Product:
Oracle Access Manager - Version 11.1.2.3 and later
WebLogic - Version 10.3.6.0.12
Symptoms:
While upgrading OIM/OAM integrated environment from 11.1.2.2 to 11.1.2.3 (PS3), "OIMUpgrade.sh online" script needs to be executed.
But it failed with following error:
Error Code: SEVERE: Exception while seeding OIM Resource Policies in OAM
Log trace:
#########################################
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
<HEAD>
<TITLE>Error 404--Not Found</TITLE>
</HEAD>
<BODY bgcolor="white">
<FONT FACE=Helvetica><BR CLEAR=all>
<TABLE border=0 cellspacing=5><TR><TD><BR CLEAR=all>
<FONT FACE="Helvetica" COLOR="black" SIZE="3"><H2>Error 404--Not Found</H2>
</FONT></TD></TR>
</TABLE>
<TABLE border=0 width=100% cellpadding=10><TR><TD VALIGN=top WIDTH=100% BGCOLOR=white><FONT FACE="Courier New"><FONT FACE="Helvetica" SIZE="3"><H3>From RFC 2068 <i>Hypertext Transfer Protocol -- HTTP/1.1</i>:</H3>
</FONT><FONT FACE="Helvetica" SIZE="3"><H4>10.4.5 404 Not Found</H4>
</FONT><P><FONT FACE="Courier New">The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.</p><p>If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.</FONT></P>
</FONT></TD></TR>
</TABLE>
</BODY>
</HTML>
[org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 55; <Line 1, Column 55>: XML-20190: (Fatal Error) Whitespace required.]
at javax.xml.bind.helpers.AbstractUnmarshallerImpl.createUnmarshalException(AbstractUnmarshallerImpl.java:335)
SEVERE: Exception while seeding OIM Resource Policies in OAM
oracle.iam.oimupgrade.exceptions.OIMUpgradeException: Exception while seeding OIM Resource Policies in OAM
at oracle.iam.oimupgrade.standalone.feature.resourceseed.OIMResourceSeedUpgrade.seedOIMResourcePolicies(OIMResourceSeedUpgrade.java:125)
################################################################
Cause:
After applying mandatory patches on WLS 10.3.6 to upgrade to WLS 10.3.6.0.12 (since it's pre-requisite for IDM 11gR2PS3) policies were not able to evaluate.
To Re-produce the issue try to access below URL and login with OAM Admin user, you will see
"Not Authorized" output.
You will see below errors in Admin server logs with Error Code: OAMSSA-06252
#########################################
5su9lZC_zDK6yW1MJrnv000002,0] [APP: oam_admin#11.1.2.0.0] Unable to start policy admin instance[[
oracle.security.am.common.policy.admin.PolicyManagerException: OAMSSA-06252: The policy store is not available; please see the log file for more details.
oracle.security.am.common.policy.admin.PolicyManagerException: OAMSSA-06252: The policy store is not available; please see the log file for more details.
#########################################
Solution:
Upgrade WebLogic from "10.3.6.0.0" to "10.3.6.0.12"
After applying the latest patches to Oracle WebLogic Server, the WL_HOME/server/lib/weblogic.policy file must be edited to include the following entry
grant codeBase "file:MW_HOME/WLS/patch_jars/-" {
permission java.lang.RuntimePermission "oracle.*","read";
};
Example:
grant codeBase "file:/opt/oracle/Middleware/patch_wls1036/patch_jars/-" {
permission java.lang.RuntimePermission "oracle.*","read";
};
Note: Now you should be able to proper output upon access URL (
) with OAM Admin user.
Now execute "OIMUpgrade.sh online" script, it should run without any issues.
Thank you for referring my blog, please post your comments for any queries/suggestions..Have a nice time :)
) with OAM Admin user.
Now execute "OIMUpgrade.sh online" script, it should run without any issues.
Thank you for referring my blog, please post your comments for any queries/suggestions..Have a nice time :)
