOTIFICATION] [] [oracle.oaam] [tid: Timer-5] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000000002,1:22761] [APP: oaam_server#11.1.1.3.0] com.bharosa.vcrypt.tracker.rules.logs.data.AsyncDBLogger: current queue size=0, processed 6 in 60 seconds with per second=0.1, total till now=18, reseted 0 times
[2012-10-08T03:16:57.668-07:00] [oaam_server_server1] [NOTIFICATION] [] [oracle.oaam] [tid: Timer-5] [userId: ] [ecid: 562ef56db5811365:-17c3dd71:13a31635ba7:-8000-0000000000000002,1:22761] [APP: oaam_server#11.1.1.3.0] Removed 1 requestIds from cache. There are 0 sessions in the cache. Cache time to live is 5 minutes
Thanks,
Adam
Hi Adam,
Is your problem resolved or still getting issues?
What Authentication scheme you are using? If using Basic, then there is an issue with Basic authentication scheme, after applying BP02 and BP03 patch.
It’s manual work around is to make some entries in Basic authentication scheme on OAMCONSOLE as mentioned below and it will work.
1. Access OAM Console from a browser by going to the OAM Admin URL. (Eg: http://:/oamconsole )
Make sure the Admin server is up
2. Click on ‘Policy Configuration’
3. Double click on ‘BasicScheme’ from the section ‘Authentication Schemes’
4. Update this scheme based on the below parameters:
Add the following to the text field called ‘Challenge Parameters’:
contextType=default
contextValue=/oam
challenge_url=/CredCollectServlet/BASIC
and apply the changes.
Hope it will work for you as well !!!
Hi,
Will this patch permit us to install Oracle Forms and Reports 11g R2 with SSO without any problem; Because I am facing this bug :
Bug 14053429 : FORMS 11.1.2.0.0 UNABLE TO CONNECT TO OAM 11.1.1.5.0BP02.
Did you try to installa F&R 11gR2 with SSO and get this problem ?
Regards,
Amine
Reply
Hi Atul,
How can I determine which version of OAM and OIM have been installed on server?
Thanks,
Reply @ vihangastik,
For 11gR1 onwards of IAM (OAM/OIM) – Login to server on whoch OAM/OIM is installed and then run “opatch lsinventory”
$ORACLE_HOME/OPatch/opatch lsinventory
This will give you base version and patch number installed on top. Path numbers will give you patchset version.
Reply