PK .V_Eoa,mimetypeapplication/epub+zipPK.V_EiTunesMetadata.plistJ artistName Oracle Corporation book-info cover-image-hash 995643490 cover-image-path OEBPS/dcommon/oracle-logo.jpg package-file-hash 452402847 publisher-unique-id E14770-57 unique-id 227566907 genre Oracle Documentation itemName Oracle® Fusion Middleware Release Notes for Linux x86-64, 11g Release 1 (11.1.1) releaseDate year 2014 PKv_OJPK.V_EMETA-INF/container.xml PKYuPK.V_EOEBPS/discoverer.htm Oracle Business Intelligence Discoverer

40 Oracle Business Intelligence Discoverer

This chapter describes issues associated with Oracle Business Intelligence Discoverer. It includes the following topics:

40.1 General Issues

This section describes general issues that affect more than one Discoverer component. It includes the following topics:

40.1.1 Error while Accessing a Discoverer Menu Option in Enterprise Manager

In Enterprise Manager 11g Fusion Middleware Control, if you select the Catalog > Install from the Discoverer drop down menu, the following ADF error occurs:

ADFC-06003:EL expression
#{viewScope.general_info_dialog.model.regionBound}' for a region TaskFlowId
in binding 'genRegion' evaluated to null, a non-value must be specified" 

Workaround

Select Catalog > Manage from the Discoverer menu and then select Catalog > Install. The Install Catalog page appears without any error.

40.1.2 Issues with Metadata Repository and Oracle Database 10g Release 1

When using Oracle Database 10g Release 1 (10.1.x) for the Metadata Repository or after upgrading the Metadata Repository to Oracle Database 10g Release 1, you might see the following error on the Oracle BI Discoverer Plus Connection pages, the Oracle BI Discoverer Viewer Connection pages, and the Public Connection definition page in Fusion Middleware Control:

The connection list is currently unavailable.
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "ORASSO.WWSSO_API_PRIVATE," line 258
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "ORASSO.WWSSO_UTL" line 728
ORA-28231: no data passed to obfuscation toolkit
ORA-06512: at line 1 Unable to retrieve connection list

To resolve this issue, make the following changes in the Metadata Repository database:

  1. Edit the init%ORACLE_SID%.ora file. This file exists either in the dbs folder or the database folder. For example, in Windows, this file is located in the DB_install_home/database/ folder.

  2. Add the following line to this file:

    event="10946 trace name context forever, level 36"

  3. If an spfile%ORACLE_SID%.ora exists in either the dbs folder or the database folder, rename the file to spfile%ORACLE_SID%.bak. Changes to init%ORACLE_SID%.ora are not loaded if the database server finds an spfile.

  4. Log in as a sysadmin.

  5. At the SQL prompt, shut down then start up the database server.

  6. Restart the Oracle BI Discoverer server using the command opmnctl restartall.

40.1.3 Compatibility Issues with Required Support Files

The Oracle Database and other Oracle database client software (for example, SQL*Plus, the database export utility) use Oracle Required Support Files (RSF).

Oracle BI Discoverer also uses Oracle Required Support Files (RSF), specifically RSF version 11.1.0.7. This version of the Oracle Required Support Files is installed during Oracle BI Discoverer installation.

Note that the Required Support Files version 11.1.0.7 is incompatible with earlier versions of Oracle Database 10g. So if the machine on which you install Oracle BI Discoverer already has a version of Oracle Database 10g or database client software that is earlier than 11.1.0.7, there will be compatibility issues. For example, if you install Oracle BI Discoverer and attempt to run a version of SQL*Plus earlier than 11.1.0.7, then the following error is displayed:

ORA-12557 TNS: protocol adapter not loadable

To avoid the compatibility issues, upgrade Oracle Database 10g or database client software on the machine to the same version (11.1.0.7) as the version of the Required Support Files that were installed with Oracle BI Discoverer.

This issue does not exist for Oracle9i Database Server.

40.1.4 Serif Font Issue in Worksheets

You might notice unsightly font issues when using a non-English locale such as Czech. For example, when a worksheet uses a serif font, text in that worksheet might be displayed incorrectly on the screen and in printouts.

To work around this issue, update the file that maps the serif fonts. The name of this file differs depending on the locale in use. When you use Oracle BI Discoverer Plus Relational or Plus OLAP in English, the file is named file.properties. If you use Oracle BI Discoverer in a non-English locale, then the file name includes the code for the locale, such as file.properties.cs for Czech.

Update the mapping file with the following information:

serif.0=Times New Roman,EASTEUROPE_CHARSET serif.1=WingDings,SYMBOL_CHARSET,NEED_CONVERTED serif.2=Symbol,SYMBOL_CHARSET,NEED_CONVERTED

Consult the following Sun Web site for additional information about fonts:

http://java.sun.com/j2se/1.3/docs/guide/intl/addingfonts.html

40.1.5 Additional Fonts Required for Non-ASCII Data When Exporting to PDF

If you are running Oracle BI Discoverer Plus Relational or Plus OLAP on a Macintosh or Linux client machine, you must add the appropriate font files to your client machine to allow exported PDF files to display non-ASCII data correctly.

These font files include Albany fonts with names such as ALBANWTJ.TTF and ALBANWTK.TTF. The files are stored in the /utilities/fonts directory on the CD-ROM or DVD for the Oracle Application Server Metadata Repository Upgrade Assistant.

To install the additional required fonts:

  1. Navigate to the /utilities/fonts directory on the CD-ROM or DVD for the OracleAS Metadata Repository Upgrade Assistant.

  2. Copy the appropriate Albany TTF file from the /utilities/fonts directory to the plug-in directory in the $jdk/jre/lib/fonts directory on the Macintosh or Linux client machine.

40.1.6 Query Prediction Requires the Majority of the Query Time

When using Oracle BI Discoverer with a relational data source, you can predict the time that is required to retrieve information by setting the value of the QPPEnable preference to 1. However, in some circumstances, the majority of the time taken to retrieve information is consumed by the prediction activity itself.

To work around this issue, set the value of the QPPObtainCostMethod preference to 0 (use the EXPLAIN PLAN statement to predict query times) rather than to 1 (use dynamic views to predict query times).

For more information about setting preferences, see the Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer.

40.1.7 Word Wrapping Behavior with Oracle BI Discoverer Plus and Oracle BI Discoverer Viewer

To use word wrap settings correctly, you must understand how they are designed for Oracle BI Discoverer:

  • Oracle BI Discoverer Plus: Word wrap settings that you make in Oracle BI Discoverer Plus are saved in the worksheet and affect the display of worksheets in Oracle BI Discoverer Plus and when printing to PDF.

  • Oracle BI Discoverer Viewer: Word wrap settings that you see in the Print Settings dialog work as follows:

    • The word wrap settings do not affect the display of worksheets in Oracle BI Discoverer Viewer.

    • For relational data:

      • The word wrap settings do affect the printing of worksheets to PDF.

      • If the Always wrap text when size exceeds column width box is checked, then the print settings in Oracle BI Discoverer Viewer do override the settings made in a worksheet in Oracle BI Discoverer Plus Relational for printing to PDF.

      • If the Always wrap text when size exceeds column width box is not checked, then the print settings in Oracle BI Discoverer Viewer do not override the settings made in a worksheet in Oracle BI Discoverer Plus Relational for printing to PDF.

    • For OLAP data:

      • The word wrap settings do not affect the printing of worksheets to PDF.

      • Regardless of whether the Always wrap text when size exceeds column width check box is selected, the print settings in Oracle BI Discoverer Viewer never override the settings made in a worksheet in Oracle BI Discoverer Plus OLAP for printing to PDF.

40.1.8 Applet Appears Behind Browser Window

When you use Microsoft Internet Explorer, the Oracle BI Discoverer Plus Relational or Plus OLAP applet initialization and download dialog appears behind the browser window from which it was launched. After the applet is downloaded and initialized, it appears in front of the browser window from which it was launched.

To work around this issue:

  • Use a browser other than Internet Explorer, such as Netscape Navigator or Mozilla Firefox.

  • Use the Oracle BI Discoverer Plus URL parameter _plus_popup=false, which is documented in the Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer.

40.1.9 Issues with Mac OS X Browser and Oracle BI Discoverer Plus

The following are issues that you might encounter when you use the Safari browser on Mac OS X with Oracle BI Discoverer Plus Relational or Plus OLAP:

  • If you resize the browser window in the applet, then some parts of the content might be clipped. To work around this problem, always maximize the browser window for the applet when working with Mac OS X.

  • Keyboard combinations (also known as mnemonics) do not work in Oracle BI Discoverer Plus Relational and Plus OLAP.

    For example, you cannot press Alt+F to access the File menu.

  • In the Share Workbooks dialog of Oracle BI Discoverer Plus Relational, the leading characters of the "Shared:" list are clipped. In other words, the left edge of the list is truncated. For example, if you shared a workbook with DISCODEV, then you will only see SCODEV in the list. The title for the list is also truncated such that you see only the vertical line of the "d" in "Shared" and the colon (that is, "l:").

    The dialog continues to work as expected, but you might have difficulty reading the names in the "Shared:" list.

    This issue has no workaround.

40.1.10 Issues with Turkish Regional Settings

Because of Sun JRE 1.4 bug 4688797, you might encounter issues when connecting to a database schema from a computer that has Turkish regional settings. You will encounter the issue when you attempt to connect to a database schema with a user name that contains certain letters, such as the letter 'I' or 'i', for example, in "bibdemo". See the Sun JRE bug for information on the letters that are affected.

To work around this issue, either do not use Turkish regional settings or use a user name that does not contain the affected letters.

40.1.11 Multibyte Characters Rendered as Square Boxes in Exported PDF and Other Formats

When you export a workbook to PDF and other formats, multibyte characters (for example, Korean, Japanese, and Chinese characters) appear as square boxes.

To work around this issue, copy the following Albany fonts from ORACLE_HOME/jdk/jre/lib/fonts to the fonts folder of your JDK (Oracle JRockit or Sun) within the MW_HOME directory. For example, if you are using Sun JDK, you must copy the fonts to MW_HOME/jre/jdk160_11/lib/fonts.

  • AlbanWTJ.ttf

  • AlbanWTK.ttf

  • AlbanWTS.ttf

  • AlbanWTT.ttf

  • ALBANYWT.ttf

40.1.12 Java Plug-in Not Downloaded Automatically on Firefox

When you attempt to connect to Discoverer Plus by using the Mozilla Firefox browser on a machine that does not have Java 1.6 installed, the browser does not download the JRE 1.6 plug-in automatically. Instead, the browser displays the following message:

Additional plugins are required to display this page...

You must download the JRE 1.6 plug-in (by clicking the Install Missing Plugin link) and install it manually.

40.1.13 HTTP 404 Error While Accessing Discoverer on a Remote Machine

When you attempt to connect to Discoverer Plus, occasionally, the browser returns an HTTP 404 (File Not Found) error.

The page loads correctly when you refresh the browser a few times.

40.1.14 Error While Launching Discoverer Plus Applet on an IPv6 Environment

If the Web tier is on an IPv6 machine, when you start Discoverer Plus, the following error message might be displayed:

Attempt1. RMI protocol over JRMP transport: Connection refused to host: DiscoServerMahcineName;nested exception is:
@ java.net.ConnectionException: Connection timed out

To work around this issue, in the System MBean Browser of Fusion Middleware Control, change the TransportProtocols attribute of the Plus Config MBean to "jrmp,http" (or "jrmp,https" if Discoverer Plus is accessed by using secure HTTP).

40.1.15 Error While Updating the Discoverer Web Services Configuration Parameter

When you update the web services configuration parameter (Maximum Sessions) using the Discoverer Web Services Configuration page of Fusion Middleware Control and click Apply, the following error message is displayed:

Applying changes - Failed.
Exception caught:

You can ignore the error message because the changes are applied even if the exception is thrown. Alternatively, you can update the MaxSessions attribute of the WebServicesConfig MBean in the System MBean Browser of Fusion Middleware Control.

40.1.16 Exception Logged for Discoverer Web-Based Applications in an Extended Domain

When you extend a domain and add Discoverer application in a remote machine, you may see the following exception in the WebLogic Server log:

java.lang.IllegalArgumentException: ODL-52057: The handler 'disco-server-handler' is not defined.

To work around this issue, modify the log_handlers and loggers elements in the logging.xml file located in the DOMAIN_HOME/config/fmwconfig/servers/WLS_DISCO folder of the machine where the domain exists.

In the log_handlers section, add the handlers as follows:

<log_handler name='discoverer-handler'
class='oracle.core.ojdl.logging.ODLHandlerFactory'>
   <property name='path'
value='${domain.home}/servers/${weblogic.Name}/logs/discoverer/diagnostic.log'
/> 
<property name='maxFileSize' value='1048576'/>
   <property name='maxLogSize' value='10485760'/>
   <property name='format' value='ODL-Text'/>
   <property name='useSourceClassAndMethod' value='false'/>
  </log_handler>
 
  <log_handler name='disco-server-handler'
class='oracle.core.ojdl.logging.ODLHandlerFactory'>
   <property name='path'
value='${domain.home}/servers/${weblogic.Name}/logs/discoverer/server/diagnost
ic.log'/>
   <property name='maxFileSize' value='1048576'/>
   <property name='maxLogSize' value='10485760'/>
   <property name='format' value='ODL-Text'/>
  </log_handler> 

In the loggers sections, add the following elements:

<logger name='ORACLE.DISCOVERER.VIEWER' level='TRACE:32'
useParentHandlers='false'>
   <handler name='discoverer-handler'/>
   <handler name='odl-handler'/>
  </logger>
  <logger name='ORACLE.DISCOVERER.PORTLET_PROVIDER' level='TRACE:32'
useParentHandlers='false'>
   <handler name='discoverer-handler'/>
   <handler name='odl-handler'/>
  </logger>
  <logger name='ORACLE.DISCOVERER.MODEL' level='TRACE:32'
useParentHandlers='false'>
   <handler name='discoverer-handler'/>
   <handler name='odl-handler'/>
  </logger>
  <logger name='ORACLE.DISCOVERER.WEB_SERVICES' level='TRACE:32'
useParentHandlers='false'>
   <handler name='discoverer-handler'/>
   <handler name='odl-handler'/>
  </logger>
  <logger name='ORACLE.DISCOVERER.SERVER' level='TRACE:32'
useParentHandlers='false'>
   <handler name='disco-server-handler'/>
   <handler name='odl-handler'/>
  </logger>

After adding these elements, save the logging.xml file, and restart the Administration Server and Discoverer Managed Servers.

40.1.17 Issue with Discoverer Application URL in Fusion Middleware Control after a Backup Recovery

When you recover the Oracle BI Discoverer middle tier from a backup, the Discoverer application URL in the Discoverer Home page of Fusion Middleware Control point to a wrong location.

You must configure the application URLs that appear on the Oracle BI Discoverer Home page in Fusion Middleware Control after recovering the Oracle BI Discoverer middle tier from a backup.

For more information, see "How to configure application URLs displayed on the Fusion Middleware Control Discoverer Home page" in the Oracle Business Intelligence Discoverer Configuration Guide.

40.1.18 Incorrect Version Number for Discoverer in Fusion Middleware Control 11g

In Fusion Middleware Control 11g, the Enterprise Manager Fusion Middleware Control pages display wrong version number (11.1.1.2.0) for the Oracle BI Discoverer application. The correct version number for Oracle BI Discoverer is 11.1.1.4.0.

40.1.19 Oracle BI Discoverer Startup Fails after Shutdown

When you first start up the Discoverer application from Oracle Enterprise Manager Fusion Middleware Control or Oracle WebLogic Administration Console after shutting down the application instance, the startup fails with error logs.

To work around this issue, start the Discoverer application again. The second time the application starts without any error message.

40.1.20 The Database Export and Import Utility does not Work with Applications Mode EUL

You cannot use the standard database export and import utilities to export or import the database, EUL tables and database objects referenced by the Applications Mode EUL definitions. The standard database export and import utility can be used only for standard EUL definitions.

To work around this issue, use the Discoverer Export Wizard in Discoverer Administrator to export EUL objects to an EUL export file (*.EEX). After exporting the EUL objects, you can import the .EEX file using the Discoverer Import Wizard.For more information, see "Creating and Maintaining End User Layers" in Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Discoverer.

40.1.21 Install-level Scripts are not Updated in Existing Instances after Patching

When you upgrade Oracle Discoverer 11gR1 PS1 to 11gR1 PS2 or 11gR1 PS3, the patch will be installed in the ORACLE_HOME folder. Therefore, script changes in the new patch set will not be available for existing Oracle Discoverer instances, which are located in the ORACLE_INSTANCE folder. However, new instances that are created after the patch upgrade will be updated.

To work around this issue, after a patch upgrade manually copy the new scripts to the existing ORACLE_INSTANCE folders. For example, copy the new discenv.sh script file from ORACLE_HOME to the ORACLE_INSTANCE/Discoverer/Discoverer_instance-name/util/ folder.

For more information about Discoverer file locations, see "Oracle BI Discoverer Configuration Files" in Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer.

40.2 Issues Specific to Oracle BI Discoverer Plus Relational

This section describes issues that are specific to Oracle BI Discoverer Plus Relational. It includes the following topics:

40.2.1 Text Appearing Truncated or Clipped

When you run Oracle BI Discoverer Plus Relational with Sun Java Plug-in 1.4.2_06, the Browser Look and Feel, and an Asian language (such as Korean or Chinese), you might notice that static text and text in buttons in the user interface appears truncated or clipped. To work around this issue, do one of the following:

  • Change the Look and Feel to either Plastic or System.

  • Use JInitiator 1.3.1.17 instead of the Sun Java Plug-in.

  • Install Sun Java Plug-in version 1.4.2_10 or higher.

40.2.2 Non-ASCII Characters Not Saved Correctly in Title or Text Area

When you save a new workbook in Oracle BI Discoverer Plus, any text characters beyond the standard ASCII characters are not saved correctly when all the conditions that are described in the following list are met:

  • You are logged in as an Oracle e-Business Suite user.

  • The language for the computer is not English.

  • Oracle BI Discoverer Plus is running against an Oracle e-Business Suite database that does not have that non-English language installed.

This issue has no workaround.

40.2.3 Canceling Query Causes Discoverer to Hang

If you cancel a query that is running in Oracle BI Discoverer Plus Relational, then you are prompted to either choose YES to undo the changes or NO to show a blank sheet. If you choose YES, then Oracle BI Discoverer Plus Relational hangs and you must close the window and restart.

To work around this issue, choose NO to show a blank worksheet. You can then refresh the sheet and continue working.

40.2.4 Nonaggregable Values Not Displayed for Scheduled Workbooks

Oracle BI Discoverer Plus Relational does not display nonaggregable values for scheduled workbooks. In other words, Oracle BI Discoverer Plus Relational processes scheduled workbooks as if you selected the Show values that cannot be aggregated as: <Non-aggregable label> option in the Worksheet Properties dialog: Aggregation tab.

Nonaggregable values include those based on the following SQL functions:

  • A CASE SQL statement

  • A DECODE SQL statement

  • A PL/SQL function

  • A DISTINCT SQL statement

  • An analytic function

40.2.5 Migrating Oracle BI Discoverer Plus Relational Worksheets from Oracle BI Discoverer Desktop

If you use Oracle BI Discoverer Plus Relational to open a worksheet that was created using Oracle BI Discoverer Desktop Version 9.0.4 (or earlier), the size of the title area for that worksheet defaults to two lines in height. A title height of two lines might be a problem if a worksheet title requires more than or less than two lines. If you want to change the size of the title area, you must resize the title area manually and save the worksheet.

To resize the title area for a worksheet, open the worksheet and drag the bar at the bottom of the title area pane up or down.

40.3 Issues Specific to Oracle BI Discoverer Plus OLAP

This section describes issues that are specific to Oracle BI Discoverer Plus OLAP. It includes the following topics:

40.3.1 Issues with Applet Download

There may be Oracle Business Intelligence Discoverer Plus applet download issues when caching has been enabled in the Sun Java Plug-In.

To avoid these issues, disable caching in the plug-in.

40.3.2 Disabled Netscape and Mozilla Browsers

When you are running Netscape 7.x or Mozilla browsers, the Netscape and Mozilla Mail clients and Web browser may become disabled when Oracle BI Discoverer Plus OLAP modal dialogs are displayed.

Dismissing the Oracle BI Discoverer Plus OLAP dialogs resumes normal operation for the Netscape and Mozilla tools.

40.3.3 Tabbing Fails to Synchronize Menus

When you use the Tab key to select items in a worksheet, the menus do not always synchronize to reflect the currently selected item.

This issue has no workaround.

40.3.4 Esc Key Fails to Close Certain Dialogs

The Esc key does not close the following dialogs: Totals, New Total, Parameter, and Manage Catalog.

Instead of using the Esc key, click the Close or OK button.

40.3.5 Link Tool Works Incorrectly in Some Locales

The Link tool, which enables users to drill out to external URLs from a crosstab cell, might not work correctly in all locales due to URL encoding issues.

This issue has no workaround.

40.3.6 Memory Issues when Exporting Extremely Large Graphs

Exporting extremely large graphs can cause memory issues, requiring a restart of the Oracle BI Discoverer Plus OLAP session.

This issue has no workaround.

40.3.7 Issue While Printing Worksheets with Large Data Values

When printing a worksheet that contains large numbers in the data cells, the string ####### may be printed instead of the actual numbers.

This issue has no workaround.

40.3.8 Issues with Titles and Text Areas

The following issues exist with titles and text areas:

  • Nonempty titles and text areas are printed even if they are hidden in the worksheet.

    This issue has no workaround.

  • When you set the title or text area background to green and export the worksheet to an HTML file, the background is incorrectly set to red in the exported file.

    This issue has no workaround.

40.3.9 Errors with JAWS and Format Dialogs

When you use JAWS, you will notice errors when you attempt to format graphs and crosstabs using the Format dialogs.

This issue has no workaround.

40.4 Issues Specific to Oracle BI Discoverer Portlet Provider

This section describes issues that are specific to Oracle BI Discoverer Portlet Provider. It includes the following topics:

40.4.1 Inability to Turn Off Display of Range Min and Max as Labels

In the Display Options of a gauge portlet, the Minimum Value and Maximum Value range labels are selected but are also disabled so that you cannot deselect the display of those values. The values for the minimum and the maximum appear at the ends of every gauge in the set except for those gauges where the value to be gauged is out of the range of the minimum and the maximum values. For those gauges where the value to be displayed exceeds the range of the minimum and the maximum values, the gauge will automatically adjust to accommodate the value.

This issue has no workaround.

40.4.2 Issues with Discoverer Portlets in WebCenter

The following issues exist for Discoverer portlets displayed in Oracle WebCenter.

  • When a Worksheet portlet is displayed in Oracle WebCenter, the links to navigate to the next set of records does not work.

  • When a List of Worksheets portlet is displayed in Oracle WebCenter, the Expand All Icons link does not work.

To work around these issues, set the RenderPortletInIFrame attribute of the portlet tag to TRUE. For more information, see "Setting Attribute Values for the Portlet Tag" in Oracle Fusion Middleware Developing Portals with Oracle WebCenter Portal and Oracle JDeveloper.

40.4.3 Issue while Publishing Discoverer WSRP Portlets in Portals Other than Oracle Portal and Oracle WebCenter

When you publish Discoverer WSRP Portlets in portals other than Oracle Portal and Oracle WebCenter (such as Oracle WebLogic Portal and IBM WebSphere Portal), the pop-up windows for input selection will have the same page layout as the portal page with all navigation options. If you select any of these navigation options, the current portlet state will be lost. You might need to start publishing the portlet from the beginnng.

The issue has no workaround.

40.4.4 Issue with Portlet Titles in Discoverer WSRP Portlets Published on IBM WebSphere

You cannot dynamically change the portlet title of a Discoverer WSRP portlet in IBM WebSphere after it is published. Static title is rendered in the portal for each portlet instance.

To work around this issue, set a meaningful title for the portlet by editing the title using the Set Title or Description option in the WebSphere portal. For more information about changing the title of a portlet, see WebSphere documentation.

40.4.5 Issue with Color and Date Pickers in Discoverer WSRP Portlets

The Color and Date pickers in Discoverer WSRP Portlets do not work on portals other than Oracle WebCenter.

On portals such as Oracle Portal, Oracle WebLogic Portal and IBM WebSphere, to workaround this issue, set the value of the configuration parameter useInlineUIXPicker to true. The default value of this parameter is false. When you set the useInlineUIXPicker parameter to true, set the color and date as follows:

  • Inline color pickers are enabled in the Gauges Selection page and you can select a color from the palette.

  • You cannot select the color using the Format option of the Personalize menu of the worksheet. Use the Analyze option in the portlet window to change the color.

  • The Date picker in the Refresh option will not be available. Enter the date manually.

40.4.6 Worksheet Parameter LOV is not Displayed in Discoverer WSRP Portlets on IBM WebSphere Portal

The Worksheet Parameter LOV icon is not displayed when you publish Discoverer WSRP portlets in IBM WebSphere portal.To work around this issue, enter parameter values manually.

40.4.7 Issue with Worksheet Parameter LOV Pop-Up Window in Discoverer WSRP Portlets

In Oracle Portal and Oracle WebLogic Portal, when you select values from the parameter LOV from a worksheet portlet published by using the Discoverer WSRP Portlet producer, the pop-up window is not getting closed on selection of values.You must explicitly close the pop-up window after selection of values.

40.5 Issues Specific to Oracle BI Discoverer Viewer

This section describes issues that are specific to Oracle BI Discoverer Viewer. It includes the following topics:

40.5.1 Drill Icons Cannot Be Hidden in Oracle BI Discoverer Viewer

The pref.txt file contains a setting called ShowDrillIcon, which is not functioning properly. If you set ShowDrillIcon to False, then drill icons are still displayed in Oracle BI Discoverer Viewer.

The issue has no workaround.

40.5.2 Error Displaying Page for Multiple SSO Users

When an Oracle Single Sign-On (SSO) user tries to view a worksheet from a List of Worksheets Portlet by using the same browser window that is already being used by an SSO user to view that worksheet, the second user sees the following error message: "The page cannot be displayed".

To work around this issue, start a new browser session and view the worksheet.

40.5.3 Inability to Disable the Display of Row Numbers

Oracle BI Discoverer Viewer no longer offers the ability to disable the display of row numbers in a tabular worksheet.

40.5.4 Issues with Oracle BI Discoverer Viewer Embedded in Frames

Users might see JavaScript errors such as "Access Denied" or other unexpected behavior when both of the following conditions are met:

  • When Oracle BI Discoverer Viewer is embedded in an IFRAME tag.

  • When the domain of the server that hosts the HTML page with the IFRAME tag is different from the domain of the Oracle BI Discoverer server that is running Oracle BI Discoverer Viewer.

Use one of the following workarounds for this issue:

  • Run the Oracle BI Discoverer server and the server that hosts the HTML page with the IFRAME tag in the same domain.

  • Alter the Common2_2_20.js file on the Oracle BI Discoverer server using the following steps:

    1. Use Fusion Middleware Control to stop all services on the middle tier for Oracle Business Intelligence.

    2. Make a backup copy of the Common2_2_20.js file from the following directory:

      domain\servers\managed_server\stage\discoverer\release\discoverer\discoverer.war\cabo\jsLib

      domain is the path of directory that contains the domain.

      managed_server is the name of the managed server on which the Discoverer application is deployed.

      release is the release number of Discoverer. For example, 11.1.1.1.0.

    3. Edit the Common2_2_20.js file and replace all occurrences of "parent._pprSomeAction" with "window._pprSomeAction".

    4. Use Fusion Middleware Control to start all services on the middle tier for Oracle Business Intelligence.

    5. Clear the browser cache on the client machine so that the new Common2_2_20.js file will be used.

40.5.5 Issue Exporting to PDF Under Certain Circumstances

If you are using Oracle BI Discoverer Viewer with Microsoft Internet Explorer, you might encounter an error message when you try to export to PDF a worksheet that is named with non-ASCII characters, a space, and a number. The export fails and you will see a message similar to the following one:

No %PDF- in a file header

Use one of the following methods to work around this issue:

  • Use a browser other than Internet Explorer, such as one from Netscape or Mozilla.

  • Remove the space between the non-ASCII characters and the number, or remove the number altogether.

  • Continue to use Internet Explorer and leave the space in the worksheet name, but follow these steps:

    1. Start the Adobe Reader.

    2. From the Edit menu, choose Preferences, then click Internet.

    3. Clear the Display PDF in browser box.

40.5.6 Issue When Changing Colors for Oracle BI Discoverer Viewer in Fusion Middleware Control on Mac OS X

You can use Fusion Middleware Control to change the look and feel of Oracle BI Discoverer Viewer. That page contains a color chooser, or palette. If you use Fusion Middleware Control on Mac OS X with the Safari browser, then the page does not correctly enter the color code when you select a color from the palette.

To work around this issue, you can either use the Firefox browser or you can enter a color code directly.

The color codes are standard HTML hexadecimal color codes. You can enter one of the 49 colors that are available in the color palette, or you can enter any valid HTML hexadecimal color code.

The following list provides examples of colors with their codes:


white #FFFFFF
grey #CCCCCC
black #000000
pink #FFCCCC
red #FF0000
light yellow #FFFFCC
yellow #FFFF00
light green #99FF99
dark green #00CC00
light blue #66FFFF
dark blue #3333FF
lavender #FF99FF
purple #CC33CC

40.5.7 Discoverer Catalog Items Not Visible From UNIX Servers

You might encounter issues when trying to see items in the Discoverer Catalog when using Oracle BI Discoverer Viewer with OLAP data on UNIX servers.

You can resolve this issue on the middle-tier machine where Oracle BI Discoverer runs by performing the following steps.

To check whether the time zone variable is set:

  1. Open a shell prompt.

  2. Type echo $TZ to display the time zone setting.

If no value is displayed, then the time zone has not been set.

To set the time zone variable:

  1. Open a shell prompt.


    Note:

    The UNIX user that sets the TZ variable must be the same UNIX user that installed Oracle Business Intelligence.


  2. If you do not know which shell you are using, type $echo $SHELL to display the name of the current shell.

  3. Set the time zone as appropriate.

    For example, to set the time zone variable for US/Pacific time:

    • For the Bourne, Bash, or Korn shell, type export TZ=US/Pacific

    • For the C shell, type setenv TZ US/Pacific


      Note:

      Consult the shell documentation for the appropriate values.


40.5.8 Known Bug with JAWS Prevents Drilling Using the Enter Key

Oracle BI Discoverer can be used in conjunction with assistive technologies such as the JAWS screen reader. However, a bug in JAWS prevents the drilling feature from working correctly in Oracle BI Discoverer Viewer when querying a relational data source.

Assume that you use the keyboard to navigate to the drill icon beside an item in the worksheet header. When you press the Enter key to drill on that header item, the Drill page should be displayed as described in the "Worksheet Display page: (Page level tools and controls)" topic in the Help system and the Oracle Fusion Middleware User's Guide for Oracle Business Intelligence Discoverer Viewer).

However, when JAWS is running, the Drill page is not displayed. Instead, the Drill popup menu is displayed. It is not possible to select items from this popup menu by using the keyboard, and JAWS does not read the items on the popup menu.

This issue has no workaround.

40.5.9 JAWS Does Not Read Asterisks that Precede Fields

In Oracle BI Discoverer Viewer, an asterisk that precedes a text field indicates that the user is required to enter a value into that text field. The JAWS screen reader does not read an asterisk that precedes a required text field and does not otherwise indicate that the field is required.

This issue has no workaround.

40.5.10 Oracle BI Discoverer Viewer Pages are not Cached by Oracle Web Cache

When using Oracle BI Discoverer with Oracle Web Cache, note the following:

  • When Oracle Single Sign-On is enabled, Oracle Web Cache does not cache Oracle BI Discoverer Viewer pages, regardless of whether they are accessed using a public connection or a private connection.

  • If an Oracle BI Discoverer Viewer page is accessed directly through a URL and the URL contains URL parameters that specify login details (for example, user name, database name), then Oracle Web Cache does not cache the page. For example, Oracle Web Cache does not cache worksheet "Sheet 1" in workbook "Workbook 2" that is displayed by using the following URL:

    http://<host.domain>:<port>/discoverer/viewer?us=video5&db=db1&eul=VIDEO5&wbk=Workbook+2&ws=Sheet+1


    Note:

    In the example above, us= specifies the database user name, and db= specifies the database name.


    However, Oracle Web Cache does cache worksheet "Sheet 1" in workbook "Workbook 2" if a user logs in manually to Oracle BI Discoverer Viewer by using the same login details, and navigates to the worksheet.

  • You must increase the delays for Oracle BI Discoverer Viewer by at least 60 seconds for Oracle BI Discoverer Viewer to properly cache workbooks with Oracle Web Cache.

    For more information, see "How to configure Discoverer Viewer to enable maximum caching" in the Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer.

40.6 Issues Specific to Oracle BI Discoverer EUL Command Line for Java

This section describes issues that are specific to Oracle BI Discoverer EUL Command Line for Java.

40.6.1 Issue with Exported Non-ASCII Data

When you export multibyte or Eastern European data (such as the names of items and business areas in Japanese or Russian characters) from Oracle BI Discoverer EUL Command Line for Java on a platform other than Windows, the exported data is corrupted.

To work around this issue, edit the discwb.sh file that is located in the ORACLE_HOME/discoverer directory before exporting. Change the character set value in the NLS_LANG variable to UTF8.

For example, if the original setting of the variable is:

NLS_LANG="GERMAN_GERMANY.WE8ISO8859P1"

Change the setting to:

NLS_LANG="GERMAN_GERMANY.UTF8"

40.7 Issues Specific to Oracle BI Discoverer Administrator

This section describes issues that are specific to Oracle BI Discoverer Administrator. It includes the following topic:

40.7.1 Issue with Installation of Video Stores Tutorial

Before installing the video stores tutorial in Oracle Database 10g Enterprise Edition Release 2 (version 10.2.0.1 and higher), you must manually create the VIDEO5 user. If you attempt to install the video stores tutorial in Oracle Database 10g Enterprise Edition Release 2, then the installation will fail if the VIDEO5 user does not already exist. To work around this issue:

  1. Create the VIDEO5 user manually by completing these steps:

    1. Access Oracle Database 10g with SQL*Plus, Enterprise Manager, or any SQL command line tool.

    2. Create the VIDEO5 user.

    3. Grant CONNECT and RESOURCE privileges to the VIDEO5 user.

    For more information about creating users and granting privileges, see the Oracle Database SQL Reference or your DBA

  2. Connect to Discoverer Administrator as the EUL owner and install the tutorial. You must enter the VIDEO5 user password during installation.

    For information about installing the video stores tutorial, see the Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Discoverer.

PKN뛟PK.V_E OEBPS/ovd.htm Oracle Virtual Directory

38 Oracle Virtual Directory

This chapter describes issues associated with Oracle Virtual Directory. It includes the following topics:

38.1 General Issues and Workarounds

This section describes general issues and workarounds. It includes the following topics:

38.1.1 Oracle Virtual Directory Fails to Start When Unsupported Ciphersuite for Listener SSL Config is Selected in Enterprise Manager

When you create an Oracle LDAP listener in Enterprise Manager, and then edit the listener's Change SSL setting by selecting Enable SSL for any SSL authorization, Enterprise Manager selects the ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256. If this ciphersuite is selected, then Oracle Virtual Directory will fail to start-up entirely.

Oracle Virtual Directory supports the following protocols:

  • TLSv1

  • SSLv2Hello

  • SSLv3


Note:

For a complete list of the supported ciphers for each protocol, refer to the following location:

http://www.openssl.org/docs/apps/ciphers.html


To work around this issue, manually uncheck all of the ciphers listed for Enterprise Manager when configuring the ciphersuites.

38.1.2 EUS Adapter Creation Failed

When creating an EUS adapter using the wizard in Oracle Directory Services Manager, an error message periodically displays stating the adapters and ACLs were not created successfully.

To work around this issue, proceed as follows:

  • If the error occurred while you were loading ACLs, and only partial ACLs were loaded during EUS configuration, then you can manually load the remaining ACLs by running this command:

    $ORACLE_HOME/bin/ldapmodify -c -v -h <ovd_host> -p <ovd_port> -D cn=orcladmin -w <orcladmin_password> -f
    $ORACLE_HOME/ovd/eus/eusACLTemplate.ldif
    
  • If the error occurred during any other step, then manually clean up the partial configuration from Oracle Virtual Directory by using the following steps, and then reconfigure Oracle Virtual Directory for EUS.

    1. Delete all of the Local Store and LDAP EUS adapters created.

    2. Delete the LSA EUS adapter data files from the local file system.

    3. Undeploy the EUS py mapping based on your directory type (if it exists).

    4. Click the EUS wizard icon again to reconfigure.

38.1.3 Manually Edit adapters.os_xml File When Creating DB Adapter For Sybase

Creating a Database Adapter with Sybase as back-end causes Oracle Virtual Directory to fail with an Invalid Database Connection error.

To work around this issue, you can manually edit the adapters.os_xml file using the same Database connection information.

38.1.4 ODSM Version Does Not Change in Enterprise Manager after Patching ODSM to 11.1.1.6.0

The Oracle Directory Services Manager version shown in Enterprise Manager is the application version, which does not change when you patch Oracle Directory Services Manager.

The Oracle Lifecycle team requires all Enterprise Manager components to retain the same application version. However, because customers want to know which Oracle Directory Services Manager version they are using, Oracle Directory Services Manager maintains the actual (patch) version and Enterprise Manager maintains the application version, which causes this mismatch.

This issue is a known issue, starting with version 11.1.1.3.0.

38.1.5 ODSM Bug Requires Editing of odsmSkin.css File

Due to a misplaced comment in the file odsmSkin.css, some labels on the Oracle Directory Services Manager home page are not displayed correctly. Specifically, the labels in the diagram on the right are misplaced or missing.

To work around this issue, proceed as follows:

  1. Stop the wls_ods1 managed server and the WebLogic Administration server.

  2. Edit the file:

    MW_HOME/user_projects/domains/DOMAIN_HOME/servers/MANAGED_SERVER_NAME/tmp/_WL_user/ODSM_VERSION_NUMBER/RANDOM_CHARACTERS/war/skins/odsmSkin.css
    

    For example:

    wlshome/user_projects/domains/base_domain/servers/wls_ods1/tmp/_WL_user/odsm_11.1.1.2.0/z5xils/war/skins/odsmSkin.css
    

    Before editing, the odsmSkin.css file looks like this:

    @agent ie /*========== Fix for bug#7456880 ==========*/
    {
      af|commandImageLink::image,
      af|commandImageLink::image-hover,
      af|commandImageLink::image-depressed
      {
        vertical-align:bottom;
      }
    }
    

    Move the comment:

    /*========== Fix for bug#7456880 ==========*/
    

    so that it is above the line

    @agent ie
    

    After editing, the file should look like this:

    /*========== Fix for bug#7456880 ==========*/
    @agent ie
    {
      af|commandImageLink::image,
      af|commandImageLink::image-hover,
      af|commandImageLink::image-depressed
      {
        vertical-align:bottom;
      }
    } 
    
  3. Restart the WebLogic Administration server and the wls_ods1 managed server.

38.1.6 Oracle Directory Services Manager Browser Window is Not Usable

In some circumstances, after you launch Oracle Directory Services Manager from Fusion Middleware Control, then select a new Oracle Directory Services Manager task, the browser window might become unusable. For example, the window might refresh repeatedly, appear as a blank page, fail to accept user input, or display a null pointer error.

As a work around, go to the URL: http://host:port/odsm, where host and port specify the location where Oracle Directory Services Manager is running, for example, http://myserver.example.com:7005/odsm. You can then use the Oracle Directory Services Manager window to log in to a server.

38.1.7 Exceptions May Occur in Oracle Directory Services Manager When Managing Multiple Oracle Virtual Directory Components and One is Stopped

Under certain circumstances, when managing multiple Oracle Virtual Directory components from the same Oracle Directory Services Manager session, exception or error messages may appear if you stop one of the Oracle Virtual Directory components. For example, you are managing Oracle Virtual Directory components named ovd1 and ovd2 from the same Oracle Directory Services Manager session. Both ovd1 and ovd2 are configured and running. If you stop ovd1, an exception or Target Unreachable message may appear when you try to navigate Oracle Directory Services Manager.

To work around this issue, exit the current Oracle Directory Services Manager session, close the web browser, and then reconnect to Oracle Virtual Directory components in a new Oracle Directory Services Manager session.

38.1.8 Identifying the DN Associated with an Access Control Point in Oracle Directory Services Manager

When you create an Access Control Point (ACP) using Oracle Directory Services Manager, the Relative Distinguished Name (RDN) of the DN where you created the ACP appears in the navigation tree on the left side of the screen. For example, if you create an ACP at the DN of cn=ForExample,dc=us,dc=sales,dc=west, then cn=ForExample appears in the navigation tree. After clicking an ACP in the navigation tree, its settings appear in the right side of the screen and the RDN it is associated with appears at the top of the page.

To identify the DN associated with an ACP, move the cursor over ("mouse-over") the ACP entry in the navigation tree. The full DN associated with the ACP will be displayed in a tool-tip dialog box.

Mousing-over ACPs in the navigation tree is useful when you have multiple ACPs associated with DNs that have identical RDNs, such as:

ACP 1 = cn=ForExample,dc=us,dc=sales,dc=west

ACP 2 = cn=ForExample,dc=us,dc=sales,dc=east

38.1.9 Issues With Oracle Virtual Directory Metrics in Fusion Middleware Control

This topic describes issues with Oracle Virtual Directory metrics in Fusion Middleware Control, including:

38.1.9.1 Configuring Operation-Specific Plug-Ins to Allow Performance Metric Reporting in Fusion Middleware Control After Upgrading to 11g Release 1 (11.1.1)

If you upgraded an Oracle Virtual Directory Release 10g installation with plug-ins configured to execute on specific operations, such as add, bind, get, and so on, to 11g Release 1 (11.1.1), you may have to update those operation-specific plug-ins before you can use Fusion Middleware Control to view performance metrics.

After upgrading to 11g Release 1 (11.1.1) and performing some initial operations to verify the upgrade was successful, check the Oracle Virtual Directory home page in Fusion Middleware Control. You should see data for the Current Load and Average Response Time and Operations metrics.

If you do not see any data for these metrics, you must update the plug-ins configured to execute on specific operations. The work-around is to add the Performance Monitor plug-in to the operation-specific plug-in's configuration chain.

Perform the following steps to add the Performance Monitor plug-in to the operation-specific plug-in's configuration chain:

  1. If the operation-specific plug-in is a Global-level plug-in, edit the server.os_xml file located in the ORACLE_INSTANCE/config/OVD/NAME_OF_OVD_COMPONENT/ directory.

    If the operation-specific plug-in is an adapter-level plug-in, edit the adapters.os_xml file located in the ORACLE_INSTANCE/config/OVD/NAME_OF_OVD_COMPONENT/ directory.


    Note:

    If multiple adapters are configured, you must perform steps 2 and 3 for every adapter configuration in the adapters.os_xml file.


  2. Locate the pluginChains element in the file. For example, if the Dump Transactions plug-in is configured to execute on the get operation, you will see something similar to the following:

    Example 38-1 Dump Transactions Plug-In Configured for get Operation

      <pluginChains xmlns="http://xmlns.oracle.com/iam/management/ovd/config/plugins">
       <plugins>
          <plugin>
            <name>Dump Transactions</name>
            <class>com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions</class>
            <initParams>
              <param name="loglevel" value="info"/>
            </initParams>
          </plugin>
          <plugin>
            <name>Performance Monitor</name>
            <class>com.octetstring.vde.chain.plugins.performance.MonitorPerformance</class>
            <initParams/>
          </plugin>
       </plugins>
       <default>
          <plugin name="Performance Monitor"/>
       </default>
       <get>
          <plugin name="Dump Transactions">
            <namespace>ou=DB,dc=oracle,dc=com </namespace>
          </plugin>
        </get>
      </pluginChains>
    
  3. Add the following Performance Monitor plug-in element within the operation-specific configuration chain:

    <plugin name="Performance Monitor"/>
    

    For example:

    Example 38-2 Adding the Performance Monitor to the Operation-Specific Plug-In Configuration Chain

     <pluginChains xmlns="http://xmlns.oracle.com/iam/management/ovd/config/plugins">
       <plugins>
          <plugin>
            <name>Dump Transactions</name>
            <class>com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions</class>
            <initParams>
              <param name="loglevel" value="info"/>
            </initParams>
          </plugin>
          <plugin>
            <name>Performance Monitor</name>
            <class>com.octetstring.vde.chain.plugins.performance.MonitorPerformance</class>
            <initParams/>
          </plugin>
       </plugins>
       <default>
          <plugin name="Performance Monitor"/>
       </default>
       <get>
          <plugin name="Dump Transactions">
            <namespace>ou=DB,dc=oracle,dc=com </namespace>
          </plugin>
          <plugin name="Performance Monitor"/>
        </get>
      </pluginChains>
    
  4. Save the file.

  5. Restart Oracle Virtual Directory.

38.1.10 Using a Wildcard when Performing an LDAPSEARCH on a TimesTen Database Causes an Operational Error

Currently, a TimesTen bug is preventing wildcard searches (such as "cn=t*") from working in a Database adapter with TimesTen.

To work around this problem, enable the Case Insensitive Search option and create the necessary linguistic indexes for any database columns used in the search.

For more information, see the related TimesTen Enhancement Request, Bug# 9885055 and Section 12.2.2 "Creating Database Adapters for Oracle TimesTen In-Memory Database" in the Oracle® Fusion Middleware Administrator's Guide for Oracle Virtual Directory.

38.1.11 ODSM Version 11.1.1.4.0 Does Not Support OVD Versions 11.1.1.2.0 or 11.1.1.3.0

Oracle Directory Services Manager Version 11.1.1.4.0 does not support Oracle Virtual Directory Versions 11.1.1.2.0 or 11.1.1.3.0.

Changes introduced in Oracle Directory Services Manager Version 11.1.1.4.0 improve configuration auditing, and these changes require that you use Oracle Virtual Directory 11.1.1.4.0.

38.1.12 ODSM Version 11.1.1.5.0 Does Not Support OVD Versions 11.1.1.2.0, 11.1.1.3.0, or 11.1.1.4.0

Oracle Directory Services Manager Version 11.1.1.5.0 does not support Oracle Virtual Directory Versions 11.1.1.2.0, 11.1.1.3.0, or 11.1.1.4.0.

Changes introduced in Oracle Directory Services Manager Version 11.1.1.5.0 improve configuration auditing, and these changes require that you use Oracle Virtual Directory 11.1.1.5.0.

38.1.13 ODSM Version 11.1.1.6.0 Does Not Support OVD Versions 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0, or 11.1.1.5.0

Oracle Directory Services Manager Version 11.1.1.6.0 does not support Oracle Virtual Directory Versions 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0, or 11.1.15.0.

Changes introduced in Oracle Directory Services Manager Version 11.1.1.6.0 improve configuration auditing, and these changes require that you use Oracle Virtual Directory 11.1.1.6.0.

38.1.14 Users with Non-ASCII Names Might Encounter Problems when Using ODSM with SSO

When Oracle Directory Services Manager is configured to use Oracle Access Manager 11g Release 1 (11.1.1.2) for single sign-on, a user whose name contains non-ASCII characters might observe the following issues after logging in:

  • The user name displayed on the Home page is garbled.

  • Single sign-on connections to Oracle Virtual Directory servers do not appear in the list of connections.

38.1.15 Creating an Attribute/Object Class Throws NPE Error

After upgrading Oracle Directory Services Manager, creating an attribute or an objectclass causes an NPE error.

Workaround:

Refresh the entries by clicking Refresh every time the creation fails.

38.1.16 Patch Required to Enable Account Lockout Feature

An additional Patch 10365116 is required to enable the Account Lockout functionality.

In addition, Oracle Virtual Directory may not update the AD badpasswdcount until the account is fully locked out, which means AD badpasswdcount shows the correct number when it reaches the bad password count setting in AD.

38.1.17 ODSM Problems in Internet Explorer 7

The Oracle Directory Services Manager interface might not appear as described in Internet Explorer 7.

For example, the Logout link might not be displayed.

If this causes problems, upgrade to Internet Explorer 8 or 9 or use a different browser.

38.1.18 Strings Related to New Enable User Account Lockout Feature on EUS Wizard Are Not Translated

The new Enable User Account Lockout feature (and related messages) provided in the Oracle Virtual Directory EUS wizard have not been translated.

38.1.19 All Connections Created In ODSM 11.1.1.1.0 Are Lost After Upgrading to OVD or OID Version 11.1.1.7.0

Due to some deployment changes made to Oracle Directory Services Manager version 11.1.1.2.0, any connections created in Oracle Directory Services Manager version 11.1.1.1.0 will be lost when you upgrade to Oracle Virtual Directory version 11.1.1.7.0 or Oracle Internet Directory version 11.1.1.7.0.

Oracle Directory Services Manager resumes caching connection details the first time you connect again after upgrading to Oracle Virtual Directory version 11.1.1.7.0 or Oracle Internet Directory version 11.1.1.7.0.

38.1.20 Incorrect ODSM Version Displays in Enterprise Manager Console After OVD Upgrade

The Oracle Directory Services Manager version automatically displays as 11.1.1.2.0 in the Enterprise Manager console for all patch set releases. This Oracle Directory Services Manager version number does not increment to match the patch set version when you upgrade.

38.1.21 Connection Issues to OVD

In non-Linux environments, if you have any issues connecting to Oracle Virtual Directory from Oracle Directory Services Manager, LDAP tools, or any other applications, you must disable NIO in the non-SSL listener by using the following steps:

  1. From a command window, stop Oracle Virtual Directory:

    $ORACLE_INSTANCE/bin/opmnctl stopproc ias-component=ovd1
    
  2. Edit the $ORACLE_INSTANCE/config/OVD/ovd1/listeners.os_xml file as follows:

    1. Locate this LDAP non-SSL listener section:

      <ldap id="LDAP Endpoint" version="0">
            <port>6501</port>
            <host>0.0.0.0</host>
            .........
            .........
             <tcpNoDelay>true</tcpNoDelay>
             <readTimeout>0</readTimeout>
          </socketOptions>
       </ldap>
      
    2. Modify the section by adding <useNIO>false</useNIO>, as indicated:

       <ldap id="LDAP Endpoint" version="0">
            <port>6501</port>
            <host>0.0.0.0</host>
            .........
            .........
             <tcpNoDelay>true</tcpNoDelay>
             <readTimeout>0</readTimeout>
          </socketOptions>
          <useNIO>false</useNIO>
       </ldap>
      
  3. Start Oracle Virtual Directory:

    $ORACLE_INSTANCE/bin/opmnctl startproc ias-component=ovd1
    

This modification should resolve the connection issues.

38.1.22 ODSM Version 11.1.1.70 Does Not Support OVD Versions 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0, or 11.1.1.6.0

Oracle Directory Services Manager Version 11.1.1.7.0 does not support Oracle Virtual Directory Versions 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0, or 11.1.1.6.0.

Changes introduced in Oracle Directory Services Manager Version 11.1.1.7.0 improve configuration auditing, and these changes require that you use Oracle Virtual Directory 11.1.1.7.0.

38.1.23 Modify Completes When Updating a Mandatory Attribute to Null

If a modify operation adds an attribute with an empty value, and the attribute type does not allow empty values, the operation no longer returns an error. For example, ldapmodify ADD sn with an empty value previously returned an Invalid Syntax error and now it does not return any errors. Other modify operation failures are properly reported.

38.1.24 Online Help Section is Not Working

The Oracle Directory Services Manager online help section does not work in Internet Explorer 10 (IE10) web browsers.

38.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

38.2.1 Configuring an OVD/OID Adapter For SSL Mutual Authentication

Neither Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory nor Oracle Fusion Middleware Administrator's Guide describes how to set up an Oracle Virtual Directory/Oracle Internet Directory adapter for SSL Mutual Authentication. This information is provided in Note 1449118.1 and Note 1311791.1, which are available on My Oracle Support at:

https://support.oracle.com/

38.3 Documentation Errata

This section describes documentation errata in the Administrator's Guide for Oracle Virtual Directory. It includes the following topics:

38.3.1 Deploying Oracle Unified Directory with Oracle Virtual Directory

You can deploy Oracle Unified Directory as an LDAP data source with Oracle Virtual Directory. For information about how to deploy Oracle Unified Directory with Oracle Virtual Directory, see "Creating LDAP Adapters" in the Oracle® Fusion Middleware Administrator's Guide for Oracle Virtual Directory.

PK!*#PK.V_E OEBPS/oif.htmV? Oracle Identity Federation

31 Oracle Identity Federation

This chapter describes issues associated with Oracle Identity Federation. It includes the following topics:

31.1 General Issues and Workarounds

This section describes general issues and workarounds. It includes the following topics:

31.1.1 Database Table for Authentication Engine must be in Base64 Format

When using a database table as the authentication engine, and the password is stored hashed as either MD5 or SHA, it must be in base64 format.

The hashed password can be either in the base64-encoded format or with a prefix of {SHA} or {MD5}. For example:

{SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M= 

31.1.2 Considerations for Oracle Identity Federation HA in SSL mode

In a high availability environment with two (or more) Oracle Identity Federation servers mirroring one another and a load balancer at the front-end, there are two ways to set up SSL:

  • Configure SSL on the load balancer, so that the SSL connection is between the user and the load balancer. In that case, the keystore/certificate used by the load balancer has a CN referencing the address of the load balancer.

    The communication between the load balancer and the WLS/Oracle Identity Federation can be clear or SSL (and in the latter case, Oracle WebLogic Server can use any keystore/certificates, as long as these are trusted by the load balancer).

  • SSL is configured on the Oracle Identity Federation servers, so that the SSL connection is between the user and the Oracle Identity Federation server. In this case, the CN of the keystore/certificate from the Oracle WebLogic Server/Oracle Identity Federation installation needs to reference the address of the load balancer, as the user will connect using the hostname of the load balancer, and the Certificate CN needs to match the load balancer's address.

    In short, the keystore/certificate of the SSL endpoint connected to the user (load balancer or Oracle WebLogic Server/Oracle Identity Federation) needs to have its CN set to the hostname of the load balancer, since it is the address that the user will use to connect to Oracle Identity Federation.

31.1.3 Database Column Too Short error for IDPPROVIDEDNAMEIDVALUE

Problem

When Oracle Identity Federation is configured to use a database store for session and message data store, the following error is seen if data for IDPPROVIDEDNAMEID is over 200 characters long:

 ORA-12899: value too large for column
"WDO_OIF"."ORAFEDTMPPROVIDERFED"."IDPPROVIDEDNAMEIDVALUE" (actual: 240,
maximum: 200)\n]

Workaround

Alter table ORAFEDTMPPROVIDERFED to increase the column size for "idpProvidedNameIDValue" to 240.

31.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

31.2.1 WLST Environment Setup when SOA and OIF are in Same Domain

If your site contains Oracle SOA Suite and Oracle Identity Federation in the same domain, the WLST setup instructions in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation are insufficient for WLST to correctly execute Oracle Identity Federation commands.

This can happen if you install an IdM domain, then extend it with an Oracle SOA install; the SOA installer changes the ORACLE_HOME environment variable. This breaks the Oracle Identity Federation WLST environment, as it relies on the IdM value for ORACLE_HOME.

Take these steps to enable the use of WLST commands:

  1. Execute the instructions described in Section 9.1.1, Setting up the WLST Environment, in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation.

  2. Copy OIF-ORACLE_HOME/fed/script/*.py to WL_HOME/common/wlst.

  3. Append the CLASSPATH environment variable with OIF-ORACLE_HOME/fed/scripts.

31.2.2 Oracle Virtual Directory Requires LSA Adapter

To use Oracle Virtual Directory as an Oracle Identity Federation user store or an authentication engine, you must configure a Local Storage Adapter, and the context root must be created as required at installation or post-install configuration time.

For details about this task, see the chapter Creating and Configuring Oracle Virtual Directory Adapters in the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory.

31.2.3 Settings for Remote WS-Fed SP Must be Changed Dynamically

On the Edit Federations page, the Oracle Identity Federation (OIF) settings for remote WS-Fed service provider contain a property called SSO Token Type; you can choose to either inherit the value from the IdP Common Settings page or override it here. The number of properties shown in 'OIF Settings' depends on the value of SSO Token Type.

If you choose to override SSO Token Type with a different value (for example, by changing from SAML2.0 to SAML1.1), the number of properties shown in 'OIF Settings' does not change until you click the Apply button.

Also, if you have overridden the value for Default NameID Format to 'Persistent Identifier' or 'Transient/One-Time Identifier', then changed the SSO Token Type value from 'SAML2.0' to 'SAML1.1' or 'SAML1.0', you will notice that the value for Default NameID Format is now blank. To proceed, you must reset this property to a valid value from the list.

31.2.4 Required Property when Creating a WS-Fed Trusted Service Provider

When you create a WS-Fed Trusted Service Provider, you must set the value for the 'Use Microsoft Web Browser Federated Sign-On' property with these steps:

  1. In Fusion Middleware Control, navigate to Federations, then Edit Federations.

  2. Choose the newly create WS-Fed Trusted Service Provider and click Edit.

  3. In the 'Trusted Provider Settings' section, set the value for Use Microsoft Web Browser Federated Sign-On by checking or unchecking the check-box.

  4. Click Apply.

31.2.5 Federated Identities Table not Refreshed After Record Deletion

When the federation store is XML-based, a record continues to be displayed in the federated identities table after it is deleted.

The following scenario illustrates the issue:

  1. The federation data store is XML.

  2. Perform federated SSO, using "map user via federated identity".

  3. In Fusion Middleware Control, locate the Oracle Identity Federation instance, and navigate to Administration, then Identities, then Federated Identities.

  4. Click on the created federation record and delete it.

After deletion, the federated record is still in the table. Further attempts at deleting the record result in an error.

The workaround is to manually refresh the table by clicking Search.

31.2.6 Default Authentication Scheme is not Saved

Problem

This problem is seen when you configure Oracle Access Manager in Fusion Middleware Control as a Service Provider Integration Module. It is not possible to set a default authentication scheme since the default is set to a certain scheme (say OIF-password-protected) but the radio button is disabled.

Solution

Take these steps to set the preferred default authentication scheme:

  1. Check the Create check-box for the scheme that is currently set as the default but disabled.

  2. Check the Create check-box(es) for the authentication scheme(s) that you would like to create.

  3. Click the radio button of the scheme that you wish to set as the default.

  4. Uncheck the Create check-box of the scheme in Step 1 only if you do not want to create the scheme.

  5. Provide all the required properties in the page.

  6. Click the Configure Oracle Access Manager button to apply the changes.

The default authentication scheme is now set to the one that you selected.


Note:

In addition, when trying to remove any authentication scheme, ensure that you do not remove the default scheme; if you must remove the scheme, change the default to another authentication scheme before you remove the scheme.


31.2.7 Configuring 10g to Work with 11g Oracle Identity Federation using Artifact Profile

In the SAML 1.x protocol, for a 10g Oracle Identity Federation server to work with an 11g Oracle Identity Federation server using the Artifact profile, you need to set up either basic authentication or client cert authentication between the two servers.

For instructions, see:

31.2.8 Regenerating OAM 11g Key Requires Oracle Identity Federation Upgrade Script

In Oracle Enterprise Manager Fusion Middleware Control, when you configure the SP Integration Module for Oracle Access Manager 11g, you can regenerate the secret key by clicking the Regenerate button (Service Provider Integration Modules page, Oracle Access Manager 11g tab).

In an upgraded 11.1.1.7.0 environment, it is necessary to execute the Oracle Identity Federation upgrade script before you regenerate the OAM 11g secret key from this page. For details about how to run the script, see the Oracle Fusion Middleware Patching Guide.

31.3 Documentation Errata

This section contains documentation errata for the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation.


Note:

For documentation errata and other release notes relating to the integration of Oracle Identity Federation with Oracle Access Manager 11g , see the chapter for "Oracle Access Manager."


This section contains these topics:

31.3.1 Incorrect Command Cited for BAE Configuration Procedure

In the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation, Part Number E13400-06, Section 6.8.2 Configuring the BAE Direct Attribute Exchange Profile, subsection "Set the BAE Direct Attribute Exchange Profile for a Partner", the procedure incorrectly documents the WLST command setPartnerProperty instead of the correct setFederationProperty command.

Replace the two commands mentioned in that subsection with:

setFederationProperty("PARTNER_PROVIDER_ID", "attributebaeenabled" ,
"true","boolean")
 
setFederationProperty("PARTNER_PROVIDER_ID", "attributebaeenabled" ,
"false","boolean") 

to set and unset the BAE property, respectively.

31.3.2 SP Post-Processing Plug-in Properties for OAM 11g

In the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation, Part Number E13400-06, Section 12.5.2 Configuring Oracle Identity Federation for the Plug-in is missing the properties needed to configure Oracle Access Manager 11g.

Add the following row to the end of Table 12-3 SP Engine Configuration for Post-processing Plug-in; this row shows the properties needed for Oracle Access Manager 11g:

SP Engineweb context propertyrelative path property

OAM 11g

oam11g-login-context

oam11g-login


31.3.3 Short Hostname Redirect Using mod_rewrite Configuration

In the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation, Part Number E13400-06, Section 3.2.2.2 Integrate Oracle Single Sign-On with OHS (as well as earlier editions with the same section), the code in comments (lines starting with #) at the end of the section should be revised to use a mod_rewrite configuration.

Replace the text:

#
# If you would like to have short hostnames redirected to
# fully qualified hostnames to allow clients that need
# authentication via mod_osso to be able to enter short
# hostnames into their browsers uncomment out the following
# lines
#
#PerlModule Apache::ShortHostnameRedirect
#PerlHeaderParserHandler Apache::ShortHostnameRedirect

with the text:

#
# To have short hostnames redirected to fully qualified
# hostnames for clients that need authentication via
# mod_osso to be able to enter short hostnames into their
# browsers use a mod_rewrite configuration such as the following.
#
# e.g
#RewriteEngine On
#RewriteCond %{HTTP_HOST} !www.example.com
#RewriteRule î.*$ http://%{SERVER_NAME}%{REQUEST_URI} [R]
#where www.example.com is the fully qualified domain name. 
PK4H!VVPK.V_EOEBPS/dcommon/oracle.gifJGIF87aiyDT2F'G;Q_oKTC[ 3-Bq{ttsoGc4I)GvmLZ).1)!ꑈ53=Z]'yuLG*)g^!8C?-6(29K"Ĩ0Яl;U+K9^u2,@@ (\Ȱ Ë $P`lj 8x I$4H *(@͉0dа8tA  DсSP v"TUH PhP"Y1bxDǕ̧_=$I /& .)+ 60D)bB~=0#'& *D+l1MG CL1&+D`.1qVG ( "D2QL,p.;u. |r$p+5qBNl<TzB"\9e0u )@D,¹ 2@C~KU 'L6a9 /;<`P!D#Tal6XTYhn[p]݅ 7}B a&AƮe{EɲƮiEp#G}D#xTIzGFǂEc^q}) Y# (tۮNeGL*@/%UB:&k0{ &SdDnBQ^("@q #` @1B4i@ aNȅ@[\B >e007V[N(vpyFe Gb/&|aHZj@""~ӎ)t ? $ EQ.սJ$C,l]A `8A o B C?8cyA @Nz|`:`~7-G|yQ AqA6OzPbZ`>~#8=./edGA2nrBYR@ W h'j4p'!k 00 MT RNF6̙ m` (7%ꑀ;PKl-OJPK.V_EOEBPS/dcommon/oracle-logo.jpgv>JFIFC    $.' ",#(7),01444'9=82<.342C  2!!22222222222222222222222222222222222222222222222222'7" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( (QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQE!KEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEzE7V%ȣOΏ9??:a"\fSrğjAsKJ:nOzO=}E1-I)3(QEQEQEQEQEQEQE֝Hza<["2"pO#f8M[RL(,?g93QSZ uy"lx4h`O!LŏʨXZvq& c՚]+: ǵ@+J]tQ]~[[eϸ (]6A&>ܫ~+כzmZ^(<57KsHf妬Ϧmnẁ&F!:-`b\/(tF*Bֳ ~V{WxxfCnMvF=;5_,6%S>}cQQjsOO5=)Ot [W9 /{^tyNg#ЄGsֿ1-4ooTZ?K Gc+oyڙoNuh^iSo5{\ܹ3Yos}$.nQ-~n,-zr~-|K4R"8a{]^;I<ȤL5"EԤP7_j>OoK;*U.at*K[fym3ii^#wcC'IIkIp$󿉵|CtĈpW¹l{9>⪦׺*ͯj.LfGߍԁw] |WW18>w.ӯ! VӃ :#1~ +މ=;5c__b@W@ +^]ևՃ7 n&g2I8Lw7uҭ$"&"b eZ":8)D'%{}5{; w]iu;_dLʳ4R-,2H6>½HLKܹR ~foZKZ࿷1[oZ7׫Z7R¢?«'y?A}C_iG5s_~^ J5?œ tp]X/c'r%eܺA|4ծ-Ե+ْe1M38Ǯ `|Kյ OVڅu;"d56, X5kYR<̭CiطXԮ];Oy)OcWj֩}=܅s۸QZ*<~%뺃ȶp f~Bðzb\ݳzW*y{=[ C/Ak oXCkt_s}{'y?AmCjޓ{ WRV7r. g~Q"7&͹+c<=,dJ1V߁=T)TR՜*N4 ^Bڥ%B+=@fE5ka}ędܤFH^i1k\Sgdk> ֤aOM\_\T)8靠㡮3ģR: jj,pk/K!t,=ϯZ6(((((((49 xn_kLk&f9sK`zx{{y8H 8b4>ÇНE|7v(z/]k7IxM}8!ycZRQ pKVr(RPEr?^}'ðh{x+ՀLW154cK@Ng C)rr9+c:׹b Жf*s^ fKS7^} *{zq_@8# pF~ [VPe(nw0MW=3#kȵz晨cy PpG#W:%drMh]3HH<\]ԁ|_W HHҡb}P>k {ZErxMX@8C&qskLۙOnO^sCk7ql2XCw5VG.S~H8=(s1~cV5z %v|U2QF=NoW]ո?<`~׮}=ӬfԵ,=;"~Iy7K#g{ñJ?5$y` zz@-~m7mG宝Gٱ>G&K#]؃y1$$t>wqjstX.b̐{Wej)Dxfc:8)=$y|L`xV8ߙ~E)HkwW$J0uʟk>6Sgp~;4֌W+חc"=|ř9bc5> *rg {~cj1rnI#G|8v4wĿhFb><^ pJLm[Dl1;Vx5IZ:1*p)إ1ZbAK(1ׅ|S&5{^ KG^5r>;X׻K^? s fk^8O/"J)3K]N)iL?5!ƾq:G_=X- i,vi2N3 |03Qas ! 7}kZU781M,->e;@Qz T(GK(ah(((((((Y[×j2F}o־oYYq $+]%$ v^rϭ`nax,ZEuWSܽ,g%~"MrsrY~Ҿ"Fت;8{ѰxYEfP^;WPwqbB:c?zp<7;SBfZ)dϛ; 7s^>}⍱x?Bix^#hf,*P9S{w[]GF?1Z_nG~]kk)9Sc5Ո<<6J-ϛ}xUi>ux#ţc'{ᛲq?Oo?x&mѱ'#^t)ϲbb0 F«kIVmVsv@}kҡ!ˍUTtxO̧]ORb|2yԵk܊{sPIc_?ħ:Ig)=Z~' "\M2VSSMyLsl⺿U~"C7\hz_ Rs$~? TAi<lO*>U}+'f>7_K N s8g1^CeКÿE ;{+Y\ O5|Y{/o+ LVcO;7Zx-Ek&dpzbӱ+TaB0gNy׭ 3^c T\$⫫?F33?t._Q~Nln:U/Ceb1-im WʸQM+VpafR3d׫é|Aү-q*I P7:y&]hX^Fbtpܩ?|Wu󭏤ʫxJ3ߴm"(uqA}j.+?S wV ~ [B&<^U?rϜ_OH\'.;|.%pw/ZZG'1j(#0UT` Wzw}>_*9m>󑓀F?EL3"zpubzΕ$+0܉&3zڶ+jyr1QE ( ( ( ( ( ( ( (UIdC0EZm+]Y6^![ ԯsmܶ捆?+me+ZE29)B[;я*wGxsK7;5w)}gH~.Ɣx?X\ߚ}A@tQ(:ͧ|Iq(CT?v[sKG+*רqҍck <#Ljα5݈`8cXP6T5i.K!xX*p&ќZǓϘ7 *oƽ:wlຈ:Q5yIEA/2*2jAҐe}k%K$N9R2?7ýKMV!{W9\PA+c4w` Wx=Ze\X{}yXI Ү!aOÎ{]Qx)#D@9E:*NJ}b|Z>_k7:d$z >&Vv󃏽WlR:RqJfGإd9Tm(ҝEtO}1O[xxEYt8,3v bFF )ǙrPNE8=O#V*Cc𹾾&l&cmCh<.P{ʦ&ۣY+Gxs~k5$> ӥPquŽўZt~Tl>Q.g> %k#ú:Kn'&{[yWQGqF}AЅ׮/}<;VYZa$wQg!$;_ $NKS}“_{MY|w7G!"\JtRy+贾d|o/;5jz_6fHwk<ѰJ#]kAȎ J =YNu%dxRwwbEQEQEQEQEQEQEQEQEQE'fLQZ(1F)hQ@X1KEQE-Q@ 1KE3h=iPb(((1GjZ(-ʹRPbR@ 1KE7`bڒyS0(-&)P+ ڎԴP11F)h&:LRmQ@Q@Š(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((?l:ϊw "{{-3j3%{+Zoi.{YUڪ1kcMմfݮ4Br%*8%I.QT-[MѭT-,`g]L)lXqjV4Ķ%ѡ')$r_Ĭ AVuoż9#`FApA+麶۵ƗZ_@QeP#8 Uh燮,/jXJ}9Q]рN:]dko-ıH^I$`I$$:[zޛ}:v%`$)' gVko-ıH^I$`I$$..3D ?+pcV4[MmK-/W(Z̲lTq(Q@'94 >SJJFCI'L~yᵷX$/$0UE$xs@U{=2K--cFI,٬|Cό<)a-8nQǰ_VBNM>rE+/uoż9#`FApA椬 eq-"mV89 Wcag]E7dt&i5j K%-p 3N=\o?:evjh$#b9#hɫirLiJ*+rcTY2K;iVQ|3@#*NFA7'u@yi}ŭim=춎if@NXr???6޽ +/R.\-3X&+2qF}\㼰L $0? ESVf&-P7h)Y3>e֍KVtku5 K,S,J[ g{EG[qo,sA*H2AG9z\][j3>˘]lNTC@(O]O+[U"ߌg2:zMմfݮ4Br%*8%I.QU9//വA.H,x$ƩxAn/u6 m$H2' 0zZԢxn⸷9$l]H #<4Ķ%ѡ')$r_Ĭ APQ@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@'K|U].VCyCO#GUH~9Й>/CcaSm(߇-'-ZoDQ03u]W?O5 `!ºv__Avڄ3Agw?±kc+[O?o?DA9Oz炼+OF$}_FZQ*a6OOY?u98we2٬32xvwt'S-@䯖xl9qyVOeX{Mw:!Udf_wYߝFv()9OIaY?TU1?\8wjiP:ʹ4ږEHKH|TW7gnזZeݕď@H|I%Y 'mcxⷆ|?᫻ kM/g-)nNGs^yi0>Dx0sEn݂2(/ľ|M߬lVviuCpCo+2x[ŧq9ݑTh6>``8d;ς_Ht/x҉+%O`(x]|Y=c9o-hX YK'kdzjok$ZvdfCb +89?g'dQU}|OX)oVWo{ab]!۴NҩKyK55oP_yf.$s8⻏Huw҈%Oow:֥H.FBER 3+|8ߎd~&,rȉW*I!qjH RFHдzfy?nVn7ۅ݌9EpwHݻw@8ɠ#'h%ԮoIjڅ<1\DY@FFPT\fx?ڤq +0,. 9fʧR9+o\kSi2^ ^0-+0eh|,V4+Jj|1"d>wpp0';@=ow:oú_Ϫ_E(w Hc]O`HpzHuw҈' *E-yW췚=/T@n/n_ rF ݆j|K6NQ6dg cՠC񆯥Ϫz(Ǩ Cs}qe,7cᯀwPiI}Zh\`fB `(vqQ@{,Kk`@+(I"q+䳿LoxĈ  Eps}sq,Gs2($WGXYqZAikvCb4\Np2I?X17m:t-d漙r'.I·N{ ^ V2gi z`0օ <j)h%`$l DX0Ñ]E\^GZD̛܌a'X3MN \[bǖ$I[}d[7m`Õ @<Т+Xu~]I )<:?^U4H'fFxd 7g]Eǿ7 b+KH{Hn' (u . #" d"0QӰZ؋,5m" {Vi6@HNLztP>m^tNϺu*s QzlQEq:t.$;$a(f$֦xYt]7J[q #egzA[P{}ON̵7#OJ߅oXhvdS3'e'ʶ(UOukjv>_]1'kFڞ= Ff"tݱ'd@*7YFlVQ1TEwq)io|  ¡V5Qoi~!8m$_8b LzbׇKK=_zAljK嶄qr~H^p I;4xRH5f{r`NFYB H+%[^]`F!,z<3ƧoZ/ MJK)s K4 rY,1'p :*?ֽt>,T j|NF5M/8eᜡg,PqR=2s:h6sI-VW{bHfB ?>O<[֬K/RJq5g a` <2B@=RΣ?ɧwzGab +33N6XtOi> PjL/;@7csd%R}Eq~/U? QdDQ]["ѤIr#*[rr(߀/MuxPDI)=+9#A݀G . OA~mm_iyd9.7o͞z yض־9:ɦ"lN⬬K)%v.0P@Ex?>K-X/E+VVamPX0mc<|kJїVVUYG"8aߧSր7+揉)fs[I/ä}KCvM 4aUE}O~eֈ!7;`#OJYe>[Tz`3WZ7}.]Btxf1#mS8n@}j©<Wᶱs_T ,Ѱ˪?- &8gmh(+j-SE_ndZ՟2̊s)$ bw Ϛ?~Imh+'u/x:]ދ{f3W/ F:7Y5Qws˩ 0[2(3|ApM^1n(oEC"u*@:ni 7XѬ+-F}'M.w{u).F`n( ~ |2nKm;]FV 2B8>s=M2VV~\0Y ^x⯇<&=wh7"݈3`a@H;KJUMeޤt&Foc({a^?8 M?ZϧNE288;KTh|9|KsŶ+-n$ $m#a's%Z=((((((((((%OTtsK5;hld?FpA"I7΅^w--PۑRHcMt.5_8ԞIS%sd(`Qл7V/úLj/ [s$. rHGSZn+&{}SNC<.e(w\ƫX]ƙGsgp%0`v?;8,5VL $F x8 ·>x V/uBqI xellb.`tf$2j A|Q7SY6c%U!e Kx/߄uO0o]Q$rPܡ2!,Ĝe q?x+Nk=vv/$̣aA'd?9玑WnM^[Qwx`qs@=2KsUr@cIH> Kt+ζ!2~U/M|cp KPBDWW!TyjrnS'Oeq#}S3jv"0.r399'.E+38fK¸ӂVcvfml$NI'I'$OR7U+M g5u |ѯ5-yiy2Kº1xcT w<nFӣrdN9s;F<(V};v5 soj"As7B:(/CcaSm+Í?osns[; k5@^?80{_ۋycg_((ۜz_iw "{o%$dC@_/$:D?q'M-REMp}H>F}C-4; '~ǝsHucڹ?|uGԦWgeT1,,I4Ѿ!_A?r\KnaU8Tr9>RC`tZs^j1\s EPEy7txsM6SH,n 1WXmhӺ #33rFh(zLh2QJToQ6GS5{CeM+[r@,N(Bڧ Vtn) O-X~e{^@Q@v:42?L5p$WLD[[,2࣯sǧzMo^pkaJ yj<{PQEp~5D:omդ.- I*?շ<|Q>,O}>qp(mҫTJjJ(((>)^+m-tA wo$8W5/|Tkn|Gڏ-\ƻC1a*[_ZDBH܌S#X+Ɠk_[$3Ŧ\rFYDG hr_j tkeiġvf2( m N▙|1gy5c[i D*#-[X|DGgat3LlRN1mbs=\h^gl\e6?PY ps+ h%؜D#s8 +zOP ?1x_G>xwRuc7DF5ZB0I$t>(?.핌.&lV8,>Mc/»4⸙/6Ǵw>c|l ?,[{A;W1h y6|88(?^#'Zuq["IUh8'p۹N!iXK0K.z"GSA5[𮙣n弥I88(>7;?Uo'2Ilq֮|ExDoB cP%Y#&~gK|T -['[JuS%ٙg7tsⷁaZ \䓀S~ ih4F2G+uQ  iVW\8ɉӓ2XeOx<+_N-Wdwq)| gk8xgcWѭ{}OOuҭ dJ0H6O":w?XIM7z$|ǽs,dTMz?BR FܛR<AW?][oqSY PȒ38t CᏀoǨzơVUd0Nz_W/1/=ά\q'eBʟQKIoQ%y?mz}ۭΕl\S&RUVFqryOi7`Mv#=!gc%*k,u{1$K}s̡H+SzsUռ5 I++ >#V J]zۓk{$/9 h/ S3V}k}'lA ぷk:NrO^GxH5-E>r@&@8\ 4|gw::гF2YpgHu?h#k8uY7P)<^9#wSkCJksKόz͝oTa ypEXֱ|AV=[KèN̬ R2h(Y<7cpԡ.k_'Im)2!i X88dow: Huw҈' *E-tI熿k (((((((((((_oxmc]~Í" yK˿$B.@%a>csKcOڵ"6hjEq~=R觻U (V ,냂[T((=P` p@89j >#z>lݴTs^ESҴK4hdQ'E̒rIϲۤg8u\~~0bm'5ضTK( H$zqԯk_DȘ6# ,[{鷮x&scIl-5(9g skR{_zƑFtX!n)*l `gJM/4u'RaDtyp@\QIP80kj}}jyvvciXH,@ܮ qs^Ey[z姈5m{Uuh(/&;6%`3zP^/}GĚw[Y1DlFTσ+('оxDtdX}dƄ~qHq1ڽb((((((((((((?\l=&@- ' H-oop8*ƾ,~â[2js[+06~s8̋COoAGv!%L%{HA%wG`#//p\jx"8t76Bq$`6Q\O# ֑,pVrd .߭zEx(*?m{y|SEϴ?Ҵ"Hw*;U(Hs4_ǧ 印+&$װPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPk@u~?_//|q`?w45&˜~>`Y2NᏋ45+n~}>`Uv¼?6O_/e4?OEuf2lOңcǯ5:m R_:[|.1ր=.Q\ÍĞş5KiRo> @1N}ꟍt2?nuY"3w6Xf'iQױA%wG`ZuRL6֩/x-X n^k}vÖx ]wxv+z.thh?h5=CUO2$}c`' ,0((((((((((((((((((((((((((((vzN]\Yiݾ!Ql eXSW(((((((( zno03haX r((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((PKnvvPK.V_EOEBPS/dcommon/cpyr.htmD Oracle Legal Notices

Oracle Legal Notices

Copyright Notice

Copyright © 1994-2014, Oracle and/or its affiliates. All rights reserved.

Trademark Notice

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

License Restrictions Warranty/Consequential Damages Disclaimer

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

Warranty Disclaimer

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

Restricted Rights Notice

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.

Hazardous Applications Notice

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

Third-Party Content, Products, and Services Disclaimer

This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.

Alpha and Beta Draft Documentation Notice

If this document is in preproduction status:

This documentation is in preproduction status and is intended for demonstration and preliminary use only. It may not be specific to the hardware on which you are using the software. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to this documentation and will not be responsible for any loss, costs, or damages incurred due to the use of this documentation.

Oracle Logo

PK0hPK.V_EOEBPS/dcommon/blafdoc.cssc@charset "utf-8"; /* Copyright 2002, 2011, Oracle and/or its affiliates. All rights reserved. Author: Robert Crews Version: 2011.8.12 */ body { font-family: Tahoma, sans-serif; /* line-height: 125%; */ color: black; background-color: white; font-size: small; } * html body { /* http://www.info.com.ph/~etan/w3pantheon/style/modifiedsbmh.html */ font-size: x-small; /* for IE5.x/win */ f\ont-size: small; /* for other IE versions */ } h1 { font-size: 165%; font-weight: bold; border-bottom: 1px solid #ddd; width: 100%; text-align: left; } h2 { font-size: 152%; font-weight: bold; text-align: left; } h3 { font-size: 139%; font-weight: bold; text-align: left; } h4 { font-size: 126%; font-weight: bold; text-align: left; } h5 { font-size: 113%; font-weight: bold; display: inline; text-align: left; } h6 { font-size: 100%; font-weight: bold; font-style: italic; display: inline; text-align: left; } a:link { color: #039; background: inherit; } a:visited { color: #72007C; background: inherit; } a:hover { text-decoration: underline; } a img, img[usemap] { border-style: none; } code, pre, samp, tt { font-family: monospace; font-size: 110%; } caption { text-align: center; font-weight: bold; width: auto; } dt { font-weight: bold; } table { font-size: small; /* for ICEBrowser */ } td { vertical-align: top; } th { font-weight: bold; text-align: left; vertical-align: bottom; } li { text-align: left; } dd { text-align: left; } ol ol { list-style-type: lower-alpha; } ol ol ol { list-style-type: lower-roman; } td p:first-child, td pre:first-child { margin-top: 0px; margin-bottom: 0px; } table.table-border { border-collapse: collapse; border-top: 1px solid #ccc; border-left: 1px solid #ccc; } table.table-border th { padding: 0.5ex 0.25em; color: black; background-color: #f7f7ea; border-right: 1px solid #ccc; border-bottom: 1px solid #ccc; } table.table-border td { padding: 0.5ex 0.25em; border-right: 1px solid #ccc; border-bottom: 1px solid #ccc; } span.gui-object, span.gui-object-action { font-weight: bold; } span.gui-object-title { } p.horizontal-rule { width: 100%; border: solid #cc9; border-width: 0px 0px 1px 0px; margin-bottom: 4ex; } div.zz-skip-header { display: none; } td.zz-nav-header-cell { text-align: left; font-size: 95%; width: 99%; color: black; background: inherit; font-weight: normal; vertical-align: top; margin-top: 0ex; padding-top: 0ex; } a.zz-nav-header-link { font-size: 95%; } td.zz-nav-button-cell { white-space: nowrap; text-align: center; width: 1%; vertical-align: top; padding-left: 4px; padding-right: 4px; margin-top: 0ex; padding-top: 0ex; } a.zz-nav-button-link { font-size: 90%; } div.zz-nav-footer-menu { width: 100%; text-align: center; margin-top: 2ex; margin-bottom: 4ex; } p.zz-legal-notice, a.zz-legal-notice-link { font-size: 85%; /* display: none; */ /* Uncomment to hide legal notice */ } /*************************************/ /* Begin DARB Formats */ /*************************************/ .bold, .codeinlinebold, .syntaxinlinebold, .term, .glossterm, .seghead, .glossaryterm, .keyword, .msg, .msgexplankw, .msgactionkw, .notep1, .xreftitlebold { font-weight: bold; } .italic, .codeinlineitalic, .syntaxinlineitalic, .variable, .xreftitleitalic { font-style: italic; } .bolditalic, .codeinlineboldital, .syntaxinlineboldital, .titleinfigure, .titleinexample, .titleintable, .titleinequation, .xreftitleboldital { font-weight: bold; font-style: italic; } .itemizedlisttitle, .orderedlisttitle, .segmentedlisttitle, .variablelisttitle { font-weight: bold; } .bridgehead, .titleinrefsubsect3 { font-weight: bold; } .titleinrefsubsect { font-size: 126%; font-weight: bold; } .titleinrefsubsect2 { font-size: 113%; font-weight: bold; } .subhead1 { display: block; font-size: 139%; font-weight: bold; } .subhead2 { display: block; font-weight: bold; } .subhead3 { font-weight: bold; } .underline { text-decoration: underline; } .superscript { vertical-align: super; } .subscript { vertical-align: sub; } .listofeft { border: none; } .betadraft, .alphabetanotice, .revenuerecognitionnotice { color: #f00; background: inherit; } .betadraftsubtitle { text-align: center; font-weight: bold; color: #f00; background: inherit; } .comment { color: #080; background: inherit; font-weight: bold; } .copyrightlogo { text-align: center; font-size: 85%; } .tocsubheader { list-style-type: none; } table.icons td { padding-left: 6px; padding-right: 6px; } .l1ix dd, dd dl.l2ix, dd dl.l3ix { margin-top: 0ex; margin-bottom: 0ex; } div.infoboxnote, div.infoboxnotewarn, div.infoboxnotealso { margin-top: 4ex; margin-right: 10%; margin-left: 10%; margin-bottom: 4ex; padding: 0.25em; border-top: 1pt solid gray; border-bottom: 1pt solid gray; } p.notep1 { margin-top: 0px; margin-bottom: 0px; } .tahiti-highlight-example { background: #ff9; text-decoration: inherit; } .tahiti-highlight-search { background: #9cf; text-decoration: inherit; } .tahiti-sidebar-heading { font-size: 110%; margin-bottom: 0px; padding-bottom: 0px; } /*************************************/ /* End DARB Formats */ /*************************************/ @media all { /* * * { line-height: 120%; } */ dd { margin-bottom: 2ex; } dl:first-child { margin-top: 2ex; } } @media print { body { font-size: 11pt; padding: 0px !important; } a:link, a:visited { color: black; background: inherit; } code, pre, samp, tt { font-size: 10pt; } #nav, #search_this_book, #comment_form, #comment_announcement, #flipNav, .noprint { display: none !important; } body#left-nav-present { overflow: visible !important; } } PKr.hcPK.V_EOEBPS/dcommon/doccd_epub.jsM /* Copyright 2006, 2012, Oracle and/or its affiliates. All rights reserved. Author: Robert Crews Version: 2012.3.17 */ function addLoadEvent(func) { var oldOnload = window.onload; if (typeof(window.onload) != "function") window.onload = func; else window.onload = function() { oldOnload(); func(); } } function compactLists() { var lists = []; var ul = document.getElementsByTagName("ul"); for (var i = 0; i < ul.length; i++) lists.push(ul[i]); var ol = document.getElementsByTagName("ol"); for (var i = 0; i < ol.length; i++) lists.push(ol[i]); for (var i = 0; i < lists.length; i++) { var collapsible = true, c = []; var li = lists[i].getElementsByTagName("li"); for (var j = 0; j < li.length; j++) { var p = li[j].getElementsByTagName("p"); if (p.length > 1) collapsible = false; for (var k = 0; k < p.length; k++) { if ( getTextContent(p[k]).split(" ").length > 12 ) collapsible = false; c.push(p[k]); } } if (collapsible) { for (var j = 0; j < c.length; j++) { c[j].style.margin = "0"; } } } function getTextContent(e) { if (e.textContent) return e.textContent; if (e.innerText) return e.innerText; } } addLoadEvent(compactLists); function processIndex() { try { if (!/\/index.htm(?:|#.*)$/.test(window.location.href)) return false; } catch(e) {} var shortcut = []; lastPrefix = ""; var dd = document.getElementsByTagName("dd"); for (var i = 0; i < dd.length; i++) { if (dd[i].className != 'l1ix') continue; var prefix = getTextContent(dd[i]).substring(0, 2).toUpperCase(); if (!prefix.match(/^([A-Z0-9]{2})/)) continue; if (prefix == lastPrefix) continue; dd[i].id = prefix; var s = document.createElement("a"); s.href = "#" + prefix; s.appendChild(document.createTextNode(prefix)); shortcut.push(s); lastPrefix = prefix; } var h2 = document.getElementsByTagName("h2"); for (var i = 0; i < h2.length; i++) { var nav = document.createElement("div"); nav.style.position = "relative"; nav.style.top = "-1.5ex"; nav.style.left = "1.5em"; nav.style.width = "90%"; while (shortcut[0] && shortcut[0].toString().charAt(shortcut[0].toString().length - 2) == getTextContent(h2[i])) { nav.appendChild(shortcut.shift()); nav.appendChild(document.createTextNode("\u00A0 ")); } h2[i].parentNode.insertBefore(nav, h2[i].nextSibling); } function getTextContent(e) { if (e.textContent) return e.textContent; if (e.innerText) return e.innerText; } } addLoadEvent(processIndex); PKo"nR M PK.V_EOEBPS/admin.htm r Oracle Fusion Middleware Administration

4 Oracle Fusion Middleware Administration

This chapter describes issues associated with Oracle Fusion Middleware administration. It includes the following topics:


Note:

This chapter contains issues you might encounter while administering any of the Oracle Fusion Middleware products.

Be sure to review the product-specific release note chapters elsewhere in this document for any additional issues specific to the products you are using.


4.1 General Issues and Workarounds

This section describes general issue and workarounds. It includes the following topics:

4.1.1 Clarification About Path for OPMN

OPMN provides the opmnctl command. The executable file is located in the following directories:

  • ORACLE_HOME/opmn/bin/opmnctl: The opmnctl command from this location should be used only to create an Oracle instance or a component for an Oracle instance on the local system. Any opmnctl commands generated from this location should not be used to manage system processes or to start OPMN.

    On Windows, if you start OPMN using the opmnctl start command from this location, OPMN and its processes will terminate when the Windows user has logged out.

  • ORACLE_INSTANCE/bin/opmnctl: The opmnctl command from this location provides a per Oracle instance instantiation of opmnctl. Use opmnctl commands from this location to manage processes for this Oracle instance. You can also use this opmnctl to create components for the Oracle instance.

    On Windows, if you start OPMN using the opmnctl start command from this location, it starts OPMN as a Windows service. As a result, the OPMN parent process, and the processes which it manages, persist after the MS Windows user has logged out.

4.1.2 Fusion Middleware Control May Return Error in Mixed IPv6 and IPv4 Environment

If your environment contains both IPv6 and IPv4 network protocols, Fusion Middleware Control may return an error in certain circumstances.

If the browser that is accessing Fusion Middleware Control is on a host using the IPv4 protocol, and selects a control that accesses a host using the IPv6 protocol, Fusion Middleware Control will return an error. Similarly, if the browser that is accessing Fusion Middleware Control is on a host using the IPv6 protocol, and selects a control that accesses a host using the IPv4 protocol, Fusion Middleware Control will return an error.

For example, if you are using a browser that is on a host using the IPv4 protocol and you are using Fusion Middleware Control, Fusion Middleware Control returns an error when you navigate to an entity that is running on a host using the IPv6 protocol, such as in the following situations:

  • From the Oracle Internet Directory home page, you select Directory Services Manager from the Oracle Internet Directory menu. Oracle Directory Services Manager is running on a host using the IPv6 protocol.

  • From a Managed Server home page, you click the link for Oracle WebLogic Server Administration Console, which is running on IPv6.

  • You test Web Services endpoints, which are on a host using IPv6.

  • You click an application URL or Java application which is on a host using IPv6.

To work around this issue, you can add the following entry to the /etc/hosts file:

nnn.nn.nn.nn  myserver-ipv6 myserver-ipv6.example.com

In the example, nnn.nn.nn.nn is the IPv4 address of the Administration Server host, myserver.example.com.

4.1.3 Deploying JSF Applications

Some JSF applications may experience a memory leak due to incorrect Abstract Window Toolkit (AWT) application context classloader initialization in the Java class library. Setting the oracle.jrf.EnableAppContextInit system property to true will attempt eager initialization of the AWT application context classloader to prevent this leak from occurring. By default, this property is set to false.

4.1.4 Limitations in Moving from Test to Production

Note the following limitations in moving from test to production:

  • If your environment includes Oracle WebLogic Server which you have upgraded from one release to another (for example from 10.3.4 to 10.3.5), the pasteConfig scripts fails with the following error:

    Oracle_common_home/bin/unpack.sh line29:
    WL_home/common/bin/unpack.sh No such file or directory
    

    To work around this issue, edit the following file:

    MW_HOME/utils/uninstall/WebLogic_Platform_10.3.5.0/WebLogic_Server_10.3.5.0_Core_Application_Server.txt file
    

    Add the following entries:

    /wlserver_10.3/server/lib/unix/nodemanager.sh
    /wlserver_10.3/common/quickstart/quickstart.cmd
    /wlserver_10.3/common/quickstart/quickstart.sh
    /wlserver_10.3/uninstall/uninstall.cmd
    /wlserver_10.3/uninstall/uninstall.sh
    /utils/config/10.3/setHomeDirs.cmd
    /utils/config/10.3/setHomeDirs.sh
    
  • When you are moving Oracle Virtual Directory, the Oracle instance name in the source environment cannot be the same as the Oracle instance name in the target environment. The Oracle instance name in the target must be different than the name in the source.

  • After you move Oracle Virtual Directory from one host to another, you must add a self-signed certificate to the Oracle Virtual Directory keystore and EM Agent wallet on Host B. Take the following steps:

    1. Set the ORACLE_HOME and JAVA_HOME environment variables.

    2. Delete the existing self-signed certificate:

      $JAVA_HOME/bin/keytool -delete -alias serverselfsigned
        -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks
        -storepass OVD_Admin_password 
      
    3. Generate a key pair:

      $JAVA_HOME/bin/keytool -genkeypair
        -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks
        -storepass OVD_Admin_password -keypass OVD_Admin_password -alias serverselfsigned
        -keyalg rsa -dname "CN=Fully_qualified_hostname,O=test" 
      
    4. Export the certificate:

      $JAVA_HOME/bin/keytool -exportcert
        -keystore ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/keys.jks
        -storepass OVD_Admin_password -rfc -alias serverselfsigned
        -file ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/ovdcert.txt 
      
    5. Add a wallet to the EM Agent:

      ORACLE_HOME/../oracle_common/bin/orapki wallet add
        -wallet ORACLE_INSTANCE/EMAGENT/EMAGENT/sysman/config/monwallet
        -pwd EM_Agent_Wallet_password -trusted_cert
        -cert ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/ovdcert.txt 
      
    6. Stop and start the Oracle Virtual Directory server.

    7. Stop and start the EM Agent.

  • The copyConfig operation fails if you are using IPv6 and the Managed Server listen address is not set.

    To work around this problem, set the Listen Address for the Managed Server in the Oracle WebLogic Server Administration Console. Navigate to the server. Then, on the Settings for server page, enter the Listen Address. Restart the Managed Servers.

  • When you are moving Oracle Platform Security and you are using an LDAP store, the LDAP store on the source environment must be running and it must be accessible from the target during the pasteConfig operation.

  • The copyConfig script works only with non-SSL ports. Because of this, ensure that non-SSL ports are enabled for all Managed Servers and the Administration Server.

    Note that if the administration port feature is enabled for the source Oracle WebLogic Server domain, you must disable it first before running copyConfig as it prevents the usage of non-SSL ports for administrative tasks.

    For information about the administration port, see "Administration Port and Administrative Channel" in Oracle Fusion Middleware Configuring Server Environments for Oracle WebLogic Server.

  • The movement scripts do not support moving Oracle Identity Manager to another environment, either through the movement scripts or manual steps. In addition, if Oracle Identity Manager is part of the source environment of other components, the movement scripts for that environment will fail. This restriction applies to all 11.1.1 releases of Oracle Identity Manager.

  • For Oracle Business Activity Monitoring, if there are remote servers in the test environment and you do not use shared disks, the copyConfig and pasteConfig scripts will fail. In addition, if Oracle BAM is part of the source domain that you are moving, the scripts will fail. For example, if Oracle BAM is part of a domain that contains the SOA Infrastructure and Oracle BPEL Process Manager, the copyConfig and pasteConfig scripts will fail.

    To move components other than Oracle BAM move the BAM_t2p_registration.xml file from the following directory, into any other directory:

    SOA_ORACLE_HOME/clone/provision
    

    Then, to move Oracle BAM, take the following steps:

    1. At the source, export the ORACLEBAM database schema, using the following commands (ORACLE_HOME is the Oracle home for the Oracle Database):

      ORACLE_HOME/bin/sqlplus "sys/password as sysdba"
      create or replace directory directory as 'path';
      grant read,write on DIRECTORY directory to oraclebam;
      exit;
      
      ORACLE_HOME/bin/expdp userid=oraclebam/bam@connect_id
             directory=directory dumpfile=orabam.dmp
             schemas=oraclebam logfile=oraclebam_date.log
      

      See Also:

      "Overview of Oracle Data Pump" and other chapters on Oracle Data Pump in Oracle Database Utilities


      The Oracle BAM objects, such as reports, alerts, and data definitions from the source environment are exported.

    2. At the target, import the ORACLEBAM database schema that you exported from the source environment, using the following commands (ORACLE_HOME is the Oracle home for the Oracle Database):

      ORACLE_HOME/bin/impdp userid=system/password dumpfile=ORACLEBAM.DMP 
         remap_schema=oraclebam:oraclebam TABLE_EXISTS_ACTION=replace
      ORACLE_HOME/bin/sqlplus "sys/password as sysdba"
         alter user oraclebam account unlock;
         alter user oraclebam identified by bam;
      

      Note that impdp may report the following errors:

      • ORA-00959: tablespace <source tablespace> does not exist.

        You can fix this error by creating the tablespace in the import database before the import or use REMAP_TABLESPACES to change the tablespace referenced in the table definition to a tablespace in the import database.

      • You may see failure with restoring index statistics if you use an Oracle database version earlier than 11.2.0.2. You can work around this issue by rebuilding the index statistics after import.

    3. Restart the Oracle Business Activity Monitoring Managed Server.

  • When you are moving Oracle Platform Security Services and the data is moving from LDAP to LDAP, the source and target LDAP domain component hierarchy must be same. If it is not, the Oracle Platform Security Services data movement will fail. For example, if the source is hierarchy is configured as dc=us,dc=com, the target LDAP must have the same domain component hierarchy.

  • Moving Oracle Access Manager may fail, as described in Section 29.2.7.

4.1.5 Limitations in Moving Oracle Business Process Management from Test to Production Environment

Note the following limitations when moving Oracle Business Process Management from a test environment to a production environment:

  • When you move Oracle Business Process Management from a test environment to a production environment as described in the Task "Move Oracle Business Process Management to the New Production Environment" in the Oracle Fusion Middleware Administrator's Guide, Oracle Business Process Management Organization Units are not imported.

    To work around this issue, you must re-create the Organization Units in the production environment. In addition, if any Organization associations with the Calendar rule for the Role exist in the test environment, you must re-create them, using the Roles screen.

    For information, see "Working with Organizations" in the Oracle Fusion Middleware Modeling and Implementation Guide for Oracle Business Process Management.

  • Oracle recommends that you move artifacts and data into a new, empty production environment. If the same artifacts are present or some data has been updated on the production environment, the procedure does not update those artifacts.

4.1.6 Message Returned with Incorrect Error Message Level

In Fusion Middleware Control, when you select a metadata repository, the following error messages are logged:

Partitions is NULL
Partitions size is 0 

These messages are logged at the Error level, which is incorrect. They should be logged at the debug level, to provide information.

4.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

4.2.1 Must Stop Oracle SOA Suite Managed Server Before Stopping soa-infra

Using Fusion Middleware Control, if you stop a Oracle SOA Suite Managed Server before you stop soa-infra, then you start the Managed Server, the soa-infra application is not restarted automatically. If you try to restart the soa-infra, you will received an error. When you encounter the problem, you cannot close the dialog box in the browser, so you cannot take any further actions in Fusion Middleware Control.

To avoid this situation, you should stop the Managed Server, which stops all applications, including the soa-infra application. To start the Managed Server and the soa-infra, start the Managed Server.

To close the browser dialog box, enter the following URL in your browser:

http://host:port/em

4.2.2 Fusion Middleware Control Does Not Keep Column Preferences in Log Viewer Pages

In Fusion Middleware Control, you can reorder the columns in the pages that display log files and log file messages. However, if you navigate away from the page and then back to it, the columns are set to their original order.

4.2.3 Topology Viewer Does Not Display Applications Deployed to a Cluster

In Fusion Middleware Control, the Topology Viewer does not display applications that are deployed to a cluster.

4.2.4 Changing Log File Format

When you change the log file format note the following:

  • When you change the log file format from text to xml, specify the path, but omit the file name. The new file will be named log. xml.

  • When you change the log file format from xml to text, specify both the path and the file name.

4.2.5 SSL Automation Tool Configuration Issues

The following issues have been observed when using the SSL Automation tool:

  • The script creates intermediate files that contain passwords in clear text. If the script fails, these files might not be removed. After a script failure, delete all files under the rootCA directory.

  • If Oracle Internet Directory password policy is enabled, passwords entered for wallet or keystore fail if they violate the policy.

  • Before you run the script, you must have JDK 1.6 installed and you must have JAVA_HOME set in your environment.

  • If the Oracle Virtual Directory configuration script fails, check the run log or enable debug for the shell script to view specific errors. If the error message looks similar to this, rerun the script with a new keystore name:

    WLSTException: Error occured while performing cd : Attribute 
    oracle.as.ovd:type=component.listenersconfig.sslconfig,name=LDAP SSL 
    Endpoint,instance=%OVD_INSTANCE%,component=ovd1 not found
    

4.3 Documentation Errata for the Oracle Fusion Middleware Administrator's Guide

The following section describes documentation errata for the Oracle Fusion Middleware Administrator's Guide:

4.3.1 Combining All Oracle Homes in a Single Inventory File

All Oracle homes in the Middleware home on the source environment must be registered in the same Oracle inventory. If you have installed multiple components under the same Middleware home, but used different Oracle inventory locations, the scripts are not able to detect all of the Oracle homes.

To work around this issue, take the following steps:

  1. Create a new oraInst.loc pointing to the inventory to which you want to register, using the following commands:

    cat oraInst.loc
          inventory_loc=new_oraInst_loc_location
          inst_group=g900 
    
  2. Detach the Oracle Home from its current inventory:

    cd ORACLE_HOME/oui/bin
          ./detachHome.sh -invPtrLoc ORACLE_HOME/oraInst.loc 
    
  3. Attach the Oracle Home to the new inventory by passing new oraInst.loc created in step 1:

    ./attachHome.sh -invPtrLoc new_oraInst_loc_location
    

    Do this for every Oracle home in the Middleware home.

  4. Set the necessary dependencies between Oracle homes if required (for example most Oracle homes depend on oracle_common). The dependencies are required when you uninstall. You can check the existing dependencies from the old inventory by checking the file oraInventory/ContentsXML/inventory.xml. The following shows an example of the file:

    <?xml version="1.0" standalone="yes" ?>
    <!-- Copyright (c) 1999, 2010, Oracle. All rights reserved. -->
    <!-- Do not modify the contents of this file by hand. --> 
    <VERSION_INFO>
       <SAVED_WITH>11.1.0.9.0</SAVED_WITH>
       <MINIMUM_VER>2.1.0.6.0</MINIMUM_VER>
    </VERSION_INFO>
    <HOME_LIST>
    <HOME NAME="OH339778486" LOC="/scratch/oracle/11gMW/oracle_common" TYPE="O" IDX="1">
       <REFHOMELIST>
          <REFHOME LOC="/scratch/oracle/11gMW/Oracle_WT1"/>
       </REFHOMELIST>
    </HOME>
    <HOME NAME="OH299443989" LOC="/scratch/oracle/11gMW/Oracle_WT1" TYPE="O"
    IDX="2">
       <DEPHOMELIST>
          <DEPHOME LOC="/scratch/oracle/11gMW/oracle_common"/>
       </DEPHOMELIST>
    </HOME>
    </HOME_LIST>
    <COMPOSITEHOME_LIST>
    </COMPOSITEHOME_LIST>
    </INVENTORY>
         
    
  5. Run the following command to set up dependencies. Note that this is not mandatory for the movement scripts to work, but is needed when you uninstall.

    ./runInstaller -updateHomeDeps
    "HOME_DEPENDENCY_LIST={/scratch/oracle/11gMW/Oracle_WT1:/scratch/oracle/11gMW/
    oracle_common}" -invPtrLoc ~/oraInst.loc 
    

4.3.2 Correction to Link About Supported Databases for MDS

The section "Databases Supported by MDS" in the Oracle Fusion Middleware Administrator's Guide contains an incorrect link to Oracle Fusion Middleware System Requirements and Specifications. The correct link is:

http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-requirements-100147.html

4.3.3 Clarification of Move Plan Properties for Oracle WebCenter Content

For the Oracle WebCenter Content server or Oracle WebCenter Content: Records, you have two options for moving the component:

  • copy: This option copies the entire source system, including configuration and data, to the target system. Although this is the default, Oracle does not recommend using this option because it moves test data, which might not be appropriate for your environment.

  • init: This option initializes a new Content Server or Records instance in the target system. It does not move data.

PKr rPK.V_E OEBPS/urm.htmD Oracle WebCenter Content: Records

22 Oracle WebCenter Content: Records

This chapter describes issues associated with Oracle WebCenter Content: Records. It includes the following topics:

In addition to the information discussed here, see the chapter in this release note documentation concerning Oracle WebCenter Content. Issues which affect WebCenter Content may also affect Records.

22.1 General Issues and Workarounds

This section describes general issues and workarounds. It contains the following sections:

22.1.1 Role Report Output is Dependent on User Generating the Report

A role report can be generated by choosing Records then Reports then Role from the Main menu. Note that the output of the report may not show all data for all roles. The output is dependent on the user who is generating the report and the permissions given to that user.

22.1.2 Items Returned When Using Screening

It should be noted that screening is a retention feature that only returns content items with a life cycle or items that are frozen.

22.1.3 Oracle Text Search and Report Configuration Options

When using Oracle Text Search, an incompatibility existed with the options to exclude report templates and reports in search results. These options appear on the Configure Report Settings Page.

It is now possible to exclude reports in search results by selecting the Exclude Reports in Search Results checkbox. However, if the Exclude Report Template in Search Results checkbox is selected, templates are still included in searches. Oracle is aware of this issue and is working to fix it in a future release.

22.1.4 Upgrade from 10g Audit Trail Periods Missing

When upgrading this product from release version 10g to release version 11g, the complete audit trail dates are not available. The audit periods from 2001 to 2010 should be present after upgrading, but only periods between 2001 to 2006 are present. The missing years can be added manually. Oracle is aware of this issue and is working to fix it in a future release.

22.1.5 DB2 Databases and FOIA/PA Functionality

Due to the size of the database used with the Freedom of Information Act/Privacy Act (FOIA/PA) functionality, the FOIA/PA option is not supported for those sites using DB2 for their database.

22.1.6 Sorting and Listing Retention Category Content

When retention categories are sorted then listed, they are listed on a per-source basis. For example, if three sources are used (Source1, Source2, Source3), all items from Source1 are sorted as a separate group, items from Source2 are sorted as a separate group, and items from Source3 are sorted as a separate group. Then items from each source are displayed in a "round robin" style with the first item of Source1, the first item from Source2, and the first item from Source3, followed by the second item of each source.

22.1.7 Using Firefox to Configure the Dashboard

"Drag and drop" functionality to move dashboard panels is not available when using the Firefox browser. Instead, you should remove the panel and re-insert a new panel in the proper location.

22.1.8 Setting Security Group for Retention Items

Items created for use in the Retention Schedule should have the security group set to recordsgroup rather than Public. If set to Public, non-URM users may have access to items in the Retention Schedule when performing standard searches.

22.1.9 Problem Viewing the Search Results

If you upgrade URM from 10g to 11.1.1.8.0 using a DB2 database, then you will be able to view only the first page of the search results. Attempts to view subsequent pages will display blank pages.

To workaround, go to Settings and then RM Security Options. Select one of the options like Supplemental Marking or Classification. Ensure that the no security or no post filtering rights are turned off.

22.2 Configuration Issues and Workarounds

This section describes configuration issues and workarounds. It contains the following sections:

22.2.1 Import FOIA Archive Error Message

Importing the Freedom of Information Act (FOIA) archive from the Setup Checklist page may display a spurious error message stating Archiver is already running, please try again later.

This error may be safely ignored. It is generated because the click to initiate the archive is registered twice. Ignore the warning, wait fifteen minutes and then see if the alert notification for that task is removed. The import of the archive can also be confirmed by opening the Archiver and verifying that the FOIAPrivacyAct archive is present.

22.2.2 Restart Required: Performance Monitoring and Reports

After performance monitoring is selected and enabled, the Content Server must be restarted in order for monitoring to commence. Note that a restart is also required after configuration of the software in order for all report options to appear on the appropriate menus.

22.2.3 Audit Trail Sorting Results and Database Fulltext Search

When sorting the audit trail using Oracle DB, the output depends on the type of sort being performed.

When sorting with Database Fulltext Search, sorting is case-sensitive, meaning that upper case items will always appear first in a list. When sorting with Oracle Text Search, a case-insensitive search is performed.

22.2.4 Prefix Size Limitation When Using Offsite Storage

If offsite storage functionality is enabled on the system, the total size allowed for the content ID for a physical item is 11 characters. When setting up offsite storage, verify if automatic assignment of IDs is enabled and if so, make sure the content prefix is set to 5 characters or less.

22.2.5 Enabling Email Metadata Component

If the EmailMetadata component is installed for use with WebCenter Content, a configuration variable must be set in order for the user interface to be made available in Records.

Set the ShowEmailMetadataMenu variable to TRUE in the emailmetadata_environment.cfg file in the /components/EmailMetadata directory.

Restart Content Server after setting the variable then refresh or reload the browser. Options become available to map email fields to metadata fields. To use those options, choose Administration then Configure Email Metadata from the Main menu.

22.2.6 Relative Web Root Must Be Changed

When upgrading from the 10g version, the HttpRelativeWebRoot configuration parameter must be changed in the config.cfg file to the following:

HttpRelativeWebRoot=/urm/

It is critical to change the parameter exactly as shown.

22.2.7 Configuring 10g Adapters for Version 11g

A connection address must be changed to enable 10g adapters to work with version 11g.

Previous connection strings were similar to the following example:

http://myhost.mycompany.com:myport/URMinstance/idcplg

The new connection string should be similar to the following example:

http://myhost.mycompany.com:myport/_dav/URMinstance/idcplg

The addition of the _dav string is all that changes.

22.2.8 Configuring RSS Reader for Dashboard

The following configuration variables should be set in the config.cfg file to configure the RSS Reader in the Dashboard.

If the Content Server is used behind a proxy server, the proxy address and port number must be set:

RssProxyServerAutoDetected= content server network's proxy address

You must also configure the proxy port for the content server network:

RssProxyPortAutoDetected=content server network's proxy port

22.3 Documentation Errata

This section describes changes in the documentation. It contains the following sections:

22.3.1 Menu Name Changes Not Reflected in Documentation

The External Performance Monitoring menu listed in documentation should be changed to Performance Monitoring. This is accessed by choosing Records then Audit then Performance Monitoring from the Top menu.

22.3.2 Physical Content Management Services Not Documented

The following services were omitted from the PCM services documented in the Oracle WebCenter Content Services Reference Guide:

  • GET_RELATED_CONTENT: retrieves a page used to show Related Links for the specified content. The following are additional required service parameters:

    • dSource: source being used for the search (for example, "Physical").

    • dID: the unique identifier of the external item.

    • dLinkTypeID: the unique identifier for the related content type link.

  • GET_EXTERNAL_ITEM_SEARCH_RESULTS: retrieves a page used to search physical items. The following are additional required service parameters:

    • dSource: source being used for the search (for example, "Physical").

    • QueryText: the text used for the search.

    • ErmSearchTable: the source table name. This should be EXTERNAL_SOURCE for a Physical source.

    • SearchEngineName: the search engine to use. Default is DATABASE.

    • SearchQueryFormat: the search query format to use. Default is UNIVERSAL.

22.3.3 Additional FTP Option for Offsite Storage

The option to use sftp is now available (in addition to other options) as the FTP protocol when creating Offsite Storage. This was omitted from the documentation.

PKeDDPK.V_EOEBPS/partpage_odi.htm Oracle Data Integrator

Part XIII

Oracle Data Integrator

Part XIII contains the following chapters:

PKMIPK.V_E OEBPS/toc.ncx-@ Oracle® Fusion Middleware Release Notes for Linux x86-64, 11g Release 1 (11.1.1) Cover Contents Title and Copyright Information Preface Part I Oracle Fusion Middleware 1 Introduction 2 Installation, Patching, and Configuration 3 Upgrade 4 Oracle Fusion Middleware Administration 5 Oracle Enterprise Manager Fusion Middleware Control 6 Oracle Fusion Middleware High Availability and Enterprise Deployment 7 Oracle Fusion Middleware on IBM WebSphere Part II Oracle Development Tools 8 Oracle JDeveloper and Oracle Application Development Framework (ADF) 9 Oracle TopLink Part III Oracle Virtual Assembly Builder 10 Oracle Virtual Assembly Builder Part IV Web Tier 11 Oracle HTTP Server 12 Oracle Web Cache Part V Oracle WebLogic Server 13 Oracle WebLogic Server Part VI Oracle WebCenter Portal 14 Oracle WebCenter Portal 15 Web Services Development, Security, and Administration Part VII Oracle WebCenter Content 16 Oracle WebCenter Application Adapters 17 Oracle WebCenter Content Installation and Configuration 18 Oracle WebCenter Content: Imaging 19 Oracle WebCenter Capture 20 Oracle Information Rights Management 21 Oracle WebCenter Content 22 Oracle WebCenter Content: Records Part VIII Oracle WebCenter Sites 23 Oracle WebCenter Sites 24 Oracle WebCenter Sites: Community-Gadgets Part IX Oracle SOA Suite and Business Process Management Suite 25 Oracle SOA Suite, Oracle BPM Suite, and Common Functionality Part X Communication Services 26 Oracle User Messaging Service 27 Oracle WebLogic Communication Services Part XI Oracle Identity Management 28 Oracle Adaptive Access Manager 29 Oracle Access Manager 30 Oracle Entitlements Server 31 Oracle Identity Federation 32 Oracle Identity Manager 33 Oracle Identity Navigator 34 Oracle Internet Directory 35 Oracle Platform Security Services 36 SSL Configuration in Oracle Fusion Middleware 37 Oracle Directory Integration Platform 38 Oracle Virtual Directory 39 Oracle Authentication Services for Operating Systems Part XII Oracle Portal, Forms, Reports and Discoverer 40 Oracle Business Intelligence Discoverer 41 Oracle Forms 42 Oracle Reports 43 Oracle Portal Part XIII Oracle Data Integrator 44 Oracle Data Integrator Part XIV Oracle Business Intelligence 45 Oracle Business Intelligence 46 Oracle Business Intelligence Applications and Data Warehouse Administration Console 47 Oracle Real-Time Decisions Copyright PKgۍ--PK.V_EOEBPS/content.opf2) Oracle® Fusion Middleware Release Notes for Linux x86-64, 11g Release 1 (11.1.1) en-US E14770-57 Oracle Corporation Oracle Corporation Oracle® Fusion Middleware Release Notes for Linux x86-64, 11g Release 1 (11.1.1) Oracle® Fusion Middleware Release Notes for Linux x86-64, 11g Release 1 (11.1.1) PKxA7)2)PK.V_EOEBPS/forms.htms Oracle Forms

41 Oracle Forms

This chapter describes issues associated with Oracle Forms. It includes the following topics:

41.1 General Issues and Workarounds

This section describes general issues and workarounds. It includes the following topics:

41.1.1 Backwards Compatibility with Earlier Releases

For information about upgrading from Forms 6i, see the "Upgrading to Oracle Forms Services 11g" chapter in Oracle Fusion Middleware Forms Services Deployment Guide. For information about changed or obsolete features, see the Oracle Forms Upgrading Oracle Forms 6i to Oracle Forms 11g Guide.

For upgrading from Oracle Forms 10g and prior releases, you can use the Upgrade Assistant. For more information, see the Oracle Fusion Middleware Upgrade Planning Guide and Oracle Fusion Middleware Upgrade Guide for Oracle Portal, Forms, Reports, and Discoverer.

Additional information about backwards compatibility is included in My Oracle Support Note 113987.1 at: http://myoraclesupport.oracle.com

Regardless from which version of Oracle Forms you are upgrading, you will need to recompile your applications and restart Oracle Forms.

Before restarting the Oracle WebLogic managed server, all the JVM Controller processes (dejvm) started by that server must be stopped. Otherwise, WLS_FORMS will not restart after a shutdown.

When two Oracle instances with Forms Services are configured, using a single ORACLE_HOME on a Windows machine, then the FORMS_ORACLE_INSTANCE registry entry of the second ORACLE_INSTANCE takes precedence. It is recommended that the Forms Builder component is configured in the second ORACLE_INSTANCE.

41.1.2 Linux/UNIX Issues and Workarounds

This section describes issues related to Oracle Forms and Linux/UNIX. It includes the following topics:

41.1.2.1 LD_PRELOAD Setting Required for Signal Chaining Facility

The LD_PRELOAD setting in default.env is required for the working of signal chaining facility in JVM version 1.5 and later. If you are creating or using other environment files, the setting in the environment file for LD_LIBRARY_PATH and LD_PRELOAD must be the same as in default.env.

41.1.2.2 Check the Reports Engine Logs for FRM-41214

If you encounter the Forms error FRM-41214:Unable to run report when trying to run Reports from a Forms session, check the Reports engine logs for more details on the error.

41.1.2.3 Forms Builder Does not Launch on Linux RHEL5

On 32-bit Linux computers, when attempting to launch Forms Builder using the command frmbld.sh in $ORACLE_INSTANCE/bin/, the following error message is displayed:

$ORACLE_HOME/bin/frmbld: error while loading shared libraries: libXm.so.3: cannot open shared object file: No such file or directory

As a workaround, create a symlink named libXm.so.3 to libXm.so.4 in ORACLE_INSTANCE/bin/xm and add it to the LD_LIBRARY_PATH. Or install OpenMotif package using the command rpm -i openmotif22-2.2.3-18.i386.rpm

41.1.2.4 Changing User Permissions

The 11g installation sets the permissions of the files so that only the user who installed 11g can run the executables. For more information, refer to Installing as a Non-Default User on Unix Operating Systems in Oracle Fusion Middleware Forms and Reports System Requirements and Specifications guide.

41.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

41.2.1 Non-Internet Explorer Browser Proxy Settings when Using One-Button-Run

If you encounter a FORBIDDEN error when using One-Button-Run with any of the supported browsers other than Internet Explorer, verify if 127.0.0.1 (localhost) is in the proxy settings for your browser. If 127.0.0.1 is not in the exceptions list, then add it. This ensures that the browser will bypass the proxy server.

41.2.2 WebUtil Client Files Allow Configuration of Destination Directory

WebUtil downloads install.syslib libraries into the bin directory of the JRE or JVM on Windows and into the lib directory of JRE on Linux. This location can be specified in the parameter install.syslib.location.client.<OS> = <Path on client machine> (where <Path on client machine> represents the path to the location where libraries used on the client by WebUtil are stored and is either absolute or relative to client user home) in webutil.cfg.

41.2.3 webutil.properties Files Renamed for Different Libraries

When install.syslib libraries are downloaded, WebUtil creates the webutil.properties file which is located in the client user home. Different webutil.properties files are maintained on client side to allow different servers to download and manage their libraries on client. The files are named webutil.<HOST>.<CONFIG>.properties on the client, where HOST is the server computer name and CONFIG is the name of configuration section in formsweb.cfg.

41.2.4 Forms does not Work with JDK 1.6.0_12 on Client with WinRunner

Forms does not run when using JDK 1.6.0_12 and later versions on a client that also has WinRunner installed.

As a workaround, rename the two environment variables _JAVA_OPTIONS and JAVA_TOOLS_OPTIONS. For example, rename them to test_JAVA_OPTIONS and test_JAVA_TOOLS_OPTIONS. This will disable WinRunner but allows Forms to run.

41.2.5 JavaScript Communication Does not Work in IE for Framed HTML File

JavaScript communication does not work in framed HTML file that is opened in Internet Explorer 7, or in Internet Explorer 8 with file:// protocol.

As a workaround, use the IP address instead of the machine name in the URL for the frame. For example in testform.htm, change:

<frame noresize="noresize" 
 src="http://testform.us.example.com:8888/forms/java/js2frm1.html" name="fr2" 
 frameborder="0"> 
   <frame noresize="noresize" 
 src="http://testform.us.example.com:8888/forms/frmservlet?play=&record=forms& 
 form=js2frm1&userid=scott/tiger@adt10220" name="fr1" frameborder="0">

to

<frame noresize="noresize" 
 src="http://<IP address>:8888/forms/java/js2frm1.html" name="fr2" 
 frameborder="0"> 
   <frame noresize="noresize" 
 src="http://<IP address>:8888/forms/frmservlet?play=&record=forms&form=js2fr 
 m1&userid=scott/tiger@adt10220" name="fr1" frameborder="0">

41.2.6 JavaScript Events Calling Forms Applications in a Safari 5 Browser Do not Work

When using JavaScript integration with a Forms application in a Safari 5 browser on Windows, the communication from Forms to JavaScript running in the browser works; however, the calls to the applet from JavaScript do not work.

As a workaround, perform the following:

  1. Ensure you are using base.htm.

  2. In base.htm, delete the <NOSCRIPT></NOSCRIPT> tags that are wrapping the <APPLET> tag.

41.3 Documentation Errata

This section describes documentation errata. It includes the following topics:

41.3.1 Passing userid in Secure Mode

The following information on passing userid in secure mode must be added to Oracle Forms Builder online help.

Passing userid as an argument when using the Forms compiler (frmcmp or frmcmp_batch) may lead to security risks. In addition to the interactive dialog mode already available, the compiler can now accept the connect string via standard input. To pass the userid in a secure mode, perform the following:

  1. Set the environment variable FORMS_STDIN_PASSWORD to 1.

  2. Run the compiler without any connect string. Enter the connect string after the compiler has started.

  3. Run the compiler using redirection to pass the password to the compiler. (This is especially useful in compiling several Forms in a script.) For example:

        #!/bin/sh
         echo "Enter userid"
         read -s myuserid
         for i in 'ls *.fmb'
         do
         echo Compiling Form $i ....
         frmcmp_batch.sh batch=yes module=$i module_type=form compile_all=yes <<<
              "$myuserid"
         done
    

Note that this script is a sample that tries to protect the password, but on some platforms and configurations it may still lead to security risks.

41.3.2 JDAPI Programming Example

The JDAPI Programming Example in the Forms Developer Online Help must be updated to the following code:

import java.io.File; 
import java.io.PrintWriter; 
import java.io.FileWriter; 
import java.text.MessageFormat; 
 
import oracle.forms.jdapi.*; 
 
/** 
* Dumps passed forms JdapiObjects to an output stream as text. 
* 
* Set command line options for more output, else only the 
* basic form tree structure will be dumped. 
* 
* See printUsage for command line options. 
*/ 
public class FormDumper 
{ 
/** 
* Need this to parse the command line options 
* 
* The string represents valid command options as detailed in the 
* Getopt class 
*/ 
 
boolean m_dumpAllProps = false; 
boolean m_dumpBoolProps = false; 
boolean m_dumpNumProps = false; 
boolean m_dumpTextProps = false; 
boolean m_dumpPropNames = false; 
String m_dumpPath = null; 
/** 
* Output stream, default to STDOUT */ 
private PrintWriter m_out = new PrintWriter(System.out, true); 
 
/** 
* Use this to indent children 
*/ 
private String m_indentation = ""; 
 
/** 
* Constructor 
*/ 
public FormDumper() 
{ 
 
} 
 
/** 
* Special constructor that does not take command line arguments. 
* 
* @param out The output writer where to send dump information. 
*/ 
public FormDumper(PrintWriter out) 
{ 
m_out = out; 
m_dumpAllProps = true; 
m_dumpBoolProps = true; 
m_dumpNumProps = true; 
m_dumpTextProps = true; 
m_dumpPropNames = true; 
} 
 
/** 
* Set the dump path. 
* 
* @param path The file where the dumper must send the information 
*/ 
public void setDumpPath(String path) 
{ 
m_dumpPath = path; 
} 
 
/** 
* Indirect output 
*/ 
public void println(String s) 
{ 
m_out.println(s); 
} 
 
/** 
* Dump a form to the output stream 
*/ 
public void dumpForm(String filename) 
throws Exception 
{ 
FormModule fmb = FormModule.open(filename); 
System.out.println("Dumping module " + fmb.getName()); 
 
if (m_dumpPath != null) 
{ 
// use this form's FILE name to name the dump file 
String thisFormName = new File(filename).getName(); 
thisFormName = thisFormName.substring(0, (thisFormName.length()-4)); 
StringBuffer dmpFilename = new StringBuffer(); 
dmpFilename.append(m_dumpPath); 
 
if (!dmpFilename.toString().endsWith("/")) 
{ 
dmpFilename.append("/"); 
} 
dmpFilename.append(thisFormName); 
 
m_out = new PrintWriter(new FileWriter(dmpFilename.toString()), true); 
} 
 
// Call the actual 'dump' method 
dump(fmb); 
 
// Dump the coordinate system used by the module 
m_indentation = " "; 
dump(new Coordinate(fmb)); 
m_indentation = ""; 
println("Dumped " + fmb.getName()); 
 
// Close the module 
fmb.destroy(); 
} 
 
/** 
* Recursively dump a forms JdapiObject and its children to the output stream 
*/ 
protected void dump(JdapiObject jo) 
{ 
String className = jo.getClassName(); 
 
// print out a context line for the JdapiObject 
// If it is a coordinate system, it does not have a name 
 
if(className.equals("Coordinate")) 
{ 
println(m_indentation + "Coordinate System "); 
} 
else 
{ 
println(m_indentation + className + " " + jo.getName()); 
} 
 
// Property classes need special treatment 
if(className.equals("PropertyClass")) 
{ 
dumpPropertyClass((PropertyClass)jo); 
} 
else // Generically dump the required property types only 
{ 
if (m_dumpTextProps) 
{ 
dumpTextProps(jo); 
} 
if (m_dumpBoolProps) 
{ 
dumpBoolProps(jo); 
} 
 
if (m_dumpNumProps) 
{ 
dumpNumProps(jo); 
} 
// Additionally, dump any Item list elements 
if(className.equals("Item")) 
{ 
dumpListElements((Item)jo); 
} 
} 
 
// use Form's metadata to get a list of all the child JdapiObjects this 
JdapiObject can have 
JdapiMetaObject meta = JdapiMetadata.getJdapiMetaObject(jo.getClass()); 
JdapiIterator props = meta.getChildObjectMetaProperties(); 
JdapiMetaProperty prop = null; 
JdapiIterator iter = null; 
JdapiObject child = null; 
 
// loop through every possible kind of child JdapiObject this JdapiObject 
//can have 
while(props.hasNext()) 
{ 
prop = (JdapiMetaProperty)props.next(); 
// only bother if we can access these JdapiObjects 
if(!prop.allowGet()) 
{ 
continue; 
} 
 
// get the actual values for the current child JdapiObject type, 
// e.g. get the Items on a Block 
iter = jo.getChildObjectProperty(prop.getPropertyId()); 
 
// null is returned if there are no property values 
if(iter != null) 
{ 
// loop over every child value 
while(iter.hasNext()) 
{ 
child = (JdapiObject)iter.next(); 
// recursively navigate to it 
m_indentation += " "; 
dump(child); 
if(m_indentation.length()>2) 
m_indentation = m_indentation.substring(0, m_indentation.length()-2) 
; 
} 
} 
} 
} 
/** 
* Dump list elements 
* 
* The JdapiObject is an item; if it is a list item, 
* dump the list elements. 
* 
* @param item 
*/ 
private void dumpListElements(Item item) 
{ 
if( item.getItemType() == JdapiTypes.ITTY_LS_CTID) 
{ 
if (m_dumpPropNames)
 { 
println(m_indentation + "dumping list elements"); 
} 
for(int i = 1; i <= item.getListElementCount(); i++) 
{ 
String label = item.getElementLabel(i); 
String value = item.getElementValue(i); 
println( m_indentation + " " + i + ": '" + label + "' '" + value + "'"); 
} 
} 
} 
/** 
* Dump the property class properties
 */ 
private void dumpPropertyClass(PropertyClass pc) 
{ 
String propertyVal = null; 

// test for every single possible property 
// this is a bit hacky :) 
for(int propertyId = 1; propertyId < JdapiTypes.MAXIMUM_PTID; ++propertyId) 
{ 
if(!pc.hasProperty(propertyId))
{ 
continue; // this property is not in the set 
} 
if(pc.hasDefaultedProperty(propertyId) && !m_dumpAllProps) 
{ 
continue; 
} 
Class pt = JdapiMetaProperty.getPropertyType(propertyId); 
if(pt == Boolean.class) 
{ 
if(m_dumpBoolProps) 
{ 
propertyVal = String.valueOf(pc.getBooleanProperty(propertyId)); 
} 
} 
else if(pt == Integer.class) 
{ 
if(m_dumpNumProps) 
{ 
propertyVal = String.valueOf(pc.getIntegerProperty(propertyId)); 
} 
} 
else if(pt == String.class) 
{ 
if(m_dumpTextProps) 
{ 
propertyVal = pc.getStringProperty(propertyId); 
} 
} 
if(null != propertyVal) 
{ 
if (m_dumpPropNames) 
{ 
println(m_indentation + " " + JdapiMetaProperty.getPro 
pertyName(propertyId) + " " + 
propertyVal); 
} 
else 
{ 
println(m_indentation + propertyVal); 
} 
propertyVal = null; 
} 
} // End loop over every property 
} 
/** 
* Dump the source JdapiObject text properties 
*/ 
private void dumpTextProps(JdapiObject jo) 
{ 
JdapiMetaObject meta = JdapiMetadata.getJdapiMetaObject(jo.getClass()); 
JdapiIterator props = meta.getStringMetaProperties(); 
// for each text property 
while(props.hasNext()) 
{ 
JdapiMetaProperty prop = (JdapiMetaProperty) props.next(); 
int propertyId = prop.getPropertyId(); 
String propertyVal = null; 
try 
{ 
propertyVal = jo.getStringProperty(propertyId); 
} 
catch(Exception e) 
{ 
println(m_indentation + "Could_not_get_property " + 
JdapiMetaProperty.getPropertyName(propertyId)); 
continue; 
} 
if ( jo.hasProperty(propertyId) 
&& (m_dumpAllProps || !(jo.hasDefaultedProperty(propertyId)) ) ) 
{ 
if(m_dumpPropNames) 
{ 
println( m_indentation + " " + JdapiMetaProperty. 
getPropertyName(propertyId) + " " + 
propertyVal); 
} 
else 
{ 
println(m_indentation + propertyVal); 
} 
} 
} 
} 
/** 
* Dump the source JdapiObject boolean properties 
*/ 
private void dumpBoolProps(JdapiObject jo) 
{ 
JdapiMetaObject meta = JdapiMetadata.getJdapiMetaObject(jo.getClass()); 
JdapiIterator props = meta.getBooleanMetaProperties(); 
// for each boolean property 
while(props.hasNext()) 
{ 
JdapiMetaProperty prop = (JdapiMetaProperty) props.next(); 
int propertyId = prop.getPropertyId(); 
boolean propertyVal = false; 
try 
{ 
propertyVal = jo.getBooleanProperty(propertyId); 
} 
catch(Exception e) 
{ 
println(m_indentation + "Could_not_get_property " + 
JdapiMetaProperty.getPropertyName(propertyId)); 
continue; 
} 
if ( jo.hasProperty(propertyId) 
&& (m_dumpAllProps ) ) 
{ 
if(m_dumpPropNames) 
{ 
println(m_indentation + " " + JdapiMetaProperty. 
getPropertyName(propertyId) + " " + 
propertyVal); 
} 
else 
{ 
println(m_indentation + propertyVal); 
} 
} 
} 
} 
/** 
* Dump the source JdapiObject numeric properties 
*/ 
private void dumpNumProps(JdapiObject jo) 
{ 
JdapiMetaObject meta = JdapiMetadata.getJdapiMetaObject(jo.getClass()); 
JdapiIterator props = meta.getIntegerMetaProperties(); 
// for each numeric property 
while(props.hasNext()) 
{ 
JdapiMetaProperty prop = (JdapiMetaProperty) props.next(); 
int propertyId = prop.getPropertyId(); 
int propertyVal = 0; 
try 
{ 
propertyVal = jo.getIntegerProperty(propertyId); 
} 
catch(Exception e) 
{ 
println(m_indentation + "Could_not_get_property " + 
JdapiMetaProperty.getPropertyName(propertyId)); 
continue; 
} 
if ( jo.hasProperty(propertyId) 
&& (m_dumpAllProps || !(jo.hasDefaultedProperty(propertyId)) ) ) 
{ 
if (m_dumpPropNames) 
{ 
println(m_indentation + " " + JdapiMetaProperty.getPropertyName(pr 
opertyId) + " " + 
propertyVal); 
} 
else 
{ 
println(m_indentation + propertyVal); 
} 
} 
} 
} 
/** 
* Output usage info to STDOUT 
*/ 
public void printUsage() 
{ 
System.out.println(""); 
System.out.println("Jdapi Form Dumper Utility"); 
System.out.println("Valid arguments:"); 
System.out.println("-a : dump all properties, not just overridden ones"); 
System.out.println("-b : dump boolean properties"); 
System.out.println("-n : dump numeric properties"); 
System.out.println("-t : dump text properties"); 
System.out.println("-p : dump property names, not just values"); 
System.out.println("-o : file path to output to"); 
} 
/** 
* Main method 
*/ 
public static void main(String[] args) 
throws Exception 
{ 
FormDumper dmp = new FormDumper(); 
for (int i = 0; i < args.length; i++) 
{ 
dmp.dumpForm(args[i]); 
} 
System.out.println(""); 
System.out.println("Dumps complete"); 
System.out.println(""); 
} 
} 

41.3.3 Changes and workarounds affecting the number of characters that can be typed into an item

The following information must be added to Oracle Forms Builder online help.

