2 Replies Latest reply: Jan 16, 2013 10:57 AM by OldGuy RSS

    Is it possible to merge Webgate cwallets?

    OldGuy
      Have have 2 servers setup -- one primary... one in case of primary server failure. Although we have attempted to use the cloning documentation -- which evidently Oracle cannot even get to work -- we have a need to allow the second server to seemlessly take over the webgate responsibiliities in case of primary server failure. We have created identical 11g webgates on the 2 servers accessing the same protected resource.

      We are using a load balancer to determine if the primary is accessible and when it is not accessible will begin accessing the secondary. This works as required as long as we copy the cwallet.sso from the secondary server to the protected resource and restart opmnctl and WLS on the protected resource. This manual process is not acceptable to the clients -- this will also cause us to do this on any and all clients and protected resources that are tied to the OAM Server.

      Is there anyway of combining/merging the 2 cwallets into one? We have found Oracle documentation describing this process without success.

      The documents:
      http://docs.oracle.com/cd/E21764_01/core.1111/e10043/addlsecfea.htm#JISEC3638

      http://docs.oracle.com/cd/E12839_01/core.1111/e10043/csfadmin.htm#CACCFGFB

      Following these docs and executing the wlst.sh migrateSecurityStore returned an error:

      "jps-01051 credential audit events cannot be logged"

      Is there something we are missing?
        • 1. Re: Is it possible to merge Webgate cwallets?
          OldGuy
          We have also used the following to create the information needed for this procedure which we found in http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/oiconfigadmin.htm


          Merge the cwallet.sso file on Host 2 with the cwallet.sso file on Host 1 as follows:

          Copy cwallet.sso from Host 2 to Host 1.

          On Host 1 type

          # mkdir /tmp/oam /tmp/oic# cp <host>/cwallet.sso /tmp/oam # cp config/fmwconfig/cwallet.sso /tmp/oic

          Create file merge-creds.xml:

          <?xml version="1.0" encoding="UTF-8" standalone='yes'?>
          <jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd"
          schema-major-version="11" schema-minor-version="1">
          <serviceProviders>
          <serviceProvider
          class="oracle.security.jps.internal.credstore.ssp.SspCredentialStoreProvider"
          name="credstoressp" type="CREDENTIAL_STORE">
          <description>File-based credential provider</description>
          </serviceProvider>
          </serviceProviders>
          <serviceInstances>
          <!-- Source file-based credential store instance -->
          <serviceInstance location="/tmp/oam" provider="credstoressp"
          name="credential.file.source">
          </serviceInstance>
          <!-- Destination file-based credential store instance -->
          <serviceInstance location="/tmp/oic" provider="credstoressp"
          name="credential.file.destination">
          </serviceInstance>
          </serviceInstances>
          <jpsContexts>
          <jpsContext name="FileSourceContext">
          <serviceInstanceRef ref="credential.file.source"/>
          </jpsContext>
          <jpsContext name="FileDestinationContext">
          <serviceInstanceRef ref="credential.file.destination"/>
          </jpsContext>
          </jpsContexts>
          </jpsConfig>
          Set the path variable to include $MW_HOME/oracle_common/bin:$MW_HOME/oracle_common/common/bin

          Execute the command to merge the cwallet.sso files:

          # wlst.shwlst:/> migrateSecurityStore(type="credStore", configFile="/tmp/mergecreds.xml",src="FileSourceContext",dst="FileDestinationContext")
          Copy the merged file to config/fmwconfig:

          # cp /tmp/oic/cwallet.sso /scratch/kerwin/wls10/user_projects/domain/base_domain/cfnfig/fmwconfig
          Restart the OAM Server on Host 1.
          • 2. Re: Is it possible to merge Webgate cwallets?
            OldGuy
            After executing the command:

            wls:/offline> migrateSecurityStore(type="credStore", configFile="/opt/IrsamInstall/merge-creds.xml", src="FileSourceContext",dst="FileDestinationContext")
            Command FAILED, Reason: JPS-01051: Credential audit events cannot be logged. Reason oracle.security.jps.service.audit.AuditException

            Traceback (innermost last):
            File "<console>", line 1, in ?
            File "/opt/oracle/product/fmw2/oracle_common/common/wlst/jpsWlstCmd.py", line 935, in migrateSecurityStore
            File "/opt/oracle/product/fmw2/oracle_common/common/wlst/jpsWlstCmd.py", line 907, in migrateSecurityStoreImpl
            at oracle.security.jps.internal.credstore.util.CsfUtil.isEventLoggable(CsfUtil.java:729)
            at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.getMapNames(SspCredentialStore.java:369)
            at oracle.security.jps.internal.tools.utility.source.migrate.JpsMigSourceCred.getDataToMigrate(JpsMigSourceCred.java:108)
            at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstCredential.migrateStore(JpsDstCredential.java:116)
            at oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstCredential.migrateData(JpsDstCredential.java:110)
            at oracle.security.jps.internal.tools.utility.destination.JpsDsts.migrateData(JpsDsts.java:88)
            at oracle.security.jps.internal.tools.utility.JpsUtility.migrateData(JpsUtility.java:72)
            at oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl.migrateCredentialData(JpsUtilMigrationCredImpl.java:78)
            at oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl.migrateCredentialData(JpsUtilMigrationCredImpl.java:64)
            at oracle.security.jps.tools.utility.JpsUtilMigrationTool.executeCommand(JpsUtilMigrationTool.java:176)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)

            oracle.security.jps.service.credstore.CredStoreException: oracle.security.jps.service.credstore.CredStoreException: JPS-01051: Credential audit events cannot be logged. Reason oracle.security.jps.service.audit.AuditException
            wls: