5 Oracle Identity Governance

Known issues and workarounds for Oracle Identity Governance include general issues and issues related to multi-language support.

5.1 General Issues and Workarounds

5.1.1 The Request for Others Option is Available for All Users

Issue

When you click the Request Access tile in the Self Service tab of Oracle Identity Self Service, the Request for Others option should be enabled only for authorized users and managers. However, the Request for Others option is enabled for all users irrespective of authorization.

5.1.2 Session Time-out Warning Displayed When Using the Deployment Manager

Issue

When using the Deployment Manager, session time-out warning message is displayed although the system is not idle.

Currently, there is no workaround for this issue. Click OK on the warning message box and continue.

5.1.3 EditFailedException When Releasing Configuration from WebLogic Console

Issue

In an Oracle Identity Governance deployment that has been upgraded from an earlier release, when you click Release Configuration in Oracle WebLogic Console, the following error is generated:

weblogic.management.provider.EditFailedException: Error loading jdbc/oimMDS-jdbc.xml

This error does not have any functional impact on the WebLogic configuration.

Workaround

To workaround this issue, open the following DataSource configurations, make any changes, and then save and activate the changes:

  • ApplicationDB

  • mds-oim

  • oimJMSStoreDS

  • oimOperationsDB

  • soaOIMLookupDB

5.1.4 LDAP Synchronization Not Supported

Issue

LDAP synchronization, or integration between Oracle Identity Governance (OIG) and Oracle Access Manager (OAM) by using the IDMConfigTool is not supported in Oracle Identity Governance 12c (12.2.1.3.0) or Oracle Identity Governance 12c (12.2.1.4.0).

Oracle Identity Governance 12c (12.2.1.3.1) release onwards, OAM-OIG integration using LDAP Connectors is supported. For more information, see What's New in Oracle Identity Management Integration.

Workaround

If you have upgraded from Release 11.1.2.3 to Release 12.2.1.3, then you can continue with LDAP synchronization, as described in Enabling LDAP Synchronization in Oracle Identity Manager in Integration Guide for Oracle Identity Management Suite for Release 11.1.2.3.

5.1.5 Oracle Identity Governance Servers Throw Error During Heavy Load

Issue

During heavy loads, Oracle Identity Governance servers throw error due to PS_TXN table space issue.

Workaround

For instructions on how to resolve this issue, see My Oracle Support document ID 1444959.1

5.1.6 OJET Web Context Does Not Display URL When Using Internet Explorer Browser

Issue

When Internet Explorer is used, OJET Web Context does not show browser URL in the Organization Provisioning and Resource History pages.

5.1.7 Unusual Build Up of Diagnostic Logs

Issue

After installing and configuring Oracle Identity Governance and starting all servers, an unusual build up of diagnostic logs is shown in the $DOMAIN_HOME/servers/oim_server/logs/ directory of the Oracle Identity Governance managed server. The logs show the following:

[tenant-name: GLOBAL] Exception info[[
oracle.jbo.ReadOnlyDefObjectException: JBO-25075: Definition
AvailableServicesVO of type ViewObject is read-only.  Cannot modify it
at oracle.jbo.server.MetaObject.checkEditable(MetaObject.java:328)
at oracle.jbo.server.ViewDefImpl.setSelectClause(ViewDefImpl.java:3864)
at

Workaround

To fix this issue:

  1. Go to the DOMAIN_HOME/bin/ directory.
  2. In a text editor, open the setDomainEnv.sh file.
  3. Search for the Doracle.xdkjava.compatibility.version : 11.1.1 flag, and remove it.
  4. Save and close the setDomainEnv.sh file.
  5. Go to the DOMAIN_HOME/bin/ directory.
  6. In a text editor, open the setSoaDomainEnv.sh file.
  7. Under EXTRA_JAVA_PROPERTIES, add the following:
    Doracle.xdkjava.compatibility.version : 11.1.1
  8. Save and close the setSoaDomainEnv.sh file.
  9. Restart all servers.

5.1.8 Logo Not Displayed in Certification Reports

Issue

When you log in to Oracle Identity Self Service and view certification reports, the logo is displayed in the PDF, HTML, and RTF formats of the report. However, the logo is not displayed in the RTF, Excel, Excel 2000, and CSV formats of the report.

