PK  artistName Oracle Corporation book-info cover-image-hash 361437896 cover-image-path OEBPS/dcommon/oracle-logo.jpg package-file-hash 158551704 publisher-unique-id E14773-55 unique-id 435436757 genre Oracle Documentation itemName Oracle® Fusion Middleware Release Notes for HP-UX Itanium, 11g Release 1 (11.1.1) releaseDate 2014-03-28T12:25:00Z year 2014 PKߑd_PK PKYuPK Oracle Business Intelligence Discoverer

29 Oracle Business Intelligence Discoverer

This chapter describes issues associated with Oracle Business Intelligence Discoverer. It includes the following topics:

29.1 General Issues

This section describes general issues that affect more than one Discoverer component. It includes the following topics:

29.1.1 Error while Accessing a Discoverer Menu Option in Enterprise Manager

In Enterprise Manager 11g Fusion Middleware Control, if you select the Catalog > Install from the Discoverer drop down menu, the following ADF error occurs:

ADFC-06003:EL expression
#{viewScope.general_info_dialog.model.regionBound}' for a region TaskFlowId
in binding 'genRegion' evaluated to null, a non-value must be specified" 

Workaround

Select Catalog > Manage from the Discoverer menu and then select Catalog > Install. The Install Catalog page appears without any error.

29.1.2 Issues with Metadata Repository and Oracle Database 10g Release 1

When using Oracle Database 10g Release 1 (10.1.x) for the Metadata Repository or after upgrading the Metadata Repository to Oracle Database 10g Release 1, you might see the following error on the Oracle BI Discoverer Plus Connection pages, the Oracle BI Discoverer Viewer Connection pages, and the Public Connection definition page in Fusion Middleware Control:

The connection list is currently unavailable.
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "ORASSO.WWSSO_API_PRIVATE," line 258
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "ORASSO.WWSSO_UTL" line 728
ORA-28231: no data passed to obfuscation toolkit
ORA-06512: at line 1 Unable to retrieve connection list

To resolve this issue, make the following changes in the Metadata Repository database:

  1. Edit the init%ORACLE_SID%.ora file. This file exists either in the dbs folder or the database folder. For example, in Windows, this file is located in the DB_install_home/database/ folder.

  2. Add the following line to this file:

    event="10946 trace name context forever, level 36"

  3. If an spfile%ORACLE_SID%.ora exists in either the dbs folder or the database folder, rename the file to spfile%ORACLE_SID%.bak. Changes to init%ORACLE_SID%.ora are not loaded if the database server finds an spfile.

  4. Log in as a sysadmin.

  5. At the SQL prompt, shut down then start up the database server.

  6. Restart the Oracle BI Discoverer server using the command opmnctl restartall.

29.1.3 Compatibility Issues with Required Support Files

The Oracle Database and other Oracle database client software (for example, SQL*Plus, the database export utility) use Oracle Required Support Files (RSF).

Oracle BI Discoverer also uses Oracle Required Support Files (RSF), specifically RSF version 11.1.0.7. This version of the Oracle Required Support Files is installed during Oracle BI Discoverer installation.

Note that the Required Support Files version 11.1.0.7 is incompatible with earlier versions of Oracle Database 10g. So if the machine on which you install Oracle BI Discoverer already has a version of Oracle Database 10g or database client software that is earlier than 11.1.0.7, there will be compatibility issues. For example, if you install Oracle BI Discoverer and attempt to run a version of SQL*Plus earlier than 11.1.0.7, then the following error is displayed:

ORA-12557 TNS: protocol adapter not loadable

To avoid the compatibility issues, upgrade Oracle Database 10g or database client software on the machine to the same version (11.1.0.7) as the version of the Required Support Files that were installed with Oracle BI Discoverer.

This issue does not exist for Oracle9i Database Server.

29.1.4 Serif Font Issue in Worksheets

You might notice unsightly font issues when using a non-English locale such as Czech. For example, when a worksheet uses a serif font, text in that worksheet might be displayed incorrectly on the screen and in printouts.

To work around this issue, update the file that maps the serif fonts. The name of this file differs depending on the locale in use. When you use Oracle BI Discoverer Plus Relational or Plus OLAP in English, the file is named file.properties. If you use Oracle BI Discoverer in a non-English locale, then the file name includes the code for the locale, such as file.properties.cs for Czech.

Update the mapping file with the following information:

serif.0=Times New Roman,EASTEUROPE_CHARSET serif.1=WingDings,SYMBOL_CHARSET,NEED_CONVERTED serif.2=Symbol,SYMBOL_CHARSET,NEED_CONVERTED

Consult the following Sun Web site for additional information about fonts:

http://java.sun.com/j2se/1.3/docs/guide/intl/addingfonts.html

29.1.5 Additional Fonts Required for Non-ASCII Data When Exporting to PDF

If you are running Oracle BI Discoverer Plus Relational or Plus OLAP on a Macintosh or Linux client machine, you must add the appropriate font files to your client machine to allow exported PDF files to display non-ASCII data correctly.

These font files include Albany fonts with names such as ALBANWTJ.TTF and ALBANWTK.TTF. The files are stored in the /utilities/fonts directory on the CD-ROM or DVD for the Oracle Application Server Metadata Repository Upgrade Assistant.

To install the additional required fonts:

  1. Navigate to the /utilities/fonts directory on the CD-ROM or DVD for the OracleAS Metadata Repository Upgrade Assistant.

  2. Copy the appropriate Albany TTF file from the /utilities/fonts directory to the plug-in directory in the $jdk/jre/lib/fonts directory on the Macintosh or Linux client machine.

29.1.6 Query Prediction Requires the Majority of the Query Time

When using Oracle BI Discoverer with a relational data source, you can predict the time that is required to retrieve information by setting the value of the QPPEnable preference to 1. However, in some circumstances, the majority of the time taken to retrieve information is consumed by the prediction activity itself.

To work around this issue, set the value of the QPPObtainCostMethod preference to 0 (use the EXPLAIN PLAN statement to predict query times) rather than to 1 (use dynamic views to predict query times).

For more information about setting preferences, see the Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer.

29.1.7 Word Wrapping Behavior with Oracle BI Discoverer Plus and Oracle BI Discoverer Viewer

To use word wrap settings correctly, you must understand how they are designed for Oracle BI Discoverer:

  • Oracle BI Discoverer Plus: Word wrap settings that you make in Oracle BI Discoverer Plus are saved in the worksheet and affect the display of worksheets in Oracle BI Discoverer Plus and when printing to PDF.

  • Oracle BI Discoverer Viewer: Word wrap settings that you see in the Print Settings dialog work as follows:

    • The word wrap settings do not affect the display of worksheets in Oracle BI Discoverer Viewer.

    • For relational data:

      • The word wrap settings do affect the printing of worksheets to PDF.

      • If the Always wrap text when size exceeds column width box is checked, then the print settings in Oracle BI Discoverer Viewer do override the settings made in a worksheet in Oracle BI Discoverer Plus Relational for printing to PDF.

      • If the Always wrap text when size exceeds column width box is not checked, then the print settings in Oracle BI Discoverer Viewer do not override the settings made in a worksheet in Oracle BI Discoverer Plus Relational for printing to PDF.

    • For OLAP data:

      • The word wrap settings do not affect the printing of worksheets to PDF.

      • Regardless of whether the Always wrap text when size exceeds column width check box is selected, the print settings in Oracle BI Discoverer Viewer never override the settings made in a worksheet in Oracle BI Discoverer Plus OLAP for printing to PDF.

29.1.8 Applet Appears Behind Browser Window

When you use Microsoft Internet Explorer, the Oracle BI Discoverer Plus Relational or Plus OLAP applet initialization and download dialog appears behind the browser window from which it was launched. After the applet is downloaded and initialized, it appears in front of the browser window from which it was launched.

To work around this issue:

  • Use a browser other than Internet Explorer, such as Netscape Navigator or Mozilla Firefox.

  • Use the Oracle BI Discoverer Plus URL parameter _plus_popup=false, which is documented in the Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer.

29.1.9 Issues with Mac OS X Browser and Oracle BI Discoverer Plus

The following are issues that you might encounter when you use the Safari browser on Mac OS X with Oracle BI Discoverer Plus Relational or Plus OLAP:

  • If you resize the browser window in the applet, then some parts of the content might be clipped. To work around this problem, always maximize the browser window for the applet when working with Mac OS X.

  • Keyboard combinations (also known as mnemonics) do not work in Oracle BI Discoverer Plus Relational and Plus OLAP.

    For example, you cannot press Alt+F to access the File menu.

  • In the Share Workbooks dialog of Oracle BI Discoverer Plus Relational, the leading characters of the "Shared:" list are clipped. In other words, the left edge of the list is truncated. For example, if you shared a workbook with DISCODEV, then you will only see SCODEV in the list. The title for the list is also truncated such that you see only the vertical line of the "d" in "Shared" and the colon (that is, "l:").

    The dialog continues to work as expected, but you might have difficulty reading the names in the "Shared:" list.

    This issue has no workaround.

29.1.10 Issues with Turkish Regional Settings

Because of Sun JRE 1.4 bug 4688797, you might encounter issues when connecting to a database schema from a computer that has Turkish regional settings. You will encounter the issue when you attempt to connect to a database schema with a user name that contains certain letters, such as the letter 'I' or 'i', for example, in "bibdemo". See the Sun JRE bug for information on the letters that are affected.

To work around this issue, either do not use Turkish regional settings or use a user name that does not contain the affected letters.

29.1.11 Multibyte Characters Rendered as Square Boxes in Exported PDF and Other Formats

When you export a workbook to PDF and other formats, multibyte characters (for example, Korean, Japanese, and Chinese characters) appear as square boxes.

To work around this issue, copy the following Albany fonts from ORACLE_HOME/jdk/jre/lib/fonts to the fonts folder of your JDK (Oracle JRockit or Sun) within the MW_HOME directory. For example, if you are using HP-UX JDK, you must copy the fonts to MW_HOME/jre/jdk160_11/lib/fonts.

  • AlbanWTJ.ttf

  • AlbanWTK.ttf

  • AlbanWTS.ttf

  • AlbanWTT.ttf

  • ALBANYWT.ttf

29.1.12 Java Plug-in Not Downloaded Automatically on Firefox

When you attempt to connect to Discoverer Plus by using the Mozilla Firefox browser on a machine that does not have Java 1.6 installed, the browser does not download the JRE 1.6 plug-in automatically. Instead, the browser displays the following message:

Additional plugins are required to display this page...

You must download the JRE 1.6 plug-in (by clicking the Install Missing Plugin link) and install it manually.

29.1.13 HTTP 404 Error While Accessing Discoverer on a Remote Machine

When you attempt to connect to Discoverer Plus, occasionally, the browser returns an HTTP 404 (File Not Found) error.

The page loads correctly when you refresh the browser a few times.

29.1.14 Error While Launching Discoverer Plus Applet on an IPv6 Environment

If the Web tier is on an IPv6 machine, when you start Discoverer Plus, the following error message might be displayed:

Attempt1. RMI protocol over JRMP transport: Connection refused to host: DiscoServerMahcineName;nested exception is:
@ java.net.ConnectionException: Connection timed out

To work around this issue, in the System MBean Browser of Fusion Middleware Control, change the TransportProtocols attribute of the Plus Config MBean to "jrmp,http" (or "jrmp,https" if Discoverer Plus is accessed by using secure HTTP).

29.1.15 Error While Updating the Discoverer Web Services Configuration Parameter

When you update the web services configuration parameter (Maximum Sessions) using the Discoverer Web Services Configuration page of Fusion Middleware Control and click Apply, the following error message is displayed:

Applying changes - Failed.
Exception caught:

You can ignore the error message because the changes are applied even if the exception is thrown. Alternatively, you can update the MaxSessions attribute of the WebServicesConfig MBean in the System MBean Browser of Fusion Middleware Control.

29.1.16 Exception Logged for Discoverer Web-Based Applications in an Extended Domain

When you extend a domain and add Discoverer application in a remote machine, you may see the following exception in the WebLogic Server log:

java.lang.IllegalArgumentException: ODL-52057: The handler 'disco-server-handler' is not defined.

To work around this issue, modify the log_handlers and loggers elements in the logging.xml file located in the DOMAIN_HOME/config/fmwconfig/servers/WLS_DISCO folder of the machine where the domain exists.

In the log_handlers section, add the handlers as follows:

<log_handler name='discoverer-handler'
class='oracle.core.ojdl.logging.ODLHandlerFactory'>
   <property name='path'
value='${domain.home}/servers/${weblogic.Name}/logs/discoverer/diagnostic.log'
/> 
<property name='maxFileSize' value='1048576'/>
   <property name='maxLogSize' value='10485760'/>
   <property name='format' value='ODL-Text'/>
   <property name='useSourceClassAndMethod' value='false'/>
  </log_handler>
 
  <log_handler name='disco-server-handler'
class='oracle.core.ojdl.logging.ODLHandlerFactory'>
   <property name='path'
value='${domain.home}/servers/${weblogic.Name}/logs/discoverer/server/diagnost
ic.log'/>
   <property name='maxFileSize' value='1048576'/>
   <property name='maxLogSize' value='10485760'/>
   <property name='format' value='ODL-Text'/>
  </log_handler> 

In the loggers sections, add the following elements:

<logger name='ORACLE.DISCOVERER.VIEWER' level='TRACE:32'
useParentHandlers='false'>
   <handler name='discoverer-handler'/>
   <handler name='odl-handler'/>
  </logger>
  <logger name='ORACLE.DISCOVERER.PORTLET_PROVIDER' level='TRACE:32'
useParentHandlers='false'>
   <handler name='discoverer-handler'/>
   <handler name='odl-handler'/>
  </logger>
  <logger name='ORACLE.DISCOVERER.MODEL' level='TRACE:32'
useParentHandlers='false'>
   <handler name='discoverer-handler'/>
   <handler name='odl-handler'/>
  </logger>
  <logger name='ORACLE.DISCOVERER.WEB_SERVICES' level='TRACE:32'
useParentHandlers='false'>
   <handler name='discoverer-handler'/>
   <handler name='odl-handler'/>
  </logger>
  <logger name='ORACLE.DISCOVERER.SERVER' level='TRACE:32'
useParentHandlers='false'>
   <handler name='disco-server-handler'/>
   <handler name='odl-handler'/>
  </logger>

After adding these elements, save the logging.xml file, and restart the Administration Server and Discoverer Managed Servers.

29.1.17 Issue with Discoverer Application URL in Fusion Middleware Control after a Backup Recovery

When you recover the Oracle BI Discoverer middle tier from a backup, the Discoverer application URL in the Discoverer Home page of Fusion Middleware Control point to a wrong location.

You must configure the application URLs that appear on the Oracle BI Discoverer Home page in Fusion Middleware Control after recovering the Oracle BI Discoverer middle tier from a backup.

For more information, see "How to configure application URLs displayed on the Fusion Middleware Control Discoverer Home page" in the Oracle Business Intelligence Discoverer Configuration Guide.

29.1.18 Incorrect Version Number for Discoverer in Fusion Middleware Control 11g

In Fusion Middleware Control 11g, the Enterprise Manager Fusion Middleware Control pages display wrong version number (11.1.1.2.0) for the Oracle BI Discoverer application. The correct version number for Oracle BI Discoverer is 11.1.1.4.0.

29.1.19 Oracle BI Discoverer Startup Fails after Shutdown

When you first start up the Discoverer application from Oracle Enterprise Manager Fusion Middleware Control or Oracle WebLogic Administration Console after shutting down the application instance, the startup fails with error logs.

To work around this issue, start the Discoverer application again. The second time the application starts without any error message.

29.1.20 The Database Export and Import Utility does not Work with Applications Mode EUL

You cannot use the standard database export and import utilities to export or import the database, EUL tables and database objects referenced by the Applications Mode EUL definitions. The standard database export and import utility can be used only for standard EUL definitions.

To work around this issue, use the Discoverer Export Wizard in Discoverer Administrator to export EUL objects to an EUL export file (*.EEX). After exporting the EUL objects, you can import the .EEX file using the Discoverer Import Wizard.For more information, see "Creating and Maintaining End User Layers" in Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Discoverer.

29.1.21 Install-level Scripts are not Updated in Existing Instances after Patching

When you upgrade Oracle Discoverer 11gR1 PS1 to 11gR1 PS2 or 11gR1 PS3, the patch will be installed in the ORACLE_HOME folder. Therefore, script changes in the new patch set will not be available for existing Oracle Discoverer instances, which are located in the ORACLE_INSTANCE folder. However, new instances that are created after the patch upgrade will be updated.

To work around this issue, after a patch upgrade manually copy the new scripts to the existing ORACLE_INSTANCE folders. For example, copy the new discenv.sh script file from ORACLE_HOME to the ORACLE_INSTANCE/Discoverer/Discoverer_instance-name/util/ folder.

For more information about Discoverer file locations, see "Oracle BI Discoverer Configuration Files" in Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer.

29.2 Issues Specific to Oracle BI Discoverer Plus Relational

This section describes issues that are specific to Oracle BI Discoverer Plus Relational. It includes the following topics:

29.2.1 Text Appearing Truncated or Clipped

When you run Oracle BI Discoverer Plus Relational with Sun Java Plug-in 1.4.2_06, the Browser Look and Feel, and an Asian language (such as Korean or Chinese), you might notice that static text and text in buttons in the user interface appears truncated or clipped. To work around this issue, do one of the following:

  • Change the Look and Feel to either Plastic or System.

  • Use JInitiator 1.3.1.17 instead of the Sun Java Plug-in.

  • Install Sun Java Plug-in version 1.4.2_10 or higher.

29.2.2 Non-ASCII Characters Not Saved Correctly in Title or Text Area

When you save a new workbook in Oracle BI Discoverer Plus, any text characters beyond the standard ASCII characters are not saved correctly when all the conditions that are described in the following list are met:

  • You are logged in as an Oracle e-Business Suite user.

  • The language for the computer is not English.

  • Oracle BI Discoverer Plus is running against an Oracle e-Business Suite database that does not have that non-English language installed.

This issue has no workaround.

29.2.3 Canceling Query Causes Discoverer to Hang

If you cancel a query that is running in Oracle BI Discoverer Plus Relational, then you are prompted to either choose YES to undo the changes or NO to show a blank sheet. If you choose YES, then Oracle BI Discoverer Plus Relational hangs and you must close the window and restart.

To work around this issue, choose NO to show a blank worksheet. You can then refresh the sheet and continue working.

29.2.4 Nonaggregable Values Not Displayed for Scheduled Workbooks

Oracle BI Discoverer Plus Relational does not display nonaggregable values for scheduled workbooks. In other words, Oracle BI Discoverer Plus Relational processes scheduled workbooks as if you selected the Show values that cannot be aggregated as: <Non-aggregable label> option in the Worksheet Properties dialog: Aggregation tab.

Nonaggregable values include those based on the following SQL functions:

  • A CASE SQL statement

  • A DECODE SQL statement

  • A PL/SQL function

  • A DISTINCT SQL statement

  • An analytic function

29.2.5 Migrating Oracle BI Discoverer Plus Relational Worksheets from Oracle BI Discoverer Desktop

If you use Oracle BI Discoverer Plus Relational to open a worksheet that was created using Oracle BI Discoverer Desktop Version 9.0.4 (or earlier), the size of the title area for that worksheet defaults to two lines in height. A title height of two lines might be a problem if a worksheet title requires more than or less than two lines. If you want to change the size of the title area, you must resize the title area manually and save the worksheet.

To resize the title area for a worksheet, open the worksheet and drag the bar at the bottom of the title area pane up or down.

29.3 Issues Specific to Oracle BI Discoverer Plus OLAP

This section describes issues that are specific to Oracle BI Discoverer Plus OLAP. It includes the following topics:

29.3.1 Issues with Applet Download

There may be Oracle Business Intelligence Discoverer Plus applet download issues when caching has been enabled in the Sun Java Plug-In.

To avoid these issues, disable caching in the plug-in.

29.3.2 Disabled Netscape and Mozilla Browsers

When you are running Netscape 7.x or Mozilla browsers, the Netscape and Mozilla Mail clients and Web browser may become disabled when Oracle BI Discoverer Plus OLAP modal dialogs are displayed.

Dismissing the Oracle BI Discoverer Plus OLAP dialogs resumes normal operation for the Netscape and Mozilla tools.

29.3.3 Tabbing Fails to Synchronize Menus

When you use the Tab key to select items in a worksheet, the menus do not always synchronize to reflect the currently selected item.

This issue has no workaround.

29.3.4 Esc Key Fails to Close Certain Dialogs

The Esc key does not close the following dialogs: Totals, New Total, Parameter, and Manage Catalog.

Instead of using the Esc key, click the Close or OK button.

29.3.5 Link Tool Works Incorrectly in Some Locales

The Link tool, which enables users to drill out to external URLs from a crosstab cell, might not work correctly in all locales due to URL encoding issues.

This issue has no workaround.

29.3.6 Memory Issues when Exporting Extremely Large Graphs

Exporting extremely large graphs can cause memory issues, requiring a restart of the Oracle BI Discoverer Plus OLAP session.

This issue has no workaround.

29.3.7 Issue While Printing Worksheets with Large Data Values

When printing a worksheet that contains large numbers in the data cells, the string ####### may be printed instead of the actual numbers.

This issue has no workaround.

29.3.8 Issues with Titles and Text Areas

The following issues exist with titles and text areas:

  • Nonempty titles and text areas are printed even if they are hidden in the worksheet.

    This issue has no workaround.

  • When you set the title or text area background to green and export the worksheet to an HTML file, the background is incorrectly set to red in the exported file.

    This issue has no workaround.

29.3.9 Errors with JAWS and Format Dialogs

When you use JAWS, you will notice errors when you attempt to format graphs and crosstabs using the Format dialogs.

This issue has no workaround.

29.4 Issues Specific to Oracle BI Discoverer Portlet Provider

This section describes issues that are specific to Oracle BI Discoverer Portlet Provider. It includes the following topics:

29.4.1 Inability to Turn Off Display of Range Min and Max as Labels

In the Display Options of a gauge portlet, the Minimum Value and Maximum Value range labels are selected but are also disabled so that you cannot deselect the display of those values. The values for the minimum and the maximum appear at the ends of every gauge in the set except for those gauges where the value to be gauged is out of the range of the minimum and the maximum values. For those gauges where the value to be displayed exceeds the range of the minimum and the maximum values, the gauge will automatically adjust to accommodate the value.

This issue has no workaround.

29.4.2 Issues with Discoverer Portlets in WebCenter

The following issues exist for Discoverer portlets displayed in Oracle WebCenter.

  • When a Worksheet portlet is displayed in Oracle WebCenter, the links to navigate to the next set of records does not work.

  • When a List of Worksheets portlet is displayed in Oracle WebCenter, the Expand All Icons link does not work.

To work around these issues, set the RenderPortletInIFrame attribute of the portlet tag to TRUE. For more information, see "Setting Attribute Values for the Portlet Tag" in Oracle Fusion Middleware Developer's Guide for Oracle WebCenter.

29.4.3 Issue while Publishing Discoverer WSRP Portlets in Portals Other than Oracle Portal and Oracle WebCenter

When you publish Discoverer WSRP Portlets in portals other than Oracle Portal and Oracle WebCenter (such as Oracle WebLogic Portal and IBM WebSphere Portal), the pop-up windows for input selection will have the same page layout as the portal page with all navigation options. If you select any of these navigation options, the current portlet state will be lost. You might need to start publishing the portlet from the beginnng.

The issue has no workaround.

29.4.4 Issue with Portlet Titles in Discoverer WSRP Portlets Published on IBM WebSphere

You cannot dynamically change the portlet title of a Discoverer WSRP portlet in IBM WebSphere after it is published. Static title is rendered in the portal for each portlet instance.

To work around this issue, set a meaningful title for the portlet by editing the title using the Set Title or Description option in the WebSphere portal. For more information about changing the title of a portlet, see WebSphere documentation.

29.4.5 Issue with Color and Date Pickers in Discoverer WSRP Portlets

The Color and Date pickers in Discoverer WSRP Portlets do not work on portals other than Oracle WebCenter.

On portals such as Oracle Portal, Oracle WebLogic Portal and IBM WebSphere, to workaround this issue, set the value of the configuration parameter useInlineUIXPicker to true. The default value of this parameter is false. When you set the useInlineUIXPicker parameter to true, set the color and date as follows:

  • Inline color pickers are enabled in the Gauges Selection page and you can select a color from the palette.

  • You cannot select the color using the Format option of the Personalize menu of the worksheet. Use the Analyze option in the portlet window to change the color.

  • The Date picker in the Refresh option will not be available. Enter the date manually.

29.4.6 Worksheet Parameter LOV is not Displayed in Discoverer WSRP Portlets on IBM WebSphere Portal

The Worksheet Parameter LOV icon is not displayed when you publish Discoverer WSRP portlets in IBM WebSphere portal.To work around this issue, enter parameter values manually.

29.4.7 Issue with Worksheet Parameter LOV Pop-Up Window in Discoverer WSRP Portlets

In Oracle Portal and Oracle WebLogic Portal, when you select values from the parameter LOV from a worksheet portlet published by using the Discoverer WSRP Portlet producer, the pop-up window is not getting closed on selection of values.You must explicitly close the pop-up window after selection of values.

29.5 Issues Specific to Oracle BI Discoverer Viewer

This section describes issues that are specific to Oracle BI Discoverer Viewer. It includes the following topics:

29.5.1 Drill Icons Cannot Be Hidden in Oracle BI Discoverer Viewer

The pref.txt file contains a setting called ShowDrillIcon, which is not functioning properly. If you set ShowDrillIcon to False, then drill icons are still displayed in Oracle BI Discoverer Viewer.

The issue has no workaround.

29.5.2 Error Displaying Page for Multiple SSO Users

When an Oracle Single Sign-On (SSO) user tries to view a worksheet from a List of Worksheets Portlet by using the same browser window that is already being used by an SSO user to view that worksheet, the second user sees the following error message: "The page cannot be displayed".

To work around this issue, start a new browser session and view the worksheet.

29.5.3 Inability to Disable the Display of Row Numbers

Oracle BI Discoverer Viewer no longer offers the ability to disable the display of row numbers in a tabular worksheet.

29.5.4 Issues with Oracle BI Discoverer Viewer Embedded in Frames

Users might see JavaScript errors such as "Access Denied" or other unexpected behavior when both of the following conditions are met:

  • When Oracle BI Discoverer Viewer is embedded in an IFRAME tag.

  • When the domain of the server that hosts the HTML page with the IFRAME tag is different from the domain of the Oracle BI Discoverer server that is running Oracle BI Discoverer Viewer.

Use one of the following workarounds for this issue:

  • Run the Oracle BI Discoverer server and the server that hosts the HTML page with the IFRAME tag in the same domain.

  • Alter the Common2_2_20.js file on the Oracle BI Discoverer server using the following steps:

    1. Use Fusion Middleware Control to stop all services on the middle tier for Oracle Business Intelligence.

    2. Make a backup copy of the Common2_2_20.js file from the following directory:

      domain\servers\managed_server\stage\discoverer\release\discoverer\discoverer.war\cabo\jsLib

      domain is the path of directory that contains the domain.

      managed_server is the name of the managed server on which the Discoverer application is deployed.

      release is the release number of Discoverer. For example, 11.1.1.1.0.

    3. Edit the Common2_2_20.js file and replace all occurrences of "parent._pprSomeAction" with "window._pprSomeAction".

    4. Use Fusion Middleware Control to start all services on the middle tier for Oracle Business Intelligence.

    5. Clear the browser cache on the client machine so that the new Common2_2_20.js file will be used.

29.5.5 Issue Exporting to PDF Under Certain Circumstances

If you are using Oracle BI Discoverer Viewer with Microsoft Internet Explorer, you might encounter an error message when you try to export to PDF a worksheet that is named with non-ASCII characters, a space, and a number. The export fails and you will see a message similar to the following one:

No %PDF- in a file header

Use one of the following methods to work around this issue:

  • Use a browser other than Internet Explorer, such as one from Netscape or Mozilla.

  • Remove the space between the non-ASCII characters and the number, or remove the number altogether.

  • Continue to use Internet Explorer and leave the space in the worksheet name, but follow these steps:

    1. Start the Adobe Reader.

    2. From the Edit menu, choose Preferences, then click Internet.

    3. Clear the Display PDF in browser box.

29.5.6 Issue When Changing Colors for Oracle BI Discoverer Viewer in Fusion Middleware Control on Mac OS X

You can use Fusion Middleware Control to change the look and feel of Oracle BI Discoverer Viewer. That page contains a color chooser, or palette. If you use Fusion Middleware Control on Mac OS X with the Safari browser, then the page does not correctly enter the color code when you select a color from the palette.

To work around this issue, you can either use the Firefox browser or you can enter a color code directly.

The color codes are standard HTML hexadecimal color codes. You can enter one of the 49 colors that are available in the color palette, or you can enter any valid HTML hexadecimal color code.

The following list provides examples of colors with their codes:


white #FFFFFF
grey #CCCCCC
black #000000
pink #FFCCCC
red #FF0000
light yellow #FFFFCC
yellow #FFFF00
light green #99FF99
dark green #00CC00
light blue #66FFFF
dark blue #3333FF
lavender #FF99FF
purple #CC33CC

29.5.7 Discoverer Catalog Items Not Visible From UNIX Servers

You might encounter issues when trying to see items in the Discoverer Catalog when using Oracle BI Discoverer Viewer with OLAP data on UNIX servers.

You can resolve this issue on the middle-tier machine where Oracle BI Discoverer runs by performing the following steps.

To check whether the time zone variable is set:

  1. Open a shell prompt.

  2. Type echo $TZ to display the time zone setting.

If no value is displayed, then the time zone has not been set.

To set the time zone variable:

  1. Open a shell prompt.


    Note:

    The UNIX user that sets the TZ variable must be the same UNIX user that installed Oracle Business Intelligence.


  2. If you do not know which shell you are using, type $echo $SHELL to display the name of the current shell.

  3. Set the time zone as appropriate.

    For example, to set the time zone variable for US/Pacific time:

    • For the Bourne, Bash, or Korn shell, type export TZ=US/Pacific

    • For the C shell, type setenv TZ US/Pacific


      Note:

      Consult the shell documentation for the appropriate values.


29.5.8 Known Bug with JAWS Prevents Drilling Using the Enter Key

Oracle BI Discoverer can be used in conjunction with assistive technologies such as the JAWS screen reader. However, a bug in JAWS prevents the drilling feature from working correctly in Oracle BI Discoverer Viewer when querying a relational data source.

Assume that you use the keyboard to navigate to the drill icon beside an item in the worksheet header. When you press the Enter key to drill on that header item, the Drill page should be displayed as described in the "Worksheet Display page: (Page level tools and controls)" topic in the Help system and the Oracle Fusion Middleware User's Guide for Oracle Business Intelligence Discoverer Viewer).

However, when JAWS is running, the Drill page is not displayed. Instead, the Drill popup menu is displayed. It is not possible to select items from this popup menu by using the keyboard, and JAWS does not read the items on the popup menu.

This issue has no workaround.

29.5.9 JAWS Does Not Read Asterisks that Precede Fields

In Oracle BI Discoverer Viewer, an asterisk that precedes a text field indicates that the user is required to enter a value into that text field. The JAWS screen reader does not read an asterisk that precedes a required text field and does not otherwise indicate that the field is required.

This issue has no workaround.

29.5.10 Oracle BI Discoverer Viewer Pages are not Cached by Oracle Web Cache

When using Oracle BI Discoverer with Oracle Web Cache, note the following:

  • When Oracle Single Sign-On is enabled, Oracle Web Cache does not cache Oracle BI Discoverer Viewer pages, regardless of whether they are accessed using a public connection or a private connection.

  • If an Oracle BI Discoverer Viewer page is accessed directly through a URL and the URL contains URL parameters that specify login details (for example, user name, database name), then Oracle Web Cache does not cache the page. For example, Oracle Web Cache does not cache worksheet "Sheet 1" in workbook "Workbook 2" that is displayed by using the following URL:

    http://<host.domain>:<port>/discoverer/viewer?us=video5&db=db1&eul=VIDEO5&wbk=Workbook+2&ws=Sheet+1


    Note:

    In the example above, us= specifies the database user name, and db= specifies the database name.


    However, Oracle Web Cache does cache worksheet "Sheet 1" in workbook "Workbook 2" if a user logs in manually to Oracle BI Discoverer Viewer by using the same login details, and navigates to the worksheet.

  • You must increase the delays for Oracle BI Discoverer Viewer by at least 60 seconds for Oracle BI Discoverer Viewer to properly cache workbooks with Oracle Web Cache.

    For more information, see "How to configure Discoverer Viewer to enable maximum caching" in the Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer.

29.6 Issues Specific to Oracle BI Discoverer EUL Command Line for Java

This section describes issues that are specific to Oracle BI Discoverer EUL Command Line for Java.

29.6.1 Issue with Exported Non-ASCII Data

When you export multibyte or Eastern European data (such as the names of items and business areas in Japanese or Russian characters) from Oracle BI Discoverer EUL Command Line for Java on a platform other than Windows, the exported data is corrupted.

To work around this issue, edit the discwb.sh file that is located in the ORACLE_HOME/discoverer directory before exporting. Change the character set value in the NLS_LANG variable to UTF8.

For example, if the original setting of the variable is:

NLS_LANG="GERMAN_GERMANY.WE8ISO8859P1"

Change the setting to:

NLS_LANG="GERMAN_GERMANY.UTF8"

29.7 Issues Specific to Oracle BI Discoverer Administrator

This section describes issues that are specific to Oracle BI Discoverer Administrator. It includes the following topic:

29.7.1 Issue with Installation of Video Stores Tutorial

Before installing the video stores tutorial in Oracle Database 10g Enterprise Edition Release 2 (version 10.2.0.1 and higher), you must manually create the VIDEO5 user. If you attempt to install the video stores tutorial in Oracle Database 10g Enterprise Edition Release 2, then the installation will fail if the VIDEO5 user does not already exist. To work around this issue:

  1. Create the VIDEO5 user manually by completing these steps:

    1. Access Oracle Database 10g with SQL*Plus, Enterprise Manager, or any SQL command line tool.

    2. Create the VIDEO5 user.

    3. Grant CONNECT and RESOURCE privileges to the VIDEO5 user.

    For more information about creating users and granting privileges, see the Oracle Database SQL Reference or your DBA

  2. Connect to Discoverer Administrator as the EUL owner and install the tutorial. You must enter the VIDEO5 user password during installation.

    For information about installing the video stores tutorial, see the Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Discoverer.

PKqrPK Oracle Virtual Directory

27 Oracle Virtual Directory

This chapter describes issues associated with Oracle Virtual Directory. It includes the following topics:

27.1 General Issues and Workarounds

This section describes general issues and workarounds. It includes the following topics:

27.1.1 Oracle Virtual Directory Fails to Start When Unsupported Ciphersuite for Listener SSL Config is Selected in Enterprise Manager

When you create an Oracle LDAP listener in Enterprise Manager, and then edit the listener's Change SSL setting by selecting Enable SSL for any SSL authorization, Enterprise Manager selects the ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256. If this ciphersuite is selected, then Oracle Virtual Directory will fail to start-up entirely.

Oracle Virtual Directory supports the following protocols:

  • TLSv1

  • SSLv2Hello

  • SSLv3


Note:

For a complete list of the supported ciphers for each protocol, refer to the following location:

http://www.openssl.org/docs/apps/ciphers.html


To work around this issue, manually uncheck all of the ciphers listed for Enterprise Manager when configuring the ciphersuites.

27.1.2 EUS Adapter Creation Failed

When creating an EUS adapter using the wizard in Oracle Directory Services Manager, an error message periodically displays stating the adapters and ACLs were not created successfully.

To work around this issue, proceed as follows:

  • If the error occurred while you were loading ACLs, and only partial ACLs were loaded during EUS configuration, then you can manually load the remaining ACLs by running this command:

    $ORACLE_HOME/bin/ldapmodify -c -v -h <ovd_host> -p <ovd_port> -D cn=orcladmin -w <orcladmin_password> -f
    $ORACLE_HOME/ovd/eus/eusACLTemplate.ldif
    
  • If the error occurred during any other step, then manually clean up the partial configuration from Oracle Virtual Directory by using the following steps, and then reconfigure Oracle Virtual Directory for EUS.

    1. Delete all of the Local Store and LDAP EUS adapters created.

    2. Delete the LSA EUS adapter data files from the local file system.

    3. Undeploy the EUS py mapping based on your directory type (if it exists).

    4. Click the EUS wizard icon again to reconfigure.

27.1.3 Manually Edit adapters.os_xml File When Creating DB Adapter For Sybase

Creating a Database Adapter with Sybase as back-end causes Oracle Virtual Directory to fail with an Invalid Database Connection error.

To work around this issue, you can manually edit the adapters.os_xml file using the same Database connection information.

27.1.4 ODSM Version Does Not Change in Enterprise Manager after Patching ODSM to 11.1.1.6.0

The Oracle Directory Services Manager version shown in Enterprise Manager is the application version, which does not change when you patch Oracle Directory Services Manager.

The Oracle Lifecycle team requires all Enterprise Manager components to retain the same application version. However, because customers want to know which Oracle Directory Services Manager version they are using, Oracle Directory Services Manager maintains the actual (patch) version and Enterprise Manager maintains the application version, which causes this mismatch.

This issue is a known issue, starting with version 11.1.1.3.0.

27.1.5 ODSM Bug Requires Editing of odsmSkin.css File

Due to a misplaced comment in the file odsmSkin.css, some labels on the Oracle Directory Services Manager home page are not displayed correctly. Specifically, the labels in the diagram on the right are misplaced or missing.

To work around this issue, proceed as follows:

  1. Stop the wls_ods1 managed server and the WebLogic Administration server.

  2. Edit the file:

    MW_HOME/user_projects/domains/DOMAIN_HOME/servers/MANAGED_SERVER_NAME/tmp/_WL_user/ODSM_VERSION_NUMBER/RANDOM_CHARACTERS/war/skins/odsmSkin.css
    

    For example:

    wlshome/user_projects/domains/base_domain/servers/wls_ods1/tmp/_WL_user/odsm_11.1.1.2.0/z5xils/war/skins/odsmSkin.css
    

    Before editing, the odsmSkin.css file looks like this:

    @agent ie /*========== Fix for bug#7456880 ==========*/
    {
      af|commandImageLink::image,
      af|commandImageLink::image-hover,
      af|commandImageLink::image-depressed
      {
        vertical-align:bottom;
      }
    }
    

    Move the comment:

    /*========== Fix for bug#7456880 ==========*/
    

    so that it is above the line

    @agent ie
    

    After editing, the file should look like this:

    /*========== Fix for bug#7456880 ==========*/
    @agent ie
    {
      af|commandImageLink::image,
      af|commandImageLink::image-hover,
      af|commandImageLink::image-depressed
      {
        vertical-align:bottom;
      }
    } 
    
  3. Restart the WebLogic Administration server and the wls_ods1 managed server.

27.1.6 Oracle Directory Services Manager Browser Window is Not Usable

In some circumstances, after you launch Oracle Directory Services Manager from Fusion Middleware Control, then select a new Oracle Directory Services Manager task, the browser window might become unusable. For example, the window might refresh repeatedly, appear as a blank page, fail to accept user input, or display a null pointer error.

As a work around, go to the URL: http://host:port/odsm, where host and port specify the location where Oracle Directory Services Manager is running, for example, http://myserver.example.com:7005/odsm. You can then use the Oracle Directory Services Manager window to log in to a server.

27.1.7 Exceptions May Occur in Oracle Directory Services Manager When Managing Multiple Oracle Virtual Directory Components and One is Stopped

Under certain circumstances, when managing multiple Oracle Virtual Directory components from the same Oracle Directory Services Manager session, exception or error messages may appear if you stop one of the Oracle Virtual Directory components. For example, you are managing Oracle Virtual Directory components named ovd1 and ovd2 from the same Oracle Directory Services Manager session. Both ovd1 and ovd2 are configured and running. If you stop ovd1, an exception or Target Unreachable message may appear when you try to navigate Oracle Directory Services Manager.

To work around this issue, exit the current Oracle Directory Services Manager session, close the web browser, and then reconnect to Oracle Virtual Directory components in a new Oracle Directory Services Manager session.

27.1.8 Identifying the DN Associated with an Access Control Point in Oracle Directory Services Manager

When you create an Access Control Point (ACP) using Oracle Directory Services Manager, the Relative Distinguished Name (RDN) of the DN where you created the ACP appears in the navigation tree on the left side of the screen. For example, if you create an ACP at the DN of cn=ForExample,dc=us,dc=sales,dc=west, then cn=ForExample appears in the navigation tree. After clicking an ACP in the navigation tree, its settings appear in the right side of the screen and the RDN it is associated with appears at the top of the page.

To identify the DN associated with an ACP, move the cursor over ("mouse-over") the ACP entry in the navigation tree. The full DN associated with the ACP will be displayed in a tool-tip dialog box.

Mousing-over ACPs in the navigation tree is useful when you have multiple ACPs associated with DNs that have identical RDNs, such as:

ACP 1 = cn=ForExample,dc=us,dc=sales,dc=west

ACP 2 = cn=ForExample,dc=us,dc=sales,dc=east

27.1.9 Issues With Oracle Virtual Directory Metrics in Fusion Middleware Control

This topic describes issues with Oracle Virtual Directory metrics in Fusion Middleware Control, including:

27.1.9.1 Configuring Operation-Specific Plug-Ins to Allow Performance Metric Reporting in Fusion Middleware Control After Upgrading to 11g Release 1 (11.1.1)

If you upgraded an Oracle Virtual Directory Release 10g installation with plug-ins configured to execute on specific operations, such as add, bind, get, and so on, to 11g Release 1 (11.1.1), you may have to update those operation-specific plug-ins before you can use Fusion Middleware Control to view performance metrics.

After upgrading to 11g Release 1 (11.1.1) and performing some initial operations to verify the upgrade was successful, check the Oracle Virtual Directory home page in Fusion Middleware Control. You should see data for the Current Load and Average Response Time and Operations metrics.

If you do not see any data for these metrics, you must update the plug-ins configured to execute on specific operations. The work-around is to add the Performance Monitor plug-in to the operation-specific plug-in's configuration chain.

Perform the following steps to add the Performance Monitor plug-in to the operation-specific plug-in's configuration chain:

  1. If the operation-specific plug-in is a Global-level plug-in, edit the server.os_xml file located in the ORACLE_INSTANCE/config/OVD/NAME_OF_OVD_COMPONENT/ directory.

    If the operation-specific plug-in is an adapter-level plug-in, edit the adapters.os_xml file located in the ORACLE_INSTANCE/config/OVD/NAME_OF_OVD_COMPONENT/ directory.


    Note:

    If multiple adapters are configured, you must perform steps 2 and 3 for every adapter configuration in the adapters.os_xml file.


  2. Locate the pluginChains element in the file. For example, if the Dump Transactions plug-in is configured to execute on the get operation, you will see something similar to the following:

    Example 27-1 Dump Transactions Plug-In Configured for get Operation

      <pluginChains xmlns="http://xmlns.oracle.com/iam/management/ovd/config/plugins">
       <plugins>
          <plugin>
            <name>Dump Transactions</name>
            <class>com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions</class>
            <initParams>
              <param name="loglevel" value="info"/>
            </initParams>
          </plugin>
          <plugin>
            <name>Performance Monitor</name>
            <class>com.octetstring.vde.chain.plugins.performance.MonitorPerformance</class>
            <initParams/>
          </plugin>
       </plugins>
       <default>
          <plugin name="Performance Monitor"/>
       </default>
       <get>
          <plugin name="Dump Transactions">
            <namespace>ou=DB,dc=oracle,dc=com </namespace>
          </plugin>
        </get>
      </pluginChains>
    
  3. Add the following Performance Monitor plug-in element within the operation-specific configuration chain:

    <plugin name="Performance Monitor"/>
    

    For example:

    Example 27-2 Adding the Performance Monitor to the Operation-Specific Plug-In Configuration Chain

     <pluginChains xmlns="http://xmlns.oracle.com/iam/management/ovd/config/plugins">
       <plugins>
          <plugin>
            <name>Dump Transactions</name>
            <class>com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions</class>
            <initParams>
              <param name="loglevel" value="info"/>
            </initParams>
          </plugin>
          <plugin>
            <name>Performance Monitor</name>
            <class>com.octetstring.vde.chain.plugins.performance.MonitorPerformance</class>
            <initParams/>
          </plugin>
       </plugins>
       <default>
          <plugin name="Performance Monitor"/>
       </default>
       <get>
          <plugin name="Dump Transactions">
            <namespace>ou=DB,dc=oracle,dc=com </namespace>
          </plugin>
          <plugin name="Performance Monitor"/>
        </get>
      </pluginChains>
    
  4. Save the file.

  5. Restart Oracle Virtual Directory.

27.1.10 Using a Wildcard when Performing an LDAPSEARCH on a TimesTen Database Causes an Operational Error

Currently, a TimesTen bug is preventing wildcard searches (such as "cn=t*") from working in a Database adapter with TimesTen.

To work around this problem, enable the Case Insensitive Search option and create the necessary linguistic indexes for any database columns used in the search.

For more information, see the related TimesTen Enhancement Request, Bug# 9885055 and Section 12.2.2 "Creating Database Adapters for Oracle TimesTen In-Memory Database" in the Oracle® Fusion Middleware Administrator's Guide for Oracle Virtual Directory.

27.1.11 ODSM Version 11.1.1.4.0 Does Not Support OVD Versions 11.1.1.2.0 or 11.1.1.3.0

Oracle Directory Services Manager Version 11.1.1.4.0 does not support Oracle Virtual Directory Versions 11.1.1.2.0 or 11.1.1.3.0.

Changes introduced in Oracle Directory Services Manager Version 11.1.1.4.0 improve configuration auditing, and these changes require that you use Oracle Virtual Directory 11.1.1.4.0.

27.1.12 ODSM Version 11.1.1.5.0 Does Not Support OVD Versions 11.1.1.2.0, 11.1.1.3.0, or 11.1.1.4.0

Oracle Directory Services Manager Version 11.1.1.5.0 does not support Oracle Virtual Directory Versions 11.1.1.2.0, 11.1.1.3.0, or 11.1.1.4.0.

Changes introduced in Oracle Directory Services Manager Version 11.1.1.5.0 improve configuration auditing, and these changes require that you use Oracle Virtual Directory 11.1.1.5.0.

27.1.13 ODSM Version 11.1.1.6.0 Does Not Support OVD Versions 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0, or 11.1.1.5.0

Oracle Directory Services Manager Version 11.1.1.6.0 does not support Oracle Virtual Directory Versions 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0, or 11.1.15.0.

Changes introduced in Oracle Directory Services Manager Version 11.1.1.6.0 improve configuration auditing, and these changes require that you use Oracle Virtual Directory 11.1.1.6.0.

27.1.14 Users with Non-ASCII Names Might Encounter Problems when Using ODSM with SSO

When Oracle Directory Services Manager is configured to use Oracle Access Manager 11g Release 1 (11.1.1.2) for single sign-on, a user whose name contains non-ASCII characters might observe the following issues after logging in:

  • The user name displayed on the Home page is garbled.

  • Single sign-on connections to Oracle Virtual Directory servers do not appear in the list of connections.

27.1.15 Creating an Attribute/Object Class Throws NPE Error

After upgrading Oracle Directory Services Manager, creating an attribute or an objectclass causes an NPE error.

Workaround:

Refresh the entries by clicking Refresh every time the creation fails.

27.1.16 Patch Required to Enable Account Lockout Feature

An additional Patch 10365116 is required to enable the Account Lockout functionality.

In addition, Oracle Virtual Directory may not update the AD badpasswdcount until the account is fully locked out, which means AD badpasswdcount shows the correct number when it reaches the bad password count setting in AD.

27.1.17 ODSM Problems in Internet Explorer 7

The Oracle Directory Services Manager interface might not appear as described in Internet Explorer 7.

For example, the Logout link might not be displayed.

If this causes problems, upgrade to Internet Explorer 8 or 9 or use a different browser.

27.1.18 Strings Related to New Enable User Account Lockout Feature on EUS Wizard Are Not Translated

The new Enable User Account Lockout feature (and related messages) provided in the Oracle Virtual Directory EUS wizard have not been translated.

27.1.19 All Connections Created In ODSM 11.1.1.1.0 Are Lost After Upgrading to OVD or OID Version 11.1.1.7.0

Due to some deployment changes made to Oracle Directory Services Manager version 11.1.1.2.0, any connections created in Oracle Directory Services Manager version 11.1.1.1.0 will be lost when you upgrade to Oracle Virtual Directory version 11.1.1.7.0 or Oracle Internet Directory version 11.1.1.7.0.

Oracle Directory Services Manager resumes caching connection details the first time you connect again after upgrading to Oracle Virtual Directory version 11.1.1.7.0 or Oracle Internet Directory version 11.1.1.7.0.

27.1.20 Incorrect ODSM Version Displays in Enterprise Manager Console After OVD Upgrade

The Oracle Directory Services Manager version automatically displays as 11.1.1.2.0 in the Enterprise Manager console for all patch set releases. This Oracle Directory Services Manager version number does not increment to match the patch set version when you upgrade.

27.1.21 Connection Issues to OVD

In non-Linux environments, if you have any issues connecting to Oracle Virtual Directory from Oracle Directory Services Manager, LDAP tools, or any other applications, you must disable NIO in the non-SSL listener by using the following steps:

  1. From a command window, stop Oracle Virtual Directory:

    $ORACLE_INSTANCE/bin/opmnctl stopproc ias-component=ovd1
    
  2. Edit the $ORACLE_INSTANCE/config/OVD/ovd1/listeners.os_xml file as follows:

    1. Locate this LDAP non-SSL listener section:

      <ldap id="LDAP Endpoint" version="0">
            <port>6501</port>
            <host>0.0.0.0</host>
            .........
            .........
             <tcpNoDelay>true</tcpNoDelay>
             <readTimeout>0</readTimeout>
          </socketOptions>
       </ldap>
      
    2. Modify the section by adding <useNIO>false</useNIO>, as indicated:

       <ldap id="LDAP Endpoint" version="0">
            <port>6501</port>
            <host>0.0.0.0</host>
            .........
            .........
             <tcpNoDelay>true</tcpNoDelay>
             <readTimeout>0</readTimeout>
          </socketOptions>
          <useNIO>false</useNIO>
       </ldap>
      
  3. Start Oracle Virtual Directory:

    $ORACLE_INSTANCE/bin/opmnctl startproc ias-component=ovd1
    

This modification should resolve the connection issues.

27.1.22 ODSM Version 11.1.1.70 Does Not Support OVD Versions 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0, or 11.1.1.6.0

Oracle Directory Services Manager Version 11.1.1.7.0 does not support Oracle Virtual Directory Versions 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0, or 11.1.1.6.0.

Changes introduced in Oracle Directory Services Manager Version 11.1.1.7.0 improve configuration auditing, and these changes require that you use Oracle Virtual Directory 11.1.1.7.0.

27.1.23 Modify Completes When Updating a Mandatory Attribute to Null

If a modify operation adds an attribute with an empty value, and the attribute type does not allow empty values, the operation no longer returns an error. For example, ldapmodify ADD sn with an empty value previously returned an Invalid Syntax error and now it does not return any errors. Other modify operation failures are properly reported.

27.1.24 Online Help Section is Not Working

The Oracle Directory Services Manager online help section does not work in Internet Explorer 10 (IE10) web browsers.

27.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

27.2.1 Configuring an OVD/OID Adapter For SSL Mutual Authentication

Neither Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory nor Oracle Fusion Middleware Administrator's Guide describes how to set up an Oracle Virtual Directory/Oracle Internet Directory adapter for SSL Mutual Authentication. This information is provided in Note 1449118.1 and Note 1311791.1, which are available on My Oracle Support at:

https://support.oracle.com/

27.3 Documentation Errata

This section describes documentation errata in the Administrator's Guide for Oracle Virtual Directory. It includes the following topics:

27.3.1 Deploying Oracle Unified Directory with Oracle Virtual Directory

You can deploy Oracle Unified Directory as an LDAP data source with Oracle Virtual Directory. For information about how to deploy Oracle Unified Directory with Oracle Virtual Directory, see "Creating LDAP Adapters" in the Oracle® Fusion Middleware Administrator's Guide for Oracle Virtual Directory.

PK>aq"PK Oracle Identity Federation

20 Oracle Identity Federation

This chapter describes issues associated with Oracle Identity Federation. It includes the following topics:

20.1 General Issues and Workarounds

This section describes general issues and workarounds. It includes the following topics:

20.1.1 Database Table for Authentication Engine must be in Base64 Format

When using a database table as the authentication engine, and the password is stored hashed as either MD5 or SHA, it must be in base64 format.

The hashed password can be either in the base64-encoded format or with a prefix of {SHA} or {MD5}. For example:

{SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M= 

20.1.2 Considerations for Oracle Identity Federation HA in SSL mode

In a high availability environment with two (or more) Oracle Identity Federation servers mirroring one another and a load balancer at the front-end, there are two ways to set up SSL:

  • Configure SSL on the load balancer, so that the SSL connection is between the user and the load balancer. In that case, the keystore/certificate used by the load balancer has a CN referencing the address of the load balancer.

    The communication between the load balancer and the WLS/Oracle Identity Federation can be clear or SSL (and in the latter case, Oracle WebLogic Server can use any keystore/certificates, as long as these are trusted by the load balancer).

  • SSL is configured on the Oracle Identity Federation servers, so that the SSL connection is between the user and the Oracle Identity Federation server. In this case, the CN of the keystore/certificate from the Oracle WebLogic Server/Oracle Identity Federation installation needs to reference the address of the load balancer, as the user will connect using the hostname of the load balancer, and the Certificate CN needs to match the load balancer's address.

    In short, the keystore/certificate of the SSL endpoint connected to the user (load balancer or Oracle WebLogic Server/Oracle Identity Federation) needs to have its CN set to the hostname of the load balancer, since it is the address that the user will use to connect to Oracle Identity Federation.

20.1.3 Database Column Too Short error for IDPPROVIDEDNAMEIDVALUE

Problem

When Oracle Identity Federation is configured to use a database store for session and message data store, the following error is seen if data for IDPPROVIDEDNAMEID is over 200 characters long:

 ORA-12899: value too large for column
"WDO_OIF"."ORAFEDTMPPROVIDERFED"."IDPPROVIDEDNAMEIDVALUE" (actual: 240,
maximum: 200)\n]

Workaround

Alter table ORAFEDTMPPROVIDERFED to increase the column size for "idpProvidedNameIDValue" to 240.

20.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

20.2.1 WLST Environment Setup when SOA and OIF are in Same Domain

If your site contains Oracle SOA Suite and Oracle Identity Federation in the same domain, the WLST setup instructions in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation are insufficient for WLST to correctly execute Oracle Identity Federation commands.

This can happen if you install an IdM domain, then extend it with an Oracle SOA install; the SOA installer changes the ORACLE_HOME environment variable. This breaks the Oracle Identity Federation WLST environment, as it relies on the IdM value for ORACLE_HOME.

Take these steps to enable the use of WLST commands:

  1. Execute the instructions described in Section 9.1.1, Setting up the WLST Environment, in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation.

  2. Copy OIF-ORACLE_HOME/fed/script/*.py to WL_HOME/common/wlst.

  3. Append the CLASSPATH environment variable with OIF-ORACLE_HOME/fed/scripts.

20.2.2 Oracle Virtual Directory Requires LSA Adapter

To use Oracle Virtual Directory as an Oracle Identity Federation user store or an authentication engine, you must configure a Local Storage Adapter, and the context root must be created as required at installation or post-install configuration time.

For details about this task, see the chapter Creating and Configuring Oracle Virtual Directory Adapters in the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory.

20.2.3 Settings for Remote WS-Fed SP Must be Changed Dynamically

On the Edit Federations page, the Oracle Identity Federation (OIF) settings for remote WS-Fed service provider contain a property called SSO Token Type; you can choose to either inherit the value from the IdP Common Settings page or override it here. The number of properties shown in 'OIF Settings' depends on the value of SSO Token Type.

If you choose to override SSO Token Type with a different value (for example, by changing from SAML2.0 to SAML1.1), the number of properties shown in 'OIF Settings' does not change until you click the Apply button.

Also, if you have overridden the value for Default NameID Format to 'Persistent Identifier' or 'Transient/One-Time Identifier', then changed the SSO Token Type value from 'SAML2.0' to 'SAML1.1' or 'SAML1.0', you will notice that the value for Default NameID Format is now blank. To proceed, you must reset this property to a valid value from the list.

20.2.4 Required Property when Creating a WS-Fed Trusted Service Provider

When you create a WS-Fed Trusted Service Provider, you must set the value for the 'Use Microsoft Web Browser Federated Sign-On' property with these steps:

  1. In Fusion Middleware Control, navigate to Federations, then Edit Federations.

  2. Choose the newly create WS-Fed Trusted Service Provider and click Edit.

  3. In the 'Trusted Provider Settings' section, set the value for Use Microsoft Web Browser Federated Sign-On by checking or unchecking the check-box.

  4. Click Apply.

20.2.5 Federated Identities Table not Refreshed After Record Deletion

When the federation store is XML-based, a record continues to be displayed in the federated identities table after it is deleted.

The following scenario illustrates the issue:

  1. The federation data store is XML.

  2. Perform federated SSO, using "map user via federated identity".

  3. In Fusion Middleware Control, locate the Oracle Identity Federation instance, and navigate to Administration, then Identities, then Federated Identities.

  4. Click on the created federation record and delete it.

After deletion, the federated record is still in the table. Further attempts at deleting the record result in an error.

The workaround is to manually refresh the table by clicking Search.

20.2.6 Default Authentication Scheme is not Saved

Problem

This problem is seen when you configure Oracle Access Manager in Fusion Middleware Control as a Service Provider Integration Module. It is not possible to set a default authentication scheme since the default is set to a certain scheme (say OIF-password-protected) but the radio button is disabled.

Solution

Take these steps to set the preferred default authentication scheme:

  1. Check the Create check-box for the scheme that is currently set as the default but disabled.

  2. Check the Create check-box(es) for the authentication scheme(s) that you would like to create.

  3. Click the radio button of the scheme that you wish to set as the default.

  4. Uncheck the Create check-box of the scheme in Step 1 only if you do not want to create the scheme.

  5. Provide all the required properties in the page.

  6. Click the Configure Oracle Access Manager button to apply the changes.

The default authentication scheme is now set to the one that you selected.


Note:

In addition, when trying to remove any authentication scheme, ensure that you do not remove the default scheme; if you must remove the scheme, change the default to another authentication scheme before you remove the scheme.


20.2.7 Configuring 10g to Work with 11g Oracle Identity Federation using Artifact Profile

In the SAML 1.x protocol, for a 10g Oracle Identity Federation server to work with an 11g Oracle Identity Federation server using the Artifact profile, you need to set up either basic authentication or client cert authentication between the two servers.

For instructions, see:

20.2.8 Regenerating OAM 11g Key Requires Oracle Identity Federation Upgrade Script

In Oracle Enterprise Manager Fusion Middleware Control, when you configure the SP Integration Module for Oracle Access Manager 11g, you can regenerate the secret key by clicking the Regenerate button (Service Provider Integration Modules page, Oracle Access Manager 11g tab).

In an upgraded 11.1.1.7.0 environment, it is necessary to execute the Oracle Identity Federation upgrade script before you regenerate the OAM 11g secret key from this page. For details about how to run the script, see the Oracle Fusion Middleware Patching Guide.

20.3 Documentation Errata

This section contains documentation errata for the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation.


Note:

For documentation errata and other release notes relating to the integration of Oracle Identity Federation with Oracle Access Manager 11g , see the chapter for "Oracle Access Manager."


This section contains these topics:

20.3.1 Incorrect Command Cited for BAE Configuration Procedure

In the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation, Part Number E13400-06, Section 6.8.2 Configuring the BAE Direct Attribute Exchange Profile, subsection "Set the BAE Direct Attribute Exchange Profile for a Partner", the procedure incorrectly documents the WLST command setPartnerProperty instead of the correct setFederationProperty command.

Replace the two commands mentioned in that subsection with:

setFederationProperty("PARTNER_PROVIDER_ID", "attributebaeenabled" ,
"true","boolean")
 
setFederationProperty("PARTNER_PROVIDER_ID", "attributebaeenabled" ,
"false","boolean") 

to set and unset the BAE property, respectively.

20.3.2 SP Post-Processing Plug-in Properties for OAM 11g

In the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation, Part Number E13400-06, Section 12.5.2 Configuring Oracle Identity Federation for the Plug-in is missing the properties needed to configure Oracle Access Manager 11g.

Add the following row to the end of Table 12-3 SP Engine Configuration for Post-processing Plug-in; this row shows the properties needed for Oracle Access Manager 11g:

SP Engineweb context propertyrelative path property

OAM 11g

oam11g-login-context

oam11g-login


20.3.3 Short Hostname Redirect Using mod_rewrite Configuration

In the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation, Part Number E13400-06, Section 3.2.2.2 Integrate Oracle Single Sign-On with OHS (as well as earlier editions with the same section), the code in comments (lines starting with #) at the end of the section should be revised to use a mod_rewrite configuration.

