Oracle Identity Manager (OIM) Provides assigning Proxy to some other user so that when a user is on leave or out of office, user can delegated task/approvals to someone else.
On Adding Proxy, users were getting error “The add proxy operation for user [user_name] failed with following error oracle. bpel. services. workflow. client. workflowServiceClientException javax.xml.ws.WebServiceException could not determine wsdl ports”
When you assign Proxy in OIM 11g, request is fulfilled by SOA server (SOA server is mandatory in OIM 11g). If you hit this error first thing to check is that SOA server is running and there are no errors in SOA server log file. In my case SOA server was running and there were no errors related to SOA service /soa-infra (STATE of deployment soa-infra in WebLogic Console was ACTIVE )
Message reported in OIM server out file was
_____
<24-Mar-2013 20:47:50 o’clock UTC> <Error> <oracle.iam.configservice.impl> <IAM-3020003> <The attribute PROXY_NAME does not exist!>
<24-Mar-2013 20:47:50 o’clock UTC> <Warning> <oracle.iam.selfservice.self.agentry> <BEA-000000> <IAM-3045001>
<24-Mar-2013 20:47:51 o’clock UTC> <Error> <oracle.iam.identity.usermgmt.impl> <IAM-3050062> <Failed setting proxy in BPEL. The operation will be rolled back.>
_____
Message reported in OIM Diagnostics log file was
_____
[2013-03-24T20:47:50.722+00:00] [WLS_OIM2] [NOTIFICATION] [IAM-1010010] [oracle.iam.platform.authz.impl] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: 004qB7DDy4I7u1W5Lzl3ie00053X000M4O,0:1] [APP: oim#11.1.1.3.0] [URI: /oim/faces/pages/Self.jspx] ********** Entering the Authorization Segment with parameters:: LoggedInUserId = 30, target resourceID = null, Feature = SELF_SERVICE_USER_MANAGEMENT, Action = MODIFY_SELF_USER_PROXY_PROFILE **********
[2013-03-24T20:47:50.722+00:00] [WLS_OIM2] [NOTIFICATION] [IAM-1010033] [oracle.iam.platform.authz.impl] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: 004qB7DDy4I7u1W5Lzl3ie00053X000M4O,0:1] [APP: oim#11.1.1.3.0] [URI: /oim/faces/pages/Self.jspx] OES Results are not found in cache with Key F: SELF_SERVICE_USER_MANAGEMENTS: 30P: MODIFY_SELF_USER_PROXY_PROFILEOESDefinition
[2013-03-24T20:47:51.696+00:00] [WLS_OIM2] [ERROR] [IAM-3050062] [oracle.iam.identity.usermgmt.impl] [tid: [ACTIVE].ExecuteThread: ‘1’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: 004qB7DDy4I7u1W5Lzl3ie00053X000M4O,0:1] [APP: oim#11.1.1.3.0] [URI: /oim/faces/pages/Self.jspx] Failed setting proxy in BPEL. The operation will be rolled back.
_____
Here are some of the questions that came to my mind while troubleshooting this issue
How OIM knows which SOA server to connect (Where is SOA server URL defined in OIM) ?
What user OIM server uses to connect to SOA Server ?
Where is password stored for this user (used to connect to SOA server) ?
_____
SOA URL is defined in OIM’s Application Defined MBEAN (oracle.iam -> Server: <oim_server_name>, Application: oim -> XMLConfig -> Config -> XML.Config.SOAConfig -> SOAConfig)
Root Cause : In my case SOA URL ( defined by SoapURL property) was not reachable from OIM server (blocked by firewall).
Related/References