Similarly, when you log in to Oracle BI Publisher Enterprise and view certification reports, the logo is displayed in the PDF, HTML, and RTF formats. However, the logo is not displayed in the Excel (mhtml), Excel (html), and CSV formats of the report.

5.1.9 Pending Request Approval Fails

Issue

In a clustered deployment of Oracle Identity Governance, when a node fail over occurs, clicking Approve on the Request Approval page throws an exception, and displays 404 Page Not Found on the page. The exception is:

<Mar 11, 2019 3:03:49,288 AM PDT> <Error> <Cluster> <BEA-003144> <All session
objects should be serializable to replicate. Check the objects in the
session. Failed to replicate a non-serializable object in context /identity.
java.rmi.UnmarshalException: error unmarshalling arguments; nested exception
is:
java.io.InvalidClassException: filter status: REJECTED
at weblogic.utils.StackTraceDisabled.unknownMethod()
Caused By: java.io.InvalidClassException: filter status: REJECTED
at weblogic.utils.StackTraceDisabled.unknownMethod()
> 
<Mar 11, 2019 3:03:49,909 AM PDT> <Warning>
<oracle.adfinternal.view.faces.renderkit.rich.RegionRenderer>
<ADF_FACES-60099> <The region component with id: pt1:_d_reg:region2 has
detected a page fragment with multiple root components. Fragments with more
than one root component may not display correctly in a region and may have a
negative impact on performance. It is recommended that you restructure the
page fragment to have a single root component.>
<Mar 11, 2019 3:03:50,175 AM PDT> <Error> <Cluster> <BEA-003144> <All session
objects should be serializable to replicate. Check the objects in the
session. Failed to replicate a non-serializable object in context /identity.
java.rmi.UnmarshalException: error unmarshalling arguments; nested exception
is:
java.io.InvalidClassException: filter status: REJECTED
at weblogic.utils.StackTraceDisabled.unknownMethod()
Caused By: java.io.InvalidClassException: filter status: REJECTED
at weblogic.utils.StackTraceDisabled.unknownMethod()

Workaround

The issue can be resolved by updating the setDomainEnv.sh file with the following Java property in each node of the cluster, and then starting the WebLogic server:

-Dweblogic.oif.serialFilter=maxdepth=250

5.1.10 Duplicate Entries Are Not Allowed in Lookups

Issue

You can add duplicate entries in Lookups by using the Design Console without encountering any errors. But when duplicate entries are added to Lookups by using the Identity System Administration, then the following error is logged:

[2019-07-02T01:12:18.848-07:00] [oim_server1] [WARNING] []
[oracle.adf.controller.faces.lifecycle.Utils] [tid: [ACTIVE].ExecuteThread:
'11' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm]
[ecid: 3a5b75b9-1f43-49ac-adac-ee9126ffbf38-00021c4b,0] [APP:
oracle.iam.console.identity.sysadmin.ear] [partition-name: DOMAIN]
[tenant-name: GLOBAL] [DSID: 0000MilixkrBLA85RjP5id1T4nxP00006z] ADF: Adding
the following JSF error message: IAM-0120030:A system error #1562055138838
has occurred. Please contact System Administrator.[[
oracle.iam.ui.platform.exception.OIMRuntimeException: IAM-0120030:A system
error #1562055138838 has occurred. Please contact System Administrator.

The error is generated because duplicate entries are not allowed in Lookups.

5.1.11 Missing Label for the Base Selection List

In the Base Selection page of the New Certification wizard, a label is missing for the Base Selection list. This is a violation of the accessibility guidelines but does not lead to a loss of functionality.

5.1.12 Accessibility Issues in the Certification Dashboard

In the Certification Dashboard in Identity Self Service:

  • A label is missing for the table that lists the certifications
  • Alt texts are missing for the values in the Percent Complete column

These are violations of the accessibility guidelines but do not lead to any loss of functionality.

5.1.13 Missing Label for the Date Created QBE

In the Certification Definitions page, a label is missing for the Date Created Query By Example (QBE). This is a violation of the accessibility guidelines but does not lead to a loss of functionality.

