On January 27th, this site will be read-only as we migrate to Oracle Forums for an improved community experience. You will not be able to initiate activity until January 30th, when you will be able to use this site as normal.

    Forum Stats

  • 3,889,584 Users
  • 2,269,760 Discussions
  • 7,916,784 Comments

Discussions

WebCenter Spaces managed server error: JPS-01520: Cannot initialize identity store, cause: oracle.se

Rafael Augusto Gomez Tellez
Rafael Augusto Gomez Tellez Member Posts: 37
edited Oct 28, 2015 10:22AM in WebLogic Portal

WebCenter Portal 11.1.1.9.2 was installed on a single node and configured using External LDAP Base JPS policy Sotre with OID 11.1.1.7 and Oracle Access Manager 11.1.2.2.0 for Single Sign-On.

During WebCenter Portal managed server startup (and all the other managed servers, Portlet, Collaboration, Utilities, etc) the following error is registered in the log files:

<Oct 26, 2015 10:35:32 AM COT> <Warning> <oracle.jps.idmgmt> <JPS-01520> <Cannot initialize identity store, cause: oracle.security.idm.ConfigurationException: Failed to connect to directory. Check configuration information..> 
<Oct 26, 2015 10:35:32 AM COT> <Error> <oracle.adf.mbean.share.connection.ConnectionsHelper> <BEA-000000> <Failed to get credentials for alias ADF and connection name PageletConnection
java.lang.RuntimeException: java.security.PrivilegedActionException: oracle.security.jps.service.idstore.IdentityStoreException: JPS-01520: Cannot initialize identity store, cause: oracle.security.idm.ConfigurationException: Failed to connect to directory. Check configuration information..
  at oracle.adf.share.security.providers.jps.JpsUtil.getDefaultIdentityStore(JpsUtil.java:386)
  at oracle.adf.share.security.providers.jps.JpsUtil.getDefaultIdentityStore(JpsUtil.java:363)
  at oracle.adf.share.security.providers.jps.JpsUtil.getUserUniqueIdentifier(JpsUtil.java:272)
  at oracle.adf.share.security.providers.jps.JpsUtil.getUserUniqueIdentifier(JpsUtil.java:233)
  at oracle.adf.share.security.providers.jps.CSFCredentialStore.getCurrentUserUniqueID(CSFCredentialStore.java:1253)
  at oracle.adf.share.security.providers.jps.CSFCredentialStore.fetchCredential(CSFCredentialStore.java:489)
  at oracle.adf.share.security.providers.jps.CSFCredentialStore.fetchCredential(CSFCredentialStore.java:653)
  at oracle.adf.share.security.credentialstore.CredentialStore.fetchCredential(CredentialStore.java:187)
  at oracle.adf.mbean.share.connection.ConnectionsHelper.getCredentials(ConnectionsHelper.java:208)
  at oracle.adf.mbean.share.connection.ReferenceHelper.getCredentials(ReferenceHelper.java:334)
  at oracle.adf.mbean.share.connection.ReferenceHelper.createReference(ReferenceHelper.java:299)
  at oracle.adf.mbean.share.connection.ConnectionsRuntimeMXBeanImpl.registerBean(ConnectionsRuntimeMXBeanImpl.java:499)
  at oracle.adf.mbean.share.connection.ConnectionsRuntimeMXBeanImpl.createConnection(ConnectionsRuntimeMXBeanImpl.java:577)
  at oracle.adf.mbean.share.connection.ConnectionsRuntimeMXBeanImpl.configObjectReloaded(ConnectionsRuntimeMXBeanImpl.java:778)
  at oracle.adf.mbean.share.connection.ConnectionsRuntimeMXBeanImpl.postRegister(ConnectionsRuntimeMXBeanImpl.java:1089)
  at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.doPostRegister(OracleStandardEmitterMBean.java:556)
  at oracle.adf.mbean.share.AdfMBeanInterceptor.internalPostRegister(AdfMBeanInterceptor.java:223)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.as.jmx.framework.generic.spi.interceptors.DefaultMBeanInterceptor.internalPostRegister(DefaultMBeanInterceptor.java:87)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.security.jps.ee.jmx.JpsJmxInterceptor$4.run(JpsJmxInterceptor.java:605)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:464)
  at oracle.security.jps.ee.jmx.JpsJmxInterceptor.internalPostRegister(JpsJmxInterceptor.java:622)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.as.jmx.framework.generic.spi.interceptors.DefaultMBeanInterceptor.internalPostRegister(DefaultMBeanInterceptor.java:87)
  at oracle.as.jmx.framework.generic.spi.interceptors.ContextClassLoaderMBeanInterceptor.internalPostRegister(ContextClassLoaderMBeanInterceptor.java:167)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.as.jmx.framework.generic.spi.interceptors.DefaultMBeanInterceptor.internalPostRegister(DefaultMBeanInterceptor.java:87)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.postRegister(OracleStandardEmitterMBean.java:521)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.postRegister(DefaultMBeanServerInterceptor.java:1024)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerDynamicMBean(DefaultMBeanServerInterceptor.java:974)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerObject(DefaultMBeanServerInterceptor.java:900)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerMBean(DefaultMBeanServerInterceptor.java:324)
  at com.sun.jmx.mbeanserver.JmxMBeanServer.registerMBean(JmxMBeanServer.java:522)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$27.run(WLSMBeanServerInterceptorBase.java:714)
  at java.security.AccessController.doPrivileged(Native Method)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.registerMBean(WLSMBeanServerInterceptorBase.java:709)
  at weblogic.management.mbeanservers.internal.JMXContextInterceptor.registerMBean(JMXContextInterceptor.java:445)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$27.run(WLSMBeanServerInterceptorBase.java:712)
  at java.security.AccessController.doPrivileged(Native Method)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.registerMBean(WLSMBeanServerInterceptorBase.java:709)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServer.registerMBean(WLSMBeanServer.java:462)
  at oracle.as.jmx.framework.wls.spi.security.PrivilegedMBeanServerInterceptor$1.run(PrivilegedMBeanServerInterceptor.java:55)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at oracle.as.jmx.framework.wls.spi.security.PrivilegedMBeanServerInterceptor.registerMBean(PrivilegedMBeanServerInterceptor.java:60)
  at oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack.contextInitialized(ADFConnectionLifeCycleCallBack.java:111)
  at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:481)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:181)
  at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1871)
  at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3173)
  at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1527)
  at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:486)
  at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
  at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
  at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
  at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
  at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
  at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
  at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
  at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
  at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:80)
  at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:187)
  at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:379)
  at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
  at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
  at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
  at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
  at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
  at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
  at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
  at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
  at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: java.security.PrivilegedActionException: oracle.security.jps.service.idstore.IdentityStoreException: JPS-01520: Cannot initialize identity store, cause: oracle.security.idm.ConfigurationException: Failed to connect to directory. Check configuration information..
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.adf.share.security.providers.jps.JpsUtil.getDefaultIdentityStore(JpsUtil.java:381)
  at oracle.adf.share.security.providers.jps.JpsUtil.getDefaultIdentityStore(JpsUtil.java:363)
  at oracle.adf.share.security.providers.jps.JpsUtil.getUserUniqueIdentifier(JpsUtil.java:272)
  at oracle.adf.share.security.providers.jps.JpsUtil.getUserUniqueIdentifier(JpsUtil.java:233)
  at oracle.adf.share.security.providers.jps.CSFCredentialStore.getCurrentUserUniqueID(CSFCredentialStore.java:1253)
  at oracle.adf.share.security.providers.jps.CSFCredentialStore.fetchCredential(CSFCredentialStore.java:489)
  at oracle.adf.share.security.providers.jps.CSFCredentialStore.fetchCredential(CSFCredentialStore.java:653)
  at oracle.adf.share.security.credentialstore.CredentialStore.fetchCredential(CredentialStore.java:187)
  at oracle.adf.mbean.share.connection.ConnectionsHelper.getCredentials(ConnectionsHelper.java:208)
  at oracle.adf.mbean.share.connection.ReferenceHelper.getCredentials(ReferenceHelper.java:334)
  at oracle.adf.mbean.share.connection.ReferenceHelper.createReference(ReferenceHelper.java:299)
  at oracle.adf.mbean.share.connection.ConnectionsRuntimeMXBeanImpl.registerBean(ConnectionsRuntimeMXBeanImpl.java:499)
  at oracle.adf.mbean.share.connection.ConnectionsRuntimeMXBeanImpl.createConnection(ConnectionsRuntimeMXBeanImpl.java:577)
  at oracle.adf.mbean.share.connection.ConnectionsRuntimeMXBeanImpl.configObjectReloaded(ConnectionsRuntimeMXBeanImpl.java:778)
  at oracle.adf.mbean.share.connection.ConnectionsRuntimeMXBeanImpl.postRegister(ConnectionsRuntimeMXBeanImpl.java:1089)
  at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.doPostRegister(OracleStandardEmitterMBean.java:556)
  at oracle.adf.mbean.share.AdfMBeanInterceptor.internalPostRegister(AdfMBeanInterceptor.java:223)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.as.jmx.framework.generic.spi.interceptors.DefaultMBeanInterceptor.internalPostRegister(DefaultMBeanInterceptor.java:87)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.security.jps.ee.jmx.JpsJmxInterceptor$4.run(JpsJmxInterceptor.java:605)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:464)
  at oracle.security.jps.ee.jmx.JpsJmxInterceptor.internalPostRegister(JpsJmxInterceptor.java:622)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.as.jmx.framework.generic.spi.interceptors.DefaultMBeanInterceptor.internalPostRegister(DefaultMBeanInterceptor.java:87)
  at oracle.as.jmx.framework.generic.spi.interceptors.ContextClassLoaderMBeanInterceptor.internalPostRegister(ContextClassLoaderMBeanInterceptor.java:167)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.as.jmx.framework.generic.spi.interceptors.DefaultMBeanInterceptor.internalPostRegister(DefaultMBeanInterceptor.java:87)
  at oracle.as.jmx.framework.generic.spi.interceptors.AbstractMBeanInterceptor.doPostRegister(AbstractMBeanInterceptor.java:204)
  at oracle.as.jmx.framework.standardmbeans.spi.OracleStandardEmitterMBean.postRegister(OracleStandardEmitterMBean.java:521)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.postRegister(DefaultMBeanServerInterceptor.java:1024)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerDynamicMBean(DefaultMBeanServerInterceptor.java:974)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerObject(DefaultMBeanServerInterceptor.java:900)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerMBean(DefaultMBeanServerInterceptor.java:324)
  at com.sun.jmx.mbeanserver.JmxMBeanServer.registerMBean(JmxMBeanServer.java:522)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$27.run(WLSMBeanServerInterceptorBase.java:714)
  at java.security.AccessController.doPrivileged(Native Method)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.registerMBean(WLSMBeanServerInterceptorBase.java:709)
  at weblogic.management.mbeanservers.internal.JMXContextInterceptor.registerMBean(JMXContextInterceptor.java:445)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$27.run(WLSMBeanServerInterceptorBase.java:712)
  at java.security.AccessController.doPrivileged(Native Method)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.registerMBean(WLSMBeanServerInterceptorBase.java:709)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServer.registerMBean(WLSMBeanServer.java:462)
  at oracle.as.jmx.framework.wls.spi.security.PrivilegedMBeanServerInterceptor$1.run(PrivilegedMBeanServerInterceptor.java:55)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at oracle.as.jmx.framework.wls.spi.security.PrivilegedMBeanServerInterceptor.registerMBean(PrivilegedMBeanServerInterceptor.java:60)
  at oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack.contextInitialized(ADFConnectionLifeCycleCallBack.java:111)
  at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:481)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:181)
  at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1871)
  at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3173)
  at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1527)
  at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:486)
  at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
  at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
  at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
  at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
  at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
  at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
  at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
  at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
  at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
  at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
  at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:80)
  at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:187)
  at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:379)
  at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
  at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
  at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
  at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:261)
  at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:220)
  at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
  at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
  at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
  at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

