OIM 11g: Beware if you are applying WebLogic patch !
OIM is a J2EE application deployed on Oracle WebLogic Server (prior to OIM 11g, you could deploy OIM on any J2EE complaint Application Server like Web Sphere, iAS, TomCat etc). From OIM 11g onwards, WebLogic Server is mandatory and only supported application server.
WebLogic 10.3.5 is mandatory for OIM 11gR1 i.e. 11.1.1.3 and 11.1.1.5 where as for OIM 11gR2 (11.1.2) you can deploy on WebLogic 10.3.6 or 10.3.5 version.
I recently integrated OIM 11g with OEM 12c to monitor OIM application where OEM 12c reported compliance issue where OEM 12c. Fix for this compliance issue is to apply WebLogic patch 16088411 (10.3.5.0.7) . I applied WebLogic 10.3.5.0.7 patch (16088411 ), steps to apply WebLogic Patch 10.3.5.0.7 using bsu.sh in next post .
Note: From WebLogic 12.1.2 bsu.sh is being replaced by opatch
After applying WebLogic Patch 10.3.5.0.7, OIM application failed to start and error in OIM log is
_______________
<25-Oct-2013 11:59:49 o’clock UTC> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<25-Oct-2013 12:00:19 o’clock UTC> <Warning> <oracle.jps.upgrade> <JPS-06003> <Cannot migrate credential folder/key ADF/anonymous#oimBpelCredKey.Reason
oracle.security.jps.service.credstore.CredentialAlreadyExistsException: JPS-01007: The credential with map ADF and key anonymous#oimBpelCredKey already
exists..>
<25-Oct-2013 12:00:20 o’clock UTC> <Warning> <oracle.adf.share.ADFContext> <BEA-000000> <Automatically initializing a DefaultContext for getCurrent. Caller should ensure that a DefaultContext is proper for this use. Memory leaks and/or unexpected behaviour may occur if the automatic initialization is performed improperly. This message may be avoided by performing initADFContext before using getCurrent(). To see the stack trace for thread that is initializing this, set the logging level of oracle.adf.share.ADFContext to FINEST>
<25-Oct-2013 12:00:24 o’clock UTC> <Error> <Deployer> <BEA-149205> <Failed to initialize the application ‘oim [Version=11.1.1.3.0]’ due to error java.security.AccessControlException: access denied (oracle.security.jps. service.credstore. CredentialAccessPermission
context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword read). java.security. AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission
context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword read) at java.security.AccessControlContext. checkPermission(AccessControlContext.java:374) at java.security. AccessController.check Permission(AccessController.java:546) at oracle.security.jps.util.JpsAuth$ AuthorizationMechanism$3. checkPermission(JpsAuth.java:436)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:496)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:519) Truncated. see log file for complete stacktrace
Caused By: java.security. AccessControlException: access denied (oracle.security.jps.service. credstore.CredentialAccessPermission
context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at oracle.security.jps.util.JpsAuth$ AuthorizationMechanism$3.checkPermission(JpsAuth.java:436) at oracle.security.jps.util.JpsAuth .checkPermission(JpsAuth.java:496)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:519) Truncated. see log file for complete stacktrace >
_________________
If you encounter this issue then grant read & write access to file:${wls.home}/../../patch_wls1035/patch_jars/* to class oracle.security.jps.service.credstore.CredentialAccessPermission and name context=SYSTEM,mapName=oim,keyName=* in OIM Domain’s $DOMAIN_HOME/config/fmwconfig/system-jazn-data.xml
Follow My Oracle Support 1478645.1 OIM Server Fails To Start After Applying WebLogic Patch
Note : system-jazn-data.xml is a policy store and I highly recommend you reading Andre Correa’s post on FusionSecurity blog.