PK
&{\Eoa, mimetypeapplication/epub+zipPK &{\E iTunesMetadata.plisth
This chapter describes issues associated with Oracle Business Intelligence Discoverer. It includes the following topics:
Section 29.2, "Issues Specific to Oracle BI Discoverer Plus Relational"
Section 29.3, "Issues Specific to Oracle BI Discoverer Plus OLAP"
Section 29.4, "Issues Specific to Oracle BI Discoverer Portlet Provider"
Section 29.5, "Issues Specific to Oracle BI Discoverer Viewer"
Section 29.6, "Issues Specific to Oracle BI Discoverer EUL Command Line for Java"
Section 29.7, "Issues Specific to Oracle BI Discoverer Administrator"
This section describes general issues that affect more than one Discoverer component. It includes the following topics:
Section 29.1.1, "Issue while Creating Discoverer schema on Oracle Database 12g Release 1"
Section 29.1.2, "Issues with Metadata Repository and Oracle Database 10g Release 1"
Section 29.1.3, "Compatibility Issues with Required Support Files"
Section 29.1.5, "Additional Fonts Required for Non-ASCII Data When Exporting to PDF"
Section 29.1.6, "Query Prediction Requires the Majority of the Query Time"
Section 29.1.9, "Issues with Mac OS X Browser and Oracle BI Discoverer Plus"
Section 29.1.11, "Multibyte Characters Rendered as Square Boxes in Exported PDF and Other Formats"
Section 29.1.11, "Multibyte Characters Rendered as Square Boxes in Exported PDF and Other Formats"
Section 29.1.13, "HTTP 404 Error While Accessing Discoverer on a Remote Machine"
Section 29.1.14, "Error While Launching Discoverer Plus Applet on an IPv6 Environment"
Section 29.1.15, "Error While Updating the Discoverer Web Services Configuration Parameter"
Section 29.1.16, "Exception Logged for Discoverer Web-Based Applications in an Extended Domain"
Section 29.1.18, "Incorrect Version Number for Discoverer in Fusion Middleware Control 11g."
Section 29.1.19, "Oracle BI Discoverer Startup Fails after Shutdown."
Section 29.1.20, "The Database Export and Import Utility does not Work with Applications Mode EUL."
Section 29.1.21, "Install-level Scripts are not Updated in Existing Instances after Patching."
When you create Oracle Discoverer schema by using Repository Creation Utility (RCU) on Oracle Database 12g (12.1.0.0.0), you might get a similar error as follows:
ORA-01950: no privileges on tablespace 'DB6861_DISCO_PSTORE'
To work around this issue, edit the parameter file (pfile) by following the procedure below:
Create Oracle Database 12g.
Create a pfile by running the SQL command 'create pfile from spfile'. The user should have SYSDBA privileges to run this command.
Edit the pfile and add the parameter _resource_includes_unlimited_tablespace=TRUE
.
Shut down the database.
Create an spfile by running the SQL command 'create spfile from pfile'.
Start the database.
Alternatively, you can create the database in silent mode and specify the value of _resource_includes_unlimited_tablespace as TRUE
as in the following example:
./dbca -createDatabase -templateName General_Purpose.dbc -gdbName
db111.us.example.com -sid db111 -sysPassword Welcome1 -systemPassword Welcome1
-emConfiguration LOCAL -dbsnmpPassword Welcome1 -sysmanPassword Welcome1
-datafileJarLocation /dbhome_1/assistants/dbca/templates
-storageType FS -datafileDestination /db123/oradata
-responseFile NO_VALUE -characterset AL32UTF8 -obfuscatedPasswords false
-sampleSchema true -oratabLocation ORATAB -recoveryAreaDestination NO_VALUE
-initParams _resource_includes_unlimited_tablespace=TRUE -silent
When using Oracle Database 10g Release 1 (10.1.x) for the Metadata Repository or after upgrading the Metadata Repository to Oracle Database 10g Release 1, you might see the following error on the Oracle BI Discoverer Plus Connection pages, the Oracle BI Discoverer Viewer Connection pages, and the Public Connection definition page in Fusion Middleware Control:
The connection list is currently unavailable. ORA-06510: PL/SQL: unhandled user-defined exception ORA-06512: at "ORASSO.WWSSO_API_PRIVATE," line 258 ORA-06510: PL/SQL: unhandled user-defined exception ORA-06512: at "ORASSO.WWSSO_UTL" line 728 ORA-28231: no data passed to obfuscation toolkit ORA-06512: at line 1 Unable to retrieve connection list
To resolve this issue, make the following changes in the Metadata Repository database:
Edit the init%ORACLE_SID%.ora
file. This file exists either in the dbs
folder or the database
folder. For example, in Windows, this file is located in the DB_install_home/database/ folder.
Add the following line to this file:
event="10946 trace name context forever, level 36"
If an spfile%ORACLE_SID%.ora
exists in either the dbs
folder or the database
folder, rename the file to spfile%ORACLE_SID%.bak
. Changes to init%ORACLE_SID%.ora
are not loaded if the database server finds an spfile
.
Log in as a sysadmin
.
At the SQL prompt, shut down then start up the database server.
Restart the Oracle BI Discoverer server using the command opmnctl restartall
.
The Oracle Database and other Oracle database client software (for example, SQL*Plus, the database export utility) use Oracle Required Support Files (RSF).
Oracle BI Discoverer also uses Oracle Required Support Files (RSF), specifically RSF version 11.1.0.7. This version of the Oracle Required Support Files is installed during Oracle BI Discoverer installation.
Note that the Required Support Files version 11.1.0.7 is incompatible with earlier versions of Oracle Database 10g. So if the machine on which you install Oracle BI Discoverer already has a version of Oracle Database 10g or database client software that is earlier than 11.1.0.7, there will be compatibility issues. For example, if you install Oracle BI Discoverer and attempt to run a version of SQL*Plus earlier than 11.1.0.7, then the following error is displayed:
ORA-12557 TNS: protocol adapter not loadable
To avoid the compatibility issues, upgrade Oracle Database 10g or database client software on the machine to the same version (11.1.0.7) as the version of the Required Support Files that were installed with Oracle BI Discoverer.
This issue does not exist for Oracle9i Database Server.
You might notice unsightly font issues when using a non-English locale such as Czech. For example, when a worksheet uses a serif font, text in that worksheet might be displayed incorrectly on the screen and in printouts.
To work around this issue, update the file that maps the serif fonts. The name of this file differs depending on the locale in use. When you use Oracle BI Discoverer Plus Relational or Plus OLAP in English, the file is named file.properties
. If you use Oracle BI Discoverer in a non-English locale, then the file name includes the code for the locale, such as file.properties.cs
for Czech.
Update the mapping file with the following information:
serif.0=Times New Roman,EASTEUROPE_CHARSET serif.1=WingDings,SYMBOL_CHARSET,NEED_CONVERTED serif.2=Symbol,SYMBOL_CHARSET,NEED_CONVERTED
Consult the following Sun Web site for additional information about fonts:
http://java.sun.com/j2se/1.3/docs/guide/intl/addingfonts.html
If you are running Oracle BI Discoverer Plus Relational or Plus OLAP on a Macintosh or Linux client machine, you must add the appropriate font files to your client machine to allow exported PDF files to display non-ASCII data correctly.
These font files include Albany fonts with names such as ALBANWTJ.TTF
and ALBANWTK.TTF
. The files are stored in the /utilities/fonts
directory on the CD-ROM or DVD for the Oracle Application Server Metadata Repository Upgrade Assistant.
To install the additional required fonts:
Navigate to the /utilities/fonts
directory on the CD-ROM or DVD for the OracleAS Metadata Repository Upgrade Assistant.
Copy the appropriate Albany TTF file from the /utilities/fonts
directory to the plug-in directory in the $jdk
/jre/lib/fonts
directory on the Macintosh or Linux client machine.
When using Oracle BI Discoverer with a relational data source, you can predict the time that is required to retrieve information by setting the value of the QPPEnable preference to 1. However, in some circumstances, the majority of the time taken to retrieve information is consumed by the prediction activity itself.
