Skip Headers
Oracle® Fusion Middleware Release Notes
11g Release 2 (11.1.2)

Part Number E35820-05
Go to Documentation Home
Home
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

4 Oracle Identity Management Administration

This chapter describes issues associated with Oracle Product. It includes the following topics:

4.1 General Issues and Workarounds

This section describes general issue and workarounds. It includes the following topic:

4.1.1 Clarification About Path for OPMN

OPMN provides the opmnctl command. The executable file is located in the following directories:

  • ORACLE_HOME/opmn/bin/opmnctl: The opmnctl command from this location should be used only to create an Oracle instance or a component for an Oracle instance on the local system. Any opmnctl commands generated from this location should not be used to manage system processes or to start OPMN.

    On Windows, if you start OPMN using the opmnctl start command from this location, OPMN and its processes will terminate when the Windows user has logged out.

  • ORACLE_INSTANCE/bin/opmnctl: The opmnctl command from this location provides a per Oracle instance instantiation of opmnctl. Use opmnctl commands from this location to manage processes for this Oracle instance. You can also use this opmnctl to create components for the Oracle instance.

    On Windows, if you start OPMN using the opmnctl start command from this location, it starts OPMN as a Windows service. As a result, the OPMN parent process, and the processes which it manages, persist after the MS Windows user has logged out.

4.1.2 Fusion Middleware Control May Return Error in Mixed IPv6 and IPv4 Environment

If your environment contains both IPv6 and IPv4 network protocols, Fusion Middleware Control may return an error in certain circumstances.

If the browser that is accessing Fusion Middleware Control is on a host using the IPv4 protocol, and selects a control that accesses a host using the IPv6 protocol, Fusion Middleware Control will return an error. Similarly, if the browser that is accessing Fusion Middleware Control is on a host using the IPv6 protocol, and selects a control that accesses a host using the IPv4 protocol, Fusion Middleware Control will return an error.

For example, if you are using a browser that is on a host using the IPv4 protocol and you are using Fusion Middleware Control, Fusion Middleware Control returns an error when you navigate to an entity that is running on a host using the IPv6 protocol, such as in the following situations:

  • From the Oracle Internet Directory home page, you select Directory Services Manager from the Oracle Internet Directory menu. Oracle Directory Services Manager is running on a host using the IPv6 protocol.

  • From a Managed Server home page, you click the link for Oracle WebLogic Server Administration Console, which is running on IPv6.

  • You test Web Services endpoints, which are on a host using IPv6.

  • You click an application URL or Java application which is on a host using IPv6.

To work around this issue, you can add the following entry to the /etc/hosts file:

nnn.nn.nn.nn  myserver-ipv6 myserver-ipv6.example.com

In the example, nnn.nn.nn.nn is the IPv4 address of the Administration Server host, myserver.example.com.

4.1.3 Limitations in Moving from Test to Production

Note the following limitations in moving from test to production:

  • If your environment includes Oracle WebLogic Server which you have upgraded from one release to another (for example from 10.3.4 to 10.3.5), the pasteConfig scripts fails with the following error:

    Oracle_common_home/bin/unpack.sh line29:
    WL_home/common/bin/unpack.sh No such file or directory
    

    To work around this issue, edit the following file:

    MW_HOME/utils/uninstall/WebLogic_Platform_10.3.5.0/WebLogic_Server_10.3.5.0_Core_Application_Server.txt file
    

    Add the following entries:

    /wlserver_10.3/server/lib/unix/nodemanager.sh
    /wlserver_10.3/common/quickstart/quickstart.cmd
    /wlserver_10.3/common/quickstart/quickstart.sh
    /wlserver_10.3/uninstall/uninstall.cmd
    /wlserver_10.3/uninstall/uninstall.sh
    /utils/config/10.3/setHomeDirs.cmd
    /utils/config/10.3/setHomeDirs.sh
    
  • When you are moving Oracle Virtual Directory, the Oracle instance name in the source environment cannot be the same as the Oracle instance name in the target environment. The Oracle instance name in the target must be different than the name in the source.

  • After you move Oracle Virtual Directory from one host to another, you must add a self-signed certificate to the Oracle Virtual Directory keystore and EM Agent wallet on Host B. Take the following steps:

    1. Set the ORACLE_HOME and JAVA_HOME environment variables.

    2. Delete the existing self-signed certificate:

      $JAVA_HOME/bin/keytool -delete -alias serverselfsigned
        -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks
        -storepass OVD_Admin_password 
      
    3. Generate a key pair:

      $JAVA_HOME/bin/keytool -genkeypair
        -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks
        -storepass OVD_Admin_password -keypass OVD_Admin_password -alias serverselfsigned
        -keyalg rsa -dname "CN=Fully_qualified_hostname,O=test" 
      
    4. Export the certificate:

      $JAVA_HOME/bin/keytool -exportcert
        -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks
        -storepass OVD_Admin_password -rfc -alias serverselfsigned
        -file ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/ovdcert.txt 
      
    5. Add a wallet to the EM Agent:

      ORACLE_HOME/../oracle_common/bin/orapki wallet add
        -wallet ORACLE_INSTANCE/EMAGENT/EMAGENT/sysman/config/monwallet
        -pwd EM_Agent_Wallet_password -trusted_cert
        -cert ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/ovdcert.txt 
      
    6. Stop and start the Oracle Virtual Directory server.

    7. Stop and start the EM Agent.

  • The copyConfig operation fails if you are using IPv6 and the Managed Server listen address is not set.

    To work around this problem, set the Listen Address for the Managed Server in the Oracle WebLogic Server Administration Console. Navigate to the server. Then, on the Settings for server page, enter the Listen Address. Restart the Managed Servers.

  • When you are moving Oracle Platform Security and you are using an LDAP store, the LDAP store on the source environment must be running and it must be accessible from the target during the pasteConfig operation.

  • If you have configured WebGate with Oracle HTTP Server Release 11.1.1.6, you must apply the following patch to Oracle HTTP Server before you use the movement scripts:

    13897557
    

4.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

4.2.1 Configuring Fusion Middleware Control for Windows Native Authentication

To use Windows Native Authentication (WNA) as the single sign-on mechanism between Fusion Middleware Control and Oracle WebLogic Server Administration Console, you must make changes to the following files:

  • web.xml

  • weblogic.xml

These files are located in the em.ear file. You must explode the em.ear file, edit the files, then rearchive the em.ear file. Take the following steps (which assume that while the front end is on Windows, the em.ear file is on UNIX):

  1. Set the JAVA_HOME environment variable. For example:

    setenv JAVA_HOME /scratch/Oracle/Middleware/jrockit_160_05_R27.6.2-20 
    
  2. Change to the directory containing the em.ear, and explode the file. For example:

    cd /scratch/Oracle/Middleware/user_projects/applications/domain_name
    JAVA_HOME/bin/jar xvf em.ear em.war 
    JAVA_HOME/bin/jar xvf em.war WEB-INF/web.xml
    JAVA_HOME/bin/jar xvf em.war WEB-INF/weblogic.xml
    
  3. Edit web.xml, commenting out the first login-config block and uncommenting the login-config block for WNA. (The file contains information about which block to comment and uncomment.) When you have done this, the portion of the file will appear as in the following example:

    <!--<login-config>
         <auth-method>CLIENT-CERT</auth-method>
       </login-config>
    -->  
     <!--
      the following block is for Windows Native Authentication, if you are using
     WNA, do the following:
        1. uncomment the following block
        2. comment out the previous <login-config> section.
        3. you also need to uncomment a block in weblogic.xml
     -->
       <login-config>
         <auth-method>CLIENT-CERT,FORM</auth-method>
         <form-login-config>
           <form-login-page>/faces/targetauth/emasLogin</form-login-page>
           <form-error-page>/login/LoginError.jsp</form-error-page>
         </form-login-config>
       </login-config>
       <security-constraint>
     .
     .
     .
       <security-role>
         <role-name>Monitor</role-name>
       </security-role>
     
    
  4. Edit weblogic.xml, uncommenting the following block. (The file contains information about which block to uncomment.) When you have done this, the portion of the file will appear as in the following example:

    <!--
     the following block is for Windows Native Authentication, if you are using
     WNA, uncomment the following block.
     -->
      <security-role-assignment>
         <role-name>Admin</role-name>
         <externally-defined/>
       </security-role-assignment>
     .
     .
     .
       <security-role-assignment>
         <role-name>Deployer</role-name>
         <externally-defined/>
       </security-role-assignment>
    
  5. Rearchive the em.ear file. For example:

    JAVA_HOME/bin/jar uvf em.war WEB-INF/web.xml
    JAVA_HOME/bin/jar uvf em.war WEB-INF/weblogic.xml
    JAVA_HOME/bin/jar uvf em.ear em.war 
    

4.3 Documentation Errata

This section contains documentation errata and updates for the Oracle Fusion Middleware Administrator's Guide: