0 Replies Latest reply on Feb 12, 2013 2:33 AM by 908144

    Exception Using Generate Metadata in OIF

      I am conducting some initial tests using OIF version on a WebLogic 10.3.5 domain on LINUX which is also configured with SOA Suite Attempting to use the Generate Metadata button to export Identity Provider and Service Provider data inside the Fusion console (http://myhost.mydomain.com:9001/em ) is generating the following error:

      ####<Feb 10, 2013 7:34:16 PM CST> <Error> <HTTP> <myhost.mydomain.com> <admin> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <fd994b6845794ae9:771e4863:13cc5cd01eb:-8000-0000000000005df0> <1360546456910> <BEA-101020> <[ServletContext@403238802[app:oif module:/fed path:/fed spec-version:2.5 version:]] Servlet failed with Exception java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=OIF,keyName=userldappassword read)
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)

      In plain language, the error is saying that the oif application requires a CSF map named OIF to be present with an entry granting read access to the userldappassword entry in the WebLogic security realm's CSF. That permission isn't present so the retrieval fails and the metadata cannot be exported. Strangely, whatever write access needed by the oif app is present because any changes to Security Provider or Identity Provider data is saved and retained between WebLogic domain restarts.

      I've reviewed the installation steps for OIF and a few tips on various blogs and cannot find any reference to special scripts that should have been executed to add these permissions to the WebLogic domain's security realm and CSF stuff. I've attempted to manually add the OIF map to the domain's Credentials then add that userldappassword key and it seems to appear successfully in the map but still doesn't fix the problem.

      Also, I found references to issues with running OIF in the same domain as SOA due to conflicts with $ORACLE_HOME. The fix for that is to manually copy all of the files in $IDM_ORACLE_HOME/fed/scripts into the WebLogic binary installation's directory at $WL_HOME/common/wlst and append $IDM_ORACLE_HOME/fed/scripts to the $CLASSPATH. That didn't fix this particular problem however.

      Thanks for any help.