Replace the text:

#
# If you would like to have short hostnames redirected to
# fully qualified hostnames to allow clients that need
# authentication via mod_osso to be able to enter short
# hostnames into their browsers uncomment out the following
# lines
#
#PerlModule Apache::ShortHostnameRedirect
#PerlHeaderParserHandler Apache::ShortHostnameRedirect

with the text:

#
# To have short hostnames redirected to fully qualified
# hostnames for clients that need authentication via
# mod_osso to be able to enter short hostnames into their
# browsers use a mod_rewrite configuration such as the following.
#
# e.g
#RewriteEngine On
#RewriteCond %{HTTP_HOST} !www.example.com
#RewriteRule î.*$ http://%{SERVER_NAME}%{REQUEST_URI} [R]
#where www.example.com is the fully qualified domain name. 
PKdxZVVPKꑈ53=Z]'yuLG*)g^!8C?-6(29K"Ĩ0Яl;U+K9^u2,@@ (\Ȱ Ë $P`lj 8x I$4H *(@͉0dа8tA  DсSP v"TUH PhP"Y1bxDǕ̧_=$I /& .)+ 60D)bB~=0#'& *D+l1MG CL1&+D`.1qVG ( "D2QL,p.;u. |r$p+5qBNl<TzB"\9e0u )@D,¹ 2@C~KU 'L6a9 /;<`P!D#Tal6XTYhn[p]݅ 7}B a&AƮe{EɲƮiEp#G}D#xTIzGFǂEc^q}) Y# (tۮNeGL*@/%UB:&k0{ &SdDnBQ^("@q #` @1B4i@ aNȅ@[\B >e007V[N(vpyFe Gb/&|aHZj@""~ӎ)t ? $ EQ.սJ$C,l]A `8A o B C?8cyA @Nz|`:`~7-G|yQ AqA6OzPbZ`>~#8=./edGA2nrBYR@ W h'j4p'!k 00 MT RNF6̙ m` (7%ꑀ;PKl-OJPKV%ȣOΏ9??:a"\fSrğjAsKJ:nOzO=}E1-I)3(QEQEQEQEQEQEQE֝Hza<["2"pO#f8M[RL(,?g93QSZ uy"lx4h`O!LŏʨXZvq& c՚]+: ǵ@+J]tQ]~[[eϸ (]6A&>ܫ~+כzmZ^(<57KsHf妬Ϧmnẁ&F!:-`b\/(tF*Bֳ ~V{WxxfCnMvF=;5_,6%S>}cQQjsOO5=)Ot [W9 /{^tyNg#ЄGsֿ1-4ooTZ?K Gc+oyڙoNuh^iSo5{\ܹ3Yos}$.nQ-~n,-zr~-|K4R"8a{]^;I<ȤL5"EԤP7_j>OoK;*U.at*K[fym3ii^#wcC'IIkIp$󿉵|CtĈpW¹l{9>⪦׺*ͯj.LfGߍԁw] |WW18>w.ӯ! VӃ :#1~ +މ=;5c__b@W@ +^]ևՃ7 n&g2I8Lw7uҭ$"&"b eZ":8)D'%{}5{; w]iu;_dLʳ4R-,2H6>½HLKܹR ~foZKZ࿷1[oZ7׫Z7R¢?«'y?A}C_iG5s_~^ J5?œ tp]X/c'r%eܺA|4ծ-Ե+ْe1M38Ǯ `|Kյ OVڅu;"d56, X5kYR<̭CiطXԮ];Oy)OcWj֩}=܅s۸QZ*<~%뺃ȶp f~Bðzb\ݳzW*y{=[ C/Ak oXCkt_s}{'y?AmCjޓ{ WRV7r. g~Q"7&͹+c<=,dJ1V߁=T)TR՜*N4 ^Bڥ%B+=@fE5ka}ędܤFH^i1k\Sgdk> ֤aOM\_\T)8靠㡮3ģR: jj,pk/K!t,=ϯZ6(((((((49 xn_kLk&f9sK`zx{{y8H 8b4>ÇНE|7v(z/]k7IxM}8!ycZRQ pKVr(RPEr?^}'ðh{x+ՀLW154cK@Ng C)rr9+c:׹b Жf*s^ fKS7^} *{zq_@8# pF~ [VPe(nw0MW=3#kȵz晨cy PpG#W:%drMh]3HH<\]ԁ|_W HHҡb}P>k {ZErxMX@8C&qskLۙOnO^sCk7ql2XCw5VG.S~H8=(s1~cV5z %v|U2QF=NoW]ո?<`~׮}=ӬfԵ,=;"~Iy7K#g{ñJ?5$y` zz@-~m7mG宝Gٱ>G&K#]؃y1$$t>wqjstX.b̐{Wej)Dxfc:8)=$y|L`xV8ߙ~E)HkwW$J0uʟk>6Sgp~;4֌W+חc"=|ř9bc5> *rg {~cj1rnI#G|8v4wĿhFb><^ pJLm[Dl1;Vx5IZ:1*p)إ1ZbAK(1ׅ|S&5{^ KG^5r>;X׻K^? s fk^8O/"J)3K]N)iL?5!ƾq:G_=X- i,vi2N3 |03Qas ! 7}kZU781M,->e;@Qz T(GK(ah(((((((Y[×j2F}o־oYYq $+]%$ v^rϭ`nax,ZEuWSܽ,g%~"MrsrY~Ҿ"Fت;8{ѰxYEfP^;WPwqbB:c?zp<7;SBfZ)dϛ; 7s^>}⍱x?Bix^#hf,*P9S{w[]GF?1Z_nG~]kk)9Sc5Ո<<6J-ϛ}xUi>ux#ţc'{ᛲq?Oo?x&mѱ'#^t)ϲbb0 F«kIVmVsv@}kҡ!ˍUTtxO̧]ORb|2yԵk܊{sPIc_?ħ:Ig)=Z~' "\M2VSSMyLsl⺿U~"C7\hz_ Rs$~? TAi<lO*>U}+'f>7_K N s8g1^CeКÿE ;{+Y\ O5|Y{/o+ LVcO;7Zx-Ek&dpzbӱ+TaB0gNy׭ 3^c T\$⫫?F33?t._Q~Nln:U/Ceb1-im WʸQM+VpafR3d׫é|Aү-q*I P7:y&]hX^Fbtpܩ?|Wu󭏤ʫxJ3ߴm"(uqA}j.+?S wV ~ [B&<^U?rϜ_OH\'.;|.%pw/ZZG'1j(#0UT` Wzw}>_*9m>󑓀F?EL3"zpubzΕ$+0܉&3zڶ+jyr1QE ( ( ( ( ( ( ( (UIdC0EZm+]Y6^![ ԯsmܶ捆?+me+ZE29)B[;я*wGxsK7;5w)}gH~.Ɣx?X\ߚ}A@tQ(:ͧ|Iq(CT?v[sKG+*רqҍck <#Ljα5݈`8cXP6T5i.K!xX*p&ќZǓϘ7 *oƽ:wlຈ:Q5yIEA/2*2jAҐe}k%K$N9R2?7ýKMV!{W9\PA+c4w` Wx=Ze\X{}yXI Ү!aOÎ{]Qx)#D@9E:*NJ}b|Z>_k7:d$z >&Vv󃏽WlR:RqJfGإd9Tm(ҝEtO}1O[xxEYt8,3v bFF )ǙrPNE8=O#V*Cc𹾾&l&cmCh<.P{ʦ&ۣY+Gxs~k5$> ӥPquŽўZt~Tl>Q.g> %k#ú:Kn'&{[yWQGqF}AЅ׮/}<;VYZa$wQg!$;_ $NKS}“_{MY|w7G!"\JtRy+贾d|o/;5jz_6fHwk<ѰJ#]kAȎ J =YNu%dxRwwbEQEQEQEQEQEQEQEQEQE'fLQZ(1F)hQ@X1KEQE-Q@ 1KE3h=iPb(((1GjZ(-ʹRPbR@ 1KE7`bڒyS0(-&)P+ ڎԴP11F)h&:LRmQ@Q@Š(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((?l:ϊw "{{-3j3%{+Zoi.{YUڪ1kcMմfݮ4Br%*8%I.QT-[MѭT-,`g]L)lXqjV4Ķ%ѡ')$r_Ĭ AVuoż9#`FApA+麶۵ƗZ_@QeP#8 Uh燮,/jXJ}9Q]рN:]dko-ıH^I$`I$$:[zޛ}:v%`$)' gVko-ıH^I$`I$$..3D ?+pcV4[MmK-/W(Z̲lTq(Q@'94 >SJJFCI'L~yᵷX$/$0UE$xs@U{=2K--cFI,٬|Cό<)a-8nQǰ_VBNM>rE+/uoż9#`FApA椬 eq-"mV89 Wcag]E7dt&i5j K%-p 3N=\o?:evjh$#b9#hɫirLiJ*+rcTY2K;iVQ|3@#*NFA7'u@yi}ŭim=춎if@NXr???6޽ +/R.\-3X&+2qF}\㼰L $0? ESVf&-P7h)Y3>e֍KVtku5 K,S,J[ g{EG[qo,sA*H2AG9z\][j3>˘]lNTC@(O]O+[U"ߌg2:zMմfݮ4Br%*8%I.QU9//വA.H,x$ƩxAn/u6 m$H2' 0zZԢxn⸷9$l]H #<4Ķ%ѡ')$r_Ĭ APQ@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@'K|U].VCyCO#GUH~9Й>/CcaSm(߇-'-ZoDQ03u]W?O5 `!ºv__Avڄ3Agw?±kc+[O?o?DA9Oz炼+OF$}_FZQ*a6OOY?u98we2٬32xvwt'S-@䯖xl9qyVOeX{Mw:!Udf_wYߝFv()9OIaY?TU1?\8wjiP:ʹ4ږEHKH|TW7gnזZeݕď@H|I%Y 'mcxⷆ|?᫻ kM/g-)nNGs^yi0>Dx0sEn݂2(/ľ|M߬lVviuCpCo+2x[ŧq9ݑTh6>``8d;ς_Ht/x҉+%O`(x]|Y=c9o-hX YK'kdzjok$ZvdfCb +89?g'dQU}|OX)oVWo{ab]!۴NҩKyK55oP_yf.$s8⻏Huw҈%Oow:֥H.FBER 3+|8ߎd~&,rȉW*I!qjH RFHдzfy?nVn7ۅ݌9EpwHݻw@8ɠ#'h%ԮoIjڅ<1\DY@FFPT\fx?ڤq +0,. 9fʧR9+o\kSi2^ ^0-+0eh|,V4+Jj|1"d>wpp0';@=ow:oú_Ϫ_E(w Hc]O`HpzHuw҈' *E-yW췚=/T@n/n_ rF ݆j|K6NQ6dg cՠC񆯥Ϫz(Ǩ Cs}qe,7cᯀwPiI}Zh\`fB `(vqQ@{,Kk`@+(I"q+䳿LoxĈ  Eps}sq,Gs2($WGXYqZAikvCb4\Np2I?X17m:t-d漙r'.I·N{ ^ V2gi z`0օ <j)h%`$l DX0Ñ]E\^GZD̛܌a'X3MN \[bǖ$I[}d[7m`Õ @<Т+Xu~]I )<:?^U4H'fFxd 7g]Eǿ7 b+KH{Hn' (u . #" d"0QӰZ؋,5m" {Vi6@HNLztP>m^tNϺu*s QzlQEq:t.$;$a(f$֦xYt]7J[q #egzA[P{}ON̵7#OJ߅oXhvdS3'e'ʶ(UOukjv>_]1'kFڞ= Ff"tݱ'd@*7YFlVQ1TEwq)io|  ¡V5Qoi~!8m$_8b LzbׇKK=_zAljK嶄qr~H^p I;4xRH5f{r`NFYB H+%[^]`F!,z<3ƧoZ/ MJK)s K4 rY,1'p :*?ֽt>,T j|NF5M/8eᜡg,PqR=2s:h6sI-VW{bHfB ?>O<[֬K/RJq5g a` <2B@=RΣ?ɧwzGab +33N6XtOi> PjL/;@7csd%R}Eq~/U? QdDQ]["ѤIr#*[rr(߀/MuxPDI)=+9#A݀G . OA~mm_iyd9.7o͞z yض־9:ɦ"lN⬬K)%v.0P@Ex?>K-X/E+VVamPX0mc<|kJїVVUYG"8aߧSր7+揉)fs[I/ä}KCvM 4aUE}O~eֈ!7;`#OJYe>[Tz`3WZ7}.]Btxf1#mS8n@}j©<Wᶱs_T ,Ѱ˪?- &8gmh(+j-SE_ndZ՟2̊s)$ bw Ϛ?~Imh+'u/x:]ދ{f3W/ F:7Y5Qws˩ 0[2(3|ApM^1n(oEC"u*@:ni 7XѬ+-F}'M.w{u).F`n( ~ |2nKm;]FV 2B8>s=M2VV~\0Y ^x⯇<&=wh7"݈3`a@H;KJUMeޤt&Fͪ,93JHuw҈о[!uW>Vfm683Z G;x<Y#..m.(ć$o0ݸ  4?Yi쬡"3 8s 2bE2ng +T0(<k>5 SKV Dp qN=zx$P** ZT.]NDY.iX/,II85GZiy[0^X=G+'GF:V\*OIaY?TUgHMq4O \e 08  M𧃥wpSjL,p#t st6$>}y}dg( F>EfנxkAcI<;;9,Ĝp3h='CG wXị\YdԻrwI>e6ǚ"X c*6?^?ƫX]ƙGsgp%0`v?;8,5VL $F x8 ·>x V/uBqI]c;wag:O j:/_W1&d4*Hr{ 9<þKr_YceqHbbߚ4>dvhR~K( IpF0FF+g]I<2Q1 Q03sגzq@ 5 u ۛ), 1q%<wjom.9R(nP bN@r8~ м5iyL;fQYp02jsHHq&ȯ-dpC089g%ZǍOwh $פxIOvZ%:g[M?t?*WϾin!B+G4~P߹' ͅ?1`-{~|?>`n߻s·N{ ^ V2gi z`0כ<+G>ng>о^fvoێ>w4Y4f d`߾# ˕b+(IxW_Ļv1;e2s*8bRe=k4mKEVfcqɮ?|--ak}k}& C:SEwaw+2 VVNT $/ym"yqgv֋;}Q?9n"3E%a\NЊ +J}3L6EtQ'$$hx|'`? |xNݍBEHeЎ>hךV<%a]1Uc+,|cMbHȕ%} p7FO\ <[oqsA*92<G3~+W^%w62XI z @~4_n𖅣:VfHtgF(q@: *O xÞ i9M]' T @^+M g5u QE1ѶZo5 T9[[,.]#a򤑘B:(/CcaSm$](1=;PAEgZ߇[~iϕvnp38@Q@Q@_x{SӮ>}=[ͼ#! ۇ#ȬZƉ ;_~\.̿3 Ts@Q@Q@Q@Q@Q@)35ƕHy7:q }zz5?wyWZ}>7;F$Ec]W]gr>]Cd^? S)uuSci m䧙xM zx((򿋾%FOKƧĖBDNb.z(g 6}Z?ϒ/^u |~8ӯV _G, %vy(+-[R>.v|:bQEQEQEQEQEQEWY>$Oæ>6OZMRJP[}1xγ/w۫G "*UI;vT(((((((((((/CcaSmëOmkI~d*z1Ѷ|mCۿG@>x;Z,=W>Uf$+?q/;vZui`f?/fHPglr^yZ襯?sxUIdARW#vG(9Cmto:@V8SHˌw|f:uڻAw{#Rv2H5oz]Ƨz͵oW,(Y$$IC²訨> x={K%I~DÜb|]DmoFn$,0ɯHA%wG`(?$](<R?InQtyZ襠???6޽???6ހ=WK/R&PM0c%ncr>^7k<:;,vi; LBqЖ@Hu_|g&7`ɦD&X(i-vOZT.]NDY.iX/,II85cwsoWNH$ו?O5 `}ox]LIڋ%c{Exh!k{ u6I#C+A8n_|u êO{"Ai w^HgF,|M6O0x3'~7V,úm6,geu\zA":gq_GԴG&ٟqn\.T*IY ω^7tVl6mQJu |+p\+ug597maIP:SH\r0ܺ60ȭ!aX0*Y?)l|0v:V6F1~qGˆ'gmkS foɭYI"P˱ٌHQY~gmh}GA5kj}GYI' A¿Vs]|MS| &o$־fW18lpN1x> /侃WԎ+Y[M s;}_co>6iV:Oo!\w;~t;/MN 5S o*>~IC aQ 9<@/SϷ#۱_&H~Iv{tOT|9%^:+c@8|NwNz T ui9ͧDn]P![vIȕO$ 3s?|C}6Z|gՕk2bt VS0g7ë J.s))*|i#8ڹ<3⫫ym>*k3A*9VWR0A|GP޷50ya/-R F|ɸu*SjW7 x#Lm"GxP* a?\ P'Tۊ P'Tۊ ( ( ( ( ( ( ( ( ( ( (8xcV/|#smW\ѬC&+p@5Ey>Xd5T-.d FIؐ) 9'KgOjp`C|!3G#y`{(%s}qνU=Ii?7 ;< O붹|+D]s޻ (on]6y<;Oz?1ϱm"vz(}a_ٿj闗fg4x'xB@g>~n׵tPG &_hzm\K dvCcI5suK [jàY`!rX'nFk(}a_ٿj闗fg4x'xB@g>~n׵tPW j?eûOoxnw QEq/"!>˿^F#瑶q\>6,lҔI(E>S$RqQE|Ig;U$FeL8 ´4/$52_Y:62a"ǜ@R`vX1Sk,5il;ëaGZρZqkq{'RI5B(LS#zWQ@ x_YTƥ]ڌYNFHG/|?㨴7T~ũ8̒v;Ap#?a69+4/YK}g J<[9S|`@g9گ/:Ώlfu3*lH5~Ϻl? ĭKn" NBa6;V4k=„|9(uWA6[0D#5 `(Ja_JC[Gwim^3ڻ (?P/Zn6y>1VS|P?1CHmYxxtt=ddA ?9 /YlF*y98d9xKW7wZ[$#88,rOx5ohm?#^Cv}n{ (]ͤjyrŴg\Y@`G$(?ڕMk? 4dd oy6^Lӭ,mbHaME(֬QEp~5&f/[Mmjkf;dkiW_u+i}̐ۺ4͒rM9br}O{emA妙O]C}.]g,ǀ@zVPEPEPEPEPEPEPEPEPEPEP~{CeM+[r@,N+[x\k%&+Kijip69YrNy}{–޷++ULsF}b!($ qUE81@?|Y/YEd縷YRVaonm*jqxڏ\xW_)ÿ^xn]y!]$Q޺_Ht/x҉+(7O<{O x/_f o!E,;pf?u(M]KǞ5H-!+׷UFU*'s1\qyVO{Ş/t_ xFMN{u/f6܏®vya{(.|Ga+K"X)h0]ZP'Tۊ Y+iiRDT v^/8Q^^?$:|hOOaWjL0H>:1`(((((((((((((((((((((((((((?4W*~^^'(>\ik6%}M8|d Gik-JV}5| @x(*?mt5Ҿ$_k0i~-d0eaG^Ǐ^GkkAuK3Zuේc4]c{s;y_]覫m<9io`'bWOƼľj(їEyHan䀄 ӌ~KIoQ%zx~/^thv0nٿn,yh ֮Q@Q@Q@Q@Q@Q@Q@Q@'MѭK,`g.±)l3*PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPPKg75w0wPK Oracle Legal Notices

Oracle Legal Notices

Copyright Notice

Copyright © 1994-2014, Oracle and/or its affiliates. All rights reserved.

Trademark Notice

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

License Restrictions Warranty/Consequential Damages Disclaimer

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

Warranty Disclaimer

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

Restricted Rights Notice

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.

Hazardous Applications Notice

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

Third-Party Content, Products, and Services Disclaimer

This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.

Alpha and Beta Draft Documentation Notice

If this document is in preproduction status:

This documentation is in preproduction status and is intended for demonstration and preliminary use only. It may not be specific to the hardware on which you are using the software. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to this documentation and will not be responsible for any loss, costs, or damages incurred due to the use of this documentation.

Oracle Logo

PK0hPK 1) collapsible = false; for (var k = 0; k < p.length; k++) { if ( getTextContent(p[k]).split(" ").length > 12 ) collapsible = false; c.push(p[k]); } } if (collapsible) { for (var j = 0; j < c.length; j++) { c[j].style.margin = "0"; } } } function getTextContent(e) { if (e.textContent) return e.textContent; if (e.innerText) return e.innerText; } } addLoadEvent(compactLists); function processIndex() { try { if (!/\/index.htm(?:|#.*)$/.test(window.location.href)) return false; } catch(e) {} var shortcut = []; lastPrefix = ""; var dd = document.getElementsByTagName("dd"); for (var i = 0; i < dd.length; i++) { if (dd[i].className != 'l1ix') continue; var prefix = getTextContent(dd[i]).substring(0, 2).toUpperCase(); if (!prefix.match(/^([A-Z0-9]{2})/)) continue; if (prefix == lastPrefix) continue; dd[i].id = prefix; var s = document.createElement("a"); s.href = "#" + prefix; s.appendChild(document.createTextNode(prefix)); shortcut.push(s); lastPrefix = prefix; } var h2 = document.getElementsByTagName("h2"); for (var i = 0; i < h2.length; i++) { var nav = document.createElement("div"); nav.style.position = "relative"; nav.style.top = "-1.5ex"; nav.style.left = "1.5em"; nav.style.width = "90%"; while (shortcut[0] && shortcut[0].toString().charAt(shortcut[0].toString().length - 2) == getTextContent(h2[i])) { nav.appendChild(shortcut.shift()); nav.appendChild(document.createTextNode("\u00A0 ")); } h2[i].parentNode.insertBefore(nav, h2[i].nextSibling); } function getTextContent(e) { if (e.textContent) return e.textContent; if (e.innerText) return e.innerText; } } addLoadEvent(processIndex); PKo"nR M PK Oracle Fusion Middleware Administration

4 Oracle Fusion Middleware Administration

This chapter describes issues associated with Oracle Fusion Middleware administration. It includes the following topics:


Note:

This chapter contains issues you might encounter while administering any of the Oracle Fusion Middleware products.

Be sure to review the product-specific release note chapters elsewhere in this document for any additional issues specific to the products you are using.


4.1 General Issues and Workarounds

This section describes general issue and workarounds. It includes the following topics:

4.1.1 Clarification About Path for OPMN

OPMN provides the opmnctl command. The executable file is located in the following directories:

  • ORACLE_HOME/opmn/bin/opmnctl: The opmnctl command from this location should be used only to create an Oracle instance or a component for an Oracle instance on the local system. Any opmnctl commands generated from this location should not be used to manage system processes or to start OPMN.

    On Windows, if you start OPMN using the opmnctl start command from this location, OPMN and its processes will terminate when the Windows user has logged out.

  • ORACLE_INSTANCE/bin/opmnctl: The opmnctl command from this location provides a per Oracle instance instantiation of opmnctl. Use opmnctl commands from this location to manage processes for this Oracle instance. You can also use this opmnctl to create components for the Oracle instance.

    On Windows, if you start OPMN using the opmnctl start command from this location, it starts OPMN as a Windows service. As a result, the OPMN parent process, and the processes which it manages, persist after the MS Windows user has logged out.

4.1.2 Fusion Middleware Control May Return Error in Mixed IPv6 and IPv4 Environment

If your environment contains both IPv6 and IPv4 network protocols, Fusion Middleware Control may return an error in certain circumstances.

If the browser that is accessing Fusion Middleware Control is on a host using the IPv4 protocol, and selects a control that accesses a host using the IPv6 protocol, Fusion Middleware Control will return an error. Similarly, if the browser that is accessing Fusion Middleware Control is on a host using the IPv6 protocol, and selects a control that accesses a host using the IPv4 protocol, Fusion Middleware Control will return an error.

For example, if you are using a browser that is on a host using the IPv4 protocol and you are using Fusion Middleware Control, Fusion Middleware Control returns an error when you navigate to an entity that is running on a host using the IPv6 protocol, such as in the following situations:

  • From the Oracle Internet Directory home page, you select Directory Services Manager from the Oracle Internet Directory menu. Oracle Directory Services Manager is running on a host using the IPv6 protocol.

  • From a Managed Server home page, you click the link for Oracle WebLogic Server Administration Console, which is running on IPv6.

  • You test Web Services endpoints, which are on a host using IPv6.

  • You click an application URL or Java application which is on a host using IPv6.

To work around this issue, you can add the following entry to the /etc/hosts file:

nnn.nn.nn.nn  myserver-ipv6 myserver-ipv6.example.com

In the example, nnn.nn.nn.nn is the IPv4 address of the Administration Server host, myserver.example.com.

4.1.3 Deploying JSF Applications

Some JSF applications may experience a memory leak due to incorrect Abstract Window Toolkit (AWT) application context classloader initialization in the Java class library. Setting the oracle.jrf.EnableAppContextInit system property to true will attempt eager initialization of the AWT application context classloader to prevent this leak from occurring. By default, this property is set to false.

4.1.4 Limitations in Moving from Test to Production

Note the following limitations in moving from test to production:

  • If your environment includes Oracle WebLogic Server which you have upgraded from one release to another (for example from 10.3.4 to 10.3.5), the pasteConfig scripts fails with the following error:

    Oracle_common_home/bin/unpack.sh line29:
    WL_home/common/bin/unpack.sh No such file or directory
    

    To work around this issue, edit the following file:

    MW_HOME/utils/uninstall/WebLogic_Platform_10.3.5.0/WebLogic_Server_10.3.5.0_Core_Application_Server.txt file
    

    Add the following entries:

    /wlserver_10.3/server/lib/unix/nodemanager.sh
    /wlserver_10.3/common/quickstart/quickstart.cmd
    /wlserver_10.3/common/quickstart/quickstart.sh
    /wlserver_10.3/uninstall/uninstall.cmd
    /wlserver_10.3/uninstall/uninstall.sh
    /utils/config/10.3/setHomeDirs.cmd
    /utils/config/10.3/setHomeDirs.sh
    
  • When you are moving Oracle Virtual Directory, the Oracle instance name in the source environment cannot be the same as the Oracle instance name in the target environment. The Oracle instance name in the target must be different than the name in the source.

  • After you move Oracle Virtual Directory from one host to another, you must add a self-signed certificate to the Oracle Virtual Directory keystore and EM Agent wallet on Host B. Take the following steps:

    1. Set the ORACLE_HOME and JAVA_HOME environment variables.

    2. Delete the existing self-signed certificate:

      $JAVA_HOME/bin/keytool -delete -alias serverselfsigned
        -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks
        -storepass OVD_Admin_password 
      
    3. Generate a key pair:

      $JAVA_HOME/bin/keytool -genkeypair
        -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks
        -storepass OVD_Admin_password -keypass OVD_Admin_password -alias serverselfsigned
        -keyalg rsa -dname "CN=Fully_qualified_hostname,O=test" 
      
    4. Export the certificate:

      $JAVA_HOME/bin/keytool -exportcert
        -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks
        -storepass OVD_Admin_password -rfc -alias serverselfsigned
        -file ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/ovdcert.txt 
      
    5. Add a wallet to the EM Agent:

      ORACLE_HOME/../oracle_common/bin/orapki wallet add
        -wallet ORACLE_INSTANCE/EMAGENT/EMAGENT/sysman/config/monwallet
        -pwd EM_Agent_Wallet_password -trusted_cert
        -cert ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/ovdcert.txt 
      
    6. Stop and start the Oracle Virtual Directory server.

    7. Stop and start the EM Agent.

  • The copyConfig operation fails if you are using IPv6 and the Managed Server listen address is not set.

    To work around this problem, set the Listen Address for the Managed Server in the Oracle WebLogic Server Administration Console. Navigate to the server. Then, on the Settings for server page, enter the Listen Address. Restart the Managed Servers.

  • When you are moving Oracle Platform Security and you are using an LDAP store, the LDAP store on the source environment must be running and it must be accessible from the target during the pasteConfig operation.

  • The copyConfig script works only with non-SSL ports. Because of this, ensure that non-SSL ports are enabled for all Managed Servers and the Administration Server.

    Note that if the administration port feature is enabled for the source Oracle WebLogic Server domain, you must disable it first before running copyConfig as it prevents the usage of non-SSL ports for administrative tasks.

    For information about the administration port, see "Administration Port and Administrative Channel" in Oracle Fusion Middleware Configuring Server Environments for Oracle WebLogic Server.

  • The movement scripts do not support moving Oracle Identity Manager to another environment, either through the movement scripts or manual steps. In addition, if Oracle Identity Manager is part of the source environment of other components, the movement scripts for that environment will fail. This restriction applies to all 11.1.1 releases of Oracle Identity Manager.

  • For Oracle Business Activity Monitoring, if there are remote servers in the test environment and you do not use shared disks, the copyConfig and pasteConfig scripts will fail. In addition, if Oracle BAM is part of the source domain that you are moving, the scripts will fail. For example, if Oracle BAM is part of a domain that contains the SOA Infrastructure and Oracle BPEL Process Manager, the copyConfig and pasteConfig scripts will fail.

    To move components other than Oracle BAM move the BAM_t2p_registration.xml file from the following directory, into any other directory:

    SOA_ORACLE_HOME/clone/provision
    

    Then, to move Oracle BAM, take the following steps:

    1. At the source, export the ORACLEBAM database schema, using the following commands (ORACLE_HOME is the Oracle home for the Oracle Database):

      ORACLE_HOME/bin/sqlplus "sys/password as sysdba"
      create or replace directory directory as 'path';
      grant read,write on DIRECTORY directory to oraclebam;
      exit;
      
      ORACLE_HOME/bin/expdp userid=oraclebam/bam@connect_id
             directory=directory dumpfile=orabam.dmp
             schemas=oraclebam logfile=oraclebam_date.log
      

      See Also:

      "Overview of Oracle Data Pump" and other chapters on Oracle Data Pump in Oracle Database Utilities


      The Oracle BAM objects, such as reports, alerts, and data definitions from the source environment are exported.

    2. At the target, import the ORACLEBAM database schema that you exported from the source environment, using the following commands (ORACLE_HOME is the Oracle home for the Oracle Database):

      ORACLE_HOME/bin/impdp userid=system/password dumpfile=ORACLEBAM.DMP 
         remap_schema=oraclebam:oraclebam TABLE_EXISTS_ACTION=replace
      ORACLE_HOME/bin/sqlplus "sys/password as sysdba"
         alter user oraclebam account unlock;
         alter user oraclebam identified by bam;
      

      Note that impdp may report the following errors:

      • ORA-00959: tablespace <source tablespace> does not exist.

        You can fix this error by creating the tablespace in the import database before the import or use REMAP_TABLESPACES to change the tablespace referenced in the table definition to a tablespace in the import database.

      • You may see failure with restoring index statistics if you use an Oracle database version earlier than 11.2.0.2. You can work around this issue by rebuilding the index statistics after import.

    3. Restart the Oracle Business Activity Monitoring Managed Server.

  • When you are moving Oracle Platform Security Services and the data is moving from LDAP to LDAP, the source and target LDAP domain component hierarchy must be same. If it is not, the Oracle Platform Security Services data movement will fail. For example, if the source is hierarchy is configured as dc=us,dc=com, the target LDAP must have the same domain component hierarchy.

  • Moving Oracle Access Manager may fail, as described in Section 18.2.6.

4.1.5 Limitations in Moving Oracle Business Process Management from Test to Production Environment

Note the following limitations when moving Oracle Business Process Management from a test environment to a production environment:

  • When you move Oracle Business Process Management from a test environment to a production environment as described in the Task "Move Oracle Business Process Management to the New Production Environment" in the Oracle Fusion Middleware Administrator's Guide, Oracle Business Process Management Organization Units are not imported.

    To work around this issue, you must re-create the Organization Units in the production environment. In addition, if any Organization associations with the Calendar rule for the Role exist in the test environment, you must re-create them, using the Roles screen.

    For information, see "Working with Organizations" in the Oracle Fusion Middleware Modeling and Implementation Guide for Oracle Business Process Management.

  • Oracle recommends that you move artifacts and data into a new, empty production environment. If the same artifacts are present or some data has been updated on the production environment, the procedure does not update those artifacts.

4.1.6 Message Returned with Incorrect Error Message Level

In Fusion Middleware Control, when you select a metadata repository, the following error messages are logged:

Partitions is NULL
Partitions size is 0 

These messages are logged at the Error level, which is incorrect. They should be logged at the debug level, to provide information.

4.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

4.2.1 Must Stop Oracle SOA Suite Managed Server Before Stopping soa-infra

Using Fusion Middleware Control, if you stop a Oracle SOA Suite Managed Server before you stop soa-infra, then you start the Managed Server, the soa-infra application is not restarted automatically. If you try to restart the soa-infra, you will received an error. When you encounter the problem, you cannot close the dialog box in the browser, so you cannot take any further actions in Fusion Middleware Control.

To avoid this situation, you should stop the Managed Server, which stops all applications, including the soa-infra application. To start the Managed Server and the soa-infra, start the Managed Server.

To close the browser dialog box, enter the following URL in your browser:

http://host:port/em

4.2.2 Fusion Middleware Control Does Not Keep Column Preferences in Log Viewer Pages

In Fusion Middleware Control, you can reorder the columns in the pages that display log files and log file messages. However, if you navigate away from the page and then back to it, the columns are set to their original order.

4.2.3 Topology Viewer Does Not Display Applications Deployed to a Cluster

In Fusion Middleware Control, the Topology Viewer does not display applications that are deployed to a cluster.

4.2.4 Changing Log File Format

When you change the log file format note the following:

  • When you change the log file format from text to xml, specify the path, but omit the file name. The new file will be named log. xml.

  • When you change the log file format from xml to text, specify both the path and the file name.

4.2.5 SSL Automation Tool Configuration Issues

The following issues have been observed when using the SSL Automation tool:

  • The script creates intermediate files that contain passwords in clear text. If the script fails, these files might not be removed. After a script failure, delete all files under the rootCA directory.

  • If Oracle Internet Directory password policy is enabled, passwords entered for wallet or keystore fail if they violate the policy.

  • Before you run the script, you must have JDK 1.6 installed and you must have JAVA_HOME set in your environment.

  • If the Oracle Virtual Directory configuration script fails, check the run log or enable debug for the shell script to view specific errors. If the error message looks similar to this, rerun the script with a new keystore name:

    WLSTException: Error occured while performing cd : Attribute 
    oracle.as.ovd:type=component.listenersconfig.sslconfig,name=LDAP SSL 
    Endpoint,instance=%OVD_INSTANCE%,component=ovd1 not found
    

4.3 Documentation Errata for the Oracle Fusion Middleware Administrator's Guide

The following section describes documentation errata for the Oracle Fusion Middleware Administrator's Guide:

4.3.1 Combining All Oracle Homes in a Single Inventory File

All Oracle homes in the Middleware home on the source environment must be registered in the same Oracle inventory. If you have installed multiple components under the same Middleware home, but used different Oracle inventory locations, the scripts are not able to detect all of the Oracle homes.

To work around this issue, take the following steps:

  1. Create a new oraInst.loc pointing to the inventory to which you want to register, using the following commands:

    cat oraInst.loc
          inventory_loc=new_oraInst_loc_location
          inst_group=g900 
    
  2. Detach the Oracle Home from its current inventory:

    cd ORACLE_HOME/oui/bin
          ./detachHome.sh -invPtrLoc ORACLE_HOME/oraInst.loc 
    
  3. Attach the Oracle Home to the new inventory by passing new oraInst.loc created in step 1:

    ./attachHome.sh -invPtrLoc new_oraInst_loc_location
    

    Do this for every Oracle home in the Middleware home.

  4. Set the necessary dependencies between Oracle homes if required (for example most Oracle homes depend on oracle_common). The dependencies are required when you uninstall. You can check the existing dependencies from the old inventory by checking the file oraInventory/ContentsXML/inventory.xml. The following shows an example of the file:

    <?xml version="1.0" standalone="yes" ?>
    <!-- Copyright (c) 1999, 2010, Oracle. All rights reserved. -->
    <!-- Do not modify the contents of this file by hand. --> 
    <VERSION_INFO>
       <SAVED_WITH>11.1.0.9.0</SAVED_WITH>
       <MINIMUM_VER>2.1.0.6.0</MINIMUM_VER>
    </VERSION_INFO>
    <HOME_LIST>
    <HOME NAME="OH339778486" LOC="/scratch/oracle/11gMW/oracle_common" TYPE="O" IDX="1">
       <REFHOMELIST>
          <REFHOME LOC="/scratch/oracle/11gMW/Oracle_WT1"/>
       </REFHOMELIST>
    </HOME>
    <HOME NAME="OH299443989" LOC="/scratch/oracle/11gMW/Oracle_WT1" TYPE="O"
    IDX="2">
       <DEPHOMELIST>
          <DEPHOME LOC="/scratch/oracle/11gMW/oracle_common"/>
       </DEPHOMELIST>
    </HOME>
    </HOME_LIST>
    <COMPOSITEHOME_LIST>
    </COMPOSITEHOME_LIST>
    </INVENTORY>
         
    
  5. Run the following command to set up dependencies. Note that this is not mandatory for the movement scripts to work, but is needed when you uninstall.

    ./runInstaller -updateHomeDeps
    "HOME_DEPENDENCY_LIST={/scratch/oracle/11gMW/Oracle_WT1:/scratch/oracle/11gMW/
    oracle_common}" -invPtrLoc ~/oraInst.loc 
    

4.3.2 Correction to Link About Supported Databases for MDS

The section "Databases Supported by MDS" in the Oracle Fusion Middleware Administrator's Guide contains an incorrect link to Oracle Fusion Middleware System Requirements and Specifications. The correct link is:

http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-requirements-100147.html

4.3.3 Clarification of Move Plan Properties for Oracle WebCenter Content

For the Oracle WebCenter Content server or Oracle WebCenter Content: Records, you have two options for moving the component:

  • copy: This option copies the entire source system, including configuration and data, to the target system. Although this is the default, Oracle does not recommend using this option because it moves test data, which might not be appropriate for your environment.

  • init: This option initializes a new Content Server or Records instance in the target system. It does not move data.

PKr rPK Oracle WebCenter Content: Records

38 Oracle WebCenter Content: Records

This chapter describes issues associated with Oracle WebCenter Content: Records. It includes the following topics:

In addition to the information discussed here, see the chapter in this release note documentation concerning Oracle WebCenter Content. Issues which affect WebCenter Content may also affect Records.

38.1 General Issues and Workarounds

This section describes general issues and workarounds. It contains the following sections:

38.1.1 Role Report Output is Dependent on User Generating the Report

A role report can be generated by choosing Records then Reports then Role from the Main menu. Note that the output of the report may not show all data for all roles. The output is dependent on the user who is generating the report and the permissions given to that user.

38.1.2 Items Returned When Using Screening

It should be noted that screening is a retention feature that only returns content items with a life cycle or items that are frozen.

38.1.3 Oracle Text Search and Report Configuration Options

When using Oracle Text Search, an incompatibility existed with the options to exclude report templates and reports in search results. These options appear on the Configure Report Settings Page.

It is now possible to exclude reports in search results by selecting the Exclude Reports in Search Results checkbox. However, if the Exclude Report Template in Search Results checkbox is selected, templates are still included in searches. Oracle is aware of this issue and is working to fix it in a future release.

38.1.4 Upgrade from 10g Audit Trail Periods Missing

When upgrading this product from release version 10g to release version 11g, the complete audit trail dates are not available. The audit periods from 2001 to 2010 should be present after upgrading, but only periods between 2001 to 2006 are present. The missing years can be added manually. Oracle is aware of this issue and is working to fix it in a future release.

38.1.5 DB2 Databases and FOIA/PA Functionality

Due to the size of the database used with the Freedom of Information Act/Privacy Act (FOIA/PA) functionality, the FOIA/PA option is not supported for those sites using DB2 for their database.

38.1.6 Sorting and Listing Retention Category Content

When retention categories are sorted then listed, they are listed on a per-source basis. For example, if three sources are used (Source1, Source2, Source3), all items from Source1 are sorted as a separate group, items from Source2 are sorted as a separate group, and items from Source3 are sorted as a separate group. Then items from each source are displayed in a "round robin" style with the first item of Source1, the first item from Source2, and the first item from Source3, followed by the second item of each source.

38.1.7 Using Firefox to Configure the Dashboard

"Drag and drop" functionality to move dashboard panels is not available when using the Firefox browser. Instead, you should remove the panel and re-insert a new panel in the proper location.

38.1.8 Setting Security Group for Retention Items

Items created for use in the Retention Schedule should have the security group set to recordsgroup rather than Public. If set to Public, non-URM users may have access to items in the Retention Schedule when performing standard searches.

38.2 Configuration Issues and Workarounds

This section describes configuration issues and workarounds. It contains the following sections:

38.2.1 Import FOIA Archive Error Message

Importing the Freedom of Information Act (FOIA) archive from the Setup Checklist page may display a spurious error message stating Archiver is already running, please try again later.

This error may be safely ignored. It is generated because the click to initiate the archive is registered twice. Ignore the warning, wait fifteen minutes and then see if the alert notification for that task is removed. The import of the archive can also be confirmed by opening the Archiver and verifying that the FOIAPrivacyAct archive is present.

38.2.2 Restart Required: Performance Monitoring and Reports

After performance monitoring is selected and enabled, the Content Server must be restarted in order for monitoring to commence. Note that a restart is also required after configuration of the software in order for all report options to appear on the appropriate menus.

38.2.3 Audit Trail Sorting Results and Database Fulltext Search

When sorting the audit trail using Oracle DB, the output depends on the type of sort being performed.

When sorting with Database Fulltext Search, sorting is case-sensitive, meaning that upper case items will always appear first in a list. When sorting with Oracle Text Search, a case-insensitive search is performed.

38.2.4 Prefix Size Limitation When Using Offsite Storage

If offsite storage functionality is enabled on the system, the total size allowed for the content ID for a physical item is 11 characters. When setting up offsite storage, verify if automatic assignment of IDs is enabled and if so, make sure the content prefix is set to 5 characters or less.

38.2.5 Enabling Email Metadata Component

If the EmailMetadata component is installed for use with WebCenter Content, a configuration variable must be set in order for the user interface to be made available in Records.

Set the ShowEmailMetadataMenu variable to TRUE in the emailmetadata_environment.cfg file in the /components/EmailMetadata directory.

Restart Content Server after setting the variable then refresh or reload the browser. Options become available to map email fields to metadata fields. To use those options, choose Administration then Configure Email Metadata from the Main menu.

38.2.6 Relative Web Root Must Be Changed

When upgrading from the 10g version, the HttpRelativeWebRoot configuration parameter must be changed in the config.cfg file to the following:

HttpRelativeWebRoot=/urm/

It is critical to change the parameter exactly as shown.

38.2.7 Configuring 10g Adapters for Version 11g

A connection address must be changed to enable 10g adapters to work with version 11g.

Previous connection strings were similar to the following example:

http://myhost.mycompany.com:myport/URMinstance/idcplg

The new connection string should be similar to the following example:

http://myhost.mycompany.com:myport/_dav/URMinstance/idcplg

The addition of the _dav string is all that changes.

38.2.8 Configuring RSS Reader for Dashboard

The following configuration variables should be set in the config.cfg file to configure the RSS Reader in the Dashboard.

If the Content Server is used behind a proxy server, the proxy address and port number must be set:

RssProxyServerAutoDetected= content server network's proxy address

You must also configure the proxy port for the content server network:

RssProxyPortAutoDetected=content server network's proxy port

38.3 Documentation Errata

This section describes changes in the documentation. It contains the following sections:

38.3.1 Menu Name Changes Not Reflected in Documentation

The External Performance Monitoring menu listed in documentation should be changed to Performance Monitoring. This is accessed by choosing Records then Audit then Performance Monitoring from the Top menu.

38.3.2 Physical Content Management Services Not Documented

The following services were omitted from the PCM services documented in the Oracle WebCenter Content Services Reference Guide:

  • GET_RELATED_CONTENT: retrieves a page used to show Related Links for the specified content. The following are additional required service parameters:

    • dSource: source being used for the search (for example, "Physical").

    • dID: the unique identifier of the external item.

    • dLinkTypeID: the unique identifier for the related content type link.

  • GET_EXTERNAL_ITEM_SEARCH_RESULTS: retrieves a page used to search physical items. The following are additional required service parameters:

    • dSource: source being used for the search (for example, "Physical").

    • QueryText: the text used for the search.

    • ErmSearchTable: the source table name. This should be EXTERNAL_SOURCE for a Physical source.

    • SearchEngineName: the search engine to use. Default is DATABASE.

    • SearchQueryFormat: the search query format to use. Default is UNIVERSAL.

38.3.3 Additional FTP Option for Offsite Storage

The option to use sftp is now available (in addition to other options) as the FTP protocol when creating Offsite Storage. This was omitted from the documentation.

PKbX >B9BPK Oracle Data Integrator

Part XI

Oracle Data Integrator

Part XI contains the following chapters:

PKR PK Oracle® Fusion Middleware Release Notes for HP-UX Itanium, 11g Release 1 (11.1.1) Cover Title and Copyright Information Contents Preface Part I Oracle Fusion Middleware 1 Introduction 2 Installation, Patching, and Configuration 3 Upgrade 4 Oracle Fusion Middleware Administration 5 Oracle Enterprise Manager Fusion Middleware Control 6 Oracle Fusion Middleware High Availability and Enterprise Deployment Part II Oracle Development Tools 7 Oracle JDeveloper and Oracle Application Development Framework (ADF) 8 Oracle TopLink Part III Web Tier 9 Oracle HTTP Server 10 Oracle Web Cache Part IV Oracle WebLogic Server 11 Oracle WebLogic Server Part V Oracle WebCenter Portal 12 Oracle WebCenter Portal Part VI Oracle SOA Suite and Business Process Management Suite 13 Oracle SOA Suite, Oracle BPM Suite, and Common Functionality 14 Web Services Development, Security, and Administration Part VII Communication Services 15 Oracle User Messaging Service 16 Oracle WebLogic Communication Services Part VIII Oracle Identity Management 17 Oracle Adaptive Access Manager 18 Oracle Access Manager 19 Oracle Entitlements Server 20 Oracle Identity Federation 21 Oracle Identity Manager 22 Oracle Identity Navigator 23 Oracle Internet Directory 24 Oracle Platform Security Services 25 SSL Configuration in Oracle Fusion Middleware 26 Oracle Directory Integration Platform 27 Oracle Virtual Directory 28 Oracle Authentication Services for Operating Systems Part IX Oracle Portal, Forms, Reports and Discoverer 29 Oracle Business Intelligence Discoverer 30 Oracle Forms 31 Oracle Reports 32 Oracle Portal Part X Oracle WebCenter Content 33 Oracle WebCenter Application Adapters 34 Oracle WebCenter Content Installation and Configuration 35 Oracle WebCenter Content: Imaging 36 Oracle Information Rights Management 37 Oracle WebCenter Content 38 Oracle WebCenter Content: Records Part XI Oracle Data Integrator 39 Oracle Data Integrator Part XII Oracle Business Intelligence 40 Oracle Business Intelligence 41 Oracle Business Intelligence Applications and Data Warehouse Administration Console 42 Oracle Real-Time Decisions Copyright PK_~((PK Oracle® Fusion Middleware Release Notes for HP-UX Itanium, 11g Release 1 (11.1.1) en-US E14773-55 Oracle Corporation Oracle Corporation Oracle® Fusion Middleware Release Notes for HP-UX Itanium, 11g Release 1 (11.1.1) 2014-03-28T12:25:00Z For FMW PS6 Library Refresh - March 2014. PK[r"%$PK Oracle Forms

30 Oracle Forms

This chapter describes issues associated with Oracle Forms. It includes the following topics:

30.1 General Issues and Workarounds

This section describes general issues and workarounds. It includes the following topics:

30.1.1 Backwards Compatibility with Earlier Releases

For information about upgrading from Forms 6i, see the "Upgrading to Oracle Forms Services 11g" chapter in Oracle Fusion Middleware Forms Services Deployment Guide. For information about changed or obsolete features, see the Oracle Forms Upgrading Oracle Forms 6i to Oracle Forms 11g Guide.

For upgrading from Oracle Forms 10g and prior releases, you can use the Upgrade Assistant. For more information, see the Oracle Fusion Middleware Upgrade Planning Guide and Oracle Fusion Middleware Upgrade Guide for Oracle Portal, Forms, Reports, and Discoverer.

Additional information about backwards compatibility is included in My Oracle Support Note 113987.1 at: http://myoraclesupport.oracle.com

Regardless from which version of Oracle Forms you are upgrading, you will need to recompile your applications and restart Oracle Forms.

Before restarting the Oracle WebLogic managed server, all the JVM Controller processes (dejvm) started by that server must be stopped. Otherwise, WLS_FORMS will not restart after a shutdown.

When two Oracle instances with Forms Services are configured, using a single ORACLE_HOME on a Windows machine, then the FORMS_ORACLE_INSTANCE registry entry of the second ORACLE_INSTANCE takes precedence. It is recommended that the Forms Builder component is configured in the second ORACLE_INSTANCE.

30.1.2 Linux/UNIX Issues and Workarounds

This section describes issues related to Oracle Forms and Linux/UNIX. It includes the following topics:

30.1.2.1 LD_PRELOAD Setting Required for Signal Chaining Facility

The LD_PRELOAD setting in default.env is required for the working of signal chaining facility in JVM version 1.5 and later. If you are creating or using other environment files, the setting in the environment file for LD_LIBRARY_PATH and LD_PRELOAD must be the same as in default.env.

30.1.2.2 Check the Reports Engine Logs for FRM-41214

If you encounter the Forms error FRM-41214:Unable to run report when trying to run Reports from a Forms session, check the Reports engine logs for more details on the error.

30.1.2.3 Changing User Permissions

The 11g installation sets the permissions of the files so that only the user who installed 11g can run the executables. For more information, refer to Installing as a Non-Default User on Unix Operating Systems in Oracle Fusion Middleware Forms and Reports System Requirements and Specifications guide.

30.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

30.2.1 Non-Internet Explorer Browser Proxy Settings when Using One-Button-Run

If you encounter a FORBIDDEN error when using One-Button-Run with any of the supported browsers other than Internet Explorer, verify if 127.0.0.1 (localhost) is in the proxy settings for your browser. If 127.0.0.1 is not in the exceptions list, then add it. This ensures that the browser will bypass the proxy server.

30.2.2 WebUtil Client Files Allow Configuration of Destination Directory

WebUtil downloads install.syslib libraries into the bin directory of the JRE or JVM on Windows and into the lib directory of JRE on Linux. This location can be specified in the parameter install.syslib.location.client.<OS> = <Path on client machine> (where <Path on client machine> represents the path to the location where libraries used on the client by WebUtil are stored and is either absolute or relative to client user home) in webutil.cfg.

30.2.3 webutil.properties Files Renamed for Different Libraries

When install.syslib libraries are downloaded, WebUtil creates the webutil.properties file which is located in the client user home. Different webutil.properties files are maintained on client side to allow different servers to download and manage their libraries on client. The files are named webutil.<HOST>.<CONFIG>.properties on the client, where HOST is the server computer name and CONFIG is the name of configuration section in formsweb.cfg.

30.2.4 Forms does not Work with JDK 1.6.0_12 on Client with WinRunner

Forms does not run when using JDK 1.6.0_12 and later versions on a client that also has WinRunner installed.

As a workaround, rename the two environment variables _JAVA_OPTIONS and JAVA_TOOLS_OPTIONS. For example, rename them to test_JAVA_OPTIONS and test_JAVA_TOOLS_OPTIONS. This will disable WinRunner but allows Forms to run.

30.2.5 JavaScript Communication Does not Work in IE for Framed HTML File

JavaScript communication does not work in framed HTML file that is opened in Internet Explorer 7, or in Internet Explorer 8 with file:// protocol.

As a workaround, use the IP address instead of the machine name in the URL for the frame. For example in testform.htm, change:

<frame noresize="noresize" 
 src="http://testform.us.example.com:8888/forms/java/js2frm1.html" name="fr2" 
 frameborder="0"> 
   <frame noresize="noresize" 
 src="http://testform.us.example.com:8888/forms/frmservlet?play=&record=forms& 
 form=js2frm1&userid=scott/tiger@adt10220" name="fr1" frameborder="0">

to

<frame noresize="noresize" 
 src="http://<IP address>:8888/forms/java/js2frm1.html" name="fr2" 
 frameborder="0"> 
   <frame noresize="noresize" 
 src="http://<IP address>:8888/forms/frmservlet?play=&record=forms&form=js2fr 
 m1&userid=scott/tiger@adt10220" name="fr1" frameborder="0">

30.2.6 JavaScript Events Calling Forms Applications in a Safari 5 Browser Do not Work

When using JavaScript integration with a Forms application in a Safari 5 browser on Windows, the communication from Forms to JavaScript running in the browser works; however, the calls to the applet from JavaScript do not work.

As a workaround, perform the following:

  1. Ensure you are using base.htm.

  2. In base.htm, delete the <NOSCRIPT></NOSCRIPT> tags that are wrapping the <APPLET> tag.

30.3 Documentation Errata

This section describes documentation errata. It includes the following topics:

30.3.1 Passing userid in Secure Mode

The following information on passing userid in secure mode must be added to Oracle Forms Builder online help.

Passing userid as an argument when using the Forms compiler (frmcmp or frmcmp_batch) may lead to security risks. In addition to the interactive dialog mode already available, the compiler can now accept the connect string via standard input. To pass the userid in a secure mode, perform the following:

  1. Set the environment variable FORMS_STDIN_PASSWORD to 1.

  2. Run the compiler without any connect string. Enter the connect string after the compiler has started.

  3. Run the compiler using redirection to pass the password to the compiler. (This is especially useful in compiling several Forms in a script.) For example:

        #!/bin/sh
         echo "Enter userid"
         read -s myuserid
         for i in 'ls *.fmb'
         do
         echo Compiling Form $i ....
         frmcmp_batch.sh batch=yes module=$i module_type=form compile_all=yes <<<
              "$myuserid"
         done
    

Note that this script is a sample that tries to protect the password, but on some platforms and configurations it may still lead to security risks.

30.3.2 JDAPI Programming Example

The JDAPI Programming Example in the Forms Developer Online Help must be updated to the following code:

import java.io.File; 
import java.io.PrintWriter; 
import java.io.FileWriter; 
import java.text.MessageFormat; 
 
import oracle.forms.jdapi.*; 
 
/** 
* Dumps passed forms JdapiObjects to an output stream as text. 
* 
* Set command line options for more output, else only the 
* basic form tree structure will be dumped. 
* 
* See printUsage for command line options. 
*/ 
public class FormDumper 
{ 
/** 
* Need this to parse the command line options 
* 
* The string represents valid command options as detailed in the 
* Getopt class 
*/ 
 
boolean m_dumpAllProps = false; 
boolean m_dumpBoolProps = false; 
boolean m_dumpNumProps = false; 
boolean m_dumpTextProps = false; 
boolean m_dumpPropNames = false; 
String m_dumpPath = null; 
/** 
* Output stream, default to STDOUT */ 
private PrintWriter m_out = new PrintWriter(System.out, true); 
 
/** 
* Use this to indent children 
*/ 
private String m_indentation = ""; 
 
/** 
* Constructor 
*/ 
public FormDumper() 
{ 
 
} 
 
/** 
* Special constructor that does not take command line arguments. 
* 
* @param out The output writer where to send dump information. 
*/ 
public FormDumper(PrintWriter out) 
{ 
m_out = out; 
m_dumpAllProps = true; 
m_dumpBoolProps = true; 
m_dumpNumProps = true; 
m_dumpTextProps = true; 
m_dumpPropNames = true; 
} 
 
/** 
* Set the dump path. 
* 
* @param path The file where the dumper must send the information 
*/ 
public void setDumpPath(String path) 
{ 
m_dumpPath = path; 
} 
 
/** 
* Indirect output 
*/ 
public void println(String s) 
{ 
m_out.println(s); 
} 
 
/** 
* Dump a form to the output stream 
*/ 
public void dumpForm(String filename) 
throws Exception 
{ 
FormModule fmb = FormModule.open(filename); 
System.out.println("Dumping module " + fmb.getName()); 
 
if (m_dumpPath != null) 
{ 
// use this form's FILE name to name the dump file 
String thisFormName = new File(filename).getName(); 
thisFormName = thisFormName.substring(0, (thisFormName.length()-4)); 
StringBuffer dmpFilename = new StringBuffer(); 
dmpFilename.append(m_dumpPath); 
 
if (!dmpFilename.toString().endsWith("/")) 
{ 
dmpFilename.append("/"); 
} 
dmpFilename.append(thisFormName); 
 
m_out = new PrintWriter(new FileWriter(dmpFilename.toString()), true); 
} 
 
// Call the actual 'dump' method 
dump(fmb); 
 
// Dump the coordinate system used by the module 
m_indentation = " "; 
dump(new Coordinate(fmb)); 
m_indentation = ""; 
println("Dumped " + fmb.getName()); 
 
// Close the module 
fmb.destroy(); 
} 
 
/** 
* Recursively dump a forms JdapiObject and its children to the output stream 
*/ 
protected void dump(JdapiObject jo) 
{ 
String className = jo.getClassName(); 
 
// print out a context line for the JdapiObject 
// If it is a coordinate system, it does not have a name 
 
if(className.equals("Coordinate")) 
{ 
println(m_indentation + "Coordinate System "); 
} 
else 
{ 
println(m_indentation + className + " " + jo.getName()); 
} 
 
// Property classes need special treatment 
if(className.equals("PropertyClass")) 
{ 
dumpPropertyClass((PropertyClass)jo); 
} 
else // Generically dump the required property types only 
{ 
if (m_dumpTextProps) 
{ 
dumpTextProps(jo); 
} 
if (m_dumpBoolProps) 
{ 
dumpBoolProps(jo); 
} 
 
if (m_dumpNumProps) 
{ 
dumpNumProps(jo); 
} 
// Additionally, dump any Item list elements 
if(className.equals("Item")) 
{ 
dumpListElements((Item)jo); 
} 
} 
 
// use Form's metadata to get a list of all the child JdapiObjects this 
JdapiObject can have 
JdapiMetaObject meta = JdapiMetadata.getJdapiMetaObject(jo.getClass()); 
JdapiIterator props = meta.getChildObjectMetaProperties(); 
JdapiMetaProperty prop = null; 
JdapiIterator iter = null; 
JdapiObject child = null; 
 
// loop through every possible kind of child JdapiObject this JdapiObject 
//can have 
while(props.hasNext()) 
{ 
prop = (JdapiMetaProperty)props.next(); 
// only bother if we can access these JdapiObjects 
if(!prop.allowGet()) 
{ 
continue; 
} 
 
// get the actual values for the current child JdapiObject type, 
// e.g. get the Items on a Block 
iter = jo.getChildObjectProperty(prop.getPropertyId()); 
 
// null is returned if there are no property values 
if(iter != null) 
{ 
// loop over every child value 
while(iter.hasNext()) 
{ 
child = (JdapiObject)iter.next(); 
// recursively navigate to it 
m_indentation += " "; 
dump(child); 
if(m_indentation.length()>2) 
m_indentation = m_indentation.substring(0, m_indentation.length()-2) 
; 
} 
} 
} 
} 
/** 
* Dump list elements 
* 
* The JdapiObject is an item; if it is a list item, 
* dump the list elements. 
* 
* @param item 
*/ 
private void dumpListElements(Item item) 
{ 
if( item.getItemType() == JdapiTypes.ITTY_LS_CTID) 
{ 
if (m_dumpPropNames)
 { 
println(m_indentation + "dumping list elements"); 
} 
for(int i = 1; i <= item.getListElementCount(); i++) 
{ 
String label = item.getElementLabel(i); 
String value = item.getElementValue(i); 
println( m_indentation + " " + i + ": '" + label + "' '" + value + "'"); 
} 
} 
} 
/** 
* Dump the property class properties
 */ 
private void dumpPropertyClass(PropertyClass pc) 
{ 
String propertyVal = null; 

// test for every single possible property 
// this is a bit hacky :) 
for(int propertyId = 1; propertyId < JdapiTypes.MAXIMUM_PTID; ++propertyId) 
{ 
if(!pc.hasProperty(propertyId))
{ 
continue; // this property is not in the set 
} 
if(pc.hasDefaultedProperty(propertyId) && !m_dumpAllProps) 
{ 
continue; 
} 
Class pt = JdapiMetaProperty.getPropertyType(propertyId); 
if(pt == Boolean.class) 
{ 
if(m_dumpBoolProps) 
{ 
propertyVal = String.valueOf(pc.getBooleanProperty(propertyId)); 
} 
} 
else if(pt == Integer.class) 
{ 
if(m_dumpNumProps) 
{ 
propertyVal = String.valueOf(pc.getIntegerProperty(propertyId)); 
} 
} 
else if(pt == String.class) 
{ 
if(m_dumpTextProps) 
{ 
propertyVal = pc.getStringProperty(propertyId); 
} 
} 
if(null != propertyVal) 
{ 
if (m_dumpPropNames) 
{ 
println(m_indentation + " " + JdapiMetaProperty.getPro 
pertyName(propertyId) + " " + 
propertyVal); 
} 
else 
{ 
println(m_indentation + propertyVal); 
} 
propertyVal = null; 
} 
} // End loop over every property 
} 
/** 
* Dump the source JdapiObject text properties 
*/ 
private void dumpTextProps(JdapiObject jo) 
{ 
JdapiMetaObject meta = JdapiMetadata.getJdapiMetaObject(jo.getClass()); 
JdapiIterator props = meta.getStringMetaProperties(); 
// for each text property 
while(props.hasNext()) 
{ 
JdapiMetaProperty prop = (JdapiMetaProperty) props.next(); 
int propertyId = prop.getPropertyId(); 
String propertyVal = null; 
try 
{ 
propertyVal = jo.getStringProperty(propertyId); 
} 
catch(Exception e) 
{ 
println(m_indentation + "Could_not_get_property " + 
JdapiMetaProperty.getPropertyName(propertyId)); 
continue; 
} 
if ( jo.hasProperty(propertyId) 
&& (m_dumpAllProps || !(jo.hasDefaultedProperty(propertyId)) ) ) 
{ 
if(m_dumpPropNames) 
{ 
println( m_indentation + " " + JdapiMetaProperty. 
getPropertyName(propertyId) + " " + 
propertyVal); 
} 
else 
{ 
println(m_indentation + propertyVal); 
} 
} 
} 
} 
/** 
* Dump the source JdapiObject boolean properties 
*/ 
private void dumpBoolProps(JdapiObject jo) 
{ 
JdapiMetaObject meta = JdapiMetadata.getJdapiMetaObject(jo.getClass()); 
JdapiIterator props = meta.getBooleanMetaProperties(); 
// for each boolean property 
while(props.hasNext()) 
{ 
JdapiMetaProperty prop = (JdapiMetaProperty) props.next(); 
int propertyId = prop.getPropertyId(); 
boolean propertyVal = false; 
try 
{ 
propertyVal = jo.getBooleanProperty(propertyId); 
} 
catch(Exception e) 
{ 
println(m_indentation + "Could_not_get_property " + 
JdapiMetaProperty.getPropertyName(propertyId)); 
continue; 
} 
if ( jo.hasProperty(propertyId) 
&& (m_dumpAllProps ) ) 
{ 
if(m_dumpPropNames) 
{ 
println(m_indentation + " " + JdapiMetaProperty. 
getPropertyName(propertyId) + " " + 
propertyVal); 
} 
else 
{ 
println(m_indentation + propertyVal); 
} 
} 
} 
} 
/** 
* Dump the source JdapiObject numeric properties 
*/ 
private void dumpNumProps(JdapiObject jo) 
{ 
JdapiMetaObject meta = JdapiMetadata.getJdapiMetaObject(jo.getClass()); 
JdapiIterator props = meta.getIntegerMetaProperties(); 
// for each numeric property 
while(props.hasNext()) 
{ 
JdapiMetaProperty prop = (JdapiMetaProperty) props.next(); 
int propertyId = prop.getPropertyId(); 
int propertyVal = 0; 
try 
{ 
propertyVal = jo.getIntegerProperty(propertyId); 
} 
catch(Exception e) 
{ 
println(m_indentation + "Could_not_get_property " + 
JdapiMetaProperty.getPropertyName(propertyId)); 
continue; 
} 
if ( jo.hasProperty(propertyId) 
&& (m_dumpAllProps || !(jo.hasDefaultedProperty(propertyId)) ) ) 
{ 
if (m_dumpPropNames) 
{ 
println(m_indentation + " " + JdapiMetaProperty.getPropertyName(pr 
opertyId) + " " + 
propertyVal); 
} 
else 
{ 
println(m_indentation + propertyVal); 
} 
} 
} 
} 
/** 
* Output usage info to STDOUT 
*/ 
public void printUsage() 
{ 
System.out.println(""); 
System.out.println("Jdapi Form Dumper Utility"); 
System.out.println("Valid arguments:"); 
System.out.println("-a : dump all properties, not just overridden ones"); 
System.out.println("-b : dump boolean properties"); 
System.out.println("-n : dump numeric properties"); 
System.out.println("-t : dump text properties"); 
System.out.println("-p : dump property names, not just values"); 
System.out.println("-o : file path to output to"); 
} 
/** 
* Main method 
*/ 
public static void main(String[] args) 
throws Exception 
{ 
FormDumper dmp = new FormDumper(); 
for (int i = 0; i < args.length; i++) 
{ 
dmp.dumpForm(args[i]); 
} 
System.out.println(""); 
System.out.println("Dumps complete"); 
System.out.println(""); 
} 
} 

30.3.3 Changes and workarounds affecting the number of characters that can be typed into an item

The following information must be added to Oracle Forms Builder online help.

  1. When a form is created using the Form builder (frmbld), the item property Query Length defaults to zero. When the form was compiled in releases prior to 11g, this value (zero) caused the Query Length to default to the value of the Maximum Length property. In Oracle Forms 11g, the Query Length defaults to two plus the value of the Maximum Length property. If the behavior of prior releases is desired, then you must set the environment variable FORMS_QUERY_LENGTH_DELTA to '0' when the form is compiled.

  2. The DATE format masks determine the number of characters that can be typed into a text item or combo box. In general, this number is the maximum of the number of characters required for the "output" format mask and for any allowable "input" format mask. Refer to "About Format Elements for Dates" for information about how "input" and "output" format masks are selected for a combo box, or for a text item whose format mask is not set. Note that the FORMS_USER_DATE_FORMAT or FORMS_USER_DATETIME_FORMAT environment variable may specify multiple input format masks. Also note that for any input format mask that does not contain FX, alternate format masks are also allowable, as documented in "String-to-Date Conversion Rules" in section "Format Models" in the SQL Reference in the Oracle Forms Builder Online Help.

    Note one exception to the rules spelled out above. The behavior described in "String-to-Date Conversion Rules" allow a fully spelled-out month to be entered in place of a numeric month (MM form mask element) or abbreviated month (MON form mask element). However, in this case, the number of characters that can be typed into a text item or combo box allows only enough room for an abbreviated month.

    Prior to 11gR1, input DATE format masks were not taken into account. In 10gR2 (10.1.2), the number of characters the end user was allowed to type into a DATE item was determined solely from the output format mask. In Forms 6i (6.0.8), the Maximum Length property of the DATE item was also taken into account.

Workarounds

The changes in behavior documented above may affect users who have set the Auto-Skip property for a DATE item. The end user may now be allowed to type more characters into a specific DATE item, in which case auto-skip will not occur in cases where it did occur prior to 11gR1. To ensure that auto-skip occurs, add the FX modifier to the format mask that will be used for the item, for example, FXYYYY/MM/DD. If there is no item-specific format mask (that is, no format mask is set either in the item's property palette or programmatically), then the item's format mask will be derived from environment variables. The FORMS_USER_DATE_FORMAT and FORMS_USER_DATETIME_FORMAT environment variables are recommended as they take precedence over any NLS environment variables that might affect DATE format masks.

Note that specifying the FX modifier will disallow the alternate format masks that are documented in "String-to-Date Conversion Rules" in section "Format Models" of the SQL Reference. Also note that the FORMS_USER_DATE_FORMAT and FORMS_USER_DATETIME_FORMAT environment variables can explicitly specify alternate format masks, separated by vertical bars, for example, FXDD-MON-YYYY|FXMON-DD-YYYY. [If the FORMS_OUTPUT_DATE_FORMAT and FORMS_OUTPUT_DATETIME_FORMAT environment variables are not set, the output format masks are derived from the first format mask specified in each of the FORMS_USER_DATE_FORMAT and FORMS_USER_DATETIME_FORMAT environment variables.]

PK㌯(ppPK Oracle Identity Management PKN PK Oracle SOA Suite, Oracle BPM Suite, and Common Functionality

13 Oracle SOA Suite, Oracle BPM Suite, and Common Functionality

To view the latest known issues associated with Oracle SOA Suite, BPM Suite, and related SOA technologies, go to Oracle Technology Network (OTN) at http://www.oracle.com/technetwork/middleware/docs/soa-aiafp-knownissuesindex-364630.html. These known issues documents include the following products:

  • Oracle Adapter for Oracle Applications (Oracle E-Business Suite Adapter)

  • Oracle AIA Foundation Pack

  • Oracle Application Adapters for Oracle WebLogic Server

  • Oracle Application Server Legacy Adapters

  • Oracle B2B

  • Oracle BPEL Process Manager

  • Oracle Business Activity Monitoring

  • Oracle Business Process Management

  • Oracle Business Rules

  • Oracle Complex Event Processing

  • Oracle Enterprise Repository

  • Oracle Human Workflow

  • Oracle Mediator

  • Oracle Service Bus

  • Oracle SOA Suite and Oracle BPM Suite Common Functionality

  • Oracle Technology Adapters

PK4 PK Oracle Adaptive Access Manager

17 Oracle Adaptive Access Manager

This chapter describes issues associated with Oracle Adaptive Access Manager. It includes the following topics:

17.1 General Issues and Workarounds

This section describes general issues. It includes the following topics:

17.1.1 OAAM Sessions is Not Recorded When IP Address from Header is an Invalid IP Address

OAAM sessions were not recorded for some header-based IP addresses.

Header based IP addresses are not accepted by default. To enabled the reading of IP addresses from the header, set vcrypt.tracker.ip.detectProxiedIP to true. When header IP addresses are enabled, only valid IP addresses are used. If the header contains an invalid IP address, the actual request IP address is used.