5.1.14 Change Indicator for Child Table Modification in a Disconnected Application Instance Not Displayed for Manual Fulfillment Task

In a disconnected application instance, the change indicator for child table modification is not displayed for manual fulfillment task.

5.1.15 Navigation by Pressing Tab Not Working in Popup to Confirm Cloning

Using Mozilla Firefox 55.0.3 web browser to access the Identity Self Service, in the Clone Application page, when you enter values for the required fields, and then click Apply, the Do you wish to create default request form message box is displayed. In this message box, navigating between the Yes and No buttons and the close icon is not working by pressing the Tab key.

5.1.16 Search in Request Reassign Fails

Issue

In the Reassign Task dialog box, if you select the Transfer ownership to another user or group option and search for a specific user by selecting All, then the following error is displayed:

Search failed with an error. Queried participants exceeds limit.. Use a better search query,
      which returns allowed number of participants

The following error is logged:

[2019-01-17T21:12:48.807-08:00] [oim_server1] [WARNING] [] 
[org.apache.myfaces.trinidad.util.ComponentUtils] [tid: 
[ACTIVE].ExecuteThread: '25' for queue: 'weblogic.kernel.Default 
(self-tuning)'] [userId: xelsysadm] [ecid: 
5f2d732c-eb4e-410d-91ca-d56dc3deaa71-0000d9a7,0] [APP: 
oracle.iam.console.identity.self-service.ear] [partition-name: DOMAIN] 
[tenant-name: GLOBAL] [DSID: 0000MXVKjvQ3b6kpGwK6yf1SG3ph00007Q] Could not 
find the component with scopedId ::idSearchButton1 from 
RichInputText[UIXEditableFacesBeanImpl, id=idSearchStringField] with the 
supported syntax. The component was found with the deprecated syntax. Please 
use the supported syntax. 
[2019-01-17T21:12:48.808-08:00] [oim_server1] [WARNING] [] 
[org.apache.myfaces.trinidad.util.ComponentUtils] [tid: 
[ACTIVE].ExecuteThread: '25' for queue: 'weblogic.kernel.Default 
(self-tuning)'] [userId: xelsysadm] [ecid: 
5f2d732c-eb4e-410d-91ca-d56dc3deaa71-0000d9a7,0] [APP: 
oracle.iam.console.identity.self-service.ear] [partition-name: DOMAIN] 
[tenant-name: GLOBAL] [DSID: 0000MXVKjvQ3b6kpGwK6yf1SG3ph00007Q] Could not 
find the component with scopedId ::idSearchButton1 from 
RichInputText[UIXEditableFacesBeanImpl, id=idSearchStringField] with the 
supported syntax. The component was found with the deprecated syntax. Please 
use the supported syntax. 
[2019-01-17T21:12:48.811-08:00] [oim_server1] [WARNING] [] 
[org.apache.myfaces.trinidad.util.ComponentUtils] [tid: 
[ACTIVE].ExecuteThread: '25' for queue: 'weblogic.kernel.Default 
(self-tuning)'] [userId: xelsysadm] [ecid: 
5f2d732c-eb4e-410d-91ca-d56dc3deaa71-0000d9a7,0] [APP: 
oracle.iam.console.identity.self-service.ear] [partition-name: DOMAIN] 
[tenant-name: GLOBAL] [DSID: 0000MXVKjvQ3b6kpGwK6yf1SG3ph00007Q] Could not 
find the component with scopedId ::idSearchButton1 from 
RichInputText[UIXEditableFacesBeanImpl, id=idSearchStringField] with the 
supported syntax. The component was found with the deprecated syntax. Please 
use the supported syntax. 
[2019-01-17T21:12:48.834-08:00] [oim_server1] [ERROR] [] 
[oracle.soa.services.workflow.worklist] [tid: [ACTIVE].ExecuteThread: '25' 
for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] 
[ecid: 5f2d732c-eb4e-410d-91ca-d56dc3deaa71-0000d9a7,0] [APP: 
oracle.iam.console.identity.self-service.ear] [partition-name: DOMAIN] 
[tenant-name: GLOBAL] [DSID: 0000MXVKjvQ3b6kpGwK6yf1SG3ph00007Q] 
<oracle.bpel.worklistapp.dc.idbrowser.beans.controller.IdentityBrowserControll 
er.executeSearch> Search failed with an error 
[2019-01-17T21:12:48.863-08:00] [oim_server1] [WARNING] [] 
[org.apache.myfaces.trinidad.component.UIXComponentBase] [tid: 
[ACTIVE].ExecuteThread: '25' for queue: 'weblogic.kernel.Default 
(self-tuning)'] [userId: xelsysadm] [ecid: 
5f2d732c-eb4e-410d-91ca-d56dc3deaa71-0000d9a7,0] [APP: 
oracle.iam.console.identity.self-service.ear] [partition-name: DOMAIN] 
[tenant-name: GLOBAL] [DSID: 0000MXVKjvQ3b6kpGwK6yf1SG3ph00007Q] getClientId 
should not be called while the view is being constructed. Component ID: 
j_id110

Workaround

To avoid this issue, if you search by selecting All, then perform a blank search and do not provide a search value. If you want to search for a specific user, then select the User option.

5.1.17 JAVA.LANG.THROWABLE: DIAGNOSTIC AID Error is Logged

Sometimes the following error is logged when starting the server or clicking a user:

ADFCONTEXT LEAK DETECTED. 
JAVA.LANG.THROWABLE: DIAGNOSTIC AID

This is a benign error message and does not cause any loss of functionality.

5.1.18 Blank Schema Page for Active Directory Connector on Internet Explorer 11

If you access the Identity Self Service by using the Internet Explorer 11 web browser, while creating a target application for the Active Directory connector using application onboarding, the Schema page is displayed as blank and the Attribute table is not shown.

5.1.19 The Account Discriminator Checkbox is Dotted in Edge Browser

When you access the Identity Self Service by using the Edge web browser, while creating an application, when you open the Advanced Settings dialog box from the Schema page, the Account Discriminator checkbox is displayed as dotted.

However, this does not result to any functional loss.

5.1.20 Bulk Load Utility Not Working on Windows

Issue

Running the bulk load utility on a Windows host fails with the following error:

Error:
Error:
Compiling Procedures ....
Compilation done...

Enter password for OIM database user again :
Exception in thread "main" java.lang.ClassNotFoundException:
oracle.jdbc.driver.OracleDriver
        at java.net.URLClassLoader.findClass(URLClassLoader.java:382)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Class.java:264)
        at bulkload.BulkloadUtil.getConnection(BulkloadUtil.java:163)
        at bulkload.UserLoad.main(UserLoad.java:996)

Workaround

To workaround this issue:

  1. Search and download the ojdbc8.jar file from Oracle Technology Network web site at:

    https://www.oracle.com/technical-resources/

  2. Place the ojdbc8.jar file in the OIG database $ORACLE_HOME/jdbc/lib/ directory.
  3. Re-run the bulk load utility.

5.1.21 Default Session Timeout

Issue

In Oracle Identity Governance 12c (12.2.1.3.0) and 12c (12.2.1.4.0), the default session timeout for Identity Self Service and Identity System Administration is 10 minutes.

The default session timeout is set by the following entry in the web.xml file:

<session-config>
        <session-timeout>10</session-timeout>
</session-config>

For Identity Self Service: $FMW_HOME/Oracle_IDM1/server/apps/oracle.iam.console.identity.self-service.ear /oracle.iam.console.identity.self-service.war/WEB-INF/web.xml

For Identity System Administration: $FMW_HOME/Oracle_IDM1/server/apps/oracle.iam.console.identity.sysadmin.ear/ora cle.iam.console.identity.sysadmin.war/WEB-INF/web.xml

However, changing the default session timeout value is not supported.

5.2 Configuration Issues and Workarounds

5.2.1 OIM-SOA Integration MBean Fails During Domain Configuration

Issue

When you configure the Oracle Identity Governance domain, run the offlineconfig manager.sh script, and start all servers, and then invoke the OIM-SOA integration MBean, the following error is logged in the server logs:

<May 6, 2019 12:50:29,701 AM PDT> <Error> <com.oracle.coherence> <BEA-000000>
<2019-05-06 00:50:29.701/217214.494 Oracle Coherence GE 12.2.1.4.0 <Error>
(thread=Cluster, member=3): Received cluster heartbeat from the senior
Member(Id=1, Timestamp=2019-05-03 12:25:22.783, Address=10.248.121.88:25538,
MachineId=42905,
Location=site:example.com,machine:slc16oqj,process:30630,member:AdminServer,
 Role=WeblogicServer) that does not contain this Member(Id=3,
Timestamp=2019-05-03 12:30:58.275, Address=10.248.121.88:14080,
MachineId=42905,
Location=site:example.com,machine:slc16oqj,process:31978,member:oim_server1,
 Role=WeblogicServer); stopping cluster service.>

<May 6, 2019 12:50:29,753 AM PDT> <Warning> <Log Management> <BEA-170011>
<The LogBroadcaster on this server failed to broadcast log messages to the
Administration Server. The Administration Server may not be running. Message
broadcasts to the Administration Server will be disabled.>

Workaround

Make sure that date and time on the WebLogic host and database host are in sync. After making sure date and time are in sync, invoke oimsoaintegrationmbean again.

5.2.2 NullPointerException in the Admin Server Logs

Issue

When you start the admin server, soa_server1, and oim_server1 after installing and configuring the Oracle Identity Governance domain, and then log into the Administrative Console and Enterprise Manager, you can find the following stack trace in the Admin Server logs:

[2019-01-28T22:50:03.042-08:00] [AdminServer] [NOTIFICATION] [J2EE JSP-00068]
[oracle.j2ee.jsp] [tid: [ACTIVE].ExecuteThread: '92' for queue:
'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid:
8dfa55d0-c5cd-4b02-8a96-7b9106ed0437-00000150,0] [APP: em] [partition-name:
DOMAIN] [tenant-name: GLOBAL] [DSID: 0000MYONlm03f5kpGwDCif1SJzSH000002]
invalid taglib uri: http://www.w3.org/2001/XMLSchema, unless non taglib
namespace was intended in a JSP document.
[2019-01-28T22:50:03.070-08:00] [AdminServer] [NOTIFICATION] [J2EE JSP-00068]
[oracle.j2ee.jsp] [tid: [ACTIVE].ExecuteThread: '92' for queue:
'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid:
8dfa55d0-c5cd-4b02-8a96-7b9106ed0437-00000150,0] [APP: em] [partition-name:
DOMAIN] [tenant-name: GLOBAL] [DSID: 0000MYONlm03f5kpGwDCif1SJzSH000002]
invalid taglib uri: http://www.w3.org/2001/XMLSchema, unless non taglib
namespace was intended in a JSP document.
[2019-01-28T22:50:03.274-08:00] [AdminServer] [ERROR] []
[org.apache.myfaces.trinidadinternal.menu.MenuContentHandlerImpl] [tid:
[ACTIVE].ExecuteThread: '92' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: weblogic] [ecid:
8dfa55d0-c5cd-4b02-8a96-7b9106ed0437-00000150,0] [APP: em] [partition-name:
DOMAIN] [tenant-name: GLOBAL] [DSID: 0000MYONlm03f5kpGwDCif1SJzSH000002]
Shared Node Model not created for emas_wlsc_envCluster_breadcrumb. Check for
the existence of the corresponding managed bean in your config files.[[
java.lang.NullPointerException: Shared Node Model not created for
emas_wlsc_envCluster_breadcrumb. Check for the existence of the corresponding
managed bean in your config files.
at
org.apache.myfaces.trinidadinternal.menu.MenuContentHandlerImpl.startElement(M
enuContentHandlerImpl.java:353)
at
com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(Abst
ractSAXParser.java:509)
at
com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElem
ent(AbstractXMLDocumentParser.java:182)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanSta
rtElement(XMLDocumentFragmentScannerImpl.java:1339)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$Fragmen
tContentDriver.next(XMLDocumentFragmentScannerImpl.java:2784)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumen
tScannerImpl.java:602)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDoc
ument(XMLDocumentFragmentScannerImpl.java:505)
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Confi
guration.java:842)
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Confi
guration.java:771)
at
com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)

at
com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAX
Parser.java:1213)
at
com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXP
arserImpl.java:643)
at weblogic.xml.jaxp.WebLogicXMLReader.parse(WebLogicXMLReader.java:133)
at weblogic.xml.jaxp.RegistryXMLReader.parse(RegistryXMLReader.java:170)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:392)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:195) 

This error message is benign and does not have any impact on the functionality.