To work around this issue, set the value of the QPPObtainCostMethod
preference to 0
(use the EXPLAIN PLAN
statement to predict query times) rather than to 1
(use dynamic views to predict query times).
For more information about setting preferences, see the Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer.
To use word wrap settings correctly, you must understand how they are designed for Oracle BI Discoverer:
Oracle BI Discoverer Plus: Word wrap settings that you make in Oracle BI Discoverer Plus are saved in the worksheet and affect the display of worksheets in Oracle BI Discoverer Plus and when printing to PDF.
Oracle BI Discoverer Viewer: Word wrap settings that you see in the Print Settings dialog work as follows:
The word wrap settings do not affect the display of worksheets in Oracle BI Discoverer Viewer.
For relational data:
The word wrap settings do affect the printing of worksheets to PDF.
If the Always wrap text when size exceeds column width box is checked, then the print settings in Oracle BI Discoverer Viewer do override the settings made in a worksheet in Oracle BI Discoverer Plus Relational for printing to PDF.
If the Always wrap text when size exceeds column width box is not checked, then the print settings in Oracle BI Discoverer Viewer do not override the settings made in a worksheet in Oracle BI Discoverer Plus Relational for printing to PDF.
For OLAP data:
The word wrap settings do not affect the printing of worksheets to PDF.
Regardless of whether the Always wrap text when size exceeds column width check box is selected, the print settings in Oracle BI Discoverer Viewer never override the settings made in a worksheet in Oracle BI Discoverer Plus OLAP for printing to PDF.
When you use Microsoft Internet Explorer, the Oracle BI Discoverer Plus Relational or Plus OLAP applet initialization and download dialog appears behind the browser window from which it was launched. After the applet is downloaded and initialized, it appears in front of the browser window from which it was launched.
To work around this issue:
Use a browser other than Internet Explorer, such as Netscape Navigator or Mozilla Firefox.
Use the Oracle BI Discoverer Plus URL parameter _plus_popup=false
, which is documented in the Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer.
The following are issues that you might encounter when you use the Safari browser on Mac OS X with Oracle BI Discoverer Plus Relational or Plus OLAP:
If you resize the browser window in the applet, then some parts of the content might be clipped. To work around this problem, always maximize the browser window for the applet when working with Mac OS X.
Keyboard combinations (also known as mnemonics) do not work in Oracle BI Discoverer Plus Relational and Plus OLAP.
For example, you cannot press Alt+F to access the File
menu.
In the Share Workbooks dialog of Oracle BI Discoverer Plus Relational, the leading characters of the "Shared:" list are clipped. In other words, the left edge of the list is truncated. For example, if you shared a workbook with DISCODEV
, then you will only see SCODEV
in the list. The title for the list is also truncated such that you see only the vertical line of the "d" in "Shared" and the colon (that is, "l:").
The dialog continues to work as expected, but you might have difficulty reading the names in the "Shared:" list.
This issue has no workaround.
Because of Sun JRE 1.4 bug 4688797, you might encounter issues when connecting to a database schema from a computer that has Turkish regional settings. You will encounter the issue when you attempt to connect to a database schema with a user name that contains certain letters, such as the letter 'I' or 'i', for example, in "bibdemo". See the Sun JRE bug for information on the letters that are affected.
To work around this issue, either do not use Turkish regional settings or use a user name that does not contain the affected letters.
When you export a workbook to PDF and other formats, multibyte characters (for example, Korean, Japanese, and Chinese characters) appear as square boxes.
To work around this issue, copy the following Albany fonts from ORACLE_HOME
/jdk/jre/lib/fonts
to the fonts
folder of your JDK (Oracle JRockit or Sun) within the MW_HOME
directory. For example, if you are using HP-UX JDK, you must copy the fonts to MW_HOME
/jre/jdk160_11/lib/fonts
.
AlbanWTJ.ttf
AlbanWTK.ttf
AlbanWTS.ttf
AlbanWTT.ttf
ALBANYWT.ttf
When you attempt to connect to Discoverer Plus by using the Mozilla Firefox browser on a machine that does not have Java 1.6 installed, the browser does not download the JRE 1.6 plug-in automatically. Instead, the browser displays the following message:
Additional plugins are required to display this page...
You must download the JRE 1.6 plug-in (by clicking the Install Missing Plugin link) and install it manually.
When you attempt to connect to Discoverer Plus, occasionally, the browser returns an HTTP 404 (File Not Found) error.
The page loads correctly when you refresh the browser a few times.
If the Web tier is on an IPv6 machine, when you start Discoverer Plus, the following error message might be displayed:
Attempt1. RMI protocol over JRMP transport: Connection refused to host: DiscoServerMahcineName;nested exception is: @ java.net.ConnectionException: Connection timed out
To work around this issue, in the System MBean Browser of Fusion Middleware Control, change the TransportProtocols attribute of the Plus Config MBean to "jrmp,http" (or "jrmp,https" if Discoverer Plus is accessed by using secure HTTP).
When you update the web services configuration parameter (Maximum Sessions) using the Discoverer Web Services Configuration page of Fusion Middleware Control and click Apply, the following error message is displayed:
Applying changes - Failed. Exception caught:
You can ignore the error message because the changes are applied even if the exception is thrown. Alternatively, you can update the MaxSessions attribute of the WebServicesConfig MBean in the System MBean Browser of Fusion Middleware Control.
When you extend a domain and add Discoverer application in a remote machine, you may see the following exception in the WebLogic Server log:
java.lang.IllegalArgumentException: ODL-52057: The handler 'disco-server-handler' is not defined.
To work around this issue, modify the log_handlers and loggers elements in the logging.xml file located in the DOMAIN_HOME
/config/fmwconfig/servers/
WLS_DISCO
folder of the machine where the domain exists.
In the log_handlers section, add the handlers as follows:
<log_handler name='discoverer-handler' class='oracle.core.ojdl.logging.ODLHandlerFactory'> <property name='path' value='${domain.home}/servers/${weblogic.Name}/logs/discoverer/diagnostic.log' /> <property name='maxFileSize' value='1048576'/> <property name='maxLogSize' value='10485760'/> <property name='format' value='ODL-Text'/> <property name='useSourceClassAndMethod' value='false'/> </log_handler> <log_handler name='disco-server-handler' class='oracle.core.ojdl.logging.ODLHandlerFactory'> <property name='path' value='${domain.home}/servers/${weblogic.Name}/logs/discoverer/server/diagnost ic.log'/> <property name='maxFileSize' value='1048576'/> <property name='maxLogSize' value='10485760'/> <property name='format' value='ODL-Text'/> </log_handler>
In the loggers sections, add the following elements:
<logger name='ORACLE.DISCOVERER.VIEWER' level='TRACE:32' useParentHandlers='false'> <handler name='discoverer-handler'/> <handler name='odl-handler'/> </logger> <logger name='ORACLE.DISCOVERER.PORTLET_PROVIDER' level='TRACE:32' useParentHandlers='false'> <handler name='discoverer-handler'/> <handler name='odl-handler'/> </logger> <logger name='ORACLE.DISCOVERER.MODEL' level='TRACE:32' useParentHandlers='false'> <handler name='discoverer-handler'/> <handler name='odl-handler'/> </logger> <logger name='ORACLE.DISCOVERER.WEB_SERVICES' level='TRACE:32' useParentHandlers='false'> <handler name='discoverer-handler'/> <handler name='odl-handler'/> </logger> <logger name='ORACLE.DISCOVERER.SERVER' level='TRACE:32' useParentHandlers='false'> <handler name='disco-server-handler'/> <handler name='odl-handler'/> </logger>
After adding these elements, save the logging.xml file, and restart the Administration Server and Discoverer Managed Servers.
When you recover the Oracle BI Discoverer middle tier from a backup, the Discoverer application URL in the Discoverer Home page of Fusion Middleware Control point to a wrong location.
You must configure the application URLs that appear on the Oracle BI Discoverer Home page in Fusion Middleware Control after recovering the Oracle BI Discoverer middle tier from a backup.
For more information, see "How to configure application URLs displayed on the Fusion Middleware Control Discoverer Home page" in the Oracle Business Intelligence Discoverer Configuration Guide.
In Fusion Middleware Control 11g, the Enterprise Manager Fusion Middleware Control pages display wrong version number (11.1.1.2.0) for the Oracle BI Discoverer application. The correct version number for Oracle BI Discoverer is 11.1.1.4.0.
When you first start up the Discoverer application from Oracle Enterprise Manager Fusion Middleware Control or Oracle WebLogic Administration Console after shutting down the application instance, the startup fails with error logs.
To work around this issue, start the Discoverer application again. The second time the application starts without any error message.
You cannot use the standard database export and import utilities to export or import the database, EUL tables and database objects referenced by the Applications Mode EUL definitions. The standard database export and import utility can be used only for standard EUL definitions.
To work around this issue, use the Discoverer Export Wizard in Discoverer Administrator to export EUL objects to an EUL export file (*.EEX). After exporting the EUL objects, you can import the .EEX file using the Discoverer Import Wizard.For more information, see "Creating and Maintaining End User Layers" in Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Discoverer.
When you upgrade Oracle Discoverer 11gR1 PS1 to 11gR1 PS2 or 11gR1 PS3, the patch will be installed in the ORACLE_HOME
folder. Therefore, script changes in the new patch set will not be available for existing Oracle Discoverer instances, which are located in the ORACLE_INSTANCE
folder. However, new instances that are created after the patch upgrade will be updated.
To work around this issue, after a patch upgrade manually copy the new scripts to the existing ORACLE_INSTANCE
folders. For example, copy the new discenv.sh
script file from ORACLE_HOME
to the ORACLE_INSTANCE
/Discoverer/
Discoverer_instance-name
/util/
folder.
For more information about Discoverer file locations, see "Oracle BI Discoverer Configuration Files" in Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer.
This section describes issues that are specific to Oracle BI Discoverer Plus Relational. It includes the following topics:
Section 29.2.2, "Non-ASCII Characters Not Saved Correctly in Title or Text Area"
Section 29.2.4, "Nonaggregable Values Not Displayed for Scheduled Workbooks"
When you run Oracle BI Discoverer Plus Relational with the Browser Look and Feel and an Asian language (such as Korean or Chinese), you might notice that static text and text in buttons in the user interface appears truncated or clipped. To work around this issue, do one of the following:
Change the Look and Feel to either Plastic or System.
Install Sun JRE 1.6.0_10+.
When you save a new workbook in Oracle BI Discoverer Plus, any text characters beyond the standard ASCII characters are not saved correctly when all the conditions that are described in the following list are met:
You are logged in as an Oracle e-Business Suite user.
The language for the computer is not English.
Oracle BI Discoverer Plus is running against an Oracle e-Business Suite database that does not have that non-English language installed.
This issue has no workaround.
If you cancel a query that is running in Oracle BI Discoverer Plus Relational, then you are prompted to either choose YES to undo the changes or NO to show a blank sheet. If you choose YES, then Oracle BI Discoverer Plus Relational hangs and you must close the window and restart.
To work around this issue, choose NO to show a blank worksheet. You can then refresh the sheet and continue working.
Oracle BI Discoverer Plus Relational does not display nonaggregable values for scheduled workbooks. In other words, Oracle BI Discoverer Plus Relational processes scheduled workbooks as if you selected the Show values that cannot be aggregated as: <Non-aggregable label> option in the Worksheet Properties dialog: Aggregation tab.
Nonaggregable values include those based on the following SQL functions:
A CASE
SQL statement
A DECODE
SQL statement
A PL/SQL function
A DISTINCT
SQL statement
An analytic function
If you use Oracle BI Discoverer Plus Relational to open a worksheet that was created using Oracle BI Discoverer Desktop Version 9.0.4 (or earlier), the size of the title area for that worksheet defaults to two lines in height. A title height of two lines might be a problem if a worksheet title requires more than or less than two lines. If you want to change the size of the title area, you must resize the title area manually and save the worksheet.
To resize the title area for a worksheet, open the worksheet and drag the bar at the bottom of the title area pane up or down.
This section describes issues that are specific to Oracle BI Discoverer Plus OLAP. It includes the following topics:
Section 29.3.5, "Link Tool Works Incorrectly in Some Locales"
Section 29.3.6, "Memory Issues when Exporting Extremely Large Graphs"
Section 29.3.7, "Issue While Printing Worksheets with Large Data Values"
There may be Oracle Business Intelligence Discoverer Plus applet download issues when caching has been enabled in the Sun Java Plug-In.
To avoid these issues, disable caching in the plug-in.
When you are running Netscape 7.x or Mozilla browsers, the Netscape and Mozilla Mail clients and Web browser may become disabled when Oracle BI Discoverer Plus OLAP modal dialogs are displayed.
Dismissing the Oracle BI Discoverer Plus OLAP dialogs resumes normal operation for the Netscape and Mozilla tools.
When you use the Tab
key to select items in a worksheet, the menus do not always synchronize to reflect the currently selected item.
This issue has no workaround.
The Esc
key does not close the following dialogs: Totals, New Total, Parameter, and Manage Catalog.
Instead of using the Esc key, click the Close or OK button.
The Link tool, which enables users to drill out to external URLs from a crosstab cell, might not work correctly in all locales due to URL encoding issues.
This issue has no workaround.
Exporting extremely large graphs can cause memory issues, requiring a restart of the Oracle BI Discoverer Plus OLAP session.
This issue has no workaround.
When printing a worksheet that contains large numbers in the data cells, the string ####### may be printed instead of the actual numbers.
This issue has no workaround.
The following issues exist with titles and text areas:
Nonempty titles and text areas are printed even if they are hidden in the worksheet.
This issue has no workaround.
When you set the title or text area background to green and export the worksheet to an HTML file, the background is incorrectly set to red in the exported file.
This issue has no workaround.
When you use JAWS, you will notice errors when you attempt to format graphs and crosstabs using the Format dialogs.
This issue has no workaround.
This section describes issues that are specific to Oracle BI Discoverer Portlet Provider. It includes the following topics:
Section 29.4.1, "Inability to Turn Off Display of Range Min and Max as Labels"
Section 29.4.3, "Issues with Discoverer Portlets in WebCenter"
Section 29.4.5, "Issue with Portlet Titles in Discoverer WSRP Portlets Published on IBM WebSphere"
Section 29.4.6, "Issue with Color and Date Pickers in Discoverer WSRP Portlets"
Section 29.4.8, "Issue with Worksheet Parameter LOV Pop-Up Window in Discoverer WSRP Portlets"
In the Display Options of a gauge portlet, the Minimum Value and Maximum Value range labels are selected but are also disabled so that you cannot deselect the display of those values. The values for the minimum and the maximum appear at the ends of every gauge in the set except for those gauges where the value to be gauged is out of the range of the minimum and the maximum values. For those gauges where the value to be displayed exceeds the range of the minimum and the maximum values, the gauge will automatically adjust to accommodate the value.
This issue has no workaround.
If you configure Oracle BI Discoverer Portlet Provider to work with Oracle Single Sign-On and SSL, then UIX images might not display correctly in Oracle BI Discoverer. For example, on the Connect to OracleBI Discoverer page, the expand icon (that is, the blue + symbol) in the Details column of the Discoverer connections list might not display correctly.
To address this issue, you must add certain server startup properties.
Start Enterprise Manager Fusion Middleware Control. For more information, see "Managing and Configuring Discoverer" in Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer.
Navigate to the WebLogic Server node (for example, WLS_DISCO) node, and click the WebLogic Server Administration Console link.
Select the Server Start tab on the Configurations page of the WebLogic Server Administration Console.
In the Arguments field, append the following lines, if they do not exist.
-Doracle.discoverer.applications.protocol=https
-Doracle.discoverer.applications.port=
port_no
Set port_no
to the HTTPS port number that you want to use (for example, 4443).
Restart the server.
The following issues exist for Discoverer portlets displayed in Oracle WebCenter.
When a Worksheet portlet is displayed in Oracle WebCenter, the links to navigate to the next set of records does not work.
When a List of Worksheets portlet is displayed in Oracle WebCenter, the Expand All Icons link does not work.
To work around these issues, set the RenderPortletInIFrame
attribute of the portlet tag to TRUE
. For more information, see "Setting Attribute Values for the Portlet Tag" in Oracle Fusion Middleware Developer's Guide for Oracle WebCenter.
When you publish Discoverer WSRP Portlets in portals other than Oracle Portal and Oracle WebCenter (such as Oracle WebLogic Portal and IBM WebSphere Portal), the pop-up windows for input selection will have the same page layout as the portal page with all navigation options. If you select any of these navigation options, the current portlet state will be lost. You might need to start publishing the portlet from the beginnng.
The issue has no workaround.
You cannot dynamically change the portlet title of a Discoverer WSRP portlet in IBM WebSphere after it is published. Static title is rendered in the portal for each portlet instance.
To work around this issue, set a meaningful title for the portlet by editing the title using the Set Title or Description option in the WebSphere portal. For more information about changing the title of a portlet, see WebSphere documentation.
The Color and Date pickers in Discoverer WSRP Portlets do not work on portals other than Oracle WebCenter.
On portals such as Oracle Portal, Oracle WebLogic Portal and IBM WebSphere, to workaround this issue, set the value of the configuration parameter useInlineUIXPicker
to true. The default value of this parameter is false. When you set the useInlineUIXPicker
parameter to true, set the color and date as follows:
Inline color pickers are enabled in the Gauges Selection page and you can select a color from the palette.
You cannot select the color using the Format option of the Personalize menu of the worksheet. Use the Analyze option in the portlet window to change the color.
The Date picker in the Refresh option will not be available. Enter the date manually.
The Worksheet Parameter LOV icon is not displayed when you publish Discoverer WSRP portlets in IBM WebSphere portal.To work around this issue, enter parameter values manually.
In Oracle Portal and Oracle WebLogic Portal, when you select values from the parameter LOV from a worksheet portlet published by using the Discoverer WSRP Portlet producer, the pop-up window is not getting closed on selection of values.You must explicitly close the pop-up window after selection of values.
This section describes issues that are specific to Oracle BI Discoverer Viewer. It includes the following topics:
Section 29.5.1, "Drill Icons Cannot Be Hidden in Oracle BI Discoverer Viewer"
Section 29.5.2, "Error Displaying Page for Multiple SSO Users"
Section 29.5.3, "Inability to Disable the Display of Row Numbers"
Section 29.5.4, "Issues with Oracle BI Discoverer Viewer Embedded in Frames"
Section 29.5.5, "Issue Exporting to PDF Under Certain Circumstances"
Section 29.5.7, "Discoverer Catalog Items Not Visible From UNIX Servers"
Section 29.5.8, "Known Bug with JAWS Prevents Drilling Using the Enter Key"
Section 29.5.9, "JAWS Does Not Read Asterisks that Precede Fields"
Section 29.5.10, "Oracle BI Discoverer Viewer Pages are not Cached by Oracle Web Cache"
The pref.txt
file contains a setting called ShowDrillIcon
, which is not functioning properly. If you set ShowDrillIcon
to False
, then drill icons are still displayed in Oracle BI Discoverer Viewer.
The issue has no workaround.
When an Oracle Single Sign-On (SSO) user tries to view a worksheet from a List of Worksheets Portlet by using the same browser window that is already being used by an SSO user to view that worksheet, the second user sees the following error message: "The page cannot be displayed
".
To work around this issue, start a new browser session and view the worksheet.
Oracle BI Discoverer Viewer no longer offers the ability to disable the display of row numbers in a tabular worksheet.
Users might see JavaScript errors such as "Access Denied
" or other unexpected behavior when both of the following conditions are met:
When Oracle BI Discoverer Viewer is embedded in an IFRAME tag.
When the domain of the server that hosts the HTML page with the IFRAME tag is different from the domain of the Oracle BI Discoverer server that is running Oracle BI Discoverer Viewer.
Use one of the following workarounds for this issue:
Run the Oracle BI Discoverer server and the server that hosts the HTML page with the IFRAME tag in the same domain.
Alter the Common2_2_20.js
file on the Oracle BI Discoverer server using the following steps:
Use Fusion Middleware Control to stop all services on the middle tier for Oracle Business Intelligence.
Make a backup copy of the Common2_2_20.js
file from the following directory:
domain
\servers\
managed_server
\stage\discoverer\
release
\discoverer\discoverer.war\cabo\jsLib
domain
is the path of directory that contains the domain.
managed_server
is the name of the managed server on which the Discoverer application is deployed.
release
is the release number of Discoverer. For example, 11.1.1.1.0
.
Edit the Common2_2_20.js
file and replace all occurrences of "parent._pprSomeAction" with "window._pprSomeAction".
Use Fusion Middleware Control to start all services on the middle tier for Oracle Business Intelligence.
Clear the browser cache on the client machine so that the new Common2_2_20.js
file will be used.
If you are using Oracle BI Discoverer Viewer with Microsoft Internet Explorer, you might encounter an error message when you try to export to PDF a worksheet that is named with non-ASCII characters, a space, and a number. The export fails and you will see a message similar to the following one:
No %PDF- in a file header
Use one of the following methods to work around this issue:
Use a browser other than Internet Explorer, such as one from Netscape or Mozilla.
Remove the space between the non-ASCII characters and the number, or remove the number altogether.
Continue to use Internet Explorer and leave the space in the worksheet name, but follow these steps:
Start the Adobe Reader.
From the Edit menu, choose Preferences, then click Internet.
Clear the Display PDF in browser box.
You can use Fusion Middleware Control to change the look and feel of Oracle BI Discoverer Viewer. That page contains a color chooser, or palette. If you use Fusion Middleware Control on Mac OS X with the Safari browser, then the page does not correctly enter the color code when you select a color from the palette.
To work around this issue, you can either use the Firefox browser or you can enter a color code directly.
The color codes are standard HTML hexadecimal color codes. You can enter one of the 49 colors that are available in the color palette, or you can enter any valid HTML hexadecimal color code.
The following list provides examples of colors with their codes:
You might encounter issues when trying to see items in the Discoverer Catalog when using Oracle BI Discoverer Viewer with OLAP data on UNIX servers.
You can resolve this issue on the middle-tier machine where Oracle BI Discoverer runs by performing the following steps.
To check whether the time zone variable is set:
Open a shell prompt.
Type echo $TZ
to display the time zone setting.
If no value is displayed, then the time zone has not been set.
To set the time zone variable:
Open a shell prompt.
Note: The UNIX user that sets the TZ variable must be the same UNIX user that installed Oracle Business Intelligence. |
If you do not know which shell you are using, type $echo $SHELL
to display the name of the current shell.
Set the time zone as appropriate.
For example, to set the time zone variable for US/Pacific time:
For the Bourne, Bash, or Korn shell, type export TZ=US/Pacific
For the C shell, type setenv TZ US/Pacific
Note: Consult the shell documentation for the appropriate values. |
Oracle BI Discoverer can be used in conjunction with assistive technologies such as the JAWS screen reader. However, a bug in JAWS prevents the drilling feature from working correctly in Oracle BI Discoverer Viewer when querying a relational data source.
Assume that you use the keyboard to navigate to the drill icon beside an item in the worksheet header. When you press the Enter
key to drill on that header item, the Drill page should be displayed as described in the "Worksheet Display page: (Page level tools and controls)" topic in the Help system and the Oracle Fusion Middleware User's Guide for Oracle Business Intelligence Discoverer Viewer).
However, when JAWS is running, the Drill page is not displayed. Instead, the Drill popup menu is displayed. It is not possible to select items from this popup menu by using the keyboard, and JAWS does not read the items on the popup menu.
This issue has no workaround.
In Oracle BI Discoverer Viewer, an asterisk that precedes a text field indicates that the user is required to enter a value into that text field. The JAWS screen reader does not read an asterisk that precedes a required text field and does not otherwise indicate that the field is required.
This issue has no workaround.
When using Oracle BI Discoverer with Oracle Web Cache, note the following:
When Oracle Single Sign-On is enabled, Oracle Web Cache does not cache Oracle BI Discoverer Viewer pages, regardless of whether they are accessed using a public connection or a private connection.