17.1.2 Checkpoint Boxes in Session are Displayed with Same Timestamp

The same timestamp is displayed in Checkpoint boxes in the Session Details page when multiple transactions are triggered in the same session. This bug has been fixed for OAAM Online.

17.1.3 Autogenerated Agent Cases Display User Specific Data

When an OAAM Agent Case is autogenerated from a Configurable Action, the User Details pane is populated with details of the user for the session where the case was created. An autogenerated Agent case should not contain user-specific data. Only Escalated Agent cases should display user details since they are the only cases specific to a single end user.

17.2 Policy Management Issues and Workarounds

This section describes policy management issues and workarounds. It includes the following topics:

17.2.1 Rule Condition Check Current Transaction Using the Filter Conditions Cannot Be Configured for Corresponding Attributes of Two Entity Instances

When two instances of an entity are associated to an OAAM Transaction and a filter condition is set up to compare an attribute of one entity instance with the corresponding attribute of the other entity instance, the OAAM Administration Console can only configure a comparison between the same attribute instead of a comparison between the different attributes.

For example:

Two instances of the Address entity are associated with a Transaction, one with the instance name BillingAddr and another with the instance name ShippingAddr. If the user configures Check Current Transaction using the filter condition to compare Billing.line1 with ShippingAddr.line1, after saving the rule, the OAAM Administration Console always shows the instance --- line1 of BillingAddr in the dropdown for the attribute the user wants to compare and the dropdown for the attribute the user is comparing to.

17.2.2 Rule Condition to Check Consecutive Transactions Fails Entity Check

The rule condition TRANSACTION: Check if consecutive Transactions in given duration satisfies the filter conditions does not trigger. The condition returns False and the entity check fails with exceptions in the debug log.

17.2.3 Exclude IP List Parameter for User and Device Velocity Rule Conditions

The Exclude IP List parameter was added to the following conditions:

  • Device: Velocity from last login

  • User: Velocity from last login

This parameter allows you to specify a list of IP addresses to ignore. If the user's IP address belongs to that list, then this condition always evaluates to false and no action and/or alert is triggered. If the user's IP address is not in that list or if the list is null or empty, then the condition evaluates the velocity of the user or the device from the last login. If the velocity of the user or the device from the last login is more than the configured value in the rule, the condition evaluates to true and the condition is triggered.

17.2.4 OAAM Offline Displays Only the Last Rule Executed Overwriting Previous

When multiple transactions are run in the same session, only the rule triggered for the last transaction is displayed in OAAM offline. The rules from the previous transactions are overwritten. To fix this bug, you must apply the patch and update the database schema.

17.2.5 User: Check First Login Time Rule Condition Always Triggers

The User: Check first login time condition returned the same value regardless of when the user logged in.

17.3 Transaction Issues and Workarounds

This section describes OAAM Transaction issues. It includes the following topics:

17.3.1 OAAM Displays Only the Last Rule Executed and Overwrites Previous Rules

When multiple transactions are triggered in the same session which result in multiple alerts and policies execution, OAAM displays only the most recent alerts and policies triggered and overwrites the alerts and policies from previous transactions.

17.3.2 OAAM Shows Only 25 Transactions in Session Details

When there are more than 25 data elements configured for a transaction, the Session Details displays only transaction details for the first 25 items. The page has no scroll bars for scrolling.

17.3.3 Alerts Are Not Displayed Beyond 25 Transactions

Alerts are not visible for transactions beyond the 25th. If there are more than 25 checkpoint boxes containing alerts, they are not visible in the Session Details, although the data is seen in the database.

17.3.4 OAAM Transaction Cannot Be Created with Numeric Parameter of More than 16 Digits

If a user defines any numeric value more than 16 digits in a transaction field, the transaction creation fails with the error on the server of ORA-01438: value larger than specified precision allowed for this column.

17.3.5 Transactions in Session Details Duplicated After 25

Transactions listed in Session Transactions section of Session Details are duplicated after 25 transactions in a session.

17.3.6 Transaction ID Association with Alert Does Not Work

Transaction ID association with Alert is not working even after passing transactionId in processRules API. The bug has been fixed for the server-side.

17.3.7 OAAM Console Does Not Display Transaction Status

Transaction status needs to be displayed in the Transaction Details page so that the Fraud team will be able to see if a transaction was attempted but did not complete. This provides information on both the behavior of customers and fraudsters and also of the functioning of the rules. The Fraud team does not believe they can do their job effectively if they cannot tell the transaction status. The workaround is to display the status value for each transaction on the Session Transactions panel along with Name, Transaction Id, Description, and Timestamp. The value displayed would be mapped from the property tracker.transaction.status.enum (e.g. 1=Success, 99=Pending).

17.3.8 Transaction Mapping Substring Error for First Character Value

When the user performs a transaction mapping of the type SubString, the first character of the value is missing from the mapping result because the oaam.transaction.mapping.startindex.min property was set to 1. Setting the property to 1 starts the substring operation from the second character of the string. A fix has been made so that this property is assigned to 0 so that the substring operation starts from the first character of the string.

17.3.9 Update Time for Entity Is Updated Without Any Change in Entity Data

When using an entity that is mapped to a Transaction Definition in a transaction, the entity's update time is updated by the OAAM Server even if no changes were made to the entity data (other fields are not updated). Database performance is impacted when this occurs.

17.4 Knowledge-Based Authentication Issues and Workarounds

This section describes Knowledge-Based Authentication issues. It includes the following topics:

17.4.1 Registration Logic Page Does Not Display KBA Logic

The KBA Registration Logic page does not display KBA Logic (Question per menu, Categories per menu, Number of questions the user will register) because the previous out of the box snapshot did not contain the properties for the KBA Registration Logic page. The patch fixes this problem. To effect this fix, the new out of the box snapshot file (oaam_base_snapshot.zip) needs to be imported. Note that importing this file will overwrite the existing content in the server.

If you do not want to import the snapshot file, but want to fix the registration logic related issue, you can create the following properties (with default values as shown):

challenge.question.registration.groups.categories.count=5
challenge.question.registration.groups.count=3
challenge.question.registration.groups.minimum.questions.per.category.count=1
challenge.question.registration.groups.questions.count=5

The patch also fixes the policy overrides in such a way that when the user fails the OTP challenge, the challenge does use KBA as a fallback. If you do not want to overwrite the contents but just import the newer policies, you can import oaam_policies.zip as a policies import. Importing the policies does not fix the registration logic related bug.

17.4.2 Answer Logic Abbreviation Resource Was Not Used

Answer Logic checks if the answer provided by the user matches closely to the ones provided during registration. Answer Logic relies abbreviations.

An updated Answer Logic abbreviations resource bundle is available in OAAM 11.1.1.5. In the new resource bundle, the following are considered a match:

Registered AnswerGiven Answer

Missus

Mrs

Mister

Mr

Sergeant

Sgt

Mrs

Missus

Mr

Mister

Sgt

Sergeant


17.4.3 Update KBA for FFIEC Compliance

The following KBA questions from previous releases were deleted from the kba_questions.zip (English) file and oaam_base_snapshot.zip file for Federal Financial Institutions Examination Council (FFIEC) compliance:

Children Category

Delete or deactivate the following 10 questions:

  • What year was your oldest child born?

  • What year did your oldest child start school?

  • What year did your youngest child start school?

  • What is your eldest child's middle name?

  • What is the first name of your youngest child?

  • What year was your youngest child born?

  • What is the first name of your oldest child?

  • What is your youngest child's birthday?

  • What is your youngest child's middle name?

  • What is your oldest child's birthday?

Education Category

Delete or deactivate the following 18 questions:

  • What year did you graduate from high school?

  • What year did you graduate from junior high school?

  • What city was your high school in?

  • What were your college colors?

  • What year did you graduate from grade school?

  • What was the mascot of your college?

  • What were your high school colors?

  • What was the mascot of your high school?

  • What is the name of a college you applied to but did not attend?

  • In what city was your first elementary school?

  • What year did you start high school?

  • What year did you start junior high school?

  • What year did you start grade school?

  • What year did you graduate from college?

  • What year did you start college?

  • What was your major in college?

  • What was the first school you ever attended?

  • What city was your college in?

Miscellaneous Category

Delete or deactivate the following 2 questions:

  • What is the first name of your closest childhood friend?

  • What is your height?

Parents, Grandparents, Siblings Category

Delete or deactivate the following 17 questions:

  • What year was your father born?

  • What is your father's birthday?

  • What is your oldest sibling's nickname?

  • In which city was your father born?

  • In which city was your mother born?

  • What is your parent's current street address number?

  • What is your parent's current street name?

  • What is your youngest sibling's nickname?

  • What is your parent's current ZIP code?

  • What year was your mother born?

  • What are the last 4 digits of your parent's phone number?

  • What is your maternal grandmother's first name?

  • What is your paternal grandmother's first name?

  • What is the first name of your youngest sibling?

  • What is your paternal grandfather's first name?

  • What is your mother's birthday?

  • What is the first name of your eldest sibling?

Significant Other Category

Delete or deactivate the following 18 questions:

  • Where did you go on your honeymoon?

  • What year did you get married?

  • What year was your significant other born?

  • What is your significant other's birthday?

  • What date is your wedding anniversary?

  • In what city did you meet your spouse for the first time?

  • What city was your significant other born in?

  • What is the first name of your significant other's mother?

  • What is the first name of your significant other's father?

  • What is the last name of your significant other's eldest sibling?

  • What is the first name of your significant other's youngest sibling?

  • What high school did your significant other attend?

  • What was the last name of your best man or maid of honor?

  • What was the first name of your best man or maid of honor?

  • Name of the place where your wedding reception was held.

  • What is your spouse's nickname?

  • What state was your significant other born in?

  • What is the last name of your significant other's youngest sibling?

Sports Category

Delete or deactivate the following 4 questions:

  • What is the mascot of your favorite sports team?

  • What are the colors of your favorite sports team?

  • What team is the biggest rival of your favorite sports team?

  • What is your all time favorite sports team?

Your Birth Category

Delete or deactivate the following 9 questions:

  • What is the ZIP code where you grew up?

  • Who was the US President when you were born?

  • How old was your father when you were born?

  • How old was your mother when you were born?

  • What is the name of the hospital you were born in?

  • What is the ZIP code of your birthplace?

  • What is the holiday closest to your birthday?

  • What state were you born in?

  • What city were you born in?

17.4.4 Closing Browser on Image and Security Phrase Registration Page

If the user tries to register his security image and phrase for the first time and during the process, he closes his browser window on the registration and user preferences pages or returns to the login page, the last image and phrase presented are accepted as the default even if he has not explicitly chosen them by clicking the Continue button.

A fix has been made so that the image and phrase registration only saves the image and phrase after the user clicks Continue on the registration and user preferences pages.

17.4.5 OAAM Change Password Does Not Display Any Validation for Password Fields

The OAAM Change Password page in an OAAM and OIM integration does not display any validation for the Password field. The issues are as follows:

  • If the user does not enter a password, but clicks Submit, there is no validation that the fields are empty

  • If the user enters a new password and then the confirmation password, the password is accepted regardless of whether they are the same or different

  • If the user changes his password, the old password is not validated to confirm that it is correct

17.4.6 ORA-01722 Occurs During KBA Update

An ORA-01722 error can occur when adding a new challenge question.

17.4.7 Registered Questions Are Deleted and Subsequent Challenge Does Not Succeed

If a user's question set contains a deleted question and/or if a user's registered questions contain a deleted question and/or if the KBA registration logic is out of alignment with the user's registered questions and question set (the number of questions/categories and so on), when the user tries to update his question set but cancels or closes the browser window or the session times out without saving, that user's existing questions are deleted from the database. The subsequent challenge does not succeed as the existing questions have been deleted.

This issue has been fixed so that now if a user's registered questions have been deleted in the process of resetting the questions, the user will be asked to re-register new ones on the next login.

17.5 Integration Issues and Workarounds

This section describes OAAM integration issues. It includes the following topics:

17.5.1 setupOAMTapIntegration.sh Does Not Set oaam.uio.oam.secondary.host.port

The setupOAMTapIntegration.sh script does not set the secondary OAM host information (oaam.uio.oam.secondary.host.port value) during the configuration of Oracle Adaptive Access Manager for the Oracle Access Manager and Oracle Adaptive Access Manager integration. The workaround is to set the property value through the property editor.

17.5.2 OAAM Does Not Support Juniper Single Sign-On for Authentication and Forgot Password Flow

The OAAM Authentication flow is not invoked when integrated with Juniper SSL. With invoking OAAM, the integration can detect fraud and determine risk during the authentication flow and accordingly strongly authenticate the user using OAAM capabilities like Challenge, Block, and other actions. The Juniper SSL and OAAM integration flow should be as follows:

  1. The user tries to access a web application or URL that is secured by Juniper SSL, and Juniper SSL detects whether the user is authenticated or not.

  2. If the user is authenticated then he is allowed to proceed to the web application.

  3. If the user is not authenticated, he is redirected to the OAAM Server. The OAAM Server displays the User ID page and prompts the user to enter his User ID. Once the user enters his User ID, OAAM evaluates the Pre-Authentication checkpoint policies and checks to see if the user has to be blocked.

  4. OAAM then checks to see if the user has registered for an Authentication Pad. If so, it displays the registered Authentication Pad, otherwise it displays a generic text pad.

  5. OAAM Server displays the Password page with the Authentication Pad and prompts the user to enter his password. Once the password is entered, it is validated against the user store (the user store can be LDAP, Active Directory, or any active user store). It also identifies the device by running the device identification process.

  6. If the credentials are incorrect then OAAM displays an error page and asks the user to enter his credentials again.

  7. If the credentials are correct then OAAM evaluates Post-Authentication checkpoint policies. Based on the outcome of the policy OAAM might challenge or block the user.

  8. If the outcome ofNd Post-Authentication is ALLOW then OAAM determines if the user has to be registered. Based on the types of registration, OAAM takes the user through registration pages.

  9. If the outcome of Post-Authentication is CHALLENGE and if the user is already registered for at least one of the challenge mechanisms, OAAM challenges the user. If the user is able to answer the challenge then he would be allowed to continue to the next step. As the next step OAAM fetches the user attributes from the user store and then creates the SAML response, signs it and then it posts to the Juniper SSL redirection URL. Juniper SSL then takes control, validates the SAML payload, and lets the user access the web application.

  10. If the outcome of Post-Authentication is BLOCK then user would be blocked and he would not be able to access the web application.

17.5.3 Step Up Authentication Changes

The Step Up Authentication feature is available with OAAM. Step Up Authentication allows users who have been authenticated by OAM at a lower level to access resources protected by OAAMTAPScheme configured at a relatively higher authentication level. When the user tries to access a protected resource that is configured at a higher level, OAAM runs policies to determine how to further authenticate the user so as to gain the required level of authentication needed for access to the protected resource. The user is not taken to the normal login flow since he is already authenticated.

The property to disable/enable Step Up Authentication mode in TAP Integration: By default the Step Up Authentication mode is enabled. However if you want to disable this feature, then set property oaam.uio.oam.integration.stepup.enabled as false.

Change in behavior for the end user: For an end user using the Access Manager-OAAM TAP Integration, the change in behavior is as follows:

If a user has already been authenticated by Access Manager and he tries to access a resource protected under TAPScheme with OAAM as the TAP partner, the user is not taken to the OAAM login flow (since the user is already authenticated). However, OAAM runs its fraud detection policies and might ask challenge questions or block the user depending on the risk evaluated by the policies.

17.5.4 TAP: Incorrect Error Message

In Access Manager-OAAM TAP integration, when an incorrect user name or password is supplied, OAAM shows following error:

There was some technical error processing your request.   Please try again

The patch fixes this problem: the error message now indicates an invalid user name or password error instead of a technical error.

17.5.5 OAAM 11g SOAP Timeout Exception Handling

The client calling Web services is not getting exceptions for timeouts. As a result the client cannot handle SOAP timeouts in a proper way because it cannot determine whether the exception is a SOAP timeout or any other faults. A fix has been implemented so that a specific error code for timeouts is passed to the client. The client can therefore handle the fault per the information contained in the exception.

The method handleException() has introduced a class VCryptSOAPGenericImpl which can be overridden to include more error codes based on business requirements. Currently it has been set for soaptimeout errors:

protected String handleException(String requestName, Exception ex, String resultXml) {

17.5.6 OAAM Should Call UserManager.Unlock() in the Forgot Password Workflow

In the Forgot Password flow executed by OAAM in an Oracle Identity Manager and Access Manager integration, the user is not unlocked when he changes his password. When OAAM executes the changePassword() API, Oracle Identity Manager does not automatically unlock the user.

The following steps are needed to enable automatic unlocking of the user on the Oracle Identity Manager side when OAAM executes the changePassword () API during the Forgot Password flow:

  1. Log in to the OAAM Administration Console.

  2. In the navigation pane, click Environment and double-click Properties. The Properties search page is displayed.

  3. Set oaam.oim.passwordflow.unlockuser to true.

    By default this property value is set to false. By setting this property to true OAAM will call the unlock API of Oracle Identity Manager in the Change Password task flow.

17.6 Reporting Issues and Workarounds

This section describes OAAM BI Publisher reports and Sessions issues and workarounds. It includes the following topics:

17.6.1 Alert Message Link in Session Details Page Does Not Open the Alert Details

When the user tries to access an alert details page from an alert message link in the Session Details page, the page fails to open.

To work around this issue, use the alert message link on the Session Search page.

17.6.2 OAAM Rules Breakdown Report Does Not Provide Correct Information

The BI Publisher Rules Breakdown report does not give a summary of the rules which have been triggered by the checkpoint and policy. The values given are not complete or accurate.

For the report to work, run the following script:

create or replace view OAAM_FIRED_RULES_VIEW as (

select actionMap.create_time, ruleMaps.rule_map_id, actionMap.request_id,

actionMap.runtime_type,

sessions.user_id, sessions.node_id, actionMap.action_list

from (select substr(attr_name, 7) ruleInstanceId, case when

length(trim(translate(attr_value, '+-.0123456789', ' '))) is null then

CAST(attr_value AS NUMBER(16)) else null end rule_map_id, fprint_id from

v_fp_map where attr_name like 'RLD_ID%') ruleMaps

inner join vt_session_action_map actionMap on actionMap.rule_trace_fp_id =

ruleMaps.fprint_id

inner join vcrypt_tracker_usernode_logs sessions on sessions.request_id =

actionMap.request_id

inner join (select substr(attr_name, 11) ruleInstanceId, case when

length(trim(translate(attr_value, '+-.0123456789', ' '))) is null then

CAST(attr_value AS NUMBER(16)) else null end attr_value, fprint_id from

v_fp_map where attr_name like 'RLD_STATUS%') ruleStatus

on ruleStatus.ruleInstanceId = ruleMaps.ruleInstanceId and

ruleStatus.fprint_id = ruleMaps.fprint_id

where ruleStatus.attr_value=1

union select ruleLogs.create_time, ruleLogs.rule_map_id,

policySetLogs.request_id, policySetLogs.runtime_type,

userNodeLogs.user_id, userNodeLogs.node_id, ruleLogs.action_list

from VR_RULE_LOGS ruleLogs

inner join VR_MODEL_LOGS modelLogs on ruleLogs.MODEL_LOG_ID =

modelLogs.MODEL_LOG_ID

inner join VR_POLICY_LOGS policyLogs on modelLogs.POLICY_LOG_ID =

policyLogs.POLICY_LOG_ID

inner join VR_POLICYSET_LOGS policySetLogs on policyLogs.POLICYSET_LOG_ID =

policySetLogs.POLICYSET_LOG_ID

inner join VCRYPT_TRACKER_USERNODE_LOGS userNodeLogs on

policySetLogs.REQUEST_ID = userNodeLogs.REQUEST_ID

where ruleLogs.status=1);

commit;

17.7 Configuration Issues and Workarounds

This section describes the following configuration issues and workarounds:

17.7.1 Database Archive and Purge Scripts Missing from Installation

Case and monitor data purge scripts are missing from the oaam_db_purging_scripts.zip file.

For purging case data, the following scripts need to be included:

  • create_case_purge_proc.sql

    The create_case_purge_proc.sql script is required to set up the archive and purge routines for the Oracle database.

  • exec_sp_purge_case_data.sql

    The exec_sp_purge_case_data.sql is required to perform the archive and purge of case data.

For purging monitor data, the following scripts need to be included:

  • drop_monitor_partition.sql

    Customers who are using the Oracle table partitioning option and have no reporting database should run the drop_monitor_partition.sql script before setting up purging routine for monitor data.

  • exec_v_monitor_purge_proc.sql

    The exec_v_monitor_purge_proc.sql script calls the stored procedures to archive and purge data from device fingerprinting tables.

  • create_v_monitor_purge_proc.sql

    The create_v_monitor_purge_proc.sql script creates the V_MONITOR_DATA_PURGE table and the stored procedure SP_V_MON_DATA_PURGE_PROC to archive and purge data from the transaction table.

17.7.2 Juniper Login Fails Due to Incorrect CN Value and No UID Attribute in SAML Response

After successful authentication, OAAM obtains the user attributes from the user store and sends user attributes in a SAML assertion to Juniper. Juniper is set up to look for attributes to read from the SAML assertion to match the user in its repository. Then it logs the user in to the requested target page or web application.

In this bug, the user is unable to log in to Juniper via OAAM because Juniper fails to identify the user. OAAM did not fetch the correct cn (common name) value and it did not set the uid (User ID) attribute in the SAML response.

17.8 Customer Care Issues and Workarounds

This section describes customer care and investigation issues. It includes the following topics:

17.8.1 Investigator Role Overrides CSR Role When Both Roles Are Given to a User

When a user is given both the Investigator and CSR Access roles, the former overrides the access permissions of the latter and the user has only Investigator access and no CSR access. Expected behavior is that a user having both Investigator and CSR access, should be able to perform Investigator and CSR tasks.

17.8.2 Scroll Bars Missing from Some Case Management Screens

Users with low resolution monitors are not able to see details in full in the Case Details page. Details refer to those available based on a user's role. The Case Details page required scroll bars so that a users with low resolution monitors can see all details.

17.8.3 Case Search and Case Details Do Not Display Case Disposition

After an OAAM Agent case is closed with a disposition of Confirmed Fraud, the agent can locate the case by searching by deposition but Confirmed Fraud is not displayed in the Case search page even after adding Disposition as a column to display. When the Case Details page of the same case is opened, the field is empty for Disposition.

17.8.4 Wrong User Attributed for Last Notes Added If Two Users Concurrently Update Case Notes

OAAM allows two agents to concurrently access a case, but if the two agents add notes to the case, OAAM saves both agents' notes; however, the second agent's notes are displayed as having been added by the first agent. Concurrent write access to cases is supported: if two agents are accessing the case at the same time, the second agent is made aware that the case is being worked on by another agent with a warning message. When the second agent continues, he is made the owner of the case. Notes are attributed to the correct agent.

17.8.5 Manually Created OAAM Agent Cases Cannot Be Searched by Username or User ID

When an OAAM Agent Case is autogenerated from the Configurable Action, the User Details panel is populated with user details for the session for which the case was created. When manually creating a case and linking to a session, user details are not populated. Subsequent searches of cases by Username or User ID only locate automatically created cases.

An enhancement has been made so that the Agent case creation page can optionally accept entry of a valid Username and/or User ID if the oaam.customercare.agent.case.allow.userinfo property is set to true. If a Username and/or User ID is entered it is mapped to the Agent case. Agent cases with a mapped Username and/or User ID are searchable by Username and/or User ID. These cases display the mapped user identifier in the Username and/or User ID column on the Cases search page. Only an Agent case that has been escalated from a CSR case displays the User Details section under the Case Details Summary tab.

17.8.6 OAAM Allows Case Ownership Change and Add Notes Actions to Closed Case

After an Agent case is closed, case ownership can still change when accessed by another user. The case owner is changed to the user who accessed the case. OAAM also allows the adding and editing of notes after a case is closed. After an Agent case is closed, no changes should be allowed.

17.8.7 Create Agent Case Configurable Action Displays Wrong Name for Action

When a Configurable Action triggers the Create Agent Case action, it is displayed as Add to IP Watch list for both the Name and Description of the action when it is added to an Action group.

17.8.8 KBA and OTP Failure Counter Reset and Unlock

Challenge failure counters are not displayed on the CSR Case Details as in the details pages. Failure counters should be displayed for KBA and OTP as well as for new or custom challenge processors. Also, the Reset action does not reset all the counters. An Unlock action should reset all counters (KBA and OTP). The following should occur for counters when the Unlock action is performed:

  • Unlocking KBA resets the KBA and OTP failure counters to 0

  • Unlocking OTP resets the KBA and OTP failure counters to 0

The following actions should occur for failure counters when the Reset action is performed:

  • Resetting KBA resets KBA and OTP failure counters to 0. The user will be required to register challenge questions again

  • Resetting CSR KBA resets KBA and OTP failure counters to 0. The user will be required to register challenge questions again

  • Resetting OTP resets KBA and OTP failure counters to 0. The user will be required to register OTP again

The following enhancements have been made:

  • OAAM Admin Console Case detail and details pages display failure counter, registration, and other information for KBA, OTP, and other custom challenge mechanisms

  • OTP failure counters from different channels consolidate failures. For example, if multiple channels are used, the OTP status displays Locked if the combined OTP counters are above the threshold. So, if the user fails SMS twice and Email once and threshold is 3, they are locked using the consolidated OTP counter

  • The Reset action resets all challenge failure counters

  • The Unlock action is consolidated into an Unlock User action instead of separate actions for unlocking KBA and OTP. The Unlock User action resets all failure counters

  • User name is displayed on the Case Details tab instead of or along with Case ID

  • The Threshold value for failure counter can be set in the rule condition, User: Challenge Channel Failure.

17.9 Performance Issues and Workarounds

This section describes performance issues. It includes the following topic:

17.9.1 Out of Memory Error Occurs Scrolling through Sessions Search in OAAM Admin

Scrolling up and down on the Session search page may pass an empty or null input list, which may result in retrieving millions of rows from the database, causing the error, java.lang.OutOfMemoryError:GC overhead limit exceeded.

17.10 Geolocation Data Loader Issues and Workarounds

This section describes geolocation loader issues. It includes the following topics:

17.10.1 Upload of Geolocation Data Causes Unique Constraint Violation

When reloading the same location data file, or loading an updated location data file, the data would be loaded correctly, but the log file would show numerous warnings about unique constraint violations which degrades performance.

17.10.2 IP Location Data Loader Fails If There is a Blank Line in the File

The OAAM data loader fails to load IP location data if a blank line is in the data file and does not report the line number. The expected result is for the OAAM data loader to skip the blank line and display a warning message that include the line number.

You can work around this issue by opening the IP location data file, removing the blank line, and saving the file. This issue will be fixed in a future release.

17.11 Multi-Language Support Issues and Workarounds

This section describes multi-language support issues and limitations. It includes the following topics:

17.11.1 Session or Cases Page Cannot Open if Browser Language is Italian

When the browser language is set to Italian, the user cannot open pages with calendars in the OAAM Administration Console, such as the Session or Cases page. A pop-up window with the following error message is displayed:

java.lang.IllegalArgumentException:
Illegal pattern character 'g'

17.11.2 Session Search and Case Search By Date Range Does Not Work in OAAM Admin Console When Browser Language is Brazilian Portuguese or Spanish

Searching sessions and cases by date range does not work in the OAAM Administration Console when the browser language is set to Brazilian Portuguese or Spanish. When the user opens the calendar in the Session or Cases page in the Spanish or Brazilian Portuguese locale, the year value is always shown as 1970 and cannot be modified to the correct year. As a result, the search does not work and the expected data cannot be returned in the search results.

PK*XNPK Oracle WebCenter Portal

12 Oracle WebCenter Portal

This chapter describes issues associated with Oracle WebCenter Portal. It includes the following topics:

12.1 General Issues and Workarounds

This section describes general issues and workarounds. It includes the following topics:

12.1.1 Support for Discussions Server from Jive Software

Oracle supports the embedded discussions server from Jive Software. Use the supplied task flows that come with WebCenter Portal to call this discussions server. Any custom development against APIs in the Jive Web Service layer are subject to review by Oracle and may not be supported.

There are a limited set of beta features that Jive Software delivers as part of the discussions server that Oracle does not recommend and cannot yet support.

Documentation for Jive Forums is included for reference only. Jive software installations and upgrades outside of the WebCenter Portal product installation are not supported.

12.1.2 Troubleshooting Service Provisioning Issues

When you create a group space, an error similar to the following might be seen if provisioning a service exceeds the time allowed:

Group space created with the following warnings:

Issues were faced while provisioning the services.
Errors were encountered for the following services - Discussions and Announcements. Check if these services have been configured correctly.

When a group space is created, services are provisioned in parallel in multiple threads. If provisioning a service exceeds the specified timeout, the thread is interrupted. The timeout may be exceeded due to time needed to copy the metadata when the latency between the midtier and the database is too high, network issues, database performance issues, and so on.

To check if the issue is due to exceeding the timeout, search the log file for a message similar to the following:

<Nov 3, 2009 4:44:06 PM GMT> <Warning> <oracle.webcenter.webcenterapp> <BEA-000000> <Concurr: The thread is timed out in 10000 milisec. 
for oracle.webcenter.collab.forum:Execution timedout
queued :     12 ms
suspended :    0 ms
running : 5842 ms
timeout : 5000 ms
service : oracle.webcenter.community
resource : oracle.webcenter.collab.forum
source : oracle.webcenter.concurrent.RunnableTask@23268a92 (oracle.webcenter.concurrent.RunnableTask) submission : 15>

<Nov 3, 2009 4:44:06 PM GMT> <Warning> <oracle.webcenter.webcenterapp> <BEA-000000> <Concurr: The thread is timed out in 5000 milisec. 
for oracle.webcenter.collab.announcement:Execution timedout
queued :   37 ms
suspended :    0 ms
running : 5875 ms
timeout : 5000 ms
service : oracle.webcenter.community
resource : oracle.webcenter.collab.announcement
source : oracle.webcenter.concurrent.RunnableTask@37538945 (oracle.webcenter.concurrent.RunnableTask) submission : 18>

<Nov 3, 2009 4:44:06 PM GMT> <Warning> <oracle.webcenter.collab.forum.internal.jive.CategoryTaxanomyCreator> <BEA-000000>
 <java.io.InterruptedIOException: Operation interrupted

In this case, the running time of 5875 ms exceeded the timeout of 5000 ms. The root cause of the timeout should be addressed; for example, resolve networking or database performance issues.

The networking issues could be resolved by incresing the TCP/IP timeout value.To change the timeout values, log in as a root user and execute the following command:

ndd -set /dev/tcp tcp_time_wait_interval 480000 (default value is 60000)

Restart the Administration and Managed Servers. Once this is done, the group space can be created again and the error will not be encountered. If the performance cannot be improved and the error persists, the timeout value may be increased for the service encountering the error. For more information, see Section A.5.5, "Configuring Concurrency Management."

12.1.3 Oracle WebCenter Portal's Pagelet Producer Failover Support

Oracle WebCenter Portal's Pagelet Producer supports failover in a clustered configuration. However, the in-flight data (unsaved or pending changes) is not preserved. On failover, administrators must reestablish their administrative session. End users may also need to reestablish the session if the proxy is required to have a state. If SSO is configured, credentials are automatically provided, and the session is reestablished.

12.1.4 Option to Create a Portal Resource Displayed for Design-Time Task Flows

You can bring runtime task flows into JDeveloper, edit them, and export them back to the deployed application. However, Oracle recommends that you not expose task flows created in JDeveloper as portal resources. When you create an ADF task flow inside the /oracle/webcenter/portalapp folder, the context menu on the task flow definition file displays the Create Portal Resource option. Do not use this option to expose a design-time task flow as a portal resource. Task flows typically involve multiple files. When you export a new task flow from JDeveloper, all files may not be exported properly, and this may result in the task flow being broken post-deployment.

12.1.5 SQL Query with NCHAR Data Type Throws Exception

When using a SQL data control, you may encounter an error if the query contains a column with the NCHAR data type. As a workaround, you can use the to_char(NCHAR_COLUMN NAME) function.

12.1.6 Setting Up WNA-Based SSO Using JDK 1.6.22 Produces an Error

Setting up Windows Native Authentication-based single sign-on using SUN JDK 1.6.22 produces an error. Use the jrockit JDK instead of the Sun JDK, or contact Oracle Support to get a backport request for bug 10631797.

12.1.7 Configuring the REST Server Post-Installation

For certain features of the WebCenter Portal REST server to work correctly when using a REST client like the Oracle WebCenter Portal iPhone application, the flag WLForwardUriUnparsed must be set to ON for the Oracle WebLogic Server Plugin that you are using.

  • If you are running Apache in front of WebLogic Server, add this flag to weblogic.conf.

  • If you are running Oracle HTTP Server (OHS) in front of WebLogic Server, add this flag to mod_wl_ohs.conf.

The examples below illustrate the possible configurations for both of these cases.

For more information about how to configure WebLogic Server Plugins, see Oracle Fusion Middleware Using Web Server 1.1 Plug-Ins with Oracle WebLogic Server.

Example 1: Using <location /rest> to apply the flag only for /rest URIs (recommended)

<Location /rest>
  # the flag below MUST BE set to "On"
  WLForwardUriUnparsed    On
 
  # other settings, example: WebLogicCluster or WebLogicHost & WebLogicPort
 
  # set the handler to be weblogic
  SetHandler weblogic-handler
</Location>

Example 2: Applying the flag to all URIs served by Oracle WebLogic Server

<IfModule mod_weblogic.c>
   # the flag below MUST BE set to "On"
  WLForwardUriUnparsed    On
 
  # other settings, example: WebLogicCluster or WebLogicHost & WebLogicPort
  WebLogicCluster johndoe02:8005,johndoe:8006
  Debug ON
  WLLogFile             c:/tmp/global_proxy.log 
  WLTempDir             "c:/myTemp"
  DebugConfigInfo       On
  KeepAliveEnabled ON
  KeepAliveSecs  15
</IfModule>

12.1.8 Resources in Framework Application Disappear after Redeployment of Application

If a Framework application has been customized at runtime to add new resources through the Resource Manager, those new resources are lost after a new deployment or a redeployment of the same application.

Any new pages created at runtime that use the lost resources are still available even though the resources themselves are no longer available in the Resource Manager.

This issue happens when the application version or the redeployment version is changed during the redeployment of the application, either using Fusion Middleware Control or WLST. It can also happen on redeployment when the generic-site-resources.xml file has been changed at design time (for example, by creating new resources).

This issue occurs because the generic-site-resources.xml file is overwritten on redeployment.

To work around this issue, you must manually add the mds-transfer-config.xml file to the application.


Note:

Any resources created at design time must be manually added to the runtime application before redeploying the application.


  1. Download the mds-transfer-config.xml file from the following location:

    https://support.oracle.com/oip/faces/secure/km/DownloadAttachment.jspx?attachid=1343209.1:mdstransferconfig

  2. Extract the MAR file (for example AutoGeneratedMar.mar) from the EAR file.

  3. In the extracted MAR file directory, create a new directory, called META-INF, and copy the mds-transfer-config.xml file to the new directory.

  4. Update the MAR file with META-INF\mds-transfer-config.xml, for example:

    jar -uvf AutoGeneratedMar.mar META-INF\mds-transfer-config.xml
    
  5. Update the EAR file with the updated MAR file:

    jar -uvf YourApp.ear AutoGeneratedMar.mar
    
  6. Redeploy YourApp.mar.

12.1.9 Style Sheets Not Loaded Correctly for Sample WSRP Producer Test Pages through Oracle HTTP Server

If Oracle HTTP Server is used as a front end for the Sample WSRP Portlets producer, the style sheets for the WSRP Producer Test Pages of the WSRP Tools and Rich Text Editor portlet producers are not loaded properly in Mozilla Firefox or Google Chrome. However, the style sheets do load properly in Internet Explorer. Functionality of the portlets is not affected.

12.1.10 Cannot Customize or Personalize a JSF Portlet

When clicking OK after customizing or personalizing a JSF portlet (that is, a portlet created using the Oracle JSF Portlet Bridge), the portlet does not respond and displays a timeout message. This is caused by performing an edit action and changing the portlet mode in a single operation. End users can work around this issue by clicking Apply (instead of OK) to perform the edit action first, then clicking Return to change the portlet mode back to View mode.Portlet developers can avoid the issue occurring by editing the code for the generated Edit Defaults mode (in the edit_defaults.jspx file) and Edit mode (in the edit.jspx file) and removing the code for the OK button so that end users are forced to use the Apply button instead.

12.1.11 Fallback Support for Custom Translations

There is no fallback support for custom translations. For example, if you create a custom translations file named scope-resource-bundle_fr.xlf and the space language setting is country-specific (fr-FR), the custom translation file is not used because Spaces is looking for scope-resource-bundle_fr-FR.xlf.As a workaround, copy _fr xlf and include the country specification in the names of the custom translation files (for example, scope-resource-bundle_fr-FR.xlf).

12.1.12 Spaces Do Not Display Correct Language When the Spaces Application is Accessed Using OAM

When users access the Spaces application through OAM, spaces do not display the language selected on the OAM login page. The Spaces application does not use the same xlf file name standard as OAM.

12.1.13 Announcement Publication Format can be Incorrect in Thai

When the display language is set to Thai, the announcement publication format can be incorrect. This happens when announcements are opened to edit and are then saved, even if nothing in the announcement itself is updated.

12.1.14 Favorite Based on Seeded Page Lost When Language Preference Changed from en-US

If you add a seeded page, such as the Activities page, to your list of Favorites, and then change your preferred application language from en-US using Preferences, the favorite seeded page cannot be found.

12.1.15 The Run as Servlet Link on Producer Test Page Does Not Work for JSF Portlet

You can create a JSF portlet (that is, a portlet that uses the Oracle JSF Portlet Bridge) using the Create JSR 286 Java Portlet Wizard by selecting the Generate ADF-Faces JSPX implementation method on the third step of the wizard.

If you create a JSF portlet in this way, you may find that clicking the Run as Servlet link on the portlet's Producer Test Page produces an error. The portlet itself, however, runs correctly.

To avoid this issue, add the ADF Page Flow scope to the project that contains the portlet. For information, see the section "Adding and Removing Technology Scopes" in Oracle Fusion Middleware Developer's Guide for Oracle WebCenter.

12.1.16 Using OpenSocial Pagelets to Post Activities to User's Activity Stream

Pagelets based on OpenSocial gadgets are not able to post activities to a user's activity stream. To implement a temporary solution, grant User Profile 'edit' permission to Oracle WebCenter Portal's Pagelet Producer using the following WLST/WSAdmin command:

grantPermission(appStripe="pagelet-producer",
principalClass="oracle.security.jps.internal.core.principals.JpsAuthenticatedRoleImpl", principalName="authenticated-role",
permClass="oracle.webcenter.peopleconnections.profile.security.ProfilePermission",
permTarget="/oracle/webcenter/peopleconnections/profile/s8bba98ff_4cbb_40b8_beee_296c916a23ed/.*", permActions="view,edit")

After running the command, restart the Pagelet Producer server.

12.1.17 Accessing Owners' Profile Information Using the OpenSocial API

To access owners' Profile/Activities/Friends information using the OpenSocial API with Oracle WebCenter Portal's Pagelet Producer, you must target the WebCenterDS data source to the WC_Portlet managed server as described in the Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter. After saving this configuration, Activities and Friends information can be fetched, but Profile information is not returned. To access Profile information, restart the WC_Portlet managed server.

12.1.18 Granting View Document Permissions to Public and Authenticated Users for a Hierarchical Space

When you grant the View Document permission to the Public-User and Authenticated-User roles on a hierarchical space, equivalent "Read" permissions are not set correctly in Content Server. If you want public users and authenticated users to have View Document permissions on a space, you do not need to grant the permission to both the roles separately. When you grant the View Document permission to public users, authenticated users inherit the View Document permission automatically.

If you want to revoke View Document permissions from public users but grant View Document permissions to authenticated users, then revoke the permission from the Public-User role and add it for the Authenticated-User role.

12.1.19 Issues when Using the Russian or Swedish Language

In the Spaces application when the language is set to Russian, you cannot perform certain user management tasks for spaces, including adding a new user to a space, inviting a registered user to a space, and modifying or revoking a user's role assignment.

If the language is set to Swedish, the Roles page under Spaces Administration is not accessible.

12.1.20 Conditions for Deleting Messages from the Activity Stream

Users can delete only messages from the Activity Stream that were entered from the Publisher task flow and include a link. (In other words, messages in the Activity Stream that were not entered via the Publisher and do not include a link cannot be deleted.)Users can delete only messages with a link from the Activity Stream. Other activity stream entries, such as notifications of page creations, cannot be deleted.

12.1.21 Configuring Web Services Security for Discussions Server

In Release 11.1.1.7.0, discussions server is shipped with no message protection for Web Service interaction between discussions server and Spaces; this allows you to use discussions server without any further configuration. However, after patching your Oracle WebCenter 11.1.1.4.0 or earlier version, if you encounter WS-Security-related errors, you must reconfigure the discussions server security settings. For information, see the "Configuring Security Policies for Spaces, Discussions, and Portlet Producer Web Service End Points" section in Oracle Fusion Middleware Patching Guide.

12.1.22 Unable to View Entire Content on iPad as Scrollbars Not Displayed

The Apple iOS platform does not display scrollbars. When you view a page on an iPad, content may appear truncated because scrollbars are not displayed. Also, iFrame components ignore dimensions on iPad. To view the entire content area, use the two-finger scroll gesture on your iPad.

12.1.23 RSS Links Not Working Properly on iPad

The Apple iOS platform renders RSS links by loading them through the site reader.mac.com. If the WebCenter Portal instance is not accessible outside your firewall, RSS links cannot be viewed.

12.1.24 Cannot Upload Content Using iPad

The Apple iOS platform does not support a native file system browser. Therefore, you cannot upload content from an iPad. All upload actions, such as publish, upload, and share are disabled or hidden when you access WebCenter Portal from an iPad.

12.1.25 Cannot Copy Text Displayed on Pages

If you access a page through an iPad, you cannot copy the text displayed on the page. This is a limitation from the Apple iOS platform.

12.1.26 Embedded Images Not Rendered

The Mail task flow does not render embedded images. If an email contains inline images, they are shown as attachments, and not within the message body.

12.1.27 Unable to Check Out a Document When Using Firefox First Time

The first time you access WebCenter Portal using the Mozilla Firefox browser, and attempt to open a document using Desktop Integration over an SSL or HTTPS connection, you will receive a warning that the certificate is not trusted, even if the environment has a valid certificate. You can open the document, but cannot check in or check out the document from within a Microsoft Office application. However, subsequent use of Desktop Integration through the Firefox browser will work as expected and you will be able to check documents in and out from within a Microsoft Office application.

12.1.28 Navigating in the Preferences Dialog in Internet Explorer 9 (Accessibility Issue)

When using only the keyboard in WebCenter Portal in Internet Explorer 9, on the General Preferences page in the Preferences dialog, the Expression Editor dialog loses cursor focus after a value is changed using the down arrow key. The cursor focus goes back to the General Preferences page instead of the Expression Editor dialog. To work around this issue, use Internet Explorer 8 or any other supported browser like Safari 23.x or Firefox 10.x.

12.1.29 Web Clipping Portlet is Deprecated

The Web Clipping portlet is deprecated in Release 11g (11.1.1.7.0) and should not be used. Instead, create a clipper pagelet using Oracle WebCenter Portal's Pagelet Producer.

12.1.30 Messages Displayed During Import or Export Appear Incomplete (Accessibility Issue)

While accessing WebCenter Portal: Spaces using Internet Explorer 10, progress messages displayed during import or export space appear incomplete. To workaround this issue, click the browser compatibility icon next to the address bar to enable browser compatibility.

12.1.31 Deployment Fails Because Versioned Applications Are Not Supported

Application versioning is no longer supported by default for ADF applications. Upon initial deployment, an existing 11.1.1.6.0 (or earlier) or new application (11.1.1.7.0 or later) deploys successfully regardless of the applicatio?n's versioning. However, when redeploying an unversioned application from JDeveloper 11.1.1.7.0 to a WebLogic Server where a versioned instance of that application is already running, deployment will fail. This is because the server is already running a versioned instance and WebLogic Server does not allow deploying an unversioned instance of the same application. You will see an error message like this:

Weblogic Server Exception: 
weblogic.management.ManagementException: [Deployer:149082]You cannot deploy application 'Application1_application1' without version. The application was previously deployed with version 'V2.0'.

To resolve this issue, undeploy the versioned application first and then deploy the unversioned application.

12.1.32 Some Formatting Lost in Rich Text Editor When Shifting from Rich Text or HTML to Wiki Markup

In the Rich Text Editor, if you switch from the Rich Text or HTML pane to the Wiki Markup pane, you might encounter formatting issues. For example, only the image source and title properties or attributes are saved when switching to Wiki Markup.

12.1.33 Unable to Access All Nodes in a Large Navigation Model

If you have a navigation model with many nodes, depending on the page template used for your portal, you may not be able to access all those nodes when you render that navigation model in a page. If there are more nodes than fit in the area of the page template used for navigation, a >> icon provides access to a drop-down list of the remaining nodes. However, if this drop-down list is longer than the available screen size, you will not be able to access the nodes at the end of the list. For example, this situation may arise if you are using a page template where the navigation is displayed in a bar along the top of the page.

To work around this issue, consider using a different page template that displays navigation down the side of the page. Alternatively, you can use folders in your navigation model to group similar nodes together and reduce the number of nodes displayed at any one level of the navigation model.

12.2 Documentation Errata

This section describes documentation errata. It includes the following topic:

12.2.1 Oracle SES Active Connection

In Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter, in "Table 22-3 Oracle SES Connection - Name", the definition of Active Connection should read as follows:

"Select to use the Oracle SES instance defined on this connection as your search platform for your WebCenter Portal application. While you can register multiple Oracle SES connections for an application, only one connection is used—the default (or active) connection."

12.2.2 Extending the Spaces Application Using JDeveloper

If you want to develop custom resources or build custom shared libraries for the Spaces application (11.1.1.7.0) you must use Oracle JDeveloper 11.1.1.7.0 to develop your extensions.

In Oracle Fusion Middleware Developer's Guide for Oracle WebCenter, section "Downloading a Workspace for Spaces Development" incorrectly states to use Oracle JDeveloper 11.1.1.6.0. Specifically, step 2 should read as follows:

"Step 2 Download and install Oracle JDeveloper 11g (11.1.1.7.0).

Oracle JDeveloper 11g (11.1.1.7.0) is available for download from: http://www.oracle.com/technetwork/developer-tools/jdev/downloads/index.html"

12.2.3 Using Spaces Extension Samples Whitepaper

In Oracle Fusion Middleware Developer's Guide for Oracle WebCenter, section "Deploying Your Own Custom Code and Task Flows in Shared Libraries" incorrectly refers to the accompanying whitepaper as "Using Spaces Extension Samples (11.1.1.6.0)". For WebCenter Portal 11.1.1.7.0, you must refer to the whitepaper "Using Spaces Extension Samples (11.1.1.7.0)".

12.2.4 Microsoft Exchange Server 2010 Not Supported

In Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter, the "Configuring Microsoft Exchange Server 2007 or 2010 for WebCenter Portal" section and the "Third-Party Product Integration" appendix incorrectly specify Microsoft Exchange Server 2010 as a supported mail server. Microsoft Exchange Server 2010 is not certified for use with Oracle WebCenter Portal.

12.2.5 Presence Servers Supported for the IMP Service

In Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter the "Microsoft Live Communications Server (LCS) Prerequisites" section and the "Third-Party Product Integration" appendix do not provide complete product details about the presence servers supported by the Instant Messaging and Presence (IMP) service. You can configure any of the following servers as the communication server for the IMP service:

  • Microsoft Office Live Communications Server (LCS) 2005 R2

  • Microsoft Office Communications Server (OCS) 2007 SP1

  • Microsoft Lync 2010

PKyI?PK Web Tier

Part III

Web Tier

Part III contains the following chapters:

PK?z<7PK Oracle WebCenter Content PKnZRm PK Introduction

1 Introduction

This chapter introduces Oracle Fusion Middleware Release Notes, 11g Release 1 (11.1.1). It includes the following topics:

1.1 Latest Release Information

This document is accurate at the time of publication. Oracle will update the release notes periodically after the software release. You can access the latest information and additions to these release notes on the Oracle Technology Network at:

http://www.oracle.com/technetwork/indexes/documentation/index.html

1.2 Purpose of this Document

This document contains the release information for Oracle Fusion Middleware 11g Release 1 (11.1.1). It describes differences between Oracle Fusion Middleware and its documented functionality.

Oracle recommends you review its contents before installing, or working with the product.

1.3 System Requirements and Specifications

Oracle Fusion Middleware installation and configuration will not complete successfully unless users meet the hardware and software pre-requisite requirements before installation.

For more information, see "Review System Requirements and Specifications" in the Oracle Fusion Middleware Installation Planning Guide

1.4 Memory Requirements

Oracle Fusion Middleware memory requirements for installation, configuration, and runtime are as follows:

  1. Without a Database on the same server: Minimum 4 GB physical memory and 4 GB swap.

  2. With a Database on the same server: Minimum 6 GB physical memory and 6 GB swap.


    Note:

    These minimum memory values are with the assumption that no user or operating system process is consuming any unusually high amount of memory. If such a condition exists, corresponding amount of additional physical memory will be required.


1.5 Certification Information

This section contains the following:

1.5.1 Where to Find Oracle Fusion Middleware Certification Information

The latest certification information for Oracle Fusion Middleware 11g Release 1 (11.1.1) is available at the Oracle Fusion Middleware Supported System Configurations Central Hub:

http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

1.5.2 Certification Exceptions

This section describes known issues (exceptions) and their workarounds that are associated with Oracle Fusion Middleware 11g certifications. For a list of known issues that are associated with specific Oracle Fusion Middleware 11g Release 1 (11.1.1) components, see the Release Notes for the specific Oracle Fusion Middleware 11g Release 1 (11.1.1) component.

This section contains the following topics:

1.5.2.1 Certification Information for Oracle Fusion Middleware 11g R1 with Oracle Database 11.2.0.1

If you choose to configure Oracle Internet Directory with Database vault, do the following:

  1. Apply patch 8897382 to fix bug 8897382.


    Note:

    the following workaround is required only if the Oracle Fusion Middleware version is 11.1.1.1.0 (11gR1). This issue will be fixed in 11.1.1.2.0.


  2. Apply the workaround for bug 8987186 by editing <OH>/ldap/datasecurity/dbv_oid_command_rules.sql file and find the following declaration:

    /declare
     begin
          dvsys.dbms_macadm.CREATE_COMMAND_RULE(
          command => 'CONNECT'
          ,rule_set_name => 'OID App Access'
          ,object_owner => 'ODS'
          ,object_name => '%'
          ,enabled => 'Y');
     commit;
    end;/
    

and change the line that is indicated in bold:

/declare
 begin
      dvsys.dbms_macadm.CREATE_COMMAND_RULE(
      command => 'CONNECT'
      ,rule_set_name => 'OID App Access'
      ,object_owner => '%'
      ,object_name => '%'
      ,enabled => 'Y');
 commit;
end;/

1.5.2.2 Excel Export Issue on Windows Vista Client

Vista prevents applets from creating files in the local file system if the User Account Control (UAC) system is turned on. You can experience this problem if you have the UAC setting enabled on Vista and if you use a component like Discoverer Plus. If you start Discoverer Plus and if you try exporting a worksheet to a specified directory, the exporting succeeds but you cannot see the exported file in the directory. The available workarounds is to disable UAC and set protection mode to OFF. Refer to Bugs 8410655 and 7328867 for additional information.

1.5.2.3 Restrictions on Specific Browsers

1.5.2.3.1 Unable to View the Output of a JSPX Page in Internet Explorer 7

When a JSPX page is deployed and is then accessed using Internet Explorer 7 (IE7), the XHTML source is displayed instead of the page contents. This occurs in both normal and osjp.next modes.

The workaround is to instruct application users to access the application with Firefox or Safari.

1.5.2.3.2 Java Plugin for Discoverer Plus Not Downloaded Automatically on Firefox

When you attempt to connect to Discoverer Plus by using the Mozilla Firefox browser on a computer that does not have Java 1.6 installed, Firefox does not download the JRE 1.6 plug-in automatically. Instead, Firefox displays the following message: "Additional plugins are required to display this page..."

The workaround is to download the JRE 1.6 plug-in by clicking the Install Missing Plugin link to install it manually.

1.5.2.4 Process to Install and Configure WebCenter With 32-bit JDK on Supported 64-Bit Platform

For WebCenter 11g Release 1, the following platform has been verified with 32-bit JDK:

HP Itanium and HP PA-RISC:

32-bit HP JDK 1.6.0.02+

1.5.3 JMSDELIVERYCOUNT Is Not Set Properly

When using AQ JMS with Oracle Database 11.2.0.1, JMXDELIVERYCOUNT is not set correctly.

The workaround is to apply patch 9932143 to Oracle Database 11.2.0.1. For more information, contact Oracle Support.

1.5.4 Viewer Plugin Required On Safari 4 To View Raw XML Source

You need a Safari plugin to view raw XML. If there is no plugin installed, you will see unformatted XML which will be difficult to read. This is because Safari applies a default stylesheet, which only displays the text nodes in the XML document.

As a workaround, go to View > View Source in the Safari menu bar to see the full XML of the metadata document. Also, selecting File > Save and choosing XML Files as the file type, will correctly save the XML metadata file with all the markup intact.

1.6 Downloading and Applying Required Patches

After you install and configure Oracle Fusion Middleware 11g Release 1 (11.1.1.4.0), there might be cases where additional patches are required to address specific known issues.

Complete the following steps to obtain a patch:

  1. Log into the My Oracle Support web site at https://myoraclesupport.com/.

  2. Click the Patches & Updates tab.

  3. Use the Patch Search area to locate patches.

  4. On the Patch Search Results page, select a patch and click Download to download the patch.

  5. Install the patch by following the instructions in the README file that is included with the patch.

Table 1-1 lists some of the specific Oracle Fusion Middleware patches that were available at the time these release notes were published.

For additional patching information, see Section 3.1.1, "Patches Required to Address Specific Upgrade and Compatibility Requirements".

Table 1-1 Patches Required to Fix Specific Issues with Oracle Fusion Middleware 11g

Oracle Fusion Middleware Product or ComponentBug/Patch NumberDescription

Oracle SOA Suite - Oracle BPM Worklist application

9901600

Unless you apply this patch, errors appear in the log files when you access the Event Driven page in the Oracle Business Process Management Worklist application.

Oracle XDK for Java

10337609

This patch fixes the following issue.

If you use the XSU utility to insert some data into the database, and the database connection had the connection property called oracle.jdbc.J2EE13Compliant set to "true", and the target column was some kind of numeric column, then it is possible for the insert to fail with a the following error:

java.lang.NumberFormatException

1.7 Licensing Information

Licensing information for Oracle Fusion Middleware is available at:

http://oraclestore.oracle.com

Detailed information regarding license compliance for Oracle Fusion Middleware is available at:

http://www.oracle.com/technetwork/middleware/ias/overview/index.html

PK?PAAPK Oracle WebLogic Server

11 Oracle WebLogic Server

This chapter describes issues associated with Oracle WebLogic Server. It includes the following topics:


Note:

For a list of bugs that are fixed in WebLogic Server 11g Release 1 (10.3.6), enter the following document ID in the Search Knowledge Base field. You must enter the entire document ID.

1302753.1


11.1 General Issues and Workarounds

This section describes the following issues and workarounds:

11.1.1 Multi-Byte Characters Display Incorrectly in Filenames When Using Safari

When using the Safari browser to download content, if a filename contains multi-byte characters, the characters are displayed as '------' in the filename.

Workaround

Set UseHeaderEncoding to true on the Managed Server. Use the following WLST commands to do so:

connect("admin_name", "admin_password", "t3://localhost:port")
edit()
startEdit()
cd("Servers/server_name/WebServer/server_name")
set("UseHeaderEncoding", "true")
save()
activate()
exit()

11.1.2 Oracle WebLogic Server Version Number

Oracle Fusion Middleware 11g contains Oracle WebLogic Server 11g. The version number of Oracle WebLogic Server is 10.3.6.

11.1.3 Oracle ojdbc14.jar File Has Been Changed to ojdbc6.jar

The Oracle ojdbc14.jar file has been changed to ojdbc6.jar, for use with JDK 5 or 6. As a result, any explicit references you make to ojdbc14.jar must be changed to ojdbc6.jar.

11.1.4 Strong Password Enforcement May Cause Issues With WLST Offline Scripts

With the implementation of strong password enforcement (8 character minimum with one numeric or special character) in this release of WebLogic Server, existing scripts could potentially encounter issues.

Workaround

Use either of the following workarounds to bypass the new password restrictions.

  • Set the BACKWARD_COMPAT_PW_CHECK environment variable to true.

  • Include the -Dbackward.compat.pw.check=true option when invoking WLST.

Oracle recommends that you change passwords to comply with the new password requirements, as this variable and option will be removed in a future release of WebLogic Server.

11.1.5 In Turkish Locale, MDS Initialization Fails

Any applications that use an MDS repository cannot be deployed or run with the JAXB version bundled with WebLogic Server as null values are returned for attributes named id.

Workaround

Start the server in English locale.

11.1.6 Administration Server Reports a 'Too Many Open Files' Message on the EM Console

The WebLogic Server Administration Server reports a Too Many Open Files message on the Enterprise Manager (EM) console when the maximum number of file descriptors configured for the Administration Server is less than 65535.

Workaround

Increase the number of file descriptors within the shell and restart the WLS Administration Server within that shell. The command to increase the number of file descriptors (nofiles) differs across Operating Systems and shells but it is usually done with the ulimit command on UNIX platforms. So, consult the man pages for ulimit.

For example:

$ ulimit -n 65535

11.1.7 Availability of Sun JDK 6 U35-B52 for 10.3.5.0 Oracle WLS Generic Installation

Sun JDK 1.6.0.U35-B52 version is required for Oracle WebLogic Server 10.3.5.0 (PS4) generic installation on Linux x86-64, Microsoft Windows x64 (64-Bit), and Oracle Solaris platforms.

The mentioned version of JDK is not available for download from the Oracle Web site:

http://www.oracle.com/technetwork/indexes/downloads/index.html

Complete the following steps to download the required JDK version:

  1. Go to My Oracle Support:

    https://support.oracle.com
    
  2. Click the Patches & Updates tab.

  3. Enter patch 12346791 in the Patch Name or Number field, under Patch Search.

  4. Click Search.

  5. Select and download the patch for the required platform by following the instructions in the README file included with the patch.

11.2 Administration Console Issues and Workarounds

This section describes the following issues and workarounds:

11.2.1 Cached JDBC Information is not Displayed

Information about cached JDBC statements is not displayed on the JDBC Monitoring pages.

11.2.2 Pressing Browser Back Button Discards Context

After a page flow completes in the Administration Console, it forwards to a different page, typically a table.

Pressing the browser Back button at this point results in an attempt to load the last JSP file in the completed assistant. At this point, all of the context for this assistant is discarded.

Workaround

Oracle recommends that you do not use the browser Back button to step back into an assistant once changes are cancelled or finished, and that you do not go back to a previous step in an assistant. Instead, use the navigation links and buttons in the Administration Console.

11.2.3 Unsupported Work Manager Configurations Can Be Created

The Administration Console permits the creation of Work Manager configurations that are not supported and do not function as intended. Incorrect Work Manager configurations may result in a number of exceptions being recorded in the server logs, most commonly 'Validation problems were found' exceptions while parsing deployment descriptors.

Workaround

Follow the guidelines described in the online help for Work Manager configurations. Specifically, you can only assign one request class to any given Work Manager, and that request class must be of the same or a broader scope than the Work Manager. You should not assign an application-scoped request class to a global Work Manager, and you should not create more than one application-scoped request class for an application-scoped Work Manager.

Correcting the Work Manager configurations to match the documented constraints resolves these issues.

11.2.4 Server Status Table Reflects Inconsistent Information

The Server Status table on the Cluster: Monitoring: Summary page includes two default columns: Primary and Secondary Distribution Names. These fields do not always reflect all of the replication statistics that are collected and displayed on the Cluster: Monitoring: Failover page, depending on the replication scenario.

Please refer to the Cluster: Monitoring: Failover page for definitive information.

11.2.5 Exceptions When Defining a Security Policy for an EJB

When defining security policies in the Administration Console for an EJB deployment that references types defined in a separate library deployment, exceptions can be observed if that library deployment is not available to the Console.

Workaround

All library deployments should be targeted at the WebLogic Server Administration Server as well as any Managed Servers needed to support referencing applications. This will ensure that when defining policies, the Console will have access to those library deployments so that referenced types can be class-loaded as needed.

11.2.6 Administration Console Does Not Always Reflect External Changes Made in a Deployment Plan

The Administration Console does not always reflect external changes made in a deployment plan. If a change is made in a deployment plan outside of the Console (for example, using Workshop, editing the plan text files directly, or updating a deployment with a new plan using WLST or webLogic.Deployer) while a Console user is also viewing that deployment plan, the Console user will not see those changes.

Workaround

Navigate to a configuration page for a different deployment, then navigate back to the original deployment again.

11.2.7 Oracle OCI Driver Support

The Oracle OCI driver is no longer explicitly listed as a preconfigured driver type in the Administration Console.

Workaround

The Oracle OCI driver remains a supported driver for application data connectivity, consistent with prior releases of Oracle WebLogic Server. However, users must now specify all required configuration properties manually, including the data base username.

11.2.8 Data Takes a Long Time to Display on the Metric Browser Tab

When using Internet Explorer 7 (IE 7) to display data on the Metric Browser tab of the Monitoring Dashboard, it takes an unusually long time for the data to display, and during this time, the page is unresponsive. The amount of time it takes to display data on this tab depends on the size of the domain.

Workaround

If you need to display data on the Monitoring Dashboard > Metric Browser tab, open the Administration Console in a supported web browser other than IE 7, such as Internet Explorer 8 or greater, Firefox 3 or greater, or Safari 4 or greater.

11.3 Apache Beehive Support Issues and Workarounds

There are no known Apache Beehive Support issues in this release of WebLogic Server.

11.4 Configuration Issues and Workarounds

This section describes the following issues and workarounds:

11.4.1 ASProvWorkflowException Occurs When Creating a WebLogic Domain

In rare cases, if your installation environment contains existing JAVA_OPTIONS prior to starting a Fusion Middlware product installation, these may cause an ASProvWorkflowException, preventing the domain from being created.

Workaround

Prior to starting the Fusion Middleware product installation, clear the existing JAVA_OPTIONS. If you have an applicagtion in the environment that use these JAVA_OPTIONS, the applications may not work after clearing the options. In this case, save the existing JAVA_OPTIONS to a text file and investigate alternatives for running your other application.

11.4.2 Directory For a Non-Existent Server Name Is Created

If you attempt to connect to the WebLogic Server Administration Server with a non-existent server name, a directory for the non-existent server name is created under the domain_name/servers directory.

Workaround

Specify a valid server name when connecting to the Administration Server.

11.4.3 Abnormal Behavior in Terminal Window After Entering WebLogic Password

After pressing Ctrl-C to terminate the startManagedWebLogic.sh process immediately after entering the WebLogic password, abnormal behavior may be experienced in the terminal window. For example, when pressing Return, the prompt is tabbed instead of going to the next line, and any characters that are entered at the prompt are not displayed in the terminal.

Workaround

Either close the current xterm and start a new one, or enter stty echo into the xterm.

11.4.4 Creating and Updating Domains Takes Too Long

It can take a long time to create or update WebLogic Server domains when:

  • Installing WebLogic Server on UNIX or Linux operating systems if the Server Examples are included in the installation.

  • Using the WebLogic Server Configuration Wizard to create or update a domain.

  • Using WLST to create or update a domain.

Workaround

Set the CONFIG_JVM_ARGS environment variable to the following value:

-Djava.security.egd=file:/dev/./urandom

11.4.5 Password Field Is Not Editable When Configuring a New Domain

On Linux systems, when creating a new domain in the Oracle Fusion Middleware Configuration Wizard, the Password and Confirm Password fields are sometimes not editable, and you cannot enter a password to create a domain.

Workaround

There are two ways to work around this issue:

  • To work around the issue each time it happens, click the Close Window X button in the upper right corner of the Configuration Wizard. In the confirmation dialog that appears, click No to return to the Configuration Wizard. You can then enter and confirm the password for the domain.

  • To fix this issue permanently:

    1. Kill all scim processes. For example:

      kill `pgrep scim`

    2. Modify (or create) the file ~/.scim/config to include the following line (case-sensitive):

      /FrontEnd/X11/Dynamic = true

    3. If you are running VNC, restart the VNC server.

    4. Run the Configuration Wizard again.

11.5 Connector (Resource Adapter) Issues and Workarounds

There are no known Connector (Resource Adapter) issues in this release of WebLogic Server.

11.6 Console Extensions Issues and Workarounds

There are no known Extensions issues in this release of WebLogic Server.

11.7 Core Server and Core Work Manager Issues and Workarounds

This section describes the following issues and workarounds:

11.7.1 Threads Become Stuck While Waiting to Get a Connection

When a machine that is hosting one of the Managed Servers is abruptly shut down, a network cable is pulled, or its network interface card has issues, and any server attempts communication with that managed server, threads become stuck waiting to get a connection.

Workaround

This can currently be resolved by using a private flag:

-Dweblogic.client.SocketConnectTimeoutInSecs

and setting an appropriate timeout value that will release the thread attempting to make the connection and allow the request to fail quickly.

11.7.2 Using IPv6-Formatted Addresses

When using an IPv6-formatted address for WebLogic Server, the URL should include square brackets ('[' and ']') for the host address. Otherwise, WLST may fail to connect to the running server.

Workaround

Add square brackets to the host address. For example:

t3://[fe80:0:0:0:203:baff:fe2f:59e5]:9991

11.7.3 Server Cannot Be Started After a Whole Server Migration

If the WebLogic Server Administration Server is down when a Whole Server Migration occurs for a clustered server, and the server migrates to a machine on which it was never run before, the server cannot be started on the new machine.

Workaround

Use one of the following workarounds for this issue:

  • Ensure that the Administration Server is up when the server migration is being performed.

  • Use a shared disk/NFS for all the migratable servers in the cluster.

11.7.4 Object State is not Retained After Renaming Field

When FastSwap is enabled in a J2EE application, you can make certain types of changes to Java classes during development and expect to see the change without re-deploying, with all instance states of the Java object being retained.

One type of change that does NOT retain the object state is that when a field name is changed, it is treated as follows:

  • the field with old name is deleted

  • the field with new name is added

Thus, in this case, any state in the old field is not carried over to the renamed field.

Using the Workshop or FastSwap ant task, you may see a FastSwap operation completed successfully message, even when an instance field name change causes a value reset.

Workaround

You should expect an instance value to be reset when you change a field name.

11.7.5 Forcing Unicast Messages To Be Processed in Order

The following conditions can cause very frequent JNDI updates, and as a result, JMS subscribers may encounter a java.naming.NameNotFoundException:

  1. Unicast messaging is being used for cluster communication.

  2. The JMS topic connection is set with setReconnectPolicy("all").

  3. JMS durable subscribers on topic are created and removed very frequently.

Workaround

To fix this issue, a new property, MessageOrderingEnabled, has been added to the ClusterMBean. This property forces unicast messages to be processed in strict order. By default, this property is not enabled. To enable the property, add the following line manually to the <cluster> element in config.xml.

<message-ordering-enabled>true</message-ordering-enabled>

11.7.6 Servers Configured to Listen on a Host Name Are Listening on a Different Host Name After Startup

When using a host name to specify configuring the listen address on the WebLogic Server Administration Server or a Managed Server, machines that are configured with multiple Ethernet cards may listen on a different host name after startup. For example:

  • The machine has 3 Ethernet cards

  • Card 1 is mapped to hostname1-s (DNS registered host name)

  • Card 2 is mapped to hostname1-i (DNS registered host name)

  • Card 3 is mapped to hostname1 (actual node's host name)

  • You configure the server to listen on hostname1

  • After starting the server, it is listening on hostname1-s because Windows resolves the actual node's host name to the first enabled Ethernet card address

Workaround

Use one of the following three workarounds for this issue:

  1. Use the IP address, instead of the host name, as the listen address of the WebLogic Server Administration Server. On Managed Servers, use the IP address as the listen address, or configure the actual physical host name to the first Ethernet card in the machine.

  2. Add the following entry to the C:\Windows\system32\drivers\etc\hosts file on the machine:

    <ip_address> <hostname>

  3. Change the order of the network cards in the machine so that the card with the actual node's host name is Card 1.

11.7.7 Administration Server or Node Manager Cannot Track the Status of a Managed Server

If you start a managed server by providing an incorrect WebLogic Server Administration Server URL from the command line (that is, the Administration Server cannot be reachable at the provided URL), the managed server will start in Managed Server Independence (MSI) mode.

In this case, neither the Administration Server nor Node Manager can track the status of the managed server. The Administration Console will show the status of the managed server as UNKNOWN, but the server will actually be RUNNING in MSI mode.

11.7.8 Multicast Traffic Observed to be Unreliable During or After a Network Partition

During or after a network partition that causes a server migration to take place, multicast traffic has been observed to be unreliable. For example, one node may be receiving multicast traffic, but traffic originating from this node is not received on other nodes in the network. As a result, the migrated servers are not added to the cluster because their heartbeats were not received.

Workaround

Currently, the only known workaround is to use unicast cluster messaging.

11.8 Deployment Issues and Workarounds

This section describes the following issues and workarounds:

11.8.1 security-permission Element is not Available in weblogic-application.xml

The security-permission element is available in the weblogic.xml and weblogic-ejb-jar.xml deployment descriptors, but is not available in the weblogic-application.xml descriptor. Therefore, in an Enterprise application, you can only apply security policies to JAR files that are EJBs or Web applications.

11.8.2 Extraneous String Values Interpreted as File Specification

The weblogic.Deployer tool interprets any extraneous string values between command-line arguments as a file specification. For example, if you enter the command:

java weblogic.Deployer -activate -nostage true -name myname -source c:\myapp\mymodule

the tool attempts to activate a file specification named true, because the -nostage option takes no arguments and true is an extraneous string value.

11.8.3 java.lang.NoClassDefFoundError is Displayed

While using the WebLogic Server Administration Console with applications or EJBs deployed on a Managed Server that depend on a deployed library, you may encounter a java.lang.NoClassDefFoundError.

Workaround

The WebLogic Server Administration Console needs access to any shared library deployments so that Java data types and annotations can be processed. Therefore, all shared library deployments should always be targeted to the WebLogic Server Administration Server in addition to any Managed Servers or clusters.

11.8.4 The restore Method Does Not Update the DConfig Bean With Plan Overrides

The restore method does not correctly update the DConfig Bean with the plan overrides. For example, given the following steps:

  DeployableObject dObject =
     WebLogicDeployableObject.createDeployableObject(new File(appName));
  DeploymentConfiguration dConfig =
     WebLogicDeploymentManager.createConfiguration(dObject);
  dConfig.restore(new FileInputStream(new File(plan)));

the plan does not correctly override the DConfig Bean.

Workaround

Specify the plan when initializing the configuration for the application. For example:

    helper = SessionHelper.getInstance(
        SessionHelper.getDisconnectedDeploymentManager());
    helper.setApplication(app);
    helper.setPlan(new File(plan));
    helper.initializeConfiguration();

11.8.5 config-root <directory> not found Warning Is Displayed When Applying a Plan

If you use the Administration Console to make configuration changes to an application, a deployment plan will be generated. If external descriptors are generated as part of the deployment plan, they are placed in the config root plan directory. This directory will be set in the deployment plan 'config-root' attribute.

If no external descriptors are required, the config root directory will not be created, and a warning is displayed when you apply the deployment plan. This results in the following warning in the server output:

<Warning <WWebLogicDescriptorWL> <BEA-2156000><"config-root" C:\deployments\plan was not found>.

Workaround

Create the plan directory manually.

11.8.6 Deployment Task Fails When a Large Application File Is Deployed

When a large application file is deployed using the upload option, the deployment task fails with the following error:

java.lang.OutOfMemoryError: Java heap space

To resolve this issue, a new system property, weblogic.deploy.UploadLargeFile, has been added. If you see this issue, include this flag in the java command you use to launch a deployment client.

If you are using the WebLogic Server patch releases 9.2 MP2, 9.2 MP3,10.0 MP1, 10.0 M2, 10.3, 10.3.1, 10.3.2, 10.3.3, or 10.3.4, this flag is not needed.

11.8.7 Application State Is Not Updated If the Server Starts in MSI Mode

A managed server will start in MSI mode if the WebLogic Server Administration Server is not available when the managed server starts. If you start the Administration Server later, the managed server will connect to the Administration Server. However, the state of each application deployed to the managed server is not updated to reflect the state of the applications on the managed server. Each application's state is displayed as NEW or PREPARED in the WebLogic Server Administration Console.

Workaround

There are two workarounds for this issue:

  • Start the Administration Server before starting the managed server, or

  • Redeploy the application after starting the Administration Server.

11.8.8 Attempting to Redeploy an Application Fails if the Application is Already Deployed Using a Different Source File Location

If you initially deployed an application using one source file location, then attempt to redeploy the application using a new location for the source file, the deployment fails with the following exception:

New source location <new_source_file_path> cannot be configured deployed to 
configured application, <application_name>. The application source is at 
original_source_file_path. Changing the source location is not allowed for a 
previously attempted deployment. Try deploying without specifying the source.

This is due to a WebLogic Server deployment restriction. Once you specify the source file for a deployment, you cannot change it on a redeployment.

Workaround

Undeploy the application before attempting to redeploy it using a new source file location.

11.9 EJB Issues and Workarounds

This section describes the following issues and workarounds:

11.9.1 Primary Key in Oracle Table is CHAR

The primary key in an Oracle table is a CHAR but the query field in the SQL table is a VARCHAR2.

Workaround

Change the database schema from CHAR to VARCHAR2. Using CHAR as a primary key is not recommended for the Oracle database.

11.9.2 No Available Annotation That Enables Creation of a Clusterable Timer

There is no annotation for EJB3 beans or Ejbgen that enables creation of a clusterable timer.

Workaround

Create a weblogic-ejb-jar.xml file and put the <timer-implementation> element and corresponding values into the file.

11.9.3 Kodo's MappingTool Cannot Generate Schemas

Kodo's MappingTool cannot generate schemas for classes that use BLOBs in their primary key. BLOBs can be used in a primary key, but the schema must be defined manually. Note that support for BLOB columns in primary keys is not mandated by either the JDO or JPA specifications.

11.9.4 Extensions to the JPA Metadata Model Can Only Be Specified Via Annotations

Extensions to the JPA metadata model can only be specified via annotations, and not via a structure similar to the orm.xml file defined by the specification.

Workaround

To specify Kodo-specific metadata for your object model, either:

  • use the Kodo-specific annotations, or

  • convert your XML-based metadata to the JDO metadata format, which does support XML specification of extensions.

11.9.5 Lookup Method Injection Not Supported by Spring

The Weblogic Spring injection extension model doesn't support lookup method injection.

11.9.6 Deserializing a JDO PersistenceManagerFactory in a Managed Environment May Fail

Deserializing a JDO PersistenceManagerFactory in a managed environment may fail. The exception states that the javax.jdo.PersistenceManagerFactoryClass property is missing. Note that serializing a PersistenceManagerFactory should not generally be necessary in a managed environment.

11.9.7 Indexes Not Always Created During Schema Creation

Indexes declared at the class level are not always created during schema creation.

Workaround

Create the indexes manually after running the schema generation tools.

11.9.8 OpenJPA throws an exception when @Id fields are also annotated as @Unique

OpenJPA throws an exception when @Id fields are also annotated as @Unique in some databases. Database primary keys are unique by definition. Some databases implement this by creating a unique index on the column.

Workaround

Do not specify both @Id and @Unique on a single field.

11.9.9 Cache Hit and Miss Counts May Rise Unexpectedly

The cache hit and miss counts may rise unexpectedly when manipulating entities without version data. The extra cache access occurs when the EntityManager closes and all contained entities are detached. Entities without version fields appear to the system to be missing their version data, and the system responds by checking their version in the cache before detachment.

Workaround

Entities with version fields or other version strategies do not cause extra cache access.

11.9.10 Open JPA Tries to Create a Table Even if the Table Exists

When using the MySQL database, and OpenJPA is configured to automatically run the mapping tool at runtime and create tables within the default schema (for example):

<property name='openjpa.jdbc.SynchronizeMappings' value='buildSchema'/>
<property name='openjpa.jdbc.Schema' value='MySQL database name' />

OpenJPA will try to create the table even if the table already exists in the database. A PersistenceException will be thrown to indicate that the table already exists and the table creation statement fails.

Workaround

To avoid this problem, if you are using the MySQL database, don't configure OpenJPA to automatically run the mapping tool at runtime and specify the default schema at the same time.

11.9.11 EJB Applications Fail During Serialization

EJB applications that use IIOP and send JPA entities from the server to the client will fail during deserialization if the entities are Serializable (but not Externalizable) and do not declare a writeObject() method.

Workaround

Add a writeObject() method to such entity classes. The write object can be trivial:

private void
writeObject(java.io.ObjectOutputStream out)
   throws IOException {
  out.defaultWriteObject();
}

11.9.12 Non-Transactional Message-Driven Bean Container Can Fail to Provide Reproducible Behavior For Foreign Topics

When using multi-threaded processing for non-transactional topic Message-Driven Beans (MDBs) that specify a foreign topic (non-WebLogic) JMS, the MDB container can fail to provide reproducible behavior. For example, if a runtimeException is thrown in the onmessage() method, the container may still acknowledge the message.

Workaround

Set the max-beans-in-free-pool attribute to 1 in the deployment descriptor.

11.10 Examples Issues and Workarounds

This section describes the following issues and workarounds:

11.10.1 Security Configuration in medrec.wls.config

The medrec.wls.config target in SAMPLES_HOME/server/medrec/setup/build.xml has a known issue with respect to security configuration.

11.10.2 HTML File not Created for StreamParser.java File

The ../xml/stax example contains two files with the same root but different extensions: StreamParser.java and StreamParser.jsp. The samples viewer build, however, creates just one corresponding HTML file, rather than two for each type of file. In this case only the StreamParser.jsp file has an equivalent HTML file; the StreamParser.java file does not.

The problem occurs because of a setting in the build.xml file that controls the behavior of java2html to generate the files for the documentation.

When using java2html, the useShortFileName="true" parameter crops off the file extensions for the source files to create the file names for the HTML output files. If two files have the same name and different file extensions, whichever HTML file is generated last will overwrite previous ones.

Workaround

Set the useShortFileName parameter to "false". This setting generates HTML files with the file extensions included in the name. The drawback to this solution is that every link that points to the HTML output file needs to be revised, regardless of whether the files in question were affected by the bug.

11.10.3 Warning Message Appears When Starting Medrec or Samples Domain

When you start the medrec or samples domains, you may see a warning message similar to this:

<Warning> <WorkManager> <BEA-002919> <Unable to find a WorkManager with name 
weblogic.wsee.mdb.DispatchPolicy. Dispatch policy 
weblogic.wsee.mdb.DispatchPolicy will map to the default WorkManager for the 
application bea_wls_async_response>

This warning message appears in the standard output of the Console while starting a WebLogic Server sample application with an asynchronous Web Service deployed.

Workaround

The warning is harmless and can be ignored.

11.11 HTTP Publish/Subscribe Server Issues and Workarounds

This section describes the following issues and workarounds:

11.11.1 Authentication and Authorization of the Local Client is not Supported

The HTTP Publish/Subscribe server does not support authentication and authorization of the local client. The local client has full permissions to operate on channels of the HTTP Publish/Subscribe server, which means the local client can create/delete channels and publish/subscribe events from channels.

11.11.2 Event Messages Published by Local Clients Cannot Be Received

In a clustering environment, event messages published by a local client on a server can be received only by subscribed clients connected to the same server. These messages cannot be received by subscribed clients connected to other servers in the cluster.

11.11.3 Event Messages Published By Local Clients Do Not Go Through Filters

Event messages published to a channel by a local client will not go through the Message Filters configured to that channel.

11.12 Installation Issues and Workarounds

This section describes the following issues and workarounds:

11.12.1 Sybase JDBC Drivers Not Downloaded with Upgrade Installation

The Oracle WebLogic Server 11g Release 1 installer does not download the Sybase JDBC drivers. When you try to upgrade an existing WebLogic Server 10.3 installation using the latest installer, it does not remove the Sybase JAR files from the original installation. The installer upgrades only the weblogic.jar file.

The Sybase JAR files (jconn2.jar, jconn3.jar, and jConnect.jar) in the /server/lib or /server/ext/jdbc/sybase directories are removed from the manifest classpath in the upgraded weblogic.jar file. Therefore, if the classpath of a WebLogic Server application does not include Sybase JAR files and only includes weblogic.jar then after the upgrade installation, the application will throw a ClassNotFoundException.

To work around this issue, explicitly add Sybase JAR files in the WebLogic Server application classpath.

11.12.2 Improper Rollback to Previous Installation May Occur After Exiting an Upgrade Installation Prematurely

When using an Upgrade installer or Smart Update to upgrade an existing WebLogic Server 10.3.x installation to WebLogic Server 10.3.4, if you abort the upgrade before completion, the installation should automatically roll back to the prior installation. This may not always occur, resulting in an unusable installation.

11.12.3 WebLogic Server Installer Fails With Insufficient Disk Space Error

The WebLogic Server installer can fail with an insufficient disk space error, even when there is a large amount of available disk space on the file system or disk.

Workaround

Use the -Dspace.detection property in the installation command to disable the available space check. For example:

java -Xmx1024M -Dspace.detection=false -jar installer_file_name -mode=silent -silent_xml=silent.xml

or

wls1034_linux.bin -Dspace.detection=false

11.12.4 Installation Fails with Fatal Error

The installer does not verify whether sufficient disk space is available on the machine prior to completing the installation. As a result, if an installation cannot be completed due to insufficient space, the installer displays the following error message and exits:

Fatal error encountered during file installation. The installer will now
cleanup and exit!

Workaround

If this problem occurs, restart the installer using the following command:

server103_linux32.bin -log=log.out -log_priority=debug

The preceding command generates a log of the installation procedure, providing details about the exact cause of the failure. If the cause is indeed insufficient space, the log file indicates it explicitly.

11.13 Java EE Issues and Workarounds

This section describes the following issues and workarounds:

11.13.1 FastSwap May Relax the Access Modifiers of Fields and Methods

FastSwap may relax the access modifiers of fields and methods. Private and protected members may be made public at runtime. This changes the behavior of reflection and may affect reflection-based frameworks such as Struts.

11.13.2 FastSwap Does Not Support Redefinition of the Entity Bean and ejbClass

FastSwap does not support redefinition of the Entity bean and ejbClass (Session/MDB). Therefore, any updates to entity classes will cause redefinition errors.

Workaround

After updating an entity class, redeploy the application.

11.13.3 Classpath Order Is Not Guaranteed When There Are Multiple JARs in an EAR File

When you have an EAR file containing separate JAR files, and two or more of those JAR files have a class with the same name, it is not possible to predict from which of those JAR files WebLogic Server will instantiate the class. This is not an issue if the classes are the same, but if they are different implementations, the results are unpredictable.

Workaround

Currently there is no known workaround for this issue.

11.14 JDBC Issues and Workarounds

This section describes the following issues and workarounds:

11.14.1 Call To setTransactionIsolation() May Fail When Using the JDBC Driver for MS SQLServer

When using the JDBC driver for MS SQLServer, a call to setTransactionIsolation() may fail in a transactional context if getTransactionIsolation() is called first.

11.14.2 An Attempt to Access a Remote 10.3.2 or Later WLS Data Source Fails

A new system property, -Dweblogic.jdbc.remoteEnabled, has been added to JDBC in Oracle WebLogic Server 10.3.2. For compatibility with prior releases of WebLogic Server, the default setting of this property is true. When this property is set to false, remote JDBC access is turned off, and such access results in an exception.

Remote access may occur explicitly in an application, or implicitly during a global (XA/JTA) transaction with a participating non-XA data source that is configured with the LLR, 1PC or Emulate XA global transaction option. The following enumerates the cases when an exception will be thrown, and work-arounds for each case (if any).

An exception occurs in the following cases. A workaround (if any) for a given case is provided.

  • When a stand-alone client application uses any type of data source.

  • When an application that is hosted on WebLogic Server uses any type of data source, and the data source is not configured (targeted) locally. A potential workaround is to target the data source locally.

  • When accessing a same named non-XA data source with a transaction option of LLR, 1PC or Emulate XA on multiple WebLogic Server instances in the same global transaction. In this case, there are two potential work-arounds:

    • Change data sources to use XA instead (this may lower performance), or

    • For the 1PC/emulateXA types, change the application to ensure the data source is accessed from a single server.

  • When accessing a non-XA data source with the LLR transaction option on a server that is different than the transaction coordinator. For server-initiated transactions, the coordinator location is chosen based on the first participating resource in the transaction. In this case, there are two potential work-arounds: (a) change the data source to use XA instead (this may lower performance); or (b) change the application to ensure data source access on the transaction coordinator, as described in "Optimizing Performance with LLR" in Oracle Fusion Middleware Programming JTA for OracleWebLogic Server. The latter may not be possible in some cases; for example, when an MDB application receives messages from a remote WebLogic JMS server, the transaction coordinator will always be the WebLogic server that's hosting the JMS server, but it may not be possible to move the MDB application to the same WebLogic server.

    • Change the data source to use XA instead (this may lower performance), or

    • Change the application to ensure data source access on the transaction coordinator, as described in "Optimizing Performance with LLR" in Oracle Fusion Middleware Programming JTA for Oracle WebLogic Server. This workaround may not be possible in some cases. For example, when an MDB application receives messages from a remote WebLogic JMS server, the transaction coordinator will always be the WebLogic Server instance that is hosting the JMS server, but it may not be possible to move the MDB application to the same WebLogic Server instance.

11.14.3 ORA-01591 Errors Occur on SOA Servers Configured to Use Multiple Oracle RAC Nodes

On SOA servers using multiple Oracle RAC database nodes, when WebLogic Server multi data sources are configured for XA and load balancing, ORA-10591 errors can occur.

Workaround

Download and apply Oracle RAC database patch 7675269 for Linux x86, Oracle Release 11.1.0.7.0. You can download this patch from My Oracle Support. Alternatively, you can download and apply patch set 9007079 for Linux x86, Oracle Release 11.1.0.7.0, which includes the patch 7675269.

11.15 JDK Issues and Workarounds

This section describes the following issues and workarounds:

11.15.1 SSLv2Hello Not Supported by IBM JDK

The IBMJSSE2 Provider does not support the SSL version 2 protocol.

Workaround

Set oracle.net.ssl_version=3.0 or oracle.net.ssl_version=1.0 which allows you use SSLv3 and TLSv1 protocols.

11.16 JMS Issues and Workarounds

This section describes the following issues and workarounds:

11.16.1 Deployment Descriptor Validation Fails

Deployment descriptor validation fails when descriptor validation is enabled, and an EAR file contains only JMS modules.

Workaround

Make sure that there is at least one J2EE specification-compliant module in the EAR.

11.16.2 Exception When Multiple Producers Use the Same Client SAF Instance

When multiple JMS producers use the same JMS Client SAF instance (within a single JVM), depending on the timing of the JMS SAF client creation, you might receive the following exception:

Error getting GXA resource [Root exception is weblogic.jms.common.JMSException:
weblogic.messaging.kernel.KernelException: Error getting GXA resource]

Workaround

When using multiple JMS SAF client producers, try introducing a small delay between the creation of each new client.

11.16.3 Multi-byte Characters are not Supported in Store File and Directory Names

There is no support for multi-byte characters in WebLogic Store file and directory names. For instance, when the WebLogic Server name has multi-byte characters, the default store cannot be created, and WebLogic Server will not boot.

Workaround

Create WebLogic Server instances without multi-byte characters in the path name and use that path name for the default store configuration. Do not use multi-byte characters in the Weblogic Server name.

11.16.4 Generation of the Default UOO Name Has Changed

WebLogic Server 10.3.4 contains a fix for configurations that set a default unit-of-order (UOO) on a JMS regular destination, distributed destination, or template. This fix ensures that the default unit-of-order name stays the same even after a restart of the destination's host JMS server. The default UOO name is now based on the domain, JMS server, and destination names.

11.16.5 Testing Abrupt Failures of WebLogic Server When Using File Stores on NFS

Oracle strongly recommends verifying the behavior of a server restart after abrupt machine failures when the JMS messages and transaction logs are stored on an NFS mounted directory. Depending on the NFS implementation, different issues can arise post failover/restart. For more information, see Section 6.3, "Testing Abrupt Failures of WebLogic Server When Using File Stores on NFS."

11.16.6 JMS Message Consumers Will Not Always Reconnect After a Service Migration

JMS message consumers will not always reconnect after a service migration when an application's WLConnection.getReconnectPolicy() attribute is set to all. If the consumers do not get migrated, either an exception is thrown or onException will occur to inform the application that the consumer is no longer valid.

Workaround

The application can refresh the consumer either in the exception handler or through onException.

11.16.7 Forcing Unicast Messages To Be Processed in Order

Certain conditions can cause very frequent JNDI updates, and as a result, JMS subscribers may encounter a java.naming.NameNotFoundException. For more information, see Section 11.7.5, "Forcing Unicast Messages To Be Processed in Order."

11.17 JNDI Issues and Workarounds

There are no known JNDI issues in this release of WebLogic Server.

11.18 JSP and Servlet Issues and Workarounds

This section describes the following issues and workarounds:

11.18.1 Deployment Plans Cannot Be Used To Override Two Descriptors

Deployment plans cannot be used to override the following two descriptors during deployment of a Web application or a Web module: WEB-INF/classes/META-INF/persistence.xml and WEB-INF/classes/META-INF/persistence-configuration.xml. Deployment plans can otherwise be used to override any descriptor.

Workaround

Package WEB-INF/classes/META-INF/persistence.xml and WEB-INF/classes/META-INF/persistence-configuration.xml (if present) along with related class files into a JAR file. The JAR file must then be placed in the WEB-INF/lib directory of the Web application or Web module. A deployment plan can be used to override the two descriptors in such a JAR file.

11.18.2 Spring Dependency Injection Not Supported on JSP Tag Handlers

With the Spring extension model enabled, WebLogic Server 10.3 or later does not support Spring Dependency Injection (DI) on JSP tag handlers for performance reasons.

Currently, WebLogic Server supports Spring DI on most Web components, for example, servlets, filters and listeners. Spring DI is not, however, presently supported on JSP tag handlers for performance reasons.

11.18.3 503 Error When Accessing an Application With a Valid sessionid

When a session is persistent and an older version of a servlet context is retired, accessing the application with a valid sessionid will cause a 503 error.

For example, the session-persistent type of a versioned Web application is 'file'. A user can access the application successfully. Later, version 2 of the application is redeployed and version 1 is retired. If the same user accesses the application, they will get a 503 error.

11.19 JTA Issues and Workarounds

There are no known JTA issues in this release of WebLogic Server.

11.20 Java Virtual Machine (JVM) Issues and Workarounds

This section describes the following issues and workarounds:

11.20.1 1.4 Thin Client Applet Cannot Contact WebLogic Server

Due to a known Sun Microsystems VM bug (513552), a 1.4 Thin Client Applet cannot contact WebLogic Server 9.0 or later. This is because the VM does not distinguish correctly between a client and a server connection. The VM creates a server-type connection and caches it. It then attempts to make a client-type connection, finds the cached connection and tries to use that, but then encounters an error because clients are not allowed to use server connections.

11.20.2 Serial Version UID Mismatch

A Serial Version UID Mismatch issue is encountered if you deploy an application on a latest JVM, but compiled with previous Service Release of IBM Java 6 JDK.

Workaround

To be compatible with the serialization of previously compiled applications, modify the BEA_HOME/wlserver_10.3/common/bin/commEnv.sh file to include the following command:

JAVA_OPTIONS="$JAVA_OPTIONS 
-Dcom.sun.xml.namespace.QName.useCompatibleSerialVersionUID=1.0"

Alternatively, you can use the command line option:

export IBM_JAVA_OPTIONS=
"-Dcom.sun.xml.namespace.QName.useCompatibleSerialVersionUID=1.0"

If you intend to deploy new applications with previously compiled applications, they must be recompiled as necessary to have the same Serial Version UID.

11.20.3 Using AWT libraries May Cause a JVM Crash

You might encounter a JVM crash when using GUI libraries such as AWT or javax.swing (which often delegates to AWT).

Workaround

Start the server using the following flag:

-Djava.awt.headless=true

11.21 Monitoring Issues and Workarounds

This section describes the following issue and workaround:

11.21.1 MBean Attributes Not Explicitly Marked as @unharvestable Appear as Harvestable

The @unharvestable tag is not being honored at the interface level. If MBean attributes are not explicitly marked as @unharvestable, they are considered to be harvestable and will appear as harvestable in the WebLogic Administration Console.

Workaround

You can explicitly mark MBean attributes as @unharvestable.

11.21.2 Events Generated By the JVM Level Are Not Generated at Low Volume

In WebLogic Server 10.3.3, the default WLDF diagnostic volume setting was Off. As of WebLogic Server 10.3.4, the default diagnostic volume setting is Low Volume, and events generated by the JVM level are not being generated at the Low Volume setting in WebLogic Server 10.3.4 (JVM-level events were generated at the Low Volume setting in WebLogic Server 10.3.3). The JVM-level events are still generated at the High Volume and Medium Volume settings in WebLogic Server 10.3.4.

Workaround

Use one of the following workarounds to cause the JVM-level events to be generated:

  • Increase the WLDF diagnostic volume to the Medium or High level.

  • Use JRMC, JRCMD, or the JRockit command line settings to activate a separate flight recording in the WebLogic Server instance. By doing so, JVM will cause JVM events to be present at all WLDF diagnostic volume settings (Off, Low, Medium, and High).

11.21.3 WLDF Performance Issues Can Occur When JVM Events Are Enabled

When JVM events are enabled, WLDF performances issues may occur in the following situations:

  • If there are no other JRockit flight recordings enabled, performance can degrade when the WLDF diagnostic volume is set to Medium or High level.

  • If other JRockit flight recordings are enabled, performance can degrade at all WLDF diagnostic volume levels (Off, Low, Medium, and High).

11.22 Node Manager Issues and Workarounds

There are no known Node Manager issues in this release of WebLogic Server.

11.23 Operations, Administration, and Management Issues and Workarounds

There are no known Operations, Administration, and Management issues in this release of WebLogic Server.

11.24 Oracle Kodo Issues and Workarounds

There are no known Oracle Kodo issues in this release of WebLogic Server.

11.25 Protocols Issues and Workarounds

There are no known Protocols issues in this release of WebLogic Server.

11.26 RMI-IIOP Issues and Workarounds

This section describes the following issue and workaround:

11.26.1 Ant 1.7 rmic Task Incompatibility

Calls to the Ant version 1.7 rmic task automatically add a -vcompat flag, which is not compatible with rmic for Oracle WebLogic Server.

Workaround

Use either of the following workarounds if your rmic call is of the form:

rmic classname="com.bea.crmsimulation.legacyra.LegacyAdapter"
   base="${module_location}/core-legacy-ra/classes"
   classpath="${core.classes}" compiler="weblogic" />
  • Add a stubversion

    <rmic classname="com.bea.crmsimulation.legacyra.LegacyAdapter"
       base="${module_location}/core-legacy-ra/classes"
       classpath="${core.classes}" compiler="weblogic"
       stubversion="1.2"/>
    
  • Remove the compiler flag

    <rmic classname="com.bea.crmsimulation.legacyra.LegacyAdapter"
       base="${module_location}/core-legacy-ra/classes"
       classpath="${core.classes}"
    

11.27 Security Issues and Workarounds

This section describes the following issues and workarounds:

11.27.1 StoreBootIdentity Works Only if the Appropriate Server Security Directory Exists

The option -Dweblogic.system.StoreBootIdentity works only if the appropriate server security directory exists. This directory is usually created by the Configuration Wizard or upgrade tool.

However, the appropriate server security directory could be absent in domains checked into source-control systems.

11.27.2 Boot Time Failure Occurs With SecurityServiceException

A WebLogic Server instance can experience a boot time failure with a SecurityServiceException when the RDBMS Security Data Store is configured for a DB2 database using the DB2 driver supplied with WebLogic Server.

Workaround

When RDBMS Security Data Store is using the AlternateId connection property for a DB2 database, you must also set the additional property BatchPerformanceWorkaround as true when using the DB2 driver supplied with WebLogic Server.

11.27.3 Authentication Failure After Upgrading a Domain From WLS 6.1

After upgrading a domain from WLS 6.1, the WebLogic Server instance will not boot due to an authentication failure.

Workaround

A system user password must be set up in the WLS 6.1 domain before or after the upgrade process in order for the WebLogic Server instance to boot properly.

11.27.4 InvalidParameterException Message Generated and Displayed

After you configure either the Identity Provider or Service Provider services for SAML 2.0 and attempt to publish the SAML 2.0 services metadata file, an InvalidParameterException message may be generated and displayed in the Administration Console.

Workaround

When configuring the SAML 2.0 federation services for a WebLogic Server instance, be sure to enable all binding types that are available for the SAML role being configured. For example, when configuring SAML 2.0 Identity Provider services, you should enable the POST, Redirect, and Artifact bindings. When configuring SAML 2.0 Service Provider services, enable the POST and Artifact bindings. Optionally, you may choose a preferred binding.

11.27.5 Enabling Both the Authentication and Passive Attributes In SML 2.0 Service Provider Services Is an Invalid Configuration

When configuring SAML 2.0 Service Provider services, enabling both the Force Authentication and Passive attributes is an invalid configuration that WebLogic Server is unable to detect. If both these attributes are enabled, and an unauthenticated user attempts to access a resource that is hosted at the Service Provider site, an exception is generated and the single sign-on session fails.

Note that the Force Authentication attribute has no effect because SAML logout is not supported in WebLogic Server. So even if the user is already authenticated at the Identity Provider site and Force Authentication is enabled, the user is not forced to authenticate again at the Identity Provider site.

Avoid enabling both these attributes.

11.27.6 Running the WebLogic Full Client in a Non-Forked VM

If the WebLogic Full Client is running in a non-forked VM, for example by means of a <java> task invoked from an Ant script without the fork=true attribute, the following error might be generated:

java.lang.SecurityException: The provider self-integrity check failed.

This error is caused by the self-integrity check that is automatically performed when the RSA Crypto-J library is loaded. (The Crypto-J library, cryptoj.jar, is in the wlfullclient.jar manifest classpath.)

This self-integrity check failure occurs when the client is started in a non-forked VM and it uses the Crypto-J API, either directly or indirectly, as in the following situations:

  • The client invokes the Crypto-J library directly.

  • The client attempts to make a T3S connection, which triggers the underlying client SSL implementation to invoke the Crypto-J API.

When the self-integrity check fails, further invocations of the Crypto-J API fail.

Workaround

When running the full client in a <java> task that is invoked from an Ant script, always set the fork attribute to true.

For more information about the self-integrity check, see "How a Provider Can Do Self-Integrity Checking" in How to Implement a Provider in the Java™ Cryptography Architecture, available at the following URL:

http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/HowToImplAProvider.html#integritycheck

11.28 SNMP Issues and Workarounds

There are no known SNMP issues in this release of WebLogic Server.

11.29 Spring Framework on WebLogic Server Issues and Workarounds

This section describes the following issues and workarounds:

11.29.1 OpenJPA ClassFileTranformer Does Not Work When Running on JRockit

The OpenJPA ClassFileTranformer does not work when running WebLogic Server on JRockit.

Workaround

Use an alternative method of applying enhancements at build time through an OpenJPA enhancer compiler; do not use the LoadTimeWeaver.

11.29.2 petclinic.ear Does Not Deploy on WebLogic Server

For the SpringSource petclinic sample, the petclinic.war deploys without any problems. The petclinic.ear will not deploy on WebLogic Server because it is not packaged correctly. A request has been sent to SpringSource to fix the petclinic.ear packaging.

11.30 System Component Architecture (SCA) Issues and Workarounds

There are no known SCA issues in this release of WebLogic Server.

11.31 Upgrade Issues and Workarounds

This section describes the following issue:

11.31.1 Domains Created on WebLogic Server 10.3.1 Cannot Be Run on WebLogic Server 10.3

If you create a domain using WebLogic Server 10.3.1, then roll back to WebLogic Server 10.3, you will not be able to start the servers that you created in that domain. This is a known restriction, as the config.xml file contains references to newer schema definitions (xmlns.oracle.com) that did not exist in WebLogic Server 10.3.

11.32 Web Applications Issues and Workarounds

This section describes the following issues and workarounds:

11.32.1 Administration Console Fails to Implement session-timeout Changes

If the session-timeout is configured in the web.xml file, any changes made to change the session-timeout using the Administration Console do not take effect.

Workaround

Use a deployment plan to override the session-timeout setting.

11.32.2 Connection Pool Connection Reserve Timeout Seconds Value is Overridden

When using a JDBC session, the value of Connection Reserve Timeout Seconds for a connection pool is changed to be one of the following:

  • the JDBC connection timeout seconds, which is defined in the session descriptor (either in weblogic.xml or weblogic-application.xml)

  • the default value of 120 seconds

Workaround

Configure jdbc-connection-timeout-secs in the session descriptor.

11.32.3 Database Connections Become Unstable When a PoolLimitSQLException Occurs

When a PoolLimitSQLException occurs during a JDBC persistence session, connections to the database become unstable, and may fail with recovery or fail without recovery. This results in the loss of session data. Either an older session or null is returned.

11.32.4 Web Page Fails to Open When Accessing It Using the SSL Port

When accessing a Web page using the SSL port, the page fails to open and the following error is reported:

Secure Connection Failed 
 
An error occurred during a connection to <hostname>. 
 
You have received an invalid certificate. Please contact the server 
administrator or email correspondent and give them the following information: 
 
Your certificate contains the same serial number as another certificate 
issued by the certificate authority. Please get a new certificate containing a unique serial number.

Workaround

The following workaround can be used for Firefox.

If you have received this error and are trying to access a web page that has a self-signed certificate, perform the following steps in Firefox:

  1. Go to Tools > Options >Advanced > Encryption tab > View Certificates.

  2. On the Servers tab, remove the certificates.

  3. On the Authorities tab, find the Certificate Authority (CA) for the security device that is causing the issue, and then delete it.

If you are using Internet Explorer or other web browsers, you can ignore the Warning page that appears and continue to the web page.

11.33 WebLogic Server Scripting Tool (WLST) Issues and Workarounds

This section describes the following issues and workarounds:

11.33.1 Permission Denied Error Occurs for WLST Offline Logging

When there are multiple processes, owned by different filesystem users, that are performing concurrent WLST offline operations, a FileNotFoundException, Permission Denied error may occur.

Workaround

To avoid collisions on log file names, set the following property in the environment prior to invoking wlst.sh script_name:

export WLST_PROPERTIES="-Dwlst.offline.log=./logs/filename.log"

Substitute a unique name for filename. You must you use a unique name for each log file to ensure that there will be no log file name collisions.

11.33.2 Property Names Containing '.' Characters Are Not Supported by loadProperties

The WLST loadProperties command does not support loading a property with a name that contains "." characters. For example, if the property myapp.db.default is present in the property file, WLST throws a name exception:

  Problem invoking WLST - Traceback (innermost last):
    File "<iostream>", line 7, in ?
    File "<iostream>", line 4, in readCustomProperty
  NameError: myapp

This is a system limitation of Python and the loadProperties command. WLST reads the variable names and values and sets them as variables in the Python interpreter. The Python interpreter uses "." as a delimiter to indicate module scoping for the namespace, or package naming, or both. Therefore, the properties file fails because myapp.db.default.version=9i is expected to be in the myapp.db.default package. This package does not exist.

Workaround

Use variable names that do not have periods. This will allow you to load the variables from the property file and refer to them in WLST scripts. You could use another character such as "_" or lowercase/uppercase character to delimit the namespace.

As an alternative, you can set variables from a properties files. When you use the variables in your script, during execution, the variables are replaced with the actual values from the properties file. For example:

myapp.py
var1=10
var2=20
import myapp
print myapp.var1
10
print myapp.var2
20

This will work for one level of namespaces (myapp.var1, myapp.var2). It will not work for top level variables that share the same name as the namespace (for example, myapp=oracle and myapp.var1=10). Setting the myapp variable will override the myapp namespace.

If you need multiple levels, then you can define a package namespace using directories. Create a myapp/db/default directory with a vars.py file as follows:

var1=10
var2=20

Then import:

import myapp.db.default.vars
print myapp.db.default.vars.var1
10

You may need to add __init__.py files to the subdirectories. Refer to the Python documentation for more information on packages:

http://docs.python.org/tut/node8.html

11.33.3 Invalid cachedir Created by Jython Causes WLST to Error Out

The default cachedir created by Jython 2.2 is not a valid directory. If you are using Jython directly from weblogic.jar, this causes WLST to error out.

Workaround

There are two workarounds for this issue:

  • When invoking WLST, specify the -Dpython.cachedir=<valid_directory> parameter, or

  • Install Jython 2.2.1 separately instead of using the partial Jython that is included in weblogic.jar.

11.33.4 WLST returnType='a' Option Returns Child Management Objects

The WLST returnType='a' option should only return attributes from the specified directory. Instead it also returns child management objects. For example:

ls('Server')
drw-   AdminServer
drw-   worker01

ls('Server', returnMap='true', returnType='a')
drw-   AdminServer
drw-   worker01

ls('Server', returnMap='true',returnType='c')
drw-   AdminServer
drw-   worker01

The ls with returnType='a' should not list any child management objects, but AdminServer and worker01 are children.

Workaround

When processing the output from ls(returnType='a'), check to see if the returned entry is a directory.

11.34 Web Server Plug-Ins Issues and Workarounds

This section describes the following issue:

11.34.1 MOD_WLS_OHS Does Not Fail Over

Currently, mod_wl and mod_wl_ohs only support container level failover and not application level failover. mod_wl_ohs continues to route requests to a down application as long as the managed server is up and running. In the clustered case, requests continue to go to the container where the original session started even when the application is shutdown, typically resulting in the http error 404.

11.35 Web Services and XML Issues and Workarounds

This section describes the following issues and workarounds:

11.35.1 weblogic.wsee.jaxws.mdb.DispatchPolicy WorkManager Cannot Be Found

In some situations, warning messages are logged indicating that the weblogic.wsee.jaxws.mdb.DispatchPolicy WorkManager cannot be found, although this WorkManager is targeted to one or more of the Managed Servers in the domain.

Workaround

Use one of the following workarounds to resolve this issue.

  • To prevent these warning messages, start the WebLogic Server instance with the -Dweblogic.wsee.skip.async.response=true flag. See Programming Advanced Features of JAX-RPC Web Services for Oracle WebLogic Server for more information on this flag.

  • Manually target the weblogic.wsee.jaxws.mdb.DispatchPolicy WorkManager to the Administration Server.

11.35.2 Multiple Resize Buffer Calls Occur

When executing Web services client calls where Message Transmission Optimization Mechanism (MTOM) attachments are processed for send, multiple resize buffer calls occur..

Workaround

There is a patch available to resolve this issue. This patch can be applied only to WebLogic Server 10.3.4. It provides the system property jaxws.transport.streaming, which enables or disables streaming at the transport layer for a Web services client. Set this property to true for CPU-intensive applications that are running on a WebLogic Server instance that is participating in Web services interactions as a client, and is sending out large messages.

To obtain the patch, do one of the following:

  • Contact My Oracle Support and request the patch for bug 9956275, or

  • Download the patch from My Oracle Support and install it using Smart Update per the instructions in the following My Oracle Support document:

    1302053.1

    Search for Oracle patch number 9956275 or Smart Update patch 7Z5H.

11.35.3 Troubleshooting Problems When Applying the WebLogic Advanced Web Services for JAX-WS Extension Template

After upgrading from WebLogic Server 10.3.4 to 10.3.5, when creating or extending a domain using the WebLogic Advanced Web Services for JAX-WS Extension template (wls_webservices_jaxws.jar), you may encounter an exception during the execution of the final.py script. For complete details and a workaround, see "Troubleshooting Problems When Applying the WebLogic Advanced Services for JAX-WS Extension Template" in Getting Started With JAX-WS Web Services for Oracle WebLogic Server.

11.35.4 Sparse Arrays and Partially Transmitted Arrays Are Not Supported

WebLogic Server does not support Sparse Arrays and Partially Transmitted Arrays as required by the JAX-RPC 1.1 Spec.

11.35.5 WSDL Compiler Does Not Generate Serializable Data Types

The Web Service Description Language (WSDL) compiler does not generate serializable data types, so data cannot be passed to remote EJBs or stored in a JMS destination.

11.35.6 Use of Custom Exception on a Callback

WebLogic Server does not support using a custom exception on a callback that has a package that does not match the target namespace of the parent Web Service.

Workaround

Make sure that any custom exceptions that are used in callbacks are in a package that matches the target namespace of the parent Web service.

11.35.7 Cannot Use JMS Transport in an Environment That Also Uses a Proxy Server

You cannot use JMS transport in an environment that also uses a proxy server. This is because, in the case of JMS transport, the Web Service client always uses the t3 protocol to connect to the Web Service, and proxy servers accept only HTTP/HTTPS.

11.35.8 clientgen Fails When Processing a WSDL

clientgen fails when processing a WSDL that uses the complex type http://www.w3.org/2001/XMLSchema{schema} as a Web Service parameter.

11.35.9 JAX RPC Handlers in Callback Web Services Are Not Supported

WebLogic Server 9.2 and later does not support JAX RPC handlers in callback Web Services.

Workaround

If JAX RPC handlers were used with Web Services created with WebLogic Workshop 8.1, then such applications must be redesigned so that they do not use callback handler functionality.

11.35.10 Message-level Security in Callback Web Services Is Not Supported

WebLogic Server 9.2 and later does not support message-level security in callback Web Services.

Workaround

Web Services created with WebLogic Workshop 8.1 that used WS-Security must be redesigned to not use message-level security in callbacks.

11.35.11 Handling of Java Method Arguments or Return Parameters That Are JAX-RPC-style JavaBeans

WebLogic Server does not support handling of Java method arguments or return parameters that are JAX-RPC-style JavaBeans that contain an XmlBean property. For example, applications cannot have a method with a signature like this:

void myMethod(myJavaBean bean);

where myJavaBean class is like:

public class MyJavaBean {
  private String stringProperty;
  private XmlObject xmlObjectProperty;

  public MyJavaBean() {}
  String getStringProperty() {
    return stringProperty;
  }
  void   setStringProperty(String s) {
    stringProperty = s;
  }
  XmlObject getXmlObjectProperty() {
    return xmlObjectProperty;
    }
  void      getXmlObjectProperty(XmlObject x) {
    xmlObjectProperty = x;
  }
}

Workaround

Currently there is no known workaround for this issue.

11.35.12 IllegalArgumentException When Using a Two-Dimensional XML Object in a JWS Callback

Using a two dimensional XmlObject parameter (XmlObject[][]) in a JWS callback produces an IllegalArgumentException.

Workaround

Currently there is no known workaround for this issue.

11.35.13 Using SoapElement[] Results in Empty Array

Using SoapElement[] as a Web Service parameter with @WildcardBinding(className="javax.xml.soap.SOAPElement[]", binding=WildcardParticle.ANYTYPE) will always result in an empty array on the client.

Workaround

Do not use the @WildcardBinding annotation to change the default binding of SOAPElement[] to WildcardParticle.ANYTYPE. The SOAPElement[] default binding is set to WildcardParticle.ANY.

11.35.14 FileNotFound Exception When a Web Service Invokes Another Web Service

When Web Service A wants to invoke Web Service B, Web Service A should use the @ServiceClient annotation to do this. If Web Service B needs a custom policy file that is not attached to the WSDL for Web Service B, then Web Service A will fail to run. Web Service A will look for the policy file at /Web-Inf/classes/policies/filename.xml. Since no policy file exists at that location, WebLogic Server will throw a 'file not found' exception.

Workaround

Attach the custom policy file to Web Service B, as in this example:

@Policy(uri="CustomPolicy.xml",
        attachToWsdl=true)
public class B {
  ...
}

11.35.15 Client Side Fails to Validate the Signature on the Server Response Message

When the security policy has one of these Token Assertions, the client side may fail to validate the signature on the server response message.

  <sp:WssX509PkiPathV1Token11/>
  <sp:WssX509Pkcs7Token11/>
  <sp:WssX509PkiPathV1Token10/>
  <sp:WssX509Pkcs7Token10/>

In addition, when there are more than two certifications in the chain for X509 certification for <sp:WssX509Pkcs7Token11/> or <sp:WssX509Pkcs7Token10/> Token Assertion, the server side may fail to validate the signature on the incoming message.

A policy such as the following policy is not supported, unless the entire certificate chain remains on the client side.

<sp:AsymmetricBinding>
   <wsp:Policy>
      <sp:InitiatorToken>
         <wsp:Policy>
            <sp:X509Token
               sp:IncludeToken='. . ./IncludeToken/AlwaysToRecipient'>

            <wsp:Policy>
               <sp:WssX509Pkcs7Token11/>
            </wsp:Policy>
         </sp:X509Token>
      </wsp:Policy>
      </sp:InitiatorToken>
      <sp:RecipientToken>
      <wsp:Policy>
      <sp:X509Token sp:IncludeToken='. . ./IncludeToken/Never'>
            <wsp:Policy>
               <sp:WssX509Pkcs7Token11/>
            </wsp:Policy>
         </sp:X509Token>
      </wsp:Policy>
      </sp:RecipientToken>
   . . .
      </wsp:Policy>
   </sp:AsymmetricBinding>

Workaround

Use either of the following two solutions:

  1. Configure the response with the <sp:WssX509V3Token10/> Token Assertion, instead of WssX509PkiPathV1Token11/>. The policy will look like this:

    <sp:AsymmetricBinding>
       <wsp:Policy>
         <sp:InitiatorToken>
            <wsp:Policy>
            <sp:X509Token sp:IncludeToken='. . ./IncludeToken/AlwaysToRecipient'>
               <wsp:Policy>
                  WssX509PkiPathV1Token11/> 
               </wsp:Policy>
            </sp:X509Token>
            </wsp:Policy>
         </sp:InitiatorToken>
         <sp:RecipientToken>
            <wsp:Policy> sp:IncludeToken='. . ./IncludeToken/Never'>
            <sp:X509Token
               <wsp:Policy>
                  <sp:WssX509V3Token10/>
               </wsp:Policy>
            </sp:X509Token>
            </wsp:Policy>
         </sp:RecipientToken>
    . . .
         </wsp:Policy>
       </sp:AsymmetricBinding>
    
  2. Configure the response with the WssX509PkiPathV1Token11/> token assertion, but include it in the message. The policy will look like this:

     <sp:AsymmetricBinding>
       <wsp:Policy>
         <sp:InitiatorToken>
            <wsp:Policy>
            <sp:X509Token sp:IncludeToken='. . ./IncludeToken/AlwaysToRecipient'>
            <wsp:Policy>
               WssX509PkiPathV1Token11/> 
            </wsp:Policy>
            </sp:X509Token>
         </wsp:Policy>
         </sp:InitiatorToken>
         <sp:RecipientToken>
            <wsp:Policy>
            <sp:X509Token sp:IncludeToken='. . ./IncludeToken/AlwaysToInitiator'>
               <wsp:Policy>
                  WssX509PkiPathV1Token11/>
                </wsp:Policy>
            </sp:X509Token>
            </wsp:Policy>
         </sp:RecipientToken>
     . . .
       </wsp:Policy>
     </sp:AsymmetricBinding>
    

When there are multiple certifications in the X509 Certificate chain, WssX509PkiPathV1Token11/> or <sp:WssX509PkiPathV1Token10/> should be used, instead of <sp:WssX509Pkcs7Token11/> or <sp:WssX509Pkcs7Token10/>.

11.35.16 xmlcatalog Element Entity Cannot Be a Remote File or a File in an Archive

For the xmlcatalog element in build.xml, the location of an entity must be a file on the local file system. It cannot be a remote file (for example, http:) or a file in an archive (for example, jar:).

Workaround

If necessary, define the remote element as an entity in a catalog file instead.

11.35.17 Catalog File's public Element Is Not Supported When Using XML Catalogs

The public element in a catalog file is not supported when using the XML Catalogs feature. It is not supported to be consistent with JAX-WS EntityResolver implementation. WebLogic Server only supports defining the system element in a catalog file.

11.35.18 Local xmlcatalog Element Does Not Work Well

The local xmlcatalog element does not work well due to an Ant limitation.

Workaround

In the ant build.xml file, you have to define a local element above a clientgen(wsdlc) task when you are in the same target, or define the element out of any targets.

11.35.19 JAXRPC Client Does Not Encode the HTTP SOAPAction Header With Multi-byte Characters

The WebLogic Server Web Service JAXRPC client doesn't encode the HTTP SOAPAction header with multi-byte characters, but WebLogic Server only supports ASCII for HTTP headers.

Workaround

Change the SOAP action to ASCII in the WSDL.

11.35.20 External Catalog File Cannot Be Used in the xmlcatalog Element of clientgen

An external catalog file cannot be used in the xmlcatalog element of a clientgen task. For example, this snippet of an ant build file will not work:

<clientgen ...
  <xmlcatalog>
    <catalogpath>
      <pathelement location='wsdlcatalog.xml'/>
    </catalogpath>
  </xmlcatalog>

This is a limitation of the Ant XML Catalog.

Workaround

Resource locations can be specified either in-line or in an external catalog file(s), or both. In order to use an external catalog file, the xml-commons resolver library (resolver.jar) must be in your classpath. External catalog files may be either plain text format or XML format. If the xml-commons resolver library is not found in the classpath, external catalog files, specified in <catalogpath> paths, will be ignored and a warning will be logged. In this case, however, processing of inline entries will proceed normally.

Currently, only <dtd> and <entity> elements may be specified inline. These correspond to the OASIS catalog entry types PUBLIC and URI respectively.

11.35.21 Exceptions When Running Reliable Messaging Under Heavy Load

When running a Web services reliable messaging scenario under heavy load with file based storage that has the Direct-Write synchronous write policy setting, you may encounter IO exceptions similar to the following in the WebLogic Server log:

weblogic.store.PersistentStoreRuntimeException: [Store:280029]The 
persistent store record <number> could not be found

or

Could not load conversation with id uuid:<some ID> -> Conversation read 
failed: 
    ... 
    weblogic.wsee.jws.conversation.StoreException: 
      Conversation read failed: id=uuid:<some ID> 
         weblogic.store.PersistentStoreException: [Store:280052]The 
         persistent store was not able to read a record. 
           java.io.OptionalDataException 

These exceptions are known to occur only when using Web Services reliable messaging. They indicate a failure to read a record from the file store and are considered 'fatal' data access errors.

The underlying issue causing these errors will be addressed in a future release.

Workaround

The following workarounds are available for this issue:

  • Change the file store synchronous write policy to Direct-Write-With-Cache

    or

  • Change the file store synchronous write policy to Cache-Flush.

    or

  • Keep the Direct-Write synchronous write policy and add the following Java system property to your WebLogic server startup scripts:

    -Dweblogic.store.AvoidDirectIO=true
    

    Note:

    The -Dweblogic.store.AvoidDirectIO system property has been deprecated in WebLogic Server 10.3.4. Oracle recommends configuring the store synchronous write policy to Direct-Write-With-Cache instead.


The Direct-Write-With-Cache option may improve performance; it creates additional files in the operating system's temporary directory by default.

The Cache-Flush and AvoidDirectIO workarounds may lead to some performance degradation; it may be possible to reduce or eliminate the degradation by configuring a different block-size for the file store.

For important information about these settings and additional options, see "Tuning File Stores" in Oracle Fusion Middleware Performance and Tuning for Oracle WebLogic Server.

11.35.22 ClassNotFound Exception Occurs When Using wseeclient.jar

Stand-alone JAX-WS clients are not supported in this release.

Workaround

Use the client-side JAX-WS 2.1 that is integrated with the Java Standard Edition Release 6 (JDK 1.6), Update 4 and later. This requires using the JAX-WS API instead of any WebLogic Server specific APIS.

Current releases of JDK 1.6 are available for download at http://java.sun.com/javase/downloads/index.jsp. For information about writing a standalone JAX WS 2.1 client application, see the JAX-WS Users Guide on the JAX-WS 2.1 Reference Implementation Web site at http://jax-ws.java.net/2.2.6/docs/ch03.html.

11.35.23 Incomplete Configuration When Adding Advanced Web Services Component to SOA Domain

An incomplete configuration can result when you use the Configuration Wizard to add the WebLogic Server Advanced Web Services component to a newly created SOA domain. If you create a cluster that contains only the default 'out-of-the-box' soa_server1 server definition, the resulting cluster does not include the resources needed to run WebLogic Server Web Services in that cluster.

Workaround

Use either of the following workarounds for this issue:

  1. While running Configuration Wizard, create a second server in the cluster:

    1. On the Select Optional Configuration screen, select Managed Servers, Clusters, and Machines.

    2. On the Configure Managed Servers screen, add a managed server.

    3. On the Assign Servers to Clusters screen, add this server to the cluster in which the default soa_server1 server resides.

  2. On the Configuration Wizard Target Services to Servers or Clusters screen, target Web Services resources (for example, WseeJmsServer, WseeJmsModule) to the cluster.

Either of these workarounds will cause the Configuration Wizard to apply the resources for the WebLogic Server Advanced Web Services component to the cluster.

11.35.24 WS-AT Interoperation Issues With WebSphere and WebLogic Server

Web Services Atomic Transactions (WS-AT) 1.1 interoperation using WebSphere as the client and either WebLogic Server or JRF as the service does not work.

WS-AT 1.1 interoperation does work when WebSphere is the service and either WebLogic Server or JRF is the client. In this case, interoperation works only if you have WebSphere 7 with Fix/Feature Pack 7.

11.36 WebLogic Tuxedo Connector Issues and Workarounds

This section describes the following issue and workaround:

11.36.1 View Classes are not Set on a Per Connection Basis

View classes are not set on a per connection basis.

A shared WebLogic Tuxedo Connector hash table can cause unexpected behavior in the server if two applications point to the same VIEW name with different definitions. There should be a hash table for the view classes on the connection as well as for the Resource section.

Workaround

Ensure that all VIEW classes defined across all your WebLogic Workshop applications are consistent, meaning that you have the same VIEW name representing the same VIEW class.

11.37 Documentation Errata

This section describes documentation errata:

11.37.1 Japanese Text Displays in Some Search Results Topics Avitek Medical Records

The samples viewer Search function may sometimes return topics that display the Japanese and English versions of some Avitek Medical Records topics simultaneously.

11.37.2 HTML Pages For Downloaded Libraries Do Not Display Properly

After extracting the WebLogic Server documentation library ZIP files that are available from http://www.oracle.com/technetwork/middleware/weblogic/documentation/index.html, the HTML pages may not display properly in some cases for the following libraries:

  • E12840_01 (WebLogic Server 10.3.0 documentation library)

  • E12839_01 (Weblogic Server 10.3.1 documentation library)

  • E14571_01 (WebLogic Server 10.3.3 documentation library)

Workarounds

For library E12840-01, after extracting the E12840_01.zip library file, if the HTML pages are not formatting correctly, perform the following steps:

  1. Go to the directory in which you extracted the zip file.

  2. Locate the /global_resources directory in the directory structure.

  3. Copy the /global_resources directory to the root directory of the same drive.

For libraries E12839-01 and E14571-01, this issue occurs only on Windows operating systems. If the HTML pages of the extracted library are not formatting correctly, try extracting the ZIP file using another extraction option in your unzip utility. For example, if you are using 7-Zip to extract the files, select the Full pathnames option. Note that you cannot use the Windows decompression utility to extract the library ZIP file.

11.37.3 Evaluation Database Component Is Not Listed For silent.xml

In the WebLogic Server Installation Guides for WebLogic Server 10.3.3 and 10.3.4, the Evaluation Database is not listed as an installable component in Table 5-1 of Chapter 5, "Running the Installation Program in Silent Mode.:" The following entry should be included in the Component Paths row:

WebLogic Server/Evaluation Database

The Evaluation Database component is automatically installed if the Server Examples component is included in silent.xml. Therefore, it does not have to be explicitly included in silent.xml. If, however, you do not install the Server Examples, but you want to install the Evaluation Database, you must include WebLogic Server/Evaluation Database in silent.xml.

11.37.4 Instructions for Reliable SOAP Messaging Code Example Are Incorrect

The instructions for the "Configuring Secure and Reliable SOAP Messaging for JAXWS Web Services" example are a copy of the instructions for the "Using Make Connection and Reliable Messaging for JAX-WS Web Service" example.

The correct instructions for the "Configuring Secure and Reliable SOAP Messaging for JAXWS Web Services" example are provided here.

11.37.4.1 About the Example

This example shows how to configure secure, reliable messaging for JAX-WS Web services. The example includes the following WebLogic Web services:

  • Web service whose operations can be invoked using reliable and secure SOAP messaging (destination endpoint).

  • Client Web service that invokes an operation of the first Web service in a reliable and secure way (source endpoint).

Overview of Secure and Reliable SOAP Messaging

Web service reliable messaging is a framework that enables an application running on one application server to reliably invoke a Web service running on another application server, assuming that both servers implement the WS-RelicableMessaging specification. Reliable is defined as the ability to guarantee message delivery between the two endpoints (Web service and client) in the presence of software component, system, or network failures.

WebLogic Web services conform to the WS-ReliableMessaging 1.2 specification (February 2009) and support version 1.1. This specification describes how two endpoints (Web service and client) on different application servers can communicate reliably. In particular, the specification describes an interoperable protocol in which a message sent from a source endpoint (or client Web service) to a destination endpoint (or Web service whose operations can be invoked reliably) is guaranteed either to be delivered, according to one or more delivery assurances, or to raise an error.

WebLogic Web services use WS-Policy files to enable a destination Web service to describe and advertise its reliable SOAP messaging capabilities and requirements. WS-Policy files are XML files that describe features such as the version of the WS-ReliableMessaging specification that is supported, the source Web service retransmission interval, the destination Web service acknowledgment interval, and so on.

Overview of the Example

This example uses JWS annotations to specify the shape and behavior of the Web services. It describes additional JWS annotations to enable reliable and secure SOAP messaging in the destination Web service and to reliably invoke an operation from the source Web service in a secure way.

The destination ReliableEchoService Web service has two operations that can be invoked reliably and in a secure way: echo and echoOneway. The JWS file that implements this Web service uses the @Policies and @Policy JWS annotations to specify the WS-Policy file, which contains the reliable and secure SOAP messaging assertions.

The source ClientService Web service has one operation for invoking the echo operations of the ReliableEchoService Web service reliably and in a secure way within one conversation: runTestEchoWithRes. The JWS file that implements the ClientService Web service uses the @WebServiceRef JWS annotation to specify the service name of the reliable Web service being invoked.

To generate the Web services, use the jwsc WebLogic Web service Ant task, as shown in the build.xml file. The jwsc target generates the reliable and secure Web service and the jwsc-client-app target creates the source Web service that invoke the echo operations of the ReliableEchoService Web service. The jwsc Ant task compiles the JWS files, and generates the additional files needed to implement a standard J2EE Enterprise Web service, including the Web service deployment descriptors, the WSDL file, data binding components, and so on. The Ant task automatically generates all the components into an Enterprise Application directory structure that you can then deploy to WebLogic Server. This example uses the wldeploy WebLogic Ant task to deploy the Web service.

The jwsc-client-app target also shows how you must first execute the clientgen Ant task to generate the JAX-WS stubs for the destination ReliableEchoService Web service, compile the generated Java source files, and then use the classpath attribute of jwsc to specify the directory that contains these classes so that the ClientServiceImpl.java class can find them.

The WsrmJaxwsExampleRequest.java class is a standalone Java application that invokes the echo operation of the source Web service. The client target of the build.xml file shows how to run clientgen, and compile all the generated Java files and the WsrmJaxwsExampleRequest.java application.

11.37.4.2 Files Used in This Example

Directory Location: MW_HOME/wlserver_10.3/samples/server/examples/src/examples/webservices/wsrm_jaxws/wsrm_jaxws_security

MW_HOME represents the Oracle Fusion Middleware home directory.

FileDescription

ClientServiceImpl.java

JWS file that implements the source Web service that reliably invokes the echo operation of the ReliableEchoService Web service in a secure way.

ReliableEchoServiceImpl.java

JWS file that implements the reliable destination Web service. This JWS file uses the @Policies and @Policy annotation to specify a WS-Policy file that contains reliable and secure SOAP messaging assertions.

client/WsrmJaxwsExampleRequest.java

Standalone Java client application that invokes the source WebLogic Web service, that in turn invokes an operation of the ReliableEchoervice Web service in a reliable and secure way.

ws_rm_configuration.py

WLST script that configures the components required for reliable SOAP messaging. Execute this script for the WebLogic Server instance that hosts the reliable destination Web service. The out-of-the-box Examples server has already been configured with the resources required for the source Web service that invokes an operation reliably.

configWss.py

WLST script that configures the components required for secure SOAP messaging. Execute this script for the WebLogic Server instance that hosts the source Web service. Remember to restart the source WebLogic Server after executing this script.

configWss_Service.py

WLST script that configures the components required for secure SOAP messaging. Execute this script for the WebLogic Server instance that hosts the destination Web service. Remember to restart the destination WebLogic Server after executing this script.

certs/serverKeyStore.jks

Server-side key store used to create the server-side BinarySecurityToken credential provider.

certs/clientKeyStore.jks

Client-side key store used to create the client-side BinarySecurityToken credential provider.

jaxws-binding.xml

XML file that describes the package name of the generated code and indicate the client side code needs to contain asynchronous invocation interface.

build.xml

Ant build file that contains targets for building and running the example.


11.37.4.3 Prepare the Example

This section describes how to prepare the example.

Prerequisites

Before working with this example:

  1. Install Oracle WebLogic Server, including the examples.

  2. Start the Examples Server.

  3. Set up your environment.

Configure the Destination WebLogic Server Instance (Optional)

The default configuration for this example deploys both the source and destination Web services to the Examples server. You can use this default configuration to see how the example works, but it does not reflect a real life example of using reliable and secure SOAP messaging in which the source Web service is deployed to a WebLogic Server that is different from the one that hosts the destination Web service. This section describes how to set up the real life example.

The example includes WebLogic Server Scripting Language (WLST) scripts that are used to configure:

  • Store-and-forward (SAF) service agent

  • File store

  • JMS server

  • JMS module

  • JMS subdeployment

  • JMS queues

  • Logical store

  • Credential provider for Security Context Token

  • Credential provider for Derived Key

  • Credential provider for x.509

  • KeyStores for Confidentiality and Integrity

  • PKI CreditMapper

Follow these steps if you want to deploy the secure and reliable destination Web service to a different WebLogic Server instance:

  1. If the managed WebLogic Server to which you want to deploy the reliable JAX-WS Web service does not exist, create it.

  2. Change to the SAMPLES_HOME\server\examples\src\examples\webservices\wsrm_jaxws\wsrm_jaxws_security directory, where SAMPLES_HOME refers to the main WebLogic Server examples directory, such as c:\Oracle\Middleware\wlserver_10.3\samples.

  3. Edit the build.xml file and update the following property definitions to ensure that the reliable JAX-WS Web service is deployed to the destination WebLogic Server:

    <property name="wls.service.server" value="destinationServerName" />
    <property name="wls.service.hostname" value="destinationHost" />
    <property name="wls.service.port" value="destinationPort" />
    <property name="wls.service.username" value="destinationUser" />
    <property name="wls.service.password" value="destinationPassword" />
    

    Substitute the italicized terms in the preceding properties with the actual values for your destination WebLogic Server. The default out-of-the-box build.xml sets these properties to the Examples server.

Build and Deploy the Example

To build and deploy the example:

    Change to the SAMPLES_HOME\server\examples\src\examples\webservices\wsrm_jaxws\wsrm_jaxws_security directory, where SAMPLES_HOME refers to the main WebLogic Server examples directory, such as c:\Oracle\Middleware\wlserver_10.3\samples.

  1. Run the WLST script that configures the destination WebLogic Server by executing the config.ws.reliable.service target of the build.xml file from the shell where you set your environment:

    prompt> ant config.ws.reliable.service

  2. Execute the following command to configure JAX-WS Web service Security from the shell where you set your environment:

    prompt> ant config.wss

  3. If you have configured a different destination WebLogic Server (that is, the destination server is not the Examples server), copy the certs\serverKeyStore.jks file to the domain directory of your destination server.

  4. Restart both your client and destination WebLogic Server to activate the MBean changes.

  5. Execute the following command from the shell where you set your environment:

    prompt> ant build

    This command compiles and stages the example. Specifically, it compiles both the source and destination Web services. It also compiles the standalone WsrmJaxwsExampleRequest application that invokes the source Web service, which in turn invokes the reliable destination Web service.

  6. Execute the following command from the shell where you set your environment:

    prompt> ant deploy

    This command deploys, by default, both the source and destination Web services to the wl_server domain of your WebLogic Server installation. If you have configured a different destination WebLogic Server and updated the build.xml file accordingly, then the reliable JAX-WS Web service is deployed to the configured destination server.

11.37.4.4 Run the Example

To run the example, follow these steps:

  1. Complete the steps in the Prepare the Example section.

  2. In your development shell, run the WsrmJaxwsExampleRequest Java application using the following command from the main example directory (SAMPLES_HOME\server\examples\src\examples\webservices\wsrm_jaxws\wsrm_jaxws_security):

    prompt> ant run

    This command runs the standalone WsrmJaxwsExampleRequest application that invokes the source Web service, which in turn invokes the reliable destination JAX-WS Web service.

  3. To test the reliability of the Web service, stop the destination WebLogic Server, and then rerun the WsrmJaxwsExampleRequest application. When you restart the destination WebLogic Server and the reliable Web service is deployed, you should see that the operation is also automatically invoked.

Check the Output

If your example runs successfully, the following messages display in the command shell from which you ran the WsrmJaxwsExampleRequest application:

Trying to override old definition of task clientgen
 
run:
     [java]
     [java]
     [java] ###########################################
     [java]     In testEcho_AsyncOnServerClient_ServiceBuffered...
     [java]     On-Server / Async / Buffered case
     [java]     2011/06/160 03:30:29.938
     [java] ###########################################
     [java]
     [java]
     [java] Client addr:http://localhost:9001/wsrm_jaxws_sc_example_client/Clien
tService
     [java] ---[HTTP request - http://localhost:9001/wsrm_jaxws_sc_example_clien
t/ClientService]---
     [java] Content-type: text/xml;charset=utf-8
     [java] Soapaction: ""
     [java] Accept: text/xml, multipart/related, text/html, image/gif, image/jpe
g, *; q=.2, */*; q=.2
     [java] <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://sc
hemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:runTestEchoWithRes xmlns:ns2="htt
p://example.wsrm_jaxws/"><arg0>Foo bar</arg0><arg1>localhost</arg1>
<arg2>8001</arg2><arg3>C:\Oracle\Middleware\wlserver_10.3\samples\server\
examples\src\examples\webservices\wsrm_jaxws_security/certs</arg3>
</ns2:runTestEchoWithRes></S:Body></S:Envelope>--------------------
     [java]
     [java] ---[HTTP response - http://localhost:9001/wsrm_jaxws_sc_example_clie
nt/ClientService - 200]---
     [java] Transfer-encoding: chunked
     [java] null: HTTP/1.1 200 OK
     [java] Content-type: text/xml;charset=utf-8
     [java] X-powered-by: Servlet/2.5 JSP/2.1
     [java] Date: Thu, 09 Jun 2011 07:30:33 GMT
     [java] <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://sc
hemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:runTestEchoWithResResponse xmlns:
ns2="http://example.wsrm_jaxws/"><return>[2011/06/160 03:30:33.953] ## Making Ec
ho Requests (ASYNC/BUFFERED) ##
     [java] [2011/06/160 03:30:42.703] *** On first good invoke ***
     [java] [2011/06/160 03:30:42.703] echo returned: Foo bar expected: Foo bar
     [java] [2011/06/160 03:30:42.922] echo returned: foo bar 2 expected: foo ba
r 2
     [java] [2011/06/160 03:30:43.031] echo returned: foo bar 3 expected: foo ba
r 3
     [java] [2011/06/160 03:30:43.031] ## Done Making Echo Requests (ASYNC/BUFFE
RED) ##
     [java] </return></ns2:runTestEchoWithResResponse></S:Body>
</S:Envelope>--------------------
     [java]
     [java] [2011/06/160 03:30:33.953] ## Making Echo Requests (ASYNC/BUFFERED)
##
     [java] [2011/06/160 03:30:42.703] *** On first good invoke ***
     [java] [2011/06/160 03:30:42.703] echo returned: Foo bar expected: Foo bar
     [java] [2011/06/160 03:30:42.922] echo returned: foo bar 2 expected: foo ba
r 2
     [java] [2011/06/160 03:30:43.031] echo returned: foo bar 3 expected: foo ba
r 3
     [java] [2011/06/160 03:30:43.031] ## Done Making Echo Requests (ASYNC/BUFFE
RED) ##
     [java]
 
BUILD SUCCESSFUL
Total time: 2 minutes 33 seconds

The following messages display in the command window from which you started as the client WebLogic Server (that hosts the reliable source Web service):

Service addr:http://localhost:7001/wsrm_jaxws_sc_example/ReliableEchoService
    [2011/06/180 01:33:40.906] ## Making Echo Requests (ASYNC/BUFFERED) ##
 
    [2011/06/180 01:33:40.906] In invokeEchoAsync, invoking echo with request: Foo bar
 
    [2011/06/180 01:33:40.906] In invokeEchoAsync, waiting for response to request: Foo bar ...
 
    SignInfo mismatch  Algo mismatch http://www.w3.org/2000/09/xmldsig#rsa-sha1 VS.
    http://www.w3.org/2000/09/xmldsig#hmac-sha1 Refs: Msg size =1#Signature_prfr5thF
    y2vRPbpC, Policy size =3 #unt_w7HSTtcGcebXFWEr, #Timestamp_XIXttwj9Yq2XO7Tj, #Bo
    dy_81D2x3V7iTNyy1I5,
    STR type mismatch Actual KeyInfo:{http://docs.oasis-open.org/wss/2004/01/oasis-2
    00401-wss-wssecurity-secext-1.0.xsd}KeyIdentifier|http://docs.oasis-open.org/wss
    /oasis-wss-soap-message-security-1.1#ThumbprintSHA1,  StrTypes size=1 :{http://d
    ocs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Refere
    nce||http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk,
    Security Token mismatch, token type =http://docs.oasis-open.org/ws-sx/ws-securec
    onversation/200512/dk and actual ishttp://docs.oasis-open.org/wss/2004/01/oasis-
    200401-wss-x509-token-profile-1.0#X509v3
    <WSEE:15>There is no information on the incoming SOAP message.
    <SmartPolicySelect or.getSmartPolicyBlueprint:501>
    testing...................
 
 
    [2011/06/180 01:33:41.718] In ClientServiceImpl.onEchoResponse(request:
    examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fb8)
 
    [2011/06/180 01:33:41.718] Done with ClientServiceImpl.onEchoResponse(request:
    examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fb8): Foo bar
 
    [2011/06/180 01:33:41.718] *** On first good invoke ***
 
    [2011/06/180 01:33:41.734] echo returned: Foo bar expected: Foo bar
 
    [2011/06/180 01:33:41.734] In invokeEchoAsync, invoking echo with request: foo bar 2
 
    [2011/06/180 01:33:41.750] In invokeEchoAsync, waiting for response to request: foo bar 2 ...
 
    <WSEE:15>There is no information on the incoming SOAP message.
    <SmartPolicySelect or.getSmartPolicyBlueprint:501>
    testing...................
 
 
    [2011/06/180 01:33:41.984] In ClientServiceImpl.onEchoResponse(request:
    examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fae)
 
    [2011/06/180 01:33:41.984] Done with ClientServiceImpl.onEchoResponse(request:
    examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fae): foo bar 2
 
    [2011/06/180 01:33:41.984] echo returned: foo bar 2 expected: foo bar 2
 
    [2011/06/180 01:33:42.000] In invokeEchoAsync, invoking echo with request: foo bar 3
 
    [2011/06/180 01:33:42.015] In invokeEchoAsync, waiting for response to request: foo bar 3 ...
 
    <WSEE:31>There is no information on the incoming SOAP message.
    <SmartPolicySelect or.getSmartPolicyBlueprint:501>
    testing...................
 
    [2011/06/180 01:33:42.187] In ClientServiceImpl.onEchoResponse(request:
    examplesServer:4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fab)
 
    [2011/06/180 01:33:42.328] Done with ClientServiceImpl.onEchoResponse(request:
    examplesServer:4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fab): foo bar 3
 
    [2011/06/180 01:33:42.328] echo returned: foo bar 3 expected: foo bar 3
 
    [2011/06/180 01:33:42.328] ## Done Making Echo Requests (ASYNC/BUFFERED) ##
 
    <WSEE:46>There is no information on the incoming SOAP message.
    <SmartPolicySelect or.getSmartPolicyBlueprint:501>
  

The following messages display in the command window from which you started the destination WebLogic Server (that hosts the reliable destination Web service):

      %% Echoing: Foo bar %%
      %% Echoing: foo bar 2 %%
      %% Echoing: foo bar 3 %%

If you deploy both the source and destination Web services to the same Server, the following messages display in the command window from which you started your client and destination WebLogic Server:

    Service addr:http://localhost:7001/wsrm_jaxws_sc_example/ReliableEchoService
    [2011/06/180 01:33:40.906] ## Making Echo Requests (ASYNC/BUFFERED) ##
 
    [2011/06/180 01:33:40.906] In invokeEchoAsync, invoking echo with request: Foo bar
 
    [2011/06/180 01:33:40.906] In invokeEchoAsync, waiting for response to request: Foo bar ...
 
    SignInfo mismatch  Algo mismatch http://www.w3.org/2000/09/xmldsig#rsa-sha1 VS.
    http://www.w3.org/2000/09/xmldsig#hmac-sha1 Refs: Msg size =1#Signature_prfr5thF
    y2vRPbpC, Policy size =3 #unt_w7HSTtcGcebXFWEr, #Timestamp_XIXttwj9Yq2XO7Tj, #Bo
    dy_81D2x3V7iTNyy1I5,
    STR type mismatch Actual KeyInfo:{http://docs.oasis-open.org/wss/2004/01/oasis-2
    00401-wss-wssecurity-secext-1.0.xsd}KeyIdentifier|http://docs.oasis-open.org/wss
    /oasis-wss-soap-message-security-1.1#ThumbprintSHA1,  StrTypes size=1 :{http://d
    ocs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Refere
    nce||http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk,
    Security Token mismatch, token type =http://docs.oasis-open.org/ws-sx/ws-securec
    onversation/200512/dk and actual ishttp://docs.oasis-open.org/wss/2004/01/oasis-
    200401-wss-x509-token-profile-1.0#X509v3
    %% Echoing: Foo bar %%
    <WSEE:15>There is no information on the incoming SOAP message.
    <SmartPolicySelect or.getSmartPolicyBlueprint:501>
    testing...................
 
 
    [2011/06/180 01:33:41.718] In ClientServiceImpl.onEchoResponse(request:
    examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fb8)
 
    [2011/06/180 01:33:41.718] Done with ClientServiceImpl.onEchoResponse(request:
    examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fb8): Foo bar
 
    [2011/06/180 01:33:41.718] *** On first good invoke ***
 
    [2011/06/180 01:33:41.734] echo returned: Foo bar expected: Foo bar
 
    [2011/06/180 01:33:41.734] In invokeEchoAsync, invoking echo with request: foo bar 2
 
    [2011/06/180 01:33:41.750] In invokeEchoAsync, waiting for response to request: foo bar 2 ...
    
    %% Echoing: foo bar 2 %%
    <WSEE:15>There is no information on the incoming SOAP message.
    <SmartPolicySelect or.getSmartPolicyBlueprint:501>
    testing...................
 
 
    [2011/06/180 01:33:41.984] In ClientServiceImpl.onEchoResponse(request:
    examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fae)
 
    [2011/06/180 01:33:41.984] Done with ClientServiceImpl.onEchoResponse(request:
    examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fae): foo bar 2
 
    [2011/06/180 01:33:41.984] echo returned: foo bar 2 expected: foo bar 2
 
    [2011/06/180 01:33:42.000] In invokeEchoAsync, invoking echo with request: foo bar 3
 
    [2011/06/180 01:33:42.015] In invokeEchoAsync, waiting for response to request: foo bar 3 ...
    
    %% Echoing: foo bar 3 %%
    <WSEE:31>There is no information on the incoming SOAP message.
    <SmartPolicySelect or.getSmartPolicyBlueprint:501>
    testing...................
 
    [2011/06/180 01:33:42.187] In ClientServiceImpl.onEchoResponse(request:
    examplesServer:4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fab)
 
    [2011/06/180 01:33:42.328] Done with ClientServiceImpl.onEchoResponse(request:
    examplesServer:4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fab): foo bar 3
 
    [2011/06/180 01:33:42.328] echo returned: foo bar 3 expected: foo bar 3
 
    [2011/06/180 01:33:42.328] ## Done Making Echo Requests (ASYNC/BUFFERED) ##
 
    <WSEE:46>There is no information on the incoming SOAP message.
    <SmartPolicySelect or.getSmartPolicyBlueprint:501>
  
PKPaظPK Oracle WebCenter Portal

Part V

Oracle WebCenter Portal

Part V contains the following chapter:

PKj嘎1,PK Oracle Identity Manager

21 Oracle Identity Manager

This chapter describes issues associated with Oracle Identity Manager. It includes the following topics:

21.1 Patch Requirements

This section describes patch requirements for Oracle Identity Manager 11g Release 1 (11.1.1). It includes the following sections:

21.1.1 Obtaining Patches From My Oracle Support (Formerly OracleMetaLink)

To obtain a patch from My Oracle Support (formerly OracleMetaLink), go to following URL, click Patches and Updates, and search for the patch number:

https://support.oracle.com/

21.1.2 Patch Requirements for Oracle Database 11g (11.1.0.7)

Table 21-1 lists patches required for Oracle Identity Manager 11g Release 1 (11.1.1) configurations that use Oracle Database 11g (11.1.0.7). Before you configure Oracle Identity Manager 11g, be sure to apply the patches to your Oracle Database 11g (11.1.0.7) database.

Table 21-1 Required Patches for Oracle Database 11g (11.1.0.7)

PlatformPatch Number and Description on My Oracle Support

UNIX / Linux

7614692: BULK FEATURE WITH 'SAVE EXCEPTIONS' DOES NOT WORK IN ORACLE 11G


7000281: DIFFERENCE IN FORALL STATEMENT BEHAVIOR IN 11G


8327137: WRONG RESULTS WITH INLINE VIEW AND AGGREGATION FUNCTION


8617824: MERGE LABEL REQUEST ON TOP OF 11.1.0.7 FOR BUGS 7628358 7598314

Windows 32 bit

8689191: ORACLE 11G 11.1.0.7 PATCH 16 BUG FOR WINDOWS 32 BIT

Windows 64 bit

8689199: ORACLE 11G 11.1.0.7 PATCH 16 BUG FOR WINDOWS (64-BIT AMD64 AND INTEL EM64T)



Note:

The patches listed for UNIX/Linux in Table 21-1 are also available by the same names for Solaris SPARC 64 bit.


21.1.3 Patch Requirements for Oracle Database 11g (11.2.0.2.0)

If you are using Oracle Database 11g (11.2.0.2.0), make sure that you download and install the appropriate version (based on the platform) for the RDBMS Patch Number 9776940. This is a prerequisite for installing the Oracle Identity Manager schemas.

Table 21-2 lists the patches required for Oracle Identity Manager 11g Release 1 (11.1.1) configurations that use Oracle Database 11g Release 2 (11.2.0.2.0). Make sure that you download and install the following patches before creating Oracle Identity Manager schemas.

Table 21-2 Required Patches for Oracle Database 11g (11.2.0.2.0)

PlatformPatch Number and Description on My Oracle Support

Linux x86 (32-bit)

Linux x86 (64-bit)

Oracle Solaris on SPARC (64-bit)

Oracle Solaris on x86-64 (64-bit)

RDBMS Interim Patch#9776940.

Microsoft Windows x86 (32-bit)

Bundle Patch 2 [Patch#11669994] or later. The latest Bundle Patch is 4 [Patch# 11896290].

Microsoft Windows x86 (64-bit)

Bundle Patch 2 [Patch# 11669995] or later. The latest Bundle Patch is 4 [Patch# 11896292].


If this patch is not applied, then problems might occur in user and role search and manager lookup. In addition, search results might return empty result.


Note:

  • Apply this patch in ONLINE mode. Refer to the readme.txt file bundled with the patch for the steps to be followed.

  • In some environments, the RDBMS Interim Patch has been unable to resolve the issue, but the published workaround works. Refer to the metalink note "Wrong Results on 11.2.0.2 with Function-Based Index and OR Expansion due to fix for Bug:8352378 [Metalink Note ID 1264550.1]" for the workaround. This note can be followed to set the parameters accordingly with the only exception that they need to be altered at the Database Instance level by using ALTER SYSTEM SET <param>=<value> scope=<memory> or <both>.


21.1.4 Patch Requirements for Segregation of Duties (SoD)

Table 21-3 lists patches that resolve known issues with Segregation of Duties (SoD) functionality:

Table 21-3 SoD Patches

Patch Number / IDDescription and Purpose

Patch number 9819201 on My Oracle Support

Apply this patch on the SOA Server to resolve the known issue described in "SoD Check During Request Provisioning Fails While Using SAML Token Client Policy When Default SoD Composite is Used".

The description of this patch on My Oracle Support is "ERROR WHILE USING SAML TOKEN CLIENT POLICY FOR CALLBACK."

Patch ID 3M68 using the Oracle Smart Update utility. Requires passcode: 6LUNDUC7.

Using the Oracle Smart Update utility, apply this patch on the Oracle WebLogic Server to resolve the known issue described in "SoD Check Fails While Using Client-Side Policy in Callback Invocation During Request Provisioning".



Note:

The SoD patches are required to resolve the known issues in Oracle Identity Manager 11g Release 1 (11.1.1.3), but these patches are not required in 11g Release 1 (11.1.1.5).


21.1.5 Patch Upgrade Requirement

While applying the patch provided by Oracle Identity Manager, the following error is generated:

ApplySession failed: ApplySession failed to prepare the system.

OPatch version 11.1.0.8.1 must be upgraded to version 11.1.0.8.2 to meet the version requirement.

See "Obtaining Patches From My Oracle Support (Formerly OracleMetaLink)" for information about downloading OPatch from My Oracle Support.

21.2 General Issues and Workarounds

This section describes general issues and workarounds. It includes the following topics:

21.2.1 Do Not Use Platform Archival Utility

Currently, the Platform Archival Utility is not supported and should not be used.

To work around this issue, use the predefined scheduled task named Orchestration Process Cleanup Task to delete all completed orchestration processes and related data.

21.2.2 SPML-DSML Service is Unsupported

Oracle Identity Manager's SPML-DSML Service is currently unsupported in 11g Release 1 (11.1.1). However, you can manually deploy the spml-dsml.ear archive file for Microsoft Active Directory password synchronization.

21.2.3 Resource Object Names Longer than 100 Characters Cause Import Failure

If a resource object name is more than 100 characters, an error occurs in the database and the resource object is not imported. To work around this issue, change the resource object's name in the XML file so the name is less than 100 characters.

21.2.4 Status of Users Created Through the Create and Modify User APIs

You cannot create users in Disabled State. Users are always created in Active State.

The Create and Modify User APIs do not honor the Users.Disable User attribute value. If you pass a value to the Users.Disable User attribute when calling the Create API, Oracle Identity Manager ignores this value and the USR table is always populated with a value of 0, which indicates the user's state is Active.

Use the Disable API to disable a user.

21.2.5 Status of Locked Users in Oracle Access Manager Integrations

When Oracle Access Manager locks a user account in an Oracle Identity Manager-Oracle Access Manager integration, it may take approximately five minutes, or the amount of time defined by the incremental reconciliation scheduled interval, for the status of the locked account to be reconciled and appear in Oracle Identity Manager. However, if a user account is locked or unlocked in Oracle Identity Manager, the status appears immediately.

21.2.6 Generating an Audit Snapshot after Bulk-Loading Users or Accounts

The GenerateSnapshot.[sh|bat] option does not work correctly when invoked from the Bulk Load utility. To work around this issue and generate a snapshot of the initial audit after bulk loading users or accounts, you must run GenerateSnapshot.[sh|bat] from the $OIM_HOME/bin/ directory.

21.2.7 Browser Timezone Not Displayed

Due to an ADF limitation, the browser timezone is currently not accessible to Oracle Identity Manager. Oracle Identity Manager bases the timezone information in all date values on the server's timezone. Consequently, end users will see timezone information in the date values, but the timezone value will display the server's timezone.

21.2.8 Date Format Change in the SoD Timestamp Field Not Supported

The date-time value that end users see in the Segregation of Duties (SoD) Check Timestamp field on the SoD Check page will always display as "YYYY-MM-DD hh:mm:ss" and this format cannot be localized.

To work around this localization issue, perform the following steps:

  1. Open the "Oracle_eBusiness_User_Management_9.1.0.1.0/xml/Oracle-eBusinessSuite-TCA-Main-ConnectorConfig.xml" file.

  2. In the EBS Connector import xml, locate the SoDCheckTimeStamp field for the Process Form. Change <SDC_FIELD_TYPE> to 'DateFieldDlg' and change <SDC_VARIANT_TYPE> to 'Date' as shown in the following example:

    <FormField name = "UD_EBST_USR_SODCHECKTIMESTAMP">
                 <SDC_UPDATE>!Do not change this field!</SDC_UPDATE>
                 <SDC_LABEL>SoDCheckTimestamp</SDC_LABEL>
                 <SDC_VERSION>1</SDC_VERSION>
                 <SDC_ORDER>23</SDC_ORDER>
                 <SDC_FIELD_TYPE>DateFieldDlg</SDC_FIELD_TYPE>
                 <SDC_DEFAULT>0</SDC_DEFAULT>
                 <SDC_ENCRYPTED>0</SDC_ENCRYPTED>
                 <!--SDC_SQL_LENGTH>50</SDC_SQL_LENGTH-->
                 <SDC_VARIANT_TYPE>Date</SDC_VARIANT_TYPE>
             </FormField>
    
  3. Import the Connector.

  4. Enable SoD Check.

  5. Provision the EBS Resource with entitlements to trigger an SoD Check.

  6. Check the SoDCheckTimeStamp field in Process Form to confirm it is localized like the other date fields in the form.

21.2.9 Bulk Loading CSV Files with UTF-8 BOM Encoding Not Supported

Bulk loading a CSV file for which UTF-8 BOM (byte order mark) encoding is specified causes an error. However, bulk-loading UTF-8 encoded CSV files works as expected if you specify "no BOM" encoding.

To work around this issue,

  • If you want to load non-ASCII data, you must change your CSV file encoding to "UTF-8 no BOM" before loading the CSV file.

  • If your data is stored in CSV files with "UTF-8 BOM" encoding, you must change them to "UTF-8 no BOM" encoding before running the bulkload script.

21.2.10 Date Type Attributes are Not Supported for the Default Scheduler Job, "Job History Archival"

The default Scheduler job, "Job History Archival," does not support date type attributes.

The "Archival Date" attribute parameter in "Job History Archival" only accepts string patterns such as "ddMMyyyy" and "MMM DD, yyyy."

When you run a Scheduler job, the code checks the date format. If you enter the wrong format, an error similar to the following example, displays in the execution status list and in the log console:

<IAM-1020063> <Incorrect format of Archival Date parameter. Archival Date is expected in DDMMYYYY or UI Date format.>

The job cannot run successfully until you input the correct Archival Date information.

21.2.11 Low File Limits Prevent Adapters from Compiling

On machines where the file limits are set too low, trying to create and compile an entity adapter causes a "Too many open files" error and the adapter will not compile.

To work around this issue, change the file limits on your machine to the following (located in /etc/security/limits.conf) and then restart the machine:

  • soft nofile 4096

  • hard nofile 4096

21.2.12 Reconciliation Engine Requires Matching Rules

Currently, Oracle Identity Manager's Reconciliation Engine in 11g Release 1 (11.1.1) requires you to define a matching rule to identify the users for every connector in reconciliation. Errors will occur during reconciliation if you do not define a matching rule to identify users.

21.2.13 SPML Requests Do Not Report When Any Date is Specified in Wrong Format

When any date, such as activeStartDate, hireDate, and so on, is specified in an incorrect format, the Web server does not pass those values to the SPML layer. Only valid dates are parsed and made available to SPML. Consequently, when any SPML request that contains an invalid date format, the invalid date format from the request is ignored and is not available for that operation. For example, if you specify the HireDate month as "8" instead of "08," the HireDate will not be populated after the Create request is completed and no error message is displayed.

The supported date format is:

yyyy-MM-dd hh:mm:ss.fffffffff

No other date format is supported.

21.2.14 Logs Populated with SoD Exceptions When the SoD Message Fails and Gets Stuck in the Queue

SoD functionality uses JMS-based processing. Oracle Identity Manager submits a message to the oimSODQueue for each SoD request. If for some reason an SoD message always results in an error, Oracle Identity Manager never processes the next message in the oimSODQueue. Oracle Identity Manager always picks the same error message for processing until you delete that message from the oimSODQueue.

To work around this issue, use the following steps to edit the queue properties and to delete the SoD message in oimSODQueue:

  1. Log on to the WebLogic Admin Console at http://<hostname>:<port>/console

  2. From the Console, select Services, Messaging, JMS Modules.

  3. Click OIMJMSModule. All queues will be displayed.

  4. Click oimSODQueue.

  5. Select the Configurations, Delivery Failure tabs.

  6. Change the retry count so that the message can only be submitted a specified number of times.

  7. Change the default Redelivery Limit value from -1 (which means infinite) to a specific value. For example, if you specify 1, the message will be submitted only once.

  8. To review and delete the SoD error message, go to the Monitoring tab, select the message, and delete it.

21.2.15 A Backslash (\) Cannot Be Used in a weblogic.properties File

If you are using the WeblogicImportMetadata.cmd utility to import data to MDS, then do not use a backslash (\) character in a path in the weblogic.properties file, or an exception will occur.

To work around this issue, you must use a double backslash (\\) or a forward slash (/) on Microsoft Windows. For example, change metadata_from_loc=C:\metadata\file to metadata_from_loc=C:\\metadata\\file in the weblogic.properties file.

21.2.16 Underscore Character Cannot Be Used When Searching for Resources

When you are searching for a resource object, do not use an underscore character (_) in the resource name. The search feature ignores the underscore and consequently does not return the expected results.

21.2.17 Assign to Administrator Action Rule is Not Supported by Reconciliation

Reconciliation does not support the Assign to Administrator Action rule.

To work around this issue, change the Assign to Administrator to None in the connector XML before importing the connector. However, after changing the value to None, you cannot revert to Assign to Administrator.

21.2.18 Some Buttons on Attestation Screens Do Not Work in Mozilla Firefox

If you are creating attestations in a Mozilla Firefox Web browser and you click certain buttons, nothing happens.

To work around this issue, click the Refresh button to refresh the page.

21.2.19 The maxloginattempts System Property Causes Autologin to Fail When User Tries to Unlock

WLS Security Realm has a default lock-out policy that locks out users for some time after several unsuccessful login attempts. This policy can interfere with the locking and unlocking functionality of Oracle Identity Manager.

To prevent the WLS Security Realm lock-out policy from affecting the lock/unlock functionality of Oracle Identity Manager, you must set the 'Lockout Threshold' value in the WLS 'User Lockout Policy' to at least 5 more than the value in Oracle Identity Manager. For example, if the value in Oracle Identity Manager is set to 10, you must set the WLS 'Lockout Threshold' value to 15.

To change the default values for the 'User lockout Policy,' perform the following steps:

  1. Open the WebLogic Server Administrative Console.

  2. Select Security Realms, REALM_NAME.

  3. Select the User Lockout tab.

  4. If configuration editing is not enabled, then click the Lock and Edit button to enable configuration editing.

  5. Change the value of lockout threshold to the required value.

  6. Click Save to save the changes.

  7. Click Activate to activate your changes.

  8. Restart all the servers in the domain.

21.2.20 "<User not found>" Error Message Appears in AdminServer Console While Setting-Up an Oracle Identity Manager-Oracle Access Manager Integration

When you set up Oracle Identity Manager-Oracle Access Manager Integration with a JAVA agent and log into the Admin Server Console, a "<User not found>" error message is displayed. This message displays even when the login is successful.

21.2.21 Do Not Use Single Quote Character in Reconciliation Matching Rule

If the single quote character (') is used in reconciliation data (for example, 'B'1USER1'), then target reconciliation will fail with an exception.

21.2.22 Do Not Use Special Characters When Reconciling Roles from LDAP

Due to a limitation in the Oracle SOA Infrastructure, do not use special characters such as commas (,) in role names, group names, or container descriptions when reconciling roles from LDAP. Oracle Identity Manager's internal code uses special characters as delimiters. For example, Oracle Identity Manager uses commas (,) as approver delimiters and the SOA HWF-level global configuration uses commas as assignee delimiters.

21.2.23 SoD Check During Request Provisioning Fails While Using SAML Token Client Policy When Default SoD Composite is Used

SoD check fails and the following error is displayed on the SOA console when SoD check is performed during request provisioning only when the Default SoD Check composite is used:

SEVERE: FabricProviderServlet.handleException Error during retrieval of test page or composite resourcejavax.servlet.ServletException: java.lang.NullPointerException

This happens when Callback is made from Oracle Identity Manager to SOA with the SoDCheck Results.

To resolve this issue, apply patch 9819201 on the SOA server. You can obtain patch 9819201 from My Oracle Support. The description of this patch on My Oracle Support is "ERROR WHILE USING SAML TOKEN CLIENT POLICY FOR CALLBACK."

For more information, refer to:

21.2.24 SoD Check Fails While Using Client-Side Policy in Callback Invocation During Request Provisioning

SoD check fails and following error is displayed on the Oracle Identity Manager Administrative and User Console when SoD check is performed during request provisioning only when the Default SoD Check composite is used:

<Error> <oracle.wsm.resources.policymanager><WSM-02264> <"/base_domain/oim_server1/oim/unknown/iam-ejb.jar/WEBSERVICECLIENTs/SoDCheckResultService/PORTs/ResultPort" is not a recognized resource pattern.>
<Error> <oracle.iam.sod.impl> <IAM-4040002><Error getting Request Service : java.lang.IllegalArgumentException: WSM-02264 "/base_domain/oim_server1/oim/unknown/iam-ejb.jar/WEBSERVICECLIENTs/SoDCheckResultService/PORTs/ResultPort" is not a recognized resource pattern.>

To resolve this issue, use the Oracle Smart Update utility to apply patch ID 3M68, which requires passcode of 6LUNDUC7, on Oracle WebLogic Server. For more information, refer to:

21.2.25 Error May Appear During Provisioning when Generic Technology Connector Framework Uses SPML

When using the generic technology connector framework uses SPML, during provisioning, the following error may appear:

<SPMLProvisioningFormatProvider.formatData :problem with Velocity Template Unable
to find resource 'com/thortech/xl/gc/impl/prov/SpmlRequest.vm'>

If the error occurs, it blocks provisioning by using the predefined SPML GTC provisioning format provider. Restarting the Oracle Identity Manager server prevents the error from appearing again.

21.2.26 Cannot Click Buttons in TransUI When Using Mozilla Firefox

When using the Mozilla Firefox browser, in certain situations, some buttons in the legacy user interface, also known as TransUI, cannot be clicked. This issue occurs intermittently and can be resolved by using Firefox's reload (refresh) function.

21.2.27 LDAP Handler May Cause Invalid Exception While Creating, Deleting, or Modifying a Role

If an LDAP handler causes an exception when you create, modify, or delete a role, an invalid error message, such as System Error or Role does not exist, may appear.

To work around this issue, look in the log files, which will display the correct error message.

21.2.28 Cannot Reset User Password Comprised of Non-ASCII Characters

If a user's password is comprised of non-ASCII characters, and that user tries to reset the password from either the My Profile or initial login screens in the Oracle Identity Manager Self Service interface, the reset will fail with the following error message:

Failed to change password during the validation of the old password

Note:

This error does not occur with user passwords comprised of only ASCII characters.


To work around this issue, perform the following steps:

  1. Set the JVM file encoding to UTF8, for example: -Dfile.encoding=UTF-8


    Note:

    On Windows systems, this may cause the console output to appear distorted, though output in the log files appear correctly.


  2. Restart the Oracle WebLogic Server.

21.2.29 Benign Exception and Error Message May Appear While Patching Authorization Policies

When patches are applied to the Authorization Polices that are included with Oracle Identity manager and the JavaSE environment registers the Oracle JDBC driver, java.security.AccessControlException is reported and the following error message appears:

Error while registering Oracle JDBC Diagnosability MBean

You can ignore this benign exception, as the Authorization Policies are seeded successfully, despite the exception and error messages.

21.2.30 The DateTime Pick in the Trans UI Does Not Work Correctly in the Thai Locale

When locale is set to th_TH in Microsoft Windows Internet Explorer Web browser, the datetime in Oracle Identity Manager follows the Thai Buddhist calendar. In the Create Attestation page of the Administrative and User Console, when you select a date for start time, the year is displayed according to the Thai Buddhist calendar, for example, 2553. After you click OK, the equivalent year according to the Gregorian calendar, which is 2010, is displayed in the start time field. But when you click Next to continue creating the attestation, an error message is displayed stating that the start time of the process must not belong to the past.

To workaround this issue, perform any one of the following:

  • Specify the datetime manually.

  • Use Mozilla Firefox Web browser, which uses the Gregorian calendar.

21.2.31 User Without Access Policy Administrators Role Cannot View Data in Access Policy Reports

OIM user without the ACCESS POLICY ADMINISTRATORS role cannot view data in the following reports:

  • Access Policy Details

  • Access Policy List by Role

To workaround this issue:

  1. Assign the ACCESS POLICY ADMINISTRATORS role to an OIM user.

  2. Create a BI Publisher user with the same username in Step 1. Assign appropriated BI Publisher role to view reports.

  3. Login as the BI Publisher user mentioned in step 2. View the Access Policy Details and Access Policy List by Role reports. All access policies are displayed.

21.2.32 Archival Utility Throws an Error for Empty Date

In case of empty date, archival utility throws an error message, but proceeds to archive data by mapping to the current date. Currently, no workaround exists for this issue.

21.2.33 TransUI Closes with Direct Provisioning of a Resource

TransUI closes while doing a direct provisioning if user defined field (UDF) is created with the default values. To work around this issue, you need to create a Lookup Code for the INTEGER/DOUBLE type UDF in the LKU/LKV table.

21.2.34 Scheduler Throws "ParameterValueTypeNotSupportedException" Instead of "RequiredParameterNotSetException"

On AIX platform, when a required parameter is missing during the creation of a scheduler job, instead of throwing "RequiredParameterNotSetException" with the error message "The value is not set for required parameters of a scheduled task.", it throws "ParameterValueTypeNotSupportedException" with the error message "Parameter value is not set properly". Currently, no workaround exists for this issue.

21.2.35 All New User Attributes Are Not Supported for Attestation in Oracle Identity Manager 11g

New user attributes are added in Oracle Identity Manager 11g. Not all of them are available for Attestation while defining user-scope. However, Attestation has been enhanced to include the following user attributes:

  • USR_COUNTRY

  • USR_LDAP_ORGANIZATION

  • USR_LDAP_ORGANIZATION_UNIT

  • USR_LDAP_GUID

Currently, no workaround exists for this issue.

21.2.36 LDAP GUID Mapping to Any Field of Trusted Resource Not Supported

Update fails in LDAP, if LDAP GUID is mapped to any field of trusted resource in LDAP-SYNC enabled installation. To work around this issue, Oracle does not recommend mapping for LDAP GUID field while creating reconciliation field mapping for a trusted resource.

21.2.37 User Details for Design Console Access Field Must Be Mapped to Correct Values When Reading Modify Request Results

When a Modify Request is raised, "End-User" and "End-User Administrator" values are displayed for the "Design Console Access" field. These values must be mapped to False/True while interpreting the user details.

21.2.38 Cannot Create a User Containing Asterisks if a Similar User Exists

If you try to create a user that contains an asterisk (*) after creating a user with a similar name, the attempt will fail. For example, if you create user test1test, followed by test*test, test*test will not be created.

It is recommended to not create users with asterisks in the User Login field.

21.2.39 Blank Status Column Displayed for Past Proxies

The Status field on the Post Proxies page is blank. However, active proxies are displayed correctly on Current Proxies page.

Currently, no workaround exists for this issue.

21.2.40 Mapping the Password Field in a Reconciliation Profile Prevents Users from Being Created

The Password field is available to be mapped with a reconciliation profile, but it should not be used. Attempting to map this field will generate a reconciliation event that will not create users. (The event ends in "No Match Found State".) In addition, you will not be able to re-evaluate or manually link this event.

21.2.41 UID Displayed as User Login in User Search Results

Although you can select the UID attribute from the Search Results Table Configuration list on the Search Configuration page of the Advanced Administration, the search results table for advanced search for users displays the User Login field instead of the UID field.

21.2.42 Roles/Organizations Browse Trees Disappear

After you delete an organization, the Browse trees for organizations and roles might not be displayed.

To work around this issue, click the Search Results tab, then click the Browse tab. The roles and organizations browse trees display correctly.

21.2.43 Entitlement Selection Is Not Optional for Data Gathering

Entitlement (Child Table) selection during data gathering on the process form, for the "Depends On (Depended)" attribute is not optional. During data gathering, if dependent lookups are configured, then the user has to select the parent lookup value so that filtering happens on the child lookup and thus user gets a final list of entitlements to select . Currently, no workaround exists to directly filter the values based on the child lookup.

21.2.44 Oracle Identity Manager Server Throws Generic Exception While Deploying a Connector

Generic exceptions are shown in server logs every time deployment manager import happens or profile changes manually or profile changes via design console. This is because "WLSINTERNAL" is not an authorized user of Oracle Identity Manager. "WLSINTERNAL" is an internal user of WebLogic Server, and MDS uses it to invoke MDS listeners if there is a change in XMLs stored in MDS. Currently, no workaround exists for this issue.

21.2.45 Create User API Allows Any Value for the "Users.Password Never Expires", "Users.Password Cannot Change", and "Users.Password Must Change" Fields

Create User API allows the user to set any value between 0 and 9 instead of 0 or 1 for "Users.Password Never Expires", "Users.Password Cannot Change" and "Users.Password Must Change" fields. However, any value other than 0 is considered as TRUE and 0 is considered as FALSE, and the flag is set accordingly for the user being created. Currently, no workaround exists for this issue.

21.2.46 Incorrect Label in JGraph Screen for the GTC

The User Type label on the JGraph screen is displayed incorrectly as Design Console Access. To display User Type, add the line Xellerate_Type=User Type to the OIM_HOME/server/customResources/customResources.properties file.

21.2.47 Running the Workflow Registration Utility Generates an Error

When the workflow registration utility is run in a clustered deployment of Oracle Identity Manager, the following error is generated:

[java] oracle.iam.platform.utils.NoSuchServiceException:
java.lang.reflect.InvocationTargetException

Ignore the error message.

21.2.48 Native Performance Pack is Not Enabled On Solaris 64-bit JVM Install

For Oracle Identity Manager JVM install on a Solaris 64-bit computer, Oracle WebLogic log displays the following error:

Unable to load performance pack. Using Java I/O instead. Please ensure that a native performance library is in:

To workaround this issue, perform the following to ensure that JDK picks up the 64-bit native performance:

  1. In a text editor, open the MIDDLEWARE_HOME/wlserver_10.3/common/bin/commEnv.sh file.

  2. Replace the following:

    SUN_ARCH_DATA_MODEL="32"
    

    With:

    SUN_ARCH_DATA_MODEL="64"
    
  3. Save and close the commEnv.sh file.

  4. Restart the application server.

21.2.49 Error in the Create Generic Technology Connector Wizard

If you enter incorrect credentials for the database on the Create Generic Technology Connector wizard, a system error window is displayed. You must close this window and run the wizard again.

21.2.50 DSML Profile for the SPML Web Service is Not Deployed With Oracle Identity Manager

The DSML profile for the SPML Web service is not deployed by default with Oracle Identity Manager 11g Release 1 (11.1.1). SPML-DSML binaries are bundled with the Oracle Identity Manager installer to support Microsoft Active Directory Password Synchronization. You must deploy the spml-dsml.ear file manually.

21.2.51 New Human Tasks Must Be Copied in SOA Composites

When you add a new human task to an existing SOA composite, you must ensure that all the copy operations for the attributes in the original human task are added to the new human task. Otherwise, an error could be displayed on the View Task Details page.

21.2.52 Modify Provisioned Resource Request Does Not Support Service Account Flag

A regular account cannot be changed to a service account, and similarly, a service account cannot be changed to a regular account through a Modify Provisioned Resource request.

21.2.53 Erroneous "Query by Example" Icon in Identity Administration Console

In the Identity Administration console, when viewing role details from the Members tab, an erroneous icon with the "tooltip" (mouse-over text) of "Query By Example" appears. This "Query By Example" icon is non-functional and should be ignored.

21.2.54 The XL.ForcePasswordChangeAtFirstLogin System Property Is No Longer Used

The XL.ForcePasswordChangeAtFirstLogin system property is no longer used in Oracle Identity Manager 11g Release 1 (11.1.1.1). Therefore, forcing the user to change the password at first login cannot be configured. By default, the user must change the password:

  • When the new user, other than self-registered users, is logging in to Oracle Identity Manager for the first time

  • When the user is logging in to Oracle Identity Manager for the first time after the password has been reset

21.2.55 The tcExportOperationsIntf.findObjects(type,name) API Does Not Accept the Asterisk (*) Wilcard Character in Both Parameters

The tcExportOperationsIntf.findObjects(type,name) API accepts the asterisk (*) wildcard character only for the second parameter, which is name. For type, a category must be specified. For example, findObjects("Resource","*") is a valid call, but findObjects("*","*") is not valid.

21.2.56 Disabled Links on the Access Policy Summary Page Opened in Mozilla FireFox

In the Verify Information for this Access Policy page of the Create/Modify Access Policy wizards opened in Mozilla Firefox Web browser, you click Change for resource to be provisioned by the access policy, and then click Edit to edit the process form data for the resources to be provisioned. If you click the Close button on the Edit form, then the change links for any one of the access policy information sections, such as resources to be provisioned by the access policy, resources to be denied by the access policy, or roles for the access policy, do not work.

To workaround this issue, click Refresh. All the links in the Verify Information for this Access Policy page are enabled.

21.2.57 Benign Error is Generated on Editing the IT Resource Form in Advanced Administration

When you click the Edit link on the IT Resource form in the Advanced Administration, the following error message is logged:

<Error> <XELLERATE.APIS> <BEA-000000>
<Class/Method: tcFormDefinitionOperationsBean/getFormFieldPropertyValue encounter some problems: Property 'Column Names' has not defined for the form field '-82'> 

The error message is benign and can be ignored because there is no loss of functionality.

21.2.58 User Account is Not Locked in iPlanet Directory Server After it is Locked in Oracle Identity Manager

After reaching the maximum login attempts, a user is locked in Oracle Identity Manager. But in iPlanet DS/ODSEE, the user is not locked. The orclAccountLocked feature is not supported because the backend iPlanet DS/ODSEE does not support account unlock by setting the Operational attribute. Account is unlocked only with a password reset. The nsaccountlock attribute is available for administrative lockout. The password policies do not use this attribute, but you can use this attribute to independently lock an account. If the password policy locks the account, then nsaccountlock locks the user even after the password policy lockout is gone.

21.2.59 Oracle Identity Manager Does Not Support Autologin With JavaAgent

In an Oracle Access Manager (OAM) integrated deployment of Oracle Identity Manager with JavaAgent, when a user created in Oracle Identity Manager tries to login to the Oracle Identity Manager Administrative and User Console for the first time, the user is forced to reset password and set challenge questions. After this, the user is not logged in to Oracle Identity Manager automatically, but is redirected to the OAM login page. This is because Oracle Identity Manager does not support autologin when JavaAgent is used.

21.2.60 Benign Error Logged on Opening Access Policies, Resources, or Attestation Processes

As a delegated administrator, when you open the page to display the details of an access policy, resource, or attestation process, the following error is logged:

Error> <org.apache.struts.tiles.taglib.InsertTag> <BEA-000000>
<Can't insert page '/gc/EmptyTiles.jsp' : Write failed: Broken pipe  java.net.SocketException: Write failed: Broken pipe

The error is benign and can be ignored because there is no loss of functionality.

21.2.61 User Locked in Oracle Identity Manager But Not in LDAP

In a LDAP-enabled deployment of Oracle Identity Manager in which the directory servers are Microsoft Active Directory (AD) or Oracle Internet Directory (OID), when a user is manually locked in Oracle Identity Manager by the administrator, the user is not locked in LDAP if a password policy is not configured in LDAP. The configurable password policy in LDAP can either be the default password policy that is applicable to all the LDAP users, or it can be a user-specific Password Setting Object (PSO).

21.2.62 Reconciliation Profile Must Not Be Regenerated Via Design Console for Xellerate Organization Resource Object

By default, the Xellerate Organization resource object does not have reconciliation to Oracle Identity Manager field mappings and any matching/action rule information. As a result, when reconciliation profile for Xellerate Organization resource object is updated via Design Console, it corrupts the existing reconciliation configuration for that resource object, and reconciliation fails with empty status.

To workaround this issue, do not generate the reconciliation profile/configuration via the Design Console. Instead, export the Xellerate Organization profile from Meta Data Store (MDS) and edit it manually, and import it back into Oracle Identity Manager. If the profile changes include modification of the reconciliation fields, then the corresponding changes must be made in the horizontal table schema and its entity definition as well.

21.2.63 Benign Error Logged on Clicking Administration After Upgrade

After upgrading Oracle Identity Manager from Release 9.1.0.1 to 11g Release 1 (11.1.1), on clicking the Administration link on the Administrative and User Console, the following error is logged:

<Error> <oracle.adfinternal.view.page.editor.utils.ReflectionUtility>
<WCS-16178> <Error instantiating class - oracle.adfdtinternal.view.faces.portlet.PortletDefinitionDTFactory>

This error is benign and can be ignored because there is no loss of functionality.

21.2.64 Provisioning Fails Through Access Policy for Provisioned User

When a user is already provisioned and you try to assign a role to the user that triggers provisioning to the target domain, the provisioning is not started. However, if the user is not provisioned already and you assign a role to the user, then the provisioning occurs successfully.

To workaround this issue:

  1. Open the connector-specific user form in the Design Console.

  2. Create a new version of the connector, and select Edit.

  3. Click the Properties tab, and then click server (ITResourceLookupField). Click Add Property.

  4. Add Required for the property and specify true. Click Make Version Active, and then click Save.

  5. Login to Oracle Identity Manager Administrative and User Console.

  6. Navigate to System Property. Search for the 'Allows access policy based provisioning of multiple instances of a resource' system property. Change the value of this property to TRUE.

  7. Restart Oracle Identity Manager.

Try provisioning a provisioned user to provision through access policy of the same IT Resource Type, and the provisioning is successful.

21.2.65 Benign Warning Messages Displayed During Oracle Identity Manager Managed Server Startup

Several messages resembling the following are logged during Oracle Identity Manager managed server startup:

<Mar 30, 2011 6:51:01 PM PDT> <Warning> <oracle.iam.platform.kernel.impl>
<IAM-0080071> 
<Preview stage is not supported in kernel and found an event handler with name ProvisionAccountPreviewHandler implemented by the class oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountPreviewHandlerfor this stage. It will be ignored.>

These warning messages are benign and can be ignored because there is no loss of functionality.

21.2.66 Benign Message Displayed When Running the Deployment Manager

When running the Deployment Manager, a message with header ' XUL SYNTAX: ID Conflict' is displayed.

This message is benign and can be ignored because there is no loss of functionality. Close the message and continue.

21.2.67 Deployment Manager Export Fails When Started Using Microsoft Internet Explorer 7 With JRE Plugin 1.6_23

After upgrading Oracle Identity Manager from an earlier release to 11g Release 1 (11.1.1), when you use the Microsoft Internet Explorer 7 Web browser with JRE plugin 1.6_23 to open the Administrative and User Console and try to export files by using the Deployment Manager, an error is generated and you cannot proceed with the export.

To workaround this issue, use a combination of the following Web browsers and plugins:

  • Mozilla Firefox 3.6 and JRE version 1.6_23 on 64-bit computer

  • Microsoft Internet Explorer 7 and JRE version 1.5

  • Microsoft Internet Explorer 8 and JRE version 1.6_18

  • Microsoft Internet Explorer 7 and JRE version 1.6_24

21.2.68 User Creation Fails in Microsoft Active Directory When Value of Country Attribute Exceeds Two Characters

In a LDAP-enabled deployment of Oracle Identity Manager, user creation fails in the Microsoft Active Directory (AD) server if the value of the Country attribute exceeds two characters. AD mandates two characters for the Country attribute, for example US, based on the ISO 3166 standards.

21.2.69 Deployment Manager Import Fails if Scheduled Job Entries Are Present Prior To Scheduled Task Entries in the XML File

In Oracle Identity Manager 11g Release 1 (11.1.1), schedules job has a dependency on scheduled task. Therefore, scheduled task must be imported prior to scheduled job.

As a result, if a XML file has scheduled job entries prior to scheduled task entries, then importing the XML file using Deployment Manager fails with the following error message:

[exec] Caused By: oracle.iam.scheduler.exception.SchedulerException: Invalid ScheduleTask definition
[exec] com.thortech.xl.ddm.exception.DDMException

To workaround this issue, open the XML file and move all scheduled task entries above the scheduled job entries.

21.2.70 Permission on Target User Required to Revoke Resource

When you login to the Administrative and User Console with Identity User Administrators and Resource Administrators roles, direct provision a resource to a user, and attempt to revoke the resource from the user, an error message is displayed.

To workaround this issue, you (logged-in user) must have the write permission on the target user (such as user1). To achieve this:

  1. Create a role, such as role1, and assign self to this role.

  2. Create an organization, such as org1, and assign role1 as administrative group.

  3. Modify the user user1 and change its organization to org1. You can now revoke the resource from user1.

21.2.71 Reconciliation Event Fails for Trusted Source Reconciliation Because of Missing Reconciliation Rule in Upgraded Version of Oracle Identity Manager

When Oracle Identity Manager is upgraded from an earlier release to 11g Release 1 (11.1.1), for trusted source reconciliation, such as trusted source reconciliation using GTC, the reconciliation event fails with the following error message because of a missing reconciliation rule:

<Mar 31, 2011 6:27:41 PM CDT> <Info> <oracle.iam.reconciliation.impl>
<IAM-5010006> <The following exception occurred: {0}
oracle.iam.platform.utils.SuperRuntimeException:
Error occurred in XL_SP_RECONEVALUATEUSER while processing Event No 3
Error occurred in XL_SP_RECONUSERMATCH while processing Event No 3
One or more input parameter passed as null

To workaround this issue:

  1. Create a reconciliation rule for the resource object.

  2. In the Resource Object form of the Design Console, click Create Reconciliation Profile.

21.2.72 XML Validation Error on Oracle Identity Manager Managed Server Startup

The following error message is logged at the time of Oracle Identity Manager Managed Server startup:

<Mar 29, 2011 2:49:31 PM PDT> <Error> <oracle.iam.platform.kernel.impl>
<IAM-0080075> <XML schema validation failed for XML/metadata/iam-features-callbacks/event_configuration/EventHandlers.xml and it will not be loaded by kernel. >

<Mar 29, 2011 2:49:32 PM PDT> <Error> <oracle.iam.platform.kernel.impl>
<IAM-0080075> <XML schema validation failed for XML/metadata/iam-features-OIMMigration/EventHandlers.xml and it will not be loaded by kernel. >

This error message is benign and can be ignored because there is no loss of functionality.

21.2.73 Cannot View or Edit Adapter Mapping in the Data Object Manager Form of the Design Console

When you click Map on the Map Adapters tab in the Data Object Manager form of the Design Console, a dialog box is displayed that allows you to edit the individual entity adapter mappings. But the list with fields on the user object to map is displayed as empty. As a result, you cannot view or edit the individual entity adapter mappings.

Use of entity adapters is deprecated in Oracle Identity Manager 11g Release 1 (11.1.1), although limited support is still provided for backward compatibility only. Event handlers must be used for all new or changed scenarios.

21.2.74 Role Memberships for Assign or Revoke Operations Not Updated on Enabling or Disabling Referential Integrity Plug-in

In a multi-directory deployment, the secondary server must be OID. The primary server can be OID or AD. For example, users can be stored in the OID or AD primary server, and roles can be stored in the OID secondary server. Enabling of disabling the referential integrity plug-in does not update the role memberships for assign or revoke operations.

21.2.75 Deployment Manager Import Fails if Data Level for Rules is Set to 1

An entry in the Oracle Identity Manager database cannot be updated if data level is set to 1. When you try to import a Deployment Manager XML, the following error is displayed:

Class/Method: tcTableDataObj/updateImplementation Error :The row cannot be updated.
[2011-04-06T07:25:36.583-05:00] [oim_server1] [ERROR] []
[XELLERATE.DDM.IMPORT] [tid: [ACTIVE].ExecuteThread: '6' for queue:
'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid:
cad00d8aeed4d8fc:-67a4db1a:12f2abbac4b:-8000-000000000000018e,0] [APP:
oim#11.1.1.3.0] The security level for this data item indicates that it cannot be updated.

To workaround this issue, open the XML file and change the data level for rules from 1 to 0, as shown:

<RUL_DATA_LEVEL>0</RUL_DATA_LEVEL>

21.2.76 Reconciliation Data Displays Attributes That Are Not Modified

In an Oracle Identity Manager deployment with LDAP synchronization enabled and Microsoft Active Directory (AD) as the directory server, the Reconciliation Data tab of the Event Management page in the Administrative and User Console displays all the attributes of the reconciled user instead of displaying only the modified attributes. This is because of the way AD changelogs are processed, in which the entire entry is marked as updated when any attribute is changed. Therefore, Oracle Virtual Directory (OVD) returns the full entry. There is no way to figure out which attribute has been modified as a result of reconciliation.

21.2.77 Benign Errors Displayed on Starting the Scheduler Service When There are Scheduled Jobs to be Recovered

When the Scheduler service is started and there are some scheduled jobs that have not been recovered, the following error might be logged in the oim_diagnostic log:

Caused by: java.lang.NullPointerException
at
org.quartz.SimpleTrigger.computeNumTimesFiredBetween(SimpleTrigger.java:800)
at org.quartz.SimpleTrigger.updateAfterMisfire(SimpleTrigger.java:514)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.doUpdateOfMisfiredTrigger(JobStor
eSupport.java:944)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.recoverMisfiredJobs(JobStoreSuppo
rt.java:898)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.recoverJobs(JobStoreSupport.java:
780)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport$2.execute(JobStoreSupport.java:75
2)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport$40.execute(JobStoreSupport.java:3
628)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.executeInNonManagedTXLock(JobStor
eSupport.java:3662)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.executeInNonManagedTXLock(JobStor
eSupport.java:3624)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.recoverJobs(JobStoreSupport.java:
748)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.schedulerStarted(JobStoreSupport.
java:573)

This error is benign and can be ignored because there is no loss of functionality.

In an upgrade environment, the next time when some scheduled jobs will be triggered is not defined. This results in a null input for Quartz code, which is not handled gracefully in earlier versions of Quartz. This has been fixed in Quartz version 1.6.3, and therefore, this error is not generated when you upgrade to that version of Quartz.

21.2.78 Trusted Source GTC Reconciliation Mapping Cannot Display Complete Attribute Names

When creating a trusted GTC (for example, flat file), the right-hand column under OIM User is not wide enough to display the complete names for many attributes. For example, two entries are displayed as 'LDAP Organizati', whereas the attribute names are 'LDAP Organization' and 'LDAP Organization Unit'.

To workaround this issue, click the Mapping button for the attribute. The Provide Field Information dialog box is displayed with the complete attribute name.

21.2.79 Benign Error Logged for Database Connectivity Test

When running the database connectivity test in XIMDD, the following error is logged multiple times:

<Apr 10, 2011 7:45:20 PM PDT> <Error> <Default> <J2EE JMX-46335> <MBean attribute access denied.
   MBean: oracle.logging:type=LogRegistration
   Getter for attribute Application
   Detail: Access denied. Required roles: Admin, Operator, Monitor, executing
subject: principals=[REQUEST TEMPLATE ADMINISTRATORS, SYSTEM ADMINISTRATORS, APPROVAL POLICY ADMINISTRATORS, oimusers, xelsysadm, PLUGIN ADMINISTRATORS]
java.lang.SecurityException: Access denied. Required roles: Admin, Operator, Monitor, executing subject: principals=[REQUEST TEMPLATE ADMINISTRATORS, SYSTEM ADMINISTRATORS, APPROVAL POLICY ADMINISTRATORS, oim users, xelsysadm, PLUGIN ADMINISTRATORS]

Each time the error occurs in the log, the name of the bean is different, but the error is same. In spite of these errors, the test passes. These errors are benign and can be ignored because there is no loss of functionality.

21.2.80 MDS Validation Error When Importing GTC Provider Through the Deployment Manager

An MDS validation error is generated when you import the GTC provider by using the Deployment Manager.

To workaround this issue, do not import the GTC provider through the Deployment Manager. If the Deployment Manager XML file contains tags for GTC provider, then remove it and import the rest of the XML by using the Deployment Manager. Import the XML file with the GTC provider tags separately by using the MDS import utility. To do so:

  1. If the XML file being imported through the Deployment Manager contains <GTCProvider> tags, then remove these tags along with everything under them.

    The following is an example of the original XML file to be imported:

    <?xml version = '1.0' encoding = 'UTF-8'?>
    <xl-ddm-data version="2.0.1.0" user="XELSYSADM"
    database="jdbc:oracle:thin:@localhost:5521:myps12"
    exported-date="1302888552341" description="sampleGTC"><GTCProvider
    repo-type="MDS" name="InsertIntoTargetList"
    mds-path="/db/GTC/ProviderDefinitions"
    mds-file="InsertIntoTargetListProvTransport.xml"><completeXml><Provider><Provi
    der>
       <Provisioning>
          <ProvTransportProvider
    class="provisioningTransportProvider.InsertIntoTargetList"
    name="InsertIntoTargetList">
             <Configuration>
                <Parameter datatype="String" name="targetServerName"
    type="Runtime" encrypted="NO" required="YES"/>
                <Response code="FUNCTIONALITY_NOT_SUPPORTED"
    description="Functionality not supported"/>
                <Response code="TARGET_SERVER_NAME_MISSING" description="Target
    server name is missing"/>
                <Response code="TARGET_SERVER_NAME_STARTSWITH_A"
    description="Target server name starts with A, from XML"/>
                <Response code="PROBLEM_WHILE_INITIALIZAING" description="Problem
    occured while intializing Provider instance"/>
             </Configuration>
          </ProvTransportProvider>
       </Provisioning>
    </Provider></Provider></completeXml></GTCProvider><GTCProvider
    repo-type="MDS" name="PrepareDataHMap" mds-path="/db/GTC/ProviderDefinitions"
    mds-file="PrepareDataHMapProvFormat.xml"><completeXml><Provider><Provider>
       <Provisioning>
          <ProvFormatProvider class="provisioningFormatProvider.PrepareDataHMap"
    name="PrepareDataHMap">
             <Configuration>
                <DefaultAttribute datatype="String" name="testField" size="40"
    encrypted="NO"/>
                <Response code="INCORRECT_PROCESS_DATA" description="Incorrect
    process data received from GTC provisioning framework"/>
                <Response code="PROCESSING_ISSUE" description="Processing issue
    in Preparing provisioning input, check logs"/>
             </Configuration>
          </ProvFormatProvider>
       </Provisioning>
    </Provider></Provider></completeXml></GTCProvider><GTCProvider
    repo-type="MDS" name="IsValidOrgInOIM" mds-path="/db/GTC/ProviderDefinitions"
    mds-file="IsValidOrgInOIM.xml"><completeXml><Provider><Provider>
       <Validation>
          <ValidationProvider class="validationProvider.IsValidOrgInOIM"
    name="IsValidOrgInOIM">
             <Configuration>
                <Parameter datatype="String" name="maxOrgSize"/>
             </Configuration>
          </ValidationProvider>
       </Validation>
    </Provider></Provider></completeXml></GTCProvider><GTCProvider
    repo-type="MDS" name="ConvertToUpperCase"
    mds-path="/db/GTC/ProviderDefinitions"
    mds-file="ConvertToUpperCase.xml"><completeXml><Provider><Provider>
       <Transformation>
          <TransformationProvider
    class="transformationProvider.ConvertToUpperCase" name="ConvertToUpperCase">
             <Configuration>
                <Parameter type="Runtime" datatype="String" required="YES"
    encrypted="NO" name="Input"/>
                <Response code="errorRespNullInput" description="Input String is
    Missing"/>
             </Configuration>
          </TransformationProvider>
       </Transformation>
    </Provider></Provider></completeXml></GTCProvider><Resource repo-type="RDBMS"
    name="SAMPLEGTC_GTC">....</Resource><Process repo-type="RDBMS"
    name="SAMPLEGTC_GTC">
    ...........
    </Process><Form repo-type="RDBMS" name="UD_SAMPLEGT" subtype="Process
    Form">.....
    </Form>....</xl-ddm-data>
    
  2. Import the rest of the XML file through the Deployment Manager.

    The following is the XML file after removing the <GTCProvider> tags from the original XML file. Import this XML file by using the Deployment Manager.

    <?xml version = '1.0' encoding = 'UTF-8'?>
    <xl-ddm-data version="2.0.1.0" user="XELSYSADM"
    database="jdbc:oracle:thin:@localhost:5521:myps12"
    exported-date="1302888552341" description="sampleGTC"><Resource
    repo-type="RDBMS" name="SAMPLEGTC_GTC">....</Resource><Process
    repo-type="RDBMS" name="SAMPLEGTC_GTC">
    ...........
    </Process><Form repo-type="RDBMS" name="UD_SAMPLEGT" subtype="Process
    Form">.....
    </Form>....</xl-ddm-data>
    

    The following is the removed XML content:

    <GTCProvider
    repo-type="MDS" name="InsertIntoTargetList"
    mds-path="/db/GTC/ProviderDefinitions"
    mds-file="InsertIntoTargetListProvTransport.xml"><completeXml><Provider><Provider>
       <Provisioning>
          <ProvTransportProvider
    class="provisioningTransportProvider.InsertIntoTargetList"
    name="InsertIntoTargetList">
             <Configuration>
                <Parameter datatype="String" name="targetServerName"
    type="Runtime" encrypted="NO" required="YES"/>
                <Response code="FUNCTIONALITY_NOT_SUPPORTED"
    description="Functionality not supported"/>
                <Response code="TARGET_SERVER_NAME_MISSING" description="Target
    server name is missing"/>
                <Response code="TARGET_SERVER_NAME_STARTSWITH_A"
    description="Target server name starts with A, from XML"/>
                <Response code="PROBLEM_WHILE_INITIALIZAING" description="Problem
    occured while intializing Provider instance"/>
             </Configuration>
          </ProvTransportProvider>
       </Provisioning>
    </Provider></Provider></completeXml></GTCProvider>
     
    <GTCProvider
    repo-type="MDS" name="PrepareDataHMap" mds-path="/db/GTC/ProviderDefinitions"
    mds-file="PrepareDataHMapProvFormat.xml"><completeXml><Provider><Provider>
       <Provisioning>
          <ProvFormatProvider class="provisioningFormatProvider.PrepareDataHMap"
    name="PrepareDataHMap">
             <Configuration>
                <DefaultAttribute datatype="String" name="testField" size="40"
    encrypted="NO"/>
                <Response code="INCORRECT_PROCESS_DATA" description="Incorrect
    process data received from GTC provisioning framework"/>
                <Response code="PROCESSING_ISSUE" description="Processing issue
    in Preparing provisioning input, check logs"/>
             </Configuration>
          </ProvFormatProvider>
       </Provisioning>
    </Provider></Provider></completeXml></GTCProvider>
     
    <GTCProvider
    repo-type="MDS" name="IsValidOrgInOIM" mds-path="/db/GTC/ProviderDefinitions"
    mds-file="IsValidOrgInOIM.xml"><completeXml><Provider><Provider>
       <Validation>
          <ValidationProvider class="validationProvider.IsValidOrgInOIM"
    name="IsValidOrgInOIM">
             <Configuration>
                <Parameter datatype="String" name="maxOrgSize"/>
             </Configuration>
          </ValidationProvider>
       </Validation>
    </Provider></Provider></completeXml></GTCProvider>
     
    <GTCProvider
    repo-type="MDS" name="ConvertToUpperCase"
    mds-path="/db/GTC/ProviderDefinitions"
    mds-file="ConvertToUpperCase.xml"><completeXml><Provider><Provider>
       <Transformation>
          <TransformationProvider
    class="transformationProvider.ConvertToUpperCase" name="ConvertToUpperCase">
             <Configuration>
                <Parameter type="Runtime" datatype="String" required="YES"
    encrypted="NO" name="Input"/>
                <Response code="errorRespNullInput" description="Input String is
    Missing"/>
             </Configuration>
          </TransformationProvider>
       </Transformation>
    </Provider></Provider></completeXml></GTCProvider>
    
  3. Separate the removed XML content based on the <GTCProvier> tags. The following is an example of the first <GTCProvider> tag:

    <GTCProvider repo-type="MDS" name="InsertIntoTargetList"
    mds-path="/db/GTC/ProviderDefinitions"
    mds-file="InsertIntoTargetListProvTransport.xml"><completeXml><Provider><Provi
    der>
       <Provisioning>
          <ProvTransportProvider
    class="provisioningTransportProvider.InsertIntoTargetList"
    name="InsertIntoTargetList">
             <Configuration>
                <Parameter datatype="String" name="targetServerName"
    type="Runtime" encrypted="NO" required="YES"/>
                <Response code="FUNCTIONALITY_NOT_SUPPORTED"
    description="Functionality not supported"/>
                <Response code="TARGET_SERVER_NAME_MISSING" description="Target
    server name is missing"/>
                <Response code="TARGET_SERVER_NAME_STARTSWITH_A"
    description="Target server name starts with A, from XML"/>
                <Response code="PROBLEM_WHILE_INITIALIZAING" description="Problem
    occured while intializing Provider instance"/>
             </Configuration>
          </ProvTransportProvider>
       </Provisioning>
    </Provider></Provider></completeXml></GTCProvider>
    Resultant xml after removal of tags surronding inner <Provider> tag:
    <Provider>
       <Provisioning>
          <ProvTransportProvider
    class="provisioningTransportProvider.InsertIntoTargetList"
    name="InsertIntoTargetList">
             <Configuration>
                <Parameter datatype="String" name="targetServerName"
    type="Runtime" encrypted="NO" required="YES"/>
                <Response code="FUNCTIONALITY_NOT_SUPPORTED"
    description="Functionality not supported"/>
                <Response code="TARGET_SERVER_NAME_MISSING" description="Target
    server name is missing"/>
                <Response code="TARGET_SERVER_NAME_STARTSWITH_A"
    description="Target server name starts with A, from XML"/>
                <Response code="PROBLEM_WHILE_INITIALIZAING" description="Problem
    occured while intializing Provider instance"/>
             </Configuration>
          </ProvTransportProvider>
       </Provisioning>
    </Provider>
    
  4. From the removed <GTCProvider> tags, remove everything surrounding the inner <Provider> tag. In other words, keep the content inside the inner <Provider> tag. For each <Provider> tag, create a separate XML file. This results in multiple XML files with each <Provider> tag as the root element.

    The following is the resultant XML content after removal of tags surrounding the inner <Provider> tag:

    <Provider>
       <Provisioning>
          <ProvTransportProvider
    class="provisioningTransportProvider.InsertIntoTargetList" name="InsertIntoTargetList">
             <Configuration>
                <Parameter datatype="String" name="targetServerName" type="Runtime" encrypted="NO" required="YES"/>
                <Response code="FUNCTIONALITY_NOT_SUPPORTED" description="Functionality not supported"/>
                <Response code="TARGET_SERVER_NAME_MISSING" description="Target server name is missing"/>
                <Response code="TARGET_SERVER_NAME_STARTSWITH_A" description="Target server name starts with A, from XML"/>
                <Response code="PROBLEM_WHILE_INITIALIZAING" description="Problem occured while intializing Provider instance"/>
             </Configuration>
          </ProvTransportProvider>
       </Provisioning>
    </Provider>
    
  5. Name the resultant XML files, which have the <Provider> tag as the root element, with the mds-file attribute value from the <GTCProvider> tag. For example, name the first XML file with the first <GTCProvider> tag as InsertIntoTargetListProvTransport.xml. The file name must be the value of the mds-file attribute.

  6. Similarly, create other GTC provider XML files. There must be one XML file for each <GTCProvider> tag.

  7. Import the GTC Provider XML files by using the MDS utility.

21.2.81 Encrypted User-Defined Field (UDF) Cannot be Stored with Size of 4000 Characters or More

An encrypted UDF cannot be stored with size of 4000 characters or more. This is because encryption automatically increases the column width by 1.5 times approximately, and the size of the attribute exceeds the maximum allowable width of 4000. As a result, the UDF is automatically type-promoted to a CLOB data type. Oracle Identity Manager 11g Release 1 (11.1.1) does not intercept this as an exception and might subsequently show errors. This is likely to be addressed in the next patch release.

However, an encrypted attribute that does not exceed the final width of 4000 characters can be stored. The specified width must factor in the increment of 1.5 times, which means that it must not exceed approximately 2500 characters.

21.2.82 Request Approval Fails With Callback Service Failure

In an environment where SSL is enabled in the OAAM server but not in Oracle Identity Manager and SOA server, when you create a request, the request-level approval is successful on the SOA side, but the operational-level approval is not displayed anywhere in the UI. When the SOA composite that provides approval workflow for the Oracle Identity Manager request tries to invoke the request callback Web service to indicate whether the workflow is approved or rejected, the Web service invocation fails with the following error:

Unable to dispatch request to
http://slc402354.mycompany.com:14000/workflowservice/CallbackService due to exception[[
javax.xml.ws.WebServiceException:
oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid: WSM-06162
PolicyReference The policy referenced by URI
"oracle/wss11_saml_token_with_message_protection_client_policy" could not be
retrieved as connection to Policy Manager cannot be established at
"t3s://slc402354:14301" due to invalid configuration or inactive state.

The error indicates that OWSM is not able to connect to the Policy Manager on the specified port. This port is for the OAAM server in SSL mode, which is shut down. The issue occurs because SSL is enabled in the OAAM server but not on Oracle Identity Manager and SOA server, and the Policy Manager is also targeted on that server. If there is an SSL-enabled Policy Manager, then OWSM does not use the non-SSL ports anymore. In this setup, SSL is enabled only for OAAM and not for others. Therefore, the only usable WSM Policy Manager is on OAAM. Because the OAAM server is down, the connection to the Policy Manager is not established, and as a result, the call fails.

To workaround this issue, start the OAAM server and then create the request.


Note:

This issue does not occur if:

  • OAAM server is not SSL-enabled.

  • SSL is enabled on any other server that is up and running, such as Oracle Identity Manager or SOA server.


21.2.83 Localized Display Name is Not Reconciled Via User/Role Incremental Reconciliation with iPlanet Directory Server

In an Oracle Identity Manager deployment with LDAP synchronization enabled in which iPlanet is the directory server, the following issues occur:

  • The localized Display Name is not reconciled into Oracle Identity Manager via user/role incremental reconciliation.

  • The localized value of the Display Name attribute is returned to Oracle Identity Manager, but the original base value of Display Name is lost and is replaced by the localized value that is received from iPlanet.

21.2.84 LDAP Role Hierarchy and Role Membership Reconciliation With Non-ASCII Characters Does Not Reconcile Changes in Oracle Identity Manager

LDAP role hierarchy and role membership reconciliation jobs with non-ASCII characters do not bring in role hierarchy and role membership changes into Oracle Identity Manager. This issue is applicable to incremental reconciliation only.

21.2.85 Import of Objects Fails When All Objects Are Selected for Export

In an upgraded environment of Oracle Identity Manager 11g Release 1 (11.1.1), the import of objects can fail when you select the Select All option to export the objects. When you select all the objects to be exported, the corresponding XML file grows in size. If it exceeds 2.5 million records, then it does not remain valid. As a result, the import fails. However, selecting all objects works if the data is small and the generated XML file does not exceed 2.5 million records.

To workaround this issue, select the objects to be exported in smaller logical units. For example, if there are 20 resource objects in the system, then select four or five resource objects with all dependencies and children objects in a XML file, and export. Then select another five resource objects into a new XML file. Similarly, for all other objects, such as GTC or adapters, export in small logical units in separate XML files. Examples of logical unit grouping are:

  • Resource objects, process definition forms, adapters, IT resources, lookup definitions, and roles

  • Organizations, attestation, and password policies

  • Access policies and rules

  • GTC and resource objects

21.2.86 Benign Audit Errors Logged After Upgrade

After upgrading from Oracle Identity Manager Release 9.1.0 to 11g Release 1 (11.1.1), audit errors are logged. An example of such an audit error is:

IAM-0050001
oracle.iam.platform.async.TaskExecutionException: java.lang.Exception: Audit
handler failed
at com.thortech.xl.audit.engine.jms.XLAuditMessage.execute(XLAuditMessage.java:59)

These errors are benign and can be ignored because there is no loss of functionality.

21.2.87 Connector Upgrade Fails if Existing Data is Bigger in Size Than New Column Length

In the current release of some connectors, the sizes of some process form fields have been reduced. For example, the length of the UD_ADUSER_MNAME field in the Microsoft Active Directory connector release 9.1.1.5 has been reduced to 6 characters from 80 characters in release 9.0.4.16 of the connector. The length of the existing data in these columns or fields are already bigger in size than the new column length. As a result, the connector upgrade fails, and the following error is logged:

<Apr 16, 2011 4:52:37 PM GMT+05:30> <Error> <XELLERATE.DATABASE> <BEA-000000>
<ALTER TABLE UD_ADUSER MODIFY UD_ADUSER_MNAME VARCHAR2(6) java.sql.SQLException: ORA-01441: cannot decrease column length because some value is too big

To workaround this issue:

  1. Make sure that you create a backup of the database.

  2. Restore the backed up database.

  3. Check the logs to locate the 'ORA-01441: cannot decrease column length because some value is too big' exception. Note the form field name, such as UD_ADUSER_MNAME.

  4. Open the Deployment Manager XML file that you are using for upgrade. Search for the form field in the <SDC_SQL_LENGTH> tag, and change the length to the base version length. You can get the base version length in the Deployment Manager XML of the base connector.

  5. Retry the upgrade.

21.2.88 Connector Artifacts Count Increases in the Deployment Manager When File is Not Imported

When you upgrade a connector, map the connector artifacts between the base and latest versions, select the connector objects to be upgraded, and exit the upgrade without importing the objects by using the Deployment Manager, the connector artifacts count in the left panel displays more than the actual count. When this process is repeated, the artifacts count continues increasing. This is a known issue, and there is no loss of functionality.

21.2.89 Uploading JAR Files By Using the Upload JAR Utility Fails

When SSL is enabled for Oracle Identity Manager, uploading the JAR files by using the Upload JAR utility fails with the following error:

Error occurred in performing the operation:
Exception in thread "main" java.lang.NullPointerException at oracle.iam.platformservice.utils.JarUploadUtility.main(JarUploadUtility.java:229)

With SSL enabled in Oracle Identity Manager, the server URL must contain the exact host name or IP address. If localhost is used as the host name, then the error is generated.

To workaround this issue, use the exact server URL.

21.2.90 Oracle Identity Manager Data and MT Upgrade Fails Because Change of Database User Password

If you are NOT upgrading the original Oracle Identity Manager Release 9.x database, but choose to export/import to a new database, then you must make sure that the database connection setting, schema name, and password in the OIM_HOME/xellerate/config/xlconfig.xml file used for the upgrade is correct.

To workaround this issue, change the Oracle Identity Manager database information in the xlconfig.xml file. You must create a backup of this file before updating it. To update the file with the new database information, modify the information of the loaction where the database has been imported in the <URL>, <username>, and <Password ...> tags, as shown:

<DirectDB>
<driver>oracle.jdbc.driver.OracleDriver</driver>
<url>jdbc:oracle:thin:@localhost:1522:oimdb</url>
<username>oimadm</username>
<password encrypted="false"><NEW_PASSWORD_FOR_OIM_DB_USER></password>
<maxconnections>5</maxconnections>
<idletimeout>360</idletimeout>
<checkouttimeout>1200</checkouttimeout>
<maxcheckout>1000</maxcheckout>
</DirectDB>

21.2.91 Reverting Unsaved UDFs Are Not Supported in the Administration Details Page for Roles and Organizations

The Administration Details pages for roles and organizations in the Administrative and User Console do not support reverting unsaved UDF attribute values. Therefore, if you modify the UDF attribute values for a role or organization and then do not want to save the changes to these attributes, then perform one of the following:

  • Close the tab with the modified role or organization. A warning message is displayed asking if you want to continue. Clicking Yes cancels all unsaved changes.

  • You can manually edit the modified attributes to their original state. Saving the entity applies any other desired changes made.

21.2.92 Resources Provisioned to User Without Checking Changes in User Status After Request is Submitted

After submission of a request, if the user associated with the request, such as beneficiary, requester, or approver, is disabled or deleted, then the resources are provisioned to the user without checking for user status, such as Disabled or Deleted, after the request is approved.

21.2.93 Config.sh Command Fails When JRockit is Installed With Data Samples and Source

When you install jrockit-jdk1.6.0_24-R28.1.3-4.0.1-linux-x64.bin with demo samples and source, and install Oracle WebLogic Server using wls1035_generic.jar on a Linux 64-bit computer, and run Oracle Identity Manager configuration wizard by running the config.sh command from the $ORACLE_HOME/bin/ directory, the Oracle universal installer does not start and the following error message is displayed:

config.sh: line 162:  9855 Segmentation fault $INSTALLER_DIR/runInstaller-weblogicConfig ORACLE_HOME="$ORACLE_HOME" -invPtrLoc$ORACLE_HOME/oraInst.loc -oneclick $COMMANDLINE -Doracle.config.mode=true

21.2.94 Unexpected Memory Usage in Oracle Identity Manager 11g Release 1(11.1.1)

On running scheduled tasks that perform user orchestration in bulk, such as EndDateSchedulerTask and StartDateSchedulerTask, Oracle Identity Manager 11g Release 1 (11.1.1) might consume large memory space. This can cause Out of Memory issues.

This is a known issue, and a workaround is not available for this in the current release.

21.2.95 Reports Link No Longer Exists in the Administrative and User Console

Under the Administration tab of the Advanced Administration in the Administrative and User Console, the Reports link to generate BI Publisher Reports has been removed, even though BIP has been selected while installing Oracle Identity Manager.

21.2.96 Not Allowing to Delete a Role Whose Assigned User Members are Deleted

If the user members of a role have been deleted before revoking the role memberships, then the role cannot be deleted. Therefore, you must revoke the user role memberships that have been explicitly assigned before deleting the user.

21.2.97 Roles and Organizations Do Not Support String UDFs of Password Type

Creating a String UDF of password type for roles and organizations is not supported. If you try to create such a UDF, then the Administrative and User Console does not allow you create roles and organizations.

21.2.98 Manage Localizations Dialog Box Does Not Open After Modifying Roles

After a role is modified, the Manage Localizations dialog box is not opening on clicking the Manage Localizations button in the role details page.

To open the Manage Localizations dialog box after modifying a role, close the role details page and open it again.

21.2.99 Not Allowing to Create User With Language-Specific Display Name Values

In an Oracle Identity Manager deployment with Microsoft Active Directory (AD) as the LDAP server, localized display name values are supported when you specify the oimLanguage parameter values in the UserManagement plugin adapter for AD via OVD. However, a user cannot be created when a language-specific value for the Display Name attribute is specified in Canadian French or Latin American Spanish, even if these languages have been specified in oimLanguage. In addition, when you create a user without language-specific Display Name, and then modify the user to add Canadian French or Latin American Spanish Display Name values, the same issue persists.

21.2.100 SoD Check Results Not Displayed for Requests Created by Users for the PeopleSoft Resource

SoD check results are not displayed for the requests created by users for the PeopleSoft (PSFT) resource.

To workaround this issue:

  1. Open the PSFT connector XML file.

  2. Under the <ITResource name = "PSFT Server"> tag, add the following:

    <ITResourceAdministrator>
        <SUG_READ>1</SUG_READ>
        <SUG_UPDATE>1296129050000</SUG_UPDATE>
        <UGP_KEY UserGroup = "ALL USERS"/>
    </ITResourceAdministrator>
    
  3. Save the PSFT connector XML file.

  4. Manually add or assign the ALL USERS role with Read permission to the PSFT Server IT resource.

21.2.101 The XL.UnlockAfter System Property and the Automatically Unlock User Scheduled Job Do Not Take Effect

The XL.UnlockAfter system property determines the unlock time for the locked user accounts after the specified time. If the user account is locked because of the maximum login attempt failure with invalid credentials, then the account is automatically unlocked after the time (in minutes) as configured in the XL.UnlockAfter system property. By default, the value of this system property is 0, which implies that the locked user is never unlocked automatically.

The Automatically Unlock User scheduled job is responsible for unlocking such users. This scheduled job is configured to run after every 24 hours (1 day).

Therefore, even after the maximum time of Oracle WebLogic lockout threshold and expiry of the time specified for the XL.UnlockAfter system property, the locked users might not be able to login unless the Automatically Unlock User scheduled job is run.

If you are changing the default value of the XL.UnlockAfter system property, then it is recommended to change the frequency of the Automatically Unlock User scheduled task so that both the values are in sync. This ensures that the scheduled task gets triggered at the appropriate interval, and the users are unlocked successfully and are able to login in to Oracle Identity Manager.

21.2.102 Resetting Password on Account Lockout Does Not Unlock User

In a Oracle Identity Manager deployment with LDAP synchronization enabled and integrated with Oracle Access Manager (OAM), a user is locked on entering incorrect password more than the maximum allowed limit. However, the user is not allowed to unlock by resetting the password until after reconciliation is run.

21.2.103 Incremental and Full Reconciliation Jobs Cannot Be Run Together

Both incremental and full reconciliation jobs cannot be run at the same time. Incremental reconciliation jobs are enabled and run in periodic intervals of 5 minutes. At the same time, when full reconciliation job is run, an error is generated.

To workaround this issue, if full reconciliation needs to be run, then disable the incremental reconciliation jobs before running the full reconciliation jobs. After full reconciliation completes successfully, re-enable the incremental reconciliation jobs.

21.2.104 Incorrect Content in the ScheduleTask Jars Loaded and Third Party Jars Tables in the MT Upgrade Report

When Oracle Identity Manager release 9.1.x is upgraded to Oracle Identity Manager 11g Release 1 (11.1.1), the contents of the ScheduleTask Jars Loaded and Third Party Jars tables in the CRBUpgradeReport.html page generated by MT upgrade are not correct. The original scheduled task JARs are not displayed in the ScheduleTask Jars Loaded table. Therefore, you must run the SQL query query to know the scheduled task JARs. In addition, the third-party JARs are incorrectly placed in the ScheduleTask Jars Loaded table.

However, this does not result in any loss of functionality.

21.2.105 Scroll Bar Not Available on the Select Connector Objects to Be Upgraded Page of the Connector Management - Upgrading Wizard

If the Connector Management - Upgrading wizard is opened by using Microsoft Internet Explorer, then all the fields and buttons on the Step 13: Select Connector Objects to Be Upgraded page might not be visible. There is no scroll bar available in this page. Therefore, maximize the window to display all the controls in the page.

21.2.106 Adapter Import Might Display Adapter Logic if Compilation Fails Because of Incorrect Data

If you import a process task adapter by using the Design Console and the adapter compilation fails because of incorrect data, then the error displays the entire code for the adapter.

This is a known issue, and a workaround is not available for this in the current release.

21.2.107 XIMDD Tests Fail in Oracle Identity Manager

After you deploy the Diagnostic Dashboard in Oracle Identity Manager, failures are encountered when you perform the following tests:

  • Test OWSM setup by submitting a request with OWSM header information

  • Test SPML to Oracle Identity Manager request invocation

The failures might occur because the Diagnostic Dashboard is not capable of performing tests when the wss1_saml_or_username_token_policy is attached to the SPML XSD Web services.

To workaround this issue, set the Web service to use the XIMDD supported policy. To configure the policies for the SPML XSD Web service:

  1. Login to Fusion Middleware Control.

  2. Navigate to Application Deployments, spml-xsd.

  3. For a clustered deployment of Oracle Identity Manager, expand and select a node.

  4. From the Application Deployment menu, select Web Services.

  5. Click the Web Service Endpoint tab, and then click the SPMLServiceProviderSOAP link.

  6. Click the Policies tab, and then click Attach/Detach.

  7. Detach the default policy: oracle/wss11_saml_or_username_token_with_message_protection_service_policy.

  8. Under Available Policies, select oracle/wss_username_token_service_policy. Otherwise, select the SSL version of the same policy if SSL is in use.

  9. Click Attach, and then click OK.

  10. For a clustered deployment of Oracle Identity Manager, repeat step 3 through step 9 for each managed node listed for SPML XSD.

  11. Restart the application servers.

</a>

21.3 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

21.3.1 Configuring UDFs to be Searchable for Microsoft Active Directory Connectors

A Microsoft Active Directory connector installation automatically creates a UDF: USR_UDF_OBGUID. When you add a new user-defined field (UDF), the "searchable" property will be false by default unless you provide a value for that property. After installing an Active Directory connector, you must perform the following steps to make the user-defined field searchable:

  1. Using the Advanced Administration console (user interface), change the "searchable" UDF property to true by performing the following steps:

    1. Click the Advanced tab.

    2. Select User Configuration and then User Attributes.

    3. Modify the USR_UDF_OBGUID attribute in the Custom Attributes section by changing the "searchable" property to true.

  2. Using the Identity Administration console (user interface), create a new Oracle Entitlement Server policy that allows searching the UDF by performing the following steps:

    1. Click the Administration tab and open the Create Authorization policy.

    2. Enter a Policy Name, Description, and Entity Name as User Management.

    3. Select Permission, then View User Details, and then Search User.

    4. Edit the Attributes for View User Details and select all of the attributes.

    5. Select the SYSTEM ADMINSTRATOR role name.

    6. Click Finish.

21.3.2 Creating or Modifying Role Names When LDAP Synchronization is Enabled

When LDAP synchronization is enabled and you attempt to create or modify a role, entering a role name comprised of approximately 1,000 characters prevents the role from being created or modified and causes a Decoding Error to appear. To work around this issue, use role names comprised of fewer characters.

21.3.3 ADF Issue Causes Oracle Identity Manager to Fail on the Sun JDK

Due to an ADF issue, using the Oracle Identity Manager application with the Sun JDK causes a StringIndexOutOfBoundsException error. To work around this issue, add the following option to the DOMAIN_HOME/bin/setSOADomainEnv.sh or the setSOADomainEnv.cmd file:

  1. Open the DOMAIN_HOME/bin/setSOADomainEnv.sh or setSOADomainEnv.cmd file.

  2. Add the -XX:-UseSSE42Intrinsics line to the JVM options.

  3. Save the setSOADomainEnv.sh or setSOADomainEnv.cmd file.


    Note:

    This error does not occur when you use JRockit.


21.3.4 Nexaweb Applet Does Not Load In an Oracle Identity Manager and Oracle Access Manager Integrated Environment

In an Oracle Identity Manager and Oracle Access Manager (OAM) integrated environment, when you login to the Oracle Identity Manager Administrative and User Console and click a link that opens the Nexaweb applet, the applet does not load.

To workaround this issue, configure loading of the NexaWeb Applet in an Oracle Identity Manager and OAM integrated environment. To do so:

  1. Login to the Oracle Access Manager Console.

  2. Create a new Webgate ID. To do so:

    1. Click the System Configuration tab.

    2. Click 10Webgates, and then click the Create icon.

    3. Specify values for the following attributes:

      Name: NAME_OF_NEW_WEBGATE_ID

      Access Client Password: PASSWORD_FOR_ACCESSING_CLIENT

      Host Identifier: IDMDomain

    4. Click Apply.

    5. Edit the Webgate ID, as shown:

      set 'Logout URL' = /oamsso/logout.html

    6. Deselect the Deny On Not Protected checkbox.

  3. Install a second Oracle HTTP Server (OHS) and Webgate. During Webgate configurations, when prompted for Webgate ID and password, use the Webgate ID name and password for the second Webgate that you provided in step 2c.

  4. Login to the Oracle Access Manager Console. In the Policy Configuration tab, expand Application Domains, and open IdMDomainAgent.

  5. Expand Authentication Policies, and open Public Policy. Remove the following URLs in the Resources tab:

    /xlWebApp/.../*

    /xlWebApp

    /Nexaweb/.../*

    /Nexaweb

  6. Expand Authorization Policies, and open Protected Resource Policy. Remove the following URLs in the Resources tab:

    /xlWebApp/.../*

    /xlWebApp

    /Nexaweb/.../*

    /Nexaweb

  7. Restart all the servers.

  8. Update the obAccessClient.xml file in the second Webgate. To do so:

    1. Create a backup of the SECOND_WEBGATE_HOME/access/oblix/lib/ObAccessClient.xml file.

    2. Open the DOMAIN_HOME/output/WEBGATE_ID_FOR_SECOND_WEBGATE/ObAccessClient.xml file.


      Note:

      Ensure that the DenyOnNotProtected parameter is set to 0.


    3. Copy the DOMAIN_HOME/output/WEBGATE_ID_FOR_SECOND_WEBGATE/ObAccessClient.xml file to the SECOND_WEBGATE_HOME/access/oblix/lib/ directory.

  9. Copy the mod_wls_ohs.conf from the FIRST_OHS_INSTANCE_HOME/config/OHS_NAME/directory to the SECOND_OHS_INSTANCE_HOME/config/OHS_NAME/ directory. Then, open the mod_wls_host.conf of the second OHS to ensure the WebLogicHost and WeblogicPort are still pointing to Oracle Identity Manager managed server host and port.

  10. Remove or comment out the following lines in the SECOND_OHS_INSTANCE_HOME/config/OHS_NAME/httpd.conf file:

    <LocationMatch "/oamsso/*">
       Satisfy any
    </LocationMatch>
    
  11. Copy the logout.html file from the FIRST_WEBGATE_HOME/access/oamsso/ directory to the SECOND_WEBGATE_HOME/access/oamsso/ directory. Then, open the logout.html file of the second Webgate to ensure that the host and port setting of the SERVER_LOGOUTURL variable are pointing to the correct OAM host and port.

  12. Login to Oracle Access Manager Console. In the Policy Configuration tab, expand Host Identifiers, and open the host identifier that has the same name as the second Webgate ID name. In the Operations section, verify that the host and port for the second OHS are listed. If not, then click the add icon (+ sign) to add them. Then, click Apply.

  13. Use the second OHS host and port in the URL for the OAM login page for Oracle Identity Manager. The URL must be in the following format:

    http://SECOND_OHS_HOST:SECOND_OHS_PORT/admin/faces/pages/Admin.jspx

21.3.5 Packing a Domain With managed=false Option

When a domain is packed with the managed=false option and unpacked on the another computer, Oracle Identity Manager Authentication Provider is not recognized by WebLogic and basic administrator authentication fails when the Oracle Identity Manager managed server is started.

The following workaround can be applied for performing successful authentication via Oracle Identity Manager Authentication Provider:

  1. Login in to the Oracle WebLogic Administrative Console by using the following URL:

    http://HOST_NAME:ADMIN_PORT/console

  2. Navigate to Security Realms, Realm(myrealm), and then to Providers.

  3. Delete OIMAuthenticationProvider.


    Note:

    Make sure that you note the provider-specific details, such as the database URL, password, and driver, before deleting the provider.


  4. Restart the WebLogic Administrative Server.

  5. Navigate to Security Realms, Realm(myrealm), and then to Providers.

  6. Create a new Authentication Provider of type OIMAuthenticationProvider.

  7. Enter the provider specific details and mark the control flag as SUFFICIENT.

  8. Restart the WebLogic Administrative Server.

  9. Restart Oracle Identity Manager and other servers, if any.

21.3.6 Option Not Available to Specify if Design Console is SSL-Enabled

While configuring Oracle Identity Manager Design Console, you cannot specify if Design Console is SSL-enabled.

To workaround this issue after installing Oracle Identity Manager Design Console, edit the OIM_HOME/designconsole/config/xlconfig.xml file to change the protocol in the Oracle Identity Manager URL from t3 to t3s.

21.3.7 Nexaweb Applet Does Not Load in JDK 1.6.0_20

Deployment Manager and Workflow Visualizer might not work if the client browser has JDK/JRE installed on it whose version is 1.6.0_20. To workaround this issue, uninstall the JDK/JRE version 1.6.0_20 from the client browser and reinstall the JDK/JRE version 1.6.0_15.

21.3.8 Oracle Identity Manager and Design Console Must be Installed in Different Directory Paths

Oracle recommends to install Oracle Identity Manager and the Design Console in different directory paths.

21.3.9 Error on Adding Organization to User in Windows Explorer 8

In Microsoft Windows Internet Explorer 8 web browser, when you find and select an organization in the popup window from the Create User page, clicking the Add button displays the following error:

popup is null or not an object

To workaround this issue, make sure that the Display a notification about every script error option is not selected in the Advanced tab of the Internet Options dialog box.

21.4 Multi-Language Support Issues and Limitations

This section describes multi-language issues and limitations. It includes the following topics:

21.4.1 Multi-language Valued Attributes in SPML and Oracle Identity Manager Do Not Match

Oracle Identity Manager supports only the Display Name attribute for multi-language values. SPML specifies additional attributes, such as commonName and surname, as multi-language valued in the PSO schema. When multiple locale-values are specified in an SPML request for one of these attributes, only a single value is picked and passed to Oracle Identity Manager. The request will not fail and a warning message identifying the attributes and the value that was passed to Oracle Identity Manager is provided in the response.

21.4.2 Login Names with Some Special Characters May Fail to Register

In Oracle Identity Manager, the user login name is case-insensitive. When a user is created, the login name is converted to upper case and saved in the database. But the password is always case-sensitive. However, some special characters may encounter an error while registering to Oracle Identity Manager:

  • Both the Greek characters &#963; (sigma) and &#962; (final sigma) maps to the &#931; character.

  • Both English character i and Turkish character &#305; maps to the I character.

  • Both German character ß and English string SS maps to the SS string.

This means that two user login names containing these special characters when the other characters in the login names are same cannot be created. For example, the user login names Johnß and JohnSS maps to the same user login name. If Johnß already exists, then creation of JohnSS is not allowed because both the ß character and the SS string maps to the SS string.

21.4.3 The Create Role, Modify Role, and Delete Role Request Templates are Not Available for Selection in the Request Templates List

The Create Role, Modify Role, and Delete Role request templates are not available in the Request Templates list of the Create Request wizard. This is because request creation by using any request template that are based on the Create Role, Modify Role, and Delete Role request models are supported from the APIs, but not in the UI. However, you can search for these request templates in the Request Templates tab. In addition, the Create Role, Modify Role, and Delete Role request models can be used to create approval policies and new request templates.

21.4.4 Parameter Names and Values for Scheduled Jobs are Not Translated

In the Create Job page of Oracle Identity Manager Advanced Administration, the fields in the Parameter section and their values are not translated. The parameter field names and values are available only in English.

21.4.5 Bidirectional Issues for Legacy User Interface

The following are known issues in the legacy user interface, also known as TransUI, contained in the xlWebApp war file:

  • Hebrew bidirectional is not supported

  • Workflow designer bidirectional is not supported for Arabic and Hebrew

21.4.6 Localization of Role Names, Role Categories, and Role Descriptions Not Supported

Localization of role names, categories, and descriptions is not supported in this release.

21.4.7 Localization of Task Names in Provisioning Task Table Not Supported

All Task Name values in the Provisioning Task table list are hard-coded and these pre-defined process task names are not localized.

21.4.8 Localization of Search Results of Scheduled Tasks Not Supported

When you search Scheduler Tasks using a Simple or Advanced search, the search results are not localized.

21.4.9 Searching for User Login Names Containing Certain Turkish Characters Causes an Error

On the Task Approval Search page, if you select "View Tasks Assigned To", then "Users You Manage", and then choose a user whose login name contains a Turkish Undotted "&#305" or a Turkish dotted "&#304" character, a User Not Found error will result.

21.4.10 Localization of Notification Template List Values for Available Data Not Supported

Localizing Notification Template Available Data list values is not supported in this release. Oracle Identity Manager depends upon the Velocity framework to merge tokens with actual values, and Velocity framework does not allow a space in token names.

21.4.11 Searching for Entity Names Containing German "ß" (Beta) Character Fails in Some Features

When you search for entity names containing the special German "ß" (beta) character from the Admin Console, the search fails in the following features:

  • System Configuration

  • Request Template

  • Approve Policy

  • Notification

In these features, the "ß" character matches to "ss" instead of itself. Consequently, the Search function cannot find entity names that contain the German beta character.

21.4.12 Special Asterisk (*) Character Not Supported

Although special characters are supported in Oracle Identity Manager, using the asterisk character (*) can cause some issues. You are advised not to use the asterisk character when creating or modifying user roles and organizations.

21.4.13 Translated Error Messages Are Not Displayed in UI

Oracle Identity Manager does not support custom resource bundles for Error Message display in user interfaces. Currently, there is no workaround for this issue.

21.4.14 Reconciliation Table Data Strings are Hard-coded on Reconciliation Event Detail Page

Some of the table data strings on the Reconciliation Event Detail page are hard-coded, customized field names. These strings are not localized.

21.4.15 Translated Password Policy Strings May Exceed the Limit in the Background Pane

Included as per bug# 9539501

The password policy help description may run beyond the colored box in some languages and when the string is too long. Currently, there is no workaround for this issue.

21.4.16 Date Format Validation Error in Bi-Directional Languages

When Job Detail page is opened in bi-directional languages, you cannot navigate away from this page because of "Date Format Validation Error". To work around this issue, select a value for the "Start Date" using the date-time control and then move to another page.

21.4.17 Mistranslation on the Create Job page

On the Japanese locale (LANG=ja_JP.UTF-8), "Fourth Wednesday" is mistranslated as "Fourth Friday" on the Create Job page when "Cron" is selected as the Schedule Type and "Monthly on given weekdays" is selected as the Recurring Interval.

21.4.18 E-mail Notification for Password Expiration Cannot Be Created With Arabic Language Setting

When the server locale is set to ar_AE.utf8 and values for user.language and user.region system properties are ar and AE respectively, if you create a password expiration warning e-mail notification in the Design Console, the value AE is not available for selection in the Region field. As a result, the email notification message cannot be created.

To workaround this issue:

  1. Open the Lookup Definitions form in the Design Console.

  2. Search for 'Global.Lookup.Region'.

  3. Add an entry with Code key and Decode value as 'AE'. You can now create an e-mail definition with language ar and region AE.

21.4.19 Translated Justification is Not Displayed in Access Policy-Based Resource Provisioning Request Detail

When an access policy with approval is created, it generates a resource provisioning request that is subject to approval. In the request details page in Self Service or Advanced Administration, the translated request justification according to the locale setting by the user is not displayed. The justification is displayed in the default server locale.

21.4.20 Additional Single Quotes Displayed in GTC Reconciliation Mapping Page for French UI

When you set the Oracle Identity Manager Administrative and User Console locale to French, select the Provisioning and Reconciliation checkboxes while creating a Generic Technology Connector (GTC), and map the reconciliation fields in the page for modifying mapping fields, a message is displayed with two single quotes. You can ignore the single quotes because this is benign and has no effect on functionality.

21.4.21 Not Allowing to Enter Design Console Password When Server Locale is Set to Simple Chinese, Traditional Chinese, Japanese, or Korean

When you set the server locale to Simple Chinese, Traditional Chinese, Japanese, or Korean, and start the Design Console, you are not allowed to enter the password to login to the Design Console.

To workaround this issue:

  1. Kill all scim processes. To do so, run the following command:

    kill `pgrep scim`
    
  2. Edit the scim config file. To do so:

    1. Search for the following line:

      /FrontEnd/X11/Dynamic = ......

    2. Enter true as the value, as shown:

      /FrontEnd/X11/Dynamic = true


      Note:

      If this line does not exist, then enter:

      /Frontend/X11/Dynamic = true


    3. Save the file.

  3. Log out of the VNC viewer.

  4. Restart the VNC server and log in again. You can now enter the password for the Design Console.

21.4.22 Bidirectional Text Not Supported in Nexaweb Pages

The Nexaweb pages that open from the Oracle Identity Manager Administrative and User Console do not support bidirectional text. For example, when you select any of the languages that are written from right to left, such as Arabic or Hebrew, and click Install Connector on the Welcome page, search for a connector, click Upgrade, and then proceed to step 13 of the Connector Upgrade wizard, the text in the page is not displayed from right to left.

21.4.23 Do Not Modify Oracle Identity Manager Predefined System Properties in Non-English Locale

When the user preference language for the Administrative and User Console is not English, and you update the value of a predefined system property in Oracle Identity Manager, translated property name and keyword are written in the PTY table. Therefore, on searching for system properties in the Administrative and User Console, this system property is not found.

21.4.24 Error Generated When Translated String for System Property Name Exceeds Maximum Allowed Length in PTY_NAME Column

When you try to set the value of a system property in a Western language UI, such as French, and if the translation string length exceeds the maximum allowed length, which is 80 characters, in the PTY_NAME column of the PTY table, then an error is generated.

21.4.25 Password Notification is Not Sent if User Login Contains Special Characters

For a user entity created with valid e-mail address in LDAP, if the User Login contains the German beta character, then the notification message is not sent on running LDAP user create/update full reconciliation.

21.4.26 Reset Password Fails if User Login Contains Lowercase Special Characters

In a Oracle Identity Manage deployment with LDAP synchronization enabled, if the User Login contains special characters such as Turkis dotted I, dotless i, German beta, and Greek sigma in lowercase format, then the reset password does not work.

To workaround this issue, use uppercase User Login to reset password because User Login is not case-sensitive in Oracle Identity Manager.

21.4.27 Email Notification Not Send Per Preferred Locale

When provisioning a resource to a user, the provisioned user and the user's manager receive the email notification in the locale as specified for user.language and user.country instead of their preferred locale.

21.4.28 Help Contents Displayed in English on Non-English Browsers

On non-English Web browsers, clicking the Help link on the top-right corner of the Oracle Identity Manager Self Service, Identity Administration, or Advanced Administration opens the help window, but always displays the on-line help contents in English.

21.5 Documentation Errata

Documentation Errata: Currently, there are no documentation issues to note.

PK}ڋPK Oracle Fusion Middleware High Availability and Enterprise Deployment

6 Oracle Fusion Middleware High Availability and Enterprise Deployment

This chapter describes issues associated with Oracle Fusion Middleware high availability and enterprise deployment. It includes the following topics:


Note:

This chapter contains issues you might encounter while configuring any of the any of the Oracle Fusion Middleware products for high availability or an enterprise deployment.

Be sure to review the product-specific release note chapters elsewhere in this document for any additional issues specific to the products you are using.


6.1 General Issues and Workarounds

This section describes general issue and workarounds. It includes the following topics:

6.1.1 Secure Resources in Application Tier

It is highly recommended that the application tier in the SOA Enterprise Deployment topology and the WebCenter Enterprise Deployment topology is protected against anonymous RMI connections. To prevent RMI access to the middle tier from outside the subset configured, follow the steps in "Configure connection filtering" in the Oracle WebLogic Server Administration Console Online Help. Execute all of the steps, except as noted in the following:

  1. Do not execute the substep for configuring the default connection filter. Execute the substep for configuring a custom connection filter.

  2. In the Connection Filter Rules field, add the rules that will allow all protocol access to servers from the middle tier subnet while allowing only http(s) access from outside the subnet, as shown in the following example:

    nnn.nnn.0.0/nnn.nnn.0.0  * * allow 
    0.0.0.0/0 * * allow t3 t3s 
    

6.1.2 Accessing Web Services Policies Page in Cold Failover Environment

In a Cold Failover Cluster (CFC) environment, the following exception is displayed when Web Services policies page is accessed in Fusion Middleware Control:

Unable to connect to Oracle WSM Policy Manager.
Cannot locate policy manager query/update service. Policy manager service
look up did not find a valid service.

To avoid this, implement one the following options:

  • Create virtual hostname aliased SSL certificate and add to the key store.

  • Add "-Dweblogic.security.SSL.ignoreHostnameVerification=true" to the JAVA_OPTIONS parameter in the startWeblogic.sh or startWeblogic.cmd files

6.1.3 Timeout Settings for SOA Request-Response Operations are Not Propagated in a Node Failure

In an active-active Oracle SOA cluster, when a node failure occurs, the timeout settings for request-response operations in receive activities are not propagated from one node to the other node or nodes. If a failure occurs in the server that scheduled these activities, they must be rescheduled with the scheduler upon server restart.

6.1.4 Very Intensive Uploads from I/PM to UCM May Require Use of IP-Based Filters in UCM Instead of Hostname-Based Filters

The "Adding the I/PM Server Listen Addresses to the List of Allowed Hosts in UCM" section in the Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Enterprise Content Management Suite and the "Adding the I/PM Server Listen Addresses to the List of Allowed Hosts in UCM" section in the Oracle Fusion Middleware High Availability Guide describe how to add hostname-based filters for Oracle I/PM managed server listen addresses to the list of allowed hosts in Oracle UCM.

When using hostname-based filters in Oracle UCM (config.cfg file) a high latency/performance impact may be observed in the system for very intensive uploads of documents from Oracle I/PM to Oracle UCM. This is caused by the reverse DNS lookup that is required in Oracle UCM to allow the connections from Oracle I/PM servers. Using hostname-based filters is recommended in preparation for configuring the system for Disaster Protection and to restore to a different host (since the configuration used is IP-agnostic when using hostname-based filters). However if the performance of the uploads needs to be improved, users can use instead IP-based filters. To do this:

  1. Edit the file /u01/app/oracle/admin/domainName/ucm_cluster/config/config.cfg and remove or comment out:

    SocketHostNameSecurityFilter=localhost|localhost.mydomain.com|ecmhost1vhn1|ecmhost2vhn1
    
    AlwaysReverseLookupForHost=Yes
    
  2. Add the IP addresses (listen address) of the WLS_IPM1 and WLS_IPM2 managed servers (ECMHOST1VHN1 and ECMHOST2VHN1, respectively) to the SocketHostAddressSecurityFilter parameter list as follows:

    SocketHostAddressSecurityFilter=127.0.0.1|0:0:0:0:0:0:0:1|X.X.X.X|Y.Y.Y.
    

    where X.X.X.X and Y.Y.Y.Y are the listen addresses of WLS_IPM1 and WLS_IPM2 respectively. Notice that 127.0.0.1 also needs to be added as shown above.

  3. Restart the UCM servers.

6.1.5 Use srvctl in 11.2 Oracle RAC Databases to Set Up AQ Notification and Server-side TAF

Because of a known issue in 11.2 Oracle RAC databases, it is required to use srvctl to set up AQ notification and server-side TAF. Using DBMS_SQL packages will not work as expected.

Here is an example use of srvctl:

srvctl modify service -d orcl -s orclSVC -e SELECT -m BASIC -w 5 -z 5 -q TRUE

In the example:

orcl - Database Name

orclSVC - Service Name used by middleware component

SELECT - Failover type

BASIC - Failover method

5 - Failover delay

5 - Failover retry

TRUE - AQ HA notifications set to TRUE

Please refer to the Oracle 11.2 Oracle database documentation for detailed information about this command usage.

6.1.6 Failover Is Not Seamless When Creating Reports in Oracle BI Publisher

If you create a report in Oracle BI Publisher, and a Managed Server is failed over before the report is saved, the failover might not be seamless. For example, when you attempt to save the report, the system might not be responsive.

If this occurs, click one of the header links, such as Home or Catalog, to be redirected to the Oracle BI Publisher login page. Then, log in and create and save the report again.

6.1.7 Cannot Save Agent When Oracle Business Intelligence Managed Server Fails Over

If you create an agent in the Oracle Business Intelligence Web interface, and a Managed Server fails over before you save the agent, an error occurs when you try to save the agent.

To work around this issue, log out, then log back in to Oracle Business Intelligence and create the agent again.

6.1.8 Installing Additional Oracle Portal, Forms, Reports, and Discoverer Instances After Upgrading Oracle Single Sign-On 10g to Oracle Access Manager 11g

This issue occurs with Oracle Portal, Forms, Reports, and Discoverer 11g environments that have been upgraded from using Oracle Single-Sign On 10g to Oracle Access Manager 11g for authentication.

When performing subsequent Oracle Portal, Forms, Reports, and Discoverer 11g installations against the same environment where the initial Oracle Portal, Forms, Reports, and Discoverer 10g installation was upgraded to Oracle Access Manager, there are some requirements that must be met.

  • For each subsequent Oracle Portal, Forms, Reports, and Discoverer 11g installation, you must maintain the original Oracle Single Sign-On 10g instance and keep it actively running--in addition to new Oracle Access Manager 11g instance--while the additional Oracle Portal, Forms, Reports, and Discoverer 11g installations are performed.

    This is necessary because Oracle Portal, Forms, Reports, and Discoverer 11g cannot be installed directly against Oracle Access Manager 11g.

  • After the subsequent classic installs are completed, the Oracle Single Sign-On 10g to Oracle Access Manager 11g upgrade procedure must be performed again. For more information, including an upgrade roadmap, see the Oracle Fusion Middleware Upgrade Guide for Oracle Identity and Access Management.

    This procedure upgrades the new Oracle Portal, Forms, Reports, and Discoverer 11g instance to Oracle Access Manager 11g.

Note that these considerations apply only in an environment with Multiple Oracle Portal, Forms, Reports, and Discoverer 11g middle tiers that are installed or added to a your environment after the initial upgrade from Oracle Single Sign-On 10g to Oracle Access Manager 11g.

6.1.9 JMS Instance Fails In a BI Publisher Cluster

On rare occasions, a JMS instance is missing from a BI Publisher Scheduler cluster.

To resolve this issue, restart the BI Publisher application from the WebLogic Server Administration Console.

To restart your BI Publisher application:

  1. Log in to the Administration Console.

  2. Click Deployments in the Domain Structure window.

  3. Select bipublisher(11.1.1).

  4. Click Stop.

  5. After the application stops, click Start.

6.1.10 Undelivered Records not Recovered During RAC Failover of Singleton SOA Server

If there is a RAC failover in a singleton server in a SOA RAC environment, recovery of undelivered records that appear recoverable in EM will fail.

6.1.11 Synchronous BPEL Process Issues

On a SOA cluster, the following scenarios are not supported:

  • Synchronous BPEL process with mid-process receive.

  • Synchronous BPEL process calling asynchronous services .

  • Callback from synchronous processes.

6.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

6.2.1 Fusion Middleware Control May Display Incorrect Status

In some instances, Oracle WebLogic Fusion Middleware Control may display the incorrect status of a component immediately after the component has been restarted or failed over.

6.2.2 Accumulated BPEL Instances Cause Performance Decrease

In a scaled out clustered environment, if a large number of BPEL instances are accumulated in the database, it causes the database's performance to decrease, and the following error is generated: MANY THREADS STUCK FOR 600+ SECONDS.

To avoid this error, remove old BPEL instances from the database.

6.2.3 Extra Message Enqueue when One a Cluster Server is Brought Down and Back Up

In a non-XA environment, MQSeries Adapters do not guarantee the only once delivery of the messages from inbound adapters to the endpoint in case of local transaction. In this scenario, if an inbound message is published to the endpoint, and before committing the transaction, the SOA server is brought down, inbound message are rolled back and the same message is again dequeued and published to the endpoint. This creates an extra message in outbound queue.

In an XA environment, MQ Messages are actually not lost but held by Queue Manager due to an inconsistent state. To retrieve the held messages, restart the Queue Manager.

6.2.4 Duplicate Unrecoverable Human Workflow Instance Created with Oracle RAC Failover

As soon as Oracle Human Workflow commits its transaction, the control passes back to BPEL, which almost instantaneously commits its transaction. Between this window, if the Oracle RAC instance goes down, on failover, the message is retried and can cause duplicate tasks. The duplicate task can show up in two ways - either a duplicate task appears in worklistapp, or an unrecoverable BPEL instance is created. This BPEL instance appears in BPEL Recovery. It is not possible to recover this BPEL instance as consumer, because this task has already completed.

6.2.5 No High Availability Support for SOA B2B TCP/IP

High availability failover support is not available for SOA B2B TCP/IP protocol. This effects primarily deployments using HL7 over MLLP. For inbound communication in a clustered environment, all B2B servers are active and the address exposed for inbound traffic is a load balancer virtual server. Also, in an outage scenario where an active managed server is no longer available, the persistent TCP/IP connection is lost and the client is expected to reestablish the connection.

6.2.6 WebLogic Administration Server on Machines with Multiple Network Cards

When installing Oracle WebLogic Server on a server with multiple network cards, always specify a Listen Address for the Administration Server. The address used should be the DNS Name/IP Address of the network card you wish to use for Administration Server communication.

To set the Listen Address:

  1. In the Oracle WebLogic Server Administration Console, select Environment, and then Servers from the domain structure menu.

  2. Click the Administration Server.

  3. Click Lock and Edit from the Change Center to allow editing.

  4. Enter a Listen Address.

  5. Click Save.

  6. Click Activate Changes in the Change Center.

6.2.7 Additional Parameters for SOA and Oracle RAC Data Sources

In some deployments of SOA with Oracle RAC, you may need to set parameters in addition to the out-of-the-box configuration of the individual data sources in an Oracle RAC configuration. The additional parameters are:

  1. Add property oracle.jdbc.ReadTimeout=300000 (300000 milliseconds) for each data source.

    The actual value of the ReadTimeout parameter may differ based on additional considerations.

  2. If the network is not reliable, then it is difficult for a client to detect the frequent disconnections when the server is abruptly disconnected. By default, a client running on Linux takes 7200 seconds (2 hours) to sense the abrupt disconnections. This value is equal to the value of the tcp_keepalive_time property. To configure the application to detect the disconnections faster, set the value of the tcp_keepalive_time, tcp_keepalive_interval, and tcp_keepalive_probes properties to a lower value at the operating system level.


    Note:

    Setting a low value for the tcp_keepalive_interval property leads to frequent probe packets on the network, which can make the system slower. Therefore, the value of this property should be set appropriately based on system requirements.


For example, set tcp_keepalive_time=600 at the system running the WebLogic Server managed server.

Also, you must specify the ENABLE=BROKEN parameter in the DESCRIPTION clause in the connection descriptor. For example:

dbc:oracle:thin:@(DESCRIPTION=(enable=broken)(ADDRESS_LIST=(ADDRESS=(PRO
TOCOL=TCP)(HOST=node1-vip.mycompany.com)(PORT=1521)))(CONNECT_DATA=(SERVICE_
NAME=example.com)(INSTANCE_NAME=orcl1)))

As a result, the data source configuration appears as follows:

<url>jdbc:oracle:thin:@(DESCRIPTION=(enable=broken)(ADDRESS_LIST=(ADDRESS=(PRO
TOCOL=TCP)(HOST=node1-vip.us.example.com)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=example.com)(INSTANCE_NAME=orcl1)))</url>
    <driver-name>oracle.jdbc.xa.client.OracleXADataSource</driver-name>
    <properties>
      <property>
        <name>oracle.jdbc.ReadTimeout</name>
        <value>300000</value>
      </property>
      <property>
        <name>user</name>
        <value>jmsuser</value>
      </property>
      <property>
        <name>oracle.net.CONNECT_TIMEOUT</name>
        <value>10000</value>
      </property>
    </properties>

6.2.8 Message Sequencing and MLLP Not Supported in Oracle B2B HA Environments

Message sequencing and MLLP are not supported in Oracle B2B high availability (HA) environments.

6.2.9 Credentials not Propagated for Transport Protocols in B2B

The Oracle FMW credential store maintains usernames and passwords that you define for Transport protocols. If you use the default file store for these credentials, changes you make to usernames and passwords do not propagate across nodes. You must use a central LDAP for these credentials to be synchronized across nodes in a cluster, as described in, and required by, the Oracle Fusion Middleware High Availability Guide and Enterprise Deployment Guides.

6.2.10 Use Fully-Qualified Hostnames when Configuring Front-end Hosts in High Availability Configurations

Oracle recommends using the full name of the host, including the domain name, when configuring front-end hosts in Oracle Fusion Middleware high availability configurations. Use the host's full name instead of using only the host name.

For example, if myhost is the name of a frontend host in a high availability configuration, set the frontend host URL to the fully-qualified hostname, such as myhost.mycompany.com as DNS or local host name resolution files (for example, /etc/hosts) define.

6.2.11 Managed Server goes into Suspended Status After Oracle RAC Failover

The Managed Server wls_ods(x) can enter a suspended status in the following situations:

  • A database connection in the data source is wrong or not complete.

  • The host is not a fully-qualified host for the database.

To correct the status of the Managed Server wls_ods(x):

  1. Under the data source, verify that the database connection is correct and complete with the domain.

  2. Under the data source, verify that the host name for the database is a fully- qualified hostname with the domain.

  3. Verify the connection by selecting the Test button.

6.2.12 Primary/Secondary Configuration Section of the Availability Tab is Not Visible

During the system component scale out process, the Primary/Secondary Configuration section in the Availability tab of the Capacity Management page in Fusion Middleware Control may not be visible in the browser. This issue occurs when you perform the scale out process using Microsoft Internet Explorer version 7.0.5730.11.

To avoid this issue, do not use the browser Microsoft Internet Explorer version 7.0.5730.11 to scale out; use another browser such as Google Chrome.

6.2.13 Server Start Parameters Not Getting Set After Scaling Out the Oracle Business Intelligence Managed Server

After scaling out Oracle Business Intelligence, Server Start parameters are not getting set correctly. To work around this issue, update the Server Start parameters for the scaled out BI Managed Server to include the following:

-Dserver.group=obi arguments

6.2.14 Ensuring the Oracle HTTP Server Lock File is on a Local Drive

If you configure an Oracle instance for Oracle HTTP Server 11g on shared storage, such as NAS, NFS, or SAN storage, you must ensure that the lock file is created on a local drive instead of the shared drive. If you do not do this, Oracle HTTP Server might experience performance problems. Perform these steps to point the LockFile directive at a local fi le system:

  1. Stop the OHS instances on WEBHOST1 and WEBHOST2.

  2. Open the file ORACLE_INSTANCE/config/OHS/ohs_name/httpd.conf in a text editor.

  3. Find the LockFile directive, configured under both the prefork and worker MPM configuration blocks in the httpd.conf file. It looks like this:

    LockFile ORACLE_INSTANCE/diagnostics/logs/COMPONENT_TYPE/COMPONENT_NAME/http_lock
    
  4. Change the LockFile directive under the appropriate MPM configuration to point to a local file system, for example:

    LockFile /local_disk/path/http_lock
    
  5. Restart Oracle HTTP Server.

  6. Verify that the http_lock file exists in the directoryV specified by the LockFile directive.

6.2.15 Recreating OSSO Agents that Point to the Load Balancer URL

A high availability Classic environment typically has a load balancer in front of the Classic OHS instances. When you configure a classic instance with OAM 11g, the Configuration Wizard automatically configures an OSSO agent. The OSSO agent contains the individual Classic OHS instance URL. In a high availability cluster consisting of two Classic instances, the Configuration Wizard automatically configures two OSSO agents. Each OSSO agent contains the URL information of one Classic Webtier instance URL.

In a high availability cluster, you must recreate an OSSO agent that points to the load balancer URL.

To recreate an OSSO agent that points to the load balancer URL:

  1. From the OAM console, click New OSSO Agent to open the OSSO Wizard application.

  2. Enter the following information:

    • Name: Enter any name

    • Token Version: Use the default setting, v3.0

    • Base URL: Enter the load balancer URL, for example http://haqaedg04.us.example.com:7788

    • Admin ID: Leave blank

    • Admin Inf: Leave blank

    • Host Identifier: Keep default value from the Name field.

    • Auto Create Policies: Check this setting to enable it.

  3. Copy the osso.conf file of the new OSSO agent from the OAM server to the Classic Web Instances config directory.

6.2.16 Use Lower-Case Letters for GridLink Data Source RAC Service Name

When you create a GridLink data source in the Configuration Wizard, you must verify that the service name on the database uses lowercase letters only and is a qualified domain name. For example, <mydbservice>.us.example.com. The Service Name field is in the Configure GridLink RAC Component Schema screen.


Note:

The Oracle RAC Service name is defined on the database; it is not a fixed name. Oracle recommends that you register/add the RAC service name with the database domain name, for example, us.example.com


6.2.17 Additional Steps Needed for Oracle RTD Request Forwarding to Work Correctly

Due to an Oracle RTD issue related to request forwarding, the frontend URL must be the same as the backend URL for deployments that include Oracle RTD. To set the frontend URL for Oracle RTD, perform the steps listed in the following procedures at the point indicated in the Oracle Business Intelligence EDG task flow.

After performing the steps listed in Section 5.7, "Setting the Listen Address for bi_server1 Managed Server," set the frontend URL for the bi_server1 Managed Server, as follows:

  1. Log in to the Administration Console.

  2. In the Change Center, click Lock & Edit.

  3. Expand the Environment node in the Domain Structure window.

  4. Click Servers. The Summary of Servers page is displayed.

  5. Select bi_server1 in the Names column of the table. The settings page for bi_server1 is displayed.

  6. Click the Protocols tab.

  7. Click the HTTP tab.

  8. Set the Frontend Host field to APPHOST1VHN1 (your bi_server1 Listen address).

  9. Click Save, then click Activate Changes.

After performing the steps listed in Section 6.4.1, "Setting the Listen Address for the bi_server2 Managed Server," set the frontend URL for the bi_server2 Managed Server, as follows:

  1. Log in to the Administration Console.

  2. In the Change Center, click Lock & Edit.

  3. Expand the Environment node in the Domain Structure window.

  4. Click Servers. The Summary of Servers page is displayed.

  5. Select bi_server2 in the Names column of the table. The settings page for bi_server2 is displayed.

  6. Click the Protocols tab.

  7. Click the HTTP tab.

  8. Set the Frontend Host field to APPHOST2VHN1 (your bi_server2 Listen address).

  9. Click Save, then click Activate Changes.

6.2.18 Error INST-08075 Occurs When Scaling Out the BI System

When you are scaling out the BI System using the Oracle Business Intelligence Configuration Assistant, the following error occurs:

INST-08075: Weblogic Server 10.3.6.0 is installed but Weblogic Server Temporary is used in the BI Domain.

To work around this error, perform the following steps:

  1. Open MW_HOME/registry.xml for editing.

  2. Locate the following line:

    <component name="WebLogic Server" version="10.3.6.0" InstallDir="ORACLE_BASE/fmw/wlserver_10.3"> 
    
  3. Change the line to the following:

    <component name="WebLogic Server" version="Temporary" InstallDir="ORACLE_BASE/fmw/wlserver_10.3"
    
  4. Save and close the file.

  5. Return to the Oracle Business Intelligence Configuration Assistant and proceed past the Scale Out BI System Details screen.

  6. Revert the entry in registry.xml back to version="10.3.6.0".

6.2.19 First Defined RAC Instance Must Be Available On Domain Startup When Configuring with RAC Multi Data Source

When you configure the RAC data source for OPSS, Oracle recommends using an Oracle GridLink data source type. If you decide to use a RAC multi data source, you must ensure that the first RAC instance listed in the multi data source definition is available during the first domain startup. If you do not use the first RAC instance listed, configuration fails.

6.3 Testing Abrupt Failures of WebLogic Server When Using File Stores on NFS

If JMS messages and transaction logs are stored on an NFS-mounted directory, Oracle strongly recommends that you verify the behavior of a server restart after abrupt machine failures. Depending on the NFS implementation, different issues can arise post failover/restart.

To verify server restart behavior, abruptly shut down the node that hosts WebLogic servers while the servers are running.

  • If you configured the server for server migration, it should start automatically in failover node after the failover period.

  • If you did not configure the server for server migration, you can manually restart the WebLogic Server on the same host after the node completely reboots.

If Oracle WebLogic Server does not restart after abrupt machine failure, the following error entry may appear in server log files:

<MMM dd, yyyy hh:mm:ss a z> <Error> <Store> <BEA-280061> <The persistent 
store "_WLS_server_soa1" could not be deployed: 
weblogic.store.PersistentStoreException: java.io.IOException: 
[Store:280021]There was an error while opening the file store file 
"_WLS_SERVER_SOA1000000.DAT" 
weblogic.store.PersistentStoreException: java.io.IOException: 
[Store:280021]There was an error while opening the file store file 
"_WLS_SERVER_SOA1000000.DAT" 
        at weblogic.store.io.file.Heap.open(Heap.java:168) 
        at weblogic.store.io.file.FileStoreIO.open(FileStoreIO.java:88)
...
java.io.IOException: Error from fcntl() for file locking, Resource
temporarily unavailable, errno=11

This error occurs when the NFSv3 system does not release locks on the file stores. WebLogic Server maintains locks on files that store JMS data and transaction logs to prevent data corruption that can occur if you accidentally start two instances of the same managed server. Because the NFSv3 storage device doesn't track lock owners, NFS holds the lock indefinitely if a lock owner crashes. As a result, after abrupt machine failure followed by a restart, subsequent attempts by WebLogic Server to acquire locks may fail.

If it is not reasonably possible to tune locking behavior in your NFS environment, use one of the following solutions to unlock the logs and data files:

  • Use the WebLogic Server Administration Console to disable WebLogic file locking mechanisms for the default file store, a custom file store, a JMS paging file store, and a Diagnostics file store. To do this, see Considerations for Using File Stores on NFS in the Oracle Fusion Middleware High Availability Guide.

  • Manually unlock the logs and JMS data files and start the servers by creating a copy of the locked persistence store file and using the copy for subsequent operations. See the following section Unlocking Logs and Data Files Manually.

Unlocking Logs and Data Files Manually

Manually unlock the logs and JMS data files and start the servers by creating a copy of the locked persistence store file and using the copy for subsequent operations. To create a copy of the locked persistence store file, rename the file then copy it back to its original name. The following sample steps assume that transaction logs are stored in the /shared/tlogs directory and JMS data is stored in the /shared/jms directory.

cd /shared/tlogs
mv _WLS_SOA_SERVER1000000.DAT _WLS_SOA_SERVER1000000.DAT.old
cp _WLS_SOA_SERVER1000000.DAT.old _WLS_SOA_SERVER1000000.DAT
cd /shared/jms
mv SOAJMSFILESTORE_AUTO_1000000.DAT SOAJMSFILESTORE_AUTO_1000000.DAT.old
cp SOAJMSFILESTORE_AUTO_1000000.DAT.old SOAJMSFILESTORE_AUTO_1000000.DAT
mv UMSJMSFILESTORE_AUTO_1000000.DAT UMSJMSFILESTORE_AUTO_1000000.DAT.old
cp UMSJMSFILESTORE_AUTO_1000000.DAT.old UMSJMSFILESTORE_AUTO_1000000.DAT

With this solution, the WebLogic file locking mechanism continues to protect against accidental data corruption if multiple instances of the same servers are accidently started. However, you must restart the servers manually after abrupt machine failures. File stores create multiple consecutively numbered.DAT files when they store large amounts of data. You may need to copy and rename all files when this occurs.

6.4 Documentation Errata

This section describes documentation errata. It includes the following topics:

6.4.1 Documentation Errata for the Fusion Middleware High Availability Guide

This section contains Documentation Errata for Oracle Fusion Middleware High Availability Guide.

It includes the following topics:

6.4.1.1 Latest Requirements and Certification Information

Several manuals in the Oracle Fusion Middleware 11g documentation set have information on Oracle Fusion Middleware system requirements, prerequisites, specifications, and certification information. For the latest informationon these topics, see the following documents on Oracle Technology Network:

http://www.oracle.com/technology/software/products/ias/files/fusion_certification.html

This document contains information related to hardware and software requirements, minimum disk space and memory requirements, and required system libraries, packages, or patches. It also includes information on supported installation types, platforms, operating systems, databases, JDKs, and third-party products.

6.4.1.2 Error in Line to Add to mod_wl_ohs.conf File

In Chapter 5., "Configuring High Availability for Oracle SOA Suite," the line <Location /DefaultToDoTaskFlow/> should be <Location /workflow/DefaultToDoTaskFlow/> in the mod_wl_ohs.conf file. Instances of this line are in Sections 5.3.13 and 5.14.15.

6.4.2 Documentation Errata for the Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management

This section contains documentation errata for Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management.

It includes the following topics:

6.4.2.1 Set -DDomainRegistrationEnabled=true when Starting Node Manager

The November 2010 edition of Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management failed to mention that, prior to starting the Node Manager that controls the WebLogic Administration Server, you must set -DDomainRegistrationEnabled=true. For example:

export JAVA_OPTIONS=-DDomainRegistrationEnabled=true

6.4.2.2 Ignore Empty Section in the Oracle Virtual Directory Chapter

In the November 2010 edition of Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management, Section 8.1.1 in Chapter 11, "Extending the Domain with Oracle Virtual Directory is an empty section." Please ignore it.

6.4.2.3 Installing Identity Management Sections Are Incorrectly Organized

In Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management 11g Release 1 (11.1.1.5), Part Number E12035-07, Section 4.5.5, "Installing Oracle Identity Management," should be reorganized as follows:

  • The content beginning with "Start the Oracle Fusion Middleware 11g Oracle Identity Management Installer" should be in a subsection, Section 4.5.5.1, entitled "Installing Oracle Identity Management 11.1.1.2."

  • Section 4.5.6, "Upgrading the Oracle Homes for Oracle Identity Management from 11.1.1.2 to 11.1.1.5" should be Section 4.5.5.2.

6.4.2.4 Errors in Instructions for Using the Guide

Errors exist in Section 1.6, "Using This Guide." They should be corrected as follows:

  • Step 11 should be:

    If you are using Oracle Access Manager, follow the steps in Chapter 12, "Extending the Domain with Oracle Access Manager 11g."

  • Steps 11 through 18 should refer to chapters, not sections.

6.4.2.5 LDIF File Error in Procedure for Creating Users and Groups for Oracle WebLogic Server

The LDIF file in Step 2a of Section 11.4.4, "Creating Users and Groups for Oracle WebLogic Server," is missing some line breaks. It should appear as follows:

dn: cn=orclFAUserReadPrivilegeGroup,cn=Groups,dc=mycompany,dc=com
changetype: modify
add: uniquemember
uniquemember: cn=IDROUser,cn=Users,dc=mycompany,dc=com

6.4.2.6 Run Additional emctl Commands When Extending the Domain with Oracle Internet Directory or Oracle Virtual Directory

In the chapters "Extending the Domain with Oracle Internet Directory" and "Extending the Domain with Oracle Virtual Directory," you are instructed run

./emctl switchOMS ReposURL

to enable the local emagent to communicate with the WebLogic Administration Server using the virtual IP address. After you have run that command, you must also perform the following tasks:

  • Force the agent to reload its configuration by issuing the command:

    ./emctl reload
    
  • Check that the agent is using the correct Upload URL using the command:

    ./emctl status agent
    

6.4.2.7 Errors in Section 2.4, Shared Storage and Recommended Directory Structure

Table 2-3, Recommended Directory Structure, is missing some values in the Shared Storage column. The following table entries should have the value "Yes" in the Shared Storage column, indicating that these directories should be on shared storage:

  • IAM_ORACLE_HOME

  • ASERVER_DOMAIN_HOME

  • ASERVER_APP_HOME

PKnPK Oracle HTTP Server

9 Oracle HTTP Server

This chapter describes issues and release-specific user information associated with Oracle HTTP Server. It includes the following notes:

9.1 mod_security Reintroduced

The mod_security plug-in was removed from earlier versions of Oracle HTTP Server but is reintroduced in version 11.1.1.7. This version follows the recommendations and practices prescribed for open source mod_security 2.6.2. Only documentation applicable to open source Apache mod_security 2.6.2 is applicable to the Oracle HTTP Server implementation of the module.

9.2 Installing OHS 11.1.1.7 with WLS 12g

You can install Oracle HTTP Server 11.1.17 with the Oracle WebLogic Server 12c JRF/ADF combination if you do the following:

  • Install the two components separately, from scratch, and choose the correct versions (Oracle HTTP Server 11.1.17 with Oracle WebLogic Server 12c JRF/ADF)

  • During the OHS 11g installation, deselect the components associated with a WebLogic Domain.

PKvW PK Installation, Patching, and Configuration

2 Installation, Patching, and Configuration

This chapter describes issues associated with Oracle Fusion Middleware installation, patching, and configuration. It includes the following topics:


Note:

This chapter contains issues you might encounter while installing, patching, or configuring any of the Oracle Fusion Middleware products.

Be sure to review the product-specific release note chapters elsewhere in this document for any additional issues specific to the products you are using.


2.1 Installation Issues and Workarounds

This section describes issue and workarounds related to Oracle Fusion Middleware product installation. It includes the following topics:

2.1.1 Issues Pertaining to Oracle SOA Suite Installation

This section contains the following:

2.1.1.1 Installing Oracle SOA Suite on a Dual Stack Host with IPv4

If you install Oracle SOA Suite on a dual stack host and the SOA front end URL is only set to IPv4, Oracle BPM Worklist or asynchronous callbacks from IPv6-only clients may have problems resolving IPv4 callback URLs (and vice-versa).

The work around is to use either a split Domain Name System (DNS) or another forward proxy configuration. This enables the IPv6-only client to connect to a dual stack box through its IPv6 interface.

2.1.1.2 Installing Oracle SOA Suite Release 11.1.1.3.0 in a Turkish Environment

If you are installing Oracle SOA Suite Release 11.1.1.3.0 in a Turkish environment, there will be some functionality loss for Oracle Enterprise Manager Fusion Middleware Control.

There is no work around for this issue. Oracle recommends that you avoid installing in a Turkish environment and install in an English environment instead.

2.1.2 Issues Pertaining to Oracle Portal, Forms, Reports and Discoverer Installation

This section contains the following:

2.1.2.1 Oracle Configuration Manager Fails During Domain Configuration of Oracle Portal, Forms, Reports, and Discoverer 11g Release 1 (11.1.1.7.0)

After upgrading Oracle Portal, Forms, Reports, and Discoverer to 11g Release 1 (11.1.1.7.0), or after installing Oracle Portal, Forms, Reports, and Discoverer 11g Release 1 (11.1.1.7.0), if you choose to configure Oracle Configuration Manager during domain configuration, the configuring Oracle Configuration Manager fails.

The workaround for this issue is as follows:

  1. Navigate to the following location on your system:

    ORACLE_HOME/ccr/bin
    
  2. Run the following commands in the Oracle Instance home:

    $ setupCCR
    $ configCCR
    $ emCCR collect
    $ emCCR status
    

Note:

You can choose to skip configuring Oracle Configuration Manager when you initially run the 11g Release 1 (11.1.1.7.0) configuration wizard.


To configure Oracle Configuration Manager after configuring the domain, do the following:

  1. Navigate to the ORACLE_HOME/ccr/bin directory on your system.

  2. Set the variable ORACLE_CONFIG_HOME in your Oracle Instance home directory.

  3. Run the following commands:

    $ setupCCR
    $ configCCR
    $ emCCR collect
    $ emCCR status
    

2.1.2.2 Considerations When Installing Oracle Portal 11g

Before you install a new Oracle Portal, Forms, Reports, and Discoverer 11g environment, be sure to review the following important resources:

2.1.2.3 Prerequisite Warnings During Installation

Vendor release updates cummulative patches and/or packages that may superseed our listed Oracle Fusion Middleware 11g Release 1 prerequisites for platforms. As long as vendor approved patches and/or packages are installed, the prerequisite warnings could be ignored and the installation completed.

Another option is to use -ignoreSysPreReqs command line additional argument to the runInstaller as:

$  Mount_Point/runInstaller -ignoreSysPreReqs other required install options

2.1.3 Issues Pertaining to Oracle Web Tier Installation

This section contains the following:

2.1.3.1 Oracle SOA Suite and Oracle Application Developer Must Be Installed Before Oracle Web Tier

To ensure that the oracle_common/soa/modules/commons-cli-1.1.jar file is installed properly, if you plan to associate Oracle Web Tier with an existing domain, you must install Oracle Web Tier after all other products are installed.

2.1.3.2 Oracle Web Tier Silent Install Requires Oracle Web Cache Component Name

If you are performing a silent Oracle Web Tier installation for Oracle HTTP Server, an Oracle Web Cache component name (WEBCACHE_COMPONENT_NAME parameter) must also be mentioned in the response file, even though Oracle Web Cache is not required for Oracle HTTP Server installation. Even though both component names are provided, as long as CONFIGURE_WEBCACHE is set to false then only Oracle HTTP Server will be installed and configured.

There is no work around for this issue.

2.1.4 Issues Pertaining to Oracle Identity Management Installation

This section contains the following:


Note:

For 11g Release 1 (11.1.1.6.0) installation release notes, refer to the following links:


2.1.4.1 WebLogic Administration Server Must Be Running When Extending Oracle Identity Management Domains

When you install Oracle Identity Management, you have several options for choosing how the Oracle Identity Management components are installed in relation to an Oracle WebLogic Server administration domain. If you select the Extend Existing Domain option on the installer's Select Domain screen, Oracle Identity Management components are installed in an existing Oracle WebLogic Server administration domain.

To install Oracle Identity Management components in an existing administration domain using the Extend Existing Domain option, the Oracle WebLogic Administration Server instance must be running.

2.1.4.2 Extending the Schema in Oracle Internet Directory

If you have Oracle Identity Manager 11g Release 1 (11.1.1.7.0) against Oracle Internet Directory release prior to Oracle Internet Directory 11g Release 1 (11.1.1.6.0) through libOVD 11g Release 1 (11.1.1.7.0) (with oamEnabled set to true and LDAPSync enabled), when you try to create a new user, the following error is displayed:

javax.naming.directory.SchemaViolationException:[LDAP: error code 65 -Failed to find orclpwdexpirationdate in mandatory or optional attribute list.
]

Workaround:

You need to extend the schema in Oracle Internet Directory that you have installed. To change the backend IDStore schema, do the following:

  1. Create a new attribute.

    attributetypes: ( 2.16.840.1.113894.200.1.7 NAME 'orclPwdExpirationDate' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE USAGE userApplications).
    
  2. Modify the existing orclIDXPerson objectclass to include orclPwdExpirationDate as an optional attribute.


Note:

You can use Oracle Directory Services Manager to connect to Oracle Internet Directory and make the schema changes.


2.1.4.3 Deinstalling a 11g (11.1.1.7.0) Oracle Internet Directory Instance Does Not Clean Up the OID Schema

When deinstalling a configured Oracle Internet Directory instance from Oracle Identity Management 11g (11.1.1.7.0) the file-based instance directory is removed, but the related Oracle Internet Directory instance configuration is not deleted. Hence, any future configuration adds to the instance count by including the deleted instances.

The following logic is missing from the command to remove a OID instance:

ldapdelete -p <oid ldap port> -D cn=orcladmin -w <password> "cn=<OID 
instance name as defined in the ODS
schema>,cn=osdldapd,cn=subconfigsubentry"

Workaround:

After deleting an instance and before recreating the instance run the command:

ldapdelete -p <oid ldap port> -D cn=orcladmin -w <password> "cn=<OID
instance name as defined in the ODS schema>,cn=osdldapd,cn=subconfigsubentry 

2.1.4.4 Information about the Oracle Virtual Directory Adapters

Oracle Virtual Directory adapters are not listed in the Home page.

To work around this issue on Linux operating systems, copy the osdt_cert.jar file from the Oracle Common home to the directory under ORACLE_HOME/inventory/Scripts/ext/lib/Oracle_IDM1.

To work around this issue on Windows operating systems, copy the jar prior to the configuration phase because it does not work if you copy it later.

2.1.4.5 Enabling the Retry Button

To retry a failed Oracle Identity Management configuration you must enable the Retry button. Check the box on the left side of the failed item to enable the Retry button.

2.1.4.6 Server Startup Failures on Linux Operating Systems

When starting the Oracle Identity Management server (Managed server or Administration server), the server may fail to start. You may see the following error:

Failed to push ldap config data to
libOvd for service instance "idstore.ldap" in JPS context "default", cause:
java.io.FileNotFoundException: /tmp/.ovdlock.tmp (Permission denied)> 

To work around this issue, run the following command and the start he server again:

chmod 666 /tmp/.ovdlock.tmp

2.1.4.7 Configuring OPMN Request Port

The static ports.ini for the Oracle Identity Management 11g Release 1 (11.1.1.7.0) installer has an OPMN request port specified. This port is not used in the Oracle Identity Management configuration and does not serve any specific functional purpose.

To configure the port you have to manually add the entry to opmn.xml after the oracle instance is provisioned.

2.1.4.8 Silent Install with Privileged Ports on Linux Operating Systems

To install and configure privileged ports in silent mode on Linux operating systems, do the following:

  1. Complete only a silent install with Oracle Identity Management 11g Release 1 (11.1.1.7.0).

  2. Run the oracleroot.sh and oidroot.sh scripts in the Oracle home.

    You must run these scripts as root user.

  3. Change .apachectl permissions.

    Run the following as root user:

    /bin/chown root /$OH/ohs/bin/.apachectl
    /bin/chmod 6750 /$OH/ohs/bin/.apachectl
    
  4. Complete a silent configuration with the privileged ports.

2.1.5 Issues Pertaining to JDK and JRE Installation

This section contains the following:

2.1.5.1 Specifying the JRE Location if Installing with Automatic Updates

If you are ins7talling one of the following Oracle Fusion Middleware products:

  • Oracle SOA Suite

  • Oracle WebCenter Portal

  • Oracle Service Bus

  • Oracle WebCenter Content

  • Oracle Data Integrator

  • Oracle Identity and Access Management

And you will choose to configure automatic updates on the Install Software Updates screen by selecting Download and install updates from My Oracle Support you must specify the location of a JRE on your system by using the -jreLoc parameter from the command line when you start the installer.

If you do not use the -jreLoc parameter and instead wait for the installer to prompt you for a JRE location, an exception will be seen during the installation.

2.1.5.2 Out of Memory Errors When Using JDK 6 Update 23

If you are experiencing out-of-memory errors when using JDK 6 Update 23, consider the following.

In JDK 6 Update 23, the escape analysis feature was enabled by default.This is an optimization within the hotspot compiler, which may require an increased memory footprint. When there is very little free space in the process for additional native memory allocations, for example due to a very large Java heap, this could lead to an out of memory situation.

The workaround for this issue is to add the following JVM argument when you start your application:

-XX:-DoEscapeAnalysis

You can identify JDK 6 Update 23 by using the java -version command, as follows:

java -version
   java version "1.6.0_24"
   Java(TM) SE Runtime Environment (build 1.6.0_24-b50)
   Java HotSpot(TM) Server VM (build 19.1-b02, mixed mode)

2.1.6 Issues Pertaining to Oracle Universal Installer

This section contains the following:

2.1.6.1 Installer Produces Errors When Checking for Software Updates on My Oracle Support

On the Install Software Updates screen, if you select the Search My Oracle Support for Updates option, provide the proper user credentials, and then click Search for Updates, the following error is seen in the installation log file:

java.net.NoRouteToHostException: No route to host

The work around is to use the Search Local Directory for Updates option on the Install Software Update screen and select a patch that has already been downloaded and is available locally. Patches can be downloaded manually from My Oracle Support or they can be obtained from your Oracle Support representative.

2.1.7 Issues Pertaining to Database and Schema Installation

This section contains the following:

2.1.7.1 Error Encountered While Loading the Oracle Internet Directory (ODS) Schema

If you have password policy enabled at the database level on your Oracle database, you will receive the ORA-28003 error when loading the Oracle Internet Directory (ODS) schema.

To work around this issue, temporarily disable password policy, load the schema, then enable password policy again.

2.1.7.2 Setting the Correct Permission for the DBMS_REPUTIL Database Package

If you are creating the Oracle Internet Dirctory schemas in Oracle Database version 11.2.0.4 or later, use the following work around if you encounter an error from RCU:

  1. Connect to the database as administrator and execute the following:

    GRANT EXECUTE ON DBMS_REPUTIL TO PUBLIC;
    
  2. Re-start RCU and create the schema.

  3. After the schema is successfully created, connect to the database again as administrator and execute the following:

    REVOKE EXECUTE ON DBMS_REPUTIL FROM PUBLIC;
    

2.1.7.3 Setting the Correct Permission for the DBMS_JOB Database Package

If you are creating the Oracle Internet Directory schema in an Oracle database using RCU, you may encounter the following error messages:

ORA-04063: package body "ODS.TSPURGE" has errors
ORA-06508: PL/SQL: could not find program unit being called: "ODS.TSPURGE"
ORA-06512: at line 3

To work around this issue:

  1. Stop RCU and drop any Oracle Internet Directory schemas already created. Refer to "Dropping Schemas" in Oracle Fusion Middleware Repository Creation Utility User's Guide for instructions.

  2. Log into the database using SQL*Plus and run the following command:

    SQL> grant execute on sys.dbms_job to PUBLIC
    
  3. Run RCU again and create the schemas.

2.1.7.4 Database Connection Failure During Schema Creation When Installing Oracle Internet Directory

If the installation of Oracle Internet Directory fails due to timeout or connection failure when connecting to a database for schema creation, you can try to reset the timeout parameter in the rcu.properties file. This file is located in the IDM_HOME/rcu/config directory-.

Open the rcu.properties file in a text editor, search for the property JDBC_LOGIN_TIMEOUT, and set its value to 30.

2.1.7.5 Using RCU 11g Release 1 (11.1.1.1.0) with Oracle Database 11g (11.2.0.1)

If you are using the version of RCU that is available in Oracle Fusion Middleware 11g Release 1 (11.1.1.1.0) with Oracle Database 11g (11.2.0.1), you will receive the following warning message:

The database you are connecting is not a supported version. Enter Database
with version equal to or higher than 10.2.0.4.0 in 10g or version equal to
higher than 11.1.0.7.0 in 11g. Refer to the certification matrix for
supported DB versions.

This warning can be safely ignored and you can proceed with your RCU operations.

This warning will not appear in the version of RCU available in Oracle Fusion Middleware 11g Release 1 (11.1.1.2.0) or later.

2.1.8 Error Messages and Exceptions Seen During Installation

This section contains the following:

2.1.8.1 JRF Startup Class Exceptions May Appear in Oracle WebLogic Managed Server Logs After Extending Oracle Identity Management Domain

After extending an Oracle Identity Management domain, you may see exception messages related to JRF Startup Class in the managed server log files. For example:

Failed to invoke startup class "JRF Startup Class",
oracle.jrf.PortabilityLayerException: Fail to retrieve the property for the Common
Components Home.
oracle.jrf.PortabilityLayerException: Fail to retrieve the property for the Common
Components Home.

You can safely ignore these exception messages—there is no loss in functionality.

2.1.8.2 Sun JDK and Oracle Configuration Manager Failures in the Installation Log File

Upon completing of an Oracle Web Tier, Oracle Identity Management, or Oracle Portal, Forms, Reports and Discoverer installation, the following errors may be seen in the installtime_and_date.log file:

[2009-11-04T21:15:13.959-06:00] [OUI] [NOTIFICATION] [] [OUI] [tid: 16]
[ecid: 0000IJ2LeAeFs1ALJa5Eif1Awî9l000007,0] OUI-10080:The pre-requisite for
the component Sun JDK 1.6.0.14.08  has failed.
 
[2009-11-04T21:15:13.960-06:00] [OUI] [NOTIFICATION] [] [OUI] [tid: 16]
[ecid: 0000IJ2LeAeFs1ALJa5Eif1Awî9l000007,0] OUI-10080:The pre-requisite for
the component Oracle Configuration Manager 10.3.1.2.0  has failed.   

These messages occur because the Sun JDK and Oracle Configuration Manager are not installed in the oracle_common directory. You can safely ignore these messages.

2.1.9 Issues Pertaining to Product Deinstallation

This section contains the following:

2.1.9.1 Proper Deinstallation for Reinstallation in the Event of a Failed Installation

In the event that an installation fails, and you want to deinstall the failed installation and then reinstall the software to the same location, you must do the following:

  1. Make sure that all the managed servers in the failed installation are shut down. You must verify this in the Administration Console; the word "SHUTDOWN" must appear next to the managed server name.

  2. Deinstall the binaries in the Oracle home directory using the deinstaller in the ORACLE_HOME/oui/bin directory.

  3. Delete all the managed servers from the failed installation in the config.xml file by using the Administration Console or WLST.

  4. Delete all directories in the DOMAIN_HOME/servers directory:

This procedure will enable you to reinstall the software to the same location, using the same managed server names.

2.1.9.2 Deinstallation Does Not Remove WebLogic Domains

There may be certain scenarios where you will need to remove WebLogic Domains that you have created. The Oracle Universal Installer is used to remove Oracle Instances and Oracle home directories only; it does not remove WebLogic Domains.

If you need to remove a WebLogic Domain, you must do so manually. Please refer to your Oracle WebLogic Server documentation for more information.

2.1.10 Installing Oracle Service Registry in the Same Domain as Oracle SOA Suite

When installing Oracle Service Registry 11g in the same Weblogic Domain as Oracle SOA Suite 11g Release 11.1.1.2.0 or Release 11.1.1.3.0, you may see the following error message on the WebLogic Server console when Oracle Service Registry is starting up:

java.lang.LinkageError: loader constraint violation in interface itable
initialization:....

To work around this issue:

  1. Make sure Oracle Service Registry is installed on a different Managed Server from Oracle SOA Suite.

  2. Download patch 9499508 and follow the instructions in the README file included with the patch:

    1. Go to My Oracle Support.

      http://support.oracle.com
      
    2. Click on the Patches & Updates tab.

    3. In the Patch Search area, search for patch 9499508.

    4. Download the patch.

  3. Edit the setDomainEnv.sh file and, for Oracle Service Registry Server, remove fabric.jar from classpath:

    if [ "${SERVER_NAME}" != "osr_server1" ] ; then
    POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.fabric_11.1.1/oracle.soa.fabric.jar
    ${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_11.1.1/oracle.soa.adapter.jar
    ${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_11.1.1/oracle.soa.b2b.jar
    ${CLASSPATHSEP}${POST_CLASSPATH}"
    else
    POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_11.1.1/oracle.soa.adapter.jar
    ${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_11.1.1/oracle.soa.b2b.jar
    ${CLASSPATHSEP}${POST_CLASSPATH}"
    fi
    

When installing Oracle Service Registry 11g in the same Weblogic Domain as Oracle SOA Suite 11g Release 11.1.1.3.0, you may see the following error message when accessing the Oracle Service Registry console:

ClassCastException
java.lang.ClassCastException:org.systinet.uddi.client.serialization.UDDIFaultSerializer

To work around this error, edit the setDomainEnv.sh file and remove oracle.soa.fabric.jar from the classpath when running the Oracle Service Registry Managed Server. To do this:

  1. Make a backup of the MW_HOME/user_projects/domains/soa_domain_name/bin/setDomainEnv.sh file.

  2. Edit the setDomainEnv.sh file and replace the following line:

    POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.fabric_11.1.1/oracle.soa.fabric.jar
    ${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_11.1.1/oracle.soa.adapter.jar
    ${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_11.1.1/oracle.soa.b2b.jar
    ${CLASSPATHSEP}${POST_CLASSPATH}"
    

    with the following:

    if [ "${SERVER_NAME}" != "<your_osr_server_name>" ] ;
    then
    POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.fabric_11.1.1/oracle.soa.fabric.jar
    ${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_11.1.1/oracle.soa.adapter.jar
    ${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_11.1.1/oracle.soa.b2b.jar
    ${CLASSPATHSEP}${POST_CLASSPATH}"
    else
    POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_11.1.1/oracle.soa.adapter.jar
    ${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_11.1.1/oracle.soa.b2b.jar
    ${CLASSPATHSEP}${POST_CLASSPATH}"
    fi
    
  3. Restart the Oracle Service Registry Managed Server.

If you have multiple Oracle Service Registry Managed Servers in the domain, each Managed Server must be added to the condition. For example, if you have two Oracle Service Registry Managed Servers named WLS_OSR1 and WLS_OSR2:

case "$SERVER_NAME" in
.
'WLS_OSR1')
.
echo "Setting WLS_OSR1 CLASSPATH..."

POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_11.1.1/oracle.soa.adapter.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_11.1.1/oracle.soa.b2b.jar
${CLASSPATHSEP}${POST_CLASSPATH}"
exit;;

.
'WLS_OSR2')
.
echo "Setting WLS_OSR2 CLASSPATH..."

POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_11.1.1/oracle.soa.adapter.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_11.1.1/oracle.soa.b2b.jar
${CLASSPATHSEP}${POST_CLASSPATH}"
exit;;
.
*)
.
echo "Setting default SOA CLASSPATH..."

POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.fabric_11.1.1/oracle.soa.fabric.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_11.1.1/oracle.soa.adapter.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_11.1.1/oracle.soa.b2b.jar
${CLASSPATHSEP}${POST_CLASSPATH}"
exit;;
.
esac

2.1.11 Problems Installing in Thai and Turkish Locales

Turkish and Thai users are recommended to install and run Oracle Fusion Middleware using the English locale. Oracle Fusion Middleware does support Turkish and Thai locales as clients.

2.1.12 Enterprise Manager Configuration Fails with Timezone Error Message

There is a problem with the timezone detection algorithm on some versions of Windows. When the database is installed on some systems that have a fresh installation of Windows, the configuration of Enterprise Manager fails with a message that indicates that an "America/Rio_Branco" timezone has been detected.

The work around is to reset the timezone to the desired value, then re-install your Oracle Fusion Middleware product.

2.2 Patching Issues and Workarounds

This section describes issue and workarounds related to Oracle Fusion Middleware product patching. It includes the following topics:

2.2.1 Applications Will Not Start After WebLogic Server is Updated

After applying the latest patches to Oracle WebLogic Server, the WL_HOME/server/lib/weblogic.policy file must be edited to include the following entry in order for Middleware services such as Discoverer, Access Manager, and Identity Manager to start:

grant codeBase "file:MW_HOME/WLS/patch_jars/-" {
      permission java.lang.RuntimePermission "oracle.*","read";
};

Replace MW_HOME with the location of your Middleware home directory.

Replace WLS with one of the following:

  • patch_wls1034 for WebLogic Server version 10.3.4

  • patch_wls1035 for WebLogic Server version 10.3.5

  • patch_wls1036 for WebLogic Server version 10.3.6

2.2.2 Issues Pertaining to Patching Oracle SOA Suite

This section contains the following:

2.2.2.1 Patch Set Assistant Fails When Updating the SOAINFRA Schema in SQL Server Databases

If you attempt to update the SOAINFRA schema in a Microsoft SQL Server database, then the Fusion Middleware Patch Set Assistant fails to complete the operation. This is a known issue with no current workaround. Contact Oracle Support or refer to My Oracle Support for more information:

http://support.oracle.com/

2.2.2.2 Exception Seen When Extending Your Existing Oracle SOA Suite Domain with Oracle Business Process Management Suite

The following intermittent exception may be seen in cases where you have upgraded your Oracle SOA Suite software to release 11.1.1.3.0 with the Patch Set Installer, and are extending your existing domain to include Oracle Business Process Management Suite:

javax.ejb.EJBTransactionRolledbackException: EJB Exception: ; nested exception
 is: javax.persistence.PersistenceException: Exception
[EclipseLink-4002] (Eclipse Persistence Services - 2.0.2.v20100323-r6872):
 org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLIntegrityConstraintViolationException:
 ORA-02292: integrity constraint (DB9128_SOAINFRA.BPM_CUBE_ROLE_FK1) violated -
 child record found.
Error Code: 2292
Call: DELETE FROM BPM_CUBE_PROCESS WHERE (PROCESSID = ?)
        bind => [247]
Query: DeleteObjectQuery(CubeProcess(domain:default, composite:counter_extended,
 revision:1.0, name:Process, hasNametab:true));
nested exception is: javax.persistence.PersistenceException: Exception
[EclipseLink-4002] (Eclipse Persistence Services - 2.0.2.v20100323-r6872):
 org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLIntegrityConstraintViolationException:
ORA-02292: integrity constraint (DB9128_SOAINFRA.BPM_CUBE_ROLE_FK1) violated -
 child record found

This is a harmless exception. To avoid seeing this exception, do the following:

  1. Connect to your database as the SOA schema user.

  2. Drop the BPM_CUBE_ROLE_FK1 constraint by executing the following:

    ALTER TABLE BPM_CUBE_ROLE DROP CONSTRAINT BPM_CUBE_ROLE_FK1;
    
  3. Recreate the BPM_CUBE_ROLE_FK1 constraint by executing the following:

    ALTER TABLE BPM_CUBE_ROLE ADD CONSTRAINT BPM_CUBE_ROLE_FK1 FOREIGN KEY @
    (ProcessId) REFERENCES BPM_CUBE_PROCESS(ProcessId) ON DELETE CASCADE;
    
  4. Restart the Oracle SOA Managed Server.

2.2.2.3 Exception Seen When Undeploying any SOA Composite with Range-Based Dimension Business Indicators

The following intermittent exception may be seen in cases where you have upgraded your Oracle SOA Suite software to release 11.1.1.3.0 with the Patch Set Installer, and have undeployed SOA composites that have range-based dimension business indicators:

javax.ejb.EJBTransactionRolledbackException: EJB Exception: ; nested
exception is: javax.persistence.PersistenceException: Exception
[EclipseLink-4002] (Eclipse Persistence Services - 2.0.2.v20100323-r6872):
org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLIntegrityConstraintViolationException:
ORA-02292: integrity constraint (DB9967_SOAINFRA.BPM_CUBE_NAMETAB_RANGE_FK1)
violated - child record found
 
Error Code: 2292
Call: DELETE FROM BPM_CUBE_NAMETAB WHERE ((EXTENSIONID = ?) AND (NAMETABID =
?))
        bind => [0, 603]
Query:
DeleteObjectQuery(oracle.bpm.analytics.cube.persistence.model.CubeNametab@b7b8
2a); nested exception is: javax.persistence.PersistenceException: Exception
[EclipseLink-4002] (Eclipse Persistence Services - 2.0.2.v20100323-r6872):
org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLIntegrityConstraintViolationException:
ORA-02292: integrity constraint (DB9967_SOAINFRA.BPM_CUBE_NAMETAB_RANGE_FK1)
violated - child record found 

This exception is harmless and can be safely ignored. To avoid seeing this exception, do the following:

  1. Connect to your database as the SOA schema user.

  2. Drop the BPM_CUBE_NAMETAB_RANGE_FK1 constraint by executing the following:

    ALTER TABLE BPM_CUBE_NAMETAB_RANGE  DROP CONSTRAINT BPM_CUBE_NAMETAB_RANGE_FK1;
    
  3. Recreate the BPM_CUBE_NAMETAB_RANGE_FK1 constraint by executing the following:

    ALTER TABLE BPM_CUBE_NAMETAB_RANGE ADD CONSTRAINT BPM_CUBE_NAMETAB_RANGE_FK1
    FOREIGN KEY @ (ProcessId, NametabId, ExtensionId) REFERENCES
    BPM_CUBE_NAMETAB (ProcessId, NametabId, ExtensionId) ON DELETE CASCADE;
    
  4. Restart the Oracle SOA Managed Server.

2.2.2.4 Running Oracle Business Process Management Suite with Microsoft SQL Server 2008 Database

If you have patched your existing Oracle SOA Suite installation with the Patch Set Installer to include Oracle Business Process Management Suite and you are using a Microsoft SQL Server 2008 database, the following procedure is required after you have patched your software:

  1. Login to the Administration Console.

  2. In the "Connection Pools" tab, add the following property in the "Properties" section for the mds-owsm and mds-soa data sources:

    ReportDateTimeTypes=false
    

2.2.2.5 Update to Oracle SOA Suite Release 11.1.1.3.0 Does Not Remove the b2b.r1ps1 Property

After you update your Release 11.1.1.2.0 software to Release 11.1.1.3.0, and login to the Oracle Enterprise Manager Console and navigate to the b2b Properties screen, the b2b.r1ps1 property (used to enable Release 11.1.1.2.0 features such as DocProvisioning and TransportCallout) is still visible. This property is removed for Release 11.1.1.3.0.

To remove this property, use the MBean browser remove property operation in Fusion Middleware Control. For more information, see "Configuring B2B Operations" in Oracle Fusion Middleware Administrator's Guide for Oracle SOA Suite and Oracle BPM Suite.

2.2.2.6 Manual Steps for Migrating Oracle UMS and Oracle MDS

If you migrate your database schemas from Release 11.1.1.1.0 to Release 11.1.1.2.0 with the BAM Alone option:

ant master-patch-schema -DpatchMaster.Componentlist=BAM

The Oracle BAM server will not start and you will receive UMS and MDS exceptions. After executing above command, if no errors are seen in the log files and if the version in schema_version_registry is changed to 11.1.1.2.0 for Oracle BAM, then the following commands must be executed to manually migrate Oracle UMS and MDS:

ant master-patch-schema -DpatchMaster.Componentlist=MDS
ant master-patch-schema -DpatchMaster.Componentlist=UMS

Then, start the Oracle BAM server after running these commands.

2.2.2.7 Monitored BPEL Processes Generate Warning Messages in Log File After Applying 11g Release 1 (11.1.1.4.0) Patch Set

If you deployed BPEL processes that are instrumented with monitors, then Oracle BAM might generate warning messages in the SOA diagnostic log file after you apply the 11g Release 1 (11.1.1.4.0) patch set.

This is because a new business indicator data object field ("LATEST") was added for Oracle Fusion Middleware 11g Release 1 (11.1.1.4.0).

To avoid the warning message and to take advantage of the new data object field, redeploy the BPEL process after you apply the 11g Release 1 (11.1.1.4.0) patch set.

For more information about the LATEST data object field, see "Understanding Business Indicator Data Objects" in the Oracle Fusion Middleware Developer's Guide for Oracle SOA Suite.

2.2.2.8 Oracle Rules Error in Administration Server Log Files After Patching an 11g Release 1 (11.1.1.2.0) Domain

If you are applying the latest Oracle Fusion Middleware 11g patch set to an 11g Release 1 (11.1.1.2.0) Oracle home, then you might see the following error in the Administration Server log files:

<Unresolved optional package references (in META-INF/MANIFEST.MF):
[Extension-Name: oracle.rules, referenced from: 
/app/orasoa/product/soa11g/middleware/user_projects
   /domains/soadev/servers/AdminServer/tmp/_WL_user/emai/xalnv4]
Make sure the referenced optional package has been deployed as a library.>

You will see this error if deployed a Oracle SOA Suite composite application to the domain previous to applying the patch set. This because, starting with Oracle Fusion Middleware 11g Release 1 (11.1.1.3.0), the Rules library (oracle.rules) must be targeted to the Administration Server, as well as to the SOA managed servers.

To avoid this message:

  1. Use the Oracle WebLogic Server Administration Console to select the oracle.rules shared library and target it to the Administration Server as well as to the SOA managed servers in the domain.

  2. Redeploy the application to the domain using Oracle JDeveloper 11g Release 1 (11.1.1.3.0) or later.

2.2.2.9 Incorrect Instance State of Composite Applications After Applying the Latest Patch Set

If you deployed any composite applications in Oracle SOA Suite 11g Release 1, and then you apply the latest 11g Release 1 patch set, then you might find that the instance state of some of your composite applications appears incorrect.

For example, if any of your composite applications were in a "recovery required" state before you applied the patch set, then those composite applications may be identified as completed when you view them on the Dashboard tab of the SOA Composite page in Fusion Middleware Control.

In these cases, you can ignore the "completed" indicator. The instances are actually still running and will be treated as such by other operations, such as a purge operation.

After you install the patch set, you should analyze each of these instances to determine whether they should be completed, aborted, or left to continue.

For more information about monitoring the state of SOA Composite applications, see "Monitoring SOA Composite Applications" in the Oracle Fusion Middleware Administrator's Guide for Oracle SOA Suite and Oracle BPM Suite.

2.2.3 Issues Pertaining to Patching Oracle WebCenter Portal

This section contains the following:

2.2.3.1 Problem Using WebCenter Portal: Spaces Customizations with .jsp Pages after Installing the 11.1.1.7.0 Patch Set

If you extended WebCenter Portal: Spaces 11g Release 1 (11.1.1.2.0) or Release 1 (11.1.1.3.0) with your own customizations, then before you upgrade, you must ensure that the customization shared library uses .jspx pages and not .jsp pages.

After you upgrade to WebCenter Portal: Spaces 11.1.1.7.0, custom site templates will not render if they use .jsp pages.

Note that if you followed the white paper Customizing Site Templates in WebCenter Spaces to develop your custom site templates, then your pages should already be .jspx pages.

2.2.3.2 Errors When Updating Oracle WebCenter Portal Using WLST Commands

If you are updating Oracle WebCenter Portal using WLST commands, you may see some error messages as described in this section. These errors can be safely ignored provided that when the command completes there is some text indicating the successful completion of the command.

When running the upgradeWebCenterDomain WLST command, you may see the following error message:

Error: addTemplate() failed. Do dumpStack() to see details.

When running the upgradeWebCenterPermissions command, you may see the following error message:

Command FAILED, Reason: JPS-04204: Cannot revoke permissions.

2.2.3.3 Errors When Adding Tagging and Search Task Flows to Pages

In your Oracle WebCenter 11.1.1.4.0 instance if you used a resource catalog based on the Default Page Template Catalog, then in your patched WebCenter Portal 11.1.1.7.0 instance you may encounter problems while adding the Tagging and Search task flows to pages. To address this issue, in your patched instance, you must edit your resource catalog, and add the Tagging and Search task flows again.

2.2.3.4 Personalization Settings in Activity Graph Task Flows Lost When WebCenter Portal is Patched

Personalization settings made for Activity Graph task flows, such as Similar Items and Recommended Connections, may be lost and task flows may revert to default settings when you patch WebCenter Portal to the latest release. You must make all the personalization settings again for your Activity Graph task flows as required.

2.2.3.5 Language Not Displayed in the List of Languages Offered in Spaces

If you extended the Spaces application to add support for a new language, you may encounter problems working with the language after you patch to WebCenter Portal 11.1.1.7.0. The language may not display in the default list of languages offered in Spaces. To resolve this issue, you must re-upload the supported-languages.xml file containing the entry for the required language.

2.2.4 Issues Pertaining to Patching Oracle Identity Management

This section contains the following:

2.2.4.1 Access Denied When Running the oimPS1PS2upgrade Script

If you are upgrading Oracle Identity Management and need to run the oimPS1PS2upgrade.sh script, you must add the following to the grant() method in the JAVA_HOME\jre\lib\security\java.policy file:

// JMX Java Management eXtensions
permission javax.management.MBeanTrustPermission "register";

After making this change, stop and restart all the servers.

2.2.4.2 Installer Prompts for OID Privileged Ports Twice During the Patch Installation

If you are patching an existing Oracle Internet Directory installation to 11g Release 1 (11.1.1.7.0), you will be prompted to run the oracleRoot.sh script near the end of the patch installation, which in turn will ask for the following:

Do you want to run oidRoot.sh to configure OID for privileged ports?(yes/no)

Depending on the OID version being patched, you may be asked this question a second time. Make sure you enter the same response ("Yes" or "no") both times in order for the script to run correctly.

There is no work around for this issue.

2.2.4.3 Installer Does Not Detect Existing Oracle Home

If you are upgrading to Oracle Identity Management to 11g Release 1 (11.1.1.7.0) from 11g Release 1 (11.1.1.4.0), the installer does not detect the existing Oracle home directory for upgrade in the following environments:

  • On 64-bit Windows operating systems, using the Traditional Chinese, Simplified Chinese, or Korean locales.

  • On 64-bit Linux operating systems, using the Non UTF-8 locale for Japanese, Korean, Simplified Chinese and Traditional Chinese.

This is caused because the English word "Optional" gets translated in the MW_HOME/oracle_common/inventory/ContentsXML/comps.xml file.

There are two work arounds for this issue:

  1. Manually specify the Oracle Identity Management Oracle home directory you want to update, and then continue with the upgrade installation.

  2. Find all occurrences of the translated word and replace them with the English word "Optional" in the comps.xml file and then run the installer after you are finished making the changes. The word "Optional" appears with the following two parameters in the comps.xml file:

    DEP_GRP_NAME="Optional"
    EXT_NAME="Optional"
    

    Note:

    The comps.xml file is an important file used by the Oracle Universal Installer so it is important that you do not make any errors while editing this file. You should make a backup copy of this file before you make any changes.


2.2.4.4 Uploading Third Party JAR Files to the Database

During the update of Oracle Identity and Access Management to 11g Release 1 (11.1.1.5.0), third party JAR files (for example, ldapbp.jar which is required for connector functionality) that are present in the file system are not uploaded to database by the upgrade process. You must manually upload these JAR files to the database using the UploadJars.sh utility.

For more information, see the "Upload JAR and Resource Bundle Utilities" chapter in Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

2.2.4.5 Access Policy With Approval Does Not Work After Patch

In 11g Release 1 (11.1.1.5.0), the following new policies are introduced for Oracle Entitlements Server (OES):

  • SelfServiceUserManagementPolicies.xml

  • UserManagementPolicies.xml

Because of this change, a request for approval is not generated when a new policy with approval is added.

To work around this issue, add the "Request Administrator" role to the "Access Policy Based Provisioning" request template:

  1. Login to "Advance Console."

  2. Go to Request Templates on the Configuration tab.

  3. Search for and open the "Access Policy Based Provisioning" request template.

  4. Go to the Template User Roles tab on the Template Details page.

  5. From the left pane in "Available Roles," search for and assign the "Request Administrators" role.

    The assigned role will appear in the right pane under "Selected Roles."

  6. Save the request template.

2.2.4.6 OID and OVD Saved Connections Not Available After Patch From 11g Release 1 (11.1.1.2.0) or 11g Release 1 (11.1.1.3.0)

If you are patching Oracle Internet Directory (OID) or Oracle Virtual Directory (OVD) from 11g Release 1 (11.1.1.2.0) or 11g Release 1 (11.1.1.3.0) to 11g Release 1 (11.1.1.4.0) or later, your saved connections in the previous releases will not be available after the patch.

If you are patching from 11g Release 1 (11.1.1.4.0) to any later release, then your saved connections in OID and OVD will be available.

There is no work around for this issue.

2.2.4.7 Harmless Error When Running the upgradeOpss() Command When Upgrading Oracle Identity Management

During the upgrade of Oracle Identity Manager 11g Release 1 (11.1.1.3.0) to 11g Release 1 (11.1.1.5.0), you are asked to run the upgradeOpss WLST (online) command to update Oracle Platform Security Services (OPSS).

The following message will be visible on the console when you run the upgradeOpss command:

WLS ManagedService is not up running. Fall back to use system properties for configuration.
date_and_time oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy <init>
WARNING: No identity store associate with policy store found.
Upgrade of jps configuration and security stores is done.

This message is harmless and can be safely ignored.

2.2.4.8 Harmless Errors in the Log Files After Patching Oracle Identity Management to 11g Release 1 (11.1.1.4.0)

After patching and configuring Oracle Identity Management to 11g Release 1 (11.1.1.4.0), the following errors are seen in the wls_oif1-diagnostics.log file when Single Sign-On is used for Oracle Identity Federation:

[2010-08-05T13:05:30.754-07:00] [wls_oif1] [INCIDENT_ERROR] [FED-10174]
[oracle.security.fed.model.config.Configuration] [tid:
[ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: <anonymous>] [ecid:
42ef6c66fe18f3ad:291f353a:12a43da27c1:-8000-0000000000000021,0] [APP:
OIF#11.1.1.2.0] [arg: certvalidationtimeout] Property was not found:
certvalidationtimeout.
.
[2010-08-05T13:05:37.174-07:00] [wls_oif1] [INCIDENT_ERROR] [FED-10174]
[oracle.security.fed.model.config.Configuration] [tid:
[ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: <anonymous>] [ecid:
42ef6c66fe18f3ad:291f353a:12a43da27c1:-8000-0000000000000021,0] [APP:
OIF#11.1.1.2.0] [arg: schemavalidationenabled] Property was not found:
schemavalidationenabled

[2010-08-06T17:09:23.861-07:00] [wls_oif1] [INCIDENT_ERROR] [FED-10174]
[oracle.security.fed.model.config.Configuration] [tid:
[ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: <anonymous>] [ecid:
f6d9b81289e40cee:42d4f595:12a49b7af7a:-8000-000000000000086f,0] [APP:
OIF#11.1.1.2.0] [arg: certpathvalidationenabled] Property was not found:
certpathvalidationenabled.
 
[2010-08-06T17:11:27.173-07:00] [wls_oif1] [INCIDENT_ERROR] [FED-10174]
[oracle.security.fed.model.config.Configuration] [tid:
[ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: <anonymous>] [ecid:
f6d9b81289e40cee:42d4f595:12a49b7af7a:-8000-00000000000009a0,0] [APP:
OIF#11.1.1.2.0] [arg: httpheaderattrcollector] Property was not found:
httpheaderattrcollector. 

There errors are harmless and can be safely ignored.

To avoid seeing these errors, run the oif-upgrade-11.1.1.2.0-11.1.1.4.0.py script after you have patched your software to 11.1.1.4.0 as described in "Updating Configuration Properties in Oracle Identity Federation" in the Oracle Fusion Middleware Patching Guide.

2.2.4.9 Harmless Warning Message When Migrating Oracle Identity Federation from 11g Release 1 (11.1.1.1.0) to 11g Release 1 (11.1.1.2.0)

When you are using the Patch Assistant migration scripts to migrate Oracle Identity Federation from 11g Release 1 (11.1.1.1.0) to 11g Release 1 (11.1.1.2.0), you may see the following error message:

WLSTException: Error occured while performing addHelpCommandGroup : Error
getting resource bundle: : Can't find bundle for base name
oifWLSTResourceBundle, locale en_US

This message is harmless and can be safely ignored.

2.2.4.10 Harmless Errors Logged When Patching Oracle Identity Management 11g Release 1 (11.1.1.2.0) to 11g Release 1 (11.1.1.3.0)

You may see some of the following error messages in installation log files after patching an Oracle Identity Management 11g Release 1 (11.1.1.2.0) installation to 11g Release 1 (11.1.1.3.0):

External name..INVALID_ORACLE_DIRECTORY_MSG_STRING

In doFinish method checking for inventory lock...InstallProgressPage

Next page is a progress page and the inventory lock is false

/bin/chmod: changing permissions of ORACLE_HOME/install/root.log': Operation not permitted

/bin/chmod: changing permissions of ORACLE_HOME/bin/nmhs': Operation not permitted

/bin/chmod: changing permissions of ORACLE_HOME/bin/nmb': Operation not permitted

/bin/chmod: changing permissions of ORACLE_HOME/bin/nmo': Operation not permitted

inventoryLocation: /scratch/aime1/oraInventory

Mode:init

Such messages can be ignored.

2.2.4.11 Harmless Exception Seen When Starting Oracle Identity Management Server 11g Release 1 (11.1.1.5.0)

After updating Oracle Identity Management to 11g Release 1 (11.1.1.5.0), the following exception may be seen when starting Oracle Identity Management Server:

java.lang.ClassNotFoundException: ADP ClassLoader failed to load:com.thortech.xl.schedule.tasks.tcTskScheduledProvision

This error is harmless and can be safely ignored.

2.2.5 Issues Pertaining to Patching System Components

This section contains the following:

2.2.5.1 Granting Access to Network-Related Packages for the Oracle Portal Schema

While running the Patch Set Assistant to upgrade the schema for Oracle Portal 11g Release 1 (11.1.1.4.0) in an environment where Oracle Single Sign-On 10.1.4.3 is running against Oracle Internet Directory 11g and Oracle Database 11.2.0.2, the following exception is encountered:

ORA-24247: network access denied by access control list (ACL)

To address this issue when executing network-related packages, access must be granted to the user using these packages. You must create the ACL for the ORASSO schema user, and assign it to the OID host. Then, you must run the wdbigra.sql script, which gives the required grants to Oracle Portal schema.

  1. Grant the ACL for the PORTAL schema user and assign it for the OID host.

    Connect as sys as sysdba and assign the ACL as in the example below, where examplehost.exampledomain.com is the OID hostname and the DEV_PORTAL is the Oracle Portal schema specified for the installation:

    DECLARE
    acl_path VARCHAR2(4000);
     
    BEGIN
     
    SELECT acl INTO acl_path FROM dba_network_acls
    WHERE host = 'examplehost.exampledomain.com' AND lower_port IS NULL AND upper_port IS NULL;
    dbms_output.put_line('acl_path = '|| acl_path);
    dbms_output.put_line('ACL already Exists. Checks for Privilege and add the Privilege');
    IF DBMS_NETWORK_ACL_ADMIN.check_privilege(acl_path,'DEV_PORTAL','connect') IS NULL THEN
       DBMS_NETWORK_ACL_ADMIN.add_privilege (
       acl => acl_path,
       principal => 'DEV_PORTAL',
       is_grant => TRUE,
       privilege => 'connect');
    END IF; 
    END;
    /
    COMMIT;
    

    When no ACL has been assigned for the OID host, create the ACL:

    EXCEPTION
    WHEN no_data_found THEN
    
    DBMS_NETWORK_ACL_ADMIN.create_acl (
       acl => 'sso_oid.xml',
       description => 'ACL for SSO to connect to OID',
       principal => 'ORASSO',
       is_grant => TRUE,
       privilege => 'connect');
     
    DBMS_NETWORK_ACL_ADMIN.assign_acl (
       acl => 'sso_oid.xml',
       host => 'examplehost.exampledomain.com');
    END;
    /
    COMMIT; 
    

    Use the following SQL command to verify that the ACL was created:

    select * from dba_network_acls; 
    
  2. Modify the values of the host and schema in the wdbigra.sql file, located in the ORACLE_HOME/upgrade/portal/admin/plsql/wwv directory.

    Change the following:

    host varchar2(1)        := '*';
    schema varchar2(2000)   := upper('&&1'); 
    

    To the following:

    host varchar2(1)        := '&OID_HOST';
    schema varchar2(2000)   := upper('&PORTAL_SCHEMA'); 
    
  3. Run the wdbigra.sql script to give the grants to the Oracle Portal schema.

    The script will prompt you for the following:

    • The value for the oid_host.

      Specify the host where Oracle Internet Directory is running (for example, examplehost.exampledomain.com).

    • The value for the portal_schema.

      Specify the prefix and schema name (for example, DEV_PORTAL).

2.2.5.2 Redeploy System Components to Ensure Proper Deinstallation

After you have patched your system component software (Oracle Portal, Forms, Reports and Discoverer, Oracle Identity Management, or Oracle Web Tier) and started all services, you must manually redeploy your system components if you are extending your existing domain. To do so, follow the instructions to redeploy in the "Upgrading System Components" section of the Oracle Fusion Middleware Patching Guide.

If you do not redeploy your system components, you will encounter problems when you attempt to remove them.

2.2.5.3 Setting Execute Permissions for emctl When Migrating System Components

When you migrate any 11g Release 1 (11.1.1.1.0) system component to 11g Release 1 (11.1.1.2.0), the following error message can be seen on the console window:

Process (index=1,uid=1270434032,pid=0)
Executable file does not have execute permission.

INSTANCE_HOME/EMAGENT/EMAGENT/bin/emctl
failed to start a managed process after the maximum retry limit
Executable file does not have execute permission.

The work around is to manually change the permissions of the emctl executable. For example:

chmod +x INSTANCE_HOME/EMAGENT/EMAGENT/bin/emctl

After changing the permissions, restart all the opmnctl processes.

2.2.6 Issues Pertaining to Version Numbers After Patching

This section contains the following:

2.2.6.1 Oracle SOA Suite Tasks Not Visible in Firefox Browser After Upgrade

If you are upgrading Oracle SOA Suite to 11g Release 1 (11.1.1.7.0) from any previous release, not all tasks may be visible in Firefox browser after the upgrade is complete.

To work around this issue, refresh your browser's cache to see all tasks.

2.2.6.2 Some Applications Show Old Version Number After Patching

After you patch your Oracle Fusion Middleware environment, some applications still show the version number from previous releases. For example, after you patch Oracle WebLogic Server 10.3.4 to the latest release, the version number is still shown as 10.3.4.

There is no work around for this issue.

2.2.6.3 MDS Schema Version Number is Incorrect

If you are running Fusion Middleware products that use the Metadata Services schema (MDS) and your Fusion Middleware products are older than 11g Release 1 (11.1.1.4.0), the schema version number for the MDS schema in Enterprise Manager will be the previous release number, even if you have updated the MDS schema to 11g Release 1 (11.1.1.4.0).

In order for the MDS schema version number to appear correctly, both the schema and the Fusion Middleware product software must be up to date with the most recent version.

2.2.6.4 Oracle BI Components Show Incorrect Version Number After Patching

After you patch your existing Oracle Business Intelligence (BI) software to 11g Release 1 (11.1.1.4.0), some Oracle BI components (for example, Oracle BI Publisher or Oracle RTD) will still show the version number from your previous release when viewed using Oracle Enterprise Manager.

There is no work around for this issue.

2.2.6.5 Adding the Version Number for the odi-sdk-ws Application in config.xml

In 11g Release 1 (11.1.1.6.0), the odi-sdk-ws application was updated to introduce a version number. If you are upgrading the odi-sdk-ws application to 11g Release 1 (11.1.1.6.0) from any previous release, this version number must be added to the config.xml file prior to starting the Administration server or Managed Servers in the domain.

To do this:

  1. Edit the DOMAIN_HOME/config/config.xml file.

  2. Change the following line:

    <name>odi-sdk-ws</name>
    

    To add a version number, as follows:

    <name>odi-sdk-ws#11.1.1.6.0.1</name>
    
  3. Start or restart the Administration Server and Managed Servers in the domain.

2.2.7 Issues Pertaining to Displays During or After Patching

This section contains the following:

2.2.7.1 Pages in Oracle Enterprise Manager and Oracle Directory Services Manager do not Display Correctly

After upgrading to 11g Release 1 (11.1.1.7.0), if you encounter problems with pages in Oracle Enterprise Manager (EM) or Oracle Directory Services Manager (ODSM) not being displayed correctly, do the following before starting all the servers in the domain:

  1. Add the value -XX:-UseSSE42Intrinsics to the DOMAIN_HOME/bin/setDomainEnv.sh file as follows:

    Find the following section of code:

    if [ "${JAVA_VENDOR}" = "Sun" ] ; then
            MEM_ARGS="${MEM_ARGS} ${MEM_DEV_ARGS} ${MEM_MAX_PERM_SIZE}"
            export MEM_ARGS
    fi
     
    if [ "${JAVA_VENDOR}" = "HP" ] ; then
            MEM_ARGS="${MEM_ARGS} ${MEM_MAX_PERM_SIZE}"
            export MEM_ARGS
    fi
     
    if [ "${JAVA_VENDOR}" = "Apple" ] ; then
            MEM_ARGS="${MEM_ARGS} ${MEM_MAX_PERM_SIZE}"
            export MEM_ARGS
    fi
    

    And change it to:

    if [ "${JAVA_VENDOR}" = "Sun" ] ; then
            MEM_ARGS="${MEM_ARGS} ${MEM_DEV_ARGS} ${MEM_MAX_PERM_SIZE} -XX:-UseSSE42Intrinsics"
            export MEM_ARGS
    fi
     
    if [ "${JAVA_VENDOR}" = "HP" ] ; then
            MEM_ARGS="${MEM_ARGS} ${MEM_MAX_PERM_SIZE} -XX:-UseSSE42Intrinsics"
            export MEM_ARGS
    fi
     
    if [ "${JAVA_VENDOR}" = "Apple" ] ; then
            MEM_ARGS="${MEM_ARGS} ${MEM_MAX_PERM_SIZE} -XX:-UseSSE42Intrinsics"
            export MEM_ARGS
    fi
    
  2. For Oracle EM, remove the .css file from the following directory:

    On UNIX operating systems:

    DOMAIN_HOME/servers/AdminServer/tmp/_WL_user/em/random_dir/public/adf/styles/cache
    

    On Windows operating systems:

    DOMAIN_HOME\servers\AdminServer\tmp\_WL_user\em\random_dir\public\adf\styles\cache
    
  3. For ODSM, remove the .css file from the following directory:

    On UNIX operating systems:

    DOMAIN_HOME/servers/wls_ods1/tmp/_WL_user/odsm_release/random_dir/public/adf/styles/cache
    

    On Windows operating systems:

    DOMAIN_HOME\servers\wls_ods1\tmp\_WL_user\odsm_release\random_dir\public\adf\styles\cache
    
  4. Clear your browser cache to remove any browser clients that visited the sites using the .css file you just removed.

  5. Start or restart all the servers in the domain.

2.2.8 Warning and Error Messages Seen as a Result of Patching

This section contains the following:

2.2.8.1 Harmless Warnings When Running upgradeOpss()

When running the upgradeOpss() WLST command to upgrade configurations and stores to 11g Release 1 (11.1.1.4.0), the following error messages may be seen:

oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy
migrateData
WARNING: cannot migrate a global grant. Reason
oracle.security.jps.service.policystore.PolicyStoreException: Found 2 permissions
in the store matching: ([PermissionEntry:class=java.util.PropertyPermission
target=weblogic.Name resourceType=null actions=read,PERMISSION, name=null,
uniqueName=null, guid=null]
[jaznGranteeDn=orclguid=AC171BF0E72711DEBF9CCF0B93FB22A1,cn=Grantees,
cn=JAASPolicy,cn=systempolicy,cn=webcenter,cn=JPSContext,cn=jpsroot_webcenter_IR14_prod}),
[PermissionEntry: class=java.util.PropertyPermission target=weblogic.Name
resourceType=null actions=read,PERMISSION, name=8228FD8036F711DEAF24DB7D80B2D07C,
uniqueName=orclguid=8228FD8036F711DEAF24DB7D80B2D07C,cn=Permissions,cn=JAASPolicy,
cn=systempolicy,cn=webcenter,cn=JPSContext,cn=jpsroot_webcenter_IR14_prod, 
guid=8228FD8036F711DEAF24DB7D80B2D07C]
[jaznGranteeDn=orclguid=822505e036f711deaf24db7d80b2d07c,cn=grantees,cn=jaas
policy,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_prod}1
[PermissionEntry: class=java.util.PropertyPermission target=weblogic.Name 
resourceType=null actions=read,PERMISSION, name=8228FD8036F711DEAF24DB7D80B2D07C, 
uniqueName=orclguid=8228FD8036F711DEAF24DB7D80B2D07C,cn=Permissions,cn=JAASPolicy,
cn=systempolicy,cn=webcenter,cn=JPSContext,cn=jpsroot_webcenter_IR14_prod, 
guid=8228FD8036F711DEAF24DB7D80B2D07C]
[jaznGranteeDn=orclguid=822505e036f711deaf24db7d80b2d07c,cn=grantees,cn=jaaspolicy
,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_prod}
[PermissionEntry: class=java.util.PropertyPermission target=weblogic.Name 
resourceType=null actions=read,PERMISSION, name=AC198CF0E72711DEBF9CCF0B93FB22A1, 
uniqueName=orclguid=AC198CF0E72711DEBF9CCF0B93FB22A1,cn=Permissions,cn=JAASPolicy,
cn=systempolicy,cn=webcenter,cn=JPSContext,cn=jpsroot_webcenter_IR14_prod, guid=AC198CF0E72711DEBF9CCF0B93FB22A1]
[jaznGranteeDn=orclguid=822505e036f711deaf24db7d80b2d07c,cn=grantees,cn=jaaspolicy
,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_prod}
[jaznGranteeDn=orclguid=ac171bf0e72711debf9ccf0b93fb22a1,cn=grantees,cn=jaaspolicy
,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_prod}2
[PermissionEntry: class=java.util.PropertyPermission target=weblogic.Name 
resourceType=null actions=read,PERMISSION, name=AC198CF0E72711DEBF9CCF0B93FB22A1,
uniqueName=orclguid=AC198CF0E72711DEBF9CCF0B93FB22A1,cn=Permissions,cn=JAASPolicy,
cn=systempolicy,cn=webcenter,cn=JPSContext,cn=jpsroot_webcenter_IR14_prod, 
guid=AC198CF0E72711DEBF9CCF0B93FB22A1]
[jaznGranteeDn=orclguid=822505e036f711deaf24db7d80b2d07c,cn=grantees,cn=jaaspolicy
,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_
prod}[jaznGranteeDn=orclguid=ac171bf0e72711debf9ccf0b93fb22a1,cn=grantees,cn=jaas
policy,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_prod}

These messages are harmless and can be safely ignored.

2.2.8.2 Harmless Warning Message in Log File When Patching Multiple Products to the Same Version

In a scenario where you have a product that is already patched to version 11g Release 1 (11.1.1.3.0) in a Middleware home, and then you attempt to patch a second product to the same version in the same Middleware home, a warning message similar to the following will appear in the installtimestamp.out file:

Attempting to install 1 patches
Mar 3, 2010 1:00:07 PM [THREAD: Thread-1]
com.bea.cie.paf.internal.attach.PatchManagerImpl install
WARNING: Warning:  Patch already installed: PBY8
 
Patch installation success
Patch installation success
Success..
[SOARootService.getRootActions] autoPortsDetect =null
[SOARootService.getRootActions] privilegedPorts =null

This warning message can be safely ignored.

2.2.8.3 Error When Accessing the Oracle Portal Home Page

If you are upgrading to Oracle Portal 11g Release 1 (11.1.1.6.) from any previous release, the following error message is displayed in the browser when accessing the Oracle Portal home page:

XML Parsing Error: syntax error
Location: http://exampleserver.exampledomain:port/portal/pls/portal/dev_portal.home
Line Number 1, Column 1:An error occurred while processing the request. Try refreshing your browser. If the problem persists contact the site administrator
î

This occurs because the Web Cache invalidation password stored in Web Cache and the password stored in the Portal repository are not the same.

To resolve this issue:

  1. Reset the Oracle Web Cache invalidator password in the Administration repository:

    1. Log in to Enterprise Manager in the domain where Web Cache is running:

      http://administration_server_host:administration_server_port/em
      
    2. From the navigation section on the left, open "Web Tier" then click on the Web Cache instance name.

    3. Find the drop-down menu on the right-hand side of the page under the Web Cache instance name, then select Administration > Password from the menu.

    4. Specify a new invalidation password.

    5. Restart Oracle Web Cache.

  2. Reset the Oracle Web Cache invalidator password in the Oracle Portal repository:

    1. Log in to Enterprise Manager in the domain where Oracle Portal is running:

      http://administration_server_host:administration_server_port/em
      
    2. From the navigation section on the left, open "Portal" then click on the Oracle Portal Managed Server name.

    3. Find the drop-down menu on the right-hand side of the page under the Oracle Portal instance name, then select Settings > Wire Configuration from the menu.

    4. Specify a new invalidation password - the same password you specified in the Administration repository.


      Note:

      the "Invalidation User" user name should be same as the user name used on the Oracle Web Cache side.


    5. Click Apply.

      There is a known issue at this point - refer to "Resolving JDBC Errors in Oracle Reports and Oracle Portal" in the Oracle Fusion Middleware Patching Guide for more information.

    6. Delete the Oracle Portal File Cache in the ORACLE_INSTANCE/portal/cache directory.

    7. Restart Oracle Web Cache and the Oracle Portal Managed Server.

2.2.8.4 Applications Generate javax.xml.bind.JAXBException Runtime Errors After Installing 11g Release 1 (11.1.1.4.0) Patch Set

If any of the applications you deployed on Oracle Fusion Middleware 11g Release 1 (11.1.1.2.0) or 11g Release 1 (11.1.1.3.0) include EclipseLink-JAXB classes that have no-arg constructors missing, then after you install 11g Release 1 (11.1.1.4.0), the application might generate the following exceptions during runtime:

javax.xml.bind.JAXBException

To avoid this error:

  1. Modify the classes and add default no-arg constructors where necessary.

  2. Compile and redeploy your project to the newly patched Oracle Fusion Middleware 11g Release 1 (11.1.1.4.0) domain.

Below is an example of a typical no-arg constructor:

public class PriceQuote implements Serializable
{
   // Make sure you have constructor with no arguments
   public PriceQuote() }
   }
}

2.2.9 Oracle Configuration Manager Fails When Patching Oracle Identity Management and Oracle Web Tier

If you are upgrading Oracle Identity Management or Oracle Web Tier to 11g Release 1 (11.1.1.7.0) from any release prior to and not including 11g Release 1 (11.1.1.6.0), and you did not previously configure Oracle Configuration Manager, then Oracle Configuration Manager will fail if you decide to configure it in 11g Release 1 (11.1.1.7.0).

To work around this issue, you can do the following prior to running the 11g Release 1 (11.1.1.7.0) configuration wizard:

  1. Go to the ORACLE_HOME/ccr/bin directory.

  2. Run the following commands:

    setupCCR
    configCCR
    emCCR collect
    emCCR status
    

You can also do the following if you choose to skip the Oracle Configuration Manager configuration when you initially run the 11g Release 1 (11.1.1.7.0) configuration wizard but then choose to configure it later:

  1. Go to the ORACLE_HOME/ccr/bin directory.

  2. Set the ORACLE_CONFIG_HOME environment variable to your Instance home directory.

  3. Run the following commands:

    setupCCR
    configCCR
    emCCR collect
    emCCR status
    

2.2.10 Resolving Oracle Service Bus Object Conflicts

After patching Oracle Service Bus, it is possible that some older objects in the server cache could conflict with the newer version of Oracle Service Bus objects. To clear the cache and prevent these conflicts, delete the DOMAIN_HOME/tmp/cache/stage folder.

You can delete this folder either prior to patching, or after patching. If you do this after patching your software, you must remember to shut down and restart all the servers.

2.2.11 Manual Step for ODI-BAM Users After Installing 11.1.1.4.0 Patch Set

If you are integrating Oracle Data Integrator (ODI) with Oracle Business Activity Monitoring, you should import a new version of the following knowledge module after you install the Oracle Fusion Middleware 11g Release 1 (11.1.1.4.0) patch set:

BAM_ORACLE_HOME/bam/ODI/knowledge modules/KM_RKM Oracle BAM.xml

For more information, see "Importing and Replacing Knowledge Modules" in the Oracle Fusion Middleware Developer's Guide for Oracle Data Integrator.

This new module includes bugs fixes and improvements made for the Oracle Fusion Middleware 11g Release 1 (11.1.1.4.0).

2.3 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

2.3.1 Issues Pertaining to Oracle SOA Suite Configuration

This section contains the following:

2.3.1.1 SOAINFRA Schema Contains Invalid Objects in 11g Release 1 (11.1.1.6.0)

When the 11g Release 1 (11.1.1.6.0) version of the prefix_SOAINFRA schema is created either by running RCU or the Patch Set Assistant, there are still some invalid objects that exist within the SOA schema.

To work around this issue, compile the prefix_SOAINFRA schema. For example, if the SOA schema user on your system is DEV_SOAINFRA:

exec dbms_utility.compile_schema('DEV_SOAINFRA')

If you choose not to run this command to make the objects valid, the objects will also become valid once they are accessed during runtime.

2.3.1.2 Harmless Exception Seen for Oracle SOA Suite with WebSphere Application Server

When running Oracle SOA Suite on IBM WebSphere application server, the following exception is seen after logging in to Fusion Middleware Control, expanding Application Deployments on the left side and then clicking on any of the applications under it:

[date_and_time] 0000003f OHWHelpProvid E   unable to create global
configuration
[date_and_time] 00000044 OHWHelpProvid E   critical error in OHW
configuration
 
oracle.help.web.config.parser.ConfigParseException: error finding
configuration file at:
        at oracle.help.web.config.parser.OHWParser._openConnection(Unknown
Source)
        at oracle.help.web.config.parser.OHWParser.getGlobalConfiguration(Unknown Source)
        at oracle.help.web.rich.helpProvider.OHWHelpProvider.getHelpTopic(Unknown Source)
.
.
.

This exception is harmless and can be safely ignored.

2.3.2 Issues Pertaining to Oracle Identity Management Configuration

This section contains information pertaining to Oracle Identity Management 11g Release 1 (11.1.1.7.0) configuration:


Note:

For 11g Release 1 (11.1.1.6.0) configuration release notes, refer to the following links:


2.3.2.1 Oracle Internet Directory Server Does Not Listen on SSL Port

If the machine on which Oracle Internet Directory is installed is not configured as a dual stack (IPv4/IPv6) host and the Oracle Internet Directory server is configured to listen on privileged ports, then the Oracle Internet Directory server does not listen on SSL ports.

To work around this issue, do one of the following:

  • Enable IPv6 on the machine.

  • If pure IPv4/IPv6 addresses are needed, add host=ipv4_ip_address or host=ipv6_ip_address for oidmon parameters in the INSTANCE_HOME/config/OPMN/opmn/opmn.xml file. For example:

    <data id="start-cmdline-opts" value="connect=$DB_CONNECT_STR opmnuid=true
       host=ipv4_or_ipv6_ip_address start"/>
    <data id="stop-cmdline-opts" value="connect=$DB_CONNECT_STR opmnuid=true
       host=ipv4_or_ipv6_ip_address stop"/>
    

2.3.2.2 Metrics for Oracle Identity Management Components may not be Correctly Displayed in Enterprise Manager

When Oracle Identity Management servers are configured on IPv4/IPv6 dual-stack hosts in 11g Release 1 (11.1.1.7.0), the following problems may occur in Enterprise Manager:

  • Metrics for Oracle Identity Management components may not be displayed correctly.

  • Links to Oracle Directory Services Manager (ODSM) may not work.

To work around this issue, add an alias for the IPv6 address in the /etc/hosts file on your system:

IPv6_host_address host.domain host

For example:

fdc4:82c2:9c80:d47a::3:58 examplehost.exampledomain.com examplehost

2.3.2.3 Configuring Oracle Identity Management When WebLogic Node Manager is Running

To configure Oracle Identity Management, using either the Install and Configure option or the Configuration Wizard, when the WebLogic Node Manager utility is running from the same Middleware home directory where Oracle Identity Management is installed, the StartScriptEnabled parameter in the nodemanager.properties file must be set to true. For example: StartScriptEnabled=true

To configure Oracle Identity Management when the StartScriptEnabled parameter is set to false, you must:

  1. Set the StartScriptEnabled parameter to true.

  2. Stop, then restart the Node Manager utility.

  3. Configure Oracle Identity Management using either the Install and Configure option or the Configuration Wizard.


Note:

The nodemanager.properties file is located in the WL_HOME/common/nodemanager directory.


2.3.2.4 Configuring Oracle Internet Directory with Oracle Data Vault

If you choose to configure Oracle Internet Directory (OID) with Oracle Data Vault:

  1. Apply patch 8897382 (see the README file in the patch for instructions).

  2. In the ORACLE_HOME/ldap/datasecurity/dbv_oid_command_rules.sql file, find the following code:

    /declare
    .
    begin
    .
       dvsys.dbms_macadm.CREATE_COMMAND_RULE(
       command => 'CONNECT'
       ,rule_set_name => 'OID App Access'
       ,object_owner => 'ODS'
       ,object_name => '%'
       ,enabled => 'Y');
    .
    commit;
    .
    end;/
    
  3. Change the following line:

    ,object_owner => 'ODS'
    

    to:

    ,object_owner => '%'
    

2.3.2.5 Password Requirements for Oracle Internet Directory Administrator

When configuring Oracle Internet Directory, using either the installer's Install and Configure option or the Configuration Wizard, you must enter and confirm the Administrator Password.

The following is a list of the requirements for the Oracle Internet Directory Administrator Password. The password must contain:

  • At least 5 characters

  • No more than 30 characters

  • At least one number

  • Only alpha-numeric characters, underscore ( _ ), dollar sign ( $ ), and pound/hash ( # )


Note:

If the password you enter does not satisfy these requirements, the following error message appears:

INST-07037: Administrator Password field value contains one or more
invalid characters or the value is not in proper format.

2.3.2.6 Harmless Error Message When Configuring Oracle Identity Federation

During the configuration of Oracle Identity Federation (OIF), the following error message regarding key store and password may be seen in the configuration log file:

[app:OIF module:/fed path:/fed spec-version:2.5
version:11.1.1.1.0]: Failed while destroying servlet: usermanager.
java.lang.RuntimeException: The server could not initialize properly:
oracle.security.fed.sec.util.KeySourceException: Invalid/unsupported
key store or incorrect password. Please verify that the password is correct
and the store is a valid PKCS#12 PFX wallet or Java KeyStore file.

This error message can be safely ignored if OIF is running properly.

2.3.3 Issues Pertaining to Oracle Identity and Access Management Configuration

This section contains information pertaining to Oracle Identity and Access Management 11g Release 1 (11.1.1.7.0) configuration:


Note:

For 11g Release 1 (11.1.1.6.0) configuration release notes, refer to the following links:


2.3.3.1 Log Messages Appearing on Console During Oracle Identity Manager Schema Creation

During the creation of the Oracle Identity Manager (OIM) schema, some log messages will appear in the RCU console window. These log messages are specific to Quartz, which is used by Oracle Identity Manager, and can be safely ignored.

If there are any errors encountered during the loading of this Quartz-specific data, the errors will be written to the RCU log files. Refer to Oracle Fusion Middleware Repository Creation Utility User's Guide for more information about the RCU log files.

2.3.4 Issues Pertaining to the Configuration Wizard

This section contains the following:

2.3.4.1 Starting the Configuration Wizard From a New Window

When you start the Configuration Wizard from a terminal window, make sure that it is a new terminal window to ensure that there are no environment variables set to incorrect locations from a previous configuration or installation session.

2.3.4.2 Specify Security Updates Screen Does Not Appear in the Configuration Wizard

If you use silent installation (response file) to configure Oracle Identity Management, security updates (through Oracle Configuration Manager) are not configured. However, the ocm.rsp file is created in the Oracle home directory. If you run the Configuration Wizard GUI from the Oracle home, you will not see the Specify Security Updates Screen because of the presence of the ocm.rsp file.

To work around this issue, delete the ocm.rsp file from the Oracle home and run the Configuration Wizard to see the Specify Security Updates screen.

2.3.5 Issues Pertaining to the Repository Creation Utility (RCU)

This section contains the following:

2.3.5.1 Increasing the Tablespace Size for the MDS Schema

On Oracle databases, a default tablespace size of 1024MB is created for the MDS schema. If you need to increase the size of this tablespace, do the following:

  1. Log in to the Database Control page. For example:

    https://db_host:db_port/em/
    
  2. Select the Server tab.

  3. In the "Storage" section, select Datafiles.

  4. Select the row of the datafile corresponding to the schema you want to edit, then click Edit. In the case of the MDS schema, the datafile name should be prefix_mds.dbf.

  5. On the "Edit Datafile" page, increase the size of the tablespace.

2.3.5.2 Schemas Are Not Visible After Upgrade of Oracle Identity Management

After upgrading Oracle Identity Management from Release 10g (10.1.4.3) to 11g Release 1 (11.1.1), the Oracle Directory Service schemas (ODS and ODSSM) are not visible in the Repository Creation Utility (RCU).

The reason for this is because RCU is not used during the upgrade process, and RCU only recognizes schemas that are created by RCU. Refer to Oracle Fusion Middleware Repository Creation Utility User's Guide for more information.

2.3.5.3 RCU Summary Screen Issues

If you are dropping the Identity Management schemas and you select both Oracle Internet Directory (ODS) and Oracle Identity Federation (OIF) to be dropped, the RCU summary screen may not be displayed and an exception may be thrown in the console.

To work around this issue, select and drop one component at a time instead of selecting them both and dropping them together.

When other components are selected for a drop schema operation, the summary screen may display inaccurate information. However, the selected schemas will be successfully dropped from the database in spite of the erroneous information on the summary screen.

To work around this issue, select and drop only one component at a time.

2.3.6 Issues Pertaining to Packing and Unpacking a Domain

This section contains the following:

2.3.6.1 Ensure There Are No Missing Products When Using unpack.sh or unpack.cmd

Oracle SOA Suite, Oracle WebCenter Portal, and Application Developer all contain the pack.sh and unpack.sh scripts in their respective ORACLE_HOME/common/bin directories.

The pack.sh script is used to create a template archive (.jar) file that contains a snapshot of either an entire domain or a subset of a domain. The unpack.sh script is used to create a full domain or a subsRset of a domain used for a Managed Server domain directory on a remote system.

Both pack.sh and unpack.sh will fail if any installed products are missing from the system where you are running these scripts.

2.3.6.2 Running unpack.sh or unpack.cmd on a Different Host

If you are running the unpack.sh command to unpack a domain on a remote host, the Oracle home location and the Middleware home location on the remote host should match the locations on the host where the pack was performed.

Below is a valid example:

Host 1:
MW_HOME = /user/home/Middleware
ORACLE_HOME =/user/home/Middleware/Oracle_SOA1

@ Host 2:
MW_HOME = /user/home/Middleware
ORACLE_HOME =/user/home/Middleware/Oracle_SOA1

The example below is NOT valid because the Oracle homes do not match:

Host 1:
MW_HOME = /user/home/Middleware
ORACLE_HOME =/user/home/Middleware/Oracle_SOA1

@ Host 2:
MW_HOME = /user/home/Middleware
ORACLE_HOME =/user/home/Middleware/SOA_Home

The example below is NOT valid because the Middleware homes do not match:

Host 1:
MW_HOME = /user/home/Middleware
ORACLE_HOME =/user/home/Middleware/Oracle_SOA1

@ Host 2:
MW_HOME = /user/home/MWHome
ORACLE_HOME =/user/home/Middleware/Oracle_SOA1
Host 1:
MW_HOME = C:\Oracle\Middleware
ORACLE_HOME = C:\Oracle\Middleware\Oracle_SOA1

@ Host 2:
MW_HOME = C:\Oracle\Middleware
ORACLE_HOME = C:\Oracle\Middleware\Oracle_SOA1

The example below is NOT valid because the Oracle homes do not match:

Host 1:
MW_HOME = C:\Oracle\Middleware
ORACLE_HOME = C:\Oracle\Middleware\Oracle_SOA1

@ Host 2:
MW_HOME = C:\Oracle\Middleware
ORACLE_HOME = C:\Oracle\Middleware\SOA_Home

The example below is NOT valid because the Middleware homes do not match:

Host 1:
MW_HOME = C:\Oracle\Middleware
ORACLE_HOME = C:\Oracle\Middleware\Oracle_SOA1

@ Host 2:
MW_HOME = C:\Oracle\MWHome
ORACLE_HOME = C:\Oracle\Middleware\Oracle_SOA1

2.3.6.3 Starting Managed Servers on Remote System After Packing and Unpacking Domain

After you unpack a domain on a remote system using the unpack command, complete the following steps:

  1. Start Node Manager on the remote system. This action creates a nodemanager.properties file on your system in the MW_HOME/wlserver_10.3/common/nodemanager directory.

  2. Stop Node Manager.

  3. Open the nodemanager.properties file in a text editor and set the StartScriptEnabled property to true.

  4. Start the Node Manager on the remote system before starting the Managed Server on the remote system through the Oracle WebLogic Administration Console.

2.3.7 Issues Pertaining to Cluster Configuration

This section contains the following:

2.3.7.1 Extend Domain and Expand Cluster Scenarios with Remote Systems

In scenarios where you are using the Fusion Middleware Configuration Wizard to extend a domain or expand a cluster with remote systems, you must make sure that both the source and destination Middleware home and Oracle home directories are identical.

2.3.7.2 Unable to Extend an Existing Domain by Selecting Only Oracle Directory Integration Platform Without Cluster

Selecting only Oracle Directory Integration Platform without cluster in a session followed by creating cluster and extending domain on the same system fails.

In this domain configuration scenario, ensure that you install and configure Oracle Directory Services Manager on the same system where you extending the domain to configure Oracle Directory Integration Platform.

2.3.7.3 Expand Cluster Requires Changes to the emd.properties File

After running the Oracle Fusion Middleware Configuration Wizard to expand a cluster, the EMD_URL parameter in the INSTANCE_HOME/EMAGENT/EMAGENT/sysman/config/emd.properties file contains the values shown below:

EMD_URL=http://localhost.localdomain:port/emd/main

You must edit this parameter and replace localhost and localdomain with the actual host and domain information of your environment. For example, using 5160 as the port number:

EMD_URL=http://examplehost.exampledomain.com:5160/emd/main

2.3.8 Discoverer URL is not Properly Displayed When Accessed Through SSL

In 11g Release 1 (11.1.1.7.0), the Discoverer page is not displayed properly when accessed through the SSL port of Oracle Web Cache or Oracle HTTP Server.

To work around this issue, do the following:

  1. Log in to the Administration Server Console.

  2. Select Environment->Servers->AdminServer->Configuration->General->Advanced.

  3. Enable "WebLogic Plug-In Enabled".

  4. Repeat steps 1-3 for the WLS_DISCO server.

  5. Restart all of the servers and access the page again.

2.3.9 Cleaning up the JDeveloper Directories for a Failed Deployment on Windows

When a JDeveloper deployment fails on Windows, you should remove the hidden system directory and all its subdirectories in AppData\Roaming\JDeveloper before you try to deploy again.

2.3.10 Oracle WebCenter Portal wc-post-install.py Script Not Supported for Oracle RAC Datasources

The wc-post-install.py script can not be used in an environment with Oracle RAC datasources (gridlink or multi-datasource).

To work around this issue:

  1. Edit the WC_ORACLE_HOME/bpm/process_spaces/wc-post-install.py script and comment out all lines containing setDatasource in the file by adding a hash (#) character to the beginning of the line.

  2. Use the WebCenter Portal Console and manually configure the following datasources:

    • mds-soa

    • mds-soa0

    • mds-soa1

    • SOADataSource

    • SOADataSource0

    • SOADataSource1

  3. Run the wc-post-install.py script.

2.3.11 Changing the Listen Address of a Managed Server

When you run the Configuration Wizard after installing Oracle Identity Management or Oracle Portal, Forms, Reports and Discoverer, the listen address for WebLogic Managed Servers is left blank by default (to listen to all network interfaces). If you change the listen address to the actual host name, the Managed Server stops listening from outside the system.

It is recommended that you either leave the listen address blank, or specify the IP address of the host rather than using the host name.

2.3.12 Domain Extension Overwrites JDBC Data Source Name

When a WebLogic Domain with JDBC resources is extended to either Oracle SOA Suite or Oracle WebCenter Portal, the JDBC data source name will be changed. This behavior is commonly observed in cases where WebLogic Server version lower than 9.x is upgraded to a version higher than 9.x and then extended to Oracle SOA Suite or Oracle WebCenter Portal.

To work around this issue, you must manually edit the JDBC data source names.

2.3.13 Rerouting to Original URL After SSO Authentication in Firefox and Safari Browsers

When configuring Oracle Portal, Forms, Reports and Discoverer, when both Oracle HTTP Server and Oracle Web Cache are selected for configuration, re-routing (back to the original URL) after Single Sign-On (SSO) authentication does not work in Firefox and Safari browsers when the initial request comes from Oracle HTTP Server.

The work arounds are to either use the Internet Explorer browser, or manually modify the INSTANCE_HOME/config/OHS/instance_name/httpd.conf file and change the ServerName entry to include the port number. For example:

ServerName examplehost.exampledomain.com

should be changed to:

ServerName examplehost.exampledomain.com:port

Replace port with the actual port number.

2.3.14 Deleting the Browser Cache in Browsers

Make sure you clear your browser cache files; otherwise, the objects on your screen (for example, in Oracle Enterprise Manager) may not be refreshed to the latest version, or if you added a new object then it may not appear.

2.4 Known Issues

This section describes known issues. It includes the following topics:

2.4.1 Forms and Reports Builder Not Supported

Forms and Reports Builder is not suported on Linux x86-64, Solaris Operating System (SPARC 64-Bit), AIX Based Systems (64-Bit), HP-UX PA-RISC (64-Bit), HP-UX Itanium, and Microsoft Windows x64 (64-Bit) platforms. It is supported on Linux x86 and Microsoft Windows (32-Bit) platforms only.

2.5 Documentation Errata

This section describes documentation errata. It includes the following topic:

2.5.1 Incorrect Option Specified in the RCU Online Help

The RCU online help for the Master and Work Repository Custom Variables for Oracle Data Integrator contains an incorrect option.

For the Work Repository Type, the correct options should be:

  • Use Development (D) for creating a development repository.

  • Use Execution (E) for creating an execution repository.

2.5.2 Deinstall Instructions Missing for Oracle HTTP Server, Oracle Traffic Director, and Oracle iPlanet 11g Release 1 WebGates for Oracle Access Manager

The content in this section is missing from the Installing Webgates for Oracle Access Manager guide:

2.5.2.1 Deinstalling Oracle HTTP Server, Oracle Traffic Director, and Oracle iPlanet 11g Release 1 WebGates for Oracle Access Manager

You should always use the instructions provided in this section for removing the Oracle HTTP Server, Oracle Traffic Director, and Oracle iPlanet 11.1.1.7.0 WebGates for Oracle Access Manager. If you try to remove the software manually, you may experience problems when you try to reinstall the software again at a later time. Following the procedures in this section will ensure that the software is properly removed.

To deinstall the WebGate agent, do the following:

  1. Go to the MW_HOME/oracle_common/oui/bin directory.

  2. Run the following command:

    On UNIX: ./runInstaller -deinstall

    On Windows: setup.exe -deinstall -jreLoc JRE_LOCATION

    Ensure that you specify the absolute path to your JRE_LOCATION; relative paths are not supported.

After the deinstaller starts, the Welcome screen is displayed. Proceed with the deinstallation by referring to Section 2.5.2.1.1 for deinstalling 11g Release 1 WebGate agents for Oracle Access Manager.

2.5.2.1.1 Deinstallation Screens and Instructions

Follow the instructions in Table 2-1 to complete the deinstallation.

If you need additional help with any of the deinstallation screens, click Help to access the online help.

Table 2-1 Deinstallation Flow

Sl. No.ScreenDescriptionAction Required

1.

Welcome

Each time the deinstaller starts, the Welcome screen is displayed.

Click Next.

2.

Deinstall Oracle Home

The Deinstall Oracle Home screen shows the Oracle home you are about to deinstall.

Verify the Oracle home you are about to deinstall.

Click Deinstall.

On the Warning screen, select whether or not you want the deinstaller to remove the Oracle home directory in addition to removing the software.

Click Yes to have the deinstaller remove the software and Oracle home, No to remove only the software, or Cancel to return to the previous screen.

If you select No, go to Section 2.5.2.1.2 for instructions on how to manually remove your Oracle home directory.

3.

Deinstallation progress

The Deinstallation Progress screen shows the progress and status of the deinstallation.

Wait until the Deinstallation Complete screen appears.

4.

Deinstallation Complete

The Deinstallation Complete screen appears when the deinstallation is complete.

Click Finish to dismiss the screen.


2.5.2.1.2 Manually Removing the Oracle Home Directory

If you have selected No on the warning dialog box, in the Deinstall Oracle Home screen during deinstallation, then you must manually remove your oracle_common directory and any sub-directories. For example: if your Oracle Common home directory was /home/Oracle/Middleware/oracle_common, run the following commands:

cd /home/Oracle/Middleware
rm -rf oracle_common

On Windows, if your Oracle Common home directory was C:\Oracle\Middleware\oracle_common, then use a file manager window, go to the C:\Oracle\Middleware directory, right-click on the oracle_common folder, and then select Delete.

PKߜBsRsRPK Oracle Development Tools PK'mPK Oracle Identity Navigator

22 Oracle Identity Navigator

This chapter describes issues associated with Oracle Identity Navigator. It includes the following topics:

22.1 General Issues and Workarounds

This section describes general issue and workarounds. It includes the following topics:

22.1.1 Avoid Selecting Reset Page in Dashboard Edit Mode

If you select Customize to personalize the Dashboard, then click Reset Page, expect an error message. Reload Oracle Identity Navigator to recover from this error.

22.1.2 How to Navigate Product Registration Using the Keyboard

In the Product Registration section of the Administration screen, after you enter data into all the fields in the right pane, you must enter many Tab strokes to reach the Test, Save, or Cancel button. As a workaround, you can use Shift-Tab to move in the opposite direction.

You cannot use the Tab key alone to navigate the left pane of the Product Registration section. Use the Tab to move focus to the first category, then click the left or right arrow keys to expand and collapse the tree. Use the up and down arrow keys to navigate the nodes.

22.1.3 How to Navigate Product Discovery When Using the Keyboard

When you use Product Discovery to discover consoles, you enter a Host and Port, then click Next. Then, in the Add Products pane, you enter a Display Name for each of the products. If you want to change the display name, you must delete the entire name to retype it. Alternatively, you can enter the F2 key to switch to insert mode, then use left and right arrow keys to move around the display name characters.

You cannot use the arrow keys alone to navigate through the Category list on the Add Products pane. Inside the editable table, use the F2 key to focus on a field, then use up and down arrows to make a selection within the field.

22.1.4 Color Contrast is Inadequate for Some Labels in Edit Mode

After clicking Customize to change the layout of the Dashboard, some users might find certain labels, such as + Add Content, difficult to read, due to poor contrast.

22.1.5 No Help Topic in Dashboard Edit Mode

If you select Customize to personalize the Dashboard, then click the? icon for Oracle Composer Help, the help page displays Topic Not Found.

See "Personalizing Oracle Identity Navigator" in Oracle Fusion Middleware Administrator's Guide for Oracle Identity Navigator for more information about personalizing the Dashboard.

22.1.6 Customization Problem in Internet Explorer 7

If you enter Edit mode by clicking Customize in the global navigation links on the Dashboard in IE7, you will not be able to edit the page because the toolbar is hidden. As a workaround, use a different browser. If you use Internet Explorer 8, do not use compatibility mode.

22.1.7 Discovery Problem in Internet Explorer 7

Intermittently, when you use product discovery in Internet Explorer 7, buttons might disappear in the product discovery wizard. Refresh the browser to correct this problem.

22.1.8 How to Navigate BI Publisher Configuration When Using the Keyboard

When you use keyboard navigation to configure BI Publisher, when the Component Path dialogue box opens, use the Tab key along with the arrow keys to navigate in tree structure.

22.1.9 User Missing From Common Admin Role Search Results

The last user assigned the Application Configuration role may not appear in the Common Admin Roles search results list. This can occur if a search for Common Admin Roles is performed in the Access Privileges page immediately after assigning this role.

To workaround this issue, click another role type in the Role Name pane, then click Application Configuration role. The user last assigned the Application Configuration role displays in the Access Privileges list.

22.1.10 Unable to View Users After Log in Or Log In Fails In Oracle Identity Manager Environment

This issue can affect environments configured to use both Oracle Identity Manager and Oracle Identity Navigator. After log in to Oracle Identity Navigator using the bootstrap administrator credentials, users may not be visible in Access Privileges page. Or the log in attempt will fail. Issue is caused if the identity store entry in jps-config.xml is changed from the default value, <serviceInstanceRef ref="idstore.ldap"/>, to <serviceInstanceRef ref="idstore.oim"/>.

To verify this entry, check the value in <Extended_Domain_Home>/config/fmwconfig/jps-config.xml as follows:

  1. Search for the jpscontexts section, with the name default, in the file. The section looks like the following:

    <jpsContext name="default">           
                        <serviceInstanceRef ref="credstore"/>
                        <serviceInstanceRef ref="keystore"/>
                        <serviceInstanceRef ref="policystore.xml"/>
                        <serviceInstanceRef ref="audit"/>
                        <serviceInstanceRef ref="idstore.oim"/>
                    </jpsContext>
    
  2. To change the entry, perform steps 1 through 11 as detailed in "Post-Configuration Steps" in Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.

    Oracle Authorization Policy Manager does not need to be installed in your environment to perform this procedure.

22.1.11 Horizontal Scroll-bar Missing in Discovery Wizard

The full URL may not be viewable in the second page of the Discovery Wizard when viewed in a browser window.

To workaround this issue, collapse the left pane to view the full URL.

22.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

22.2.1 No Oracle Icon is Visible in HTML Reports

If you choose HTML as the format type when adding a report from the Dashboard screen, when you view the report, the words An Image appear in the report in place of the Oracle icon.

22.2.2 Problems with Administration Screen When Using JAWS Screen Reader

When you use a screen reader such as JAWS with the Administration screen in accessibility mode, and you bring up the list of combo boxes using the INS+CTRL+C JAWS keystroke, the combo boxes on the screen are listed as:

*Required Category(Required) Combo box

*Required Type(Required) Combo box

With this naming convention, keyboard shortcuts such as C for Category or T for Type do not work. Use the up and down arrow keys to navigate to fields within and between the two combo boxes.

22.2.3 SSO-Protected Consoles Must Be Configured by Name and Domain

Sometimes, when you use product discovery to find a console, even if you provide the host by name, the discovered address that fills in contains an IP address instead of the host and domain names.

If the console is protected by SSO, replace the IP address with the host.domain address that is known to SSO. For example, use an address such as http://myhost.mycompany.com:7005/odsm rather than http://130.35.10.10:7005/odsm. If you do not replace the IP address with the host and domain, single sign-on will not occur. That is, when users attempt to access the console from Oracle Identity Navigator, they will be prompted for their login name and password.

In some browsers, a redirection or connection error occurs.

22.3 Documentation Errata

This section describes documentation errata. It includes the following topic:

22.3.1 IPv4/IPv6 Translation Issues

The following statement appears in the Troubleshooting section in Chapter 2 and in a note in Chapter 3 of Oracle Fusion Middleware Administrator's Guide for Oracle Identity Navigator:

In a dual-stack, IPv4 and IPv6 environment, some URLs might be inaccessible from your browser. Consult your network administrator for more information.

Actually, in a correctly configured dual-stack environment, all URLs are accessible. For more information about IPv4/IPv6 Translation Issues, see Framework for IPv4/IPv6 Translation draft-ietf-behave-v6v4-framework-09 at: http://www.ietf.org/

PK ;;PK Oracle Information Rights Management

36 Oracle Information Rights Management

This chapter describes issues associated with Oracle IRM Server and Oracle IRM Desktop, together known as 'Oracle IRM'. Unless otherwise stated, the version of Oracle IRM to which these release notes apply is 11.1.1.5.0 (incorporating version 11.1.50 of Oracle IRM Desktop).

This chapter includes the following topics:

36.1 General Issues and Workarounds

This section describes general issues and workarounds. It includes the following topics:

36.1.1 Data Truncation May Occur If One Large or Multiple Excel Files Are Open

A product defect has been identified in Oracle IRM when it is used with a single large size or multiple open Microsoft Excel files. This may affect the integrity of the Microsoft Excel files that are saved with Oracle IRM.

When you have Oracle IRM enabled with multiple Excel files open or a single large size sealed Excel file, the defect causes data truncation in the open Excel files. There is no error message or warning when the truncation happens.

This defect has been observed for file sizes greater than 10MB although the issue cannot be ruled out for smaller size files as well. The amount of data truncated is random but the rows affected are typically those at the bottom of the file. After the truncation occurs, the data is permanently lost data when the file is saved.

The workaraound is to use smaller sealed Excel workbooks, if possible. If not, confirm the correct row size with the document author, and confirm that value each time you open the sealed file.

There is no confirmation of a resolution as Oracle IRM is nearing the end of support and will be EOL soon.

36.1.2 Some Functionality is Disabled or Restricted in Adobe Reader X and Adobe Reader 9

To protect the security of sealed PDF documents, some Adobe Reader functionality is disabled or restricted, as described below.

Protected Mode in Adobe Reader X

Sealed PDF documents cannot be opened if Adobe Reader Protected Mode is active. If Protected Mode has not been disabled in advance, Oracle IRM will offer to disable Protected Mode when you attempt to open a sealed PDF document. You can choose not to accept, in which case Protected Mode will remain active and the sealed PDF document will not be opened.

Use of Toolbar and Other Controls in Adobe Reader X

When using a sealed PDF document in the traditional view, you cannot use the toolbar that is shown within Internet Explorer across the top of the document. Instead, you must switch to the Read-Mode view (using Ctrl+H) and use the buttons on the floating toolbar that appears in that view. You can use the buttons on the Read-Mode floating toolbar to save and print the sealed PDF document (if you have sufficient rights), and to page up and down, or to zoom in and out. You can also, subject to your rights, use the following keyboard shortcuts: Print (Ctrl+P), Save (Ctrl+Shift+S), and Copy (Ctrl+C).

Use of Toolbar and Other Controls in Adobe Reader 9

The following Adobe Reader 9 toolbar buttons do not function:

  • Email

  • Collaborate

  • Create Adobe PDF using Acrobat.com

If you click these buttons, you will see a message that the associated function is unavailable.

All other Adobe Reader 9 controls are available if you have sufficient rights. If you do not have sufficient rights, you will see a message when you attempt to use the control.

A further restriction applies to controls added to the Adobe Reader 9 interface by users when they have a sealed PDF document open: the added control will be inactive until Adobe Reader is closed and reopened.

36.1.3 Limitations of Support for Microsoft SharePoint in this Release

Read-only support for Windows 2000/XP

Sealed documents will always open read-only when opened from Microsoft SharePoint using Microsoft Office 2000 or Microsoft Office XP. From Microsoft Office 2003 onwards, full checkout, edit, and save capabilities are supported. The following is the behavior when using a Microsoft SharePoint web site to browse and open sealed files:

  • Microsoft Office 2000 "open" behavior. Clicking any file in Microsoft SharePoint will result in the option to open the file or save it locally. Sealed files will always open read-only unless saved locally.

  • Microsoft Office 2000 "edit" behavior. The Edit in Microsoft Word [PowerPoint/Excel] option is not supported for any file (sealed or unsealed).

  • Microsoft Office XP "open" behavior. In Microsoft SharePoint 2007, when clicking a sealed file, a download dialog will be presented offering the option to open the file or save it locally. Sealed files will always open read-only unless saved locally. In Microsoft SharePoint 2010, when clicking a sealed file, a download dialog will be presented offering only the option to save the file locally.

  • Microsoft Office XP "edit" behavior. In Microsoft SharePoint 2007 and 2010, when choosing Edit in Microsoft Word [PowerPoint/Excel] from the drop- down list for the file, nothing will happen for the following sealed file types: .sppt, .spot, .sxlt, .sdot. All other sealed file formats will open read-only. In Microsoft SharePoint 2010, the Edit Document option is missing for sealed files when using the Datasheet view.

No support for merging

Files opened from Microsoft SharePoint that are locked for editing by another user will not offer the chance to edit a local copy and merge changes later. Oracle IRM Desktop forces the document to open read-only. In Microsoft Office 2010, the Office bar and Backstage view offer an Edit button to switch to edit mode: this is prevented for sealed documents. If you wish to edit the file, you will need to open it for editing from the Web browser: if it is not locked for editing elsewhere, it will open editable.

Microsoft Word 2010 files opened from SharePoint 2010 are read-only

The following Microsoft Word 2010 sealed file types cannot be edited if they are opened from SharePoint 2010: .sdocx, .sdocm, .sdotx, .sdotm. Other sealed Microsoft Word formats (for example, .sdoc) will open as normal. The workaround is to save a copy of the file locally, edit that file, then upload it to SharePoint.

The Check Out button is sometimes missing when opening a sealed Excel file in Protected Mode

If the Microsoft SharePoint Web site is running under Protected Mode in Internet Explorer on Microsoft Vista or Microsoft Windows 7, the Check Out button is not shown. To work around this issue, check out the file first from the Web browser, or open the file directly via Windows Explorer, the Open dialog (available by choosing Open on the File menu), or the most-recently-used (MRU) list.

Using Microsoft Outlook to work with SharePoint offline

Microsoft Office 2007 onwards supports the ability to open a SharePoint folder in Outlook. The SharePoint files can then be worked on while offline, and Outlook will handle the synchronization of any changes. There are known issues with this capability when working with sealed files because Outlook opens them differently to native Microsoft Office files. You may get the message "Outlook cannot track the program used to open this document. Any changes you make to the document will not be saved to the original document" when opening sealed files from this view, and changes made to the sealed file will not automatically upload to the server. A manual send/receive is required.

In Microsoft Office 2010 the sealed files are opened in a mode which is similar to email attachments and require the following protected view settings:

  • Uncheck Enable Protected View for Outlook Attachments. This will allow opening of the server file from within the Outlook offline view.

  • Uncheck Enable Protected View for file originating from the Internet. This will allow opening of files when they are being edited offline.

Using Windows Explorer to open sealed files from SharePoint

Microsoft Office 2003 on Windows Vista may have problems opening sealed files from the Windows Explorer view of SharePoint. Microsoft Office may display a message similar to the following:

Could not open http://<sp_server>/DavWWWRoot/Docs/MyFolder/file.sdoc

A workaround for this is to access the folder using UNC. For example:

\\<sp_server>\Docs\MyFolder

36.1.4 Lotus Notes Email Message May be Lost if Context Selection Dialog is Canceled

When using the base release of Lotus Notes version 8.5, if the context selection dialog is canceled when sending a sealed email, an error occurs and the message is lost. This does not occur in earlier versions of Lotus Notes. This issue is resolved in Lotus Notes version 8.5.2.

36.1.5 Save As is Blocked in Microsoft Office 2000/XP for Sealed Files if the Destination is a WebDAV Folder

The use of Save As is blocked in Microsoft Office 2000/XP for sealed files if the destination is a WebDAV folder (for example, in UCM). You'll need to save the sealed file to the local file system and upload it manually to the WebDAV folder. However, if you have the 11g UCM Desktop Integration Suite (DIS) installed, you can save sealed files as a new content item in UCM using the DIS menu in Microsoft Office.

The use of Save as Sealed, or of right-click Seal To (from Windows Explorer), will work when the destination is a WebDav folder.

36.1.6 No Prompt to Use Local Drafts Folder for Sealed Files in SharePoint 2010

When you check out unsealed files in SharePoint 2010, you are warned about the checkout and given the choice to use a local drafts folder. When you check out sealed files in SharePoint 2010, the file is checked out without giving the option to use a local drafts folder.

36.1.7 Incorrect Initial Display of Oracle IRM Fields in Microsoft Excel Spreadsheets When Used With SharePoint

This issue refers to Oracle IRM Fields set up using custom properties, as described in the Oracle IRM Desktop help, in the topic Adding Oracle IRM Fields in Microsoft Excel.

The problem occurs when using a combination of Microsoft Windows Vista, Microsoft Internet Explorer 7 or 8, Microsoft Office 2007, and Microsoft SharePoint 2007.

If you open a sealed Microsoft Excel spreadsheet that contains custom properties, when you go to edit the spreadsheet, the custom properties are initially shown with the placeholder #NAME? rather than with their correct values. The custom properties should update with their correct values when you start to edit the spreadsheet.

36.1.8 Behavior of Automatic Save and Automatic Recovery in Microsoft Office Applications and SharePoint

The behavior of automatic save and automatic recovery in Microsoft Office applications is as detailed below.

General

On automatic recovery, users are prompted to save the file to disk immediately in order to persist the recovered changes to a sealed file on disk. This is true for all versions and applications which support auto-recovery.

Word

  • All supported versions: automatic save and recovery of sealed files should behave as normal, with the exception that automatic saving is blocked if the filename contains a dot that is not part of the extension (for example, my.filename.sdoc), or if the filename contains any double byte character.

  • In Word 2010, automatically saved files recovered from the Recovery pane will not automatically prompt for a Save As: users will need to perform the Save As manually.

PowerPoint

  • PowerPoint XP, 2003: automatic save and recovery of sealed files should behave as normal.

  • PowerPoint 2007: the automatic saving of sealed files does not take place.

  • PowerPoint 2000: automatic save is disabled if sealed files are open, meaning that, if the system crashes, any unsaved changes to any file (sealed or original) will be lost.

  • PowerPoint 2010: Automatically saved files do not appear in the Recovery pane, but Microsoft Office 2010 creates auto-saved files that can be opened via the Backstage view, enabling changes to be recovered.

Excel

  • All supported versions: automatically saved Excel files (.xar) will be sealed, but the recovery of these files does not happen automatically. To recover "lost" changes, users need to locate the .xar file and rename it to .sxls.

  • Excel 2010: Automatically saved files do not appear in the Recovery pane, but Microsoft Office 2010 creates auto-saved files that can be opened via the Backstage view, enabling changes to be recovered.

Microsoft Office draft documents

  • Microsoft Office keeps unsaved copies of files for a short period. These are accessible from the Backstage view. Oracle IRM treats these files as auto-saved files, and opening them users will be prompted to perform a Save As operation. To use the restored file in place of the original file, users must copy the saved version over the original.

Because of these restrictions, it is recommended that you do not rely on automatic save and recovery. Instead, save your work frequently when using these applications.

36.1.9 Support for Microsoft Windows 2000 Has Been Removed

Oracle IRM no longer supports the Microsoft Windows 2000 operating system.

36.1.10 Unreadable Error Message Text When Client and Server Locales are Different

Error messages are sent to the client (Oracle IRM Desktop) in the language of the server (Oracle IRM Server). Therefore, if the locale of the server is different to the locale of the client, the error code may be rendered in garbage characters. The error code remains readable, and can be provided to support services as necessary.

36.1.11 Changes Lost if Tab Changed Before Applying the Apply Button

On the Oracle IRM Server Management Console, if you make changes on a tabbed page that has an Apply button, and then move to another tab without using the Apply button, the changes will be lost. You will not be prompted to save the changes that you made.

36.1.12 Some File Formats are Not Supported When Using the Microsoft Office 2007 Compatibility Pack with Microsoft Office 2003

The following Microsoft PowerPoint and Microsoft Excel formats are not supported for sealing when using the Office 2007 Compatibility Pack with Office 2003 and earlier: SPOTM, SPOTX, SPPTM, SPPTX, SXLSX, and SXLTX. For these applications, use other file formats that are supported for sealing.

36.1.13 Microsoft Word May Hang if a Sealed Email is Open During Manual Rights Check-In

In Oracle IRM Desktop, if you attempt to check in your rights while a sealed email is open in Microsoft Word, Microsoft Word may hang. It is recommended that you do not check in your rights while a sealed email is open.

36.1.14 Sealed Emails in Lotus Notes will Sometimes Show a Temporary File Name

In Lotus Notes, if a sealed email has a communication thread with multiple messages or replies, the title bar may show a temporary file name instead of the correct subject name. You may also be prompted to save changes when you have not made any. No harm should arise from these anomalies.

36.1.15 No Support for Sealing Files of 2GB or Larger in Size in Oracle IRM Desktop

Sealing files of size 2GB or larger is not supported in the current release of Oracle IRM Desktop.

36.1.16 Inappropriate Authentication Options After Failed Login on Legacy Servers When Setting Up Search

When setting up indexed search, if you enter incorrect authentication credentials for a legacy server (for example, a 10g Oracle IRM Server) that has been set up for Windows NT authentication, the login retry dialog will show options for Windows basic authentication. You should not use Windows Authentication credentials to log in to legacy servers set up for Windows NT Authentication.

36.1.17 Opening Legacy Sealed Documents in Microsoft Office 2007 May Fail on First Attempt

If users attempt to open a legacy Microsoft Office 2007 document (a document sealed with an older version of Oracle IRM), and Oracle IRM Desktop has not been synchronized with the server against which the document was sealed, the attempt will fail. The sealed document will not be opened, and the user will not be prompted to authenticate against the server to which the document was sealed. A second attempt to open the sealed document should succeed, because the initial attempt should have synchronized Oracle IRM Desktop with the server. Alternatively, the user can synchronize to the server manually (using the Oracle IRM Desktop Options dialog) before opening a legacy sealed document.

36.1.18 Log Out Link Inoperative When Using OAM 11g for SSO

When using OAM (Oracle Access Management) 11g for SSO, the Log Out link on the Oracle IRM Server Management Console does not log the user out.

36.1.19 Double-byte Languages Cannot be Used for Entering Data with Legacy Servers

This release of Oracle IRM Desktop is available in many more languages than previous releases, including some double-byte languages. However, for legacy (10g) servers, as previously, data (user names, etc.) must still be entered using the 7-bit ASCII range of characters.

36.1.20 Use of SPACE Key Instead of Return Key in Oracle IRM Server

In some dialogs in the Oracle IRM Server Management Console, the Return key does not execute buttons. When this occurs, use the SPACE key instead.

36.1.21 Calendar Controls in Oracle IRM Server Not Accessible Via the Keyboard

In the Oracle IRM Server Management Console, the calendar controls are not accessible via the keyboard, and do not appear if the console is in Screen Reader mode. To enter a date using the keyboard, the date should be typed in.

36.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

36.2.1 New JPS Configuration Properties for User and Group Searches

The following new JPS configuration properties are supported in PS5. These settings allow the attributes used in the Oracle IRM Server Management Console user and group searches to be defined.

Property: oracle.irm.default.search.user.attributes

Valid values (one or more values are allowed, separated with a comma):

  • NAME

  • USER_NAME

  • FIRST_NAME

  • LAST_NAME

  • BUSINESS_EMAIL

Default value = "NAME,USER_NAME,FIRST_NAME,LAST_NAME,BUSINESS_EMAIL"

Property: oracle.irm.default.search.group.attributes

Valid value:

  • ROLE_NAME

Default value = "ROLE_NAME"

This complements the search filter attributes already supported in jps-config.xml.

Property: oracle.irm.default.search.filter

Valid values (one of the following):

  • EQUALS

  • BEGINS

  • ENDS

  • CONTAINS

Default value = "CONTAINS"

Example

An example JPS LDAP service instance entry:

<serviceInstance name="idstore.ldap" provider="idstore.ldap.provider"> 
<property name="idstore.config.provider" value="oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider"/> 
<property name="CONNECTION_POOL_CLASS" value="oracle.security.idm.providers.stdldap.JNDIPool"/> 
<property name="oracle.irm.default.search.filter" value="BEGINS"/> 
<property name="oracle.irm.default.search.user.attributes" value="USER_NAME,NAME,BUSINESS_EMAIL"/> 
<property name="oracle.irm.default.search.group.attributes" value="ROLE_NAME"/> 
</serviceInstance>

36.2.2 Mandatory Patch Number 12369706 For Release 11.1.1.5.0 of Oracle IRM Server, To Fix Role Edit Bug

The Oracle IRM Server Management Console has an issue that requires a patch to be applied to the installed or upgraded system. When selecting rights for a context, the Properties, Edit, and Remove buttons are always disabled and cannot be used. Selecting one or more rights will not enable the buttons.

Patch 12369706 fixes this issue. This patch can be downloaded from https://support.oracle.com

To install the patch:

  1. Log onto https://support.oracle.com

  2. Select Patches & Updates.

  3. Enter the patch number 12369706 in the patch search.

  4. Click Search.

  5. Follow the installation instructions provided with the patch.

36.2.3 Installing the 64-Bit Version of Oracle IRM Desktop

F#or this release, you can choose to install a 64-bit version of the Oracle IRM Desktop client tool. There are no specific instructions for this installation, but if you attempt to install the 64-bit version in a 32-bit environment, you will see messages that this is not possible.

36.2.4 Reboot Necessary to Obtain New Online Information Button

After an upgrade from a previous release of Oracle IRM Desktop, the new Online Information button on the IRM tab in the Properties dialog (obtained by right-clicking Properties on a file in Windows Explorer) is missing until the system is rebooted. This does not affect new installations. A workaround is to restart after upgrading from a previous release of Oracle IRM Desktop, even though the installer does not prompt that a reboot is necessary.

36.2.5 Deploying Oracle IRM Using Oracle Access Manager Version 10g

Deploying Oracle IRM version 11gR1 in an environment using Oracle Access Manager version 10g requires additional configuration to process logout requests properly. For detailed information, see the section "Configuring Global Logout for Oracle Access Manager 10g and 10g WebGates" in the Oracle Fusion Middleware Application Security Guide.

36.2.6 LDAP Reassociation Fails if User and Group Names are Identical

When reassociating an LDAP identity store, the Oracle IRM process for exporting user and group information has an issue if user and group names are identical. If a user and group have identical names, the export process will lose either the user or the group details during the export step. This is because the user or group name is used as the file name, so one file overwrites the other. A post-reassociation workaround is to check user and group right assignments, and to manually reassign any that are missing.

36.2.7 Upgrading Oracle IRM Desktop From Versions Earlier Than 5.5

You can upgrade to this release from Oracle IRM Desktop version 5.5 onwards, by running the installation wizard on the computer that has the older version.

For versions earlier than 5.5, or from any version of SealedMedia Unsealer or Desktop, you can upgrade to this release only by uninstalling the older version and installing this release.

If you are upgrading to this release of Oracle IRM Desktop from a 10g release, you will lose the locally stored rights to use sealed documents (the rights that enable you to continue working when you are offline). When this happens, you will have to obtain new rights by going online and synchronizing with the server. For this reason, do not begin an upgrade unless you have online access to the server.

When upgrading on Windows Vista or Windows 7, you may encounter a file lock and be prompted to retry, ignore, or cancel. You can safely use the ignore option if this happens.

36.2.8 Synchronizing Servers After an Upgrade of Oracle IRM Desktop

If you are upgrading to this release of Oracle IRM Desktop from a 10g release, you will not be synchronized to any servers (Oracle IRM Server). This will show as a blank list on the Servers tab of the Oracle IRM Desktop Options dialog. Servers are automatically added to the list when you open sealed documents for which you have access rights. The easiest way to repopulate your list of servers is to open documents that have been sealed against servers on which you have rights.

36.2.9 Reapplying Lost Settings After an Upgrade of Oracle IRM Desktop

If you are upgrading to this release of Oracle IRM Desktop from a 10g release, your previous settings (as shown on the Oracle IRM Desktop Options dialog) are not applied to the new installation. These include support for email systems, so you should reset these before attempting to work with sealed emails in Microsoft Outlook and Lotus Notes.

36.2.10 Changing Oracle IRM Account When Authenticated Using Username and Password

Oracle IRM Desktop caches user rights in an offline database. In earlier releases, this database was shared by all users of a machine. In this release, there is one offline database per Windows user.

You are strongly advised to use only one Oracle IRM account with each Windows account.

If you authenticate to the server (Oracle IRM Server) with a username and password, you can change the account you use as follows:

  1. On the Update Rights tab of the Oracle IRM Desktop Options dialog, check in rights for all servers by clicking Check in.

  2. On the Servers tab of the Oracle IRM Desktop Options dialog, select the server to be updated and click Clear Password.

  3. Quit from any Oracle IRM-enabled applications, such as Adobe Reader and Microsoft Office.

    If you think that Oracle IRM-enabled applications may still be running, restart Microsoft Windows.

  4. On the Update Rights tab of the Oracle IRM Desktop Options dialog, synchronize rights for all servers by clicking Synchronize.

Users who are automatically authenticated to the server using Windows authentication cannot change their Oracle IRM account.

Access to the offline database is protected by your Windows credentials. You are no longer required to additionally authenticate to Oracle IRM when working offline.

36.2.11 Post-Installation Steps Required for Oracle IRM Installation Against Oracle RAC

To use Oracle RAC with an Oracle IRM instance, the Oracle IRM data source needs to be altered using the WebLogic Administration Console and the following procedure:

  1. From Services, select JDBC, then select DataSources.

  2. Select the OracleIRM data source.

  3. On the Transaction tab, check Supports Global Transactions, then check Emulate Two-Phase Commit.

  4. Click Save.

This will set the global-transactions-protocol for Oracle IRM data-sources for Oracle RAC to EmulateTwoPhaseCommit.

36.2.12 Enabling the Oracle IRM Installation Help Page to Open in a Non-English Server Locale

Use the following procedure to enable the Oracle IRM installation help page to open in a non-English server locale:

  1. Unzip the shiphome.

  2. Extract all the non-HTM files (7 files in total) from help\en in the ecminstallhelp.jar file located in Disk1\stage\ext\jlib\

  3. Put these 7 files into the folder jar for the locale in which you will install ECM.

  4. Overwrite ecminstallhelp.jar with the modified version.

36.3 Documentation Errata

There are no known issues at this time.

PK W PK Oracle Real-Time Decisions

42 Oracle Real-Time Decisions

This chapter describes issues associated with Oracle Real-Time Decisions (Oracle RTD), including issues related to Decision Studio, integration, and security.

This chapter includes the following topics:

Depending on your Oracle Fusion Middleware implementation, some information in other chapters of this document might also be relevant, including:

42.1 Oracle RTD General Issues and Workarounds

This section describes general issues and workarounds related to Oracle RTD. It includes the following topics:

42.1.1 Transient Likelihood Problems

There are cases where non-mature predictive models will return an actual likelihood rather than NaN during the early life of a model. There are also some cases where mature predictive models will return NaN as opposed to actual likelihoods when the Randomize Likelihood option is enabled for a model. These situations are transient in nature and, in the latter case, do not outweigh the benefits of the Randomize Likelihood feature.

42.1.2 Use Development Deployment State Only

Deployment states will be deprecated in a future release. Until then, do not use any deployment state other than Development.

42.1.3 Error Deploying Inline Services from Command Line if Inline Service Uses Certain Functions

An Inline Service that uses one or more of the built-in functions Days Since Last Event, Days Since Last Event on Channel, Number of Recent Events, or Number of Recent Events on Channel cannot be deployed using the command-line deployer.

The workaround is as follows:

  1. Navigate to the unzipped RTDdeploytool folder, for example, C:\<myDir>\OracleBI\RTDdeploytool.

  2. Copy the includes folder from RTD_HOME\eclipse\plugins\com.sigmadynamics.studio_11.1.1.5.0 (for example, C:\OracleBI\RTD\eclipse\plugins\com.sigmadynamics.studio_11.1.1.5.0\includes) into the unzipped RTDdeploytool folder.

42.1.4 Ensuring Unique Batch Names Across a Cluster

It is a standard requirement for Inline Service names and batch names to be unique within a cluster.

After an Inline Service is copied within a cluster, batch names registered in the Inline Service can be changed manually to achieve uniqueness. This manual step is not required if the batch registration code in the Inline Service automatically generates the batch name from the new Inline Service name, as in the following generic examples:

batchAgent.registerBatch( 
       batchAgent.getInlineService().getName() + ".FeedBackBatchJob", 
               "com.<mycompany>.rtd.batch.FeedBackBatchJob", 
               FeedBackBatchJob.description, 
               FeedBackBatchJob.paramDescriptions, 
               FeedBackBatchJob.paramDefaults); 

or

batchAgent.registerBatch( 
       Application.getApp().getName() + ".FeedBackBatchJob", 
               "com.<mycompany>.rtd.batch.FeedBackBatchJob", 
               FeedBackBatchJob.description, 
               FeedBackBatchJob.paramDescriptions, 
               FeedBackBatchJob.paramDefaults);

Note that all programs that may call the batch need to be made aware of the new batch name.

42.1.5 Safari and Chrome Accessibility Items

  1. Special Safari Setting Must be Selected for Proper Keyboard Operation

    After Safari has been installed, ensure that the following property is selected:

    • Preferences > Advanced > Press Tab to highlight each item on a web page

    If this property is not selected, some Rule Editor tabbing operations in a rule editor built with Oracle Application Development Framework and the External Rules Deployment Helper rule editor will not function correctly.

  2. Unexpected Results for Alt + Down Arrow in Combo Boxes in Chrome and Safari browsers

    The expected actions for Alt + Down Arrow in combo boxes (as found in Internet Explorer 9 and Firefox 10.0.5) are:

    1. The combo box shows an expanded list of values.

    2. The combo box allows Up and Down Arrow movement through the options, and the selection of a value from the list.

    3. The screen does not update until the Enter key is depressed.

    The following results were found for Chrome for Alt + Down Arrow in a combo box:

    1. The combo box is not extended.

    2. Using Up and Down Arrows changes the combo box value in place.

    3. The screen updates with a combo box value change as the arrow keys are used.

    The following results were found for Safari 5.1.7 for Alt + Down Arrow in a combo box:

    1. The combo box is not extended.

    2. Using Up and Down Arrows changes the combo box value in place.

    3. The screen does not update until the value is selected and the Enter key is depressed.

  3. JAWS May Not Work in Safari on Windows

    For more information, refer to Freedom Scientific and Safari documentation.

  4. JAWS Refresh Keys in Safari and Chrome

    JAWS users should use <JAWS KEY> + escape and <JAWS KEY> + 3 to clear and input page object actions, especially with the Chrome and Safari browsers.

  5. Chrome and Safari do not natively support Windows high contrast

    Chrome needs an extension to support high contrast.

    Safari needs a style sheet to support high contrast.

42.1.6 Learning Service May Skip Processing of Some Learning Records if SDDB is on Oracle RAC Database

The Oracle RTD database sequence SDLEARNING_SEQ definition does not impose strict order. In a RAC environment, this could mean gaps in the values for the sequence, which leads to possible Learning Service failures in properly processing the learning records.

The workaround for this case is to impose the Order option on the sequence SDLEARNING_SEQ. Specifically, a database user with the ALTER ANY SEQUENCE system privilege should issue the following command against the SDDB schema:

  • ALTER SEQUENCE SDLEARNING_SEQ ORDER;

42.1.7 External Rule Editor Does Not Work in Mozilla Firefox Version 16

Impacted Release: 11.1.1.7

With Mozilla Firefox version 16 and later, the External Rule Editor does not work as documented. For example, selecting a left operand when creating a new rule causes a JavaScript error. The workaround for this issue is to use another supported browser.

42.2 Oracle RTD Installation Issues and Workarounds

There are no known issues at this time.

42.3 Oracle RTD Upgrade Issues and Workarounds

There are no known issues at this time.

42.4 Oracle RTD Configuration Issues and Workarounds

There are no known issues at this time.

42.5 Oracle RTD Security Issues and Workarounds

This section describes general issues and workarounds related to Oracle RTD and security. It includes the following topic:

42.5.1 Decision Center Logout Not Redirected Correctly for Oracle Access Manager (OAM) 11g Form-Based Authentication

When Webgate 10g against Oracle Access Manager (OAM) 11g is configured as the SSO provider for Oracle RTD Decision Center access, logging out of, then back into Decision Center should ask users for their user name and password credentials on the re-login. To ensure that this occurs correctly, you must configure the following Oracle RTD Decision Center resources in OAM/Webgate as public (unprotected or anonymous access): 1. Decision Center logout URI /ui/do/logout 2. Decision Center images /ui/images/*

For information on how to perform the configuration, see the topic "Managing Policies to Protect Resources and Enable SSO" in Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager at the location:

http://download.oracle.com/docs/cd/E14571_01/doc.1111/e15478/app_domn.htm#CHEIDJAF

42.6 Oracle RTD Administration Issues and Workarounds

There are no known issues at this time.

42.7 Oracle RTD Integration Issues and Workarounds

This section describes issues and workarounds related to Oracle RTD integration. It includes the following topic:

42.7.1 Java Smart Client Run Configuration Changes Required for Different Properties Files

When setting up the Java Smart Client example, depending on the properties file you are using, you must make some changes to the run configuration in Decision Studio before you run the example.


Note:

<RTD_HOME> refers to the directory where you installed the client-side files, for example, C:\RTD_Tools.

The changes you must make in the Arguments tab require you to enter an explicit, full path name. Make sure that you replace <RTD_HOME> with the exact name of your client-side files installation directory.


If you are using sdclient.properties for your properties file, perform the following change:

  • In the Arguments tab, add the following in the Program arguments box, replacing <RTD_HOME> with the exact name of your client-side files installation directory:

    • -u "<RTD_HOME>\client\Client Examples\Java Client Example\lib\sdclient.properties"

If you are using sdjrfclient.properties for your properties file, perform the following changes:

  • In the Arguments tab, add the following in the Program arguments box, replacing <RTD_HOME> with the exact name of your client-side files installation directory:

    • -u "<RTD_HOME>\client\Client Examples\Java Client Example\lib\sdjrfclient.properties"

If you are using clientHttpEndPoints.properties for your properties file, perform the following changes:

  • In the Arguments tab, add the following in the Program arguments box, replacing <RTD_HOME> with the exact name of your client-side files installation directory:

    • -u "<RTD_HOME>\client\Client Examples\Java Client Example\lib\clientHttpEndPoints.properties"

  • In the Classpath tab:

    • Remove the existing project

    • Add the following jar files: commons-code.jar, commons-httpclient.jar, commons-logging.jar, j2ee-client.jar, and rtd-ds-client.jar (if not already present).

    • Add the project with defaults

42.8 Oracle RTD Decision Studio Issues and Workarounds

This section describes issues and workarounds related to Oracle RTD Decision Studio. It includes the following topics:

42.8.1 Mapping Array Attributes in a Multi-Level Entity Hierarchy

A "parent-child" entity hierarchy is typically defined with the child entity as an attribute of the parent entity. When the child entity is an Array attribute, be careful to map the child Array attribute to its data source in the direct parent entity only. Assume, for example, a Customer with many Accounts, each of which has many Contracts. In Decision Studio, the Customer entity's Mapping tab may display the complete hierarchy as follows: - The Customer entity contains the Account entity as an Array attribute - The Account attribute contains the Contract entity as an Array attribute The Account entity's Mapping tab contains the Contract entity as an Array attribute.With this example, only map the Contract attribute in the Account entity's Mapping tab. Do not map the Contract attribute in the Customer entity's Mapping tab.

42.8.2 Issues When Trying to Enable Caching for Some Entities

There are known issues, which may result in compilation and runtime errors, with enabling entity caching where a number of design factors coincide:

  • You have a multi-level entity hierarchy, and a child entity is an array attribute of a parent entity

  • The data source for the child entity has no Input column defined

  • You want to enable caching on the child entity

If possible, simplify the structure of the child entity, specifically the attributes that are mapped to the sources. If this is not possible, contact Oracle Support with details of your particular design configuration.

42.8.3 Terminate Active Sessions in Cluster Works Only on Decision Server Receiving Deployment Request

Deploying an Inline Service to a cluster with the "Terminate active sessions" option selected will terminate sessions on only the Decision Server that receives the Inline Service deployment request.

42.9 Oracle RTD Decision Center Issues and Workarounds

There are no known issues at this time.

42.10 Oracle RTD Performance Monitoring Issues and Workarounds

There are no known issues at this time.

42.11 Oracle RTD Externalized Objects Management Issues and Workarounds

There are no known issues at this time.

42.12 Oracle RTD Localization Issues and Workarounds

There are no known issues at this time.

42.13 Oracle RTD Documentation Errata

This section describes errata in Oracle RTD documentation and help systems. It includes the following topic:

42.13.1 Oracle Fusion Middleware Administrator's Guide for Oracle Real-Time Decisions

There are no known documentation errata at this time in the Oracle Fusion Middleware Administrator's Guide for Oracle Real-Time Decisions.

42.13.2 Oracle Fusion Middleware Platform Developer's Guide for Oracle Real-Time Decisions

This section describes documentation errata in the Oracle Fusion Middleware Platform Developer's Guide for Oracle Real-Time Decisions. It includes the following topic:

42.13.2.1 External Rules Development Helper Mismatch between Code and Manual Description

The External Rules Development Helper, currently released with the DC_Demo Inline Service, does not function as described in Section 17.2.8, "Setting Up the External Interface and Embedded Rule Editor" and Section 17.3, "Example of End to End Development Using Dynamic Choices and External Rules."

42.13.2.2 Save Choice IDs in Inline Services Rather Than Choices

The Getting Started tutorial chapters within Oracle Fusion Middleware Platform Developer's Guide for Oracle Real-Time Decisions store choices in session-tied entities. It is recommended that configurations only save IDs of choices instead of the full choice objects.

42.14 Oracle RTD Third-Party Software Information

This section provides third-party software information. It includes the following topic:

42.14.1 Displaytag Download Location

The third-party package Displaytag can be downloaded from http://displaytag.sourceforge.net.

PK=V̟hhPK Oracle Portal

32 Oracle Portal

This chapter describes issues associated with Oracle Portal. It includes the following topics:

32.1 Before You Begin

In addition to the known problems and workarounds described in this document, Oracle recommends that you read the My Oracle Support note 834615.1 - Oracle Fusion Middleware 11g Portal (11.1.1) Support Status and Alerts. This article contains known issues that were discovered after the release of Oracle Portal 11g Release 1 (11.1.1).

32.2 General Issues and Workarounds

This section describes general issues and workarounds. It includes the following topics:

32.2.1 Editing a Database Link Requires Password

If the database where the portal schema is installed is version 10.2 or later, then users must re-enter the remote user's password when they rename or edit a database link from the Portal Navigator's Database Objects tab. This is applicable only for those database links that are created with the Specific User option.

32.2.2 Moving Content When Approval Is Enabled Does Not Require Approval

Moving content between pages or between regions of the same page does not trigger approvals. For example, when a target page is configured with an approval process and a contributor moves content from a source page to the target page, the moved content does not trigger the approval process on the target page, even when approval is required for all users.

32.2.3 Firefox and Safari Browsers Do Not Display Tooltips on Oracle Portal Screens

Firefox and Safari browsers do not support the display of tooltip text, which is set using the ALT attribute for image descriptions.

As a workaround, you can download and install browser-specific add-ons, such as Popup ALT Attribute for Firefox (see https://addons.mozilla.org/en-US/firefox/addon/1933).

32.2.4 Non-ASCII URLs Cannot be Decoded in Some Scenarios

If the JVM default character encoding is set to ISO8859-1, the Portal repository database character set must match with the JVM default character encoding. If this condition is not satisfied, non-ASCII URLs may become inaccessible.

32.2.5 Adding a Zip File with a Non-ASCII Character Name

If you are adding a zip file to a page under a pagegroup using non-ascii character name, and when you unzip the file, it throws the following exception:

IllegalArgumentException: null and unzip will be failed.

To avoid this exception, you must use ascii character as the zip file name.

32.2.6 Manual Changes to Oracle Portal Default Schema Objects

Any manual changes to Oracle Portal default objects, such as tables, views, packages, or indexes are not supported. Such changes may render Oracle Portal unusable. Note that the internal structure of Portal objects can change between versions.

For more information, see the 403179.1 My Oracle Support note.

32.2.7 Error When Creating RCU Portal Schema

If RCU portal schema creation fails with the error message ORA-24246: empty access control list (ACL) not allowed, do the following:

  1. Connect to the database as a SYS user.

  2. At the SQL prompt, run the following command:

    BEGIN
          DBMS_NETWORK_ACL_ADMIN.drop_acl (
              acl         => '/sys/acls/portal-permissions.xml');
          COMMIT;
        END;
        /
    

32.2.8 Portal Throws Discoverer Provider is Busy Error Message

Portal throws an error message The Discoverer Provider is busy, please try again later. This occurs when you perform the following steps:

  1. Click Edit Portlet defaults

  2. Click Update for Database section

  3. Change selection for User not logged sub-section

  4. Click Next to fetch worksheet list

Workaround

To workaround this issue perform the following steps:

  1. Add stall timeout to $DOMAIN_HOME/servers/WLS_PORTAL/

    stage/portal/portal/configuration/appConfig.xml

    For example: <stall>200</stall>

  2. Restart WebLogic Server Portal

32.2.9 Error When Adding Sample RSS Portlets to a Page

When you try to add the sample Scrolling RSS Portlet or the sample Simple RSS portlet to a Portal page, an error message is displayed.

The error occurs because the RSS used by the sample portlets are no longer available.

Currently, there is no workaround for this problem.

32.2.10 Internal Error when Using Portal Search With Oracle Text Enabled to Search for Pages

If you have Oracle Text enabled, the following internal server error may occur when you are searching for Pages:

Internal error (WWC-00006)
An unexpected error has occurred (WWS-32100)
Unknown Exception (WWC-45131)
User-Defined Exception (WWV-11230)
Unexpected error - ORA-00600: internal error code, arguments:
[qkeIsExprReferenced1], [], [], [], [], [], [], [] (WWC-35000)

If this error occurs, you must download and install the patch ID 7041059 from https://support.oracle.com/

32.2.11 Issue After Creating a Oracle Portal Schema

After creating the Oracle Portal schema, you may get the following error:

checkinstall2=Add ACL for network packages if DB is 11.1 or higher... 
 old   4:     schema varchar2(2000)   := upper('&&1'); 
 new   4:     schema varchar2(2000)   := upper('CLASSIC17_PORTAL'); 
 Package DBMS_NETWORK_ACL_ADMIN exists, assign ACL if not already assigned 
 Removing dangling principals,if any from the ACL privilege list ... 
 ERROR: when assigning network ACL 
 declare 
 * 
 ERROR at line 1: 
 ORA-24246: empty access control list (ACL) not allowed 
 ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 421 
 ORA-06512: at line 1 
 ORA-01403: no data found 
 ORA-06512: at line 83 

To fix this error, you must create a schema with a different prefix, and then run the following command to clean out the dangling ACL:

 begin 
 DBMS_NETWORK_ACL_ADMIN.DELETE_PRIVILEGE('portal-permissions.xml','PREFIX_PORTA 
 L'); 
 end; 

PREFIX_PORTAL is replaced with the schema prefix used in the schema that was dropped.

You must run the Repository Creation Utility to install the new schema.

32.2.12 Updating Database Tables

In Oracle Portal database object, if you insert one row data which has MB character and then update the row, the update will not work. You must manually update the table and view in the database to avoid this issue and update the table and view successfully.