OID contains all users an group membership, and can be browsed correctly using ODSM.

Users cannot login to WebCenter Portal, or any other of the domain's application because JPS store does not gets initialized.

However, the JPS store does gets initialized for the Admin Server, users and group membership can be browse using the Security Realms -> users and groups window at the weblogic console.

A few days ago, users logged in to webcenter content were not asigned any role.

WebCenter content domain's Admin server stars fine, and JPS store is initialized correctly, users and group membership can be seen at the Security Realms -> users and groups window at the weblogic console.

WCP-weblogic_usersandgroups.png

This error started to appear a few days ago, before that, everything was normal, and users could log in to webcenter portal and get group membership from OID and privileges from de JPS LDAP store.

Servers werer started first, using Nodemanager script to start Admin server, and after the Admin Server started, weblogic console was used to start the managed servers.

Is ther a way to debug JPS Store initialization?

Best Answer

  • Rafael Augusto Gomez Tellez
    Rafael Augusto Gomez Tellez Member Posts: 37
    edited Oct 28, 2015 10:22AM Answer ✓

    Hello Amey

    The flag for OAM ID Asserter is needed for single sign on functionality, either way, the problem, appears to be with communication to the DNS server, that makes a delay that could be verified using traceroute and ping commands.

    This delay was causing the connection error to OID server during JPS initialization.

    As a workaround, thefully qualified hostname for OID server was configured manually at /etc/hosts file. After this change, JPS could be initialized correctly.

    Howerver the log doesn't shows any timeout or any other exception during the initialziation, which made the diagnostic difficult to get.

    Thanks for your assistance.

Answers

  • amey g
    amey g Member Posts: 2,631 Gold Trophy
    edited Oct 26, 2015 1:45PM

    Hello,

    If it is related to Jdeloper please check below details.

    1. Go to integrated WLS console
    2. Click on Environment > Servers > Default Server > Set the Listen Address to 127.0.0.1 or localhost.
    3. Restart the integrated WLS
    4. Retest the issue

    Are you using Webcenter and IDM in same domain.

    When you have the following authentication providers in the same domain then you are hitting this issue:

    • default-authenticator (DefaultAuthenticator)
    • oam-identity-asserter (OAM ID Asserter)
    • oracle-internet-directory-authenticator (OIDAuthenticator)
    • default-identity-asserter (DefaultIdentityAsserter)
    • oam-servlet-authentication-filter-ia-provider (IAMSuiteAgent)
    • oim-authentication-provider (OIMAuthenticationProvider)

    Please check below bug

    It is not supported to have IDM (Identity Management) and WebCenter in the same domain.

    Bug 12768426 - JPS-01520 CANNOT INITIALIZE IDENTITY STORE WHEN LOGIN TO WEBCENTER.

    Thanks,

    Amey

  • Rafael Augusto Gomez Tellez
    Rafael Augusto Gomez Tellez Member Posts: 37
    edited Oct 26, 2015 3:17PM

    Hi Amey

    1- Every weblogic server for webcenter portal domain has it's own Listen address, which are mappet to Virtual IP on the server host

    WCP_DM_ServerListenaddresses.png

    2- IDM and WebCenter Portal are installed in sepparate domains and FMW Homes, as per the enterprise deployment guide for webcenter portal suggests. Authentication providers for WebCenter Portal were configuring according to the Single Sign-on Guide for webcenter Portal and are as follows:

    WCP_DM_SecurityProviders.png

    I don't think the bug applies.

    Thanks for your assistance

  • amey g
    amey g Member Posts: 2,631 Gold Trophy
    edited Oct 26, 2015 10:59PM

    Hello Rafeal,

    Just basic test..

    1- Please check nslookup and ping from webcenter spaces server.

    2- Are you set control flag properly in weblogic admin console under security releam.

    Thanks.

    Amey

  • Rafael Augusto Gomez Tellez
    Rafael Augusto Gomez Tellez Member Posts: 37
    edited Oct 27, 2015 10:23AM

    Hello Amey

    Basic testing works

    1- nslookup and ping resolve oid address and every weblogic server's listen address for the webcenter portal domain, altough ping to OID is a little bit slow, will try to use direct IP connection to OID for the JPS store and see if the problem is the trace route for the DNS Server

    2- Control flag for identity providers are correctly configured according to the Single Sig-On guide using OAM for WebCenter Portal and are as follows:

    - OAM ID Asserter: REQUIRED

    - OIDAuthenticator: SUFFICIENT

    - DefaultAuthenticator: SUFFICIENT

    With this configuration, webcenter portal was working fine, up to a few days ago.

    Thanks for your assistance

  • amey g
    amey g Member Posts: 2,631 Gold Trophy
    edited Oct 27, 2015 11:04PM

    Hello,

    Please change OAM ID Asserter control flag to sufficient and then restart all server. Again retest the issue.

    Thanks,
    Amey

    Rafael Augusto Gomez Tellez
  • Rafael Augusto Gomez Tellez
    Rafael Augusto Gomez Tellez Member Posts: 37
    edited Oct 28, 2015 10:22AM Answer ✓

    Hello Amey

    The flag for OAM ID Asserter is needed for single sign on functionality, either way, the problem, appears to be with communication to the DNS server, that makes a delay that could be verified using traceroute and ping commands.

    This delay was causing the connection error to OID server during JPS initialization.

    As a workaround, thefully qualified hostname for OID server was configured manually at /etc/hosts file. After this change, JPS could be initialized correctly.

    Howerver the log doesn't shows any timeout or any other exception during the initialziation, which made the diagnostic difficult to get.

    Thanks for your assistance.

This discussion has been closed.