  1. When a form is created using the Form builder (frmbld), the item property Query Length defaults to zero. When the form was compiled in releases prior to 11g, this value (zero) caused the Query Length to default to the value of the Maximum Length property. In Oracle Forms 11g, the Query Length defaults to two plus the value of the Maximum Length property. If the behavior of prior releases is desired, then you must set the environment variable FORMS_QUERY_LENGTH_DELTA to '0' when the form is compiled.

  2. The DATE format masks determine the number of characters that can be typed into a text item or combo box. In general, this number is the maximum of the number of characters required for the "output" format mask and for any allowable "input" format mask. Refer to "About Format Elements for Dates" for information about how "input" and "output" format masks are selected for a combo box, or for a text item whose format mask is not set. Note that the FORMS_USER_DATE_FORMAT or FORMS_USER_DATETIME_FORMAT environment variable may specify multiple input format masks. Also note that for any input format mask that does not contain FX, alternate format masks are also allowable, as documented in "String-to-Date Conversion Rules" in section "Format Models" in the SQL Reference in the Oracle Forms Builder Online Help.

    Note one exception to the rules spelled out above. The behavior described in "String-to-Date Conversion Rules" allow a fully spelled-out month to be entered in place of a numeric month (MM form mask element) or abbreviated month (MON form mask element). However, in this case, the number of characters that can be typed into a text item or combo box allows only enough room for an abbreviated month.

    Prior to 11gR1, input DATE format masks were not taken into account. In 10gR2 (10.1.2), the number of characters the end user was allowed to type into a DATE item was determined solely from the output format mask. In Forms 6i (6.0.8), the Maximum Length property of the DATE item was also taken into account.

Workarounds

The changes in behavior documented above may affect users who have set the Auto-Skip property for a DATE item. The end user may now be allowed to type more characters into a specific DATE item, in which case auto-skip will not occur in cases where it did occur prior to 11gR1. To ensure that auto-skip occurs, add the FX modifier to the format mask that will be used for the item, for example, FXYYYY/MM/DD. If there is no item-specific format mask (that is, no format mask is set either in the item's property palette or programmatically), then the item's format mask will be derived from environment variables. The FORMS_USER_DATE_FORMAT and FORMS_USER_DATETIME_FORMAT environment variables are recommended as they take precedence over any NLS environment variables that might affect DATE format masks.

Note that specifying the FX modifier will disallow the alternate format masks that are documented in "String-to-Date Conversion Rules" in section "Format Models" of the SQL Reference. Also note that the FORMS_USER_DATE_FORMAT and FORMS_USER_DATETIME_FORMAT environment variables can explicitly specify alternate format masks, separated by vertical bars, for example, FXDD-MON-YYYY|FXMON-DD-YYYY. [If the FORMS_OUTPUT_DATE_FORMAT and FORMS_OUTPUT_DATETIME_FORMAT environment variables are not set, the output format masks are derived from the first format mask specified in each of the FORMS_USER_DATE_FORMAT and FORMS_USER_DATETIME_FORMAT environment variables.]

PKr9+ssPK.V_EOEBPS/partpage_im.htm Oracle Identity Management PK  PK.V_E OEBPS/soa.htm : Oracle SOA Suite, Oracle BPM Suite, and Common Functionality

25 Oracle SOA Suite, Oracle BPM Suite, and Common Functionality

To view the latest known issues associated with Oracle SOA Suite, BPM Suite, and related SOA technologies, go to Oracle Technology Network (OTN) at http://www.oracle.com/technetwork/middleware/docs/soa-aiafp-knownissuesindex-364630.html. These known issues documents include the following products:

  • Oracle Adapter for Oracle Applications (Oracle E-Business Suite Adapter)

  • Oracle AIA Foundation Pack

  • Oracle Application Adapters for Oracle WebLogic Server

  • Oracle Application Server Legacy Adapters

  • Oracle B2B

  • Oracle BPEL Process Manager

  • Oracle Business Activity Monitoring

  • Oracle Business Process Management

  • Oracle Business Rules

  • Oracle Complex Event Processing

  • Oracle Enterprise Repository

  • Oracle Human Workflow

  • Oracle Mediator

  • Oracle Service Bus

  • Oracle SOA Suite and Oracle BPM Suite Common Functionality

  • Oracle Technology Adapters

PKʪK PK.V_EOEBPS/oaam.htm Oracle Adaptive Access Manager

28 Oracle Adaptive Access Manager

This chapter describes issues associated with Oracle Adaptive Access Manager. It includes the following topics:

28.1 General Issues and Workarounds

This section describes general issues. It includes the following topics:

28.1.1 OAAM Sessions is Not Recorded When IP Address from Header is an Invalid IP Address

OAAM sessions were not recorded for some header-based IP addresses.

Header based IP addresses are not accepted by default. To enabled the reading of IP addresses from the header, set vcrypt.tracker.ip.detectProxiedIP to true. When header IP addresses are enabled, only valid IP addresses are used. If the header contains an invalid IP address, the actual request IP address is used.

28.1.2 Checkpoint Boxes in Session are Displayed with Same Timestamp

The same timestamp is displayed in Checkpoint boxes in the Session Details page when multiple transactions are triggered in the same session. This bug has been fixed for OAAM Online.

28.1.3 Autogenerated Agent Cases Display User Specific Data

When an OAAM Agent Case is autogenerated from a Configurable Action, the User Details pane is populated with details of the user for the session where the case was created. An autogenerated Agent case should not contain user-specific data. Only Escalated Agent cases should display user details since they are the only cases specific to a single end user.

28.2 Policy Management Issues and Workarounds

This section describes policy management issues and workarounds. It includes the following topics:

28.2.1 Rule Condition Check Current Transaction Using the Filter Conditions Cannot Be Configured for Corresponding Attributes of Two Entity Instances

When two instances of an entity are associated to an OAAM Transaction and a filter condition is set up to compare an attribute of one entity instance with the corresponding attribute of the other entity instance, the OAAM Administration Console can only configure a comparison between the same attribute instead of a comparison between the different attributes.

For example:

Two instances of the Address entity are associated with a Transaction, one with the instance name BillingAddr and another with the instance name ShippingAddr. If the user configures Check Current Transaction using the filter condition to compare Billing.line1 with ShippingAddr.line1, after saving the rule, the OAAM Administration Console always shows the instance --- line1 of BillingAddr in the dropdown for the attribute the user wants to compare and the dropdown for the attribute the user is comparing to.

28.2.2 Rule Condition to Check Consecutive Transactions Fails Entity Check

The rule condition TRANSACTION: Check if consecutive Transactions in given duration satisfies the filter conditions does not trigger. The condition returns False and the entity check fails with exceptions in the debug log.

28.2.3 Exclude IP List Parameter for User and Device Velocity Rule Conditions

The Exclude IP List parameter was added to the following conditions:

  • Device: Velocity from last login

  • User: Velocity from last login

This parameter allows you to specify a list of IP addresses to ignore. If the user's IP address belongs to that list, then this condition always evaluates to false and no action and/or alert is triggered. If the user's IP address is not in that list or if the list is null or empty, then the condition evaluates the velocity of the user or the device from the last login. If the velocity of the user or the device from the last login is more than the configured value in the rule, the condition evaluates to true and the condition is triggered.

28.2.4 OAAM Offline Displays Only the Last Rule Executed Overwriting Previous

When multiple transactions are run in the same session, only the rule triggered for the last transaction is displayed in OAAM offline. The rules from the previous transactions are overwritten. To fix this bug, you must apply the patch and update the database schema.

28.2.5 User: Check First Login Time Rule Condition Always Triggers

The User: Check first login time condition returned the same value regardless of when the user logged in.

28.3 Transaction Issues and Workarounds

This section describes OAAM Transaction issues. It includes the following topics:

28.3.1 OAAM Displays Only the Last Rule Executed and Overwrites Previous Rules

When multiple transactions are triggered in the same session which result in multiple alerts and policies execution, OAAM displays only the most recent alerts and policies triggered and overwrites the alerts and policies from previous transactions.

28.3.2 OAAM Shows Only 25 Transactions in Session Details

When there are more than 25 data elements configured for a transaction, the Session Details displays only transaction details for the first 25 items. The page has no scroll bars for scrolling.

28.3.3 Alerts Are Not Displayed Beyond 25 Transactions

Alerts are not visible for transactions beyond the 25th. If there are more than 25 checkpoint boxes containing alerts, they are not visible in the Session Details, although the data is seen in the database.

28.3.4 OAAM Transaction Cannot Be Created with Numeric Parameter of More than 16 Digits

If a user defines any numeric value more than 16 digits in a transaction field, the transaction creation fails with the error on the server of ORA-01438: value larger than specified precision allowed for this column.

28.3.5 Transactions in Session Details Duplicated After 25

Transactions listed in Session Transactions section of Session Details are duplicated after 25 transactions in a session.

28.3.6 Transaction ID Association with Alert Does Not Work

Transaction ID association with Alert is not working even after passing transactionId in processRules API. The bug has been fixed for the server-side.

28.3.7 OAAM Console Does Not Display Transaction Status

Transaction status needs to be displayed in the Transaction Details page so that the Fraud team will be able to see if a transaction was attempted but did not complete. This provides information on both the behavior of customers and fraudsters and also of the functioning of the rules. The Fraud team does not believe they can do their job effectively if they cannot tell the transaction status. The workaround is to display the status value for each transaction on the Session Transactions panel along with Name, Transaction Id, Description, and Timestamp. The value displayed would be mapped from the property tracker.transaction.status.enum (e.g. 1=Success, 99=Pending).

28.3.8 Transaction Mapping Substring Error for First Character Value

When the user performs a transaction mapping of the type SubString, the first character of the value is missing from the mapping result because the oaam.transaction.mapping.startindex.min property was set to 1. Setting the property to 1 starts the substring operation from the second character of the string. A fix has been made so that this property is assigned to 0 so that the substring operation starts from the first character of the string.

28.3.9 Update Time for Entity Is Updated Without Any Change in Entity Data

When using an entity that is mapped to a Transaction Definition in a transaction, the entity's update time is updated by the OAAM Server even if no changes were made to the entity data (other fields are not updated). Database performance is impacted when this occurs.

28.4 Knowledge-Based Authentication Issues and Workarounds

This section describes Knowledge-Based Authentication issues. It includes the following topics:

28.4.1 Registration Logic Page Does Not Display KBA Logic

The KBA Registration Logic page does not display KBA Logic (Question per menu, Categories per menu, Number of questions the user will register) because the previous out of the box snapshot did not contain the properties for the KBA Registration Logic page. The patch fixes this problem. To effect this fix, the new out of the box snapshot file (oaam_base_snapshot.zip) needs to be imported. Note that importing this file will overwrite the existing content in the server.

If you do not want to import the snapshot file, but want to fix the registration logic related issue, you can create the following properties (with default values as shown):

challenge.question.registration.groups.categories.count=5
challenge.question.registration.groups.count=3
challenge.question.registration.groups.minimum.questions.per.category.count=1
challenge.question.registration.groups.questions.count=5

The patch also fixes the policy overrides in such a way that when the user fails the OTP challenge, the challenge does use KBA as a fallback. If you do not want to overwrite the contents but just import the newer policies, you can import oaam_policies.zip as a policies import. Importing the policies does not fix the registration logic related bug.

28.4.2 Answer Logic Abbreviation Resource Was Not Used

Answer Logic checks if the answer provided by the user matches closely to the ones provided during registration. Answer Logic relies abbreviations.

An updated Answer Logic abbreviations resource bundle is available in OAAM 11.1.1.5. In the new resource bundle, the following are considered a match:

Registered AnswerGiven Answer

Missus

Mrs

Mister

Mr

Sergeant

Sgt

Mrs

Missus

Mr

Mister

Sgt

Sergeant


28.4.3 Update KBA for FFIEC Compliance

The following KBA questions from previous releases were deleted from the kba_questions.zip (English) file and oaam_base_snapshot.zip file for Federal Financial Institutions Examination Council (FFIEC) compliance:

Children Category

Delete or deactivate the following 10 questions:

  • What year was your oldest child born?

  • What year did your oldest child start school?

  • What year did your youngest child start school?

  • What is your eldest child's middle name?

  • What is the first name of your youngest child?

  • What year was your youngest child born?

  • What is the first name of your oldest child?

  • What is your youngest child's birthday?

  • What is your youngest child's middle name?

  • What is your oldest child's birthday?

Education Category

Delete or deactivate the following 18 questions:

  • What year did you graduate from high school?

  • What year did you graduate from junior high school?

  • What city was your high school in?

  • What were your college colors?

  • What year did you graduate from grade school?

  • What was the mascot of your college?

  • What were your high school colors?

  • What was the mascot of your high school?

  • What is the name of a college you applied to but did not attend?

  • In what city was your first elementary school?

  • What year did you start high school?

  • What year did you start junior high school?

  • What year did you start grade school?

  • What year did you graduate from college?

  • What year did you start college?

  • What was your major in college?

  • What was the first school you ever attended?

  • What city was your college in?

Miscellaneous Category

Delete or deactivate the following 2 questions:

  • What is the first name of your closest childhood friend?

  • What is your height?

Parents, Grandparents, Siblings Category

Delete or deactivate the following 17 questions:

  • What year was your father born?

  • What is your father's birthday?

  • What is your oldest sibling's nickname?

  • In which city was your father born?

  • In which city was your mother born?

  • What is your parent's current street address number?

  • What is your parent's current street name?

  • What is your youngest sibling's nickname?

  • What is your parent's current ZIP code?

  • What year was your mother born?

  • What are the last 4 digits of your parent's phone number?

  • What is your maternal grandmother's first name?

  • What is your paternal grandmother's first name?

  • What is the first name of your youngest sibling?

  • What is your paternal grandfather's first name?

  • What is your mother's birthday?

  • What is the first name of your eldest sibling?

Significant Other Category

Delete or deactivate the following 18 questions:

  • Where did you go on your honeymoon?

  • What year did you get married?

  • What year was your significant other born?

  • What is your significant other's birthday?

  • What date is your wedding anniversary?

  • In what city did you meet your spouse for the first time?

  • What city was your significant other born in?

  • What is the first name of your significant other's mother?

  • What is the first name of your significant other's father?

  • What is the last name of your significant other's eldest sibling?

  • What is the first name of your significant other's youngest sibling?

  • What high school did your significant other attend?

  • What was the last name of your best man or maid of honor?

  • What was the first name of your best man or maid of honor?

  • Name of the place where your wedding reception was held.

  • What is your spouse's nickname?

  • What state was your significant other born in?

  • What is the last name of your significant other's youngest sibling?

Sports Category

Delete or deactivate the following 4 questions:

  • What is the mascot of your favorite sports team?

  • What are the colors of your favorite sports team?

  • What team is the biggest rival of your favorite sports team?

  • What is your all time favorite sports team?

Your Birth Category

Delete or deactivate the following 9 questions:

  • What is the ZIP code where you grew up?

  • Who was the US President when you were born?

  • How old was your father when you were born?

  • How old was your mother when you were born?

  • What is the name of the hospital you were born in?

  • What is the ZIP code of your birthplace?

  • What is the holiday closest to your birthday?

  • What state were you born in?

  • What city were you born in?

28.4.4 Closing Browser on Image and Security Phrase Registration Page

If the user tries to register his security image and phrase for the first time and during the process, he closes his browser window on the registration and user preferences pages or returns to the login page, the last image and phrase presented are accepted as the default even if he has not explicitly chosen them by clicking the Continue button.

A fix has been made so that the image and phrase registration only saves the image and phrase after the user clicks Continue on the registration and user preferences pages.

28.4.5 OAAM Change Password Does Not Display Any Validation for Password Fields

The OAAM Change Password page in an OAAM and OIM integration does not display any validation for the Password field. The issues are as follows:

  • If the user does not enter a password, but clicks Submit, there is no validation that the fields are empty

  • If the user enters a new password and then the confirmation password, the password is accepted regardless of whether they are the same or different

  • If the user changes his password, the old password is not validated to confirm that it is correct

28.4.6 ORA-01722 Occurs During KBA Update

An ORA-01722 error can occur when adding a new challenge question.

28.4.7 Registered Questions Are Deleted and Subsequent Challenge Does Not Succeed

If a user's question set contains a deleted question and/or if a user's registered questions contain a deleted question and/or if the KBA registration logic is out of alignment with the user's registered questions and question set (the number of questions/categories and so on), when the user tries to update his question set but cancels or closes the browser window or the session times out without saving, that user's existing questions are deleted from the database. The subsequent challenge does not succeed as the existing questions have been deleted.

This issue has been fixed so that now if a user's registered questions have been deleted in the process of resetting the questions, the user will be asked to re-register new ones on the next login.

28.5 Integration Issues and Workarounds

This section describes OAAM integration issues. It includes the following topics:

28.5.1 setupOAMTapIntegration.sh Does Not Set oaam.uio.oam.secondary.host.port

The setupOAMTapIntegration.sh script does not set the secondary OAM host information (oaam.uio.oam.secondary.host.port value) during the configuration of Oracle Adaptive Access Manager for the Oracle Access Manager and Oracle Adaptive Access Manager integration. The workaround is to set the property value through the property editor.

28.5.2 OAAM Does Not Support Juniper Single Sign-On for Authentication and Forgot Password Flow

The OAAM Authentication flow is not invoked when integrated with Juniper SSL. With invoking OAAM, the integration can detect fraud and determine risk during the authentication flow and accordingly strongly authenticate the user using OAAM capabilities like Challenge, Block, and other actions. The Juniper SSL and OAAM integration flow should be as follows:

  1. The user tries to access a web application or URL that is secured by Juniper SSL, and Juniper SSL detects whether the user is authenticated or not.

  2. If the user is authenticated then he is allowed to proceed to the web application.

  3. If the user is not authenticated, he is redirected to the OAAM Server. The OAAM Server displays the User ID page and prompts the user to enter his User ID. Once the user enters his User ID, OAAM evaluates the Pre-Authentication checkpoint policies and checks to see if the user has to be blocked.

  4. OAAM then checks to see if the user has registered for an Authentication Pad. If so, it displays the registered Authentication Pad, otherwise it displays a generic text pad.

  5. OAAM Server displays the Password page with the Authentication Pad and prompts the user to enter his password. Once the password is entered, it is validated against the user store (the user store can be LDAP, Active Directory, or any active user store). It also identifies the device by running the device identification process.

  6. If the credentials are incorrect then OAAM displays an error page and asks the user to enter his credentials again.

  7. If the credentials are correct then OAAM evaluates Post-Authentication checkpoint policies. Based on the outcome oo f the policy OAAM might challenge or block the user.

  8. If the outcome of Post-Authentication is ALLOW then OAAM determines if the user has to be registered. Based on the types of registration, OAAM takes the user through registration pages.

  9. If the outcome of Post-Authentication is CHALLENGE and if the user is already registered for at least one of the challenge mechanisms, OAAM challenges the user. If the user is able to answer the challenge then he would be allowed to continue to the next step. As the next step OAAM fetches the user attributes from the user store and then creates the SAML response, signs it and then it posts to the Juniper SSL redirection URL. Juniper SSL then takes control, validates the SAML payload, and lets the user access the web application.

  10. If the outcome of Post-Authentication is BLOCK then user would be blocked and he would not be able to access the web application.

28.5.3 Step Up Authentication Changes

The Step Up Authentication feature is available with OAAM. Step Up Authentication allows users who have been authenticated by OAM at a lower level to access resources protected by OAAMTAPScheme configured at a relatively higher authentication level. When the user tries to access a protected resource that is configured at a higher level, OAAM runs policies to determine how to further authenticate the user so as to gain the required level of authentication needed for access to the protected resource. The user is not taken to the normal login flow since he is already authenticated.

The property to disable/enable Step Up Authentication mode in TAP Integration: By default the Step Up Authentication mode is enabled. However if you want to disable this feature, then set property oaam.uio.oam.integration.stepup.enabled as false.

Change in behavior for the end user: For an end user using the Access Manager-OAAM TAP Integration, the change in behavior is as follows:

If a user has already been authenticated by Access Manager and he tries to access a resource protected under TAPScheme with OAAM as the TAP partner, the user is not taken to the OAAM login flow (since the user is already authenticated). However, OAAM runs its fraud detection policies and might ask challenge questions or block the user depending on the risk evaluated by the policies.

28.5.4 TAP: Incorrect Error Message

In Access Manager-OAAM TAP integration, when an incorrect user name or password is supplied, OAAM shows following error:

There was some technical error processing your request.   Please try again

The patch fixes this problem: the error message now indicates an invalid user name or password error instead of a technical error.

28.5.5 OAAM 11g SOAP Timeout Exception Handling

The client calling Web services is not getting exceptions for timeouts. As a result the client cannot handle SOAP timeouts in a proper way because it cannot determine whether the exception is a SOAP timeout or any other faults. A fix has been implemented so that a specific error code for timeouts is passed to the client. The client can therefore handle the fault per the information contained in the exception.

The method handleException() has introduced a class VCryptSOAPGenericImpl which can be overridden to include more error codes based on business requirements. Currently it has been set for soaptimeout errors:

protected String handleException(String requestName, Exception ex, String resultXml) {

28.5.6 OAAM Should Call UserManager.Unlock() in the Forgot Password Workflow

In the Forgot Password flow executed by OAAM in an Oracle Identity Manager and Access Manager integration, the user is not unlocked when he changes his password. When OAAM executes the changePassword() API, Oracle Identity Manager does not automatically unlock the user.

The following steps are needed to enable automatic unlocking of the user on the Oracle Identity Manager side when OAAM executes the changePassword () API during the Forgot Password flow:

  1. Log in to the OAAM Administration Console.

  2. In the navigation pane, click Environment and double-click Properties. The Properties search page is displayed.

  3. Set oaam.oim.passwordflow.unlockuser to true.

    By default this property value is set to false. By setting this property to true OAAM will call the unlock API of Oracle Identity Manager in the Change Password task flow.

28.6 Reporting Issues and Workarounds

This section describes OAAM BI Publisher reports and Sessions issues and workarounds. It includes the following topics:

28.6.1 Alert Message Link in Session Details Page Does Not Open the Alert Details

When the user tries to access an alert details page from an alert message link in the Session Details page, the page fails to open.

To work around this issue, use the alert message link on the Session Search page.

28.6.2 OAAM Rules Breakdown Report Does Not Provide Correct Information

The BI Publisher Rules Breakdown report does not give a summary of the rules which have been triggered by the checkpoint and policy. The values given are not complete or accurate.

For the report to work, run the following script:

create or replace view OAAM_FIRED_RULES_VIEW as (

select actionMap.create_time, ruleMaps.rule_map_id, actionMap.request_id,

actionMap.runtime_type,

sessions.user_id, sessions.node_id, actionMap.action_list

from (select substr(attr_name, 7) ruleInstanceId, case when

length(trim(translate(attr_value, '+-.0123456789', ' '))) is null then

CAST(attr_value AS NUMBER(16)) else null end rule_map_id, fprint_id from

v_fp_map where attr_name like 'RLD_ID%') ruleMaps

inner join vt_session_action_map actionMap on actionMap.rule_trace_fp_id =

ruleMaps.fprint_id

inner join vcrypt_tracker_usernode_logs sessions on sessions.request_id =

actionMap.request_id

inner join (select substr(attr_name, 11) ruleInstanceId, case when

length(trim(translate(attr_value, '+-.0123456789', ' '))) is null then

CAST(attr_value AS NUMBER(16)) else null end attr_value, fprint_id from

v_fp_map where attr_name like 'RLD_STATUS%') ruleStatus

on ruleStatus.ruleInstanceId = ruleMaps.ruleInstanceId and

ruleStatus.fprint_id = ruleMaps.fprint_id

where ruleStatus.attr_value=1

union select ruleLogs.create_time, ruleLogs.rule_map_id,

policySetLogs.request_id, policySetLogs.runtime_type,

userNodeLogs.user_id, userNodeLogs.node_id, ruleLogs.action_list

from VR_RULE_LOGS ruleLogs

inner join VR_MODEL_LOGS modelLogs on ruleLogs.MODEL_LOG_ID =

modelLogs.MODEL_LOG_ID

inner join VR_POLICY_LOGS policyLogs on modelLogs.POLICY_LOG_ID =

policyLogs.POLICY_LOG_ID

inner join VR_POLICYSET_LOGS policySetLogs on policyLogs.POLICYSET_LOG_ID =

policySetLogs.POLICYSET_LOG_ID

inner join VCRYPT_TRACKER_USERNODE_LOGS userNodeLogs on

policySetLogs.REQUEST_ID = userNodeLogs.REQUEST_ID

where ruleLogs.status=1);

commit;

28.7 Configuration Issues and Workarounds

This section describes the following configuration issues and workarounds:

28.7.1 Oracle Linux 6 (OEL6) with the Unbreakable Enterprise Kernel (UEK), Oracle Linux 6 (OEL6) with the Red Hat Compatible Kernel, and Red Hat Enterprise Linux 6 (RHEL6) Certification

OAAM is certified on Oracle Linux 6 (OEL6) with the Unbreakable Enterprise Kernel (UEK), Oracle Linux 6 (OEL6) with the Red Hat Compatible Kernel, and Red Hat Enterprise Linux 6 (RHEL6). Note that OAAM 11g is certified on Oracle Linux 6 but during the installation of Oracle Identity Management (Oracle IdM), the user will see an alert message during the pre-requisite check. This error does not impact the installation and can be ignored. The user can click OK to continue the installation.

Bug 15833450 OAAM 11.1.1.5 is certified on Oracle Linux 6 (OEL6) with the Unbreakable Enterprise Kernel (UEK), Oracle Linux 6 (OEL6) with the Red Hat Compatible Kernel, and Red Hat Enterprise Linux 6 (RHEL6).

28.7.2 Database Archive and Purge Scripts Missing from Installation

Case and monitor data purge scripts are missing from the oaam_db_purging_scripts.zip file.

For purging case data, the following scripts need to be included:

  • create_case_purge_proc.sql

    The create_case_purge_proc.sql script is required to set up the archive and purge routines for the Oracle database.

  • exec_sp_purge_case_data.sql

    The exec_sp_purge_case_data.sql is required to perform the archive and purge of case data.

For purging monitor data, the following scripts need to be included:

  • drop_monitor_partition.sql

    Customers who are using the Oracle table partitioning option and have no reporting database should run the drop_monitor_partition.sql script before setting up purging routine for monitor data.

  • exec_v_monitor_purge_proc.sql

    The exec_v_monitor_purge_proc.sql script calls the stored procedures to archive and purge data from device fingerprinting tables.

  • create_v_monitor_purge_proc.sql

    The create_v_monitor_purge_proc.sql script creates the V_MONITOR_DATA_PURGE table and the stored procedure SP_V_MON_DATA_PURGE_PROC to archive and purge data from the transaction table.

28.7.3 Juniper Login Fails Due to Incorrect CN Value and No UID Attribute in SAML Response

After successful authentication, OAAM obtains the user attributes from the user store and sends user attributes in a SAML assertion to Juniper. Juniper is set up to look for attributes to read from the SAML assertion to match the user in its repository. Then it logs the user in to the requested target page or web application.

In this bug, the user is unable to log in to Juniper via OAAM because Juniper fails to identify the user. OAAM did not fetch the correct cn (common name) value and it did not set the uid (User ID) attribute in the SAML response.

28.8 Customer Care Issues and Workarounds

This section describes customer care and investigation issues. It includes the following topics:

28.8.1 Investigator Role Overrides CSR Role When Both Roles Are Given to a User

When a user is given both the Investigator and CSR Access roles, the former overrides the access permissions of the latter and the user has only Investigator access and no CSR access. Expected behavior is that a user having both Investigator and CSR access, should be able to perform Investigator and CSR tasks.

28.8.2 Scroll Bars Missing from Some Case Management Screens

Users with low resolution monitors are not able to see details in full in the Case Details page. Details refer to those available based on a user's role. The Case Details page required scroll bars so that a users with low resolution monitors can see all details.

28.8.3 Case Search and Case Details Do Not Display Case Disposition

After an OAAM Agent case is closed with a disposition of Confirmed Fraud, the agent can locate the case by searching by deposition but Confirmed Fraud is not displayed in the Case search page even after adding Disposition as a column to display. When the Case Details page of the same case is opened, the field is empty for Disposition.

28.8.4 Wrong User Attributed for Last Notes Added If Two Users Concurrently Update Case Notes

OAAM allows two agents to concurrently access a case, but if the two agents add notes to the case, OAAM saves both agents' notes; however, the second agent's notes are displayed as having been added by the first agent. Concurrent write access to cases is supported: if two agents are accessing the case at the same time, the second agent is made aware that the case is being worked on by another agent with a warning message. When the second agent continues, he is made the owner of the case. Notes are attributed to the correct agent.

28.8.5 Manually Created OAAM Agent Cases Cannot Be Searched by Username or User ID

When an OAAM Agent Case is autogenerated from the Configurable Action, the User Details panel is populated with user details for the session for which the case was created. When manually creating a case and linking to a session, user details are not populated. Subsequent searches of cases by Username or User ID only locate automatically created cases.

An enhancement has been made so that the Agent case creation page can optionally accept entry of a valid Username and/or User ID if the oaam.customercare.agent.case.allow.userinfo property is set to true. If a Username and/or User ID is entered it is mapped to the Agent case. Agent cases with a mapped Username and/or User ID are searchable by Username and/or User ID. These cases display the mapped user identifier in the Username and/or User ID column on the Cases search page. Only an Agent case that has been escalated from a CSR case displays the User Details section under the Case Details Summary tab.

28.8.6 OAAM Allows Case Ownership Change and Add Notes Actions to Closed Case

After an Agent case is closed, case ownership can still change when accessed by another user. The case owner is changed to the user who accessed the case. OAAM also allows the adding and editing of notes after a case is closed. After an Agent case is closed, no changes should be allowed.

28.8.7 Create Agent Case Configurable Action Displays Wrong Name for Action

When a Configurable Action triggers the Create Agent Case action, it is displayed as Add to IP Watch list for both the Name and Description of the action when it is added to an Action group.

28.8.8 KBA and OTP Failure Counter Reset and Unlock

Challenge failure counters are not displayed on the CSR Case Details as in the details pages. Failure counters should be displayed for KBA and OTP as well as for new or custom challenge processors. Also, the Reset action does not reset all the counters. An Unlock action should reset all counters (KBA and OTP). The following should occur for counters when the Unlock action is performed:

  • Unlocking KBA resets the KBA and OTP failure counters to 0

  • Unlocking OTP resets the KBA and OTP failure counters to 0

The following actions should occur for failure counters when the Reset action is performed:

  • Resetting KBA resets KBA and OTP failure counters to 0. The user will be required to register challenge questions again

  • Resetting CSR KBA resets KBA and OTP failure counters to 0. The user will be required to register challenge questions again

  • Resetting OTP resets KBA and OTP failure counters to 0. The user will be required to register OTP again

The following enhancements have been made:

  • OAAM Admin Console Case detail and details pages display failure counter, registration, and other information for KBA, OTP, and other custom challenge mechanisms

  • OTP failure counters from different channels consolidate failures. For example, if multiple channels are used, the OTP status displays Locked if the combined OTP counters are above the threshold. So, if the user fails SMS twice and Email once and threshold is 3, they are locked using the consolidated OTP counter

  • The Reset action resets all challenge failure counters

  • The Unlock action is consolidated into an Unlock User action instead of separate actions for unlocking KBA and OTP. The Unlock User action resets all failure counters

  • User name is displayed on the Case Details tab instead of or along with Case ID

  • The Threshold value for failure counter can be set in the rule condition, User: Challenge Channel Failure.

28.9 Performance Issues and Workarounds

This section describes performance issues. It includes the following topic:

28.9.1 Out of Memory Error Occurs Scrolling through Sessions Search in OAAM Admin

Scrolling up and down on the Session search page may pass an empty or null input list, which may result in retrieving millions of rows from the database, causing the error, java.lang.OutOfMemoryError:GC overhead limit exceeded.

28.10 Device Fingerprinting Issues and Workarounds

This section describes device fingerprinting issues. It includes the following topic:

28.10.1 Errors Occur When Custom Locale is Used in OAAM .NET

When the .Net API is used to generate a browser fingerprint that uses a custom locale as part of the login flow, an error occurs: Culture ID 4096 (0x1000) is not a supported culture.\r\nParameter name: culture. The issue occurs when the application is using a custom culture because locale is registered with the Microsoft .NET framework and when the OAAM .NET API classes try to construct the CultureInfo from the LCID that came into the HttpSession, an exception occurs because of the Microsoft .NET framework. The workaround is to change the oaam/src/dotNET/Bharosa/vCrypt/Common/Util/HttpUtil.cs line 162 from CultureInfo ci = new CultureInfo(context.Session.LCID); to CultureInfo ci = new CultureInfo(context.Current.Request.UserLanguages[0]);

This causes .NET to look up the locale by the name of the locale instead of by the LCID.

28.11 Geolocation Data Loader Issues and Workarounds

This section describes geolocation loader issues. It includes the following topics:

28.11.1 Upload of Geolocation Data Causes Unique Constraint Violation

When reloading the same location data file, or loading an updated location data file, the data would be loaded correctly, but the log file would show numerous warnings about unique constraint violations which degrades performance.

28.11.2 IP Location Data Loader Fails If There is a Blank Line in the File

The OAAM data loader fails to load IP location data if a blank line is in the data file and does not report the line number. The expected result is for the OAAM data loader to skip the blank line and display a warning message that include the line number.

You can work around this issue by opening the IP location data file, removing the blank line, and saving the file. This issue will be fixed in a future release.

28.12 Multi-Language Support Issues and Workarounds

This section describes multi-language support issues and limitations. It includes the following topics:

28.12.1 Session or Cases Page Cannot Open if Browser Language is Italian

When the browser language is set to Italian, the user cannot open pages with calendars in the OAAM Administration Console, such as the Session or Cases page. A pop-up window with the following error message is displayed:

java.lang.IllegalArgumentException:
Illegal pattern character 'g'

28.12.2 Session Search and Case Search By Date Range Does Not Work in OAAM Admin Console When Browser Language is Brazilian Portuguese or Spanish

Searching sessions and cases by date range does not work in the OAAM Administration Console when the browser language is set to Brazilian Portuguese or Spanish. When the user opens the calendar in the Session or Cases page in the Spanish or Brazilian Portuguese locale, the year value is always shown as 1970 and cannot be modified to the correct year. As a result, the search does not work and the expected data cannot be returned in the search results.

PKc>PK.V_EOEBPS/webcenter_sites_rn.htm Oracle WebCenter Sites

23 Oracle WebCenter Sites

This chapter describes issues associated with Oracle WebCenter Sites. It includes the following topics:

23.1 What's New in This Release

WebCenter Sites 11.1.1.8.0 introduces new features focused on ease-of-use for marketing personnel and includes integration with other Oracle products that are part of the digital marketing ecosystem. The new features are:

23.1.1 Support for Mobile-Optimized Websites

Many new capabilities extend WebCenter Sites for use in building mobile-optimized websites:

  • Detection and identification of mobile devices making requests.

  • Device group management, which includes definition of groups with similar characteristics (such as screen size, tablet devices, non-touch devices) to aid with mobile site management.

  • Site plan updates that allow creation of multiple site plans to support delivery of different site navigations to mobile devices.

  • Drag-and-drop assembly of mobile pages.

  • Preview of websites for different mobile devices.

  • In-context editing of mobile pages.

  • Ability to run variations of the website using the same URLs (for example, one website for desktops, one for tablets, and one for smartphones, as opposed to creating a separate 'm.' variation of the site).

  • Ability to manage mobile templates from WebCenter Sites: Developer Tools.

23.1.2 Updates to Content Targeting (Engage Component)

The following new features are included for content targeting:

  • Content Tagging and Content Queries: In the Contributor interface, tags consisting of single words or short phrases can be attached to content. These tags can be placed across different assets types. Content queries can then be written using the tags and other metadata for use in search and in targeted recommendations.

  • New Segment and Recommendation Interface: The Engage Segment and Recommendation interface has been enhanced with an entirely new interface for specifying filtering criteria and allowing for more intuitive creation of site visitor segments. Recommendations can also now be created by use of drag-and-drop functionality.

  • Preview by Segment: After the creation of segments and recommendations within the Engage interface, the website can be previewed in the context of different segments.

  • REST API Updates: The WebCenter Sites REST API has been updated to include APIs to access recommendations.

23.1.3 Marketing-Friendly URL Management (Vanity URLs)

URLs to any asset in WebCenter Sites can now be easily created and managed. Content authors and marketers can do the following:

  • Create short, human readable, easy-to-control URLs that are SEO friendly for any web content. These can be either pattern-based for similar content or contributor defined. URLs could point to any host name, desktop version of the site or a mobile device, specific template and wrapper.

  • Control redirection with specific HTTP status.

  • Auto-generate URLs according to user-defined patterns.


    Note:

    A utility is shipped in the \misc folder of the WebCenter Sites distribution to allow you to apply these changes to existing assets.


  • Generate reports on all URLs managed in the system. Administrators can run queries against these URLs and manage URL cache from System Tools for bulk URL management.

23.1.4 New Integrations

WebCenter Sites includes the following new integrations and features to incorporate assets and capabilities from other products in the digital marketing ecosystem:

  • Proxy Assets Framework: New APIs are included that allow for access to external content from the Contributor interface. External content can therefore be referenced from WebCenter Sites without duplicating or copying the content into WebCenter Sites. Contributors can access that content by using content trees, preview, and search, and then drag and drop the content into slots. A reference integration with YouTube is included to demonstrate access to video content inside the Contributor interface.

  • WebCenter Content Integration: Content items stored in WebCenter Content can be migrated to WebCenter Sites according to a configured attribute mapping. A simple Sync to Sites check box can be selected in WebCenter Content to select which content to copy and to keep it synchronized with WebCenter Sites when the connector runs. Administration tools are included in WebCenter Sites to configure the connector, manage the connector configuration, and monitor the synchronization process.

  • Real-Time Decisions (RTD) Integration: Users can now automate and optimize targeting by combining WebCenter Sites managed segments with the RTD-automated predictive content recommendations engine. This release includes an API to invoke Real-Time Decisions from WebCenter Sites to get recommendations.

23.1.5 AviSports Sample Site Updates

The avisports demonstration website has been updated to include examples of targeting, mobile websites, and workflow.

23.1.6 Platform Updates

Platform updates include support for Oracle HTTP Server (OHS), updated browser support, an update to the CKEditor version (we are now shipping version 3.6.6.1), and a new operating system and application server support for Community-Gadgets. Refer to the Oracle WebCenter Sites Certification Matrix for more information.

23.2 Deprecated Functionality

  • The following functionality is deprecated, starting with the 11.1.1.6.0 release:

    • Mirror publishing. Use RealTime publishing, instead.

    • SOAP-based web services. Use the public REST API.

    • Page Debugger. Use IDE integration for JSP debug capabilities. DebugServlet is not deployed.

  • The following functionality is deprecated, starting with the 11.1.1.8.0 release:

    • Static Publishing

    • Sites Desktop

    • Sites DocLink

23.3 Limitations

23.3.1 Asset Type Name Restrictions

  • All administrative database tables created by WebCenter Sites are prefixed with FW_ (the tables were added after the 7.5 release of FatWire Content Server). Asset types should not be created with a prefix of FW_.

  • The following tables display the asset type names used by WebCenter Sites:

    Table 23-1 lists asset types that are created by default:

    Table 23-1 Default Asset Types

    Default Asset TypeDefault Asset TypeDefault Asset Type

    AdvCols

    AttrTypes

    Collection

    Content Query

    CSElement

    Device

    Device Group

    Dimension

    DimensionSet

    FW_Application

    FW_View

    HFields

    HistoryVals

    Page

    PageAttribute

    PageDefinition

    PageFilter

    Promotions

    Query

    ScalarVals

    Segments

    SiteEntry

    Site Plan

    Slots

    Template

    WebRoot

    --


    Table 23-2 lists asset types that are installed by the avisports sample site:

    Table 23-2 Asset Types in the Avisports Sample Site

    Avisports Asset TypesAvisports Asset TypesAvisports Asset Types

    ArticleCategory

    AVIArticle

    AVIImage

    ContentAttribute

    ContentDef

    ContentFilter

    ContentParentDef

    ImageCategory

    YouTube


    Table 23-3 lists asset types that are installed by the FirstSite II sample site:

    Table 23-3 Asset Types in the FirstSite II Sample Site

    FirstSite II Asset TypesFirstSite II Asset TypesFirstSite II Asset Types

    Content_A

    Content_C

    Content_CD

    Content_F

    Content_PD

    Document_A

    Document_C

    Document_CD

    Document_F

    Document_PD

    FSIIVisitor

    FSIIVisitorAttr

    FSIIVisitorDef

    FSIIVisitorParent

    FSIIVisitorPDef

    Media_A

    Media_C

    Media_CD

    Media_F

    Media_P

    Media_PD

    Product_A

    Product_C

    Product_CD

    Product_F

    Product_P

    Product_PD

    StyleSheet

    --

    --


    Table 23-4 lists names (in alphabetical order) that are reserved for use by WebCenter Sites and must not be assigned to custom asset types:

    Table 23-4 Restricted Names for Asset Types

    Restricted NamesRestricted NamesRestricted NamesRestricted Names

    ActiveList

    AdvCols

    AdvCols_Dim

    AdvCols_DimP

    AdvCols_Extension

    AdvCols_ManRec

    AdvCols_Publish

    AdvCols_SSpec

    AdvCols_Types

    ApprovalQueue

    ApprovedAssetDeps

    ApprovedAssets

    AssetDefaultTemplate

    AssetEditPane

    AssetExportData

    AssetIndexSourceConfig

    AssetListener_reg

    AssetPublication

    AssetPublishList

    AssetQueues

    AssetRelationTree

    AssetStubElementCatalog

    AssetSubtypes

    AssetType

    Assignment

    AssocNamed

    AssocNamed_Subtypes

    CARTSET

    Category

    CCFunction

    CCRoles

    CheckOutInfo

    Collection

    Collection_Dim

    Collection_DimP

    Comparators

    ComplexAssets

    CSElement

    CSElement_Arg

    CSElement_ArgVals

    CSElement_CArgs

    CSElement_Composition

    CSElement_Dim

    CSElement_DimP

    CSElement_Map

    CSElement_Publish

    CSEvents

    DeliveryType

    Desktop

    Dimension

    Dimension_Dim

    Dimension_DimP

    DimensionSet

    DimensionSet_Dim

    DimensionSet_DimP

    DimensionSet_EDim

    DistributionList

    Dtproperties

    ElementCatalog

    EmbeddedReference

    Externalclients

    Extension

    Externalclientsconfig

    Filters

    FlexAssetDef_reg

    FlexAssetTypes

    FlexFilterTypes

    FlexGroupTypes

    FlexGrpTmplTypes

    FlexTmplTypes

    FunctionPrivs

    FW_CSGroups

    FW_CSUserGroups

    FW_SecurityConfig

    FW_UIConfiguration

    Global_Q

    GroupParticipants

    HFields

    HFields_Dim

    HFields_DimP

    HFields_Extension

    HFields_Publish

    HistoryVals

    HistoryVals_Dim

    HistoryVals_DimP

    Include

    IndexSourceMetaDataConfig

    Link

    Link_Dim

    Link_DimP

    Linkset

    Linkset_Dim

    Linkset_DimP

    Locale

    LocaleMap

    LocaleTree

    MenuArgs

    MenuLegalArgs

    MimeType

    MungoBlobs

    ObjectPrivs

    ObjectPublish

    ObjectRegistry

    Page

    Page_Dim

    Page_DimP

    Previewgen

    Promotions

    Promotions_Dim

    Promotions_DimP

    Promotions_Extension

    Promotions_Goals

    Promotions_ManRec

    Promotions_Publish

    PubContext

    PubKeyTable

    Publication

    Publication_Replicate

    PublicationTree

    Publish

    PublishedAssets

    PubMessage

    PubSession

    PubTarget

    PubTarget_Distribution

    PubTarget_Satellites

    PubTarget_Sites

    Query

    Query_Dim

    Query_DimP

    Rank

    Remove

    Replicate

    Replicate_Assets

    Replicate_AssetTypes

    RTInfo

    RuleMap

    RuleSetDef

    SaveSearch

    SaveSearch_Roles

    SaveSearch_Sites

    ScalarVals

    ScalarVals_Dim

    ScalarVals_DimP

    ScalarVals_Extension

    ScalarVals_Publish

    Scratch

    SearchEngineMetaDataConfig

    Segments

    Segments_Dim

    Segments_DimP

    Segments_Extension

    Segments_Publish

    SiteCatalog

    SiteEntry

    SiteEntry_Dim

    SiteEntry_DimP

    SiteEntry_Publish

    SitePlanTree

    Source

    StartMenu

    StartMenu_Roles

    StartMenu_SChoices

    StartMenu_Sites

    StartParticipantChoice

    StartProcessChoice

    StatusCode

    SystemACL

    SystemEvents

    SystemIdGenerator

    SystemInfo

    SystemItemCache

    SystemLocalAlias

    SystemLocaleString

    SystemPageCache

    SystemRemoteAlias

    SystemSatellite

    SystemSeedAccess

    SystemSQL

    SystemTransforms

    SystemUserAttr

    SystemUsers

    Tab

    TempBlobs

    Template

    Template_Arg

    Template_ArgVals

    Template_CArgs

    Template_Composition

    Template_Dim

    Template_DimP

    Template_Map

    Template_Publish

    Template_Subtypes

    Template_Thumb

    Template_TName

    TempObjects

    TNames

    TreeTabs

    TreeTabs_Items

    TreeTabs_Roles

    TreeTabs_Sect

    TreeTabs_Sect_Roles

    TreeTabs_Sect_Sites

    TreeTabs_Sites

    Type

    UITag

    UITagItem

    UIUserLoggedInDetails

    UnassignedObjects

    UserPublication

    VMACCESSKEY

    VMACCESSMETHOD

    VMATTRIBUTECATEGORY

    VMHISTORYATTRIBUTEDEF

    VMHISTORYATTRIBUTEFIELD

    VMHISTORY

    ATTRIBUTEFIELDDEF

    VMSCALARATTRIBUTEDEF

    VMVISITOR

    VMVISITORSCALARBLOB

    VMVISITORALIAS

    VMVISITORSCALARVALUE

    Any name that starts with VMz

    Workflow

    Workflow_ARols

    Workflow_Assets

    Workflow_DlgA

    Workflow_Roles

    Workflow_Sites

    Workflow_TActs

    WorkflowAsgAction

    WorkflowAsgsActions

    WorkflowConditions

    WorkflowDlgActions

    WorkflowDlkActions

    WorkflowGroups

    WorkflowGroups_Dlock

    WorkflowGroups_DRoles

    WorkflowGroups_ERoles

    WorkflowGroups_Sites

    WorkflowGrp Actions

    WorkflowObjects

    WorkflowObjsAction

    WorkflowParticipants

    WorkflowProActions

    WorkflowRoutes

    WorkflowRoutes_Comp

    WorkflowRoutes_Cond

    WorkflowRoutes_Dead

    WorkflowStatusCode

    WorkflowStatusCode_TActs

    WorkflowStpActions

    WorkflowSubject

    --

    --

    --


  • For a given database, the name of a flex asset type must have ten characters less than the maximum number of characters that are allowed for database table names.

  • For a given database, the name of a basic asset type must have five characters less than the maximum number of characters that are allowed for database table names.

  • Attributes "Start Date" and "End Date" are reserved, as WebCenter Sites uses them for out-of-the-box asset types. They should not be used in user-created AssetMaker assets.

23.3.2 API

  • Dynamic loading of new DataSource using the loadproperty tag is not supported.

  • When the Asset API is used in a standalone application and called from the main method, it does not automatically terminate after the Asset API call is complete (unlike other Java applications). The reason is that Asset API behaves like another cluster member of WebCenter Sites and boots up all the events in the background. To terminate, code should call System.exit(0)

23.3.3 Browser Support

23.3.4 BulkLoader and BulkApprover

  • Without validation, the utility ignores versioning of content. With validation, if the content type is under versioning, it will not update the content.

  • Page cache is not flushed by BulkLoader. Because page cache is persistent, the cache should be cleared prior to running BulkApprover.

  • Using BulkApprover requires running WebCenter Sites, as it is implemented via WebCenter Sites tags.

  • Flex filters are not fired (for example, FieldCopier).

  • BulkLoader does not support BLOBs. For this, you should use XMLPost.

  • Start and End date cannot be specified nor configured for bulk transferred assets using BulkLoader.

  • BulkLoader should not be executed while WebCenter Sites is running.

  • When assets are added using BulkLoader, the assets will not be indexed in Lucene. You will need to re-index after import.

  • Running multiple BulkLoader instances is not recommended unless it is performing the same operations for example, all insert or all update and multiple source tables do not refer to the same asset. Doing so will cause data corruption.

  • BulkApprover will not update the PubAsset table to reflect the publish status after running Approve and Mark Publish.

23.3.5 CatalogManager

  • If revision tracking is enabled for an object table, and you delete the table using CatalogManager, WebCenter Sites continues to treat the table as revision tracked.

  • WebCenter Sites allows the value in the tablename column in the SystemSQL table to be null. However, for ResultSet caching to work properly, this value must be specified.

  • You cannot log in to WebCenter Sites if your user name has the "id" value of an existing user in the SystemUsers table. For example, DefaultReader has an ID value of 2. If you create a user with the username "2," that user cannot log in.

23.3.6 CatalogMover

CatalogMover does not export from columns that hold BLOBS. For example, a table is created with a column using the data type specified by the property cc.blob. An image is uploaded to the table. When CatalogMover exports the row, the image is not written to the export data.

23.3.7 Collection

Modifying the rank of assets in a collection that has been previously approved does not put the collection into the approval queue, even after rebuilding.

23.3.8 Content Tags

Newly added tags appear in search results only after a refresh.

23.3.9 Contributor Interface

  • Use of the browser back button is not supported in this release.

  • Approval and Delete listing screens shows references based on evaluation of the layout template. If the layout template execution fails for any reason, the assets presented in the tables may not be correct.

  • Page Layout allows for multiple levels of nested slots. However, the slot properties are only for the first two levels. The tool allows drag-and-drop to multiple levels.

  • Drag-and-drop in the Contributor interface will not work if the page uses an iFrame.

  • Clarkii Image Editor is not supported in Web Mode.

  • Changing device views in Web Mode will not retain unsaved changes.

  • The Contributor interface does not support multi-selection of items in docked search mode.

  • Use of Internet Explorer in Compatibility Mode is not supported.

23.3.10 Developer Tools

  • Developer Tools export created from Content Server 7.6 patch 2:

    Import will not succeed if it contains Page Assets. The recommendation is to upgrade to WebCenter Sites 11gR1 and then re-export by using the Developer Tools Plug-in for this version before the next import.

  • Developer Tools does not support assets enabled for revision tracking.

23.3.11 Database

WebCenter Sites 11gR1 uses the length specification for strings to specify the underlying database column sizes in bytes. When specifying the maximum length of a text field, keep in mind that multibyte characters will need more bytes per character.

23.3.12 Installing WebCenter Sites

  • When cs.use.short.jsp.names=false (the new default value, which used to be true by default), JSP elements that contain dots (such as www.xyz.com/common/flexLinkButton) will not be deployed properly. They will be deployed without the .jsp extension. As a result, the application server will not be able to run them. To work around this, if you use dots in your JSP element names, set cs.use.short.jsp.names=true.

  • If your installation of WebCenter Sites fails, take the following steps before re-executing the installation:

    • Drop the database tables.

    • Undeploy the .ear/.war file.

    • Delete the WebCenter Sites installation folder.

    • Restart the application servers and web servers.

  • When installing a Web Server in between Remote Satellite Server and WebCenter Sites, you must set the cookie header property http.protocol.single-cookie-header=true in the httpaccess.properties file and place it in the <remote_satellite_server install folder>/WEB-INF/classes folder

  • If you enable J2EE security on WebSphere 8.0, you will need to add additional classes to the security policy in the .ear file. Two of these are:

    • java.lang.reflect.ReflectPermission.suppressAccessChecks

    • java.lang.RuntimePermission.modifyThreadGroup

  • For security reasons, we recommend providing only internal access for the following servlets:

    • Install

    • HelloCS

    • CatalogManager

    • TreeManager

    • CacheServer

    • Inventory

  • WebCenter Sites is not supported on OHS Webcache with WebLogic domain. Currently this is supported on OHS in standalone mode.

23.3.13 Localization

  • Non-ASCII characters should not be used in the following Form Name Fields:

    • Site

    • Template

    • Site Entry

    • CS-Element

    • Attribute

    • Recommendation

    • Segment

  • Use only alphanumeric characters for the following:

    • AssetTypes

    • Asset Definitions

    • Asset Subtypes

    • Legal Arguments

23.3.14 OAM Integration

23.3.15 Page Cache: inCache

  • Persisting cache to disk clears the Last Access Time and hit count on Remote Satellite Server.

  • The recommendation is to initialize inCache by accessing one page of the site from each of the WebCenter Sites cluster members.

23.3.16 Publishing

  • Ensure that the maximum number of open file handles for your publishing destination operating system is set to 65000. The source system should be set to at least 32000. These numbers are only a guideline and may need to be adjusted based on the type of data and size of publishing operations.

  • Export to Disk: Exported page effectively rendered with wrong template when using SIMPLENAME. Contact technical support for a utility to remove the duplicate pub keys.

  • Publishing is not supported from multiple development WebCenter Sites instances to a single delivery WebCenter Sites instance.

23.3.17 REST API

  • The INPUTFORM tag support is limited in the Asset API when creating basic asset types via REST. As a result, unsupported INPUTFORM TYPES are interpreted as <INPUTFORM TYPE="TEXT" WIDTH="48" REQUIRED="YES"/>. For users to see proper asset type attributes in WebCenter Sites interfaces, the INPUTFORM tags need to be updated in the asset descriptor file through the database (AssetType table in Sites Explorer).

  • Setting BufferingConfig.xml to use multiple threads is not supported

  • It is possible to create duplicate fw_uid if you perform a GET operation and use PUT on the resulting bean when using the REST API. In this scenario, a new asset with a different asset id will be created, but it will still have the same fw_uid. The workaround is to clear the fw_uid in the bean before performing the PUT operation.

  • When using the REST API, you will see the following message displayed on the server side. The message can be safely ignored:

    com.sun.jersey.core.impl.provider.xml.SAXParserContextProvider getInstance
    WARNING: JAXP feature XMLConstants.FEATURE_SECURE_PROCESSING cannot be set on a
    SAXParserFactory. External general entity processing is disabled but other
    potential security related features will not be enabled.
    org.xml.sax.SAXNotRecognizedException:
    http://javax.xml.XMLConstants/feature/secure-processing
    

23.3.18 Satellite Server

WebCenter Sites and Satellite Server must be configured to be in the same time zone.

23.3.19 Search

  • Lucene fails to index text that comes after dashes, underscores, and other special characters.

  • If indexing takes longer than the cs.timeout setting, exceptions will be thrown and indexing may be in an unstable state. The timeout should be adjusted based on the size of the index.

  • SQL Server only stores milliseconds up to 3.33 millisecond precision with data type DATETIME.

  • WebCenter Sites does not support indexing of legacy Word 95 documents and throws exceptions in the logs.

  • Lucene standard analyzer treats words differently if they contain a hyphen (-) For example:

    ABC-DEF-HIJ is sometimes indexed as one word and sometimes indexed separately as "ABC" and "DEF-HIJ", when this occurs, searching for "ABC-DEF-HIJ" will not always return the proper results.

  • Searching for text within XML or HTML tags is not supported.

23.3.20 Sites Explorer

Sites Explorer fails to start on some Windows 2008 R2 servers.

23.3.21 Site Capture

  • Status messages are not shown in the application user interface. Check the crawler.log file for log messages.

  • Site Capture session failover is not supported in this release.

23.3.22 Site Management

  • Creating a site without a Preview asset assigned results in errors in the log which can be safely ignored

    CS.XCELERATE.ASSET][ERROR] error: unable to load asset type information for Variables.previewAssetType, in tag asset.load pagename:OpenMarket/Xcelerate/Admin/SiteFront" and "[CS.XML][ERROR] object.get no object named previewAsset"

  • Site names that include a hyphen '-' are not supported if using LDAP.

23.3.23 Sites DocLink (Deprecated)

  • If Windows is configured using the "Show All Folders" option, if your session times out and you are using Sites DocLink, the login window will appear when Explorer loads the shortcuts.

  • Revision tracking of DocLink assets is not supported in this release.

23.3.24 Sites Desktop (Deprecated)

Revision tracking and workflow are not supported from Sites Desktop in this release.

23.3.25 Tags

  • Choice of values entered for variant attribute used in insite:calltemplate must be applicable to all types valid for clegal argument.

  • Change of behavior for render:callelement from FatWire Content Server 7.x to WebCenter Sites 11g Release 1:

    In earlier versions of WebCenter Sites, <render:callelement scoped="local"> would copy all variables from the calling element to the called element, which was a bug. In 11gR1+, the behavior has been corrected to match the documentation in the Oracle WebCenter Sites Tag Reference and it will now only copy over those variables that are passed to the called element as arguments. To retain the incorrect behavior, you can add -DuserLegacyLocalScoping=true to the JAVA_OPTS of the application server.

23.3.26 Template, Site Entry, and CS-Element

  • Wrapper pages with "." in the name will not execute. Templates and Site Entry assets should not have a dot (.) in their names.

  • Do not use the tag <throwexception> in the code of a template asset. The <throwexception> tag effectively terminates execution in WebCenter Sites for itself and any nested or parent WebCenter Sites engine. This breaks template execution and streaming of data to the client. In addition, when a user approves a template for export publish, a <throwexception> terminates the execution of the approval page and the user gets no feedback.

  • No warning is given regarding the potential for broken pages when templates are deleted. Users should delete templates with care, as they may be used as default templates in other assets. Deletion will result in failure to render those pages.

23.3.27 Vanity URL

Removing a URL pattern does not remove the URLs based on that pattern.

23.3.28 WebCenter Content Integration

When importing assets into WebCenter Sites, the WebCenter Content connector does not check asset permissions and will take action regardless of asset-level restrictions (for example, if the asset is revision tracked). This is an Asset API limitation.

23.4 General Issues and Workarounds

This section describes general issue and workarounds. It includes the following topic:

23.4.1 API

  • ics.CommitBatchedCommands() does not return the correct status or set the errno variable properly in every situation.

  • JSP processing adds whitespace.

  • When using asset:export / asset.export tags on an asset that isn't a page or collection, the output XML doesn't contain info about the unnamed associations.

  • The Asset API Tutorial contains example byte d = fileObj.getBinary(); However getBinary() no longer exist. It has been changed to getBinaryStream() which returns an InputStream. Instead of byte d = fileObj.getBinary() , the example should be changed to: byte d = newbyte[fileObj.getBinaryStream().available()];

  • The XML tag ASSET.DELETEREVISION, which deletes a specific revision of the asset, fails to execute. The JSP variant asset:deleterevision should be used.

  • For case-sensitive databases, setting the case sensitivity to false does not disable the case sensitivity of the search query.

23.4.2 Admin Interface

  • In the Admin interface, the tree applet will not reflect changes when Start Menu name is edited.

  • Downloading thread dumps from the System Tools is not supported for WebSphere.

  • 500 error is thrown if you browse directly to the WebCenter Sites-Cache status page when AssetCache is not started or enabled.

  • Pasting text using Ctrl+V into the query box of the Log Viewer triggers the View Logs function. The correct shortcut for log viewer functionality is Ctrl+Shift+V.

  • Downloaded log files from System Tools do not include information from cas.log.

  • Right-clicking REFRESH does not refresh the page for Thread Info, Sites Info, and DB Info.

  • The message "An error has occurred" appears when attempts are made to view logs in Log Viewer, but the logs are empty.

  • "No access allowed" messages appear multiple times when permissions are insufficient for viewing table information in DB Info.

  • Unable to run the File System test multiple times without changing the type of test to run.

  • System Tools, File System Test information is not displayed in graph form in Internet Explorer. To view this graph, use Firefox.

  • When creating a new AssetMaker asset type, using the tab key to move through the fields will result in the Browse button disappearing from view. Clicking in the area where the button originally appeared will allow browse to continue.

  • Setting the xcelerate.showSiteTree property to false does not turn the applet off in the Admin interface.

  • When WebCenter Sites is configured to use hierarchical LDAP, if the user only has access to the Management Site and you log in to the Admin interface, the tree tab loads and shows the tabs, but all the tabs are empty.

23.4.3 Analytics Integration

Assets deleted in the Contributor interface are not reflected in the Analytics data.txt file.

23.4.4 Approval

  • Approving a site plan using the right-click in the Contributor interface will not include any slot assets in the approval. Pages with slots will need to be approved separately.

  • When a recommendation or promotion is approved, it does not show segment as a dependency.

23.4.5 AssetCache

  • When a revision tracked asset is deleted, on the initial inspection of the asset, AssetCache shows this asset with updated time and valid dependency, which is incorrect.

  • Uploading a BLOB larger than 5MB will result in an exception, which can be safely ignored:

    "Error met serializing / deserializing <Assettype ID> for copying purpose in AssetCache"

  • <render:LogDep> could cause un-linked cache. If there is an un-recognized rendermode passed, the system will cache the page and not log the dependencies. This will cause the page to not be flushed in any way since their dependencies are not there.

  • A warning message in the log is sometimes seen: "Creating a new instance of CacheManager using the diskStorePath". The message can be safely ignored.

23.4.6 Browser Support

  • Selecting Delete from the top menu in the Contributor interface will throw a JavaScript error when Internet Explorer 9 is used. To avoid this issue, delete by using the Delete button.

  • The Site Plan tab in the Contributor interface may not display properly on initial login when Internet Explorer 10 is used. Refresh the page to correct this.

  • When using Chrome, unable to upload user avatar.

  • The Admin interface tree applet fails to load in Chrome when the browser is run on Linux.

  • In Internet Explorer 9, the Web Experience Management (WEM) Framework site selector drop-down list is not populated with sites when the user name contains non-ASCII characters.

  • In Web Mode, the upload icon does not appear in Internet Explorer 10. Switch to form mode to upload files or images.

  • In Internet Explorer 9, the selected date is shown in UTC format in Web Mode.

  • The Contributor interface is best viewed at 100% zoom. Changing this to a higher zoom results in unexpected behavior such as:

    • All drag-and-drop fields may not appear in Web Mode.

    • Additional horizontal and vertical lines appear.

23.4.7 Caching: inCache

Disk store size keeps growing as the cache gets more usage, even if the actual number of items in cache remains the same.

23.4.8 Caching: Satellite Server

  • Any blob which is not supposed to be cached by the Satellite Server will be added under <sscachedir>/uncachedblob. This directory can grow if blobs are not being cached on the Satellite Server. The content of this directory can be safely deleted at any time. It can be deleted manually or by using the FlushServer reset call.


    Note:

    The FlushServer reset call will clear all the cache from the Satellite Server.


  • Pages based on a template variant are not cached on Remote Satellite Server on the first request.

23.4.9 CKEditor

  • Anchor name is added before the selected text when using Internet Explorer 9.

  • Upgraded assets may have an extra <p> <span> added when viewed in Form Mode post upgrade. This can be resolved by changing the attribute to use the updated CKEditor.

  • For assets created prior to Content Server 7.5 Patch 1 - If the first piece of data in the FCKEditor window is an embedded link or included asset, you must switch to source view to add additional content prior to the embedded link or included asset. Similarly, if the last asset is an embedded link or included asset, source view must also be used to add additional content immediately following the link or included asset.

  • Frame shows "Loading" message if target is set to "not set", "frame" or "Same Window (_self)" while creating the external link in CKEditor.

23.4.10 Cluster

For a WebSphere cluster, user session replication for the management interfaces will not properly failover in all scenarios when one cluster member fails.

23.4.11 Content Query

Content Query throws errors when selecting an assettype which contains a subtype.

23.4.12 Contributor Interface

  • If there is a failure due to template compatibility reasons while swapping a slot, the original slot content is cleared. Refresh or cancel the save to revert back to the previously saved state.

  • Bookmarks are not appearing in the tree for sites that are imported using Developer Tools. To resolve this, edit and save the bookmark tree tab in Admin.

  • When dragging and dropping from the docked search, the avatar window (showing the asset name in blue) tends to hide behind the search.

  • Drag-and-drop of pages to the Site Plan Tree is not supported. Doing so may result in the tree node indicator to spin and not return results. Other operations are able to continue during this time except action initiated from the node of the site plan tree that is no longer responding.

  • Progress bar is not displayed accurately for large file uploads (>64MB) for Basic Assets.

  • Setting bs.security=true results in blobs failing to render in Web Mode or Preview

  • Setting bs.security=true results in a failure of the blob to render correctly on create screen, inspect will display properly.

  • The select layout template appears behind videos added as part of a proxy asset in the Contributor interface.

  • Date picker does not work in Web Mode if the value is empty.

  • In Web Mode, the selected layout in the Change Layout option is retained in the browser even when the asset is not saved

  • Changes to the presentation of a slot are not copied during an asset copy operation in Web Mode.

23.4.13 Developer Tools

  • Importing a Developer Tools export from version 11.1.1.6.0 or 11.1.1.6.1 to 11.1.1.8.0 will fail if the export includes fw_attributeeditor or fw_uiconfiguration assettypes, users should remove these types from the datastore prior to the import.

  • Developer Tools import from version 7.6.x will not be successful if the DatePicker attribute editor is included in the datastore, as the calendar is different between this version and 11gR1+. Remove the attribute to import this data.

  • When creating templates using the existing element option, if the specified element does not exist, an empty template will be created in WebCenter Sites, but cannot be exported.

  • If filename length of exported file exceeds the operating system filename limitation, the file cannot be exported. This is likely to happen if the filename of uploaded blob is too long.

  • Deleting a site does not update information about the exported assets. The workaround is to first unshare the assets from the site which you wish to delete, and then delete the site.

  • Deleting of non-asset resources should be done manually on each destination. This is currently no sync for deleted non-asset resources.

  • User must be cautious of the order in which resources are imported. Consider the situation in which all developers have "A points to B" in their system. Then one developer changes A to point to C and deletes B. If other developers were to sync B before A, the import would fail, since an asset that is being referenced cannot be deleted.

  • During import, you may experience some indexing data exceptions. This will affect only the search index and not the actual data import. Re-index the affected asset types after the import, if necessary.

  • Resources that contain fw_uids which include slashes or commas cannot be exported.

  • The Sync and FW workspace views in Eclipse do not properly display UTF-8 characters on Windows.

  • The locale hierarchy information is not preserved for exported hierarchical DimensionSet. The workaround is to manually configure the hierarchal information after import.

  • SiteCatalog resources do not contain a dependency on the ElementCatalog resource. These currently need to be exported/imported manually.

  • The Developer Tools Eclipse Plug-in auto complete will add double quotes if your application server does not support this. The double quotes must be changed to single quotes manually.

  • Import fails to import segment assets when the segment criteria contains history definition with string value.

  • When connecting to a remote instance, the project WEB-INF folder points to a non-existent location. As a result, code completion will not work. To work around this issue, map to local jars / tlds when working with remote connections.

  • If an ElementCatalog entry is created with the name of an existing ElementCatalog entry, the JSP will be overridden with a new empty JSP.

  • In some Linux systems, the WebCenter Sites interface and log sections are not appearing.

  • Site Entry creation fails via Developer Tools.

23.4.14 Engage

Setting an asset which is part of recommendation to rating of 100 results in only that asset being returned.

23.4.15 Flex Assets

  • If using multiple parents, they should all use the same Parent Select Style.

  • Parent asset cannot be deselected when using Select Box attribute editor for an optional parent attribute. The workaround is to use Pick from Tree.

23.4.16 Installation / Upgrade

  • Going back or restarting the installation process after entering passwords requires that the passwords be re-entered, or the system defaults will be used.

  • During upgrade, the following ERROR may appear in the sites log and can be safely ignored:

    [com.fatwire.logging.cs] Exception loading properties from file list futuretense.ini java.lang.Exception: Required key not found: cs.pgCacheTimeout"

  • Installation should not be initiated to a path that includes multibyte characters.

  • "Exception loading applications assetcom.fatwire.assetapi.common.AssetAccessException: asset type FW_Application cannot be found in Content Server" may appear in sites.log when installing avisports sample site, or when a new site is created. This exception can be safely ignored.

  • Occasionally, the midpoint installation tests will fail for WebSphere secondary cluster member. If this occurs, try again. The same issue may occur on login after a restart.

  • Download patch 14847089 if installing on WebSphere to avoid the following exception after starting the server during installation:

    JPAPUnitInfo  E   CWWJP0015E: An error occurred in the org.eclipse.persistence.jpa.PersistenceProvider persistence 
    @ provider when it attempted to create the container entity manager factory for the JpsDBDataManagerV3 persistence unit. The following error occurred: 
    java.lang.ClassNotFoundException: 
    org.eclipse.persistence.jpa.PersistenceProvider 
    at java.net.URLClassLoader.findClass(URLClassLoader.java:434) 
    at 
    com.ibm.ws.bootstrap.ExtClassLoader.findClass(ExtClassLoader.java:198) 
    at java.lang.ClassLoader.loadClass(ClassLoader.java:646)
    

23.4.17 Mobility

  • The devices.xml file provides a sample that works best using user-agent identification to identify by device name. Modify this file for greater granularity.

  • Entering more than 31 characters in the device name field will result in the name appearing outside the device area in multi-device preview.

23.4.18 Performance

The tree applet in the Admin interface takes 2 to 4 minutes to release memory used when switching sites. This is a JRE limitation.

23.4.19 Proxy Assets

Creating a Content Query that contains proxy assets will show only dots (…) in the search results.

23.4.20 Publish Console

During publishing to a cluster, the progress bars in the publish status screen show progress out of order from the actual steps.

23.4.21 Publishing

  • Export to Disk: Changing display template results in multiple assets in pub list. Contact technical support for a utility to resolve this.

  • Removing a published child page from the site plan and later only publishing the parent will leave the child page on the destination, but the page will not appear in the site plan.

  • Temp files created during publishing remain in the file system after publication.

  • Dependent asset relation for promotion is lost after publishing. This also occurs via REST and Developer Tools import / export.

  • Error -3100 when publishing BLOBS may occur. This can be safely ignored.<8~/p>

23.4.22 REST API

  • When you use an invalid multi-ticket in a REST call to Satellite Server, instead of redirecting to the login screen, it throws the following exception: javax.servlet.ServletException: Failed to parse assertion for multi ticket xxx

  • When you use an invalid multi-ticket in a REST call to Satellite Server, it does redirect to the login screen. However, instead of generating a ticket and displaying the requested information, the redirect fails, and an error is shown.

  • Initiating a REST call using an invalid ticket or multi-ticket via the browser while you are logged into WebCenter Sites will be successful, as it will use the session ticket.

  • Multivalued association is not returned with the ordinal value.

  • Deleted groups are not deleted from the Security Configuration. The group can be manually deleted by removing the entries from the FW_CSSecurityConfig table.

  • When under load, the following exception may occur when using Buffered Writes. This can be safely ignored, as the data is properly returned:

    com.sun.jersey.server.impl.application.WebApplicationImpl onException SEVERE: Internal server error javax.ws.rs.WebApplicationException: javax.xml.bind.MarshalException

  • Content-type header must be set to allow delete operations.

  • When creating asset types in REST, Plural Form is not reflected/honored in the Admin interface.

  • Invoking the Delete method on a non-existent object returns a 200 status code.

  • Update is not working for Application object type if Delete permission is not also granted.

  • If the first request after a restart of WebCenter Sites is a PUT, the create will fail with a 500 error.

  • The Navigation service will return a 500 instead of 200 error if there are no Page assets.

  • Although description is a required attribute for a Site, the WebCenter Sites REST service doesn't validate for a Site description during create/edit.

  • When roles are deleted via REST, the corresponding entry for Site and Users is not deleted. Use WEM Admin interface to delete a role or manually clean up the UserPublication table to remove the dependencies.

  • Access to navigation service requires user to be part of the RESTAdmin Group.

  • REST API for asset data sometimes returns an empty string when the attribute data is null.

  • REST API calls to Remote Satellite Server through Central Authentication Service (CAS) must be made after acquiring a multi-ticket and using that multi-ticket in each REST call.

23.4.23 Revision Tracking

  • Viewing the version of a revision tracked asset where the parent has been deleted will display a blank screen.

  • If access to Checkout is denied, clicking on the Checkout button in the Contributor interface will result in no response.

  • Deleting an asset that was associated to a revision tracked asset removes all associations on rollback.

23.4.24 Satellite Server

Content-type header is lost when a wrapper page is called using Co-resident Satellite Server. WebCenter Sites logs "Unable to set header (header name) because the header has already been committed".

The workaround is to increase the application server response buffer size.

23.4.25 Site Capture

  • Download Archives action may time out if the archive size is large.

  • Multiple Jobs and Archives get created if schedules overlap for the same crawler. It is recommended to create only one schedule for each crawler to avoid creation of duplicate jobs and archives.

  • In some cases, when the installation is performed on Solaris, if the start URI is not configured correctly, errors will be reported as HTTP instead of network errors. Ensure that the start URI is configured correctly.

23.4.26 Site Launcher

Sites Desktop information in the replicated site does not set the description field for Sites Desktop to enabled in the copied site.

23.4.27 Site Plan

  • If a page is moved to a different site plan while another user is editing or viewing the page in the Contributor interface, the multi-device preview may not accurately reflect the correct device group.

  • Setting showparentnodes=false will result in related assets of the last node in the tree appearing as children of the root node.

23.4.28 Sites Desktop (Deprecated)

  • The following error may appear in the sites.log file when assets are created using Word 2010:

    [ERROR] [WebContainer : 6] [docx4j.openpackaging.contenttype.ContentTypeManager] No subclass found for /word/stylesWithEffects.xml.

    This error can be safely ignored.

  • Locale selected during creating an asset from Sites Desktop does not appear in Sites Desktop before save even though it is saved correctly.

  • Unable to upload multiple images to a multivalued attribute.

  • Unable to reorder multivalued attributes in Sites Desktop.

23.4.29 Sites DocLink (Deprecated)

  • Unable to create translated assets using 'copy' option.

  • After the Document Type is changed in WebCenter Sites, refreshing DocLink does not make this change active. The user must log out and log back in for the change to take effect.

  • Required fields are not marked as "Required" in the DocLink Edit Configuration screen.

23.4.30 Sites Explorer

Login via Sites Explorer on Windows 2008R2 over https fails to authenticate. It is recommended to use Sites Explorer on Windows XP or Windows 7 if configured using https.

23.4.31 Start Menu

Start menus that contain more than 21 characters are not displayed properly in the search box in the Contributor interface.

23.4.32 System Tools

  • ResultSet Summary screen refresh does not always refresh properly. Use the individual screen for each cache for more accurate reporting.

  • Setting fatwire.logging.cs.xml logger to DEBUG level will cause the Admin interface to fail to load properly until the server is restarted.

23.4.33 Tags

  • The POST tag works incorrectly when USERNAME, PASSWORD or LOGOUT attributes are passed to it. Login and logout requests are sent to the URL being posted to, instead of CatalogManager. One workaround is to perform login before this tag is executed. Alternatively, the FormPoster API can be directly used to perform the post operation.

  • SEARCHSTATE.ADDRICHTEXTCONSTRAINT fails when the ResultSet returns more than 1000 rows.

  • Unable to delete page and basic assets using asset:void tag if a valid pubid is not present in the session. The workaround is to set the pubid in the session to "0", then remove it again after voiding.

23.4.34 WebLogic Server

Exception is thrown when WebLogic Server starts. This can be safely ignored:

java.net.ConnectException: Tried all: '1' addresses , but could not connect over HTTP to server

23.4.35 WEM Admin

  • Case sensitivity for sorting is inconsistent.

  • Site names with special characters or symbols are not getting deleted. Delete the site by using the Admin interface.

  • Deleting a site does not clean up the Apps assigned to the site. To resolve this, manually remove the site entries from the urlaccessroles column in the FW_Applications table, using Sites Explorer.

  • Cannot assign roles to a user who has stale group membership data. The workaround for this is to edit and save the user in the WEM Admin interface.

23.4.36 WEM Framework

  • The SiteAdmin role is not added to the user for WEM Admin by default when the user has been assigned the SiteAdmin role in another site. The user should be manually assigned access to the WEM Admin application, if required.

  • If the last accessed application or asset no longer exists, subsequent login to WebCenter Sites will result in a blank screen.

  • If an incorrect old password is entered when changing the password in the WEM Admin interface, selecting Save and Close will fail to display a warning that the old password is incorrect. The password will not be changed in this case.

23.4.37 Workflow

  • Shared roles need to be reselected if a workflow report is edited after the initial save.

  • The DashUser role is listed in the list of Workflow Participants if the user was part of the group before upgrade. This user role should be removed and replaced with SitesUser.

23.4.38 UI Customization

If the left navigation and right navigation panels in LayoutConfig are swapped, the Contributor interface throws errors and does not load.

23.4.39 Upgrade

  • The upgrade utility will not apply indexes to the tables listed below if the assets were created prior to version 7.6 Patch 2 and a previous upgrade was done to an earlier version of WebCenter Sites 11gR1. To take advantage of performance enhancements, apply indexes to these tables manually:

    • AssetType_Dim

    • AssetType_DimP

    • AssetType_Amap

    • AssetType_Group

  • After upgrade, the Content Query start menu is not present even though the asset type is enabled for sites. The start menu must be created manually.

  • The timezone utility does not update previously exported data that contains a user-defined attribute of type date. The serialized data needs to be manually updated to UTC before import.

  • For information about upgrading the Community Blogs module, see Section 24.4, "Upgrading the Community Blogs Module" in Chapter 24, "Oracle WebCenter Sites: Community-Gadgets."

23.4.40 XMLPost

  • XML namespaces are stripped from XML elements during evaluation.

  • XMLPost created as recursive dependency on the asset when modifying a parent asset.

PK]PK.V_EOEBPS/webcenter.htm Oracle WebCenter Portal

14 Oracle WebCenter Portal

This chapter describes issues associated with Oracle WebCenter Portal. It includes the following topic:


Note:

For release notes related to WebCenter Portal installed on IBM WebSphere, see Chapter 7, "Oracle Fusion Middleware on IBM WebSphere."


14.1 General Issues and Workarounds

This section describes general issues and workarounds. It includes the following topics:

14.1.1 Installing the WebCenter Portal Extension Version 11.1.1.8.3 for JDeveloper

The WebCenter Portal extension is an add-in that provides JDeveloper with the complete set of WebCenter Portal capabilities and features. Oracle WebCenter Portal 11.1.1.8.3 works only with WebCenter Portal extension 11.1.1.8.x and Oracle JDeveloper 11.1.1.7.0. By default, JDeveloper will recommend you to download the WebCenter Portal extension for release 11.1.1.8.3 as it is the latest version. You must ensure that you have the correct version installed. For information about installing the extension, see the "Installing the WebCenter Portal Extension for JDeveloper" section in Oracle Fusion Middleware Developing Portals with Oracle WebCenter Portal and Oracle JDeveloper.

14.1.2 Support for Discussions Server from Jive Software

Oracle supports the embedded discussions server from Jive Software. Use the supplied task flows that come with WebCenter Portal to call this discussions server. Any custom development against APIs in the Jive Web Service layer are subject to review by Oracle and may not be supported.

There are a limited set of beta features that Jive Software delivers as part of the discussions server that Oracle does not recommend and cannot yet support.

Documentation for Jive Forums is included for reference only. Jive software installations and upgrades outside of the WebCenter Portal product installation are not supported.

14.1.3 Oracle WebCenter Portal's Pagelet Producer Failover Support

Oracle WebCenter Portal's Pagelet Producer supports failover in a clustered configuration. However, the in-flight data (unsaved or pending changes) is not preserved. On failover, administrators must reestablish their administrative session. End users may also need to reestablish the session if the proxy is required to have a state. If SSO is configured, credentials are automatically provided, and the session is reestablished.

14.1.4 SQL Query with NCHAR Data Type Throws Exception

When using a SQL data control, you may encounter an error if the query contains a column with the NCHAR data type. As a workaround, you can use the to_char(NCHAR_COLUMN NAME) function.

14.1.5 Configuring the REST Server Post-Installation

For certain features of the WebCenter Portal REST server to work correctly when using a REST client like the Oracle WebCenter Portal iPhone application, the flag WLForwardUriUnparsed must be set to ON for the Oracle WebLogic Server Plugin that you are using.

  • If you are running Apache in front of WebLogic Server, add this flag to weblogic.conf.

  • If you are running Oracle HTTP Server (OHS) in front of WebLogic Server, add this flag to mod_wl_ohs.conf.

The examples below illustrate the possible configurations for both of these cases.

For more information about how to configure WebLogic Server Plugins, see Oracle Fusion Middleware Using Web Server 1.1 Plug-Ins with Oracle WebLogic Server.

Example 1: Using <location /rest> to apply the flag only for /rest URIs (recommended)

<Location /rest>
  # the flag below MUST BE set to "On"
  WLForwardUriUnparsed    On
 
  # other settings, example: WebLogicCluster or WebLogicHost & WebLogicPort
 
  # set the handler to be weblogic
  SetHandler weblogic-handler
</Location>

Example 2: Applying the flag to all URIs served by Oracle WebLogic Server

<IfModule mod_weblogic.c>
   # the flag below MUST BE set to "On"
  WLForwardUriUnparsed    On
 
  # other settings, example: WebLogicCluster or WebLogicHost & WebLogicPort
  WebLogicCluster johndoe02:8005,johndoe:8006
  Debug ON
  WLLogFile             c:/tmp/global_proxy.log 
  WLTempDir             "c:/myTemp"
  DebugConfigInfo       On
  KeepAliveEnabled ON
  KeepAliveSecs  15
</IfModule>

14.1.6 Cannot Customize or Personalize a JSF Portlet

When clicking OK after customizing or personalizing a JSF portlet (that is, a portlet created using the Oracle JSF Portlet Bridge), the portlet does not respond and displays a timeout message. This is caused by performing an edit action and changing the portlet mode in a single operation. End users can work around this issue by clicking Apply (instead of OK) to perform the edit action first, then clicking Return to change the portlet mode back to View mode. Portlet developers can avoid the issue occurring by editing the code for the generated Edit Defaults mode (in the edit_defaults.jspx file) and Edit mode (in the edit.jspx file) and removing the code for the OK button so that end users are forced to use the Apply button instead.

14.1.7 Portals Do Not Display Correct Language When WebCenter Portal is Accessed Using OAM

When users access WebCenter Portal through OAM, portals do not display the language selected on the OAM login page. WebCenter Portal does not use the same xlf file name standard as OAM.

14.1.8 Announcement Publication Format can be Incorrect in Thai

When the display language is set to Thai, the announcement publication format can be incorrect. This happens when announcements are opened to edit and are then saved, even if nothing in the announcement itself is updated.

14.1.9 The Run as Servlet Link on Producer Test Page Does Not Work for JSF Portlet

You can create a JSF portlet (that is, a portlet that uses the Oracle JSF Portlet Bridge) using the Create JSR 286 Java Portlet Wizard by selecting the Generate ADF-Faces JSPX implementation method on the third step of the wizard.

If you create a JSF portlet in this way, you may find that clicking the Run as Servlet link on the portlet's Producer Test Page produces an error. The portlet itself, however, runs correctly.

To avoid this issue, add the ADF Page Flow scope to the project that contains the portlet. For information, see the "Adding and Removing Technology Scopes" section in Oracle Fusion Middleware Developing Portals with Oracle WebCenter Portal and Oracle JDeveloper.

14.1.10 Using OpenSocial Pagelets to Post Activities to User's Activity Stream

Pagelets based on OpenSocial gadgets are not able to post activities to a user's activity stream. To implement a temporary solution, grant User Profile 'edit' permission to Oracle WebCenter Portal's Pagelet Producer using the following WLST/WSAdmin command:

grantPermission(appStripe="pagelet-producer",
principalClass="oracle.security.jps.internal.core.principals.JpsAuthenticatedRoleImpl", principalName="authenticated-role",
permClass="oracle.webcenter.peopleconnections.profile.security.ProfilePermission",
permTarget="/oracle/webcenter/peopleconnections/profile/s8bba98ff_4cbb_40b8_beee_296c916a23ed/.*", permActions="view,edit")

After running the command, restart the Pagelet Producer server.

14.1.11 Accessing Owners' Profile Information Using the OpenSocial API

To access owners' Profile/Activities/Friends information using the OpenSocial API with Oracle WebCenter Portal's Pagelet Producer, you must target the WebCenterDS data source to the WC_Portlet managed server as described in the Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter. After saving this configuration, Activities and Friends information can be fetched, but Profile information is not returned. To access Profile information, restart the WC_Portlet managed server.

14.1.12 Unable to View Entire Content on iPad as Scrollbars Not Displayed

The Apple iOS platform does not display scrollbars. When you view a page on an iPad, content may appear truncated because scrollbars are not displayed. Also, iFrame components ignore dimensions on iPad. To view the entire content area, use the two-finger scroll gesture on your iPad.

14.1.13 RSS Links Not Working Properly on iPad

The Apple iOS platform renders RSS links by loading them through the site reader.mac.com. If the WebCenter Portal instance is not accessible outside your firewall, RSS links cannot be viewed.

14.1.14 Cannot Upload Content Using iPad

The Apple iOS platform does not support a native file system browser. Therefore, you cannot upload content from an iPad. All upload actions, such as publish, upload, and share are disabled or hidden when you access WebCenter Portal from an iPad.

14.1.15 Cannot Copy Text Displayed on Pages

If you access a page through an iPad, you cannot copy the text displayed on the page. This is a limitation from the Apple iOS platform.

14.1.16 Embedded Images Not Rendered

The Mail task flow does not render embedded images. If an email contains inline images, they are shown as attachments, and not within the message body.

14.1.17 Unable to Check Out a Document When Using Firefox First Time

The first time you access WebCenter Portal using the Mozilla Firefox browser, and attempt to open a document using Desktop Integration over an SSL or HTTPS connection, you will receive a warning that the certificate is not trusted, even if the environment has a valid certificate. You can open the document, but cannot check in or check out the document from within a Microsoft Office application. However, subsequent use of Desktop Integration through the Firefox browser will work as expected and you will be able to check documents in and out from within a Microsoft Office application.

14.1.18 Web Clipping Portlet is Deprecated

The Web Clipping portlet is deprecated in Release 11g (11.1.1.8.0) and should not be used. Instead, create a clipper pagelet using Oracle WebCenter Portal's Pagelet Producer.

14.1.19 Deployment Fails Because Versioned Applications Are Not Supported

Application versioning is no longer supported by default for ADF applications. Upon initial deployment, an existing 11.1.1.7.0 (or earlier) or new application (11.1.1.8.0 or later) deploys successfully regardless of the application's versioning. However, when redeploying an unversioned application from JDeveloper 11.1.1.7.0 to a WebLogic Server where a versioned instance of that application is already running, deployment will fail. This is because the server is already running a versioned instance and WebLogic Server does not allow deploying an unversioned instance of the same application. You will see an error message like this:

Weblogic Server Exception: 
weblogic.management.ManagementException: [Deployer:149082]You cannot deploy application 'Application1_application1' without version. The application was previously deployed with version 'V2.0'.

To resolve this issue, undeploy the versioned application first and then deploy the unversioned application.

14.1.20 Exception Reported When Running WC_Spaces Managed Server

When you start the WC_Spaces managed server, the following exception is reported in server logs after the server reaches the running state.

"Could not fetch the default portal configuration from webcenter-config oracle.webcenter.webcenterapp.WebCenterException: Getting WebCenter Attributes "

This does not cause any functionality loss. It is a known issue.

14.1.21 Upgraded Portals Do Not Render Properly

In WebCenter Portal, when you display a portal upgraded from a previous Oracle WebCenter Portal installation, the top banner of the portal does not render correctly. This happens when the portal has a page template set to a specific value, and the skin is left as [System Default]. To work around this issue, you must choose a skin to match the page template. Configure the upgraded portal to use the Spaces FX or Fusion FX skin, depending on the page template.

14.1.22 Displaying a Page on a Device when the Page Name Includes a Space

An issue exists when accessing a portal page on a device (such as a tablet or iPhone) when all of the following conditions are true:

  • The page has a space in its name

  • The page does not have a page variant defined

  • The Page Fallback setting for the page or the portal is Display No Page

In this case, the expected behavior is to see Page Not Available on the device. However, when all of the condition above are true, the content of the page displays (without the page title) on the device instead of Page Not Available.

For more information, see the "Setting Page Behavior for a Portal When No Page Variant Exists" and "Setting Page Behavior for a Specific Page When No Page Variant Exists" sections in Oracle Fusion Middleware Building Portals with Oracle WebCenter Portal.

14.1.23 Problem Integrating PeopleSoft and WebCenter Portal

This release has a known issue when integrating PeopleSoft and WebCenter Portal leveraging WSS1.0 Username Token with Password. This is the recommended approach for customers who require secure consumption of PeopleSoft portlets in WebCenter Portal. Customers should contact Oracle Customer Support to obtain a patch to address this issue.

Oracle does not recommend using WSS1.0 SAML Token with Message Protection. This approach is not supported for integration between WebCenter Portal and PeopleSoft.

14.1.24 Unable to Create Pages in Portals Created Using REST APIs

In a portal created using WebCenter Portal REST APIs, you will face problems creating pages. To work around this issue, you need to reapply Page permissions. Navigate to the Security page in WebCenter Portal Builder Administration. On the Roles tab, deselect all the permissions for Pages and save the setting. Now select the same permissions again and save the settings.

14.1.25 Mobile Page Variants Not Displayed Correctly on Nexus 4 Devices

Mobile page variants are not displayed on the new Nexus 4 devices. To resolve this issue, create a new device with the following user agent string:

Mozilla/5.0 \(Linux; Android.+4.2.+Nexus 4.+Chrome.*Mobile Safari.*

For information about creating new devices and specifying the user agent string, see the "Creating and Managing Devices" section in Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter.

14.1.26 Configuring Oracle SES 11.2.2.2 for Oracle WebCenter Portal

Oracle WebCenter Portal release 11.1.1.8.0 supports Oracle SES 11.2.2.2. If you patch your existing Oracle SES installation to release 11.2.2.2, you must install the new version of Oracle WebCenter Portal's Document Service Manager on Oracle SES and configure Oracle SES facets and sorting attributes. For information, see the "Installing Oracle SES 11.2.2.2" section in Oracle Fusion Middleware Installation Guide for Oracle WebCenter Portal.

14.1.27 Clicking the Create Topic Button in a Discussion Forum Does Not Open the Create Topic Dialog

When you navigate to a discussions page by using its direct URL and pass forumId as a query parameter in the page URL, clicking the Create Topic button in the discussion forum displays a list of forums instead of opening the Create Topic dialog. You encounter this issue when accessing the pages that contain the Discussion Forums task flow with #{param.forumId} set as the value for the Forum ID attribute.

To ensure that clicking the Create Topic button displays the Create Topic dialog, implement the following workaround:

  1. Open the page that contains the Discussion Forums task flow in edit mode in Composer.

  2. Ensure that the View Switcher is set to Data.

  3. On the Source tab, click PageDef at the bottom of the frame.

  4. Locate the task flow binding within the <executables> section of the PageDef source.

    You will notice that this task flow binding has the attribute Refresh="ifNeeded", and one of the input parameters to the task flow binding is "param.forumId".

  5. Delete the attribute Refresh="ifNeeded".

  6. Replace it with the following attribute: RefreshCondition="#{param.forumId!=null}".

  7. Click Save to save the changes.

14.1.28 Duplicate Copies Created when Copying, Moving, or Cutting and Pasting Files and Folders with the Same Name

Duplicate copies of files and folders (prefixed with "Copy of") are created when you "copy and paste", "cut and paste", or "move and paste" to a location that already contains a file or folder with the same name. For example, if you copy or cut the file Events.docx and paste it to a folder containing that file, the new pasted version is named Copy of Events.docx.

This is applicable only when Oracle WebCenter Portal is configured to use FrameworkFolders as the folder service. If Folders_g is configured, files and folders are not duplicated if a matching copy is found at the target.

14.1.29 Invalid Characters in Folder and File Names

If WebCenter Portal is configured to use FrameworkFolders as the folder service, the following characters are not allowed in folder and file names:

? # & / \ * " | < > : î

14.1.30 Comment and Tag Updates Not Listed in Activity Stream of Portal Framework Applications

In a Portal Framework application, when you add comments or tags to a newly uploaded document, these updates are not listed in the Activity Stream of the application. This happens when Oracle WebCenter Portal is configured to use the FrameworkFolders component.

14.1.31 Imprecise Error Message When Uploading a File with the Same Name as a Checked Out File

When a user has checked out a file, and another user tries to upload a new version of the file with the same name, an error message is shown specifying that the user does not have the permission. The error message is not complete as it does not specify that the file has already been checked out by a user. This error is displayed when Oracle WebCenter Portal is configured to use the FrameworkFolders component.

14.1.32 Cannot Create or Move Files by Using CMIS REST API

The feature to create files or folders or move files from one folder to another using the CMIS REST API does not work when FrameworkFolders is enabled as the folder service.

14.1.33 Tabs Not Displayed on Document Management Taskbar

When editing a WebCenter Portal document in Word, Excel, or PowerPoint, the tabs (Status, Members, Tasks, Documents, and Links) do not appear on the Document Management taskbar, which is invoked by clicking on the Office icon > Server > Document Management. The tabs are displayed only after the document has been checked in. This happens when Oracle WebCenter Por tal is configured to use the FrameworkFolders component.

14.1.34 Imprecise Error Messages When Renaming or Pasting a File in Workflow

When you try to rename or cut and paste a file that is part of workflow, an error message appears indicating that the file cannot be renamed or moved as it no longer exists. For example, the following error message appears when you rename a file:

"Messages for this page are listed below.
Unable to rename the selected document.
The document no longer exists.
Please refresh to see the latest content (View > Refresh Content)."

This error message is incorrect, and is displayed when Oracle WebCenter Portal is configured to use the FrameworkFolders component. The error message should specify that the file cannot be renamed or moved because it is part of workflow and the user is not added as a reviewer to the workflow.

14.1.35 Unable to Access Files Using Direct URL in Home Portal

In Home portal, accessing a file under Item Level Security using direct URL does not work if you do not have access to all the folders in the chain. This happens when Oracle WebCenter Portal is configured to use the FrameworkFolders component.

14.1.36 Creating a Portal based on a Template Containing Blogs or Wikis

When you create a portal from a portal template that contains blogs and wikis, the blogs and wikis are not displayed in the newly created portal. This happens when Oracle WebCenter Portal is configured to use the FrameworkFolders component.

14.1.37 FrameworkFolders Not Supported When Oracle BPM Process Spaces is Enabled for WebCenter Portal

Oracle BPM Process Spaces requires that Folders_g must be enabled on Content Server. In a new installation of Oracle WebCenter Portal 11.1.1.8.3, if you want to enable Process Spaces for WebCenter Portal, you must ensure that Folders_g is enabled and FrameworkFolders is disabled.

PK`PK.V_EOEBPS/partpage_web.htm5 Web Tier

Part IV

Web Tier

Part IV contains the following chapters:

PKqH9:5PK.V_EOEBPS/partpage_ovab.htm9 Oracle Virtual Assembly Builder

Part III

Oracle Virtual Assembly Builder

Part III contains the following chapters:

PKuwx>9PK.V_EOEBPS/partpage_ecm.htm  Oracle WebCenter Content PKJY PK.V_EOEBPS/intro.htm@B Introduction

1 Introduction

This chapter introduces Release Notes, 11g Release 1 (11.1.1). It includes the following topics:

1.1 Latest Release Information

This document is accurate at the time of publication. Oracle will update the release notes periodically after the software release. You can access the latest information and additions to these release notes on the Oracle Technology Network at:

http://www.oracle.com/technetwork/indexes/documentation/index.html

1.2 Purpose of this Document

This document contains the release information for Oracle Fusion Middleware 11g Release 1 (11.1.1). It describes differences between Oracle Fusion Middleware and its documented functionality.

Oracle recommends you review its contents before installing, or working with the product.

1.3 System Requirements and Specifications

Oracle Fusion Middleware installation and configuration will not complete successfully unless users meet the hardware and software pre-requisite requirements before installation.

For more information, see "Review System Requirements and Specifications" in the Oracle Fusion Middleware Installation Planning Guide

1.4 Memory Requirements

Oracle Fusion Middleware memory requirements for installation, configuration, and runtime are as follows:

  1. Without a Database on the same server: Minimum 4 GB physical memory and 4 GB swap.

  2. With a Database on the same server: Minimum 6 GB physical memory and 6 GB swap.


    Note:

    These minimum memory values are with the assumption that no user or operating system process is consuming any unusually high amount of memory. If such a condition exists, corresponding amount of additional physical memory will be required.


1.5 Certification Information

This section contains the following:

1.5.1 Where to Find Oracle Fusion Middleware Certification Information

The latest certification information for Oracle Fusion Middleware 11g Release 1 (11.1.1) is available at the Oracle Fusion Middleware Supported System Configurations Central Hub:

http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

1.5.2 Certification Exceptions

This section describes known issues (exceptions) and their workarounds that are associated with Oracle Fusion Middleware 11g certifications. For a list of known issues that are associated with specific Oracle Fusion Middleware 11g Release 1 (11.1.1) components, see the Release Notes for the specific Oracle Fusion Middleware 11g Release 1 (11.1.1) component.

This section contains the following topics:

1.5.2.1 Certification Information for Oracle Fusion Middleware 11g R1 with Oracle Database 11.2.0.1

If you choose to configure Oracle Internet Directory with Database vault, do the following:

  1. Apply patch 8897382 to fix bug 8897382.


    Note:

    the following workaround is required only if the Oracle Fusion Middleware version is 11.1.1.1.0 (11gR1). This issue will be fixed in 11.1.1.2.0.


  2. Apply the workaround for bug 8987186 by editing <OH>/ldap/datasecurity/dbv_oid_command_rules.sql file and find the following declaration:

    /declare
     begin
          dvsys.dbms_macadm.CREATE_COMMAND_RULE(
          command => 'CONNECT'
          ,rule_set_name => 'OID App Access'
          ,object_owner => 'ODS'
          ,object_name => '%'
          ,enabled => 'Y');
     commit;
    end;/
    

and change the line that is indicated in bold:

/declare
 begin
      dvsys.dbms_macadm.CREATE_COMMAND_RULE(
      command => 'CONNECT'
      ,rule_set_name => 'OID App Access'
      ,object_owner => '%'
      ,object_name => '%'
      ,enabled => 'Y');
 commit;
end;/

1.5.2.2 Excel Export Issue on Windows Vista Client

Vista prevents applets from creating files in the local file system if the User Account Control (UAC) system is turned on. You can experience this problem if you have the UAC setting enabled on Vista and if you use a component like Discoverer Plus. If you start Discoverer Plus and if you try exporting a worksheet to a specified directory, the exporting succeeds but you cannot see the exported file in the directory. The available workarounds is to disable UAC and set protection mode to OFF. Refer to Bugs 8410655 and 7328867 for additional information.

1.5.2.3 Restrictions on Specific Browsers

1.5.2.3.1 Unable to View the Output of a JSPX Page in Internet Explorer 7

When a JSPX page is deployed and is then accessed using Internet Explorer 7 (IE7), the XHTML source is displayed instead of the page contents. This occurs in both normal and osjp.next modes.

The workaround is to instruct application users to access the application with Firefox or Safari.

1.5.2.3.2 Java Plugin for Discoverer Plus Not Downloaded Automatically on Firefox

When you attempt to connect to Discoverer Plus by using the Mozilla Firefox browser on a computer that does not have Java 1.6 installed, Firefox does not download the JRE 1.6 plug-in automatically. Instead, Firefox displays the following message: "Additional plugins are required to display this page..."

The workaround is to download the JRE 1.6 plug-in by clicking the Install Missing Plugin link to install it manually.

1.5.3 Upgrading Sun JDK From 1.6.0_07 to 1.6.0_11

For information, see "Section 2.1.5.3, "Upgrading Sun JDK in the Oracle Home Directory."

1.5.4 JMSDELIVERYCOUNT Is Not Set Properly

When using AQ JMS with Oracle Database 11.2.0.1, JMXDELIVERYCOUNT is not set correctly.

The workaround is to apply patch 9932143 to Oracle Database 11.2.0.1. For more information, contact Oracle Support.

1.5.5 Viewer Plugin Required On Safari 4 To View Raw XML Source

You need a Safari plugin to view raw XML. If there is no plugin installed, you will see unformatted XML which will be difficult to read. This is because Safari applies a default stylesheet, which only displays the text nodes in the XML document.

As a workaround, go to View > View Source in the Safari menu bar to see the full XML of the metadata document. Also, selecting File > Save and choosing XML Files as the file type, will correctly save the XML metadata file with all the markup intact.

1.6 Downloading and Applying Required Patches

After you install and configure Oracle Fusion Middleware 11g Release 1 (11.1.1.4.0), there might be cases where additional patches are required to address specific known issues.

Complete the following steps to obtain a patch:

  1. Log into the My Oracle Support web site at https://myoraclesupport.com/.

  2. Click the Patches & Updates tab.

  3. Use the Patch Search area to locate patches.

  4. On the Patch Search Results page, select a patch and click Download to download the patch.

  5. Install the patch by following the instructions in the README file that is included with the patch.

Table 1-1 lists some of the specific Oracle Fusion Middleware patches that were available at the time these release notes were published.

For additional patching information, see Section 3.1.1, "Patches Required to Address Specific Upgrade and Compatibility Requirements".

Table 1-1 Patches Required to Fix Specific Issues with Oracle Fusion Middleware 11g

Oracle Fusion Middleware Product or ComponentBug/Patch NumberDescription

Oracle SOA Suite - Oracle BPM Worklist application

9901600

Unless you apply this patch, errors appear in the log files when you access the Event Driven page in the Oracle Business Process Management Worklist application.

Oracle XDK for Java

10337609

This patch fixes the following issue.

If you use the XSU utility to insert some data into the database, and the database connection had the connection property called oracle.jdbc.J2EE13Compliant set to "true", and the target column was some kind of numeric column, then it is possible for the insert to fail with a the following error:

java.lang.NumberFormatException

1.7 Licensing Information

Licensing information for Oracle Fusion Middleware is available at:

http://oraclestore.oracle.com

Detailed information regarding license compliance for Oracle Fusion Middleware is available at:

http://www.oracle.com/technetwork/middleware/ias/overview/index.html

PK=n2@@PK.V_E OEBPS/weblogic_server_issues.htm Oracle WebLogic Server

13 Oracle WebLogic Server

This chapter describes issues associated with Oracle WebLogic Server. It includes the following topics:


Note:

For a list of bugs that are fixed in WebLogic Server 11g Release 1 (10.3.6), enter the following document ID in the Search Knowledge Base field. You must enter the entire document ID.

1302753.1


13.1 General Issues and Workarounds

This section describes the following issues and workarounds:

13.1.1 Multi-Byte Characters Display Incorrectly in Filenames When Using Safari

When using the Safari browser to download content, if a filename contains multi-byte characters, the characters are displayed as '------' in the filename.

Workaround

Set UseHeaderEncoding to true on the Managed Server. Use the following WLST commands to do so:

connect("admin_name", "admin_password", "t3://localhost:port")
edit()
startEdit()
cd("Servers/server_name/WebServer/server_name")
set("UseHeaderEncoding", "true")
save()
activate()
exit()

13.1.2 Oracle WebLogic Server Version Number

Oracle Fusion Middleware 11g contains Oracle WebLogic Server 11g. The version number of Oracle WebLogic Server is 10.3.6.

13.1.3 Oracle ojdbc14.jar File Has Been Changed to ojdbc6.jar

The Oracle ojdbc14.jar file has been changed to ojdbc6.jar, for use with JDK 5 or 6. As a result, any explicit references you make to ojdbc14.jar must be changed to ojdbc6.jar.

13.1.4 Strong Password Enforcement May Cause Issues With WLST Offline Scripts

With the implementation of strong password enforcement (8 character minimum with one numeric or special character) in this release of WebLogic Server, existing scripts could potentially encounter issues.

Workaround

Use either of the following workarounds to bypass the new password restrictions.

  • Set the BACKWARD_COMPAT_PW_CHECK environment variable to true.

  • Include the -Dbackward.compat.pw.check=true option when invoking WLST.

Oracle recommends that you change passwords to comply with the new password requirements, as this variable and option will be removed in a future release of WebLogic Server.

13.1.5 In Turkish Locale, MDS Initialization Fails

Any applications that use an MDS repository cannot be deployed or run with the JAXB version bundled with WebLogic Server as null values are returned for attributes named id.

Workaround

Start the server in English locale.

13.1.6 Administration Server Reports a 'Too Many Open Files' Message on the EM Console

The WebLogic Server Administration Server reports a Too Many Open Files message on the Enterprise Manager (EM) console when the maximum number of file descriptors configured for the Administration Server is less than 65535.

Workaround

Execute the following command to determine the maximum number of file descriptors currently configured:

cat /proc/sys/fs/file-max

If the value is less than 65535, perform the following steps:

  1. Edit the file /etc/security/limits.conf with root permission:

    > sudo vi /etc/security/limits.conf
    
  2. Append the following two lines, using a value of 65535 or greater:

  3. *                soft    nofile          65535
    *                hard    nofile          65535
    
  4. Start a new terminal session.

  5. Execute the limit descriptors command to verify that descriptors has been increased to the specified value (at least 65535).

    > limit descriptors
    descriptors  65535
    

13.1.7 Availability of Sun JDK 6 U35-B52 for 10.3.5.0 Oracle WLS Generic Installation

Sun JDK 1.6.0.U35-B52 version is required for Oracle WebLogic Server 10.3.5.0 (PS4) generic installation on Linux x86-64, Microsoft Windows x64 (64-Bit), and Oracle Solaris platforms.

The mentioned version of JDK is not available for download from the Oracle Web site:

http://www.oracle.com/technetwork/indexes/downloads/index.html

Complete the following steps to download the required JDK version:

  1. Go to My Oracle Support:

    https://support.oracle.com
    
  2. Click the Patches & Updates tab.

  3. Enter patch 12346791 in the Patch Name or Number field, under Patch Search.

  4. Click Search.

  5. Select and download the patch for the required platform by following the instructions in the README file included with the patch.

13.2 Administration Console Issues and Workarounds

This section describes the following issues and workarounds:

13.2.1 Cached JDBC Information is not Displayed

Information about cached JDBC statements is not displayed on the JDBC Monitoring pages.

13.2.2 Pressing Browser Back Button Discards Context

After a page flow completes in the Administration Console, it forwards to a different page, typically a table.

Pressing the browser Back button at this point results in an attempt to load the last JSP file in the completed assistant. At this point, all of the context for this assistant is discarded.

Workaround

Oracle recommends that you do not use the browser Back button to step back into an assistant once changes are cancelled or finished, and that you do not go back to a previous step in an assistant. Instead, use the navigation links and buttons in the Administration Console.

13.2.3 Unsupported Work Manager Configurations Can Be Created

The Administration Console permits the creation of Work Manager configurations that are not supported and do not function as intended. Incorrect Work Manager configurations may result in a number of exceptions being recorded in the server logs, most commonly 'Validation problems were found' exceptions while parsing deployment descriptors.

Workaround

Follow the guidelines described in the online help for Work Manager configurations. Specifically, you can only assign one request class to any given Work Manager, and that request class must be of the same or a broader scope than the Work Manager. You should not assign an application-scoped request class to a global Work Manager, and you should not create more than one application-scoped request class for an application-scoped Work Manager.

Correcting the Work Manager configurations to match the documented constraints resolves these issues.

13.2.4 Server Status Table Reflects Inconsistent Information

The Server Status table on the Cluster: Monitoring: Summary page includes two default columns: Primary and Secondary Distribution Names. These fields do not always reflect all of the replication statistics that are collected and displayed on the Cluster: Monitoring: Failover page, depending on the replication scenario.

Please refer to the Cluster: Monitoring: Failover page for definitive information.

13.2.5 Exceptions When Defining a Security Policy for an EJB

When defining security policies in the Administration Console for an EJB deployment that references types defined in a separate library deployment, exceptions can be observed if that library deployment is not available to the Console.

Workaround

All library deployments should be targeted at the WebLogic Server Administration Server as well as any Managed Servers needed to support referencing applications. This will ensure that when defining policies, the Console will have access to those library deployments so that referenced types can be class-loaded as needed.

13.2.6 Administration Console Does Not Always Reflect External Changes Made in a Deployment Plan

The Administration Console does not always reflect external changes made in a deployment plan. If a change is made in a deployment plan outside of the Console (for example, using Workshop, editing the plan text files directly, or updating a deployment with a new plan using WLST or webLogic.Deployer) while a Console user is also viewing that deployment plan, the Console user will not see those changes.

Workaround

Navigate to a configuration page for a different deployment, then navigate back to the original deployment again.

13.2.7 Oracle OCI Driver Support

The Oracle OCI driver is no longer explicitly listed as a preconfigured driver type in the Administration Console.

Workaround

The Oracle OCI driver remains a supported driver for application data connectivity, consistent with prior releases of Oracle WebLogic Server. However, users must now specify all required configuration properties manually, including the data base username.

13.2.8 Data Takes a Long Time to Display on the Metric Browser Tab

When using Internet Explorer 7 (IE 7) to display data on the Metric Browser tab of the Monitoring Dashboard, it takes an unusually long time for the data to display, and during this time, the page is unresponsive. The amount of time it takes to display data on this tab depends on the size of the domain.

Workaround

If you need to display data on the Monitoring Dashboard > Metric Browser tab, open the Administration Console in a supported web browser other than IE 7, such as Internet Explorer 8 or greater, Firefox 3 or greater, or Safari 4 or greater.

13.3 Apache Beehive Support Issues and Workarounds

There are no known Apache Beehive Support issues in this release of WebLogic Server.

13.4 Clustering Issues and Workarounds

This section describes the following issue and workaround:

13.4.1 Threads Are Blocked on Cluster Messaging in Unicast Mode

When using Unicast mode for cluster communication, many threads are blocked on cluster messaging, which may result in cluster members having difficulty sending heartbeat messages. In this situation, some cluster members drop out from the cluster and may take some time to rejoin the cluster.

Workaround

Set the following system property to resolve this issue:

-Dweblogic.unicast.HttpPing=true

13.5 Configuration Issues and Workarounds

This section describes the following issues and workarounds:

13.5.1 ASProvWorkflowException Occurs When Creating a WebLogic Domain

In rare cases, if your installation environment contains existing JAVA_OPTIONS prior to starting a Fusion Middlware product installation, these may cause an ASProvWorkflowException, preventing the domain from being created.

Workaround

Prior to starting the Fusion Middleware product installation, clear the existing JAVA_OPTIONS. If you have an applicagtion in the environment that use these JAVA_OPTIONS, the applications may not work after clearing the options. In this case, save the existing JAVA_OPTIONS to a text file and investigate alternatives for running your other application.

13.5.2 Directory For a Non-Existent Server Name Is Created

If you attempt to connect to the WebLogic Server Administration Server with a non-existent server name, a directory for the non-existent server name is created under the domain_name/servers directory.

Workaround

Specify a valid server name when connecting to the Administration Server.

13.5.3 Abnormal Behavior in Terminal Window After Entering WebLogic Password

After pressing Ctrl-C to terminate the startManagedWebLogic.sh process immediately after entering the WebLogic password, abnormal behavior may be experienced in the terminal window. For example, when pressing Return, the prompt is tabbed instead of going to the next line, and any characters that are entered at the prompt are not displayed in the terminal.

Workaround

Either close the current xterm and start a new one, or enter stty echo into the xterm.

13.5.4 Creating and Updating Domains Takes Too Long

It can take a long time to create or update WebLogic Server domains when:

  • Installing WebLogic Server on UNIX or Linux operating systems if the Server Examples are included in the installation.

  • Using the WebLogic Server Configuration Wizard to create or update a domain.

  • Using WLST to create or update a domain.

Workaround

Set the CONFIG_JVM_ARGS environment variable to the following value:

-Djava.security.egd=file:/dev/./urandom

13.5.5 Password Field Is Not Editable When Configuring a New Domain

On Linux systems, when creating a new domain in the Oracle Fusion Middleware Configuration Wizard, the Password and Confirm Password fields are sometimes not editable, and you cannot enter a password to create a domain.

Workaround

There are two ways to work around this issue:

  • To work around the issue each time it happens, click the Close Window X button in the upper right corner of the Configuration Wizard. In the confirmation dialog that appears, click No to return to the Configuration Wizard. You can then enter and confirm the password for the domain.

  • To fix this issue permanently:

    1. Kill all scim processes. For example:

      kill `pgrep scim`

    2. Modify (or create) the file ~/.scim/config to include the following line (case-sensitive):

      /FrontEnd/X11/Dynamic = true

    3. If you are running VNC, restart the VNC server.

    4. Run the Configuration Wizard again.

13.6 Connector (Resource Adapter) Issues and Workarounds

There are no known Connector (Resource Adapter) issues in this release of WebLogic Server.

13.7 Console Extensions Issues and Workarounds

There are no known Extensions issues in this release of WebLogic Server.

13.8 Core Server and Core Work Manager Issues and Workarounds

This section describes the following issues and workarounds:

13.8.1 Threads Become Stuck While Waiting to Get a Connection

When a machine that is hosting one of the Managed Servers is abruptly shut down, a network cable is pulled, or its network interface card has issues, and any server attempts communication with that managed server, threads become stuck waiting to get a connection.

Workaround

This can currently be resolved by using a private flag:

-Dweblogic.client.SocketConnectTimeoutInSecs

and setting an appropriate timeout value that will release the thread attempting to make the connection and allow the request to fail quickly.

13.8.2 Using IPv6-Formatted Addresses

When using an IPv6-formatted address for WebLogic Server, the URL should include square brackets ('[' and ']') for the host address. Otherwise, WLST may fail to connect to the running server.

Workaround

Add square brackets to the host address. For example:

t3://[fe80:0:0:0:203:baff:fe2f:59e5]:9991

13.8.3 Server Cannot Be Started After a Whole Server Migration

If the WebLogic Server Administration Server is down when a Whole Server Migration occurs for a clustered server, and the server migrates to a machine on which it was never run before, the server cannot be started on the new machine.

Workaround

Use one of the following workarounds for this issue:

  • Ensure that the Administration Server is up when the server migration is being performed.

  • Use a shared disk/NFS for all the migratable servers in the cluster.

13.8.4 Object State is not Retained After Renaming Field

When FastSwap is enabled in a J2EE application, you can make certain types of changes to Java classes during development and expect to see the change without re-deploying, with all instance states of the Java object being retained.

One type of change that does NOT retain the object state is that when a field name is changed, it is treated as follows:

  • the field with old name is deleted

  • the field with new name is added

Thus, in this case, any state in the old field is not carried over to the renamed field.

Using the Workshop or FastSwap ant task, you may see a FastSwap operation completed successfully message, even when an instance field name change causes a value reset.

Workaround

You should expect an instance value to be reset when you change a field name.

13.8.5 Forcing Unicast Messages To Be Processed in Order

The following conditions can cause very frequent JNDI updates, and as a result, JMS subscribers may encounter a java.naming.NameNotFoundException:

  1. Unicast messaging is being used for cluster communication.

  2. The JMS topic connection is set with setReconnectPolicy("all").

  3. JMS durable subscribers on topic are created and removed very frequently.

Workaround

To fix this issue, a new property, MessageOrderingEnabled, has been added to the ClusterMBean. This property forces unicast messages to be processed in strict order. By default, this property is not enabled. To enable the property, add the following line manually to the <cluster> element in config.xml.

<message-ordering-enabled>true</message-ordering-enabled>

13.8.6 Servers Configured to Listen on a Host Name Are Listening on a Different Host Name After Startup

When using a host name to specify configuring the listen address on the WebLogic Server Administration Server or a Managed Server, machines that are configured with multiple Ethernet cards may listen on a different host name after startup. For example:

  • The machine has 3 Ethernet cards

  • Card 1 is mapped to hostname1-s (DNS registered host name)

  • Card 2 is mapped to hostname1-i (DNS registered host name)

  • Card 3 is mapped to hostname1 (actual node's host name)

  • You configure the server to listen on hostname1

  • After starting the server, it is listening on hostname1-s because Windows resolves the actual node's host name to the first enabled Ethernet card address

Workaround

Use one of the following three workarounds for this issue:

  1. Use the IP address, instead of the host name, as the listen address of the WebLogic Server Administration Server. On Managed Servers, use the IP address as the listen address, or configure the actual physical host name to the first Ethernet card in the machine.

  2. Add the following entry to the C:\Windows\system32\drivers\etc\hosts file on the machine:

    <ip_address> <hostname>

  3. Change the order of the network cards in the machine so that the card with the actual node's host name is Card 1.

13.8.7 Administration Server or Node Manager Cannot Track the Status of a Managed Server

If you start a managed server by providing an incorrect WebLogic Server Administration Server URL from the command line (that is, the Administration Server cannot be reachable at the provided URL), the managed server will start in Managed Server Independence (MSI) mode.

In this case, neither the Administration Server nor Node Manager can track the status of the managed server. The Administration Console will show the status of the managed server as UNKNOWN, but the server will actually be RUNNING in MSI mode.

13.8.8 Multicast Traffic Observed to be Unreliable During or After a Network Partition

During or after a network partition that causes a server migration to take place, multicast traffic has been observed to be unreliable. For example, one node may be receiving multicast traffic, but traffic originating from this node is not received on other nodes in the network. As a result, the migrated servers are not added to the cluster because their heartbeats were not received.

Workaround

Currently, the only known workaround is to use unicast cluster messaging.

13.9 Deployment Issues and Workarounds

This section describes the following issues and workarounds:

13.9.1 security-permission Element is not Available in weblogic-application.xml

The security-permission element is available in the weblogic.xml and weblogic-ejb-jar.xml deployment descriptors, but is not available in the weblogic-application.xml descriptor. Therefore, in an Enterprise application, you can only apply security policies to JAR files that are EJBs or Web applications.

13.9.2 Extraneous String Values Interpreted as File Specification

The weblogic.Deployer tool interprets any extraneous string values between command-line arguments as a file specification. For example, if you enter the command:

java weblogic.Deployer -activate -nostage true -name myname -source c:\myapp\mymodule

the tool attempts to activate a file specification named true, because the -nostage option takes no arguments and true is an extraneous string value.

13.9.3 java.lang.NoClassDefFoundError is Displayed

While using the WebLogic Server Administration Console with applications or EJBs deployed on a Managed Server that depend on a deployed library, you may encounter a java.lang.NoClassDefFoundError.

Workaround

The WebLogic Server Administration Console needs access to any shared library deployments so that Java data types and annotations can be processed. Therefore, all shared library deployments should always be targeted to the WebLogic Server Administration Server in addition to any Managed Servers or clusters.

13.9.4 The restore Method Does Not Update the DConfig Bean With Plan Overrides

The restore method does not correctly update the DConfig Bean with the plan overrides. For example, given the following steps:

  DeployableObject dObject =
     WebLogicDeployableObject.createDeployableObject(new File(appName));
  DeploymentConfiguration dConfig =
     WebLogicDeploymentManager.createConfiguration(dObject);
  dConfig.restore(new FileInputStream(new File(plan)));

the plan does not correctly override the DConfig Bean.

Workaround

Specify the plan when initializing the configuration for the application. For example:

    helper = SessionHelper.getInstance(
        SessionHelper.getDisconnectedDeploymentManager());
    helper.setApplication(app);
    helper.setPlan(new File(plan));
    helper.initializeConfiguration();

13.9.5 config-root <directory> not found Warning Is Displayed When Applying a Plan

If you use the Administration Console to make configuration changes to an application, a deployment plan will be generated. If external descriptors are generated as part of the deployment plan, they are placed in the config root plan directory. This directory will be set in the deployment plan 'config-root' attribute.

If no external descriptors are required, the config root directory will not be created, and a warning is displayed when you apply the deployment plan. This results in the following warning in the server output:

<Warning <WWebLogicDescriptorWL> <BEA-2156000><"config-root" C:\deployments\plan was not found>.

Workaround

Create the plan directory manually.

13.9.6 Deployment Task Fails When a Large Application File Is Deployed

When a large application file is deployed using the upload option, the deployment task fails with the following error:

java.lang.OutOfMemoryError: Java heap space

To resolve this issue, a new system property, weblogic.deploy.UploadLargeFile, has been added. If you see this issue, include this flag in the java command you use to launch a deployment client.

If you are using the WebLogic Server patch releases 9.2 MP2, 9.2 MP3,10.0 MP1, 10.0 M2, 10.3, 10.3.1, 10.3.2, or 10.3.3, this flag is not needed.

13.9.7 Application State Is Not Updated If the Server Starts in MSI Mode

A managed server will start in MSI mode if the WebLogic Server Administration Server is not available when the managed server starts. If you start the Administration Server later, the managed server will connect to the Administration Server. However, the state of each application deployed to the managed server is not updated to reflect the state of the applications on the managed server. Each application's state is displayed as NEW or PREPARED in the WebLogic Server Administration Console.

Workaround

There are two workarounds for this issue:

  • Start the Administration Server before starting the managed server, or

  • Redeploy the application after starting the Administration Server.

13.9.8 Attempting to Redeploy an Application Fails if the Application is Already Deployed Using a Different Source File Location

If you initially deployed an application using one source file location, then attempt to redeploy the application using a new location for the source file, the deployment fails with the following exception:

New source location <new_source_file_path> cannot be configured deployed to 
configured application, <application_name>. The application source is at 
original_source_file_path. Changing the source location is not allowed for a 
previously attempted deployment. Try deploying without specifying the source.

This is due to a WebLogic Server deployment restriction. Once you specify the source file for a deployment, you cannot change it on a redeployment.

Workaround

Undeploy the application before attempting to redeploy it using a new source file location.

13.10 EJB Issues and Workarounds

This section describes the following issues and workarounds:

13.10.1 Primary Key in Oracle Table is CHAR

The primary key in an Oracle table is a CHAR but the query field in the SQL table is a VARCHAR2.

Workaround

Change the database schema from CHAR to VARCHAR2. Using CHAR as a primary key is not recommended for the Oracle database.

13.10.2 No Available Annotation That Enables Creation of a Clusterable Timer

There is no annotation for EJB3 beans or Ejbgen that enables creation of a clusterable timer.

Workaround

Create a weblogic-ejb-jar.xml file and put the <timer-implementation> element and corresponding values into the file.

13.10.3 Kodo's MappingTool Cannot Generate Schemas

Kodo's MappingTool cannot generate schemas for classes that use BLOBs in their primary key. BLOBs can be used in a primary key, but the schema must be defined manually. Note that support for BLOB columns in primary keys is not mandated by either the JDO or JPA specifications.

13.10.4 Extensions to the JPA Metadata Model Can Only Be Specified Via Annotations

Extensions to the JPA metadata model can only be specified via annotations, and not via a structure similar to the orm.xml file defined by the specification.

Workaround

To specify Kodo-specific metadata for your object model, either:

  • use the Kodo-specific annotations, or

  • convert your XML-based metadata to the JDO metadata format, which does support XML specification of extensions.

13.10.5 Lookup Method Injection Not Supported by Spring

The Weblogic Spring injection extension model doesn't support lookup method injection.

13.10.6 Deserializing a JDO PersistenceManagerFactory in a Managed Environment May Fail

Deserializing a JDO PersistenceManagerFactory in a managed environment may fail. The exception states that the javax.jdo.PersistenceManagerFactoryClass property is missing. Note that serializing a PersistenceManagerFactory should not generally be necessary in a managed environment.

13.10.7 Indexes Not Always Created During Schema Creation

Indexes declared at the class level are not always created during schema creation.

Workaround

Create the indexes manually after running the schema generation tools.

13.10.8 OpenJPA throws an exception when @Id fields are also annotated as @Unique

OpenJPA throws an exception when @Id fields are also annotated as @Unique in some databases. Database primary keys are unique by definition. Some databases implement this by creating a unique index on the column.

Workaround

Do not specify both @Id and @Unique on a single field.

13.10.9 Cache Hit and Miss Counts May Rise Unexpectedly

The cache hit and miss counts may rise unexpectedly when manipulating entities without version data. The extra cache access occurs when the EntityManager closes and all contained entities are detached. Entities without version fields appear to the system to be missing their version data, and the system responds by checking their version in the cache before detachment.

Workaround

Entities with version fields or other version strategies do not cause extra cache access.

13.10.10 Open JPA Tries to Create a Table Even if the Table Exists

When using the MySQL database, and OpenJPA is configured to automatically run the mapping tool at runtime and create tables within the default schema (for example):

<property name='openjpa.jdbc.SynchronizeMappings' value='buildSchema'/>
<property name='openjpa.jdbc.Schema' value='MySQL database name' />

OpenJPA will try to create the table even if the table already exists in the database. A PersistenceException will be thrown to indicate that the table already exists and the table creation statement fails.

Workaround

To avoid this problem, if you are using the MySQL database, don't configure OpenJPA to automatically run the mapping tool at runtime and specify the default schema at the same time.

13.10.11 EJB Applications Fail During Serialization

EJB applications that use IIOP and send JPA entities from the server to the client will fail during deserialization if the entities are Serializable (but not Externalizable) and do not declare a writeObject() method.

Workaround

Add a writeObject() method to such entity classes. The write object can be trivial:

private void
writeObject(java.io.ObjectOutputStream out)
   throws IOException {
  out.defaultWriteObject();
}

13.10.12 Non-Transactional Message-Driven Bean Container Can Fail to Provide Reproducible Behavior For Foreign Topics

When using multi-threaded processing for non-transactional topic Message-Driven Beans (MDBs) that specify a foreign topic (non-WebLogic) JMS, the MDB container can fail to provide reproducible behavior. For example, if a runtimeException is thrown in the onmessage() method, the container may still acknowledge the message.

Workaround

Set the max-beans-in-free-pool attribute to 1 in the deployment descriptor.

13.11 Examples Issues and Workarounds

This section describes the following issues and workarounds:

13.11.1 Security Configuration in medrec.wls.config

The medrec.wls.config target in SAMPLES_HOME/server/medrec/setup/build.xml has a known issue with respect to security configuration.

13.11.2 HTML File not Created for StreamParser.java File

The ../xml/stax example contains two files with the same root but different extensions: StreamParser.java and StreamParser.jsp. The samples viewer build, however, creates just one corresponding HTML file, rather than two for each type of file. In this case only the StreamParser.jsp file has an equivalent HTML file; the StreamParser.java file does not.

The problem occurs because of a setting in the build.xml file that controls the behavior of java2html to generate the files for the documentation.

When using java2html, the useShortFileName="true" parameter crops off the file extensions for the source files to create the file names for the HTML output files. If two files have the same name and different file extensions, whichever HTML file is generated last will overwrite previous ones.

Workaround

Set the useShortFileName parameter to "false". This setting generates HTML files with the file extensions included in the name. The drawback to this solution is that every link that points to the HTML output file needs to be revised, regardless of whether the files in question were affected by the bug.

13.11.3 Warning Message Appears When Starting Medrec or Samples Domain

When you start the medrec or samples domains, you may see a warning message similar to this:

<Warning> <WorkManager> <BEA-002919> <Unable to find a WorkManager with name 
weblogic.wsee.mdb.DispatchPolicy. Dispatch policy 
weblogic.wsee.mdb.DispatchPolicy will map to the default WorkManager for the 
application bea_wls_async_response>

This warning message appears in the standard output of the Console while starting a WebLogic Server sample application with an asynchronous Web Service deployed.

Workaround

The warning is harmless and can be ignored.

13.12 HTTP Publish/Subscribe Server Issues and Workarounds

This section describes the following issues and workarounds:

13.12.1 Authentication and Authorization of the Local Client is not Supported

The HTTP Publish/Subscribe server does not support authentication and authorization of the local client. The local client has full permissions to operate on channels of the HTTP Publish/Subscribe server, which means the local client can create/delete channels and publish/subscribe events from channels.

13.12.2 Event Messages Published by Local Clients Cannot Be Received

In a clustering environment, event messages published by a local client on a server can be received only by subscribed clients connected to the same server. These messages cannot be received by subscribed clients connected to other servers in the cluster.

13.12.3 Event Messages Published By Local Clients Do Not Go Through Filters

Event messages published to a channel by a local client will not go through the Message Filters configured to that channel.

13.13 Installation Issues and Workarounds

This section describes the following issues and workarounds:

13.13.1 Sybase JDBC Drivers Not Downloaded with Upgrade Installation

The Oracle WebLogic Server 11g Release 1 installer does not download the Sybase JDBC drivers. When you try to upgrade an existing WebLogic Server 10.3 installation using the latest installer, it does not remove the Sybase JAR files from the original installation. The installer upgrades only the weblogic.jar file.

The Sybase JAR files (jconn2.jar, jconn3.jar, and jConnect.jar) in the /server/lib or /server/ext/jdbc/sybase directories are removed from the manifest classpath in the upgraded weblogic.jar file. Therefore, if the classpath of a WebLogic Server application does not include Sybase JAR files and only includes weblogic.jar then after the upgrade installation, the application will throw a ClassNotFoundException.

To work around this issue, explicitly add Sybase JAR files in the WebLogic Server application classpath.

13.13.2 Improper Rollback to Previous Installation May Occur After Exiting an Upgrade Installation Prematurely

When using an Upgrade installer or Smart Update to upgrade an existing WebLogic Server 10.3.x installation to WebLogic Server 10.3.4, if you abort the upgrade before completion, the installation should automatically roll back to the prior installation. This may not always occur, resulting in an unusable installation.

13.13.3 WebLogic Server Installer Fails With Insufficient Disk Space Error

The WebLogic Server installer can fail with an insufficient disk space error, even when there is a large amount of available disk space on the file system or disk.

Workaround

Use the -Dspace.detection property in the installation command to disable the available space check. For example:

java -Xmx1024M -Dspace.detection=false -jar installer_file_name -mode=silent -silent_xml=silent.xml

or

wls1034_linux.bin -Dspace.detection=false

13.13.4 Installation Fails with Fatal Error

The installer does not verify whether sufficient disk space is available on the machine prior to completing the installation. As a result, if an installation cannot be completed due to insufficient space, the installer displays the following error message and exits:

Fatal error encountered during file installation. The installer will now
cleanup and exit!

Workaround

If this problem occurs, restart the installer using the following command:

server103_linux32.bin -log=log.out -log_priority=debug

The preceding command generates a log of the installation procedure, providing details about the exact cause of the failure. If the cause is indeed insufficient space, the log file indicates it explicitly.

13.14 Java EE Issues and Workarounds

This section describes the following issues and workarounds:

13.14.1 FastSwap May Relax the Access Modifiers of Fields and Methods

FastSwap may relax the access modifiers of fields and methods. Private and protected members may be made public at runtime. This changes the behavior of reflection and may affect reflection-based frameworks such as Struts.

13.14.2 FastSwap Does Not Support Redefinition of the Entity Bean and ejbClass

FastSwap does not support redefinition of the Entity bean and ejbClass (Session/MDB). Therefore, any updates to entity classes will cause redefinition errors.

Workaround

After updating an entity class, redeploy the application.

13.14.3 Classpath Order Is Not Guaranteed When There Are Multiple JARs in an EAR File

When you have an EAR file containing separate JAR files, and two or more of those JAR files have a class with the same name, it is not possible to predict from which of those JAR files WebLogic Server will instantiate the class. This is not an issue if the classes are the same, but if they are different implementations, the results are unpredictable.

Workaround

Currently there is no known workaround for this issue.

13.15 JDBC Issues and Workarounds

This section describes the following issues and workarounds:

13.15.1 Call To setTransactionIsolation() May Fail When Using the JDBC Driver for MS SQLServer

When using the JDBC driver for MS SQLServer, a call to setTransactionIsolation() may fail in a transactional context if getTransactionIsolation() is called first.

13.15.2 An Attempt to Access a Remote 10.3.2 or Later WLS Data Source Fails

A new system property, -Dweblogic.jdbc.remoteEnabled, has been added to JDBC in Oracle WebLogic Server 10.3.2. For compatibility with prior releases of WebLogic Server, the default setting of this property is true. When this property is set to false, remote JDBC access is turned off, and such access results in an exception.

Remote access may occur explicitly in an application, or implicitly during a global (XA/JTA) transaction with a participating non-XA data source that is configured with the LLR, 1PC or Emulate XA global transaction option. The following enumerates the cases when an exception will be thrown, and work-arounds for each case (if any).

An exception occurs in the following cases. A workaround (if any) for a given case is provided.

  • When a stand-alone client application uses any type of data source.

  • When an application that is hosted on WebLogic Server uses any type of data source, and the data source is not configured (targeted) locally. A potential workaround is to target the data source locally.

  • When accessing a same named non-XA data source with a transaction option of LLR, 1PC or Emulate XA on multiple WebLogic Server instances in the same global transaction. In this case, there are two potential work-arounds:

    • Change data sources to use XA instead (this may lower performance), or

    • For the 1PC/emulateXA types, change the application to ensure the data source is accessed from a single server.

  • When accessing a non-XA data source with the LLR transaction option on a server that is different than the transaction coordinator. For server-initiated transactions, the coordinator location is chosen based on the first participating resource in the transaction. In this case, there are two potential work-arounds: (a) change the data source to use XA instead (this may lower performance); or (b) change the application to ensure data source access on the transaction coordinator, as described in "Optimizing Performance with LLR" in Oracle Fusion Middleware Programming JTA for OracleWebLogic Server. The latter may not be possible in some cases; for example, when an MDB application receives messages from a remote WebLogic JMS server, the transaction coordinator will always be the WebLogic server that's hosting the JMS server, but it may not be possible to move the MDB application to the same WebLogic server.

    • Change the data source to use XA instead (this may lower performance), or

    • Change the application to ensure data source access on the transaction coordinator, as described in "Optimizing Performance with LLR" in Oracle Fusion Middleware Programming JTA for Oracle WebLogic Server. This workaround may not be possible in some cases. For example, when an MDB application receives messages from a remote WebLogic JMS server, the transaction coordinator will always be the WebLogic Server instance that is hosting the JMS server, but it may not be possible to move the MDB application to the same WebLogic Server instance.

13.15.3 ORA-01591 Errors Occur on SOA Servers Configured to Use Multiple Oracle RAC Nodes

On SOA servers using multiple Oracle RAC database nodes, when WebLogic Server multi data sources are configured for XA and load balancing, ORA-10591 errors can occur.

Workaround

Download and apply Oracle RAC database patch 7675269 for Linux x86, Oracle Release 11.1.0.7.0. You can download this patch from My Oracle Support. Alternatively, you can download and apply patch set 9007079 for Linux x86, Oracle Release 11.1.0.7.0, which includes the patch 7675269.

13.16 JMS Issues and Workarounds

This section describes the following issues and workarounds:

13.16.1 Deployment Descriptor Validation Fails

Deployment descriptor validation fails when descriptor validation is enabled, and an EAR file contains only JMS modules.

Workaround

Make sure that there is at least one J2EE specification-compliant module in the EAR.

13.16.2 Exception When Multiple Producers Use the Same Client SAF Instance

When multiple JMS producers use the same JMS Client SAF instance (within a single JVM), depending on the timing of the JMS SAF client creation, you might receive the following exception:

Error getting GXA resource [Root exception is weblogic.jms.common.JMSException:
weblogic.messaging.kernel.KernelException: Error getting GXA resource]

Workaround

When using multiple JMS SAF client producers, try introducing a small delay between the creation of each new client.

13.16.3 Multi-byte Characters are not Supported in Store File and Directory Names

There is no support for multi-byte characters in WebLogic Store file and directory names. For instance, when the WebLogic Server name has multi-byte characters, the default store cannot be created, and WebLogic Server will not boot.

Workaround

Create WebLogic Server instances without multi-byte characters in the path name and use that path name for the default store configuration. Do not use multi-byte characters in the Weblogic Server name.

13.16.4 Generation of the Default UOO Name Has Changed

WebLogic Server 10.3.4 contains a fix for configurations that set a default unit-of-order (UOO) on a JMS regular destination, distributed destination, or template. This fix ensures that the default unit-of-order name stays the same even after a restart of the destination's host JMS server. The default UOO name is now based on the domain, JMS server, and destination names.

13.16.5 Testing Abrupt Failures of WebLogic Server When Using File Stores on NFS

Oracle strongly recommends verifying the behavior of a server restart after abrupt machine failures when the JMS messages and transaction logs are stored on an NFS mounted directory. Depending on the NFS implementation, different issues can arise post failover/restart. For more information, see Section 6.3, "Testing Abrupt Failures of WebLogic Server When Using File Stores on NFS."

13.16.6 JMS Message Consumers Will Not Always Reconnect After a Service Migration

JMS message consumers will not always reconnect after a service migration when an application's WLConnection.getReconnectPolicy() attribute is set to all. If the consumers do not get migrated, either an exception is thrown or onException will occur to inform the application that the consumer is no longer valid.

Workaround

The application can refresh the consumer either in the exception handler or through onException.

13.16.7 Forcing Unicast Messages To Be Processed in Order

Certain conditions can cause very frequent JNDI updates, and as a result, JMS subscribers may encounter a java.naming.NameNotFoundException. For more information, see Section 13.8.5, "Forcing Unicast Messages To Be Processed in Order."

13.17 JNDI Issues and Workarounds

There are no known JNDI issues in this release of WebLogic Server.

13.18 JSP and Servlet Issues and Workarounds

This section describes the following issues and workarounds:

13.18.1 Deployment Plans Cannot Be Used To Override Two Descriptors

Deployment plans cannot be used to override the following two descriptors during deployment of a Web application or a Web module: WEB-INF/classes/META-INF/persistence.xml and WEB-INF/classes/META-INF/persistence-configuration.xml. Deployment plans can otherwise be used to override any descriptor.

Workaround

Package WEB-INF/classes/META-INF/persistence.xml and WEB-INF/classes/META-INF/persistence-configuration.xml (if present) along with related class files into a JAR file. The JAR file must then be placed in the WEB-INF/lib directory of the Web application or Web module. A deployment plan can be used to override the two descriptors in such a JAR file.

13.18.2 Spring Dependency Injection Not Supported on JSP Tag Handlers

With the Spring extension model enabled, WebLogic Server 10.3 or later does not support Spring Dependency Injection (DI) on JSP tag handlers for performance reasons.

Currently, WebLogic Server supports Spring DI on most Web components, for example, servlets, filters and listeners. Spring DI is not, however, presently supported on JSP tag handlers for performance reasons.

13.18.3 503 Error When Accessing an Application With a Valid sessionid

When a session is persistent and an older version of a servlet context is retired, accessing the application with a valid sessionid will cause a 503 error.

For example, the session-persistent type of a versioned Web application is 'file'. A user can access the application successfully. Later, version 2 of the application is redeployed and version 1 is retired. If the same user accesses the application, they will get a 503 error.

13.19 JTA Issues and Workarounds

There are no known JTA issues in this release of WebLogic Server.

13.20 Java Virtual Machine (JVM) Issues and Workarounds

This section describes the following issues and workarounds:

13.20.1 1.4 Thin Client Applet Cannot Contact WebLogic Server

Due to a known Sun Microsystems VM bug (513552), a 1.4 Thin Client Applet cannot contact WebLogic Server 9.0 or later. This is because the VM does not distinguish correctly between a client and a server connection. The VM creates a server-type connection and caches it. It then attempts to make a client-type connection, finds the cached connection and tries to use that, but then encounters an error because clients are not allowed to use server connections.

13.20.2 Applications Running on Some Processors May Experience Intermittent Time Issues

Applications that run on RH Linux on Intel G5 processors and that also directly or indirectly use system time calls may experience intermittent time issues if the ClockSource is set to tsc (the default). The standard POSIX C gettimeofday() call, and consequently also the Java System.currentTimeMillis() and java.util.Date() calls can intermittently return a value that is approximately 4400 seconds in the future, even in a single-threaded application.

This issue is not unique to WebLogic or Java, but applies to any application running on RH Linux on Intel G5 processors. Issues can occur for applications that either explicitly make a time call using standard Java, or explicitly by using any time-based application server services.

Possible symptoms include, but are not limited to, premature transaction timeouts, unexpected expiration of JMS messages, and incorrectly scheduled timers.

If you're interested in a standalone reproducer for this problem, contact Oracle and reference bug number 8160147.

Workaround

There is no known official patch for Linux. Instead, change the clock source from tsc to hpet. After making this modification on test systems, exceptions due to invalid System.currentTimeMillis()/gettimeofday() return values were no longer seen. To change the system clock from tsc to hpet on a trial basis, perform the following steps as root:

  1. Disable ntpd (if running)

  2. Echo 'hpet' &gt; /sys/devices/system/clocksource/clocksource0/current_clocksource

  3. Enable ntpd

Note that this change will not survive a reboot. For more information, please see: http://www.gossamer-threads.com/lists/linux/kernel/813344

13.20.3 JRockit JVM Appears to Freeze When Doing Long Array Copies

The JRockit JVM appears to freeze when doing long array copies as part of unlimited forward rolling. This can happen when multiple server reboots occur due to Out Of Memory conditions.

Workaround

When booting the servers, include the following JRockit JVM flag:

 -XXrollforwardretrylimit:-1

13.20.4 Serial Version UID Mismatch

A Serial Version UID Mismatch issue is encountered if you deploy an application on a latest JVM, but compiled with previous Service Release of IBM Java 6 JDK.

Workaround

To be compatible with the serialization of previously compiled applications, modify the BEA_HOME/wlserver_10.3/common/bin/commEnv.sh file to include the following command:

JAVA_OPTIONS="$JAVA_OPTIONS 
-Dcom.sun.xml.namespace.QName.useCompatibleSerialVersionUID=1.0"

Alternatively, you can use the command line option:

export IBM_JAVA_OPTIONS=
"-Dcom.sun.xml.namespace.QName.useCompatibleSerialVersionUID=1.0"

If you intend to deploy new applications with previously compiled applications, they must be recompiled as necessary to have the same Serial Version UID.

13.20.5 JVM Stack Overflow

You might encounter a JVM stack overflow error or exception while running WebLogic Server. This issue applies to Oracle Enterprise Linux 4, 5, 5.1 on AMD64 and 64-bit Xeon platforms.

Workaround

Increase the stack size from the default 128k to 256k.

13.20.6 Using AWT libraries May Cause a JVM Crash

You might encounter a JVM crash when using GUI libraries such as AWT or javax.swing (which often delegates to AWT).

Workaround

Start the server using the following flag:

-Djava.awt.headless=true

13.21 Monitoring Issues and Workarounds

This section describes the following issue and workaround:

13.21.1 MBean Attributes Not Explicitly Marked as @unharvestable Appear as Harvestable

The @unharvestable tag is not being honored at the interface level. If MBean attributes are not explicitly marked as @unharvestable, they are considered to be harvestable and will appear as harvestable in the WebLogic Administration Console.

Workaround

You can explicitly mark MBean attributes as @unharvestable.

13.21.2 Events Generated By the JVM Level Are Not Generated at Low Volume

In WebLogic Server 10.3.3, the default WLDF diagnostic volume setting was Off. As of WebLogic Server 10.3.4, the default diagnostic volume setting is Low Volume, and events generated by the JVM level are not being generated at the Low Volume setting in WebLogic Server 10.3.4 (JVM-level events were generated at the Low Volume setting in WebLogic Server 10.3.3). The JVM-level events are still generated at the High Volume and Medium Volume settings in WebLogic Server 10.3.4.

Workaround

Use one of the following workarounds to cause the JVM-level events to be generated:

  • Increase the WLDF diagnostic volume to the Medium or High level.

  • Use JRMC, JRCMD, or the JRockit command line settings to activate a separate flight recording in the WebLogic Server instance. By doing so, JVM will cause JVM events to be present at all WLDF diagnostic volume settings (Off, Low, Medium, and High).

13.21.3 WLDF Performance Issues Can Occur When JVM Events Are Enabled

When JVM events are enabled, WLDF performances issues may occur in the following situations:

  • If there are no other JRockit flight recordings enabled, performance can degrade when the WLDF diagnostic volume is set to Medium or High level.

  • If other JRockit flight recordings are enabled, performance can degrade at all WLDF diagnostic volume levels (Off, Low, Medium, and High).

13.22 Node Manager Issues and Workarounds

There are no known Node Manager issues in this release of WebLogic Server.

13.23 Operations, Administration, and Management Issues and Workarounds

There are no known Operations, Administration, and Management issues in this release of WebLogic Server.

13.24 Oracle Kodo Issues and Workarounds

There are no known Oracle Kodo issues in this release of WebLogic Server.

13.25 Plug-ins Issues and Workarounds

This section describes the following issue for various WebLogic Server plug-ins:

13.25.1 apr_socket_connection Exception Occurs When Using the IIS Plug-In

Under the following circumstances, the IIS plug-in may not work, resulting in an apr_socket_connection error:

  1. Both the IIS and Weblogic Server instances are on the same machine.

  2. IPv6 is enabled on the machine, but the machine is not in an IPv6 environment (that is, the IPv6 interface is enabled but is not working).

  3. The listen address of the WebLogic Server instance is set to the simple host name.

  4. Either the directive WebLogicHost or WebLogicCluster is set to the simple host name for the IIS instance.

13.26 Protocols Issues and Workarounds

There are no known Protocols issues in this release of WebLogic Server.

13.27 RMI-IIOP Issues and Workarounds

This section describes the following issue and workaround:

13.27.1 Ant 1.7 rmic Task Incompatibility

Calls to the Ant version 1.7 rmic task automatically add a -vcompat flag, which is not compatible with rmic for Oracle WebLogic Server.

Workaround

Use either of the following workarounds if your rmic call is of the form:

rmic classname="com.bea.crmsimulation.legacyra.LegacyAdapter"
   base="${module_location}/core-legacy-ra/classes"
   classpath="${core.classes}" compiler="weblogic" />
  • Add a stubversion

    <rmic classname="com.bea.crmsimulation.legacyra.LegacyAdapter"
       base="${module_location}/core-legacy-ra/classes"
       classpath="${core.classes}" compiler="weblogic"
       stubversion="1.2"/>
    
  • Remove the compiler flag

    <rmic classname="com.bea.crmsimulation.legacyra.LegacyAdapter"
       base="${module_location}/core-legacy-ra/classes"
       classpath="${core.classes}"
    

13.28 Security Issues and Workarounds

This section describes the following issues and workarounds:

13.28.1 StoreBootIdentity Works Only if the Appropriate Server Security Directory Exists

The option -Dweblogic.system.StoreBootIdentity works only if the appropriate server security directory exists. This directory is usually created by the Configuration Wizard or upgrade tool.

However, the appropriate server security directory could be absent in domains checked into source-control systems.

13.28.2 Boot Time Failure Occurs With SecurityServiceException

A WebLogic Server instance can experience a boot time failure with a SecurityServiceException when the RDBMS Security Data Store is configured for a DB2 database using the DB2 driver supplied with WebLogic Server.

Workaround

When RDBMS Security Data Store is using the AlternateId connection property for a DB2 database, you must also set the additional property BatchPerformanceWorkaround as true when using the DB2 driver supplied with WebLogic Server.

13.28.3 Authentication Failure After Upgrading a Domain From WLS 6.1

After upgrading a domain from WLS 6.1, the WebLogic Server instance will not boot due to an authentication failure.

Workaround

A system user password must be set up in the WLS 6.1 domain before or after the upgrade process in order for the WebLogic Server instance to boot properly.

13.28.4 InvalidParameterException Message Generated and Displayed

After you configure either the Identity Provider or Service Provider services for SAML 2.0 and attempt to publish the SAML 2.0 services metadata file, an InvalidParameterException message may be generated and displayed in the Administration Console.

Workaround

When configuring the SAML 2.0 federation services for a WebLogic Server instance, be sure to enable all binding types that are available for the SAML role being configured. For example, when configuring SAML 2.0 Identity Provider services, you should enable the POST, Redirect, and Artifact bindings. When configuring SAML 2.0 Service Provider services, enable the POST and Artifact bindings. Optionally, you may choose a preferred binding.

13.28.5 Enabling Both the Authentication and Passive Attributes In SML 2.0 Service Provider Services Is an Invalid Configuration

When configuring SAML 2.0 Service Provider services, enabling both the Force Authentication and Passive attributes is an invalid configuration that WebLogic Server is unable to detect. If both these attributes are enabled, and an unauthenticated user attempts to access a resource that is hosted at the Service Provider site, an exception is generated and the single sign-on session fails.

Note that the Force Authentication attribute has no effect because SAML logout is not supported in WebLogic Server. So even if the user is already authenticated at the Identity Provider site and Force Authentication is enabled, the user is not forced to authenticate again at the Identity Provider site.

Avoid enabling both these attributes.

13.28.6 Running the WebLogic Full Client in a Non-Forked VM

If the WebLogic Full Client is running in a non-forked VM, for example by means of a <java> task invoked from an Ant script without the fork=true attribute, the following error might be generated:

java.lang.SecurityException: The provider self-integrity check failed.

This error is caused by the self-integrity check that is automatically performed when the RSA Crypto-J library is loaded. (The Crypto-J library, cryptoj.jar, is in the wlfullclient.jar manifest classpath.)

This self-integrity check failure occurs when the client is started in a non-forked VM and it uses the Crypto-J API, either directly or indirectly, as in the following situations:

  • The client invokes the Crypto-J library directly.

  • The client attempts to make a T3S connection, which triggers the underlying client SSL implementation to invoke the Crypto-J API.

When the self-integrity check fails, further invocations of the Crypto-J API fail.

Workaround

When running the full client in a <java> task that is invoked from an Ant script, always set the fork attribute to true.

For more information about the self-integrity check, see "How a Provider Can Do Self-Integrity Checking" in How to Implement a Provider in the Java™ Cryptography Architecture, available at the following URL:

http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/HowToImplAProvider.html#integritycheck

13.28.7 Random Number Generator May Be Slow on Machines With Inadequate Entropy

In order to generate random numbers that are not predictable, SSL security code relies upon "entropy" on a machine. Entropy is activity such as mouse movement, disk IO, or network traffic. If entropy is minimal or non-existent, then the random number generator will be slow, and security operations may time out. This may disrupt activities such as booting a Managed Server into a domain using a secure admin channel. This issue generally occurs for a period after startup. Once sufficient entropy has been achieved on a JVM, the random number generator should be satisfied for the lifetime of the machine.

For further information, see Sun bugs 6202721 and 6521844 at:

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6202721

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6521844

Workaround

On low-entropy systems, you can use a non-blocking random number generator, providing your site can tolerate lessened security. To do this, add the -Djava.security.egd=file:///dev/urandom switch or file:///dev/./urandom to the command that starts the Java process. Note that this workaround should not be used in production environments because it uses pseudo-random numbers instead of genuine random numbers.

13.29 SNMP Issues and Workarounds

There are no known SNMP issues in this release of WebLogic Server.

13.30 Spring Framework on WebLogic Server Issues and Workarounds

This section describes the following issues and workarounds:

13.30.1 OpenJPA ClassFileTranformer Does Not Work When Running on JRockit

The OpenJPA ClassFileTranformer does not work when running WebLogic Server on JRockit.

Workaround

Use an alternative method of applying enhancements at build time through an OpenJPA enhancer compiler; do not use the LoadTimeWeaver.

13.30.2 petclinic.ear Does Not Deploy on WebLogic Server

For the SpringSource petclinic sample, the petclinic.war deploys without any problems. The petclinic.ear will not deploy on WebLogic Server because it is not packaged correctly. A request has been sent to SpringSource to fix the petclinic.ear packaging.

13.31 System Component Architecture (SCA) Issues and Workarounds

There are no known SCA issues in this release of WebLogic Server.

13.32 Upgrade Issues and Workarounds

This section describes the following issue:

13.32.1 Domains Created on WebLogic Server 10.3.1 Cannot Be Run on WebLogic Server 10.3

If you create a domain using WebLogic Server 10.3.1, then roll back to WebLogic Server 10.3, you will not be able to start the servers that you created in that domain. This is a known restriction, as the config.xml file contains references to newer schema definitions (xmlns.oracle.com) that did not exist in WebLogic Server 10.3.

13.33 Web Applications Issues and Workarounds

This section describes the following issues and workarounds:

13.33.1 Administration Console Fails to Implement session-timeout Changes

If the session-timeout is configured in the web.xml file, any changes made to change the session-timeout using the Administration Console do not take effect.

Workaround

Use a deployment plan to override the session-timeout setting.

13.33.2 Connection Pool Connection Reserve Timeout Seconds Value is Overridden

When using a JDBC session, the value of Connection Reserve Timeout Seconds for a connection pool is changed to be one of the following:

  • the JDBC connection timeout seconds, which is defined in the session descriptor (either in weblogic.xml or weblogic-application.xml)

  • the default value of 120 seconds

Workaround

Configure jdbc-connection-timeout-secs in the session descriptor.

13.33.3 Database Connections Become Unstable When a PoolLimitSQLException Occurs

When a PoolLimitSQLException occurs during a JDBC persistence session, connections to the database become unstable, and may fail with recovery or fail without recovery. This results in the loss of session data. Either an older session or null is returned.

13.33.4 Web Page Fails to Open When Accessing It Using the SSL Port

When accessing a Web page using the SSL port, the page fails to open and the following error is reported:

Secure Connection Failed 
 
An error occurred during a connection to <hostname>. 
 
You have received an invalid certificate. Please contact the server 
administrator or email correspondent and give them the following information: 
 
Your certificate contains the same serial number as another certificate 
issued by the certificate authority. Please get a new certificate containing a unique serial number.

Workaround

The following workaround can be used for Firefox.

If you have received this error and are trying to access a web page that has a self-signed certificate, perform the following steps in Firefox:

  1. Go to Tools > Options >Advanced > Encryption tab > View Certificates.

  2. On the Servers tab, remove the certificates.

  3. On the Authorities tab, find the Certificate Authority (CA) for the security device that is causing the issue, and then delete it.

If you are using Internet Explorer or other web browsers, you can ignore the Warning page that appears and continue to the web page.

13.34 WebLogic Server Scripting Tool (WLST) Issues and Workarounds

This section describes the following issues and workarounds:

13.34.1 Permission Denied Error Occurs for WLST Offline Logging

When there are multiple processes, owned by different filesystem users, that are performing concurrent WLST offline operations, a FileNotFoundException, Permission Denied error may occur.

Workaround

To avoid collisions on log file names, set the following property in the environment prior to invoking wlst.sh script_name:

export WLST_PROPERTIES="-Dwlst.offline.log=./logs/filename.log"

Substitute a unique name for filename. You must you use a unique name for each log file to ensure that there will be no log file name collisions.

13.34.2 Property Names Containing '.' Characters Are Not Supported by loadProperties

The WLST loadProperties command does not support loading a property with a name that contains "." characters. For example, if the property myapp.db.default is present in the property file, WLST throws a name exception:

  Problem invoking WLST - Traceback (innermost last):
    File "<iostream>", line 7, in ?
    File "<iostream>", line 4, in readCustomProperty
  NameError: myapp

This is a system limitation of Python and the loadProperties command. WLST reads the variable names and values and sets them as variables in the Python interpreter. The Python interpreter uses "." as a delimiter to indicate module scoping for the namespace, or package naming, or both. Therefore, the properties file fails because myapp.db.default.version=9i is expected to be in the myapp.db.default package. This package does not exist.

Workaround

Use variable names that do not have periods. This will allow you to load the variables from the property file and refer to them in WLST scripts. You could use another character such as "_" or lowercase/uppercase character to delimit the namespace.

As an alternative, you can set variables from a properties files. When you use the variables in your script, during execution, the variables are replaced with the actual values from the properties file. For example:

myapp.py
var1=10
var2=20
import myapp
print myapp.var1
10
print myapp.var2
20

This will work for one level of namespaces (myapp.var1, myapp.var2). It will not work for top level variables that share the same name as the namespace (for example, myapp=oracle and myapp.var1=10). Setting the myapp variable will override the myapp namespace.

If you need multiple levels, then you can define a package namespace using directories. Create a myapp/db/default directory with a vars.py file as follows:

var1=10
var2=20

Then import:

import myapp.db.default.vars
print myapp.db.default.vars.var1
10

You may need to add __init__.py files to the subdirectories. Refer to the Python documentation for more information on packages:

http://docs.python.org/tut/node8.html

13.34.3 Invalid cachedir Created by Jython Causes WLST to Error Out

The default cachedir created by Jython 2.2 is not a valid directory. If you are using Jython directly from weblogic.jar, this causes WLST to error out.

Workaround

There are two workarounds for this issue:

  • When invoking WLST, specify the -Dpython.cachedir=<valid_directory> parameter, or

  • Install Jython 2.2.1 separately instead of using the partial Jython that is included in weblogic.jar.

13.34.4 WLST returnType='a' Option Returns Child Management Objects

The WLST returnType='a' option should only return attributes from the specified directory. Instead it also returns child management objects. For example:

ls('Server')
drw-   AdminServer
drw-   worker01

ls('Server', returnMap='true', returnType='a')
drw-   AdminServer
drw-   worker01

ls('Server', returnMap='true',returnType='c')
drw-   AdminServer
drw-   worker01

The ls with returnType='a' should not list any child management objects, but AdminServer and worker01 are children.

Workaround

When processing the output from ls(returnType='a'), check to see if the returned entry is a directory.

13.35 Web Server Plug-Ins Issues and Workarounds

This section describes the following issue:

13.35.1 MOD_WLS_OHS Does Not Fail Over

Currently, mod_wl and mod_wl_ohs only support container level failover and not application level failover. mod_wl_ohs continues to route requests to a down application as long as the managed server is up and running. In the clustered case, requests continue to go to the container where the original session started even when the application is shutdown, typically resulting in the http error 404.

13.36 Web Services and XML Issues and Workarounds

This section describes the following issues and workarounds:

13.36.1 weblogic.wsee.jaxws.mdb.DispatchPolicy WorkManager Cannot Be Found

In some situations, warning messages are logged indicating that the weblogic.wsee.jaxws.mdb.DispatchPolicy WorkManager cannot be found, although this WorkManager is targeted to one or more of the Managed Servers in the domain.

Workaround

Use one of the following workarounds to resolve this issue.

  • To prevent these warning messages, start the WebLogic Server instance with the -Dweblogic.wsee.skip.async.response=true flag. See Programming Advanced Features of JAX-RPC Web Services for Oracle WebLogic Server for more information on this flag.

  • Manually target the weblogic.wsee.jaxws.mdb.DispatchPolicy WorkManager to the Administration Server.

13.36.2 Multiple Resize Buffer Calls Occur

When executing Web services client calls where Message Transmission Optimization Mechanism (MTOM) attachments are processed for send, multiple resize buffer calls occur..

Workaround

There is a patch available to resolve this issue. This patch can be applied only to WebLogic Server 10.3.4. It provides the system property jaxws.transport.streaming, which enables or disables streaming at the transport layer for a Web services client. Set this property to true for CPU-intensive applications that are running on a WebLogic Server instance that is participating in Web services interactions as a client, and is sending out large messages.

To obtain the patch, do one of the following:

  • Contact My Oracle Support and request the patch for bug 9956275, or

  • Download the patch from My Oracle Support and install it using Smart Update per the instructions in the following My Oracle Support document:

    1302053.1

    Search for Oracle patch number 9956275 or Smart Update patch 7Z5H.

13.36.3 Troubleshooting Problems When Applying the WebLogic Advanced Web Services for JAX-WS Extension Template

After upgrading from WebLogic Server 10.3.4 to 10.3.5, when creating or extending a domain using the WebLogic Advanced Web Services for JAX-WS Extension template (wls_webservices_jaxws.jar), you may encounter an exception during the execution of the final.py script. For complete details and a workaround, see "Troubleshooting Problems When Applying the WebLogic Advanced Services for JAX-WS Extension Template" in Getting Started With JAX-WS Web Services for Oracle WebLogic Server.

13.36.4 Sparse Arrays and Partially Transmitted Arrays Are Not Supported

WebLogic Server does not support Sparse Arrays and Partially Transmitted Arrays as required by the JAX-RPC 1.1 Spec.

13.36.5 WSDL Compiler Does Not Generate Serializable Data Types

The Web Service Description Language (WSDL) compiler does not generate serializable data types, so data cannot be passed to remote EJBs or stored in a JMS destination.

13.36.6 Use of Custom Exception on a Callback

WebLogic Server does not support using a custom exception on a callback that has a package that does not match the target namespace of the parent Web Service.

Workaround

Make sure that any custom exceptions that are used in callbacks are in a package that matches the target namespace of the parent Web service.

13.36.7 Cannot Use JMS Transport in an Environment That Also Uses a Proxy Server

You cannot use JMS transport in an environment that also uses a proxy server. This is because, in the case of JMS transport, the Web Service client always uses the t3 protocol to connect to the Web Service, and proxy servers accept only HTTP/HTTPS.

13.36.8 clientgen Fails When Processing a WSDL

clientgen fails when processing a WSDL that uses the complex type http://www.w3.org/2001/XMLSchema{schema} as a Web Service parameter.

13.36.9 JAX RPC Handlers in Callback Web Services Are Not Supported

WebLogic Server 9.2 and later does not support JAX RPC handlers in callback Web Services.

Workaround

If JAX RPC handlers were used with Web Services created with WebLogic Workshop 8.1, then such applications must be redesigned so that they do not use callback handler functionality.

13.36.10 Message-level Security in Callback Web Services Is Not Supported

WebLogic Server 9.2 and later does not support message-level security in callback Web Services.

Workaround

Web Services created with WebLogic Workshop 8.1 that used WS-Security must be redesigned to not use message-level security in callbacks.

13.36.11 Handling of Java Method Arguments or Return Parameters That Are JAX-RPC-style JavaBeans

WebLogic Server does not support handling of Java method arguments or return parameters that are JAX-RPC-style JavaBeans that contain an XmlBean property. For example, applications cannot have a method with a signature like this:

void myMethod(myJavaBean bean);

where myJavaBean class is like:

public class MyJavaBean {
  private String stringProperty;
  private XmlObject xmlObjectProperty;

  public MyJavaBean() {}
  String getStringProperty() {
    return stringProperty;
  }
  void   setStringProperty(String s) {
    stringProperty = s;
  }
  XmlObject getXmlObjectProperty() {
    return xmlObjectProperty;
    }
  void      getXmlObjectProperty(XmlObject x) {
    xmlObjectProperty = x;
  }
}

Workaround

Currently there is no known workaround for this issue.

13.36.12 IllegalArgumentException When Using a Two-Dimensional XML Object in a JWS Callback

Using a two dimensional XmlObject parameter (XmlObject[][]) in a JWS callback produces an IllegalArgumentException.

Workaround

Currently there is no known workaround for this issue.

13.36.13 Using SoapElement[] Results in Empty Array

Using SoapElement[] as a Web Service parameter with @WildcardBinding(className="javax.xml.soap.SOAPElement[]", binding=WildcardParticle.ANYTYPE) will always result in an empty array on the client.

Workaround

Do not use the @WildcardBinding annotation to change the default binding of SOAPElement[] to WildcardParticle.ANYTYPE. The SOAPElement[] default binding is set to WildcardParticle.ANY.

13.36.14 FileNotFound Exception When a Web Service Invokes Another Web Service

When Web Service A wants to invoke Web Service B, Web Service A should use the @ServiceClient annotation to do this. If Web Service B needs a custom policy file that is not attached to the WSDL for Web Service B, then Web Service A will fail to run. Web Service A will look for the policy file at /Web-Inf/classes/policies/filename.xml. Since no policy file exists at that location, WebLogic Server will throw a 'file not found' exception.

Workaround

Attach the custom policy file to Web Service B, as in this example:

@Policy(uri="CustomPolicy.xml",
        attachToWsdl=true)
public class B {
  ...
}

13.36.15 Client Side Fails to Validate the Signature on the Server Response Message

When the security policy has one of these Token Assertions, the client side may fail to validate the signature on the server response message.

  <sp:WssX509PkiPathV1Token11/>
  <sp:WssX509Pkcs7Token11/>
  <sp:WssX509PkiPathV1Token10/>
  <sp:WssX509Pkcs7Token10/>

In addition, when there are more than two certifications in the chain for X509 certification for <sp:WssX509Pkcs7Token11/> or <sp:WssX509Pkcs7Token10/> Token Assertion, the server side may fail to validate the signature on the incoming message.

A policy such as the following policy is not supported, unless the entire certificate chain remains on the client side.

<sp:AsymmetricBinding>
   <wsp:Policy>
      <sp:InitiatorToken>
         <wsp:Policy>
            <sp:X509Token
               sp:IncludeToken='. . ./IncludeToken/AlwaysToRecipient'>

            <wsp:Policy>
               <sp:WssX509Pkcs7Token11/>
            </wsp:Policy>
         </sp:X509Token>
      </wsp:Policy>
      </sp:InitiatorToken>
      <sp:RecipientToken>
      <wsp:Policy>
      <sp:X509Token sp:IncludeToken='. . ./IncludeToken/Never'>
            <wsp:Policy>
               <sp:WssX509Pkcs7Token11/>
            </wsp:Policy>
         </sp:X509Token>
      </wsp:Policy>
      </sp:RecipientToken>
   . . .
      </wsp:Policy>
   </sp:AsymmetricBinding>

Workaround

Use either of the following two solutions:

  1. Configure the response with the <sp:WssX509V3Token10/> Token Assertion, instead of WssX509PkiPathV1Token11/>. The policy will look like this:

    <sp:AsymmetricBinding>
       <wsp:Policy>
         <sp:InitiatorToken>
            <wsp:Policy>
            <sp:X509Token sp:IncludeToken='. . ./IncludeToken/AlwaysToRecipient'>
               <wsp:Policy>
                  WssX509PkiPathV1Token11/> 
               </wsp:Policy>
            </sp:X509Token>
            </wsp:Policy>
         </sp:InitiatorToken>
         <sp:RecipientToken>
            <wsp:Policy> sp:IncludeToken='. . ./IncludeToken/Never'>
            <sp:X509Token
               <wsp:Policy>
                  <sp:WssX509V3Token10/>
               </wsp:Policy>
            </sp:X509Token>
            </wsp:Policy>
         </sp:RecipientToken>
    . . .
         </wsp:Policy>
       </sp:AsymmetricBinding>
    
  2. Configure the response with the WssX509PkiPathV1Token11/> token assertion, but include it in the message. The policy will look like this:

     <sp:AsymmetricBinding>
       <wsp:Policy>
         <sp:InitiatorToken>
            <wsp:Policy>
            <sp:X509Token sp:IncludeToken='. . ./IncludeToken/AlwaysToRecipient'>
            <wsp:Policy>
               WssX509PkiPathV1Token11/> 
            </wsp:Policy>
            </sp:X509Token>
         </wsp:Policy>
         </sp:InitiatorToken>
         <sp:RecipientToken>
            <wsp:Policy>
            <sp:X509Token sp:IncludeToken='. . ./IncludeToken/AlwaysToInitiator'>
               <wsp:Policy>
                  WssX509PkiPathV1Token11/>
                </wsp:Policy>
            </sp:X509Token>
            </wsp:Policy>
         </sp:RecipientToken>
     . . .
       </wsp:Policy>
     </sp:AsymmetricBinding>
    

When there are multiple certifications in the X509 Certificate chain, WssX509PkiPathV1Token11/> or <sp:WssX509PkiPathV1Token10/> should be used, instead of <sp:WssX509Pkcs7Token11/> or <sp:WssX509Pkcs7Token10/>.

13.36.16 xmlcatalog Element Entity Cannot Be a Remote File or a File in an Archive

For the xmlcatalog element in build.xml, the location of an entity must be a file on the local file system. It cannot be a remote file (for example, http:) or a file in an archive (for example, jar:).

Workaround

If necessary, define the remote element as an entity in a catalog file instead.

13.36.17 Catalog File's public Element Is Not Supported When Using XML Catalogs

The public element in a catalog file is not supported when using the XML Catalogs feature. It is not supported to be consistent with JAX-WS EntityResolver implementation. WebLogic Server only supports defining the system element in a catalog file.

13.36.18 Local xmlcatalog Element Does Not Work Well

The local xmlcatalog element does not work well due to an Ant limitation.

Workaround

In the ant build.xml file, you have to define a local element above a clientgen(wsdlc) task when you are in the same target, or define the element out of any targets.

13.36.19 JAXRPC Client Does Not Encode the HTTP SOAPAction Header With Multi-byte Characters

The WebLogic Server Web Service JAXRPC client doesn't encode the HTTP SOAPAction header with multi-byte characters, but WebLogic Server only supports ASCII for HTTP headers.

Workaround

Change the SOAP action to ASCII in the WSDL.

13.36.20 External Catalog File Cannot Be Used in the xmlcatalog Element of clientgen

An external catalog file cannot be used in the xmlcatalog element of a clientgen task. For example, this snippet of an ant build file will not work:

<clientgen ...
  <xmlcatalog>
    <catalogpath>
      <pathelement location='wsdlcatalog.xml'/>
    </catalogpath>
  </xmlcatalog>

This is a limitation of the Ant XML Catalog.

Workaround

Resource locations can be specified either in-line or in an external catalog file(s), or both. In order to use an external catalog file, the xml-commons resolver library (resolver.jar) must be in your classpath. External catalog files may be either plain text format or XML format. If the xml-commons resolver library is not found in the classpath, external catalog files, specified in <catalogpath> paths, will be ignored and a warning will be logged. In this case, however, processing of inline entries will proceed normally.

Currently, only <dtd> and <entity> elements may be specified inline. These correspond to the OASIS catalog entry types PUBLIC and URI respectively.

13.36.21 Exceptions When Running Reliable Messaging Under Heavy Load

When running a Web services reliable messaging scenario under heavy load with file based storage that has the Direct-Write synchronous write policy setting, you may encounter IO exceptions similar to the following in the WebLogic Server log:

weblogic.store.PersistentStoreRuntimeException: [Store:280029]The 
persistent store record <number> could not be found

or

Could not load conversation with id uuid:<some ID> -> Conversation read 
failed: 
    ... 
    weblogic.wsee.jws.conversation.StoreException: 
      Conversation read failed: id=uuid:<some ID> 
         weblogic.store.PersistentStoreException: [Store:280052]The 
         persistent store was not able to read a record. 
           java.io.OptionalDataException 

These exceptions are known to occur only when using Web Services reliable messaging. They indicate a failure to read a record from the file store and are considered 'fatal' data access errors.

The underlying issue causing these errors will be addressed in a future release.

Workaround

The following workarounds are available for this issue:

  • Change the file store synchronous write policy to Direct-Write-With-Cache

    or

  • Change the file store synchronous write policy to Cache-Flush.

    or

  • Keep the Direct-Write synchronous write policy and add the following Java system property to your WebLogic server startup scripts:

    -Dweblogic.store.AvoidDirectIO=true
    

    Note:

    The -Dweblogic.store.AvoidDirectIO system property has been deprecated in WebLogic Server 10.3.4. Oracle recommends configuring the store synchronous write policy to Direct-Write-With-Cache instead.


The Direct-Write-With-Cache option may improve performance; it creates additional files in the operating system's temporary directory by default.

The Cache-Flush and AvoidDirectIO workarounds may lead to some performance degradation; it may be possible to reduce or eliminate the degradation by configuring a different block-size for the file store.

For important information about these settings and additional options, see "Tuning File Stores" in Oracle Fusion Middleware Performance and Tuning for Oracle WebLogic Server.

13.36.22 ClassNotFound Exception Occurs When Using wseeclient.jar

Stand-alone JAX-WS clients are not supported in this release.

Workaround

Use the client-side JAX-WS 2.1 that is integrated with the Java Standard Edition Release 6 (JDK 1.6), Update 4 and later. This requires using the JAX-WS API instead of any WebLogic Server specific APIS.

Current releases of JDK 1.6 are available for download at http://java.sun.com/javase/downloads/index.jsp. For information about writing a standalone JAX WS 2.1 client application, see the JAX-WS Users Guide on the JAX-WS 2.1 Reference Implementation Web site at https://jax-ws.dev.java.net/.

13.36.23 Incomplete Configuration When Adding Advanced Web Services Component to SOA Domain

An incomplete configuration can result when you use the Configuration Wizard to add the WebLogic Server Advanced Web Services component to a newly created SOA domain. If you create a cluster that contains only the default 'out-of-the-box' soa_server1 server definition, the resulting cluster does not include the resources needed to run WebLogic Server Web Services in that cluster.

Workaround

Use either of the following workarounds for this issue:

  1. While running Configuration Wizard, create a second server in the cluster:

    1. On the Select Optional Configuration screen, select Managed Servers, Clusters, and Machines.

    2. On the Configure Managed Servers screen, add a managed server.

    3. On the Assign Servers to Clusters screen, add this server to the cluster in which the default soa_server1 server resides.

  2. On the Configuration Wizard Target Services to Servers or Clusters screen, target Web Services resources (for example, WseeJmsServer, WseeJmsModule) to the cluster.

Either of these workarounds will cause the Configuration Wizard to apply the resources for the WebLogic Server Advanced Web Services component to the cluster.

13.36.24 WS-AT Interoperation Issues With WebSphere and WebLogic Server

Web Services Atomic Transactions (WS-AT) 1.1 interoperation using WebSphere as the client and either WebLogic Server or JRF as the service does not work.

WS-AT 1.1 interoperation does work when WebSphere is the service and either WebLogic Server or JRF is the client. In this case, interoperation works only if you have WebSphere 7 with Fix/Feature Pack 7.

13.37 WebLogic Tuxedo Connector Issues and Workarounds

This section describes the following issue and workaround:

13.37.1 View Classes are not Set on a Per Connection Basis

View classes are not set on a per connection basis.

A shared WebLogic Tuxedo Connector hash table can cause unexpected behavior in the server if two applications point to the same VIEW name with different definitions. There should be a hash table for the view classes on the connection as well as for the Resource section.

Workaround

Ensure that all VIEW classes defined across all your WebLogic Workshop applications are consistent, meaning that you have the same VIEW name representing the same VIEW class.

13.38 Documentation Errata

This section describes documentation errata:

13.38.1 Issues With Search Function in the Samples Viewer

The Search function in the Samples viewer does not work when accessing the Examples documentation by selecting Oracle Weblogic > Weblogic Server > Examples > Documentation from the Windows Start menu.

Workaround

To search the Sample Applications and Code Examples, you must start the Examples server and navigate to http://localhost:7001/examplesWebApp/docs/core/index.html. Click Instructions and then Search.

13.38.2 Japanese Text Displays in Some Search Results Topics Avitek Medical Records

The samples viewer Search function may sometimes return topics that display the Japanese and English versions of some Avitek Medical Records topics simultaneously.

13.38.3 HTML Pages For Downloaded Libraries Do Not Display Properly

After extracting the WebLogic Server documentation library ZIP files that are available from http://www.oracle.com/technetwork/middleware/weblogic/documentation/index.html, the HTML pages may not display properly in some cases for the following libraries:

  • E12840_01 (WebLogic Server 10.3.0 documentation library)

  • E12839_01 (Weblogic Server 10.3.1 documentation library)

  • E14571_01 (WebLogic Server 10.3.3 documentation library)

Workarounds

For library E12840-01, after extracting the E12840_01.zip library file, if the HTML pages are not formatting correctly, perform the following steps:

  1. Go to the directory in which you extracted the zip file.

  2. Locate the /global_resources directory in the directory structure.

  3. Copy the /global_resources directory to the root directory of the same drive.

For libraries E12839-01 and E14571-01, this issue occurs only on Windows operating systems. If the HTML pages of the extracted library are not formatting correctly, try extracting the ZIP file using another extraction option in your unzip utility. For example, if you are using 7-Zip to extract the files, select the Full pathnames option. Note that you cannot use the Windows decompression utility to extract the library ZIP file.

13.38.4 Evaluation Database Component Is Not Listed For silent.xml

In the WebLogic Server Installation Guides for WebLogic Server 10.3.3 and 10.3.4, the Evaluation Database is not listed as an installable component in Table 5-1 of Chapter 5, "Running the Installation Program in Silent Mode.:" The following entry should be included in the Component Paths row:

WebLogic Server/Evaluation Database

The Evaluation Database component is automatically installed if the Server Examples component is included in silent.xml. Therefore, it does not have to be explicitly included in silent.xml. If, however, you do not install the Server Examples, but you want to install the Evaluation Database, you must include WebLogic Server/Evaluation Database in silent.xml.

13.38.5 Instructions for Reliable SOAP Messaging Code Example Are Incorrect

The instructions for the "Configuring Secure and Reliable SOAP Messaging for JAXWS Web Services" example are a copy of the instructions for the "Using Make Connection and Reliable Messaging for JAX-WS Web Service" example.

The correct instructions for the "Configuring Secure and Reliable SOAP Messaging for JAXWS Web Services" example are provided here.

13.38.5.1 About the Example

This example shows how to configure secure, reliable messaging for JAX-WS Web services. The example includes the following WebLogic Web services:

  • Web service whose operations can be invoked using reliable and secure SOAP messaging (destination endpoint).

  • Client Web service that invokes an operation of the first Web service in a reliable and secure way (source endpoint).

Overview of Secure and Reliable SOAP Messaging

Web service reliable messaging is a framework that enables an application running on one application server to reliably invoke a Web service running on another application server, assuming that both servers implement the WS-RelicableMessaging specification. Reliable is defined as the ability to guarantee message delivery between the two endpoints (Web service and client) in the presence of software component, system, or network failures.

WebLogic Web services conform to the WS-ReliableMessaging 1.2 specification (February 2009) and support version 1.1. This specification describes how two endpoints (Web service and client) on different application servers can communicate reliably. In particular, the specification describes an interoperable protocol in which a message sent from a source endpoint (or client Web service) to a destination endpoint (or Web service whose operations can be invoked reliably) is guaranteed either to be delivered, according to one or more delivery assurances, or to raise an error.

WebLogic Web services use WS-Policy files to enable a destination Web service to describe and advertise its reliable SOAP messaging capabilities and requirements. WS-Policy files are XML files that describe features such as the version of the WS-ReliableMessaging specification that is supported, the source Web service retransmission interval, the destination Web service acknowledgment interval, and so on.

Overview of the Example

This example uses JWS annotations to specify the shape and behavior of the Web services. It describes additional JWS annotations to enable reliable and secure SOAP messaging in the destination Web service and to reliably invoke an operation from the source Web service in a secure way.

The destination ReliableEchoService Web service has two operations that can be invoked reliably and in a secure way: echo and echoOneway. The JWS file that implements this Web service uses the @Policies and @Policy JWS annotations to specify the WS-Policy file, which contains the reliable and secure SOAP messaging assertions.

The source ClientService Web service has one operation for invoking the echo operations of the ReliableEchoService Web service reliably and in a secure way within one conversation: runTestEchoWithRes. The JWS file that implements the ClientService Web service uses the @WebServiceRef JWS annotation to specify the service name of the reliable Web service being invoked.

To generate the Web services, use the jwsc WebLogic Web service Ant task, as shown in the build.xml file. The jwsc target generates the reliable and secure Web service and the jwsc-client-app target creates the source Web service that invoke the echo operations of the ReliableEchoService Web service. The jwsc Ant task compiles the JWS files, and generates the additional files needed to implement a standard J2EE Enterprise Web service, including the Web service deployment descriptors, the WSDL file, data binding components, and so on. The Ant task automatically generates all the components into an Enterprise Application directory structure that you can then deploy to WebLogic Server. This example uses the wldeploy WebLogic Ant task to deploy the Web service.

The jwsc-client-app target also shows how you must first execute the clientgen Ant task to generate the JAX-WS stubs for the destination ReliableEchoService Web service, compile the generated Java source files, and then use the classpath attribute of jwsc to specify the directory that contains these classes so that the ClientServiceImpl.java class can find them.

The WsrmJaxwsExampleRequest.java class is a standalone Jva application that invokes the echo operation of the source Web service. The client target of the build.xml file shows how to run clientgen, and compile all the generated Java files and the WsrmJaxwsExampleRequest.java application.

13.38.5.2 Files Used in This Example

Directory Location: MW_HOME/wlserver_10.3/samples/server/examples/src/examples/webservices/wsrm_jaxws/wsrm_jaxws_security

MW_HOME represents the Oracle Fusion Middleware home directory.

FileDescription

ClientServiceImpl.java

JWS file that implements the source Web service that reliably invokes the echo operation of the ReliableEchoService Web service in a secure way.

ReliableEchoServiceImpl.java

JWS file that implements the reliable destination Web service. This JWS file uses the @Policies and @Policy annotation to specify a WS-Policy file that contains reliable and secure SOAP messaging assertions.

client/WsrmJaxwsExampleRequest.java

Standalone Java client application that invokes the source WebLogic Web service, that in turn invokes an operation of the ReliableEchoervice Web service in a reliable and secure way.

ws_rm_configuration.py

WLST script that configures the components required for reliable SOAP messaging. Execute this script for the WebLogic Server instance that hosts the reliable destination Web service. The out-of-the-box Examples server has already been configured with the resources required for the source Web service that invokes an operation reliably.

configWss.py

WLST script that configures the components required for secure SOAP messaging. Execute this script for the WebLogic Server instance that hosts the source Web service. Remember to restart the source WebLogic Server after executing this script.

configWss_Service.py

WLST script that configures the components required for secure SOAP messaging. Execute this script for the WebLogic Server instance that hosts the destination Web service. Remember to restart the destination WebLogic Server after executing this script.

certs/serverKeyStore.jks

Server-side key store used to create the server-side BinarySecurityToken credential provider.

certs/clientKeyStore.jks

Client-side key store used to create the client-side BinarySecurityToken credential provider.

jaxws-binding.xml

XML file that describes the package name of the generated code and indicate the client side code needs to contain asynchronous invocation interface.

build.xml

Ant build file that contains targets for building and running the example.


13.38.5.3 Prepare the Example

This section describes how to prepare the example.

Prerequisites

Before working with this example:

  1. Install Oracle WebLogic Server, including the examples.

  2. Start the Examples Server.

  3. Set up your environment.

Configure the Destination WebLogic Server Instance (Optional)

The default configuration for this example deploys both the source and destination Web services to the Examples server. You can use this default configuration to see how the example works, but it does not reflect a real life example of using reliable and secure SOAP messaging in which the source Web service is deployed to a WebLogic Server that is different from the one that hosts the destination Web service. This section describes how to set up the real life example.

The example includes WebLogic Server Scripting Language (WLST) scripts that are used to configure:

  • Store-and-forward (SAF) service agent

  • File store

  • JMS server

  • JMS module

  • JMS subdeployment

  • JMS queues

  • Logical store

  • Credential provider for Security Context Token

  • Credential provider for Derived Key

  • Credential provider for x.509

  • KeyStores for Confidentiality and Integrity

  • PKI CreditMapper

Follow these steps if you want to deploy the secure and reliable destination Web service to a different WebLogic Server instance:

  1. If the managed WebLogic Server to which you want to deploy the reliable JAX-WS Web service does not exist, create it.

  2. Change to the SAMPLES_HOME\server\examples\src\examples\webservices\wsrm_jaxws\wsrm_jaxws_security directory, where SAMPLES_HOME refers to the main WebLogic Server examples directory, such as c:\Oracle\Middleware\wlserver_10.3\samples.

  3. Edit the build.xml file and update the following property definitions to ensure that the reliable JAX-WS Web service is deployed to the destination WebLogic Server:

    <property name="wls.service.server" value="destinationServerName" />
    <property name="wls.service.hostname" value="destinationHost" />
    <property name="wls.service.port" value="destinationPort" />
    <property name="wls.service.username" value="destinationUser" />
    <property name="wls.service.password" value="destinationPassword" />
    

    Substitute the italicized terms in the preceding properties with the actual values for your destination WebLogic Server. The default out-of-the-box build.xml sets these properties to the Examples server.

Build and Deploy the Example

To build and deploy the example:

  1. Change to the SAMPLES_HOME\server\examples\src\examples\webservices\wsrm_jaxws\wsrm_jaxws_security directory, where SAMPLES_HOME refers to the main WebLogic Server examples directory, such as c:\Oracle\Middleware\wlserver_10.3\samples.

  2. Run the WLST script that configures the destination WebLogic Server by executing the config.ws.reliable.service target of the build.xml file from the shell where you set your environment:

    prompt> ant config.ws.reliable.service

  3. Execute the following command to configure JAX-WS Web service Security from the shell where you set your environment:

    prompt> ant config.wss

  4. If you have configured a different destination WebLogic Server (that is, the destination server is not the Examples server), copy the certs\serverKeyStore.jks file to the domain directory of your destination server.

  5. Restart both your client and destination WebLogic Server to activate the MBean changes.

  6. Execute the following command from the shell where you set your environment:

    prompt> ant build

    This command compiles and stages the example. Specifically, it compiles both the source and destination Web services. It also compiles the standalone WsrmJaxwsExampleRequest application that invokes the source Web service, which in turn invokes the reliable destination Web service.

  7. Execute the following command from the shell where you set your environment:

    prompt> ant deploy

    This command deploys, by default, both the source and destination Web services to the wl_server domain of your WebLogic Server installation. If you have configured a different destination WebLogic Server and updated the build.xml file accordingly, then the reliable JAX-WS Web service is deployed to the configured destination server.

13.38.5.4 Run the Example

To run the example, follow these steps:

  1. Complete the steps in the Prepare the Example section.

  2. In your development shell, run the WsrmJaxwsExampleRequest Java application using the following command from the main example directory (SAMPLES_HOME\server\examples\src\examples\webservices\wsrm_jaxws\wsrm_jaxws_security):

    prompt> ant run

    This command runs the standalone WsrmJaxwsExampleRequest application that invokes the source Web service, which in turn invokes the reliable destination JAX-WS Web service.

  3. To test the reliability of the Web service, stop the destination WebLogic Server, and then rerun the WsrmJaxwsExampleRequest application. When you restart the destination WebLogic Server and the reliable Web service is deployed, you should see that the operation is also automatically invoked.

Check the Output

If your example runs successfully, the following messages display in the command shell from which you ran the WsrmJaxwsExampleRequest application:

Trying to override old definition of task clientgen
 
run:
     [java]
     [java]
     [java] ###########################################
     [java]     In testEcho_AsyncOnServerClient_ServiceBuffered...
     [java]     On-Server / Async / Buffered case
     [java]     2011/06/160 03:30:29.938
     [java] ###########################################
     [java]
     [java]
     [java] Client addr:http://localhost:9001/wsrm_jaxws_sc_example_client/Clien
tService
     [java] ---[HTTP request - http://localhost:9001/wsrm_jaxws_sc_example_clien
t/ClientService]---
     [java] Content-type: text/xml;charset=utf-8
     [java] Soapaction: ""
     [java] Accept: text/xml, multipart/related, text/html, image/gif, image/jpe
g, *; q=.2, */*; q=.2
     [java] <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://sc
hemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:runTestEchoWithRes xmlns:ns2="htt
p://example.wsrm_jaxws/"><arg0>Foo bar</arg0><arg1>localhost</arg1>
<arg2>8001</arg2><arg3>C:\Oracle\Middleware\wlserver_10.3\samples\server\
examples\src\examples\webservices\wsrm_jaxws_security/certs</arg3>
</ns2:runTestEchoWithRes></S:Body></S:Envelope>--------------------
     [java]
     [java] ---[HTTP response - http://localhost:9001/wsrm_jaxws_sc_example_clie
nt/ClientService - 200]---
     [java] Transfer-encoding: chunked
     [java] null: HTTP/1.1 200 OK
     [java] Content-type: text/xml;charset=utf-8
     [java] X-powered-by: Servlet/2.5 JSP/2.1
     [java] Date: Thu, 09 Jun 2011 07:30:33 GMT
     [java] <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://sc
hemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:runTestEchoWithResResponse xmlns:
ns2="http://example.wsrm_jaxws/"><return>[2011/06/160 03:30:33.953] ## Making Ec
ho Requests (ASYNC/BUFFERED) ##
     [java] [2011/06/160 03:30:42.703] *** On first good invoke ***
     [java] [2011/06/160 03:30:42.703] echo returned: Foo bar expected: Foo bar
     [java] [2011/06/160 03:30:42.922] echo returned: foo bar 2 expected: foo ba
r 2
     [java] [2011/06/160 03:30:43.031] echo returned: foo bar 3 expected: foo ba
r 3
     [java] [2011/06/160 03:30:43.031] ## Done Making Echo Requests (ASYNC/BUFFE
RED) ##
     [java] </return></ns2:runTestEchoWithResResponse></S:Body>
</S:Envelope>--------------------
     [java]
     [java] [2011/06/160 03:30:33.953] ## Making Echo Requests (ASYNC/BUFFERED)
##
     [java] [2011/06/160 03:30:42.703] *** On first good invoke ***
     [java] [2011/06/160 03:30:42.703] echo returned: Foo bar expected: Foo bar
     [java] [2011/06/160 03:30:42.922] echo returned: foo bar 2 expected: foo ba
r 2
     [java] [2011/06/160 03:30:43.031] echo returned: foo bar 3 expected: foo ba
r 3
     [java] [2011/06/160 03:30:43.031] ## Done Making Echo Requests (ASYNC/BUFFE
RED) ##
     [java]
 
BUILD SUCCESSFUL
Total time: 2 minutes 33 seconds

The following messages display in the command window from which you started as the client WebLogic Server (that hosts the reliable source Web service):

Service addr:http://localhost:7001/wsrm_jaxws_sc_example/ReliableEchoService
    [2011/06/180 01:33:40.906] ## Making Echo Requests (ASYNC/BUFFERED) ##
 
    [2011/06/180 01:33:40.906] In invokeEchoAsync, invoking echo with request: Foo bar
 
    [2011/06/180 01:33:40.906] In invokeEchoAsync, waiting for response to request: Foo bar ...
 
    SignInfo mismatch  Algo mismatch http://www.w3.org/2000/09/xmldsig#rsa-sha1 VS.
    http://www.w3.org/2000/09/xmldsig#hmac-sha1 Refs: Msg size =1#Signature_prfr5thF
    y2vRPbpC, Policy size =3 #unt_w7HSTtcGcebXFWEr, #Timestamp_XIXttwj9Yq2XO7Tj, #Bo
    dy_81D2x3V7iTNyy1I5,
    STR type mismatch Actual KeyInfo:{http://docs.oasis-open.org/wss/2004/01/oasis-2
    00401-wss-wssecurity-secext-1.0.xsd}KeyIdentifier|http://docs.oasis-open.org/wss
    /oasis-wss-soap-message-security-1.1#ThumbprintSHA1,  StrTypes size=1 :{http://d
    ocs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Refere
    nce||http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk,
    Security Token mismatch, token type =http://docs.oasis-open.org/ws-sx/ws-securec
    onversation/200512/dk and actual ishttp://docs.oasis-open.org/wss/2004/01/oasis-
    200401-wss-x509-token-profile-1.0#X509v3
    <WSEE:15>There is no information on the incoming SOAP message.
    <SmartPolicySelect or.getSmartPolicyBlueprint:501>
    testing...................
 
 
    [2011/06/180 01:33:41.718] In ClientServiceImpl.onEchoResponse(request:
    examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fb8)
 
    [2011/06/180 01:33:41.718] Done with ClientServiceImpl.onEchoResponse(request:
    examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fb8): Foo bar
 
    [2011/06/180 01:33:41.718] *** On first good invoke ***
 
    [2011/06/180 01:33:41.734] echo returned: Foo bar expected: Foo bar
 
    [2011/06/180 01:33:41.734] In invokeEchoAsync, invoking echo with request: foo bar 2
 
    [2011/06/180 01:33:41.750] In invokeEchoAsync, waiting for response to request: foo bar 2 ...
 
    <WSEE:15>There is no information on the incoming SOAP message.
    <SmartPolicySelect or.getSmartPolicyBlueprint:501>
    testing...................
 
 
    [2011/06/180 01:33:41.984] In ClientServiceImpl.onEchoResponse(request:
    examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fae)
 
    [2011/06/180 01:33:41.984] Done with ClientServiceImpl.onEchoResponse(request:
    examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fae): foo bar 2
 
    [2011/06/180 01:33:41.984] echo returned: foo bar 2 expected: foo bar 2
 
    [2011/06/180 01:33:42.000] In invokeEchoAsync, invoking echo with request: foo bar 3
 
    [2011/06/180 01:33:42.015] In invokeEchoAsync, waiting for response to request: foo bar 3 ...
 
    <WSEE:31>There is no information on the incoming SOAP message.
    <SmartPolicySelect or.getSmartPolicyBlueprint:501>
    testing...................
 
    [2011/06/180 01:33:42.187] In ClientServiceImpl.onEchoResponse(request:
    examplesServer:4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fab)
 
    [2011/06/180 01:33:42.328] Done with ClientServiceImpl.onEchoResponse(request:
    examplesServer:4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fab): foo bar 3
 
    [2011/06/180 01:33:42.328] echo returned: foo bar 3 expected: foo bar 3
 
    [2011/06/180 01:33:42.328] ## Done Making Echo Requests (ASYNC/BUFFERED) ##
 
    <WSEE:46>There is no information on the incoming SOAP message.
    <SmartPolicySelect or.getSmartPolicyBlueprint:501>
  

The following messages display in the command window from which you started the destination WebLogic Server (that hosts the reliable destination Web service):

      %% Echoing: Foo bar %%
      %% Echoing: foo bar 2 %%
      %% Echoing: foo bar 3 %%

If you deploy both the source and destination Web services to the same Server, the following messages display in the command window from which you started your client and destination WebLogic Server:

    Service addr:http://localhost:7001/wsrm_jaxws_sc_example/ReliableEchoService
    [2011/06/180 01:33:40.906] ## Making Echo Requests (ASYNC/BUFFERED) ##
 
    [2011/06/180 01:33:40.906] In invokeEchoAsync, invoking echo with request: Foo bar
 
    [2011/06/180 01:33:40.906] In invokeEchoAsync, waiting for response to request: Foo bar ...
 
    SignInfo mismatch  Algo mismatch http://www.w3.org/2000/09/xmldsig#rsa-sha1 VS.
    http://www.w3.org/2000/09/xmldsig#hmac-sha1 Refs: Msg size =1#Signature_prfr5thF
    y2vRPbpC, Policy size =3 #unt_w7HSTtcGcebXFWEr, #Timestamp_XIXttwj9Yq2XO7Tj, #Bo
    dy_81D2x3V7iTNyy1I5,
    STR type mismatch Actual KeyInfo:{http://docs.oasis-open.org/wss/2004/01/oasis-2
    00401-wss-wssecurity-secext-1.0.xsd}KeyIdentifier|http://docs.oasis-open.org/wss
    /oasis-wss-soap-message-security-1.1#ThumbprintSHA1,  StrTypes size=1 :{http://d
    ocs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Refere
    nce||http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk,
    Security Token mismatch, token type =http://docs.oasis-open.org/ws-sx/ws-securec
    onversation/200512/dk and actual ishttp://docs.oasis-open.org/wss/2004/01/oasis-
    200401-wss-x509-token-profile-1.0#X509v3
    %% Echoing: Foo bar %%
    <WSEE:15>There is no information on the incoming SOAP message.
    <SmartPolicySelect or.getSmartPolicyBlueprint:501>
    testing...................
 
 
    [2011/06/180 01:33:41.718] In ClientServiceImpl.onEchoResponse(request:
    examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fb8)
 
    [2011/06/180 01:33:41.718] Done with ClientServiceImpl.onEchoResponse(request:
    examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fb8): Foo bar
 
    [2011/06/180 01:33:41.718] *** On first good invoke ***
 
    [2011/06/180 01:33:41.734] echo returned: Foo bar expected: Foo bar
 
    [2011/06/180 01:33:41.734] In invokeEchoAsync, invoking echo with request: foo bar 2
 
    [2011/06/180 01:33:41.750] In invokeEchoAsync, waiting for response to request: foo bar 2 ...
    
    %% Echoing: foo bar 2 %%
    <WSEE:15>There is no information on the incoming SOAP message.
    <SmartPolicySelect or.getSmartPolicyBlueprint:501>
    testing...................
 
 
    [2011/06/180 01:33:41.984] In ClientServiceImpl.onEchoResponse(request:
    examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fae)
 
    [2011/06/180 01:33:41.984] Done with ClientServiceImpl.onEchoResponse(request:
    examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fae): foo bar 2
 
    [2011/06/180 01:33:41.984] echo returned: foo bar 2 expected: foo bar 2
 
    [2011/06/180 01:33:42.000] In invokeEchoAsync, invoking echo with request: foo bar 3
 
    [2011/06/180 01:33:42.015] In invokeEchoAsync, waiting for response to request: foo bar 3 ...
    
    %% Echoing: foo bar 3 %%
    <WSEE:31>There is no information on the incoming SOAP message.
    <SmartPolicySelect or.getSmartPolicyBlueprint:501>
    testing...................
 
    [2011/06/180 01:33:42.187] In ClientServiceImpl.onEchoResponse(request:
    examplesServer:4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fab)
 
    [2011/06/180 01:33:42.328] Done with ClientServiceImpl.onEchoResponse(request:
    examplesServer:4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fab): foo bar 3
 
    [2011/06/180 01:33:42.328] echo returned: foo bar 3 expected: foo bar 3
 
    [2011/06/180 01:33:42.328] ## Done Making Echo Requests (ASYNC/BUFFERED) ##
 
    <WSEE:46>There is no information on the incoming SOAP message.
    <SmartPolicySelect or.getSmartPolicyBlueprint:501>
  
PKU9PK.V_EOEBPS/partpage_wc.htm/ Oracle WebCenter Portal

Part VI

Oracle WebCenter Portal

Part VI contains the following chapter:

PKwN4/PK.V_EOEBPS/partpage_wcs.htm[ Oracle WebCenter Sites

Part VIII

Oracle WebCenter Sites

Part VIII contains the following chapters:

PKPK.V_E OEBPS/oim.htm Oracle Identity Manager

32 Oracle Identity Manager

This chapter describes issues associated with Oracle Identity Manager. It includes the following topics:

32.1 Patch Requirements

This section describes patch requirements for Oracle Identity Manager 11g Release 1 (11.1.1). It includes the following sections:

32.1.1 Obtaining Patches From My Oracle Support (Formerly OracleMetaLink)

To obtain a patch from My Oracle Support (formerly OracleMetaLink), go to following URL, click Patches and Updates, and search for the patch number:

https://support.oracle.com/

32.1.2 Patch Requirements for Oracle Database 11g (11.1.0.7)

Table 32-1 lists patches required for Oracle Identity Manager 11g Release 1 (11.1.1) configurations that use Oracle Database 11g (11.1.0.7). Before you configure Oracle Identity Manager 11g, be sure to apply the patches to your Oracle Database 11g (11.1.0.7) database.

Table 32-1 Required Patches for Oracle Database 11g (11.1.0.7)

PlatformPatch Number and Description on My Oracle Support

UNIX / Linux

7614692: BULK FEATURE WITH 'SAVE EXCEPTIONS' DOES NOT WORK IN ORACLE 11G


7000281: DIFFERENCE IN FORALL STATEMENT BEHAVIOR IN 11G


8327137: WRONG RESULTS WITH INLINE VIEW AND AGGREGATION FUNCTION


8617824: MERGE LABEL REQUEST ON TOP OF 11.1.0.7 FOR BUGS 7628358 7598314

Windows 32 bit

8689191: ORACLE 11G 11.1.0.7 PATCH 16 BUG FOR WINDOWS 32 BIT

Windows 64 bit

8689199: ORACLE 11G 11.1.0.7 PATCH 16 BUG FOR WINDOWS (64-BIT AMD64 AND INTEL EM64T)



Note:

The patches listed for UNIX/Linux in Table 32-1 are also available by the same names for Solaris SPARC 64 bit.


32.1.3 Patch Requirements for Oracle Database 11g (11.2.0.2.0)

If you are using Oracle Database 11g (11.2.0.2.0), make sure that you download and install the appropriate version (based on the platform) for the RDBMS Patch Number 9776940. This is a prerequisite for installing the Oracle Identity Manager schemas.

Table 32-2 lists the patches required for Oracle Identity Manager 11g Release 1 (11.1.1) configurations that use Oracle Database 11g Release 2 (11.2.0.2.0). Make sure that you download and install the following patches before creating Oracle Identity Manager schemas.

Table 32-2 Required Patches for Oracle Database 11g (11.2.0.2.0)

PlatformPatch Number and Description on My Oracle Support

Linux x86 (32-bit)

Linux x86 (64-bit)

Oracle Solaris on SPARC (64-bit)

Oracle Solaris on x86-64 (64-bit)

RDBMS Interim Patch#9776940.

Microsoft Windows x86 (32-bit)

Bundle Patch 2 [Patch#11669994] or later. The latest Bundle Patch is 4 [Patch# 11896290].

Microsoft Windows x86 (64-bit)

Bundle Patch 2 [Patch# 11669995] or later. The latest Bundle Patch is 4 [Patch# 11896292].


If this patch is not applied, then problems might occur in user and role search and manager lookup. In addition, search results might return empty result.


Note:

  • Apply this patch in ONLINE mode. Refer to the readme.txt file bundled with the patch for the steps to be followed.

  • In some environments, the RDBMS Interim Patch has been unable to resolve the issue, but the published workaround works. Refer to the metalink note "Wrong Results on 11.2.0.2 with Function-Based Index and OR Expansion due to fix for Bug:8352378 [Metalink Note ID 1264550.1]" for the workaround. This note can be followed to set the parameters accordingly with the only exception that they need to be altered at the Database Instance level by using ALTER SYSTEM SET <param>=<value> scope=<memory> or <both>.


32.1.4 Patch Requirements for Segregation of Duties (SoD)

Table 32-3 lists patches that resolve known issues with Segregation of Duties (SoD) functionality:

Table 32-3 SoD Patches

Patch Number / IDDescription and Purpose

Patch number 9819201 on My Oracle Support

Apply this patch on the SOA Server to resolve the known issue described in "SoD Check During Request Provisioning Fails While Using SAML Token Client Policy When Default SoD Composite is Used".

The description of this patch on My Oracle Support is "ERROR WHILE USING SAML TOKEN CLIENT POLICY FOR CALLBACK."

Patch ID 3M68 using the Oracle Smart Update utility. Requires passcode: 6LUNDUC7.

Using the Oracle Smart Update utility, apply this patch on the Oracle WebLogic Server to resolve the known issue described in "SoD Check Fails While Using Client-Side Policy in Callback Invocation During Request Provisioning".



Note:

The SoD patches are required to resolve the known issues in Oracle Identity Manager 11g Release 1 (11.1.1.3), but these patches are not required in 11g Release 1 (11.1.1.5).


32.1.5 Patch Upgrade Requirement

While applying the patch provided by Oracle Identity Manager, the following error is generated:

ApplySession failed: ApplySession failed to prepare the system.

OPatch version 11.1.0.8.1 must be upgraded to version 11.1.0.8.2 to meet the version requirement.

See "Obtaining Patches From My Oracle Support (Formerly OracleMetaLink)" for information about downloading OPatch from My Oracle Support.

32.2 General Issues and Workarounds

This section describes general issues and workarounds. It includes the following topics:

32.2.1 Do Not Use Platform Archival Utility

Currently, the Platform Archival Utility is not supported and should not be used.

To work around this issue, use the predefined scheduled task named Orchestration Process Cleanup Task to delete all completed orchestration processes and related data.

32.2.2 SPML-DSML Service is Unsupported

Oracle Identity Manager's SPML-DSML Service is currently unsupported in 11g Release 1 (11.1.1). However, you can manually deploy the spml-dsml.ear archive file for Microsoft Active Directory password synchronization.

32.2.3 Resource Object Names Longer than 100 Characters Cause Import Failure

If a resource object name is more than 100 characters, an error occurs in the database and the resource object is not imported. To work around this issue, change the resource object's name in the XML file so the name is less than 100 characters.

32.2.4 Status of Users Created Through the Create and Modify User APIs

You cannot create users in Disabled State. Users are always created in Active State.

The Create and Modify User APIs do not honor the Users.Disable User attribute value. If you pass a value to the Users.Disable User attribute when calling the Create API, Oracle Identity Manager ignores this value and the USR table is always populated with a value of 0, which indicates the user's state is Active.

Use the Disable API to disable a user.

32.2.5 Status of Locked Users in Oracle Access Manager Integrations

When Oracle Access Manager locks a user account in an Oracle Identity Manager-Oracle Access Manager integration, it may take approximately five minutes, or the amount of time defined by the incremental reconciliation scheduled interval, for the status of the locked account to be reconciled and appear in Oracle Identity Manager. However, if a user account is locked or unlocked in Oracle Identity Manager, the status appears immediately.

32.2.6 Generating an Audit Snapshot after Bulk-Loading Users or Accounts

The GenerateSnapshot.[sh|bat] option does not work correctly when invoked from the Bulk Load utility. To work around this issue and generate a snapshot of the initial audit after bulk loading users or accounts, you must run GenerateSnapshot.[sh|bat] from the $OIM_HOME/bin/ directory.

32.2.7 Browser Timezone Not Displayed

Due to an ADF limitation, the browser timezone is currently not accessible to Oracle Identity Manager. Oracle Identity Manager bases the timezone information in all date values on the server's timezone. Consequently, end users will see timezone information in the date values, but the timezone value will display the server's timezone.

32.2.8 Date Format Change in the SoD Timestamp Field Not Supported

The date-time value that end users see in the Segregation of Duties (SoD) Check Timestamp field on the SoD Check page will always display as "YYYY-MM-DD hh:mm:ss" and this format cannot be localized.

To work around this localization issue, perform the following steps:

  1. Open the "Oracle_eBusiness_User_Management_9.1.0.1.0/xml/Oracle-eBusinessSuite-TCA-Main-ConnectorConfig.xml" file.

  2. In the EBS Connector import xml, locate the SoDCheckTimeStamp field for the Process Form. Change <SDC_FIELD_TYPE> to 'DateFieldDlg' and change <SDC_VARIANT_TYPE> to 'Date' as shown in the following example:

    <FormField name = "UD_EBST_USR_SODCHECKTIMESTAMP">
                 <SDC_UPDATE>!Do not change this field!</SDC_UPDATE>
                 <SDC_LABEL>SoDCheckTimestamp</SDC_LABEL>
                 <SDC_VERSION>1</SDC_VERSION>
                 <SDC_ORDER>23</SDC_ORDER>
                 <SDC_FIELD_TYPE>DateFieldDlg</SDC_FIELD_TYPE>
                 <SDC_DEFAULT>0</SDC_DEFAULT>
                 <SDC_ENCRYPTED>0</SDC_ENCRYPTED>
                 <!--SDC_SQL_LENGTH>50</SDC_SQL_LENGTH-->
                 <SDC_VARIANT_TYPE>Date</SDC_VARIANT_TYPE>
             </FormField>
    
  3. Import the Connector.

  4. Enable SoD Check.

  5. Provision the EBS Resource with entitlements to trigger an SoD Check.

  6. Check the SoDCheckTimeStamp field in Process Form to confirm it is localized like the other date fields in the form.

32.2.9 Bulk Loading CSV Files with UTF-8 BOM Encoding Not Supported

Bulk loading a CSV file for which UTF-8 BOM (byte order mark) encoding is specified causes an error. However, bulk-loading UTF-8 encoded CSV files works as expected if you specify "no BOM" encoding.

To work around this issue,

  • If you want to load non-ASCII data, you must change your CSV file encoding to "UTF-8 no BOM" before loading the CSV file.

  • If your data is stored in CSV files with "UTF-8 BOM" encoding, you must change them to "UTF-8 no BOM" encoding before running the bulkload script.

32.2.10 Date Type Attributes are Not Supported for the Default Scheduler Job, "Job History Archival"

The default Scheduler job, "Job History Archival," does not support date type attributes.

The "Archival Date" attribute parameter in "Job History Archival" only accepts string patterns such as "ddMMyyyy" and "MMM DD, yyyy."

When you run a Scheduler job, the code checks the date format. If you enter the wrong format, an error similar to the following example, displays in the execution status list and in the log console:

<IAM-1020063> <Incorrect format of Archival Date parameter. Archival Date is expected in DDMMYYYY or UI Date format.>

The job cannot run successfully until you input the correct Archival Date information.

32.2.11 Low File Limits Prevent Adapters from Compiling

On machines where the file limits are set too low, trying to create and compile an entity adapter causes a "Too many open files" error and the adapter will not compile.

To work around this issue, change the file limits on your machine to the following (located in /etc/security/limits.conf) and then restart the machine:

  • soft nofile 4096

  • hard nofile 4096

32.2.12 Reconciliation Engine Requires Matching Rules

Currently, Oracle Identity Manager's Reconciliation Engine in 11g Release 1 (11.1.1) requires you to define a matching rule to identify the users for every connector in reconciliation. Errors will occur during reconciliation if you do not define a matching rule to identify users.

32.2.13 SPML Requests Do Not Report When Any Date is Specified in Wrong Format

When any date, such as activeStartDate, hireDate, and so on, is specified in an incorrect format, the Web server does not pass those values to the SPML layer. Only valid dates are parsed and made available to SPML. Consequently, when any SPML request that contains an invalid date format, the invalid date format from the request is ignored and is not available for that operation. For example, if you specify the HireDate month as "8" instead of "08," the HireDate will not be populated after the Create request is completed and no error message is displayed.

The supported date format is:

yyyy-MM-dd hh:mm:ss.fffffffff

No other date format is supported.

32.2.14 Logs Populated with SoD Exceptions When the SoD Message Fails and Gets Stuck in the Queue

SoD functionality uses JMS-based processing. Oracle Identity Manager submits a message to the oimSODQueue for each SoD request. If for some reason an SoD message always results in an error, Oracle Identity Manager never processes the next message in the oimSODQueue. Oracle Identity Manager always picks the same error message for processing until you delete that message from the oimSODQueue.

To work around this issue, use the following steps to edit the queue properties and to delete the SoD message in oimSODQueue:

  1. Log on to the WebLogic Admin Console at http://<hostname>:<port>/console

  2. From the Console, select Services, Messaging, JMS Modules.

  3. Click OIMJMSModule. All queues will be displayed.

  4. Click oimSODQueue.

  5. Select the Configurations, Delivery Failure tabs.

  6. Change the retry count so that the message can only be submitted a specified number of times.

  7. Change the default Redelivery Limit value from -1 (which means infinite) to a specific value. For example, if you specify 1, the message will be submitted only once.

  8. To review and delete the SoD error message, go to the Monitoring tab, select the message, and delete it.

32.2.15 A Backslash (\) Cannot Be Used in a weblogic.properties File

If you are using the WeblogicImportMetadata.cmd utility to import data to MDS, then do not use a backslash (\) character in a path in the weblogic.properties file, or an exception will occur.

To work around this issue, you must use a double backslash (\\) or a forward slash (/) on Microsoft Windows. For example, change metadata_from_loc=C:\metadata\file to metadata_from_loc=C:\\metadata\\file in the weblogic.properties file.

32.2.16 Underscore Character Cannot Be Used When Searching for Resources

When you are searching for a resource object, do not use an underscore character (_) in the resource name. The search feature ignores the underscore and consequently does not return the expected results.

32.2.17 Assign to Administrator Action Rule is Not Supported by Reconciliation

Reconciliation does not support the Assign to Administrator Action rule.

To work around this issue, change the Assign to Administrator to None in the connector XML before importing the connector. However, after changing the value to None, you cannot revert to Assign to Administrator.

32.2.18 Some Buttons on Attestation Screens Do Not Work in Mozilla Firefox

If you are creating attestations in a Mozilla Firefox Web browser and you click certain buttons, nothing happens.

To work around this issue, click the Refresh button to refresh the page.

32.2.19 The maxloginattempts System Property Causes Autologin to Fail When User Tries to Unlock

WLS Security Realm has a default lock-out policy that locks out users for some time after several unsuccessful login attempts. This policy can interfere with the locking and unlocking functionality of Oracle Identity Manager.

To prevent the WLS Security Realm lock-out policy from affecting the lock/unlock functionality of Oracle Identity Manager, you must set the 'Lockout Threshold' value in the WLS 'User Lockout Policy' to at least 5 more than the value in Oracle Identity Manager. For example, if the value in Oracle Identity Manager is set to 10, you must set the WLS 'Lockout Threshold' value to 15.

To change the default values for the 'User lockout Policy,' perform the following steps:

  1. Open the WebLogic Server Administrative Console.

  2. Select Security Realms, REALM_NAME.

  3. Select the User Lockout tab.

  4. If configuration editing is not enabled, then click the Lock and Edit button to enable configuration editing.

  5. Change the value of lockout threshold to the required value.

  6. Click Save to save the changes.

  7. Click Activate to activate your changes.

  8. Restart all the servers in the domain.

32.2.20 "<User not found>" Error Message Appears in AdminServer Console While Setting-Up an Oracle Identity Manager-Oracle Access Manager Integration

When you set up Oracle Identity Manager-Oracle Access Manager Integration with a JAVA agent and log into the Admin Server Console, a "<User not found>" error message is displayed. This message displays even when the login is successful.

32.2.21 Do Not Use Single Quote Character in Reconciliation Matching Rule

If the single quote character (') is used in reconciliation data (for example, 'B'1USER1'), then target reconciliation will fail with an exception.

32.2.22 Do Not Use Special Characters When Reconciling Roles from LDAP

Due to a limitation in the Oracle SOA Infrastructure, do not use special characters such as commas (,) in role names, group names, or container descriptions when reconciling roles from LDAP. Oracle Identity Manager's internal code uses special characters as delimiters. For example, Oracle Identity Manager uses commas (,) as approver delimiters and the SOA HWF-level global configuration uses commas as assignee delimiters.

32.2.23 SoD Check During Request Provisioning Fails While Using SAML Token Client Policy When Default SoD Composite is Used

SoD check fails and the following error is displayed on the SOA console when SoD check is performed during request provisioning only when the Default SoD Check composite is used:

SEVERE: FabricProviderServlet.handleException Error during retrieval of test page or composite resourcejavax.servlet.ServletException: java.lang.NullPointerException

This happens when Callback is made from Oracle Identity Manager to SOA with the SoDCheck Results.

To resolve this issue, apply patch 9819201 on the SOA server. You can obtain patch 9819201 from My Oracle Support. The description of this patch on My Oracle Support is "ERROR WHILE USING SAML TOKEN CLIENT POLICY FOR CALLBACK."

For more information, refer to:

32.2.24 SoD Check Fails While Using Client-Side Policy in Callback Invocation During Request Provisioning

SoD check fails and following error is displayed on the Oracle Identity Manager Administrative and User Console when SoD check is performed during request provisioning only when the Default SoD Check composite is used:

<Error> <oracle.wsm.resources.policymanager><WSM-02264> <"/base_domain/oim_server1/oim/unknown/iam-ejb.jar/WEBSERVICECLIENTs/SoDCheckResultService/PORTs/ResultPort" is not a recognized resource pattern.>
<Error> <oracle.iam.sod.impl> <IAM-4040002><Error getting Request Service : java.lang.IllegalArgumentException: WSM-02264 "/base_domain/oim_server1/oim/unknown/iam-ejb.jar/WEBSERVICECLIENTs/SoDCheckResultService/PORTs/ResultPort" is not a recognized resource pattern.>

To resolve this issue, use the Oracle Smart Update utility to apply patch ID 3M68, which requires passcode of 6LUNDUC7, on Oracle WebLogic Server. For more information, refer to:

32.2.25 Error May Appear During Provisioning when Generic Technology Connector Framework Uses SPML

When using the generic technology connector framework uses SPML, during provisioning, the following error may appear:

<SPMLProvisioningFormatProvider.formatData :problem with Velocity Template Unable
to find resource 'com/thortech/xl/gc/impl/prov/SpmlRequest.vm'>

If the error occurs, it blocks provisioning by using the predefined SPML GTC provisioning format provider. Restarting the Oracle Identity Manager server prevents the error from appearing again.

32.2.26 Cannot Click Buttons in TransUI When Using Mozilla Firefox

When using the Mozilla Firefox browser, in certain situations, some buttons in the legacy user interface, also known as TransUI, cannot be clicked. This issue occurs intermittently and can be resolved by using Firefox's reload (refresh) function.

32.2.27 LDAP Handler May Cause Invalid Exception While Creating, Deleting, or Modifying a Role

If an LDAP handler causes an exception when you create, modify, or delete a role, an invalid error message, such as System Error or Role does not exist, may appear.

To work around this issue, look in the log files, which will display the correct error message.

32.2.28 Cannot Reset User Password Comprised of Non-ASCII Characters

If a user's password is comprised of non-ASCII characters, and that user tries to reset the password from either the My Profile or initial login screens in the Oracle Identity Manager Self Service interface, the reset will fail with the following error message:

Failed to change password during the validation of the old password

Note:

This error does not occur with user passwords comprised of only ASCII characters.


To work around this issue, perform the following steps:

  1. Set the JVM file encoding to UTF8, for example: -Dfile.encoding=UTF-8


    Note:

    On Windows systems, this may cause the console output to appear distorted, though output in the log files appear correctly.


  2. Restart the Oracle WebLogic Server.

32.2.29 Benign Exception and Error Message May Appear While Patching Authorization Policies

When patches are applied to the Authorization Polices that are included with Oracle Identity manager and the JavaSE environment registers the Oracle JDBC driver, java.security.AccessControlException is reported and the following error message appears:

Error while registering Oracle JDBC Diagnosability MBean

You can ignore this benign exception, as the Authorization Policies are seeded successfully, despite the exception and error messages.

32.2.30 The DateTime Pick in the Trans UI Does Not Work Correctly in the Thai Locale

When locale is set to th_TH in Microsoft Windows Internet Explorer Web browser, the datetime in Oracle Identity Manager follows the Thai Buddhist calendar. In the Create Attestation page of the Administrative and User Console, when you select a date for start time, the year is displayed according to the Thai Buddhist calendar, for example, 2553. After you click OK, the equivalent year according to the Gregorian calendar, which is 2010, is displayed in the start time field. But when you click Next to continue creating the attestation, an error message is displayed stating that the start time of the process must not belong to the past.

To workaround this issue, perform any one of the following:

  • Specify the datetime manually.

  • Use Mozilla Firefox Web browser, which uses the Gregorian calendar.

32.2.31 User Without Access Policy Administrators Role Cannot View Data in Access Policy Reports

OIM user without the ACCESS POLICY ADMINISTRATORS role cannot view data in the following reports:

  • Access Policy Details

  • Access Policy List by Role

To workaround this issue:

  1. Assign the ACCESS POLICY ADMINISTRATORS role to an OIM user.

  2. Create a BI Publisher user with the same username in Step 1. Assign appropriated BI Publisher role to view reports.

  3. Login as the BI Publisher user mentioned in step 2. View the Access Policy Details and Access Policy List by Role reports. All access policies are displayed.

32.2.32 Archival Utility Throws an Error for Empty Date

In case of empty date, archival utility throws an error message, but proceeds to archive data by mapping to the current date. Currently, no workaround exists for this issue.

32.2.33 TransUI Closes with Direct Provisioning of a Resource

TransUI closes while doing a direct provisioning if user defined field (UDF) is created with the default values. To work around this issue, you need to create a Lookup Code for the INTEGER/DOUBLE type UDF in the LKU/LKV table.

32.2.34 Scheduler Throws "ParameterValueTypeNotSupportedException" Instead of "RequiredParameterNotSetException"

On AIX platform, when a required parameter is missing during the creation of a scheduler job, instead of throwing "RequiredParameterNotSetException" with the error message "The value is not set for required parameters of a scheduled task.", it throws "ParameterValueTypeNotSupportedException" with the error message "Parameter value is not set properly". Currently, no workaround exists for this issue.

32.2.35 All New User Attributes Are Not Supported for Attestation in Oracle Identity Manager 11g

New user attributes are added in Oracle Identity Manager 11g. Not all of them are available for Attestation while defining user-scope. However, Attestation has been enhanced to include the following user attributes:

  • USR_COUNTRY

  • USR_LDAP_ORGANIZATION

  • USR_LDAP_ORGANIZATION_UNIT

  • USR_LDAP_GUID

Currently, no workaround exists for this issue.

32.2.36 LDAP GUID Mapping to Any Field of Trusted Resource Not Supported

Update fails in LDAP, if LDAP GUID is mapped to any field of trusted resource in LDAP-SYNC enabled installation. To work around this issue, Oracle does not recommend mapping for LDAP GUID field while creating reconciliation field mapping for a trusted resource.

32.2.37 User Details for Design Console Access Field Must Be Mapped to Correct Values When Reading Modify Request Results

When a Modify Request is raised, "End-User" and "End-User Administrator" values are displayed for the "Design Console Access" field. These values must be mapped to False/True while interpreting the user details.

32.2.38 Cannot Create a User Containing Asterisks if a Similar User Exists

If you try to create a user that contains an asterisk (*) after creating a user with a similar name, the attempt will fail. For example, if you create user test1test, followed by test*test, test*test will not be created.

It is recommended to not create users with asterisks in the User Login field.

32.2.39 Blank Status Column Displayed for Past Proxies

The Status field on the Post Proxies page is blank. However, active proxies are displayed correctly on Current Proxies page.

Currently, no workaround exists for this issue.

32.2.40 Mapping the Password Field in a Reconciliation Profile Prevents Users from Being Created

The Password field is available to be mapped with a reconciliation profile, but it should not be used. Attempting to map this field will generate a reconciliation event that will not create users. (The event ends in "No Match Found State".) In addition, you will not be able to re-evaluate or manually link this event.

32.2.41 UID Displayed as User Login in User Search Results

Although you can select the UID attribute from the Search Results Table Configuration list on the Search Configuration page of the Advanced Administration, the search results table for advanced search for users displays the User Login field instead of the UID field.

32.2.42 Roles/Organizations Browse Trees Disappear

After you delete an organization, the Browse trees for organizations and roles might not be displayed.

To work around this issue, click the Search Results tab, then click the Browse tab. The roles and organizations browse trees display correctly.

32.2.43 Entitlement Selection Is Not Optional for Data Gathering

Entitlement (Child Table) selection during data gathering on the process form, for the "Depends On (Depended)" attribute is not optional. During data gathering, if dependent lookups are configured, then the user has to select the parent lookup value so that filtering happens on the child lookup and thus user gets a final list of entitlements to select . Currently, no workaround exists to directly filter the values based on the child lookup.

32.2.44 Oracle Identity Manager Server Throws Generic Exception While Deploying a Connector

Generic exceptions are shown in server logs every time deployment manager import happens or profile changes manually or profile changes via design console. This is because "WLSINTERNAL" is not an authorized user of Oracle Identity Manager. "WLSINTERNAL" is an internal user of WebLogic Server, and MDS uses it to invoke MDS listeners if there is a change in XMLs stored in MDS. Currently, no workaround exists for this issue.

32.2.45 Create User API Allows Any Value for the "Users.Password Never Expires", "Users.Password Cannot Change", and "Users.Password Must Change" Fields

Create User API allows the user to set any value between 0 and 9 instead of 0 or 1 for "Users.Password Never Expires", "Users.Password Cannot Change" and "Users.Password Must Change" fields. However, any value other than 0 is considered as TRUE and 0 is considered as FALSE, and the flag is set accordingly for the user being created. Currently, no workaround exists for this issue.

32.2.46 Incorrect Label in JGraph Screen for the GTC

The User Type label on the JGraph screen is displayed incorrectly as Design Console Access. To display User Type, add the line Xellerate_Type=User Type to the OIM_HOME/server/customResources/customResources.properties file.

32.2.47 Running the Workflow Registration Utility Generates an Error

When the workflow registration utility is run in a clustered deployment of Oracle Identity Manager, the following error is generated:

[java] oracle.iam.platform.utils.NoSuchServiceException:
java.lang.reflect.InvocationTargetException

Ignore the error message.

32.2.48 Native Performance Pack is Not Enabled On Solaris 64-bit JVM Install

For Oracle Identity Manager JVM install on a Solaris 64-bit computer, Oracle WebLogic log displays the following error:

Unable to load performance pack. Using Java I/O instead. Please ensure that a native performance library is in:

To workaround this issue, perform the following to ensure that JDK picks up the 64-bit native performance:

  1. In a text editor, open the MIDDLEWARE_HOME/wlserver_10.3/common/bin/commEnv.sh file.

  2. Replace the following:

    SUN_ARCH_DATA_MODEL="32"
    

    With:

    SUN_ARCH_DATA_MODEL="64"
    
  3. Save and close the commEnv.sh file.

  4. Restart the application server.

32.2.49 Error in the Create Generic Technology Connector Wizard

If you enter incorrect credentials for the database on the Create Generic Technology Connector wizard, a system error window is displayed. You must close this window and run the wizard again.

32.2.50 DSML Profile for the SPML Web Service is Not Deployed With Oracle Identity Manager

The DSML profile for the SPML Web service is not deployed by default with Oracle Identity Manager 11g Release 1 (11.1.1). SPML-DSML binaries are bundled with the Oracle Identity Manager installer to support Microsoft Active Directory Password Synchronization. You must deploy the spml-dsml.ear file manually.

32.2.51 New Human Tasks Must Be Copied in SOA Composites

When you add a new human task to an existing SOA composite, you must ensure that all the copy operations for the attributes in the original human task are added to the new human task. Otherwise, an error could be displayed on the View Task Details page.

32.2.52 Modify Provisioned Resource Request Does Not Support Service Account Flag

A regular account cannot be changed to a service account, and similarly, a service account cannot be changed to a regular account through a Modify Provisioned Resource request.

32.2.53 Erroneous "Query by Example" Icon in Identity Administration Console

In the Identity Administration console, when viewing role details from the Members tab, an erroneous icon with the "tooltip" (mouse-over text) of "Query By Example" appears. This "Query By Example" icon is non-functional and should be ignored.

32.2.54 The XL.ForcePasswordChangeAtFirstLogin System Property Is No Longer Used

The XL.ForcePasswordChangeAtFirstLogin system property is no longer used in Oracle Identity Manager 11g Release 1 (11.1.1.1). Therefore, forcing the user to change the password at first login cannot be configured. By default, the user must change the password:

  • When the new user, other than self-registered users, is logging in to Oracle Identity Manager for the first time

  • When the user is logging in to Oracle Identity Manager for the first time after the password has been reset

32.2.55 The tcExportOperationsIntf.findObjects(type,name) API Does Not Accept the Asterisk (*) Wilcard Character in Both Parameters

The tcExportOperationsIntf.findObjects(type,name) API accepts the asterisk (*) wildcard character only for the second parameter, which is name. For type, a category must be specified. For example, findObjects("Resource","*") is a valid call, but findObjects("*","*") is not valid.

32.2.56 Disabled Links on the Access Policy Summary Page Opened in Mozilla FireFox

In the Verify Information for this Access Policy page of the Create/Modify Access Policy wizards opened in Mozilla Firefox Web browser, you click Change for resource to be provisioned by the access policy, and then click Edit to edit the process form data for the resources to be provisioned. If you click the Close button on the Edit form, then the change links for any one of the access policy information sections, such as resources to be provisioned by the access policy, resources to be denied by the access policy, or roles for the access policy, do not work.

To workaround this issue, click Refresh. All the links in the Verify Information for this Access Policy page are enabled.

32.2.57 Benign Error is Generated on Editing the IT Resource Form in Advanced Administration

When you click the Edit link on the IT Resource form in the Advanced Administration, the following error message is logged:

<Error> <XELLERATE.APIS> <BEA-000000>
<Class/Method: tcFormDefinitionOperationsBean/getFormFieldPropertyValue encounter some problems: Property 'Column Names' has not defined for the form field '-82'> 

The error message is benign and can be ignored because there is no loss of functionality.

32.2.58 User Account is Not Locked in iPlanet Directory Server After it is Locked in Oracle Identity Manager

After reaching the maximum login attempts, a user is locked in Oracle Identity Manager. But in iPlanet DS/ODSEE, the user is not locked. The orclAccountLocked feature is not supported because the backend iPlanet DS/ODSEE does not support account unlock by setting the Operational attribute. Account is unlocked only with a password reset. The nsaccountlock attribute is available for administrative lockout. The password policies do not use this attribute, but you can use this attribute to independently lock an account. If the password policy locks the account, then nsaccountlock locks the user even after the password policy lockout is gone.

32.2.59 Oracle Identity Manager Does Not Support Autologin With JavaAgent

In an Oracle Access Manager (OAM) integrated deployment of Oracle Identity Manager with JavaAgent, when a user created in Oracle Identity Manager tries to login to the Oracle Identity Manager Administrative and User Console for the first time, the user is forced to reset password and set challenge questions. After this, the user is not logged in to Oracle Identity Manager automatically, but is redirected to the OAM login page. This is because Oracle Identity Manager does not support autologin when JavaAgent is used.

32.2.60 Benign Error Logged on Opening Access Policies, Resources, or Attestation Processes

As a delegated administrator, when you open the page to display the details of an access policy, resource, or attestation process, the following error is logged:

Error> <org.apache.struts.tiles.taglib.InsertTag> <BEA-000000>
<Can't insert page '/gc/EmptyTiles.jsp' : Write failed: Broken pipe  java.net.SocketException: Write failed: Broken pipe

The error is benign and can be ignored because there is no loss of functionality.

32.2.61 User Locked in Oracle Identity Manager But Not in LDAP

In a LDAP-enabled deployment of Oracle Identity Manager in which the directory servers are Microsoft Active Directory (AD) or Oracle Internet Directory (OID), when a user is manually locked in Oracle Identity Manager by the administrator, the user is not locked in LDAP if a password policy is not configured in LDAP. The configurable password policy in LDAP can either be the default password policy that is applicable to all the LDAP users, or it can be a user-specific Password Setting Object (PSO).

32.2.62 Reconciliation Profile Must Not Be Regenerated Via Design Console for Xellerate Organization Resource Object

By default, the Xellerate Organization resource object does not have reconciliation to Oracle Identity Manager field mappings and any matching/action rule information. As a result, when reconciliation profile for Xellerate Organization resource object is updated via Design Console, it corrupts the existing reconciliation configuration for that resource object, and reconciliation fails with empty status.

To workaround this issue, do not generate the reconciliation profile/configuration via the Design Console. Instead, export the Xellerate Organization profile from Meta Data Store (MDS) and edit it manually, and import it back into Oracle Identity Manager. If the profile changes include modification of the reconciliation fields, then the corresponding changes must be made in the horizontal table schema and its entity definition as well.

32.2.63 Benign Error Logged on Clicking Administration After Upgrade

After upgrading Oracle Identity Manager from Release 9.1.0.1 to 11g Release 1 (11.1.1), on clicking the Administration link on the Administrative and User Console, the following error is logged:

<Error> <oracle.adfinternal.view.page.editor.utils.ReflectionUtility>
<WCS-16178> <Error instantiating class - oracle.adfdtinternal.view.faces.portlet.PortletDefinitionDTFactory>

This error is benign and can be ignored because there is no loss of functionality.

32.2.64 Provisioning Fails Through Access Policy for Provisioned User

When a user is already provisioned and you try to assign a role to the user that triggers provisioning to the target domain, the provisioning is not started. However, if the user is not provisioned already and you assign a role to the user, then the provisioning occurs successfully.

To workaround this issue:

  1. Open the connector-specific user form in the Design Console.

  2. Create a new version of the connector, and select Edit.

  3. Click the Properties tab, and then click server (ITResourceLookupField). Click Add Property.

  4. Add Required for the property and specify true. Click Make Version Active, and then click Save.

  5. Login to Oracle Identity Manager Administrative and User Console.

  6. Navigate to System Property. Search for the 'Allows access policy based provisioning of multiple instances of a resource' system property. Change the value of this property to TRUE.

  7. Restart Oracle Identity Manager.

Try provisioning a provisioned user to provision through access policy of the same IT Resource Type, and the provisioning is successful.

32.2.65 Benign Warning Messages Displayed During Oracle Identity Manager Managed Server Startup

Several messages resembling the following are logged during Oracle Identity Manager managed server startup:

<Mar 30, 2011 6:51:01 PM PDT> <Warning> <oracle.iam.platform.kernel.impl>
<IAM-0080071> 
<Preview stage is not supported in kernel and found an event handler with name ProvisionAccountPreviewHandler implemented by the class oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountPreviewHandlerfor this stage. It will be ignored.>

These warning messages are benign and can be ignored because there is no loss of functionality.

32.2.66 Benign Message Displayed When Running the Deployment Manager

When running the Deployment Manager, a message with header ' XUL SYNTAX: ID Conflict' is displayed.

This message is benign and can be ignored because there is no loss of functionality. Close the message and continue.

32.2.67 Deployment Manager Export Fails When Started Using Microsoft Internet Explorer 7 With JRE Plugin 1.6_23

After upgrading Oracle Identity Manager from an earlier release to 11g Release 1 (11.1.1), when you use the Microsoft Internet Explorer 7 Web browser with JRE plugin 1.6_23 to open the Administrative and User Console and try to export files by using the Deployment Manager, an error is generated and you cannot proceed with the export.

To workaround this issue, use a combination of the following Web browsers and plugins:

  • Mozilla Firefox 3.6 and JRE version 1.6_23 on 64-bit computer

  • Microsoft Internet Explorer 7 and JRE version 1.5

  • Microsoft Internet Explorer 8 and JRE version 1.6_18

  • Microsoft Internet Explorer 7 and JRE version 1.6_24

32.2.68 User Creation Fails in Microsoft Active Directory When Value of Country Attribute Exceeds Two Characters

In a LDAP-enabled deployment of Oracle Identity Manager, user creation fails in the Microsoft Active Directory (AD) server if the value of the Country attribute exceeds two characters. AD mandates two characters for the Country attribute, for example US, based on the ISO 3166 standards.

32.2.69 Deployment Manager Import Fails if Scheduled Job Entries Are Present Prior To Scheduled Task Entries in the XML File

In Oracle Identity Manager 11g Release 1 (11.1.1), schedules job has a dependency on scheduled task. Therefore, scheduled task must be imported prior to scheduled job.

As a result, if a XML file has scheduled job entries prior to scheduled task entries, then importing the XML file using Deployment Manager fails with the following error message:

[exec] Caused By: oracle.iam.scheduler.exception.SchedulerException: Invalid ScheduleTask definition
[exec] com.thortech.xl.ddm.exception.DDMException

To workaround this issue, open the XML file and move all scheduled task entries above the scheduled job entries.

32.2.70 Permission on Target User Required to Revoke Resource

When you login to the Administrative and User Console with Identity User Administrators and Resource Administrators roles, direct provision a resource to a user, and attempt to revoke the resource from the user, an error message is displayed.

To workaround this issue, you (logged-in user) must have the write permission on the target user (such as user1). To achieve this:

  1. Create a role, such as role1, and assign self to this role.

  2. Create an organization, such as org1, and assign role1 as administrative group.

  3. Modify the user user1 and change its organization to org1. You can now revoke the resource from user1.

32.2.71 Reconciliation Event Fails for Trusted Source Reconciliation Because of Missing Reconciliation Rule in Upgraded Version of Oracle Identity Manager

When Oracle Identity Manager is upgraded from an earlier release to 11g Release 1 (11.1.1), for trusted source reconciliation, such as trusted source reconciliation using GTC, the reconciliation event fails with the following error message because of a missing reconciliation rule:

<Mar 31, 2011 6:27:41 PM CDT> <Info> <oracle.iam.reconciliation.impl>
<IAM-5010006> <The following exception occurred: {0}
oracle.iam.platform.utils.SuperRuntimeException:
Error occurred in XL_SP_RECONEVALUATEUSER while processing Event No 3
Error occurred in XL_SP_RECONUSERMATCH while processing Event No 3
One or more input parameter passed as null

To workaround this issue:

  1. Create a reconciliation rule for the resource object.

  2. In the Resource Object form of the Design Console, click Create Reconciliation Profile.

32.2.72 XML Validation Error on Oracle Identity Manager Managed Server Startup

The following error message is logged at the time of Oracle Identity Manager Managed Server startup:

<Mar 29, 2011 2:49:31 PM PDT> <Error> <oracle.iam.platform.kernel.impl>
<IAM-0080075> <XML schema validation failed for XML/metadata/iam-features-callbacks/event_configuration/EventHandlers.xml and it will not be loaded by kernel. >

<Mar 29, 2011 2:49:32 PM PDT> <Error> <oracle.iam.platform.kernel.impl>
<IAM-0080075> <XML schema validation failed for XML/metadata/iam-features-OIMMigration/EventHandlers.xml and it will not be loaded by kernel. >

This error message is benign and can be ignored because there is no loss of functionality.

32.2.73 Cannot View or Edit Adapter Mapping in the Data Object Manager Form of the Design Console

When you click Map on the Map Adapters tab in the Data Object Manager form of the Design Console, a dialog box is displayed that allows you to edit the individual entity adapter mappings. But the list with fields on the user object to map is displayed as empty. As a result, you cannot view or edit the individual entity adapter mappings.

Use of entity adapters is deprecated in Oracle Identity Manager 11g Release 1 (11.1.1), although limited support is still provided for backward compatibility only. Event handlers must be used for all new or changed scenarios.

32.2.74 Role Memberships for Assign or Revoke Operations Not Updated on Enabling or Disabling Referential Integrity Plug-in

In a multi-directory deployment, the secondary server must be OID. The primary server can be OID or AD. For example, users can be stored in the OID or AD primary server, and roles can be stored in the OID secondary server. Enabling of disabling the referential integrity plug-in does not update the role memberships for assign or revoke operations.

32.2.75 Deployment Manager Import Fails if Data Level for Rules is Set to 1

An entry in the Oracle Identity Manager database cannot be updated if data level is set to 1. When you try to import a Deployment Manager XML, the following error is displayed:

Class/Method: tcTableDataObj/updateImplementation Error :The row cannot be updated.
[2011-04-06T07:25:36.583-05:00] [oim_server1] [ERROR] []
[XELLERATE.DDM.IMPORT] [tid: [ACTIVE].ExecuteThread: '6' for queue:
'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid:
cad00d8aeed4d8fc:-67a4db1a:12f2abbac4b:-8000-000000000000018e,0] [APP:
oim#11.1.1.3.0] The security level for this data item indicates that it cannot be updated.

To workaround this issue, open the XML file and change the data level for rules from 1 to 0, as shown:

<RUL_DATA_LEVEL>0</RUL_DATA_LEVEL>

32.2.76 Reconciliation Data Displays Attributes That Are Not Modified

In an Oracle Identity Manager deployment with LDAP synchronization enabled and Microsoft Active Directory (AD) as the directory server, the Reconciliation Data tab of the Event Management page in the Administrative and User Console displays all the attributes of the reconciled user instead of displaying only the modified attributes. This is because of the way AD changelogs are processed, in which the entire entry is marked as updated when any attribute is changed. Therefore, Oracle Virtual Directory (OVD) returns the full entry. There is no way to figure out which attribute has been modified as a result of reconciliation.

32.2.77 Benign Errors Displayed on Starting the Scheduler Service When There are Scheduled Jobs to be Recovered

When the Scheduler service is started and there are some scheduled jobs that have not been recovered, the following error might be logged in the oim_diagnostic log:

Caused by: java.lang.NullPointerException
at
org.quartz.SimpleTrigger.computeNumTimesFiredBetween(SimpleTrigger.java:800)
at org.quartz.SimpleTrigger.updateAfterMisfire(SimpleTrigger.java:514)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.doUpdateOfMisfiredTrigger(JobStor
eSupport.java:944)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.recoverMisfiredJobs(JobStoreSuppo
rt.java:898)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.recoverJobs(JobStoreSupport.java:
780)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport$2.execute(JobStoreSupport.java:75
2)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport$40.execute(JobStoreSupport.java:3
628)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.executeInNonManagedTXLock(JobStor
eSupport.java:3662)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.executeInNonManagedTXLock(JobStor
eSupport.java:3624)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.recoverJobs(JobStoreSupport.java:
748)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.schedulerStarted(JobStoreSupport.
java:573)

This error is benign and can be ignored because there is no loss of functionality.

In an upgrade environment, the next time when some scheduled jobs will be triggered is not defined. This results in a null input for Quartz code, which is not handled gracefully in earlier versions of Quartz. This has been fixed in Quartz version 1.6.3, and therefore, this error is not generated when you upgrade to that version of Quartz.

32.2.78 Trusted Source GTC Reconciliation Mapping Cannot Display Complete Attribute Names

When creating a trusted GTC (for example, flat file), the right-hand column under OIM User is not wide enough to display the complete names for many attributes. For example, two entries are displayed as 'LDAP Organizati', whereas the attribute names are 'LDAP Organization' and 'LDAP Organization Unit'.

To workaround this issue, click the Mapping button for the attribute. The Provide Field Information dialog box is displayed with the complete attribute name.

32.2.79 Benign Error Logged for Database Connectivity Test

When running the database connectivity test in XIMDD, the following error is logged multiple times:

<Apr 10, 2011 7:45:20 PM PDT> <Error> <Default> <J2EE JMX-46335> <MBean attribute access denied.
   MBean: oracle.logging:type=LogRegistration
   Getter for attribute Application
   Detail: Access denied. Required roles: Admin, Operator, Monitor, executing
subject: principals=[REQUEST TEMPLATE ADMINISTRATORS, SYSTEM ADMINISTRATORS, APPROVAL POLICY ADMINISTRATORS, oimusers, xelsysadm, PLUGIN ADMINISTRATORS]
java.lang.SecurityException: Access denied. Required roles: Admin, Operator, Monitor, executing subject: principals=[REQUEST TEMPLATE ADMINISTRATORS, SYSTEM ADMINISTRATORS, APPROVAL POLICY ADMINISTRATORS, oim users, xelsysadm, PLUGIN ADMINISTRATORS]

Each time the error occurs in the log, the name of the bean is different, but the error is same. In spite of these errors, the test passes. These errors are benign and can be ignored because there is no loss of functionality.

32.2.80 MDS Validation Error When Importing GTC Provider Through the Deployment Manager

An MDS validation error is generated when you import the GTC provider by using the Deployment Manager.

To workaround this issue, do not import the GTC provider through the Deployment Manager. If the Deployment Manager XML file contains tags for GTC provider, then remove it and import the rest of the XML by using the Deployment Manager. Import the XML file with the GTC provider tags separately by using the MDS import utility. To do so:

  1. If the XML file being imported through the Deployment Manager contains <GTCProvider> tags, then remove these tags along with everything under them.

    The following is an example of the original XML file to be imported:

    <?xml version = '1.0' encoding = 'UTF-8'?>
    <xl-ddm-data version="2.0.1.0" user="XELSYSADM"
    database="jdbc:oracle:thin:@localhost:5521:myps12"
    exported-date="1302888552341" description="sampleGTC"><GTCProvider
    repo-type="MDS" name="InsertIntoTargetList"
    mds-path="/db/GTC/ProviderDefinitions"
    mds-file="InsertIntoTargetListProvTransport.xml"><completeXml><Provider><Provi
    der>
       <Provisioning>
          <ProvTransportProvider
    class="provisioningTransportProvider.InsertIntoTargetList"
    name="InsertIntoTargetList">
             <Configuration>
                <Parameter datatype="String" name="targetServerName"
    type="Runtime" encrypted="NO" required="YES"/>
                <Response code="FUNCTIONALITY_NOT_SUPPORTED"
    description="Functionality not supported"/>
                <Response code="TARGET_SERVER_NAME_MISSING" description="Target
    server name is missing"/>
                <Response code="TARGET_SERVER_NAME_STARTSWITH_A"
    description="Target server name starts with A, from XML"/>
                <Response code="PROBLEM_WHILE_INITIALIZAING" description="Problem
    occured while intializing Provider instance"/>
             </Configuration>
          </ProvTransportProvider>
       </Provisioning>
    </Provider></Provider></completeXml></GTCProvider><GTCProvider
    repo-type="MDS" name="PrepareDataHMap" mds-path="/db/GTC/ProviderDefinitions"
    mds-file="PrepareDataHMapProvFormat.xml"><completeXml><Provider><Provider>
       <Provisioning>
          <ProvFormatProvider class="provisioningFormatProvider.PrepareDataHMap"
    name="PrepareDataHMap">
             <Configuration>
                <DefaultAttribute datatype="String" name="testField" size="40"
    encrypted="NO"/>
                <Response code="INCORRECT_PROCESS_DATA" description="Incorrect
    process data received from GTC provisioning framework"/>
                <Response code="PROCESSING_ISSUE" description="Processing issue
    in Preparing provisioning input, check logs"/>
             </Configuration>
          </ProvFormatProvider>
       </Provisioning>
    </Provider></Provider></completeXml></GTCProvider><GTCProvider
    repo-type="MDS" name="IsValidOrgInOIM" mds-path="/db/GTC/ProviderDefinitions"
    mds-file="IsValidOrgInOIM.xml"><completeXml><Provider><Provider>
       <Validation>
          <ValidationProvider class="validationProvider.IsValidOrgInOIM"
    name="IsValidOrgInOIM">
             <Configuration>
                <Parameter datatype="String" name="maxOrgSize"/>
             </Configuration>
          </ValidationProvider>
       </Validation>
    </Provider></Provider></completeXml></GTCProvider><GTCProvider
    repo-type="MDS" name="ConvertToUpperCase"
    mds-path="/db/GTC/ProviderDefinitions"
    mds-file="ConvertToUpperCase.xml"><completeXml><Provider><Provider>
       <Transformation>
          <TransformationProvider
    class="transformationProvider.ConvertToUpperCase" name="ConvertToUpperCase">
             <Configuration>
                <Parameter type="Runtime" datatype="String" required="YES"
    encrypted="NO" name="Input"/>
                <Response code="errorRespNullInput" description="Input String is
    Missing"/>
             </Configuration>
          </TransformationProvider>
       </Transformation>
    </Provider></Provider></completeXml></GTCProvider><Resource repo-type="RDBMS"
    name="SAMPLEGTC_GTC">....</Resource><Process repo-type="RDBMS"
    name="SAMPLEGTC_GTC">
    ...........
    </Process><Form repo-type="RDBMS" name="UD_SAMPLEGT" subtype="Process
    Form">.....
    </Form>....</xl-ddm-data>
    
  2. Import the rest of the XML file through the Deployment Manager.

    The following is the XML file after removing the <GTCProvider> tags from the original XML file. Import this XML file by using the Deployment Manager.

    <?xml version = '1.0' encoding = 'UTF-8'?>
    <xl-ddm-data version="2.0.1.0" user="XELSYSADM"
    database="jdbc:oracle:thin:@localhost:5521:myps12"
    exported-date="1302888552341" description="sampleGTC"><Resource
    repo-type="RDBMS" name="SAMPLEGTC_GTC">....</Resource><Process
    repo-type="RDBMS" name="SAMPLEGTC_GTC">
    ...........
    </Process><Form repo-type="RDBMS" name="UD_SAMPLEGT" subtype="Process
    Form">.....
    </Form>....</xl-ddm-data>
    

    The following is the removed XML content:

    <GTCProvider
    repo-type="MDS" name="InsertIntoTargetList"
    mds-path="/db/GTC/ProviderDefinitions"
    mds-file="InsertIntoTargetListProvTransport.xml"><completeXml><Provider><Provider>
       <Provisioning>
          <ProvTransportProvider
    class="provisioningTransportProvider.InsertIntoTargetList"
    name="InsertIntoTargetList">
             <Configuration>
                <Parameter datatype="String" name="targetServerName"
    type="Runtime" encrypted="NO" required="YES"/>
                <Response code="FUNCTIONALITY_NOT_SUPPORTED"
    description="Functionality not supported"/>
                <Response code="TARGET_SERVER_NAME_MISSING" description="Target
    server name is missing"/>
                <Response code="TARGET_SERVER_NAME_STARTSWITH_A"
    description="Target server name starts with A, from XML"/>
                <Response code="PROBLEM_WHILE_INITIALIZAING" description="Problem
    occured while intializing Provider instance"/>
             </Configuration>
          </ProvTransportProvider>
       </Provisioning>
    </Provider></Provider></completeXml></GTCProvider>
     
    <GTCProvider
    repo-type="MDS" name="PrepareDataHMap" mds-path="/db/GTC/ProviderDefinitions"
    mds-file="PrepareDataHMapProvFormat.xml"><completeXml><Provider><Provider>
       <Provisioning>
          <ProvFormatProvider class="provisioningFormatProvider.PrepareDataHMap"
    name="PrepareDataHMap">
             <Configuration>
                <DefaultAttribute datatype="String" name="testField" size="40"
    encrypted="NO"/>
                <Response code="INCORRECT_PROCESS_DATA" description="Incorrect
    process data received from GTC provisioning framework"/>
                <Response code="PROCESSING_ISSUE" description="Processing issue
    in Preparing provisioning input, check logs"/>
             </Configuration>
          </ProvFormatProvider>
       </Provisioning>
    </Provider></Provider></completeXml></GTCProvider>
     
    <GTCProvider
    repo-type="MDS" name="IsValidOrgInOIM" mds-path="/db/GTC/ProviderDefinitions"
    mds-file="IsValidOrgInOIM.xml"><completeXml><Provider><Provider>
       <Validation>
          <ValidationProvider class="validationProvider.IsValidOrgInOIM"
    name="IsValidOrgInOIM">
             <Configuration>
                <Parameter datatype="String" name="maxOrgSize"/>
             </Configuration>
          </ValidationProvider>
       </Validation>
    </Provider></Provider></completeXml></GTCProvider>
     
    <GTCProvider
    repo-type="MDS" name="ConvertToUpperCase"
    mds-path="/db/GTC/ProviderDefinitions"
    mds-file="ConvertToUpperCase.xml"><completeXml><Provider><Provider>
       <Transformation>
          <TransformationProvider
    class="transformationProvider.ConvertToUpperCase" name="ConvertToUpperCase">
             <Configuration>
                <Parameter type="Runtime" datatype="String" required="YES"
    encrypted="NO" name="Input"/>
                <Response code="errorRespNullInput" description="Input String is
    Missing"/>
             </Configuration>
          </TransformationProvider>
       </Transformation>
    </Provider></Provider></completeXml></GTCProvider>
    
  3. Separate the removed XML content based on the <GTCProvier> tags. The following is an example of the first <GTCProvider> tag:

    <GTCProvider repo-type="MDS" name="InsertIntoTargetList"
    mds-path="/db/GTC/ProviderDefinitions"
    mds-file="InsertIntoTargetListProvTransport.xml"><completeXml><Provider><Provi
    der>
       <Provisioning>
          <ProvTransportProvider
    class="provisioningTransportProvider.InsertIntoTargetList"
    name="InsertIntoTargetList">
             <Configuration>
                <Parameter datatype="String" name="targetServerName"
    type="Runtime" encrypted="NO" required="YES"/>
                <Response code="FUNCTIONALITY_NOT_SUPPORTED"
    description="Functionality not supported"/>
                <Response code="TARGET_SERVER_NAME_MISSING" description="Target
    server name is missing"/>
                <Response code="TARGET_SERVER_NAME_STARTSWITH_A"
    description="Target server name starts with A, from XML"/>
                <Response code="PROBLEM_WHILE_INITIALIZAING" description="Problem
    occured while intializing Provider instance"/>
             </Configuration>
          </ProvTransportProvider>
       </Provisioning>
    </Provider></Provider></completeXml></GTCProvider>
    Resultant xml after removal of tags surronding inner <Provider> tag:
    <Provider>
       <Provisioning>
          <ProvTransportProvider
    class="provisioningTransportProvider.InsertIntoTargetList"
    name="InsertIntoTargetList">
             <Configuration>
                <Parameter datatype="String" name="targetServerName"
    type="Runtime" encrypted="NO" required="YES"/>
                <Response code="FUNCTIONALITY_NOT_SUPPORTED"
    description="Functionality not supported"/>
                <Response code="TARGET_SERVER_NAME_MISSING" description="Target
    server name is missing"/>
                <Response code="TARGET_SERVER_NAME_STARTSWITH_A"
    description="Target server name starts with A, from XML"/>
                <Response code="PROBLEM_WHILE_INITIALIZAING" description="Problem
    occured while intializing Provider instance"/>
             </Configuration>
          </ProvTransportProvider>
       </Provisioning>
    </Provider>
    
  4. From the removed <GTCProvider> tags, remove everything surrounding the inner <Provider> tag. In other words, keep the content inside the inner <Provider> tag. For each <Provider> tag, create a separate XML file. This results in multiple XML files with each <Provider> tag as the root element.

    The following is the resultant XML content after removal of tags surrounding the inner <Provider> tag:

    <Provider>
       <Provisioning>
          <ProvTransportProvider
    class="provisioningTransportProvider.InsertIntoTargetList" name="InsertIntoTargetList">
             <Configuration>
                <Parameter datatype="String" name="targetServerName" type="Runtime" encrypted="NO" required="YES"/>
                <Response code="FUNCTIONALITY_NOT_SUPPORTED" description="Functionality not supported"/>
                <Response code="TARGET_SERVER_NAME_MISSING" description="Target server name is missing"/>
                <Response code="TARGET_SERVER_NAME_STARTSWITH_A" description="Target server name starts with A, from XML"/>
                <Response code="PROBLEM_WHILE_INITIALIZAING" description="Problem occured while intializing Provider instance"/>
             </Configuration>
          </ProvTransportProvider>
       </Provisioning>
    </Provider>
    
  5. Name the resultant XML files, which have the <Provider> tag as the root element, with the mds-file attribute value from the <GTCProvider> tag. For example, name the first XML file with the first <GTCProvider> tag as InsertIntoTargetListProvTransport.xml. The file name must be the value of the mds-file attribute.

  6. Similarly, create other GTC provider XML files. There must be one XML file for each <GTCProvider> tag.

  7. Import the GTC Provider XML files by using the MDS utility.

32.2.81 Encrypted User-Defined Field (UDF) Cannot be Stored with Size of 4000 Characters or More

An encrypted UDF cannot be stored with size of 4000 characters or more. This is because encryption automatically increases the column width by 1.5 times approximately, and the size of the attribute exceeds the maximum allowable width of 4000. As a result, the UDF is automatically type-promoted to a CLOB data type. Oracle Identity Manager 11g Release 1 (11.1.1) does not intercept this as an exception and might subsequently show errors. This is likely to be addressed in the next patch release.

However, an encrypted attribute that does not exceed the final width of 4000 characters can be stored. The specified width must factor in the increment of 1.5 times, which means that it must not exceed approximately 2500 characters.

32.2.82 Request Approval Fails With Callback Service Failure

In an environment where SSL is enabled in the OAAM server but not in Oracle Identity Manager and SOA server, when you create a request, the request-level approval is successful on the SOA side, but the operational-level approval is not displayed anywhere in the UI. When the SOA composite that provides approval workflow for the Oracle Identity Manager request tries to invoke the request callback Web service to indicate whether the workflow is approved or rejected, the Web service invocation fails with the following error:

Unable to dispatch request to
http://slc402354.mycompany.com:14000/workflowservice/CallbackService due to exception[[
javax.xml.ws.WebServiceException:
oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid: WSM-06162
PolicyReference The policy referenced by URI
"oracle/wss11_saml_token_with_message_protection_client_policy" could not be
retrieved as connection to Policy Manager cannot be established at
"t3s://slc402354:14301" due to invalid configuration or inactive state.

The error indicates that OWSM is not able to connect to the Policy Manager on the specified port. This port is for the OAAM server in SSL mode, which is shut down. The issue occurs because SSL is enabled in the OAAM server but not on Oracle Identity Manager and SOA server, and the Policy Manager is also targeted on that server. If there is an SSL-enabled Policy Manager, then OWSM does not use the non-SSL ports anymore. In this setup, SSL is enabled only for OAAM and not for others. Therefore, the only usable WSM Policy Manager is on OAAM. Because the OAAM server is down, the connection to the Policy Manager is not established, and as a result, the call fails.

To workaround this issue, start the OAAM server and then create the request.


Note:

This issue does not occur if:

  • OAAM server is not SSL-enabled.

  • SSL is enabled on any other server that is up and running, such as Oracle Identity Manager or SOA server.


32.2.83 Localized Display Name is Not Reconciled Via User/Role Incremental Reconciliation with iPlanet Directory Server

In an Oracle Identity Manager deployment with LDAP synchronization enabled in which iPlanet is the directory server, the following issues occur:

  • The localized Display Name is not reconciled into Oracle Identity Manager via user/role incremental reconciliation.

  • The localized value of the Display Name attribute is returned to Oracle Identity Manager, but the original base value of Display Name is lost and is replaced by the localized value that is received from iPlanet.

32.2.84 LDAP Role Hierarchy and Role Membership Reconciliation With Non-ASCII Characters Does Not Reconcile Changes in Oracle Identity Manager

LDAP role hierarchy and role membership reconciliation jobs with non-ASCII characters do not bring in role hierarchy and role membership changes into Oracle Identity Manager. This issue is applicable to incremental reconciliation only.

32.2.85 Import of Objects Fails When All Objects Are Selected for Export

In an upgraded environment of Oracle Identity Manager 11g Release 1 (11.1.1), the import of objects can fail when you select the Select All option to export the objects. When you select all the objects to be exported, the corresponding XML file grows in size. If it exceeds 2.5 million records, then it does not remain valid. As a result, the import fails. However, selecting all objects works if the data is small and the generated XML file does not exceed 2.5 million records.

To workaround this issue, select the objects to be exported in smaller logical units. For example, if there are 20 resource objects in the system, then select four or five resource objects with all dependencies and children objects in a XML file, and export. Then select another five resource objects into a new XML file. Similarly, for all other objects, such as GTC or adapters, export in small logical units in separate XML files. Examples of logical unit grouping are:

  • Resource objects, process definition forms, adapters, IT resources, lookup definitions, and roles

  • Organizations, attestation, and password policies

  • Access policies and rules

  • GTC and resource objects

32.2.86 Benign Audit Errors Logged After Upgrade

After upgrading from Oracle Identity Manager Release 9.1.0 to 11g Release 1 (11.1.1), audit errors are logged. An example of such an audit error is:

IAM-0050001
oracle.iam.platform.async.TaskExecutionException: java.lang.Exception: Audit
handler failed
at com.thortech.xl.audit.engine.jms.XLAuditMessage.execute(XLAuditMessage.java:59)

These errors are benign and can be ignored because there is no loss of functionality.

32.2.87 Connector Upgrade Fails if Existing Data is Bigger in Size Than New Column Length

In the current release of some connectors, the sizes of some process form fields have been reduced. For example, the length of the UD_ADUSER_MNAME field in the Microsoft Active Directory connector release 9.1.1.5 has been reduced to 6 characters from 80 characters in release 9.0.4.16 of the connector. The length of the existing data in these columns or fields are already bigger in size than the new column length. As a result, the connector upgrade fails, and the following error is logged:

<Apr 16, 2011 4:52:37 PM GMT+05:30> <Error> <XELLERATE.DATABASE> <BEA-000000>
<ALTER TABLE UD_ADUSER MODIFY UD_ADUSER_MNAME VARCHAR2(6) java.sql.SQLException: ORA-01441: cannot decrease column length because some value is too big

To workaround this issue:

  1. Make sure that you create a backup of the database.

  2. Restore the backed up database.

  3. Check the logs to locate the 'ORA-01441: cannot decrease column length because some value is too big' exception. Note the form field name, such as UD_ADUSER_MNAME.

  4. Open the Deployment Manager XML file that you are using for upgrade. Search for the form field in the <SDC_SQL_LENGTH> tag, and change the length to the base version length. You can get the base version length in the Deployment Manager XML of the base connector.

  5. Retry the upgrade.

32.2.88 Connector Artifacts Count Increases in the Deployment Manager When File is Not Imported

When you upgrade a connector, map the connector artifacts between the base and latest versions, select the connector objects to be upgraded, and exit the upgrade without importing the objects by using the Deployment Manager, the connector artifacts count in the left panel displays more than the actual count. When this process is repeated, the artifacts count continues increasing. This is a known issue, and there is no loss of functionality.

32.2.89 Uploading JAR Files By Using the Upload JAR Utility Fails

When SSL is enabled for Oracle Identity Manager, uploading the JAR files by using the Upload JAR utility fails with the following error:

Error occurred in performing the operation:
Exception in thread "main" java.lang.NullPointerException at oracle.iam.platformservice.utils.JarUploadUtility.main(JarUploadUtility.java:229)

With SSL enabled in Oracle Identity Manager, the server URL must contain the exact host name or IP address. If localhost is used as the host name, then the error is generated.

To workaround this issue, use the exact server URL.

32.2.90 Oracle Identity Manager Data and MT Upgrade Fails Because Change of Database User Password

If you are NOT upgrading the original Oracle Identity Manager Release 9.x database, but choose to export/import to a new database, then you must make sure that the database connection setting, schema name, and password in the OIM_HOME/xellerate/config/xlconfig.xml file used for the upgrade is correct.

To workaround this issue, change the Oracle Identity Manager database information in the xlconfig.xml file. You must create a backup of this file before updating it. To update the file with the new database information, modify the information of the loaction where the database has been imported in the <URL>, <username>, and <Password ...> tags, as shown:

<DirectDB>
<driver>oracle.jdbc.driver.OracleDriver</driver>
<url>jdbc:oracle:thin:@localhost:1522:oimdb</url>
<username>oimadm</username>
<password encrypted="false"><NEW_PASSWORD_FOR_OIM_DB_USER></password>
<maxconnections>5</maxconnections>
<idletimeout>360</idletimeout>
<checkouttimeout>1200</checkouttimeout>
<maxcheckout>1000</maxcheckout>
</DirectDB>

32.2.91 Reverting Unsaved UDFs Are Not Supported in the Administration Details Page for Roles and Organizations

The Administration Details pages for roles and organizations in the Administrative and User Console do not support reverting unsaved UDF attribute values. Therefore, if you modify the UDF attribute values for a role or organization and then do not want to save the changes to these attributes, then perform one of the following:

  • Close the tab with the modified role or organization. A warning message is displayed asking if you want to continue. Clicking Yes cancels all unsaved changes.

  • You can manually edit the modified attributes to their original state. Saving the entity applies any other desired changes made.

32.2.92 Resources Provisioned to User Without Checking Changes in User Status After Request is Submitted

After submission of a request, if the user associated with the request, such as beneficiary, requester, or approver, is disabled or deleted, then the resources are provisioned to the user without checking for user status, such as Disabled or Deleted, after the request is approved.

32.2.93 Starting UCP Connection Pool Fails When Trying to Create User on 64-Bit Microsoft Windows With JDK 6

CRUD operations on Microsoft Windows 64-bit platform using JDK 6 fails in Non Input Output (NIO) mode. This is because of a limitation in JDK 6 to support IPv6 stack in Microsoft Windows Vista 2008. This support is added in JDK 7 since Build b36. With JDK 7, it works in OVD NIO mode.

To workaround this issue:

  1. In the OVD server, turn off NIO mode. To do so:

    1. Open the OracleInstance/config/OVD/ovd1/listeners.os_xml file.

    2. Add <useNIO>false</useNIO> at the following location:

      <ldap id="LDAP Endpoint" version="0">
          <port>6501</port>
          ...
          <socketOptions>
              ...
          </socketOptions>
          <useNIO>false</useNIO>
      </ldap>
      
    3. Save the listeners.os_xml file.

  2. Restart the OVD server.

32.2.94 Config.sh Command Fails When JRockit is Installed With Data Samples and Source

When you install jrockit-jdk1.6.0_24-R28.1.3-4.0.1-linux-x64.bin with demo samples and source, and install Oracle WebLogic Server using wls1035_generic.jar on a Linux 64-bit computer, and run Oracle Identity Manager configuration wizard by running the config.sh command from the $ORACLE_HOME/bin/ directory, the Oracle universal installer does not start and the following error message is displayed:

config.sh: line 162:  9855 Segmentation fault $INSTALLER_DIR/runInstaller-weblogicConfig ORACLE_HOME="$ORACLE_HOME" -invPtrLoc$ORACLE_HOME/oraInst.loc -oneclick $COMMANDLINE -Doracle.config.mode=true

32.2.95 Unexpected Memory Usage in Oracle Identity Manager 11g Release 1(11.1.1)

On running scheduled tasks that perform user orchestration in bulk, such as EndDateSchedulerTask and StartDateSchedulerTask, Oracle Identity Manager 11g Release 1 (11.1.1) might consume large memory space. This can cause Out of Memory issues.

This is a known issue, and a workaround is not available for this in the current release.

32.2.96 Reports Link No Longer Exists in the Administrative and User Console

Under the Administration tab of the Advanced Administration in the Administrative and User Console, the Reports link to generate BI Publisher Reports has been removed, even though BIP has been selected while installing Oracle Identity Manager.

32.2.97 Not Allowing to Delete a Role Whose Assigned User Members are Deleted

If the user members of a role have been deleted before revoking the role memberships, then the role cannot be deleted. Therefore, you must revoke the user role memberships that have been explicitly assigned before deleting the user.

32.2.98 Roles and Organizations Do Not Support String UDFs of Password Type

Creating a String UDF of password type for roles and organizations is not supported. If you try to create such a UDF, then the Administrative and User Console does not allow you create roles and organizations.

32.2.99 Error on Importing Connector By Using the Deployment Manager

If you export a connector from a Oracle Identity Manager deployment to another deployment by using the Deployment Manager, then an error similar to the following might be generated:

[ERROR] [] [XELLERATE.WEBAPP]
[tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: xelsysadm] [ecid:
f9e72ab2a292a346:-421e2bf0:12f77f65b9a:-8000-0000000000000174,0] [APP:
oim#11.1.1.3.0] Class/Method: LoadDeploymentUtility/importSelected encounter
some problems: oracle.iam.reconciliation.exception.ConfigException: Profile
:AD User Trusted InvalidAttributes : [ObjectGUID][[
com.thortech.xl.ddm.exception.DDMException:
oracle.iam.reconciliation.exception.ConfigException: Profile :AD User Trusted
InvalidAttributes : [ObjectGUID]
at
com.thortech.xl.ejb.beansimpl.tcImportOperationsBean.performImport(tcImportOpe
.
rationsBean.java:1199)

This problem is because of the missing dependencies of UDFs created on the user entity. To avoid this problem, perform any one of the following:

  • Manually create the UDFs in the system before importing the connector XMLs.

  • Export the user meta data through the Deployment Manager and import it in the target environment. This bring in all the UDFs created on the user entity. However, if the requirement confines to some specific UDFs or if it is not desirable to have all the UDFs in the target system, then create the required UDFs manually.

32.2.100 Manage Localizations Dialog Box Does Not Open After Modifying Roles

After a role is modified, the Manage Localizations dialog box is not opening on clicking the Manage Localizations button in the role details page.

To open the Manage Localizations dialog box after modifying a role, close the role details page and open it again.

32.2.101 Not Allowing to Create User With Language-Specific Display Name Values

In an Oracle Identity Manager deployment with Microsoft Active Directory (AD) as the LDAP server, localized display name values are supported when you specify the oimLanguage parameter values in the UserManagement plugin adapter for AD via OVD. However, a user cannot be created when a language-specific value for the Display Name attribute is specified in Canadian French or Latin American Spanish, even if these languages have been specified in oimLanguage. In addition, when you create a user without language-specific Display Name, and then modify the user to add Canadian French or Latin American Spanish Display Name values, the same issue persists.

32.2.102 SoD Check Results Not Displayed for Requests Created by Users for the PeopleSoft Resource

SoD check results are not displayed for the requests created by users for the PeopleSoft (PSFT) resource.

To workaround this issue:

  1. Open the PSFT connector XML file.

  2. Under the <ITResource name = "PSFT Server"> tag, add the following:

    <ITResourceAdministrator>
        <SUG_READ>1</SUG_READ>
        <SUG_UPDATE>1296129050000</SUG_UPDATE>
        <UGP_KEY UserGroup = "ALL USERS"/>
    </ITResourceAdministrator>
    
  3. Save the PSFT connector XML file.

  4. Manually add or assign the ALL USERS role with Read permission to the PSFT Server IT resource.

32.2.103 The XL.UnlockAfter System Property and the Automatically Unlock User Scheduled Job Do Not Take Effect

The XL.UnlockAfter system property determines the unlock time for the locked user accounts after the specified time. If the user account is locked because of the maximum login attempt failure with invalid credentials, then the account is automatically unlocked after the time (in minutes) as configured in the XL.UnlockAfter system property. By default, the value of this system property is 0, which implies that the locked user is never unlocked automatically.

The Automatically Unlock User scheduled job is responsible for unlocking such users. This scheduled job is configured to run after every 24 hours (1 day).

Therefore, even after the maximum time of Oracle WebLogic lockout threshold and expiry of the time specified for the XL.UnlockAfter system property, the locked users might not be able to login unless the Automatically Unlock User scheduled job is run.

If you are changing the default value of the XL.UnlockAfter system property, then it is recommended to change the frequency of the Automatically Unlock User scheduled task so that both the values are in sync. This ensures that the scheduled task gets triggered at the appropriate interval, and the users are unlocked successfully and are able to login in to Oracle Identity Manager.

32.2.104 Resetting Password on Account Lockout Does Not Unlock User

In a Oracle Identity Manager deployment with LDAP synchronization enabled and integrated with Oracle Access Manager (OAM), a user is locked on entering incorrect password more than the maximum allowed limit. However, the user is not allowed to unlock by resetting the password until after reconciliation is run.

32.2.105 Starting Oracle Identity Manager and SOA Server on Some 64-bit Microsoft Windows Computers for the First Time Takes Time

On some Microsoft Windows 64-bit computers, it is observed that Oracle Identity Manager and SOA Server take more than an hour to start for the first time. However, do not stop the managed servers while this process is going on. After the first start, subsequent restarts do not take the extended time.

32.2.106 Incremental and Full Reconciliation Jobs Cannot Be Run Together

Both incremental and full reconciliation jobs cannot be run at the same time. Incremental reconciliation jobs are enabled and run in periodic intervals of 5 minutes. At the same time, when full reconciliation job is run, an error is generated.

To workaround this issue, if full reconciliation needs to be run, then disable the incremental reconciliation jobs before running the full reconciliation jobs. After full reconciliation completes successfully, re-enable the incremental reconciliation jobs.

32.2.107 Incorrect Content in the ScheduleTask Jars Loaded and Third Party Jars Tables in the MT Upgrade Report

When Oracle Identity Manager release 9.1.x is upgraded to Oracle Identity Manager 11g Release 1 (11.1.1), the contents of the ScheduleTask Jars Loaded and Third Party Jars tables in the CRBUpgradeReport.html page generated by MT upgrade are not correct. The original scheduled task JARs are not displayed in the ScheduleTask Jars Loaded table. Therefore, you must run the SQL query query to know the scheduled task JARs. In addition, the third-party JARs are incorrectly placed in the ScheduleTask Jars Loaded table.

However, this does not result in any loss of functionality.

32.2.108 Scroll Bar Not Available on the Select Connector Objects to Be Upgraded Page of the Connector Management - Upgrading Wizard

If the Connector Management - Upgrading wizard is opened by using Microsoft Internet Explorer, then all the fields and buttons on the Step 13: Select Connector Objects to Be Upgraded page might not be visible. There is no scroll bar available in this page. Therefore, maximize the window to display all the controls in the page.

32.2.109 Adapter Import Might Display Adapter Logic if Compilation Fails Because of Incorrect Data

If you import a process task adapter by using the Design Console and the adapter compilation fails because of incorrect data, then the error displays the entire code for the adapter.

This is a known issue, and a workaround is not available for this in the current release.

32.2.110 XIMDD Tests Fail in Oracle Identity Manager

After you deploy the Diagnostic Dashboard in Oracle Identity Manager, failures are encountered when you perform the following tests:

  • Test OWSM setup by submitting a request with OWSM header information

  • Test SPML to Oracle Identity Manager request invocation

The failures might occur because the Diagnostic Dashboard is not capable of performing tests when the wss1_saml_or_username_token_policy is attached to the SPML XSD Web services.

To workaround this issue, set the Web service to use the XIMDD supported policy. To configure the policies for the SPML XSD Web service:

  1. Login to Fusion Middleware Control.

  2. Navigate to Application Deployments, spml-xsd.

  3. For a clustered deployment of Oracle Identity Manager, expand and select a node.

  4. From the Application Deployment menu, select Web Services.

  5. Click the Web Service Endpoint tab, and then click the SPMLServiceProviderSOAP link.

  6. Click the Policies tab, and then click Attach/Detach.

  7. Detach the default policy: oracle/wss11_saml_or_username_token_with_message_protection_service_policy.

  8. Under Available Policies, select oracle/wss_username_token_service_policy. Otherwise, select the SSL version of the same policy if SSL is in use.

  9. Click Attach, and then click OK.

  10. For a clustered deployment of Oracle Identity Manager, repeat step 3 through step 9 for each managed node listed for SPML XSD.

  11. Restart the application servers.

32.3 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

32.3.1 Configuring UDFs to be Searchable for Microsoft Active Directory Connectors

A Microsoft Active Directory connector installation automatically creates a UDF: USR_UDF_OBGUID. When you add a new user-defined field (UDF), the "searchable" property will be false by default unless you provide a value for that property. After installing an Active Directory connector, you must perform the following steps to make the user-defined field searchable:

  1. Using the Advanced Administration console (user interface), change the "searchable" UDF property to true by performing the following steps:

    1. Click the Advanced tab.

    2. Select User Configuration and then User Attributes.

    3. Modify the USR_UDF_OBGUID attribute in the Custom Attributes section by changing the "searchable" property to true.

  2. Using the Identity Administration console (user interface), create a new Oracle Entitlement Server policy that allows searching the UDF by performing the following steps:

    1. Click the Administration tab and open the Create Authorization policy.

    2. Enter a Policy Name, Description, and Entity Name as User Management.

    3. Select Permission, then View User Details, and then Search User.

    4. Edit the Attributes for View User Details and select all of the attributes.

    5. Select the SYSTEM ADMINSTRATOR role name.

    6. Click Finish.

32.3.2 Creating or Modifying Role Names When LDAP Synchronization is Enabled

When LDAP synchronization is enabled and you attempt to create or modify a role, entering a role name comprised of approximately 1,000 characters prevents the role from being created or modified and causes a Decoding Error to appear. To work around this issue, use role names comprised of fewer characters.

32.3.3 ADF Issue Causes Oracle Identity Manager to Fail on the Sun JDK

Due to an ADF issue, using the Oracle Identity Manager application with the Sun JDK causes a StringIndexOutOfBoundsException error. To work around this issue, add the following option to the DOMAIN_HOME/bin/setSOADomainEnv.sh or the setSOADomainEnv.cmd file:

  1. Open the DOMAIN_HOME/bin/setSOADomainEnv.sh or setSOADomainEnv.cmd file.

  2. Add the -XX:-UseSSE42Intrinsics line to the JVM options.

  3. Save the setSOADomainEnv.sh or setSOADomainEnv.cmd file.


    Note:

    This error does not occur when you use JRockit.


32.3.4 Nexaweb Applet Does Not Load In an Oracle Identity Manager and Oracle Access Manager Integrated Environment

In an Oracle Identity Manager and Oracle Access Manager (OAM) integrated environment, when you login to the Oracle Identity Manager Administrative and User Console and click a link that opens the Nexaweb applet, the applet does not load.

To workaround this issue, configure loading of the NexaWeb Applet in an Oracle Identity Manager and OAM integrated environment. To do so:

  1. Login to the Oracle Access Manager Console.

  2. Create a new Webgate ID. To do so:

    1. Click the System Configuration tab.

    2. Click 10Webgates, and then click the Create icon.

    3. Specify values for the following attributes:

      Name: NAME_OF_NEW_WEBGATE_ID

      Access Client Password: PASSWORD_FOR_ACCESSING_CLIENT

      Host Identifier: IDMDomain

    4. Click Apply.

    5. Edit the Webgate ID, as shown:

      set 'Logout URL' = /oamsso/logout.html

    6. Deselect the Deny On Not Protected checkbox.

  3. Install a second Oracle HTTP Server (OHS) and Webgate. During Webgate configurations, when prompted for Webgate ID and password, use the Webgate ID name and password for the second Webgate that you provided in step 2c.

  4. Login to the Oracle Access Manager Console. In the Policy Configuration tab, expand Application Domains, and open IdMDomainAgent.

  5. Expand Authentication Policies, and open Public Policy. Remove the following URLs in the Resources tab:

    /xlWebApp/.../*

    /xlWebApp

    /Nexaweb/.../*

    /Nexaweb

  6. Expand Authorization Policies, and open Protected Resource Policy. Remove the following URLs in the Resources tab:

    /xlWebApp/.../*

    /xlWebApp

    /Nexaweb/.../*

    /Nexaweb

  7. Restart all the servers.

  8. Update the obAccessClient.xml file in the second Webgate. To do so:

    1. Create a backup of the SECOND_WEBGATE_HOME/access/oblix/lib/ObAccessClient.xml file.

    2. Open the DOMAIN_HOME/output/WEBGATE_ID_FOR_SECOND_WEBGATE/ObAccessClient.xml file.


      Note:

      Ensure that the DenyOnNotProtected parameter is set to 0.


    3. Copy the DOMAIN_HOME/output/WEBGATE_ID_FOR_SECOND_WEBGATE/ObAccessClient.xml file to the SECOND_WEBGATE_HOME/access/oblix/lib/ directory.

  9. Copy the mod_wls_ohs.conf from the FIRST_OHS_INSTANCE_HOME/config/OHS_NAME/directory to the SECOND_OHS_INSTANCE_HOME/config/OHS_NAME/ directory. Then, open the mod_wls_host.conf of the second OHS to ensure the WebLogicHost and WeblogicPort are still pointing to Oracle Identity Manager managed server host and port.

  10. Remove or comment out the following lines in the SECOND_OHS_INSTANCE_HOME/config/OHS_NAME/httpd.conf file:

    <LocationMatch "/oamsso/*">
       Satisfy any
    </LocationMatch>
    
  11. Copy the logout.html file from the FIRST_WEBGATE_HOME/access/oamsso/ directory to the SECOND_WEBGATE_HOME/access/oamsso/ directory. Then, open the logout.html file of the second Webgate to ensure that the host and port setting of the SERVER_LOGOUTURL variable are pointing to the correct OAM host and port.

  12. Login to Oracle Access Manager Console. In the Policy Configuration tab, expand Host Identifiers, and open the host identifier that has the same name as the second Webgate ID name. In the Operations section, verify that the host and port for the second OHS are listed. If not, then click the add icon (+ sign) to add them. Then, click Apply.

  13. Use the second OHS host and port in the URL for the OAM login page for Oracle Identity Manager. The URL must be in the following format:

    http://SECOND_OHS_HOST:SECOND_OHS_PORT/admin/faces/pages/Admin.jspx

32.3.5 Packing a Domain With managed=false Option

When a domain is packed with the managed=false option and unpacked on the another computer, Oracle Identity Manager Authentication Provider is not recognized by WebLogic and basic administrator authentication fails when the Oracle Identity Manager managed server is started.

The following workaround can be applied for performing successful authentication via Oracle Identity Manager Authentication Provider:

  1. Login in to the Oracle WebLogic Administrative Console by using the following URL:

    http://HOST_NAME:ADMIN_PORT/console

  2. Navigate to Security Realms, Realm(myrealm), and then to Providers.

  3. Delete OIMAuthenticationProvider.


    Note:

    Make sure that you note the provider-specific details, such as the database URL, password, and driver, before deleting the provider.


  4. Restart the WebLogic Administrative Server.

  5. Navigate to Security Realms, Realm(myrealm), and then to Providers.

  6. Create a new Authentication Provider of type OIMAuthenticationProvider.

  7. Enter the provider specific details and mark the control flag as SUFFICIENT.

  8. Restart the WebLogic Administrative Server.

  9. Restart Oracle Identity Manager and other servers, if any.

32.3.6 Option Not Available to Specify if Design Console is SSL-Enabled

While configuring Oracle Identity Manager Design Console, you cannot specify if Design Console is SSL-enabled.

To workaround this issue after installing Oracle Identity Manager Design Console, edit the OIM_HOME/designconsole/config/xlconfig.xml file to change the protocol in the Oracle Identity Manager URL from t3 to t3s.

32.3.7 Nexaweb Applet Does Not Load in JDK 1.6.0_20

Deployment Manager and Workflow Visualizer might not work if the client browser has JDK/JRE installed on it whose version is 1.6.0_20. To workaround this issue, uninstall the JDK/JRE version 1.6.0_20 from the client browser and reinstall the JDK/JRE version 1.6.0_15.

32.3.8 Error is Generated on Starting Servers With Sun JDK 160_24 (32-bit) on Microsoft Windows 2008

When you install Oracle WebLogic Server (64-bit), Oracle Identity Manager, and SOA Server, and select Sun JDK 160_24 (32-bit) on Microsoft Windows 2008, an out-of-memory error is generated on starting the SOA Server and Oracle Identity Manager.

To workaround this issue, add -XX:-DoEscapeAnalysis. For example:

set USER_MEM_ARGS=-Xms512m -Xmx1024m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m -XX:-DoEscapeAnalysis

32.3.9 Oracle Identity Manager and Design Console Must be Installed in Different Directory Paths

Oracle recommends to install Oracle Identity Manager and the Design Console in different directory paths.

32.3.10 Error on Adding Organization to User in Windows Explorer 8

In Microsoft Windows Internet Explorer 8 web browser, when you find and select an organization in the popup window from the Create User page, clicking the Add button displays the following error:

popup is null or not an object

To workaround this issue, make sure that the Display a notification about every script error option is not selected in the Advanced tab of the Internet Options dialog box.

32.4 Multi-Language Support Issues and Limitations

This section describes multi-language issues and limitations. It includes the following topics:

32.4.1 Multi-language Valued Attributes in SPML and Oracle Identity Manager Do Not Match

Oracle Identity Manager supports only the Display Name attribute for multi-language values. SPML specifies additional attributes, such as commonName and surname, as multi-language valued in the PSO schema. When multiple locale-values are specified in an SPML request for one of these attributes, only a single value is picked and passed to Oracle Identity Manager. The request will not fail and a warning message identifying the attributes and the value that was passed to Oracle Identity Manager is provided in the response.

32.4.2 Login Names with Some Special Characters May Fail to Register

In Oracle Identity Manager, the user login name is case-insensitive. When a user is created, the login name is converted to upper case and saved in the database. But the password is always case-sensitive. However, some special characters may encounter an error while registering to Oracle Identity Manager:

  • Both the Greek characters &#963; (sigma) and &#962; (final sigma) maps to the &#931; character.

  • Both English character i and Turkish character &#305; maps to the I character.

  • Both German character ß and English string SS maps to the SS string.

This means that two user login names containing these special characters when the other characters in the login names are same cannot be created. For example, the user login names Johnß and JohnSS maps to the same user login name. If Johnß already exists, then creation of JohnSS is not allowed because both the ß character and the SS string maps to the SS string.

32.4.3 The Create Role, Modify Role, and Delete Role Request Templates are Not Available for Selection in the Request Templates List

The Create Role, Modify Role, and Delete Role request templates are not available in the Request Templates list of the Create Request wizard. This is because request creation by using any request template that are based on the Create Role, Modify Role, and Delete Role request models are supported from the APIs, but not in the UI. However, you can search for these request templates in the Request Templates tab. In addition, the Create Role, Modify Role, and Delete Role request models can be used to create approval policies and new request templates.

32.4.4 Parameter Names and Values for Scheduled Jobs are Not Translated

In the Create Job page of Oracle Identity Manager Advanced Administration, the fields in the Parameter section and their values are not translated. The parameter field names and values are available only in English.

32.4.5 Bidirectional Issues for Legacy User Interface

The following are known issues in the legacy user interface, also known as TransUI, contained in the xlWebApp war file:

  • Hebrew bidirectional is not supported

  • Workflow designer bidirectional is not supported for Arabic and Hebrew

32.4.6 Localization of Role Names, Role Categories, and Role Descriptions Not Supported

Localization of role names, categories, and descriptions is not supported in this release.

32.4.7 Localization of Task Names in Provisioning Task Table Not Supported

All Task Name values in the Provisioning Task table list are hard-coded and these pre-defined process task names are not localized.

32.4.8 Localization of Search Results of Scheduled Tasks Not Supported

When you search Scheduler Tasks using a Simple or Advanced search, the search results are not localized.

32.4.9 Searching for User Login Names Containing Certain Turkish Characters Causes an Error

On the Task Approval Search page, if you select "View Tasks Assigned To", then "Users You Manage", and then choose a user whose login name contains a Turkish Undotted "&#305" or a Turkish dotted "&#304" character, a User Not Found error will result.

32.4.10 Localization of Notification Template List Values for Available Data Not Supported

Localizing Notification Template Available Data list values is not supported in this release. Oracle Identity Manager depends upon the Velocity framework to merge tokens with actual values, and Velocity framework does not allow a space in token names.

32.4.11 Searching for Entity Names Containing German "ß" (Beta) Character Fails in Some Features

When you search for entity names containing the special German "ß" (beta) character from the Admin Console, the search fails in the following features:

  • System Configuration

  • Request Template

  • Approve Policy

  • Notification

In these features, the "ß" character matches to "ss" instead of itself. Consequently, the Search function cannot find entity names that contain the German beta character.

32.4.12 Special Asterisk (*) Character Not Supported

Although special characters are supported in Oracle Identity Manager, using the asterisk character (*) can cause some issues. You are advised not to use the asterisk character when creating or modifying user roles and organizations.

32.4.13 Translated Error Messages Are Not Displayed in UI

Oracle Identity Manager does not support custom resource bundles for Error Message display in user interfaces. Currently, there is no workaround for this issue.

32.4.14 Reconciliation Table Data Strings are Hard-coded on Reconciliation Event Detail Page

Some of the table data strings on the Reconciliation Event Detail page are hard-coded, customized field names. These strings are not localized.

32.4.15 Translated Password Policy Strings May Exceed the Limit in the Background Pane

Included as per bug# 9539501

The password policy help description may run beyond the colored box in some languages and when the string is too long. Currently, there is no workaround for this issue.

32.4.16 Date Format Validation Error in Bi-Directional Languages

When Job Detail page is opened in bi-directional languages, you cannot navigate away from this page because of "Date Format Validation Error". To work around this issue, select a value for the "Start Date" using the date-time control and then move to another page.

32.4.17 Mistranslation on the Create Job page

On the Japanese locale (LANG=ja_JP.UTF-8), "Fourth Wednesday" is mistranslated as "Fourth Friday" on the Create Job page when "Cron" is selected as the Schedule Type and "Monthly on given weekdays" is selected as the Recurring Interval.

32.4.18 E-mail Notification for Password Expiration Cannot Be Created With Arabic Language Setting

When the server locale is set to ar_AE.utf8 and values for user.language and user.region system properties are ar and AE respectively, if you create a pass word expiration warning e-mail notification in the Design Console, the value AE is not available for selection in the Region field. As a result, the email notification message cannot be created.

To workaround this issue:

  1. Open the Lookup Definitions form in the Design Console.

  2. Search for 'Global.Lookup.Region'.

  3. Add an entry with Code key and Decode value as 'AE'. You can now create an e-mail definition with language ar and region AE.

32.4.19 Translated Justification is Not Displayed in Access Policy-Based Resource Provisioning Request Detail

When an access policy with approval is created, it generates a resource provisioning request that is subject to approval. In the request details page in Self Service or Advanced Administration, the translated request justification according to the locale setting by the user is not displayed. The justification is displayed in the default server locale.

32.4.20 Additional Single Quotes Displayed in GTC Reconciliation Mapping Page for French UI

When you set the Oracle Identity Manager Administrative and User Console locale to French, select the Provisioning and Reconciliation checkboxes while creating a Generic Technology Connector (GTC), and map the reconciliation fields in the page for modifying mapping fields, a message is displayed with two single quotes. You can ignore the single quotes because this is benign and has no effect on functionality.

32.4.21 Not Allowing to Enter Design Console Password When Server Locale is Set to Simple Chinese, Traditional Chinese, Japanese, or Korean

When you set the server locale to Simple Chinese, Traditional Chinese, Japanese, or Korean, and start the Design Console, you are not allowed to enter the password to login to the Design Console.

To workaround this issue:

  1. Kill all scim processes. To do so, run the following command:

    kill `pgrep scim`
    
  2. Edit the scim config file. To do so:

    1. Search for the following line:

      /FrontEnd/X11/Dynamic = ......

    2. Enter true as the value, as shown:

      /FrontEnd/X11/Dynamic = true


      Note:

      If this line does not exist, then enter:

      /Frontend/X11/Dynamic = true


    3. Save the file.

  3. Log out of the VNC viewer.

  4. Restart the VNC server and log in again. You can now enter the password for the Design Console.

32.4.22 Bidirectional Text Not Supported in Nexaweb Pages

The Nexaweb pages that open from the Oracle Identity Manager Administrative and User Console do not support bidirectional text. For example, when you select any of the languages that are written from right to left, such as Arabic or Hebrew, and click Install Connector on the Welcome page, search for a connector, click Upgrade, and then proceed to step 13 of the Connector Upgrade wizard, the text in the page is not displayed from right to left.

32.4.23 Do Not Modify Oracle Identity Manager Predefined System Properties in Non-English Locale

When the user preference language for the Administrative and User Console is not English, and you update the value of a predefined system property in Oracle Identity Manager, translated property name and keyword are written in the PTY table. Therefore, on searching for system properties in the Administrative and User Console, this system property is not found.

32.4.24 Error Generated When Translated String for System Property Name Exceeds Maximum Allowed Length in PTY_NAME Column

When you try to set the value of a system property in a Western language UI, such as French, and if the translation string length exceeds the maximum allowed length, which is 80 characters, in the PTY_NAME column of the PTY table, then an error is generated.

32.4.25 Password Notification is Not Sent if User Login Contains Special Characters

For a user entity created with valid e-mail address in LDAP, if the User Login contains the German beta character, then the notification message is not sent on running LDAP user create/update full reconciliation.

32.4.26 Reset Password Fails if User Login Contains Lowercase Special Characters

In a Oracle Identity Manage deployment with LDAP synchronization enabled, if the User Login contains special characters such as Turkis dotted I, dotless i, German beta, and Greek sigma in lowercase format, then the reset password does not work.

To workaround this issue, use uppercase User Login to reset password because User Login is not case-sensitive in Oracle Identity Manager.

32.4.27 Email Notification Not Send Per Preferred Locale

When provisioning a resource to a user, the provisioned user and the user's manager receive the email notification in the locale as specified for user.language and user.country instead of their preferred locale.

32.4.28 Help Contents Displayed in English on Non-English Browsers

On non-English Web browsers, clicking the Help link on the top-right corner of the Oracle Identity Manager Self Service, Identity Administration, or Advanced Administration opens the help window, but always displays the on-line help contents in English.

32.5 Documentation Errata

Documentation Errata: Currently, there are no documentation issues to note.

PKFPK.V_E OEBPS/ha.htm Oracle Fusion Middleware High Availability and Enterprise Deployment

6 Oracle Fusion Middleware High Availability and Enterprise Deployment

This chapter describes issues associated with Oracle Fusion Middleware high availability and enterprise deployment. It includes the following topics:


Note:

This chapter contains issues you might encounter while configuring any of the any of the Oracle Fusion Middleware products for high availability or an enterprise deployment.

Be sure to review the product-specific release note chapters elsewhere in this document for any additional issues specific to the products you are using.


6.1 General Issues and Workarounds

This section describes general issue and workarounds. It includes the following topics:

6.1.1 Secure Resources in Application Tier

It is highly recommended that the application tier in the SOA Enterprise Deployment topology and the WebCenter Enterprise Deployment topology is protected against anonymous RMI connections. To prevent RMI access to the middle tier from outside the subset configured, follow the steps in "Configure connection filtering" in the Oracle WebLogic Server Administration Console Online Help. Execute all of the steps, except as noted in the following:

  1. Do not execute the substep for configuring the default connection filter. Execute the substep for configuring a custom connection filter.

  2. In the Connection Filter Rules field, add the rules that will allow all protocol access to servers from the middle tier subnet while allowing only http(s) access from outside the subnet, as shown in the following example:

    nnn.nnn.0.0/nnn.nnn.0.0  * * allow 
    0.0.0.0/0 * * allow t3 t3s 
    

6.1.2 Accessing Web Services Policies Page in Cold Failover Environment

In a Cold Failover Cluster (CFC) environment, the following exception is displayed when Web Services policies page is accessed in Fusion Middleware Control:

Unable to connect to Oracle WSM Policy Manager.
Cannot locate policy manager query/update service. Policy manager service
look up did not find a valid service.

To avoid this, implement one the following options:

  • Create virtual hostname aliased SSL certificate and add to the key store.

  • Add "-Dweblogic.security.SSL.ignoreHostnameVerification=true" to the JAVA_OPTIONS parameter in the startWeblogic.sh or startWeblogic.cmd files

6.1.3 Timeout Settings for SOA Request-Response Operations are Not Propagated in a Node Failure

In an active-active Oracle SOA cluster, when a node failure occurs, the timeout settings for request-response operations in receive activities are not propagated from one node to the other node or nodes. If a failure occurs in the server that scheduled these activities, they must be rescheduled with the scheduler upon server restart.

6.1.4 Very Intensive Uploads from I/PM to UCM May Require Use of IP-Based Filters in UCM Instead of Hostname-Based Filters

The "Adding the I/PM Server Listen Addresses to the List of Allowed Hosts in UCM" section in the Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Enterprise Content Management Suite and the "Adding the I/PM Server Listen Addresses to the List of Allowed Hosts in UCM" section in the Oracle Fusion Middleware High Availability Guide describe how to add hostname-based filters for Oracle I/PM managed server listen addresses to the list of allowed hosts in Oracle UCM.

When using hostname-based filters in Oracle UCM (config.cfg file) a high latency/performance impact may be observed in the system for very intensive uploads of documents from Oracle I/PM to Oracle UCM. This is caused by the reverse DNS lookup that is required in Oracle UCM to allow the connections from Oracle I/PM servers. Using hostname-based filters is recommended in preparation for configuring the system for Disaster Protection and to restore to a different host (since the configuration used is IP-agnostic when using hostname-based filters). However if the performance of the uploads needs to be improved, users can use instead IP-based filters. To do this:

  1. Edit the file /u01/app/oracle/admin/domainName/ucm_cluster/config/config.cfg and remove or comment out:

    SocketHostNameSecurityFilter=localhost|localhost.mydomain.com|ecmhost1vhn1|ecmhost2vhn1
    
    AlwaysReverseLookupForHost=Yes
    
  2. Add the IP addresses (listen address) of the WLS_IPM1 and WLS_IPM2 managed servers (ECMHOST1VHN1 and ECMHOST2VHN1, respectively) to the SocketHostAddressSecurityFilter parameter list as follows:

    SocketHostAddressSecurityFilter=127.0.0.1|0:0:0:0:0:0:0:1|X.X.X.X|Y.Y.Y.
    

    where X.X.X.X and Y.Y.Y.Y are the listen addresses of WLS_IPM1 and WLS_IPM2 respectively. Notice that 127.0.0.1 also needs to be added as shown above.

  3. Restart the UCM servers.

6.1.5 Use srvctl in 11.2 Oracle RAC Databases to Set Up AQ Notification and Server-side TAF

Because of a known issue in 11.2 Oracle RAC databases, it is required to use srvctl to set up AQ notification and server-side TAF. Using DBMS_SQL packages will not work as expected.

Here is an example use of srvctl:

srvctl modify service -d orcl -s orclSVC -e SELECT -m BASIC -w 5 -z 5 -q TRUE

In the example:

orcl - Database Name

orclSVC - Service Name used by middleware component

SELECT - Failover type

BASIC - Failover method

5 - Failover delay

5 - Failover retry

TRUE - AQ HA notifications set to TRUE

Please refer to the Oracle 11.2 Oracle database documentation for detailed information about this command usage.

6.1.6 Failover Is Not Seamless When Creating Reports in Oracle BI Publisher

If you create a report in Oracle BI Publisher, and a Managed Server is failed over before the report is saved, the failover might not be seamless. For example, when you attempt to save the report, the system might not be responsive.

If this occurs, click one of the header links, such as Home or Catalog, to be redirected to the Oracle BI Publisher login page. Then, log in and create and save the report again.

6.1.7 Cannot Save Agent When Oracle Business Intelligence Managed Server Fails Over

If you create an agent in the Oracle Business Intelligence Web interface, and a Managed Server fails over before you save the agent, an error occurs when you try to save the agent.

To work around this issue, log out, then log back in to Oracle Business Intelligence and create the agent again.

6.1.8 Installing Additional Oracle Portal, Forms, Reports, and Discoverer Instances After Upgrading Oracle Single Sign-On 10g to Oracle Access Manager 11g

This issue occurs with Oracle Portal, Forms, Reports, and Discoverer 11g environments that have been upgraded from using Oracle Single-Sign On 10g to Oracle Access Manager 11g for authentication.

When performing subsequent Oracle Portal, Forms, Reports, and Discoverer 11g installations against the same environment where the initial Oracle Portal, Forms, Reports, and Discoverer 10g installation was upgraded to Oracle Access Manager, there are some requirements that must be met.

  • For each subsequent Oracle Portal, Forms, Reports, and Discoverer 11g installation, you must maintain the original Oracle Single Sign-On 10g instance and keep it actively running--in addition to new Oracle Access Manager 11g instance--while the additional Oracle Portal, Forms, Reports, and Discoverer 11g installations are performed.

    This is necessary because Oracle Portal, Forms, Reports, and Discoverer 11g cannot be installed directly against Oracle Access Manager 11g.

  • After the subsequent classic installs are completed, the Oracle Single Sign-On 10g to Oracle Access Manager 11g upgrade procedure must be performed again. For more information, including an upgrade roadmap, see the Oracle Fusion Middleware Upgrade Guide for Oracle Identity and Access Management.

    This procedure upgrades the new Oracle Portal, Forms, Reports, and Discoverer 11g instance to Oracle Access Manager 11g.

Note that these considerations apply only in an environment with Multiple Oracle Portal, Forms, Reports, and Discoverer 11g middle tiers that are installed or added to a your environment after the initial upgrade from Oracle Single Sign-On 10g to Oracle Access Manager 11g.

6.1.9 JMS Instance Fails In a BI Publisher Cluster

On rare occasions, a JMS instance is missing from a BI Publisher Scheduler cluster.

To resolve this issue, restart the BI Publisher application from the WebLogic Server Administration Console.

To restart your BI Publisher application:

  1. Log in to the Administration Console.

  2. Click Deployments in the Domain Structure window.

  3. Select bipublisher(11.1.1).

  4. Click Stop.

  5. After the application stops, click Start.

6.1.10 Undelivered Records not Recovered During RAC Failover of Singleton SOA Server

If there is a RAC failover in a singleton server in a SOA RAC environment, recovery of undelivered records that appear recoverable in EM will fail.

6.1.11 Synchronous BPEL Process Issues

On a SOA cluster, the following scenarios are not supported:

  • Synchronous BPEL process with mid-process receive.

  • Synchronous BPEL process calling asynchronous services .

  • Callback from synchronous processes.

6.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

6.2.1 Fusion Middleware Control May Display Incorrect Status

In some instances, Oracle WebLogic Fusion Middleware Control may display the incorrect status of a component immediately after the component has been restarted or failed over.

6.2.2 Accumulated BPEL Instances Cause Performance Decrease

In a scaled out clustered environment, if a large number of BPEL instances are accumulated in the database, it causes the database's performance to decrease, and the following error is generated: MANY THREADS STUCK FOR 600+ SECONDS.

To avoid this error, remove old BPEL instances from the database.

6.2.3 Extra Message Enqueue when One a Cluster Server is Brought Down and Back Up

In a non-XA environment, MQSeries Adapters do not guarantee the only once delivery of the messages from inbound adapters to the endpoint in case of local transaction. In this scenario, if an inbound message is published to the endpoint, and before committing the transaction, the SOA server is brought down, inbound message are rolled back and the same message is again dequeued and published to the endpoint. This creates an extra message in outbound queue.

In an XA environment, MQ Messages are actually not lost but held by Queue Manager due to an inconsistent state. To retrieve the held messages, restart the Queue Manager.

6.2.4 Duplicate Unrecoverable Human Workflow Instance Created with Oracle RAC Failover

As soon as Oracle Human Workflow commits its transaction, the control passes back to BPEL, which almost instantaneously commits its transaction. Between this window, if the Oracle RAC instance goes down, on failover, the message is retried and can cause duplicate tasks. The duplicate task can show up in two ways - either a duplicate task appears in worklistapp, or an unrecoverable BPEL instance is created. This BPEL instance appears in BPEL Recovery. It is not possible to recover this BPEL instance as consumer, because this task has already completed.

6.2.5 No High Availability Support for SOA B2B TCP/IP

High availability failover support is not available for SOA B2B TCP/IP protocol. This effects primarily deployments using HL7 over MLLP. For inbound communication in a clustered environment, all B2B servers are active and the address exposed for inbound traffic is a load balancer virtual server. Also, in an outage scenario where an active managed server is no longer available, the persistent TCP/IP connection is lost and the client is expected to reestablish the connection.

6.2.6 WebLogic Administration Server on Machines with Multiple Network Cards

When installing Oracle WebLogic Server on a server with multiple network cards, always specify a Listen Address for the Administration Server. The address used should be the DNS Name/IP Address of the network card you wish to use for Administration Server communication.

To set the Listen Address:

  1. In the Oracle WebLogic Server Administration Console, select Environment, and then Servers from the domain structure menu.

  2. Click the Administration Server.

  3. Click Lock and Edit from the Change Center to allow editing.

  4. Enter a Listen Address.

  5. Click Save.

  6. Click Activate Changes in the Change Center.

6.2.7 Additional Parameters for SOA and Oracle RAC Data Sources

In some deployments of SOA with Oracle RAC, you may need to set parameters in addition to the out-of-the-box configuration of the individual data sources in an Oracle RAC configuration. The additional parameters are:

  1. Add property oracle.jdbc.ReadTimeout=300000 (300000 milliseconds) for each data source.

    The actual value of the ReadTimeout parameter may differ based on additional considerations.

  2. If the network is not reliable, then it is difficult for a client to detect the frequent disconnections when the server is abruptly disconnected. By default, a client running on Linux takes 7200 seconds (2 hours) to sense the abrupt disconnections. This value is equal to the value of the tcp_keepalive_time property. To configure the application to detect the disconnections faster, set the value of the tcp_keepalive_time, tcp_keepalive_interval, and tcp_keepalive_probes properties to a lower value at the operating system level.


    Note:

    Setting a low value for the tcp_keepalive_interval property leads to frequent probe packets on the network, which can make the system slower. Therefore, the value of this property should be set appropriately based on system requirements.


For example, set tcp_keepalive_time=600 at the system running the WebLogic Server managed server.

Also, you must specify the ENABLE=BROKEN parameter in the DESCRIPTION clause in the connection descriptor. For example:

dbc:oracle:thin:@(DESCRIPTION=(enable=broken)(ADDRESS_LIST=(ADDRESS=(PRO
TOCOL=TCP)(HOST=node1-vip.mycompany.com)(PORT=1521)))(CONNECT_DATA=(SERVICE_
NAME=example.com)(INSTANCE_NAME=orcl1)))

As a result, the data source configuration appears as follows:

<url>jdbc:oracle:thin:@(DESCRIPTION=(enable=broken)(ADDRESS_LIST=(ADDRESS=(PRO
TOCOL=TCP)(HOST=node1-vip.us.example.com)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=example.com)(INSTANCE_NAME=orcl1)))</url>
    <driver-name>oracle.jdbc.xa.client.OracleXADataSource</driver-name>
    <properties>
      <property>
        <name>oracle.jdbc.ReadTimeout</name>
        <value>300000</value>
      </property>
      <property>
        <name>user</name>
        <value>jmsuser</value>
      </property>
      <property>
        <name>oracle.net.CONNECT_TIMEOUT</name>
        <value>10000</value>
      </property>
    </properties>

6.2.8 Message Sequencing and MLLP Not Supported in Oracle B2B HA Environments

Message sequencing and MLLP are not supported in Oracle B2B high availability (HA) environments.

6.2.9 Credentials not Propagated for Transport Protocols in B2B

The Oracle FMW credential store maintains usernames and passwords that you define for Transport protocols. If you use the default file store for these credentials, changes you make to usernames and passwords do not propagate across nodes. You must use a central LDAP for these credentials to be synchronized across nodes in a cluster, as described in, and required by, the Oracle Fusion Middleware High Availability Guide and Enterprise Deployment Guides.

6.2.10 Use Fully-Qualified Hostnames when Configuring Front-end Hosts in High Availability Configurations

Oracle recommends using the full name of the host, including the domain name, when configuring front-end hosts in Oracle Fusion Middleware high availability configurations. Use the host's full name instead of using only the host name.

For example, if myhost is the name of a frontend host in a high availability configuration, set the frontend host URL to the fully-qualified hostname, such as myhost.mycompany.com as DNS or local host name resolution files (for example, /etc/hosts) define.

6.2.11 Managed Server goes into Suspended Status After Oracle RAC Failover

The Managed Server wls_ods(x) can enter a suspended status in the following situations:

  • A database connection in the data source is wrong or not complete.

  • The host is not a fully-qualified host for the database.

To correct the status of the Managed Server wls_ods(x):

  1. Under the data source, verify that the database connection is correct and complete with the domain.

  2. Under the data source, verify that the host name for the database is a fully- qualified hostname with the domain.

  3. Verify the connection by selecting the Test button.

6.2.12 Primary/Secondary Configuration Section of the Availability Tab is Not Visible

During the system component scale out process, the Primary/Secondary Configuration section in the Availability tab of the Capacity Management page in Fusion Middleware Control may not be visible in the browser. This issue occurs when you perform the scale out process using Microsoft Internet Explorer version 7.0.5730.11.

To avoid this issue, do not use the browser Microsoft Internet Explorer version 7.0.5730.11 to scale out; use another browser such as Google Chrome.

6.2.13 Server Start Parameters Not Getting Set After Scaling Out the Oracle Business Intelligence Managed Server

After scaling out Oracle Business Intelligence, Server Start parameters are not getting set correctly. To work around this issue, update the Server Start parameters for the scaled out BI Managed Server to include the following:

-Dserver.group=obi arguments

6.2.14 Ensuring the Oracle HTTP Server Lock File is on a Local Drive

If you configure an Oracle instance for Oracle HTTP Server 11g on shared storage, such as NAS, NFS, or SAN storage, you must ensure that the lock file is created on a local drive instead of the shared drive. If you do not do this, Oracle HTTP Server might experience performance problems. Perform these steps to point the LockFile directive at a local fi le system:

  1. Stop the OHS instances on WEBHOST1 and WEBHOST2.

  2. Open the file ORACLE_INSTANCE/config/OHS/ohs_name/httpd.conf in a text editor.

  3. Find the LockFile directive, configured under both the prefork and worker MPM configuration blocks in the httpd.conf file. It looks like this:

    LockFile ORACLE_INSTANCE/diagnostics/logs/COMPONENT_TYPE/COMPONENT_NAME/http_lock
    
  4. Change the LockFile directive under the appropriate MPM configuration to point to a local file system, for example:

    LockFile /local_disk/path/http_lock
    
  5. Restart Oracle HTTP Server.

  6. Verify that the http_lock file exists in the directory specifiedV by the LockFile directive.

6.2.15 Recreating OSSO Agents that Point to the Load Balancer URL

A high availability Classic environment typically has a load balancer in front of the Classic OHS instances. When you configure a classic instance with OAM 11g, the Configuration Wizard automatically configures an OSSO agent. The OSSO agent contains the individual Classic OHS instance URL. In a high availability cluster consisting of two Classic instances, the Configuration Wizard automatically configures two OSSO agents. Each OSSO agent contains the URL information of one Classic Webtier instance URL.

In a high availability cluster, you must recreate an OSSO agent that points to the load balancer URL.

To recreate an OSSO agent that points to the load balancer URL:

  1. From the OAM console, click New OSSO Agent to open the OSSO Wizard application.

  2. Enter the following information:

    • Name: Enter any name

    • Token Version: Use the default setting, v3.0

    • Base URL: Enter the load balancer URL, for example http://haqaedg04.us.example.com:7788

    • Admin ID: Leave blank

    • Admin Inf: Leave blank

    • Host Identifier: Keep default value from the Name field.

    • Auto Create Policies: Check this setting to enable it.

  3. Copy the osso.conf file of the new OSSO agent from the OAM server to the Classic Web Instances config directory.

6.2.16 Use Lower-Case Letters for GridLink Data Source RAC Service Name

When you create a GridLink data source in the Configuration Wizard, you must verify that the service name on the database uses lowercase letters only and is a qualified domain name. For example, <mydbservice>.us.example.com. The Service Name field is in the Configure GridLink RAC Component Schema screen.


Note:

The Oracle RAC Service name is defined on the database; it is not a fixed name. Oracle recommends that you register/add the RAC service name with the database domain name, for example, us.example.com


6.2.17 Additional Steps Needed for Oracle RTD Request Forwarding to Work Correctly

Due to an Oracle RTD issue related to request forwarding, the frontend URL must be the same as the backend URL for deployments that include Oracle RTD. To set the frontend URL for Oracle RTD, perform the steps listed in the following procedures at the point indicated in the Oracle Business Intelligence EDG task flow.

After performing the steps listed in Section 5.7, "Setting the Listen Address for bi_server1 Managed Server," set the frontend URL for the bi_server1 Managed Server, as follows:

  1. Log in to the Administration Console.

  2. In the Change Center, click Lock & Edit.

  3. Expand the Environment node in the Domain Structure window.

  4. Click Servers. The Summary of Servers page is displayed.

  5. Select bi_server1 in the Names column of the table. The settings page for bi_server1 is displayed.

  6. Click the Protocols tab.

  7. Click the HTTP tab.

  8. Set the Frontend Host field to APPHOST1VHN1 (your bi_server1 Listen address).

  9. Click Save, then click Activate Changes.

After performing the steps listed in Section 6.4.1, "Setting the Listen Address for the bi_server2 Managed Server," set the frontend URL for the bi_server2 Managed Server, as follows:

  1. Log in to the Administration Console.

  2. In the Change Center, click Lock & Edit.

  3. Expand the Environment node in the Domain Structure window.

  4. Click Servers. The Summary of Servers page is displayed.

  5. Select bi_server2 in the Names column of the table. The settings page for bi_server2 is displayed.

  6. Click the Protocols tab.

  7. Click the HTTP tab.

  8. Set the Frontend Host field to APPHOST2VHN1 (your bi_server2 Listen address).

  9. Click Save, then click Activate Changes.

6.2.18 Error INST-08075 Occurs When Scaling Out the BI System

When you are scaling out the BI System using the Oracle Business Intelligence Configuration Assistant, the following error occurs:

INST-08075: Weblogic Server 10.3.6.0 is installed but Weblogic Server Temporary is used in the BI Domain.

To work around this error, perform the following steps:

  1. Open MW_HOME/registry.xml for editing.

  2. Locate the following line:

    <component name="WebLogic Server" version="10.3.6.0" InstallDir="ORACLE_BASE/fmw/wlserver_10.3"> 
    
  3. Change the line to the following:

    <component name="WebLogic Server" version="Temporary" InstallDir="ORACLE_BASE/fmw/wlserver_10.3"
    
  4. Save and close the file.

  5. Return to the Oracle Business Intelligence Configuration Assistant and proceed past the Scale Out BI System Details screen.

  6. Revert the entry in registry.xml back to version="10.3.6.0".

6.2.19 First Defined RAC Instance Must Be Available On Domain Startup When Configuring with RAC Multi Data Source

When you configure the RAC data source for OPSS, Oracle recommends using an Oracle GridLink data source type. If you decide to use a RAC multi data source, you must ensure that the first RAC instance listed in the multi data source definition is available during the first domain startup. If you do not use the first RAC instance listed, configuration fails.

6.3 Testing Abrupt Failures of WebLogic Server When Using File Stores on NFS

If JMS messages and transaction logs are stored on an NFS-mounted directory, Oracle strongly recommends that you verify the behavior of a server restart after abrupt machine failures. Depending on the NFS implementation, different issues can arise post failover/restart.

To verify server restart behavior, abruptly shut down the node that hosts WebLogic servers while the servers are running.

  • If you configured the server for server migration, it should start automatically in failover node after the failover period.

  • If you did not configure the server for server migration, you can manually restart the WebLogic Server on the same host after the node completely reboots.

If Oracle WebLogic Server does not restart after abrupt machine failure, the following error entry may appear in server log files:

<MMM dd, yyyy hh:mm:ss a z> <Error> <Store> <BEA-280061> <The persistent 
store "_WLS_server_soa1" could not be deployed: 
weblogic.store.PersistentStoreException: java.io.IOException: 
[Store:280021]There was an error while opening the file store file 
"_WLS_SERVER_SOA1000000.DAT" 
weblogic.store.PersistentStoreException: java.io.IOException: 
[Store:280021]There was an error while opening the file store file 
"_WLS_SERVER_SOA1000000.DAT" 
        at weblogic.store.io.file.Heap.open(Heap.java:168) 
        at weblogic.store.io.file.FileStoreIO.open(FileStoreIO.java:88)
...
java.io.IOException: Error from fcntl() for file locking, Resource
temporarily unavailable, errno=11

This error occurs when the NFSv3 system does not release locks on the file stores. WebLogic Server maintains locks on files that store JMS data and transaction logs to prevent data corruption that can occur if you accidentally start two instances of the same managed server. Because the NFSv3 storage device doesn't track lock owners, NFS holds the lock indefinitely if a lock owner crashes. As a result, after abrupt machine failure followed by a restart, subsequent attempts by WebLogic Server to acquire locks may fail.

If it is not reasonably possible to tune locking behavior in your NFS environment, use one of the following solutions to unlock the logs and data files:

  • Use the WebLogic Server Administration Console to disable WebLogic file locking mechanisms for the default file store, a custom file store, a JMS paging file store, and a Diagnostics file store. To do this, see Considerations for Using File Stores on NFS in the Oracle Fusion Middleware High Availability Guide.

  • Manually unlock the logs and JMS data files and start the servers by creating a copy of the locked persistence store file and using the copy for subsequent operations. See the following section Unlocking Logs and Data Files Manually.

Unlocking Logs and Data Files Manually

Manually unlock the logs and JMS data files and start the servers by creating a copy of the locked persistence store file and using the copy for subsequent operations. To create a copy of the locked persistence store file, rename the file then copy it back to its original name. The following sample steps assume that transaction logs are stored in the /shared/tlogs directory and JMS data is stored in the /shared/jms directory.

cd /shared/tlogs
mv _WLS_SOA_SERVER1000000.DAT _WLS_SOA_SERVER1000000.DAT.old
cp _WLS_SOA_SERVER1000000.DAT.old _WLS_SOA_SERVER1000000.DAT
cd /shared/jms
mv SOAJMSFILESTORE_AUTO_1000000.DAT SOAJMSFILESTORE_AUTO_1000000.DAT.old
cp SOAJMSFILESTORE_AUTO_1000000.DAT.old SOAJMSFILESTORE_AUTO_1000000.DAT
mv UMSJMSFILESTORE_AUTO_1000000.DAT UMSJMSFILESTORE_AUTO_1000000.DAT.old
cp UMSJMSFILESTORE_AUTO_1000000.DAT.old UMSJMSFILESTORE_AUTO_1000000.DAT

With this solution, the WebLogic file locking mechanism continues to protect against accidental data corruption if multiple instances of the same servers are accidently started. However, you must restart the servers manually after abrupt machine failures. File stores create multiple consecutively numbered.DAT files when they store large amounts of data. You may need to copy and rename all files when this occurs.

6.4 Documentation Errata

This section describes documentation errata. It includes the following topics:

6.4.1 Documentation Errata for the Fusion Middleware High Availability Guide

This section contains Documentation Errata for Oracle Fusion Middleware High Availability Guide.

It includes the following topics:

6.4.1.1 Latest Requirements and Certification Information

Several manuals in the Oracle Fusion Middleware 11g documentation set have information on Oracle Fusion Middleware system requirements, prerequisites, specifications, and certification information. For the latest informationon these topics, see the following documents on Oracle Technology Network:

http://www.oracle.com/technology/software/products/ias/files/fusion_certification.html

This document contains information related to hardware and software requirements, minimum disk space and memory requirements, and required system libraries, packages, or patches. It also includes information on supported installation types, platforms, operating systems, databases, JDKs, and third-party products.

6.4.1.2 Error in Line to Add to mod_wl_ohs.conf File

In Chapter 5., "Configuring High Availability for Oracle SOA Suite," the line <Location /DefaultToDoTaskFlow/> should be <Location /workflow/DefaultToDoTaskFlow/> in the mod_wl_ohs.conf file. Instances of this line are in Sections 5.3.13 and 5.14.15.

6.4.2 Documentation Errata for the Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management

This section contains documentation errata for Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management.

It includes the following topics:

6.4.2.1 Set -DDomainRegistrationEnabled=true when Starting Node Manager

The November 2010 edition of Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management failed to mention that, prior to starting the Node Manager that controls the WebLogic Administration Server, you must set -DDomainRegistrationEnabled=true. For example:

export JAVA_OPTIONS=-DDomainRegistrationEnabled=true

6.4.2.2 Ignore Empty Section in the Oracle Virtual Directory Chapter

In the November 2010 edition of Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management, Section 8.1.1 in Chapter 11, "Extending the Domain with Oracle Virtual Directory is an empty section." Please ignore it.

6.4.2.3 Installing Identity Management Sections Are Incorrectly Organized

In Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management 11g Release 1 (11.1.1.5), Part Number E12035-07, Section 4.5.5, "Installing Oracle Identity Management," should be reorganized as follows:

  • The content beginning with "Start the Oracle Fusion Middleware 11g Oracle Identity Management Installer" should be in a subsection, Section 4.5.5.1, entitled "Installing Oracle Identity Management 11.1.1.2."

  • Section 4.5.6, "Upgrading the Oracle Homes for Oracle Identity Management from 11.1.1.2 to 11.1.1.5" should be Section 4.5.5.2.

6.4.2.4 Errors in Instructions for Using the Guide

Errors exist in Section 1.6, "Using This Guide." They should be corrected as follows:

  • Step 11 should be:

    If you are using Oracle Access Manager, follow the steps in Chapter 12, "Extending the Domain with Oracle Access Manager 11g."

  • Steps 11 through 18 should refer to chapters, not sections.

6.4.2.5 LDIF File Error in Procedure for Creating Users and Groups for Oracle WebLogic Server

The LDIF file in Step 2a of Section 11.4.4, "Creating Users and Groups for Oracle WebLogic Server," is missing some line breaks. It should appear as follows:

dn: cn=orclFAUserReadPrivilegeGroup,cn=Groups,dc=mycompany,dc=com
changetype: modify
add: uniquemember
uniquemember: cn=IDROUser,cn=Users,dc=mycompany,dc=com

6.4.2.6 Run Additional emctl Commands When Extending the Domain with Oracle Internet Directory or Oracle Virtual Directory

In the chapters "Extending the Domain with Oracle Internet Directory" and "Extending the Domain with Oracle Virtual Directory," you are instructed run

./emctl switchOMS ReposURL

to enable the local emagent to communicate with the WebLogic Administration Server using the virtual IP address. After you have run that command, you must also perform the following tasks:

  • Force the agent to reload its configuration by issuing the command:

    ./emctl reload
    
  • Check that the agent is using the correct Upload URL using the command:

    ./emctl status agent
    

6.4.2.7 Errors in Section 2.4, Shared Storage and Recommended Directory Structure

Table 2-3, Recommended Directory Structure, is missing some values in the Shared Storage column. The following table entries should have the value "Yes" in the Shared Storage column, indicating that these directories should be on shared storage:

  • IAM_ORACLE_HOME

  • ASERVER_DOMAIN_HOME

  • ASERVER_APP_HOME

PK[PK.V_E OEBPS/ohs.htm g Oracle HTTP Server

11 Oracle HTTP Server

This chapter describes issues and release-specific user information associated with Oracle HTTP Server. It includes the following notes:

11.1 mod_security Reintroduced

The mod_security plug-in was removed from earlier versions of Oracle HTTP Server but is reintroduced in version 11.1.1.7. This version follows the recommendations and practices prescribed for open source mod_security 2.6.2. Only documentation applicable to open source Apache mod_security 2.6.2 is applicable to the Oracle HTTP Server implementation of the module.

11.2 Installing OHS 11.1.1.7 with WLS 12g

You can install Oracle HTTP Server 11.1.17 with the Oracle WebLogic Server 12c JRF/ADF combination if you do the following:

  • Install the two components separately, from scratch, and choose the correct versions (Oracle HTTP Server 11.1.17 with Oracle WebLogic Server 12c JRF/ADF)

  • During the OHS 11g installation, deselect the components associated with a WebLogic Domain.

PK&͝ PK.V_EOEBPS/install.htm Installation, Patching, and Configuration

2 Installation, Patching, and Configuration

This chapter describes issues associated with Oracle Fusion Middleware installation, patching, and configuration. It includes the following topics:


Note:

This chapter contains issues you might encounter while installing, patching, or configuring any of the Oracle Fusion Middleware products.

Be sure to review the product-specific release note chapters elsewhere in this document for any additional issues specific to the products you are using.


2.1 Installation Issues and Workarounds

This section describes issue and workarounds related to Oracle Fusion Middleware product installation. It includes the following topics:

2.1.1 Issues Pertaining to Oracle SOA Suite Installation

This section contains the following:

2.1.1.1 Installing Oracle SOA Suite on a Dual Stack Host with IPv4

If you install Oracle SOA Suite on a dual stack host and the SOA front end URL is only set to IPv4, Oracle BPM Worklist or asynchronous callbacks from IPv6-only clients may have problems resolving IPv4 callback URLs (and vice-versa).

The work around is to use either a split Domain Name System (DNS) or another forward proxy configuration. This enables the IPv6-only client to connect to a dual stack box through its IPv6 interface.

2.1.1.2 Installing Oracle SOA Suite Release 11.1.1.3.0 in a Turkish Environment

If you are installing Oracle SOA Suite Release 11.1.1.3.0 in a Turkish environment, there will be some functionality loss for Oracle Enterprise Manager Fusion Middleware Control.

There is no work around for this issue. Oracle recommends that you avoid installing in a Turkish environment and install in an English environment instead.

2.1.2 Issues Pertaining to Oracle Portal, Forms, Reports and Discoverer Installation

This section contains the following:

  • Section 2.1.2.1, "Oracle Configuration Manager Fails During Domain Configuration of Oracle Portal, Forms, Reports, and Discoverer 11g Release 1 (11.1.1.7.0)"

  • Section 2.1.2.2, "Considerations When Installing Oracle Portal 11g"

  • 2.1.2.1 Oracle Configuration Manager Fails During Domain Configuration of Oracle Portal, Forms, Reports, and Discoverer 11g Release 1 (11.1.1.7.0)

    After upgrading Oracle Portal, Forms, Reports, and Discoverer to 11g Release 1 (11.1.1.7.0), or after installing Oracle Portal, Forms, Reports, and Discoverer 11g Release 1 (11.1.1.7.0), if you choose to configure Oracle Configuration Manager during domain configuration, the configuring Oracle Configuration Manager fails.