5.2.3 Error Stack in OIM Managed Server Logs

The following error stack is shown in OIM managed server logs:

Jul 17, 2019 12:35:03,548 AM PDT> <Error>
<oracle.adfinternal.view.page.editor.utils.ReflectionUtility> <WCS-16178>
<Error instantiating class -
oracle.adfdtinternal.view.faces.portlet.PortletDefinitionDTFactory>
<Jul 17, 2019 12:35:03,584 AM PDT> <Warning>
<oracle.adfinternal.view.faces.renderkit.rich.NavigationPaneRenderer>
<BEA-000000> <Warning: There are no items to render for this level>
<Jul 17, 2019 12:35:19,440 AM PDT> <Error> <oracle.iam.platform.kernel.impl>
<IAM-0080075> <XML schema validation failed for XML
/metadata/iam-features-OIMMigration/EventHandlers.xml : eventhandlers and it
will not be loaded by kernel. >
<Jul 17, 2019 12:35:20,261 AM PDT> <Error> <oracle.iam.platform.kernel.impl>
<IAM-0080075> <XML schema validation failed for XML
/metadata/iam-features-sso-integration/event-definition/EventHandlers.xml :
eventhandlers and it will not be loaded by kernel. >
<Jul 17, 2019 12:35:20,490 AM PDT> <Warning>
<oracle.iam.platform.kernel.impl> <IAM-0089999> <Kernel Information:

This is a benign error without any functional impact and can be ignored.

5.2.4 Error in OIM Managed Server Logs

The following error is shown in the OIM managed server logs:

"
<Aug 7, 2019 5:04:50,334 AM PDT> <Error> <XELLERATE.APIS> <BEA-000000>
<Class/Method:
tcITResourceInstanceOperationsBean/updateWithCredentialStoreData encounter
some problems: Parameter User Reservation Container not  present in
credential store. pls check for svr_key:1>
returning the ovd url value :

This is a benign error without any functional impact and can be ignored.

5.2.5 SSL Upgrade Not Supported

If you upgrade Oracle Identity Governance 12c (12.2.1.3.0) with SSL enabled to Oracle Identity Governance 12c (12.2.1.4.0) and start the servers, Identity Self Service and soa-infra are not accessible. This is because upgrading a deployment of Oracle Identity Governance with SSL enabled is not supported in this release.

5.2.6 The User Profile Audit Compression Scheduled Job Does Not Open in Identity System Administration After Upgrade

Issue

After you upgrade Oracle Identity Governance 12c (12.2.1.3.0) to 12c (12.2.1.4.0), the User Profile Audit Compression scheduled job does not open in Identity System Administration, and the following error is shown in the server logs:

Caused By: java.lang.NullPointerException
at
oracle.iam.features.scheduler.agentry.operations.LookupActor.prepare(LookupAct

or.java:1551)
at
oracle.iam.consoles.faces.utils.CanonicUtils.prepareOperation(CanonicUtils.java:169)

This is because the User Profile Audit Compression scheduled task is not seeded in MDS after upgrade.

Workaround

To workaround this issue, seed the scheduled task definition in MDS. To do so:

