This chapter describes issues associated with Oracle Entitlements Server. It includes the following topics:
This section describes general issue and workarounds. It includes the following topics:
If the Oracle Entitlements Server domain was created using Derby template, when you search for a resource created in the Authorization Policy Manager, the console displays an error message:
JPS-10000: There was an internal error in the policy store
The workaround is to use the search management API.
There are issues related to missing MANAGE - POLICY
, VIEW - APPLICATION_ROLE
/ RESOURCE
/ RESOURCE_TYPE
/ ENTITLEMENT
permissions that are implicitly "granted" or implied when privileges, such as "view and manage," are granted to the delegated administrator. For example, in order to create a policy as a delegated administrator, the MANAGE - POLICY
permission is required, and because the delegated administrator must search for an application role, resource, and/or entitlement, he requires the VIEW - APPLICATION_ROLE
/ RESOURCE
/ RESOURCE_TYPE
/ ENTITLEMENT
permissions.
To work around these issues, grant ALL
permissions to the delegated administrator. This includes domain delegated permissions as well.
This section describes configuration issues and their workarounds. It includes the following topic:
For JDK1.7.0_40
and later, the use of x.509
certificates with RSA keys less than 1024 bits in length is restricted. Because the Oracle Entitlements Server Administration Server key size is 512 bits, if you use JDK1.7.0_40
and later, you must remove the key size limitation. To do this, modify the default value jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
to jdk.certpath.disabledAlgorithms=MD2
in the java.security
file in the java_home/jre/lib/security
directory.If you do not perform this workaround, the following scenarios may fail:
Creation of all Security Modules except WebLogic Security Module in controlled-push mode
Controlled-push WebLogic Security Module registration with Oracle Entitlements Server
There is no documentation errata at this time.