This discussion is archived
6 Replies Latest reply: Aug 8, 2012 1:29 PM by sid - oracle RSS

Having issue with OEG (11.1.1.6.1) and OES (11.1.1.5) integration

886080 Newbie
Currently Being Moderated
Hi,

I have installed latest OEG release (11.1.1.6) and OES 11.1.1.5, followed the instructions in the OEG and OES integration guide to create a policy that delegates authorization to OES through OES 11g Authorization filter.
Before testing the OEG policy, I created a OES11g authorization policy on OES Admin Server, and used a simple Java application to invoke authorization decisions successfully. But when testing the OEG policy from Service Explorer, I got the an error, and below is the trace stack:


DATA     3/19/12 17:49:15.186     trace transaction

...

DEBUG     3/19/12 17:49:15.186     add header Host:localhost:8080
DEBUG     3/19/12 17:49:15.186     add header Authorization:Basic d2VibG9naWM6d2VsY29tZTE=
DEBUG     3/19/12 17:49:15.186     add header SOAPAction:"http://startvbdotnet.com/web/Add"
DEBUG     3/19/12 17:49:15.186     add header User-Agent:Gateway
DEBUG     3/19/12 17:49:15.186     incoming content-length: 344
DEBUG     3/19/12 17:49:15.186     add header Connection:close
DEBUG     3/19/12 17:49:15.186     add header X-CorrelationID:Id-854f5ea44f67a9db01190000 1
DEBUG     3/19/12 17:49:15.186     add header Content-Type:text/xml; charset="utf-8"
DEBUG     3/19/12 17:49:15.186     Incoming HTTP request: method=POST, host=(unset), port=(unset), path=/, query=(unset), version=1.1
DATA     3/19/12 17:49:15.186     Firewall resolved uri '/' against '/'
DATA     3/19/12 17:49:15.186     Firewall failed to resolve uri '/' against '/healthcheck'
DEBUG     3/19/12 17:49:15.186     using handler at /
DEBUG     3/19/12 17:49:15.186     Adding MessageListener: com.vordel.circuit.FilterPathTracker@f0f11b8
DEBUG     3/19/12 17:49:15.186     Adding MessageListener: com.vordel.reporting.rtm.RealtimeMonitoring$1$1@70c7c57c
DEBUG     3/19/12 17:49:15.187     handle type text/xml with factory class com.vordel.mime.XMLBody$Factory
DEBUG     3/19/12 17:49:15.187     Adding MessageListener: com.vordel.dwe.http.HTTPMessageListener@5200089
DEBUG     3/19/12 17:49:15.187     Circuit reference [Global Request Policy] is not enabled - ignoring
DEBUG     3/19/12 17:49:15.187     Circuit reference [Custom Request Policy] is not enabled - ignoring
DEBUG     3/19/12 17:49:15.187     Circuit reference [Path Specific Policy] valid and enabled - calling
DEBUG     3/19/12 17:49:15.188     run circuit "OES11g Authorization "...
DEBUG     3/19/12 17:49:15.188     run filter [HTTP Basic] {
DEBUG     3/19/12 17:49:15.188     VordelRepository.checkCredentials: username=weblogic
DEBUG     3/19/12 17:49:15.188     } = 1, filter [HTTP Basic]
DEBUG     3/19/12 17:49:15.188     Filter [HTTP Basic] completes in 0 milliseconds.
DEBUG     3/19/12 17:49:15.188     run filter [11g Authorization] {
DEBUG     3/19/12 17:49:15.188     creating subject from 'weblogic'
DEBUG     3/19/12 17:49:15.197     checking 'write' to resource: HelloOESworld/MyResourceType/MyResource
DEBUG     3/19/12 17:49:15.262     parsing XML body from input stream of type sun.net.www.protocol.jar.JarURLConnection$JarURLInputStream. ContentSource is of type java InputStream
DATA     3/19/12 17:49:15.263     getting class javax.xml.xpath.XPath with classLoader.loadClass()
DATA     3/19/12 17:49:15.263     loaded class javax.xml.xpath.XPath
DATA     3/19/12 17:49:15.263     getting class javax.xml.xpath.XPathConstants with classLoader.loadClass()
DATA     3/19/12 17:49:15.263     loaded class javax.xml.xpath.XPathConstants
DATA     3/19/12 17:49:15.263     getting class javax.xml.namespace.QName with classLoader.loadClass()
DATA     3/19/12 17:49:15.263     loaded class javax.xml.namespace.QName
DEBUG     3/19/12 17:49:15.277     parsing XML body from input stream of type java.io.FileInputStream. ContentSource is of type java InputStream
DATA     3/19/12 17:49:15.278     getting class javax.xml.namespace.NamespaceContext with classLoader.loadClass()
DATA     3/19/12 17:49:15.279     loaded class javax.xml.namespace.NamespaceContext
DEBUG     3/19/12 17:49:15.744     parsing XML body from input stream of type sun.net.www.protocol.jar.JarURLConnection$JarURLInputStream. ContentSource is of type java InputStream
DEBUG     3/19/12 17:49:15.774     parsing XML body from input stream of type sun.net.www.protocol.jar.JarURLConnection$JarURLInputStream. ContentSource is of type java InputStream
DEBUG     3/19/12 17:49:15.845     } = 2, filter [11g Authorization]
DEBUG     3/19/12 17:49:15.845     Filter [11g Authorization] completes in 657 milliseconds.
DEBUG     3/19/12 17:49:15.845     ..."OES11g Authorization " complete.
DATA     3/19/12 17:49:15.846     getting class com.vordel.reporting.rtm.api.MetricTypeRangeCount with classLoader.loadClass()
DATA     3/19/12 17:49:15.846     loaded class com.vordel.reporting.rtm.api.MetricTypeRangeCount
DATA     3/19/12 17:49:15.847     getting class java.lang.Throwable with classLoader.loadClass()
DATA     3/19/12 17:49:15.847     loaded class java.lang.Throwable
DATA     3/19/12 17:49:15.848     getting class com.vordel.system.NativeOutputStream with classLoader.loadClass()
DATA     3/19/12 17:49:15.849     loaded class com.vordel.system.NativeOutputStream
DATA     3/19/12 17:49:15.849     getting class com.vordel.system.NativeOutputStream with classLoader.loadClass()
DATA     3/19/12 17:49:15.849     loaded class com.vordel.system.NativeOutputStream
DATA     3/19/12 17:49:15.849     getting class java.io.PrintStream with classLoader.loadClass()
DATA     3/19/12 17:49:15.849     loaded class java.io.PrintStream
ERROR     3/19/12 17:49:15.850     java exception running circuit: java.lang.RuntimeException: oracle.security.jps.service.policystore.PolicyStoreException: JPS-10619: Failed to initialize cipher for local cache encryption/decryption. at oracle.security.jps.az.internal.runtime.encryption.CipherServiceFactory.getService(CipherServiceFactory.java:61) at oracle.security.jps.az.internal.runtime.pd.receiver.UpdatePolicySet.initCipherService(UpdatePolicySet.java:211) at oracle.security.jps.az.internal.runtime.pd.receiver.UpdatePolicySet.<init>(UpdatePolicySet.java:139) at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initializeControlledPD(PDPServiceImpl.java:296) at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initial(PDPServiceImpl.java:368) at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.<init>(PDPServiceImpl.java:268) at oracle.security.jps.az.internal.runtime.provider.PDPServiceProvider.getInstance(PDPServiceProvider.java:89) at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139) at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170) at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191) at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132) at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:159) at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:165) at oracle.security.jps.openaz.pep.PepRequestFactoryImpl.<init>(PepRequestFactoryImpl.java:123) at oracle.security.jps.openaz.pep.PepRequestFactoryImpl.getPepRequestFactory(PepRequestFactoryImpl.java:113) at com.vordel.circuit.oracle.oeseleveng.OES11GAuthZProcessor.invoke(OES11GAuthZProcessor.java:76) at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:154) at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:43) at com.vordel.circuit.InvocationEngine.processMessage(InvocationEngine.java:229) at com.vordel.circuit.SyntheticCircuitChainProcessor.invoke(SyntheticCircuitChainProcessor.java:36) at com.vordel.dwe.http.HTTPPlugin.invokeDispose(HTTPPlugin.java:290) at com.vordel.dwe.http.HTTPPlugin.invoke(HTTPPlugin.java:131) Caused by: oracle.security.jps.service.policystore.PolicyStoreException: JPS-10619: Failed to initialize cipher for local cache encryption/decryption. at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.retrieveRawKey(AESCipherImpl.java:140) at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.getKey(AESCipherImpl.java:184) at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.<init>(AESCipherImpl.java:87) at oracle.security.jps.az.internal.runtime.encryption.CipherServiceFactory.getService(CipherServiceFactory.java:59) ... 21 more
DEBUG     3/19/12 17:49:15.850     add header Content-Type:text/plain
DEBUG     3/19/12 17:49:15.850     add header Server:
DEBUG     3/19/12 17:49:15.850     send prologue: content length -1
DEBUG     3/19/12 17:49:15.850     peer can do chunking
DEBUG     3/19/12 17:49:15.850     add header Transfer-Encoding:chunked
DEBUG     3/19/12 17:49:15.850     reused connection 0x2b72480 1 times
...

Am I missing something? Please help.
  • 1. Re: Having issue with OEG (11.1.1.6.1) and OES (11.1.1.5) integration
    882069 Explorer
    Currently Being Moderated
    Can you make sure that you are running with the latest OES client installation and patches on the machine running OEG.
    I have seen this error before and it required a patch to OES client to support strong crypto.

    Thanks.
  • 2. Re: Having issue with OEG (11.1.1.6.1) and OES (11.1.1.5) integration
    886080 Newbie
    Currently Being Moderated
    Thanks for the information. I will download the patch and give it a try.
  • 3. Re: Having issue with OEG (11.1.1.6.1) and OES (11.1.1.5) integration
    Sriram Ravikumar Newbie
    Currently Being Moderated
    Hello,

    I too am facing the same error. The environment details are as follows:
    OS: Win2k8 64 bit
    OEG: 11.1.1.6.1
    OES: 11.1.1.5
    OES Client: 11.1.1.5

    I have also applied the patch 12917515 to OES (both server and client). This patch contains 2 sub-folders [APM and OES]. I have installed the OES sub-folder patch only.

    Steps: I followed the steps as mentioned in OEG-OES 11g integration guide: http://www.oracle.com/technetwork/middleware/id-mgmt/oes11g-integration-guide-1520074.pdf

    Note: Instead of using a HTTP Basic filter, I set the "authentication.subject.id" attribute manually and then call "OES 11g Authorization" filter.

    Issue,
    The following exception is thrown when the authorization filter runs,

    java exception running circuit: java.lang.RuntimeException: oracle.security.jps.service.policystore.PolicyStoreException: JPS-10619: Failed to initialize cipher for local cache encryption/decryption. at oracle.security.jps.az.internal.runtime.encryption.CipherServiceFactory.getService(CipherServiceFactory.java:61) at oracle.security.jps.az.internal.runtime.pd.receiver.UpdatePolicySet.initCipherService(UpdatePolicySet.java:211) at oracle.security.jps.az.internal.runtime.pd.receiver.UpdatePolicySet.<init>(UpdatePolicySet.java:139) at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initializeControlledPD(PDPServiceImpl.java:296) at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initial(PDPServiceImpl.java:368) at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.<init>(PDPServiceImpl.java:268) at oracle.security.jps.az.internal.runtime.provider.PDPServiceProvider.getInstance(PDPServiceProvider.java:89) at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139) at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170) at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191) at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132) at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:159) at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:165) at oracle.security.jps.openaz.pep.PepRequestFactoryImpl.<init>(PepRequestFactoryImpl.java:123) at oracle.security.jps.openaz.pep.PepRequestFactoryImpl.getPepRequestFactory(PepRequestFactoryImpl.java:113) at com.vordel.circuit.oracle.oeseleveng.OES11GAuthZProcessor.invoke(OES11GAuthZProcessor.java:76) at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:154) at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:43) at com.vordel.circuit.InvocationEngine.processMessage(InvocationEngine.java:229) at com.vordel.circuit.SyntheticCircuitChainProcessor.invoke(SyntheticCircuitChainProcessor.java:36) at com.vordel.dwe.http.HTTPPlugin.invokeDispose(HTTPPlugin.java:290) at com.vordel.dwe.http.HTTPPlugin.invoke(HTTPPlugin.java:131) Caused by: oracle.security.jps.service.policystore.PolicyStoreException: JPS-10619: Failed to initialize cipher for local cache encryption/decryption. at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.retrieveRawKey(AESCipherImpl.java:140) at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.getKey(AESCipherImpl.java:184) at oracle.security.jps.az.internal.runtime.encryption.AESCipherImpl.<init>(AESCipherImpl.java:87) at oracle.security.jps.az.internal.runtime.encryption.CipherServiceFactory.getService(CipherServiceFactory.java:59) ... 21 more


    Is there any other patch required to make OEG work with OES 11g ? How to resolve this error ?
    Any help will be greatly appreciated.

    Regards.
  • 4. Re: Having issue with OEG (11.1.1.6.1) and OES (11.1.1.5) integration
    888550 Newbie
    Currently Being Moderated
    For the time being, OES11g/OEG11g integration requires some patches to be applied.
    On retriever some integration, installation guides have been posted with the patches.
    There is also a VirtualBox image ready to be used to work with or to demonstrate this integration.
    <internal URL removed>

    My 2 cts
    Patrice
  • 5. Re: Having issue with OEG (11.1.1.6.1) and OES (11.1.1.5) integration
    Sriram Ravikumar Newbie
    Currently Being Moderated
    Hello Patrice,

    The link below, as you suggested, is not working,

    <internal URL removed>


    Regards.
  • 6. Re: Having issue with OEG (11.1.1.6.1) and OES (11.1.1.5) integration
    sid - oracle Newbie
    Currently Being Moderated
    As Patrice has mentioned, a recently released OES 11g patch towards strong crypto support is missing in your environment. It should be available as an OES patch this week, if it's not already there (*REDACTED* is an oracle internal link). Please get in touch with your Oracle point of contact (or drop me a note - sid.mishra@oracle.com), for the same.

    Thanks
    Sid

    Edited by: sid on Mar 26, 2012 10:32 PM

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points