OIM 11g: Beware if you are applying WebLogic patch !

OIM is a J2EE application deployed on Oracle WebLogic Server (prior to OIM 11g, you could deploy OIM on any J2EE complaint Application Server like Web Sphere, iAS, TomCat etc). From OIM 11g onwards, WebLogic Server is mandatory and only supported application server.

WebLogic 10.3.5 is mandatory for OIM 11gR1 i.e. 11.1.1.3 and 11.1.1.5 where as for OIM 11gR2 (11.1.2) you can deploy on WebLogic 10.3.6 or 10.3.5 version.

I recently integrated OIM 11g with OEM 12c to monitor OIM application where OEM 12c reported compliance issue where OEM 12c. Fix for this compliance issue is to apply WebLogic patch 16088411 (10.3.5.0.7) . I applied WebLogic 10.3.5.0.7 patch (16088411 ), steps to apply WebLogic Patch 10.3.5.0.7 using bsu.sh in next post .

Note: From WebLogic 12.1.2 bsu.sh is being replaced by opatch

After applying WebLogic Patch 10.3.5.0.7, OIM application failed to start and error in OIM log is

_______________

<25-Oct-2013 11:59:49 o’clock UTC> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>

<25-Oct-2013 12:00:19 o’clock UTC> <Warning> <oracle.jps.upgrade> <JPS-06003> <Cannot migrate credential folder/key ADF/anonymous#oimBpelCredKey.Reason

oracle.security.jps.service.credstore.CredentialAlreadyExistsException: JPS-01007: The credential with map ADF and key anonymous#oimBpelCredKey already

exists..>

<25-Oct-2013 12:00:20 o’clock UTC> <Warning> <oracle.adf.share.ADFContext> <BEA-000000> <Automatically initializing a DefaultContext for getCurrent. Caller should ensure that a DefaultContext is proper for this use. Memory leaks and/or unexpected behaviour may occur if the automatic initialization is performed improperly. This message may be avoided by performing initADFContext before using getCurrent(). To see the stack trace for thread that is initializing this, set the logging level of oracle.adf.share.ADFContext to FINEST>

<25-Oct-2013 12:00:24 o’clock UTC> <Error> <Deployer> <BEA-149205> <Failed to initialize the application ‘oim [Version=11.1.1.3.0]’ due to error java.security.AccessControlException: access denied (oracle.security.jps. service.credstore. CredentialAccessPermission

context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword read). java.security. AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission

at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:496)

at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:519) Truncated. see log file for complete stacktrace

Caused By: java.security. AccessControlException: access denied (oracle.security.jps.service. credstore.CredentialAccessPermission

context=SYSTEM,mapName=oim,keyName=OIMSchemaPassword read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at oracle.security.jps.util.JpsAuth$ AuthorizationMechanism$3.checkPermission(JpsAuth.java:436) at oracle.security.jps.util.JpsAuth .checkPermission(JpsAuth.java:496)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:519) Truncated. see log file for complete stacktrace >

_________________

If you encounter this issue then grant read & write access to file:${wls.home}/../../patch_wls1035/patch_jars/* to class oracle.security.jps.service.credstore.CredentialAccessPermission and name context=SYSTEM,mapName=oim,keyName=* in OIM Domain’s $DOMAIN_HOME/config/fmwconfig/system-jazn-data.xml

Follow My Oracle Support 1478645.1 OIM Server Fails To Start After Applying WebLogic Patch

Note : system-jazn-data.xml is a policy store and I highly recommend you reading Andre Correa’s post on FusionSecurity blog.

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

OIM 11g: Beware if you are applying WebLogic patch !

About the Author Atul Kumar

Leave a Comment: