1 Reply Latest reply: Apr 26, 2012 8:53 AM by LeylaDah RSS

    Error while logging to OIM11g

    LeylaDah
      Hello experts,

      after deploying in WLS a simple java class just to test the login functionality, I'm not anymore able to access to OIM logging through the user form, while I'm still able to login through SSO.

      When I try to login I get the following error into the log:


      +<Apr 26, 2012 9:54:55 AM CEST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to /OIM/opt/oracle/middleware/user_projects/domains/oim_domain/servers/oim_server1/logs/oim_server1.log00861. Log messages will continue to be logged in /OIM/opt/oracle/middleware/user_projects/domains/oim_domain/servers/oim_server1/logs/oim_server1.log.>+
      +<Apr 26, 2012 9:55:04 AM CEST> <Error> <XELLERATE.ACCOUNTMANAGEMENT> <BEA-000000> <Class/Method: tcDefaultDBEncryptionImpl/initKeyStore encounter some problems: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=oim,keyName=.xldatabasekey read)+
      java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=oim,keyName=.xldatabasekey read)
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
      at java.security.AccessController.checkPermission(AccessController.java:546)
      at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:436)
      at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:496)
      at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:519)
      at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:611)
      at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.containsCredential(SspCredentialStore.java:299)
      at oracle.iam.platform.utils.config.OIMPrivilegedExceptionAction.run(CSFCredentialProvider.java:205)
      at java.security.AccessController.doPrivileged(Native Method)
      at oracle.iam.platform.utils.config.CSFCredentialProvider.getPassword(CSFCredentialProvider.java:75)
      at oracle.iam.platform.utils.config.standalone.StandAloneCryptoConfig.getPassword(StandAloneCryptoConfig.java:80)
      at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.initKeyStore(tcDefaultDBEncryptionImpl.java:67)
      at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.getCipher(tcDefaultDBEncryptionImpl.java:96)
      at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.encrypt(tcDefaultDBEncryptionImpl.java:193)
      at com.thortech.xl.crypto.tcCryptoUtil.encrypt(tcCryptoUtil.java:118)
      at com.thortech.xl.crypto.tcCryptoUtil.encrypt(tcCryptoUtil.java:275)
      at oracle.iam.platform.auth.impl.Authenticator.encrypt(Authenticator.java:185)
      at oracle.iam.platform.auth.impl.Authenticator.authenticateWithPassword(Authenticator.java:160)
      at oracle.iam.platform.auth.impl.Authenticator.authenticate(Authenticator.java:133)
      at oracle.iam.platform.auth.providers.wls.OIMAuthLoginModule.login(OIMAuthLoginModule.java:44)
      at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
      at java.security.AccessController.doPrivileged(Native Method)
      at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
      at sun.reflect.GeneratedMethodAccessor576.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:579)

      and..

      +<Apr 26, 2012 9:55:04 AM CEST> <Error> <OIM Authenticator> <BEA-000000> <Error encrypting password>+
      javax.security.auth.login.LoginException: Error encrypting password com.thortech.xl.crypto.tcCryptoException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=oim,keyName=.xldatabasekey read)
      at oracle.iam.platform.auth.impl.Authenticator.encrypt(Authenticator.java:189)
      at oracle.iam.platform.auth.impl.Authenticator.authenticateWithPassword(Authenticator.java:160)
      at oracle.iam.platform.auth.impl.Authenticator.authenticate(Authenticator.java:133)
      at oracle.iam.platform.auth.providers.wls.OIMAuthLoginModule.login(OIMAuthLoginModule.java:44)
      at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
      at java.security.AccessController.doPrivileged(Native Method)
      at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
      at sun.reflect.GeneratedMethodAccessor576.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
      at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)


      I did reference to the following topic:

      Unable to login to OIM 11g admin console
      OIM 11g - Unable to login into OIM Administrative and User console

      but none of them resulted useful, we both check into the file system the files that may be with the wrong access rights, we also applied the metalink node "1327577.1", but we got no good result.
      We undeployed the jar that we think gave us this problem, we also removed it from the WLS cache, we restarted the server, we restarted the machine, but the situation is still the same.

      Do you have any idea?


      Thanks for your help