  1. Create a XML file with any name, for example UpaCompressionScheduleTask.xml.
  2. Add the following scheduled task definition to the XML file and save it.
    <?xml version="1.0"?>
    <scheduledTasks xmlns="http://xmlns.example.com/oim/scheduler">
    <task>
    <name>User Profile Audit Compression</name>
    <class>com.thortech.xl.schedule.tasks.UpaCompressionScheduleTask</class>
    <description>User Profile Audit Compression</description>
    <retry>5</retry>
    <parameters>
    <number-param required="true" encrypted="false" helpText="Number of
    Threads">Number of Threads</number-param>
    <number-param required="true" encrypted="false" helpText="Batch
    Size">Batch Size</number-param>
    <number-param required="false" encrypted="false" helpText="Time Limit in
    mins">Time Limit in mins</number-param>
    </parameters>
    </task>
    </scheduledTasks>
  3. Create a directory structure, for example /scratch/ootbTask/metadata/.
  4. Copy the UpaCompressionScheduleTask.xml file in the /scratch/ootbTask/metadata/ directory.
  5. Log in to Oracle Enterprise Manager Fusion Middleware Control.
  6. Search and open the oracle.mds.lcm:Application=oim,Location=oim_server1,name=MDSAppRuntime,type=M DSAppRuntime MBean.
  7. Click the Operations tab, and use the importMetadata operation.
  8. For the fromLocation parameter, enter /scratch/ootbTask as the value according to this example.
  9. For the docs parameter, enter /metadata/UpaCompressionScheduleTask.xml as the value according to this example.

    The following screenshot shows the example values in the MDSAppRuntime page in System MBean Browser.

    Example values in the MDSAppRuntime page in System MBean Browser while importing the scheduled task definition to MDS
  10. Click Invoke.

    A message about the successful operation is displayed at the top.

    See Importing Metadata Files from MDS for generic steps to import metadata from MDS.

5.3 Multi-Language Support Issues and Workarounds

5.3.1 Locale Drop Down Not Translated for My Information and Modify User Pages

Issue

The Locale list in the My Information page and Modify User page of Identity Self Service are not translated if the browser language is set to any one of the following:

  • Arabic (ar)

  • Hebrew (he)

  • Danish (da)

  • Czech (cs)

  • Dutch (nl)

  • Romanian (ro)

  • Slovak (sk)

  • Norwegian (no)

  • Hungarian (hu)

5.3.2 Search Result Message in the Export Configuration Page Not Translated

Issue

When you perform a default search in the Export Configuration page of the Deployment Manager, the search result message is displayed only in English, and is not translated to other languages.

5.3.3 Some Strings Not Translated on Application Onboarding Screens

Issue

The following text in the application onboarding pages in Identity Self Service are not translated in German:

  • Connector Package: The Connector Package option in the Basic Information page of the Create Application wizard and the Create Authoritative Application wizard

  • Schema: The Schema page of the Create Application wizard and the Create Authoritative Application wizard

  • Name and Connector Name: The Name and Connector Name options in the search list of the Applications page

  • Organization: The Organization tab in the Settings page of the Create Application wizard and the Create Authoritative Application wizard

  • Account Name: The Account Name drop down in the Applications page

  • Provisioning Field: The Provisioning Field column name in the Schema tab of the Create Application wizard and the Create Authoritative Application wizard

  • Action Script: The Action Script buttons in the Applications page

5.3.4 Translation Not Available for Some Catalog Text

Issue

Under the cart details in the Access Request Catalog, translation to other languages is not available for the following text:

You must click Update or Fulfill to apply any changes made in this section.

5.3.5 Translation Not Available for Some Search Types in Deployment Manager Export

Issue

In the Export Configuration page of Oracle Identity System Administration, translation to other languages is not available for some text in the options of the Type drop-down list. The text GTC, IT, JAR, and Plugin are displayed in English.

5.4 Features Not Supported in Oracle Identity Governance 12c (12.2.1.4.0)

The following features are not supported in this release:

Features Unsupported in 12.2.1.4.0 Description
Generic Technology Connector (GTC) Generic Technology Connector for developing custom connectors is not supported in this release.
Segregation of Duties (SoD) using Oracle Application Access Controls Governor (OAACG) SoD check with OAACG is not supported. In this release, SoD and audit violations are managed by using the Identity Audit feature of Oracle Identity Governance. See Managing Identity Audit in Performing Self Service Tasks with Oracle Identity Governance.

5.5 Oracle Identity Governance 12c Database Schema Changes

For information about Oracle Identity Governance database schema changes (DDL) for releases 12c (12.2.1.3.0) and 12c (12.2.1.4.0), see the following My Oracle Support Note at https://support.oracle.com/:

OIG 12c Database Schema Changes (Doc ID 2656103.1)