6 Replies Latest reply: Aug 8, 2012 3:29 PM by sid - oracle RSS

    Having issue with OEG (11.1.1.6.1) and OES (11.1.1.5) integration

    user938887
      Hi,

      I have installed latest OEG release (11.1.1.6) and OES 11.1.1.5, followed the instructions in the OEG and OES integration guide to create a policy that delegates authorization to OES through OES 11g Authorization filter.
      Before testing the OEG policy, I created a OES11g authorization policy on OES Admin Server, and used a simple Java application to invoke authorization decisions successfully. But when testing the OEG policy from Service Explorer, I got the an error, and below is the trace stack:


      DATA     3/19/12 17:49:15.186     trace transaction

      ...

      DEBUG     3/19/12 17:49:15.186     add header Host:localhost:8080
      DEBUG     3/19/12 17:49:15.186     add header Authorization:Basic d2VibG9naWM6d2VsY29tZTE=
      DEBUG     3/19/12 17:49:15.186     add header SOAPAction:"http://startvbdotnet.com/web/Add"
      DEBUG     3/19/12 17:49:15.186     add header User-Agent:Gateway
      DEBUG     3/19/12 17:49:15.186     incoming content-length: 344
      DEBUG     3/19/12 17:49:15.186     add header Connection:close
      DEBUG     3/19/12 17:49:15.186     add header X-CorrelationID:Id-854f5ea44f67a9db01190000 1
      DEBUG     3/19/12 17:49:15.186     add header Content-Type:text/xml; charset="utf-8"
      DEBUG     3/19/12 17:49:15.186     Incoming HTTP request: method=POST, host=(unset), port=(unset), path=/, query=(unset), version=1.1
      DATA     3/19/12 17:49:15.186     Firewall resolved uri '/' against '/'
      DATA     3/19/12 17:49:15.186     Firewall failed to resolve uri '/' against '/healthcheck'
      DEBUG     3/19/12 17:49:15.186     using handler at /
      DEBUG     3/19/12 17:49:15.186     Adding MessageListener: com.vordel.circuit.FilterPathTracker@f0f11b8
      DEBUG     3/19/12 17:49:15.186     Adding MessageListener: com.vordel.reporting.rtm.RealtimeMonitoring$1$1@70c7c57c
      DEBUG     3/19/12 17:49:15.187     handle type text/xml with factory class com.vordel.mime.XMLBody$Factory
      DEBUG     3/19/12 17:49:15.187     Adding MessageListener: com.vordel.dwe.http.HTTPMessageListener@5200089
      DEBUG     3/19/12 17:49:15.187     Circuit reference [Global Request Policy] is not enabled - ignoring
      DEBUG     3/19/12 17:49:15.187     Circuit reference [Custom Request Policy] is not enabled - ignoring
      DEBUG     3/19/12 17:49:15.187     Circuit reference [Path Specific Policy] valid and enabled - calling
      DEBUG     3/19/12 17:49:15.188     run circuit "OES11g Authorization "...
      DEBUG     3/19/12 17:49:15.188     run filter [HTTP Basic] {
      DEBUG     3/19/12 17:49:15.188     VordelRepository.checkCredentials: username=weblogic
      DEBUG     3/19/12 17:49:15.188     } = 1, filter [HTTP Basic]
      DEBUG     3/19/12 17:49:15.188     Filter [HTTP Basic] completes in 0 milliseconds.
      DEBUG     3/19/12 17:49:15.188     run filter [11g Authorization] {
      DEBUG     3/19/12 17:49:15.188     creating subject from 'weblogic'
      DEBUG     3/19/12 17:49:15.197     checking 'write' to resource: HelloOESworld/MyResourceType/MyResource
      DEBUG     3/19/12 17:49:15.262     parsing XML body from input stream of type sun.net.www.protocol.jar.JarURLConnection$JarURLInputStream. ContentSource is of type java InputStream
      DATA     3/19/12 17:49:15.263     getting class javax.xml.xpath.XPath with classLoader.loadClass()
      DATA     3/19/12 17:49:15.263     loaded class javax.xml.xpath.XPath
      DATA     3/19/12 17:49:15.263     getting class javax.xml.xpath.XPathConstants with classLoader.loadClass()
      DATA     3/19/12 17:49:15.263     loaded class javax.xml.xpath.XPathConstants
      DATA     3/19/12 17:49:15.263     getting class javax.xml.namespace.QName with classLoader.loadClass()
      DATA     3/19/12 17:49:15.263     loaded class javax.xml.namespace.QName
      DEBUG     3/19/12 17:49:15.277     parsing XML body from input stream of type java.io.FileInputStream. ContentSource is of type java InputStream
      DATA     3/19/12 17:49:15.278     getting class javax.xml.namespace.NamespaceContext with classLoader.loadClass()
      DATA     3/19/12 17:49:15.279     loaded class javax.xml.namespace.NamespaceContext
      DEBUG     3/19/12 17:49:15.744     parsing XML body from input stream of type sun.net.www.protocol.jar.JarURLConnection$JarURLInputStream. ContentSource is of type java InputStream
      DEBUG     3/19/12 17:49:15.774     parsing XML body from input stream of type sun.net.www.protocol.jar.JarURLConnection$JarURLInputStream. ContentSource is of type java InputStream
      DEBUG     3/19/12 17:49:15.845     } = 2, filter [11g Authorization]
      DEBUG     3/19/12 17:49:15.845     Filter [11g Authorization] completes in 657 milliseconds.
      DEBUG     3/19/12 17:49:15.845     ..."OES11g Authorization " complete.
      DATA     3/19/12 17:49:15.846     getting class com.vordel.reporting.rtm.api.MetricTypeRangeCount with classLoader.loadClass()
      DATA     3/19/12 17:49:15.846     loaded class com.vordel.reporting.rtm.api.MetricTypeRangeCount
      DATA     3/19/12 17:49:15.847     getting class java.lang.Throwable with classLoader.loadClass()
      DATA     3/19/12 17:49:15.847     loaded class java.lang.Throwable
      DATA     3/19/12 17:49:15.848     getting class com.vordel.system.NativeOutputStream with classLoader.loadClass()
      DATA     3/19/12 17:49:15.849     loaded class com.vordel.system.NativeOutputStream
      DATA     3/19/12 17:49:15.849     getting class com.vordel.system.NativeOutputStream with classLoader.loadClass()
      DATA     3/19/12 17:49:15.849     loaded class com.vordel.system.NativeOutputStream
      DATA     3/19/12 17:49:15.849     getting class java.io.PrintStream with classLoader.loadClass()
      DATA     3/19/12 17:49:15.849     loaded class java.io.PrintStream
      ERROR     3/19/12 17:49:15.850     java exception running circuit: java.lang.RuntimeException: oracle.security.jps.service.policystore.PolicyStoreException: JPS-10619: Failed to initialize cipher for local cache encryption/decryption. at oracle.security.jps.az.internal.runtime.encryption.CipherServiceFactory.getService(CipherServiceFactory.java:61) at oracle.security.jps.az.internal.runtime.pd.receiver.UpdatePolicySet.initCipherService(UpdatePolicySet.java:211) at oracle.security.jps.az.internal.runtime.pd.receiver.UpdatePolicySet.<init>(UpdatePolicySet.java:139) at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initializeControlledPD(PDPServiceImpl.java:296) at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initial(PDPServiceImpl.java:368) at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.<init>(PDPServiceImpl.java:268) at oracle.security.jps.az.internal.runtime.provider.PDPServiceProvider.getInstance(PDPServiceProvider.java:89) at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139) at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170) at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191) at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132) at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:159) at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:165) at oracle.security.jps.openaz.pep.PepRequestFactoryImpl.<init>(PepRequestFactoryImpl.java:123) at oracle.security.jps.openaz.pep.PepRequestFactoryImpl.getPepRequestFactory(PepRequestFactoryImpl.java:113) at com.vordel.circuit.oracle.oeseleveng.OES11GAuthZProcessor.invoke(OES11GAuthZProcessor.java:76) at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:154) at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:43) at com.vordel.circuit.InvocationEngine.processMessage(InvocationEngine.java:229) at com.vordel.circuit.SyntheticCircuitChainProcessor.invoke(SyntheticCircuitChainProcessor.java:36) at com.vordel.dwe.http.HTTPPlugin.invokeDispose(HTTPPlugin.java:290) at com.vordel.dwe.http.HTTPPlugin.invoke(HTTPPlugin.java:131) Caused by: oracle.security.jps.service.policystore.PolicyStoreException: JPS-10619: Failed to initialize cipher for local cache encryption/decryption. at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.retrieveRawKey(AESCipherImpl.java:140) at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.getKey(AESCipherImpl.java:184) at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.<init>(AESCipherImpl.java:87) at oracle.security.jps.az.internal.runtime.encryption.CipherServiceFactory.getService(CipherServiceFactory.java:59) ... 21 more
      DEBUG     3/19/12 17:49:15.850     add header Content-Type:text/plain
      DEBUG     3/19/12 17:49:15.850     add header Server:
      DEBUG     3/19/12 17:49:15.850     send prologue: content length -1
      DEBUG     3/19/12 17:49:15.850     peer can do chunking
      DEBUG     3/19/12 17:49:15.850     add header Transfer-Encoding:chunked
      DEBUG     3/19/12 17:49:15.850     reused connection 0x2b72480 1 times
      ...

      Am I missing something? Please help.
        • 1. Re: Having issue with OEG (11.1.1.6.1) and OES (11.1.1.5) integration
          882069
          Can you make sure that you are running with the latest OES client installation and patches on the machine running OEG.
          I have seen this error before and it required a patch to OES client to support strong crypto.

          Thanks.
          • 2. Re: Having issue with OEG (11.1.1.6.1) and OES (11.1.1.5) integration
            user938887
            Thanks for the information. I will download the patch and give it a try.
            • 3. Re: Having issue with OEG (11.1.1.6.1) and OES (11.1.1.5) integration
              Sriram Ravikumar
              Hello,

              I too am facing the same error. The environment details are as follows:
              OS: Win2k8 64 bit
              OEG: 11.1.1.6.1
              OES: 11.1.1.5
              OES Client: 11.1.1.5

              I have also applied the patch 12917515 to OES (both server and client). This patch contains 2 sub-folders [APM and OES]. I have installed the OES sub-folder patch only.

              Steps: I followed the steps as mentioned in OEG-OES 11g integration guide: http://www.oracle.com/technetwork/middleware/id-mgmt/oes11g-integration-guide-1520074.pdf

              Note: Instead of using a HTTP Basic filter, I set the "authentication.subject.id" attribute manually and then call "OES 11g Authorization" filter.

              Issue,
              The following exception is thrown when the authorization filter runs,

              java exception running circuit: java.lang.RuntimeException: oracle.security.jps.service.policystore.PolicyStoreException: JPS-10619: Failed to initialize cipher for local cache encryption/decryption. at oracle.security.jps.az.internal.runtime.encryption.CipherServiceFactory.getService(CipherServiceFactory.java:61) at oracle.security.jps.az.internal.runtime.pd.receiver.UpdatePolicySet.initCipherService(UpdatePolicySet.java:211) at oracle.security.jps.az.internal.runtime.pd.receiver.UpdatePolicySet.<init>(UpdatePolicySet.java:139) at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initializeControlledPD(PDPServiceImpl.java:296) at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initial(PDPServiceImpl.java:368) at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.<init>(PDPServiceImpl.java:268) at oracle.security.jps.az.internal.runtime.provider.PDPServiceProvider.getInstance(PDPServiceProvider.java:89) at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139) at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170) at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191) at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132) at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:159) at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:165) at oracle.security.jps.openaz.pep.PepRequestFactoryImpl.<init>(PepRequestFactoryImpl.java:123) at oracle.security.jps.openaz.pep.PepRequestFactoryImpl.getPepRequestFactory(PepRequestFactoryImpl.java:113) at com.vordel.circuit.oracle.oeseleveng.OES11GAuthZProcessor.invoke(OES11GAuthZProcessor.java:76) at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:154) at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:43) at com.vordel.circuit.InvocationEngine.processMessage(InvocationEngine.java:229) at com.vordel.circuit.SyntheticCircuitChainProcessor.invoke(SyntheticCircuitChainProcessor.java:36) at com.vordel.dwe.http.HTTPPlugin.invokeDispose(HTTPPlugin.java:290) at com.vordel.dwe.http.HTTPPlugin.invoke(HTTPPlugin.java:131) Caused by: oracle.security.jps.service.policystore.PolicyStoreException: JPS-10619: Failed to initialize cipher for local cache encryption/decryption. at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.retrieveRawKey(AESCipherImpl.java:140) at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.getKey(AESCipherImpl.java:184) at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.<init>(AESCipherImpl.java:87) at oracle.security.jps.az.internal.runtime.encryption.CipherServiceFactory.getService(CipherServiceFactory.java:59) ... 21 more


              Is there any other patch required to make OEG work with OES 11g ? How to resolve this error ?
              Any help will be greatly appreciated.

              Regards.
              • 4. Re: Having issue with OEG (11.1.1.6.1) and OES (11.1.1.5) integration
                888550
                For the time being, OES11g/OEG11g integration requires some patches to be applied.
                On retriever some integration, installation guides have been posted with the patches.
                There is also a VirtualBox image ready to be used to work with or to demonstrate this integration.
                <internal URL removed>

                My 2 cts
                Patrice
                • 5. Re: Having issue with OEG (11.1.1.6.1) and OES (11.1.1.5) integration
                  Sriram Ravikumar
                  Hello Patrice,

                  The link below, as you suggested, is not working,

                  <internal URL removed>


                  Regards.
                  • 6. Re: Having issue with OEG (11.1.1.6.1) and OES (11.1.1.5) integration
                    sid - oracle
                    As Patrice has mentioned, a recently released OES 11g patch towards strong crypto support is missing in your environment. It should be available as an OES patch this week, if it's not already there (*REDACTED* is an oracle internal link). Please get in touch with your Oracle point of contact (or drop me a note - sid.mishra@oracle.com), for the same.

                    Thanks
                    Sid

                    Edited by: sid on Mar 26, 2012 10:32 PM