1 2 Previous Next 16 Replies Latest reply on May 29, 2016 11:36 PM by handat

    double login problem for OAM Ps3 console

    2882235

      Hello All

       

      Recently upgraded from OAM PS2 to OAM PS3.

      When trying to access oamconsole, we are seeing two login prompts - I assume one of weblogic and other actual oamconsole page.

      We are using ODSEE as the System and Default Identity Store.

      In steps towards solving the problem - I changed the order of Identity providers multiple ways, but it didn't resolve.

      changed the flag from 'SUFFICIENT' to 'REQUIRED' and vice versa in different configurations, but nothing worked.

       

      Can somebody please help me what is going wrong here?.

       

      Some logs from Admin Server diagnostic log file are -

       

      [2016-05-20T10:14:50.114-05:00] [AdminServer] [WARNING] [] [oracle.adf.view.page.editor.event.EventManager] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: user1] [ecid: c314453068939ee0:-1c89348:154cabc17f6:-8000-0000000000000652,0] [APP: oam_admin#11.1.2.0.0] [DSID: 0000LJEioUY3v1xMwAV^6G1NFYFT00000G] An error occurred while dispatching 'navigate' event in the event handler 'oracle.adfinternal.view.page.editor.contextual.event.EventHandler'.

      [2016-05-20T10:14:50.115-05:00] [AdminServer] [WARNING] [] [oracle.adf.view.page.editor.event.EventManager] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: user1] [ecid: c314453068939ee0:-1c89348:154cabc17f6:-8000-0000000000000652,0] [APP: oam_admin#11.1.2.0.0] [DSID: 0000LJEioUY3v1xMwAV^6G1NFYFT00000G] Resolve the error caused by the event handler or contact Oracle Support Services for assistance.

      [2016-05-20T10:14:50.126-05:00] [AdminServer] [WARNING] [] [oracle.adfinternal.view.faces.renderkit.rich.NavigationPaneRenderer] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: user1] [ecid: c314453068939ee0:-1c89348:154cabc17f6:-8000-0000000000000652,0] [APP: oam_admin#11.1.2.0.0] [DSID: 0000LJEioUY3v1xMwAV^6G1NFYFT00000G] Warning: There are no items to render for this level

       

       

      I am working on this problem from two days, but nothing is getting resovled.

        • 1. Re: double login problem for OAM Ps3 console
          2882235

          Adding to this, only with user 'weblogic' we are directly able to login with no double logins.But we do not see the OAM console page, but we see weblogic login page.

           

          For all the other users, we are seeing double login.

          • 2. Re: double login problem for OAM Ps3 console
            handat

            Make sure you change all the providers being used to SUFFICIENT.

            What is OAM integrated with? Where are your admin users stored? If you have the IAMSuiteAgent configured as a provider and a separate LDAP store (not the embedded one) configured for your admin user, then remove the IAMSuiteAgent provider.

            • 3. Re: double login problem for OAM Ps3 console
              2882235

              Thank You handat for your reply.

              OAM is not integrated with anything.

              Admin users are stored in ODSEE (both system store and default store).

              • 4. Re: double login problem for OAM Ps3 console
                2882235

                handat - I cannot make all the providers as SUFFICIENT - because the admin server is not restarting and it needs atleast one provider to have REQUIRED set. In my case, I am setting DefaultAuthenticator as REQUIRED.

                • 5. Re: double login problem for OAM Ps3 console
                  2882235

                  Any one any idea please?

                  • 6. Re: double login problem for OAM Ps3 console
                    Haythem.ElKhouly

                    You can do from config.xml under $Domain_Home/config but first take backup from this file

                    • 7. Re: double login problem for OAM Ps3 console
                      2882235

                      Hi Hathyem

                       

                      I did all the providers to SUFFICIENT , but still facing the problem of double login except for weblogic user.

                      • 8. Re: double login problem for OAM Ps3 console
                        handat

                        Not true, they can be all SUFFICIENT. Is the weblogic user the only one that you have tested that is in the embedded ldap? Did you remove the IAMSuite provider?

                        • 9. Re: double login problem for OAM Ps3 console
                          2882235

                          I made all the Providers as SUFFICIENT but still face the problem of two logins.

                           

                          I tried for other users also, but I see the same problem except for weblogic user.

                           

                          and I did not delete the IAMSuite provider, is that required?

                          • 10. Re: double login problem for OAM Ps3 console
                            handat

                            So the weblogic user is the only user who is only in the embedded ldap and not in ODSEE?

                            What is your order for the providers? Make sure your LDAP provider is first and either remove the IAMSuite provider or move it to the very bottom.

                            • 11. Re: double login problem for OAM Ps3 console
                              2882235

                              No, the weblogic user is also in ODSEE. And I also changed the password of weblogic user to check if it is really checking ODSEE and it worked.

                               

                               

                              The order of the providers are - LDAP provider, DefaultAuthenticator, DefaultAsserter and IAMSuiteAgent.

                              But still it doesn't work and I see the double login problem.

                               

                               

                              And you told me to keep all the proivders as SUFFICIENT, but if the DefaultAuthenticator is SUFFICIENT, my AdminServer is not starting and I see the following error in Admin.out file -

                               

                               

                              <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-00056: Failed to create identity store service instance idstore.ldap.provider:idstore.ldap. Reason: oracle.security.jps.JpsRuntimeException: JPS-00027: There was an internal error: You configured a generic WLS LDAPAuthenticator.

                              The identity store type cannot be determined. Please choose an LDAP Authentication provider that matches your LDAP server.

                              weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-00056: Failed to create identity store service instance idstore.ldap.provider:idstore.ldap. Reason: oracle.security.jps.JpsRuntimeException: JPS-00027: There was an internal error: You configured a generic WLS LDAPAuthenticator.

                              The identity store type cannot be determined. Please choose an LDAP Authentication provider that matches your LDAP server.

                                      at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)

                                      at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)

                                      at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)

                                      at weblogic.security.SecurityService.start(SecurityService.java:141)

                                      at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)

                                      Truncated. see log file for complete stacktrace

                              Caused By: oracle.security.jps.JpsRuntimeException: JPS-00056: Failed to create identity store service instance idstore.ldap.provider:idstore.ldap. Reason: oracle.security.jps.JpsRuntimeException: JPS-00027: There was an internal error: You configured a generic WLS LDAPAuthenticator.

                              The identity store type cannot be determined. Please choose an LDAP Authentication provider that matches your LDAP server.

                                      at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:190)

                                      at oracle.security.jps.internal.policystore.TenantJavaPolicyProvider.<init>(TenantJavaPolicyProvider.java:161)

                                      at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:306)

                                      at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:279)

                                      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

                                      Truncated. see log file for complete stacktrace

                              • 12. Re: double login problem for OAM Ps3 console
                                handat

                                That doesn't look right. OPSS should be loaded from the database instead of LDAP. Did you reassociate it?

                                • 13. Re: double login problem for OAM Ps3 console
                                  2882235

                                  When I upgraded from PS2 to PS3, I followed the steps from oracle doc - https://docs.oracle.com/cd/E52734_01/core/IAMUP/common_tasks.htm#IAMUP4183 Section 23.1.7 and it was successfully done.

                                  • 14. Re: double login problem for OAM Ps3 console
                                    handat

                                    What is your default and system store in oamconsole?

                                    1 2 Previous Next