5 Platform Security Services

This chapter describes issues associated with Oracle Platform Security Services and Library Oracle Virtual Directory. It includes the following topics:

5.1 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

5.1.1 libovdconfig.bat script Does Not Support a Space in File Path

On the Microsoft Windows platform, the libovdconfig.bat script does not work if the path to your Java installation in the -jreLoc option includes a space character. For example, C:\Program Files\Java\jdk1.7.0_21.

The workaround is to provide the path to your Java installation in DOS 8.3 format.

For example:

-jreloc C:\Progra~1\Java\jdk1.7.0_21

5.1.2 Users with Same Name in Multiple Identity Stores

If a user name is present in more than one LDAP repository and the virtualize property is set to use LibOVD, then the data in only one of those repositories is returned when you query that user name with the User and Role API.

5.1.3 JNDI Connection Exception and JDK Version

JNDI Connections throw the javax.naming.NamingException: LDAP response read timed out, timeout used:-1ms exception.

This issue is found in domains configured to use an Oracle Identity Directory security store, or when using the User Role API or IGF/IDS against an LDAP identity store on any of the following JDK versions: Java SE 6u85, 7u72, or 8u20.

Workaround

Update the JDK to a version supported in this release. For certified JDK versions, see Oracle Fusion Middleware 12c Certifications at http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html.

5.1.4 Limitation on the Maximum Length of Policy Artifact Names and Stripe Names

Due to the limitation on the maximum column length of index in MS SQL Server, when using MS SQL Server as the OPSS security store, the OPSS policy artifact names and OPSS application policy stripe names cannot exceed 147 characters and 226 characters, respectively.

Currently, there is no workaround for this issue.

5.1.5 Limit USE Privilege to OPSS and IAU Schemas in Oracle EBR Environment

In Oracle Edition-based redefinition (EBR) environment, after creating an edition, OPSS recommends that you explicitly grant the USE privilege on the edition to OPSS schemas and Audit schemas, rather than granting the USE privilege on the edition to PUBLIC. For information about EBR, see Using Edition-Based Redefinition in Oracle Database Development Guide.

To grant the USE privilege on the edition to OPSS and AUDIT schemas, use the SQL statement GRANT USE ON EDITION in the following manner:

GRANT USE ON EDITION edition_name TO OPSS_SCHEMA;
GRANT USE ON EDITION edition_name TO IAU_SCHEMA;
GRANT USE ON EDITION edition_name TO IAU_APPEND_SCHEMA;
GRANT USE ON EDITION edition_name TO IAU_VIEWER_SCHEMA;
"""

For information about the GRANT statement, see Oracle Database SQL Language Reference.

5.2 WSLT Security Commands Issues

The following sections describe issues with security WLST commands:

5.2.1 listAppRoles Command Outputs Wrong Characters

On Linux and Windows platforms, when the locale is set to non-UTF8 locales, such as the fr_FR_iso88591 locale, the listAppRoles command may output the character '?' instead of the expected character.

5.2.2 listResources Command Throws Exception

The listResources command throws an exception if the optional type argument is not specified. The workaround is to specify a value for this argument.

5.3 Oracle Fusion Middleware Audit Framework

The following sections describe issues with the Oracle Fusion Middleware Audit Framework:

5.3.1 Configuring Auditing for Oracle Access Manager

Although Access Manager appears as a component in Fusion Middleware Control, you cannot configure auditing for Access Manager using Fusion Middleware Control.

5.3.2 Audit Reports do not Display Translated Text in Certain Locales

The standard audit reports packaged with Oracle Business Intelligence Publisher support a number of languages. Business Intelligence Publisher can start in different locales and, at start-up, you can specify the language of choice by setting the preferred locale in Preferences.

If you started Oracle Business Intelligence Publisher on any of the locales:
  • zh_CN (simplified chinese)

  • zh_TW (traditional chinese)

  • pt_BR (portuguese brazilian)

then the entire report including labels, headers, titles shows in English.

This issue will be fixed in a future release of Business Intelligence Publisher.

5.3.3 Audit Reports Always Display in English

The standard audit reports packaged with Business Intelligence Publisher support a number of languages, but report titles and descriptions are displayed in English even when they have been translated.

This issue will be fixed in a future release of Business Intelligence Publisher.

5.3.4 Property maxDirSize not used in Audit Service

The configuration property maxDirSize has been deprecated in Release 12c. It is no longer used in the OPSS audit service.

5.4 Documentation Errata

There are no documentation errata.