If an Oracle BI Discoverer Viewer page is accessed directly through a URL and the URL contains URL parameters that specify login details (for example, user name, database name), then Oracle Web Cache does not cache the page. For example, Oracle Web Cache does not cache worksheet "Sheet 1" in workbook "Workbook 2" that is displayed by using the following URL:
http://<host.domain>:<port>/discoverer/viewer?us=video5&db=db1&eul=VIDEO5&wbk=Workbook+2&ws=Sheet+1
Note: In the example above, |
However, Oracle Web Cache does cache worksheet "Sheet 1" in workbook "Workbook 2" if a user logs in manually to Oracle BI Discoverer Viewer by using the same login details, and navigates to the worksheet.
You must increase the delays for Oracle BI Discoverer Viewer by at least 60 seconds for Oracle BI Discoverer Viewer to properly cache workbooks with Oracle Web Cache.
For more information, see "How to configure Discoverer Viewer to enable maximum caching" in the Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer.
This section describes issues that are specific to Oracle BI Discoverer EUL Command Line for Java.
When you export multibyte or Eastern European data (such as the names of items and business areas in Japanese or Russian characters) from Oracle BI Discoverer EUL Command Line for Java on a platform other than Windows, the exported data is corrupted.
To work around this issue, edit the discwb.sh
file that is located in the ORACLE_HOME/discoverer
directory before exporting. Change the character set value in the NLS_LANG variable to UTF8.
For example, if the original setting of the variable is:
NLS_LANG="GERMAN_GERMANY.WE8ISO8859P1"
Change the setting to:
NLS_LANG="GERMAN_GERMANY.UTF8"
This section describes issues that are specific to Oracle BI Discoverer Administrator. It includes the following topic:
Before installing the video stores tutorial in Oracle Database 10g Enterprise Edition Release 2 (version 10.2.0.1 and higher), you must manually create the VIDEO5 user. If you attempt to install the video stores tutorial in Oracle Database 10g Enterprise Edition Release 2, then the installation will fail if the VIDEO5 user does not already exist. To work around this issue:
Create the VIDEO5 user manually by completing these steps:
Access Oracle Database 10g with SQL*Plus, Enterprise Manager, or any SQL command line tool.
Create the VIDEO5 user.
Grant CONNECT and RESOURCE privileges to the VIDEO5 user.
For more information about creating users and granting privileges, see the Oracle Database SQL Reference or your DBA
Connect to Discoverer Administrator as the EUL owner and install the tutorial. You must enter the VIDEO5 user password during installation.
For information about installing the video stores tutorial, see the Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Discoverer.
This chapter describes issues associated with Oracle Virtual Directory. It includes the following topics:
This section describes general issues and workarounds. It includes the following topics:
Manually Edit adapters.os_xml File When Creating DB Adapter For Sybase
ODSM Version Does Not Change in Enterprise Manager after Patching ODSM to 11.1.1.6.0
Oracle Directory Services Manager Browser Window is Not Usable
Identifying the DN Associated with an Access Control Point in Oracle Directory Services Manager
Issues With Oracle Virtual Directory Metrics in Fusion Middleware Control
Using a Wildcard when Performing an LDAPSEARCH on a TimesTen Database Causes an Operational Error
ODSM Version 11.1.1.4.0 Does Not Support OVD Versions 11.1.1.2.0 or 11.1.1.3.0
ODSM Version 11.1.1.5.0 Does Not Support OVD Versions 11.1.1.2.0, 11.1.1.3.0, or 11.1.1.4.0
Users with Non-ASCII Names Might Encounter Problems when Using ODSM with SSO
When you create an Oracle LDAP listener in Enterprise Manager, and then edit the listener's Change SSL setting by selecting Enable SSL for any SSL authorization, Enterprise Manager selects the ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
. If this ciphersuite is selected, then Oracle Virtual Directory will fail to start-up entirely.
Oracle Virtual Directory supports the following protocols:
TLSv1
SSLv2Hello
SSLv3
Note: For a complete list of the supported ciphers for each protocol, refer to the following location: |
To work around this issue, manually uncheck all of the ciphers listed for Enterprise Manager when configuring the ciphersuites.
When creating an EUS adapter using the wizard in ODSM, an error message periodically displays stating the adapters and ACLs were not created successfully.
To work around this issue, proceed as follows:
If the error occurred while you were loading ACLs, and only partial ACLs were loaded during EUS configuration, then you can manually load the remaining ACLs by running this command:
$ORACLE_HOME/bin/ldapmodify -c -v -h <ovd_host> -p <ovd_port> -D cn=orcladmin -w <orcladmin_password> -f $ORACLE_HOME/ovd/eus/eusACLTemplate.ldif
If the error occurred during any other step, then manually clean up the partial configuration from Oracle Virtual Directory by using the following steps, and then reconfigure Oracle Virtual Directory for EUS.
Delete all of the Local Store and LDAP EUS adapters created.
Delete the LSA EUS adapter data files from the local file system.
Undeploy the EUS py mapping based on your directory type (if it exists).
Click the EUS wizard icon again to reconfigure.
Creating a Database Adapter with Sybase as back-end causes Oracle Virtual Directory to fail with an Invalid Database Connection
error.
To work around this issue, you can manually edit the adapters.os_xml
file using the same Database connection information.
The Oracle Directory Services Manager version shown in Enterprise Manager is the application version, which does not change when you patch ODSM.
The Oracle Lifecycle team requires all Enterprise Manager components to retain the same application version. However, because customers want to know which ODSM version they are using, ODSM maintains the actual (patch) version and Enterprise Manager maintains the application version, which causes this mismatch.
This issue is a known issue, starting with version 11.1.1.3.0.
Due to a misplaced comment in the file odsmSkin.css
, some labels on the ODSM home page are not displayed correctly. Specifically, the labels in the diagram on the right are misplaced or missing.
To work around this issue, proceed as follows:
Stop the wls_ods1 managed server and the WebLogic Administration server.
Edit the file:
MW_HOME/user_projects/domains/DOMAIN_HOME/servers/MANAGED_SERVER_NAME/tmp/_WL_user/ODSM_VERSION_NUMBER/RANDOM_CHARACTERS/war/skins/odsmSkin.css
For example:
wlshome/user_projects/domains/base_domain/servers/wls_ods1/tmp/_WL_user/odsm_11.1.1.2.0/z5xils/war/skins/odsmSkin.css
Before editing, the odsmSkin.css
file looks like this:
@agent ie /*========== Fix for bug#7456880 ==========*/ { af|commandImageLink::image, af|commandImageLink::image-hover, af|commandImageLink::image-depressed { vertical-align:bottom; } }
Move the comment:
/*========== Fix for bug#7456880 ==========*/
so that it is above the line
@agent ie
After editing, the file should look like this:
/*========== Fix for bug#7456880 ==========*/ @agent ie { af|commandImageLink::image, af|commandImageLink::image-hover, af|commandImageLink::image-depressed { vertical-align:bottom; } }
Restart the WebLogic Administration server and the wls_ods1 managed server.
In some circumstances, after you launch Oracle Directory Services Manager from Fusion Middleware Control, then select a new Oracle Directory Services Manager task, the browser window might become unusable. For example, the window might refresh repeatedly, appear as a blank page, fail to accept user input, or display a null pointer error.
As a work around, go to the URL: http://host:port/odsm, where host and port specify the location where Oracle Directory Services Manager is running, for example, http://myserver.example.com:7005/odsm. You can then use the Oracle Directory Services Manager window to log in to a server.
Under certain circumstances, when managing multiple Oracle Virtual Directory components from the same Oracle Directory Services Manager session, exception or error messages may appear if you stop one of the Oracle Virtual Directory components. For example, you are managing Oracle Virtual Directory components named ovd1 and ovd2 from the same Oracle Directory Services Manager session. Both ovd1 and ovd2 are configured and running. If you stop ovd1, an exception or Target Unreachable message may appear when you try to navigate Oracle Directory Services Manager.
To work around this issue, exit the current Oracle Directory Services Manager session, close the web browser, and then reconnect to Oracle Virtual Directory components in a new Oracle Directory Services Manager session.
When you create an Access Control Point (ACP) using Oracle Directory Services Manager, the Relative Distinguished Name (RDN) of the DN where you created the ACP appears in the navigation tree on the left side of the screen. For example, if you create an ACP at the DN of cn=ForExample,dc=us,dc=sales,dc=west, then cn=ForExample appears in the navigation tree. After clicking an ACP in the navigation tree, its settings appear in the right side of the screen and the RDN it is associated with appears at the top of the page.
To identify the DN associated with an ACP, move the cursor over ("mouse-over") the ACP entry in the navigation tree. The full DN associated with the ACP will be displayed in a tool-tip dialog box.
Mousing-over ACPs in the navigation tree is useful when you have multiple ACPs associated with DNs that have identical RDNs, such as:
ACP 1 = cn=ForExample,dc=us,dc=sales,dc=west
ACP 2 = cn=ForExample,dc=us,dc=sales,dc=east
This topic describes issues with Oracle Virtual Directory metrics in Fusion Middleware Control, including:
If you upgraded an Oracle Virtual Directory Release 10g installation with plug-ins configured to execute on specific operations, such as add, bind, get, and so on, to 11g Release 1 (11.1.1), you may have to update those operation-specific plug-ins before you can use Fusion Middleware Control to view performance metrics.
After upgrading to 11g Release 1 (11.1.1) and performing some initial operations to verify the upgrade was successful, check the Oracle Virtual Directory home page in Fusion Middleware Control. You should see data for the Current Load and Average Response Time and Operations metrics.
If you do not see any data for these metrics, you must update the plug-ins configured to execute on specific operations. The work-around is to add the Performance Monitor plug-in to the operation-specific plug-in's configuration chain.
Perform the following steps to add the Performance Monitor plug-in to the operation-specific plug-in's configuration chain:
If the operation-specific plug-in is a Global-level plug-in, edit the server.os_xml file located in the ORACLE_INSTANCE/config/OVD/NAME_OF_OVD_COMPONENT/ directory.
If the operation-specific plug-in is an adapter-level plug-in, edit the adapters.os_xml file located in the ORACLE_INSTANCE/config/OVD/NAME_OF_OVD_COMPONENT/ directory.
Locate the pluginChains
element in the file. For example, if the Dump Transactions plug-in is configured to execute on the get operation, you will see something similar to the following:
Example 27-1 Dump Transactions Plug-In Configured for get Operation
<pluginChains xmlns="http://xmlns.oracle.com/iam/management/ovd/config/plugins"> <plugins> <plugin> <name>Dump Transactions</name> <class>com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions</class> <initParams> <param name="loglevel" value="info"/> </initParams> </plugin> <plugin> <name>Performance Monitor</name> <class>com.octetstring.vde.chain.plugins.performance.MonitorPerformance</class> <initParams/> </plugin> </plugins> <default> <plugin name="Performance Monitor"/> </default> <get> <plugin name="Dump Transactions"> <namespace>ou=DB,dc=oracle,dc=com </namespace> </plugin> </get> </pluginChains>
Add the following Performance Monitor plug-in element within the operation-specific configuration chain:
<plugin name="Performance Monitor"/>
For example:
Example 27-2 Adding the Performance Monitor to the Operation-Specific Plug-In Configuration Chain
<pluginChains xmlns="http://xmlns.oracle.com/iam/management/ovd/config/plugins">
<plugins>
<plugin>
<name>Dump Transactions</name>
<class>com.octetstring.vde.chain.plugins.DumpTransactions.DumpTransactions</class>
<initParams>
<param name="loglevel" value="info"/>
</initParams>
</plugin>
<plugin>
<name>Performance Monitor</name>
<class>com.octetstring.vde.chain.plugins.performance.MonitorPerformance</class>
<initParams/>
</plugin>
</plugins>
<default>
<plugin name="Performance Monitor"/>
</default>
<get>
<plugin name="Dump Transactions">
<namespace>ou=DB,dc=oracle,dc=com </namespace>
</plugin>
<plugin name="Performance Monitor"/>
</get>
</pluginChains>
Save the file.
Restart Oracle Virtual Directory.
Currently, a TimesTen bug is preventing wildcard searches (such as "cn=t*
") from working in a Database adapter with TimesTen.
To work around this problem, enable the Case Insensitive Search option and create the necessary linguistic indexes for any database columns used in the search.
For more information, see the related TimesTen Enhancement Request, Bug# 9885055 and Section 12.2.2 "Creating Database Adapters for Oracle TimesTen In-Memory Database" in the Oracle® Fusion Middleware Administrator's Guide for Oracle Virtual Directory.
Oracle Directory Services Manager Version 11.1.1.4.0 does not support Oracle Virtual Directory Versions 11.1.1.2.0 or 11.1.1.3.0.
Changes introduced in Oracle Directory Services Manager Version 11.1.1.4.0 improve configuration auditing, and these changes require that you use Oracle Virtual Directory 11.1.1.4.0.
Oracle Directory Services Manager Version 11.1.1.5.0 does not support Oracle Virtual Directory Versions 11.1.1.2.0, 11.1.1.3.0, or 11.1.1.4.0.
Changes introduced in Oracle Directory Services Manager Version 11.1.1.5.0 improve configuration auditing, and these changes require that you use Oracle Virtual Directory 11.1.1.5.0.
Oracle Directory Services Manager Version 11.1.1.6.0 does not support Oracle Virtual Directory Versions 11.1.1.1.0, 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0, or 11.1.15.0.
Changes introduced in Oracle Directory Services Manager Version 11.1.1.6.0 improve configuration auditing, and these changes require that you use Oracle Virtual Directory 11.1.1.6.0.
When ODSM is configured to use Oracle Access Manager 11g Release 1 (11.1.1.2) for single sign-on, a user whose name contains non-ASCII characters might observe the following issues after logging in:
The user name displayed on the Home page is garbled.
Single sign-on connections to Oracle Virtual Directory servers do not appear in the list of connections.
After upgrading Oracle Directory Services Manager, creating an attribute or an objectclass causes an NPE error.
Workaround:
Refresh the entries by clicking Refresh every time the creation fails.
An additional Patch 10365116 is required to enable the Account Lockout functionality.
In addition, Oracle Virtual Directory may not update the AD badpasswdcount until the account is fully locked out, which means AD badpasswdcount shows the correct number when it reaches the bad password count setting in AD.
The ODSM interface might not appear as described in Internet Explorer 7.
For example, the Logout link might not be displayed.
If this causes problems, upgrade to Internet Explorer 8 or 9 or use a different browser.
This section describes documentation errata in the Administrator's Guide for Oracle Virtual Directory. It includes the following topics:
Description of filterObjectClassOnModify Parameter is Incorrect
Deploying Oracle Unified Directory with Oracle Virtual Directory
The GroupURL
attribute that is described in section 11.5.1.1, "Configuring Admin Listener Settings Using WLST" of the Oracle® Fusion Middleware Administrator's Guide for Oracle Virtual Directory was documented using the wrong case. This attribute should be GroupUrl
, where only the "G
" and the "U
" are in uppercase letters.
The description provided for the filterObjectClassOnModify
parameter in the Oracle® Fusion Middleware Administrator's Guide for Oracle Virtual Directory states that it is a comma-separated list of attributes that are removed during the modify operation for a specific objectclass. This description should read as follows:
Use the filterObjectClassOnModify
parameter to remove objectClass entry changes on modify operations. Supported values include true (remove changes) and false (do not remove changes). Where true is the default. For example:
Parameter Name: filterObjectClassOnModify
Parameter Value: true, false
You can deploy Oracle Unified Directory as an LDAP data source with Oracle Virtual Directory. For information about how to deploy Oracle Unified Directory with Oracle Virtual Directory, see "Creating LDAP Adapters" in the Oracle® Fusion Middleware Administrator's Guide for Oracle Virtual Directory.
The code example currently provided in section 18.3.3.3, "Operation Plug-In Implementation Point" of the Oracle® Fusion Middleware Administrator's Guide for Oracle Virtual Directory does not close the connection to the back-end LDAP server.
The example code uses chain.getVSI().get
, which populates a Vector<EntrySet>
with one EntrySet for each adapter. Each EntrySet in get()
contains a live handle to the data source connection, which is used to retrieve entries.
To release this data source connection to the pool, you must provide a call to EntrySet.cancelEntrySet()
or Oracle Virtual Directory could be blocked. Blocking occurs when the plug-in occupies all of the configured connections from the pool and no connections are available to execute new requests.
The example code should be updated to implement a call to entrySet.cancelEntrySet()
as follows:
ChainVector results = new ChainVector(); try { chain.getVSI().get(...); } catch (...) { } finally { for (EntrySet entrySet : results) entrySet.cancelEntrySet(); }
Section 19.2.3.3.1, "Configuring Oracle Virtual Directory for the Integration" in the Oracle® Fusion Middleware Administrator's Guide for Oracle Virtual Directory should include an instruction for setting SSL Authentication Mode. The section should read as follows:
Select the EUS_Sun template.
Set SSL Authentication Mode to Server Only / Mutual Authentication.
The Proxy DN user must be able to read the userPassword
attribute in the Oracle Directory Server Enterprise Edition.
This chapter describes issues associated with Oracle Identity Federation. It includes the following topics:
This section describes general issues and workarounds. It includes the following topics:
Section 20.1.1, "Database Table for Authentication Engine must be in Base64 Format"
Section 20.1.2, "Considerations for Oracle Identity Federation HA in SSL mode"
Section 20.1.3, "Database Column Too Short error for IDPPROVIDEDNAMEIDVALUE"
When using a database table as the authentication engine, and the password is stored hashed as either MD5 or SHA, it must be in base64 format.
The hashed password can be either in the base64-encoded format or with a prefix of {SHA} or {MD5}. For example:
{SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=
In a high availability environment with two (or more) Oracle Identity Federation servers mirroring one another and a load balancer at the front-end, there are two ways to set up SSL:
Configure SSL on the load balancer, so that the SSL connection is between the user and the load balancer. In that case, the keystore/certificate used by the load balancer has a CN referencing the address of the load balancer.
The communication between the load balancer and the WLS/Oracle Identity Federation can be clear or SSL (and in the latter case, Oracle WebLogic Server can use any keystore/certificates, as long as these are trusted by the load balancer).
SSL is configured on the Oracle Identity Federation servers, so that the SSL connection is between the user and the Oracle Identity Federation server. In this case, the CN of the keystore/certificate from the Oracle WebLogic Server/Oracle Identity Federation installation needs to reference the address of the load balancer, as the user will connect using the hostname of the load balancer, and the Certificate CN needs to match the load balancer's address.
In short, the keystore/certificate of the SSL endpoint connected to the user (load balancer or Oracle WebLogic Server/Oracle Identity Federation) needs to have its CN set to the hostname of the load balancer, since it is the address that the user will use to connect to Oracle Identity Federation.
Problem
When Oracle Identity Federation is configured to use a database store for session and message data store, the following error is seen if data for IDPPROVIDEDNAMEID
is over 200 characters long:
ORA-12899: value too large for column "WDO_OIF"."ORAFEDTMPPROVIDERFED"."IDPPROVIDEDNAMEIDVALUE" (actual: 240, maximum: 200)\n]
Workaround
Alter table ORAFEDTMPPROVIDERFED to increase the column size for "idpProvidedNameIDValue" to 240.
This section describes configuration issues and their workarounds. It includes the following topics:
Section 20.2.1, "WLST Environment Setup when SOA and OIF are in Same Domain"
Section 20.2.2, "Oracle Virtual Directory Requires LSA Adapter"
Section 20.2.3, "Settings for Remote WS-Fed SP Must be Changed Dynamically"
Section 20.2.4, "Required Property when Creating a WS-Fed Trusted Service Provider"
Section 20.2.5, "Federated Identities Table not Refreshed After Record Deletion"
Section 20.2.6, "Default Authentication Scheme is not Saved"
Section 20.2.7, "Configuring 10g to Work with 11g Oracle Identity Federation using Artifact Profile"
If your site contains Oracle SOA Suite and Oracle Identity Federation in the same domain, the WLST
setup instructions in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation are insufficient for WLST
to correctly execute Oracle Identity Federation commands.
This can happen if you install an IdM domain, then extend it with an Oracle SOA install; the SOA installer changes the ORACLE_HOME
environment variable. This breaks the Oracle Identity Federation WLST
environment, as it relies on the IdM value for ORACLE_HOME
.
Take these steps to enable the use of WLST
commands:
Execute the instructions described in Section 9.1.1, Setting up the WLST Environment, in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation.
Copy OIF-ORACLE_HOME/fed/script/*.py
to WL_HOME/common/wlst
.
Append the CLASSPATH
environment variable with OIF-ORACLE_HOME/fed/scripts
.
To use Oracle Virtual Directory as an Oracle Identity Federation user store or an authentication engine, you must configure a Local Storage Adapter, and the context root must be created as required at installation or post-install configuration time.
For details about this task, see the chapter Creating and Configuring Oracle Virtual Directory Adapters in the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory.
On the Edit Federations page, the Oracle Identity Federation (OIF) settings for remote WS-Fed service provider contain a property called SSO Token Type; you can choose to either inherit the value from the IdP Common Settings page or override it here. The number of properties shown in 'OIF Settings' depends on the value of SSO Token Type.
If you choose to override SSO Token Type with a different value (for example, by changing from SAML2.0 to SAML1.1), the number of properties shown in 'OIF Settings' does not change until you click the Apply button.
Also, if you have overridden the value for Default NameID Format to 'Persistent Identifier' or 'Transient/One-Time Identifier', then changed the SSO Token Type value from 'SAML2.0' to 'SAML1.1' or 'SAML1.0', you will notice that the value for Default NameID Format is now blank. To proceed, you must reset this property to a valid value from the list.
When you create a WS-Fed Trusted Service Provider, you must set the value for the 'Use Microsoft Web Browser Federated Sign-On' property with these steps:
In Fusion Middleware Control, navigate to Federations, then Edit Federations.
Choose the newly create WS-Fed Trusted Service Provider and click Edit.
In the 'Trusted Provider Settings' section, set the value for Use Microsoft Web Browser Federated Sign-On by checking or unchecking the check-box.
Click Apply.
When the federation store is XML-based, a record continues to be displayed in the federated identities table after it is deleted.
The following scenario illustrates the issue:
The federation data store is XML.
Perform federated SSO, using "map user via federated identity".
In Fusion Middleware Control, locate the Oracle Identity Federation instance, and navigate to Administration, then Identities, then Federated Identities.
Click on the created federation record and delete it.
After deletion, the federated record is still in the table. Further attempts at deleting the record result in an error.
The workaround is to manually refresh the table by clicking Search.
Problem
This problem is seen when you configure Oracle Access Manager in Fusion Middleware Control as a Service Provider Integration Module. It is not possible to set a default authentication scheme since the default is set to a certain scheme (say OIF-password-protected
) but the radio button is disabled.
Solution
Take these steps to set the preferred default authentication scheme:
Check the Create check-box for the scheme that is currently set as the default but disabled.
Check the Create check-box(es) for the authentication scheme(s) that you would like to create.
Click the radio button of the scheme that you wish to set as the default.
Uncheck the Create check-box of the scheme in Step 1 only if you do not want to create the scheme.
Provide all the required properties in the page.
Click the Configure Oracle Access Manager button to apply the changes.
The default authentication scheme is now set to the one that you selected.
Note: In addition, when trying to remove any authentication scheme, ensure that you do not remove the default scheme; if you must remove the scheme, change the default to another authentication scheme before you remove the scheme. |
In the SAML 1.x protocol, for a 10g Oracle Identity Federation server to work with an 11g Oracle Identity Federation server using the Artifact profile, you need to set up either basic authentication or client cert authentication between the two servers.
For instructions, see:
Section 6.9 Protecting the SOAP Endpoint, in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation, 11g Release 1 (11.1.1)
Section 6.5.13.2 When Oracle Identity Federation is an SP, in the Oracle Identity Federation Administrator's Guide, 10g (10.1.4.0.1)
This section describes documentation errata for the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation, part number E13400-01. It includes the following topics:
Section 20.3.1, "Different Passwords for Keystore and Private Key not Supported"
Section 20.3.2, "Documentation Erratum for Deploying Oracle Identity Federation"
Section 20.3.3, "Documentation Erratum for Configuring Security and Trust"
Section 20.3.6, "Forcing Re-authentication when Integrated with Oracle Access Manager"
Section 20.3.7, "Supported Version of Oracle Access Manager 10g"
Section 20.3.9, "Documentation Erratum for Oracle Identity Federation MBeans"
Note: For documentation errata and other release notes relating to the integration of Oracle Identity Federation with Oracle Access Manager 11g , see the chapter for "Oracle Access Manager." |
Oracle Identity Federation only supports configuring one password for signing and encryption keystores, and uses that password to open both the keystore and the private key. This means that if a keystore is configured with different store password and key password, an error will occur when Oracle Identity Federation tries to access the private key.
To avoid this error, ensure that the private key password for the configured key alias is the same as the keystore password.
Note: In Oracle Identity Federation 11g Release 1 (11.1.1), if you change the key password to match the keystore password, you must remove the old keystore/wallet from the configuration. |
In Section 3.2.2.2, "Integrate Oracle Single Sign-On with OHS", replace the following set of instructions:
Copy $AS_INST/config/OHS/$OHS_NAME/disabled/mod_osso.conf
to $AS_INST/config/OHS/$OHS_NAME/moduleconf
. All files in the moduleconf
directory are read when OHS is started.
Open the $AS_INST/config/OHS/$OHS_NAME/moduleconf/mod_osso.conf
file and set the OssoConfigFile
directive to reference the Oracle Single Sign-On configuration file that was created and then copied to the OHS config
directory:
OssoConfigFile ${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/oif.server.com.osso.conf
with the following text:
Copy $AS_INST/config/OHS/$OHS_NAME/disabled/mod_osso.conf
to $AS_INST/config/OHS/$OHS_NAME/moduleconf
. All files in the moduleconf
directory are read when OHS is started.
Open the $AS_INST/config/OHS/$OHS_NAME/moduleconf/mod_osso.conf
file. Set the OssoConfigFile
directive to reference the Oracle Single Sign-On configuration file that was created and then copied to the OHS config
directory:
OssoConfigFile ${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/ ${COMPONENT_NAME}/oif.server.com.osso.conf
Add the /fed/user/authnosso
URL to be protected by Oracle SSO Server, through the Location
element.
Then the mod_osso.conf
example would look like this:
LoadModule osso_module ${ORACLE_HOME}/ohs/modules/mod_osso.so <IfModule mod_osso.c> OssoIpCheck off OssoIdleTimeout off OssoConfigFile ${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/ ${COMPONENT_NAME}/oif.server.com.osso.conf <Location /fed/user/authnosso> require valid-user AuthType Osso </Location> </IfModule>
In Section 5.10.3, "Security and Trust - Trusted CAs and CRLs", change the following sentence:
"When the certificate validation store is enabled, Oracle Identity Federation uses it to validate the certificates needed to verify the signatures on incoming messages."
to read:
"When the certificate validation store is enabled, Oracle Identity Federation uses it to validate the certificates needed to verify the signatures on incoming SAML/WS-Federation messages."
In Section 8.2.2, "Configuring Oracle Identity Federation as an SSL Client," add the following subsection, which shows the steps needed to ensure that Fusion Middleware Control can continue to manage the Oracle Identity Federation server after SSL is enabled for the Admin server and the managed server hosting Oracle Identity Federation:
Ensuring that Fusion Middleware Control can Manage an Oracle Identity Federation Target
Take these steps:
Locate $INSTANCE_HOME/EMAGENT/EMAGENT/sysman/emd/targets.xml.
Change the protocol for the 'serviceURL' property to the correct protocol. If you have more than one Oracle Identity Federation target (besides host and oracle_emd), you need to modify the 'serviceURL' for each target.
Locate $INSTANCE_HOME/EMAGENT/EMAGENT/sysman/config/emd.properties.
If necessary, update the protocol for 'REPOSITORY_URL' to the correct protocol. The EM Agent uses this property to connect to Fusion Middleware Control.
Stop the EM Agent using the command:
$INSTANCE_HOME/bin/opmnctl stopproc ias-component=EMAGNET
Secure the EM Agent using the command:
$INSTANCE_HOME/EMAGENT/EMAGENT/bin/emctl secure fmagent -admin_host <host> -admin_port <port> -admin_user <username> [-admin_pwd <pwd>]
Restart the EM Agent using the command:
$INSTANCE_HOME/bin/opmnctl startproc ias-component=EMAGNET
After installation, a configuration assistant performs a number of configuration updates to the Oracle Identity Federation server using MBeans. Another task periodically checks to see if the configuration files were changed so that the server can be notified.
A parsing error during this procedure can result in the following type of message in the diagnostic log file:
$DOMAIN_HOME/servers/wls_oif1/logs/wls_oif1-diagnostic.log . [org.xml.sax.SAXParseException: XML document structures must start and end within the same entity.] at javax.xml.bind.helpers.AbstractUnmarshallerImpl.createUnmarshalExcept ion(AbstractUnmarshallerImpl.java:315) at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.createUnmar shalException(UnmarshallerImpl.java:514) at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0( UnmarshallerImpl.java:215) at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(U nmarshallerImpl.java:184) at javax.xml.bind.helpers.AbstractUnmarshallerImpl.unmarshal(AbstractUnm arshallerImpl.java:137) at javax.xml.bind.helpers.AbstractUnmarshallerImpl.unmarshal(AbstractUnm arshallerImpl.java:184) at oracle.as.config.persistence.jaxb.JAXBXmlPersistenceManagerImpl.load( JAXBXmlPersistenceManagerImpl.java:156) ... 10 more Caused by: org.xml.sax.SAXParseException: XML document structures must start and end within the same entity. at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAX ParseException(ErrorHandlerWrapper.java:195) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalErro r(ErrorHandlerWrapper.java:174) .
Provided that the Oracle Identity Federation server is up and running (/fed/idp/metadata
can be accessed without any errors), the message is harmless and has no effect on the stability of the server. The configuration change occurs as intended, and all the servers are notified of the change.
Add the following note in Section 3.2.3, "Deploying Oracle Identity Federation with Oracle Access Manager":
Note: Oracle Identity Federation does not support the ability to force re-challenging the user for credentials when integrated with the Oracle Access Manager 10g authentication engine, so that Oracle Identity Federation cannot support use cases where reauthentication must be forced. For example, if an SP sends an |
For integration with Oracle Access Manager 10g server, Oracle Identity Federation supports Oracle Access Manager Version 10.1.4.3.
In Section 3.2.3.2 Integrate Oracle Access Manager as an Authentication Engine, under the Verify Requirements heading, change the first step to verify component versions to read:
Verify that the Oracle Access Manager server is at Version 10.1.4.3.
Section 5.4.4 Configure OpenID IdP Properties describes how to enable the out-of-the-box Oracle Identity Federation OpenID provider.
You can also configure an external OpenID provider so that Oracle Identity Federation acts as the relying party (RP/SP) and an external resource acts as the OpenID provider (OP). Google and Yahoo are examples of external OpenID providers.
The following steps describe how to configure an external OpenID provider:
Log in to Oracle Enterprise Manager Fusion Middleware Control.
Navigate to the Oracle Identity Federation instance.
Select Administration, then Federations.
Click Add to add a new OpenID provider.
In the pop-up box, select "Add provider manually".
Enter the provider ID using a URL in this format:
http://node123.us.example.com:7777/fed/idp
For protocol version, select "OpenID2.0".
For provider type, select "Identity Provider".
Click OK to create the provider.
Edit the new provider. Enter the provider's discovery URL in this format:
http://node123.us.example.com:7777/fed/idp
or enter the provider's OpenID endpoint URL if the IdP does not support OpenID discovery.
Click Apply to commit the edits.
In Section A.5.2 "Access Oracle Identity Federation MBeans", the MBean names are stated in Table A-1 and the sample code as "Oracle Identity FederationConfigMBean
" which should be corrected to read "OIFConfigMBean
"..