Monday, April 07, 2014

HTTP-404 on /oamconsole

WeblogicHost versus WeblogicCluster

Despite the fact, the oamconsole can not be clustered, it has to be "clustered". If you ever find yourself in a scenario, where your configure a webgate in front of your OAM Console, make sure you configure it like
############################################## ## Entries Required by Oracle Access Manager ############################################## # OAM Console <Location /oamconsole> SetHandler weblogic-handler WebLogicCluster oamhost1.home.local:7001, oamhost2.home.local:7001 </Location>
This looks wrong, as -when you actually are running the OAM console on oamhost1- you simply cannot navigate to oamhost2.home.local:7001/oamconsole. You *can* navigate to oamhost1.home.local:7001/oamconsole.
As you manually have to reconfigure the adminserver in case of disaster, you may consider putting this in your configuration:
############################################## ## Entries Required by Oracle Access Manager ############################################## # OAM Console <Location /oamconsole> SetHandler weblogic-handler WebLogicCluster oamhost1.home.local:7001 </Location>

This does NOT work

BTDT:
############################################## ## Entries Required by Oracle Access Manager ############################################## # OAM Console <Location /oamconsole> SetHandler weblogic-handler WebLogicHost oamhost1.home.local WebLogicPort 7001 </Location>
This is what the Enterprise Deployment Guide suggests.
My config uses WLS 10.3.6.0.7, OAM 11.1.2.2.0, RedHat Enterprise Linux Server release 6.5 (Santiago), Kernel version 2.6.32-431.el6.x86_64

Symptoms

Your call to /oamconsole is initially redirected, and produces a login screen. You seem to authenticate OKAY, as other screens can be accessed without being re-authenticated.
However, /oamconsole is not displayed, and results in a 404 (Not Found).
Hope this helps!

Sunday, April 06, 2014

OAMSSA-06252 after patching

Once upon a time..

you had a working environment with WebLogic, Access and Identity Management (or Discoverer, or ...) and all of a sudden things start failing.

Symptoms

You notice the dreaded OAMSSA-06252 (Policy Store not Available) while starting up, and start fearing the worst. Also, it seems as-if you cannot login to OAM management console anymore; your credentials are accepted, but you get an "Access Prohibited" error from OAM. Just resending the url (server:port/oamconsole) will get the console.

WLS security Patch 10.3.6.0.7 (WLS patch ID FCX7)

Then, you remember you rolled out Security patch 10.3.6.0.7 (Doc Id 1613601.1) a.k.a. WLS patch ID FCX7 last February. It turn out you need to reread the installation guide for OFM 11.1.2.2.0, in particular the Issues chapter!
Unfortunately, just applying the workaround mentioned in paragraph 2.1.7 is not enough.You must also apply paragraph 2.1.8, but change the "grant codebase" mentioned to:
// Due to patched WLS... FvB 4-apr-2014 grant codeBase "file:/oracle/middleware/patch_wls1036/patch_jars/-" { permission java.security.AllPermission; // original: permission java.lang.RuntimePermission "oracle.*","read"; };
Hope this helps.

Update October 2014 Patch

This issue, now described in another version of the manual, still exists for FSR2. Links altered to workong versions.