This chapter describes issues associated with Oracle Privileged Account Manager. It includes the following topics:
This section describes general issue and workarounds. It includes the following topics:
Section 9.1.1, "Some of the Target Page Strings Will Not be Translated"
Section 9.1.2, "No Translation (Messages or Help) Support for OPAM Command Line Tools"
Section 9.1.3, "Create Target in OPAM Does Not Work When Browser Locale=German"
Some strings on the Targets page in the Administrator user interface will not be translated because those strings are not externalized on the Oracle Privileged Account Manager server side.
Oracle Privileged Account Manager command-line tool messages and help were not translated in the Oracle Privileged Account Manager 11.1.2.0.0 release.
Translation support for the Oracle Privileged Account Manager command-line tool messages and help will be provided after the 11.1.2.0.0 release.
If you select the German locale when creating a new target on any browser, the Connection to OPAM server could not be established: error message will display. This issue does not occur with any other locales.
To workaround this issue, select English as the preferred language.
For example, using Firefox, the steps are as follows:
Open the Firefox browser window and select Tools > Options.
When the Options dialog displays, select the Content icon.
On the Content page, locate the Languages section and click Choose.
When the Languages dialog displays, select English and then click Move Up until English is at the top of the language list.
Note:
If English is not visible in the Languages list, click the Select a language to add button. Locate and select English, then click the Add button.Click OK to close the dialog boxes.
In the Oracle Privileged Account Manager Console, accounts can be granted to users from the WebLogic Identity Store. The Oracle Privileged Account Manager Console provides a user interface to look up users from the primary Identity Store (first on the list of Providers in the WebLogic Security Realm configuration).
Oracle Privileged Account Manager Console user look-ups can fail for the following reasons:
The user may not be part of the first Identity Store Provider in WebLogic Security Realm.
Service-Oriented Architectures (SOA) (Oracle Identity Manager with SOA) and Oracle Privileged Account Manager have been configured in the same WebLogic domain.
Installing SOA alters the Identity Store configuration in the JPS default context, which causes user look-up failures in other components such as Oracle Privileged Account Manager.
Solution:
Check that the list of Providers is ordered correctly in the WebLogic Security Realm configuration, and verify that the user is part of the first Provider listed. If not, then re-order the Provider list appropriately.
Check whether SOA and Oracle Privileged Account Manager are configured on same WebLogic domain. If so, the workaround is to configure SOA and Oracle Privileged Account Manager in separate domains.
This section describes configuration issues and their workarounds. It includes the following topic:
The Config Security Store fails to create the policy store object when using variables such as ORACLE_HOME and MW_HOME while running wlst.sh using configureSecurityStore.py with -m join.
Always use absolute paths for ORACLE_HOME and MW_HOME while running the command for -m join.
This section describes documentation errata. It includes the following topics:
The following sentence in section 3.2.2, "Locating the Oracle Privileged Account Manager Connector Bundles," in the Oracle Fusion Middleware Administrator's Guide for Oracle Privileged Account Manager,
"The connector bundles shipped with Oracle Privileged Account Manager include:"
should be revised to read as follows:
"The connectors that are pushed into ORACLE_HOME/connectors are actually shipped with Oracle Identity Manager. Of all the connectors in this directory, only the following three connectors are certified with Oracle Privileged Account Manager for this release:"
The following sentence in section 3.2.3, "Consuming ICF Connectors," in the Oracle Fusion Middleware Administrator's Guide for Oracle Privileged Account Manager
"During domain creation, the opam-config.xml file is copied to the
DOMAIN_HOME/config/fmwconfig directory, and this file is applicable for that domain."
should be revised to read as follows:
"During domain creation, the opam-config.xml file is copied to the
DOMAIN_HOME/config/fmwconfig/opam directory, and this file is applicable for that domain."
The following paragraph in section 3.2.3, "Consuming ICF Connectors," in the Oracle Fusion Middleware Administrator's Guide for Oracle Privileged Account Manager,
"The opam-config.xsd file (also located in the ORACLE_HOME/opam/config directory) describes the schema for opam-config.xml. If any changes are made to DOMAIN_HOME/config/fmwconfig/opam-config.xml, it should verified with the opam-config.xsd file."
should be revised to read as follows:
"The opam-config.xsd file (also located in the ORACLE_HOME/opam/config directory) describes the schema for opam-config.xml. If any changes are made to DOMAIN_HOME/config/fmwconfig/opam/opam-config.xml, it should verified with the opam-config.xsd file."
Information provided for the Database Connection URL parameter in Table 5-2, "Basic Configuration Parameters for Targets" in section 5.1.2.2 of the Oracle Fusion Middleware Administrator's Guide for Oracle Privileged Account Manager is incorrect.
Oracle Privileged Account Manager only supports Oracle target systems for the 11.1.2.0.0 release. The entry should not include the MSSQL, MySQL, DB2, or Sybase examples.