    The workaround for this issue is as follows:

    1. Navigate to the following location on your system:

      ORACLE_HOME/ccr/bin
      
    2. Run the following commands in the Oracle Instance home:

      $ setupCCR
      $ configCCR
      $ emCCR collect
      $ emCCR status
      

    Note:

    You can choose to skip configuring Oracle Configuration Manager when you initially run the 11g Release 1 (11.1.1.7.0) configuration wizard.


    To configure Oracle Configuration Manager after configuring the domain, do the following:

    1. Navigate to the ORACLE_HOME/ccr/bin directory on your system.

    2. Set the variable ORACLE_CONFIG_HOME in your Oracle Instance home directory.

    3. Run the following commands:

      $ setupCCR
      $ configCCR
      $ emCCR collect
      $ emCCR status
      

    2.1.2.2 Considerations When Installing Oracle Portal 11g

    Before you install a new Oracle Portal, Forms, Reports, and Discoverer 11g environment, be sure to review the following important resources:

    2.1.2.3 Prerequisite Checks Fail During the Installation of Oracle Portal, Forms, Reports, and Discoverer 11g Release 1 (11.1.1.2.0) on OEL6

    During the installation of Oracle Portal, Forms, Reports and Discoverer 11g Release 1 (11.1.1.2.0) on OEL6 operating system, prerequisite checks fail with errors.

    To work around this issue, perform any one of the following steps:

    • Press Continue and continue with the installation.

    • Use -ignoreSysPreReqs command line additional argument to the runInstaller:

      ./runInstaller -ignoreSysPreReqs
      

2.1.3 Issues Pertaining to Oracle Web Tier Installation

This section contains the following:

2.1.3.1 Oracle SOA Suite and Oracle Application Developer Must Be Installed Before Oracle Web Tier

To ensure that the oracle_common/soa/modules/commons-cli-1.1.jar file is installed properly, if you plan to associate Oracle Web Tier with an existing domain, you must install Oracle Web Tier after all other products are installed.

2.1.3.2 Oracle Web Tier Silent Install Requires Oracle Web Cache Component Name

If you are performing a silent Oracle Web Tier installation for Oracle HTTP Server, an Oracle Web Cache component name (WEBCACHE_COMPONENT_NAME parameter) must also be mentioned in the response file, even though Oracle Web Cache is not required for Oracle HTTP Server installation. Even though both component names are provided, as long as CONFIGURE_WEBCACHE is set to false then only Oracle HTTP Server will be installed and configured.

There is no work around for this issue.

2.1.4 Issues Pertaining to Oracle Identity Management Installation

This section contains the following:


Note:

For 11g Release 1 (11.1.1.6.0) installation release notes, refer to the following links:


2.1.4.1 WebLogic Administration Server Must Be Running When Extending Oracle Identity Management Domains

When you install Oracle Identity Management, you have several options for choosing how the Oracle Identity Management components are installed in relation to an Oracle WebLogic Server administration domain. If you select the Extend Existing Domain option on the installer's Select Domain screen, Oracle Identity Management components are installed in an existing Oracle WebLogic Server administration domain.

To install Oracle Identity Management components in an existing administration domain using the Extend Existing Domain option, the Oracle WebLogic Administration Server instance must be running.

2.1.4.2 Extending the Schema in Oracle Internet Directory

If you have Oracle Identity Manager 11g Release 1 (11.1.1.7.0) against Oracle Internet Directory release prior to Oracle Internet Directory 11g Release 1 (11.1.1.6.0) through libOVD 11g Release 1 (11.1.1.7.0) (with oamEnabled set to true and LDAPSync enabled), when you try to create a new user, the following error is displayed:

javax.naming.directory.SchemaViolationException:[LDAP: error code 65 -Failed to find orclpwdexpirationdate in mandatory or optional attribute list.
]

Workaround:

You need to extend the schema in Oracle Internet Directory that you have installed. To change the backend IDStore schema, do the following:

  1. Create a new attribute.

    attributetypes: ( 2.16.840.1.113894.200.1.7 NAME 'orclPwdExpirationDate' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE USAGE userApplications).
    
  2. Modify the existing orclIDXPerson objectclass to include orclPwdExpirationDate as an optional attribute.


Note:

You can use Oracle Directory Services Manager to connect to Oracle Internet Directory and make the schema changes.


2.1.4.3 Deinstalling a 11g (11.1.1.7.0) Oracle Internet Directory Instance Does Not Clean Up the OID Schema

When deinstalling a configured Oracle Internet Directory instance from Oracle Identity Management 11g (11.1.1.7.0) the file-based instance directory is removed, but the related Oracle Internet Directory instance configuration is not deleted. Hence, any future configuration adds to the instance count by including the deleted instances.

The following logic is missing from the command to remove a OID instance:

ldapdelete -p <oid ldap port> -D cn=orcladmin -w <password> "cn=<OID 
instance name as defined in the ODS
schema>,cn=osdldapd,cn=subconfigsubentry"

Workaround:

After deleting an instance and before recreating the instance run the command:

ldapdelete -p <oid ldap port> -D cn=orcladmin -w <password> "cn=<OID
instance name as defined in the ODS schema>,cn=osdldapd,cn=subconfigsubentry 

2.1.4.4 Information about the Oracle Virtual Directory Adapters

Oracle Virtual Directory adapters are not listed in the Home page.

To work around this issue on Linux operating systems, copy the osdt_cert.jar file from the Oracle Common home to the directory under ORACLE_HOME/inventory/Scripts/ext/lib/Oracle_IDM1.

To work around this issue on Windows operating systems, copy the jar prior to the configuration phase because it does not work if you copy it later.

2.1.4.5 Enabling the Retry Button

To retry a failed Oracle Identity Management configuration you must enable the Retry button. Check the box on the left side of the failed item to enable the Retry button.

2.1.4.6 Server Startup Failures on Linux Operating Systems

When starting the Oracle Identity Management server (Managed server or Administration server), the server may fail to start. You may see the following error:

Failed to push ldap config data to
libOvd for service instance "idstore.ldap" in JPS context "default", cause:
java.io.FileNotFoundException: /tmp/.ovdlock.tmp (Permission denied)> 

To work around this issue, run the following command and the start he server again:

chmod 666 /tmp/.ovdlock.tmp

2.1.4.7 Configuring OPMN Request Port

The static ports.ini for the Oracle Identity Management 11g Release 1 (11.1.1.7.0) installer has an OPMN request port specified. This port is not used in the Oracle Identity Management configuration and does not serve any specific functional purpose.

To configure the port you have to manually add the entry to opmn.xml after the oracle instance is provisioned.

2.1.4.8 Silent Install with Privileged Ports on Linux Operating Systems

To install and configure privileged ports in silent mode on Linux operating systems, do the following:

  1. Complete only a silent install with Oracle Identity Management 11g Release 1 (11.1.1.7.0).

  2. Run the oracleroot.sh and oidroot.sh scripts in the Oracle home.

    You must run these scripts as root user.

  3. Change .apachectl permissions.

    Run the following as root user:

    /bin/chown root /$OH/ohs/bin/.apachectl
    /bin/chmod 6750 /$OH/ohs/bin/.apachectl
    
  4. Complete a silent configuration with the privileged ports.

2.1.5 Issues Pertaining to JDK and JRE Installation

This section contains the following:

2.1.5.1 Asian Characters are Not Displayed on Oracle Linux 6.1 with JDK Versions Older Than 6u30

If you are running on Oracle Linux 6.1 with JDK version older than 6u30, Chinese, Korean, and Japanese characters are not displayed in the Oracle Universal Installer.

To work around this issue, do the following:

  1. Go to the JAVA_HOME/jre/lib directory.

  2. Copy fontconfig.RedHat.6.0.bfc to fontconfig.RedHat.6.1.bfc.

  3. Copy fontconfig.RedHat.6.0.properties.src to fontconfig.RedHat.6.1.properties.src.

  4. Run the installer.

2.1.5.2 Specifying the JRE Location if Installing with Automatic Updates

If you are installing one of the following Oracle Fusion Middleware products:

  • Oracle SOA Suite

  • Oracle WebCenter Portal

  • Oracle Service Bus

  • Oracle WebCenter Content

  • Oracle Data Integrator

  • Oracle Identity and Access Management

And you will choose to configure automatic updates on the Install Software Updates screen by selecting Download and install updates from My Oracle Support you must specify the location of a JRE on your system by using the -jreLoc parameter from the command line when you start the installer.

If you do not use the -jreLoc parameter and instead wait for the installer to prompt you for a JRE location, an exception will be seen during the installation.

2.1.5.3 Upgrading Sun JDK in the Oracle Home Directory

Certain installations, including Oracle Identity Management, Oracle Portal, Forms, Reports and Discoverer, and Oracle Web Tier will install a Sun JDK in the Oracle home directory. This version of the Sun JDK may be lower in version than what is specified in the Oracle Fusion Middleware Certification Document:

http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

This JDK is used internally and should not be used to deploy Oracle SOA, Oracle WebCenter Portal, or any custom J2EE applications.

If you want a single JDK version deployed for all types of applications, you can upgrade the Sun JDK to a higher version (as specified in the Oracle Fusion Middleware Certification document) using the following steps:

  1. Shut down all processes.

  2. Back up your existing JDK.

  3. Install a new JDK in the same location as your existing JDK.

  4. Restart all processes.

2.1.5.4 Out of Memory Errors When Using JDK 6 Update 23

If you are experiencing out-of-memory errors when using JDK 6 Update 23, consider the following.

In JDK 6 Update 23, the escape analysis feature was enabled by default.This is an optimization within the hotspot compiler, which may require an increased memory footprint. When there is very little free space in the process for additional native memory allocations, for example due to a very large Java heap, this could lead to an out of memory situation.

The workaround for this issue is to add the following JVM argument when you start your application:

-XX:-DoEscapeAnalysis

You can identify JDK 6 Update 23 by using the java -version command, as follows:

java -version
   java version "1.6.0_24"
   Java(TM) SE Runtime Environment (build 1.6.0_24-b50)
   Java HotSpot(TM) Server VM (build 19.1-b02, mixed mode)

2.1.6 Issues Pertaining to Oracle Universal Installer

This section contains the following:

2.1.6.1 Installer Produces Errors When Checking for Software Updates on My Oracle Support

On the Install Software Updates screen, if you select the Search My Oracle Support for Updates option, provide the proper user credentials, and then click Search for Updates, the following error is seen in the installation log file:

java.net.NoRouteToHostException: No route to host

The work around is to use the Search Local Directory for Updates option on the Install Software Update screen and select a patch that has already been downloaded and is available locally. Patches can be downloaded manually from My Oracle Support or they can be obtained from your Oracle Support representative.

2.1.6.2 Installer is Checking for the Wrong System Patches on Solaris x86-64

The installer for Fusion Middleware products is looking for following operating system patches on Solaris x86-64 operating systems:

  • 127111-02

  • 137111-04

These are incorrect; the correct operating system patches required for Solaris x86-64 operating systems are:

  • 127112

  • 137112

More information about these patches can be found in notes 1000642.1 and 1019395.1 on My Oracle Support.

2.1.6.3 Entering the Administrator Password for a Simple Oracle Business Intelligence Installation on Linux Operating Systems

If you are installing Oracle Business Intelligence on a Linux operating system, and you select Simple Install on the Select Installation Type screen, the "Password" field is inactive when you navigate to the Administrator Details screen.

To work around this issue, right-click on the "Password" field and select Paste. The "Password" field becomes active and you can enter an Administrator password.

2.1.7 Issues Pertaining to Database and Schema Installation

This section contains the following:

2.1.7.1 Error Encountered While Loading the Oracle Internet Directory (ODS) Schema

If you have password policy enabled at the database level on your Oracle database, you will receive the ORA-28003 error when loading the Oracle Internet Directory (ODS) schema.

To work around this issue, temporarily disable password policy, load the schema, then enable password policy again.

2.1.7.2 Setting the Correct Permission for the DBMS_JOB Database Package

If you are creating the Oracle Internet Directory schema in an Oracle database using RCU, you may encounter the following error messages:

ORA-04063: package body "ODS.TSPURGE" has errors
ORA-06508: PL/SQL: could not find program unit being called: "ODS.TSPURGE"
ORA-06512: at line 3

To work around this issue:

  1. Stop RCU and drop any Oracle Internet Directory schemas already created. Refer to "Dropping Schemas" in Oracle Fusion Middleware Repository Creation Utility User's Guide for instructions.

  2. Log into the database using SQL*Plus and run the following command:

    SQL> grant execute on sys.dbms_job to PUBLIC
    
  3. Run RCU again and create the schemas.

2.1.7.3 Database Connection Failure During Schema Creation When Installing Oracle Internet Directory

If the installation of Oracle Internet Directory fails due to timeout or connection failure when connecting to a database for schema creation, you can try to reset the timeout parameter in the rcu.properties file. This file is located in the IDM_HOME/rcu/config directory-.

Open the rcu.properties file in a text editor, search for the property JDBC_LOGIN_TIMEOUT, and set its value to 30.

2.1.7.4 Using RCU 11g Release 1 (11.1.1.1.0) with Oracle Database 11g (11.2.0.1)

If you are using the version of RCU that is available in Oracle Fusion Middleware 11g Release 1 (11.1.1.1.0) with Oracle Database 11g (11.2.0.1), you will receive the following warning message:

The database you are connecting is not a supported version. Enter Database
with version equal to or higher than 10.2.0.4.0 in 10g or version equal to
higher than 11.1.0.7.0 in 11g. Refer to the certification matrix for
supported DB versions.

This warning can be safely ignored and you can proceed with your RCU operations.

This warning will not appear in the version of RCU available in Oracle Fusion Middleware 11g Release 1 (11.1.1.2.0) or later.

2.1.8 Error Messages and Exceptions Seen During Installation

This section contains the following:

2.1.8.1 Error Messages When Installing on IBM AIX 7.1

When installing Oracle Fusion Middleware 11g products on IBM AIX 7.1, you may see the following errors during the prerequisite checking portion of the installation:

Checking operating system certification
Expected result: One of 5300.08,6100.02
Actual result:: 7100.xx
Check complete. The overall result of this check is: Failed <<<<
Problem: This Oracle software is not certified on the current operating system
 
Checking recommended operating system patches
Check complete: The overall result of this check is: Not executed <<<< 

These messages can be safely ignored. Selecting Continue in the dialog box will allow the installation to proceed.

2.1.8.2 JRF Startup Class Exceptions May Appear in Oracle WebLogic Managed Server Logs After Extending Oracle Identity Management Domain

After extending an Oracle Identity Management domain, you may see exception messages related to JRF Startup Class in the managed server log files. For example:

Failed to invoke startup class "JRF Startup Class",
oracle.jrf.PortabilityLayerException: Fail to retrieve the property for the Common
Components Home.
oracle.jrf.PortabilityLayerException: Fail to retrieve the property for the Common
Components Home.

You can safely ignore these exception messages—there is no loss in functionality.

2.1.8.3 Sun JDK and Oracle Configuration Manager Failures in the Installation Log File

Upon completing of an Oracle Web Tier, Oracle Identity Management, or Oracle Portal, Forms, Reports and Discoverer installation, the following errors may be seen in the installtime_and_date.log file:

[2009-11-04T21:15:13.959-06:00] [OUI] [NOTIFICATION] [] [OUI] [tid: 16]
[ecid: 0000IJ2LeAeFs1ALJa5Eif1Awî9l000007,0] OUI-10080:The pre-requisite for
the component Sun JDK 1.6.0.14.08  has failed.
 
[2009-11-04T21:15:13.960-06:00] [OUI] [NOTIFICATION] [] [OUI] [tid: 16]
[ecid: 0000IJ2LeAeFs1ALJa5Eif1Awî9l000007,0] OUI-10080:The pre-requisite for
the component Oracle Configuration Manager 10.3.1.2.0  has failed.   

These messages occur because the Sun JDK and Oracle Configuration Manager are not installed in the oracle_common directory. You can safely ignore these messages.

2.1.9 Issues Pertaining to Product Deinstallation

This section contains the following:

2.1.9.1 Proper Deinstallation for Reinstallation in the Event of a Failed Installation

In the event that an installation fails, and you want to deinstall the failed installation and then reinstall the software to the same location, you must do the following:

  1. Make sure that all the managed servers in the failed installation are shut down. You must verify this in the Administration Console; the word "SHUTDOWN" must appear next to the managed server name.

  2. Deinstall the binaries in the Oracle home directory using the deinstaller in the ORACLE_HOME/oui/bin directory.

  3. Delete all the managed servers from the failed installation in the config.xml file by using the Administration Console or WLST.

  4. Delete all directories in the DOMAIN_HOME/servers directory:

This procedure will enable you to reinstall the software to the same location, using the same managed server names.

2.1.9.2 Deinstallation Does Not Remove WebLogic Domains

There may be certain scenarios where you will need to remove WebLogic Domains that you have created. The Oracle Universal Installer is used to remove Oracle Instances and Oracle home directories only; it does not remove WebLogic Domains.

If you need to remove a WebLogic Domain, you must do so manually. Please refer to your Oracle WebLogic Server documentation for more information.

2.1.10 Oracle Recommends JDK Version 6 Update 29 for Oracle Service Bus 11g Release 1 (11.1.1.7.0)

Oracle Service Bus performs more slowly when running on certain versions of the Java Platform, Standard Edition Development Kit (JDK). For optimal performance, Oracle recommends using JDK version 6 update 29 with Oracle Service Bus 11g Release 1 (11.1.1.7.0).

2.1.11 Installing Oracle Service Registry in the Same Domain as Oracle SOA Suite

When installing Oracle Service Registry 11g in the same Weblogic Domain as Oracle SOA Suite 11g Release 11.1.1.2.0 or Release 11.1.1.3.0, you may see the following error message on the WebLogic Server console when Oracle Service Registry is starting up:

java.lang.LinkageError: loader constraint violation in interface itable
initialization:....

To work around this issue:

  1. Make sure Oracle Service Registry is installed on a different Managed Server from Oracle SOA Suite.

  2. Download patch 9499508 and follow the instructions in the README file included with the patch:

    1. Go to My Oracle Support.

      http://support.oracle.com
      
    2. Click on the Patches & Updates tab.

    3. In the Patch Search area, search for patch 9499508.

    4. Download the patch.

  3. Edit the setDomainEnv.sh file and, for Oracle Service Registry Server, remove fabric.jar from classpath:

    if [ "${SERVER_NAME}" != "osr_server1" ] ; then
    POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.fabric_11.1.1/oracle.soa.fabric.jar
    ${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_11.1.1/oracle.soa.adapter.jar
    ${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_11.1.1/oracle.soa.b2b.jar
    ${CLASSPATHSEP}${POST_CLASSPATH}"
    else
    POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_11.1.1/oracle.soa.adapter.jar
    ${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_11.1.1/oracle.soa.b2b.jar
    ${CLASSPATHSEP}${POST_CLASSPATH}"
    fi
    

When installing Oracle Service Registry 11g in the same Weblogic Domain as Oracle SOA Suite 11g Release 11.1.1.3.0, you may see the following error message when accessing the Oracle Service Registry console:

ClassCastException
java.lang.ClassCastException:org.systinet.uddi.client.serialization.UDDIFaultSerializer

To work around this error, edit the setDomainEnv.sh file and remove oracle.soa.fabric.jar from the classpath when running the Oracle Service Registry Managed Server. To do this:

  1. Make a backup of the MW_HOME/user_projects/domains/soa_domain_name/bin/setDomainEnv.sh file.

  2. Edit the setDomainEnv.sh file and replace the following line:

    POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.fabric_11.1.1/oracle.soa.fabric.jar
    ${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_11.1.1/oracle.soa.adapter.jar
    ${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_11.1.1/oracle.soa.b2b.jar
    ${CLASSPATHSEP}${POST_CLASSPATH}"
    

    with the following:

    if [ "${SERVER_NAME}" != "<your_osr_server_name>" ] ;
    then
    POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.fabric_11.1.1/oracle.soa.fabric.jar
    ${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_11.1.1/oracle.soa.adapter.jar
    ${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_11.1.1/oracle.soa.b2b.jar
    ${CLASSPATHSEP}${POST_CLASSPATH}"
    else
    POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_11.1.1/oracle.soa.adapter.jar
    ${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_11.1.1/oracle.soa.b2b.jar
    ${CLASSPATHSEP}${POST_CLASSPATH}"
    fi
    
  3. Restart the Oracle Service Registry Managed Server.

If you have multiple Oracle Service Registry Managed Servers in the domain, each Managed Server must be added to the condition. For example, if you have two Oracle Service Registry Managed Servers named WLS_OSR1 and WLS_OSR2:

case "$SERVER_NAME" in
.
'WLS_OSR1')
.
echo "Setting WLS_OSR1 CLASSPATH..."

POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_11.1.1/oracle.soa.adapter.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_11.1.1/oracle.soa.b2b.jar
${CLASSPATHSEP}${POST_CLASSPATH}"
exit;;

.
'WLS_OSR2')
.
echo "Setting WLS_OSR2 CLASSPATH..."

POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_11.1.1/oracle.soa.adapter.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_11.1.1/oracle.soa.b2b.jar
${CLASSPATHSEP}${POST_CLASSPATH}"
exit;;
.
*)
.
echo "Setting default SOA CLASSPATH..."

POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.fabric_11.1.1/oracle.soa.fabric.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_11.1.1/oracle.soa.adapter.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_11.1.1/oracle.soa.b2b.jar
${CLASSPATHSEP}${POST_CLASSPATH}"
exit;;
.
esac

2.1.12 Problems Installing in Thai and Turkish Locales

Turkish and Thai users are recommended to install and run Oracle Fusion Middleware using the English locale. Oracle Fusion Middleware does support Turkish and Thai locales as clients.

2.2 Patching Issues and Workarounds

This section describes issue and workarounds related to Oracle Fusion Middleware product patching. It includes the following topics:

2.2.1 Applications Will Not Start After WebLogic Server is Updated

After applying the latest patches to Oracle WebLogic Server, the WL_HOME/server/lib/weblogic.policy file must be edited to include the following entry in order for Middleware services such as Discoverer, Access Manager, and Identity Manager to start:

grant codeBase "file:MW_HOME/WLS/patch_jars/-" {
      permission java.lang.RuntimePermission "oracle.*","read";
};

Replace MW_HOME with the location of your Middleware home directory.

Replace WLS with one of the following:

  • patch_wls1034 for WebLogic Server version 10.3.4

  • patch_wls1035 for WebLogic Server version 10.3.5

  • patch_wls1036 for WebLogic Server version 10.3.6

2.2.2 Patching Oracle WebCenter Portal and Oracle WebCenter Content with Other Fusion Middleware Products in the Same Domain

Oracle recommends that all products in the same domain have the same version number (see "Middleware Home and Domain Interoperability" in Oracle Fusion Middleware Interoperability and Compatibility Guide for details).

However, in Oracle Fusion Middleware 11g Release 1 (11.1.1.8.0), only Oracle WebCenter Portal and Oracle WebCenter Content are released. All other products are at 11g Release 1 (11.1.1.7.0) or earlier, depending on their respective latest available versions. Therefore, it is possible to have a domain with Oracle WebCenter Portal and Oracle WebCenter Content that have different version numbers than other Fusion Middleware Products in the same domain.


Note:

If you want to patch to 11g Release 1 (11.1.1.8.0), it is recommended that you patch both Oracle WebCenter Portal and Oracle WebCenter Content to 11g Release 1 (11.1.1.8.0) within the same domain. You do not need to install them into separate domains because of mixed release versions. After you have patched Oracle WebCenter Portal and Oracle WebCenter Content to release 11.1.1.8.0, you can then apply the latest patches available for these products.


2.2.3 Issues Pertaining to Patching Oracle SOA Suite

This section contains the following:

2.2.3.1 Patch Set Assistant Fails When Updating the SOAINFRA Schema in SQL Server Databases

If you attempt to update the SOAINFRA schema in a Microsoft SQL Server database, then the Fusion Middleware Patch Set Assistant fails to complete the operation. This is a known issue with no current workaround. Contact Oracle Support or refer to My Oracle Support for more information:

http://support.oracle.com/

2.2.3.2 Exception Seen When Extending Your Existing Oracle SOA Suite Domain with Oracle Business Process Management Suite

The following intermittent exception may be seen in cases where you have upgraded your Oracle SOA Suite software to release 11.1.1.3.0 with the Patch Set Installer, and are extending your existing domain to include Oracle Business Process Management Suite:

javax.ejb.EJBTransactionRolledbackException: EJB Exception: ; nested exception
 is: javax.persistence.PersistenceException: Exception
[EclipseLink-4002] (Eclipse Persistence Services - 2.0.2.v20100323-r6872):
 org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLIntegrityConstraintViolationException:
 ORA-02292: integrity constraint (DB9128_SOAINFRA.BPM_CUBE_ROLE_FK1) violated -
 child record found.
Error Code: 2292
Call: DELETE FROM BPM_CUBE_PROCESS WHERE (PROCESSID = ?)
        bind => [247]
Query: DeleteObjectQuery(CubeProcess(domain:default, composite:counter_extended,
 revision:1.0, name:Process, hasNametab:true));
nested exception is: javax.persistence.PersistenceException: Exception
[EclipseLink-4002] (Eclipse Persistence Services - 2.0.2.v20100323-r6872):
 org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLIntegrityConstraintViolationException:
ORA-02292: integrity constraint (DB9128_SOAINFRA.BPM_CUBE_ROLE_FK1) violated -
 child record found

This is a harmless exception. To avoid seeing this exception, do the following:

  1. Connect to your database as the SOA schema user.

  2. Drop the BPM_CUBE_ROLE_FK1 constraint by executing the following:

    ALTER TABLE BPM_CUBE_ROLE DROP CONSTRAINT BPM_CUBE_ROLE_FK1;
    
  3. Recreate the BPM_CUBE_ROLE_FK1 constraint by executing the following:

    ALTER TABLE BPM_CUBE_ROLE ADD CONSTRAINT BPM_CUBE_ROLE_FK1 FOREIGN KEY @
    (ProcessId) REFERENCES BPM_CUBE_PROCESS(ProcessId) ON DELETE CASCADE;
    
  4. Restart the Oracle SOA Managed Server.

2.2.3.3 Exception Seen When Undeploying any SOA Composite with Range-Based Dimension Business Indicators

The following intermittent exception may be seen in cases where you have upgraded your Oracle SOA Suite software to release 11.1.1.3.0 with the Patch Set Installer, and have undeployed SOA composites that have range-based dimension business indicators:

javax.ejb.EJBTransactionRolledbackException: EJB Exception: ; nested
exception is: javax.persistence.PersistenceException: Exception
[EclipseLink-4002] (Eclipse Persistence Services - 2.0.2.v20100323-r6872):
org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLIntegrityConstraintViolationException:
ORA-02292: integrity constraint (DB9967_SOAINFRA.BPM_CUBE_NAMETAB_RANGE_FK1)
violated - child record found
 
Error Code: 2292
Call: DELETE FROM BPM_CUBE_NAMETAB WHERE ((EXTENSIONID = ?) AND (NAMETABID =
?))
        bind => [0, 603]
Query:
DeleteObjectQuery(oracle.bpm.analytics.cube.persistence.model.CubeNametab@b7b8
2a); nested exception is: javax.persistence.PersistenceException: Exception
[EclipseLink-4002] (Eclipse Persistence Services - 2.0.2.v20100323-r6872):
org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLIntegrityConstraintViolationException:
ORA-02292: integrity constraint (DB9967_SOAINFRA.BPM_CUBE_NAMETAB_RANGE_FK1)
violated - child record found 

This exception is harmless and can be safely ignored. To avoid seeing this exception, do the following:

  1. Connect to your database as the SOA schema user.

  2. Drop the BPM_CUBE_NAMETAB_RANGE_FK1 constraint by executing the following:

    ALTER TABLE BPM_CUBE_NAMETAB_RANGE  DROP CONSTRAINT BPM_CUBE_NAMETAB_RANGE_FK1;
    
  3. Recreate the BPM_CUBE_NAMETAB_RANGE_FK1 constraint by executing the following:

    ALTER TABLE BPM_CUBE_NAMETAB_RANGE ADD CONSTRAINT BPM_CUBE_NAMETAB_RANGE_FK1
    FOREIGN KEY @ (ProcessId, NametabId, ExtensionId) REFERENCES
    BPM_CUBE_NAMETAB (ProcessId, NametabId, ExtensionId) ON DELETE CASCADE;
    
  4. Restart the Oracle SOA Managed Server.

2.2.3.4 Running Oracle Business Process Management Suite with Microsoft SQL Server 2008 Database

If you have patched your existing Oracle SOA Suite installation with the Patch Set Installer to include Oracle Business Process Management Suite and you are using a Microsoft SQL Server 2008 database, the following procedure is required after you have patched your software:

  1. Login to the Administration Console.

  2. In the "Connection Pools" tab, add the following property in the "Properties" section for the mds-owsm and mds-soa data sources:

    ReportDateTimeTypes=false
    

2.2.3.5 Update to Oracle SOA Suite Release 11.1.1.3.0 Does Not Remove the b2b.r1ps1 Property

After you update your Release 11.1.1.2.0 software to Release 11.1.1.3.0, and login to the Oracle Enterprise Manager Console and navigate to the b2b Properties screen, the b2b.r1ps1 property (used to enable Release 11.1.1.2.0 features such as DocProvisioning and TransportCallout) is still visible. This property is removed for Release 11.1.1.3.0.

To remove this property, use the MBean browser remove property operation in Fusion Middleware Control. For more information, see "Configuring B2B Operations" in Oracle Fusion Middleware Administrator's Guide for Oracle SOA Suite and Oracle BPM Suite.

2.2.3.6 Manual Steps for Migrating Oracle UMS and Oracle MDS

If you migrate your database schemas from Release 11.1.1.1.0 to Release 11.1.1.2.0 with the BAM Alone option:

ant master-patch-schema -DpatchMaster.Componentlist=BAM

The Oracle BAM server will not start and you will receive UMS and MDS exceptions. After executing above command, if no errors are seen in the log files and if the version in schema_version_registry is changed to 11.1.1.2.0 for Oracle BAM, then the following commands must be executed to manually migrate Oracle UMS and MDS:

ant master-patch-schema -DpatchMaster.Componentlist=MDS
ant master-patch-schema -DpatchMaster.Componentlist=UMS

Then, start the Oracle BAM server after running these commands.

2.2.3.7 Monitored BPEL Processes Generate Warning Messages in Log File After Applying 11g Release 1 (11.1.1.4.0) Patch Set

If you deployed BPEL processes that are instrumented with monitors, then Oracle BAM might generate warning messages in the SOA diagnostic log file after you apply the 11g Release 1 (11.1.1.4.0) patch set.

This is because a new business indicator data object field ("LATEST") was added for Oracle Fusion Middleware 11g Release 1 (11.1.1.4.0).

To avoid the warning message and to take advantage of the new data object field, redeploy the BPEL process after you apply the 11g Release 1 (11.1.1.4.0) patch set.

For more information about the LATEST data object field, see "Understanding Business Indicator Data Objects" in the Oracle Fusion Middleware Developer's Guide for Oracle SOA Suite.

2.2.3.8 Oracle Rules Error in Administration Server Log Files After Patching an 11g Release 1 (11.1.1.2.0) Domain

If you are applying the latest Oracle Fusion Middleware 11g patch set to an 11g Release 1 (11.1.1.2.0) Oracle home, then you might see the following error in the Administration Server log files:

<Unresolved optional package references (in META-INF/MANIFEST.MF):
[Extension-Name: oracle.rules, referenced from: 
/app/orasoa/product/soa11g/middleware/user_projects
   /domains/soadev/servers/AdminServer/tmp/_WL_user/emai/xalnv4]
Make sure the referenced optional package has been deployed as a library.>

You will see this error if deployed a Oracle SOA Suite composite application to the domain previous to applying the patch set. This because, starting with Oracle Fusion Middleware 11g Release 1 (11.1.1.3.0), the Rules library (oracle.rules) must be targeted to the Administration Server, as well as to the SOA managed servers.

To avoid this message:

  1. Use the Oracle WebLogic Server Administration Console to select the oracle.rules shared library and target it to the Administration Server as well as to the SOA managed servers in the domain.

  2. Redeploy the application to the domain using Oracle JDeveloper 11g Release 1 (11.1.1.3.0) or later.

2.2.3.9 Incorrect Instance State of Composite Applications After Applying the Latest Patch Set

If you deployed any composite applications in Oracle SOA Suite 11g Release 1, and then you apply the latest 11g Release 1 patch set, then you might find that the instance state of some of your composite applications appears incorrect.

For example, if any of your composite applications were in a "recovery required" state before you applied the patch set, then those composite applications may be identified as completed when you view them on the Dashboard tab of the SOA Composite page in Fusion Middleware Control.

In these cases, you can ignore the "completed" indicator. The instances are actually still running and will be treated as such by other operations, such as a purge operation.

After you install the patch set, you should analyze each of these instances to determine whether they should be completed, aborted, or left to continue.

For more information about monitoring the state of SOA Composite applications, see "Monitoring SOA Composite Applications" in the Oracle Fusion Middleware Administrator's Guide for Oracle SOA Suite and Oracle BPM Suite.

2.2.4 Issues Pertaining to Patching Oracle WebCenter Portal

This section contains the following:

2.2.4.1 Configuring Additional Crawl Sources for Discussions After Patching Oracle WebCenter Portal

After patching Oracle WebCenter Portal to the latest release, you must configure two additional crawl sources for discussions that reference the MESSAGECRAWLER_VW and THREADCRAWLER_VW views. Once configured, Oracle SES can crawl topics and replies in discussions forums as well as forums (FORUMCRAWLER_VW). The latest release uses three separate crawl sources so that users can see search results for forums without also seeing results for all the messages and replies in it.

For information, see "Setting Up Oracle SES to Search Discussions and Announcements" in Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter.

2.2.4.2 Problem Using WebCenter Portal Customizations with .jsp Pages

In Oracle WebCenter Portal 11g Release 1 (11.1.1.2.0) or Release 1 (11.1.1.3.0), if you extended WebCenter Portal (previously called WebCenter Spaces) with your own customizations, then before you upgrade, you must ensure that the customization shared library uses .jspx pages and not .jsp pages.

After you upgrade to the latest release of Oracle WebCenter Portal, custom portal templates will not render if they use .jsp pages.

2.2.4.3 Errors When Updating Oracle WebCenter Portal Using WLST Commands

If you are updating Oracle WebCenter Portal using WLST commands, you may see some error messages as described in this section. These errors can be safely ignored provided that when the command completes there is some text indicating the successful completion of the command.

When running the upgradeWebCenterDomain WLST command, you may see the following error message:

Error: addTemplate() failed. Do dumpStack() to see details.

When running the upgradeWebCenterPermissions command, you may see the following error message:

Command FAILED, Reason: JPS-04204: Cannot revoke permissions.

2.2.4.4 Errors When Adding Tagging and Search Task Flows to Pages

In your Oracle WebCenter 11.1.1.4.0 instance if you used a resource catalog based on the Default Page Template Catalog, then in your patched Oracle WebCenter Portal instance you may encounter problems while adding the Tagging and Search task flows to pages. To address this issue, in your patched instance, you must edit your resource catalog, and add the Tagging and Search task flows again.

2.2.4.5 Personalization Settings in Activity Graph Task Flows Lost When Oracle WebCenter Portal is Patched

Personalization settings made for Activity Graph task flows, such as Similar Items and Recommended Connections, may be lost and task flows may revert to default settings when you patch Oracle WebCenter Portal to the latest release. You must make all the personalization settings again for your Activity Graph task flows as required.

2.2.4.6 Language Not Displayed in the List of Languages Offered in Spaces

If you extended WebCenter Portal (previously called WebCenter Spaces) to add support for a new language, you may encounter problems working with the language after you patch your Oracle WebCenter Portal instance. The language may not display in the default list of languages offered in WebCenter Portal. To work around this issue, you must re-upload the supported-languages.xml file containing the entry for the required language.

2.2.4.7 Patches Required After Updating Oracle WebCenter Portal

After you patch Oracle WebCenter Portal, you can apply the following one-off patches available on My Oracle Support to address specific known issues:

  • Patch 16908144

    This patch addresses a problem where Portal Framework applications generate an error and cannot be run when you are using the updated WebCenter Portal JDeveloper Extension.

  • Patch 16757223

    This patch improves the performance of WebCenter Portal applications.

  • Patch 16743904

    This patch addresses issues with Portal Framework applications that take advantage of Metadata Services (MDS).

2.2.5 Issues Pertaining to Patching Oracle Identity Management

This section contains the following:

2.2.5.1 Access Denied When Running the oimPS1PS2upgrade Script

If you are upgrading Oracle Identity Management and need to run the oimPS1PS2upgrade.sh script, you must add the following to the grant() method in the JAVA_HOME\jre\lib\security\java.policy file:

// JMX Java Management eXtensions
permission javax.management.MBeanTrustPermission "register";

After making this change, stop and restart all the servers.

2.2.5.2 Installer Prompts for OID Privileged Ports Twice During the Patch Installation

If you are patching an existing Oracle Internet Directory installation to 11g Release 1 (11.1.1.7.0), you will be prompted to run the oracleRoot.sh script near the end of the patch installation, which in turn will ask for the following:

Do you want to run oidRoot.sh to configure OID for privileged ports?(yes/no)

Depending on the OID version being patched, you may be asked this question a second time. Make sure you enter the same response ("Yes" or "no") both times in order for the script to run correctly.

There is no work around for this issue.

2.2.5.3 Installer Does Not Detect Existing Oracle Home

If you are upgrading to Oracle Identity Management to 11g Release 1 (11.1.1.7.0) from 11g Release 1 (11.1.1.4.0), the installer does not detect the existing Oracle home directory for upgrade in the following environments:

  • On 64-bit Windows operating systems, using the Traditional Chinese, Simplified Chinese, or Korean locales.

  • On 64-bit Linux operating systems, using the Non UTF-8 locale for Japanese, Korean, Simplified Chinese and Traditional Chinese.

This is caused because the English word "Optional" gets translated in the MW_HOME/oracle_common/inventory/ContentsXML/comps.xml file.

There are two work arounds for this issue:

  1. Manually specify the Oracle Identity Management Oracle home directory you want to update, and then continue with the upgrade installation.

  2. Find all occurrences of the translated word and replace them with the English word "Optional" in the comps.xml file and then run the installer after you are finished making the changes. The word "Optional" appears with the following two parameters in the comps.xml file:

    DEP_GRP_NAME="Optional"
    EXT_NAME="Optional"
    

    Note:

    The comps.xml file is an important file used by the Oracle Universal Installer so it is important that you do not make any errors while editing this file. You should make a backup copy of this file before you make any changes.


2.2.5.4 Uploading Third Party JAR Files to the Database

During the update of Oracle Identity and Access Management to 11g Release 1 (11.1.1.5.0), third party JAR files (for example, ldapbp.jar which is required for connector functionality) that are present in the file system are not uploaded to database by the upgrade process. You must manually upload these JAR files to the database using the UploadJars.sh utility.

For more information, see the "Upload JAR and Resource Bundle Utilities" chapter in Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

2.2.5.5 Access Policy With Approval Does Not Work After Patch

In 11g Release 1 (11.1.1.5.0), the following new policies are introduced for Oracle Entitlements Server (OES):

  • SelfServiceUserManagementPolicies.xml

  • UserManagementPolicies.xml

Because of this change, a request for approval is not generated when a new policy with approval is added.

To work around this issue, add the "Request Administrator" role to the "Access Policy Based Provisioning" request template:

  1. Login to "Advance Console."

  2. Go to Request Templates on the Configuration tab.

  3. Search for and open the "Access Policy Based Provisioning" request template.

  4. Go to the Template User Roles tab on the Template Details page.

  5. From the left pane in "Available Roles," search for and assign the "Request Administrators" role.

    The assigned role will appear in the right pane under "Selected Roles."

  6. Save the request template.

2.2.5.6 OID and OVD Saved Connections Not Available After Patch From 11g Release 1 (11.1.1.2.0) or 11g Release 1 (11.1.1.3.0)

If you are patching Oracle Internet Directory (OID) or Oracle Virtual Directory (OVD) from 11g Release 1 (11.1.1.2.0) or 11g Release 1 (11.1.1.3.0) to 11g Release 1 (11.1.1.4.0) or later, your saved connections in the previous releases will not be available after the patch.

If you are patching from 11g Release 1 (11.1.1.4.0) to any later release, then your saved connections in OID and OVD will be available.

There is no work around for this issue.

2.2.5.7 Harmless Error When Running the upgradeOpss() Command When Upgrading Oracle Identity Management

During the upgrade of Oracle Identity Manager 11g Release 1 (11.1.1.3.0) to 11g Release 1 (11.1.1.5.0), you are asked to run the upgradeOpss WLST (online) command to update Oracle Platform Security Services (OPSS).

The following message will be visible on the console when you run the upgradeOpss command:

WLS ManagedService is not up running. Fall back to use system properties for configuration.
date_and_time oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy <init>
WARNING: No identity store associate with policy store found.
Upgrade of jps configuration and security stores is done.

This message is harmless and can be safely ignored.

2.2.5.8 Harmless Errors in the Log Files After Patching Oracle Identity Management to 11g Release 1 (11.1.1.4.0)

After patching and configuring Oracle Identity Management to 11g Release 1 (11.1.1.4.0), the following errors are seen in the wls_oif1-diagnostics.log file when Single Sign-On is used for Oracle Identity Federation:

[2010-08-05T13:05:30.754-07:00] [wls_oif1] [INCIDENT_ERROR] [FED-10174]
[oracle.security.fed.model.config.Configuration] [tid:
[ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: <anonymous>] [ecid:
42ef6c66fe18f3ad:291f353a:12a43da27c1:-8000-0000000000000021,0] [APP:
OIF#11.1.1.2.0] [arg: certvalidationtimeout] Property was not found:
certvalidationtimeout.
.
[2010-08-05T13:05:37.174-07:00] [wls_oif1] [INCIDENT_ERROR] [FED-10174]
[oracle.security.fed.model.config.Configuration] [tid:
[ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: <anonymous>] [ecid:
42ef6c66fe18f3ad:291f353a:12a43da27c1:-8000-0000000000000021,0] [APP:
OIF#11.1.1.2.0] [arg: schemavalidationenabled] Property was not found:
schemavalidationenabled

[2010-08-06T17:09:23.861-07:00] [wls_oif1] [INCIDENT_ERROR] [FED-10174]
[oracle.security.fed.model.config.Configuration] [tid:
[ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: <anonymous>] [ecid:
f6d9b81289e40cee:42d4f595:12a49b7af7a:-8000-000000000000086f,0] [APP:
OIF#11.1.1.2.0] [arg: certpathvalidationenabled] Property was not found:
certpathvalidationenabled.
 
[2010-08-06T17:11:27.173-07:00] [wls_oif1] [INCIDENT_ERROR] [FED-10174]
[oracle.security.fed.model.config.Configuration] [tid:
[ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: <anonymous>] [ecid:
f6d9b81289e40cee:42d4f595:12a49b7af7a:-8000-00000000000009a0,0] [APP:
OIF#11.1.1.2.0] [arg: httpheaderattrcollector] Property was not found:
httpheaderattrcollector. 

There errors are harmless and can be safely ignored.

To avoid seeing these errors, run the oif-upgrade-11.1.1.2.0-11.1.1.4.0.py script after you have patched your software to 11.1.1.4.0 as described in "Updating Configuration Properties in Oracle Identity Federation" in the Oracle Fusion Middleware Patching Guide.

2.2.5.9 Harmless Warning Message When Migrating Oracle Identity Federation from 11g Release 1 (11.1.1.1.0) to 11g Release 1 (11.1.1.2.0)

When you are using the Patch Assistant migration scripts to migrate Oracle Identity Federation from 11g Release 1 (11.1.1.1.0) to 11g Release 1 (11.1.1.2.0), you may see the following error message:

WLSTException: Error occured while performing addHelpCommandGroup : Error
getting resource bundle: : Can't find bundle for base name
oifWLSTResourceBundle, locale en_US

This message is harmless and can be safely ignored.

2.2.5.10 Harmless Errors Logged When Patching Oracle Identity Management 11g Release 1 (11.1.1.2.0) to 11g Release 1 (11.1.1.3.0)

You may see some of the following error messages in installation log files after patching an Oracle Identity Management 11g Release 1 (11.1.1.2.0) installation to 11g Release 1 (11.1.1.3.0):

External name..INVALID_ORACLE_DIRECTORY_MSG_STRING

In doFinish method checking for inventory lock...InstallProgressPage

Next page is a progress page and the inventory lock is false

/bin/chmod: changing permissions of ORACLE_HOME/install/root.log': Operation not permitted

/bin/chmod: changing permissions of ORACLE_HOME/bin/nmhs': Operation not permitted

/bin/chmod: changing permissions of ORACLE_HOME/bin/nmb': Operation not permitted

/bin/chmod: changing permissions of ORACLE_HOME/bin/nmo': Operation not permitted

inventoryLocation: /scratch/aime1/oraInventory

Mode:init

Such messages can be ignored.

2.2.5.11 Harmless Exception Seen When Starting Oracle Identity Management Server 11g Release 1 (11.1.1.5.0)

After updating Oracle Identity Management to 11g Release 1 (11.1.1.5.0), the following exception may be seen when starting Oracle Identity Management Server:

java.lang.ClassNotFoundException: ADP ClassLoader failed to load:com.thortech.xl.schedule.tasks.tcTskScheduledProvision

This error is harmless and can be safely ignored.

2.2.6 Issues Pertaining to Patching System Components

This section contains the following:

2.2.6.1 Granting Access to Network-Related Packages for the Oracle Portal Schema

While running the Patch Set Assistant to upgrade the schema for Oracle Portal 11g Release 1 (11.1.1.4.0) in an environment where Oracle Single Sign-On 10.1.4.3 is running against Oracle Internet Directory 11g and Oracle Database 11.2.0.2, the following exception is encountered:

ORA-24247: network access denied by access control list (ACL)

To address this issue when executing network-related packages, access must be granted to the user using these packages. You must create the ACL for the ORASSO schema user, and assign it to the OID host. Then, you must run the wdbigra.sql script, which gives the required grants to Oracle Portal schema.

  1. Grant the ACL for the PORTAL schema user and assign it for the OID host.

    Connect as sys as sysdba and assign the ACL as in the example below, where examplehost.exampledomain.com is the OID hostname and the DEV_PORTAL is the Oracle Portal schema specified for the installation:

    DECLARE
    acl_path VARCHAR2(4000);
     
    BEGIN
     
    SELECT acl INTO acl_path FROM dba_network_acls
    WHERE host = 'examplehost.exampledomain.com' AND lower_port IS NULL AND upper_port IS NULL;
    dbms_output.put_line('acl_path = '|| acl_path);
    dbms_output.put_line('ACL already Exists. Checks for Privilege and add the Privilege');
    IF DBMS_NETWORK_ACL_ADMIN.check_privilege(acl_path,'DEV_PORTAL','connect') IS NULL THEN
       DBMS_NETWORK_ACL_ADMIN.add_privilege (
       acl => acl_path,
       principal => 'DEV_PORTAL',
       is_grant => TRUE,
       privilege => 'connect');
    END IF; 
    END;
    /
    COMMIT;
    

    When no ACL has been assigned for the OID host, create the ACL:

    EXCEPTION
    WHEN no_data_found THEN
    
    DBMS_NETWORK_ACL_ADMIN.create_acl (
       acl => 'sso_oid.xml',
       description => 'ACL for SSO to connect to OID',
       principal => 'ORASSO',
       is_grant => TRUE,
       privilege => 'connect');
     
    DBMS_NETWORK_ACL_ADMIN.assign_acl (
       acl => 'sso_oid.xml',
       host => 'examplehost.exampledomain.com');
    END;
    /
    COMMIT; 
    

    Use the following SQL command to verify that the ACL was created:

    select * from dba_network_acls; 
    
  2. Modify the values of the host and schema in the wdbigra.sql file, located in the ORACLE_HOME/upgrade/portal/admin/plsql/wwv directory.

    Change the following:

    host varchar2(1)        := '*';
    schema varchar2(2000)   := upper('&&1'); 
    

    To the following:

    host varchar2(1)        := '&OID_HOST';
    schema varchar2(2000)   := upper('&PORTAL_SCHEMA'); 
    
  3. Run the wdbigra.sql script to give the grants to the Oracle Portal schema.

    The script will prompt you for the following:

    • The value for the oid_host.

      Specify the host where Oracle Internet Directory is running (for example, examplehost.exampledomain.com).

    • The value for the portal_schema.

      Specify the prefix and schema name (for example, DEV_PORTAL).

2.2.6.2 Redeploy System Components to Ensure Proper Deinstallation

After you have patched your system component software (Oracle Portal, Forms, Reports and Discoverer, Oracle Identity Management, or Oracle Web Tier) and started all services, you must manually redeploy your system components if you are extending your existing domain. To do so, follow the instructions to redeploy in the "Upgrading System Components" section of the Oracle Fusion Middleware Patching Guide.

If you do not redeploy your system components, you will encounter problems when you attempt to remove them.

2.2.6.3 Setting Execute Permissions for emctl When Migrating System Components

When you migrate any 11g Release 1 (11.1.1.1.0) system component to 11g Release 1 (11.1.1.2.0), the following error message can be seen on the console window:

Process (index=1,uid=1270434032,pid=0)
Executable file does not have execute permission.

INSTANCE_HOME/EMAGENT/EMAGENT/bin/emctl
failed to start a managed process after the maximum retry limit
Executable file does not have execute permission.

The work around is to manually change the permissions of the emctl executable. For example:

chmod +x INSTANCE_HOME/EMAGENT/EMAGENT/bin/emctl

After changing the permissions, restart all the opmnctl processes.

2.2.7 Issues Pertaining to Version Numbers After Patching

This section contains the following:

2.2.7.1 Some Applications Show Old Version Number After Patching

After you patch your Oracle Fusion Middleware environment, some applications still show the version number from previous releases. For example, after you patch Oracle WebLogic Server 10.3.4 to the latest release, the version number is still shown as 10.3.4.

There is no work around for this issue.

2.2.7.2 MDS Schema Version Number is Incorrect

If you are running Fusion Middleware products that use the Metadata Services schema (MDS) and your Fusion Middleware products are older than 11g Release 1 (11.1.1.4.0), the schema version number for the MDS schema in Enterprise Manager will be the previous release number, even if you have updated the MDS schema to 11g Release 1 (11.1.1.4.0).

In order for the MDS schema version number to appear correctly, both the schema and the Fusion Middleware product software must be up to date with the most recent version.

2.2.7.3 Oracle BI Components Show Incorrect Version Number After Patching

After you patch your existing Oracle Business Intelligence (BI) software to 11g Release 1 (11.1.1.4.0), some Oracle BI components (for example, Oracle BI Publisher or Oracle RTD) will still show the version number from your previous release when viewed using Oracle Enterprise Manager.

There is no work around for this issue.

2.2.7.4 Adding the Version Number for the odi-sdk-ws Application in config.xml

In 11g Release 1 (11.1.1.6.0), the odi-sdk-ws application was updated to introduce a version number. If you are upgrading the odi-sdk-ws application to 11g Release 1 (11.1.1.6.0) from any previous release, this version number must be added to the config.xml file prior to starting the Administration server or Managed Servers in the domain.

To do this:

  1. Edit the DOMAIN_HOME/config/config.xml file.

  2. Change the following line:

    <name>odi-sdk-ws</name>
    

    To add a version number, as follows:

    <name>odi-sdk-ws#11.1.1.6.0.1</name>
    
  3. Start or restart the Administration Server and Managed Servers in the domain.

2.2.8 Issues Pertaining to Displays During or After Patching

This section contains the following:

2.2.8.1 Pages in Oracle Enterprise Manager and Oracle Directory Services Manager do not Display Correctly

After upgrading to 11g Release 1 (11.1.1.7.0), if you encounter problems with pages in Oracle Enterprise Manager (EM) or Oracle Directory Services Manager (ODSM) not being displayed correctly, do the following before starting all the servers in the domain:

  1. Add the value -XX:-UseSSE42Intrinsics to the DOMAIN_HOME/bin/setDomainEnv.sh file as follows:

    Find the following section of code:

    if [ "${JAVA_VENDOR}" = "Sun" ] ; then
            MEM_ARGS="${MEM_ARGS} ${MEM_DEV_ARGS} ${MEM_MAX_PERM_SIZE}"
            export MEM_ARGS
    fi
     
    if [ "${JAVA_VENDOR}" = "HP" ] ; then
            MEM_ARGS="${MEM_ARGS} ${MEM_MAX_PERM_SIZE}"
            export MEM_ARGS
    fi
     
    if [ "${JAVA_VENDOR}" = "Apple" ] ; then
            MEM_ARGS="${MEM_ARGS} ${MEM_MAX_PERM_SIZE}"
            export MEM_ARGS
    fi
    

    And change it to:

    if [ "${JAVA_VENDOR}" = "Sun" ] ; then
            MEM_ARGS="${MEM_ARGS} ${MEM_DEV_ARGS} ${MEM_MAX_PERM_SIZE} -XX:-UseSSE42Intrinsics"
            export MEM_ARGS
    fi
     
    if [ "${JAVA_VENDOR}" = "HP" ] ; then
            MEM_ARGS="${MEM_ARGS} ${MEM_MAX_PERM_SIZE} -XX:-UseSSE42Intrinsics"
            export MEM_ARGS
    fi
     
    if [ "${JAVA_VENDOR}" = "Apple" ] ; then
            MEM_ARGS="${MEM_ARGS} ${MEM_MAX_PERM_SIZE} -XX:-UseSSE42Intrinsics"
            export MEM_ARGS
    fi
    
  2. For Oracle EM, remove the .css file from the following directory:

    On UNIX operating systems:

    DOMAIN_HOME/servers/AdminServer/tmp/_WL_user/em/random_dir/public/adf/styles/cache
    

    On Windows operating systems:

    DOMAIN_HOME\servers\AdminServer\tmp\_WL_user\em\random_dir\public\adf\styles\cache
    
  3. For ODSM, remove the .css file from the following directory:

    On UNIX operating systems:

    DOMAIN_HOME/servers/wls_ods1/tmp/_WL_user/odsm_release/random_dir/public/adf/styles/cache
    

    On Windows operating systems:

    DOMAIN_HOME\servers\wls_ods1\tmp\_WL_user\odsm_release\random_dir\public\adf\styles\cache
    
  4. Clear your browser cache to remove any browser clients that visited the sites using the .css file you just removed.

  5. Start or restart all the servers in the domain.

2.2.8.2 Patch Set Assistant Does Not Display Multi-Byte Characters on Oracle Linux 6

On Oracle Linux 6 operating systems, the Patch Set Assistant does not display multi-byte characters (for example, Japanese, Korean, and both simplified and traditional Chinese).

To work around this issue:

  1. Go to the Oracle Common home directory.

  2. Save the jdk directory to a temporary jdk directory. For example:

    mv jdk jdk_save
    
  3. Create a link to the jdk1.7.0 directory on your system. For example:

    ln -s /home/Oracle/Products/jdk/jdk1.7.0 jdk
    
  4. Set the following environment variables (for example, if you wanted to display Japanese characters):

    setenv LANG ja_JP
    setenv LC_ALL ja_JP
    
  5. Run the Patch Set Assistant from the ORACLE_HOME/bin directory.

It is recommended that you use this work around only for the duration needed to run the Patch Set Assistant; you should restore your environment to their original settings after you are finished.

2.2.9 Warning and Error Messages Seen as a Result of Patching

This section contains the following:

2.2.9.1 Harmless Warnings When Running upgradeOpss()

When running the upgradeOpss() WLST command to upgrade configurations and stores to 11g Release 1 (11.1.1.4.0), the following error messages may be seen:

oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy
migrateData
WARNING: cannot migrate a global grant. Reason
oracle.security.jps.service.policystore.PolicyStoreException: Found 2 permissions
in the store matching: ([PermissionEntry:class=java.util.PropertyPermission
target=weblogic.Name resourceType=null actions=read,PERMISSION, name=null,
uniqueName=null, guid=null]
[jaznGranteeDn=orclguid=AC171BF0E72711DEBF9CCF0B93FB22A1,cn=Grantees,
cn=JAASPolicy,cn=systempolicy,cn=webcenter,cn=JPSContext,cn=jpsroot_webcenter_IR14_prod}),
[PermissionEntry: class=java.util.PropertyPermission target=weblogic.Name
resourceType=null actions=read,PERMISSION, name=8228FD8036F711DEAF24DB7D80B2D07C,
uniqueName=orclguid=8228FD8036F711DEAF24DB7D80B2D07C,cn=Permissions,cn=JAASPolicy,
cn=systempolicy,cn=webcenter,cn=JPSContext,cn=jpsroot_webcenter_IR14_prod, 
guid=8228FD8036F711DEAF24DB7D80B2D07C]
[jaznGranteeDn=orclguid=822505e036f711deaf24db7d80b2d07c,cn=grantees,cn=jaas
policy,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_prod}1
[PermissionEntry: class=java.util.PropertyPermission target=weblogic.Name 
resourceType=null actions=read,PERMISSION, name=8228FD8036F711DEAF24DB7D80B2D07C, 
uniqueName=orclguid=8228FD8036F711DEAF24DB7D80B2D07C,cn=Permissions,cn=JAASPolicy,
cn=systempolicy,cn=webcenter,cn=JPSContext,cn=jpsroot_webcenter_IR14_prod, 
guid=8228FD8036F711DEAF24DB7D80B2D07C]
[jaznGranteeDn=orclguid=822505e036f711deaf24db7d80b2d07c,cn=grantees,cn=jaaspolicy
,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_prod}
[PermissionEntry: class=java.util.PropertyPermission target=weblogic.Name 
resourceType=null actions=read,PERMISSION, name=AC198CF0E72711DEBF9CCF0B93FB22A1, 
uniqueName=orclguid=AC198CF0E72711DEBF9CCF0B93FB22A1,cn=Permissions,cn=JAASPolicy,
cn=systempolicy,cn=webcenter,cn=JPSContext,cn=jpsroot_webcenter_IR14_prod, guid=AC198CF0E72711DEBF9CCF0B93FB22A1]
[jaznGranteeDn=orclguid=822505e036f711deaf24db7d80b2d07c,cn=grantees,cn=jaaspolicy
,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_prod}
[jaznGranteeDn=orclguid=ac171bf0e72711debf9ccf0b93fb22a1,cn=grantees,cn=jaaspolicy
,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_prod}2
[PermissionEntry: class=java.util.PropertyPermission target=weblogic.Name 
resourceType=null actions=read,PERMISSION, name=AC198CF0E72711DEBF9CCF0B93FB22A1,
uniqueName=orclguid=AC198CF0E72711DEBF9CCF0B93FB22A1,cn=Permissions,cn=JAASPolicy,
cn=systempolicy,cn=webcenter,cn=JPSContext,cn=jpsroot_webcenter_IR14_prod, 
guid=AC198CF0E72711DEBF9CCF0B93FB22A1]
[jaznGranteeDn=orclguid=822505e036f711deaf24db7d80b2d07c,cn=grantees,cn=jaaspolicy
,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_
prod}[jaznGranteeDn=orclguid=ac171bf0e72711debf9ccf0b93fb22a1,cn=grantees,cn=jaas
policy,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_prod}

These messages are harmless and can be safely ignored.

2.2.9.2 Harmless Warning Message in Log File When Patching Multiple Products to the Same Version

In a scenario where you have a product that is already patched to version 11g Release 1 (11.1.1.3.0) in a Middleware home, and then you attempt to patch a second product to the same version in the same Middleware home, a warning message similar to the following will appear in the installtimestamp.out file:

Attempting to install 1 patches
Mar 3, 2010 1:00:07 PM [THREAD: Thread-1]
com.bea.cie.paf.internal.attach.PatchManagerImpl install
WARNING: Warning:  Patch already installed: PBY8
 
Patch installation success
Patch installation success
Success..
[SOARootService.getRootActions] autoPortsDetect =null
[SOARootService.getRootActions] privilegedPorts =null

This warning message can be safely ignored.

2.2.9.3 Error When Accessing the Oracle Portal Home Page

If you are upgrading to Oracle Portal 11g Release 1 (11.1.1.6.) from any previous release, the following error message is displayed in the browser when accessing the Oracle Portal home page:

XML Parsing Error: syntax error
Location: http://exampleserver.exampledomain:port/portal/pls/portal/dev_portal.home
Line Number 1, Column 1:An error occurred while processing the request. Try refreshing your browser. If the problem persists contact the site administrator
î

This occurs because the Web Cache invalidation password stored in Web Cache and the password stored in the Portal repository are not the same.

To resolve this issue:

  1. Reset the Oracle Web Cache invalidator password in the Administration repository:

    1. Log in to Enterprise Manager in the domain where Web Cache is running:

      http://administration_server_host:administration_server_port/em
      
    2. From the navigation section on the left, open "Web Tier" then click on the Web Cache instance name.

    3. Find the drop-down menu on the right-hand side of the page under the Web Cache instance name, then select Administration > Password from the menu.

    4. Specify a new invalidation password.

    5. Restart Oracle Web Cache.

  2. Reset the Oracle Web Cache invalidator password in the Oracle Portal repository:

    1. Log in to Enterprise Manager in the domain where Oracle Portal is running:

      http://administration_server_host:administration_server_port/em
      
    2. From the navigation section on the left, open "Portal" then click on the Oracle Portal Managed Server name.

    3. Find the drop-down menu on the right-hand side of the page under the Oracle Portal instance name, then select Settings > Wire Configuration from the menu.

    4. Specify a new invalidation password - the same password you specified in the Administration repository.


      Note:

      the "Invalidation User" user name should be same as the user name used on the Oracle Web Cache side.


    5. Click Apply.

      There is a known issue at this point - refer to "Resolving JDBC Errors in Oracle Reports and Oracle Portal" in the Oracle Fusion Middleware Patching Guide for more information.

    6. Delete the Oracle Portal File Cache in the ORACLE_INSTANCE/portal/cache directory.

    7. Restart Oracle Web Cache and the Oracle Portal Managed Server.

2.2.9.4 Applications Generate javax.xml.bind.JAXBException Runtime Errors After Installing 11g Release 1 (11.1.1.4.0) Patch Set

If any of the applications you deployed on Oracle Fusion Middleware 11g Release 1 (11.1.1.2.0) or 11g Release 1 (11.1.1.3.0) include EclipseLink-JAXB classes that have no-arg constructors missing, then after you install 11g Release 1 (11.1.1.4.0), the application might generate the following exceptions during runtime:

javax.xml.bind.JAXBException

To avoid this error:

  1. Modify the classes and add default no-arg constructors where necessary.

  2. Compile and redeploy your project to the newly patched Oracle Fusion Middleware 11g Release 1 (11.1.1.4.0) domain.

Below is an example of a typical no-arg constructor:

public class PriceQuote implements Serializable
{
   // Make sure you have constructor with no arguments
   public PriceQuote() }
   }
}

2.2.10 Oracle Configuration Manager Fails When Patching Oracle Identity Management and Oracle Web Tier

If you are upgrading Oracle Identity Management or Oracle Web Tier to 11g Release 1 (11.1.1.7.0) from any release prior to and not including 11g Release 1 (11.1.1.6.0), and you did not previously configure Oracle Configuration Manager, then Oracle Configuration Manager will fail if you decide to configure it in 11g Release 1 (11.1.1.7.0).

To work around this issue, you can do the following prior to running the 11g Release 1 (11.1.1.7.0) configuration wizard:

  1. Go to the ORACLE_HOME/ccr/bin directory.

  2. Run the following commands:

    setupCCR
    configCCR
    emCCR collect
    emCCR status
    

You can also do the following if you choose to skip the Oracle Configuration Manager configuration when you initially run the 11g Release 1 (11.1.1.7.0) configuration wizard but then choose to configure it later:

  1. Go to the ORACLE_HOME/ccr/bin directory.

  2. Set the ORACLE_CONFIG_HOME environment variable to your Instance home directory.

  3. Run the following commands:

    setupCCR
    configCCR
    emCCR collect
    emCCR status
    

2.2.11 Resolving Oracle Service Bus Object Conflicts

After patching Oracle Service Bus, it is possible that some older objects in the server cache could conflict with the newer version of Oracle Service Bus objects. To clear the cache and prevent these conflicts, delete the DOMAIN_HOME/tmp/cache/stage folder.

You can delete this folder either prior to patching, or after patching. If you do this after patching your software, you must remember to shut down and restart all the servers.

2.2.12 Manual Step for ODI-BAM Users After Installing 11.1.1.4.0 Patch Set

If you are integrating Oracle Data Integrator (ODI) with Oracle Business Activity Monitoring, you should import a new version of the following knowledge module after you install the Oracle Fusion Middleware 11g Release 1 (11.1.1.4.0) patch set:

BAM_ORACLE_HOME/bam/ODI/knowledge modules/KM_RKM Oracle BAM.xml

For more information, see "Importing and Replacing Knowledge Modules" in the Oracle Fusion Middleware Developer's Guide for Oracle Data Integrator.

This new module includes bugs fixes and improvements made for the Oracle Fusion Middleware 11g Release 1 (11.1.1.4.0).

2.3 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics: