Oracle® Fusion Middleware

Oracle® Fusion Middleware
Oracle® Fusion Middleware
Release Notes
11g Release 1 (11.1.1) for Linux x86-64
E14770-56
April 2014
Oracle Fusion Middleware Release Notes, 11g Release 1 (11.1.1) for Linux x86-64
E14770-56
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on
use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your
license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify,
license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means.
Reverse engineering, disassembly, or decompilation of this software, unless required by law for
interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it
on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data
delivered to U.S. Government customers are "commercial computer software" or "commercial technical
data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental
regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the
restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable
by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial
Computer Software License (December 2007). Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA
94065.
This software or hardware is developed for general use in a variety of information management
applications. It is not developed or intended for use in any inherently dangerous applications, including
applications that may create a risk of personal injury. If you use this software or hardware in dangerous
applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other
measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages
caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of
their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks
are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD,
Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced
Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information on content, products,
and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly
disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle
Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your
access to or use of third-party content, products, or services.
Contents
Preface ............................................................................................................................................................... lvii
Audience.....................................................................................................................................................
Documentation Accessibility ...................................................................................................................
Related Documents ...................................................................................................................................
Conventions ...............................................................................................................................................
Part I
1
lvii
lvii
lvii
lvii
Oracle Fusion Middleware
Introduction
Latest Release Information ............................................................................................... 1-1
Purpose of this Document ................................................................................................ 1-1
System Requirements and Specifications ......................................................................... 1-1
Memory Requirements ..................................................................................................... 1-2
Certification Information .................................................................................................. 1-2
Where to Find Oracle Fusion Middleware Certification Information ........................ 1-2
Certification Exceptions ............................................................................................. 1-2
Certification Information for Oracle Fusion Middleware 11g R1 with Oracle
Database 11.2.0.1 ................................................................................................. 1-2
1.5.2.2
Excel Export Issue on Windows Vista Client ....................................................... 1-3
1.5.2.3
Restrictions on Specific Browsers ........................................................................ 1-3
1.5.3
Upgrading Sun JDK From 1.6.0_07 to 1.6.0_11 ........................................................... 1-4
1.5.4
JMSDELIVERYCOUNT Is Not Set Properly .............................................................. 1-4
1.5.5
Viewer Plugin Required On Safari 4 To View Raw XML Source ............................... 1-4
1.6
Downloading and Applying Required Patches ................................................................ 1-4
1.7
Licensing Information ...................................................................................................... 1-5
1.1
1.2
1.3
1.4
1.5
1.5.1
1.5.2
1.5.2.1
2 Installation, Patching, and Configuration
2.1
Installation Issues and Workarounds ............................................................................... 2-1
2.1.1
Issues Pertaining to Oracle SOA Suite Installation .................................................... 2-2
2.1.1.1
Installing Oracle SOA Suite on a Dual Stack Host with IPv4 .............................. 2-2
2.1.1.2
Installing Oracle SOA Suite Release 11.1.1.3.0 in a Turkish Environment ........... 2-2
2.1.1.3
Prerequisite Checks Fail During the Installation of Oracle Portal, Forms, Reports,
and Discoverer 11g Release 1 (11.1.1.2.0) on OEL6 .............................................. 2-2
2.1.2
Issues Pertaining to Oracle Portal, Forms, Reports and Discoverer Installation ........ 2-2
iii
2.1.2.1
2.1.2.2
2.1.2.3
2.1.2.4
2.1.3
2.1.3.1
2.1.3.2
2.1.4
2.1.4.1
2.1.4.2
2.1.4.3
2.1.4.4
2.1.4.5
2.1.4.6
2.1.4.7
2.1.4.8
2.1.4.9
2.1.5
2.1.5.1
2.1.5.2
2.1.5.3
2.1.5.4
2.1.6
2.1.6.1
2.1.6.2
2.1.7
2.1.7.1
2.1.7.2
2.1.7.3
2.1.7.4
2.1.7.5
2.1.8
2.1.8.1
2.1.8.2
2.1.8.3
2.1.9
2.1.9.1
2.1.9.2
iv
Oracle Configuration Manager Fails During Domain Configuration of Oracle
Portal, Forms, Reports, and Discoverer 11g Release 1 (11.1.1.7.0) ....................... 2-3
Considerations When Installing Oracle Portal 11g .............................................. 2-3
Prerequisite Warnings During Installation .......................................................... 2-3
Prerequisite Warnings During Installation .......................................................... 2-4
Issues Pertaining to Oracle Web Tier Installation ...................................................... 2-4
Oracle SOA Suite and Oracle Application Developer Must Be Installed Before
Oracle Web Tier ................................................................................................... 2-4
Oracle Web Tier Silent Install Requires Oracle Web Cache Component Name .. 2-4
Issues Pertaining to Oracle Identity Management Installation .................................. 2-4
WebLogic Administration Server Must Be Running When Extending Oracle
Identity Management Domains ........................................................................... 2-5
Extending the Schema in Oracle Internet Directory ........................................... 2-5
Deinstalling a 11g (11.1.1.7.0) Oracle Internet Directory Instance Does Not Clean
Up the OID Schema ............................................................................................. 2-5
Information about the Oracle Virtual Directory Adapters .................................. 2-6
Enabling the Retry Button ................................................................................... 2-6
Server Startup Failures on Linux Operating Systems .......................................... 2-6
Configuring OPMN Request Port ....................................................................... 2-6
Silent Install with Privileged Ports on Linux Operating Systems ........................ 2-6
JDK Installed in ORACLE_COMMON During WebTier and IDM Installation .. 2-7
Issues Pertaining to JDK and JRE Installation ............................................................ 2-7
Asian Characters are Not Displayed on Oracle Linux 6.1 with JDK Versions Older
Than 6u30 ............................................................................................................ 2-7
Specifying the JRE Location if Installing with Automatic Updates ..................... 2-7
Upgrading Sun JDK in the Oracle Home Directory ............................................ 2-8
Out of Memory Errors When Using JDK 6 Update 23 ......................................... 2-8
Issues Pertaining to Oracle Universal Installer .......................................................... 2-8
Installer Produces Errors When Checking for Software Updates on My Oracle
Support ................................................................................................................ 2-9
Entering the Administrator Password for a Simple Oracle Business Intelligence
Installation on Linux Operating Systems ............................................................ 2-9
Issues Pertaining to Database and Schema Installation ............................................. 2-9
Error Encountered While Loading the Oracle Internet Directory (ODS) Schema 2-9
Setting the Correct Permission for the DBMS_REPUTIL Database Package ....... 2-9
Setting the Correct Permission for the DBMS_JOB Database Package .............. 2-10
Database Connection Failure During Schema Creation When Installing Oracle
Internet Directory .............................................................................................. 2-10
Using RCU 11g Release 1 (11.1.1.1.0) with Oracle Database 11g (11.2.0.1) ........ 2-10
Error Messages and Exceptions Seen During Installation ........................................ 2-10
Error Messages When Installing on IBM AIX 7.1 .............................................. 2-11
JRF Startup Class Exceptions May Appear in Oracle WebLogic Managed Server
Logs After Extending Oracle Identity Management Domain ............................ 2-11
Sun JDK and Oracle Configuration Manager Failures in the Installation Log File ...
2-11
Issues Pertaining to Product Deinstallation ............................................................. 2-11
Proper Deinstallation for Reinstallation in the Event of a Failed Installation .... 2-12
Deinstallation Does Not Remove WebLogic Domains ...................................... 2-12
Oracle Recommends JDK Version 6 Update 29 for Oracle Service Bus 11g Release 1
(11.1.1.7.0) ................................................................................................................ 2-12
2.1.11
Installing Oracle Service Registry in the Same Domain as Oracle SOA Suite .......... 2-12
2.1.12
Problems Installing in Thai and Turkish Locales ..................................................... 2-14
2.2
Patching Issues and Workarounds ................................................................................. 2-15
2.2.1
Applications Will Not Start After WebLogic Server is Updated .............................. 2-15
2.2.2
Issues Pertaining to Patching Oracle SOA Suite ...................................................... 2-15
2.2.2.1
Patch Set Assistant Fails When Updating the SOAINFRA Schema in SQL Server
Databases ........................................................................................................... 2-16
2.2.2.2
Exception Seen When Extending Your Existing Oracle SOA Suite Domain with
Oracle Business Process Management Suite ...................................................... 2-16
2.2.2.3
Exception Seen When Undeploying any SOA Composite with Range-Based
Dimension Business Indicators .......................................................................... 2-17
2.2.2.4
Running Oracle Business Process Management Suite with Microsoft SQL Server
2008 Database .................................................................................................... 2-17
2.2.2.5
Update to Oracle SOA Suite Release 11.1.1.3.0 Does Not Remove the b2b.r1ps1
Property ............................................................................................................. 2-18
2.2.2.6
Manual Steps for Migrating Oracle UMS and Oracle MDS ............................... 2-18
2.2.2.7
Monitored BPEL Processes Generate Warning Messages in Log File After
Applying 11g Release 1 (11.1.1.4.0) Patch Set .................................................... 2-18
2.2.2.8
Oracle Rules Error in Administration Server Log Files After Patching an 11g
Release 1 (11.1.1.2.0) Domain ............................................................................. 2-18
2.2.2.9
Incorrect Instance State of Composite Applications After Applying the Latest
Patch Set ............................................................................................................ 2-19
2.2.3
Issues Pertaining to Patching Oracle WebCenter Portal .......................................... 2-19
2.2.3.1
Problem Using WebCenter Portal: Spaces Customizations with .jsp Pages after
Installing the 11.1.1.7.0 Patch Set ....................................................................... 2-20
2.2.3.2
Errors When Updating Oracle WebCenter Portal Using WLST Commands ..... 2-20
2.2.3.3
Errors When Adding Tagging and Search Task Flows to Pages ........................ 2-20
2.2.3.4
Personalization Settings in Activity Graph Task Flows Lost When WebCenter
Portal is Patched ................................................................................................ 2-20
2.2.3.5
Language Not Displayed in the List of Languages Offered in Spaces .............. 2-20
2.2.4
Issues Pertaining to Patching Oracle Identity Management .................................... 2-20
2.2.4.1
Access Denied When Running the oimPS1PS2upgrade Script .......................... 2-21
2.2.4.2
Installer Prompts for OID Privileged Ports Twice During the Patch Installation .....
2-21
2.2.4.3
Installer Does Not Detect Existing Oracle Home ............................................... 2-21
2.2.4.4
Uploading Third Party JAR Files to the Database ............................................. 2-22
2.2.4.5
Access Policy With Approval Does Not Work After Patch ............................... 2-22
2.2.4.6
OID and OVD Saved Connections Not Available After Patch From 11g Release 1
(11.1.1.2.0) or 11g Release 1 (11.1.1.3.0) .............................................................. 2-23
2.2.4.7
Harmless Error When Running the upgradeOpss() Command When Upgrading
Oracle Identity Management ............................................................................. 2-23
2.2.4.8
Harmless Errors in the Log Files After Patching Oracle Identity Management to
11g Release 1 (11.1.1.4.0) .................................................................................... 2-23
2.2.4.9
Harmless Warning Message When Migrating Oracle Identity Federation from 11g
Release 1 (11.1.1.1.0) to 11g Release 1 (11.1.1.2.0) ............................................... 2-24
2.2.4.10
Harmless Errors Logged When Patching Oracle Identity Management 11g Release
1 (11.1.1.2.0) to 11g Release 1 (11.1.1.3.0) ........................................................... 2-24
2.1.10
v
Harmless Exception Seen When Starting Oracle Identity Management Server 11g
Release 1 (11.1.1.5.0) .......................................................................................... 2-25
Issues Pertaining to Patching System Components ................................................. 2-25
Granting Access to Network-Related Packages for the Oracle Portal Schema .. 2-25
Redeploy System Components to Ensure Proper Deinstallation ...................... 2-26
Setting Execute Permissions for emctl When Migrating System Components .. 2-27
Issues Pertaining to Version Numbers After Patching ............................................. 2-27
Oracle SOA Suite Tasks Not Visible in Firefox Browser After Upgrade ........... 2-27
Some Applications Show Old Version Number After Patching ........................ 2-27
MDS Schema Version Number is Incorrect ....................................................... 2-27
Oracle BI Components Show Incorrect Version Number After Patching .......... 2-28
Adding the Version Number for the odi-sdk-ws Application in config.xml ..... 2-28
Issues Pertaining to Displays During or After Patching .......................................... 2-28
Pages in Oracle Enterprise Manager and Oracle Directory Services Manager do not
Display Correctly .............................................................................................. 2-28
Patch Set Assistant Does Not Display Multi-Byte Characters on Oracle Linux 6 .....
2-29
Patch Set Assistant Does Not Display Multi-Byte Characters on Oracle Linux 6 .....
2-30
Warning and Error Messages Seen as a Result of Patching ..................................... 2-30
Harmless Warnings When Running upgradeOpss() ......................................... 2-31
Harmless Warning Message in Log File When Patching Multiple Products to the
Same Version ..................................................................................................... 2-31
Error When Accessing the Oracle Portal Home Page ........................................ 2-32
Applications Generate javax.xml.bind.JAXBException Runtime Errors After
Installing 11g Release 1 (11.1.1.4.0) Patch Set .................................................... 2-33
Oracle Configuration Manager Fails When Patching Oracle Identity Management and
Oracle Web Tier ....................................................................................................... 2-33
Resolving Oracle Service Bus Object Conflicts ......................................................... 2-34
Manual Step for ODI-BAM Users After Installing 11.1.1.4.0 Patch Set .................... 2-34
Configuration Issues and Workarounds ........................................................................ 2-34
Issues Pertaining to Oracle SOA Suite Configuration .............................................. 2-35
SOAINFRA Schema Contains Invalid Objects in 11g Release 1 (11.1.1.6.0) ....... 2-35
Harmless Exception Seen for Oracle SOA Suite with WebSphere Application
Server ................................................................................................................ 2-35
Oracle SOA Suite Administration Server Fails to Start With Sun JDK on Windows
XP 2002 .............................................................................................................. 2-36
Issues Pertaining to Oracle Identity Management Configuration ............................ 2-36
Oracle Internet Directory Server Does Not Listen on SSL Port ......................... 2-36
Metrics for Oracle Identity Management Components may not be Correctly
Displayed in Enterprise Manager ...................................................................... 2-37
Configuring Oracle Identity Management When WebLogic Node Manager is
Running ............................................................................................................. 2-37
Configuring Oracle Internet Directory with Oracle Data Vault ........................ 2-37
Password Requirements for Oracle Internet Directory Administrator .............. 2-38
Harmless Error Message When Configuring Oracle Identity Federation .......... 2-38
Issues Pertaining to Oracle Identity and Access Management Configuration ......... 2-38
Log Messages Appearing on Console During Oracle Identity Manager Schema
Creation ............................................................................................................. 2-39
2.2.4.11
2.2.5
2.2.5.1
2.2.5.2
2.2.5.3
2.2.6
2.2.6.1
2.2.6.2
2.2.6.3
2.2.6.4
2.2.6.5
2.2.7
2.2.7.1
2.2.7.2
2.2.7.3
2.2.8
2.2.8.1
2.2.8.2
2.2.8.3
2.2.8.4
2.2.9
2.2.10
2.2.11
2.3
2.3.1
2.3.1.1
2.3.1.2
2.3.1.3
2.3.2
2.3.2.1
2.3.2.2
2.3.2.3
2.3.2.4
2.3.2.5
2.3.2.6
2.3.3
2.3.3.1
vi
2.3.3.2
2.3.4
2.3.4.1
2.3.4.2
2.3.5
2.3.5.1
2.3.5.2
2.3.5.3
2.3.6
2.3.6.1
2.3.6.2
2.3.6.3
2.3.7
2.3.7.1
2.3.7.2
2.3.7.3
2.3.8
2.3.9
2.3.10
2.3.11
2.3.12
2.3.13
2.3.14
2.3.15
2.4
2.4.1
2.4.2
2.4.3
2.4.3.1
2.5
2.5.1
2.6
2.6.1
2.6.2
2.6.2.1
Design Console Connectivity Fails Intermittently ............................................. 2-39
Issues Pertaining to the Configuration Wizard ........................................................ 2-39
Starting the Configuration Wizard From a New Window ................................ 2-39
Specify Security Updates Screen Does Not Appear in the Configuration Wizard ....
2-39
Issues Pertaining to the Repository Creation Utility (RCU) ..................................... 2-40
Increasing the Tablespace Size for the MDS Schema ......................................... 2-40
Schemas Are Not Visible After Upgrade of Oracle Identity Management ........ 2-40
RCU Summary Screen Issues ............................................................................ 2-40
Issues Pertaining to Packing and Unpacking a Domain .......................................... 2-40
Ensure There Are No Missing Products When Using unpack.sh or unpack.cmd ....
2-41
Running unpack.sh or unpack.cmd on a Different Host ................................... 2-41
Starting Managed Servers on Remote System After Packing and Unpacking
Domain .............................................................................................................. 2-42
Issues Pertaining to Cluster Configuration .............................................................. 2-42
Extend Domain and Expand Cluster Scenarios with Remote Systems .............. 2-42
Unable to Extend an Existing Domain by Selecting Only Oracle Directory
Integration Platform Without Cluster ............................................................... 2-43
Expand Cluster Requires Changes to the emd.properties File .......................... 2-43
Discoverer URL is not Properly Displayed When Accessed Through SSL .............. 2-43
Cleaning up the JDeveloper Directories for a Failed Deployment on Windows ...... 2-43
OPMN Does Not Start if the LD_ASSUME_KERNEL Environment Variable is Set 2-43
Oracle WebCenter Portal wc-post-install.py Script Not Supported for Oracle RAC
Datasources .............................................................................................................. 2-44
Changing the Listen Address of a Managed Server ................................................. 2-44
Domain Extension Overwrites JDBC Data Source Name ......................................... 2-44
Rerouting to Original URL After SSO Authentication in Firefox and Safari Browsers ...
2-44
Deleting the Browser Cache in Browsers ................................................................. 2-45
Documentation Errata .................................................................................................... 2-45
Incorrect Option Specified in the RCU Online Help ................................................ 2-45
Forms and Reports Builder Not Supported ............................................................. 2-45
Deinstall Instructions Missing for Oracle HTTP Server, Oracle Traffic Director, and
Oracle iPlanet 11g Release 1 WebGates for Oracle Access Manager ........................ 2-45
Deinstalling Oracle HTTP Server, Oracle Traffic Director, and Oracle iPlanet 11g
Release 1 WebGates for Oracle Access Manager ............................................... 2-45
Known Issues ................................................................................................................. 2-47
Forms and Reports Builder Not Supported ............................................................. 2-47
Documentation Errata .................................................................................................... 2-47
Incorrect Option Specified in the RCU Online Help ................................................ 2-47
Deinstall Instructions Missing for Oracle HTTP Server, Oracle Traffic Director, and
Oracle iPlanet 11g Release 1 WebGates for Oracle Access Manager ........................ 2-47
Deinstalling Oracle HTTP Server, Oracle Traffic Director, and Oracle iPlanet 11g
Release 1 WebGates for Oracle Access Manager ............................................... 2-47
3 Upgrade
3.1
General Issues and Workarounds .................................................................................... 3-1
vii
3.1.1
3.1.1.1
3.1.2
3.1.3
3.1.3.1
3.1.3.2
3.1.3.3
3.1.3.4
3.1.3.5
3.1.4
3.1.5
3.1.6
3.1.7
3.1.7.1
3.1.7.2
3.1.7.3
3.1.8
3.1.8.1
3.1.8.2
3.1.8.3
3.1.8.4
3.1.9
3.1.10
3.1.11
3.1.12
3.1.13
3.1.14
3.1.15
3.1.16
3.1.17
3.1.18
3.1.19
3.2
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
viii
Patches Required to Address Specific Upgrade and Compatibility Requirements ... 3-2
Obtaining Patches and Support Documents From My Oracle Support (Formerly
OracleMetaLink) ................................................................................................... 3-5
Unable to Read Composite Model Error During SOA Application Upgrade ............ 3-5
Oracle BAM Upgrade Issues ...................................................................................... 3-5
Datapump Export for Oracle BAM Upgrade Plug-in Fails in Oracle Database 10g
(10.2.0.3), 10g (10.1.2.0.4), and Oracle Database 11g (11.1.0.7) .............................. 3-5
Dependent Alerts Do Not Upgrade Correctly ..................................................... 3-6
Problem Upgrading a Report that Contains Calculated Fields ........................... 3-6
Calculated Fields Reference the Field ID Rather Than Field Names After Upgrade
to Oracle BAM 11g .............................................................................................. 3-6
Using the Oracle BAM 11g Samples After Upgrade from Oracle BAM 10g ........ 3-7
Error When Upgrading Oracle Internet Directory Due to Invalid ODS Schema ....... 3-7
Restore From Backup Required If Upgrade Fails During a Colocated Oracle Internet
Directory and Oracle Directory Integration Platform Upgrade ................................. 3-8
Cannot Verify Oracle Forms Services Upgrade When Oracle HTTP Server is Running
On a Separate Host .................................................................................................... 3-8
WebCenter Security Upgrade Release Notes ............................................................. 3-8
RowSetPermission check fails with compatibility flag set ................................... 3-8
Grants not migrated properly if application contains grants without permissions ..
3-9
Shared/public credentials not found after external application deployed .......... 3-9
Oracle B2B Upgrade Release Notes ........................................................................... 3-9
Service Name Is Required When Using ebMS with Oracle B2B .......................... 3-9
Converting Wallets to Keystores for Oracle B2B 11g ......................................... 3-10
Oracle B2B UCCnet Documents Not Upgraded to 11g ...................................... 3-10
Errors in the Upgrade Log Files Even When Oracle B2B Schema Upgrade is
Successful .......................................................................................................... 3-10
Problem Accessing the Welcome Pages in Oracle HTTP Server After Upgrade ...... 3-10
Misleading Error Message When Upgrading Oracle Internet Directory ................. 3-11
Additional Steps Required When Redeploying the SOA Order Booking Sample
Application on Oracle Fusion Middleware 11g ....................................................... 3-11
Additional Steps Required When Upgrading Human Taskflow Projects ................ 3-12
Stopping Oracle Virtual Directory Processes During Upgrade ............................... 3-13
Providing Input to Upgrade Assistant Screens When Oracle Internet Directory
Upgrade Fails ........................................................................................................... 3-13
Upgrading Oracle Access Manager Middle Tier ..................................................... 3-13
Inaccurate Results When Running the Upgrade Assistant Verify Feature .............. 3-13
Missing jdk_version.log File When Launching Upgrade Assistant ......................... 3-13
Test Suites in Oracle SOA Suite 10g Projects Not Upgraded to 11g ......................... 3-14
Incorrect Wiring When Migrating Certain Oracle SOA Suite 10g Projects to 11g .... 3-14
General Issues and Workarounds for Migrating from 11.1.1.1.0 .................................... 3-14
Stopping the 11.1.1.2.0 Domain ................................................................................ 3-14
Editing the patchMaster.properties File ................................................................... 3-15
Patching the Schema for Oracle Internet Directory .................................................. 3-15
Changing the patchmaster.ValidationErrorContinue Property ............................... 3-15
Changing the Default Setting for Validation Tasks ................................................. 3-15
Severe Error When Running the execute-sql-rcu Macro .......................................... 3-15
Machine Names Do Not Appear in the Oracle WebLogic Server Administration
Console .................................................................................................................... 3-16
3.2.8
Using the Oracle BAM 11g Prepackaged Samples After Migrating from 11.1.1.1.0 . 3-16
3.2.8.1
Configuring the Oracle BAM 11g Samples After Migrating from 11.1.1.1.0 ...... 3-16
3.2.8.2
Using the Foreign Exchange Sample After Migrating from 11.1.1.1.0 ............... 3-16
3.3
Documentation Errata for Upgrade ................................................................................ 3-17
3.3.1
Documentation Errata for the Oracle Fusion Middleware Upgrade Guide for Java EE ..
3-17
3.3.1.1
Clarification of Post-Upgrade Tasks for SSL-Enabled Oracle HTTP Server ...... 3-17
3.2.7
4 Oracle Fusion Middleware Administration
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.3
4.3.1
4.3.2
4.3.3
General Issues and Workarounds .................................................................................... 4-1
Clarification About Path for OPMN .......................................................................... 4-1
Fusion Middleware Control May Return Error in Mixed IPv6 and IPv4 Environment ..
4-2
Deploying JSF Applications ....................................................................................... 4-2
Limitations in Moving from Test to Production ........................................................ 4-2
Limitations in Moving Oracle Business Process Management from Test to Production
Environment .............................................................................................................. 4-5
Message Returned with Incorrect Error Message Level ............................................. 4-5
Configuration Issues and Workarounds .......................................................................... 4-6
Must Stop Oracle SOA Suite Managed Server Before Stopping soa-infra .................. 4-6
Fusion Middleware Control Does Not Keep Column Preferences in Log Viewer Pages
4-6
Topology Viewer Does Not Display Applications Deployed to a Cluster ................. 4-6
Changing Log File Format ......................................................................................... 4-6
SSL Automation Tool Configuration Issues .............................................................. 4-6
Documentation Errata for the Oracle Fusion Middleware Administrator's Guide ................. 4-7
Combining All Oracle Homes in a Single Inventory File ........................................... 4-7
Correction to Link About Supported Databases for MDS .......................................... 4-8
Clarification of Move Plan Properties for Oracle WebCenter Content ....................... 4-8
5 Oracle Enterprise Manager Fusion Middleware Control
5.1
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.1.8
5.1.9
General Issues and Workarounds .................................................................................... 5-1
Product Behavior After a Session Timeout ................................................................ 5-2
Fixing Errors Displayed When Selecting the TopLink Sessions Command in Fusion
Middleware Control .................................................................................................. 5-2
Verifying the DISPLAY Variable to Correct Problems Displaying Graphics ............. 5-2
Incomplete Information Available on the MDS Configuration Page ......................... 5-3
Exceptions When Starting Oracle Web Cache After Accessing Configuration Pages
from Oracle Enterprise Manager Fusion Middleware Control .................................. 5-3
Table Display Problems When Using Some Language Variants ................................ 5-3
Problems When Internet Explorer 7 is Configured to Open Pop-Up Windows in a New
Tab ............................................................................................................................. 5-3
Additional Fusion Middleware Control Release Notes ............................................. 5-3
Problem with Performance Charts After Moving a Chart Region ............................. 5-4
ix
5.1.10
5.1.11
5.1.12
5.1.13
5.1.14
5.1.15
5.1.16
5.1.17
5.2
5.2.1
5.2.2
5.2.3
Display Problems When Running JDK 160_18 on Intel Systems that Support the SSE4.2
Instruction Set ............................................................................................................ 5-4
Adobe Flash Plugin Required When Displaying Fusion Middleware Control in the
Apple Safari Browser ................................................................................................. 5-5
Unable to Access Fusion Middleware Control After Installing the Oracle Identity
Management 11.1.1.4.0 Patch Set ............................................................................... 5-5
Error Message on Deleting the Shared Folder After Scale-Out .................................. 5-5
Coreapplication Process for Oracle Business Intelligence Reported as Down in Fusion
Middleware Control .................................................................................................. 5-5
Online Help Error Message in Enterprise Manager Log Files Can Be Ignored .......... 5-6
Incorrect or Missing Metrics Help Information ......................................................... 5-6
Error When Accessing the Entry Point URL for the NonJ2EEManagement Internal
Application ................................................................................................................ 5-6
Documentation Errata ...................................................................................................... 5-6
Search Unavailable for Some Embedded Administrator's Guides ............................. 5-7
Patching Section in the Fusion Middleware Control Online Help is Not Supported . 5-7
Help Topic for Secure Sockets Layer Tab Needs Updated Description for WebLogic
CA Certificate ............................................................................................................ 5-7
6 Oracle Fusion Middleware High Availability and Enterprise Deployment
General Issues and Workarounds .................................................................................... 6-1
Secure Resources in Application Tier ........................................................................ 6-2
Accessing Web Services Policies Page in Cold Failover Environment ....................... 6-2
Timeout Settings for SOA Request-Response Operations are Not Propagated in a Node
Failure ........................................................................................................................ 6-2
6.1.4
Very Intensive Uploads from I/PM to UCM May Require Use of IP-Based Filters in
UCM Instead of Hostname-Based Filters ................................................................... 6-2
6.1.5
Use srvctl in 11.2 Oracle RAC Databases to Set Up AQ Notification and Server-side
TAF ............................................................................................................................ 6-3
6.1.6
Failover Is Not Seamless When Creating Reports in Oracle BI Publisher .................. 6-4
6.1.7
Cannot Save Agent When Oracle Business Intelligence Managed Server Fails Over 6-4
6.1.8
Installing Additional Oracle Portal, Forms, Reports, and Discoverer Instances After
Upgrading Oracle Single Sign-On 10g to Oracle Access Manager 11g ....................... 6-4
6.1.9
JMS Instance Fails In a BI Publisher Cluster .............................................................. 6-4
6.1.10
Undelivered Records not Recovered During RAC Failover of Singleton SOA Server 6-5
6.1.11
Synchronous BPEL Process Issues ............................................................................. 6-5
6.2
Configuration Issues and Workarounds .......................................................................... 6-5
6.2.1
Fusion Middleware Control May Display Incorrect Status ....................................... 6-6
6.2.2
Accumulated BPEL Instances Cause Performance Decrease ..................................... 6-6
6.2.3
Extra Message Enqueue when One a Cluster Server is Brought Down and Back Up 6-6
6.2.4
Duplicate Unrecoverable Human Workflow Instance Created with Oracle RAC
Failover ...................................................................................................................... 6-6
6.2.5
No High Availability Support for SOA B2B TCP/IP ................................................. 6-7
6.2.6
WebLogic Administration Server on Machines with Multiple Network Cards ......... 6-7
6.2.7
Additional Parameters for SOA and Oracle RAC Data Sources ................................ 6-7
6.2.8
Message Sequencing and MLLP Not Supported in Oracle B2B HA Environments ... 6-8
6.2.9
Credentials not Propagated for Transport Protocols in B2B ...................................... 6-8
6.2.10
Use Fully-Qualified Hostnames when Configuring Front-end Hosts in High
Availability Configurations ....................................................................................... 6-8
6.1
6.1.1
6.1.2
6.1.3
x
6.2.11
6.2.12
6.2.13
6.2.14
6.2.15
6.2.16
6.2.17
6.2.18
6.2.19
6.3
6.4
6.4.1
6.4.1.1
6.4.1.2
6.4.2
6.4.2.1
6.4.2.2
6.4.2.3
6.4.2.4
6.4.2.5
6.4.2.6
6.4.2.7
Managed Server goes into Suspended Status After Oracle RAC Failover ................. 6-8
Primary/Secondary Configuration Section of the Availability Tab is Not Visible .... 6-9
Server Start Parameters Not Getting Set After Scaling Out the Oracle Business
Intelligence Managed Server ...................................................................................... 6-9
Ensuring the Oracle HTTP Server Lock File is on a Local Drive ................................ 6-9
Recreating OSSO Agents that Point to the Load Balancer URL ............................... 6-10
Use Lower-Case Letters for GridLink Data Source RAC Service Name .................. 6-10
Additional Steps Needed for Oracle RTD Request Forwarding to Work Correctly . 6-10
Error INST-08075 Occurs When Scaling Out the BI System ..................................... 6-11
First Defined RAC Instance Must Be Available On Domain Startup When Configuring
with RAC Multi Data Source .................................................................................. 6-12
Testing Abrupt Failures of WebLogic Server When Using File Stores on NFS ............... 6-12
Documentation Errata .................................................................................................... 6-13
Documentation Errata for the Fusion Middleware High Availability Guide ........... 6-13
Latest Requirements and Certification Information .......................................... 6-13
Error in Line to Add to mod_wl_ohs.conf File .................................................. 6-14
Documentation Errata for the Fusion Middleware Enterprise Deployment Guide for
Oracle Identity Management ................................................................................... 6-14
Set -DDomainRegistrationEnabled=true when Starting Node Manager ........... 6-14
Ignore Empty Section in the Oracle Virtual Directory Chapter ......................... 6-14
Installing Identity Management Sections Are Incorrectly Organized ................ 6-15
Errors in Instructions for Using the Guide ........................................................ 6-15
LDIF File Error in Procedure for Creating Users and Groups for Oracle WebLogic
Server ................................................................................................................ 6-15
Run Additional emctl Commands When Extending the Domain with Oracle
Internet Directory or Oracle Virtual Directory .................................................. 6-15
Errors in Section 2.4, Shared Storage and Recommended Directory Structure .. 6-15
7 Oracle Fusion Middleware on IBM WebSphere
7.1
7.1.1
7.1.2
7.1.3
7.1.4
7.1.5
7.1.6
7.1.7
7.1.8
7.1.9
7.1.10
7.1.11
7.1.12
7.1.13
General Issues and Workarounds .................................................................................... 7-1
Log File Error Message when Starting the SOA Server .............................................. 7-2
Save Settings Button Under Accessibility User Preferences Has Incorrect Label ....... 7-3
Oracle Business Process Management Causes java.lang.OutOfMemoryError on IBM
WebSphere Application Server .................................................................................. 7-3
Cannot Create an XA Connection Factory in the IBM WebSphere Administration
Console ...................................................................................................................... 7-3
Accessibility Mode for User Messaging Preferences is Ignored on an IBM WebSphere
Application Server ..................................................................................................... 7-3
Adding Shared Libraries to Deploy a Task Form from Oracle JDeveloper ................ 7-4
Setting Cookie Paths for Oracle SOA Suite Applications ........................................... 7-4
Deploying a SOA Composite Application to a SOA Cluster ...................................... 7-5
Cannot Deploy a SOA Bundle File from Oracle Enterprise Manager Fusion
Middleware Control .................................................................................................. 7-5
One-and-Only-One Event Subscriptions Are Not Supported .................................... 7-5
Deployed Task Form Startup Failure in IBM WebSphere Administration Console ... 7-6
Oracle BPM Worklist Displays as Undefined in Administration Console ................. 7-6
Dashboard Tab May Display Completed SOA Composite Instance States as Running ..
7-8
xi
7.1.14
7.1.15
7.1.16
7.1.17
7.1.18
7.1.19
7.1.20
7.1.21
7.1.22
7.1.23
7.2
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5
7.2.6
7.2.7
7.2.8
7.2.9
7.3
7.3.1
7.3.2
7.3.3
Two-Way SSL Configuration with Oracle SOA Suite Is Not Supported .................... 7-8
Multiple Fault Recovery Failure with the Recover With Options Dialog .................. 7-8
IBM WebSphere Application Server - ND Installation Requires a Server Restart ...... 7-8
Test Emulations of Asynchronous BPEL Processes Fail ............................................ 7-8
SETMANAGEDCONNECTION() Fails with ILLEGALSTATEEXCEPTION for the AQ
Adapter ...................................................................................................................... 7-9
Invalid PolicySet Error When Accessing a Deployed Oracle Fusion Middleware
Application on IBM WebSphere ................................................................................ 7-9
Cannot Stop or Start Oracle Internal Applications From Fusion Middleware Control on
IBM WebSphere ......................................................................................................... 7-9
For the JMS Adapter, Instances Become Recoverable Even Without Failover ......... 7-10
Kerberos and SPNEGO are not supported with Oracle WSM ................................. 7-10
REST Security Policies and Templates Not Certified ............................................... 7-10
Configuration Issues and Workarounds ........................................................................ 7-10
Error Configuring a Cell When IBM WebSphere Installed on Windows 2003 and 2008 .
7-11
Configuring Coherence for a SOA Cluster on IBM WebSphere ............................... 7-11
Limitations When Configuring Oracle Business Activity Monitoring for High
Availability on IBM WebSphere .............................................................................. 7-12
Requests Received by IBM HTTP Server (IHS) Are Routed to the Fusion Middleware
Welcome Page .......................................................................................................... 7-12
Unable to Register WSRP/JPDK Producers Through Pagelet Producer Console on IBM
WebSphere ............................................................................................................... 7-12
Unable to Configure Password Settings Through Pagelet Producer Console on IBM
WebSphere ............................................................................................................... 7-13
Restart of Deployment Manager Required When Configuring Oracle SOA Suite for
High Availability on IBM WebSphere ..................................................................... 7-13
Additional Configurations For SSO Logout on WebSphere .................................... 7-14
java.lang.ClassNotFoundException Error Message seen in the Log File When
Deploying SimpleApprovalTaskFlow on IBM WebSphere ..................................... 7-14
Documentation Errata .................................................................................................... 7-14
Updates to Steps for Patching WebCenter Portal 11.1.1.6.0 Installations to 11.1.1.7.0 ....
7-14
Updates to Steps for Configuring Oracle Business Intelligence for Scaling Out on IBM
WebSphere ............................................................................................................... 7-15
Updates to Section on Upgrading ............................................................................ 7-16
Part II Oracle Development Tools
8 Oracle JDeveloper and Oracle Application Development Framework (ADF)
9 Oracle TopLink
9.1
General Issues and Workarounds .................................................................................... 9-1
9.1.1
TopLink Object-Relational Issues .............................................................................. 9-1
9.1.1.1
Cannot set EclipseLink log level in WLS System MBean Browser ...................... 9-1
9.1.1.2
Incorrect outer join SQL on SQLServer2005 ....................................................... 9-2
9.1.1.3
UnitOfWork.release() not Supported with External Transaction Control ........... 9-2
9.1.1.4
Returning Policy for UPDATE with Optimistic Locking ..................................... 9-2
xii
9.1.1.5
9.1.1.6
9.1.2
9.1.2.1
9.1.2.2
9.1.2.3
9.1.3
9.1.3.1
9.1.4
9.1.5
9.1.6
9.1.7
Part III
JDBC Drivers returning Timestamps as Strings .................................................. 9-3
Unit of Work does not add Deleted Objects to Change Set ................................ 9-3
TopLink Workbench Issues ........................................................................................ 9-3
User Interface Issue ............................................................................................. 9-3
Accessibility ......................................................................................................... 9-3
Running the TopLink Workbench on Windows OS ............................................ 9-3
Oracle Database Extensions with TopLink ................................................................ 9-4
Template JAR for Spatial and XDB Support in Oracle WebLogic Server ............ 9-4
Allowing Zero Value Primary Keys ........................................................................... 9-5
Managed Servers on Sybase with JCA Oracle Database Service ................................ 9-5
Logging Configuration with EclipseLink Using Container Managed JPA ................. 9-5
Grid Cache requires CacheLoader ............................................................................. 9-6
Oracle Virtual Assembly Builder
10 Oracle Virtual Assembly Builder
10.1
Installation and Configuration Issues and Workarounds ............................................... 10-1
10.1.1
Deployer Instance Directory Only Suitable for Use in Deployer-only Installation .. 10-1
10.1.2
Disk Warning Causes Installation Failure ................................................................ 10-1
10.1.3
Errors about Missing Libraries in the VM ................................................................ 10-2
10.1.4
Incorrect sshd_config File in Base Image ................................................................. 10-2
10.1.5
Exceptions in Message Log after Upgrade ............................................................... 10-2
10.2
General Issues and Workarounds .................................................................................. 10-2
10.2.1
Oracle Virtual Assembly Builder Introspection Issues ............................................. 10-2
10.2.1.1
Remote Introspection Must Be Run as Specific Users ........................................ 10-3
10.2.1.2
Unable to Create Secure Connections for Multiple OVMs in a Single Session .. 10-3
10.2.1.3
Do Not Try to Import and Register a Template at the Same Time ..................... 10-3
10.2.1.4
Time Zones Must Match Between Base Image and Reference Systems ............. 10-3
10.2.2
Oracle Virtual Assembly Builder File Set Capture Issues ........................................ 10-3
10.2.2.1
Troubleshooting Template Registration Errors ................................................. 10-3
10.2.2.2
Capturing File Sets with a Different userid than userid of Individual Who Installed
Oracle Virtual Assembly Builder ....................................................................... 10-4
10.2.2.3
Template Status Not Updated ........................................................................... 10-4
10.2.2.4
Oracle Virtual Assembly Builder Instance Directory Should Not Reside in
FMWHOME ...................................................................................................... 10-4
10.2.2.5
Non-Root User Cannot Capture File Sets Owned by Root ................................ 10-4
10.2.3
Oracle Virtual Assembly Builder Deployment Issues .............................................. 10-4
10.2.3.1
Scale Operations and Failed Deployments ........................................................ 10-5
10.2.3.2
Importing Using the ImportAs Option Removes All Deployment Plan Overrides ..
10-5
10.2.3.3
Unresolved IP Addresses Result in Error ......................................................... 10-5
10.2.3.4
Complete Editing Operations on Assemblies Before Creating a Deployment Plan ..
10-5
10.2.3.5
NFS Mounting Not Supported in Reference Systems ........................................ 10-5
10.2.3.6
Firewall Implications for Template Registration ............................................... 10-6
10.2.3.7
Recovering from Unexpected Errors During Deployment ................................ 10-6
10.2.3.8
Deployment Failure Due to 'Too Many Open Files' Error ................................. 10-6
xiii
Other Oracle Virtual Assembly Builder Issues ........................................................ 10-6
Add DNS Button Does Not Work When Using OVAB Studio in Japanese
Language ........................................................................................................... 10-7
10.2.4.2
Large Delete Operations Can Make Oracle Virtual Assembly Builder Studio
Appear to Lock Up ............................................................................................ 10-7
10.2.4.3
Virtual Machine Swap Space ............................................................................. 10-7
10.2.4.4
Top-level Delete Messages in English Only ...................................................... 10-7
10.2.4.5
Export Operation Requires Temporary Local Storage ....................................... 10-7
10.2.4.6
Non-supported Character When Naming Vnets ............................................... 10-7
10.2.4.7
Obsolete Assembly Archives After Download and Import ............................... 10-8
10.2.4.8
Zero-count Appliances Cannot Be Scaled in Oracle Virtual Assembly Builder
Studio ................................................................................................................ 10-8
10.2.4.9
Password Field Is Not Editable When Configuring a New Domain ................. 10-8
10.3
Component Specific Issues ............................................................................................. 10-9
10.3.1
Oracle Virtual Machine ........................................................................................... 10-9
10.3.1.1
Intermittent Errors When Using Oracle VM ..................................................... 10-9
10.3.1.2
Limit Virtual Machine Names to 100 Characters or Less .................................. 10-9
10.3.1.3
Limit Virtual Machine Passwords to 50 Characters or Less .............................. 10-9
10.3.1.4
Limitation on Number of Virtual Disks .......................................................... 10-10
10.3.1.5
VNC Access Only Available through Oracle VM Manager ............................ 10-10
10.3.2
Oracle WebLogic Server Issues .............................................................................. 10-10
10.3.2.1
Forward Slashes in Server Service Names Cause Oracle WebLogic Server
Deployment Failures ....................................................................................... 10-10
10.3.2.2
Applications with JDBC Remap May Need to be Manually Restarted ........... 10-10
10.3.2.3
Applications Accessing Web Services Not Updated at Deployment ............... 10-10
10.3.2.4
Limitation with Oracle WLS Domains Upgraded from 10.3.1 ......................... 10-11
10.3.2.5
Admin URL Required to be Specified When Managed Server is No Longer
Running ........................................................................................................... 10-11
10.3.2.6
WLS Plug-in Does Not Support Changing Ownership of File Sets ................. 10-11
10.3.2.7
Relocating Node Manager Home Not Supported ........................................... 10-11
10.3.2.8
User-specific Changes to Setdomainenv.sh are Not Preserved ....................... 10-11
10.3.3
Oracle Web Cache Issues ....................................................................................... 10-11
10.3.3.1
Protocol Mismatch Error ................................................................................. 10-12
10.3.3.2
Oracle Web Cache Administration Port Not a Privileged Port ....................... 10-12
10.3.3.3
Oracle Web Cache Scaling Issues .................................................................... 10-12
10.3.3.4
Update Virtual Host Map Properties When Making Port Changes ................ 10-12
10.3.4
Oracle Database Issues .......................................................................................... 10-12
10.3.4.1
Deployment Error Due to Database Vault ....................................................... 10-12
10.3.4.2
Use default name LISTENER on Reference Systems ....................................... 10-13
10.3.4.3
Limited Database Configuration Support ....................................................... 10-13
10.3.4.4
Upgraded 10g Oracle Homes Cannot be Introspected .................................... 10-13
10.3.5
Oracle Forms and Oracle Reports Issues ............................................................... 10-13
10.3.5.1
Change nm* Files Ownership .......................................................................... 10-13
10.4
Documentation Errata .................................................................................................. 10-14
10.2.4
10.2.4.1
Part IV Web Tier
xiv
11 Oracle HTTP Server
11.1
11.2
mod_security Reintroduced ........................................................................................... 11-1
Installing OHS 11.1.1.7 with WLS 12g ............................................................................ 11-1
12 Oracle Web Cache
12.1
Configuration Issues and Workarounds ........................................................................ 12-1
12.1.1
Reset the Random Password Generated When Installing Oracle Portal, Forms, Reports,
and Discoverer ......................................................................................................... 12-1
12.1.2
Running Oracle Web Cache Processes as a Different User Is Not Supported .......... 12-2
12.1.3
Using Web Cache in an IPv6 Network ..................................................................... 12-2
12.2
Documentation Errata .................................................................................................... 12-2
12.2.1
Procedure to Enable Generation of Core Dump ...................................................... 12-3
12.2.2
Clarification About Support for CRLs ..................................................................... 12-3
12.2.3
Clarifications About Configuring the CRL Location ................................................ 12-3
Part V Oracle WebLogic Server
13 Oracle WebLogic Server
13.1
General Issues and Workarounds .................................................................................. 13-2
13.1.1
Multi-Byte Characters Display Incorrectly in Filenames When Using Safari ........... 13-2
13.1.2
Oracle WebLogic Server Version Number ............................................................... 13-3
13.1.3
Oracle ojdbc14.jar File Has Been Changed to ojdbc6.jar .......................................... 13-3
13.1.4
Strong Password Enforcement May Cause Issues With WLST Offline Scripts ........ 13-3
13.1.5
In Turkish Locale, MDS Initialization Fails .............................................................. 13-3
13.1.6
Administration Server Reports a 'Too Many Open Files' Message on the EM Console ..
13-3
13.1.7
Availability of Sun JDK 6 U35-B52 for 10.3.5.0 Oracle WLS Generic Installation ..... 13-4
13.2
Administration Console Issues and Workarounds ......................................................... 13-4
13.2.1
Cached JDBC Information is not Displayed ............................................................. 13-5
13.2.2
Pressing Browser Back Button Discards Context ..................................................... 13-5
13.2.3
Unsupported Work Manager Configurations Can Be Created ................................ 13-5
13.2.4
Server Status Table Reflects Inconsistent Information ............................................. 13-5
13.2.5
Exceptions When Defining a Security Policy for an EJB .......................................... 13-5
13.2.6
Administration Console Does Not Always Reflect External Changes Made in a
Deployment Plan ..................................................................................................... 13-6
13.2.7
Oracle OCI Driver Support ...................................................................................... 13-6
13.2.8
Data Takes a Long Time to Display on the Metric Browser Tab .............................. 13-6
13.3
Apache Beehive Support Issues and Workarounds ........................................................ 13-6
13.4
Clustering Issues and Workarounds .............................................................................. 13-6
13.4.1
Threads Are Blocked on Cluster Messaging in Unicast Mode ................................. 13-7
13.5
Configuration Issues and Workarounds ........................................................................ 13-7
13.5.1
ASProvWorkflowException Occurs When Creating a WebLogic Domain .............. 13-7
13.5.2
Directory For a Non-Existent Server Name Is Created ............................................ 13-7
13.5.3
Abnormal Behavior in Terminal Window After Entering WebLogic Password ...... 13-7
13.5.4
Creating and Updating Domains Takes Too Long ................................................... 13-8
13.5.5
Password Field Is Not Editable When Configuring a New Domain ........................ 13-8
xv
13.6
Connector (Resource Adapter) Issues and Workarounds .............................................. 13-8
13.7
Console Extensions Issues and Workarounds ................................................................ 13-8
13.8
Core Server and Core Work Manager Issues and Workarounds ................................... 13-9
13.8.1
Threads Become Stuck While Waiting to Get a Connection .................................... 13-9
13.8.2
Using IPv6-Formatted Addresses ............................................................................ 13-9
13.8.3
Server Cannot Be Started After a Whole Server Migration ...................................... 13-9
13.8.4
Object State is not Retained After Renaming Field ................................................ 13-10
13.8.5
Forcing Unicast Messages To Be Processed in Order ............................................ 13-10
13.8.6
Servers Configured to Listen on a Host Name Are Listening on a Different Host Name
After Startup .......................................................................................................... 13-10
13.8.7
Administration Server or Node Manager Cannot Track the Status of a Managed
Server ..................................................................................................................... 13-11
13.8.8
Multicast Traffic Observed to be Unreliable During or After a Network Partition 13-11
13.9
Deployment Issues and Workarounds ......................................................................... 13-11
13.9.1
security-permission Element is not Available in weblogic-application.xml .......... 13-12
13.9.2
Extraneous String Values Interpreted as File Specification .................................... 13-12
13.9.3
java.lang.NoClassDefFoundError is Displayed ..................................................... 13-12
13.9.4
The restore Method Does Not Update the DConfig Bean With Plan Overrides .... 13-12
13.9.5
config-root <directory> not found Warning Is Displayed When Applying a Plan . 13-13
13.9.6
Deployment Task Fails When a Large Application File Is Deployed ..................... 13-13
13.9.7
Application State Is Not Updated If the Server Starts in MSI Mode ...................... 13-13
13.9.8
Attempting to Redeploy an Application Fails if the Application is Already Deployed
Using a Different Source File Location .................................................................. 13-13
13.10 EJB Issues and Workarounds ....................................................................................... 13-14
13.10.1
Primary Key in Oracle Table is CHAR ................................................................... 13-14
13.10.2
No Available Annotation That Enables Creation of a Clusterable Timer .............. 13-14
13.10.3
Kodo's MappingTool Cannot Generate Schemas ................................................... 13-15
13.10.4
Extensions to the JPA Metadata Model Can Only Be Specified Via Annotations .. 13-15
13.10.5
Lookup Method Injection Not Supported by Spring ............................................. 13-15
13.10.6
Deserializing a JDO PersistenceManagerFactory in a Managed Environment May Fail
13-15
13.10.7
Indexes Not Always Created During Schema Creation ......................................... 13-15
13.10.8
OpenJPA throws an exception when @Id fields are also annotated as @Unique ... 13-15
13.10.9
Cache Hit and Miss Counts May Rise Unexpectedly ............................................. 13-15
13.10.10
Open JPA Tries to Create a Table Even if the Table Exists ..................................... 13-16
13.10.11
EJB Applications Fail During Serialization ............................................................ 13-16
13.10.12
Non-Transactional Message-Driven Bean Container Can Fail to Provide Reproducible
Behavior For Foreign Topics .................................................................................. 13-16
13.11 Examples Issues and Workarounds ............................................................................. 13-16
13.11.1
Security Configuration in medrec.wls.config ........................................................ 13-17
13.11.2
HTML File not Created for StreamParser.java File ................................................ 13-17
13.11.3
Warning Message Appears When Starting Medrec or Samples Domain ............... 13-17
13.12 HTTP Publish/Subscribe Server Issues and Workarounds .......................................... 13-17
13.12.1
Authentication and Authorization of the Local Client is not Supported ............... 13-18
13.12.2
Event Messages Published by Local Clients Cannot Be Received .......................... 13-18
13.12.3
Event Messages Published By Local Clients Do Not Go Through Filters .............. 13-18
13.13 Installation Issues and Workarounds ........................................................................... 13-18
13.13.1
Sybase JDBC Drivers Not Downloaded with Upgrade Installation ....................... 13-18
xvi
Improper Rollback to Previous Installation May Occur After Exiting an Upgrade
Installation Prematurely ........................................................................................ 13-18
13.13.3
WebLogic Server Installer Fails With Insufficient Disk Space Error ...................... 13-19
13.13.4
Installation Fails with Fatal Error ........................................................................... 13-19
13.14 Java EE Issues and Workarounds ................................................................................. 13-19
13.14.1
FastSwap May Relax the Access Modifiers of Fields and Methods ........................ 13-19
13.14.2
FastSwap Does Not Support Redefinition of the Entity Bean and ejbClass .......... 13-19
13.14.3
Classpath Order Is Not Guaranteed When There Are Multiple JARs in an EAR File .....
13-20
13.15 JDBC Issues and Workarounds .................................................................................... 13-20
13.15.1
Call To setTransactionIsolation() May Fail When Using the JDBC Driver for MS
SQLServer .............................................................................................................. 13-20
13.15.2
An Attempt to Access a Remote 10.3.2 or Later WLS Data Source Fails ................ 13-20
13.15.3
ORA-01591 Errors Occur on SOA Servers Configured to Use Multiple Oracle RAC
Nodes ..................................................................................................................... 13-21
13.16 JMS Issues and Workarounds ....................................................................................... 13-21
13.16.1
Deployment Descriptor Validation Fails ................................................................ 13-22
13.16.2
Exception When Multiple Producers Use the Same Client SAF Instance ............... 13-22
13.16.3
Multi-byte Characters are not Supported in Store File and Directory Names ........ 13-22
13.16.4
Generation of the Default UOO Name Has Changed ............................................ 13-22
13.16.5
Testing Abrupt Failures of WebLogic Server When Using File Stores on NFS ...... 13-22
13.16.6
JMS Message Consumers Will Not Always Reconnect After a Service Migration . 13-22
13.16.7
Forcing Unicast Messages To Be Processed in Order ............................................ 13-23
13.17 JNDI Issues and Workarounds ..................................................................................... 13-23
13.18 JSP and Servlet Issues and Workarounds ..................................................................... 13-23
13.18.1
Deployment Plans Cannot Be Used To Override Two Descriptors ........................ 13-23
13.18.2
Spring Dependency Injection Not Supported on JSP Tag Handlers ...................... 13-23
13.18.3
503 Error When Accessing an Application With a Valid sessionid ........................ 13-24
13.19 JTA Issues and Workarounds ....................................................................................... 13-24
13.20 Java Virtual Machine (JVM) Issues and Workarounds ................................................. 13-24
13.20.1
1.4 Thin Client Applet Cannot Contact WebLogic Server ...................................... 13-24
13.20.2
Applications Running on Some Processors May Experience Intermittent Time Issues ..
13-24
13.20.3
JRockit JVM Appears to Freeze When Doing Long Array Copies ......................... 13-25
13.20.4
Serial Version UID Mismatch ................................................................................. 13-25
13.20.5
JVM Stack Overflow .............................................................................................. 13-25
13.20.6
Using AWT libraries May Cause a JVM Crash ...................................................... 13-26
13.21 Monitoring Issues and Workarounds ........................................................................... 13-26
13.21.1
MBean Attributes Not Explicitly Marked as @unharvestable Appear as Harvestable ....
13-26
13.21.2
Events Generated By the JVM Level Are Not Generated at Low Volume ............. 13-26
13.21.3
WLDF Performance Issues Can Occur When JVM Events Are Enabled ................ 13-26
13.22 Node Manager Issues and Workarounds ..................................................................... 13-27
13.23 Operations, Administration, and Management Issues and Workarounds ................... 13-27
13.24 Oracle Kodo Issues and Workarounds ......................................................................... 13-27
13.25 Plug-ins Issues and Workarounds ................................................................................ 13-27
13.25.1
apr_socket_connection Exception Occurs When Using the IIS Plug-In ................. 13-27
13.26 Protocols Issues and Workarounds .............................................................................. 13-27
13.13.2
xvii
13.27 RMI-IIOP Issues and Workarounds ............................................................................. 13-27
13.27.1
Ant 1.7 rmic Task Incompatibility ......................................................................... 13-27
13.28 Security Issues and Workarounds ................................................................................ 13-28
13.28.1
StoreBootIdentity Works Only if the Appropriate Server Security Directory Exists .......
13-28
13.28.2
Boot Time Failure Occurs With SecurityServiceException .................................... 13-28
13.28.3
Authentication Failure After Upgrading a Domain From WLS 6.1 ....................... 13-29
13.28.4
InvalidParameterException Message Generated and Displayed ........................... 13-29
13.28.5
Enabling Both the Authentication and Passive Attributes In SML 2.0 Service Provider
Services Is an Invalid Configuration ...................................................................... 13-29
13.28.6
Running the WebLogic Full Client in a Non-Forked VM ...................................... 13-29
13.28.7
Random Number Generator May Be Slow on Machines With Inadequate Entropy .......
13-30
13.29 SNMP Issues and Workarounds .................................................................................. 13-30
13.30 Spring Framework on WebLogic Server Issues and Workarounds .............................. 13-30
13.30.1
OpenJPA ClassFileTranformer Does Not Work When Running on JRockit .......... 13-31
13.30.2
petclinic.ear Does Not Deploy on WebLogic Server .............................................. 13-31
13.31 System Component Architecture (SCA) Issues and Workarounds .............................. 13-31
13.32 Upgrade Issues and Workarounds ............................................................................... 13-31
13.32.1
Domains Created on WebLogic Server 10.3.1 Cannot Be Run on WebLogic Server 10.3
13-31
13.33 Web Applications Issues and Workarounds ................................................................ 13-31
13.33.1
Administration Console Fails to Implement session-timeout Changes ................. 13-31
13.33.2
Connection Pool Connection Reserve Timeout Seconds Value is Overridden ...... 13-32
13.33.3
Database Connections Become Unstable When a PoolLimitSQLException Occurs ........
13-32
13.33.4
Web Page Fails to Open When Accessing It Using the SSL Port ............................ 13-32
13.34 WebLogic Server Scripting Tool (WLST) Issues and Workarounds ............................. 13-32
13.34.1
Permission Denied Error Occurs for WLST Offline Logging ................................. 13-33
13.34.2
Property Names Containing '.' Characters Are Not Supported by loadProperties 13-33
13.34.3
Invalid cachedir Created by Jython Causes WLST to Error Out ............................ 13-34
13.34.4
WLST returnType='a' Option Returns Child Management Objects ....................... 13-34
13.35 Web Server Plug-Ins Issues and Workarounds ............................................................ 13-35
13.35.1
MOD_WLS_OHS Does Not Fail Over ................................................................... 13-35
13.36 Web Services and XML Issues and Workarounds ........................................................ 13-35
13.36.1
weblogic.wsee.jaxws.mdb.DispatchPolicy WorkManager Cannot Be Found ........ 13-36
13.36.2
Multiple Resize Buffer Calls Occur ........................................................................ 13-36
13.36.3
Troubleshooting Problems When Applying the WebLogic Advanced Web Services for
JAX-WS Extension Template ................................................................................. 13-37
13.36.4
Sparse Arrays and Partially Transmitted Arrays Are Not Supported ................... 13-37
13.36.5
WSDL Compiler Does Not Generate Serializable Data Types ............................... 13-37
13.36.6
Use of Custom Exception on a Callback ................................................................ 13-37
13.36.7
Cannot Use JMS Transport in an Environment That Also Uses a Proxy Server ..... 13-37
13.36.8
clientgen Fails When Processing a WSDL .............................................................. 13-37
13.36.9
JAX RPC Handlers in Callback Web Services Are Not Supported ........................ 13-37
13.36.10
Message-level Security in Callback Web Services Is Not Supported ..................... 13-37
13.36.11
Handling of Java Method Arguments or Return Parameters That Are JAX-RPC-style
JavaBeans ............................................................................................................... 13-38
xviii
IllegalArgumentException When Using a Two-Dimensional XML Object in a JWS
Callback ................................................................................................................. 13-38
13.36.13
Using SoapElement[] Results in Empty Array ....................................................... 13-38
13.36.14
FileNotFound Exception When a Web Service Invokes Another Web Service ...... 13-39
13.36.15
Client Side Fails to Validate the Signature on the Server Response Message ........ 13-39
13.36.16
xmlcatalog Element Entity Cannot Be a Remote File or a File in an Archive ......... 13-41
13.36.17
Catalog File's public Element Is Not Supported When Using XML Catalogs ........ 13-41
13.36.18
Local xmlcatalog Element Does Not Work Well .................................................... 13-41
13.36.19
JAXRPC Client Does Not Encode the HTTP SOAPAction Header With Multi-byte
Characters .............................................................................................................. 13-41
13.36.20
External Catalog File Cannot Be Used in the xmlcatalog Element of clientgen ...... 13-41
13.36.21
Exceptions When Running Reliable Messaging Under Heavy Load ..................... 13-42
13.36.22
ClassNotFound Exception Occurs When Using wseeclient.jar .............................. 13-43
13.36.23
Incomplete Configuration When Adding Advanced Web Services Component to SOA
Domain .................................................................................................................. 13-43
13.36.24
WS-AT Interoperation Issues With WebSphere and WebLogic Server .................. 13-43
13.37 WebLogic Tuxedo Connector Issues and Workarounds .............................................. 13-44
13.37.1
View Classes are not Set on a Per Connection Basis .............................................. 13-44
13.38 Documentation Errata .................................................................................................. 13-44
13.38.1
Issues With Search Function in the Samples Viewer .............................................. 13-44
13.38.2
Japanese Text Displays in Some Search Results Topics Avitek Medical Records .. 13-44
13.38.3
HTML Pages For Downloaded Libraries Do Not Display Properly ...................... 13-45
13.38.4
Evaluation Database Component Is Not Listed For silent.xml .............................. 13-45
13.38.5
Instructions for Reliable SOAP Messaging Code Example Are Incorrect .............. 13-45
13.38.5.1
About the Example .......................................................................................... 13-45
13.38.5.2
Files Used in This Example .............................................................................. 13-47
13.38.5.3
Prepare the Example ....................................................................................... 13-48
13.38.5.4
Run the Example ............................................................................................. 13-50
13.36.12
Part VI Oracle WebCenter Portal
14 Oracle WebCenter Portal
14.1
General Issues and Workarounds .................................................................................. 14-1
14.1.1
Support for Discussions Server from Jive Software ................................................. 14-2
14.1.2
Oracle WebCenter Portal's Pagelet Producer Failover Support ............................... 14-2
14.1.3
Option to Create a Portal Resource Displayed for Design-Time Task Flows ........... 14-3
14.1.4
SQL Query with NCHAR Data Type Throws Exception ......................................... 14-3
14.1.5
Setting Up WNA-Based SSO Using JDK 1.6.22 Produces an Error .......................... 14-3
14.1.6
Configuring the REST Server Post-Installation ........................................................ 14-3
14.1.7
Resources in Framework Application Disappear after Redeployment of Application ...
14-4
14.1.8
Style Sheets Not Loaded Correctly for Sample WSRP Producer Test Pages through
Oracle HTTP Server ................................................................................................. 14-4
14.1.9
Cannot Customize or Personalize a JSF Portlet ........................................................ 14-5
14.1.10
Fallback Support for Custom Translations .............................................................. 14-5
14.1.11
Spaces Do Not Display Correct Language When the Spaces Application is Accessed
Using OAM .............................................................................................................. 14-5
xix
Announcement Publication Format can be Incorrect in Thai ................................... 14-5
Favorite Based on Seeded Page Lost When Language Preference Changed from en-US
14-5
14.1.14
The Run as Servlet Link on Producer Test Page Does Not Work for JSF Portlet ..... 14-5
14.1.15
Using OpenSocial Pagelets to Post Activities to User's Activity Stream .................. 14-6
14.1.16
Accessing Owners' Profile Information Using the OpenSocial API ........................ 14-6
14.1.17
Granting View Document Permissions to Public and Authenticated Users for a
Hierarchical Space ................................................................................................... 14-6
14.1.18
Issues when Using the Russian or Swedish Language ........................................... 14-6
14.1.19
Conditions for Deleting Messages from the Activity Stream ................................... 14-6
14.1.20
Configuring Web Services Security for Discussions Server ..................................... 14-7
14.1.21
Unable to View Entire Content on iPad as Scrollbars Not Displayed ...................... 14-7
14.1.22
RSS Links Not Working Properly on iPad ............................................................... 14-7
14.1.23
Cannot Upload Content Using iPad ........................................................................ 14-7
14.1.24
Cannot Copy Text Displayed on Pages .................................................................... 14-7
14.1.25
Embedded Images Not Rendered ............................................................................ 14-7
14.1.26
Unable to Check Out a Document When Using Firefox First Time ......................... 14-7
14.1.27
Navigating in the Preferences Dialog in Internet Explorer 9 (Accessibility Issue) ... 14-8
14.1.28
Web Clipping Portlet is Deprecated ....................................................................... 14-8
14.1.29
Messages Displayed During Import or Export Appear Incomplete (Accessibility Issue)
14-8
14.1.30
Deployment Fails Because Versioned Applications Are Not Supported ................ 14-8
14.1.31
Some Formatting Lost in Rich Text Editor When Shifting from Rich Text or HTML to
Wiki Markup ........................................................................................................... 14-8
14.1.32
Unable to Access All Nodes in a Large Navigation Model ...................................... 14-8
14.2
Documentation Errata .................................................................................................... 14-9
14.2.1
Oracle SES Active Connection ................................................................................. 14-9
14.2.2
Extending the Spaces Application Using JDeveloper ............................................. 14-9
14.2.3
Using Spaces Extension Samples Whitepaper ......................................................... 14-9
14.2.4
Microsoft Exchange Server 2010 Not Supported ................................................... 14-10
14.2.5
Presence Servers Supported for the IMP Service ................................................... 14-10
14.1.12
14.1.13
Part VII
Oracle SOA Suite and Business Process Management Suite
15 Oracle SOA Suite, Oracle BPM Suite, and Common Functionality
16 Web Services Development, Security, and Administration
16.1
16.2
16.3
16.4
16.5
16.6
16.7
16.8
16.9
xx
Using Multibyte User Credentials with wss_http_token_* Policy .................................. 16-2
Performing a Bulk Upload of Policies ............................................................................ 16-2
Reviewing Policy Configuration Override Values After Detaching a Client Policy ....... 16-3
Removing Post-deployment Customizations ................................................................. 16-3
Reviewing Localization Limitations ............................................................................... 16-3
When Using WLST to Import a Security Policy, the Same Policy May Be Repeatedly
Imported ........................................................................................................................ 16-3
Identity in WSDLs Is Not Used for Enforcement with ADF DC Applications ............... 16-4
Fusion Middleware Control Does Not List Policies When Two Servers Are SSL Enabled
(Two-way SSL) ............................................................................................................... 16-4
Web Service Test Page Cannot Test Input Arguments Bound to SOAP Headers .......... 16-4
16.10
16.11
16.12
16.13
16.14
16.15
16.16
16.17
16.18
16.19
16.20
16.21
16.22
16.23
16.24
16.25
16.26
16.27
16.28
16.29
16.30
16.31
16.32
When Adding SAML Issuer From Fusion Middleware Control the jps-config.xml File Is
Incorrectly Updated ....................................................................................................... 16-4
Patching of Patch Set 1 WebLogic Server Web Services Attached to Custom Polices With
Patch Set 3 Oracle WSM Policy Manager ....................................................................... 16-4
Custom Policy Fails When an Empty Subject Is Passed ................................................. 16-5
Possible Limitation When Using Custom Exactly-one Policies ...................................... 16-5
Ignore "Services Compatibility" Error for Security Policies Used Between Oracle WSM and
WebLogic Server ............................................................................................................ 16-5
Compatible Policies Not Returned When Using JDeveloper Wizard to Attach Oracle WSM
Policies to Web Service Client ........................................................................................ 16-6
SAML Bearer Token Policies Now Signed by Default .................................................... 16-6
Security Policies Do Not Work on Subscriber Mediator Component ............................. 16-6
Policy Table Might Not Show Attached Policies for Some Locales ................................ 16-7
Manual Step Required to Uptake Changes in Predefined Policy ................................... 16-7
Usage Tracking Not Enabled for WebLogic Web Service Client .................................... 16-7
Do Not Attach a Permitall and Denyall Policy to the Same Web Service ....................... 16-7
Additional Quotes in Fusion Middleware Control for Run-time Constraint Input from
WLST .............................................................................................................................. 16-7
Scoped Configuration Override Persists for Subsequent References to the Same Policy 16-8
New Default Settings for Policies ................................................................................... 16-9
Restart Applications to Get an Accurate Policy Usage Count ....................................... 16-9
Kerberos Policy Enforcement Throws an "Unable to Obtain Password from User" Error .....
16-9
The migrateAttachments WLST Command Fails for WebLogic JAX-WS Web Services . 16-9
A Null Pointer Exception Could be Thrown When Verifying a SOAP Message Signature ...
16-10
checkWSMstatus() WLST Command Fails Against a Domain When wsm-pm Targets
Multiple Servers ........................................................................................................... 16-10
Performance Improvements in Web Services Policy Pages .......................................... 16-11
Cross-Domain Policy Manager Configuration is Not Supported in this Release ......... 16-11
The setWebServicePolicyOverride WLST Command Does Not Apply to JAVA EE
(WebLogic) Web Services ............................................................................................. 16-11
Part VIII Communication Services
17 Oracle User Messaging Service
17.1
General Issues and Workarounds .................................................................................. 17-1
17.1.1
UMS Schema Purge Script Now Available .............................................................. 17-1
17.1.2
Permission Grants for Upgraded Domains .............................................................. 17-1
17.1.3
XML File Handle Left Open after Upload Fails ....................................................... 17-2
17.1.4
Messages Metrics Rendered as Unavailable in the Performance Page for User
Messaging Server ..................................................................................................... 17-2
17.1.5
User Messaging Service URLs Unavailable After Restart ........................................ 17-2
17.1.6
User Preferences User Interface Renders Improperly .............................................. 17-2
17.1.7
UMS Cluster Failover May Lose Messages .............................................................. 17-3
17.2
Configuration Issues and Workarounds ........................................................................ 17-3
17.2.1
Enable Extension Driver after Upgrade ................................................................... 17-3
17.2.2
Preseeded Channel for Worklist and Pop-up Drivers Cannot be Removed ............ 17-4
xxi
17.2.3
17.2.4
17.2.5
17.2.6
17.2.7
Worklist Driver Configuration ................................................................................ 17-4
Migrate Custom Business Terms After PS3 Patch .................................................... 17-4
Use Correct SSL Trust Store When Configuring Drivers ......................................... 17-4
User Messaging Service Driver Configuration Changes Not Immediately Effective ......
17-5
Email Notifications Sent Even if You Do Not Change Default Parameters in
driverconfig.xml ...................................................................................................... 17-5
18 Oracle WebLogic Communication Services
18.1
General Issues and Workarounds .................................................................................. 18-1
18.1.1
Active SIP Session and APP Session Count Show as -1 in Clustered Configuration 18-1
18.1.2
Oracle WebLogic Server Pack/Unpack Tool Does Not Function in OWLCS .......... 18-1
18.1.3
Oracle WebLogic Server Cloning Tool Does Not Function in OWLCS .................... 18-1
18.1.4
Messages Metrics Rendered as Unavailable in the Performance Page for User
Messaging Server ..................................................................................................... 18-2
18.2
Configuration Issues and Workarounds ........................................................................ 18-2
18.2.1
Launch_sash Option Error ....................................................................................... 18-2
18.2.2
Same User Who Installed WLS/WLSS Product Must Perform Uninstall ............... 18-2
18.2.3
Uppercase Usernames Cause Reregistration and Presence Subscription Failures ... 18-2
18.2.4
Running the uninstall.sh Script in Text Mode Does Not Uninstall the Product ....... 18-3
18.2.5
SIP Monitor in F5 Networks BigIP Does Not Work in UDP Mode .......................... 18-3
18.2.6
SIP Container Does Not Bind to IPV6 Interfaces for Listening on Windows ........... 18-3
18.2.7
JAWS Unable to Read Some Install Screens ............................................................. 18-3
18.2.8
Configure VoiceXML Driver Receive URLs Correctly ............................................. 18-4
18.3
Documentation Errata .................................................................................................... 18-4
18.3.1
Create a Basic SIP Domain ....................................................................................... 18-4
18.3.2
Create a Custom AUID with OCP (Presence) .......................................................... 18-4
18.3.3
Cannot Create a SIP Server Domain Using Default WebLogic Platform Components ...
18-5
18.3.4
Broken Documentation Links in Some (SIP Server) Translated Files ....................... 18-5
18.3.5
Missing (SIP Server) Online Help Regarding Security Providers ............................ 18-5
Part IX Oracle Identity Management
19 Oracle Adaptive Access Manager
19.1
General Issues and Workarounds .................................................................................. 19-1
19.1.1
OAAM Sessions is Not Recorded When IP Address from Header is an Invalid IP
Address .................................................................................................................... 19-1
19.1.2
Checkpoint Boxes in Session are Displayed with Same Timestamp ........................ 19-2
19.1.3
Autogenerated Agent Cases Display User Specific Data ......................................... 19-2
19.2
Policy Management Issues and Workarounds ............................................................... 19-2
19.2.1
Rule Condition Check Current Transaction Using the Filter Conditions Cannot Be
Configured for Corresponding Attributes of Two Entity Instances ......................... 19-2
19.2.2
Rule Condition to Check Consecutive Transactions Fails Entity Check ................. 19-2
19.2.3
Exclude IP List Parameter for User and Device Velocity Rule Conditions .............. 19-2
19.2.4
OAAM Offline Displays Only the Last Rule Executed Overwriting Previous ......... 19-3
19.2.5
User: Check First Login Time Rule Condition Always Triggers .............................. 19-3
xxii
19.3
Transaction Issues and Workarounds ............................................................................ 19-3
19.3.1
OAAM Displays Only the Last Rule Executed and Overwrites Previous Rules ...... 19-3
19.3.2
OAAM Shows Only 25 Transactions in Session Details .......................................... 19-3
19.3.3
Alerts Are Not Displayed Beyond 25 Transactions ................................................. 19-4
19.3.4
OAAM Transaction Cannot Be Created with Numeric Parameter of More than 16
Digits ....................................................................................................................... 19-4
19.3.5
Transactions in Session Details Duplicated After 25 ................................................ 19-4
19.3.6
Transaction ID Association with Alert Does Not Work ........................................... 19-4
19.3.7
OAAM Console Does Not Display Transaction Status ............................................ 19-4
19.3.8
Transaction Mapping Substring Error for First Character Value ............................. 19-4
19.3.9
Update Time for Entity Is Updated Without Any Change in Entity Data ............... 19-4
19.4
Knowledge-Based Authentication Issues and Workarounds ......................................... 19-4
19.4.1
Registration Logic Page Does Not Display KBA Logic ............................................ 19-5
19.4.2
Answer Logic Abbreviation Resource Was Not Used ............................................. 19-5
19.4.3
Update KBA for FFIEC Compliance ........................................................................ 19-5
19.4.4
Closing Browser on Image and Security Phrase Registration Page .......................... 19-8
19.4.5
OAAM Change Password Does Not Display Any Validation for Password Fields . 19-8
19.4.6
ORA-01722 Occurs During KBA Update ................................................................. 19-8
19.4.7
Registered Questions Are Deleted and Subsequent Challenge Does Not Succeed .. 19-9
19.5
Integration Issues and Workarounds ............................................................................. 19-9
19.5.1
setupOAMTapIntegration.sh Does Not Set oaam.uio.oam.secondary.host.port ..... 19-9
19.5.2
OAAM Does Not Support Juniper Single Sign-On for Authentication and Forgot
Password Flow ......................................................................................................... 19-9
19.5.3
Step Up Authentication Changes .......................................................................... 19-10
19.5.4
TAP: Incorrect Error Message ................................................................................ 19-10
19.5.5
OAAM 11g SOAP Timeout Exception Handling ................................................... 19-11
19.5.6
OAAM Should Call UserManager.Unlock() in the Forgot Password Workflow .. 19-11
19.6
Reporting Issues and Workarounds ............................................................................. 19-11
19.6.1
Alert Message Link in Session Details Page Does Not Open the Alert Details ...... 19-11
19.6.2
OAAM Rules Breakdown Report Does Not Provide Correct Information ........... 19-12
19.7
Configuration Issues and Workarounds ...................................................................... 19-13
19.7.1
Oracle Linux 6 (OEL6) with the Unbreakable Enterprise Kernel (UEK), Oracle Linux 6
(OEL6) with the Red Hat Compatible Kernel, and Red Hat Enterprise Linux 6 (RHEL6)
Certification ........................................................................................................... 19-13
19.7.2
Database Archive and Purge Scripts Missing from Installation ............................ 19-13
19.7.3
Juniper Login Fails Due to Incorrect CN Value and No UID Attribute in SAML
Response ................................................................................................................ 19-14
19.8
Customer Care Issues and Workarounds ..................................................................... 19-14
19.8.1
Investigator Role Overrides CSR Role When Both Roles Are Given to a User ....... 19-14
19.8.2
Scroll Bars Missing from Some Case Management Screens .................................. 19-14
19.8.3
Case Search and Case Details Do Not Display Case Disposition ........................... 19-14
19.8.4
Wrong User Attributed for Last Notes Added If Two Users Concurrently Update Case
Notes ...................................................................................................................... 19-15
19.8.5
Manually Created OAAM Agent Cases Cannot Be Searched by Username or User ID ..
19-15
19.8.6
OAAM Allows Case Ownership Change and Add Notes Actions to Closed Case 19-15
19.8.7
Create Agent Case Configurable Action Displays Wrong Name for Action ......... 19-15
19.8.8
KBA and OTP Failure Counter Reset and Unlock .................................................. 19-15
xxiii
19.9
Performance Issues and Workarounds ......................................................................... 19-16
19.9.1
Out of Memory Error Occurs Scrolling through Sessions Search in OAAM Admin ......
19-16
19.10 Device Fingerprinting Issues and Workarounds .......................................................... 19-16
19.10.1
Errors Occur When Custom Locale is Used in OAAM .NET ................................. 19-16
19.11 Geolocation Data Loader Issues and Workarounds ..................................................... 19-17
19.11.1
Upload of Geolocation Data Causes Unique Constraint Violation ....................... 19-17
19.11.2
IP Location Data Loader Fails If There is a Blank Line in the File .......................... 19-17
19.12 Multi-Language Support Issues and Workarounds ..................................................... 19-17
19.12.1
Session or Cases Page Cannot Open if Browser Language is Italian ..................... 19-17
19.12.2
Session Search and Case Search By Date Range Does Not Work in OAAM Admin
Console When Browser Language is Brazilian Portuguese or Spanish ................. 19-17
20 Oracle Access Manager
20.1
Patch Requirements ....................................................................................................... 20-1
20.1.1
Plain Text Credentials Exposed in Diagnostic Logs when Creating an Identity Store ....
20-1
20.2
General Issues and Workarounds .................................................................................. 20-2
20.2.1
Resource Protected By Federation Shown Without Authentication ........................ 20-3
20.2.2
SSO Authentication Screen Does Does Not Appear If Using Oracle Traffic Director .....
20-4
20.2.3
Issues Registering the OSSO Plugin ......................................................................... 20-4
20.2.4
Modify Authentication Scheme When Upgrading OAM 11.1.1.5 to OAM 11.1.1.7 . 20-4
20.2.5
RemoteRegistrationServerException Seen After PasteConfig IDM (T2P) ................ 20-4
20.2.6
System Error Page Displayed After Login ............................................................... 20-4
20.2.7
T2P Paste Config Operation Fails With Exception ................................................... 20-5
20.2.8
Creating Policies For Webgate 11g .......................................................................... 20-5
20.2.9
Sending Valid Cookie For Embedded BI Content .................................................... 20-5
20.2.10
Incorrect SSO Agent Date/Time Shown to User ..................................................... 20-5
20.2.11
Initial Messages After Webgate Registration Are Not Shown in the User's Locale . 20-6
20.2.12
Single-Click to Open Child Node is Not Supported in the Navigation Tree .......... 20-6
20.2.13
User Credential for Registration Tool Does Not Support Non-ASCII Characters on
Native Server Locale ................................................................................................ 20-6
20.2.14
Turkish and Greek Character Issues on Oracle Access Manager Authentication Page ..
20-6
20.2.15
Oracle Access Manager Authentication Does Not Support Non-ASCII Passwords on
Locales Other than UTF8 ......................................................................................... 20-6
20.2.16
Error Message of Create Agent Shows as Server Locale ......................................... 20-6
20.2.17
Referrals in LDAP Searches ..................................................................................... 20-6
20.2.18
Non-ASCII Resources Require OHS To Restart To Make Protection Take Effect .... 20-7
20.2.19
Non-ASCII Characters on Success/Failure URL Results in Garbled Redirect URL . 20-7
20.2.20
Resource with Non-ASCII Characters Cannot Be Protected by an OSSO Agent ..... 20-7
20.2.21
Error in Administration Server Log from Console Logins ....................................... 20-7
20.2.22
Application Domain Subtree in the Navigation Tree Is Not Rendered and Does Not
Respond to User Actions ......................................................................................... 20-7
20.2.23
editWebgateAgent Command Does Not Give An Error If Invalid Value is Entered 20-7
20.2.24
WLST Command displayWebgate11gAgent In Offline Mode Displays the Webgate
Agent Entry Twice ................................................................................................... 20-8
xxiv
Message Logged at Error Level Instead of at INFO When Servers in Cluster Start . 20-8
Help Is Not Available for WLST Command registeroifdappartner ........................ 20-8
User Must Click Continue to Advance in Authentication Flow ............................... 20-8
OCSP-Related Fields are Not Mandatory ................................................................ 20-9
Database Node is Absent in the Console ................................................................. 20-9
Online Help Provided Might Not Be Up To Date .................................................... 20-9
Oracle Access Manager Audit Report AUTHENTICATIONFROMIPBYUSER Throws a
FROM Keyword Not Found Where Expected Error ................................................ 20-9
20.2.32
Disabled: Custom Resource Types Cannot be Created ............................................ 20-9
20.2.33
Use of a Non-ASCII Name for a Webgate Might Impact SSO Redirection Flows .. 20-10
20.2.34
Authentication Module Lists Non-Primary Identity Stores ................................... 20-10
20.2.35
Unable to Stop and Start OAM Server Through Identity and Access Node in Fusion
Middleware Control .............................................................................................. 20-10
20.2.36
AdminServer Won't Start if the Wrong Java Path Given with WebLogic Server
Installation ............................................................................................................. 20-10
20.2.37
Changing UserIdentityStore1 Type Can Lock Out Administrators ....................... 20-11
20.2.38
Page Layouts and Locales ...................................................................................... 20-11
20.2.39
Some Pages Are Not Correctly Localized .............................................................. 20-11
20.2.40
Non-ASCII Query String Issues with Internet Explorer v 7, 8, 9 ............................ 20-11
20.2.41
Oracle Virtual Directory with SSL Enabled ............................................................ 20-11
20.2.42
Query String Not Properly Encoded ...................................................................... 20-12
20.3
Configuration Issues and Workarounds ...................................................................... 20-12
20.3.1
For mod-osso Value for RedirectMethod Should be "POST" ................................. 20-13
20.3.2
User Wrongly Directed to the Self-User Login after Logging Out of the Oracle Identity
Manager Administration Console .......................................................................... 20-13
20.3.3
11g Webgate Fails to Install with Compact Configuration ..................................... 20-13
20.3.4
Download IBM JDK to Fix Issue with Configuring Remote Administrators ......... 20-15
20.3.5
Auditing Does Not Capture the Information Related to Authentication Failures if a
Resource is Protected Using Basic Authentication Scheme .................................... 20-16
20.3.6
Unable to Access Partner Information on the Production Environment ................ 20-16
20.3.7
Incompatible Msvcirt.dll Files ................................................................................ 20-17
20.3.8
IPv6 Support .......................................................................................................... 20-17
20.3.9
What to Avoid or Note in Oracle Access Manager Configuration ......................... 20-18
20.3.9.1
Unsupported Operations for WLST Scripts ..................................................... 20-18
20.3.9.2
Unsupported Operations for Oracle Access Manager Console and WLST ..... 20-18
20.3.10
Install Guides Do Not Include Centralized Logout Configuration Steps ............... 20-20
20.3.11
NULL Pointer Exception Shown in Administration Server Console During Upgrade ...
20-21
20.3.12
Using Access SDK Version 10.1.4.3.0 with Oracle Access Manager 11g Servers .... 20-21
20.3.13
Finding and Deleting Sessions Using the Console ................................................. 20-21
20.3.14
Non-ASCII Users with Resource Protected by Kerberos Authentication Scheme .. 20-21
20.4
Oracle Security Token Service Issues and Workarounds ............................................. 20-21
20.4.1
No Warnings Given If Required Details are Omitted ............................................ 20-22
20.4.2
New Requester Pages, Internet Explorer v7, and Japanese Locale ......................... 20-22
20.4.3
Delete Button Not Disabled When Tables Have No Rows ..................................... 20-22
20.4.4
Copying an Issuance Template Does Not Copy All Child Elements ..................... 20-22
20.4.5
Apply and Revert Buttons are Enabled .................................................................. 20-23
20.4.6
Only Generic Fault Errors Written to Oracle WSM Agent Logs ............................ 20-23
20.2.25
20.2.26
20.2.27
20.2.28
20.2.29
20.2.30
20.2.31
xxv
20.4.7
Server and Client Key Tab Files Must be the Same Version .................................. 20-23
20.4.8
Default Partner Profile Required for WS-Security ................................................. 20-24
20.4.9
SAML Token Issued When NameID is Not Found ................................................ 20-24
20.5
Integration and Inter-operability Issues and Workarounds ......................................... 20-24
20.5.1
WNA Authentication Does Not Function on Windows 2008 ................................ 20-24
20.5.2
JVM Plug-in Ignores Cookies Marked 'httponly' .................................................. 20-24
20.6
Oracle Access Manager with Impersonation Workarounds ......................................... 20-25
20.6.1
Impersonation Can Fail on Internet Explorer v 7, 8, 9 ........................................... 20-25
20.6.2
With Oracle Access Manager 11g ORA_FUSION_PREFS Cookie Domain is Three Dots
20-25
20.7
Documentation Errata .................................................................................................. 20-26
20.7.1
Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager with
Oracle Security Token Service ............................................................................... 20-26
20.7.2
Oracle Fusion Middleware Developer's Guide for Oracle Access Manager and Oracle
Security Token Service ........................................................................................... 20-26
20.7.3
Oracle Fusion Middleware Integration Guide for Oracle Access Manager ........... 20-26
20.7.3.1
Updates to Prerequisites for OAM-OIM Integration ....................................... 20-26
20.7.3.2
Properties for configOIM Command .............................................................. 20-27
20.7.3.3
Updated Example for Integrating OIF/SP ...................................................... 20-28
21 Oracle Entitlements Server
21.1
General Issues and Workarounds .................................................................................. 21-1
21.1.1
Using Backslash on Oracle Internet Directory Policy Store ..................................... 21-1
21.1.2
Performance Tuning the Oracle Database Policy Store ............................................ 21-2
21.1.3
Action Bar Disappears When Using Internet Explorer 7 ......................................... 21-3
21.1.4
Re-created Application May Not Be Distributed in Controlled Mode ..................... 21-3
21.1.5
Enterprise Manager Doesn't Pick Up Newly Added Audit Events ......................... 21-3
21.1.6
Attributes Passed to Authorization Request Are Treated as Case Sensitive ............ 21-4
21.1.7
Audit Schema Definitions are Incomplete ............................................................... 21-4
21.1.8
Java Security Module on IPv6 Client Not Supported on Windows ......................... 21-4
21.1.9
WebLogic Security Module Policy Distribution Configuration Issue on Windows IPv6
Hosts ........................................................................................................................ 21-5
21.1.10
Validating Attribute Names in Custom Functions .................................................. 21-5
21.2
Configuration Issues and Workarounds ........................................................................ 21-5
21.3
Documentation Errata .................................................................................................... 21-5
22
Oracle Identity Federation
22.1
General Issues and Workarounds .................................................................................. 22-1
22.1.1
Database Table for Authentication Engine must be in Base64 Format ..................... 22-1
22.1.2
Considerations for Oracle Identity Federation HA in SSL mode ............................. 22-1
22.1.3
Database Column Too Short error for IDPPROVIDEDNAMEIDVALUE ................ 22-2
22.2
Configuration Issues and Workarounds ........................................................................ 22-2
22.2.1
WLST Environment Setup when SOA and OIF are in Same Domain ...................... 22-2
22.2.2
Oracle Virtual Directory Requires LSA Adapter ..................................................... 22-3
22.2.3
Settings for Remote WS-Fed SP Must be Changed Dynamically ............................. 22-3
22.2.4
Required Property when Creating a WS-Fed Trusted Service Provider .................. 22-3
22.2.5
Federated Identities Table not Refreshed After Record Deletion ............................. 22-4
xxvi
22.2.6
22.2.7
22.2.8
22.3
22.3.1
22.3.2
22.3.3
Default Authentication Scheme is not Saved ........................................................... 22-4
Configuring 10g to Work with 11g Oracle Identity Federation using Artifact Profile ....
22-4
Regenerating OAM 11g Key Requires Oracle Identity Federation Upgrade Script . 22-5
Documentation Errata .................................................................................................... 22-5
Incorrect Command Cited for BAE Configuration Procedure ................................. 22-5
SP Post-Processing Plug-in Properties for OAM 11g ............................................... 22-6
Short Hostname Redirect Using mod_rewrite Configuration .................................. 22-6
23 Oracle Identity Manager
23.1
Patch Requirements ........................................................................................................ 23-1
23.1.1
Obtaining Patches From My Oracle Support (Formerly OracleMetaLink) .............. 23-1
23.1.2
Patch Requirements for Oracle Database 11g (11.1.0.7) ........................................... 23-1
23.1.3
Patch Requirements for Oracle Database 11g (11.2.0.2.0) ......................................... 23-2
23.1.4
Patch Requirements for Segregation of Duties (SoD) ............................................... 23-3
23.1.5
Patch Upgrade Requirement .................................................................................... 23-3
23.2
General Issues and Workarounds .................................................................................. 23-4
23.2.1
Do Not Use Platform Archival Utility ...................................................................... 23-7
23.2.2
SPML-DSML Service is Unsupported ...................................................................... 23-8
23.2.3
Resource Object Names Longer than 100 Characters Cause Import Failure ............ 23-8
23.2.4
Status of Users Created Through the Create and Modify User APIs ....................... 23-8
23.2.5
Status of Locked Users in Oracle Access Manager Integrations ............................... 23-8
23.2.6
Generating an Audit Snapshot after Bulk-Loading Users or Accounts .................... 23-8
23.2.7
Browser Timezone Not Displayed ........................................................................... 23-8
23.2.8
Date Format Change in the SoD Timestamp Field Not Supported .......................... 23-8
23.2.9
Bulk Loading CSV Files with UTF-8 BOM Encoding Not Supported ...................... 23-9
23.2.10
Date Type Attributes are Not Supported for the Default Scheduler Job, "Job History
Archival" .................................................................................................................. 23-9
23.2.11
Low File Limits Prevent Adapters from Compiling ............................................... 23-10
23.2.12
Reconciliation Engine Requires Matching Rules .................................................... 23-10
23.2.13
SPML Requests Do Not Report When Any Date is Specified in Wrong Format .... 23-10
23.2.14
Logs Populated with SoD Exceptions When the SoD Message Fails and Gets Stuck in
the Queue ............................................................................................................... 23-10
23.2.15
A Backslash (\) Cannot Be Used in a weblogic.properties File .............................. 23-11
23.2.16
Underscore Character Cannot Be Used When Searching for Resources ................ 23-11
23.2.17
Assign to Administrator Action Rule is Not Supported by Reconciliation ............ 23-11
23.2.18
Some Buttons on Attestation Screens Do Not Work in Mozilla Firefox ................. 23-11
23.2.19
The maxloginattempts System Property Causes Autologin to Fail When User Tries to
Unlock .................................................................................................................... 23-12
23.2.20
"<User not found>" Error Message Appears in AdminServer Console While
Setting-Up an Oracle Identity Manager-Oracle Access Manager Integration ........ 23-12
23.2.21
Do Not Use Single Quote Character in Reconciliation Matching Rule ................... 23-12
23.2.22
Do Not Use Special Characters When Reconciling Roles from LDAP .................. 23-12
23.2.23
SoD Check During Request Provisioning Fails While Using SAML Token Client Policy
When Default SoD Composite is Used ................................................................... 23-13
23.2.24
SoD Check Fails While Using Client-Side Policy in Callback Invocation During
Request Provisioning ............................................................................................. 23-13
xxvii
23.2.25
23.2.26
23.2.27
23.2.28
23.2.29
23.2.30
23.2.31
23.2.32
23.2.33
23.2.34
23.2.35
23.2.36
23.2.37
23.2.38
23.2.39
23.2.40
23.2.41
23.2.42
23.2.43
23.2.44
23.2.45
23.2.46
23.2.47
23.2.48
23.2.49
23.2.50
23.2.51
23.2.52
23.2.53
23.2.54
23.2.55
23.2.56
23.2.57
23.2.58
23.2.59
xxviii
Error May Appear During Provisioning when Generic Technology Connector
Framework Uses SPML ......................................................................................... 23-13
Cannot Click Buttons in TransUI When Using Mozilla Firefox ............................. 23-14
LDAP Handler May Cause Invalid Exception While Creating, Deleting, or Modifying a
Role ........................................................................................................................ 23-14
Cannot Reset User Password Comprised of Non-ASCII Characters ..................... 23-14
Benign Exception and Error Message May Appear While Patching Authorization
Policies ................................................................................................................... 23-14
The DateTime Pick in the Trans UI Does Not Work Correctly in the Thai Locale . 23-14
User Without Access Policy Administrators Role Cannot View Data in Access Policy
Reports ................................................................................................................... 23-15
Archival Utility Throws an Error for Empty Date ................................................. 23-15
TransUI Closes with Direct Provisioning of a Resource ........................................ 23-15
Scheduler Throws "ParameterValueTypeNotSupportedException" Instead of
"RequiredParameterNotSetException" .................................................................. 23-15
All New User Attributes Are Not Supported for Attestation in Oracle Identity
Manager 11g .......................................................................................................... 23-16
LDAP GUID Mapping to Any Field of Trusted Resource Not Supported ............. 23-16
User Details for Design Console Access Field Must Be Mapped to Correct Values
When Reading Modify Request Results ................................................................ 23-16
Cannot Create a User Containing Asterisks if a Similar User Exists ...................... 23-16
Blank Status Column Displayed for Past Proxies .................................................. 23-16
Mapping the Password Field in a Reconciliation Profile Prevents Users from Being
Created .................................................................................................................. 23-16
UID Displayed as User Login in User Search Results ............................................ 23-17
Roles/Organizations Browse Trees Disappear ...................................................... 23-17
Entitlement Selection Is Not Optional for Data Gathering ..................................... 23-17
Oracle Identity Manager Server Throws Generic Exception While Deploying a
Connector .............................................................................................................. 23-17
Create User API Allows Any Value for the "Users.Password Never Expires",
"Users.Password Cannot Change", and "Users.Password Must Change" Fields ... 23-17
Incorrect Label in JGraph Screen for the GTC ........................................................ 23-18
Running the Workflow Registration Utility Generates an Error ............................ 23-18
Native Performance Pack is Not Enabled On Solaris 64-bit JVM Install ................ 23-18
Error in the Create Generic Technology Connector Wizard .................................. 23-18
DSML Profile for the SPML Web Service is Not Deployed With Oracle Identity
Manager ................................................................................................................. 23-18
New Human Tasks Must Be Copied in SOA Composites ..................................... 23-18
Modify Provisioned Resource Request Does Not Support Service Account Flag .. 23-19
Erroneous "Query by Example" Icon in Identity Administration Console ............ 23-19
The XL.ForcePasswordChangeAtFirstLogin System Property Is No Longer Used 23-19
The tcExportOperationsIntf.findObjects(type,name) API Does Not Accept the Asterisk
(*) Wilcard Character in Both Parameters .............................................................. 23-19
Disabled Links on the Access Policy Summary Page Opened in Mozilla FireFox . 23-19
Benign Error is Generated on Editing the IT Resource Form in Advanced
Administration ...................................................................................................... 23-19
User Account is Not Locked in iPlanet Directory Server After it is Locked in Oracle
Identity Manager ................................................................................................... 23-20
Oracle Identity Manager Does Not Support Autologin With JavaAgent ............... 23-20
23.2.60
23.2.61
23.2.62
23.2.63
23.2.64
23.2.65
23.2.66
23.2.67
23.2.68
23.2.69
23.2.70
23.2.71
23.2.72
23.2.73
23.2.74
23.2.75
23.2.76
23.2.77
23.2.78
23.2.79
23.2.80
23.2.81
23.2.82
23.2.83
23.2.84
23.2.85
23.2.86
23.2.87
23.2.88
23.2.89
23.2.90
Benign Error Logged on Opening Access Policies, Resources, or Attestation Processes .
23-20
User Locked in Oracle Identity Manager But Not in LDAP ................................... 23-20
Reconciliation Profile Must Not Be Regenerated Via Design Console for Xellerate
Organization Resource Object ................................................................................ 23-20
Benign Error Logged on Clicking Administration After Upgrade ......................... 23-21
Provisioning Fails Through Access Policy for Provisioned User ........................... 23-21
Benign Warning Messages Displayed During Oracle Identity Manager Managed
Server Startup ........................................................................................................ 23-21
Benign Message Displayed When Running the Deployment Manager ................. 23-22
Deployment Manager Export Fails When Started Using Microsoft Internet Explorer 7
With JRE Plugin 1.6_23 .......................................................................................... 23-22
User Creation Fails in Microsoft Active Directory When Value of Country Attribute
Exceeds Two Characters ........................................................................................ 23-22
Deployment Manager Import Fails if Scheduled Job Entries Are Present Prior To
Scheduled Task Entries in the XML File ................................................................ 23-22
Permission on Target User Required to Revoke Resource ..................................... 23-23
Reconciliation Event Fails for Trusted Source Reconciliation Because of Missing
Reconciliation Rule in Upgraded Version of Oracle Identity Manager .................. 23-23
XML Validation Error on Oracle Identity Manager Managed Server Startup ........ 23-23
Cannot View or Edit Adapter Mapping in the Data Object Manager Form of the
Design Console ...................................................................................................... 23-23
Role Memberships for Assign or Revoke Operations Not Updated on Enabling or
Disabling Referential Integrity Plug-in .................................................................. 23-24
Deployment Manager Import Fails if Data Level for Rules is Set to 1 ................... 23-24
Reconciliation Data Displays Attributes That Are Not Modified .......................... 23-24
Benign Errors Displayed on Starting the Scheduler Service When There are Scheduled
Jobs to be Recovered .............................................................................................. 23-24
Trusted Source GTC Reconciliation Mapping Cannot Display Complete Attribute
Names .................................................................................................................... 23-25
Benign Error Logged for Database Connectivity Test ............................................ 23-25
MDS Validation Error When Importing GTC Provider Through the Deployment
Manager ................................................................................................................. 23-26
Encrypted User-Defined Field (UDF) Cannot be Stored with Size of 4000 Characters or
More ....................................................................................................................... 23-30
Request Approval Fails With Callback Service Failure .......................................... 23-30
Localized Display Name is Not Reconciled Via User/Role Incremental Reconciliation
with iPlanet Directory Server ................................................................................. 23-31
LDAP Role Hierarchy and Role Membership Reconciliation With Non-ASCII
Characters Does Not Reconcile Changes in Oracle Identity Manager ................... 23-31
Import of Objects Fails When All Objects Are Selected for Export ........................ 23-31
Benign Audit Errors Logged After Upgrade .......................................................... 23-32
Connector Upgrade Fails if Existing Data is Bigger in Size Than New Column Length .
23-32
Connector Artifacts Count Increases in the Deployment Manager When File is Not
Imported ................................................................................................................ 23-33
Uploading JAR Files By Using the Upload JAR Utility Fails ................................. 23-33
Oracle Identity Manager Data and MT Upgrade Fails Because Change of Database
User Password ....................................................................................................... 23-33
xxix
Reverting Unsaved UDFs Are Not Supported in the Administration Details Page for
Roles and Organizations ........................................................................................ 23-33
23.2.92
Resources Provisioned to User Without Checking Changes in User Status After
Request is Submitted ............................................................................................. 23-34
23.2.93
Starting UCP Connection Pool Fails When Trying to Create User on 64-Bit Microsoft
Windows With JDK 6 ............................................................................................. 23-34
23.2.94
Config.sh Command Fails When JRockit is Installed With Data Samples and Source ...
23-34
23.2.95
Unexpected Memory Usage in Oracle Identity Manager 11g Release 1(11.1.1) ..... 23-35
23.2.96
Reports Link No Longer Exists in the Administrative and User Console .............. 23-35
23.2.97
Not Allowing to Delete a Role Whose Assigned User Members are Deleted ........ 23-35
23.2.98
Roles and Organizations Do Not Support String UDFs of Password Type ........... 23-35
23.2.99
Error on Importing Connector By Using the Deployment Manager ...................... 23-35
23.2.100
Manage Localizations Dialog Box Does Not Open After Modifying Roles ........... 23-36
23.2.101
Not Allowing to Create User With Language-Specific Display Name Values ....... 23-36
23.2.102
SoD Check Results Not Displayed for Requests Created by Users for the PeopleSoft
Resource ................................................................................................................ 23-36
23.2.103
The XL.UnlockAfter System Property and the Automatically Unlock User Scheduled
Job Do Not Take Effect .......................................................................................... 23-36
23.2.104
Resetting Password on Account Lockout Does Not Unlock User .......................... 23-37
23.2.105
Starting Oracle Identity Manager and SOA Server on Some 64-bit Microsoft Windows
Computers for the First Time Takes Time ............................................................. 23-37
23.2.106
Incremental and Full Reconciliation Jobs Cannot Be Run Together ...................... 23-37
23.2.107
Incorrect Content in the ScheduleTask Jars Loaded and Third Party Jars Tables in the
MT Upgrade Report ............................................................................................... 23-37
23.2.108
Scroll Bar Not Available on the Select Connector Objects to Be Upgraded Page of the
Connector Management - Upgrading Wizard ....................................................... 23-37
23.2.109
Adapter Import Might Display Adapter Logic if Compilation Fails Because of
Incorrect Data ........................................................................................................ 23-38
23.2.110
XIMDD Tests Fail in Oracle Identity Manager ....................................................... 23-38
23.3
Configuration Issues and Workarounds ...................................................................... 23-38
23.3.1
Configuring UDFs to be Searchable for Microsoft Active Directory Connectors ... 23-39
23.3.2
Creating or Modifying Role Names When LDAP Synchronization is Enabled ..... 23-39
23.3.3
ADF Issue Causes Oracle Identity Manager to Fail on the Sun JDK ...................... 23-39
23.3.4
Nexaweb Applet Does Not Load In an Oracle Identity Manager and Oracle Access
Manager Integrated Environment ......................................................................... 23-40
23.3.5
Packing a Domain With managed=false Option .................................................... 23-41
23.3.6
Option Not Available to Specify if Design Console is SSL-Enabled ...................... 23-42
23.3.7
Nexaweb Applet Does Not Load in JDK 1.6.0_20 .................................................. 23-42
23.3.8
Error is Generated on Starting Servers With Sun JDK 160_24 (32-bit) on Microsoft
Windows 2008 ....................................................................................................... 23-42
23.3.9
Oracle Identity Manager and Design Console Must be Installed in Different Directory
Paths ...................................................................................................................... 23-42
23.3.10
Error on Adding Organization to User in Windows Explorer 8 ............................ 23-43
23.4
Multi-Language Support Issues and Limitations ......................................................... 23-43
23.4.1
Multi-language Valued Attributes in SPML and Oracle Identity Manager Do Not
Match ..................................................................................................................... 23-44
23.4.2
Login Names with Some Special Characters May Fail to Register ......................... 23-44
23.4.3
The Create Role, Modify Role, and Delete Role Request Templates are Not Available
for Selection in the Request Templates List ........................................................... 23-44
23.2.91
xxx
Parameter Names and Values for Scheduled Jobs are Not Translated ................... 23-45
Bidirectional Issues for Legacy User Interface ....................................................... 23-45
Localization of Role Names, Role Categories, and Role Descriptions Not Supported ....
23-45
23.4.7
Localization of Task Names in Provisioning Task Table Not Supported ............... 23-45
23.4.8
Localization of Search Results of Scheduled Tasks Not Supported ....................... 23-45
23.4.9
Searching for User Login Names Containing Certain Turkish Characters Causes an
Error ....................................................................................................................... 23-45
23.4.10
Localization of Notification Template List Values for Available Data Not Supported ...
23-45
23.4.11
Searching for Entity Names Containing German "ß" (Beta) Character Fails in Some
Features .................................................................................................................. 23-46
23.4.12
Special Asterisk (*) Character Not Supported ........................................................ 23-46
23.4.13
Translated Error Messages Are Not Displayed in UI ............................................. 23-46
23.4.14
Reconciliation Table Data Strings are Hard-coded on Reconciliation Event Detail Page
23-46
23.4.15
Translated Password Policy Strings May Exceed the Limit in the Background Pane .....
23-46
23.4.16
Date Format Validation Error in Bi-Directional Languages ................................... 23-46
23.4.17
Mistranslation on the Create Job page ................................................................... 23-47
23.4.18
E-mail Notification for Password Expiration Cannot Be Created With Arabic Language
Setting .................................................................................................................... 23-47
23.4.19
Translated Justification is Not Displayed in Access Policy-Based Resource
Provisioning Request Detail ................................................................................... 23-47
23.4.20
Additional Single Quotes Displayed in GTC Reconciliation Mapping Page for French
UI ........................................................................................................................... 23-47
23.4.21
Not Allowing to Enter Design Console Password When Server Locale is Set to Simple
Chinese, Traditional Chinese, Japanese, or Korean ................................................ 23-47
23.4.22
Bidirectional Text Not Supported in Nexaweb Pages ............................................ 23-48
23.4.23
Do Not Modify Oracle Identity Manager Predefined System Properties in Non-English
Locale ..................................................................................................................... 23-48
23.4.24
Error Generated When Translated String for System Property Name Exceeds
Maximum Allowed Length in PTY_NAME Column ............................................. 23-48
23.4.25
Password Notification is Not Sent if User Login Contains Special Characters ...... 23-48
23.4.26
Reset Password Fails if User Login Contains Lowercase Special Characters ......... 23-49
23.4.27
Email Notification Not Send Per Preferred Locale ................................................. 23-49
23.4.28
Help Contents Displayed in English on Non-English Browsers ............................ 23-49
23.5
Documentation Errata .................................................................................................. 23-49
23.4.4
23.4.5
23.4.6
24 Oracle Identity Navigator
24.1
General Issues and Workarounds .................................................................................. 24-1
24.1.1
Avoid Selecting Reset Page in Dashboard Edit Mode .............................................. 24-1
24.1.2
How to Navigate Product Registration Using the Keyboard ................................... 24-1
24.1.3
How to Navigate Product Discovery When Using the Keyboard ............................ 24-2
24.1.4
Color Contrast is Inadequate for Some Labels in Edit Mode ................................... 24-2
24.1.5
No Help Topic in Dashboard Edit Mode ................................................................. 24-2
24.1.6
Customization Problem in Internet Explorer 7 ....................................................... 24-2
24.1.7
Discovery Problem in Internet Explorer 7 ................................................................ 24-2
xxxi
How to Navigate BI Publisher Configuration When Using the Keyboard .............. 24-2
User Missing From Common Admin Role Search Results ....................................... 24-2
Unable to View Users After Log in Or Log In Fails In Oracle Identity Manager
Environment ............................................................................................................ 24-3
24.1.11
Horizontal Scroll-bar Missing in Discovery Wizard ................................................ 24-3
24.2
Configuration Issues and Workarounds ........................................................................ 24-3
24.2.1
No Oracle Icon is Visible in HTML Reports ............................................................. 24-4
24.2.2
Problems with Administration Screen When Using JAWS Screen Reader .............. 24-4
24.2.3
SSO-Protected Consoles Must Be Configured by Name and Domain ..................... 24-4
24.3
Documentation Errata .................................................................................................... 24-4
24.3.1
IPv4/IPv6 Translation Issues ................................................................................... 24-4
24.1.8
24.1.9
24.1.10
25 Oracle Internet Directory
25.1
General Issues and Workarounds .................................................................................. 25-1
25.1.1
Cloned Oracle Internet Directory Instance Fails or Runs Slowly ............................. 25-2
25.1.2
Oracle Internet Directory Fails to Start on Solaris SPARC System Using ISM ......... 25-3
25.1.3
Custom Audit Policy Settings Fail When Set Through Enterprise Manager ............ 25-4
25.1.4
Deleting Mandatory attributeTypes Referenced by objectClass is Successful .... 25-5
25.1.5
Oracle Unified Directory 11.1.2.0 orclguid Attribute is Not Mapped for Server
Chaining .................................................................................................................. 25-5
25.1.6
ODSM is Not Displaying Online Help Correctly in Internet Explorer 11 ................ 25-5
25.1.7
ODSM Browser Window Becomes Unusable .......................................................... 25-5
25.1.8
Bulkmodify Might Generate Errors ......................................................................... 25-5
25.1.9
Turkish Dotted I Character is Not Handled Correctly ............................................. 25-5
25.1.10
OIDCMPREC Might Modify Operational Attributes .............................................. 25-6
25.1.11
OIDREALM Does Not Support Realm Removal ..................................................... 25-6
25.1.12
Apply Patch to Oracle Database 11.2.0.1.0 to Fix Purge Job Problem ...................... 25-6
25.1.13
SQL of OPSS ldapsearch Might Take High %CPU .................................................. 25-6
25.1.14
If you Start the Replication Server by Using the Command Line, Stop it Using the
Command Line ........................................................................................................ 25-6
25.1.15
ODSM Problems in Internet Explorer 7 ................................................................... 25-7
25.2
Configuration Issues and Workarounds ........................................................................ 25-7
25.2.1
Re-Create Wallet After Moving Oracle Internet Directory from Test to Production 25-7
25.3
Documentation Errata .................................................................................................... 25-7
25.3.1
Description of the orclrevpwd Attribute Needs Clarification .................................. 25-8
25.3.2
LDAP Commands Do Not Support the -k|-K Option ............................................. 25-8
25.3.3
Description of the orclOIDSCExtGroupContainer Attribute Needs Clarification .... 25-8
25.3.4
Setting Up LDAP Replication Needs Clarification .................................................. 25-8
25.3.5
Password Expired Response Control is Not Documented ....................................... 25-9
25.3.6
Configuring the SSO Server for ODSM Integration Needs Clarification ................. 25-9
25.3.7
Determining Expired Users in Oracle Internet Directory ........................................ 25-9
25.3.8
New Superuser Account Must be Direct Member of DirectoryAdminGroup Group .......
25-10
25.3.9
SSL Authentication Mode 1 and Anonymous SSL Ciphers Need Clarification ..... 25-10
25.3.10
Documentation of Replication Server Control and Failover is Incomplete ............ 25-11
25.3.11
Server Restart After Adding an Encrypted Attribute is Not Documented ............ 25-11
25.3.12
PASSWORD_VERIFY_FUNCTION Must be Set to NULL to Work with RCU is Not
Documented .......................................................................................................... 25-11
xxxii
25.3.13
25.3.14
Setting Up Oracle Internet Directory SSL Mutual Authentication ......................... 25-12
Replication Instructions in Tutorial for Identity Management are Incomplete ...... 25-12
26 Oracle Platform Security Services
26.1
Configuration Issues and Workarounds ........................................................................ 26-1
26.1.1
Oracle Fusion Middleware Audit Framework ......................................................... 26-1
26.1.1.1
Configuring Auditing for Oracle Access Manager ............................................ 26-2
26.1.1.2
Audit Reports do not Display Translated Text in Certain Locales .................... 26-2
26.1.1.3
Audit Reports Always Display in English ......................................................... 26-2
26.1.1.4
Audit Store Does not Support Reassociation through EM ................................ 26-2
26.1.1.5
OWSM Audit Events not Audited ..................................................................... 26-2
26.1.2
Trailing '\n' Character in Bootstrap Key .................................................................. 26-3
26.1.3
Users with Same Name in Multiple Identity Stores ................................................. 26-3
26.1.4
Script listAppRoles Outputs Wrong Characters ...................................................... 26-4
26.1.5
Propagating Identities over the HTTP Protocol ....................................................... 26-4
26.1.5.1
Addition to Section Propagating Identities over the HTTP Protocol ................. 26-4
26.1.5.2
Correction to Section Client Application Code Sample ..................................... 26-4
26.1.5.3
Correction to Section Keystore Service Configuration ...................................... 26-4
26.1.5.4
Updating the Trust Service Configuration Parameters ...................................... 26-4
26.1.6
Pool Configuration Missing in Identity Store .......................................................... 26-5
26.2
Documentation Errata .................................................................................................... 26-5
26.2.1
Updated Configuration for Role Category ............................................................... 26-6
26.2.2
Correct setAuditRepository Command Reference Example .................................... 26-6
26.2.3
Demo CA Certificate not for Production Use ........................................................... 26-6
26.2.4
Incorrect Link to ILM Content ................................................................................. 26-7
26.2.5
Incorrect Table Title in Appendix C ......................................................................... 26-7
26.2.6
Clarification of Note in Appendix C ........................................................................ 26-7
26.2.7
Notes Regarding Need for Server Restarts .............................................................. 26-7
27 SSL Configuration in Oracle Fusion Middleware
27.1
General Issues and Workarounds .................................................................................. 27-1
27.1.1
Incorrect Message or Error when Importing a Wallet .............................................. 27-1
28 Oracle Directory Integration Platform
28.1
General Issues and Workarounds .................................................................................. 28-1
28.1.1
Enabling the Domain-Wide Administration Port on Oracle WebLogic Server Prevents
use of the DIP Command Line Interface .................................................................. 28-1
28.1.2
The AttrMapping Rule dnconvert() function is not Working During Directory
Synchronization ....................................................................................................... 28-2
28.1.3
The Oracle Password Filter for Microsoft Active Directory is not Certified for use With
Oracle Unified Directory or Oracle Directory Server Enterprise Edition ................. 28-2
28.1.4
LDIF Files That Contain Non-ASCII Characters Will Cause the testProfile
Command Option to Fail if the LDIF File has Native Encoding .............................. 28-2
28.1.5
Some Changes May Not Get Synchronized Due to Race Condition in Heavily-Loaded
Source Directory ...................................................................................................... 28-3
28.1.6
Synchronization Continues After Stopping Oracle Directory Integration Platform 28-3
xxxiii
28.1.7
Certain Queries and Provisioning Profile Functionality may Fail on JDK 1.6 u 21 .. 28-3
28.2
Configuration Issues and Workarounds ........................................................................ 28-3
28.2.1
Update the Mapping Rule for Novell eDirectory .................................................... 28-4
28.2.2
Do not use localhost as Oracle Internet Directory Hostname When Configuring Oracle
Directory Integration Platform ................................................................................ 28-4
28.2.3
You may Need to Restart the Directory Integration Platform After Running
dipConfigurator Against Oracle Unified Directory ................................................. 28-4
28.2.4
When Configuring a Profile, you may Need to Scroll Past a Section of Whitespace to
View Mapping Rules .............................................................................................. 28-4
28.2.5
Resource Usage Charts will not Display if Multiple IDM Domains are Running on the
Same Host ................................................................................................................ 28-5
28.3
Documentation Errata .................................................................................................... 28-5
29 Oracle Virtual Directory
29.1
General Issues and Workarounds .................................................................................. 29-1
29.1.1
Oracle Virtual Directory Fails to Start When Unsupported Ciphersuite for Listener SSL
Config is Selected in Enterprise Manager ................................................................ 29-2
29.1.2
EUS Adapter Creation Failed .................................................................................. 29-2
29.1.3
Manually Edit adapters.os_xml File When Creating DB Adapter For Sybase ......... 29-3
29.1.4
ODSM Version Does Not Change in Enterprise Manager after Patching ODSM to
11.1.1.6.0 ................................................................................................................... 29-3
29.1.5
ODSM Bug Requires Editing of odsmSkin.css File .................................................. 29-3
29.1.6
Oracle Directory Services Manager Browser Window is Not Usable ...................... 29-4
29.1.7
Exceptions May Occur in Oracle Directory Services Manager When Managing
Multiple Oracle Virtual Directory Components and One is Stopped ...................... 29-4
29.1.8
Identifying the DN Associated with an Access Control Point in Oracle Directory
Services Manager ..................................................................................................... 29-5
29.1.9
Issues With Oracle Virtual Directory Metrics in Fusion Middleware Control ......... 29-5
29.1.9.1
Configuring Operation-Specific Plug-Ins to Allow Performance Metric Reporting
in Fusion Middleware Control After Upgrading to 11g Release 1 (11.1.1) ........ 29-5
29.1.10
Using a Wildcard when Performing an LDAPSEARCH on a TimesTen Database
Causes an Operational Error .................................................................................... 29-7
29.1.11
ODSM Version 11.1.1.4.0 Does Not Support OVD Versions 11.1.1.2.0 or 11.1.1.3.0 29-7
29.1.12
ODSM Version 11.1.1.5.0 Does Not Support OVD Versions 11.1.1.2.0, 11.1.1.3.0, or
11.1.1.4.0 .................................................................................................................. 29-7
29.1.13
ODSM Version 11.1.1.6.0 Does Not Support OVD Versions 11.1.1.2.0, 11.1.1.3.0,
11.1.1.4.0, or 11.1.1.5.0 ............................................................................................. 29-8
29.1.14
Users with Non-ASCII Names Might Encounter Problems when Using ODSM with
SSO .......................................................................................................................... 29-8
29.1.15
Creating an Attribute/Object Class Throws NPE Error .......................................... 29-8
29.1.16
Patch Required to Enable Account Lockout Feature ................................................ 29-8
29.1.17
ODSM Problems in Internet Explorer 7 ................................................................... 29-8
29.1.18
Strings Related to New Enable User Account Lockout Feature on EUS Wizard Are Not
Translated ................................................................................................................ 29-8
29.1.19
All Connections Created In ODSM 11.1.1.1.0 Are Lost After Upgrading to OVD or OID
Version 11.1.1.7.0 ..................................................................................................... 29-8
29.1.20
Incorrect ODSM Version Displays in Enterprise Manager Console After OVD
Upgrade ................................................................................................................... 29-9
29.1.21
Connection Issues to OVD ....................................................................................... 29-9
xxxiv
ODSM Version 11.1.1.70 Does Not Support OVD Versions 11.1.1.2.0, 11.1.1.3.0,
11.1.1.4.0, 11.1.1.5.0, or 11.1.1.6.0 ........................................................................... 29-10
29.1.23
Modify Completes When Updating a Mandatory Attribute to Null ...................... 29-10
29.1.24
Online Help Section is Not Working ...................................................................... 29-10
29.2
Configuration Issues and Workarounds ...................................................................... 29-10
29.2.1
Configuring an OVD/OID Adapter For SSL Mutual Authentication .................... 29-10
29.3
Documentation Errata .................................................................................................. 29-10
29.3.1
Deploying Oracle Unified Directory with Oracle Virtual Directory ...................... 29-10
29.1.22
30 Oracle Authentication Services for Operating Systems
30.1
30.2
What is New with Oracle Authentication Services for Operating Systems 11.1.1.3 ? ..... 30-1
General Issues and Workarounds .................................................................................. 30-1
Part X Oracle Portal, Forms, Reports and Discoverer
31 Oracle Business Intelligence Discoverer
31.1
General Issues ................................................................................................................ 31-1
31.1.1
Error while Accessing a Discoverer Menu Option in Enterprise Manager .............. 31-2
31.1.2
Issues with Metadata Repository and Oracle Database 10g Release 1 ..................... 31-2
31.1.3
Compatibility Issues with Required Support Files .................................................. 31-3
31.1.4
Serif Font Issue in Worksheets ................................................................................. 31-3
31.1.5
Additional Fonts Required for Non-ASCII Data When Exporting to PDF ............... 31-4
31.1.6
Query Prediction Requires the Majority of the Query Time .................................... 31-4
31.1.7
Word Wrapping Behavior with Oracle BI Discoverer Plus and Oracle BI Discoverer
Viewer ...................................................................................................................... 31-4
31.1.8
Applet Appears Behind Browser Window .............................................................. 31-5
31.1.9
Issues with Mac OS X Browser and Oracle BI Discoverer Plus ................................ 31-5
31.1.10
Issues with Turkish Regional Settings ..................................................................... 31-5
31.1.11
Multibyte Characters Rendered as Square Boxes in Exported PDF and Other Formats .
31-6
31.1.12
Java Plug-in Not Downloaded Automatically on Firefox ........................................ 31-6
31.1.13
HTTP 404 Error While Accessing Discoverer on a Remote Machine ....................... 31-6
31.1.14
Error While Launching Discoverer Plus Applet on an IPv6 Environment ............... 31-6
31.1.15
Error While Updating the Discoverer Web Services Configuration Parameter ....... 31-6
31.1.16
Exception Logged for Discoverer Web-Based Applications in an Extended Domain .....
31-7
31.1.17
Issue with Discoverer Application URL in Fusion Middleware Control after a Backup
Recovery .................................................................................................................. 31-8
31.1.18
Incorrect Version Number for Discoverer in Fusion Middleware Control 11g ........ 31-8
31.1.19
Oracle BI Discoverer Startup Fails after Shutdown .................................................. 31-8
31.1.20
The Database Export and Import Utility does not Work with Applications Mode EUL .
31-8
31.1.21
Install-level Scripts are not Updated in Existing Instances after Patching .............. 31-9
31.2
Issues Specific to Oracle BI Discoverer Plus Relational .................................................. 31-9
31.2.1
Text Appearing Truncated or Clipped ..................................................................... 31-9
31.2.2
Non-ASCII Characters Not Saved Correctly in Title or Text Area ........................... 31-9
31.2.3
Canceling Query Causes Discoverer to Hang ........................................................ 31-10
xxxv
Nonaggregable Values Not Displayed for Scheduled Workbooks ........................ 31-10
Migrating Oracle BI Discoverer Plus Relational Worksheets from Oracle BI Discoverer
Desktop .................................................................................................................. 31-10
31.3
Issues Specific to Oracle BI Discoverer Plus OLAP ...................................................... 31-10
31.3.1
Issues with Applet Download ............................................................................... 31-11
31.3.2
Disabled Netscape and Mozilla Browsers .............................................................. 31-11
31.3.3
Tabbing Fails to Synchronize Menus ..................................................................... 31-11
31.3.4
Esc Key Fails to Close Certain Dialogs ................................................................... 31-11
31.3.5
Link Tool Works Incorrectly in Some Locales ........................................................ 31-11
31.3.6
Memory Issues when Exporting Extremely Large Graphs .................................... 31-11
31.3.7
Issue While Printing Worksheets with Large Data Values .................................... 31-11
31.3.8
Issues with Titles and Text Areas .......................................................................... 31-11
31.3.9
Errors with JAWS and Format Dialogs .................................................................. 31-12
31.4
Issues Specific to Oracle BI Discoverer Portlet Provider .............................................. 31-12
31.4.1
Inability to Turn Off Display of Range Min and Max as Labels ............................. 31-12
31.4.2
Issues with Discoverer Portlets in WebCenter ....................................................... 31-12
31.4.3
Issue while Publishing Discoverer WSRP Portlets in Portals Other than Oracle Portal
and Oracle WebCenter ........................................................................................... 31-13
31.4.4
Issue with Portlet Titles in Discoverer WSRP Portlets Published on IBM WebSphere ...
31-13
31.4.5
Issue with Color and Date Pickers in Discoverer WSRP Portlets ........................... 31-13
31.4.6
Worksheet Parameter LOV is not Displayed in Discoverer WSRP Portlets on IBM
WebSphere Portal .................................................................................................. 31-13
31.4.7
Issue with Worksheet Parameter LOV Pop-Up Window in Discoverer WSRP Portlets .
31-14
31.5
Issues Specific to Oracle BI Discoverer Viewer ............................................................ 31-14
31.5.1
Drill Icons Cannot Be Hidden in Oracle BI Discoverer Viewer .............................. 31-14
31.5.2
Error Displaying Page for Multiple SSO Users ...................................................... 31-14
31.5.3
Inability to Disable the Display of Row Numbers ................................................. 31-14
31.5.4
Issues with Oracle BI Discoverer Viewer Embedded in Frames ............................ 31-14
31.5.5
Issue Exporting to PDF Under Certain Circumstances .......................................... 31-15
31.5.6
Issue When Changing Colors for Oracle BI Discoverer Viewer in Fusion Middleware
Control on Mac OS X ............................................................................................. 31-16
31.5.7
Discoverer Catalog Items Not Visible From UNIX Servers ................................... 31-16
31.5.8
Known Bug with JAWS Prevents Drilling Using the Enter Key ............................ 31-17
31.5.9
JAWS Does Not Read Asterisks that Precede Fields .............................................. 31-17
31.5.10
Oracle BI Discoverer Viewer Pages are not Cached by Oracle Web Cache ............ 31-17
31.6
Issues Specific to Oracle BI Discoverer EUL Command Line for Java .......................... 31-18
31.6.1
Issue with Exported Non-ASCII Data .................................................................... 31-18
31.7
Issues Specific to Oracle BI Discoverer Administrator ................................................. 31-18
31.7.1
Issue with Installation of Video Stores Tutorial ..................................................... 31-18
31.2.4
31.2.5
32 Oracle Forms
32.1
General Issues and Workarounds .................................................................................. 32-1
32.1.1
Backwards Compatibility with Earlier Releases ...................................................... 32-1
32.1.2
Linux/UNIX Issues and Workarounds ................................................................... 32-2
32.1.2.1
LD_PRELOAD Setting Required for Signal Chaining Facility ......................... 32-2
32.1.2.2
Check the Reports Engine Logs for FRM-41214 ................................................ 32-2
xxxvi
32.1.2.3
Forms Builder Does not Launch on Linux RHEL5 ............................................ 32-2
32.1.2.4
Changing User Permissions .............................................................................. 32-2
32.2
Configuration Issues and Workarounds ........................................................................ 32-2
32.2.1
Non-Internet Explorer Browser Proxy Settings when Using One-Button-Run ........ 32-3
32.2.2
WebUtil Client Files Allow Configuration of Destination Directory ....................... 32-3
32.2.3
webutil.properties Files Renamed for Different Libraries ........................................ 32-3
32.2.4
Forms does not Work with JDK 1.6.0_12 on Client with WinRunner ...................... 32-3
32.2.5
JavaScript Communication Does not Work in IE for Framed HTML File ................ 32-3
32.2.6
JavaScript Events Calling Forms Applications in a Safari 5 Browser Do not Work . 32-4
32.3
Documentation Errata .................................................................................................... 32-4
32.3.1
Passing userid in Secure Mode ............................................................................... 32-4
32.3.2
JDAPI Programming Example ................................................................................. 32-5
32.3.3
Changes and workarounds affecting the number of characters that can be typed into
an item ................................................................................................................... 32-12
33 Oracle Reports
33.1
General Issues and Workarounds .................................................................................. 33-1
33.1.1
Mapping Users and Roles to Reports Application ................................................... 33-1
33.1.2
Openmotif Library for SUSE Linux 11 Operating Systems ...................................... 33-1
33.1.3
Reports Weblayout not Supported on SUSE 10 ....................................................... 33-1
34 Oracle Portal
34.1
Before You Begin ............................................................................................................ 34-1
34.2
General Issues and Workarounds .................................................................................. 34-1
34.2.1
Editing a Database Link Requires Password ............................................................ 34-1
34.2.2
Moving Content When Approval Is Enabled Does Not Require Approval ............. 34-1
34.2.3
Firefox and Safari Browsers Do Not Display Tooltips on Oracle Portal Screens ...... 34-2
34.2.4
Non-ASCII URLs Cannot be Decoded in Some Scenarios ....................................... 34-2
34.2.5
Adding a Zip File with a Non-ASCII Character Name ........................................... 34-2
34.2.6
Manual Changes to Oracle Portal Default Schema Objects ...................................... 34-2
34.2.7
Error When Creating RCU Portal Schema ............................................................... 34-2
34.2.8
Portal Throws Discoverer Provider is Busy Error Message ..................................... 34-2
34.2.9
Error When Adding Sample RSS Portlets to a Page ................................................. 34-3
34.2.10
Internal Error when Using Portal Search With Oracle Text Enabled to Search for Pages
34-3
34.2.11
Issue After Creating a Oracle Portal Schema ........................................................... 34-3
34.2.12
Updating Database Tables ....................................................................................... 34-4
34.2.13
Apply Patch to Address Performance Issue ............................................................. 34-4
34.3
Upgrade Issues and Workarounds ................................................................................. 34-4
34.3.1
Upgrading Portal 10g SSL Environment to Oracle Portal 11g Release 1 (11.1.1) ...... 34-4
34.4
Interoperability Issues and Workarounds ...................................................................... 34-4
34.4.1
Interoperability Between Oracle Portal 11g Release 1 (11.1.1) with Secured Enterprise
Search (SES) 10.1.8.3 ................................................................................................. 34-5
34.4.2
Interoperability Between Oracle Portal 11g Release 1 (11.1.1) with Secured Enterprise
Search (SES) 10.1.8.4 ................................................................................................. 34-5
34.4.3
Creating Webproviders in the Oracle Portal 11g Release 1 (11.1.1) Midtier
Interoperability with Oracle Portal Repository 10g Release ..................................... 34-5
xxxvii
34.5
34.6
34.6.1
34.6.2
34.6.3
34.7
34.7.1
34.7.2
34.7.3
34.8
34.9
34.9.1
34.9.2
34.9.3
Part XI
User Interface Issue and Workaround ............................................................................ 34-5
Export and Import Issues and Workarounds ................................................................. 34-5
Export and Import Does Not Support Reports Server Components ........................ 34-5
Saving the Transport Set .......................................................................................... 34-6
Error when importing a page group ....................................................................... 34-6
Portlet and Provider Issues and Workarounds .............................................................. 34-6
Issue When Accessing Page Portlet Using Federated Portal Adapter ...................... 34-6
Error in JPS Portlet After Redeployment ................................................................. 34-6
SSL Support for Oracle Portal Integration Solutions (Microsoft Exchange) ............. 34-7
PDK Issue and Workaround .......................................................................................... 34-7
Globalization Support Issues and Workarounds ........................................................... 34-7
Text Entry Always Right to Left in BiDi Languages ................................................ 34-7
Non-ASCII Character Limitations in Oracle Portal .................................................. 34-7
Multibyte Characters in Log Files ............................................................................ 34-8
Oracle WebCenter Content
35 Oracle WebCenter Application Adapters
35.1
Configuration Issues and Workarounds ........................................................................ 35-1
35.1.1
Managed Attachments Issue Passing Customized Parameters From Oracle E-Business
Suite Forms Resolved .............................................................................................. 35-1
35.1.1.1
AXF_MA_PARAMETERS Table Description .................................................... 35-1
35.1.1.2
AXF_MA_PARAMETERS Table Example Implementation .............................. 35-2
35.1.2
Siebel Entity Identifier Fields (of Format xsiebel<entity>) Should Not Be Treated as
Regular Metadata Fields .......................................................................................... 35-2
35.1.3
Locating Siebel Adapter Siebel SIF Files .................................................................. 35-2
36 Oracle WebCenter Content Installation and Configuration
36.1
36.2
Rebranding of Oracle Enterprise Content Management Suite to Oracle WebCenter
Content ........................................................................................................................... 36-1
Documentation Errata .................................................................................................... 36-2
37 Oracle WebCenter Content: Imaging
37.1
General Issues ................................................................................................................ 37-1
37.1.1
Imaging Session Time Out When Using OSSO Requires Browser Refresh .............. 37-2
37.1.2
Mixed Translations On Page .................................................................................... 37-2
37.1.3
Deleting More Than 100 Documents Can Cause Http 404 Errors ............................ 37-2
37.1.4
Time Zone Based on Time Zone of Imaging Server ................................................. 37-2
37.1.5
Imaging Documents May Be Visible Natively Within WebCenter .......................... 37-2
37.1.6
Removing Full-Text Search Capabilities From Defined Applications ...................... 37-3
37.1.7
Application Field Limitations When Using Oracle Text Search ............................... 37-3
37.1.8
Records Missing from Imaging Searches ................................................................. 37-3
37.1.9
Unable To Log In To I/pm ...................................................................................... 37-3
37.1.10
WebLogic Server Listening Address and AXF Driver Page URL Must Reference the
Same Domain ........................................................................................................... 37-4
37.1.11
Must Start NFS Locking Service When Input Agent Used with Linux Shares ......... 37-4
xxxviii
DefaultSecurityGroup MBean Allows For Assigning Administrator Rights to Security
Group at First Log In ............................................................................................... 37-5
37.1.13
Input Mapping Error When Input Definition File Includes Blank Line ................... 37-5
37.1.14
Differing Behavior of Decimals When Ingested Into Number or Decimal Fields .... 37-5
37.1.15
Using Browser Forward, Back, and Refresh Navigation Not Recommended .......... 37-5
37.1.16
Document Upload or Update Failure if Content Server English-US Locale Not
Enabled .................................................................................................................... 37-5
37.1.17
Document Move Failure if Content Server Not Started with English-US Locale ..... 37-6
37.1.18
Clearing Java Temporary Files of Cached Files ........................................................ 37-6
37.1.19
Solution Editor Enabled Only On Imaging Systems Using an Oracle Database ...... 37-6
37.1.20
Additional MBean Configuration Options ............................................................... 37-6
37.1.21
Viewer Cache Does Not Work After Upgrading or Patching ................................. 37-7
37.2
Browser Compatibility Issues ......................................................................................... 37-7
37.2.1
IE: Non-ASCII Characters Not Supported in Internet Explorer for ExecuteSearch .. 37-8
37.2.2
Firefox: Version and Download Dialog Boxes Appear Behind Viewer in Advanced
Mode ........................................................................................................................ 37-8
37.2.3
Internet Explorer 9: Problem With Link to Install Java SE Runtime Environment
Necessary for Viewer ............................................................................................... 37-8
37.3
Accessibility Issues ......................................................................................................... 37-8
37.3.1
Button Activation Behavior Different Depending on Viewer Mode ........................ 37-8
37.3.2
Limitations of Sticky Note Contents ........................................................................ 37-8
37.3.3
Skip to Content Link Added for Keyboard Navigation ........................................... 37-9
37.3.4
Firefox: Skip to Applet Link Added for Keyboard Navigation in Advanced Viewer
Mode ........................................................................................................................ 37-9
37.3.5
Internet Explorer 7: Focus Issue on Upload Document and Preferences Pages ....... 37-9
37.3.6
Name of File Selected For Import Not Displayed in Screen Reader Mode .............. 37-9
37.3.7
Issues Selecting From Calendar Using Keyboard .................................................... 37-9
37.3.8
Focus Issue in Create Searches Wizard Using Keyboard ......................................... 37-9
37.3.9
Annotations Not Recognized By JAWS ................................................................... 37-9
37.3.10
Date Selected From Calendar Lost Using Keyboard .............................................. 37-10
37.3.11
Some Annotation Buttons Incorrectly Read by JAWS ............................................ 37-10
37.3.12
Internet Explorer: Long Panels Not Visible In Screen Reader ................................ 37-10
37.4
Documentation Errata .................................................................................................. 37-10
37.1.12
38 Oracle Information Rights Management
38.1
General Issues and Workarounds .................................................................................. 38-1
38.1.1
Data Truncation May Occur If One Large or Multiple Excel Files Are Open ........... 38-2
38.1.2
Some Functionality is Disabled or Restricted in Adobe Reader X and Adobe Reader 9 .
38-2
38.1.3
Limitations of Support for Microsoft SharePoint in this Release ............................. 38-3
38.1.4
Lotus Notes Email Message May be Lost if Context Selection Dialog is Canceled .. 38-5
38.1.5
Save As is Blocked in Microsoft Office 2000/XP for Sealed Files if the Destination is a
WebDAV Folder ...................................................................................................... 38-5
38.1.6
No Prompt to Use Local Drafts Folder for Sealed Files in SharePoint 2010 ............. 38-5
38.1.7
Incorrect Initial Display of Oracle IRM Fields in Microsoft Excel Spreadsheets When
Used With SharePoint .............................................................................................. 38-5
38.1.8
Behavior of Automatic Save and Automatic Recovery in Microsoft Office Applications
and SharePoint ......................................................................................................... 38-5
xxxix
Support for Microsoft Windows 2000 Has Been Removed ...................................... 38-6
Unreadable Error Message Text When Client and Server Locales are Different ...... 38-6
Changes Lost if Tab Changed Before Applying the Apply Button .......................... 38-6
Some File Formats are Not Supported When Using the Microsoft Office 2007
Compatibility Pack with Microsoft Office 2003 ....................................................... 38-7
38.1.13
Microsoft Word May Hang if a Sealed Email is Open During Manual Rights Check-In
38-7
38.1.14
Sealed Emails in Lotus Notes will Sometimes Show a Temporary File Name ......... 38-7
38.1.15
No Support for Sealing Files of 2GB or Larger in Size in Oracle IRM Desktop ........ 38-7
38.1.16
Inappropriate Authentication Options After Failed Login on Legacy Servers When
Setting Up Search ..................................................................................................... 38-7
38.1.17
Opening Legacy Sealed Documents in Microsoft Office 2007 May Fail on First
Attempt .................................................................................................................... 38-7
38.1.18
Log Out Link Inoperative When Using OAM 11g for SSO ...................................... 38-7
38.1.19
Double-byte Languages Cannot be Used for Entering Data with Legacy Servers ... 38-8
38.1.20
Use of SPACE Key Instead of Return Key in Oracle IRM Server ............................. 38-8
38.1.21
Calendar Controls in Oracle IRM Server Not Accessible Via the Keyboard ............ 38-8
38.2
Configuration Issues and Workarounds ........................................................................ 38-8
38.2.1
New JPS Configuration Properties for User and Group Searches ............................ 38-8
38.2.2
Mandatory Patch Number 12369706 For Release 11.1.1.5.0 of Oracle IRM Server, To Fix
Role Edit Bug ........................................................................................................... 38-9
38.2.3
Installing the 64-Bit Version of Oracle IRM Desktop ............................................. 38-10
38.2.4
Reboot Necessary to Obtain New Online Information Button ............................... 38-10
38.2.5
Deploying Oracle IRM Using Oracle Access Manager Version 10g ....................... 38-10
38.2.6
LDAP Reassociation Fails if User and Group Names are Identical ........................ 38-10
38.2.7
Upgrading Oracle IRM Desktop From Versions Earlier Than 5.5 .......................... 38-10
38.2.8
Synchronizing Servers After an Upgrade of Oracle IRM Desktop ......................... 38-11
38.2.9
Reapplying Lost Settings After an Upgrade of Oracle IRM Desktop ..................... 38-11
38.2.10
Changing Oracle IRM Account When Authenticated Using Username and Password ..
38-11
38.2.11
Post-Installation Steps Required for Oracle IRM Installation Against Oracle RAC 38-11
38.2.12
Enabling the Oracle IRM Installation Help Page to Open in a Non-English Server
Locale ..................................................................................................................... 38-12
38.3
Documentation Errata .................................................................................................. 38-12
38.1.9
38.1.10
38.1.11
38.1.12
39 Oracle WebCenter Content
39.1
General Issues and Workarounds .................................................................................. 39-1
39.1.1
Folio Items With Content IDs Containing Multibyte Characters Do Not Display
Correctly in Safari .................................................................................................... 39-2
39.1.2
Site Studio Does Not Support Multibyte Characters in Site IDs, Directory Names, and
Page Names ............................................................................................................. 39-2
39.1.3
Site Studio Publisher Does Not Support Multibyte Characters ............................... 39-2
39.1.4
Oracle WebCenter Content Servers and IPv6 Support ............................................ 39-2
39.1.5
Content Categorizer Trace Log Settings Discontinued ............................................ 39-3
39.1.6
Extra Lines Displayed Viewing Contribution Folders in Internet Explorer 8 .......... 39-3
39.1.7
WebDAV Connection Fails After Logout or Restart ................................................ 39-3
39.1.8
WinNativeConverter Requires .NET Framework .................................................... 39-3
39.1.9
Detailed Oracle OpenOffice Configuration Settings ................................................ 39-3
xl
Clarification When Setting Classpath to OpenOffice Class Files ............................. 39-4
Inbound Refinery PDF Conversion May Differ Visually from the Original Content ......
39-4
39.1.12
Mismatching User and Server Locales Prevent Access to Oracle E-Business Suite and
PeopleSoft Managed Attachment Pages in WebCenter Content .............................. 39-4
39.1.13
Connection Issues with Windows to WebDAV ....................................................... 39-4
39.1.14
Manual Addition of xdoruntime.ear Library for Records Management .................. 39-4
39.1.15
Using HCSP Custom Elements with SSXA .............................................................. 39-6
39.1.16
Backing Up Site Studio Websites Using Chrome ..................................................... 39-6
39.1.17
DAM Video Storyboard Errors With Chrome and Safari ........................................ 39-6
39.1.18
Issues Applying Table Styles When Using FireFox and FCK Editor ........................ 39-6
39.1.19
Content Information Server Is Not Supported for 11g ............................................. 39-6
39.1.20
Window Size Using Trays with FireFox .................................................................. 39-6
39.1.21
VB6 Component Dependency for Kofax 9 .............................................................. 39-7
39.1.22
Using URLs With SSP Include and Exclude Filters .................................................. 39-7
39.1.23
Disabling the Folders_g Deprecation Alert .............................................................. 39-7
39.1.24
Accessing ZipRenditionStaticAccess Scheduled Job Information ............................ 39-7
39.1.25
Check-in and Search Forms Pop Up Error Messages when UCM is in EBR Mode .. 39-7
39.1.26
View Publishing Errors Are Observed in Logs When UCM is in EBR Mode ........... 39-8
39.1.27
Optimization Errors with External OracleTextSearch .............................................. 39-8
39.1.28
Propagating the cwallet.sso Changes to Deployment Manager ............................... 39-8
39.1.29
UCM in EBR Mode Fails to Start when Dynamic Converter Component is Enabled .....
39-8
39.1.30
Content Tracker Report Date Format Supported in Nine Languages ...................... 39-8
39.2
Configuration Issues and Workarounds ........................................................................ 39-8
39.2.1
Minimum JDBC Driver Version Required for Oracle Text Search Component ....... 39-9
39.2.2
Setting Security Privileges for Modifying Contribution Folders .............................. 39-9
39.2.3
Site Studio for External Applications (SSXA) Port Values for Oracle Content Server
10gR3 ........................................................................................................................ 39-9
39.2.4
SSXA Required DC Version for Oracle Content Server 10gR3 ................................. 39-9
39.2.5
Content Portlet Suite (SCPS) WebCenter as Producer Targeting Libraries .............. 39-9
39.2.6
Logout URL for SSO Logout Integrating with Oracle Access Manager 11g ........... 39-10
39.2.7
Using the Custom Truststore with the JPS Connection to ActiveDirectory ........... 39-10
39.2.8
Setting the Connection Pool for an External LDAP ID Store on IBM WebSphere
Application Servers ................................................................................................ 39-11
39.3
Documentation Errata .................................................................................................. 39-12
39.3.1
Content Portlet Suite (CPS) WSRP URLs for WebCenter as Producer ................... 39-12
39.3.2
Oracle WebCenter Content Server Help in Fusion Middleware Control ............... 39-12
39.1.10
39.1.11
40 Oracle WebCenter Content: Records
40.1
General Issues and Workarounds .................................................................................. 40-1
40.1.1
Role Report Output is Dependent on User Generating the Report .......................... 40-1
40.1.2
Items Returned When Using Screening ................................................................... 40-1
40.1.3
Oracle Text Search and Report Configuration Options ............................................ 40-2
40.1.4
Upgrade from 10g Audit Trail Periods Missing ....................................................... 40-2
40.1.5
DB2 Databases and FOIA/PA Functionality ........................................................... 40-2
40.1.6
Sorting and Listing Retention Category Content ..................................................... 40-2
xli
40.1.7
Using Firefox to Configure the Dashboard .............................................................. 40-2
40.1.8
Setting Security Group for Retention Items ............................................................. 40-2
40.2
Configuration Issues and Workarounds ........................................................................ 40-2
40.2.1
Import FOIA Archive Error Message ....................................................................... 40-3
40.2.2
Restart Required: Performance Monitoring and Reports ......................................... 40-3
40.2.3
Audit Trail Sorting Results and Database Fulltext Search ....................................... 40-3
40.2.4
Prefix Size Limitation When Using Offsite Storage ................................................. 40-3
40.2.5
Enabling Email Metadata Component ..................................................................... 40-3
40.2.6
Relative Web Root Must Be Changed ...................................................................... 40-4
40.2.7
Configuring 10g Adapters for Version 11g .............................................................. 40-4
40.2.8
Configuring RSS Reader for Dashboard .................................................................. 40-4
40.3
Documentation Errata .................................................................................................... 40-4
40.3.1
Menu Name Changes Not Reflected in Documentation .......................................... 40-4
40.3.2
Physical Content Management Services Not Documented ...................................... 40-4
40.3.3
Additional FTP Option for Offsite Storage .............................................................. 40-5
Part XII
Oracle Data Integrator
41 Oracle Data Integrator
41.1
Configuration Issues and Workarounds ........................................................................ 41-1
41.1.1
Generated Templates Including a Datasource With an Oracle RAC URL Fail to Deploy
41-1
41.1.2
Generated Templates Including Datasources Fail to Deploy ................................... 41-2
41.1.3
Setting Test Queries on WLS Datasources ............................................................... 41-2
41.1.4
DBA Credentials Required for Creating Repository ................................................ 41-2
41.1.5
Oracle Web Service Manager (OWSM) Integration with ODI Web Services Not
Available on IBM WebSphere Platform ................................................................... 41-2
41.2
Design-Time Environment Issues and Workarounds .................................................... 41-2
41.2.1
For File Datastores, the View Data operation always looks for global context ........ 41-3
41.2.2
Quick Edit Editor deletes incorrect Joins when sorted ............................................ 41-3
41.2.3
Quick Edit Editor displays a Source as removed regardless of the Selection made in the
Warning Dialog ....................................................................................................... 41-3
41.2.4
Inconsistent Behavior when Refreshing Load Plans ................................................ 41-3
41.2.5
Unable to Overwrite and Refresh Variables in Load Plan Exception Steps ............. 41-4
41.2.6
Generate DDL Does not Show a Constraint Defined in the Model but not in the
Database .................................................................................................................. 41-4
41.2.7
Export Log Feature not Supported for Load Plan Runs ........................................... 41-4
41.2.8
Incorrect Restart Behavior of Parallel Load Plan Steps ............................................ 41-4
41.2.9
Markers are not Displayed ...................................................................................... 41-4
41.2.10
Residual Cachedir Content may Cause Exceptions in Jython Scripts ...................... 41-4
41.2.11
OBIEE Lineage Wizard Does not Appear in Taskbar .............................................. 41-5
41.2.12
Unable to Add a Scenario to a Load Plan via the Lookup Scenario Dialog ............. 41-5
41.2.13
Incorrect Join Clause is Generated if it Contains Similar Datastore Aliases ............ 41-5
41.2.14
User Parameters are not Taken into Account by the Runtime Agents ..................... 41-5
41.2.15
Unable to Edit Data for Technologies Using Catalog and Schema Qualifiers .......... 41-5
41.2.16
Incorrect Non-ASCII File Names in Zip Export Files ............................................... 41-5
41.2.17
Non-ASCII Characters Incorrectly Converted to Underscore Characters ................ 41-6
xlii
41.2.18
Focus Lost in Mapping Property Inspector .............................................................. 41-6
41.3
Oracle Data Integrator Console Issues and Workarounds ............................................. 41-6
41.3.1
Oracle Data Integrator Console Page Task Flow Resets When Another Tab Is Closed. ..
41-6
41.3.2
Enterprise Manager Logout Does Not Propagate to Oracle Data Integrator Console .....
41-6
41.3.3
Standalone Agent Target Does Not Show Current Status ........................................ 41-7
41.3.4
Basic Configuration Cannot Be Done Through FMW Console ................................ 41-7
41.3.5
Error with Variable Handling in Sequences in ODI Studio ...................................... 41-7
41.4
Technologies and Knowledge Modules Issues and Workarounds ................................. 41-7
41.4.1
For Microsoft Excel Target Datastores, column names must be in upper case ......... 41-8
41.4.2
For File Datastores, reverse-engineering process cannot be canceled ...................... 41-8
41.4.3
SQL Keywords are not imported when importing a Technology in Duplication Mode .
41-8
41.4.4
SQL Exception "Unknown Token" appears when using Complex File or XML as
Staging Area ............................................................................................................ 41-8
41.4.5
Adding Subscribers fails for Consistent Set JKMs when the Model Code Contains
Non-ASCII Characters ............................................................................................. 41-8
41.4.6
IKM and LKM SQL Incremental Update (Row by Row) fail with Non-ASCII
Characters ................................................................................................................ 41-8
41.4.7
PostgreSQL Technology not Available in the Master Repository Import Wizard ... 41-9
41.4.8
IKM SQL Incremental Update (Row by Row) Cannot Target Japanese Tables ........ 41-9
41.4.9
LKM SQL to Oracle Fails at Load Data Step for NCLOB Data Type ........................ 41-9
41.5
Oracle Data Profiling and Oracle Data Quality Issues and Workarounds ...................... 41-9
41.5.1
ODIDQ fails to Create Loader Connection when Server is Installed on Linux 64 bits ....
41-9
41.5.2
Unable to Connect the Client to a Data Quality Server on UNIX ........................... 41-10
41.5.3
Unable to Create a Quality Project With a Data Quality Server on Linux .............. 41-10
41.5.4
Menus Are in English When Starting the Client Using a .tss File. ......................... 41-10
41.5.5
Incorrect Error Message for a Wrong User/Password when Creating an Entity from a
Japanese or Chinese Client ..................................................................................... 41-10
41.5.6
Project Export is Empty if Folder Path Contains Non-ASCII Characters ............... 41-11
Part XIII Oracle Business Intelligence
42 Oracle Business Intelligence
42.1
Patch Requirements ........................................................................................................ 42-2
42.1.1
Obtaining Patches from My Oracle Support ............................................................ 42-2
42.2
Oracle Business Intelligence Issues and Workarounds Identified or Changed Since the Last
Revision .......................................................................................................................... 42-2
42.3
Which Releases Are Covered by These Release Notes? .................................................. 42-2
42.3.1
Oracle Business Intelligence Issues and Workarounds that Apply Only to Release
11.1.1.3 ..................................................................................................................... 42-3
42.4
Oracle Business Intelligence General Issues and Workarounds ..................................... 42-3
42.4.1
Oracle BI Disconnected Analytics Not Included in Oracle Business Intelligence 11g,
Releases 11.1.1.5 and Later ....................................................................................... 42-4
42.4.2
Oracle Hyperion Smart View for Office Not Supported in Oracle Business Intelligence
11g, Releases 11.1.1.5, 11.1.1.6.0, and 11.1.1.6.2 ......................................................... 42-4
xliii
IBM LDAP Based Authentication is Not Supported on Linux x86-64 and Microsoft
Windows x64 (64-Bit) ............................................................................................... 42-5
42.4.4
Issue with JAR File Size When Moving from a Test to a Production Environment . 42-5
42.4.5
Adobe Flash Player Version 10.1 or Later Required to View Graphs and Scorecards ....
42-5
42.4.6
Siteminder Not Supported with Full-Text Catalog Search with Oracle Secure
Enterprise Search ..................................................................................................... 42-5
42.4.7
Full-Text Search Not Finding BI Publisher Reports by Report Column .................. 42-5
42.4.8
Specifying Folder Names for Data-Loading the Catalog ......................................... 42-6
42.4.9
SSL Not Available when Using Full-Text Search with Oracle Endeca Server .......... 42-6
42.4.10
Issue with Email Notifications on Data Loads for Searching ................................... 42-6
42.4.11
Stopping a Data Load for Full-Text Searching with Oracle Endeca Server .............. 42-6
42.4.12
Out of Memory Error When Crawling the Catalog ................................................. 42-7
42.4.13
Multibyte Characters Are Displayed as NCR When Using Attribute Categories .... 42-7
42.4.14
Problems Installing in Thai and Turkish Locales ..................................................... 42-7
42.4.15
Graph Subtypes Are Not Refreshed in BI Composer ............................................... 42-8
42.4.16
Dashboards and Scorecards Whose Paths Contain Multibyte Characters Do Not
Display on ADF Pages ............................................................................................. 42-8
42.4.17
Characters Supported in Folder Names by BI Presentation Services Not Supported by
BI Publisher ............................................................................................................. 42-8
42.4.18
Configuring SSO for Essbase and Hyperion Financial Management Data Sources with
Oracle Business Intelligence 11.1.1.3 ........................................................................ 42-8
42.4.19
Configuring SSO for Essbase and Hyperion Financial Management Data Sources With
Oracle Business Intelligence 11.1.1.5, 11.1.1.6, and 11.1.1.6.2 ................................. 42-10
42.4.19.1
Configuring SSO for Essbase and Hyperion Financial Management Release
11.1.2.1 or Later ............................................................................................... 42-10
42.4.19.2
Configuring SSO for Essbase and Hyperion Financial Management Release
11.1.2.0 or Earlier ............................................................................................. 42-11
42.4.20
Patch Available to Hide Selected Consistency Check Warnings ............................ 42-12
42.4.21
Issues with WebLogic LDAP User Passwords ....................................................... 42-12
42.4.22
Configuring the GUID Attribute in the Identity Store ........................................... 42-13
42.4.23
Rendering Issues Might Occur in Presentation Services When Using Microsoft Internet
Explorer 9.x ............................................................................................................ 42-13
42.4.24
Poor Performance Starting Up WebLogic Server ................................................... 42-14
42.4.25
Analysis State Is Not Maintained for Breadcrumbs ............................................... 42-14
42.4.26
Enhancements to Accessibility Features ................................................................ 42-14
42.4.27
Incorrect DataDirect License File for DataDirect 7.0.1 Drivers on Linux ............... 42-15
42.4.28
Using Non-Native Characters In ODBC Data Source Administrator Wizard ....... 42-15
42.5
Oracle Business Intelligence Installation Issues and Workarounds ............................. 42-15
42.5.1
Error When Installing Oracle Business Intelligence Against a SQL Server Database .....
42-16
42.5.2
Scale-Out Scenarios Are Not Supported on OS with Different Patch Levels ......... 42-16
42.5.3
Need to Correctly Create the Oracle Central Inventory in a UNIX Environment .. 42-16
42.5.4
Oracle Business Intelligence Installer Stops at Administrator User Details Screen 42-16
42.5.5
Installing Oracle Business Intelligence on a Shared Drive Might Fail .................... 42-17
42.5.6
Configuring DB2 to Support Multibyte Data ......................................................... 42-17
42.5.7
Using Multibyte Data Causes Issues with Microsoft SQL Server 2005/2008 Driver in
Oracle BI Scheduler ............................................................................................... 42-17
42.5.8
Missing Locale Causes Oracle Business Intelligence Installation to Fail on UNIX . 42-18
42.4.3
xliv
Ignore FAT File System Error Message When Performing an Enterprise Installation ....
42-18
42.5.10
Job Manager Cannot Launch if the Client Tools Install Path Includes Multi-Byte
Characters .............................................................................................................. 42-18
42.5.11
Error Occurs When RCU is Invoked For a Second Time to Create Only MDS/Platform
Schemas on IBM DB/2 ........................................................................................... 42-18
42.5.12
Financial Reporting Print Server Not Enabled ....................................................... 42-19
42.5.13
Oracle Hyperion Calculation Manager does not work correctly without Adobe Flash
Player ..................................................................................................................... 42-19
42.5.14
Oracle Universal Installer Incorrectly Reports "No IPv4 Network Interfaces Found" ....
42-20
42.6
Oracle Business Intelligence Upgrade Issues and Workarounds ................................. 42-20
42.6.1
General Upgrade Issues and Workarounds ........................................................... 42-20
42.6.1.1
Conditional Formatting Might Not Work After Upgrading from Oracle Business
Intelligence Release 10g to Release 11g ............................................................ 42-20
42.6.1.2
Issues Exporting Large Data Sets to Microsoft Excel ....................................... 42-21
42.6.1.3
Managed Server for Oracle BI Encounters Issues After Upgrade from Release
11.1.1.3 ............................................................................................................. 42-21
42.6.1.4
MapViewer Runtime Failure After Upgrading from Release 11.1.1.6 to Release
11.1.1.7 ............................................................................................................. 42-22
42.6.2
Security-related Upgrade Issues and Workarounds .............................................. 42-23
42.6.2.1
Warnings Might Be Reported When Upgrading an RPD with Non-English User or
Group Names .................................................................................................. 42-23
42.6.2.2
Users or Groups With Names Containing Invalid Characters Are Not Upgraded ..
42-24
42.6.2.3
RPD Upgrade Process Fails If the 10g Administrator UserID or Password Contains
any Non-Native Characters ............................................................................. 42-24
42.6.2.4
Errors Might Be Reported In Upgraded Analyses that Contain EVALUATE_
Database Analytic Function ............................................................................ 42-24
42.6.2.5
Configuration Assistant for Update BI Domain Steps Incorrectly Reports an OCM
Configuration Error at 91% Complete when Moving from Earlier 11g Releases ......
42-25
42.6.2.6
SSL Configured in Oracle BI EE 11.1.1.5.x or 11.1.1.6.x Fails After Upgrading to
11.1.1.7 ............................................................................................................. 42-25
42.7
Oracle Business Intelligence Installation Guidelines for 64-Bit Platforms .................... 42-26
42.7.1
Prerequisites for Software Only Installation on 64-Bit Platforms ........................... 42-26
42.7.2
Supported Installation Types for Oracle Business Intelligence on 64-Bit Platforms ........
42-27
42.7.3
Considerations and Limitations of Enterprise Install Type for Scaling Out Existing
Installations ............................................................................................................ 42-27
42.8
Oracle Business Intelligence Installation Guidelines for 64-Bit Platforms .................... 42-27
42.8.1
Prerequisites for Software Only Installation on 64-Bit Platforms ........................... 42-28
42.8.2
Supported Installation Types for Oracle Business Intelligence on 64-Bit Platforms ........
42-28
42.8.3
Considerations and Limitations of Enterprise Install Type for Scaling Out Existing
Installations ............................................................................................................ 42-28
42.9
Oracle Business Intelligence Analyses and Dashboards Issues and Workarounds ...... 42-29
42.9.1
General Analyses and Dashboards Issues and Workarounds ................................ 42-29
42.9.1.1
Existing Dashboard Prompts Based on Columns Renamed in the Business Model
Do Not Work ................................................................................................... 42-30
42.5.9
xlv
42.9.1.2
42.9.1.3
42.9.1.4
42.9.1.5
42.9.1.6
42.9.1.7
42.9.1.8
42.9.1.9
42.9.1.10
42.9.1.11
42.9.1.12
42.9.1.13
42.9.1.14
42.9.1.15
42.9.1.16
42.9.1.17
42.9.2
42.9.2.1
42.9.3
42.9.3.1
42.9.3.2
42.9.3.3
42.9.3.4
42.9.4
42.9.4.1
42.9.4.2
42.9.5
42.9.5.1
42.9.5.2
42.9.5.3
42.9.5.4
42.9.5.5
42.9.5.6
42.9.5.7
42.9.5.8
42.9.5.9
xlvi
Gauge Views Might Be Cut Off and Not Visible Under Certain Conditions ... 42-30
Numerical Units on a Dashboard Prompt Slider Might Not Be Translated
Correctly .......................................................................................................... 42-30
After Printing a Dashboard Page Using the Safari Browser on Windows, the Page
No Longer Responds to Certain Left Clicks .................................................... 42-30
Scorecard Diagrams on Dashboard Pages Might Print as Tables .................... 42-30
Using Maps with Column Selectors ................................................................ 42-31
Issue with Wrap-Around Feature for Maps ................................................... 42-31
Inability to Delete Map Tiles in MapViewer ................................................... 42-31
Support for Rendering Small Form-Factor Graphs ......................................... 42-31
Analyses Whose Paths Contain Latin Supplement Characters Fail to Open on
Dashboard Pages ............................................................................................ 42-32
In Selection Steps Search for Members in Hierarchical Columns That Are Non-Text
Yields No Results ............................................................................................ 42-33
Interactions on Right-Click Menus Are Not Translated .................................. 42-33
Issues with the Alignment of Trellis Views ..................................................... 42-33
Characters in Trellis Title Display Incorrectly in Certain Languages ............. 42-33
Export to Excel 2007+ and Export to PDF Do Not Support Custom CSS Styles .......
42-33
Items Not Supported When Using Custom Print Layouts ............................ 42-33
Grand Total Shows Zero in Reports After Applying BI 11.1.1.7.1 Patch ......... 42-35
Actions Issues and Workarounds .......................................................................... 42-36
EJBs in Action Framework Must Be Deployed to the WebLogic Managed Server ...
42-36
Scorecards and KPI Issues and Workarounds ....................................................... 42-36
No Results Returned When Searching in the Related Documents of Scorecards or
Scorecard Components .................................................................................... 42-36
Accessing a Smart Watchlist from the Oracle Secure Enterprise Search Results
Page Causes an Error ...................................................................................... 42-36
Item Stale Error When Editing a Shared Scorecard in Parallel ........................ 42-37
Scorecard Pie Chart and Gauge Labels are Not Readable in Chrome ............. 42-37
Agents Issues and Workarounds ........................................................................... 42-37
Agent Deliveries Fail with Microsoft Active Directory and Oracle Virtual
Directory ......................................................................................................... 42-37
Agent Incorrectly Delivers Content to Active Delivery Profile When Only the
Home Page and Dashboard Option Is Selected ............................................... 42-38
Microsoft Office Integration Issues and Workarounds .......................................... 42-38
Using Microsoft Office 2007 with Oracle BI Add-in for Microsoft Office ........ 42-39
Server Connections Are Not Automatically Shared by Microsoft Excel and
PowerPoint ...................................................................................................... 42-39
Previous Installation of Oracle BI Add-in for Microsoft Office Must Be Manually
Uninstalled ...................................................................................................... 42-39
Install a Language Pack for Non-English Languages ...................................... 42-40
Errors in the Online Help for Oracle BI Add-In for Microsoft Office .............. 42-40
Refreshing Table or Pivot Table Views with Double Columns in Page Edge Might
Result in Error ................................................................................................. 42-40
Double Column Cascading Results in Incorrect Display Values .................... 42-40
Intermittent Timeout Errors ............................................................................ 42-40
Lack of Support for Vary Color By Target Area .............................................. 42-41
Measure Column Labels Might Display Incorrectly When Inserted into Microsoft
Excel ................................................................................................................ 42-41
42.9.5.11
Stacked Graphs Do Not Display Negative Values ........................................... 42-41
42.9.5.12
Scatter Graphs with Lines Display as Default Scatter Graphs in Excel and
PowerPoint ...................................................................................................... 42-41
42.9.5.13
Graphs With Section Edges Are Not Supported Starting With Release 11.1.1.6.x ....
42-41
42.9.5.14
Refreshing Table Views in Arabic or German Versions of Excel Result in Incorrect
Data Values ..................................................................................................... 42-41
42.9.5.15
Inserting a View With a Grand Total Column or Row into Microsoft Office Might
Cause Issues .................................................................................................... 42-41
42.9.5.16
Time Displayed in Table or Pivot View Title Might Be Incorrect after Insertion ......
42-42
42.9.5.17
Graphs Might Be Displayed Differently After Insertion into Microsoft Office 42-42
42.9.5.18
Legends in Bubble and Scatter Graphs Might Display Differently After Insertion
into Microsoft Office ........................................................................................ 42-42
42.9.5.19
Help System Does Not Work When Running Oracle BI Office for PowerPoint in
Norwegian or Polish ........................................................................................ 42-42
42.9.5.20
Protected Worksheet Causing Incorrect Message When Inserting View in Oracle BI
Add-in for Microsoft Office ............................................................................. 42-42
42.9.5.21
Column Data in Section Edge Is Not Obtained .............................................. 42-43
42.10 Oracle Business Intelligence Mobile Issues and Workarounds .................................... 42-43
42.11 Oracle Business Intelligence Mobile App Designer Issues and Workarounds ............. 42-43
42.12 Oracle Business Intelligence Publisher Reporting and Publishing Issues and Workarounds
42-43
42.12.1
General Oracle BI Publisher Issues and Workarounds .......................................... 42-44
42.12.1.1
JDBC Driver Throws Unsupported Function for setBigDecimal ..................... 42-45
42.12.1.2
Searching the Catalog from the Oracle BI Publisher User Interface Does Not Work
When BI Publisher Is Integrated with Oracle BI Enterprise Edition ................ 42-45
42.12.1.3
Data Source List in BI Publisher Administration Page Includes Data Sources That
Are Not Supported .......................................................................................... 42-45
42.12.1.4
Menu Items Do Not Display When Using Internet Explorer 7 or 8 with a
Bidirectional Language Preference .................................................................. 42-45
42.12.1.5
Data Source Definition for Microsoft SQL Server 2008 Analysis Services Does Not
Get Saved ........................................................................................................ 42-46
42.12.1.6
Issues with Viewing Some Report Formats on Apple iPad ............................. 42-46
42.12.1.7
BI Publisher Objects Exhibit Unexpected Behavior When Located Inside a Folder
Named with a Single Quote Character ............................................................ 42-46
42.12.1.8
Components Folder Missing from SampleApp Lite Web Catalog .................. 42-46
42.12.1.9
Boilerplate Templates in the Components Folder Do Not Display Table Borders
Properly in Chrome Browsers ......................................................................... 42-47
42.12.1.10
Local Policy Attachments (LPAs) Removed from Web Services in Release 11.1.1.5 .
42-47
42.12.1.11
Oracle BI Publisher Requires Oracle WebLogic Server to Run in en_US Locale ......
42-48
42.12.1.12
Search Might Return Incorrect Number of Results .......................................... 42-48
42.12.1.13
Schedule Report Option Is Not Displayed Correctly for Non-Administrator Users
42-48
42.12.1.14
Additional Setup for BI Publisher Desktop Tools in 11.1.1.6.2 ........................ 42-49
42.12.1.15
Oracle Endeca Search Does Not Work from /xmlpserver URL ...................... 42-49
42.9.5.10
xlvii
42.12.1.16
42.12.1.17
42.12.1.18
42.12.1.19
42.12.2
42.12.2.1
42.12.2.2
42.12.3
42.12.4
42.12.4.1
42.12.4.2
42.12.4.3
42.12.5
42.12.5.1
42.12.6
42.12.6.1
42.12.7
42.12.7.1
42.12.8
42.12.8.1
42.12.8.2
42.12.8.3
42.12.8.4
42.12.9
42.12.9.1
42.12.9.2
42.12.9.3
42.12.9.4
42.12.10
42.12.10.1
42.12.10.2
42.12.11
42.12.11.1
42.12.11.2
xlviii
Older Version of Adobe Flash Player Packaged with the Google Chrome Browser
Might Cause Unexpected Behavior in the Interactive Viewer ......................... 42-49
"Failed to Add" Error When Adding Report Objects to Favorites .................. 42-49
Cannot Add Reports with Multibyte Character Names to Favorites Using the
Catalog Task Option ....................................................................................... 42-50
Excel Analyzer and Online Analyzer Deprecated in Release 11.1.1.7 ............. 42-50
Oracle BI Publisher Security Issues and Workarounds .......................................... 42-50
Limitations for Administrator Username in LDAP Security Model ................ 42-50
Oracle E-Business Suite Security Requires the BI Publisher Server Operating
System Language to Match an E-Business Suite Enabled Language ............... 42-50
Oracle BI Publisher Delivery Manager Issues and Workarounds .......................... 42-51
Oracle BI Publisher Scheduler Issues and Workarounds ....................................... 42-51
Scheduler Does Not Support Multibyte Characters When Schema Installed on
Microsoft SQL Server ...................................................................................... 42-51
URL in E-mail Notification of Recurring or Future-Dated Jobs Might Fail to
Display Job History for the Job ........................................................................ 42-51
After Editing an Existing Job, Immediately Creating a New Job Using "Submit as
New" Overwrites the Original Job .................................................................. 42-51
Oracle BI Publisher RTF Template Issues and Workarounds ................................ 42-52
RTF Templates in 11g Require Number Conversion on String Expressions .... 42-52
Oracle BI Publisher Excel Template Issues and Workarounds .............................. 42-53
Limitations for Excel Template Output on Apple iPad ................................... 42-53
Oracle BI Publisher Desktop Tools Issues and Workarounds ................................ 42-53
Oracle BI Publisher's Template Builder for Microsoft Word Is Not Compatible
with Microsoft Office Live Add-in .................................................................. 42-53
Oracle BI Publisher Layout Editor Issues and Workarounds ................................ 42-53
Editing an XPT Layout and Clicking Return in Layout Editor Results in Exception
42-54
Interactive Viewer Might Return Unexpected Results from Formula Columns .......
42-54
Interactive Viewer Returns Incorrect Results for Data Aggregation Functions
When the Data Set Is Not a Single, Flat Data Set ............................................. 42-54
Division Results Rounded Inconsistently When Used with the #,##0 Custom
Format Mask ................................................................................................... 42-54
Oracle BI Publisher Data Model Issues and Workarounds .................................... 42-55
Data Model Is Not Editable When Created by Upgrade Assistant ................. 42-55
Issues with Upgraded 10g Data Models That Include Ref Cursors and Stored
Procedures ...................................................................................................... 42-55
After Editing a View Object Data Set, the Elements Are Duplicated ............... 42-56
Excel Workbooks Used as Data Sources Cannot Contain Ampersand (&) in the
Sheet Name ..................................................................................................... 42-56
Oracle BI Publisher Report Building Issues and Workarounds ............................. 42-56
Use Oracle BI Publisher Conversion Assistant to Convert Oracle Reports to Oracle
BI Publisher 11g ............................................................................................... 42-56
"Enable Bursting" Report Property Displays Enabled State When Disabled ... 42-57
Oracle BI Publisher Documentation Errata ............................................................ 42-57
Oracle Fusion Middleware Report Designer's Guide for Oracle Business Intelligence
Publisher ........................................................................................................... 42-57
Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence
Publisher ........................................................................................................... 42-59
Oracle Business Intelligence Metadata Repository Development Issues and Workarounds .
42-59
42.13.1
General Metadata Repository Development Issues and Workarounds ................. 42-60
42.13.1.1
Use of NQClient (BI ODBC Client) Utility Is Deprecated ................................ 42-60
42.13.1.2
Update Logical Table Source Modeling when Using paint.rpd for Testing .... 42-60
42.13.1.3
FIRST and LAST Aggregation Rules Cause Inconsistent Sorting for Time
Dimensions ...................................................................................................... 42-61
42.13.1.4
Oracle OLAP Jars on JavaHost Computer Must Be Updated When Using Oracle
OLAP 11.2.x .................................................................................................... 42-61
42.13.1.5
Must Use JDBC Connection String When Importing from Oracle OLAP ........ 42-62
42.13.1.6
Using the BIServerT2PProvisioner.jar Utility to Change Connection Pool
Passwords ....................................................................................................... 42-62
42.13.1.7
Configuring a Servlet for Oracle BI Server Communication with Oracle OLAP ......
42-64
42.13.1.8
Enhancing Performance of Aggregates with TimesTen Release 11.2.2.3 or Later .....
42-64
42.13.1.9
Performing Merges on Repositories That Contain System-Generated Tables Can
Cause Loss of Metadata ................................................................................... 42-65
42.13.1.10
Create Aggregates Operations Can Time Out for TimesTen Targets .............. 42-66
42.13.1.11
Logical Display Folders Are Deleted During MUD Publish ............................ 42-67
42.13.2
Oracle BI Server Issues and Workarounds ............................................................. 42-67
42.13.2.1
Configuration Required for Microsoft SQL Server and Oracle BI Summary
Advisor ............................................................................................................ 42-68
42.13.3
Oracle BI Administration Tool Issues and Workarounds ...................................... 42-68
42.13.3.1
Administration Tool Incorrectly Displays Option for Generate Deployment File ....
42-69
42.13.3.2
Issue with Online Import Object Checkout ..................................................... 42-69
42.13.3.3
Ignore RPD Consistency Warnings Related to Required Database Feature Changes
for Oracle OLAP .............................................................................................. 42-69
42.13.3.4
Select Nullable Option for Root Member of Parent-Child Hierarchies from OLAP
Sources ............................................................................................................ 42-69
42.13.3.5
Oracle BI Repository Can Become Corrupt When Objects Are Deleted in MUD
Environments .................................................................................................. 42-69
42.13.3.6
Manually Map DFF VOs from ADF Data Sources into the Business Model and
Mapping and Presentation Layers ................................................................... 42-70
42.13.3.7
Error Message Text Missing when Using Summary Advisor in Client Installations
of the Administration Tool .............................................................................. 42-70
42.13.3.8
Model Checker Not Enabled in Release 11.1.1.6.2 ........................................... 42-71
42.13.3.9
Publishing a Duplicate Dimension Object in a MUD Environment ................ 42-71
42.14 Oracle Business Intelligence System Administration Issues and Workarounds ........... 42-71
42.14.1
General System Administration Issues and Workarounds .................................... 42-72
42.14.2
Configuration Issues and Workarounds ................................................................ 42-72
42.14.2.1
Removal of DefaultImageType and HardenXSS Elements .............................. 42-72
42.14.3
Deployment, Availability, and Capacity Issues and Workarounds ....................... 42-72
42.14.4
Sign-in and Security Issues and Workarounds ...................................................... 42-72
42.14.4.1
Permission Required to Open Catalog Manager in Online Mode ................... 42-72
42.14.5
Oracle BI Scheduler Issues and Workarounds ....................................................... 42-73
42.14.6
Oracle Essbase Suite Issues and Workarounds ...................................................... 42-73
42.13
xlix
Ensure that the Installation Uses a JDK Installed into a Folder that Does Not
Contain Spaces ................................................................................................ 42-73
42.14.6.2
Essbase SQL Interface Using Oracle Call Interface (OCI) to Connect to Oracle
Requires Oracle Instant Client ......................................................................... 42-73
42.14.6.3
Options to Set Accessibility Preferences When Using Workspace Are Not
Available ......................................................................................................... 42-74
42.14.6.4
Issue with Dashboards Menu in EPM Workspace .......................................... 42-74
42.14.6.5
Merant 6.1 ODBC Drivers Are Not Configured on Linux ............................... 42-74
42.15 Oracle Business Intelligence Integration and API Issues and Workarounds ................ 42-75
42.15.1
General Integration Issues and Workarounds ....................................................... 42-75
42.15.2
Oracle Business Intelligence API Issues and Workarounds ................................... 42-75
42.16 Oracle Business Intelligence Localization Issues and Workarounds ............................ 42-75
42.16.1
Product Localization Issues and Workarounds ..................................................... 42-75
42.16.1.1
Unable to Save Strings with Multibyte Characters to an External File Using ANSI
Encoding ......................................................................................................... 42-76
42.16.1.2
BI Publisher User Interface Components Do Not Support Supplementary
Characters ....................................................................................................... 42-76
42.16.1.3
Non-English Log Files Displayed Incorrectly in Fusion Middleware Control 42-76
42.16.1.4
Error Messages in BI Publisher Data Model Editor Honor Server Locale Setting ....
42-76
42.16.1.5
Incorrect Layout in Tables and Pivot Tables in PDF Files and PowerPoint
Presentations When Locale for BI Server Is Arabic or Hebrew ....................... 42-77
42.16.1.6
Excel2007 Output in BI Publisher Does Not Honor Locale Settings for Number and
Date Format .................................................................................................... 42-77
42.16.1.7
Excel2007 Output in BI Publisher Supports Gregorian Calendar Only ........... 42-77
42.16.1.8
Template Builder for Microsoft Word Chart Wizard Does Not Format Dates 42-78
42.16.1.9
Number and Date Format Issues with Charts in BI Publisher Layout Templates ....
42-78
42.16.1.10
BI Publisher Report Creation Wizard "Select Columns" Step Does Not Render
Properly When UI Language Is Francais ......................................................... 42-78
42.16.1.11
Albany Fonts Delivered with BI Publisher for PDF Output Do Not Support Bold
and Italic for Multibyte Characters ................................................................. 42-78
42.16.2
Help System Localization Issues and Workarounds .............................................. 42-78
42.16.2.1
Oracle Business Intelligence Help Systems Are Not Translated ..................... 42-79
42.17 Oracle Exalytics In-Memory Machine Issues and Workarounds ................................. 42-79
42.18 Oracle Business Intelligence Documentation Errata ..................................................... 42-79
42.18.1
General Oracle Business Intelligence Documentation Errata ................................. 42-80
42.18.2
Oracle Fusion Middleware Quick Installation Guide for Oracle Business Intelligence .... 42-80
42.18.3
Oracle Fusion Middleware Installation Guide for Oracle Business Intelligence .............. 42-80
42.18.3.1
Installation Guide Contains Misinformation About Installing the Client Tools .......
42-80
42.18.3.2
Installation Guide Contains Misinformation About pasteBinary Script .......... 42-81
42.18.3.3
Installation Guide Contains Misinformation About Installing on a Hardened
Database .......................................................................................................... 42-81
42.18.4
Oracle Fusion Middleware Upgrade Guide for Oracle Business Intelligence Enterprise Edition
42-81
42.18.4.1
Incorrect Information on Aggregation ............................................................ 42-82
42.18.4.2
Incorrect Information on Database Authentication ......................................... 42-82
42.18.5
Oracle Fusion Middleware User's Guide for Oracle Business Intelligence Enterprise Edition ..
42-82
42.14.6.1
l
42.18.5.1
42.18.5.2
42.18.5.3
42.18.5.4
42.18.5.5
42.18.5.6
42.18.5.7
42.18.5.8
42.18.5.9
42.18.5.10
42.18.5.11
42.18.5.12
42.18.5.13
42.18.5.14
42.18.5.15
42.18.5.16
42.18.5.17
42.18.5.18
42.18.5.19
42.18.6
42.18.7
42.18.7.1
42.18.7.2
42.18.7.3
42.18.7.4
42.18.7.5
42.18.7.6
42.18.7.7
42.18.7.8
42.18.7.9
42.18.7.10
42.18.7.11
42.18.7.12
Oracle BI Mobile: Embedding a Dashboard or Answers Report Link in an E-mail .
42-83
Oracle BI Mobile: Easy Access to Dashboards ................................................. 42-83
Information about Oracle Hyperion Smart View for Office Must Be Ignored . 42-84
Columns from Multiple Subject Areas Included in a Single Query Must Be
Compatible ...................................................................................................... 42-84
Error in the "How Will Prompts Created in Previous Versions Be Upgraded?"
Topic in Chapter 6, "Prompting in Dashboards and Analyses" ...................... 42-84
Content Missing from Appendix E, "User Interface Reference," "Edit Page Settings
dialog" Topic, Prompt Buttons Field ............................................................... 42-84
Incorrect Default Pixel Value Specified in Chapter 6, "Prompting in Dashboards
and Analyses" and Appendix E, "User Interface Reference" ........................... 42-85
Error in the "Actions that Invoke Operations, Functions or Processes in External
Systems" Topic in Chapter 10, "Working with Actions" ................................. 42-85
Error in the "Show More Columns dialog" Topic in Appendix E, "User Interface
Reference" ........................................................................................................ 42-85
Error in the "New Filter dialog" Topic in Appendix E, "User Interface Reference" ...
42-86
Information on View Latest Version Feature in Error ..................................... 42-86
Changes to the Instructions for Installing and Configuring BI Composer ...... 42-86
Mentions of the KPI Editor: Data Input Security Page Must Be Ignored ......... 42-86
Misinformation About Oracle Endeca Server and Full-Text Search ................ 42-87
Breadcrumbs Disabled for Embedded Objects in ADF .................................... 42-87
Note on Fixed Headers with Scrolling Content Is Incorrect ............................ 42-87
Misinformation About Adding HTML Code in Prompt Labels ..................... 42-88
Enable on Totals for Action Links Not Described ........................................... 42-88
Use of Multiple Values in Presentation Variable on Dashboards Not Described .....
42-88
Oracle Fusion Middleware User's Guide for Oracle Business Intelligence Mobile .......... 42-90
Oracle Fusion Middleware Metadata Repository Builder's Guide for Oracle Business
Intelligence Enterprise Edition .................................................................................. 42-90
Important Changes to Essbase Preconfiguration Instructions ......................... 42-91
Manual opmn.xml Edits Needed to Use Teradata as a Data Source ................ 42-92
Updates to Text for Consistency Check Warnings 39009 and 39059 ................ 42-93
Other Changes to List of New Consistency Check Warnings .......................... 42-94
Select the Virtual Private Database Option when Authenticating Against Essbase
or Hyperion Financial Management Using a Shared Token ............................ 42-94
Manually Updating the Master MUD Repository ........................................... 42-95
Configuration Required for Client Installations of the Administration Tool to
Perform Offline Imports from Oracle OLAP and Hyperion Financial Management
Data Sources .................................................................................................... 42-95
Database Client Installation Required for Client Installations of the Administration
Tool when Importing from Oracle Database and Oracle OLAP Sources ........ 42-96
Initialization Block Failure at Server Start-Up Causes Connection Pool to be
Blacklisted ...................................................................................................... 42-96
Merge Local Changes Step Does Not Lock the Master Repository .................. 42-96
Information Now Available for All Import Metadata Wizard Screens ............ 42-97
Remove Smart View Mention in Appendix C ................................................. 42-97
li
42.18.7.13
42.18.7.14
42.18.7.15
42.18.7.16
42.18.7.17
42.18.7.18
42.18.8
42.18.8.1
42.18.8.2
42.18.8.3
42.18.8.4
42.18.8.5
42.18.8.6
42.18.8.7
42.18.8.8
42.18.8.9
42.18.8.10
42.18.8.11
42.18.8.12
42.18.8.13
42.18.8.14
42.18.8.15
42.18.8.16
42.18.8.17
42.18.8.18
42.18.8.19
42.18.9
42.18.9.1
42.18.9.2
42.18.9.3
42.18.9.4
42.18.9.5
42.18.9.6
42.18.9.7
42.18.10
lii
Explicitly Check Out Projects to Add Objects in a Multiuser Development
Environment ................................................................................................... 42-97
Changes to DataDirect Drivers and Directories .............................................. 42-98
Additional Information Available on SCM Configuration Template Files ...... 42-98
Additional Information Available on TimesTen Compressed Tables ............. 42-98
Statement on Aggregate Creation Failure is Incorrect .................................... 42-98
Prefer Optimizer Estimates Option Available for Summary Advisor in Release
11.1.1.6.2, Bundle Patch 1 ................................................................................ 42-99
Oracle Fusion Middleware System Administrator's Guide for Oracle Business Intelligence
Enterprise Edition .................................................................................................... 42-99
Event Polling Tables Must Be Created Using the Repository Creation Utility
(RCU) ............................................................................................................ 42-100
Use of ps: Prefix in Elements Is Unnecessary ................................................ 42-100
Lowercase for Boolean Values for Configuration Elements .......................... 42-101
Removal of Section 11.5, "Configuring to Download Oracle Hyperion Smart View
for Office" ...................................................................................................... 42-101
Issue Copying a Jar File when Registering with EPM Workspace Release 11.2.3.00
42-101
Incomplete Information in "Validating the Catalog" Section ........................ 42-102
Missing Privilege for Using the Full-Text Catalog Search ............................. 42-103
Error for Configuring the Data Source for the Full-Text Catalog Search ....... 42-103
Removal of Section 19.7.2.6, "Including Links with Analyses on Dashboards" ........
42-103
MaxColumns Element Not Supported .......................................................... 42-103
Error in Section 22.3.2, "Specifying Defaults for Styles and Skins" ................ 42-103
Clarification of CaseInsensitiveMode Element .............................................. 42-104
Updates of Information About the Catalog ................................................... 42-104
Section on Manually Configuring for Interactions In Views Does Not Apply .........
42-111
Omission of Enabled Element in Custom Links Section ................................ 42-111
Omission of Section on Updating Java Development Kit (JDK) .................... 42-112
Remove Mention of pasteBinary Script ......................................................... 42-112
Parameter Descriptions Missing or Inaccurate in NQSConfig.INI File
Configuration Settings Appendix ................................................................. 42-112
Incorrect Commands to Start and Stop Administration Server on a Windows
Environment ................................................................................................. 42-114
Oracle Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition
42-114
SASchInvoke Always Prompts for the Password in 11.1.1.5 ......................... 42-114
Setup Multiple Authentication Providers ..................................................... 42-114
Error in Code Example for Refreshing User GUIDs ...................................... 42-115
Adding UserName Attribute Properties user.login.attr and username.attr to
Identity Store is Not Applicable .................................................................... 42-115
Removal of Invalid LDAP Configuration Properties when Setting Up SSL .. 42-115
Error in Code Example for Configuring a Database Adaptor ....................... 42-116
Error in Code Example for Configuring the WebLogic Server Environment 42-116
Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Business Intelligence ......
42-117
42.18.11
42.18.11.1
42.18.12
42.18.12.1
42.18.13
42.18.14
42.18.14.1
42.18.14.2
Oracle Fusion Middleware Developer's Guide for Oracle Business Intelligence Enterprise
Edition .................................................................................................................. 42-117
Error in the "Passing Business Intelligence Content with the Oracle BI EE
Contextual Event Action" Topic in Chapter 1, "Embedding Business Intelligence
Objects in ADF Applications" ....................................................................... 42-117
Oracle Fusion Middleware Integrator's Guide for Oracle Business Intelligence Enterprise
Edition .................................................................................................................. 42-117
Addendum to the "Overview of Integrating with Oracle Business Intelligence"
Topic in Chapter 10, "Integrating Other Clients with Oracle Business Intelligence"
42-118
Oracle Fusion Middleware XML Schema Reference for Oracle Business Intelligence
Enterprise Edition ................................................................................................ 42-118
Oracle Business Intelligence Help System Errata ................................................. 42-118
Incorrect Statement on Source Control Management and Multiuser Development
in Administration Tool Online Help ............................................................. 42-118
Addendum to the Oracle BI Server DSN Configuration Wizard Help .......... 42-119
43 Oracle Business Intelligence Applications and Data Warehouse
Administration Console
43.1
Patch Requirements ........................................................................................................ 43-1
43.1.1
Obtaining Patches from My Oracle Support ............................................................ 43-2
43.2
Oracle Business Intelligence Applications Release Notes ............................................... 43-2
43.2.1
Oracle Business Intelligence Applications Issues and Workarounds Identified Since the
Previous Revision .................................................................................................... 43-2
43.2.2
General Issues and Workarounds for Oracle Business Intelligence Applications .... 43-2
43.2.2.1
Patch Installation Instructions for Informatica Repository in Oracle BI Applications
Release 11.1.1.5.2 ............................................................................................... 43-2
43.2.2.2
About Issues For Both Oracle Fusion Transactional Business Intelligence and
Oracle Business Intelligence Applications ......................................................... 43-3
43.2.2.3
CONFIGURE_RPD.PY Script Does Not Set Connection Pool for Oracle BI
Applications Configuration Manager ................................................................ 43-4
43.2.2.4
Using Multiple Execution Plans Using Different Source Connection Names But
Running On The Same BI Server ....................................................................... 43-4
43.2.2.5
NLS:SDE_FUSION_DOMAINGENERAL_SALESINVOICESOURCE_FULL Failed
With Syntax Error .............................................................................................. 43-4
43.2.2.6
Informatica License Dis-associating After Installation ...................................... 43-5
43.2.2.7
JAZN File Not Translated .................................................................................. 43-5
43.2.2.8
Duplicate Rows in GL Account Segment Hierarchy Tables .............................. 43-6
43.2.2.9
Rename Informatica Files With Upper Case XML Extension To Lower Case ... 43-6
43.2.2.10
Instructions to Change Create Navigate Actions and Create Invoke Actions to BI
Author ............................................................................................................... 43-6
43.2.2.11
Extracting Fusion Descriptive Flexfield (DFF) Information Into Oracle Business
Analytics Warehouse ......................................................................................... 43-7
43.2.3
Installation Issues and Workarounds for Oracle Business Intelligence Applications .....
43-7
43.2.3.1
Installing Informatica PowerCenter 8.6.1 On Mount Points with Free Disk Space in
Terabytes ........................................................................................................... 43-7
43.2.3.2
Restarting Components After Completing The Post-Installation Setup Steps ... 43-8
liii
Customer Cost Lines and Product Cost Lines Configuration is Missing From FSM
Tasks for Oracle Financial Analytics ................................................................ 43-8
43.2.4
Upgrade Issues and Workarounds for Oracle Business Intelligence Applications .. 43-9
43.2.5
Oracle Business Intelligence Applications Offering/Module-specific Issues .......... 43-9
43.2.5.1
Issues for Oracle Customer Data Management Analytics Offering ................... 43-9
43.2.5.2
Issues for Oracle Financial Analytics Offering .................................................. 43-9
43.2.5.3
Issues for Oracle Human Resources Analytics Offering .................................. 43-10
43.2.5.4
Issues for Oracle Marketing Analytics Offering .............................................. 43-11
43.2.5.5
Issues for Oracle Partner Analytics Offering ................................................... 43-11
43.2.5.6
Issues for Oracle Product Information Management Analytics Offering ........ 43-12
43.2.5.7
Issues for Oracle Procurement and Spend Analytics Offering ........................ 43-12
43.2.5.8
Issues for Oracle Project Analytics Offering .................................................... 43-12
43.2.5.9
Issues for Oracle Sales Analytics Offering ....................................................... 43-13
43.2.5.10
Issues for Oracle Supply Chain and Order Management Analytics Offering . 43-13
43.2.6
Translated Content in Non-English Reports and Dashboards ............................... 43-13
43.2.7
Error in Execution of Task SDE_FUSION_PayrollRunBalanceDetailFact .............. 43-13
43.2.8
Oracle Business Intelligence Applications Configuration Manager and FSM Issues ......
43-14
43.2.9
Security-related Issues for Oracle Business Intelligence Applications ................... 43-16
43.2.10
Oracle Business Intelligence Applications Documentation Errata ......................... 43-16
43.2.10.1
General Oracle Business Intelligence Documentation Errata .......................... 43-16
43.2.10.2
Oracle Fusion Middleware Installation and Configuration Guide for Oracle Business
Intelligence Applications .................................................................................... 43-16
43.2.10.3
Oracle BI Applications Configuration Manager Help System ................................ 43-19
43.2.10.4
Oracle Fusion Middleware Reference Guide for Oracle Business Intelligence Applications
43-19
43.3
Oracle Business Intelligence Data Warehouse Administration Console (DAC) Platform
Release Notes ............................................................................................................... 43-22
43.3.1
DAC Issues and Workarounds Identified Since the Previous Revision ................. 43-22
43.3.2
DAC General Issues and Workarounds ................................................................. 43-22
43.3.3
DAC Installation Issues and Workarounds ........................................................... 43-22
43.3.4
DAC Upgrade Issues and Workarounds ............................................................... 43-22
43.3.5
DAC Documentation Errata .................................................................................. 43-22
43.3.5.1
Oracle Fusion Middleware User's Guide for Oracle Business Intelligence Data Warehouse
Administration Console ...................................................................................... 43-23
43.3.5.2
DAC Client Help System ................................................................................... 43-23
43.2.3.3
44 Oracle Real-Time Decisions
44.1
Oracle RTD General Issues and Workarounds ............................................................... 44-1
44.1.1
Transient Likelihood Problems ................................................................................ 44-2
44.1.2
Use Development Deployment State Only .............................................................. 44-2
44.1.3
Error Deploying Inline Services from Command Line if Inline Service Uses Certain
Functions ................................................................................................................. 44-2
44.1.4
Ensuring Unique Batch Names Across a Cluster ..................................................... 44-2
44.1.5
Safari and Chrome Accessibility Items .................................................................... 44-3
44.1.6
Learning Service May Skip Processing of Some Learning Records if SDDB is on Oracle
RAC Database .......................................................................................................... 44-4
44.1.7
External Rule Editor Does Not Work in Mozilla Firefox Version 16 ........................ 44-4
liv
Oracle RTD Installation Issues and Workarounds ......................................................... 44-4
Oracle RTD Upgrade Issues and Workarounds ............................................................. 44-4
Oracle RTD Configuration Issues and Workarounds ..................................................... 44-4
Oracle RTD Security Issues and Workarounds .............................................................. 44-4
Decision Center Logout Not Redirected Correctly for Oracle Access Manager (OAM)
11g Form-Based Authentication ............................................................................... 44-4
44.6
Oracle RTD Administration Issues and Workarounds ................................................... 44-5
44.7
Oracle RTD Integration Issues and Workarounds .......................................................... 44-5
44.7.1
Java Smart Client Run Configuration Changes Required for Different Properties Files .
44-5
44.8
Oracle RTD Decision Studio Issues and Workarounds .................................................. 44-6
44.8.1
Mapping Array Attributes in a Multi-Level Entity Hierarchy ................................. 44-6
44.8.2
Issues When Trying to Enable Caching for Some Entities ........................................ 44-6
44.8.3
Terminate Active Sessions in Cluster Works Only on Decision Server Receiving
Deployment Request ............................................................................................... 44-7
44.9
Oracle RTD Decision Center Issues and Workarounds .................................................. 44-7
44.10 Oracle RTD Performance Monitoring Issues and Workarounds .................................... 44-7
44.11 Oracle RTD Externalized Objects Management Issues and Workarounds ..................... 44-7
44.12 Oracle RTD Localization Issues and Workarounds ........................................................ 44-7
44.13 Oracle RTD Documentation Errata ................................................................................. 44-7
44.13.1
Oracle Fusion Middleware Administrator's Guide for Oracle Real-Time Decisions .......... 44-7
44.13.2
Oracle Fusion Middleware Platform Developer's Guide for Oracle Real-Time Decisions ... 44-7
44.13.2.1
External Rules Development Helper Mismatch between Code and Manual
Description ........................................................................................................ 44-8
44.13.2.2
Save Choice IDs in Inline Services Rather Than Choices ................................... 44-8
44.14 Oracle RTD Third-Party Software Information .............................................................. 44-8
44.14.1
Displaytag Download Location ............................................................................... 44-8
44.2
44.3
44.4
44.5
44.5.1
lv
lvi
Preface
This preface includes the following sections:
■
Audience
■
Documentation Accessibility
■
Related Documents
■
Conventions
Audience
This document is intended for users of Oracle Fusion Middleware 11g.
Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle
Accessibility Program website at
http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers have access to electronic support through My Oracle Support. For
information, visit
http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit
http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are
hearing impaired.
Related Documents
For more information, see these Oracle resources:
■
Oracle Fusion Middleware Documentation on Oracle Fusion Middleware Disk 1
■
Oracle Fusion Middleware Documentation Library 11g Release 1 (11.1.1)
■
Oracle Technology Network at
http://www.oracle.com/technetwork/index.html.
Conventions
The following text conventions are used in this document:
lvii
lviii
Convention
Meaning
boldface
Boldface type indicates graphical user interface elements associated
with an action, or terms defined in text or the glossary.
italic
Italic type indicates book titles, emphasis, or placeholder variables for
which you supply particular values.
monospace
Monospace type indicates commands within a paragraph, URLs, code
in examples, text that appears on the screen, or text that you enter.
Part I
Part I
Oracle Fusion Middleware
Part I contains the following chapters:
■
Chapter 1, "Introduction"
■
Chapter 2, "Installation, Patching, and Configuration"
■
Chapter 3, "Upgrade"
■
Chapter 4, "Oracle Fusion Middleware Administration"
■
Chapter 5, "Oracle Enterprise Manager Fusion Middleware Control"
■
■
Chapter 6, "Oracle Fusion Middleware High Availability and Enterprise
Deployment"
Chapter 7, "Oracle Fusion Middleware on IBM WebSphere"
1
1
Introduction
This chapter introduces Release Notes, 11g Release 1 (11.1.1). It includes the following
topics:
■
Section 1.1, "Latest Release Information"
■
Section 1.2, "Purpose of this Document"
■
Section 1.3, "System Requirements and Specifications"
■
Section 1.4, "Memory Requirements"
■
Section 1.5, "Certification Information"
■
Section 1.6, "Downloading and Applying Required Patches"
■
Section 1.7, "Licensing Information"
1.1 Latest Release Information
This document is accurate at the time of publication. Oracle will update the release
notes periodically after the software release. You can access the latest information and
additions to these release notes on the Oracle Technology Network at:
http://www.oracle.com/technetwork/indexes/documentation/index.ht
ml
1.2 Purpose of this Document
This document contains the release information for Oracle Fusion Middleware 11g
Release 1 (11.1.1). It describes differences between Oracle Fusion Middleware and its
documented functionality.
Oracle recommends you review its contents before installing, or working with the
product.
1.3 System Requirements and Specifications
Oracle Fusion Middleware installation and configuration will not complete
successfully unless users meet the hardware and software pre-requisite requirements
before installation.
For more information, see "Review System Requirements and Specifications" in the
Oracle Fusion Middleware Installation Planning Guide
Introduction 1-1
Memory Requirements
1.4 Memory Requirements
Oracle Fusion Middleware memory requirements for installation, configuration, and
runtime are as follows:
1.
Without a Database on the same server: Minimum 4 GB physical memory and 4
GB swap.
2.
With a Database on the same server: Minimum 6 GB physical memory and 6 GB
swap.
Note: These minimum memory values are with the assumption that
no user or operating system process is consuming any unusually high
amount of memory. If such a condition exists, corresponding amount
of additional physical memory will be required.
1.5 Certification Information
This section contains the following:
■
Section 1.5.1, "Where to Find Oracle Fusion Middleware Certification Information"
■
Section 1.5.2, "Certification Exceptions"
■
Section 1.5.3, "Upgrading Sun JDK From 1.6.0_07 to 1.6.0_11"
■
Section 1.5.4, "JMSDELIVERYCOUNT Is Not Set Properly"
■
Section 1.5.5, "Viewer Plugin Required On Safari 4 To View Raw XML Source"
1.5.1 Where to Find Oracle Fusion Middleware Certification Information
The latest certification information for Oracle Fusion Middleware 11g Release 1 (11.1.1)
is available at the Oracle Fusion Middleware Supported System Configurations
Central Hub:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusio
n-certification-100350.html
1.5.2 Certification Exceptions
This section describes known issues (exceptions) and their workarounds that are
associated with Oracle Fusion Middleware 11g certifications. For a list of known issues
that are associated with specific Oracle Fusion Middleware 11g Release 1 (11.1.1)
components, see the Release Notes for the specific Oracle Fusion Middleware 11g
Release 1 (11.1.1) component.
This section contains the following topics:
■
■
Section 1.5.2.1, "Certification Information for Oracle Fusion Middleware 11g R1
with Oracle Database 11.2.0.1"
Section 1.5.2.3, "Restrictions on Specific Browsers"
1.5.2.1 Certification Information for Oracle Fusion Middleware 11g R1 with Oracle
Database 11.2.0.1
If you choose to configure Oracle Internet Directory with Database vault, do the
following:
1-2 Release Notes
Certification Information
1.
Apply patch 8897382 to fix bug 8897382.
the following workaround is required only if the Oracle Fusion
Middleware version is 11.1.1.1.0 (11gR1). This issue will be fixed in
11.1.1.2.0.
Note:
2.
Apply the workaround for bug 8987186 by editing <OH>/ldap/datasecurity/dbv_
oid_command_rules.sql file and find the following declaration:
/declare
begin
dvsys.dbms_macadm.CREATE_COMMAND_RULE(
command => 'CONNECT'
,rule_set_name => 'OID App Access'
,object_owner => 'ODS'
,object_name => '%'
,enabled => 'Y');
commit;
end;/
and change the line that is indicated in bold:
/declare
begin
dvsys.dbms_macadm.CREATE_COMMAND_RULE(
command => 'CONNECT'
,rule_set_name => 'OID App Access'
,object_owner => '%'
,object_name => '%'
,enabled => 'Y');
commit;
end;/
1.5.2.2 Excel Export Issue on Windows Vista Client
Vista prevents applets from creating files in the local file system if the User Account
Control (UAC) system is turned on. You can experience this problem if you have the
UAC setting enabled on Vista and if you use a component like Discoverer Plus. If you
start Discoverer Plus and if you try exporting a worksheet to a specified directory, the
exporting succeeds but you cannot see the exported file in the directory. The available
workarounds is to disable UAC and set protection mode to OFF. Refer to Bugs 8410655
and 7328867 for additional information.
1.5.2.3 Restrictions on Specific Browsers
1.5.2.3.1
Unable to View the Output of a JSPX Page in Internet Explorer 7
When a JSPX page is deployed and is then accessed using Internet Explorer 7 (IE7), the
XHTML source is displayed instead of the page contents. This occurs in both normal
and osjp.next modes.
The workaround is to instruct application users to access the application with Firefox
or Safari.
1.5.2.3.2 Java Plugin for Discoverer Plus Not Downloaded Automatically on Firefox When you
attempt to connect to Discoverer Plus by using the Mozilla Firefox browser on a
computer that does not have Java 1.6 installed, Firefox does not download the JRE 1.6
Introduction 1-3
Downloading and Applying Required Patches
plug-in automatically. Instead, Firefox displays the following message: "Additional
plugins are required to display this page..."
The workaround is to download the JRE 1.6 plug-in by clicking the Install Missing
Plugin link to install it manually.
1.5.3 Upgrading Sun JDK From 1.6.0_07 to 1.6.0_11
For information, see "Section 2.1.5.3, "Upgrading Sun JDK in the Oracle Home
Directory."
1.5.4 JMSDELIVERYCOUNT Is Not Set Properly
When using AQ JMS with Oracle Database 11.2.0.1, JMXDELIVERYCOUNT is not set
correctly.
The workaround is to apply patch 9932143 to Oracle Database 11.2.0.1. For more
information, contact Oracle Support.
1.5.5 Viewer Plugin Required On Safari 4 To View Raw XML Source
You need a Safari plugin to view raw XML. If there is no plugin installed, you will see
unformatted XML which will be difficult to read. This is because Safari applies a
default stylesheet, which only displays the text nodes in the XML document.
As a workaround, go to View > View Source in the Safari menu bar to see the full
XML of the metadata document. Also, selecting File > Save and choosing XML Files
as the file type, will correctly save the XML metadata file with all the markup intact.
1.6 Downloading and Applying Required Patches
After you install and configure Oracle Fusion Middleware 11g Release 1 (11.1.1.4.0),
there might be cases where additional patches are required to address specific known
issues.
Complete the following steps to obtain a patch:
1.
Log into the My Oracle Support web site at https://myoraclesupport.com/.
2.
Click the Patches & Updates tab.
3.
Use the Patch Search area to locate patches.
4.
On the Patch Search Results page, select a patch and click Download to download
the patch.
5.
Install the patch by following the instructions in the README file that is included
with the patch.
Table 1–1 lists some of the specific Oracle Fusion Middleware patches that were
available at the time these release notes were published.
For additional patching information, see Section 3.1.1, "Patches Required to Address
Specific Upgrade and Compatibility Requirements".
1-4 Release Notes
Licensing Information
Table 1–1
Patches Required to Fix Specific Issues with Oracle Fusion Middleware 11g
Oracle Fusion Middleware
Product or Component
Bug/Patch
Number
Oracle SOA Suite - Oracle
BPM Worklist application
9901600
Unless you apply this patch, errors appear in
the log files when you access the Event Driven
page in the Oracle Business Process
Management Worklist application.
Oracle XDK for Java
10337609
This patch fixes the following issue.
Description
If you use the XSU utility to insert some data
into the database, and the database connection
had the connection property called
oracle.jdbc.J2EE13Compliant set to "true",
and the target column was some kind of
numeric column, then it is possible for the
insert to fail with a the following error:
java.lang.NumberFormatException
1.7 Licensing Information
Licensing information for Oracle Fusion Middleware is available at:
http://oraclestore.oracle.com
Detailed information regarding license compliance for Oracle Fusion Middleware is
available at:
http://www.oracle.com/technetwork/middleware/ias/overview/index.
html
Introduction 1-5
Licensing Information
1-6 Release Notes
2
Installation, Patching, and Configuration
2
This chapter describes issues associated with Oracle Fusion Middleware installation,
patching, and configuration. It includes the following topics:
■
Section 2.1, "Installation Issues and Workarounds"
■
Section 2.2, "Patching Issues and Workarounds"
■
Section 2.3, "Configuration Issues and Workarounds"
■
Section 2.4, "Documentation Errata"
This chapter contains issues you might encounter while
installing, patching, or configuring any of the Oracle Fusion
Middleware products.
Note:
Be sure to review the product-specific release note chapters elsewhere
in this document for any additional issues specific to the products you
are using.
2.1 Installation Issues and Workarounds
This section describes issue and workarounds related to Oracle Fusion Middleware
product installation. It includes the following topics:
■
■
Section 2.1.1, "Issues Pertaining to Oracle SOA Suite Installation"
Section 2.1.2, "Issues Pertaining to Oracle Portal, Forms, Reports and Discoverer
Installation"
■
Section 2.1.3, "Issues Pertaining to Oracle Web Tier Installation"
■
Section 2.1.4, "Issues Pertaining to Oracle Identity Management Installation"
■
Section 2.1.5, "Issues Pertaining to JDK and JRE Installation"
■
Section 2.1.6, "Issues Pertaining to Oracle Universal Installer"
■
Section 2.1.7, "Issues Pertaining to Database and Schema Installation"
■
Section 2.1.8, "Error Messages and Exceptions Seen During Installation"
■
Section 2.1.9, "Issues Pertaining to Product Deinstallation"
■
■
Section 2.1.10, "Oracle Recommends JDK Version 6 Update 29 for Oracle Service
Bus 11g Release 1 (11.1.1.7.0)"
Section 2.1.11, "Installing Oracle Service Registry in the Same Domain as Oracle
SOA Suite"
Installation, Patching, and Configuration
2-1
Installation Issues and Workarounds
■
Section 2.1.12, "Problems Installing in Thai and Turkish Locales"
2.1.1 Issues Pertaining to Oracle SOA Suite Installation
This section contains the following:
■
■
■
Section 2.1.1.1, "Installing Oracle SOA Suite on a Dual Stack Host with IPv4"
Section 2.1.1.2, "Installing Oracle SOA Suite Release 11.1.1.3.0 in a Turkish
Environment"
Section 2.1.1.3, "Prerequisite Checks Fail During the Installation of Oracle Portal,
Forms, Reports, and Discoverer 11g Release 1 (11.1.1.2.0) on OEL6"
2.1.1.1 Installing Oracle SOA Suite on a Dual Stack Host with IPv4
If you install Oracle SOA Suite on a dual stack host and the SOA front end URL is only
set to IPv4, Oracle BPM Worklist or asynchronous callbacks from IPv6-only clients
may have problems resolving IPv4 callback URLs (and vice-versa).
The work around is to use either a split Domain Name System (DNS) or another
forward proxy configuration. This enables the IPv6-only client to connect to a dual
stack box through its IPv6 interface.
2.1.1.2 Installing Oracle SOA Suite Release 11.1.1.3.0 in a Turkish Environment
If you are installing Oracle SOA Suite Release 11.1.1.3.0 in a Turkish environment,
there will be some functionality loss for Oracle Enterprise Manager Fusion
Middleware Control.
There is no work around for this issue. Oracle recommends that you avoid installing in
a Turkish environment and install in an English environment instead.
2.1.1.3 Prerequisite Checks Fail During the Installation of Oracle Portal, Forms,
Reports, and Discoverer 11g Release 1 (11.1.1.2.0) on OEL6
During the installation of Oracle Portal, Forms, Reports and Discoverer 11g Release 1
(11.1.1.2.0) on OEL6 operating system, prerequisite checks fail with errors.
To work around this issue, perform any one of the following steps:
■
■
Press Continue and continue with the installation.
Use -ignoreSysPreReqs command line additional argument to the
runInstaller:
./runInstaller -ignoreSysPreReqs
2.1.2 Issues Pertaining to Oracle Portal, Forms, Reports and Discoverer Installation
This section contains the following:
■
Section 2.1.2.1, "Oracle Configuration Manager Fails During Domain
Configuration of Oracle Portal, Forms, Reports, and Discoverer 11g Release 1
(11.1.1.7.0)"
■
Section 2.1.2.2, "Considerations When Installing Oracle Portal 11g"
■
Section 2.1.2.3, "Prerequisite Warnings During Installation"
■
Section 2.1.2.4, "Prerequisite Warnings During Installation"
2-2 Release Notes
Installation Issues and Workarounds
2.1.2.1 Oracle Configuration Manager Fails During Domain Configuration of Oracle
Portal, Forms, Reports, and Discoverer 11g Release 1 (11.1.1.7.0)
After upgrading Oracle Portal, Forms, Reports, and Discoverer to 11g Release 1
(11.1.1.7.0), or after installing Oracle Portal, Forms, Reports, and Discoverer 11g
Release 1 (11.1.1.7.0), if you choose to configure Oracle Configuration Manager during
domain configuration, the configuring Oracle Configuration Manager fails.
The workaround for this issue is as follows:
1.
Navigate to the following location on your system:
ORACLE_HOME/ccr/bin
2.
Run the following commands in the Oracle Instance home:
$
$
$
$
setupCCR
configCCR
emCCR collect
emCCR status
You can choose to skip configuring Oracle Configuration
Manager when you initially run the 11g Release 1 (11.1.1.7.0)
configuration wizard.
Note:
To configure Oracle Configuration Manager after configuring the domain, do the
following:
1.
Navigate to the ORACLE_HOME/ccr/bin directory on your system.
2.
Set the variable ORACLE_CONFIG_HOME in your Oracle Instance home directory.
3.
Run the following commands:
$
$
$
$
setupCCR
configCCR
emCCR collect
emCCR status
2.1.2.2 Considerations When Installing Oracle Portal 11g
Before you install a new Oracle Portal, Forms, Reports, and Discoverer 11g
environment, be sure to review the following important resources:
■
■
Oracle Fusion Middleware Installation Guide for Oracle Portal, Forms, Reports and
Discoverer
My Oracle Support document ID 1364497.1
2.1.2.3 Prerequisite Warnings During Installation
Vendor release updates cummulative patches and/or packages that may superseed
our listed Oracle Fusion Middleware 11g Release 1 prerequisites for platforms. As
long as vendor approved patches and/or packages are installed, the prerequisite
warnings could be ignored and the installation completed.
Another option is to use -ignoreSysPreReqs command line additional argument to
the runInstaller as:
$
Mount_Point/runInstaller -ignoreSysPreReqs other required install options
Installation, Patching, and Configuration
2-3
Installation Issues and Workarounds
2.1.2.4 Prerequisite Warnings During Installation
Vendor release updates cummulative patches and/or packages that may superseed
our listed Oracle Fusion Middleware 11g Release 1 prerequisites for platforms. As long
as vendor approved patches and/or packages are installed, the prerequisite warnings
could be ignored and the installation completed.
Another option is to use -ignoreSysPreReqs command line additional argument to
the runInstaller as:
$
Mount_Point/runInstaller -ignoreSysPreReqs other required install options
2.1.3 Issues Pertaining to Oracle Web Tier Installation
This section contains the following:
■
■
Section 2.1.3.1, "Oracle SOA Suite and Oracle Application Developer Must Be
Installed Before Oracle Web Tier"
Section 2.1.3.2, "Oracle Web Tier Silent Install Requires Oracle Web Cache
Component Name"
2.1.3.1 Oracle SOA Suite and Oracle Application Developer Must Be Installed
Before Oracle Web Tier
To ensure that the oracle_common/soa/modules/commons-cli-1.1.jar file is
installed properly, if you plan to associate Oracle Web Tier with an existing domain,
you must install Oracle Web Tier after all other products are installed.
2.1.3.2 Oracle Web Tier Silent Install Requires Oracle Web Cache Component Name
If you are performing a silent Oracle Web Tier installation for Oracle HTTP Server, an
Oracle Web Cache component name (WEBCACHE_COMPONENT_NAME parameter) must
also be mentioned in the response file, even though Oracle Web Cache is not required
for Oracle HTTP Server installation. Even though both component names are
provided, as long as CONFIGURE_WEBCACHE is set to false then only Oracle HTTP
Server will be installed and configured.
There is no work around for this issue.
2.1.4 Issues Pertaining to Oracle Identity Management Installation
This section contains the following:
Note: For 11g Release 1 (11.1.1.6.0) installation release notes, refer to
the following links:
■
■
■
■
■
2-4 Release Notes
Oracle Fusion Middleware Release Notes 11g Release 1 (11.1.1) for
Linux x86
Oracle Fusion Middleware Release Notes 11g Release 1 (11.1.1) for
Microsoft Windows (32-Bit)
Section 2.1.4.1, "WebLogic Administration Server Must Be Running When
Extending Oracle Identity Management Domains"
Section 2.1.4.2, "Extending the Schema in Oracle Internet Directory"
Section 2.1.4.3, "Deinstalling a 11g (11.1.1.7.0) Oracle Internet Directory Instance
Does Not Clean Up the OID Schema"
Installation Issues and Workarounds
■
Section 2.1.4.4, "Information about the Oracle Virtual Directory Adapters"
■
Section 2.1.4.5, "Enabling the Retry Button"
■
Section 2.1.4.6, "Server Startup Failures on Linux Operating Systems"
■
Section 2.1.4.7, "Configuring OPMN Request Port"
■
Section 2.1.4.8, "Silent Install with Privileged Ports on Linux Operating Systems"
■
Section 2.1.4.9, "JDK Installed in ORACLE_COMMON During WebTier and IDM
Installation"
2.1.4.1 WebLogic Administration Server Must Be Running When Extending Oracle
Identity Management Domains
When you install Oracle Identity Management, you have several options for choosing
how the Oracle Identity Management components are installed in relation to an Oracle
WebLogic Server administration domain. If you select the Extend Existing Domain
option on the installer's Select Domain screen, Oracle Identity Management
components are installed in an existing Oracle WebLogic Server administration
domain.
To install Oracle Identity Management components in an existing administration
domain using the Extend Existing Domain option, the Oracle WebLogic
Administration Server instance must be running.
2.1.4.2 Extending the Schema in Oracle Internet Directory
If you have Oracle Identity Manager 11g Release 1 (11.1.1.7.0) against Oracle Internet
Directory release prior to Oracle Internet Directory 11g Release 1 (11.1.1.6.0) through
libOVD 11g Release 1 (11.1.1.7.0) (with oamEnabled set to true and LDAPSync
enabled), when you try to create a new user, the following error is displayed:
javax.naming.directory.SchemaViolationException:[LDAP: error code 65 -Failed to
find orclpwdexpirationdate in mandatory or optional attribute list.
]
Workaround:
You need to extend the schema in Oracle Internet Directory that you have installed. To
change the backend IDStore schema, do the following:
1.
Create a new attribute.
attributetypes: ( 2.16.840.1.113894.200.1.7 NAME 'orclPwdExpirationDate'
EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE
USAGE userApplications).
2.
Modify the existing orclIDXPerson objectclass to include
orclPwdExpirationDate as an optional attribute.
You can use Oracle Directory Services Manager to connect to
Oracle Internet Directory and make the schema changes.
Note:
2.1.4.3 Deinstalling a 11g (11.1.1.7.0) Oracle Internet Directory Instance Does Not
Clean Up the OID Schema
When deinstalling a configured Oracle Internet Directory instance from Oracle
Identity Management 11g (11.1.1.7.0) the file-based instance directory is removed, but
the related Oracle Internet Directory instance configuration is not deleted. Hence, any
future configuration adds to the instance count by including the deleted instances.
Installation, Patching, and Configuration
2-5
Installation Issues and Workarounds
The following logic is missing from the command to remove a OID instance:
ldapdelete -p <oid ldap port> -D cn=orcladmin -w <password> "cn=<OID
instance name as defined in the ODS
schema>,cn=osdldapd,cn=subconfigsubentry"
Workaround:
After deleting an instance and before recreating the instance run the command:
ldapdelete -p <oid ldap port> -D cn=orcladmin -w <password> "cn=<OID
instance name as defined in the ODS schema>,cn=osdldapd,cn=subconfigsubentry
2.1.4.4 Information about the Oracle Virtual Directory Adapters
Oracle Virtual Directory adapters are not listed in the Home page.
To work around this issue on Linux operating systems, copy the osdt_cert.jar file
from the Oracle Common home to the directory under ORACLE_
HOME/inventory/Scripts/ext/lib/Oracle_IDM1.
To work around this issue on Windows operating systems, copy the jar prior to the
configuration phase because it does not work if you copy it later.
2.1.4.5 Enabling the Retry Button
To retry a failed Oracle Identity Management configuration you must enable the Retry
button. Check the box on the left side of the failed item to enable the Retry button.
2.1.4.6 Server Startup Failures on Linux Operating Systems
When starting the Oracle Identity Management server (Managed server or
Administration server), the server may fail to start. You may see the following error:
Failed to push ldap config data to
libOvd for service instance "idstore.ldap" in JPS context "default", cause:
java.io.FileNotFoundException: /tmp/.ovdlock.tmp (Permission denied)>
To work around this issue, run the following command and the start he server again:
chmod 666 /tmp/.ovdlock.tmp
2.1.4.7 Configuring OPMN Request Port
The static ports.ini for the Oracle Identity Management 11g Release 1
(11.1.1.7.0) installer has an OPMN request port specified. This port is not used in the
Oracle Identity Management configuration and does not serve any specific functional
purpose.
To configure the port you have to manually add the entry to opmn.xml after the oracle
instance is provisioned.
2.1.4.8 Silent Install with Privileged Ports on Linux Operating Systems
To install and configure privileged ports in silent mode on Linux operating systems,
do the following:
1.
Complete only a silent install with Oracle Identity Management 11g Release 1
(11.1.1.7.0).
2.
Run the oracleroot.sh and oidroot.sh scripts in the Oracle home.
You must run these scripts as root user.
2-6 Release Notes
Installation Issues and Workarounds
3.
Change .apachectl permissions.
Run the following as root user:
/bin/chown root /$OH/ohs/bin/.apachectl
/bin/chmod 6750 /$OH/ohs/bin/.apachectl
4.
Complete a silent configuration with the privileged ports.
2.1.4.9 JDK Installed in ORACLE_COMMON During WebTier and IDM Installation
In 11.1.1.2 release, while installing WebTier or IDM on Linux x86-64, AIX and HP-UX
platforms, JDK gets installed in both ORACLE_HOME and ORACLE_COMMON. JDK
version installed in ORACLE_COMMON is lower in version than that of ORACLE_HOME.
Hence should not be used. PS3 patching fails to resolve the JDK issue. However, this
issue does not affect the successful installation of Webtier or IDM.
To work around this issue, use the JDK in ORACLE_HOME and avoid using the JDK
installed in ORACLE_COMMON.
2.1.5 Issues Pertaining to JDK and JRE Installation
This section contains the following:
■
Section 2.1.5.1, "Asian Characters are Not Displayed on Oracle Linux 6.1 with JDK
Versions Older Than 6u30"
■
Section 2.1.5.2, "Specifying the JRE Location if Installing with Automatic Updates"
■
Section 2.1.5.3, "Upgrading Sun JDK in the Oracle Home Directory"
■
Section 2.1.5.4, "Out of Memory Errors When Using JDK 6 Update 23"
2.1.5.1 Asian Characters are Not Displayed on Oracle Linux 6.1 with JDK Versions
Older Than 6u30
If you are running on Oracle Linux 6.1 with JDK version older than 6u30, Chinese,
Korean, and Japanese characters are not displayed in the Oracle Universal Installer.
To work around this issue, do the following:
1.
Go to the JAVA_HOME/jre/lib directory.
2.
Copy fontconfig.RedHat.6.0.bfc to fontconfig.RedHat.6.1.bfc.
3.
Copy fontconfig.RedHat.6.0.properties.src to
fontconfig.RedHat.6.1.properties.src.
4.
Run the installer.
2.1.5.2 Specifying the JRE Location if Installing with Automatic Updates
If you are ins7talling one of the following Oracle Fusion Middleware products:
■
Oracle SOA Suite
■
Oracle WebCenter Portal
■
Oracle Service Bus
■
Oracle WebCenter Content
■
Oracle Data Integrator
■
Oracle Identity and Access Management
Installation, Patching, and Configuration
2-7
Installation Issues and Workarounds
And you will choose to configure automatic updates on the Install Software Updates
screen by selecting Download and install updates from My Oracle Support you must
specify the location of a JRE on your system by using the -jreLoc parameter from the
command line when you start the installer.
If you do not use the -jreLoc parameter and instead wait for the installer to prompt
you for a JRE location, an exception will be seen during the installation.
2.1.5.3 Upgrading Sun JDK in the Oracle Home Directory
Certain installations, including Oracle Identity Management, Oracle Portal, Forms,
Reports and Discoverer, and Oracle Web Tier will install a Sun JDK in the Oracle home
directory. This version of the Sun JDK may be lower in version than what is specified
in the Oracle Fusion Middleware Certification Document:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certi
fication-100350.html
This JDK is used internally and should not be used to deploy Oracle SOA, Oracle
WebCenter Portal, or any custom J2EE applications.
If you want a single JDK version deployed for all types of applications, you can
upgrade the Sun JDK to a higher version (as specified in the Oracle Fusion
Middleware Certification document) using the following steps:
1.
Shut down all processes.
2.
Back up your existing JDK.
3.
Install a new JDK in the same location as your existing JDK.
4.
Restart all processes.
2.1.5.4 Out of Memory Errors When Using JDK 6 Update 23
If you are experiencing out-of-memory errors when using JDK 6 Update 23, consider
the following.
In JDK 6 Update 23, the escape analysis feature was enabled by default.This is an
optimization within the hotspot compiler, which may require an increased memory
footprint. When there is very little free space in the process for additional native
memory allocations, for example due to a very large Java heap, this could lead to an
out of memory situation.
The workaround for this issue is to add the following JVM argument when you start
your application:
-XX:-DoEscapeAnalysis
You can identify JDK 6 Update 23 by using the java -version command, as
follows:
java -version
java version "1.6.0_24"
Java(TM) SE Runtime Environment (build 1.6.0_24-b50)
Java HotSpot(TM) Server VM (build 19.1-b02, mixed mode)
2.1.6 Issues Pertaining to Oracle Universal Installer
This section contains the following:
■
2-8 Release Notes
Section 2.1.6.1, "Installer Produces Errors When Checking for Software Updates on
My Oracle Support"
Installation Issues and Workarounds
■
Section 2.1.6.2, "Entering the Administrator Password for a Simple Oracle Business
Intelligence Installation on Linux Operating Systems"
2.1.6.1 Installer Produces Errors When Checking for Software Updates on My
Oracle Support
On the Install Software Updates screen, if you select the Search My Oracle Support
for Updates option, provide the proper user credentials, and then click Search for
Updates, the following error is seen in the installation log file:
java.net.NoRouteToHostException: No route to host
The work around is to use the Search Local Directory for Updates option on the
Install Software Update screen and select a patch that has already been downloaded
and is available locally. Patches can be downloaded manually from My Oracle Support
or they can be obtained from your Oracle Support representative.
2.1.6.2 Entering the Administrator Password for a Simple Oracle Business
Intelligence Installation on Linux Operating Systems
If you are installing Oracle Business Intelligence on a Linux operating system, and you
select Simple Install on the Select Installation Type screen, the "Password" field is
inactive when you navigate to the Administrator Details screen.
To work around this issue, right-click on the "Password" field and select Paste. The
"Password" field becomes active and you can enter an Administrator password.
2.1.7 Issues Pertaining to Database and Schema Installation
This section contains the following:
■
■
■
■
■
Section 2.1.7.1, "Error Encountered While Loading the Oracle Internet Directory
(ODS) Schema"
Section 2.1.7.2, "Setting the Correct Permission for the DBMS_REPUTIL Database
Package"
Section 2.1.7.3, "Setting the Correct Permission for the DBMS_JOB Database
Package"
Section 2.1.7.4, "Database Connection Failure During Schema Creation When
Installing Oracle Internet Directory"
Section 2.1.7.5, "Using RCU 11g Release 1 (11.1.1.1.0) with Oracle Database 11g
(11.2.0.1)"
2.1.7.1 Error Encountered While Loading the Oracle Internet Directory (ODS)
Schema
If you have password policy enabled at the database level on your Oracle database,
you will receive the ORA-28003 error when loading the Oracle Internet Directory
(ODS) schema.
To work around this issue, temporarily disable password policy, load the schema, then
enable password policy again.
2.1.7.2 Setting the Correct Permission for the DBMS_REPUTIL Database Package
If you are creating the Oracle Internet Dirctory schemas in Oracle Database version
11.2.0.4 or later, use the following work around if you encounter an error from RCU:
Installation, Patching, and Configuration
2-9
Installation Issues and Workarounds
1.
Connect to the database as administrator and execute the following:
GRANT EXECUTE ON DBMS_REPUTIL TO PUBLIC;
2.
Re-start RCU and create the schema.
3.
After the schema is successfully created, connect to the database again as
administrator and execute the following:
REVOKE EXECUTE ON DBMS_REPUTIL FROM PUBLIC;
2.1.7.3 Setting the Correct Permission for the DBMS_JOB Database Package
If you are creating the Oracle Internet Directory schema in an Oracle database using
RCU, you may encounter the following error messages:
ORA-04063: package body "ODS.TSPURGE" has errors
ORA-06508: PL/SQL: could not find program unit being called: "ODS.TSPURGE"
ORA-06512: at line 3
To work around this issue:
1.
Stop RCU and drop any Oracle Internet Directory schemas already created. Refer
to "Dropping Schemas" in Oracle Fusion Middleware Repository Creation Utility
User's Guide for instructions.
2.
Log into the database using SQL*Plus and run the following command:
SQL> grant execute on sys.dbms_job to PUBLIC
3.
Run RCU again and create the schemas.
2.1.7.4 Database Connection Failure During Schema Creation When Installing
Oracle Internet Directory
If the installation of Oracle Internet Directory fails due to timeout or connection failure
when connecting to a database for schema creation, you can try to reset the timeout
parameter in the rcu.properties file. This file is located in the IDM_
HOME/rcu/config directory-.
Open the rcu.properties file in a text editor, search for the property JDBC_LOGIN_
TIMEOUT, and set its value to 30.
2.1.7.5 Using RCU 11g Release 1 (11.1.1.1.0) with Oracle Database 11g (11.2.0.1)
If you are using the version of RCU that is available in Oracle Fusion Middleware 11g
Release 1 (11.1.1.1.0) with Oracle Database 11g (11.2.0.1), you will receive the following
warning message:
The database you are connecting is not a supported version. Enter Database
with version equal to or higher than 10.2.0.4.0 in 10g or version equal to
higher than 11.1.0.7.0 in 11g. Refer to the certification matrix for
supported DB versions.
This warning can be safely ignored and you can proceed with your RCU operations.
This warning will not appear in the version of RCU available in Oracle Fusion
Middleware 11g Release 1 (11.1.1.2.0) or later.
2.1.8 Error Messages and Exceptions Seen During Installation
This section contains the following:
2-10 Release Notes
Installation Issues and Workarounds
■
■
■
Section 2.1.8.1, "Error Messages When Installing on IBM AIX 7.1"
Section 2.1.8.2, "JRF Startup Class Exceptions May Appear in Oracle WebLogic
Managed Server Logs After Extending Oracle Identity Management Domain"
Section 2.1.8.3, "Sun JDK and Oracle Configuration Manager Failures in the
Installation Log File"
2.1.8.1 Error Messages When Installing on IBM AIX 7.1
When installing Oracle Fusion Middleware 11g products on IBM AIX 7.1, you may see
the following errors during the prerequisite checking portion of the installation:
Checking operating system certification
Expected result: One of 5300.08,6100.02
Actual result:: 7100.xx
Check complete. The overall result of this check is: Failed <<<<
Problem: This Oracle software is not certified on the current operating system
Checking recommended operating system patches
Check complete: The overall result of this check is: Not executed <<<<
These messages can be safely ignored. Selecting Continue in the dialog box will allow
the installation to proceed.
2.1.8.2 JRF Startup Class Exceptions May Appear in Oracle WebLogic Managed
Server Logs After Extending Oracle Identity Management Domain
After extending an Oracle Identity Management domain, you may see exception
messages related to JRF Startup Class in the managed server log files. For example:
Failed to invoke startup class "JRF Startup Class",
oracle.jrf.PortabilityLayerException: Fail to retrieve the property for the Common
Components Home.
oracle.jrf.PortabilityLayerException: Fail to retrieve the property for the Common
Components Home.
You can safely ignore these exception messages—there is no loss in functionality.
2.1.8.3 Sun JDK and Oracle Configuration Manager Failures in the Installation Log
File
Upon completing of an Oracle Web Tier, Oracle Identity Management, or Oracle
Portal, Forms, Reports and Discoverer installation, the following errors may be seen in
the installtime_and_date.log file:
[2009-11-04T21:15:13.959-06:00] [OUI] [NOTIFICATION] [] [OUI] [tid: 16]
[ecid: 0000IJ2LeAeFs1ALJa5Eif1Aw^9l000007,0] OUI-10080:The pre-requisite for
the component Sun JDK 1.6.0.14.08 has failed.
[2009-11-04T21:15:13.960-06:00] [OUI] [NOTIFICATION] [] [OUI] [tid: 16]
[ecid: 0000IJ2LeAeFs1ALJa5Eif1Aw^9l000007,0] OUI-10080:The pre-requisite for
the component Oracle Configuration Manager 10.3.1.2.0 has failed.
These messages occur because the Sun JDK and Oracle Configuration Manager are not
installed in the oracle_common directory. You can safely ignore these messages.
2.1.9 Issues Pertaining to Product Deinstallation
This section contains the following:
Installation, Patching, and Configuration 2-11
Installation Issues and Workarounds
■
■
Section 2.1.9.1, "Proper Deinstallation for Reinstallation in the Event of a Failed
Installation"
Section 2.1.9.2, "Deinstallation Does Not Remove WebLogic Domains"
2.1.9.1 Proper Deinstallation for Reinstallation in the Event of a Failed Installation
In the event that an installation fails, and you want to deinstall the failed installation
and then reinstall the software to the same location, you must do the following:
1.
Make sure that all the managed servers in the failed installation are shut down.
You must verify this in the Administration Console; the word "SHUTDOWN"
must appear next to the managed server name.
2.
Deinstall the binaries in the Oracle home directory using the deinstaller in the
ORACLE_HOME/oui/bin directory.
3.
Delete all the managed servers from the failed installation in the config.xml file
by using the Administration Console or WLST.
4.
Delete all directories in the DOMAIN_HOME/servers directory:
This procedure will enable you to reinstall the software to the same location, using the
same managed server names.
2.1.9.2 Deinstallation Does Not Remove WebLogic Domains
There may be certain scenarios where you will need to remove WebLogic Domains
that you have created. The Oracle Universal Installer is used to remove Oracle
Instances and Oracle home directories only; it does not remove WebLogic Domains.
If you need to remove a WebLogic Domain, you must do so manually. Please refer to
your Oracle WebLogic Server documentation for more information.
2.1.10 Oracle Recommends JDK Version 6 Update 29 for Oracle Service Bus 11g
Release 1 (11.1.1.7.0)
Oracle Service Bus performs more slowly when running on certain versions of the Java
Platform, Standard Edition Development Kit (JDK). For optimal performance, Oracle
recommends using JDK version 6 update 29 with Oracle Service Bus 11g Release 1
(11.1.1.7.0).
2.1.11 Installing Oracle Service Registry in the Same Domain as Oracle SOA Suite
When installing Oracle Service Registry 11g in the same Weblogic Domain as Oracle
SOA Suite 11g Release 11.1.1.2.0 or Release 11.1.1.3.0, you may see the following error
message on the WebLogic Server console when Oracle Service Registry is starting up:
java.lang.LinkageError: loader constraint violation in interface itable
initialization:....
To work around this issue:
1.
Make sure Oracle Service Registry is installed on a different Managed Server from
Oracle SOA Suite.
2.
Download patch 9499508 and follow the instructions in the README file included
with the patch:
a.
Go to My Oracle Support.
http://support.oracle.com
2-12 Release Notes
Installation Issues and Workarounds
3.
b.
Click on the Patches & Updates tab.
c.
In the Patch Search area, search for patch 9499508.
d.
Download the patch.
Edit the setDomainEnv.sh file and, for Oracle Service Registry Server, remove
fabric.jar from classpath:
if [ "${SERVER_NAME}" != "osr_server1" ] ; then
POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.fabric_
11.1.1/oracle.soa.fabric.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_
11.1.1/oracle.soa.adapter.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_
11.1.1/oracle.soa.b2b.jar
${CLASSPATHSEP}${POST_CLASSPATH}"
else
POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_
11.1.1/oracle.soa.adapter.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_
11.1.1/oracle.soa.b2b.jar
${CLASSPATHSEP}${POST_CLASSPATH}"
fi
When installing Oracle Service Registry 11g in the same Weblogic Domain as Oracle
SOA Suite 11g Release 11.1.1.3.0, you may see the following error message when
accessing the Oracle Service Registry console:
ClassCastException
java.lang.ClassCastException:org.systinet.uddi.client.serialization.UDDIFaultSeria
lizer
To work around this error, edit the setDomainEnv.sh file and remove
oracle.soa.fabric.jar from the classpath when running the Oracle Service
Registry Managed Server. To do this:
1.
Make a backup of the MW_HOME/user_projects/domains/soa_domain_
name/bin/setDomainEnv.sh file.
2.
Edit the setDomainEnv.sh file and replace the following line:
POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.fabric_
11.1.1/oracle.soa.fabric.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_
11.1.1/oracle.soa.adapter.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_
11.1.1/oracle.soa.b2b.jar
${CLASSPATHSEP}${POST_CLASSPATH}"
with the following:
if [ "${SERVER_NAME}" != "<your_osr_server_name>" ] ;
then
POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.fabric_
11.1.1/oracle.soa.fabric.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_
11.1.1/oracle.soa.adapter.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_
11.1.1/oracle.soa.b2b.jar
${CLASSPATHSEP}${POST_CLASSPATH}"
else
Installation, Patching, and Configuration 2-13
Installation Issues and Workarounds
POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_
11.1.1/oracle.soa.adapter.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_
11.1.1/oracle.soa.b2b.jar
${CLASSPATHSEP}${POST_CLASSPATH}"
fi
3.
Restart the Oracle Service Registry Managed Server.
If you have multiple Oracle Service Registry Managed Servers in the domain, each
Managed Server must be added to the condition. For example, if you have two Oracle
Service Registry Managed Servers named WLS_OSR1 and WLS_OSR2:
case "$SERVER_NAME" in
.
'WLS_OSR1')
.
echo "Setting WLS_OSR1 CLASSPATH..."
POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_
11.1.1/oracle.soa.adapter.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_
11.1.1/oracle.soa.b2b.jar
${CLASSPATHSEP}${POST_CLASSPATH}"
exit;;
.
'WLS_OSR2')
.
echo "Setting WLS_OSR2 CLASSPATH..."
POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_
11.1.1/oracle.soa.adapter.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_
11.1.1/oracle.soa.b2b.jar
${CLASSPATHSEP}${POST_CLASSPATH}"
exit;;
.
*)
.
echo "Setting default SOA CLASSPATH..."
POST_CLASSPATH="${SOA_ORACLE_HOME}/soa/modules/oracle.soa.fabric_
11.1.1/oracle.soa.fabric.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.adapter_
11.1.1/oracle.soa.adapter.jar
${CLASSPATHSEP}${SOA_ORACLE_HOME}/soa/modules/oracle.soa.b2b_
11.1.1/oracle.soa.b2b.jar
${CLASSPATHSEP}${POST_CLASSPATH}"
exit;;
.
esac
2.1.12 Problems Installing in Thai and Turkish Locales
Turkish and Thai users are recommended to install and run Oracle Fusion Middleware
using the English locale. Oracle Fusion Middleware does support Turkish and Thai
locales as clients.
2-14 Release Notes
Patching Issues and Workarounds
2.2 Patching Issues and Workarounds
This section describes issue and workarounds related to Oracle Fusion Middleware
product patching. It includes the following topics:
■
Section 2.2.1, "Applications Will Not Start After WebLogic Server is Updated"
■
Section 2.2.2, "Issues Pertaining to Patching Oracle SOA Suite"
■
Section 2.2.3, "Issues Pertaining to Patching Oracle WebCenter Portal"
■
Section 2.2.4, "Issues Pertaining to Patching Oracle Identity Management"
■
Section 2.2.5, "Issues Pertaining to Patching System Components"
■
Section 2.2.6, "Issues Pertaining to Version Numbers After Patching"
■
Section 2.2.7, "Issues Pertaining to Displays During or After Patching"
■
Section 2.2.8, "Warning and Error Messages Seen as a Result of Patching"
■
■
■
Section 2.2.9, "Oracle Configuration Manager Fails When Patching Oracle Identity
Management and Oracle Web Tier"
Section 2.2.10, "Resolving Oracle Service Bus Object Conflicts"
Section 2.2.11, "Manual Step for ODI-BAM Users After Installing 11.1.1.4.0 Patch
Set"
2.2.1 Applications Will Not Start After WebLogic Server is Updated
After applying the latest patches to Oracle WebLogic Server, the WL_
HOME/server/lib/weblogic.policy file must be edited to include the following
entry in order for Middleware services such as Discoverer, Access Manager, and
Identity Manager to start:
grant codeBase "file:MW_HOME/WLS/patch_jars/-" {
permission java.lang.RuntimePermission "oracle.*","read";
};
Replace MW_HOME with the location of your Middleware home directory.
Replace WLS with one of the following:
■
patch_wls1034 for WebLogic Server version 10.3.4
■
patch_wls1035 for WebLogic Server version 10.3.5
■
patch_wls1036 for WebLogic Server version 10.3.6
2.2.2 Issues Pertaining to Patching Oracle SOA Suite
This section contains the following:
■
■
■
■
Section 2.2.2.1, "Patch Set Assistant Fails When Updating the SOAINFRA Schema
in SQL Server Databases"
Section 2.2.2.2, "Exception Seen When Extending Your Existing Oracle SOA Suite
Domain with Oracle Business Process Management Suite"
Section 2.2.2.3, "Exception Seen When Undeploying any SOA Composite with
Range-Based Dimension Business Indicators"
Section 2.2.2.4, "Running Oracle Business Process Management Suite with
Microsoft SQL Server 2008 Database"
Installation, Patching, and Configuration 2-15
Patching Issues and Workarounds
■
■
■
■
■
Section 2.2.2.5, "Update to Oracle SOA Suite Release 11.1.1.3.0 Does Not Remove
the b2b.r1ps1 Property"
Section 2.2.2.6, "Manual Steps for Migrating Oracle UMS and Oracle MDS"
Section 2.2.2.7, "Monitored BPEL Processes Generate Warning Messages in Log
File After Applying 11g Release 1 (11.1.1.4.0) Patch Set"
Section 2.2.2.8, "Oracle Rules Error in Administration Server Log Files After
Patching an 11g Release 1 (11.1.1.2.0) Domain"
Section 2.2.2.9, "Incorrect Instance State of Composite Applications After Applying
the Latest Patch Set"
2.2.2.1 Patch Set Assistant Fails When Updating the SOAINFRA Schema in SQL
Server Databases
If you attempt to update the SOAINFRA schema in a Microsoft SQL Server database,
then the Fusion Middleware Patch Set Assistant fails to complete the operation. This is
a known issue with no current workaround. Contact Oracle Support or refer to My
Oracle Support for more information:
http://support.oracle.com/
2.2.2.2 Exception Seen When Extending Your Existing Oracle SOA Suite Domain
with Oracle Business Process Management Suite
The following intermittent exception may be seen in cases where you have upgraded
your Oracle SOA Suite software to release 11.1.1.3.0 with the Patch Set Installer, and
are extending your existing domain to include Oracle Business Process Management
Suite:
javax.ejb.EJBTransactionRolledbackException: EJB Exception: ; nested exception
is: javax.persistence.PersistenceException: Exception
[EclipseLink-4002] (Eclipse Persistence Services - 2.0.2.v20100323-r6872):
org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLIntegrityConstraintViolationException:
ORA-02292: integrity constraint (DB9128_SOAINFRA.BPM_CUBE_ROLE_FK1) violated child record found.
Error Code: 2292
Call: DELETE FROM BPM_CUBE_PROCESS WHERE (PROCESSID = ?)
bind => [247]
Query: DeleteObjectQuery(CubeProcess(domain:default, composite:counter_extended,
revision:1.0, name:Process, hasNametab:true));
nested exception is: javax.persistence.PersistenceException: Exception
[EclipseLink-4002] (Eclipse Persistence Services - 2.0.2.v20100323-r6872):
org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLIntegrityConstraintViolationException:
ORA-02292: integrity constraint (DB9128_SOAINFRA.BPM_CUBE_ROLE_FK1) violated child record found
This is a harmless exception. To avoid seeing this exception, do the following:
1.
Connect to your database as the SOA schema user.
2.
Drop the BPM_CUBE_ROLE_FK1 constraint by executing the following:
ALTER TABLE BPM_CUBE_ROLE DROP CONSTRAINT BPM_CUBE_ROLE_FK1;
3.
Recreate the BPM_CUBE_ROLE_FK1 constraint by executing the following:
ALTER TABLE BPM_CUBE_ROLE ADD CONSTRAINT BPM_CUBE_ROLE_FK1 FOREIGN KEY @
(ProcessId) REFERENCES BPM_CUBE_PROCESS(ProcessId) ON DELETE CASCADE;
2-16 Release Notes
Patching Issues and Workarounds
4.
Restart the Oracle SOA Managed Server.
2.2.2.3 Exception Seen When Undeploying any SOA Composite with Range-Based
Dimension Business Indicators
The following intermittent exception may be seen in cases where you have upgraded
your Oracle SOA Suite software to release 11.1.1.3.0 with the Patch Set Installer, and
have undeployed SOA composites that have range-based dimension business
indicators:
javax.ejb.EJBTransactionRolledbackException: EJB Exception: ; nested
exception is: javax.persistence.PersistenceException: Exception
[EclipseLink-4002] (Eclipse Persistence Services - 2.0.2.v20100323-r6872):
org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLIntegrityConstraintViolationException:
ORA-02292: integrity constraint (DB9967_SOAINFRA.BPM_CUBE_NAMETAB_RANGE_FK1)
violated - child record found
Error Code: 2292
Call: DELETE FROM BPM_CUBE_NAMETAB WHERE ((EXTENSIONID = ?) AND (NAMETABID =
?))
bind => [0, 603]
Query:
DeleteObjectQuery(oracle.bpm.analytics.cube.persistence.model.CubeNametab@b7b8
2a); nested exception is: javax.persistence.PersistenceException: Exception
[EclipseLink-4002] (Eclipse Persistence Services - 2.0.2.v20100323-r6872):
org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLIntegrityConstraintViolationException:
ORA-02292: integrity constraint (DB9967_SOAINFRA.BPM_CUBE_NAMETAB_RANGE_FK1)
violated - child record found
This exception is harmless and can be safely ignored. To avoid seeing this exception,
do the following:
1.
Connect to your database as the SOA schema user.
2.
Drop the BPM_CUBE_NAMETAB_RANGE_FK1 constraint by executing the
following:
ALTER TABLE BPM_CUBE_NAMETAB_RANGE
3.
DROP CONSTRAINT BPM_CUBE_NAMETAB_RANGE_FK1;
Recreate the BPM_CUBE_NAMETAB_RANGE_FK1 constraint by executing the
following:
ALTER TABLE BPM_CUBE_NAMETAB_RANGE ADD CONSTRAINT BPM_CUBE_NAMETAB_RANGE_FK1
FOREIGN KEY @ (ProcessId, NametabId, ExtensionId) REFERENCES
BPM_CUBE_NAMETAB (ProcessId, NametabId, ExtensionId) ON DELETE CASCADE;
4.
Restart the Oracle SOA Managed Server.
2.2.2.4 Running Oracle Business Process Management Suite with Microsoft SQL
Server 2008 Database
If you have patched your existing Oracle SOA Suite installation with the Patch Set
Installer to include Oracle Business Process Management Suite and you are using a
Microsoft SQL Server 2008 database, the following procedure is required after you
have patched your software:
1.
Login to the Administration Console.
Installation, Patching, and Configuration 2-17
Patching Issues and Workarounds
2.
In the "Connection Pools" tab, add the following property in the "Properties"
section for the mds-owsm and mds-soa data sources:
ReportDateTimeTypes=false
2.2.2.5 Update to Oracle SOA Suite Release 11.1.1.3.0 Does Not Remove the
b2b.r1ps1 Property
After you update your Release 11.1.1.2.0 software to Release 11.1.1.3.0, and login to the
Oracle Enterprise Manager Console and navigate to the b2b Properties screen, the
b2b.r1ps1 property (used to enable Release 11.1.1.2.0 features such as
DocProvisioning and TransportCallout) is still visible. This property is removed for
Release 11.1.1.3.0.
To remove this property, use the MBean browser remove property operation in Fusion
Middleware Control. For more information, see "Configuring B2B Operations" in
Oracle Fusion Middleware Administrator's Guide for Oracle SOA Suite and Oracle BPM
Suite.
2.2.2.6 Manual Steps for Migrating Oracle UMS and Oracle MDS
If you migrate your database schemas from Release 11.1.1.1.0 to Release 11.1.1.2.0 with
the BAM Alone option:
ant master-patch-schema -DpatchMaster.Componentlist=BAM
The Oracle BAM server will not start and you will receive UMS and MDS exceptions.
After executing above command, if no errors are seen in the log files and if the version
in schema_version_registry is changed to 11.1.1.2.0 for Oracle BAM, then the
following commands must be executed to manually migrate Oracle UMS and MDS:
ant master-patch-schema -DpatchMaster.Componentlist=MDS
ant master-patch-schema -DpatchMaster.Componentlist=UMS
Then, start the Oracle BAM server after running these commands.
2.2.2.7 Monitored BPEL Processes Generate Warning Messages in Log File After
Applying 11g Release 1 (11.1.1.4.0) Patch Set
If you deployed BPEL processes that are instrumented with monitors, then Oracle
BAM might generate warning messages in the SOA diagnostic log file after you apply
the 11g Release 1 (11.1.1.4.0) patch set.
This is because a new business indicator data object field ("LATEST") was added for
Oracle Fusion Middleware 11g Release 1 (11.1.1.4.0).
To avoid the warning message and to take advantage of the new data object field,
redeploy the BPEL process after you apply the 11g Release 1 (11.1.1.4.0) patch set.
For more information about the LATEST data object field, see "Understanding
Business Indicator Data Objects" in the Oracle Fusion Middleware Developer's Guide for
Oracle SOA Suite.
2.2.2.8 Oracle Rules Error in Administration Server Log Files After Patching an 11g
Release 1 (11.1.1.2.0) Domain
If you are applying the latest Oracle Fusion Middleware 11g patch set to an 11g Release
1 (11.1.1.2.0) Oracle home, then you might see the following error in the
Administration Server log files:
<Unresolved optional package references (in META-INF/MANIFEST.MF):
2-18 Release Notes
Patching Issues and Workarounds
[Extension-Name: oracle.rules, referenced from:
/app/orasoa/product/soa11g/middleware/user_projects
/domains/soadev/servers/AdminServer/tmp/_WL_user/emai/xalnv4]
Make sure the referenced optional package has been deployed as a library.>
You will see this error if deployed a Oracle SOA Suite composite application to the
domain previous to applying the patch set. This because, starting with Oracle Fusion
Middleware 11g Release 1 (11.1.1.3.0), the Rules library (oracle.rules) must be
targeted to the Administration Server, as well as to the SOA managed servers.
To avoid this message:
1.
Use the Oracle WebLogic Server Administration Console to select the
oracle.rules shared library and target it to the Administration Server as well
as to the SOA managed servers in the domain.
2.
Redeploy the application to the domain using Oracle JDeveloper 11g Release 1
(11.1.1.3.0) or later.
2.2.2.9 Incorrect Instance State of Composite Applications After Applying the
Latest Patch Set
If you deployed any composite applications in Oracle SOA Suite 11g Release 1, and
then you apply the latest 11g Release 1 patch set, then you might find that the instance
state of some of your composite applications appears incorrect.
For example, if any of your composite applications were in a "recovery required" state
before you applied the patch set, then those composite applications may be identified
as completed when you view them on the Dashboard tab of the SOA Composite page
in Fusion Middleware Control.
In these cases, you can ignore the "completed" indicator. The instances are actually still
running and will be treated as such by other operations, such as a purge operation.
After you install the patch set, you should analyze each of these instances to determine
whether they should be completed, aborted, or left to continue.
For more information about monitoring the state of SOA Composite applications, see
"Monitoring SOA Composite Applications" in the Oracle Fusion Middleware
Administrator's Guide for Oracle SOA Suite and Oracle BPM Suite.
2.2.3 Issues Pertaining to Patching Oracle WebCenter Portal
This section contains the following:
■
■
■
■
■
Section 2.2.3.1, "Problem Using WebCenter Portal: Spaces Customizations with .jsp
Pages after Installing the 11.1.1.7.0 Patch Set"
Section 2.2.3.2, "Errors When Updating Oracle WebCenter Portal Using WLST
Commands"
Section 2.2.3.3, "Errors When Adding Tagging and Search Task Flows to Pages"
Section 2.2.3.4, "Personalization Settings in Activity Graph Task Flows Lost When
WebCenter Portal is Patched"
Section 2.2.3.5, "Language Not Displayed in the List of Languages Offered in
Spaces"
Installation, Patching, and Configuration 2-19
Patching Issues and Workarounds
2.2.3.1 Problem Using WebCenter Portal: Spaces Customizations with .jsp Pages
after Installing the 11.1.1.7.0 Patch Set
If you extended WebCenter Portal: Spaces 11g Release 1 (11.1.1.2.0) or Release 1
(11.1.1.3.0) with your own customizations, then before you upgrade, you must ensure
that the customization shared library uses .jspx pages and not .jsp pages.
After you upgrade to WebCenter Portal: Spaces 11.1.1.7.0, custom site templates will
not render if they use .jsp pages.
Note that if you followed the white paper Customizing Site Templates in WebCenter
Spaces to develop your custom site templates, then your pages should already be
.jspx pages.
2.2.3.2 Errors When Updating Oracle WebCenter Portal Using WLST Commands
If you are updating Oracle WebCenter Portal using WLST commands, you may see
some error messages as described in this section. These errors can be safely ignored
provided that when the command completes there is some text indicating the
successful completion of the command.
When running the upgradeWebCenterDomain WLST command, you may see the
following error message:
Error: addTemplate() failed. Do dumpStack() to see details.
When running the upgradeWebCenterPermissions command, you may see the
following error message:
Command FAILED, Reason: JPS-04204: Cannot revoke permissions.
2.2.3.3 Errors When Adding Tagging and Search Task Flows to Pages
In your Oracle WebCenter 11.1.1.4.0 instance if you used a resource catalog based on
the Default Page Template Catalog, then in your patched WebCenter Portal 11.1.1.7.0
instance you may encounter problems while adding the Tagging and Search task flows
to pages. To address this issue, in your patched instance, you must edit your resource
catalog, and add the Tagging and Search task flows again.
2.2.3.4 Personalization Settings in Activity Graph Task Flows Lost When
WebCenter Portal is Patched
Personalization settings made for Activity Graph task flows, such as Similar Items and
Recommended Connections, may be lost and task flows may revert to default settings
when you patch WebCenter Portal to the latest release. You must make all the
personalization settings again for your Activity Graph task flows as required.
2.2.3.5 Language Not Displayed in the List of Languages Offered in Spaces
If you extended the Spaces application to add support for a new language, you may
encounter problems working with the language after you patch to WebCenter Portal
11.1.1.7.0. The language may not display in the default list of languages offered in
Spaces. To resolve this issue, you must re-upload the supported-languages.xml
file containing the entry for the required language.
2.2.4 Issues Pertaining to Patching Oracle Identity Management
This section contains the following:
■
2-20 Release Notes
Section 2.2.4.1, "Access Denied When Running the oimPS1PS2upgrade Script"
Patching Issues and Workarounds
■
Section 2.2.4.2, "Installer Prompts for OID Privileged Ports Twice During the Patch
Installation"
■
Section 2.2.4.3, "Installer Does Not Detect Existing Oracle Home"
■
Section 2.2.4.4, "Uploading Third Party JAR Files to the Database"
■
Section 2.2.4.5, "Access Policy With Approval Does Not Work After Patch"
■
■
■
■
■
■
Section 2.2.4.6, "OID and OVD Saved Connections Not Available After Patch From
11g Release 1 (11.1.1.2.0) or 11g Release 1 (11.1.1.3.0)"
Section 2.2.4.7, "Harmless Error When Running the upgradeOpss() Command
When Upgrading Oracle Identity Management"
Section 2.2.4.8, "Harmless Errors in the Log Files After Patching Oracle Identity
Management to 11g Release 1 (11.1.1.4.0)"
Section 2.2.4.9, "Harmless Warning Message When Migrating Oracle Identity
Federation from 11g Release 1 (11.1.1.1.0) to 11g Release 1 (11.1.1.2.0)"
Section 2.2.4.10, "Harmless Errors Logged When Patching Oracle Identity
Management 11g Release 1 (11.1.1.2.0) to 11g Release 1 (11.1.1.3.0)"
Section 2.2.4.11, "Harmless Exception Seen When Starting Oracle Identity
Management Server 11g Release 1 (11.1.1.5.0)"
2.2.4.1 Access Denied When Running the oimPS1PS2upgrade Script
If you are upgrading Oracle Identity Management and need to run the
oimPS1PS2upgrade.sh script, you must add the following to the grant() method
in the JAVA_HOME\jre\lib\security\java.policy file:
// JMX Java Management eXtensions
permission javax.management.MBeanTrustPermission "register";
After making this change, stop and restart all the servers.
2.2.4.2 Installer Prompts for OID Privileged Ports Twice During the Patch
Installation
If you are patching an existing Oracle Internet Directory installation to 11g Release 1
(11.1.1.7.0), you will be prompted to run the oracleRoot.sh script near the end of
the patch installation, which in turn will ask for the following:
Do you want to run oidRoot.sh to configure OID for privileged ports?(yes/no)
Depending on the OID version being patched, you may be asked this question a
second time. Make sure you enter the same response ("Yes" or "no") both times in order
for the script to run correctly.
There is no work around for this issue.
2.2.4.3 Installer Does Not Detect Existing Oracle Home
If you are upgrading to Oracle Identity Management to 11g Release 1 (11.1.1.7.0) from
11g Release 1 (11.1.1.4.0), the installer does not detect the existing Oracle home
directory for upgrade in the following environments:
■
■
On 64-bit Windows operating systems, using the Traditional Chinese, Simplified
Chinese, or Korean locales.
On 64-bit Linux operating systems, using the Non UTF-8 locale for Japanese,
Korean, Simplified Chinese and Traditional Chinese.
Installation, Patching, and Configuration 2-21
Patching Issues and Workarounds
This is caused because the English word "Optional" gets translated in the MW_
HOME/oracle_common/inventory/ContentsXML/comps.xml file.
There are two work arounds for this issue:
1.
Manually specify the Oracle Identity Management Oracle home directory you
want to update, and then continue with the upgrade installation.
2.
Find all occurrences of the translated word and replace them with the English
word "Optional" in the comps.xml file and then run the installer after you are
finished making the changes. The word "Optional" appears with the following two
parameters in the comps.xml file:
DEP_GRP_NAME="Optional"
EXT_NAME="Optional"
The comps.xml file is an important file used by the Oracle
Universal Installer so it is important that you do not make any errors
while editing this file. You should make a backup copy of this file
before you make any changes.
Note:
2.2.4.4 Uploading Third Party JAR Files to the Database
During the update of Oracle Identity and Access Management to 11g Release 1
(11.1.1.5.0), third party JAR files (for example, ldapbp.jar which is required for
connector functionality) that are present in the file system are not uploaded to
database by the upgrade process. You must manually upload these JAR files to the
database using the UploadJars.sh utility.
For more information, see the "Upload JAR and Resource Bundle Utilities" chapter in
Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.
2.2.4.5 Access Policy With Approval Does Not Work After Patch
In 11g Release 1 (11.1.1.5.0), the following new policies are introduced for Oracle
Entitlements Server (OES):
■
SelfServiceUserManagementPolicies.xml
■
UserManagementPolicies.xml
Because of this change, a request for approval is not generated when a new policy with
approval is added.
To work around this issue, add the "Request Administrator" role to the "Access Policy
Based Provisioning" request template:
1.
Login to "Advance Console."
2.
Go to Request Templates on the Configuration tab.
3.
Search for and open the "Access Policy Based Provisioning" request template.
4.
Go to the Template User Roles tab on the Template Details page.
5.
From the left pane in "Available Roles," search for and assign the "Request
Administrators" role.
The assigned role will appear in the right pane under "Selected Roles."
6.
2-22 Release Notes
Save the request template.
Patching Issues and Workarounds
2.2.4.6 OID and OVD Saved Connections Not Available After Patch From 11g
Release 1 (11.1.1.2.0) or 11g Release 1 (11.1.1.3.0)
If you are patching Oracle Internet Directory (OID) or Oracle Virtual Directory (OVD)
from 11g Release 1 (11.1.1.2.0) or 11g Release 1 (11.1.1.3.0) to 11g Release 1 (11.1.1.4.0) or
later, your saved connections in the previous releases will not be available after the
patch.
If you are patching from 11g Release 1 (11.1.1.4.0) to any later release, then your saved
connections in OID and OVD will be available.
There is no work around for this issue.
2.2.4.7 Harmless Error When Running the upgradeOpss() Command When
Upgrading Oracle Identity Management
During the upgrade of Oracle Identity Manager 11g Release 1 (11.1.1.3.0) to 11g Release
1 (11.1.1.5.0), you are asked to run the upgradeOpss WLST (online) command to
update Oracle Platform Security Services (OPSS).
The following message will be visible on the console when you run the upgradeOpss
command:
WLS ManagedService is not up running. Fall back to use system properties for
configuration.
date_and_time
oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy
<init>
WARNING: No identity store associate with policy store found.
Upgrade of jps configuration and security stores is done.
This message is harmless and can be safely ignored.
2.2.4.8 Harmless Errors in the Log Files After Patching Oracle Identity Management
to 11g Release 1 (11.1.1.4.0)
After patching and configuring Oracle Identity Management to 11g Release 1
(11.1.1.4.0), the following errors are seen in the wls_oif1-diagnostics.log file
when Single Sign-On is used for Oracle Identity Federation:
[2010-08-05T13:05:30.754-07:00] [wls_oif1] [INCIDENT_ERROR] [FED-10174]
[oracle.security.fed.model.config.Configuration] [tid:
[ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: <anonymous>] [ecid:
42ef6c66fe18f3ad:291f353a:12a43da27c1:-8000-0000000000000021,0] [APP:
OIF#11.1.1.2.0] [arg: certvalidationtimeout] Property was not found:
certvalidationtimeout.
.
[2010-08-05T13:05:37.174-07:00] [wls_oif1] [INCIDENT_ERROR] [FED-10174]
[oracle.security.fed.model.config.Configuration] [tid:
[ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: <anonymous>] [ecid:
42ef6c66fe18f3ad:291f353a:12a43da27c1:-8000-0000000000000021,0] [APP:
OIF#11.1.1.2.0] [arg: schemavalidationenabled] Property was not found:
schemavalidationenabled
[2010-08-06T17:09:23.861-07:00] [wls_oif1] [INCIDENT_ERROR] [FED-10174]
[oracle.security.fed.model.config.Configuration] [tid:
[ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: <anonymous>] [ecid:
f6d9b81289e40cee:42d4f595:12a49b7af7a:-8000-000000000000086f,0] [APP:
Installation, Patching, and Configuration 2-23
Patching Issues and Workarounds
OIF#11.1.1.2.0] [arg: certpathvalidationenabled] Property was not found:
certpathvalidationenabled.
[2010-08-06T17:11:27.173-07:00] [wls_oif1] [INCIDENT_ERROR] [FED-10174]
[oracle.security.fed.model.config.Configuration] [tid:
[ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: <anonymous>] [ecid:
f6d9b81289e40cee:42d4f595:12a49b7af7a:-8000-00000000000009a0,0] [APP:
OIF#11.1.1.2.0] [arg: httpheaderattrcollector] Property was not found:
httpheaderattrcollector.
There errors are harmless and can be safely ignored.
To avoid seeing these errors, run the oif-upgrade-11.1.1.2.0-11.1.1.4.0.py
script after you have patched your software to 11.1.1.4.0 as described in "Updating
Configuration Properties in Oracle Identity Federation" in the Oracle Fusion Middleware
Patching Guide.
2.2.4.9 Harmless Warning Message When Migrating Oracle Identity Federation from
11g Release 1 (11.1.1.1.0) to 11g Release 1 (11.1.1.2.0)
When you are using the Patch Assistant migration scripts to migrate Oracle Identity
Federation from 11g Release 1 (11.1.1.1.0) to 11g Release 1 (11.1.1.2.0), you may see the
following error message:
WLSTException: Error occured while performing addHelpCommandGroup : Error
getting resource bundle: : Can't find bundle for base name
oifWLSTResourceBundle, locale en_US
This message is harmless and can be safely ignored.
2.2.4.10 Harmless Errors Logged When Patching Oracle Identity Management 11g
Release 1 (11.1.1.2.0) to 11g Release 1 (11.1.1.3.0)
You may see some of the following error messages in installation log files after
patching an Oracle Identity Management 11g Release 1 (11.1.1.2.0) installation to 11g
Release 1 (11.1.1.3.0):
External name..INVALID_ORACLE_DIRECTORY_MSG_STRING
In doFinish method checking for inventory lock...InstallProgressPage
Next page is a progress page and the inventory lock is false
/bin/chmod: changing permissions of ORACLE_HOME/install/root.log': Operation not
permitted
/bin/chmod: changing permissions of ORACLE_HOME/bin/nmhs': Operation not permitted
/bin/chmod: changing permissions of ORACLE_HOME/bin/nmb': Operation not permitted
/bin/chmod: changing permissions of ORACLE_HOME/bin/nmo': Operation not permitted
inventoryLocation: /scratch/aime1/oraInventory
Mode:init
Such messages can be ignored.
2-24 Release Notes
Patching Issues and Workarounds
2.2.4.11 Harmless Exception Seen When Starting Oracle Identity Management
Server 11g Release 1 (11.1.1.5.0)
After updating Oracle Identity Management to 11g Release 1 (11.1.1.5.0), the following
exception may be seen when starting Oracle Identity Management Server:
java.lang.ClassNotFoundException: ADP ClassLoader failed to
load:com.thortech.xl.schedule.tasks.tcTskScheduledProvision
This error is harmless and can be safely ignored.
2.2.5 Issues Pertaining to Patching System Components
This section contains the following:
■
■
■
Section 2.2.5.1, "Granting Access to Network-Related Packages for the Oracle
Portal Schema"
Section 2.2.5.2, "Redeploy System Components to Ensure Proper Deinstallation"
Section 2.2.5.3, "Setting Execute Permissions for emctl When Migrating System
Components"
2.2.5.1 Granting Access to Network-Related Packages for the Oracle Portal Schema
While running the Patch Set Assistant to upgrade the schema for Oracle Portal 11g
Release 1 (11.1.1.4.0) in an environment where Oracle Single Sign-On 10.1.4.3 is
running against Oracle Internet Directory 11g and Oracle Database 11.2.0.2, the
following exception is encountered:
ORA-24247: network access denied by access control list (ACL)
To address this issue when executing network-related packages, access must be
granted to the user using these packages. You must create the ACL for the ORASSO
schema user, and assign it to the OID host. Then, you must run the wdbigra.sql
script, which gives the required grants to Oracle Portal schema.
1.
Grant the ACL for the PORTAL schema user and assign it for the OID host.
Connect as sys as sysdba and assign the ACL as in the example below, where
examplehost.exampledomain.com is the OID hostname and the DEV_PORTAL
is the Oracle Portal schema specified for the installation:
DECLARE
acl_path VARCHAR2(4000);
BEGIN
SELECT acl INTO acl_path FROM dba_network_acls
WHERE host = 'examplehost.exampledomain.com' AND lower_port IS NULL AND upper_
port IS NULL;
dbms_output.put_line('acl_path = '|| acl_path);
dbms_output.put_line('ACL already Exists. Checks for Privilege and add the
Privilege');
IF DBMS_NETWORK_ACL_ADMIN.check_privilege(acl_path,'DEV_PORTAL','connect') IS
NULL THEN
DBMS_NETWORK_ACL_ADMIN.add_privilege (
acl => acl_path,
principal => 'DEV_PORTAL',
is_grant => TRUE,
privilege => 'connect');
END IF;
Installation, Patching, and Configuration 2-25
Patching Issues and Workarounds
END;
/
COMMIT;
When no ACL has been assigned for the OID host, create the ACL:
EXCEPTION
WHEN no_data_found THEN
DBMS_NETWORK_ACL_ADMIN.create_acl (
acl => 'sso_oid.xml',
description => 'ACL for SSO to connect to OID',
principal => 'ORASSO',
is_grant => TRUE,
privilege => 'connect');
DBMS_NETWORK_ACL_ADMIN.assign_acl (
acl => 'sso_oid.xml',
host => 'examplehost.exampledomain.com');
END;
/
COMMIT;
Use the following SQL command to verify that the ACL was created:
select * from dba_network_acls;
2.
Modify the values of the host and schema in the wdbigra.sql file, located in the
ORACLE_HOME/upgrade/portal/admin/plsql/wwv directory.
Change the following:
host varchar2(1)
schema varchar2(2000)
:= '*';
:= upper('&&1');
To the following:
host varchar2(1)
schema varchar2(2000)
3.
:= '&OID_HOST';
:= upper('&PORTAL_SCHEMA');
Run the wdbigra.sql script to give the grants to the Oracle Portal schema.
The script will prompt you for the following:
■
The value for the oid_host.
Specify the host where Oracle Internet Directory is running (for example,
examplehost.exampledomain.com).
■
The value for the portal_schema.
Specify the prefix and schema name (for example, DEV_PORTAL).
2.2.5.2 Redeploy System Components to Ensure Proper Deinstallation
After you have patched your system component software (Oracle Portal, Forms,
Reports and Discoverer, Oracle Identity Management, or Oracle Web Tier) and started
all services, you must manually redeploy your system components if you are
extending your existing domain. To do so, follow the instructions to redeploy in the
"Upgrading System Components" section of the Oracle Fusion Middleware Patching
Guide.
If you do not redeploy your system components, you will encounter problems when
you attempt to remove them.
2-26 Release Notes
Patching Issues and Workarounds
2.2.5.3 Setting Execute Permissions for emctl When Migrating System
Components
When you migrate any 11g Release 1 (11.1.1.1.0) system component to 11g Release 1
(11.1.1.2.0), the following error message can be seen on the console window:
Process (index=1,uid=1270434032,pid=0)
Executable file does not have execute permission.
INSTANCE_HOME/EMAGENT/EMAGENT/bin/emctl
failed to start a managed process after the maximum retry limit
Executable file does not have execute permission.
The work around is to manually change the permissions of the emctl executable. For
example:
chmod +x INSTANCE_HOME/EMAGENT/EMAGENT/bin/emctl
After changing the permissions, restart all the opmnctl processes.
2.2.6 Issues Pertaining to Version Numbers After Patching
This section contains the following:
■
Section 2.2.6.1, "Oracle SOA Suite Tasks Not Visible in Firefox Browser After
Upgrade"
■
Section 2.2.6.2, "Some Applications Show Old Version Number After Patching"
■
Section 2.2.6.3, "MDS Schema Version Number is Incorrect"
■
■
Section 2.2.6.4, "Oracle BI Components Show Incorrect Version Number After
Patching"
Section 2.2.6.5, "Adding the Version Number for the odi-sdk-ws Application in
config.xml"
2.2.6.1 Oracle SOA Suite Tasks Not Visible in Firefox Browser After Upgrade
If you are upgrading Oracle SOA Suite to 11g Release 1 (11.1.1.7.0) from any previous
release, not all tasks may be visible in Firefox browser after the upgrade is complete.
To work around this issue, refresh your browser's cache to see all tasks.
2.2.6.2 Some Applications Show Old Version Number After Patching
After you patch your Oracle Fusion Middleware environment, some applications still
show the version number from previous releases. For example, after you patch Oracle
WebLogic Server 10.3.4 to the latest release, the version number is still shown as 10.3.4.
There is no work around for this issue.
2.2.6.3 MDS Schema Version Number is Incorrect
If you are running Fusion Middleware products that use the Metadata Services schema
(MDS) and your Fusion Middleware products are older than 11g Release 1 (11.1.1.4.0),
the schema version number for the MDS schema in Enterprise Manager will be the
previous release number, even if you have updated the MDS schema to 11g Release 1
(11.1.1.4.0).
In order for the MDS schema version number to appear correctly, both the schema and
the Fusion Middleware product software must be up to date with the most recent
version.
Installation, Patching, and Configuration 2-27
Patching Issues and Workarounds
2.2.6.4 Oracle BI Components Show Incorrect Version Number After Patching
After you patch your existing Oracle Business Intelligence (BI) software to 11g Release
1 (11.1.1.4.0), some Oracle BI components (for example, Oracle BI Publisher or Oracle
RTD) will still show the version number from your previous release when viewed
using Oracle Enterprise Manager.
There is no work around for this issue.
2.2.6.5 Adding the Version Number for the odi-sdk-ws Application in config.xml
In 11g Release 1 (11.1.1.6.0), the odi-sdk-ws application was updated to introduce a
version number. If you are upgrading the odi-sdk-ws application to 11g Release 1
(11.1.1.6.0) from any previous release, this version number must be added to the
config.xml file prior to starting the Administration server or Managed Servers in
the domain.
To do this:
1.
Edit the DOMAIN_HOME/config/config.xml file.
2.
Change the following line:
<name>odi-sdk-ws</name>
To add a version number, as follows:
<name>odi-sdk-ws#11.1.1.6.0.1</name>
3.
Start or restart the Administration Server and Managed Servers in the domain.
2.2.7 Issues Pertaining to Displays During or After Patching
This section contains the following:
■
■
Section 2.2.7.1, "Pages in Oracle Enterprise Manager and Oracle Directory Services
Manager do not Display Correctly"
Section 2.2.7.2, "Patch Set Assistant Does Not Display Multi-Byte Characters on
Oracle Linux 6"
2.2.7.1 Pages in Oracle Enterprise Manager and Oracle Directory Services Manager
do not Display Correctly
After upgrading to 11g Release 1 (11.1.1.7.0), if you encounter problems with pages in
Oracle Enterprise Manager (EM) or Oracle Directory Services Manager (ODSM) not
being displayed correctly, do the following before starting all the servers in the
domain:
1.
Add the value -XX:-UseSSE42Intrinsics to the DOMAIN_
HOME/bin/setDomainEnv.sh file as follows:
Find the following section of code:
if [ "${JAVA_VENDOR}" = "Sun" ] ; then
MEM_ARGS="${MEM_ARGS} ${MEM_DEV_ARGS} ${MEM_MAX_PERM_SIZE}"
export MEM_ARGS
fi
if [ "${JAVA_VENDOR}" = "HP" ] ; then
MEM_ARGS="${MEM_ARGS} ${MEM_MAX_PERM_SIZE}"
export MEM_ARGS
fi
2-28 Release Notes
Patching Issues and Workarounds
if [ "${JAVA_VENDOR}" = "Apple" ] ; then
MEM_ARGS="${MEM_ARGS} ${MEM_MAX_PERM_SIZE}"
export MEM_ARGS
fi
And change it to:
if [ "${JAVA_VENDOR}" = "Sun" ] ; then
MEM_ARGS="${MEM_ARGS} ${MEM_DEV_ARGS} ${MEM_MAX_PERM_SIZE}
-XX:-UseSSE42Intrinsics"
export MEM_ARGS
fi
if [ "${JAVA_VENDOR}" = "HP" ] ; then
MEM_ARGS="${MEM_ARGS} ${MEM_MAX_PERM_SIZE} -XX:-UseSSE42Intrinsics"
export MEM_ARGS
fi
if [ "${JAVA_VENDOR}" = "Apple" ] ; then
MEM_ARGS="${MEM_ARGS} ${MEM_MAX_PERM_SIZE} -XX:-UseSSE42Intrinsics"
export MEM_ARGS
fi
2.
For Oracle EM, remove the .css file from the following directory:
On UNIX operating systems:
DOMAIN_HOME/servers/AdminServer/tmp/_WL_user/em/random_
dir/public/adf/styles/cache
On Windows operating systems:
DOMAIN_HOME\servers\AdminServer\tmp\_WL_user\em\random_
dir\public\adf\styles\cache
3.
For ODSM, remove the .css file from the following directory:
On UNIX operating systems:
DOMAIN_HOME/servers/wls_ods1/tmp/_WL_user/odsm_release/random_
dir/public/adf/styles/cache
On Windows operating systems:
DOMAIN_HOME\servers\wls_ods1\tmp\_WL_user\odsm_release\random_
dir\public\adf\styles\cache
4.
Clear your browser cache to remove any browser clients that visited the sites using
the .css file you just removed.
5.
Start or restart all the servers in the domain.
2.2.7.2 Patch Set Assistant Does Not Display Multi-Byte Characters on Oracle
Linux 6
On Oracle Linux 6 operating systems, the Patch Set Assistant does not display
multi-byte characters (for example, Japanese, Korean, and both simplified and
traditional Chinese).
To work around this issue:
1.
Go to the Oracle Common home directory.
Installation, Patching, and Configuration 2-29
Patching Issues and Workarounds
2.
Save the jdk directory to a temporary jdk directory. For example:
mv jdk jdk_save
3.
Create a link to the jdk1.7.0 directory on your system. For example:
ln -s /home/Oracle/Products/jdk/jdk1.7.0 jdk
4.
Set the following environment variables (for example, if you wanted to display
Japanese characters):
setenv LANG ja_JP
setenv LC_ALL ja_JP
5.
Run the Patch Set Assistant from the ORACLE_HOME/bin directory.
It is recommended that you use this work around only for the duration needed to run
the Patch Set Assistant; you should restore your environment to their original settings
after you are finished.
2.2.7.3 Patch Set Assistant Does Not Display Multi-Byte Characters on Oracle
Linux 6
On Oracle Linux 6 operating systems, the Patch Set Assistant does not display
multi-byte characters (for example, Japanese, Korean, and both simplified and
traditional Chinese).
To work around this issue:
1.
Go to the Oracle Common home directory.
2.
Save the jdk directory to a temporary jdk directory. For example:
mv jdk jdk_save
3.
Create a link to the jdk1.7.0 directory on your system. For example:
ln -s /home/Oracle/Products/jdk/jdk1.7.0 jdk
4.
Set the following environment variables (for example, if you wanted to display
Japanese characters):
setenv LANG ja_JP
setenv LC_ALL ja_JP
5.
Run the Patch Set Assistant from the ORACLE_HOME/bin directory.
It is recommended that you use this work around only for the duration needed to run
the Patch Set Assistant; you should restore your environment to their original settings
after you are finished.
2.2.8 Warning and Error Messages Seen as a Result of Patching
This section contains the following:
■
■
■
■
2-30 Release Notes
Section 2.2.8.1, "Harmless Warnings When Running upgradeOpss()"
Section 2.2.8.2, "Harmless Warning Message in Log File When Patching Multiple
Products to the Same Version"
Section 2.2.8.3, "Error When Accessing the Oracle Portal Home Page"
Section 2.2.8.4, "Applications Generate javax.xml.bind.JAXBException Runtime
Errors After Installing 11g Release 1 (11.1.1.4.0) Patch Set"
Patching Issues and Workarounds
2.2.8.1 Harmless Warnings When Running upgradeOpss()
When running the upgradeOpss() WLST command to upgrade configurations and
stores to 11g Release 1 (11.1.1.4.0), the following error messages may be seen:
oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy
migrateData
WARNING: cannot migrate a global grant. Reason
oracle.security.jps.service.policystore.PolicyStoreException: Found 2 permissions
in the store matching: ([PermissionEntry:class=java.util.PropertyPermission
target=weblogic.Name resourceType=null actions=read,PERMISSION, name=null,
uniqueName=null, guid=null]
[jaznGranteeDn=orclguid=AC171BF0E72711DEBF9CCF0B93FB22A1,cn=Grantees,
cn=JAASPolicy,cn=systempolicy,cn=webcenter,cn=JPSContext,cn=jpsroot_webcenter_
IR14_prod}),
[PermissionEntry: class=java.util.PropertyPermission target=weblogic.Name
resourceType=null actions=read,PERMISSION, name=8228FD8036F711DEAF24DB7D80B2D07C,
uniqueName=orclguid=8228FD8036F711DEAF24DB7D80B2D07C,cn=Permissions,cn=JAASPolicy,
cn=systempolicy,cn=webcenter,cn=JPSContext,cn=jpsroot_webcenter_IR14_prod,
guid=8228FD8036F711DEAF24DB7D80B2D07C]
[jaznGranteeDn=orclguid=822505e036f711deaf24db7d80b2d07c,cn=grantees,cn=jaas
policy,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_prod}1
[PermissionEntry: class=java.util.PropertyPermission target=weblogic.Name
resourceType=null actions=read,PERMISSION, name=8228FD8036F711DEAF24DB7D80B2D07C,
uniqueName=orclguid=8228FD8036F711DEAF24DB7D80B2D07C,cn=Permissions,cn=JAASPolicy,
cn=systempolicy,cn=webcenter,cn=JPSContext,cn=jpsroot_webcenter_IR14_prod,
guid=8228FD8036F711DEAF24DB7D80B2D07C]
[jaznGranteeDn=orclguid=822505e036f711deaf24db7d80b2d07c,cn=grantees,cn=jaaspolicy
,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_prod}
[PermissionEntry: class=java.util.PropertyPermission target=weblogic.Name
resourceType=null actions=read,PERMISSION, name=AC198CF0E72711DEBF9CCF0B93FB22A1,
uniqueName=orclguid=AC198CF0E72711DEBF9CCF0B93FB22A1,cn=Permissions,cn=JAASPolicy,
cn=systempolicy,cn=webcenter,cn=JPSContext,cn=jpsroot_webcenter_IR14_prod,
guid=AC198CF0E72711DEBF9CCF0B93FB22A1]
[jaznGranteeDn=orclguid=822505e036f711deaf24db7d80b2d07c,cn=grantees,cn=jaaspolicy
,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_prod}
[jaznGranteeDn=orclguid=ac171bf0e72711debf9ccf0b93fb22a1,cn=grantees,cn=jaaspolicy
,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_prod}2
[PermissionEntry: class=java.util.PropertyPermission target=weblogic.Name
resourceType=null actions=read,PERMISSION, name=AC198CF0E72711DEBF9CCF0B93FB22A1,
uniqueName=orclguid=AC198CF0E72711DEBF9CCF0B93FB22A1,cn=Permissions,cn=JAASPolicy,
cn=systempolicy,cn=webcenter,cn=JPSContext,cn=jpsroot_webcenter_IR14_prod,
guid=AC198CF0E72711DEBF9CCF0B93FB22A1]
[jaznGranteeDn=orclguid=822505e036f711deaf24db7d80b2d07c,cn=grantees,cn=jaaspolicy
,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_
prod}[jaznGranteeDn=orclguid=ac171bf0e72711debf9ccf0b93fb22a1,cn=grantees,cn=jaas
policy,cn=systempolicy,cn=webcenter,cn=jpscontext,cn=jpsroot_webcenter_ir14_prod}
These messages are harmless and can be safely ignored.
2.2.8.2 Harmless Warning Message in Log File When Patching Multiple Products to
the Same Version
In a scenario where you have a product that is already patched to version 11g Release 1
(11.1.1.3.0) in a Middleware home, and then you attempt to patch a second product to
the same version in the same Middleware home, a warning message similar to the
following will appear in the installtimestamp.out file:
Attempting to install 1 patches
Mar 3, 2010 1:00:07 PM [THREAD: Thread-1]
com.bea.cie.paf.internal.attach.PatchManagerImpl install
Installation, Patching, and Configuration 2-31
Patching Issues and Workarounds
WARNING: Warning:
Patch already installed: PBY8
Patch installation success
Patch installation success
Success..
[SOARootService.getRootActions] autoPortsDetect =null
[SOARootService.getRootActions] privilegedPorts =null
This warning message can be safely ignored.
2.2.8.3 Error When Accessing the Oracle Portal Home Page
If you are upgrading to Oracle Portal 11g Release 1 (11.1.1.6.) from any previous
release, the following error message is displayed in the browser when accessing the
Oracle Portal home page:
XML Parsing Error: syntax error
Location: http://exampleserver.exampledomain:port/portal/pls/portal/dev_
portal.home
Line Number 1, Column 1:An error occurred while processing the request. Try
refreshing your browser. If the problem persists contact the site administrator
^
This occurs because the Web Cache invalidation password stored in Web Cache and
the password stored in the Portal repository are not the same.
To resolve this issue:
1.
Reset the Oracle Web Cache invalidator password in the Administration
repository:
a.
Log in to Enterprise Manager in the domain where Web Cache is running:
http://administration_server_host:administration_server_port/em
2.
b.
From the navigation section on the left, open "Web Tier" then click on the Web
Cache instance name.
c.
Find the drop-down menu on the right-hand side of the page under the Web
Cache instance name, then select Administration > Password from the menu.
d.
Specify a new invalidation password.
e.
Restart Oracle Web Cache.
Reset the Oracle Web Cache invalidator password in the Oracle Portal repository:
a.
Log in to Enterprise Manager in the domain where Oracle Portal is running:
http://administration_server_host:administration_server_port/em
b.
From the navigation section on the left, open "Portal" then click on the Oracle
Portal Managed Server name.
c.
Find the drop-down menu on the right-hand side of the page under the Oracle
Portal instance name, then select Settings > Wire Configuration from the
menu.
d.
Specify a new invalidation password - the same password you specified in the
Administration repository.
the "Invalidation User" user name should be same as the user
name used on the Oracle Web Cache side.
Note:
2-32 Release Notes
Patching Issues and Workarounds
e.
Click Apply.
There is a known issue at this point - refer to "Resolving JDBC Errors in Oracle
Reports and Oracle Portal" in the Oracle Fusion Middleware Patching Guide for
more information.
f.
Delete the Oracle Portal File Cache in the ORACLE_
INSTANCE/portal/cache directory.
g.
Restart Oracle Web Cache and the Oracle Portal Managed Server.
2.2.8.4 Applications Generate javax.xml.bind.JAXBException Runtime Errors After
Installing 11g Release 1 (11.1.1.4.0) Patch Set
If any of the applications you deployed on Oracle Fusion Middleware 11g Release 1
(11.1.1.2.0) or 11g Release 1 (11.1.1.3.0) include EclipseLink-JAXB classes that have
no-arg constructors missing, then after you install 11g Release 1 (11.1.1.4.0), the
application might generate the following exceptions during runtime:
javax.xml.bind.JAXBException
To avoid this error:
1.
Modify the classes and add default no-arg constructors where necessary.
2.
Compile and redeploy your project to the newly patched Oracle Fusion
Middleware 11g Release 1 (11.1.1.4.0) domain.
Below is an example of a typical no-arg constructor:
public class PriceQuote implements Serializable
{
// Make sure you have constructor with no arguments
public PriceQuote() }
}
}
2.2.9 Oracle Configuration Manager Fails When Patching Oracle Identity Management
and Oracle Web Tier
If you are upgrading Oracle Identity Management or Oracle Web Tier to 11g Release 1
(11.1.1.7.0) from any release prior to and not including 11g Release 1 (11.1.1.6.0), and
you did not previously configure Oracle Configuration Manager, then Oracle
Configuration Manager will fail if you decide to configure it in 11g Release 1
(11.1.1.7.0).
To work around this issue, you can do the following prior to running the 11g Release 1
(11.1.1.7.0) configuration wizard:
1.
Go to the ORACLE_HOME/ccr/bin directory.
2.
Run the following commands:
setupCCR
configCCR
emCCR collect
emCCR status
You can also do the following if you choose to skip the Oracle Configuration Manager
configuration when you initially run the 11g Release 1 (11.1.1.7.0) configuration wizard
but then choose to configure it later:
1.
Go to the ORACLE_HOME/ccr/bin directory.
Installation, Patching, and Configuration 2-33
Configuration Issues and Workarounds
2.
Set the ORACLE_CONFIG_HOME environment variable to your Instance home
directory.
3.
Run the following commands:
setupCCR
configCCR
emCCR collect
emCCR status
2.2.10 Resolving Oracle Service Bus Object Conflicts
After patching Oracle Service Bus, it is possible that some older objects in the server
cache could conflict with the newer version of Oracle Service Bus objects. To clear the
cache and prevent these conflicts, delete the DOMAIN_HOME/tmp/cache/stage
folder.
You can delete this folder either prior to patching, or after patching. If you do this after
patching your software, you must remember to shut down and restart all the servers.
2.2.11 Manual Step for ODI-BAM Users After Installing 11.1.1.4.0 Patch Set
If you are integrating Oracle Data Integrator (ODI) with Oracle Business Activity
Monitoring, you should import a new version of the following knowledge module
after you install the Oracle Fusion Middleware 11g Release 1 (11.1.1.4.0) patch set:
BAM_ORACLE_HOME/bam/ODI/knowledge modules/KM_RKM Oracle BAM.xml
For more information, see "Importing and Replacing Knowledge Modules" in the
Oracle Fusion Middleware Developer's Guide for Oracle Data Integrator.
This new module includes bugs fixes and improvements made for the Oracle Fusion
Middleware 11g Release 1 (11.1.1.4.0).
2.3 Configuration Issues and Workarounds
This section describes configuration issues and their workarounds. It includes the
following topics:
■
Section 2.3.1, "Issues Pertaining to Oracle SOA Suite Configuration"
■
Section 2.3.2, "Issues Pertaining to Oracle Identity Management Configuration"
■
Section 2.3.3, "Issues Pertaining to Oracle Identity and Access Management
Configuration"
■
Section 2.3.4, "Issues Pertaining to the Configuration Wizard"
■
Section 2.3.5, "Issues Pertaining to the Repository Creation Utility (RCU)"
■
Section 2.3.6, "Issues Pertaining to Packing and Unpacking a Domain"
■
Section 2.3.7, "Issues Pertaining to Cluster Configuration"
■
■
■
2-34 Release Notes
Section 2.3.8, "Discoverer URL is not Properly Displayed When Accessed Through
SSL"
Section 2.3.9, "Cleaning up the JDeveloper Directories for a Failed Deployment on
Windows"
Section 2.3.10, "OPMN Does Not Start if the LD_ASSUME_KERNEL Environment
Variable is Set"
Configuration Issues and Workarounds
■
Section 2.3.11, "Oracle WebCenter Portal wc-post-install.py Script Not Supported
for Oracle RAC Datasources"
■
Section 2.3.12, "Changing the Listen Address of a Managed Server"
■
Section 2.3.13, "Domain Extension Overwrites JDBC Data Source Name"
■
■
Section 2.3.14, "Rerouting to Original URL After SSO Authentication in Firefox and
Safari Browsers"
Section 2.3.15, "Deleting the Browser Cache in Browsers"
2.3.1 Issues Pertaining to Oracle SOA Suite Configuration
This section contains the following:
■
■
Section 2.3.1.1, "SOAINFRA Schema Contains Invalid Objects in 11g Release 1
(11.1.1.6.0)"
Section 2.3.1.2, "Harmless Exception Seen for Oracle SOA Suite with WebSphere
Application Server"
2.3.1.1 SOAINFRA Schema Contains Invalid Objects in 11g Release 1 (11.1.1.6.0)
When the 11g Release 1 (11.1.1.6.0) version of the prefix_SOAINFRA schema is
created either by running RCU or the Patch Set Assistant, there are still some invalid
objects that exist within the SOA schema.
To work around this issue, compile the prefix_SOAINFRA schema. For example, if
the SOA schema user on your system is DEV_SOAINFRA:
exec dbms_utility.compile_schema('DEV_SOAINFRA')
If you choose not to run this command to make the objects valid, the objects will also
become valid once they are accessed during runtime.
2.3.1.2 Harmless Exception Seen for Oracle SOA Suite with WebSphere Application
Server
When running Oracle SOA Suite on IBM WebSphere application server, the following
exception is seen after logging in to Fusion Middleware Control, expanding
Application Deployments on the left side and then clicking on any of the applications
under it:
[date_and_time] 0000003f OHWHelpProvid E
configuration
[date_and_time] 00000044 OHWHelpProvid E
configuration
unable to create global
critical error in OHW
oracle.help.web.config.parser.ConfigParseException: error finding
configuration file at:
at oracle.help.web.config.parser.OHWParser._openConnection(Unknown
Source)
at oracle.help.web.config.parser.OHWParser.getGlobalConfiguration(Unknown
Source)
at oracle.help.web.rich.helpProvider.OHWHelpProvider.getHelpTopic(Unknown
Source)
.
.
.
This exception is harmless and can be safely ignored.
Installation, Patching, and Configuration 2-35
Configuration Issues and Workarounds
2.3.1.3 Oracle SOA Suite Administration Server Fails to Start With Sun JDK on
Windows XP 2002
The Administration Server in Oracle SOA Suite does not start with using a Sun JDK on
a Windows XP 2002 server with Service Pack 3.
To work around this issue, go to the DOMAIN_HOME\bin directory and set DEFAULT_
MEM_ARGS value in setSOADomainEnv.cmd from:
-Xms512m -Xmx1024m
to
-Xms256m -Xmx512m
2.3.2 Issues Pertaining to Oracle Identity Management Configuration
This section contains information pertaining to Oracle Identity Management 11g
Release 1 (11.1.1.7.0) configuration:
Note: For 11g Release 1 (11.1.1.6.0) configuration release notes, refer
to the following links:
■
■
■
■
■
■
■
■
Oracle Fusion Middleware Release Notes 11g Release 1 (11.1.1) for
Linux x86
Oracle Fusion Middleware Release Notes 11g Release 1 (11.1.1) for
Microsoft Windows (32-Bit)
Section 2.3.2.1, "Oracle Internet Directory Server Does Not Listen on SSL Port"
Section 2.3.2.2, "Metrics for Oracle Identity Management Components may not be
Correctly Displayed in Enterprise Manager"
Section 2.3.2.3, "Configuring Oracle Identity Management When WebLogic Node
Manager is Running"
Section 2.3.2.4, "Configuring Oracle Internet Directory with Oracle Data Vault"
Section 2.3.2.5, "Password Requirements for Oracle Internet Directory
Administrator"
Section 2.3.2.6, "Harmless Error Message When Configuring Oracle Identity
Federation"
2.3.2.1 Oracle Internet Directory Server Does Not Listen on SSL Port
If the machine on which Oracle Internet Directory is installed is not configured as a
dual stack (IPv4/IPv6) host and the Oracle Internet Directory server is configured to
listen on privileged ports, then the Oracle Internet Directory server does not listen on
SSL ports.
To work around this issue, do one of the following:
■
■
Enable IPv6 on the machine.
If pure IPv4/IPv6 addresses are needed, add host=ipv4_ip_address or
host=ipv6_ip_address for oidmon parameters in the INSTANCE_
HOME/config/OPMN/opmn/opmn.xml file. For example:
<data id="start-cmdline-opts" value="connect=$DB_CONNECT_STR opmnuid=true
host=ipv4_or_ipv6_ip_address start"/>
<data id="stop-cmdline-opts" value="connect=$DB_CONNECT_STR opmnuid=true
2-36 Release Notes
Configuration Issues and Workarounds
host=ipv4_or_ipv6_ip_address stop"/>
2.3.2.2 Metrics for Oracle Identity Management Components may not be Correctly
Displayed in Enterprise Manager
When Oracle Identity Management servers are configured on IPv4/IPv6 dual-stack
hosts in 11g Release 1 (11.1.1.7.0), the following problems may occur in Enterprise
Manager:
■
■
Metrics for Oracle Identity Management components may not be displayed
correctly.
Links to Oracle Directory Services Manager (ODSM) may not work.
To work around this issue, add an alias for the IPv6 address in the /etc/hosts file on
your system:
IPv6_host_address host.domain host
For example:
fdc4:82c2:9c80:d47a::3:58 examplehost.exampledomain.com examplehost
2.3.2.3 Configuring Oracle Identity Management When WebLogic Node Manager is
Running
To configure Oracle Identity Management, using either the Install and Configure
option or the Configuration Wizard, when the WebLogic Node Manager utility is
running from the same Middleware home directory where Oracle Identity
Management is installed, the StartScriptEnabled parameter in the
nodemanager.properties file must be set to true. For example:
StartScriptEnabled=true
To configure Oracle Identity Management when the StartScriptEnabled
parameter is set to false, you must:
1.
Set the StartScriptEnabled parameter to true.
2.
Stop, then restart the Node Manager utility.
3.
Configure Oracle Identity Management using either the Install and Configure
option or the Configuration Wizard.
The nodemanager.properties file is located in the WL_
HOME/common/nodemanager directory.
Note:
2.3.2.4 Configuring Oracle Internet Directory with Oracle Data Vault
If you choose to configure Oracle Internet Directory (OID) with Oracle Data Vault:
1.
Apply patch 8897382 (see the README file in the patch for instructions).
2.
In the ORACLE_HOME/ldap/datasecurity/dbv_oid_command_rules.sql
file, find the following code:
/declare
.
begin
.
dvsys.dbms_macadm.CREATE_COMMAND_RULE(
command => 'CONNECT'
,rule_set_name => 'OID App Access'
Installation, Patching, and Configuration 2-37
Configuration Issues and Workarounds
,object_owner => 'ODS'
,object_name => '%'
,enabled => 'Y');
.
commit;
.
end;/
3.
Change the following line:
,object_owner => 'ODS'
to:
,object_owner => '%'
2.3.2.5 Password Requirements for Oracle Internet Directory Administrator
When configuring Oracle Internet Directory, using either the installer's Install and
Configure option or the Configuration Wizard, you must enter and confirm the
Administrator Password.
The following is a list of the requirements for the Oracle Internet Directory
Administrator Password. The password must contain:
■
At least 5 characters
■
No more than 30 characters
■
At least one number
■
Only alpha-numeric characters, underscore ( _ ), dollar sign ( $ ), and pound/hash
(#)
If the password you enter does not satisfy these requirements,
the following error message appears:
Note:
INST-07037: Administrator Password field value contains one or more
invalid characters or the value is not in proper format.
2.3.2.6 Harmless Error Message When Configuring Oracle Identity Federation
During the configuration of Oracle Identity Federation (OIF), the following error
message regarding key store and password may be seen in the configuration log file:
[app:OIF module:/fed path:/fed spec-version:2.5
version:11.1.1.1.0]: Failed while destroying servlet: usermanager.
java.lang.RuntimeException: The server could not initialize properly:
oracle.security.fed.sec.util.KeySourceException: Invalid/unsupported
key store or incorrect password. Please verify that the password is correct
and the store is a valid PKCS#12 PFX wallet or Java KeyStore file.
This error message can be safely ignored if OIF is running properly.
2.3.3 Issues Pertaining to Oracle Identity and Access Management Configuration
This section contains information pertaining to Oracle Identity and Access
Management 11g Release 1 (11.1.1.7.0) configuration:
2-38 Release Notes
Configuration Issues and Workarounds
Note: For 11g Release 1 (11.1.1.6.0) configuration release notes, refer
to the following links:
■
■
■
■
Oracle Fusion Middleware Release Notes 11g Release 1 (11.1.1) for
Linux x86
Oracle Fusion Middleware Release Notes 11g Release 1 (11.1.1) for
Microsoft Windows (32-Bit)
Section 2.3.3.1, "Log Messages Appearing on Console During Oracle Identity
Manager Schema Creation"
Section 2.3.3.2, "Design Console Connectivity Fails Intermittently"
2.3.3.1 Log Messages Appearing on Console During Oracle Identity Manager
Schema Creation
During the creation of the Oracle Identity Manager (OIM) schema, some log messages
will appear in the RCU console window. These log messages are specific to Quartz,
which is used by Oracle Identity Manager, and can be safely ignored.
If there are any errors encountered during the loading of this Quartz-specific data, the
errors will be written to the RCU log files. Refer to Oracle Fusion Middleware Repository
Creation Utility User's Guide for more information about the RCU log files.
2.3.3.2 Design Console Connectivity Fails Intermittently
Design console connectivity to server may fail intermittently in SSL mode. For more
information, see Section 13.28.7, "Random Number Generator May Be Slow on
Machines With Inadequate Entropy".
2.3.4 Issues Pertaining to the Configuration Wizard
This section contains the following:
■
■
Section 2.3.4.1, "Starting the Configuration Wizard From a New Window"
Section 2.3.4.2, "Specify Security Updates Screen Does Not Appear in the
Configuration Wizard"
2.3.4.1 Starting the Configuration Wizard From a New Window
When you start the Configuration Wizard from a terminal window, make sure that it is
a new terminal window to ensure that there are no environment variables set to
incorrect locations from a previous configuration or installation session.
2.3.4.2 Specify Security Updates Screen Does Not Appear in the Configuration
Wizard
If you use silent installation (response file) to configure Oracle Identity Management,
security updates (through Oracle Configuration Manager) are not configured.
However, the ocm.rsp file is created in the Oracle home directory. If you run the
Configuration Wizard GUI from the Oracle home, you will not see the Specify Security
Updates Screen because of the presence of the ocm.rsp file.
To work around this issue, delete the ocm.rsp file from the Oracle home and run the
Configuration Wizard to see the Specify Security Updates screen.
Installation, Patching, and Configuration 2-39
Configuration Issues and Workarounds
2.3.5 Issues Pertaining to the Repository Creation Utility (RCU)
This section contains the following:
■
■
■
Section 2.3.5.1, "Increasing the Tablespace Size for the MDS Schema"
Section 2.3.5.2, "Schemas Are Not Visible After Upgrade of Oracle Identity
Management"
Section 2.3.5.3, "RCU Summary Screen Issues"
2.3.5.1 Increasing the Tablespace Size for the MDS Schema
On Oracle databases, a default tablespace size of 1024MB is created for the MDS
schema. If you need to increase the size of this tablespace, do the following:
1.
Log in to the Database Control page. For example:
https://db_host:db_port/em/
2.
Select the Server tab.
3.
In the "Storage" section, select Datafiles.
4.
Select the row of the datafile corresponding to the schema you want to edit, then
click Edit. In the case of the MDS schema, the datafile name should be prefix_
mds.dbf.
5.
On the "Edit Datafile" page, increase the size of the tablespace.
2.3.5.2 Schemas Are Not Visible After Upgrade of Oracle Identity Management
After upgrading Oracle Identity Management from Release 10g (10.1.4.3) to 11g
Release 1 (11.1.1), the Oracle Directory Service schemas (ODS and ODSSM) are not
visible in the Repository Creation Utility (RCU).
The reason for this is because RCU is not used during the upgrade process, and RCU
only recognizes schemas that are created by RCU. Refer to Oracle Fusion Middleware
Repository Creation Utility User's Guide for more information.
2.3.5.3 RCU Summary Screen Issues
If you are dropping the Identity Management schemas and you select both Oracle
Internet Directory (ODS) and Oracle Identity Federation (OIF) to be dropped, the RCU
summary screen may not be displayed and an exception may be thrown in the console.
To work around this issue, select and drop one component at a time instead of
selecting them both and dropping them together.
When other components are selected for a drop schema operation, the summary
screen may display inaccurate information. However, the selected schemas will be
successfully dropped from the database in spite of the erroneous information on the
summary screen.
To work around this issue, select and drop only one component at a time.
2.3.6 Issues Pertaining to Packing and Unpacking a Domain
This section contains the following:
■
■
2-40 Release Notes
Section 2.3.6.1, "Ensure There Are No Missing Products When Using unpack.sh or
unpack.cmd"
Section 2.3.6.2, "Running unpack.sh or unpack.cmd on a Different Host"
Configuration Issues and Workarounds
■
Section 2.3.6.3, "Starting Managed Servers on Remote System After Packing and
Unpacking Domain"
2.3.6.1 Ensure There Are No Missing Products When Using unpack.sh or
unpack.cmd
Oracle SOA Suite, Oracle WebCenter Portal, and Application Developer all contain the
pack.sh and unpack.sh scripts in their respective ORACLE_HOME/common/bin
directories.
The pack.sh script is used to create a template archive (.jar) file that contains a
snapshot of either an entire domain or a subset of a domain. The unpack.sh script is
used to create a full domain or a subset of a domain used for a Managed Server
domain directory on a remote system.
Both pack.sh and unpack.sh will fail if any installed products are missing from the
system where you are running these scripts.
2.3.6.2 Running unpack.sh or unpack.cmd on a Different Host
If you are running the unpack.sh command to unpack a domain on a remote host,
the Oracle home location and the Middleware home location on the remote host
should match the locations on the host where the pack was performed.
Below is a valid example:
Host 1:
MW_HOME = /user/home/Middleware
ORACLE_HOME =/user/home/Middleware/Oracle_SOA1
@ Host 2:
MW_HOME = /user/home/Middleware
ORACLE_HOME =/user/home/Middleware/Oracle_SOA1
The example below is NOT valid because the Oracle homes do not match:
Host 1:
MW_HOME = /user/home/Middleware
ORACLE_HOME =/user/home/Middleware/Oracle_SOA1
@ Host 2:
MW_HOME = /user/home/Middleware
ORACLE_HOME =/user/home/Middleware/SOA_Home
The example below is NOT valid because the Middleware homes do not match:
Host 1:
MW_HOME = /user/home/Middleware
ORACLE_HOME =/user/home/Middleware/Oracle_SOA1
@ Host 2:
MW_HOME = /user/home/MWHome
ORACLE_HOME =/user/home/Middleware/Oracle_SOA1
Host 1:
MW_HOME = C:\Oracle\Middleware
ORACLE_HOME = C:\Oracle\Middleware\Oracle_SOA1
@ Host 2:
MW_HOME = C:\Oracle\Middleware
ORACLE_HOME = C:\Oracle\Middleware\Oracle_SOA1
Installation, Patching, and Configuration 2-41
Configuration Issues and Workarounds
The example below is NOT valid because the Oracle homes do not match:
Host 1:
MW_HOME = C:\Oracle\Middleware
ORACLE_HOME = C:\Oracle\Middleware\Oracle_SOA1
@ Host 2:
MW_HOME = C:\Oracle\Middleware
ORACLE_HOME = C:\Oracle\Middleware\SOA_Home
The example below is NOT valid because the Middleware homes do not match:
Host 1:
MW_HOME = C:\Oracle\Middleware
ORACLE_HOME = C:\Oracle\Middleware\Oracle_SOA1
@ Host 2:
MW_HOME = C:\Oracle\MWHome
ORACLE_HOME = C:\Oracle\Middleware\Oracle_SOA1
2.3.6.3 Starting Managed Servers on Remote System After Packing and Unpacking
Domain
After you unpack a domain on a remote system using the unpack command,
complete the following steps:
1.
Start Node Manager on the remote system. This action creates a
nodemanager.properties file on your system in the MW_HOME/wlserver_
10.3/common/nodemanager directory.
2.
Stop Node Manager.
3.
Open the nodemanager.properties file in a text editor and set the
StartScriptEnabled property to true.
4.
Start the Node Manager on the remote system before starting the Managed Server
on the remote system through the Oracle WebLogic Administration Console.
2.3.7 Issues Pertaining to Cluster Configuration
This section contains the following:
■
■
■
Section 2.3.7.1, "Extend Domain and Expand Cluster Scenarios with Remote
Systems"
Section 2.3.7.2, "Unable to Extend an Existing Domain by Selecting Only Oracle
Directory Integration Platform Without Cluster"
Section 2.3.7.3, "Expand Cluster Requires Changes to the emd.properties File"
2.3.7.1 Extend Domain and Expand Cluster Scenarios with Remote Systems
In scenarios where you are using the Fusion Middleware Configuration Wizard to
extend a domain or expand a cluster with remote systems, you must make sure that
both the source and destination Middleware home and Oracle home directories are
identical.
2-42 Release Notes
Configuration Issues and Workarounds
2.3.7.2 Unable to Extend an Existing Domain by Selecting Only Oracle Directory
Integration Platform Without Cluster
Selecting only Oracle Directory Integration Platform without cluster in a session
followed by creating cluster and extending domain on the same system fails.
In this domain configuration scenario, ensure that you install and configure Oracle
Directory Services Manager on the same system where you extending the domain to
configure Oracle Directory Integration Platform.
2.3.7.3 Expand Cluster Requires Changes to the emd.properties File
After running the Oracle Fusion Middleware Configuration Wizard to expand a
cluster, the EMD_URL parameter in the INSTANCE_
HOME/EMAGENT/EMAGENT/sysman/config/emd.properties file contains the
values shown below:
EMD_URL=http://localhost.localdomain:port/emd/main
You must edit this parameter and replace localhost and localdomain with the
actual host and domain information of your environment. For example, using 5160 as
the port number:
EMD_URL=http://examplehost.exampledomain.com:5160/emd/main
2.3.8 Discoverer URL is not Properly Displayed When Accessed Through SSL
In 11g Release 1 (11.1.1.7.0), the Discoverer page is not displayed properly when
accessed through the SSL port of Oracle Web Cache or Oracle HTTP Server.
To work around this issue, do the following:
1.
Log in to the Administration Server Console.
2.
Select
Environment->Servers->AdminServer->Configuration->General->Advanced.
3.
Enable "WebLogic Plug-In Enabled".
4.
Repeat steps 1-3 for the WLS_DISCO server.
5.
Restart all of the servers and access the page again.
2.3.9 Cleaning up the JDeveloper Directories for a Failed Deployment on Windows
When a JDeveloper deployment fails on Windows, you should remove the hidden
system directory and all its subdirectories in AppData\Roaming\JDeveloper before
you try to deploy again.
2.3.10 OPMN Does Not Start if the LD_ASSUME_KERNEL Environment Variable is Set
On all UNIX operating systems, for all products that install Oracle Process Manager
and Notification Server or OPMN (for example, Oracle Identity Management, Oracle
Web Tier, Oracle Portal, Forms, Reports and Discoverer, and Oracle Business
Intelligence), OPMN will not start if the LD_ASSUME_KERNEL environment variable is
set. Make sure that this environment variable is not set.
Installation, Patching, and Configuration 2-43
Configuration Issues and Workarounds
2.3.11 Oracle WebCenter Portal wc-post-install.py Script Not Supported for Oracle RAC
Datasources
The wc-post-install.py script can not be used in an environment with Oracle
RAC datasources (gridlink or multi-datasource).
To work around this issue:
1.
Edit the WC_ORACLE_HOME/bpm/process_spaces/wc-post-install.py
script and comment out all lines containing setDatasource in the file by adding
a hash (#) character to the beginning of the line.
2.
Use the WebCenter Portal Console and manually configure the following
datasources:
3.
■
mds-soa
■
mds-soa0
■
mds-soa1
■
SOADataSource
■
SOADataSource0
■
SOADataSource1
Run the wc-post-install.py script.
2.3.12 Changing the Listen Address of a Managed Server
When you run the Configuration Wizard after installing Oracle Identity Management
or Oracle Portal, Forms, Reports and Discoverer, the listen address for WebLogic
Managed Servers is left blank by default (to listen to all network interfaces). If you
change the listen address to the actual host name, the Managed Server stops listening
from outside the system.
It is recommended that you either leave the listen address blank, or specify the IP
address of the host rather than using the host name.
2.3.13 Domain Extension Overwrites JDBC Data Source Name
When a WebLogic Domain with JDBC resources is extended to either Oracle SOA Suite
or Oracle WebCenter Portal, the JDBC data source name will be changed. This
behavior is commonly observed in cases where WebLogic Server version lower than
9.x is upgraded to a version higher than 9.x and then extended to Oracle SOA Suite or
Oracle WebCenter Portal.
To work around this issue, you must manually edit the JDBC data source names.
2.3.14 Rerouting to Original URL After SSO Authentication in Firefox and Safari
Browsers
When configuring Oracle Portal, Forms, Reports and Discoverer, when both Oracle
HTTP Server and Oracle Web Cache are selected for configuration, re-routing (back to
the original URL) after Single Sign-On (SSO) authentication does not work in Firefox
and Safari browsers when the initial request comes from Oracle HTTP Server.
The work arounds are to either use the Internet Explorer browser, or manually modify
the INSTANCE_HOME/config/OHS/instance_name/httpd.conf file and change
the ServerName entry to include the port number. For example:
2-44 Release Notes
Documentation Errata
ServerName examplehost.exampledomain.com
should be changed to:
ServerName examplehost.exampledomain.com:port
Replace port with the actual port number.
2.3.15 Deleting the Browser Cache in Browsers
Make sure you clear your browser cache files; otherwise, the objects on your screen
(for example, in Oracle Enterprise Manager) may not be refreshed to the latest version,
or if you added a new object then it may not appear.
2.4 Documentation Errata
This section describes documentation errata. It includes the following topic:
■
■
■
Section 2.4.1, "Incorrect Option Specified in the RCU Online Help"
Section 2.4.3, "Deinstall Instructions Missing for Oracle HTTP Server, Oracle Traffic
Director, and Oracle iPlanet 11g Release 1 WebGates for Oracle Access Manager"
Section 2.4.2, "Forms and Reports Builder Not Supported"
2.4.1 Incorrect Option Specified in the RCU Online Help
The RCU online help for the Master and Work Repository Custom Variables for Oracle
Data Integrator contains an incorrect option.
For the Work Repository Type, the correct options should be:
■
Use Development (D) for creating a development repository.
■
Use Execution (E) for creating an execution repository.
2.4.2 Forms and Reports Builder Not Supported
Forms and Reports Builder is not suported on Linux x86-64, Solaris Operating System
(SPARC 64-Bit), AIX Based Systems (64-Bit), HP-UX PA-RISC (64-Bit), HP-UX Itanium,
and Microsoft Windows x64 (64-Bit) platforms. It is supported on Linux x86 and
Microsoft Windows (32-Bit) platforms only.
2.4.3 Deinstall Instructions Missing for Oracle HTTP Server, Oracle Traffic Director, and
Oracle iPlanet 11g Release 1 WebGates for Oracle Access Manager
The content in this section is missing from the Installing Webgates for Oracle Access
Manager guide:
2.4.3.1 Deinstalling Oracle HTTP Server, Oracle Traffic Director, and Oracle iPlanet
11g Release 1 WebGates for Oracle Access Manager
You should always use the instructions provided in this section for removing the
Oracle HTTP Server, Oracle Traffic Director, and Oracle iPlanet 11.1.1.7.0 WebGates for
Oracle Access Manager. If you try to remove the software manually, you may
experience problems when you try to reinstall the software again at a later time.
Following the procedures in this section will ensure that the software is properly
removed.
Installation, Patching, and Configuration 2-45
Documentation Errata
To deinstall the WebGate agent, do the following:
1.
Go to the MW_HOME/oracle_common/oui/bin directory.
2.
Run the following command:
On UNIX: ./runInstaller -deinstall
On Windows: setup.exe -deinstall -jreLoc JRE_LOCATION
Ensure that you specify the absolute path to your JRE_LOCATION; relative paths
are not supported.
After the deinstaller starts, the Welcome screen is displayed. Proceed with the
deinstallation by referring to Section 2.4.3.1.1 for deinstalling 11g Release 1 WebGate
agents for Oracle Access Manager.
2.4.3.1.1 Deinstallation Screens and Instructions Follow the instructions in Table 2–1 to
complete the deinstallation.
If you need additional help with any of the deinstallation screens, click Help to access
the online help.
Table 2–1
Deinstallation Flow
Sl.
No.
Screen
Description
1.
Welcome
Click Next.
Each time the deinstaller
starts, the Welcome screen
is displayed.
2.
Deinstall Oracle Home
The Deinstall Oracle
Verify the Oracle home you are
Home screen shows the
about to deinstall.
Oracle home you are about
Click Deinstall.
to deinstall.
On the Warning screen, select
whether or not you want the
deinstaller to remove the Oracle
home directory in addition to
removing the software.
Action Required
Click Yes to have the deinstaller
remove the software and Oracle
home, No to remove only the
software, or Cancel to return to
the previous screen.
If you select No, go to
Section 2.4.3.1.2 for instructions
on how to manually remove
your Oracle home directory.
3.
Deinstallation progress
The Deinstallation
Progress screen shows the
progress and status of the
deinstallation.
Wait until the Deinstallation
Complete screen appears.
4.
Deinstallation Complete
The Deinstallation
Complete screen appears
when the deinstallation is
complete.
Click Finish to dismiss the
screen.
2.4.3.1.2 Manually Removing the Oracle Home Directory If you have selected No on the
warning dialog box, in the Deinstall Oracle Home screen during deinstallation, then
you must manually remove your oracle_common directory and any sub-directories.
2-46 Release Notes
Documentation Errata
For example: if your Oracle Common home directory was
/home/Oracle/Middleware/oracle_common, run the following commands:
cd /home/Oracle/Middleware
rm -rf oracle_common
On Windows, if your Oracle Common home directory was
C:\Oracle\Middleware\oracle_common, then use a file manager window, go to
the C:\Oracle\Middleware directory, right-click on the oracle_common folder,
and then select Delete.
2.5 Known Issues
This section describes known issues. It includes the following topics:
■
Section 2.5.1, "Forms and Reports Builder Not Supported"
2.5.1 Forms and Reports Builder Not Supported
Forms and Reports Builder is not suported on Linux x86-64, Solaris Operating System
(SPARC 64-Bit), AIX Based Systems (64-Bit), HP-UX PA-RISC (64-Bit), HP-UX Itanium,
and Microsoft Windows x64 (64-Bit) platforms. It is supported on Linux x86 and
Microsoft Windows (32-Bit) platforms only.
2.6 Documentation Errata
This section describes documentation errata. It includes the following topic:
■
■
Section 2.4.1, "Incorrect Option Specified in the RCU Online Help"
Section 2.4.3, "Deinstall Instructions Missing for Oracle HTTP Server, Oracle Traffic
Director, and Oracle iPlanet 11g Release 1 WebGates for Oracle Access Manager"
2.6.1 Incorrect Option Specified in the RCU Online Help
The RCU online help for the Master and Work Repository Custom Variables for Oracle
Data Integrator contains an incorrect option.
For the Work Repository Type, the correct options should be:
■
Use Development (D) for creating a development repository.
■
Use Execution (E) for creating an execution repository.
2.6.2 Deinstall Instructions Missing for Oracle HTTP Server, Oracle Traffic Director, and
Oracle iPlanet 11g Release 1 WebGates for Oracle Access Manager
The content in this section is missing from the Installing Webgates for Oracle Access
Manager guide:
2.6.2.1 Deinstalling Oracle HTTP Server, Oracle Traffic Director, and Oracle iPlanet
11g Release 1 WebGates for Oracle Access Manager
You should always use the instructions provided in this section for removing the
Oracle HTTP Server, Oracle Traffic Director, and Oracle iPlanet 11.1.1.7.0 WebGates for
Oracle Access Manager. If you try to remove the software manually, you may
experience problems when you try to reinstall the software again at a later time.
Installation, Patching, and Configuration 2-47
Documentation Errata
Following the procedures in this section will ensure that the software is properly
removed.
To deinstall the WebGate agent, do the following:
1.
Go to the MW_HOME/oracle_common/oui/bin directory.
2.
Run the following command:
On UNIX: ./runInstaller -deinstall
On Windows: setup.exe -deinstall -jreLoc JRE_LOCATION
Ensure that you specify the absolute path to your JRE_LOCATION; relative paths
are not supported.
After the deinstaller starts, the Welcome screen is displayed. Proceed with the
deinstallation by referring to Section 2.4.3.1.1 for deinstalling 11g Release 1 WebGate
agents for Oracle Access Manager.
2.6.2.1.1 Deinstallation Screens and Instructions Follow the instructions in Table 2–1 to
complete the deinstallation.
If you need additional help with any of the deinstallation screens, click Help to access
the online help.
Table 2–2
Deinstallation Flow
Sl.
No.
Screen
Description
1.
Welcome
Click Next.
Each time the deinstaller
starts, the Welcome screen
is displayed.
2.
Deinstall Oracle Home
The Deinstall Oracle
Verify the Oracle home you are
Home screen shows the
about to deinstall.
Oracle home you are about
Click Deinstall.
to deinstall.
On the Warning screen, select
whether or not you want the
deinstaller to remove the Oracle
home directory in addition to
removing the software.
Action Required
Click Yes to have the deinstaller
remove the software and Oracle
home, No to remove only the
software, or Cancel to return to
the previous screen.
If you select No, go to
Section 2.4.3.1.2 for instructions
on how to manually remove
your Oracle home directory.
3.
Deinstallation progress
The Deinstallation
Progress screen shows the
progress and status of the
deinstallation.
Wait until the Deinstallation
Complete screen appears.
4.
Deinstallation Complete
The Deinstallation
Complete screen appears
when the deinstallation is
complete.
Click Finish to dismiss the
screen.
2-48 Release Notes
Documentation Errata
2.6.2.1.2 Manually Removing the Oracle Home Directory If you have selected No on the
warning dialog box, in the Deinstall Oracle Home screen during deinstallation, then
you must manually remove your oracle_common directory and any sub-directories.
For example: if your Oracle Common home directory was
/home/Oracle/Middleware/oracle_common, run the following commands:
cd /home/Oracle/Middleware
rm -rf oracle_common
On Windows, if your Oracle Common home directory was
C:\Oracle\Middleware\oracle_common, then use a file manager window, go to
the C:\Oracle\Middleware directory, right-click on the oracle_common folder,
and then select Delete.
Installation, Patching, and Configuration 2-49
Documentation Errata
2-50 Release Notes
3
Upgrade
3
This chapter describes issues associated with upgrading your environment and your
applications to Oracle Fusion Middleware 11g. It includes the following topics:
■
Section 3.1, "General Issues and Workarounds"
■
Section 3.2, "General Issues and Workarounds for Migrating from 11.1.1.1.0"
■
Section 3.3, "Documentation Errata for Upgrade"
This chapter contains issues you might encounter while
upgrading any of the Oracle Fusion Middleware products.
Note:
Be sure to review the product-specific release note chapters elsewhere
in this document for any additional issues specific to the products you
are using.
3.1 General Issues and Workarounds
This section describes general issue and workarounds. It includes the following topics:
■
■
■
■
■
■
Section 3.1.1, "Patches Required to Address Specific Upgrade and Compatibility
Requirements"
Section 3.1.2, "Unable to Read Composite Model Error During SOA Application
Upgrade"
Section 3.1.3, "Oracle BAM Upgrade Issues"
Section 3.1.4, "Error When Upgrading Oracle Internet Directory Due to Invalid
ODS Schema"
Section 3.1.5, "Restore From Backup Required If Upgrade Fails During a Colocated
Oracle Internet Directory and Oracle Directory Integration Platform Upgrade"
Section 3.1.6, "Cannot Verify Oracle Forms Services Upgrade When Oracle HTTP
Server is Running On a Separate Host"
■
Section 3.1.7, "WebCenter Security Upgrade Release Notes"
■
Section 3.1.8, "Oracle B2B Upgrade Release Notes"
■
■
Section 3.1.9, "Problem Accessing the Welcome Pages in Oracle HTTP Server After
Upgrade"
Section 3.1.10, "Misleading Error Message When Upgrading Oracle Internet
Directory"
Upgrade 3-1
General Issues and Workarounds
■
■
■
■
■
■
Section 3.1.11, "Additional Steps Required When Redeploying the SOA Order
Booking Sample Application on Oracle Fusion Middleware 11g"
Section 3.1.12, "Additional Steps Required When Upgrading Human Taskflow
Projects"
Section 3.1.13, "Stopping Oracle Virtual Directory Processes During Upgrade"
Section 3.1.14, "Providing Input to Upgrade Assistant Screens When Oracle
Internet Directory Upgrade Fails"
Section 3.1.15, "Upgrading Oracle Access Manager Middle Tier"
Section 3.1.16, "Inaccurate Results When Running the Upgrade Assistant Verify
Feature"
■
Section 3.1.17, "Missing jdk_version.log File When Launching Upgrade Assistant"
■
Section 3.1.18, "Test Suites in Oracle SOA Suite 10g Projects Not Upgraded to 11g"
■
Section 3.1.19, "Incorrect Wiring When Migrating Certain Oracle SOA Suite 10g
Projects to 11g"
3.1.1 Patches Required to Address Specific Upgrade and Compatibility Requirements
In general, Oracle assumes that you are running the latest Oracle Application Server
10g patch sets before you begin the upgrade to Oracle Fusion Middleware 11g.
In addition, in some specific cases, you must apply an additional software patches to
your Oracle Application Server 10g components before you start the upgrade process.
These patches are designed to address specific interoperability issues that you might
encounter while upgrading your Oracle Application Server 10g environment to Oracle
Fusion Middleware 11g.
Table 3–1 lists the specific patch sets required to address specific upgrade and
compatibility requirements for Oracle Fusion Middleware 11g.
For more information, refer to the following sections:
■
3-2 Release Notes
Section 3.1.1.1, "Obtaining Patches and Support Documents From My Oracle
Support (Formerly OracleMetaLink)"
General Issues and Workarounds
Table 3–1
Patches Required to Address Specific Upgrade and Compatibility Requirements
Patch Set Number
Description and Purpose
Additional Information
8404955
Before you can perform the Oracle B2B schema
upgrade, you must apply this required patch to
the Oracle Application Server Integration B2B
10g Release 2 (10.1.2) middle tier.
"Task 6b: If Necessary, Upgrade the
B2B Schema" in the Oracle Fusion
Middleware Upgrade Guide for Oracle
SOA Suite, WebCenter, and ADF
This patch set is required in order to enable the
Java command that you use to export the
trading partner agreements, as described in the
following step.
5746866
If the database that hosts your Oracle
Application Server 10g schemas is an
Oracle Database 10g (10.1.0.x) database, then
make sure that this database patch (or database
patch 5126270) has been applied to the 10g
(10.1.0.x) database before you upgrade the
database to the required Oracle Database 10g
(10.2.0.4).
"Upgrading to Oracle Database 10g
Release 2 (10.2.0.4)" in the Oracle
Fusion Middleware Upgrade Planning
Guide
Note that database patch 5746866 includes
patch 5126270.
7685124
8372141
Apply this patch against Oracle Secure
Enterprise Search (10.1.8.3.0) before you
attempt to use Oracle Secure Enterprise Search
with Oracle Portal 11g.
"Oracle Secure Enterprise Search" in
the Oracle Fusion Middleware
Administrator's Guide for Oracle Portal
Apply this patch on your Oracle Application
Server 10g Release 3 (10.1.3.4) environment to
enable interoperability between Oracle SOA
Suite 10g Release 3 (10.1.3.4) and Oracle BPEL
Process Manager 11g.
"Upgrading Oracle SOA Suite Client
Applications" in the Oracle Fusion
Middleware Upgrade Guide for Oracle
SOA Suite, WebCenter, and ADF
Section 34.4, "Interoperability Issues
and Workarounds"
This patch is also referred to as the Oracle SOA
Suite 10g Release 3 (10.1.3.4) Cumulative MLR
#7.
6522654
Apply this patch to your Oracle Database
before you attempt to upgrade your Oracle
BAM schema.
If you do not apply this patch to your Oracle
Database 10g (10.2.0.3), 10g (10.2.0.4), or
Oracle Database 11g (11.1.0.7) before
performing the schema upgrade, you will
likely see the following error:
"Task 6c: If Necessary, Upgrade the
BAM Schema" in the Oracle Fusion
Middleware Upgrade Guide for Oracle
SOA Suite, WebCenter, and ADF
Section 3.1.3.1, "Datapump Export for
Oracle BAM Upgrade Plug-in Fails in
Oracle Database 10g (10.2.0.3), 10g
(10.1.2.0.4), and Oracle Database 11g
(11.1.0.7)"
BAM MRUA: SCHEMA UPGRADE FAILED
SQLException: ORA-39002: invalid
operation
The description for this patch on My Oracle
Support is "USING DATA PUMP THROUGH
DBLINK CAUSED DATA CORRUPTION FOR
CLOB VALUES".
Upgrade 3-3
General Issues and Workarounds
Table 3–1 (Cont.) Patches Required to Address Specific Upgrade and Compatibility Requirements
Patch Set Number
Description and Purpose
Additional Information
7675269
Apply this patch to prevent the occurrence of
an ORA-01591 error in an Oracle Real
Application Clusters (Oracle RAC) 11g
(11.1.0.7) database.
"Upgrading and Preparing Your
Databases" in the Oracle Fusion
Middleware Upgrade Planning Guide
This error can occur for rows locked by
transactions which were in the middle of
two-phase commit.
The description of this patch on My Oracle
Support is "ODAC 2008:RAC NODE
AFFINITY: DISTRIBUTED TXN ABORTS
WITH ORA-01591."
8291981
Apply this patch to correct a problem where
Metadata Repository (MDS) queries against an
Oracle Database 11g (11.1.0.7) database do not
find all of the results (documents or elements)
that they should.
"Managing the MDS Repository" in
the Oracle Fusion Middleware
Administrator's Guide
The description of this patch on My Oracle
Support is: "SELECT INCORRECT RESULTS:
SOME RESULTS NOT FOUND".
9007079
Apply this bundled patch to your Oracle
Database 11g (11.1.0.7) Real Application
Clusters (Oracle RAC) environment to address
three known issues while using the Oracle
RAC database with Oracle Fusion Middleware
Oracle SOA Suite components.
"Oracle Real Application Clusters and
Fusion Middleware" in the Oracle
Fusion Middleware High Availability
Guide.
See the Readme file for the patch for a list of
the bugs addressed by the patch.
The description of this patch on My Oracle
Support is: "MERGE REQUEST FOR 8886255
AND 7675269".
8607693
Apply this patch to your Oracle Real
Application Clusters (Oracle RAC) 11g
(11.1.0.7) database to prevent an error that can
occur if an XA transaction branch was being
asynchronously rolled back by two or more
sessions.
"Oracle Real Application Clusters and
Fusion Middleware" in the Oracle
Fusion Middleware High Availability
Guide.
The description of this patch on My Oracle
Support is: "STRESS SOA - ORA-00600:
INTERNAL ERROR CODE, ARGUMENTS:
[504] (Oracle AC)".
7682186
Apply this patch to your Oracle Real
Application Clusters (Oracle RAC) 11g
(11.1.0.7) database to prevent an issue that
results in an ORA-600 error.
Behavior includes CR-inconsistencies between
index and the block, or incorrect results in an
Oracle RAC multi-node global transaction
environment.
The description of this patch on My Oracle
Support is: "ORA-600[KDSGRP1] SIGNALLED
DURING BUGOLTP-XA WORKLOAD".
3-4 Release Notes
"Oracle Real Application Clusters and
Fusion Middleware" in the Oracle
Fusion Middleware High Availability
Guide.
General Issues and Workarounds
3.1.1.1 Obtaining Patches and Support Documents From My Oracle Support
(Formerly OracleMetaLink)
To obtain a patch, log in to My Oracle Support (formerly OracleMetaLink), click
Patches and Updates, and search for the patch number:
http://support.oracle.com/
To obtain a support note or document, log in to My Oracle Support and enter the
support note number in the Quick Find search field at the top of the My Oracle
Support window and search the Knowledge Base for the note number.
3.1.2 Unable to Read Composite Model Error During SOA Application Upgrade
The Oracle Fusion Middleware Upgrade Guide for Oracle SOA Suite, WebCenter, and ADF
describes how Oracle JDeveloper 11g will automatically upgrade specific features of
your Oracle SOA Suite 10g applications to 11g.
However, if you see the following error while upgrading your application in
JDeveloper 11g, then you can safely ignore the error. Your application will be
upgraded, but you will need to create a new SOA-SAR deployment profile after the
application upgrade. And use this newly created profile for deploying SOA composite:
SEVERE: Unable to read composite model for project project_name
For more information, see 43.2, "Deploying a Single SOA Composite in Oracle
JDeveloper," in the Oracle Fusion Middleware Developer's Guide for Oracle SOA Suite.
3.1.3 Oracle BAM Upgrade Issues
The following sections provide information about specific issues related to upgrading
Oracle BAM 10g to Oracle BAM 11g:
■
Section 3.1.3.1, "Datapump Export for Oracle BAM Upgrade Plug-in Fails in Oracle
Database 10g (10.2.0.3), 10g (10.1.2.0.4), and Oracle Database 11g (11.1.0.7)"
■
Section 3.1.3.2, "Dependent Alerts Do Not Upgrade Correctly"
■
Section 3.1.3.3, "Problem Upgrading a Report that Contains Calculated Fields"
■
■
Section 3.1.3.4, "Calculated Fields Reference the Field ID Rather Than Field Names
After Upgrade to Oracle BAM 11g"
Section 3.1.3.5, "Using the Oracle BAM 11g Samples After Upgrade from Oracle
BAM 10g"
3.1.3.1 Datapump Export for Oracle BAM Upgrade Plug-in Fails in Oracle Database
10g (10.2.0.3), 10g (10.1.2.0.4), and Oracle Database 11g (11.1.0.7)
Before you upgrade the Oracle BAM 11g schema to 11g, you must first apply patch
6522654 to your Oracle Database 10g (10.2.0.3), 10g (10.1.2.0.4), and Oracle Database
11g (11.1.0.7).
If you do not apply this patch, then you will likely experience the following error
during Oracle BAM schema upgrade:
BAM MRUA: SCHEMA UPGRADE FAILED SQLException: ORA-39002: invalid operation
For more information, see Section 3.1.1, "Patches Required to Address Specific
Upgrade and Compatibility Requirements".
Upgrade 3-5
General Issues and Workarounds
3.1.3.2 Dependent Alerts Do Not Upgrade Correctly
When an alert in Oracle BAM 10g is dependent upon another alert, the dependent
alert keeps a reference to the parent alert with a GUID reference. When such an alert is
exported from 10g it will contain a GUID reference to the parent alert, and import to
an Oracle BAM 11g system is not successful.
The following modification to the exported alert definition file can be used as a
workaround for import to an Oracle BAM 11g system.
Edit the exported file contents of the dependent alert from the Oracle BAM 10g
system, and modify the following element containing reference to parent alert.
Change this:
&lt;param name=&quot;RuleID&quot; order=&quot;0&quot;&gt;
//private:weblogic/Rule/624567ffe84de34c-6e6bdbaa120eb7f6ea6-8000
&lt;/param&gt;
To this:
&lt;param name=&quot;RuleID&quot; order=&quot;0&quot;&gt;
ParentAlertName
&lt;/param&gt;
In other words, the GUID reference for parent alert must be replaced by the parent
alert's name.
3.1.3.3 Problem Upgrading a Report that Contains Calculated Fields
If you created a report in Oracle BAM 10g or in Oracle BAM 11g Release 1 (11.1.1.1.0)
and the report contains calculated fields that use using datetime type fields, then the
Calculations tab displays this error in Oracle BAM 11g Release 1 (11.1.1.2.0):
BAM-01610: INVALID FILTER EXPRESSION
More specifically, this error occurs when the calculation is an expression for equality
check against a datetime field in String format. For example, for a datetime field such
as Last Modified, the following calculation does not work:
If {Last Modified}=="7/18/2002 1:33:10 PM"
Before you can upgrade the report, you must remove the calculated fields.
3.1.3.4 Calculated Fields Reference the Field ID Rather Than Field Names After
Upgrade to Oracle BAM 11g
After upgrading to Oracle BAM 11g Release 1 (11.1.1.2.0), any calculated fields in your
reports will reference fields by the field ID, rather than the field name.
Specifically, after upgrade, the field name referenced in the expression will be
converted to use the field id (for example, _Num_Sold).
For example, the field reference might appear as follows after the upgrade:
If({_Num_Sold}==5000)
Then("met")
Else("notmet")
Note that the calculated fields will continue to work after the upgrade and after this
automatic conversion.
3-6 Release Notes
General Issues and Workarounds
3.1.3.5 Using the Oracle BAM 11g Samples After Upgrade from Oracle BAM 10g
When you install Oracle BAM 11g, the installer copies a set of sample applications to
the Oracle SOA Suite Oracle home. Refer to the following sections for more
information about using these samples after upgrading to Oracle BAM 11g from
Oracle BAM 10g:
■
■
Section 3.1.3.5.1, "General Information About the Oracle BAM Samples"
Section 3.1.3.5.2, "Removing Any 10g Sample Applications Before Configuring the
Oracle BAM 11g Samples"
For information about using the Oracle BAM 11g after migrating from Oracle Fusion
Middleware 11g Release 1 (11.1.1.1.0), see Section 3.2.8, "Using the Oracle BAM 11g
Prepackaged Samples After Migrating from 11.1.1.1.0".
3.1.3.5.1 General Information About the Oracle BAM Samples The Oracle Fusion
Middleware installer copies the Oracle BAM samples to the following location in the
Oracle SOA Suite Oracle home:
SOA_ORACLE_HOME/bam/samples/bam/
Instructions for configuring and using the samples, as well as updated samples, can be
found at the following URL on the Oracle Technology Network (OTN):
http://www.oracle.com/technology/products/integration/bam/collateral/samples11g.html
The instructions explain how to use the propert setup script to configure the demos in
your Oracle BAM 11g environment. You can also find individual readme file for each
demo within each sample directory.
3.1.3.5.2 Removing Any 10g Sample Applications Before Configuring the Oracle BAM 11g
Samples Before you use the instructions on OTN to set up the Oracle BAM 11g
samples, remove any data objects, reports, or alerts associated with any existing 10g
samples.
For example, be sure to remove any artifacts associated with the Oracle BAM 10g Call
Center and Atherton demos before you run the setup scripts.
3.1.4 Error When Upgrading Oracle Internet Directory Due to Invalid ODS Schema
If you receive an error when using the Upgrade Assistant to upgrade the Oracle
Internet Directory schema from 10g Release 2 (10.1.2.3) to 11g, then verify that the ODS
10g schema is valid.
To view the status of the Oracle Application Server 10g schemas in your database, use
the following SQL command:
SELECT comp_id, version, status FROM app_registry;
If the output from this command shows that the ODS schema is INVALID, then use
the instructions in the following My Oracle Support document to install and configure
Referential Integrity:
730360.1, "Referential Integrity in Oracle Internet Directory Version 10.1.2.3"
After performing the instructions in the support document, then retry the Oracle
Internet Directory schema upgrade.
Upgrade 3-7
General Issues and Workarounds
3.1.5 Restore From Backup Required If Upgrade Fails During a Colocated Oracle
Internet Directory and Oracle Directory Integration Platform Upgrade
If you are using the Upgrade Assistant to upgrade both Oracle Internet Directory and
Oracle Directory Integration Platform, consider the following.
If the Oracle Internet Directory upgrade fails, then before you can run the Upgrade
Assistant again, you must restore your Oracle Internet Directory 10g backup before
you can run the Upgrade Assistant again. Otherwise, the Upgrade Assistant will not
attempt to upgrade Oracle Directory Integration Platform.
3.1.6 Cannot Verify Oracle Forms Services Upgrade When Oracle HTTP Server is
Running On a Separate Host
If you use the Upgrade Assistant to upgrade an Oracle Forms Services instance that
does not include a local instance of Oracle HTTP Server, then the Verify feature of the
Upgrade Assistant cannot verify that the upgrade was successful. Instead of reporting
that the upgrade was successful, the Verify feature will report that the server is
unavailable. This verification error may not be valid if the Oracle HTTP Server is
installed and configured on a different host than the Oracle Forms Services instance.
3.1.7 WebCenter Security Upgrade Release Notes
The following bugs/release notes relate to security changes for Custom WebCenter
applications upgrading from 10.1.3.x:
■
■
■
Section 3.1.7.1, "RowSetPermission check fails with compatibility flag set"
Section 3.1.7.2, "Grants not migrated properly if application contains grants
without permissions"
Section 3.1.7.3, "Shared/public credentials not found after external application
deployed"
3.1.7.1 RowSetPermission check fails with compatibility flag set
In 10.1.3, the ADF framework performed rowset, attribute, and method permission
checks in addition to page permission checks. If a 10.1.3 application grants 'read'
permission on the rowset and attribute and 'invoke' permission on the method for all
users, then the application will behave as expected in 11R1 without any additional
setup.
However, if the 10.1.3 application was designed to allow only certain users to view the
rowset, attribute, or invoke method, then a special flag needs to be set to support this
style of security. If this flag is not set, then anyone who has page access can view
attributes and rowsets and invoke methods since in 11R1 the permission check is
performed only on pages and taskflows. The flag must be set for each application in
the adf-config.xml file.
<sec:adf-security-child xmlns="http://xmlns.oracle.com/adf/security/config">
<JaasSecurityContext
initialContextFactoryClass=
"oracle.adf.share.security.JAASInitialContextFactory"
jaasProviderClass=
"oracle.adf.share.security.providers.jps.JpsSecurityContext"
authorizationEnforce="true"/>
<contextEnv name="oracle.adf.security.metadata" value="false"/>
<CredentialStoreContext
credentialStoreClass=
"oracle.adf.share.security.providers.jps.CSFCredentialStore"
3-8 Release Notes
General Issues and Workarounds
credentialStoreLocation="../../src/META-INF/jps-config.xml"/>
</sec:adf-security-child>
3.1.7.2 Grants not migrated properly if application contains grants without
permissions
Grants are not migrated properly if a 10.1.3 application contains grants without any
permissions. Developers should inspect the app-jazn-data.xml file in the 10.1.3
workspace and remove any grants that have empty permission set prior to performing
the migration.
3.1.7.3 Shared/public credentials not found after external application deployed
If you have secured your 10.1.3 application, ensure there are no duplicate
JaasSecurityContext and CredentialStoreContext elements in the application's
adf-config.xml file prior to migration.In the following example, the first
JaasSecurityContext element is empty and should be removed (see "Remove entry"
in the XML snippet below).
<adf-config-child xmlns="http://xmlns.oracle.com/adf/security/config">
<CredentialStoreContext
credentialStoreClass=
"oracle.adf.share.security.providers.jazn.JAZNCredentialStore"
credentialStoreDefaultUser="anonymous"
credentialStoreLocation="./credential-store.xml"/>
<JaasSecurityContext/> <!--Remove entry-->
<JaasSecurityContext
initialContextFactoryClass=
"oracle.adf.share.security.JAASInitialContextFactory"
jaasProviderClass=
"oracle.adf.share.security.providers.jazn.JAZNSecurityContext"
authorizationEnforce="true"/>
</adf-config-child>
3.1.8 Oracle B2B Upgrade Release Notes
The following release notes apply when you are upgrading Oracle B2B 10g to Oracle
B2B 11g:
■
Section 3.1.8.1, "Service Name Is Required When Using ebMS with Oracle B2B"
■
Section 3.1.8.2, "Converting Wallets to Keystores for Oracle B2B 11g"
■
Section 3.1.8.3, "Oracle B2B UCCnet Documents Not Upgraded to 11g"
■
Section 3.1.8.4, "Errors in the Upgrade Log Files Even When Oracle B2B Schema
Upgrade is Successful"
3.1.8.1 Service Name Is Required When Using ebMS with Oracle B2B
Because the Service Name parameter is required when using the ebMS protocol in
Oracle B2B 11g, you may need to provide a value for this field after importing 10g
data.
With the agreement in the draft state, update the field on the Partners > Documents
tab. When you select a document definition that uses the ebMS protocol, the
Document Type > ebMS tab appears in the Document Details area. The Service Name
field is on this tab.
Upgrade 3-9
General Issues and Workarounds
3.1.8.2 Converting Wallets to Keystores for Oracle B2B 11g
After upgrading to Oracle B2B 11g, use the orapki pkcs12_to_jks option to replace
the entire keystore. Convert the wallet to a keystore as follows:
1.
Back up the original keystore.
2.
Use the orapki wallet pkcs12_to_jks option to convert to the keystore.
3.
Use keytool -list to list the aliases and verify.
4.
Use keytool -importkeystore to import the converted keystore to the backup of
the original keystore (as done in Step 1)
3.1.8.3 Oracle B2B UCCnet Documents Not Upgraded to 11g
OracleAS Integration B2B provides support for UCCnet under the Custom Document
option. UCCnet is a service that enables trading partners to exchange
standards-compliant data in the retail and consumer goods industries.
Note, however, that UCCnet documents are not upgraded automatically to Oracle B2B
11g. For information about using UCCnet documents in Oracle B2B 11g, see "Using the
UCCnet Document Protocol" in the Oracle Fusion Middleware User's Guide for Oracle
B2B.
3.1.8.4 Errors in the Upgrade Log Files Even When Oracle B2B Schema Upgrade is
Successful
When you use Oracle Fusion MiddlewareUpgrade Assistant upgrade the Oracle B2B
schema, some errors might appear in the upgrade log files even if the Oracle B2B
schema upgrade is successful.
For example, you might see an error, such as the following:
oracle.jrf.UnknownPlatformException: JRF is unable to determine the current
application server platform
As long as the Upgrade Assistant reports that the upgrade was sucessful, these errors
can be safely ignored. They will be addressed in a future release.
For more information about troubleshooting upgrade issues, including how to use the
upgrade log files, see "General Troubleshooting Guidelines" in the Oracle Fusion
Middleware Upgrade Planning Guide.
For more information about the Oracle B2B schema upgrade, see "If Necessary,
Upgrade the B2B Schema," in the Oracle Fusion Middleware Upgrade Guide for
Oracle SOA Suite, WebCenter, and ADF.
3.1.9 Problem Accessing the Welcome Pages in Oracle HTTP Server After Upgrade
After you upgrade to Oracle HTTP Server 11g, the DirectoryIndex directive in the
httpd.conf set to index.html. As a result, if you go to the recommended URL to view
the Oracle Fusion Middleware Welcome pages you instead see the "hello world"
sample application page.
To address this issue:
1.
Edit the httpd.conf file in the following location:
ORACLE_INSTANCE/config/OHS/ohs_component_name/
2.
3-10 Release Notes
Locate the DirectoryIndex directive in the httpd.conf file and change
index.html to welcome-index.html.
General Issues and Workarounds
3.
Restart the Oracle HTTP Server instance.
3.1.10 Misleading Error Message When Upgrading Oracle Internet Directory
When upgrading to Oracle Internet Directory 11g, you might notice an error message
in the Upgrade Assistant (Example 3–1). This error message indicates that some
managed processes failed to start.
You can safely ignore this message, as long as the Upgrade Assistant messages also
indicates that all components were upgraded successfully. This error occurs when the
Upgrade Assistant attempts to start the Oracle Enterprise Manager agent and the
agent is already running.
Example 3–1 Error Message When Upgrading Oracle Internet Directory
----------------------------------------------------------Starting Destination Components
Starting OPMN and managed processes in the destination Oracle instance.
->UPGAST-00141: startup of 11g OPMN managed processes failed.
Starting WebLogic managed server wls_ods1
Clicked OK to continue
Upgrade Progress 100%
All components were upgraded successfully.
------------------------------------------------------------
3.1.11 Additional Steps Required When Redeploying the SOA Order Booking Sample
Application on Oracle Fusion Middleware 11g
Appendix A of the Oracle Fusion Middleware Upgrade Guide for Oracle SOA Suite,
WebCenter, and ADF provides an example of how to use Oracle JDeveloper 11g
upgrade and redeploy a complex application on Oracle Fusion Middleware 11g.
However, after you install Oracle Fusion Middleware 11g (11.1.1.3.0), you must
perform the following additional tasks before you can successfully compile and
deploy the application with Oracle JDeveloper 11g:
1.
Before you open and upgrade the application with Oracle JDeveloper 11g, edit the
original web.xml and replace the <web-app> element with the following:
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
2.
Follow the steps in Appendix A of the Oracle Fusion Middleware Upgrade Guide for
Oracle SOA Suite, WebCenter, and ADF to open the SOA Order Booking application
in Oracle JDeveloper 11g and to upgrade the projects within the application.
3.
When you get to Section A.8.10, "ApproveOrderTaskForm," open the web.xml and
verify that it contains a <servlet> element and <servlet_mapping> element for
the WFTTaskUpdate servlet.
If such an element does not exist in the web.xml file, then edit the web.xml file and
add the elements shown in Example 3–2.
4.
Continue with the rest of the instructions for deploying the project.
Example 3–2 Servlet Elements to Add to the SOA Order Booking web.xml File
<servlet>
<servlet-name>
Upgrade 3-11
General Issues and Workarounds
WFTaskUpdate
</servlet-name>
<servlet-class>
oracle.bpel.services.workflow.worklist.servlet.WFTaskUpdate
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>
WFTaskUpdate
</servlet-name>
<url-pattern>
/WFTaskUpdate
</url-pattern>
</servlet-mapping>
3.1.12 Additional Steps Required When Upgrading Human Taskflow Projects
By default, if you deploy an upgraded Oracle SOA Suite 10g Release 3 (10.1.3)
application that includes a Human Taskflow project on Oracle Fusion Middleware 11g
(11.1.1.3.0), you will not be able to view the taskflow details.
To work around this problem, perform the following additional steps when you are
deploying an application with a Human Taskflow project:
1.
Before you open and upgrade the application with Oracle JDeveloper 11g, edit the
original web.xml and replace the <web-app> element with the following:
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
2.
After you open and upgrade the application in Oracle JDeveloper 11g, do the
following:
a.
In Oracle JDeveloper 11g, deploy the application to an EAR file.
b.
Expand the EAR file on disk, and then expand the packaged WAR file on disk.
For example:
jar -xvf ear_file_name.ear
jar -xvf war_file_name.war
c.
Open the web.xml file in the WEB-INF directory of the WAR file and comment
out the following entry:
<!--servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>*.jsp</url-pattern>
</servlet-mapping-->
d.
Repackage WAR and subsequently the EAR.
For example:
jar -cvf war_file_name.war *
jar -cvf ear_file_name.ear *
e.
Deploy the EAR using the WebLogic Administration Console.
Note that is important that you use the Oracle WebLogic Server
Administration Console to deploy the application and not Oracle JDeveloper
3-12 Release Notes
General Issues and Workarounds
11g. This is because Oracle JDeveloper forces a rebuild of the applciation and
your changes will be overwritten.
3.1.13 Stopping Oracle Virtual Directory Processes During Upgrade
When upgrading Oracle Virtual Directory to 11g, you must manually stop Oracle
Virtual Directory processes if multiple Oracle Virtual Directory processes are running.
When you attempt to stop Oracle Virtual Directory, only the last process that started
will stop. If multiple Oracle Virtual Directory processes are running, you must use the
kill -9 command to stop the processes before upgrading to Oracle Virtual Directory
11g.
3.1.14 Providing Input to Upgrade Assistant Screens When Oracle Internet Directory
Upgrade Fails
If Oracle Internet Directory upgrade fails during the Examine phase in the upgrade
process, do not modify the input you entered in the screens. Instead, dismiss the
Upgrade Assistant wizard and the upgrade process again.
3.1.15 Upgrading Oracle Access Manager Middle Tier
When running the Upgrade Assistant to upgrade the Oracle Single Sign-On 10g to
Oracle Access Manager 11g, you must run the Upgrade Assistant from the same
machine where your Oracle Access Manager Managed Server is running.
3.1.16 Inaccurate Results When Running the Upgrade Assistant Verify Feature
For some upgrade scenarios, the Oracle Fusion Middleware Upgrade Assistant
provides a Verify feature that attempts to analyze the upgraded 11g environment.
When you run the Verify feature, the Upgrade Assistant automatically reports any
problems it finds with the upgraded environment.
However, there are cases where the Verify feature incorrectly identifies a problem. For
example, when single sign-on is enabled, the Verify feature might report that it cannot
access specific URLs for the upgraded components.
In these cases, you should enter the URL directly into a Web browser to verify the
URL. In those cases, the URL might indeed be valid and you can ignore the errors
generated by the Verify feature.
3.1.17 Missing jdk_version.log File When Launching Upgrade Assistant
When you start the Oracle Fusion Middleware Upgrade Assistant to begin an upgrade
of the Oracle Identity and Access Management products, the Upgrade Assistant might
display an error message in the terminal window that indicates that the following file
is missing:
temp\jdk_version.log
If you see this error, quit the Upgrade Assistant and manually create the following
directory before running the Upgrade Assistant:
ORACLE_HOME/upgrade/temp
In this example, ORACLE_HOME is the directory where Oracle Identity and Access
Manager product is installed.
Upgrade 3-13
General Issues and Workarounds for Migrating from 11.1.1.1.0
3.1.18 Test Suites in Oracle SOA Suite 10g Projects Not Upgraded to 11g
When you upgrade your Oracle SOA Suite 10g projects to Oracle SOA Suite 11g, test
suites defined in your Oracle JDeveloper projects will not be upgraded to 11g. In most
cases, you will have to modify or recreate your test suites in Oracle JDeveloper 11g.
For more information, refer to the following:
■
■
"Correcting Problems With Oracle BPEL Process Manager Test Suites" in the Oracle
Fusion Middleware Upgrade Guide for Oracle SOA Suite, WebCenter, and ADF
"Automating Testing of SOA Composite Applications" in the Oracle Fusion
Middleware Developer's Guide for Oracle SOA Suite
3.1.19 Incorrect Wiring When Migrating Certain Oracle SOA Suite 10g Projects to 11g
When you migrate certain Oracle SOA Suite 10g projects to 11g, the migration tool
wires the composite incorrectly. This occurs if there are duplicate porttypes or
partnerlinktypes.
The workaround for this issue is to make sure that the porttypes or
partnerlinktypes are unique, and adjust the references before you start the migration
process.
3.2 General Issues and Workarounds for Migrating from 11.1.1.1.0
This section describes general issue and workarounds that apply only if you are
starting with Oracle Fusion Middleware 11g Release 1 (11.1.1.1.0) and you are using
the instructions in Appendix B, "Using Patch Assistant to Migrate from 11g Release 1
(11.1.1.1.0) to Release 1 (11.1.1.2.0)" in the Oracle Fusion Middleware Patching Guide.
This section includes the following topics:
■
Section 3.2.1, "Stopping the 11.1.1.2.0 Domain"
■
Section 3.2.2, "Editing the patchMaster.properties File"
■
Section 3.2.3, "Patching the Schema for Oracle Internet Directory"
■
Section 3.2.4, "Changing the patchmaster.ValidationErrorContinue Property"
■
Section 3.2.5, "Changing the Default Setting for Validation Tasks"
■
Section 3.2.6, "Severe Error When Running the execute-sql-rcu Macro"
■
■
Section 3.2.7, "Machine Names Do Not Appear in the Oracle WebLogic Server
Administration Console"
Section 3.2.8, "Using the Oracle BAM 11g Prepackaged Samples After Migrating
from 11.1.1.1.0"
3.2.1 Stopping the 11.1.1.2.0 Domain
While stopping the 11.1.1.2.0 domain by using the ant master-stop-domain-new
command, you may see the following exceptions if the Administration Server and the
Managed Servers are down:
java.net.ConnectException: Connection refused: connect; No available router to
destination.
The admin server and the managed servers should be up while running the command.
3-14 Release Notes
General Issues and Workarounds for Migrating from 11.1.1.1.0
3.2.2 Editing the patchMaster.properties File
When specifying values in the patchMaster.properties file on Windows, ensure that
/ is used for file delimiters. You can use \ as an escape character. When a \ is used in
the patchMaster.properties file, Patch Assistant warns you of the existence of the
character and prompts if the patch operation should be continued ["y"/"n"]. If you
do not desire prompting and have ensured the integrity of the
patchMaster.properties file, then run the ant commands with the -noinput option.
3.2.3 Patching the Schema for Oracle Internet Directory
While patching the schema for Oracle Internet Directory, ensure that you specify only
OID as the parameter for the patchMaster.Componentlist property in the
patchMaster.properties file.
3.2.4 Changing the patchmaster.ValidationErrorContinue Property
By default, the patchMaster.ValidationErrorContinue file appears as
patchmaster.ValidationErrorContinue. When you run this property, an error occurs.
Therefore, if you are using this property, replace the default property with
patchMaster.ValidationErrorContinue before running Patch Assistant.
3.2.5 Changing the Default Setting for Validation Tasks
Patch Assistant validates the properties specified in the patchMaster.properties file.
Additionally it performs the following validation tasks:
■
Verify whether the potential source, target home, and instance paths exist.
■
Verify locations to discover it they are an instance, home, and so on.
■
■
Validate individual migration task. For example, if you are migrating a domain,
then schema-based properties are not required. If the schema-based properties are
specified, be sure to set the complete and proper set of schema-based properties.
Attempts to recognize exceptions to specific components. For example, if Oracle
Internet Directory is solely specified as the component being patched, then the
property patchMaster.Schemaprefix is not necessary. However, if other
components are being patched, then it is assumed that patchMaster.Schemaprefix
is a necessary part of schema property validation.
If you want to continue with the Patch Assistant task after a validation error occurs,
then you can open the patchMaster.properties file (Located in your patchMaster
directory) in a text editor, and change the value to true for the
patchMaster.ValidationErrorContinue property (The default value is false).
Alternatively, you can use the Ant command-line utility to override the properties set
in the patchMaster.properties file. You must specify the required property on the
command line as follows:
ant-DpatchMaster.ValidationErrorContinue
3.2.6 Severe Error When Running the execute-sql-rcu Macro
When running the execute-sql-rcu macro, you may see the following error message,
while the SQL script is still running:
[java] SEVERE: Error while registering Oracle JDBC Diagnosability MBean.
[java] java.security.AccessControlException: access denied
(javax.management.MBeanTrustPermission register)
Upgrade 3-15
General Issues and Workarounds for Migrating from 11.1.1.1.0
To resolve this error, you must grant the register permission by adding the following
syntax to the java.policy file (Located at JAVA_HOME/jre/lib/security in UNIX and
JAVA_HOME\jre\lib\security in Windows):
.
grant codeBase "file:${PATCH-MASTER-HOME}/lib/*.jar" {
permission javax.management.MBeanTrustPermission "register";
};
Note: Ensure that you replace {PATCH-MASTER-HOME} with your
home path.
3.2.7 Machine Names Do Not Appear in the Oracle WebLogic Server Administration
Console
After running Patch Assistant, you cannot see the list of machines (Machine-0 and
Machine-1) configured during 11.1.1.1.0 and 11.1.1.2.0, in the Oracle WebLogic Server
Administration Console. After migrating to 11.1.1.2.0, you must re-enter the machine
names using the Oracle WebLogic Server Administration Console. For more
information, see Create and configure machines topic in the Oracle Fusion Middleware
Oracle WebLogic Server Administration Console Online Help.
3.2.8 Using the Oracle BAM 11g Prepackaged Samples After Migrating from 11.1.1.1.0
If you are using the Oracle BAM 11g sample applications, refer to the following
sections for information about using the samples after migrating from Oracle Fusion
Middleware 11g Release 1 (11.1.1.1.0) to Release 1 (11.1.1.2.0):
■
■
Section 3.2.8.1, "Configuring the Oracle BAM 11g Samples After Migrating from
11.1.1.1.0"
Section 3.2.8.2, "Using the Foreign Exchange Sample After Migrating from
11.1.1.1.0"
For more information about the Oracle BAM 11g samples, see Section 3.1.3.5.1,
"General Information About the Oracle BAM Samples".
3.2.8.1 Configuring the Oracle BAM 11g Samples After Migrating from 11.1.1.1.0
After you migrate from Oracle Fusion Middleware 11g Release 1 (11.1.1.1.0) to 11g
Release 1 (11.1.1.2.0), be sure to run the proper setup script for setting up samples.
Specifically, you must run the recreate script instead of the setup script.
For more information, see the readme file for each of the Oracle BAM 11g samples.
3.2.8.2 Using the Foreign Exchange Sample After Migrating from 11.1.1.1.0
After you run the recreate script to set up the Foreign Exchange sample after migrating
from 11.1.1.1.0, you might experience the following error when you open the report
(Shared Reports/Demos/Foreign Exchange):
The "Trade Volume" has an error:
CACHEEXCEPTION_NULL_NULL_NULL
Message:BAM-01274: The field ID 1 is not recognized.
To fix this problem, perform the following steps:
3-16 Release Notes
Documentation Errata for Upgrade
1.
Open Active Studio.
2.
Open the report:
Shared Reports/Demos/Foreign Exchange/SLAViolation Report
3.
Click Edit.
4.
Select the Trade Volume view and click Edit View.
5.
In the Fields tab under Group By, select the field GroupBy.
6.
Go to the Surface Prompts tab.
7.
From the Display in drop-down menu, in select View Title.
8.
Click Apply and save the report.
Visit the Oracle BAM samples page on OTN regularly to obtain updated samples and
more information about the Oracle BAM sample applications.
3.3 Documentation Errata for Upgrade
This section provides documentation errata for the following guides:
■
Section 3.3.1, "Documentation Errata for the Oracle Fusion Middleware Upgrade
Guide for Java EE"
3.3.1 Documentation Errata for the Oracle Fusion Middleware Upgrade Guide for Java
EE
This section contains documentation errata for the Oracle Fusion Middleware Upgrade
Guide for Java EE. It contains the following sections:
■
Section 3.3.1.1, "Clarification of Post-Upgrade Tasks for SSL-Enabled Oracle HTTP
Server"
3.3.1.1 Clarification of Post-Upgrade Tasks for SSL-Enabled Oracle HTTP Server
Section 7.5.2, "Verifying and Updating the Oracle HTTP Server and Oracle Web Cache
Ports After Upgrade" in the Oracle Fusion Middleware Upgrade Guide for Java EE
provides information about additional post-upgrade steps you must perform for
Oracle HTTP Server in some situations.
Specifically, if you decide to use the new ports defined for your Oracle Fusion
Middleware 11g installation, rather than ports used for your Oracle Application Server
10g installation, then you should verify the listening ports, origin servers, site
definitions, and site-to-server mapping settings, and make changes if appropriate.
This section fails to mention that you should perform this task even if the Oracle HTTP
Server instance and Oracle Web Cache instance reside in the same Oracle home and
you upgrade them together.
For example, if you have enabled end-to-end SSL in your 10g environment, then you
must edit the ssl.conf file in the upgraded Oracle home to ensure that the
ServerName entry in the Oracle HTTP Server 11g ssl.conf file is correct. Locate the
ssl.conf file in the Oracle Fusion Middleware 11g Oracle home, and verify that the
ServerName directive is set to the 11g Oracle Web Cache host and listening port:
For example:
ServerName testbox01.example.com:443
Upgrade 3-17
Documentation Errata for Upgrade
3-18 Release Notes
4
Oracle Fusion Middleware Administration
4
This chapter describes issues associated with Oracle Fusion Middleware
administration. It includes the following topics:
■
Section 4.1, "General Issues and Workarounds"
■
Section 4.2, "Configuration Issues and Workarounds"
■
Section 4.3, "Documentation Errata for the Oracle Fusion Middleware
Administrator's Guide"
This chapter contains issues you might encounter while
administering any of the Oracle Fusion Middleware products.
Note:
Be sure to review the product-specific release note chapters elsewhere
in this document for any additional issues specific to the products you
are using.
4.1 General Issues and Workarounds
This section describes general issue and workarounds. It includes the following topics:
■
■
Section 4.1.1, "Clarification About Path for OPMN"
Section 4.1.2, "Fusion Middleware Control May Return Error in Mixed IPv6 and
IPv4 Environment"
■
Section 4.1.3, "Deploying JSF Applications"
■
Section 4.1.4, "Limitations in Moving from Test to Production"
■
■
Section 4.1.5, "Limitations in Moving Oracle Business Process Management from
Test to Production Environment"
Section 4.1.6, "Message Returned with Incorrect Error Message Level"
4.1.1 Clarification About Path for OPMN
OPMN provides the opmnctl command. The executable file is located in the following
directories:
■
ORACLE_HOME/opmn/bin/opmnctl: The opmnctl command from this location
should be used only to create an Oracle instance or a component for an Oracle
instance on the local system. Any opmnctl commands generated from this location
should not be used to manage system processes or to start OPMN.
Oracle Fusion Middleware Administration
4-1
General Issues and Workarounds
On Windows, if you start OPMN using the opmnctl start command from this
location, OPMN and its processes will terminate when the Windows user has
logged out.
■
ORACLE_INSTANCE/bin/opmnctl: The opmnctl command from this location
provides a per Oracle instance instantiation of opmnctl. Use opmnctl commands
from this location to manage processes for this Oracle instance. You can also use
this opmnctl to create components for the Oracle instance.
On Windows, if you start OPMN using the opmnctl start command from this
location, it starts OPMN as a Windows service. As a result, the OPMN parent
process, and the processes which it manages, persist after the MS Windows user
has logged out.
4.1.2 Fusion Middleware Control May Return Error in Mixed IPv6 and IPv4 Environment
If your environment contains both IPv6 and IPv4 network protocols, Fusion
Middleware Control may return an error in certain circumstances.
If the browser that is accessing Fusion Middleware Control is on a host using the IPv4
protocol, and selects a control that accesses a host using the IPv6 protocol, Fusion
Middleware Control will return an error. Similarly, if the browser that is accessing
Fusion Middleware Control is on a host using the IPv6 protocol, and selects a control
that accesses a host using the IPv4 protocol, Fusion Middleware Control will return an
error.
For example, if you are using a browser that is on a host using the IPv4 protocol and
you are using Fusion Middleware Control, Fusion Middleware Control returns an
error when you navigate to an entity that is running on a host using the IPv6 protocol,
such as in the following situations:
■
■
From the Oracle Internet Directory home page, you select Directory Services
Manager from the Oracle Internet Directory menu. Oracle Directory Services
Manager is running on a host using the IPv6 protocol.
From a Managed Server home page, you click the link for Oracle WebLogic Server
Administration Console, which is running on IPv6.
■
You test Web Services endpoints, which are on a host using IPv6.
■
You click an application URL or Java application which is on a host using IPv6.
To work around this issue, you can add the following entry to the /etc/hosts file:
nnn.nn.nn.nn
myserver-ipv6 myserver-ipv6.example.com
In the example, nnn.nn.nn.nn is the IPv4 address of the Administration Server host,
myserver.example.com.
4.1.3 Deploying JSF Applications
Some JSF applications may experience a memory leak due to incorrect Abstract
Window Toolkit (AWT) application context classloader initialization in the Java class
library. Setting the oracle.jrf.EnableAppContextInit system property to true will
attempt eager initialization of the AWT application context classloader to prevent this
leak from occurring. By default, this property is set to false.
4.1.4 Limitations in Moving from Test to Production
Note the following limitations in moving from test to production:
4-2 Release Notes
General Issues and Workarounds
■
If your environment includes Oracle WebLogic Server which you have upgraded
from one release to another (for example from 10.3.4 to 10.3.5), the pasteConfig
scripts fails with the following error:
Oracle_common_home/bin/unpack.sh line29:
WL_home/common/bin/unpack.sh No such file or directory
To work around this issue, edit the following file:
MW_HOME/utils/uninstall/WebLogic_Platform_10.3.5.0/WebLogic_Server_10.3.5.0_
Core_Application_Server.txt file
Add the following entries:
/wlserver_10.3/server/lib/unix/nodemanager.sh
/wlserver_10.3/common/quickstart/quickstart.cmd
/wlserver_10.3/common/quickstart/quickstart.sh
/wlserver_10.3/uninstall/uninstall.cmd
/wlserver_10.3/uninstall/uninstall.sh
/utils/config/10.3/setHomeDirs.cmd
/utils/config/10.3/setHomeDirs.sh
■
■
When you are moving Oracle Virtual Directory, the Oracle instance name in the
source environment cannot be the same as the Oracle instance name in the target
environment. The Oracle instance name in the target must be different than the
name in the source.
After you move Oracle Virtual Directory from one host to another, you must add a
self-signed certificate to the Oracle Virtual Directory keystore and EM Agent
wallet on Host B. Take the following steps:
a.
Set the ORACLE_HOME and JAVA_HOME environment variables.
b.
Delete the existing self-signed certificate:
$JAVA_HOME/bin/keytool -delete -alias serverselfsigned
-keystore ORACLE_INSTANCE/config/OVD/ovd_component_
name/keystores/keys.jks
-storepass OVD_Admin_password
c.
Generate a key pair:
$JAVA_HOME/bin/keytool -genkeypair
-keystore ORACLE_INSTANCE/config/OVD/ovd_component_
name/keystores/keys.jks
-storepass OVD_Admin_password -keypass OVD_Admin_password -alias
serverselfsigned
-keyalg rsa -dname "CN=Fully_qualified_hostname,O=test"
d.
Export the certificate:
$JAVA_HOME/bin/keytool -exportcert
-keystore ORACLE_INSTANCE/config/OVD/ovd_component_
name/keystores/keys.jks
-storepass OVD_Admin_password -rfc -alias serverselfsigned
-file ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/ovdcert.txt
e.
Add a wallet to the EM Agent:
ORACLE_HOME/../oracle_common/bin/orapki wallet add
-wallet ORACLE_INSTANCE/EMAGENT/EMAGENT/sysman/config/monwallet
-pwd EM_Agent_Wallet_password -trusted_cert
-cert ORACLE_INSTANCE/config/OVD/ovd_component_name/keystores/ovdcert.txt
Oracle Fusion Middleware Administration
4-3
General Issues and Workarounds
■
f.
Stop and start the Oracle Virtual Directory server.
g.
Stop and start the EM Agent.
The copyConfig operation fails if you are using IPv6 and the Managed Server
listen address is not set.
To work around this problem, set the Listen Address for the Managed Server in
the Oracle WebLogic Server Administration Console. Navigate to the server. Then,
on the Settings for server page, enter the Listen Address. Restart the Managed
Servers.
■
■
■
When you are moving Oracle Platform Security and you are using an LDAP store,
the LDAP store on the source environment must be running and it must be
accessible from the target during the pasteConfig operation.
The movement scripts do not support moving Oracle Identity Manager to another
environment, either through the movement scripts or manual steps. In addition, if
Oracle Identity Manager is part of the source environment of other components,
the movement scripts for that environment will fail. This restriction applies to all
11.1.1 releases of Oracle Identity Manager.
For Oracle Business Activity Monitoring, if there are remote servers in the test
environment and you do not use shared disks, the copyConfig and pasteConfig
scripts will fail. In addition, if Oracle BAM is part of the source domain that you
are moving, the scripts will fail. For example, if Oracle BAM is part of a domain
that contains the SOA Infrastructure and Oracle BPEL Process Manager, the
copyConfig and pasteConfig scripts will fail.
To move components other than Oracle BAM move the BAM_t2p_registration.xml
file from the following directory, into any other directory:
SOA_ORACLE_HOME/clone/provision
Then, to move Oracle BAM, take the following steps:
1.
At the source, export the ORACLEBAM database schema, using the following
commands (ORACLE_HOME is the Oracle home for the Oracle Database):
ORACLE_HOME/bin/sqlplus "sys/password as sysdba"
create or replace directory directory as 'path';
grant read,write on DIRECTORY directory to oraclebam;
exit;
ORACLE_HOME/bin/expdp userid=oraclebam/bam@connect_id
directory=directory dumpfile=orabam.dmp
schemas=oraclebam logfile=oraclebam_date.log
See Also: "Overview of Oracle Data Pump" and other chapters on
Oracle Data Pump in Oracle Database Utilities
The Oracle BAM objects, such as reports, alerts, and data definitions from the
source environment are exported.
2.
At the target, import the ORACLEBAM database schema that you exported
from the source environment, using the following commands (ORACLE_
HOME is the Oracle home for the Oracle Database):
ORACLE_HOME/bin/impdp userid=system/password dumpfile=ORACLEBAM.DMP
remap_schema=oraclebam:oraclebam TABLE_EXISTS_ACTION=replace
ORACLE_HOME/bin/sqlplus "sys/password as sysdba"
4-4 Release Notes
General Issues and Workarounds
alter user oraclebam account unlock;
alter user oraclebam identified by bam;
Note that impdp may report the following errors:
–
ORA-00959: tablespace <source tablespace> does not exist.
You can fix this error by creating the tablespace in the import database
before the import or use REMAP_TABLESPACES to change the tablespace
referenced in the table definition to a tablespace in the import database.
–
3.
■
■
You may see failure with restoring index statistics if you use an Oracle
database version earlier than 11.2.0.2. You can work around this issue by
rebuilding the index statistics after import.
Restart the Oracle Business Activity Monitoring Managed Server.
When you are moving Oracle Platform Security Services and the data is moving
from LDAP to LDAP, the source and target LDAP domain component hierarchy
must be same. If it is not, the Oracle Platform Security Services data movement
will fail. For example, if the source is hierarchy is configured as dc=us,dc=com, the
target LDAP must have the same domain component hierarchy.
Moving Oracle Access Manager may fail, as described in Section 20.2.7.
4.1.5 Limitations in Moving Oracle Business Process Management from Test to
Production Environment
Note the following limitations when moving Oracle Business Process Management
from a test environment to a production environment:
■
When you move Oracle Business Process Management from a test environment to
a production environment as described in the Task "Move Oracle Business Process
Management to the New Production Environment" in the Oracle Fusion Middleware
Administrator's Guide, Oracle Business Process Management Organization Units
are not imported.
To work around this issue, you must re-create the Organization Units in the
production environment. In addition, if any Organization associations with the
Calendar rule for the Role exist in the test environment, you must re-create them,
using the Roles screen.
For information, see "Working with Organizations" in the Oracle Fusion Middleware
Modeling and Implementation Guide for Oracle Business Process Management.
■
Oracle recommends that you move artifacts and data into a new, empty
production environment. If the same artifacts are present or some data has been
updated on the production environment, the procedure does not update those
artifacts.
4.1.6 Message Returned with Incorrect Error Message Level
In Fusion Middleware Control, when you select a metadata repository, the following
error messages are logged:
Partitions is NULL
Partitions size is 0
These messages are logged at the Error level, which is incorrect. They should be
logged at the debug level, to provide information.
Oracle Fusion Middleware Administration
4-5
Configuration Issues and Workarounds
4.2 Configuration Issues and Workarounds
This section describes configuration issues and their workarounds. It includes the
following topics:
■
■
■
Section 4.2.1, "Must Stop Oracle SOA Suite Managed Server Before Stopping
soa-infra"
Section 4.2.2, "Fusion Middleware Control Does Not Keep Column Preferences in
Log Viewer Pages"
Section 4.2.3, "Topology Viewer Does Not Display Applications Deployed to a
Cluster"
■
Section 4.2.4, "Changing Log File Format"
■
Section 4.2.5, "SSL Automation Tool Configuration Issues"
4.2.1 Must Stop Oracle SOA Suite Managed Server Before Stopping soa-infra
Using Fusion Middleware Control, if you stop a Oracle SOA Suite Managed Server
before you stop soa-infra, then you start the Managed Server, the soa-infra application
is not restarted automatically. If you try to restart the soa-infra, you will received an
error. When you encounter the problem, you cannot close the dialog box in the
browser, so you cannot take any further actions in Fusion Middleware Control.
To avoid this situation, you should stop the Managed Server, which stops all
applications, including the soa-infra application. To start the Managed Server and the
soa-infra, start the Managed Server.
To close the browser dialog box, enter the following URL in your browser:
http://host:port/em
4.2.2 Fusion Middleware Control Does Not Keep Column Preferences in Log Viewer
Pages
In Fusion Middleware Control, you can reorder the columns in the pages that display
log files and log file messages. However, if you navigate away from the page and then
back to it, the columns are set to their original order.
4.2.3 Topology Viewer Does Not Display Applications Deployed to a Cluster
In Fusion Middleware Control, the Topology Viewer does not display applications that
are deployed to a cluster.
4.2.4 Changing Log File Format
When you change the log file format note the following:
■
■
When you change the log file format from text to xml, specify the path, but omit
the file name. The new file will be named log. xml.
When you change the log file format from xml to text, specify both the path and
the file name.
4.2.5 SSL Automation Tool Configuration Issues
The following issues have been observed when using the SSL Automation tool:
4-6 Release Notes
Documentation Errata for the Oracle Fusion Middleware Administrator's Guide
■
■
■
■
The script creates intermediate files that contain passwords in clear text. If the
script fails, these files might not be removed. After a script failure, delete all files
under the rootCA directory.
If Oracle Internet Directory password policy is enabled, passwords entered for
wallet or keystore fail if they violate the policy.
Before you run the script, you must have JDK 1.6 installed and you must have
JAVA_HOME set in your environment.
If the Oracle Virtual Directory configuration script fails, check the run log or
enable debug for the shell script to view specific errors. If the error message looks
similar to this, rerun the script with a new keystore name:
WLSTException: Error occured while performing cd : Attribute
oracle.as.ovd:type=component.listenersconfig.sslconfig,name=LDAP SSL
Endpoint,instance=%OVD_INSTANCE%,component=ovd1 not found
4.3 Documentation Errata for the Oracle Fusion Middleware
Administrator's Guide
The following section describes documentation errata for the Oracle Fusion Middleware
Administrator's Guide:
■
Section 4.3.1, "Combining All Oracle Homes in a Single Inventory File"
■
Section 4.3.2, "Correction to Link About Supported Databases for MDS."
4.3.1 Combining All Oracle Homes in a Single Inventory File
All Oracle homes in the Middleware home on the source environment must be
registered in the same Oracle inventory. If you have installed multiple components
under the same Middleware home, but used different Oracle inventory locations, the
scripts are not able to detect all of the Oracle homes.
To work around this issue, take the following steps:
1.
Create a new oraInst.loc pointing to the inventory to which you want to register,
using the following commands:
cat oraInst.loc
inventory_loc=new_oraInst_loc_location
inst_group=g900
2.
Detach the Oracle Home from its current inventory:
cd ORACLE_HOME/oui/bin
./detachHome.sh -invPtrLoc ORACLE_HOME/oraInst.loc
3.
Attach the Oracle Home to the new inventory by passing new oraInst.loc created
in step 1:
./attachHome.sh -invPtrLoc new_oraInst_loc_location
Do this for every Oracle home in the Middleware home.
4.
Set the necessary dependencies between Oracle homes if required (for example
most Oracle homes depend on oracle_common). The dependencies are required
when you uninstall. You can check the existing dependencies from the old
inventory by checking the file oraInventory/ContentsXML/inventory.xml. The
following shows an example of the file:
Oracle Fusion Middleware Administration
4-7
Documentation Errata for the Oracle Fusion Middleware Administrator's Guide
<?xml version="1.0" standalone="yes" ?>
<!-- Copyright (c) 1999, 2010, Oracle. All rights reserved. -->
<!-- Do not modify the contents of this file by hand. -->
<VERSION_INFO>
<SAVED_WITH>11.1.0.9.0</SAVED_WITH>
<MINIMUM_VER>2.1.0.6.0</MINIMUM_VER>
</VERSION_INFO>
<HOME_LIST>
<HOME NAME="OH339778486" LOC="/scratch/oracle/11gMW/oracle_common" TYPE="O"
IDX="1">
<REFHOMELIST>
<REFHOME LOC="/scratch/oracle/11gMW/Oracle_WT1"/>
</REFHOMELIST>
</HOME>
<HOME NAME="OH299443989" LOC="/scratch/oracle/11gMW/Oracle_WT1" TYPE="O"
IDX="2">
<DEPHOMELIST>
<DEPHOME LOC="/scratch/oracle/11gMW/oracle_common"/>
</DEPHOMELIST>
</HOME>
</HOME_LIST>
<COMPOSITEHOME_LIST>
</COMPOSITEHOME_LIST>
</INVENTORY>
5.
Run the following command to set up dependencies. Note that this is not
mandatory for the movement scripts to work, but is needed when you uninstall.
./runInstaller -updateHomeDeps
"HOME_DEPENDENCY_LIST={/scratch/oracle/11gMW/Oracle_WT1:/scratch/oracle/11gMW/
oracle_common}" -invPtrLoc ~/oraInst.loc
4.3.2 Correction to Link About Supported Databases for MDS
The section "Databases Supported by MDS" in the Oracle Fusion Middleware
Administrator's Guide contains an incorrect link to Oracle Fusion Middleware System
Requirements and Specifications. The correct link is:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-requi
rements-100147.html
4.3.3 Clarification of Move Plan Properties for Oracle WebCenter Content
For the Oracle WebCenter Content server or Oracle WebCenter Content: Records, you
have two options for moving the component:
■
■
4-8 Release Notes
copy: This option copies the entire source system, including configuration and
data, to the target system. Although this is the default, Oracle does not
recommend using this option because it moves test data, which might not be
appropriate for your environment.
init: This option initializes a new Content Server or Records instance in the target
system. It does not move data.
5
Oracle Enterprise Manager Fusion
Middleware Control
5
This chapter describes issues associated with Fusion Middleware Control. It includes
the following topics:
■
Section 5.1, "General Issues and Workarounds"
■
Section 5.2, "Documentation Errata"
This chapter contains issues you might encounter while using
Fusion Middleware Control to manage any of the Oracle Fusion
Middleware products.
Note:
Be sure to review the product-specific release note chapters elsewhere
in this document for any additional issues specific to the products you
are using.
5.1 General Issues and Workarounds
This section describes general issue and workarounds. It includes the following topic:
■
■
■
■
■
■
■
Section 5.1.1, "Product Behavior After a Session Timeout"
Section 5.1.2, "Fixing Errors Displayed When Selecting the TopLink Sessions
Command in Fusion Middleware Control"
Section 5.1.3, "Verifying the DISPLAY Variable to Correct Problems Displaying
Graphics"
Section 5.1.4, "Incomplete Information Available on the MDS Configuration Page"
Section 5.1.5, "Exceptions When Starting Oracle Web Cache After Accessing
Configuration Pages from Oracle Enterprise Manager Fusion Middleware Control"
Section 5.1.6, "Table Display Problems When Using Some Language Variants"
Section 5.1.7, "Problems When Internet Explorer 7 is Configured to Open Pop-Up
Windows in a New Tab."
■
Section 5.1.8, "Additional Fusion Middleware Control Release Notes"
■
Section 5.1.9, "Problem with Performance Charts After Moving a Chart Region"
■
■
Section 5.1.10, "Display Problems When Running JDK 160_18 on Intel Systems that
Support the SSE4.2 Instruction Set"
Section 5.1.11, "Adobe Flash Plugin Required When Displaying Fusion
Middleware Control in the Apple Safari Browser"
Oracle Enterprise Manager Fusion Middleware Control 5-1
General Issues and Workarounds
■
■
■
■
■
■
■
Section 5.1.12, "Unable to Access Fusion Middleware Control After Installing the
Oracle Identity Management 11.1.1.4.0 Patch Set"
Section 5.1.13, "Error Message on Deleting the Shared Folder After Scale-Out"
Section 5.1.14, "Coreapplication Process for Oracle Business Intelligence Reported
as Down in Fusion Middleware Control"
Section 5.1.15, "Online Help Error Message in Enterprise Manager Log Files Can
Be Ignored"
Section 5.1.16, "Incorrect or Missing Metrics Help Information"
Section 5.1.17, "Error When Accessing the Entry Point URL for the
NonJ2EEManagement Internal Application"
Section 5.2.3, "Help Topic for Secure Sockets Layer Tab Needs Updated
Description for WebLogic CA Certificate"
5.1.1 Product Behavior After a Session Timeout
For security purposes, your sessions with the Fusion Middleware Control will time out
after a predefined period of inactivity, and you will be asked to log in to the console
again. In most cases, you are returned to the page you had displayed before the
session timed out.
However, in some circumstances, such as when you are using the Fusion Middleware
Control deployment wizards, you will not be returned the same location in the
product after you log in. In those cases, you will have to navigate to the specific Fusion
Middleware Control page you were using before the session timed out.
5.1.2 Fixing Errors Displayed When Selecting the TopLink Sessions Command in
Fusion Middleware Control
In Fusion Middleware Control, you can view the Oracle TopLink management pages
by selecting TopLink Sessions from the Application Deployment menu.
However, if you receive an error message when you select this command, you can
remedy the problem by adding one or both of the following MBean system properties,
as follows
On Windows operating systems:
rem set JAVA_OPTIONS=%JAVA_OPTIONS% -Declipselink.register.dev.mbean=true
rem set JAVA_OPTIONS=%JAVA_OPTIONS% -Declipselink.register.run.mbean=true
On UNIX operating systems:
JAVA_OPTIONS="${JAVA_OPTIONS} -Declipselink.register.dev.mbean=true"
JAVA_OPTIONS="${JAVA_OPTIONS} -Declipselink.register.run.mbean=true"
For more information, see the following URL on the Eclipse WIKI Web site:
http://wiki.eclipse.org/Integrating_EclipseLink_with_an_Application_Server_
(ELUG)#How_to_Integrate_JMX
5.1.3 Verifying the DISPLAY Variable to Correct Problems Displaying Graphics
The graphics subsystem for the Fusion Middleware Control generates some of its
graphics on demand, and if the DISPLAY environment variable is set, Fusion
Middleware Control tries to open the specified DISPLAY environment.
5-2 Release Notes
General Issues and Workarounds
If Fusion Middleware Control fails to start due to graphics errors, check to see whether
the DISPLAY environment variable is set to a proper DISPLAY environment.
If the DISPLAY environment variable is set incorrectly, unset the DISPLAY
environment variable. Then restart Fusion Middleware Control.
5.1.4 Incomplete Information Available on the MDS Configuration Page
After deploying a Oracle SOA Suite application that requires Oracle Metadata Services
(MDS), in some rare circumstances, you may find that the MDS configuration page for
the application does not contain complete information about the MDS repository.
To address this problem, use the Metadata Repositories page to register the repository
again. For more information, see "Create and Register an MDS Repository" in the
Fusion Middleware Control online help.
5.1.5 Exceptions When Starting Oracle Web Cache After Accessing Configuration
Pages from Oracle Enterprise Manager Fusion Middleware Control
To start, stop, or restart Oracle Web Cache from Fusion Middleware Control, from the
Web Cache menu, you can choose Control, and then Start Up, Shut Down, or Restart.
If you select Shut Down, and then Start Up on a configuration page, Fusion
Middleware Control may return exception errors. If these errors occur in your
environment, perform the operations from Web Cache Home page.
5.1.6 Table Display Problems When Using Some Language Variants
When you use Fusion Middleware Control in some non-English language
environments, some of the tables on the component home pages display incorrectly.
For example, some rows of the table appear to be merged and without content.
These issues can be safely ignored, since no data on the pages is hidden. The table cells
that appear incorrectly do not contain performance data or other information.
5.1.7 Problems When Internet Explorer 7 is Configured to Open Pop-Up Windows in a
New Tab
If you configure Microsoft Internet Explorer 7 so it always displays pop-up windows
in a new browser tab, then you may experience problems using Fusion Middleware
Control. For example, in some cases, Enteprise Manager content displays in a new tab
as expected, but Fusion Middleware Control stops responding to mouse clicks. The
only way to continue working is to close the tab.
To avoid this problem, use the Internet Options dialog box in Internet Explorer to
disable the option for displaying pop-up windows in a new tab.
5.1.8 Additional Fusion Middleware Control Release Notes
Refer to Chapter 4, "Oracle Fusion Middleware Administration" for additional Fusion
Middleware Control release notes.
Additional Fusion Middleware Control release notes are also included in the
component chapters of the Release Notes.
Oracle Enterprise Manager Fusion Middleware Control 5-3
General Issues and Workarounds
5.1.9 Problem with Performance Charts After Moving a Chart Region
Oracle Enterprise Manager Fusion Middleware Control provides performance charts
on many of the component home pages. For example, it provides charts that display
the current response and load metrics, as well as the CPU and memory usage.
If you move one of these charts to a new location on the home page, then sometimes
the Table View link (which provides a tabular view of the data) does not work
properly and the chart might stop refreshing automatically.
To fix this problem, click the refresh icon at the top, right corner of the page to refresh
the page.
5.1.10 Display Problems When Running JDK 160_18 on Intel Systems that Support the
SSE4.2 Instruction Set
Some of the newer Intel-based computers support the SSE4.2 instruction set. If you are
using the 160_18 version of the Java Development Kit (JDK) on one of these
computers, then you might see some display issues in the Oracle Enterprise Manager
Fusion Middleware Control.
This is related to the following issue on the Sun Developer Network (SDN):
http://bugs.sun.com/view_bug.do?bug_id=6875866
In particular, when using Fusion Middleware Control, you might experience some font
size and alignment issues, and an error similar to the following appears in the server
log file:
Servlet failed with Exception
java.lang.StringIndexOutOfBoundsException: String index out of range
To remedy this problem:
1.
Locate and open the setDomainEnv configuration file in your Oracle WebLogic
Server domain home.
For example:
DOMAIN_HOME/bin/setDomainEnv.sh
2.
Add the following to the JAVA_OPTIONS entry in the setDomainEnv file and save
your changes:
-XX:-UseSSE42Intrinsics
For example:
JAVA_OPTIONS="${JAVA_OPTIONS} ${JAVA_PROPERTIES}
-Dwlw.iterativeDev=${iterativeDevFlag} -Dwlw.testConsole=${testConsoleFlag}
-Dwlw.logErrorsToConsole=${logErrorsToConsoleFlag} -XX:-UseSSE42Intrinsics"
3.
Locate the following directory in your Oracle WebLogic Server domain home:
DOMAIN_HOME/servers/AdminServer/tmp/_WL_user/em/jmb4hf/public/adf/styles/cache/
4.
Delete the style sheets (.css) files from the directory.
5.
Restart the Oracle WebLogic Server domain.
6.
Clear the cache in your Web browser.
5-4 Release Notes
General Issues and Workarounds
5.1.11 Adobe Flash Plugin Required When Displaying Fusion Middleware Control in the
Apple Safari Browser
To use the Apple Safari browser to display Fusion Middleware Control, you must have
the Adobe Flash browser plugin installed.
If you experience problems displaying graphics or other Fusion Middleware Control
elements, download and install a newer version of the plugin from the Adobe Web
site.
5.1.12 Unable to Access Fusion Middleware Control After Installing the Oracle Identity
Management 11.1.1.4.0 Patch Set
After you install the Oracle Fusion Middleware 11g Release 1 (11.1.1.4.0) patch set, you
might experience problems when accessing the Fusion Middleware Control pages
used to manage the Oracle Identity Management components.
Specifically, an error similar to the following appears in the Administration Server log
files:
[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: <anonymous>] [ecid:
0000In^zrbUF8DQ6ubU4UH1D1qXF00000s,0] [APP: em] [[
oracle.adf.controller.ControllerException: ADFC-00025: The ADF controller has
not been successfully initalized.
If you experience this problem, restart the Administration Server. After the restart, you
should be able to log in and access the Fusion Middleware Control pages.
5.1.13 Error Message on Deleting the Shared Folder After Scale-Out
If Oracle Essbase is configured, then the Shared Folder Path field is displayed in the
Essbase Agents region on the Failover page of the Availability tab for the Business
Intelligence node in Fusion Middleware Control.
You use the Shared Folder Path field when setting up a highly available Essbase
deployment. The field specifies a shared location for Essbase configuration files,
security files, and all applications and corresponding databases.
If you remove an existing value in the Shared Folder Path field and attempt to apply
the change without specifying a replacement value, then the following error message
is displayed:
OBI_SYSMAN_1261, "You must not delete the shared folder after a previous scaleout"
To continue, either specify a valid path to the shared location in the Shared Folder Path
field, or discard the change.
5.1.14 Coreapplication Process for Oracle Business Intelligence Reported as Down in
Fusion Middleware Control
In Fusion Middleware Control, the coreapplication process for Oracle Business
Intelligence is erroneously displayed as not running (or "down") even when it is
running (or "up"). For example, you might see an error message similar to the
following one:
Restart All – Failed. Restart failed with 2 errors and 0 warnings. Problems reported
by:coreapplication.
Oracle Enterprise Manager Fusion Middleware Control 5-5
Documentation Errata
To work around this issue, wait for approximately five to ten minutes, then restart all
processes in Fusion Middleware Control. The exact time to wait depends on the
environment (for example, on the size of the repository and on the speed of the
database connection).
5.1.15 Online Help Error Message in Enterprise Manager Log Files Can Be Ignored
When acessing specific topics in the online help table of contents for Oracle Enterprise
Manager Fusion Middleware Control, an error message and a warning message might
appear in the log files. These messages can be ignored.
Specifically, the following example shows an error messages that can appear in the
AdminServer-diagnostic.log file. You can safely ignore these messages:
<Apr 15, 2012 12:58:15 PM PDT> <Error>
<oracle.help.web.rich.converter.RichTopicConverter> <BEA-000000> <JAR entry
loe.htm not found in
/scratch/pabharga/wls/oracle_common/doc/online_help/owcag/owcag_help.jar>
<Apr 15, 2012 12:58:15 PM PDT> <Warning>
<oracle.help.web.util.OHWLoggerUtils> <HELP-10055> <trying to access invalid
topic id owcag/loe.htm>
5.1.16 Incorrect or Missing Metrics Help Information
When you use Fusion Middleware Control to view metrics, you can obtain Help on
the metrics. For this release, all metrics are described in Oracle Enterprise Manager
Oracle Fusion Middleware Metric Reference Manual. Consult that manual for complete
descriptions of metrics.
5.1.17 Error When Accessing the Entry Point URL for the NonJ2EEManagement
Internal Application
When you apply an Oracle Fusion Middleware 11g patch set to an existing 11g
Middleware home, you might be instructed to run the upgradenonj2eeapp script,
which is required when you are patching Oracle Fusion Middleware 11g system
components. For more information, see "Upgrading System Components" in the Oracle
Fusion Middleware Patching Guide.
This script deploys an internal application called NonJ2EEManagement to your Oracle
WebLogic Server domain. After you run the script, the NonJ2EEManagement
application appears in the list of internal applications in Oracle Enterprise Manager
Fusion Middleware Control.
If you attempt to navigate to the application home page of the NonJ2EEManagement
application, and you click the URL for the entry point for the application, you will
receive an error in your browser.
This is a known issue. The NonJ2EEManagement application, like many of the internal
applications, does not have a valid context root or HTML entry point. It is used
exclusively to facilicate the patching of system components in your Middleware home.
5.2 Documentation Errata
This section describes documentation errata. It includes the following topics:
■
■
5-6 Release Notes
Section 5.2.1, "Search Unavailable for Some Embedded Administrator's Guides"
Section 5.2.2, "Patching Section in the Fusion Middleware Control Online Help is
Not Supported"
Documentation Errata
■
Section 5.2.3, "Help Topic for Secure Sockets Layer Tab Needs Updated
Description for WebLogic CA Certificate"
5.2.1 Search Unavailable for Some Embedded Administrator's Guides
Search is unavailable for the following embedded administrator's guides in the Fusion
Middleware Control help system:
■
■
Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation
Oracle Fusion Middleware System Administrator's Guide for Content Server for
installations with Oracle Enterprise Content Management Suite
5.2.2 Patching Section in the Fusion Middleware Control Online Help is Not Supported
The Fusion Middleware Control online help system includes the contents of the Oracle
Fusion Middleware System Administrator's Guide for Oracle Business Intelligence Enterprise
Edition. In the Fusion Middleware Control online help, this guide includes Section
17.11, which describes patching the Oracle BI Presentation Catalog. This functionality
is not supported in Release 11.1.1.5. The section is not included in the version of the
guide that ships with Oracle BI EE or that is posted on the Oracle Technology
Network.
5.2.3 Help Topic for Secure Sockets Layer Tab Needs Updated Description for
WebLogic CA Certificate
An update is required in the Fusion Middleware Control help system for Oracle
Business Intelligence. In the help topic for the Security page: Secure Sockets Layer tab,
the Description for the WebLogic CA certificate element must include the following
text:
Supported types are .der and .pem. Ensure that the certificate file has the correct
extension.
Oracle Enterprise Manager Fusion Middleware Control 5-7
Documentation Errata
5-8 Release Notes
6
Oracle Fusion Middleware High Availability
and Enterprise Deployment
6
This chapter describes issues associated with Oracle Fusion Middleware high
availability and enterprise deployment. It includes the following topics:
■
Section 6.1, "General Issues and Workarounds"
■
Section 6.2, "Configuration Issues and Workarounds"
■
■
Section 6.3, "Testing Abrupt Failures of WebLogic Server When Using File Stores
on NFS"
Section 6.4, "Documentation Errata"
This chapter contains issues you might encounter while
configuring any of the any of the Oracle Fusion Middleware products
for high availability or an enterprise deployment.
Note:
Be sure to review the product-specific release note chapters elsewhere
in this document for any additional issues specific to the products you
are using.
6.1 General Issues and Workarounds
This section describes general issue and workarounds. It includes the following topics:
■
■
■
■
■
■
■
Section 6.1.1, "Secure Resources in Application Tier"
Section 6.1.2, "Accessing Web Services Policies Page in Cold Failover
Environment"
Section 6.1.3, "Timeout Settings for SOA Request-Response Operations are Not
Propagated in a Node Failure"
Section 6.1.4, "Very Intensive Uploads from I/PM to UCM May Require Use of
IP-Based Filters in UCM Instead of Hostname-Based Filters"
Section 6.1.5, "Use srvctl in 11.2 Oracle RAC Databases to Set Up AQ Notification
and Server-side TAF"
Section 6.1.6, "Failover Is Not Seamless When Creating Reports in Oracle BI
Publisher"
Section 6.1.7, "Cannot Save Agent When Oracle Business Intelligence Managed
Server Fails Over"
Oracle Fusion Middleware High Availability and Enterprise Deployment
6-1
General Issues and Workarounds
■
■
■
■
Section 6.1.8, "Installing Additional Oracle Portal, Forms, Reports, and Discoverer
Instances After Upgrading Oracle Single Sign-On 10g to Oracle Access Manager
11g"
Section 6.1.9, "JMS Instance Fails In a BI Publisher Cluster"
Section 6.1.10, "Undelivered Records not Recovered During RAC Failover of
Singleton SOA Server"
Section 6.1.11, "Synchronous BPEL Process Issues"
6.1.1 Secure Resources in Application Tier
It is highly recommended that the application tier in the SOA Enterprise Deployment
topology and the WebCenter Enterprise Deployment topology is protected against
anonymous RMI connections. To prevent RMI access to the middle tier from outside
the subset configured, follow the steps in "Configure connection filtering" in the Oracle
WebLogic Server Administration Console Online Help. Execute all of the steps, except
as noted in the following:
1.
Do not execute the substep for configuring the default connection filter. Execute
the substep for configuring a custom connection filter.
2.
In the Connection Filter Rules field, add the rules that will allow all protocol
access to servers from the middle tier subnet while allowing only http(s) access
from outside the subnet, as shown in the following example:
nnn.nnn.0.0/nnn.nnn.0.0 * * allow
0.0.0.0/0 * * allow t3 t3s
6.1.2 Accessing Web Services Policies Page in Cold Failover Environment
In a Cold Failover Cluster (CFC) environment, the following exception is displayed
when Web Services policies page is accessed in Fusion Middleware Control:
Unable to connect to Oracle WSM Policy Manager.
Cannot locate policy manager query/update service. Policy manager service
look up did not find a valid service.
To avoid this, implement one the following options:
■
■
Create virtual hostname aliased SSL certificate and add to the key store.
Add "-Dweblogic.security.SSL.ignoreHostnameVerification=true" to the JAVA_
OPTIONS parameter in the startWeblogic.sh or startWeblogic.cmd files
6.1.3 Timeout Settings for SOA Request-Response Operations are Not Propagated in a
Node Failure
In an active-active Oracle SOA cluster, when a node failure occurs, the timeout settings
for request-response operations in receive activities are not propagated from one node
to the other node or nodes. If a failure occurs in the server that scheduled these
activities, they must be rescheduled with the scheduler upon server restart.
6.1.4 Very Intensive Uploads from I/PM to UCM May Require Use of IP-Based Filters in
UCM Instead of Hostname-Based Filters
The "Adding the I/PM Server Listen Addresses to the List of Allowed Hosts in UCM"
section in the Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Enterprise
Content Management Suite and the "Adding the I/PM Server Listen Addresses to the
6-2 Release Notes
General Issues and Workarounds
List of Allowed Hosts in UCM" section in the Oracle Fusion Middleware High Availability
Guide describe how to add hostname-based filters for Oracle I/PM managed server
listen addresses to the list of allowed hosts in Oracle UCM.
When using hostname-based filters in Oracle UCM (config.cfg file) a high
latency/performance impact may be observed in the system for very intensive
uploads of documents from Oracle I/PM to Oracle UCM. This is caused by the reverse
DNS lookup that is required in Oracle UCM to allow the connections from Oracle
I/PM servers. Using hostname-based filters is recommended in preparation for
configuring the system for Disaster Protection and to restore to a different host (since
the configuration used is IP-agnostic when using hostname-based filters). However if
the performance of the uploads needs to be improved, users can use instead IP-based
filters. To do this:
1.
Edit the file /u01/app/oracle/admin/domainName/ucm_
cluster/config/config.cfg and remove or comment out:
SocketHostNameSecurityFilter=localhost|localhost.mydomain.com|ecmhost1vhn1|ecmh
ost2vhn1
AlwaysReverseLookupForHost=Yes
2.
Add the IP addresses (listen address) of the WLS_IPM1 and WLS_IPM2 managed
servers (ECMHOST1VHN1 and ECMHOST2VHN1, respectively) to the
SocketHostAddressSecurityFilter parameter list as follows:
SocketHostAddressSecurityFilter=127.0.0.1|0:0:0:0:0:0:0:1|X.X.X.X|Y.Y.Y.
where X.X.X.X and Y.Y.Y.Y are the listen addresses of WLS_IPM1 and WLS_IPM2
respectively. Notice that 127.0.0.1 also needs to be added as shown above.
3.
Restart the UCM servers.
6.1.5 Use srvctl in 11.2 Oracle RAC Databases to Set Up AQ Notification and
Server-side TAF
Because of a known issue in 11.2 Oracle RAC databases, it is required to use srvctl to
set up AQ notification and server-side TAF. Using DBMS_SQL packages will not work
as expected.
Here is an example use of srvctl:
srvctl modify service -d orcl -s orclSVC -e SELECT -m BASIC -w 5 -z 5 -q TRUE
In the example:
orcl - Database Name
orclSVC - Service Name used by middleware component
SELECT - Failover type
BASIC - Failover method
5 - Failover delay
5 - Failover retry
TRUE - AQ HA notifications set to TRUE
Please refer to the Oracle 11.2 Oracle database documentation for detailed information
about this command usage.
Oracle Fusion Middleware High Availability and Enterprise Deployment
6-3
General Issues and Workarounds
6.1.6 Failover Is Not Seamless When Creating Reports in Oracle BI Publisher
If you create a report in Oracle BI Publisher, and a Managed Server is failed over
before the report is saved, the failover might not be seamless. For example, when you
attempt to save the report, the system might not be responsive.
If this occurs, click one of the header links, such as Home or Catalog, to be redirected
to the Oracle BI Publisher login page. Then, log in and create and save the report
again.
6.1.7 Cannot Save Agent When Oracle Business Intelligence Managed Server Fails
Over
If you create an agent in the Oracle Business Intelligence Web interface, and a
Managed Server fails over before you save the agent, an error occurs when you try to
save the agent.
To work around this issue, log out, then log back in to Oracle Business Intelligence and
create the agent again.
6.1.8 Installing Additional Oracle Portal, Forms, Reports, and Discoverer Instances
After Upgrading Oracle Single Sign-On 10g to Oracle Access Manager 11g
This issue occurs with Oracle Portal, Forms, Reports, and Discoverer 11g environments
that have been upgraded from using Oracle Single-Sign On 10g to Oracle Access
Manager 11g for authentication.
When performing subsequent Oracle Portal, Forms, Reports, and Discoverer 11g
installations against the same environment where the initial Oracle Portal, Forms,
Reports, and Discoverer 10g installation was upgraded to Oracle Access Manager,
there are some requirements that must be met.
■
For each subsequent Oracle Portal, Forms, Reports, and Discoverer 11g
installation, you must maintain the original Oracle Single Sign-On 10g instance
and keep it actively running--in addition to new Oracle Access Manager 11g
instance--while the additional Oracle Portal, Forms, Reports, and Discoverer 11g
installations are performed.
This is necessary because Oracle Portal, Forms, Reports, and Discoverer 11g cannot
be installed directly against Oracle Access Manager 11g.
■
After the subsequent classic installs are completed, the Oracle Single Sign-On 10g
to Oracle Access Manager 11g upgrade procedure must be performed again. For
more information, including an upgrade roadmap, see the Oracle Fusion
Middleware Upgrade Guide for Oracle Identity and Access Management.
This procedure upgrades the new Oracle Portal, Forms, Reports, and Discoverer
11g instance to Oracle Access Manager 11g.
Note that these considerations apply only in an environment with Multiple Oracle
Portal, Forms, Reports, and Discoverer 11g middle tiers that are installed or added to a
your environment after the initial upgrade from Oracle Single Sign-On 10g to Oracle
Access Manager 11g.
6.1.9 JMS Instance Fails In a BI Publisher Cluster
On rare occasions, a JMS instance is missing from a BI Publisher Scheduler cluster.
To resolve this issue, restart the BI Publisher application from the WebLogic Server
Administration Console.
6-4 Release Notes
Configuration Issues and Workarounds
To restart your BI Publisher application:
1.
Log in to the Administration Console.
2.
Click Deployments in the Domain Structure window.
3.
Select bipublisher(11.1.1).
4.
Click Stop.
5.
After the application stops, click Start.
6.1.10 Undelivered Records not Recovered During RAC Failover of Singleton SOA
Server
If there is a RAC failover in a singleton server in a SOA RAC environment, recovery of
undelivered records that appear recoverable in EM will fail.
6.1.11 Synchronous BPEL Process Issues
On a SOA cluster, the following scenarios are not supported:
■
Synchronous BPEL process with mid-process receive.
■
Synchronous BPEL process calling asynchronous services .
■
Callback from synchronous processes.
6.2 Configuration Issues and Workarounds
This section describes configuration issues and their workarounds. It includes the
following topics:
■
Section 6.2.1, "Fusion Middleware Control May Display Incorrect Status"
■
Section 6.2.2, "Accumulated BPEL Instances Cause Performance Decrease"
■
■
■
■
■
■
■
■
■
■
Section 6.2.3, "Extra Message Enqueue when One a Cluster Server is Brought
Down and Back Up"
Section 6.2.4, "Duplicate Unrecoverable Human Workflow Instance Created with
Oracle RAC Failover"
Section 6.2.5, "No High Availability Support for SOA B2B TCP/IP"
Section 6.2.6, "WebLogic Administration Server on Machines with Multiple
Network Cards"
Section 6.2.7, "Additional Parameters for SOA and Oracle RAC Data Sources"
Section 6.2.8, "Message Sequencing and MLLP Not Supported in Oracle B2B HA
Environments"
Section 6.2.9, "Credentials not Propagated for Transport Protocols in B2B"
Section 6.2.10, "Use Fully-Qualified Hostnames when Configuring Front-end
Hosts in High Availability Configurations"
Section 6.2.11, "Managed Server goes into Suspended Status After Oracle RAC
Failover"
Section 6.2.12, "Primary/Secondary Configuration Section of the Availability Tab is
Not Visible"
Oracle Fusion Middleware High Availability and Enterprise Deployment
6-5
Configuration Issues and Workarounds
■
Section 6.2.13, "Server Start Parameters Not Getting Set After Scaling Out the
Oracle Business Intelligence Managed Server"
■
Section 6.2.14, "Ensuring the Oracle HTTP Server Lock File is on a Local Drive"
■
Section 6.2.15, "Recreating OSSO Agents that Point to the Load Balancer URL"
■
■
■
■
Section 6.2.16, "Use Lower-Case Letters for GridLink Data Source RAC Service
Name"
Section 6.2.17, "Additional Steps Needed for Oracle RTD Request Forwarding to
Work Correctly"
Section 6.2.18, "Error INST-08075 Occurs When Scaling Out the BI System"
Section 6.2.19, "First Defined RAC Instance Must Be Available On Domain Startup
When Configuring with RAC Multi Data Source"
6.2.1 Fusion Middleware Control May Display Incorrect Status
In some instances, Oracle WebLogic Fusion Middleware Control may display the
incorrect status of a component immediately after the component has been restarted or
failed over.
6.2.2 Accumulated BPEL Instances Cause Performance Decrease
In a scaled out clustered environment, if a large number of BPEL instances are
accumulated in the database, it causes the database's performance to decrease, and the
following error is generated: MANY THREADS STUCK FOR 600+ SECONDS.
To avoid this error, remove old BPEL instances from the database.
6.2.3 Extra Message Enqueue when One a Cluster Server is Brought Down and Back
Up
In a non-XA environment, MQSeries Adapters do not guarantee the only once delivery
of the messages from inbound adapters to the endpoint in case of local transaction. In
this scenario, if an inbound message is published to the endpoint, and before
committing the transaction, the SOA server is brought down, inbound message are
rolled back and the same message is again dequeued and published to the endpoint.
This creates an extra message in outbound queue.
In an XA environment, MQ Messages are actually not lost but held by Queue Manager
due to an inconsistent state. To retrieve the held messages, restart the Queue Manager.
6.2.4 Duplicate Unrecoverable Human Workflow Instance Created with Oracle RAC
Failover
As soon as Oracle Human Workflow commits its transaction, the control passes back
to BPEL, which almost instantaneously commits its transaction. Between this window,
if the Oracle RAC instance goes down, on failover, the message is retried and can
cause duplicate tasks. The duplicate task can show up in two ways - either a duplicate
task appears in worklistapp, or an unrecoverable BPEL instance is created. This BPEL
instance appears in BPEL Recovery. It is not possible to recover this BPEL instance as
consumer, because this task has already completed.
6-6 Release Notes
Configuration Issues and Workarounds
6.2.5 No High Availability Support for SOA B2B TCP/IP
High availability failover support is not available for SOA B2B TCP/IP protocol. This
effects primarily deployments using HL7 over MLLP. For inbound communication in a
clustered environment, all B2B servers are active and the address exposed for inbound
traffic is a load balancer virtual server. Also, in an outage scenario where an active
managed server is no longer available, the persistent TCP/IP connection is lost and the
client is expected to reestablish the connection.
6.2.6 WebLogic Administration Server on Machines with Multiple Network Cards
When installing Oracle WebLogic Server on a server with multiple network cards,
always specify a Listen Address for the Administration Server. The address used
should be the DNS Name/IP Address of the network card you wish to use for
Administration Server communication.
To set the Listen Address:
1.
In the Oracle WebLogic Server Administration Console, select Environment, and
then Servers from the domain structure menu.
2.
Click the Administration Server.
3.
Click Lock and Edit from the Change Center to allow editing.
4.
Enter a Listen Address.
5.
Click Save.
6.
Click Activate Changes in the Change Center.
6.2.7 Additional Parameters for SOA and Oracle RAC Data Sources
In some deployments of SOA with Oracle RAC, you may need to set parameters in
addition to the out-of-the-box configuration of the individual data sources in an Oracle
RAC configuration. The additional parameters are:
1.
Add property oracle.jdbc.ReadTimeout=300000 (300000 milliseconds) for each
data source.
The actual value of the ReadTimeout parameter may differ based on additional
considerations.
2.
If the network is not reliable, then it is difficult for a client to detect the frequent
disconnections when the server is abruptly disconnected. By default, a client
running on Linux takes 7200 seconds (2 hours) to sense the abrupt disconnections.
This value is equal to the value of the tcp_keepalive_time property. To configure
the application to detect the disconnections faster, set the value of the tcp_
keepalive_time, tcp_keepalive_interval, and tcp_keepalive_probes properties
to a lower value at the operating system level.
Note: Setting a low value for the tcp_keepalive_interval property
leads to frequent probe packets on the network, which can make the
system slower. Therefore, the value of this property should be set
appropriately based on system requirements.
For example, set tcp_keepalive_time=600 at the system running the WebLogic Server
managed server.
Oracle Fusion Middleware High Availability and Enterprise Deployment
6-7
Configuration Issues and Workarounds
Also, you must specify the ENABLE=BROKEN parameter in the DESCRIPTION clause in the
connection descriptor. For example:
dbc:oracle:thin:@(DESCRIPTION=(enable=broken)(ADDRESS_LIST=(ADDRESS=(PRO
TOCOL=TCP)(HOST=node1-vip.mycompany.com)(PORT=1521)))(CONNECT_DATA=(SERVICE_
NAME=example.com)(INSTANCE_NAME=orcl1)))
As a result, the data source configuration appears as follows:
<url>jdbc:oracle:thin:@(DESCRIPTION=(enable=broken)(ADDRESS_LIST=(ADDRESS=(PRO
TOCOL=TCP)(HOST=node1-vip.us.example.com)(PORT=1521)))(CONNECT_DATA=(SERVICE_
NAME=example.com)(INSTANCE_NAME=orcl1)))</url>
<driver-name>oracle.jdbc.xa.client.OracleXADataSource</driver-name>
<properties>
<property>
<name>oracle.jdbc.ReadTimeout</name>
<value>300000</value>
</property>
<property>
<name>user</name>
<value>jmsuser</value>
</property>
<property>
<name>oracle.net.CONNECT_TIMEOUT</name>
<value>10000</value>
</property>
</properties>
6.2.8 Message Sequencing and MLLP Not Supported in Oracle B2B HA Environments
Message sequencing and MLLP are not supported in Oracle B2B high availability (HA)
environments.
6.2.9 Credentials not Propagated for Transport Protocols in B2B
The Oracle FMW credential store maintains usernames and passwords that you define
for Transport protocols. If you use the default file store for these credentials, changes
you make to usernames and passwords do not propagate across nodes. You must use a
central LDAP for these credentials to be synchronized across nodes in a cluster, as
described in, and required by, the Oracle Fusion Middleware High Availability Guide
and Enterprise Deployment Guides.
6.2.10 Use Fully-Qualified Hostnames when Configuring Front-end Hosts in High
Availability Configurations
Oracle recommends using the full name of the host, including the domain name, when
configuring front-end hosts in Oracle Fusion Middleware high availability
configurations. Use the host's full name instead of using only the host name.
For example, if myhost is the name of a frontend host in a high availability
configuration, set the frontend host URL to the fully-qualified hostname, such as
myhost.mycompany.com as DNS or local host name resolution files (for example,
/etc/hosts) define.
6.2.11 Managed Server goes into Suspended Status After Oracle RAC Failover
6-8 Release Notes
Configuration Issues and Workarounds
The Managed Server wls_ods(x) can enter a suspended status in the following
situations:
■
A database connection in the data source is wrong or not complete.
■
The host is not a fully-qualified host for the database.
To correct the status of the Managed Server wls_ods(x):
1.
Under the data source, verify that the database connection is correct and complete
with the domain.
2.
Under the data source, verify that the host name for the database is a fullyqualified hostname with the domain.
3.
Verify the connection by selecting the Test button.
6.2.12 Primary/Secondary Configuration Section of the Availability Tab is Not Visible
During the system component scale out process, the Primary/Secondary
Configuration section in the Availability tab of the Capacity Management page in
Fusion Middleware Control may not be visible in the browser. This issue occurs when
you perform the scale out process using Microsoft Internet Explorer version
7.0.5730.11.
To avoid this issue, do not use the browser Microsoft Internet Explorer version
7.0.5730.11 to scale out; use another browser such as Google Chrome.
6.2.13 Server Start Parameters Not Getting Set After Scaling Out the Oracle Business
Intelligence Managed Server
After scaling out Oracle Business Intelligence, Server Start parameters are not getting
set correctly. To work around this issue, update the Server Start parameters for the
scaled out BI Managed Server to include the following:
-Dserver.group=obi arguments
6.2.14 Ensuring the Oracle HTTP Server Lock File is on a Local Drive
If you configure an Oracle instance for Oracle HTTP Server 11g on shared storage,
such as NAS, NFS, or SAN storage, you must ensure that the lock file is created on a
local drive instead of the shared drive. If you do not do this, Oracle HTTP Server
might experience performance problems. Perform these steps to point the LockFile
directive at a local fi le system:
1.
Stop the OHS instances on WEBHOST1 and WEBHOST2.
2.
Open the file ORACLE_INSTANCE/config/OHS/ohs_name/httpd.conf in a text editor.
3.
Find the LockFile directive, configured under both the prefork and worker MPM
configuration blocks in the httpd.conf file. It looks like this:
LockFile ORACLE_INSTANCE/diagnostics/logs/COMPONENT_TYPE/COMPONENT_NAME/http_
lock
4.
Change the LockFile directive under the appropriate MPM configuration to point
to a local file system, for example:
LockFile /local_disk/path/http_lock
Oracle Fusion Middleware High Availability and Enterprise Deployment
6-9
Configuration Issues and Workarounds
5.
Restart Oracle HTTP Server.
6.
Verify that the http_lock file exists in the directory specified by the LockFile
directive.
6.2.15 Recreating OSSO Agents that Point to the Load Balancer URL
A high availability Classic environment typically has a load balancer in front of the
Classic OHS instances. When you configure a classic instance with OAM 11g, the
Configuration Wizard automatically configures an OSSO agent. The OSSO agent
contains the individual Classic OHS instance URL. In a high availability cluster
consisting of two Classic instances, the Configuration Wizard automatically configures
two OSSO agents. Each OSSO agent contains the URL information of one Classic
Webtier instance URL.
In a high availability cluster, you must recreate an OSSO agent that points to the load
balancer URL.
To recreate an OSSO agent that points to the load balancer URL:
1.
From the OAM console, click New OSSO Agent to open the OSSO Wizard
application.
2.
Enter the following information:
■
Name: Enter any name
■
Token Version: Use the default setting, v3.0
■
3.
Base URL: Enter the load balancer URL, for example
http://haqaedg04.us.example.com:7788
■
Admin ID: Leave blank
■
Admin Inf: Leave blank
■
Host Identifier: Keep default value from the Name field.
■
Auto Create Policies: Check this setting to enable it.
Copy the osso.conf file of the new OSSO agent from the OAM server to the
Classic Web Instances config directory.
6.2.16 Use Lower-Case Letters for GridLink Data Source RAC Service Name
When you create a GridLink data source in the Configuration Wizard, you must verify
that the service name on the database uses lowercase letters only and is a qualified
domain name. For example, <mydbservice>.us.example.com. The Service Name field is
in the Configure GridLink RAC Component Schema screen.
The Oracle RAC Service name is defined on the database; it is
not a fixed name. Oracle recommends that you register/add the RAC
service name with the database domain name, for example,
us.example.com
Note:
6.2.17 Additional Steps Needed for Oracle RTD Request Forwarding to Work Correctly
Due to an Oracle RTD issue related to request forwarding, the frontend URL must be
the same as the backend URL for deployments that include Oracle RTD. To set the
frontend URL for Oracle RTD, perform the steps listed in the following procedures at
the point indicated in the Oracle Business Intelligence EDG task flow.
6-10 Release Notes
Configuration Issues and Workarounds
After performing the steps listed in Section 5.7, "Setting the Listen Address for bi_
server1 Managed Server," set the frontend URL for the bi_server1 Managed Server, as
follows:
1.
Log in to the Administration Console.
2.
In the Change Center, click Lock & Edit.
3.
Expand the Environment node in the Domain Structure window.
4.
Click Servers. The Summary of Servers page is displayed.
5.
Select bi_server1 in the Names column of the table. The settings page for bi_
server1 is displayed.
6.
Click the Protocols tab.
7.
Click the HTTP tab.
8.
Set the Frontend Host field to APPHOST1VHN1 (your bi_server1 Listen address).
9.
Click Save, then click Activate Changes.
After performing the steps listed in Section 6.4.1, "Setting the Listen Address for the
bi_server2 Managed Server," set the frontend URL for the bi_server2 Managed Server,
as follows:
1.
Log in to the Administration Console.
2.
In the Change Center, click Lock & Edit.
3.
Expand the Environment node in the Domain Structure window.
4.
Click Servers. The Summary of Servers page is displayed.
5.
Select bi_server2 in the Names column of the table. The settings page for bi_
server2 is displayed.
6.
Click the Protocols tab.
7.
Click the HTTP tab.
8.
Set the Frontend Host field to APPHOST2VHN1 (your bi_server2 Listen address).
9.
Click Save, then click Activate Changes.
6.2.18 Error INST-08075 Occurs When Scaling Out the BI System
When you are scaling out the BI System using the Oracle Business Intelligence
Configuration Assistant, the following error occurs:
INST-08075: Weblogic Server 10.3.6.0 is installed but Weblogic Server
Temporary is used in the BI Domain.
To work around this error, perform the following steps:
1.
Open MW_HOME/registry.xml for editing.
2.
Locate the following line:
<component name="WebLogic Server" version="10.3.6.0" InstallDir="ORACLE_
BASE/fmw/wlserver_10.3">
3.
Change the line to the following:
<component name="WebLogic Server" version="Temporary" InstallDir="ORACLE_
BASE/fmw/wlserver_10.3"
Oracle Fusion Middleware High Availability and Enterprise Deployment
6-11
Testing Abrupt Failures of WebLogic Server When Using File Stores on NFS
4.
Save and close the file.
5.
Return to the Oracle Business Intelligence Configuration Assistant and proceed
past the Scale Out BI System Details screen.
6.
Revert the entry in registry.xml back to version="10.3.6.0".
6.2.19 First Defined RAC Instance Must Be Available On Domain Startup When
Configuring with RAC Multi Data Source
When you configure the RAC data source for OPSS, Oracle recommends using an
Oracle GridLink data source type. If you decide to use a RAC multi data source, you
must ensure that the first RAC instance listed in the multi data source definition is
available during the first domain startup. If you do not use the first RAC instance
listed, configuration fails.
6.3 Testing Abrupt Failures of WebLogic Server When Using File Stores
on NFS
If JMS messages and transaction logs are stored on an NFS-mounted directory, Oracle
strongly recommends that you verify the behavior of a server restart after abrupt
machine failures. Depending on the NFS implementation, different issues can arise
post failover/restart.
To verify server restart behavior, abruptly shut down the node that hosts WebLogic
servers while the servers are running.
■
■
If you configured the server for server migration, it should start automatically in
failover node after the failover period.
If you did not configure the server for server migration, you can manually restart
the WebLogic Server on the same host after the node completely reboots.
If Oracle WebLogic Server does not restart after abrupt machine failure, the following
error entry may appear in server log files:
<MMM dd, yyyy hh:mm:ss a z> <Error> <Store> <BEA-280061> <The persistent
store "_WLS_server_soa1" could not be deployed:
weblogic.store.PersistentStoreException: java.io.IOException:
[Store:280021]There was an error while opening the file store file
"_WLS_SERVER_SOA1000000.DAT"
weblogic.store.PersistentStoreException: java.io.IOException:
[Store:280021]There was an error while opening the file store file
"_WLS_SERVER_SOA1000000.DAT"
at weblogic.store.io.file.Heap.open(Heap.java:168)
at weblogic.store.io.file.FileStoreIO.open(FileStoreIO.java:88)
...
java.io.IOException: Error from fcntl() for file locking, Resource
temporarily unavailable, errno=11
This error occurs when the NFSv3 system does not release locks on the file stores.
WebLogic Server maintains locks on files that store JMS data and transaction logs to
prevent data corruption that can occur if you accidentally start two instances of the
same managed server. Because the NFSv3 storage device doesn't track lock owners,
NFS holds the lock indefinitely if a lock owner crashes. As a result, after abrupt
machine failure followed by a restart, subsequent attempts by WebLogic Server to
acquire locks may fail.
6-12 Release Notes
Documentation Errata
If it is not reasonably possible to tune locking behavior in your NFS environment, use
one of the following solutions to unlock the logs and data files:
■
■
Use the WebLogic Server Administration Console to disable WebLogic file locking
mechanisms for the default file store, a custom file store, a JMS paging file store,
and a Diagnostics file store. To do this, see Considerations for Using File Stores on
NFS in the Oracle Fusion Middleware High Availability Guide.
Manually unlock the logs and JMS data files and start the servers by creating a
copy of the locked persistence store file and using the copy for subsequent
operations. See the following section Unlocking Logs and Data Files Manually.
Unlocking Logs and Data Files Manually
Manually unlock the logs and JMS data files and start the servers by creating a copy of
the locked persistence store file and using the copy for subsequent operations. To
create a copy of the locked persistence store file, rename the file then copy it back to its
original name. The following sample steps assume that transaction logs are stored in
the /shared/tlogs directory and JMS data is stored in the /shared/jms directory.
cd
mv
cp
cd
mv
cp
mv
cp
/shared/tlogs
_WLS_SOA_SERVER1000000.DAT _WLS_SOA_SERVER1000000.DAT.old
_WLS_SOA_SERVER1000000.DAT.old _WLS_SOA_SERVER1000000.DAT
/shared/jms
SOAJMSFILESTORE_AUTO_1000000.DAT SOAJMSFILESTORE_AUTO_1000000.DAT.old
SOAJMSFILESTORE_AUTO_1000000.DAT.old SOAJMSFILESTORE_AUTO_1000000.DAT
UMSJMSFILESTORE_AUTO_1000000.DAT UMSJMSFILESTORE_AUTO_1000000.DAT.old
UMSJMSFILESTORE_AUTO_1000000.DAT.old UMSJMSFILESTORE_AUTO_1000000.DAT
With this solution, the WebLogic file locking mechanism continues to protect against
accidental data corruption if multiple instances of the same servers are accidently
started. However, you must restart the servers manually after abrupt machine failures.
File stores create multiple consecutively numbered.DAT files when they store large
amounts of data. You may need to copy and rename all files when this occurs.
6.4 Documentation Errata
This section describes documentation errata. It includes the following topics:
■
■
Section 6.4.1, "Documentation Errata for the Fusion Middleware High Availability
Guide"
Section 6.4.2, "Documentation Errata for the Fusion Middleware Enterprise
Deployment Guide for Oracle Identity Management"
6.4.1 Documentation Errata for the Fusion Middleware High Availability Guide
This section contains Documentation Errata for Oracle Fusion Middleware High
Availability Guide.
It includes the following topics:
■
Section 6.4.1.1, "Latest Requirements and Certification Information"
■
Section 6.4.1.2, "Error in Line to Add to mod_wl_ohs.conf File"
6.4.1.1 Latest Requirements and Certification Information
Several manuals in the Oracle Fusion Middleware 11g documentation set have
information on Oracle Fusion Middleware system requirements, prerequisites,
Oracle Fusion Middleware High Availability and Enterprise Deployment
6-13
Documentation Errata
specifications, and certification information. For the latest informationon these topics,
see the following documents on Oracle Technology Network:
http://www.oracle.com/technology/software/products/ias/files/fus
ion_certification.html
This document contains information related to hardware and software requirements,
minimum disk space and memory requirements, and required system libraries,
packages, or patches. It also includes information on supported installation types,
platforms, operating systems, databases, JDKs, and third-party products.
6.4.1.2 Error in Line to Add to mod_wl_ohs.conf File
In Chapter 5., "Configuring High Availability for Oracle SOA Suite," the line
<Location /DefaultToDoTaskFlow/> should be <Location
/workflow/DefaultToDoTaskFlow/> in the mod_wl_ohs.conf file. Instances of this line
are in Sections 5.3.13 and 5.14.15.
6.4.2 Documentation Errata for the Fusion Middleware Enterprise Deployment Guide
for Oracle Identity Management
This section contains documentation errata for Oracle Fusion Middleware Enterprise
Deployment Guide for Oracle Identity Management.
It includes the following topics:
■
■
■
■
■
■
■
Section 6.4.2.1, "Set -DDomainRegistrationEnabled=true when Starting Node
Manager"
Section 6.4.2.2, "Ignore Empty Section in the Oracle Virtual Directory Chapter"
Section 6.4.2.3, "Installing Identity Management Sections Are Incorrectly
Organized"
Section 6.4.2.4, "Errors in Instructions for Using the Guide"
Section 6.4.2.5, "LDIF File Error in Procedure for Creating Users and Groups for
Oracle WebLogic Server"
Section 6.4.2.6, "Run Additional emctl Commands When Extending the Domain
with Oracle Internet Directory or Oracle Virtual Directory"
Section 6.4.2.7, "Errors in Section 2.4, Shared Storage and Recommended Directory
Structure"
6.4.2.1 Set -DDomainRegistrationEnabled=true when Starting Node Manager
The November 2010 edition of Oracle Fusion Middleware Enterprise Deployment Guide for
Oracle Identity Management failed to mention that, prior to starting the Node Manager
that controls the WebLogic Administration Server, you must set
-DDomainRegistrationEnabled=true. For example:
export JAVA_OPTIONS=-DDomainRegistrationEnabled=true
6.4.2.2 Ignore Empty Section in the Oracle Virtual Directory Chapter
In the November 2010 edition of Oracle Fusion Middleware Enterprise Deployment Guide
for Oracle Identity Management, Section 8.1.1 in Chapter 11, "Extending the Domain with
Oracle Virtual Directory is an empty section." Please ignore it.
6-14 Release Notes
Documentation Errata
6.4.2.3 Installing Identity Management Sections Are Incorrectly Organized
In Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management
11g Release 1 (11.1.1.5), Part Number E12035-07, Section 4.5.5, "Installing Oracle
Identity Management," should be reorganized as follows:
■
■
The content beginning with "Start the Oracle Fusion Middleware 11g Oracle
Identity Management Installer" should be in a subsection, Section 4.5.5.1, entitled
"Installing Oracle Identity Management 11.1.1.2."
Section 4.5.6, "Upgrading the Oracle Homes for Oracle Identity Management from
11.1.1.2 to 11.1.1.5" should be Section 4.5.5.2.
6.4.2.4 Errors in Instructions for Using the Guide
Errors exist in Section 1.6, "Using This Guide." They should be corrected as follows:
■
Step 11 should be:
If you are using Oracle Access Manager, follow the steps in Chapter 12, "Extending
the Domain with Oracle Access Manager 11g."
■
Steps 11 through 18 should refer to chapters, not sections.
6.4.2.5 LDIF File Error in Procedure for Creating Users and Groups for Oracle
WebLogic Server
The LDIF file in Step 2a of Section 11.4.4, "Creating Users and Groups for Oracle
WebLogic Server," is missing some line breaks. It should appear as follows:
dn: cn=orclFAUserReadPrivilegeGroup,cn=Groups,dc=mycompany,dc=com
changetype: modify
add: uniquemember
uniquemember: cn=IDROUser,cn=Users,dc=mycompany,dc=com
6.4.2.6 Run Additional emctl Commands When Extending the Domain with Oracle
Internet Directory or Oracle Virtual Directory
In the chapters "Extending the Domain with Oracle Internet Directory" and "Extending
the Domain with Oracle Virtual Directory," you are instructed run
./emctl switchOMS ReposURL
to enable the local emagent to communicate with the WebLogic Administration Server
using the virtual IP address. After you have run that command, you must also perform
the following tasks:
■
Force the agent to reload its configuration by issuing the command:
./emctl reload
■
Check that the agent is using the correct Upload URL using the command:
./emctl status agent
6.4.2.7 Errors in Section 2.4, Shared Storage and Recommended Directory
Structure
Table 2-3, Recommended Directory Structure, is missing some values in the Shared
Storage column. The following table entries should have the value "Yes" in the Shared
Storage column, indicating that these directories should be on shared storage:
Oracle Fusion Middleware High Availability and Enterprise Deployment
6-15
Documentation Errata
■
IAM_ORACLE_HOME
■
ASERVER_DOMAIN_HOME
■
ASERVER_APP_HOME
6-16 Release Notes
7
Oracle Fusion Middleware on IBM
WebSphere
7
This chapter describes issues you might encounter when you install and configure
supported Oracle Fusion Middleware products on IBM WebSphere. It includes the
following topics:
■
Section 7.1, "General Issues and Workarounds"
■
Section 7.2, "Configuration Issues and Workarounds"
■
Section 7.3, "Documentation Errata"
This chapter contains issues you might encounter while
installing, configuring, or managing any of the Oracle Fusion
Middleware products on IBM WebSphere.
Note:
Be sure to review the product-specific release note chapters elsewhere
in this document for any additional issues specific to the products you
are using.
7.1 General Issues and Workarounds
This section describes general issue and workarounds. It includes the following topics:
■
■
■
■
■
Section 7.1.1, "Log File Error Message when Starting the SOA Server"
Section 7.1.2, "Save Settings Button Under Accessibility User Preferences Has
Incorrect Label"
Section 7.1.4, "Cannot Create an XA Connection Factory in the IBM WebSphere
Administration Console"
Section 7.1.5, "Accessibility Mode for User Messaging Preferences is Ignored on an
IBM WebSphere Application Server"
Section 7.1.6, "Adding Shared Libraries to Deploy a Task Form from Oracle
JDeveloper"
■
Section 7.1.7, "Setting Cookie Paths for Oracle SOA Suite Applications"
■
Section 7.1.8, "Deploying a SOA Composite Application to a SOA Cluster"
■
■
Section 7.1.9, "Cannot Deploy a SOA Bundle File from Oracle Enterprise Manager
Fusion Middleware Control"
Section 7.1.10, "One-and-Only-One Event Subscriptions Are Not Supported"
Oracle Fusion Middleware on IBM WebSphere 7-1
General Issues and Workarounds
■
■
■
■
■
■
■
■
■
■
■
Section 7.1.11, "Deployed Task Form Startup Failure in IBM WebSphere
Administration Console"
Section 7.1.12, "Oracle BPM Worklist Displays as Undefined in Administration
Console"
Section 7.1.13, "Dashboard Tab May Display Completed SOA Composite Instance
States as Running"
Section 7.1.14, "Two-Way SSL Configuration with Oracle SOA Suite Is Not
Supported"
Section 7.1.15, "Multiple Fault Recovery Failure with the Recover With Options
Dialog"
Section 7.1.16, "IBM WebSphere Application Server - ND Installation Requires a
Server Restart"
Section 7.1.17, "Test Emulations of Asynchronous BPEL Processes Fail"
Section 7.1.18, "SETMANAGEDCONNECTION() Fails with
ILLEGALSTATEEXCEPTION for the AQ Adapter"
Section 7.1.19, "Invalid PolicySet Error When Accessing a Deployed Oracle Fusion
Middleware Application on IBM WebSphere"
Section 7.1.20, "Cannot Stop or Start Oracle Internal Applications From Fusion
Middleware Control on IBM WebSphere"
Section 7.1.21, "For the JMS Adapter, Instances Become Recoverable Even Without
Failover"
■
Section 7.1.22, "Kerberos and SPNEGO are not supported with Oracle WSM"
■
Section 7.1.23, "REST Security Policies and Templates Not Certified"
7.1.1 Log File Error Message when Starting the SOA Server
When you start the SOA server (for this example, named soa_server1) in an IBM
WebSphere Application Server environment, you can receive the following error
message in the WAS_HOME/profiles/CustomXX/logs/soa_server1/soa_
server1-diagnostic.log file.
This message can be safely ignored.
[2013-02-21T10:46:10.786-08:00] [soa_server1] [ERROR] []
[oracle.soa.mediator.dfw] [tid: Non-deferrable Alarm : 0] [ecid:
disabled,0] [APP: soa-infra] failed to deregister mbean[[
javax.management.InstanceNotFoundException:
oracle.mediator:type=MediatorDiagnostic,name=MediatorDiagnostic
at
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getMBean
(DefaultMBeanServerInterceptor.java:1106)
at
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.
exclusiveUnregisterMBean (DefaultMBeanServerInterceptor.java:427)
at
. . .
. . .
7-2 Release Notes
General Issues and Workarounds
7.1.2 Save Settings Button Under Accessibility User Preferences Has Incorrect Label
In Business Process Workspace, the Save Settings button under Preferences >
Accessibility contains an incorrect label. The label for this button should be OK
instead of LABEL_OK.
7.1.3 Oracle Business Process Management Causes java.lang.OutOfMemoryError on
IBM WebSphere Application Server
When Oracle Business Process Management (Oracle BPM) is installed on IBM
WebSphere Application Server, a java.lang.OutOfMemoryError occurs when running
automation tests. This is because the default memory configuration for WebSphere
Application Server is set too low for this. This does not occur when Oracle BPM is
installed on IBM WebSphere Network Deployment.
As a workaround, make the following changes to the JVM properties:
■
Initial heap size increased to 1024MB
■
Maximum heap size increased to 2148MB
■
MaxPermSize increased to 512 MB
■
Verbose garbage collection is selected
7.1.4 Cannot Create an XA Connection Factory in the IBM WebSphere Administration
Console
You cannot create an XA connection factory as a messaging provider in the IBM
WebSphere Administration Console. The connection factories created by default are
non-XA types. For example:
1.
Go to IBM WebSphere Administration Console:
http://host:port/ibm/console
2.
Go to Resources > Queue connection Factories.
3.
Attempt to create an XA-based connection factory.
There is no provision to select an XA mode. You can only create non-XA
connection factories.
7.1.5 Accessibility Mode for User Messaging Preferences is Ignored on an IBM
WebSphere Application Server
On an IBM WebSphere Application Server instance, the accessibility options will not
be set even if you have selected the option on the User Messaging Preferences login
screen.
As a workaround, set the accessibility option on the User Messaging Preferences
Settings page as follows:
1.
Go to Oracle UMS User Messaging Preferences UI:
http://host:port/sdpmessaging/userprefs-ui
2.
Enter a valid user name and password.
3.
In the User Messaging Preference Login page, select Standard from the
Accessibility Mode drop-down list and click Login.
Oracle Fusion Middleware on IBM WebSphere 7-3
General Issues and Workarounds
4.
After logging in, click the Settings link at the top right corner of the User
Messaging Preferences page.
5.
In the Settings page, you can set your Accessibility options in the following
manner:
■
■
■
6.
Select Screen Reader from the Accessibility Mode options, if desired.
Select the High Contrast checkbox if you want the text to be displayed in high
contrast.
Select the Large Fonts check box if you want the text to be displayed in large
fonts.
Click the Home link to go to the User Messaging Preferences page. The
Accessibility options, that you chose to set in the Settings page, will be enabled.
Note: The Settings options in UMS User Messaging Preferences is
session based. If you log out or close the browser, you will lose the
accessibility options settings. You will need to reset the settings after
each login.
7.1.6 Adding Shared Libraries to Deploy a Task Form from Oracle JDeveloper
When you deploy a SOA composite application with a task flow from Oracle
JDeveloper to the SOA server on IBM WebSphere, the application cannot be started
correctly due to a ClassNotFound error. The shared library of the application is empty.
As a workaround, perform the following steps:
1.
Go to IBM WebSphere Administration Console.
2.
Select Applications > Application Types > WebSphere Enterprise Applications >
task_form_name > Shared library references.
3.
Manually add adf.oracle.domain_1.0_11.1.1.2.0 and oracle.jsp.next_
11.1.1_11.1.1.
4.
Restart the application.
7.1.7 Setting Cookie Paths for Oracle SOA Suite Applications
By default, applications deployed on IBM WebSphere have their cookie path set to "/".
This default setting means that all applications on the same IBM WebSphere cell share
the same session identifier. Therefore, as you move between applications, the session
identifier value for the previous application is overwritten.
For example, if you access Oracle SOA Composer (/soa/composer), then access Oracle
Enterprise Manager (/em), and then return to Oracle SOA Composer (/soa/composer),
you are prompted to log in again because the previous session identifier value is
overwritten at the point at which you log in to Oracle Enterprise Manager.
Section "Setting Cookie Paths for WebCenter Portal Application Modules Post
Deployment" of the Oracle Fusion Middleware Third-Party Application Server Guide
describes how to specify unique cookie paths for each application. This action enables
you to avoid session invalidation as you move between applications.
In Step 4 of that section, where you click Manage Modules in IBM WebSphere
Administration Console to select the modules to manage, and Step 5, where you
specify the cookie path, note the following Oracle SOA Suite details to specify.
7-4 Release Notes
General Issues and Workarounds
Target Server
Application Name
Modules
Cookie Path
soa_server1
composer
soa-composer-was.war
/soa/composer
worklist-was.war
/integration/worklistapp
bam-web.war
/OracleBAM
sdpmessaginguserprefs-uiweb.war
/sdpmessaging/userprefs-u
i
em.war
/em
(Oracle SOA Composer)
worklistapp
(Oracle BPM Worklist)
bam_server1
oracle-bam
(Oracle BAM)
soa_server1/bam_
server1
usermessagingserver
OracleAdminServer
em
(Oracle User Messaging
Server)
(Oracle Enterprise Manager)
After performing these tasks, you must restart the target servers (soa_server1, bam_
server1, and OracleAdminServer).
7.1.8 Deploying a SOA Composite Application to a SOA Cluster
When you deploy a SOA composite application from Oracle JDeveloper, you cannot
select the application server to which to deploy. Instead, the application is deployed to
the Deployment Manager by default.
As a workaround, log in to the IBM WebSphere Administration Console, uninstall the
application from the Deployment Manager, and reinstall the application to the SOA
cluster by using the generated .ear file.
7.1.9 Cannot Deploy a SOA Bundle File from Oracle Enterprise Manager Fusion
Middleware Control
You cannot deploy a SOA bundle file from Oracle Enterprise Manager Fusion
Middleware Control. As a workaround, use the wsadmin command line shell.
For example, assume vacationapproval.zip is a SOA bundle file that includes three
SOA composite applications.
wsadmin> soa.sca_deployComposite("http://myhost.us.example.com:7001",
"/tmp/vacationapproval.zip")
For more information about wsadmin commands, see Section "Oracle SOA Suite
wsadmin and WLST Command Differences" of the Oracle Fusion Middleware
Third-Party Application Server Guide.
7.1.10 One-and-Only-One Event Subscriptions Are Not Supported
Business events are published to the Event Delivery Network (EDN). EDN provides
support for delivering events to one-and-only-one subscribers, in which the event is
sent to the subscriber in its own global (that is, JTA) transaction. However,
one-and-only-one subscriptions are not supported when using EDN with IBM
WebSphere Server.
As a workaround, change the one and only one consistency level of the event
subscription to guaranteed in the Create Mediator dialog.
Oracle Fusion Middleware on IBM WebSphere 7-5
General Issues and Workarounds
This change downgrades the consistency level. Therefore, a
system failure may cause an event to be delivered more than once
because there is no global transaction. If the subscriber fails to process
the event, the event is not resent.
Note:
7.1.11 Deployed Task Form Startup Failure in IBM WebSphere Administration Console
When you attempt to start a deployed task form application in the IBM WebSphere
Administration Console, it fails. You receive an error message similar to the following:
Was2Form failed to start. Check the logs for server dmgr on node
DefaultCellManager01 for details.
ErrorAn error occurred while starting Was2Form. Check the logs for server
dmgr on node DefaultCellManager01 for more information.
As a workaround, perform the following steps:
1.
Deploy the task flow in Oracle JDeveloper at the application level, instead of the
project level. This generates the EAR file.
2.
Undeploy the task flow from the IBM WebSphere Administration Console. Save
directly to the master configuration to synchronize changes to all nodes.
3.
Deploy the EAR file generated in step 1 through the IBM WebSphere
Administration Console.
4.
a.
Go to Websphere Enterprise Applications > Install > Pick EAR from Locale
file system.
b.
Click Next (use the default options).
c.
On step 2 of the deploy page "Map modules to servers," select all modules,
highlight only the SOA server (for example, soa_server1), and click Apply.
d.
On step 3, "Map virtual hosts for Web modules," select the WAR file.
e.
At the end, save directly to the master configuration again.
Select the EAR file to start it.
7.1.12 Oracle BPM Worklist Displays as Undefined in Administration Console
If you configure an Oracle SOA Suite cluster or single server environment on IBM
WebSphere, you may receive an error when accessing Oracle BPM Worklist indicating
that it is undefined. If you log in to IBM WebSphere Administration Console, and
select Applications > WebSphere enterprise applications > worklistapp > Shared
library references, and see that only one row (worklistapp) is displayed when two
rows should display (worklistapp and worklist-was.war), you must perform the
following steps.
■
■
Uninistall Oracle BPM Worklist (known as worklistapp in the IBM WebSphere
Administration Console).
Re-install Oracle BPM Worklist.
To uninistall Oracle BPM Worklist:
1.
Log in to the IBM WebSphere Administration Console.
2.
From the panel on the left hand side, select Applications > Application Type >
WebSphere enterprise applications.
3.
Select the check box for worklistapp from the Enterprise Applications list.
7-6 Release Notes
General Issues and Workarounds
4.
Click the Stop button to stop worklistapp.
5.
Select worklistapp again.
6.
Click the Uninstall button, and click OK.
7.
Select Review from the Save and Review options.
8.
Select Synchronize changes with nodes, and click Save.
9.
Wait until configuration synchronization is complete, then click OK.
10. Confirm that worklistapp is now removed (uninstalled) from Enterprise
Applications.
To re-install Oracle BPM Worklist:
1.
If not already there, navigate to Applications > Application Type > WebSphere
enterprise applications.
2.
Click Install.
3.
Select the Remote file system option:
a.
Click Browse > DefaultCellDepMgrNode.
b.
Click the root directory (/), and go to your ORACLE_HOME.
c.
Navigate to soa/applications.
d.
Select worklist-was.ear, and click OK.
4.
Select the default Fast Path, and click Next.
5.
Select the installation options:
a.
6.
7.
8.
Change the name Oracle BPM Worklist to worklistapp, and click Next.
Map the modules to the servers:
a.
Select the check boxes for the two modules (jar and war).
b.
From the Clusters and servers list, select server=soa_server1 or the server or
cluster on which Oracle SOA Suite is installed.
c.
Click Apply.
d.
Confirm that the two modules now have the correct server value (for example,
soa_server1) in the server column.
e.
Click Next.
Map the virtual hosts for the web modules:
a.
Select the one web module.
b.
Click Next.
On the Summary screen, review the information, and click Finish.
Output displays on the screen, and you are prompted to save or review your local
changes.
9.
Select Review.
10. Save your workspace changes:
a.
Click Synchronize changes with Nodes.
b.
Verify that Total changed documents is 29 (if not, there may be an error).
c.
Click Save.
Oracle Fusion Middleware on IBM WebSphere 7-7
General Issues and Workarounds
11. Wait until configuration synchronization is complete, then click OK.
The worklistapp is now installed and ready to be started.
12. Verify that the worklistapp is present in the Enterprise Applications list.
13. Select worklistapp, and click Start.
14. Confirm that the Application Status is up.
15. Test that Oracle BPM Worklist in accessible by visiting the following URL:
http://host:port/integration/worklistapp
7.1.13 Dashboard Tab May Display Completed SOA Composite Instance States as
Running
The Dashboard tab of a SOA composite application in Oracle Enterprise Manager
Fusion Middleware Control may show the state of an instance as running even though
the instance has actually completed. In this scenario, verify the actual instance state on
the Flow Trace page.
7.1.14 Two-Way SSL Configuration with Oracle SOA Suite Is Not Supported
Two-way SSL configuration on IBM WebSphere is not supported. Therefore, there is no
support for Oracle Web Service Manager (OWSM) two-way security policies that are
SSL-configured. Note that one-way SSL is supported (for example, in which you create
an SSL-configured SOA service that invokes another SOA service).
7.1.15 Multiple Fault Recovery Failure with the Recover With Options Dialog
If you click Recover With Options on the Fault and Rejected Messages tab of a SOA
composite application, and attempt to recover all faults by selecting Recover All in the
Recover With Options dialog, the faults are not recovered and display as pending. The
problem only occurs with the Recover With Options dialog. Individual instance
recovery and selecting multiple instances for recovery works correctly.
7.1.16 IBM WebSphere Application Server - ND Installation Requires a Server Restart
If you install IBM WebSphere Application Server - Network Deployment (ND) for use
with Oracle SOA Suite, you must restart the server for JCA adapter binding
components to be active. Otherwise, JNDIs are not active, and you receive the
following error message:
Non Recoverable System Fault :
BINDING.JCA-12563 Exception occured when binding was invoked. Exception
occured during invocation of JCA binding: "JCA Binding execute of Reference
operation 'Write' failed due to: JCA Binding Component connection issue. JCA
Binding Component is unable to create an outbound JCA (CCI) connection.
File_MEDComposite:WriteMed [ Write_ptt::Write(body) ] : The JCA Binding
Component was unable to establish an outbound JCA CCI connection due to the
following issue: BINDING.JCA-12510 JCA Resource Adapter location error.
. . .
. . .
7.1.17 Test Emulations of Asynchronous BPEL Processes Fail
You cannot create test emulations involving asynchronous BPEL processes in a SOA
composite application on IBM WebSphere. During test execution, this results in an
CannotInstantiateObjectException exception error.
7-8 Release Notes
General Issues and Workarounds
7.1.18 SETMANAGEDCONNECTION() Fails with ILLEGALSTATEEXCEPTION for the AQ
Adapter
When running Oracle AQ Technology Adapter cases on the WebSphere Platform, you
might encounter the following error:
javax.resource.spi.ResourceAllocationException: setManagedConnection: illegal
state exception. State = STATE_ACTIVE_FREE MCW = 28392839
To follow-up on this exception, IBM PMR # 69026,756 has been created
7.1.19 Invalid PolicySet Error When Accessing a Deployed Oracle Fusion Middleware
Application on IBM WebSphere
When you deploy an application using Oracle Fusion Middleware on IBM WebSphere,
you might receive the following runtime error:
oracle.fabric.common.PolicyEnforcementException: PolicySet Invalid:
WSM-06102 PolicyReference The policy reference URI
oracle/wss_username_token_service_policy is not valid
To workaround this issue, perform the following steps:
1.
Open the policy-accessor-config.xml file, which can found at the following
location:
WAS_HOME/profiles/Dmgr01/config/cells/DefaultCell/fmwconfig/
2.
Locate the policy-accessor properties and uncomment the following properties
and set the value of each property as shown:
<property name="active.protocol">
remote
</property>
<property name="java.naming.provider.url">
corbaloc:iiop:hostname:rmi.port
</property>
In this example, replace hostname and rmi.port to identify the host and RMI port
where the policy manager is running.
No restart is required. By default, the new version of the
policy-accessor-config.xml is loaded every 10 mins. However, if you want to pick
up the changes immediately, then you can restart the server.
7.1.20 Cannot Stop or Start Oracle Internal Applications From Fusion Middleware
Control on IBM WebSphere
When running Oracle Enterprise Manager Fusion Middleware Control on IBM
WebSphere, you might experience errors if you attempt to stop or start the internal
Oracle applications that are displayed under the Internal Applications folder in the
target navigation pane.
The applications listed here are internal Oracle applications. You should not start or
stop these applications from Fusion Middleware Control. If you must stop or start
these applications, then start or stop the managed servers that host the internal
applications.
Oracle Fusion Middleware on IBM WebSphere 7-9
Configuration Issues and Workarounds
7.1.21 For the JMS Adapter, Instances Become Recoverable Even Without Failover
When the SOA JMS adapter is installed on WebSphere and is communicating with the
IBM WebSphere Default JMS Messaging provider, you must set the property
Persistent message reliability to Assured persistent rather than Reliable
persistent; otherwise, an incorrect setting can result in loss of messages.
Also, occasionally when the failover scenario does not occur, you can see situations
that include an error (transaction timing out, or the closing of JMS session) from the
IBM WebSphere JMS, making instances become recoverable. If this happens, you need
to manually recover the instances from the Oracle Enterprise Manager.
7.1.22 Kerberos and SPNEGO are not supported with Oracle WSM
Kerberos and Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) are
not supported with Oracle Web Services Manager.
Note the following limitations:
■
■
The Kerberos policies and assertion templates included with Oracle WSM are not
supported.
SPNEGO functionality is not supported.
7.1.23 REST Security Policies and Templates Not Certified
The current release of REST security policies and templates are not certified on IBM
WebSphere.
7.2 Configuration Issues and Workarounds
This section describes configuration issues and their workarounds. It includes the
following topics:
■
■
■
■
■
■
■
■
■
7-10 Release Notes
Section 7.2.1, "Error Configuring a Cell When IBM WebSphere Installed on
Windows 2003 and 2008"
Section 7.2.2, "Configuring Coherence for a SOA Cluster on IBM WebSphere"
Section 7.2.3, "Limitations When Configuring Oracle Business Activity Monitoring
for High Availability on IBM WebSphere"
Section 7.2.4, "Requests Received by IBM HTTP Server (IHS) Are Routed to the
Fusion Middleware Welcome Page"
Section 7.2.5, "Unable to Register WSRP/JPDK Producers Through Pagelet
Producer Console on IBM WebSphere"
Section 7.2.6, "Unable to Configure Password Settings Through Pagelet Producer
Console on IBM WebSphere"
Section 7.2.7, "Restart of Deployment Manager Required When Configuring Oracle
SOA Suite for High Availability on IBM WebSphere"
Section 7.2.8, "Additional Configurations For SSO Logout on WebSphere"
Section 7.2.9, "java.lang.ClassNotFoundException Error Message seen in the Log
File When Deploying SimpleApprovalTaskFlow on IBM WebSphere"
Configuration Issues and Workarounds
7.2.1 Error Configuring a Cell When IBM WebSphere Installed on Windows 2003 and
2008
When IBM WebSphere is installed on Windows 2003 or Windows 2008, the following
error sometimes displays when you attempt to create a cell:
WebSphere Profile Update Failed!
No Changes Were Saved To The WebSphere Profile
Profile Location: x:\mydir\APPSER~1\profiles\Dmgr02
Reason Exception saving changes to WebSphere configuration
The issue is due to the Jython libraries shipped with IBM WebSphere. As a
workaround:
1.
Locate and edit the file:
WAS_HOME\optionalLibraries\jython\Lib\javaos.py
2.
Locate the function: _getOsType
3.
Edit the _osTypeMap variable to return "nt" as the default.
_osTypeMap = (
( "nt", r"(nt)|(Windows NT)|(Windows NT 4.0)|(WindowsNT)|"
r"(Windows 2000)|(Windows XP)|(Windows CE)" ),
( "dos", r"(dos)|(Windows 95)|(Windows 98)|(Windows ME)" ),
( "mac", r"(mac)|(MacOS.*)|(Darwin)" ),
( "None", r"(None)" ),
( "nt", r"(.*)" ), # default - posix seems to vary mast widely
)
4.
Save the changes.
7.2.2 Configuring Coherence for a SOA Cluster on IBM WebSphere
When you configure a SOA cluster on IBM WebSphere, you must configure Oracle
Coherence with the host names and other required cluster properties.
For Oracle WebLogic Server environments, refer to the Oracle Coherence configuration
information "Configuring Oracle Coherence for Deploying Composites" in the Oracle
Fusion Middleware High Availability Guide.
When configuring a SOA Cluster on IBM WebSphere, you perform a similar set of
tasks, using the following instructions that are specific to IBM WebSphere:
1.
Login to the IBM WebSphere Administrative Console.
2.
Navigate to the Java Virtual Machine Custom Properties page:
Servers > soa_server_name > Java and Process Management > Process Definition
> Java Virtual Machine > Custom Properties
3.
Add the following properties:
■
For a multicast cluster:
tangosol.coherence.clusteraddress
tangosol.coherence.clusterport
■
For a unicast cluster:
tangosol.coherence.wka1 (= host1)
tangosol.coherence.wka2 (= host2)
Oracle Fusion Middleware on IBM WebSphere 7-11
Configuration Issues and Workarounds
tangosol.coherence.localhost = (host?)
tangosol.coherence.wka1.port
tangosol.coherence.wka2.port
tangosol.coherence.localport
7.2.3 Limitations When Configuring Oracle Business Activity Monitoring for High
Availability on IBM WebSphere
When you install and configure Oracle BAM on IBM WebSphere, you cannot configure
the Oracle BAM servers in the high availability, two-node configuration as described
"Configuring High Availability for Oracle BAM" in the Oracle Fusion Middleware High
Availability Guide.
Instead, when configuring Oracle BAM on IBM WebSphere, you must use a cold
failover configuration. For more information, see "Active-Passive Topologies for
Oracle Fusion Middleware High Availability" in the Oracle Fusion Middleware High
Availability Guide.
7.2.4 Requests Received by IBM HTTP Server (IHS) Are Routed to the Fusion
Middleware Welcome Page
When using Fusion Middleware products on IBM WebSphere ND with an IBM @
HTTPServer (IHS) front end, requests coming in to the Content Server may instead be
routed to the Fusion Middleware Welcome page that is running on the cell's
Administration Server (OracleAdminServer).
For requests to be properly routed to the Content Server, perform the following steps
after fully configuring the cell.
Refer to IBM's Network Deployment documentation for detailed information about
editing, propagating, and regenerating the plugin-cfg.xml file:
1.
Disable automatic propagation of the plugin-cfg.xml file.
For example:
IBM/HTTPServer/plug-in/config/webserver1/plugin-cfg.xml
2.
Manually regenerate plugin-cfg.xml.
3.
Manually edit plugin-cfg.xml to remove any entries that may cause requests to
be routed to OracleAdminServer.
4.
Manually propagate plugin-cfg.xml to the IHS Web server plugin.
If you update the cell after performing these steps, you might see this issue again. If so,
then repeat these configuration steps.
7.2.5 Unable to Register WSRP/JPDK Producers Through Pagelet Producer Console on
IBM WebSphere
Users are not able to register WSRP/JPDK Producers in Oracle WebCenter Portal's
Pagelet Producer Console in an IBM WebSphere Application Server instance. To
resolve this issue, follow the steps below to add the necessary role
(AppConnectionManager) to the Pagelet Producer application.
1.
Open WebSphere Admin Console.
2.
Under WebSphere Applications Deployment, right-click pagelet-producer and
select Security and Application Roles.
7-12 Release Notes
Configuration Issues and Workarounds
3.
Click Application stripe and select pagelet-producer.
4.
In the Starts with field, enter AppConnectionManager and click Search. Select the
AppConnectionManager role and click Edit.
5.
Under Members, click Add to open a dialog that allows you to search for
principals and assign the necessary users or groups to the role. Select the required
user(s) and click OK to close the dialog.
6.
Click OK to save the application settings.
7.
Restart the WC_Portlet managed server (the updated security settings do not take
effect until the server is restarted).
7.2.6 Unable to Configure Password Settings Through Pagelet Producer Console on
IBM WebSphere
While trying to set passwords (such as the Proxy Password), through WebCenter
Portal's Pagelet Producer Console in an IBM WebSphere Application Server instance,
the following error displays:
ADF_FACES-60097: For more information, please see the server's error log for
an entry beginning with: ADF_FACES-60096:Server Exception during PPR, #9
To workaround this issue you must grant some additional permissions to the pagelet
producer application:
1.
Using wsadmin, connect to the Dmgr server for the cell configured with the
pagelet producer application:
WC_HOME/common/bin/wsadmin.sh -conntype SOAP -user admin username -password
password -host Dmgr_host -port admin_SOAP_port
See also "Running WebCenter Portal wsadmin Commands " in Oracle Fusion
Middleware Third-Party Application Server Guide.
2.
Run the following Opss.grantPermission command to grant permissions to the
pagelet producer application to update proxy passwords:
wsadmin>
Opss.grantPermission(appStripe=None,principalClass=None,principalName=None,
codeBaseURL='file:${user.install.root}/installedApps/DefaultCell/pageletproduc
er.ear/',
permClass='oracle.security.jps.service.credstore.CredentialAccessPermission',
permTarget='context=SYSTEM,mapName=ensemble,keyName=*',permActions='read,write
,update,delete')
3.
Restart the WC_Portlet managed server (the updated security settings do not take
effect until the server is restarted).
7.2.7 Restart of Deployment Manager Required When Configuring Oracle SOA Suite for
High Availability on IBM WebSphere
To configure Oracle SOA Suite for high availability on WebSphere, follow the
instructions in "Federating a Remote Machine to an Existing Cell" in Oracle Fusion
Middleware Configuration Guide for IBM WebSphere Application Server.
However, when following these instructions, you must be sure to stop and restart the
Deployment Manager before configuration of the second node. For more information,
see "Configuring the Deployment Manager to Detect the Remote Node Agent" in the
Oracle Fusion Middleware Third-Party Application Server Guide.
Oracle Fusion Middleware on IBM WebSphere 7-13
Documentation Errata
7.2.8 Additional Configurations For SSO Logout on WebSphere
You must configure the Sync Filter to get SSO logout on WebSphere to work well. In
the deployment descriptor (for example, web.xml) of the application, the filter can be
configured for certain URL patterns as in the following example.
<filter>
<display-name>SSOSessionSynchronizationFilter</display-name>
<filter-name>SSOSessionSynchronizationFilter</filter-name>
<filter-class>oracle.security.was.filter.SSOSessionSynchronizationFilter</filter-c
lass>
</filter>
<filter-mapping>
<filter-name>SSOSessionSynchronizationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
You also need to add the following JAR to the WebSphere classpath:
$MiddleWareHome/oracle_common/modules/oracle.ssofilter_
11.1.1/ssofilter.jar
7.2.9 java.lang.ClassNotFoundException Error Message seen in the Log File When
Deploying SimpleApprovalTaskFlow on IBM WebSphere
You can receive an ArrayIndexOutOfBoundsException error in the log file after
accessing the Log Configuration page in Oracle Enterprise Manager Fusion
Middleware Control.
The Log Configuration page is displayed correctly. The error has no impact on product
functionality and can be ignored.
7.3 Documentation Errata
This section describes documentation errata. It includes the following topic:
■
■
■
Section 7.3.1, "Updates to Steps for Patching WebCenter Portal 11.1.1.6.0
Installations to 11.1.1.7.0"
Section 7.3.2, "Updates to Steps for Configuring Oracle Business Intelligence for
Scaling Out on IBM WebSphere"
Section 7.3.3, "Updates to Section on Upgrading"
7.3.1 Updates to Steps for Patching WebCenter Portal 11.1.1.6.0 Installations to
11.1.1.7.0
Steps that describe how to patch a WebCenter Portal 11.1.1.6.0 installation to 11.1.1.7.0
are documented in "Patching WebCenter Portal on IBM WebSphere from 11.1.1.6 to
11.1.1.7"in Oracle Fusion Middleware Third-Party Application Server Guide.
Changes to the information provided are listed below:
■
7-14 Release Notes
Before you start - Determine your existing Oracle Web Services Manager
(OWSM) security policy URIs
Documentation Errata
Oracle recommends that you record your existing OWSM policy URI settings before
you patch to WebCenter Portal 11.1.1.7.0. This step is missing from the
documentation.
To determine your existing settings prior to patching WebCenter Portal 11.1.1.6.0,
follow the steps described in "Determining OWSM Policy URIs for Spaces,
Discussions, and Portlet Web Service End Points" in Oracle Fusion Middleware
Patching Guide.
■
Step 10 - Use the Patch Set Assistant to update all the required schemas
This step must be done before Step 5 "Start the upgraded IBM WebSphere node
agent and deployment manager".
7.3.2 Updates to Steps for Configuring Oracle Business Intelligence for Scaling Out on
IBM WebSphere
Section 10.2.11.1 of Oracle Fusion Middleware Third-Party Application Server Guide
describes the steps for configuring for scaling out JEE components for Oracle Business
Intelligence on IBM WebSphere. These steps must be updated because they differ
slightly depending on whether you install with the Installer for 32-bit or 64-bit
systems.
The steps when using the 32-bit Installer are as follows:
1.
Use the Administration Console for IBM WebSphere to verify that the following
conditions are met:
■
■
■
2.
Oracle Business Intelligence is installed with IBM WebSphere on the first host
computer.
The installation of Oracle Business Intelligence on the first host computer
includes two servers, which are named OracleAdminServer and bi_server1.
The installation also includes a Node Agent and a single Deployment
Manager.
The servers are managed as a cluster for IBM WebSphere that is called bi_
cluster.
Install IBM WebSphere on the second host computer. Ensure that you select None
as the installation type and click Finish on the Installation Results page.
The Profile Management tool is displayed at the end of the IBM WebSphere
installation. Provide the settings for the Profile Management tool as described in
the existing Step 4 in Section 10.2.11.1.
3.
Stop the NodeAgent using the stopNode.sh script.
4.
Apply any patches as appropriate for IBM WebSphere on the second host
computer, so that the second computer runs the same version as the first
computer.
5.
Start the NodeAgent using the startNode.sh script.
6.
Install Oracle Business Intelligence on the second host computer and select the
following options:
■
■
For installation type, select Software-Only.
Install Oracle Business Intelligence in the same directory structure on the
second host computer as it is installed on the first host computer, such as
/mydir/myname/mw_home
Oracle Fusion Middleware on IBM WebSphere 7-15
Documentation Errata
7.
Follow the existing Step 6 in Section 10.2.11.1 to create an IBM Managed Server
(similar to bi_server1 on the first node) to handle the JEE applications for Oracle
Business Intelligence on the new node.
The steps when using the 64-bit Installer are as follows:
1.
Use the Administration Console for IBM WebSphere to verify that the following
conditions are met:
■
■
■
Oracle Business Intelligence is installed with IBM WebSphere on the first host
computer.
The installation of Oracle Business Intelligence on the first host computer
includes two servers, which are named OracleAdminServer and bi_server1.
The installation also includes a Node Agent and a single Deployment
Manager.
The servers are managed as a cluster for IBM WebSphere that is called bi_
cluster.
2.
Install IBM WebSphere on the second host computer. Ensure that you select None
as the installation type and click Finish on the Installation Results page.
3.
Apply any patches as appropriate for IBM WebSphere on the second host
computer, so that the second computer runs the same version as the first
computer.
Unlike for the 32-bit Installer, the NodeAgent does not exist until the profile is
created for the 64-bit Installer.
4.
Run the Profile Management tool as described in the existing Step 4 in Section
10.2.11.1.
5.
Stop the NodeAgent using the stopNode.sh script.
6.
Install Oracle Business Intelligence on the second host computer and select the
following options:
■
■
For installation type, select Software-Only.
Install Oracle Business Intelligence in the same directory structure on the
second host computer as it is installed on the first host computer, such as
/mydir/myname/mw_home
7.
Start the NodeAgent using the startNode.sh script.
8.
Follow the existing Step 6 in Section 10.2.11.1 to create an IBM Managed Server
(similar to bi_server1 on the first node) to handle the JEE applications for Oracle
Business Intelligence on the new node.
7.3.3 Updates to Section on Upgrading
Section 10.4 describes how to upgrade Oracle Business Intelligence to run on IBM
WebSphere. The section begins with a bulleted list that needs to be reworded as
follows:
■
■
7-16 Release Notes
If you have a 10g Release of Oracle Business Intelligence that is running on IBM
WebSphere.
If you you have a previous 11g Release of Oracle Business Intelligence that is
running on Oracle WebLogic Server.
Part II
Part II
Oracle Development Tools
Part II contains the following chapters:
■
■
Chapter 8, "Oracle JDeveloper and Oracle Application Development Framework
(ADF)"
Chapter 9, "Oracle TopLink"
8
Oracle JDeveloper and Oracle Application
Development Framework (ADF)
8
The latest known issues associated with Oracle JDeveloper and Application Developer
Framework (ADF) are available on the Oracle Technology Network (OTN) at:
http://www.oracle.com/technetwork/developer-tools/jdev/index-101
256.html.
For more information and technical resources for Oracle JDeveloper and Application
Developer Framework (ADF), visit the product center on the Oracle Technology
Network at:
http://www.oracle.com/technetwork/developer-tools/jdev/overview/
index.html.
Oracle JDeveloper and Oracle Application Development Framework (ADF)
8-1
8-2 Release Notes
9
Oracle TopLink
9
This chapter describes issues associated with Oracle TopLink. It includes the following
topics:
■
Section 9.1, "General Issues and Workarounds"
9.1 General Issues and Workarounds
This section describes general issue and workarounds. It includes the following topic:
■
Section 9.1.1, "TopLink Object-Relational Issues"
■
Section 9.1.2, "TopLink Workbench Issues"
■
Section 9.1.3, "Oracle Database Extensions with TopLink"
■
Section 9.1.4, "Allowing Zero Value Primary Keys"
■
Section 9.1.5, "Managed Servers on Sybase with JCA Oracle Database Service"
■
■
Section 9.1.6, "Logging Configuration with EclipseLink Using Container Managed
JPA"
Section 9.1.7, "Grid Cache requires CacheLoader"
9.1.1 TopLink Object-Relational Issues
This section contains information on the following issues:
■
Section 9.1.1.1, "Cannot set EclipseLink log level in WLS System MBean Browser"
■
Section 9.1.1.2, "Incorrect outer join SQL on SQLServer2005"
■
Section 9.1.1.3, "UnitOfWork.release() not Supported with External Transaction
Control"
■
Section 9.1.1.4, "Returning Policy for UPDATE with Optimistic Locking"
■
Section 9.1.1.5, "JDBC Drivers returning Timestamps as Strings"
■
Section 9.1.1.6, "Unit of Work does not add Deleted Objects to Change Set"
9.1.1.1 Cannot set EclipseLink log level in WLS System MBean Browser
Use Oracle Enterprise Manager to set the EclipseLink log level; do not use the WLS
System MBean Browser to complete this action.
Oracle TopLink 9-1
General Issues and Workarounds
9.1.1.2 Incorrect outer join SQL on SQLServer2005
TopLink generates incorrect outer join for SQL Server v2005. The outer join syntax
generated is correct for earlier versions of this database. To work around this
limitation, reconfigure the database compatibility (refer to the SQLServer
documentation for details). Alternatively, you can use a custom TopLink database
platform.
9.1.1.3 UnitOfWork.release() not Supported with External Transaction Control
A unit of work synchronized with a Java Transaction API (JTA) will throw an
exception if it is released. If the current transaction requires its changes to not be
persisted, the JTA transaction must be rolled back.
When in a container-demarcated transaction, call setRollbackOnly() on the
EJB/session context:
@Stateless
public class MySessionBean
{
@Resource
SessionContext sc;
public void someMethod()
{
...
sc.setRollbackOnly();
}
}
When in a bean-demarcated transaction then you call rollback() on the
UserTransaction obtained from the EJB/session context:
@Stateless
@TransactionManagement(TransactionManagementType.BEAN)
public class MySessionBean implements SomeInterface
{
@Resource
SessionContext sc;
public void someMethod()
{
sc.getUserTransaction().begin();
...
sc.getUserTransaction().rollback();
}
}
9.1.1.4 Returning Policy for UPDATE with Optimistic Locking
The returning policy, which allows values modified during INSERT and UPDATE to be
returned and populated in cached objects, does not work in conjunction with numeric
version optimistic locking for UPDATE. The value returned for all UPDATE operations is 1
and does not provide meaningful locking protection.
Do not use a returning policy for UPDATE in conjunction with numeric optimistic
locking.
The use of returning policy for INSERT when using optimistic locking works correctly.
9-2 Release Notes
General Issues and Workarounds
9.1.1.5 JDBC Drivers returning Timestamps as Strings
TopLink assumes that date and time information returned from the server will use
Timestamp. If the JDBC driver returns a String for the current date, TopLink will
throw an exception. This is the case when using a DB2 JDBC driver.
To work around this issue, consider using a driver that returns Timestamp (such as
COM.ibm.db2.jdbc.app.DB2Driver) or change the policy to use local time instead of
server time.
Another option is to use a query re-director on the ValueReadQuery used by the
platform:
ValueReadQuery vrq = new ValueReadQuery(
"SELECT to_char(sysdate, 'YYYY-MM-DD HH:MM:SS.SSSSS') FROM DUAL"
);
vrq.setRedirector(new TSQueryRedirector());
...
class TSQueryRedirector implements QueryRedirector
{
public Object invokeQuery(DatabaseQuery query, Record arguments, Session session)
{
String value = (String)session.executeQuery(query);
return ConversionManager.getDefaultManager().convertObject(
value, java.sql.Timestamp.class
);
}
}
9.1.1.6 Unit of Work does not add Deleted Objects to Change Set
When accessing the change set of a Unit of Work to determine what has changed,
objects that are pending deletion (such as uow.deleteObject( ) and
uow.deleteAllObjects( )) will not be returned from the result set.
The objects pending deletion are only available through the Unit of Work
getDeletedObjects call.
9.1.2 TopLink Workbench Issues
This section contains information on the following issues:
■
Section 9.1.2.1, "User Interface Issue"
■
Section 9.1.2.2, "Accessibility"
■
Section 9.1.2.3, "Running the TopLink Workbench on Windows OS"
9.1.2.1 User Interface Issue
When running TopLink Mapping Workbench using JDK 1.7, dialogs with a group box
containing check boxes or radio buttons may display duplicated or truncated group
box titles. There is no loss of functionality, and you should proceed as usual.
9.1.2.2 Accessibility
Due to an issue with Sun JDK 1.6, if NullPointExecption error dialog is generated
when saving a file, the error dialog window is not in focus.
9.1.2.3 Running the TopLink Workbench on Windows OS
Due to an issue with certain configurations and versions of Windows operating
systems, users that launch the TopLink Workbench with the workbench.cmd file may
Oracle TopLink 9-3
General Issues and Workarounds
receive a dialog that states: Could not find the main class. This occurs because the
classpath specified contains a directory path which has periods in it. The workaround
is to rename the offending directory or change the classpath to use directory paths
which do not contain periods.
9.1.3 Oracle Database Extensions with TopLink
This section contains information on the following issue:
Section 9.1.3.1, "Template JAR for Spatial and XDB Support in Oracle WebLogic
Server"
■
9.1.3.1 Template JAR for Spatial and XDB Support in Oracle WebLogic Server
To fully support Oracle Spatial and Oracle XDB mapping capabilities (in both
standalone Oracle WebLogic Server and the Oracle JDeveloper integrated WebLogic
Server), you must use the toplink-spatial-template.jar and
toplink-xdb-template.jar to extend the WebLogic Server domain to support Oracle
Spatial and XDB, respectively.
To extend your WebLogic Server domain:
1.
2.
Download the toplink-spatial-template.jar (to support Oracle Spatial) and
toplink-xdb-template.jar (to support Oracle XDB) files from:
■
http://download.oracle.com/otn/java/toplink/111110/toplink-s
patial-template.jar
■
http://download.oracle.com/otn/java/toplink/111110/toplink-x
db-template.jar
Use Table 9–1, " To Support Oracle Spatial" or Table 9–2, " To Support Oracle XDB"
to determine which files to copy.
Table 9–1
To Support Oracle Spatial
Copy this file
sdoapi.jar
1
2
From...1
To...2
<ORACLE_DATABASE_HOME>/md/jlib <WEBLOGIC_HOME>/server/lib
These are the default locations. Your actual location may vary depending on your specific environment,
installed options, and version.
When using Oracle JDeveloper integrated WebLogic Server, the <WEBLOGIC_HOME> is located within the
<JDEVELOPER_HOME> directory.
Table 9–2
To Support Oracle XDB
From...1
To...2
xdb.jar
<ORACLE_DATABASE_
HOME>/rdbms/jlib
<WEBLOGIC_HOME>/server/lib
xml.jar
<ORACLE_DATABASE_HOME>/lib
<WEBLOGIC_HOME>/server/lib
xmlparserv2.jar
<ORACLE_DATABASE_HOME>/lib
<WEBLOGIC_HOME>/server/lib
Copy this file
ori18n-mapping.jar <ORACLE_DATABASE_HOME>/jlib
<WEBLOGIC_HOME>/server/lib
3
1
2
3
9-4 Release Notes
These are the default locations. Your actual location may vary depending on your specific environment,
installed options, and version.
When using Oracle JDeveloper integrated WebLogic Server, the <WEBLOGIC_HOME> is located within the
<JDEVELOPER_HOME> directory.
Use orai18n-mapping.jar for Oracle Database 11.2 and higher.
General Issues and Workarounds
Although the actual JAR file may be named differently in your
From directory, the file must be named as shown, when copied to the
To directory.
Note:
3.
Launch the Config Wizard (<WEBLOGIC_HOME>/common/bin/config.sh (or .bat).
4.
Select Extend an existing WebLogic domain.
5.
Browse and select your WebLogic Server domain.
When using JDeveloper with integrated WebLogic Server, the typical WebLogic
Server domain location may be similar to:
■
In Windows environments:
%APPDATA%\JDeveloper\systemXX.XX.XX.XX\DefaultDomain
where XX.XX.XX.XX is the unique number of the product build.
For Windows platforms, you must enable the Show hidden files and folders
folder option.
■
In non-Windows environments, the default location is under the current user's
default home directory: <$Home>/DefaultDomain
Refer to the Oracle JDeveloper documentation for details.
6.
Select Extend my domain using an existing extension template.
7.
Browse and select the required template JAR (toplink-spatial-template.jar for
Oracle Spatial, toplink-xdb-template.jar for Oracle XDB).
8.
Complete the remaining pages of the wizard.
9.1.4 Allowing Zero Value Primary Keys
By default, EclipseLink interprets zero as null for primitive types that cannot be null
(such as int and long) causing zero to be an invalid value for primary keys. You can
modify this setting by using the allow-zero-id property in the persistence.xml file.
Valid values are:
■
■
true – EclipseLink interprets zero values as zero. This permits primary keys to use
a value of zero.
false (default) – EclipseLink interprets zero as null.
Refer the EclipseLink User's Guide at
http://wiki.eclipse.org/EclipseLink/UserGuide for more information.
9.1.5 Managed Servers on Sybase with JCA Oracle Database Service
When using a JCA service with the Oracle Database adapter in a cluster to perform
database operations on a Sybase database, the managed nodes in the cluster process
the messages and may attempt to perform duplicate operations.
Because supported versions of Sybase do not support Oracle TopLink record locking,
Sybase allows the duplicate operation attempts.
9.1.6 Logging Configuration with EclipseLink Using Container Managed JPA
By default, EclipseLink users in container managed JPA will use the Oracle WebLogic
Server logging options to report all log messages generated by EclipseLink. Refer to
Oracle TopLink 9-5
General Issues and Workarounds
"Configuring WebLogic Logging Services" in Oracle® Fusion Middleware Configuring
Log Files and Filtering Log Messages for Oracle WebLogic Server.
To use the EclipseLink native logging configuration, add the following property to
your persistence.xml file:
<property name="eclipselink.logging.logger" value="DefaultLogger"/>
9.1.7 Grid Cache requires CacheLoader
An oracle.eclipselink.coherence.integrated.EclipseLinkJPACacheLoader must
be configured for entities configured as Grid Cache to ensure the necessary TopLink
Grid wrapper class is generated.
9-6 Release Notes
Part III
Part III
Oracle Virtual Assembly Builder
Part III contains the following chapters:
■
Chapter 10, "Oracle Virtual Assembly Builder"
10
Oracle Virtual Assembly Builder
10
This chapter describes issues associated with Oracle Virtual Assembly Builder. It
includes the following topics:
■
Section 10.1, "Installation and Configuration Issues and Workarounds"
■
Section 10.2, "General Issues and Workarounds"
■
Section 10.3, "Component Specific Issues"
■
Section 10.4, "Documentation Errata"
10.1 Installation and Configuration Issues and Workarounds
This section describes issues related to installation of Oracle Virtual Assembly Builder.
It includes these items:
■
Section 10.1.1, "Deployer Instance Directory Only Suitable for Use in
Deployer-only Installation"
■
Section 10.1.2, "Disk Warning Causes Installation Failure"
■
Section 10.1.3, "Errors about Missing Libraries in the VM"
■
Section 10.1.4, "Incorrect sshd_config File in Base Image"
■
Section 10.1.5, "Exceptions in Message Log after Upgrade"
10.1.1 Deployer Instance Directory Only Suitable for Use in Deployer-only Installation
When you perform a combined (Studio and Deployer) installation of Oracle Virtual
Assembly, and subsequently configure the Deployer in an Oracle WebLogic Server
domain, the installation creates an ab_instance directory under the Oracle WebLogic
Server domain root ("Deployer instance directory"). This ab_instance will not be
functional for the purposes of using abctl.
Instead, in the case of a combined installation you should only use the "Studio Instance
directory" that is created by the Oracle Virtual Assembly Builder installer (typically
located directly under MIDDLEWARE_HOME).
A Deployer instance directory is only suitable for use in a Deployer-only installation.
10.1.2 Disk Warning Causes Installation Failure
When installing Oracle Virtual Assembly Builder on an Oracle Exalogic machine with
a large disk space, a known issue with the Oracle Universal Installer prevents the
installation from completing. You can see an error that includes "errorString:Space
required for Oracle home is 350 MB.[[ Space Available: 0 MB ]."
Oracle Virtual Assembly Builder 10-1
General Issues and Workarounds
The workaround is to launch the installer as follows:
./runInstaller -novalidation -ignoreDiskWarning
10.1.3 Errors about Missing Libraries in the VM
If certain libraries are missing from the VM, an exception may be recorded in the logs
on the VM. The exception is the result of a file copy, and is harmless. The file is still
successfully copied. The exception appears similar to the following:
[2012-04-25T03:04:04.949-04:00] [as] [TRACE] []
[oracle.as.assemblybuilder.common] [tid: 11] [SRC_CLASS:
oracle.as.assemblybuilder.common.jni.Native] [SRC_METHOD: <init>] Unable to load
native library.
10.1.4 Incorrect sshd_config File in Base Image
The base images used in creating the VMs has an incorrect sshd_config file. The line
#AllowTcpForwarding yes
is commented out and should read:
AllowTcpForwarding yes
To allow remote introspection, you must update the /etc/ssh/sshd_config file on the
VMs and restart SSH (/etc/rc.d/init.d/sshd stop/start).
10.1.5 Exceptions in Message Log after Upgrade
After upgrading Oracle Virtual Assembly Builder, you may see exceptions in the
Message.log after launching Oracle Virtual Assembly Builder Studio for the first time.
These exceptions can be ignored.
Workaround
If you reopen Oracle Virtual Assembly Builder Studio , you no longer see the
exceptions.
10.2 General Issues and Workarounds
This section describes general issues and workarounds for Oracle Virtual Assembly
Builder Studio operations, such as introspection, capturing file sets, and deployment.
It includes these items:
■
Section 10.2.1, "Oracle Virtual Assembly Builder Introspection Issues"
■
Section 10.2.2, "Oracle Virtual Assembly Builder File Set Capture Issues"
■
Section 10.2.3, "Oracle Virtual Assembly Builder Deployment Issues"
■
Section 10.2.4, "Other Oracle Virtual Assembly Builder Issues"
10.2.1 Oracle Virtual Assembly Builder Introspection Issues
This section describes issues observed during introspection. It includes these items:
■
■
10-2 Release Notes
Section 10.2.1.1, "Remote Introspection Must Be Run as Specific Users"
Section 10.2.1.2, "Unable to Create Secure Connections for Multiple OVMs in a
Single Session"
General Issues and Workarounds
■
■
Section 10.2.1.3, "Do Not Try to Import and Register a Template at the Same Time"
Section 10.2.1.4, "Time Zones Must Match Between Base Image and Reference
Systems"
10.2.1.1 Remote Introspection Must Be Run as Specific Users
The remoteUser specified for remote WLS introspection must be either the owner of
the WLS process that is running on the reference system, or must be a user that has
permission to read files that the owner of the WLS process creates.
10.2.1.2 Unable to Create Secure Connections for Multiple OVMs in a Single
Session
You can create secure connections to multiple OVMs using Oracle Virtual Assembly
Builder Studio. However, you cannot create secure connections to multiple OVMs
during a single Studio session. In order to create multiple secure connections, you
must create a secure connection, then exit Oracle Virtual Assembly Builder Studio.
Restart Studio and create the next secure OVM connection. You must repeat this
process for each desired secure OVM connection.
10.2.1.3 Do Not Try to Import and Register a Template at the Same Time
Do not attempt to import and register a template at the same time. Doing so will cause
the registration to fail and may cause unforeseen side-effects.
10.2.1.4 Time Zones Must Match Between Base Image and Reference Systems
It is possible to have a time zone in your base image that is significantly different from
the time zone of a reference system being introspected. If the introspected reference
system is an Oracle WebLogic Server installation that has demo SSL certificates that
were recently created you can experience a deployment failure caused by invalid SSL
certificates. This is due to the valid time listed in the certificate being in the future
relative to the time in the base image. Make sure the time zone in your base image
matches the time zone of your reference systems to avoid this type of failure.
10.2.2 Oracle Virtual Assembly Builder File Set Capture Issues
This section describes issues observed during file set capture operations. It includes
these items:
■
■
■
■
■
Section 10.2.2.1, "Troubleshooting Template Registration Errors"
Section 10.2.2.2, "Capturing File Sets with a Different userid than userid of
Individual Who Installed Oracle Virtual Assembly Builder"
Section 10.2.2.3, "Template Status Not Updated"
Section 10.2.2.4, "Oracle Virtual Assembly Builder Instance Directory Should Not
Reside in FMWHOME"
Section 10.2.2.5, "Non-Root User Cannot Capture File Sets Owned by Root"
10.2.2.1 Troubleshooting Template Registration Errors
If you receive an error while registering a template (such as ImportError, or any error
including oracle.ovs.biz.exception.OVSException) in the Oracle Virtual Assembly
Builder log file, be sure to check the Oracle VM logs for the root cause, as it may not be
expressed in the Oracle Virtual Assembly Builder logs.
Oracle Virtual Assembly Builder 10-3
General Issues and Workarounds
10.2.2.2 Capturing File Sets with a Different userid than userid of Individual Who
Installed Oracle Virtual Assembly Builder
When capturing file sets on a local reference system that was installed using a different
OS userid than the one used for the Oracle Virtual Assembly Builder installation,
capturing file sets will fail with file permission errors. There are two workarounds for
this issue. Use either:
■
■
Run Oracle Virtual Assembly Builder as root. When you do this, all generated
artifacts in catalog (such as metadata, file sets, and others) are owned by the root
user and all subsequent operations must also be executed as root user.
Run local file set capture through remote ssh. Treat the local reference system as
remote and perform remote file set capture, using an ssh user that has read
permission of the reference system installation.
10.2.2.3 Template Status Not Updated
An intermittent problem has been reported in which the status of a template is not
immediately updated after the status has changed. If you encounter this issue, stop
and restart Oracle Assembly Builder Studio.
10.2.2.4 Oracle Virtual Assembly Builder Instance Directory Should Not Reside in
FMWHOME
During introspection, you may receive a full disk error even though you have the
required disk space available. You encounter this issue if you have specified an Oracle
Virtual Assembly Builder instance that is located within a Fusion Middleware instance
home. To correct the problem, move your Oracle Virtual Assembly Builder instance
directory outside of the Fusion Middleware instance home.
10.2.2.5 Non-Root User Cannot Capture File Sets Owned by Root
During introspection, if there are files owned by root in a directory such as ORACLE_
HOME, a non-root user is prevented from capturing the file sets in the ORACLE_
HOME as part of the introspection.
The solution is to remove these files, or have their ownership changed to the user that
is capturing the file sets.
10.2.3 Oracle Virtual Assembly Builder Deployment Issues
This section describes issues observed during deployment. It includes these items:
■
■
■
■
Section 10.2.3.1, "Scale Operations and Failed Deployments"
Section 10.2.3.2, "Importing Using the ImportAs Option Removes All Deployment
Plan Overrides"
Section 10.2.3.3, "Unresolved IP Addresses Result in Error"
Section 10.2.3.4, "Complete Editing Operations on Assemblies Before Creating a
Deployment Plan"
■
Section 10.2.3.5, "NFS Mounting Not Supported in Reference Systems"
■
Section 10.2.3.6, "Firewall Implications for Template Registration"
■
Section 10.2.3.7, "Recovering from Unexpected Errors During Deployment"
■
Section 10.2.3.8, "Deployment Failure Due to 'Too Many Open Files' Error"
10-4 Release Notes
General Issues and Workarounds
10.2.3.1 Scale Operations and Failed Deployments
Scale operations are affected by failed deployments.
Scale down operations only remove properly (successfully) deployed instances. In the
case of failed deployments, those instances are not removed during scale down. Failed
instances are left for you to troubleshoot. If you want to remove instances that failed to
deploy, you must undeploy them, fix the plan, and then redeploy.
Scale up operations are prohibited if a failed instance exists in the assembly. As above,
you must undeploy, fix the problem, and then redeploy.
10.2.3.2 Importing Using the ImportAs Option Removes All Deployment Plan
Overrides
When importing an assembly or assembly archive (OVA file) using the 'importAs'
option, the deployment plans are imported, but any overrides that were in the original
deployment plan are not imported. It will appear as if you have a new deployment
plan with no overridden properties.
10.2.3.3 Unresolved IP Addresses Result in Error
Deployment attempts will fail if IP addresses specified in the deployment plan are
unresolved on the Oracle Virtual Assembly machine (the machine on which Deployer
is running). To avoid this issue, ensure that IP addresses are resolvable.
10.2.3.4 Complete Editing Operations on Assemblies Before Creating a
Deployment Plan
If you have created deployment plans for an assembly, and then made certain
modifications to the assembly (notably, adding or removing network interfaces from
one of the assembly's appliances), then deployment plan values may become
misassigned. (For example, the IP address and netmask for a deleted network interface
may be assigned to a different network interface).
To avoid this, it is recommended that you create and populate deployment plans only
after you have completed all desired editing operations on the assembly. The safest
approach is to create an assembly archive first, then create deployment plans. This is
because creating the assembly archive prevents further edit operations that may
invalidate the deployment plan.
10.2.3.5 NFS Mounting Not Supported in Reference Systems
Oracle Virtual Assembly Builder does not support NFS mounting in the reference
system, since these NFS mounts will not be created by Assembly Builder in the
deployment environment. In some cases, deployment will fail if the reference system
has an NFS mount.
A number of third-party tools require mounting file systems as part of their
configuration. This can require specific workarounds. For example, when using the
Websphere MessageQueue external JMS server, you may encounter the following
issues:
■
The configuration for the JMS Server requires access to a class provided by
Websphere. In some environments, those classes (also known as jars) are added to
the PRE_CLASSPATH environment variable prior to starting Oracle WebLogic
Server. Ensure that the configuration for your environment does not require
modification for Oracle WebLogic Server to be able to see these jar files
automatically on startup.
Oracle Virtual Assembly Builder 10-5
General Issues and Workarounds
■
The Oracle WebLogic Server configuration for the JMS server requires a JNDI
connection URL as follows, 'file://<path to mq config>'. This file resides on the
external Websphere server, and must be mounted locally so it can be used.
10.2.3.6 Firewall Implications for Template Registration
To allow template registration, the Oracle VM host must be able to download the
template through HTTP from the Assembly Builder host. If you are using a firewall
(for example, iptables on Linux) then you must properly configure that firewall to
allow the communication. By default Oracle Virtual Assembly Builder specifies its
HTTP port to be "0" which causes the system to issue one (so there is no default port).
You can specify the port by setting the "ovmPort" property in deployer.properties.
A simpler solution is to turn off the firewall. For iptables, use the following command:
/etc/init.d/iptables stop
To configure your firewall, refer to the documentation for your firewall.
10.2.3.7 Recovering from Unexpected Errors During Deployment
Whenever an unexpected error occurs during deployment, you typically want to
examine what went wrong and perform necessary cleanup before recovering from the
error. For these reasons, Oracle Virtual Assembly Builder provides neither an
automatic recovery mechanism, nor a tool to recover from a failure.
To perform recovery of the Deployer:
1.
Examine the resource pools in the corresponding Oracle Virtual Machine
managers configured in the resource-pools.xml file relevant to the crashed AB_
INSTANCE and perform cleanup. This includes cleaning up (stopping and
destroying) all instances initiated by Oracle Virtual Assembly Builder.
2.
Delete the .hastore file.
This returns the Deployer to a clean state.
10.2.3.8 Deployment Failure Due to 'Too Many Open Files' Error
Some components may require a large number of open files to deploy successfully.
Even if a base image with the required limits is provided, the limit will be reset to 4096
by the Oracle Virtual Assembly Builder service that runs on the VM.
The workaround is to edit $ORACLE_HOME/resources/bottler/ab/etc/ab_service.sh
to set the desired limit instead of 4096, and then to create (or recreate) the assembly
archive.
10.2.4 Other Oracle Virtual Assembly Builder Issues
This section describes other issues observed while performing operations in Oracle
Virtual Assembly Builder. It includes these items:
■
■
Section 10.2.4.1, "Add DNS Button Does Not Work When Using OVAB Studio in
Japanese Language"
Section 10.2.4.2, "Large Delete Operations Can Make Oracle Virtual Assembly
Builder Studio Appear to Lock Up"
■
Section 10.2.4.3, "Virtual Machine Swap Space"
■
Section 10.2.4.4, "Top-level Delete Messages in English Only"
■
Section 10.2.4.5, "Export Operation Requires Temporary Local Storage"
10-6 Release Notes
General Issues and Workarounds
■
Section 10.2.4.6, "Non-supported Character When Naming Vnets"
■
Section 10.2.4.7, "Obsolete Assembly Archives After Download and Import"
■
■
Section 10.2.4.8, "Zero-count Appliances Cannot Be Scaled in Oracle Virtual
Assembly Builder Studio"
Section 10.2.4.9, "Password Field Is Not Editable When Configuring a New
Domain"
10.2.4.1 Add DNS Button Does Not Work When Using OVAB Studio in Japanese
Language
When following the procedure to create resource pools using the graphical interface of
Oracle Virtual Assembly Builder Studio set to the Japanese locale, the Add DNS
button does not function. To work around this problem, set the locale to English:
1.
Exit Oracle Virtual Assembly Builder
2.
Execute the commands:
export LC_ALL= c
./abstudio.sh
3.
Create resource pool connection in the English locale.
10.2.4.2 Large Delete Operations Can Make Oracle Virtual Assembly Builder Studio
Appear to Lock Up
When large top-level items are deleted through Oracle Virtual Assembly Builder
Studio, the interface may appear to have locked-up, when in fact it is running
normally. This is normal behavior, allow the application to finish its task.
10.2.4.3 Virtual Machine Swap Space
Ensure your virtual machines have at least 500MB of available swap space (on each
machine).
10.2.4.4 Top-level Delete Messages in English Only
Messages displayed during top-level delete of items are displayed in English only.
10.2.4.5 Export Operation Requires Temporary Local Storage
In an export operation, the AB_INSTANCE/tmp directory is used for storage of
intermediary artifacts. This means that an export may fail if there is not enough space
in the disk where AB_INSTANCE is located, even though the destination directory
may be located in another disk.
10.2.4.6 Non-supported Character When Naming Vnets
It is possible to create networks in Oracle VM 3.0 that have the period ('.') character in
the name. But Oracle Virtual Assembly Builder does not support this character in the
name so you will not be able to name your Vnet in Oracle Virtual Assembly Builder
after the actual network name in your Oracle VM 3.0 environment.
The createAssembly command in the Oracle Virtual Assembly Builder abctl
command-line interface fails to disallow a Vnet name containing the '.' character. The
Oracle Virtual Assembly Builder Studio graphical user interface correctly disallows it.
Oracle Virtual Assembly Builder 10-7
General Issues and Workarounds
10.2.4.7 Obsolete Assembly Archives After Download and Import
In a Oracle Virtual Assembly Builder Studio or combined (Studio and Deployer)
installation, downloading an assembly archive from the Deployer or from the EM
Software Library automatically imports the archive into the local catalog. If you
optionally specify a new name for the assembly when downloading, then the archive
file will be saved on disk using the new name, and imported into the catalog using the
new name. However, the contents inside the archive will still refer to the original
assembly name, and hence this downloaded archive should be considered obsolete.
Therefore, after a successful download and import, the downloaded archive should
not be used. It can be deleted manually from AB_INSTANCE/archives, or it can be
overwritten by using the createAssemblyArchive command with the -force option,
or the create template wizard in the Oracle Virtual Assembly Builder Studio graphical
user interface (which implicitly uses the -force option).
10.2.4.8 Zero-count Appliances Cannot Be Scaled in Oracle Virtual Assembly
Builder Studio
If you deploy an assembly that contains a 'zero-count' appliance - that is, an appliance
with its scaling minimum and initial target both set to 0 - you will not be able to scale
that appliance up using the Oracle Virtual Assembly Builder Studio graphical user
interface. Use the Oracle Virtual Assembly Builder command-line interface scale
command instead. If the describeScalingGroups command does not show the group
you want to scale, use the appliance id, which can be found in the 'Appliances'
column of the describeAssemblyInstances output.
10.2.4.9 Password Field Is Not Editable When Configuring a New Domain
Platform: Linux
On Linux systems, when creating a new domain in the Oracle Fusion Middleware
Configuration Wizard, the Password and Confirm Password fields are sometimes not
editable, and you cannot enter a password to create a domain.
Workaround
There are two ways to work around this issue:
■
■
To work around the issue each time it happens, click the Close Window X button
in the upper right corner of the Configuration Wizard. In the confirmation dialog
that appears, click No to return to the Configuration Wizard. You can then enter
and confirm the password for the domain.
To fix this issue permanently:
1.
Kill all scim processes. For example:
kill `pgrep scim`
2.
Modify (or create) the file ~/.scim/config to include the following line
(case-sensitive):
/FrontEnd/X11/Dynamic = true
10-8 Release Notes
3.
If you are running VNC, restart the VNC server.
4.
Run the Configuration Wizard again.
Component Specific Issues
10.3 Component Specific Issues
This section describes specific issues for components that Oracle Virtual Assembly
Builder can introspect. The list of issues for each component presents the most severe
or frequently encountered issues first, followed by lower priority issues.
This section describes the following topics:
■
Section 10.3.1, "Oracle Virtual Machine"
■
Section 10.3.2, "Oracle WebLogic Server Issues"
■
Section 10.3.3, "Oracle Web Cache Issues"
■
Section 10.3.4, "Oracle Database Issues"
■
Section 10.3.5, "Oracle Forms and Oracle Reports Issues"
10.3.1 Oracle Virtual Machine
This section describes issues for Oracle VM. It includes these items:
■
Section 10.3.1.1, "Intermittent Errors When Using Oracle VM"
■
Section 10.3.1.2, "Limit Virtual Machine Names to 100 Characters or Less"
■
Section 10.3.1.3, "Limit Virtual Machine Passwords to 50 Characters or Less"
■
Section 10.3.1.4, "Limitation on Number of Virtual Disks"
■
Section 10.3.1.5, "VNC Access Only Available through Oracle VM Manager"
10.3.1.1 Intermittent Errors When Using Oracle VM
Intermittent errors have been reported when using Oracle VM. If you receive an error
that includes oracle.ovs.biz, check the Oracle VM logs to ensure you understand the
root cause of the problem. In some cases, simply reattempting the task will solve the
problem, but consulting the logs is the best approach.
10.3.1.2 Limit Virtual Machine Names to 100 Characters or Less
Oracle Virtual Machine limits virtual machine names to 100 characters or less. If your
names are too long, you will receive the error:
oracle.ovs.biz.exception.invalidNameException: OVM-4008
Oracle Virtual Assembly Builder Deployer determines virtual machine names based
on the following format:
deploymentId_subassemblyName_applianceName_instanceName0
In order to have virtual machine name length in the defined 100 character limit, the
assembly name (and all subassembly names) and appliance names combined must be
short enough that, when combined, are less than 100 characters.
10.3.1.3 Limit Virtual Machine Passwords to 50 Characters or Less
Oracle Virtual Machine limits virtual machine passwords to 50 characters or less; your
virtual machine password must be less than 50 characters long. If your password is too
long, you will receive the error: Oracle.ovs.biz.exception.OVSException: OVM-5101
The template{0} cannot be found
Oracle Virtual Assembly Builder 10-9
Component Specific Issues
10.3.1.4 Limitation on Number of Virtual Disks
Oracle VM supports handling an appliance with up to 26 virtual disks. If you attempt
to perform operations to create a larger number of virtual disks, you will experience a
failure and an error message indicating that a 'disk image declared in the OVF does
not exist in the OVA.'
10.3.1.5 VNC Access Only Available through Oracle VM Manager
Although you must supply a VNC password when creating templates, and can
override this password in a deployment plan, neither of these values will actually take
effect. You must access virtual machine VNC consoles through the Oracle VM
Manager console, using the appropriate credentials as defined by Oracle VM Manager.
10.3.2 Oracle WebLogic Server Issues
This section describes issues for Oracle WebLogic Server. It includes these items:
■
■
■
■
■
■
Section 10.3.2.1, "Forward Slashes in Server Service Names Cause Oracle WebLogic
Server Deployment Failures"
Section 10.3.2.2, "Applications with JDBC Remap May Need to be Manually
Restarted"
Section 10.3.2.3, "Applications Accessing Web Services Not Updated at
Deployment"
Section 10.3.2.4, "Limitation with Oracle WLS Domains Upgraded from 10.3.1"
Section 10.3.2.5, "Admin URL Required to be Specified When Managed Server is
No Longer Running"
Section 10.3.2.6, "WLS Plug-in Does Not Support Changing Ownership of File
Sets"
■
Section 10.3.2.7, "Relocating Node Manager Home Not Supported"
■
Section 10.3.2.8, "User-specific Changes to Setdomainenv.sh are Not Preserved"
10.3.2.1 Forward Slashes in Server Service Names Cause Oracle WebLogic Server
Deployment Failures
You can create a WebLogic Server service (such as a JMS server definition or a data
source definition) with a name that contains a forward slash ( '/' ). Services with
forward slashes in their names will cause WebLogic Server deployments to fail. To
work around this, ensure that your WebLogic Server services do not have the '/'
character in their names.
10.3.2.2 Applications with JDBC Remap May Need to be Manually Restarted
An error has been reported in which an application using JDBC data source mapping
configured at the application scope fails to start. The failure occurs only for
deployments on Oracle WebLogic Server AdminServer, and only immediately after the
AdminServer itself is deployed.
To correct this problem, manually start the AdminServer.
10.3.2.3 Applications Accessing Web Services Not Updated at Deployment
An application that accesses a Web service that is also hosted on the Oracle WebLogic
Server reference system will not be updated to point to the new web service location
upon deployment. You must update the application to access the web service WSDL
10-10 Release Notes
Component Specific Issues
on the new Oracle VM host, and then redeploy the application through Oracle
WebLogic Server administration tools, such as Admin Console or wlst, to the Oracle
VM Oracle WebLogic Server environment.
10.3.2.4 Limitation with Oracle WLS Domains Upgraded from 10.3.1
Oracle Virtual Assembly Builder uses a pack/unpack utility when moving Oracle
WebLogic Server domains. An issue with the utility causes the unpack operation to fail
when using the utility to move a domain that was originally a 10.3.1 domain, but
which was upgraded to 10.3.2 during installation of 10.3.2.
10.3.2.5 Admin URL Required to be Specified When Managed Server is No Longer
Running
This issue applies to an uncommon scenario in which Oracle Virtual Assembly Builder
has deployed and started the required instances in the assembly, including the Oracle
WebLogic Server Managed Servers, and later the Managed Server (but not the guest
OS) has either crashed or been explicitly shutdown through an external tool.
If you want to perform manual starts from the context of the guest OS, you must
manually modify the StartManagedServer.sh script to provide the correct Admin
Server URL (Admin Server hostname). This is required because the default admin
URL has the wrong value (the machine name of the Admin Server is not known at the
time of template creation).
You can still start or stop the server through the node manager in Admin Console.
10.3.2.6 WLS Plug-in Does Not Support Changing Ownership of File Sets
The Oracle WebLogic Server plug-in does not support changing the ownership of file
sets. The default 'oracle' user must be used or unexpected results, including possible
deployment failure, could result.
10.3.2.7 Relocating Node Manager Home Not Supported
You observe an error where servers in an Oracle WebLogic Server cluster cannot start
through Node Manager. This error can occur if you have relocated your Node
Manager home, which is not supported. Specifically, the node manager configuration
at introspection time only occurs when the nodemanager.properties file resides in the
<weblogic_home>/common/nodemanager directory.
10.3.2.8 User-specific Changes to Setdomainenv.sh are Not Preserved
If you set any user-specific parameters (such as JAVA_OPTS, PRE_CLASSPATH, or POST_
CLASSPATH) in setDomainEnv.sh these settings are lost during the reconfiguration of
the domain to Oracle VM.
10.3.3 Oracle Web Cache Issues
This section describes issues for Oracle Web Cache. It includes these items:
■
Section 10.3.3.1, "Protocol Mismatch Error"
■
Section 10.3.3.2, "Oracle Web Cache Administration Port Not a Privileged Port"
■
Section 10.3.3.3, "Oracle Web Cache Scaling Issues"
■
Section 10.3.3.4, "Update Virtual Host Map Properties When Making Port
Changes"
Oracle Virtual Assembly Builder 10-11
Component Specific Issues
10.3.3.1 Protocol Mismatch Error
If Oracle WebCache has been registered with Enterprise Manager and is introspected,
the resulting Enterprise Manager registration output cannot be connected to the Oracle
WebLogic Server Admin server input due to a protocol mismatch.
The workaround is to manually edit the appliance.xml file for Oracle Web Cache.
Under $AB_INSTANCE/catalog/metadata find the appliance.xml file for the Oracle
Web Cache component. Edit it and search for the 'EMRegistration' output. Change the
protocol from 'HTTP' to 'http'. You should now be able to connect the output to the
Oracle WebLogic Server Admin server input.
10.3.3.2 Oracle Web Cache Administration Port Not a Privileged Port
Oracle Virtual Assembly Builder does not support the deployment of an Oracle Web
Cache appliance with a privileged port (a port number less than 1024) as its
administration port.
10.3.3.3 Oracle Web Cache Scaling Issues
Oracle Virtual Assembly Builder does not automatically update the webcache.xml file
for each instance after you perform scaling. Even when the scaling operation
completes without errors, you must still update the webcache.xml file for each instance
so that the instance recognizes all the members in the cluster.
10.3.3.4 Update Virtual Host Map Properties When Making Port Changes
In Oracle Web Cache, there is not necessarily a correlation between the ports in the
virtual host map (VHM) elements and those in the listen elements of the Oracle Web
Cache configuration. Whenever you make a port change, you must update your VHM
ports by manually updating the properties associated with the VHMs.
10.3.4 Oracle Database Issues
This section describes issues for Oracle Database. It includes these items:
■
Section 10.3.4.1, "Deployment Error Due to Database Vault"
■
Section 10.3.4.2, "Use default name LISTENER on Reference Systems"
■
Section 10.3.4.3, "Limited Database Configuration Support"
■
Section 10.3.4.4, "Upgraded 10g Oracle Homes Cannot be Introspected"
10.3.4.1 Deployment Error Due to Database Vault
If the database vault has been configured in your reference system's database home,
you may experience failures during some Oracle Virtual Assembly Builder operations.
In order to avoid any problems, complete these steps:
1.
Before introspection, execute the following command on your system to
temporarily disable Database Vault in the database home:
$ make -f $ORACLE_HOME/rdbms/lib/ins_rdbms.mk dv_off ioracle
2.
Re-start the database on your reference system and then shut it down.
3.
After capturing the file sets, execute the following command on your reference
system to re-enable Database Vault in the database home:
$ make -f $ORACLE_HOME/rdbms/lib/ins_rdbms.mk dv_on ioracle
10-12 Release Notes
Component Specific Issues
4.
Re-start the database on your reference system.
5.
After deployment, execute the following command on the new virtual machine to
enable Database Vault in the database home:
$ make -f $ORACLE_HOME/rdbms/lib/ins_rdbms.mk dv_on ioracle
6.
Re-start the database on the new virtual machine.
10.3.4.2 Use default name LISTENER on Reference Systems
During Oracle Virtual Assembly Builder operations, the listener on newly-created
virtual machines starts using the default name LISTENER. If you used a different
name for the listener on your reference system, you will receive an error. To avoid this
error, ensure that you use the default name (LISTENER).
If you must use a different listener name, start your listener manually with the correct
name:
$ORACLE_HOME/bin/lsnrctl start <listener name>
To view the correct listener name, see: $ORACLE_
HOME/network/admin/listener.ora.
Note:
10.3.4.3 Limited Database Configuration Support
The database introspector expects the listeners (the listener.ora configuration) to be
configured as follows:
(ADDRESS = (PROTOCOL = TCP)(HOST = example.cm)(PORT = 5521))
The protocol, host, and port are all required, and must appear
in the order above.
Note:
10.3.4.4 Upgraded 10g Oracle Homes Cannot be Introspected
You cannot introspect a single-instance database Oracle Home if that Oracle Home has
been upgraded from Release 10g.
10.3.5 Oracle Forms and Oracle Reports Issues
This section describes issues for Oracle Forms and Oracle Reports. It includes these
items:
■
Section 10.3.5.1, "Change nm* Files Ownership"
10.3.5.1 Change nm* Files Ownership
After deploying an assembly, in Oracle HTTP Server, Oracle Forms and/or Oracle
Reports deployed virtual machines, change the ownership of the following files to the
"root" user:
■
$ORACLE_HOME/bin/nmo
■
$ORACLE_HOME/bin/nmb
■
$ORACLE_HOME/bin/nmhs
Alternatively, you can run $ORACLE_HOME/bin/root.sh as the root user which sets the
right ownership on these files.
Oracle Virtual Assembly Builder 10-13
Documentation Errata
Not having the ownership set to "root" for these files impacts the Oracle EM Agent's
ability to collect performance metrics.
10.4 Documentation Errata
There are no documentation errata at this time.
10-14 Release Notes
Part IV
Part IV
Part IV contains the following chapters:
■
Chapter 11, "Oracle HTTP Server"
■
Chapter 12, "Oracle Web Cache"
Web Tier
11
Oracle HTTP Server
11
This chapter describes issues and release-specific user information associated with
Oracle HTTP Server. It includes the following notes:
■
Section 11.1, "mod_security Reintroduced"
■
Section 11.2, "Installing OHS 11.1.1.7 with WLS 12g"
11.1 mod_security Reintroduced
The mod_security plug-in was removed from earlier versions of Oracle HTTP Server
but is reintroduced in version 11.1.1.7. This version follows the recommendations and
practices prescribed for open source mod_security 2.6.2. Only documentation
applicable to open source Apache mod_security 2.6.2 is applicable to the Oracle HTTP
Server implementation of the module.
11.2 Installing OHS 11.1.1.7 with WLS 12g
You can install Oracle HTTP Server 11.1.17 with the Oracle WebLogic Server 12c
JRF/ADF combination if you do the following:
■
■
Install the two components separately, from scratch, and choose the correct
versions (Oracle HTTP Server 11.1.17 with Oracle WebLogic Server 12c JRF/ADF)
During the OHS 11g installation, deselect the components associated with a
WebLogic Domain.
Oracle HTTP Server 11-1
Installing OHS 11.1.1.7 with WLS 12g
11-2 Release Notes
12
Oracle Web Cache
12
This chapter describes issues associated with Oracle Web Cache. It includes the
following topics:
■
Section 12.1, "Configuration Issues and Workarounds"
■
Section 12.2, "Documentation Errata"
12.1 Configuration Issues and Workarounds
This section describes configuration issues and their workarounds. It includes the
following topics:
■
■
■
Section 12.1.1, "Reset the Random Password Generated When Installing Oracle
Portal, Forms, Reports, and Discoverer"
Section 12.1.2, "Running Oracle Web Cache Processes as a Different User Is Not
Supported"
Section 12.1.3, "Using Web Cache in an IPv6 Network"
12.1.1 Reset the Random Password Generated When Installing Oracle Portal, Forms,
Reports, and Discoverer
For enhanced security, no default hard-coded passwords are used for managing Oracle
Web Cache.
When you install the Oracle Web Tier installation type, the Oracle Universal Installer
prompts you to choose a password. The Web Cache Administrator page of the Oracle
Universal Installer prompts you to enter a password for the administrator account.
The administrator account is the Oracle Web Cache administrator authorized to log
in to Oracle Web Cache Manager and make configuration changes through that
interface.
When you install Oracle Portal, Forms, Reports, and Discoverer, the prompt for the
administrator password is missing. Instead, the Oracle Portal, Forms, Reports and
Discoverer install type uses a random value chosen at install time.
Regardless of the installation type, before you begin configuration, change the
passwords for these accounts to a secure password. If you are configuring a cache
cluster, all members of the cluster must use the same password for the administrator
account.
To change the password, use the Passwords page of Fusion Middleware Control, as
described in "Configuring Password Security" in the Oracle Fusion Middleware
Administrator's Guide for Oracle Web Cache.
Oracle Web Cache 12-1
Documentation Errata
12.1.2 Running Oracle Web Cache Processes as a Different User Is Not Supported
Running Oracle Web Cache as a user other than the installed user through the use of
the webcache_setuser.sh setidentity command is not supported.
Specifically, you cannot change the user ID with the following sequence:
1.
Change the process identity of the Oracle Web Cache processes in the Process
Identity page using Oracle Web Cache Manager (Properties > Process Identity).
2.
Use the webcache_setuser.sh script as follows to change file and directory
ownership:
webcache_setuser.sh setidentity user_ID
user_ID is the user you specified in the User ID field of the Process Identity page.
3.
Restart Oracle Web Cache using opmnctl.
Oracle Web Cache will start and then immediately shut down.
In addition, messages similar to the following are displayed in the event log:
[2009-06-02T21:22:46+00:00] [webcache] [ERROR:1] [WXE-13212] [logging] [ecid: ]
Access log file
/scratch/webtier/home/instances/instance1/diagnostics/logs/WebCache/webcache1/a
ccess_log could not be opened.
[2009-06-02T21:22:46+00:00] [webcache] [WARNING:1] [WXE-13310] [io] [ecid: ]
Problem opening file
/scratch/webtier/home/instances/instance1/config/WebCache/webcache1/webcache.pi
d (Access Denied).
[2009-06-02T21:22:46+00:00] [webcache] [ERROR:1] [WXE-11985] [esi] [ecid: ]
Oracle Web Cache is unable to obtain the size of the default ESI fragment page
/scratch/webtier/home/instances/instance1/config/WebCache/webcache1/files/esi_
fragment_error.txt.
[2009-06-02T21:22:46+00:00] [webcache] [WARNING:1] [WXE-11905] [security]
[ecid: ] SSL additional information: The system could not open the specified
file.
For more information about the webcache_setuser.sh script, see "Running webcached
with Root Privilege" in the Oracle Fusion Middleware Administrator's Guide for Oracle
Web Cache.
12.1.3 Using Web Cache in an IPv6 Network
Oracle Web cache supports the IPv6 address family by default. However, before using
IPv6, you must ensure that IPv6 support is enabled in the operating system. This issue
is not applicable for IPv4-only systems and for systems that support IPv6 at the kernel
level.
12.2 Documentation Errata
This section provides clarifications for errors in Oracle Web Cache documentation. It
includes the following topics:
■
Section 12.2.1, "Procedure to Enable Generation of Core Dump"
■
Section 12.2.2, "Clarification About Support for CRLs"
■
Section 12.2.3, "Clarifications About Configuring the CRL Location"
12-2 Release Notes
Documentation Errata
12.2.1 Procedure to Enable Generation of Core Dump
Information about enabling generation of core dump is not available in the Oracle
Fusion Middleware Administrator's Guide for Oracle Web Cache.
To enable generation of a core dump when Oracle Web Cache is shut down, add
CORE="YES" to the TRACEDUMP element in the $INSTANCE_
HOME/config/WebCache/webcache_name/webcache.xml file.
The updated TRACEDUMP element would look like the following:
<TRACEDUMP FILENAME=file_name CORE="YES"/>
The core dump file with the specified name is created in the $INSTANCE_
HOME/config/WebCache/webcache_name directory.
12.2.2 Clarification About Support for CRLs
Section 5.1.1.2.2, "Certificate" of the Oracle Fusion Middleware Administrator's Guide for
Oracle Web Cache states the following:
"Although the Oracle HTTP Server supports OpenSSL certificate revocation lists,
Oracle Web Cache does not."
This statement is incorrect. Oracle Web Cache does support CRLs.
12.2.3 Clarifications About Configuring the CRL Location
Section 5.5.3, "Configuring Certificate Revocation Lists (CRLs)" of the Oracle Fusion
Middleware Administrator's Guide for Oracle Web Cache has the following incorrect
statements:
■
Incorrect statement: "Fusion Middleware Control or Oracle Web Cache Manager
do not provide support for client certificate validation with Certificate Revocation
Lists (CRLs). You can configure this support by manually editing the
webcache.xml file."
Clarification: This statement is incorrect. You can enable and configure support
for CRLs by using the Oracle Web Cache Manager, as follows:
1.
Go to the Listen Ports page.
2.
Select the HTTPS port for which you want to configure CRL settings, and click
Edit Selected.
The Edit/Add Listen Port dialog box is displayed.
■
3.
Select the Certificate Revocation List Enabled option.
4.
In the CRL Path field, specify the fully qualified path to the directory in which
the CRLs are stored. For example, /home/crl.
5.
In the CRL File field, specify the fully qualified path and filename of the CRL
file. For example, /home/oracle/crl/CA/crl.
Incorrect statement: Step 4 of the procedure to configure certificate validation
using CRLs: "Configure CRL file location by adding the SSLCRLPATH and
SSLCRLFILE parameters to the HTTPS LISTEN directive."
Clarification: This statement is incorrect. You must add either SSLCRLPATH or
SSLCRLFILE to the HTTPS LISTEN directive, not both.
Oracle Web Cache 12-3
Documentation Errata
12-4 Release Notes
Part V
Part V
Oracle WebLogic Server
Part V contains the following chapters:
■
Chapter 13, "Oracle WebLogic Server"
13
Oracle WebLogic Server
13
This chapter describes issues associated with Oracle WebLogic Server. It includes the
following topics:
■
Section 13.1, "General Issues and Workarounds"
■
Section 13.2, "Administration Console Issues and Workarounds"
■
Section 13.3, "Apache Beehive Support Issues and Workarounds"
■
Section 13.4, "Clustering Issues and Workarounds"
■
Section 13.5, "Configuration Issues and Workarounds"
■
Section 13.6, "Connector (Resource Adapter) Issues and Workarounds"
■
Section 13.7, "Console Extensions Issues and Workarounds"
■
Section 13.8, "Core Server and Core Work Manager Issues and Workarounds"
■
Section 13.9, "Deployment Issues and Workarounds"
■
Section 13.10, "EJB Issues and Workarounds"
■
Section 13.11, "Examples Issues and Workarounds"
■
Section 13.12, "HTTP Publish/Subscribe Server Issues and Workarounds"
■
Section 13.13, "Installation Issues and Workarounds"
■
Section 13.14, "Java EE Issues and Workarounds"
■
Section 13.15, "JDBC Issues and Workarounds"
■
Section 13.16, "JMS Issues and Workarounds"
■
Section 13.17, "JNDI Issues and Workarounds"
■
Section 13.18, "JSP and Servlet Issues and Workarounds"
■
Section 13.19, "JTA Issues and Workarounds"
■
Section 13.20, "Java Virtual Machine (JVM) Issues and Workarounds"
■
Section 13.21, "Monitoring Issues and Workarounds"
■
Section 13.22, "Node Manager Issues and Workarounds"
■
Section 13.23, "Operations, Administration, and Management Issues and
Workarounds"
■
Section 13.24, "Oracle Kodo Issues and Workarounds"
■
Section 13.25, "Plug-ins Issues and Workarounds"
■
Section 13.26, "Protocols Issues and Workarounds"
Oracle WebLogic Server 13-1
General Issues and Workarounds
■
Section 13.27, "RMI-IIOP Issues and Workarounds"
■
Section 13.28, "Security Issues and Workarounds"
■
Section 13.29, "SNMP Issues and Workarounds"
■
Section 13.30, "Spring Framework on WebLogic Server Issues and Workarounds"
■
Section 13.31, "System Component Architecture (SCA) Issues and Workarounds"
■
Section 13.32, "Upgrade Issues and Workarounds"
■
Section 13.33, "Web Applications Issues and Workarounds"
■
Section 13.34, "WebLogic Server Scripting Tool (WLST) Issues and Workarounds"
■
Section 13.35, "Web Server Plug-Ins Issues and Workarounds"
■
Section 13.36, "Web Services and XML Issues and Workarounds"
■
Section 13.37, "WebLogic Tuxedo Connector Issues and Workarounds"
■
Section 13.38, "Documentation Errata"
For a list of bugs that are fixed in WebLogic Server 11g Release
1 (10.3.6), enter the following document ID in the Search Knowledge
Base field. You must enter the entire document ID.
Note:
1302753.1
13.1 General Issues and Workarounds
This section describes the following issues and workarounds:
■
Section 13.1.1, "Multi-Byte Characters Display Incorrectly in Filenames When
Using Safari"
■
Section 13.1.2, "Oracle WebLogic Server Version Number"
■
Section 13.1.3, "Oracle ojdbc14.jar File Has Been Changed to ojdbc6.jar"
■
■
■
■
Section 13.1.4, "Strong Password Enforcement May Cause Issues With WLST
Offline Scripts"
Section 13.1.5, "In Turkish Locale, MDS Initialization Fails"
Section 13.1.6, "Administration Server Reports a 'Too Many Open Files' Message
on the EM Console"
Section 13.1.7, "Availability of Sun JDK 6 U35-B52 for 10.3.5.0 Oracle WLS Generic
Installation"
13.1.1 Multi-Byte Characters Display Incorrectly in Filenames When Using Safari
When using the Safari browser to download content, if a filename contains multi-byte
characters, the characters are displayed as '------' in the filename.
Workaround
Set UseHeaderEncoding to true on the Managed Server. Use the following WLST
commands to do so:
connect("admin_name", "admin_password", "t3://localhost:port")
edit()
startEdit()
13-2 Release Notes
General Issues and Workarounds
cd("Servers/server_name/WebServer/server_name")
set("UseHeaderEncoding", "true")
save()
activate()
exit()
13.1.2 Oracle WebLogic Server Version Number
Oracle Fusion Middleware 11g contains Oracle WebLogic Server 11g. The version
number of Oracle WebLogic Server is 10.3.6.
13.1.3 Oracle ojdbc14.jar File Has Been Changed to ojdbc6.jar
The Oracle ojdbc14.jar file has been changed to ojdbc6.jar, for use with JDK 5 or 6.
As a result, any explicit references you make to ojdbc14.jar must be changed to
ojdbc6.jar.
13.1.4 Strong Password Enforcement May Cause Issues With WLST Offline Scripts
With the implementation of strong password enforcement (8 character minimum with
one numeric or special character) in this release of WebLogic Server, existing scripts
could potentially encounter issues.
Workaround
Use either of the following workarounds to bypass the new password restrictions.
■
Set the BACKWARD_COMPAT_PW_CHECK environment variable to true.
■
Include the -Dbackward.compat.pw.check=true option when invoking WLST.
Oracle recommends that you change passwords to comply with the new password
requirements, as this variable and option will be removed in a future release of
WebLogic Server.
13.1.5 In Turkish Locale, MDS Initialization Fails
Any applications that use an MDS repository cannot be deployed or run with the
JAXB version bundled with WebLogic Server as null values are returned for attributes
named id.
Workaround
Start the server in English locale.
13.1.6 Administration Server Reports a 'Too Many Open Files' Message on the EM
Console
The WebLogic Server Administration Server reports a Too Many Open Files message
on the Enterprise Manager (EM) console when the maximum number of file
descriptors configured for the Administration Server is less than 65535.
Workaround
Execute the following command to determine the maximum number of file descriptors
currently configured:
cat /proc/sys/fs/file-max
If the value is less than 65535, perform the following steps:
Oracle WebLogic Server 13-3
Administration Console Issues and Workarounds
1.
Edit the file /etc/security/limits.conf with root permission:
> sudo vi /etc/security/limits.conf
2.
Append the following two lines, using a value of 65535 or greater:
*
*
soft
hard
nofile
nofile
65535
65535
3.
Start a new terminal session.
4.
Execute the limit descriptors command to verify that descriptors has been
increased to the specified value (at least 65535).
> limit descriptors
descriptors 65535
13.1.7 Availability of Sun JDK 6 U35-B52 for 10.3.5.0 Oracle WLS Generic Installation
Sun JDK 1.6.0.U35-B52 version is required for Oracle WebLogic Server 10.3.5.0 (PS4)
generic installation on Linux x86-64, Microsoft Windows x64 (64-Bit), and Oracle
Solaris platforms.
The mentioned version of JDK is not available for download from the Oracle Web site:
http://www.oracle.com/technetwork/indexes/downloads/index.html
Complete the following steps to download the required JDK version:
1.
Go to My Oracle Support:
https://support.oracle.com
2.
Click the Patches & Updates tab.
3.
Enter patch 12346791 in the Patch Name or Number field, under Patch Search.
4.
Click Search.
5.
Select and download the patch for the required platform by following the
instructions in the README file included with the patch.
13.2 Administration Console Issues and Workarounds
This section describes the following issues and workarounds:
■
Section 13.2.1, "Cached JDBC Information is not Displayed"
■
Section 13.2.2, "Pressing Browser Back Button Discards Context"
■
Section 13.2.3, "Unsupported Work Manager Configurations Can Be Created"
■
Section 13.2.4, "Server Status Table Reflects Inconsistent Information"
■
Section 13.2.5, "Exceptions When Defining a Security Policy for an EJB"
■
Section 13.2.6, "Administration Console Does Not Always Reflect External
Changes Made in a Deployment Plan"
■
Section 13.2.7, "Oracle OCI Driver Support"
■
Section 13.2.8, "Data Takes a Long Time to Display on the Metric Browser Tab"
13-4 Release Notes
Administration Console Issues and Workarounds
13.2.1 Cached JDBC Information is not Displayed
Information about cached JDBC statements is not displayed on the JDBC Monitoring
pages.
13.2.2 Pressing Browser Back Button Discards Context
After a page flow completes in the Administration Console, it forwards to a different
page, typically a table.
Pressing the browser Back button at this point results in an attempt to load the last JSP
file in the completed assistant. At this point, all of the context for this assistant is
discarded.
Workaround
Oracle recommends that you do not use the browser Back button to step back into an
assistant once changes are cancelled or finished, and that you do not go back to a
previous step in an assistant. Instead, use the navigation links and buttons in the
Administration Console.
13.2.3 Unsupported Work Manager Configurations Can Be Created
The Administration Console permits the creation of Work Manager configurations that
are not supported and do not function as intended. Incorrect Work Manager
configurations may result in a number of exceptions being recorded in the server logs,
most commonly 'Validation problems were found' exceptions while parsing
deployment descriptors.
Workaround
Follow the guidelines described in the online help for Work Manager configurations.
Specifically, you can only assign one request class to any given Work Manager, and
that request class must be of the same or a broader scope than the Work Manager. You
should not assign an application-scoped request class to a global Work Manager, and
you should not create more than one application-scoped request class for an
application-scoped Work Manager.
Correcting the Work Manager configurations to match the documented constraints
resolves these issues.
13.2.4 Server Status Table Reflects Inconsistent Information
The Server Status table on the Cluster: Monitoring: Summary page includes two
default columns: Primary and Secondary Distribution Names. These fields do not
always reflect all of the replication statistics that are collected and displayed on the
Cluster: Monitoring: Failover page, depending on the replication scenario.
Please refer to the Cluster: Monitoring: Failover page for definitive information.
13.2.5 Exceptions When Defining a Security Policy for an EJB
When defining security policies in the Administration Console for an EJB deployment
that references types defined in a separate library deployment, exceptions can be
observed if that library deployment is not available to the Console.
Oracle WebLogic Server 13-5
Apache Beehive Support Issues and Workarounds
Workaround
All library deployments should be targeted at the WebLogic Server Administration
Server as well as any Managed Servers needed to support referencing applications.
This will ensure that when defining policies, the Console will have access to those
library deployments so that referenced types can be class-loaded as needed.
13.2.6 Administration Console Does Not Always Reflect External Changes Made in a
Deployment Plan
The Administration Console does not always reflect external changes made in a
deployment plan. If a change is made in a deployment plan outside of the Console (for
example, using Workshop, editing the plan text files directly, or updating a
deployment with a new plan using WLST or webLogic.Deployer) while a Console user
is also viewing that deployment plan, the Console user will not see those changes.
Workaround
Navigate to a configuration page for a different deployment, then navigate back to the
original deployment again.
13.2.7 Oracle OCI Driver Support
The Oracle OCI driver is no longer explicitly listed as a preconfigured driver type in
the Administration Console.
Workaround
The Oracle OCI driver remains a supported driver for application data connectivity,
consistent with prior releases of Oracle WebLogic Server. However, users must now
specify all required configuration properties manually, including the data base
username.
13.2.8 Data Takes a Long Time to Display on the Metric Browser Tab
When using Internet Explorer 7 (IE 7) to display data on the Metric Browser tab of the
Monitoring Dashboard, it takes an unusually long time for the data to display, and
during this time, the page is unresponsive. The amount of time it takes to display data
on this tab depends on the size of the domain.
Workaround
If you need to display data on the Monitoring Dashboard > Metric Browser tab, open
the Administration Console in a supported web browser other than IE 7, such as
Internet Explorer 8 or greater, Firefox 3 or greater, or Safari 4 or greater.
13.3 Apache Beehive Support Issues and Workarounds
There are no known Apache Beehive Support issues in this release of WebLogic Server.
13.4 Clustering Issues and Workarounds
This section describes the following issue and workaround:
■
13-6 Release Notes
Section 13.4.1, "Threads Are Blocked on Cluster Messaging in Unicast Mode"
Configuration Issues and Workarounds
13.4.1 Threads Are Blocked on Cluster Messaging in Unicast Mode
When using Unicast mode for cluster communication, many threads are blocked on
cluster messaging, which may result in cluster members having difficulty sending
heartbeat messages. In this situation, some cluster members drop out from the cluster
and may take some time to rejoin the cluster.
Workaround
Set the following system property to resolve this issue:
-Dweblogic.unicast.HttpPing=true
13.5 Configuration Issues and Workarounds
This section describes the following issues and workarounds:
■
■
■
Section 13.5.1, "ASProvWorkflowException Occurs When Creating a WebLogic
Domain"
Section 13.5.2, "Directory For a Non-Existent Server Name Is Created"
Section 13.5.3, "Abnormal Behavior in Terminal Window After Entering WebLogic
Password"
■
Section 13.5.4, "Creating and Updating Domains Takes Too Long"
■
Section 13.5.5, "Password Field Is Not Editable When Configuring a New Domain"
13.5.1 ASProvWorkflowException Occurs When Creating a WebLogic Domain
In rare cases, if your installation environment contains existing JAVA_OPTIONS prior
to starting a Fusion Middlware product installation, these may cause an
ASProvWorkflowException, preventing the domain from being created.
Workaround
Prior to starting the Fusion Middleware product installation, clear the existing JAVA_
OPTIONS. If you have an applicagtion in the environment that use these JAVA_
OPTIONS, the applications may not work after clearing the options. In this case, save
the existing JAVA_OPTIONS to a text file and investigate alternatives for running your
other application.
13.5.2 Directory For a Non-Existent Server Name Is Created
If you attempt to connect to the WebLogic Server Administration Server with a
non-existent server name, a directory for the non-existent server name is created under
the domain_name/servers directory.
Workaround
Specify a valid server name when connecting to the Administration Server.
13.5.3 Abnormal Behavior in Terminal Window After Entering WebLogic Password
After pressing Ctrl-C to terminate the startManagedWebLogic.sh process immediately
after entering the WebLogic password, abnormal behavior may be experienced in the
terminal window. For example, when pressing Return, the prompt is tabbed instead of
going to the next line, and any characters that are entered at the prompt are not
displayed in the terminal.
Oracle WebLogic Server 13-7
Connector (Resource Adapter) Issues and Workarounds
Workaround
Either close the current xterm and start a new one, or enter stty echo into the xterm.
13.5.4 Creating and Updating Domains Takes Too Long
It can take a long time to create or update WebLogic Server domains when:
■
Installing WebLogic Server on UNIX or Linux operating systems if the Server
Examples are included in the installation.
■
Using the WebLogic Server Configuration Wizard to create or update a domain.
■
Using WLST to create or update a domain.
Workaround
Set the CONFIG_JVM_ARGS environment variable to the following value:
-Djava.security.egd=file:/dev/./urandom
13.5.5 Password Field Is Not Editable When Configuring a New Domain
On Linux systems, when creating a new domain in the Oracle Fusion Middleware
Configuration Wizard, the Password and Confirm Password fields are sometimes not
editable, and you cannot enter a password to create a domain.
Workaround
There are two ways to work around this issue:
■
■
To work around the issue each time it happens, click the Close Window X button
in the upper right corner of the Configuration Wizard. In the confirmation dialog
that appears, click No to return to the Configuration Wizard. You can then enter
and confirm the password for the domain.
To fix this issue permanently:
1.
Kill all scim processes. For example:
kill `pgrep scim`
2.
Modify (or create) the file ~/.scim/config to include the following line
(case-sensitive):
/FrontEnd/X11/Dynamic = true
3.
If you are running VNC, restart the VNC server.
4.
Run the Configuration Wizard again.
13.6 Connector (Resource Adapter) Issues and Workarounds
There are no known Connector (Resource Adapter) issues in this release of WebLogic
Server.
13.7 Console Extensions Issues and Workarounds
There are no known Extensions issues in this release of WebLogic Server.
13-8 Release Notes
Core Server and Core Work Manager Issues and Workarounds
13.8 Core Server and Core Work Manager Issues and Workarounds
This section describes the following issues and workarounds:
■
Section 13.8.1, "Threads Become Stuck While Waiting to Get a Connection"
■
Section 13.8.2, "Using IPv6-Formatted Addresses"
■
Section 13.8.3, "Server Cannot Be Started After a Whole Server Migration"
■
Section 13.8.4, "Object State is not Retained After Renaming Field"
■
Section 13.8.5, "Forcing Unicast Messages To Be Processed in Order"
■
■
■
Section 13.8.6, "Servers Configured to Listen on a Host Name Are Listening on a
Different Host Name After Startup"
Section 13.8.7, "Administration Server or Node Manager Cannot Track the Status
of a Managed Server"
Section 13.8.8, "Multicast Traffic Observed to be Unreliable During or After a
Network Partition"
13.8.1 Threads Become Stuck While Waiting to Get a Connection
When a machine that is hosting one of the Managed Servers is abruptly shut down, a
network cable is pulled, or its network interface card has issues, and any server
attempts communication with that managed server, threads become stuck waiting to
get a connection.
Workaround
This can currently be resolved by using a private flag:
-Dweblogic.client.SocketConnectTimeoutInSecs
and setting an appropriate timeout value that will release the thread attempting to
make the connection and allow the request to fail quickly.
13.8.2 Using IPv6-Formatted Addresses
When using an IPv6-formatted address for WebLogic Server, the URL should include
square brackets ('[' and ']') for the host address. Otherwise, WLST may fail to connect
to the running server.
Workaround
Add square brackets to the host address. For example:
t3://[fe80:0:0:0:203:baff:fe2f:59e5]:9991
13.8.3 Server Cannot Be Started After a Whole Server Migration
If the WebLogic Server Administration Server is down when a Whole Server Migration
occurs for a clustered server, and the server migrates to a machine on which it was
never run before, the server cannot be started on the new machine.
Workaround
Use one of the following workarounds for this issue:
■
Ensure that the Administration Server is up when the server migration is being
performed.
Oracle WebLogic Server 13-9
Core Server and Core Work Manager Issues and Workarounds
■
Use a shared disk/NFS for all the migratable servers in the cluster.
13.8.4 Object State is not Retained After Renaming Field
When FastSwap is enabled in a J2EE application, you can make certain types of
changes to Java classes during development and expect to see the change without
re-deploying, with all instance states of the Java object being retained.
One type of change that does NOT retain the object state is that when a field name is
changed, it is treated as follows:
■
the field with old name is deleted
■
the field with new name is added
Thus, in this case, any state in the old field is not carried over to the renamed field.
Using the Workshop or FastSwap ant task, you may see a FastSwap operation
completed successfully message, even when an instance field name change causes a
value reset.
Workaround
You should expect an instance value to be reset when you change a field name.
13.8.5 Forcing Unicast Messages To Be Processed in Order
The following conditions can cause very frequent JNDI updates, and as a result, JMS
subscribers may encounter a java.naming.NameNotFoundException:
1.
Unicast messaging is being used for cluster communication.
2.
The JMS topic connection is set with setReconnectPolicy("all").
3.
JMS durable subscribers on topic are created and removed very frequently.
Workaround
To fix this issue, a new property, MessageOrderingEnabled, has been added to the
ClusterMBean. This property forces unicast messages to be processed in strict order. By
default, this property is not enabled. To enable the property, add the following line
manually to the <cluster> element in config.xml.
<message-ordering-enabled>true</message-ordering-enabled>
13.8.6 Servers Configured to Listen on a Host Name Are Listening on a Different Host
Name After Startup
When using a host name to specify configuring the listen address on the WebLogic
Server Administration Server or a Managed Server, machines that are configured with
multiple Ethernet cards may listen on a different host name after startup. For example:
■
The machine has 3 Ethernet cards
■
Card 1 is mapped to hostname1-s (DNS registered host name)
■
Card 2 is mapped to hostname1-i (DNS registered host name)
■
Card 3 is mapped to hostname1 (actual node's host name)
■
You configure the server to listen on hostname1
■
13-10 Release Notes
After starting the server, it is listening on hostname1-s because Windows resolves
the actual node's host name to the first enabled Ethernet card address
Deployment Issues and Workarounds
Workaround
Use one of the following three workarounds for this issue:
1.
Use the IP address, instead of the host name, as the listen address of the WebLogic
Server Administration Server. On Managed Servers, use the IP address as the
listen address, or configure the actual physical host name to the first Ethernet card
in the machine.
2.
Add the following entry to the C:\Windows\system32\drivers\etc\hosts file on
the machine:
<ip_address> <hostname>
3.
Change the order of the network cards in the machine so that the card with the
actual node's host name is Card 1.
13.8.7 Administration Server or Node Manager Cannot Track the Status of a Managed
Server
If you start a managed server by providing an incorrect WebLogic Server
Administration Server URL from the command line (that is, the Administration Server
cannot be reachable at the provided URL), the managed server will start in Managed
Server Independence (MSI) mode.
In this case, neither the Administration Server nor Node Manager can track the status
of the managed server. The Administration Console will show the status of the
managed server as UNKNOWN, but the server will actually be RUNNING in MSI
mode.
13.8.8 Multicast Traffic Observed to be Unreliable During or After a Network Partition
During or after a network partition that causes a server migration to take place,
multicast traffic has been observed to be unreliable. For example, one node may be
receiving multicast traffic, but traffic originating from this node is not received on
other nodes in the network. As a result, the migrated servers are not added to the
cluster because their heartbeats were not received.
Workaround
Currently, the only known workaround is to use unicast cluster messaging.
13.9 Deployment Issues and Workarounds
This section describes the following issues and workarounds:
■
Section 13.9.1, "security-permission Element is not Available in
weblogic-application.xml"
■
Section 13.9.2, "Extraneous String Values Interpreted as File Specification"
■
Section 13.9.3, "java.lang.NoClassDefFoundError is Displayed"
■
■
■
Section 13.9.4, "The restore Method Does Not Update the DConfig Bean With Plan
Overrides"
Section 13.9.5, "config-root <directory> not found Warning Is Displayed When
Applying a Plan"
Section 13.9.6, "Deployment Task Fails When a Large Application File Is
Deployed"
Oracle WebLogic Server
13-11
Deployment Issues and Workarounds
Section 13.9.7, "Application State Is Not Updated If the Server Starts in MSI Mode"
■
Section 13.9.8, "Attempting to Redeploy an Application Fails if the Application is
Already Deployed Using a Different Source File Location"
■
13.9.1 security-permission Element is not Available in weblogic-application.xml
The security-permission element is available in the weblogic.xml and
weblogic-ejb-jar.xml deployment descriptors, but is not available in the
weblogic-application.xml descriptor. Therefore, in an Enterprise application, you
can only apply security policies to JAR files that are EJBs or Web applications.
13.9.2 Extraneous String Values Interpreted as File Specification
The weblogic.Deployer tool interprets any extraneous string values between
command-line arguments as a file specification. For example, if you enter the
command:
java weblogic.Deployer -activate -nostage true -name myname -source
c:\myapp\mymodule
the tool attempts to activate a file specification named true, because the -nostage
option takes no arguments and true is an extraneous string value.
13.9.3 java.lang.NoClassDefFoundError is Displayed
While using the WebLogic Server Administration Console with applications or EJBs
deployed on a Managed Server that depend on a deployed library, you may encounter
a java.lang.NoClassDefFoundError.
Workaround
The WebLogic Server Administration Console needs access to any shared library
deployments so that Java data types and annotations can be processed. Therefore, all
shared library deployments should always be targeted to the WebLogic Server
Administration Server in addition to any Managed Servers or clusters.
13.9.4 The restore Method Does Not Update the DConfig Bean With Plan Overrides
The restore method does not correctly update the DConfig Bean with the plan
overrides. For example, given the following steps:
DeployableObject dObject =
WebLogicDeployableObject.createDeployableObject(new File(appName));
DeploymentConfiguration dConfig =
WebLogicDeploymentManager.createConfiguration(dObject);
dConfig.restore(new FileInputStream(new File(plan)));
the plan does not correctly override the DConfig Bean.
Workaround
Specify the plan when initializing the configuration for the application. For example:
helper = SessionHelper.getInstance(
SessionHelper.getDisconnectedDeploymentManager());
helper.setApplication(app);
helper.setPlan(new File(plan));
helper.initializeConfiguration();
13-12 Release Notes
Deployment Issues and Workarounds
13.9.5 config-root <directory> not found Warning Is Displayed When Applying a Plan
If you use the Administration Console to make configuration changes to an
application, a deployment plan will be generated. If external descriptors are generated
as part of the deployment plan, they are placed in the config root plan directory. This
directory will be set in the deployment plan 'config-root' attribute.
If no external descriptors are required, the config root directory will not be created,
and a warning is displayed when you apply the deployment plan. This results in the
following warning in the server output:
<Warning <WWebLogicDescriptorWL> <BEA-2156000><"config-root" C:\deployments\plan
was not found>.
Workaround
Create the plan directory manually.
13.9.6 Deployment Task Fails When a Large Application File Is Deployed
When a large application file is deployed using the upload option, the deployment
task fails with the following error:
java.lang.OutOfMemoryError: Java heap space
To resolve this issue, a new system property, weblogic.deploy.UploadLargeFile, has
been added. If you see this issue, include this flag in the java command you use to
launch a deployment client.
If you are using the WebLogic Server patch releases 9.2 MP2, 9.2 MP3,10.0 MP1, 10.0
M2, 10.3, 10.3.1, 10.3.2, or 10.3.3, this flag is not needed.
13.9.7 Application State Is Not Updated If the Server Starts in MSI Mode
A managed server will start in MSI mode if the WebLogic Server Administration
Server is not available when the managed server starts. If you start the Administration
Server later, the managed server will connect to the Administration Server. However,
the state of each application deployed to the managed server is not updated to reflect
the state of the applications on the managed server. Each application's state is
displayed as NEW or PREPARED in the WebLogic Server Administration Console.
Workaround
There are two workarounds for this issue:
■
Start the Administration Server before starting the managed server, or
■
Redeploy the application after starting the Administration Server.
13.9.8 Attempting to Redeploy an Application Fails if the Application is Already
Deployed Using a Different Source File Location
If you initially deployed an application using one source file location, then attempt to
redeploy the application using a new location for the source file, the deployment fails
with the following exception:
New source location <new_source_file_path> cannot be configured deployed to
configured application, <application_name>. The application source is at
original_source_file_path. Changing the source location is not allowed for a
previously attempted deployment. Try deploying without specifying the source.
Oracle WebLogic Server
13-13
EJB Issues and Workarounds
This is due to a WebLogic Server deployment restriction. Once you specify the source
file for a deployment, you cannot change it on a redeployment.
Workaround
Undeploy the application before attempting to redeploy it using a new source file
location.
13.10 EJB Issues and Workarounds
This section describes the following issues and workarounds:
■
■
■
■
■
■
■
■
Section 13.10.1, "Primary Key in Oracle Table is CHAR"
Section 13.10.2, "No Available Annotation That Enables Creation of a Clusterable
Timer"
Section 13.10.3, "Kodo's MappingTool Cannot Generate Schemas"
Section 13.10.4, "Extensions to the JPA Metadata Model Can Only Be Specified Via
Annotations"
Section 13.10.5, "Lookup Method Injection Not Supported by Spring"
Section 13.10.6, "Deserializing a JDO PersistenceManagerFactory in a Managed
Environment May Fail"
Section 13.10.7, "Indexes Not Always Created During Schema Creation"
Section 13.10.8, "OpenJPA throws an exception when @Id fields are also annotated
as @Unique"
■
Section 13.10.9, "Cache Hit and Miss Counts May Rise Unexpectedly"
■
Section 13.10.10, "Open JPA Tries to Create a Table Even if the Table Exists"
■
Section 13.10.11, "EJB Applications Fail During Serialization"
■
Section 13.10.12, "Non-Transactional Message-Driven Bean Container Can Fail to
Provide Reproducible Behavior For Foreign Topics"
13.10.1 Primary Key in Oracle Table is CHAR
The primary key in an Oracle table is a CHAR but the query field in the SQL table is a
VARCHAR2.
Workaround
Change the database schema from CHAR to VARCHAR2. Using CHAR as a primary
key is not recommended for the Oracle database.
13.10.2 No Available Annotation That Enables Creation of a Clusterable Timer
There is no annotation for EJB3 beans or Ejbgen that enables creation of a clusterable
timer.
Workaround
Create a weblogic-ejb-jar.xml file and put the <timer-implementation> element and
corresponding values into the file.
13-14 Release Notes
EJB Issues and Workarounds
13.10.3 Kodo's MappingTool Cannot Generate Schemas
Kodo's MappingTool cannot generate schemas for classes that use BLOBs in their
primary key. BLOBs can be used in a primary key, but the schema must be defined
manually. Note that support for BLOB columns in primary keys is not mandated by
either the JDO or JPA specifications.
13.10.4 Extensions to the JPA Metadata Model Can Only Be Specified Via Annotations
Extensions to the JPA metadata model can only be specified via annotations, and not
via a structure similar to the orm.xml file defined by the specification.
Workaround
To specify Kodo-specific metadata for your object model, either:
■
■
use the Kodo-specific annotations, or
convert your XML-based metadata to the JDO metadata format, which does
support XML specification of extensions.
13.10.5 Lookup Method Injection Not Supported by Spring
The Weblogic Spring injection extension model doesn't support lookup method
injection.
13.10.6 Deserializing a JDO PersistenceManagerFactory in a Managed Environment
May Fail
Deserializing a JDO PersistenceManagerFactory in a managed environment may fail.
The exception states that the javax.jdo.PersistenceManagerFactoryClass property
is missing. Note that serializing a PersistenceManagerFactory should not generally
be necessary in a managed environment.
13.10.7 Indexes Not Always Created During Schema Creation
Indexes declared at the class level are not always created during schema creation.
Workaround
Create the indexes manually after running the schema generation tools.
13.10.8 OpenJPA throws an exception when @Id fields are also annotated as @Unique
OpenJPA throws an exception when @Id fields are also annotated as @Unique in some
databases. Database primary keys are unique by definition. Some databases
implement this by creating a unique index on the column.
Workaround
Do not specify both @Id and @Unique on a single field.
13.10.9 Cache Hit and Miss Counts May Rise Unexpectedly
The cache hit and miss counts may rise unexpectedly when manipulating entities
without version data. The extra cache access occurs when the EntityManager closes
and all contained entities are detached. Entities without version fields appear to the
system to be missing their version data, and the system responds by checking their
version in the cache before detachment.
Oracle WebLogic Server
13-15
Examples Issues and Workarounds
Workaround
Entities with version fields or other version strategies do not cause extra cache access.
13.10.10 Open JPA Tries to Create a Table Even if the Table Exists
When using the MySQL database, and OpenJPA is configured to automatically run the
mapping tool at runtime and create tables within the default schema (for example):
<property name='openjpa.jdbc.SynchronizeMappings' value='buildSchema'/>
<property name='openjpa.jdbc.Schema' value='MySQL database name' />
OpenJPA will try to create the table even if the table already exists in the database. A
PersistenceException will be thrown to indicate that the table already exists and the
table creation statement fails.
Workaround
To avoid this problem, if you are using the MySQL database, don't configure OpenJPA
to automatically run the mapping tool at runtime and specify the default schema at the
same time.
13.10.11 EJB Applications Fail During Serialization
EJB applications that use IIOP and send JPA entities from the server to the client will
fail during deserialization if the entities are Serializable (but not Externalizable) and do
not declare a writeObject() method.
Workaround
Add a writeObject() method to such entity classes. The write object can be trivial:
private void
writeObject(java.io.ObjectOutputStream out)
throws IOException {
out.defaultWriteObject();
}
13.10.12 Non-Transactional Message-Driven Bean Container Can Fail to Provide
Reproducible Behavior For Foreign Topics
When using multi-threaded processing for non-transactional topic Message-Driven
Beans (MDBs) that specify a foreign topic (non-WebLogic) JMS, the MDB container can
fail to provide reproducible behavior. For example, if a runtimeException is thrown in
the onmessage() method, the container may still acknowledge the message.
Workaround
Set the max-beans-in-free-pool attribute to 1 in the deployment descriptor.
13.11 Examples Issues and Workarounds
This section describes the following issues and workarounds:
■
Section 13.11.1, "Security Configuration in medrec.wls.config"
■
Section 13.11.2, "HTML File not Created for StreamParser.java File"
■
13-16 Release Notes
Section 13.11.3, "Warning Message Appears When Starting Medrec or Samples
Domain"
HTTP Publish/Subscribe Server Issues and Workarounds
13.11.1 Security Configuration in medrec.wls.config
The medrec.wls.config target in SAMPLES_
HOME/server/medrec/setup/build.xml has a known issue with respect to security
configuration.
13.11.2 HTML File not Created for StreamParser.java File
The ../xml/stax example contains two files with the same root but different
extensions: StreamParser.java and StreamParser.jsp. The samples viewer build,
however, creates just one corresponding HTML file, rather than two for each type of
file. In this case only the StreamParser.jsp file has an equivalent HTML file; the
StreamParser.java file does not.
The problem occurs because of a setting in the build.xml file that controls the behavior
of java2html to generate the files for the documentation.
When using java2html, the useShortFileName="true" parameter crops off the file
extensions for the source files to create the file names for the HTML output files. If two
files have the same name and different file extensions, whichever HTML file is
generated last will overwrite previous ones.
Workaround
Set the useShortFileName parameter to "false". This setting generates HTML files with
the file extensions included in the name. The drawback to this solution is that every
link that points to the HTML output file needs to be revised, regardless of whether the
files in question were affected by the bug.
13.11.3 Warning Message Appears When Starting Medrec or Samples Domain
When you start the medrec or samples domains, you may see a warning message
similar to this:
<Warning> <WorkManager> <BEA-002919> <Unable to find a WorkManager with name
weblogic.wsee.mdb.DispatchPolicy. Dispatch policy
weblogic.wsee.mdb.DispatchPolicy will map to the default WorkManager for the
application bea_wls_async_response>
This warning message appears in the standard output of the Console while starting a
WebLogic Server sample application with an asynchronous Web Service deployed.
Workaround
The warning is harmless and can be ignored.
13.12 HTTP Publish/Subscribe Server Issues and Workarounds
This section describes the following issues and workarounds:
■
■
■
Section 13.12.1, "Authentication and Authorization of the Local Client is not
Supported"
Section 13.12.2, "Event Messages Published by Local Clients Cannot Be Received"
Section 13.12.3, "Event Messages Published By Local Clients Do Not Go Through
Filters"
Oracle WebLogic Server
13-17
Installation Issues and Workarounds
13.12.1 Authentication and Authorization of the Local Client is not Supported
The HTTP Publish/Subscribe server does not support authentication and
authorization of the local client. The local client has full permissions to operate on
channels of the HTTP Publish/Subscribe server, which means the local client can
create/delete channels and publish/subscribe events from channels.
13.12.2 Event Messages Published by Local Clients Cannot Be Received
In a clustering environment, event messages published by a local client on a server can
be received only by subscribed clients connected to the same server. These messages
cannot be received by subscribed clients connected to other servers in the cluster.
13.12.3 Event Messages Published By Local Clients Do Not Go Through Filters
Event messages published to a channel by a local client will not go through the
Message Filters configured to that channel.
13.13 Installation Issues and Workarounds
This section describes the following issues and workarounds:
■
■
■
■
Section 13.13.1, "Sybase JDBC Drivers Not Downloaded with Upgrade
Installation"
Section 13.13.2, "Improper Rollback to Previous Installation May Occur After
Exiting an Upgrade Installation Prematurely"
Section 13.13.3, "WebLogic Server Installer Fails With Insufficient Disk Space
Error"
Section 13.13.4, "Installation Fails with Fatal Error"
13.13.1 Sybase JDBC Drivers Not Downloaded with Upgrade Installation
The Oracle WebLogic Server 11g Release 1 installer does not download the Sybase
JDBC drivers. When you try to upgrade an existing WebLogic Server 10.3 installation
using the latest installer, it does not remove the Sybase JAR files from the original
installation. The installer upgrades only the weblogic.jar file.
The Sybase JAR files (jconn2.jar, jconn3.jar, and jConnect.jar) in the /server/lib or
/server/ext/jdbc/sybase directories are removed from the manifest classpath in the
upgraded weblogic.jar file. Therefore, if the classpath of a WebLogic Server application
does not include Sybase JAR files and only includes weblogic.jar then after the
upgrade installation, the application will throw a ClassNotFoundException.
To work around this issue, explicitly add Sybase JAR files in the WebLogic Server
application classpath.
13.13.2 Improper Rollback to Previous Installation May Occur After Exiting an Upgrade
Installation Prematurely
When using an Upgrade installer or Smart Update to upgrade an existing WebLogic
Server 10.3.x installation to WebLogic Server 10.3.4, if you abort the upgrade before
completion, the installation should automatically roll back to the prior installation.
This may not always occur, resulting in an unusable installation.
13-18 Release Notes
Java EE Issues and Workarounds
13.13.3 WebLogic Server Installer Fails With Insufficient Disk Space Error
The WebLogic Server installer can fail with an insufficient disk space error, even when
there is a large amount of available disk space on the file system or disk.
Workaround
Use the -Dspace.detection property in the installation command to disable the
available space check. For example:
java -Xmx1024M -Dspace.detection=false -jar installer_file_name
-mode=silent -silent_xml=silent.xml
or
wls1034_linux.bin -Dspace.detection=false
13.13.4 Installation Fails with Fatal Error
The installer does not verify whether sufficient disk space is available on the machine
prior to completing the installation. As a result, if an installation cannot be completed
due to insufficient space, the installer displays the following error message and exits:
Fatal error encountered during file installation. The installer will now
cleanup and exit!
Workaround
If this problem occurs, restart the installer using the following command:
server103_linux32.bin -log=log.out -log_priority=debug
The preceding command generates a log of the installation procedure, providing
details about the exact cause of the failure. If the cause is indeed insufficient space, the
log file indicates it explicitly.
13.14 Java EE Issues and Workarounds
This section describes the following issues and workarounds:
■
■
■
Section 13.14.1, "FastSwap May Relax the Access Modifiers of Fields and Methods"
Section 13.14.2, "FastSwap Does Not Support Redefinition of the Entity Bean and
ejbClass"
Section 13.14.3, "Classpath Order Is Not Guaranteed When There Are Multiple
JARs in an EAR File"
13.14.1 FastSwap May Relax the Access Modifiers of Fields and Methods
FastSwap may relax the access modifiers of fields and methods. Private and protected
members may be made public at runtime. This changes the behavior of reflection and
may affect reflection-based frameworks such as Struts.
13.14.2 FastSwap Does Not Support Redefinition of the Entity Bean and ejbClass
FastSwap does not support redefinition of the Entity bean and ejbClass
(Session/MDB). Therefore, any updates to entity classes will cause redefinition errors.
Workaround
After updating an entity class, redeploy the application.
Oracle WebLogic Server
13-19
JDBC Issues and Workarounds
13.14.3 Classpath Order Is Not Guaranteed When There Are Multiple JARs in an EAR
File
When you have an EAR file containing separate JAR files, and two or more of those
JAR files have a class with the same name, it is not possible to predict from which of
those JAR files WebLogic Server will instantiate the class. This is not an issue if the
classes are the same, but if they are different implementations, the results are
unpredictable.
Workaround
Currently there is no known workaround for this issue.
13.15 JDBC Issues and Workarounds
This section describes the following issues and workarounds:
■
■
■
Section 13.15.1, "Call To setTransactionIsolation() May Fail When Using the JDBC
Driver for MS SQLServer"
Section 13.15.2, "An Attempt to Access a Remote 10.3.2 or Later WLS Data Source
Fails"
Section 13.15.3, "ORA-01591 Errors Occur on SOA Servers Configured to Use
Multiple Oracle RAC Nodes"
13.15.1 Call To setTransactionIsolation() May Fail When Using the JDBC Driver for MS
SQLServer
When using the JDBC driver for MS SQLServer, a call to setTransactionIsolation()
may fail in a transactional context if getTransactionIsolation() is called first.
13.15.2 An Attempt to Access a Remote 10.3.2 or Later WLS Data Source Fails
A new system property, -Dweblogic.jdbc.remoteEnabled, has been added to JDBC in
Oracle WebLogic Server 10.3.2. For compatibility with prior releases of WebLogic
Server, the default setting of this property is true. When this property is set to false,
remote JDBC access is turned off, and such access results in an exception.
Remote access may occur explicitly in an application, or implicitly during a global
(XA/JTA) transaction with a participating non-XA data source that is configured with
the LLR, 1PC or Emulate XA global transaction option. The following enumerates the
cases when an exception will be thrown, and work-arounds for each case (if any).
An exception occurs in the following cases. A workaround (if any) for a given case is
provided.
■
■
■
When a stand-alone client application uses any type of data source.
When an application that is hosted on WebLogic Server uses any type of data
source, and the data source is not configured (targeted) locally. A potential
workaround is to target the data source locally.
When accessing a same named non-XA data source with a transaction option of
LLR, 1PC or Emulate XA on multiple WebLogic Server instances in the same
global transaction. In this case, there are two potential work-arounds:
–
13-20 Release Notes
Change data sources to use XA instead (this may lower performance), or
JMS Issues and Workarounds
–
■
For the 1PC/emulateXA types, change the application to ensure the data
source is accessed from a single server.
When accessing a non-XA data source with the LLR transaction option on a server
that is different than the transaction coordinator. For server-initiated transactions,
the coordinator location is chosen based on the first participating resource in the
transaction. In this case, there are two potential work-arounds: (a) change the data
source to use XA instead (this may lower performance); or (b) change the
application to ensure data source access on the transaction coordinator, as
described in "Optimizing Performance with LLR" in Oracle Fusion Middleware
Programming JTA for OracleWebLogic Server. The latter may not be possible in
some cases; for example, when an MDB application receives messages from a
remote WebLogic JMS server, the transaction coordinator will always be the
WebLogic server that's hosting the JMS server, but it may not be possible to move
the MDB application to the same WebLogic server.
–
Change the data source to use XA instead (this may lower performance), or
–
Change the application to ensure data source access on the transaction
coordinator, as described in "Optimizing Performance with LLR" in Oracle
Fusion Middleware Programming JTA for Oracle WebLogic Server. This
workaround may not be possible in some cases. For example, when an MDB
application receives messages from a remote WebLogic JMS server, the
transaction coordinator will always be the WebLogic Server instance that is
hosting the JMS server, but it may not be possible to move the MDB
application to the same WebLogic Server instance.
13.15.3 ORA-01591 Errors Occur on SOA Servers Configured to Use Multiple Oracle
RAC Nodes
On SOA servers using multiple Oracle RAC database nodes, when WebLogic Server
multi data sources are configured for XA and load balancing, ORA-10591 errors can
occur.
Workaround
Download and apply Oracle RAC database patch 7675269 for Linux x86, Oracle
Release 11.1.0.7.0. You can download this patch from My Oracle Support.
Alternatively, you can download and apply patch set 9007079 for Linux x86, Oracle
Release 11.1.0.7.0, which includes the patch 7675269.
13.16 JMS Issues and Workarounds
This section describes the following issues and workarounds:
■
■
■
■
■
■
Section 13.16.1, "Deployment Descriptor Validation Fails"
Section 13.16.2, "Exception When Multiple Producers Use the Same Client SAF
Instance"
Section 13.16.3, "Multi-byte Characters are not Supported in Store File and
Directory Names"
Section 13.16.4, "Generation of the Default UOO Name Has Changed"
Section 13.16.5, "Testing Abrupt Failures of WebLogic Server When Using File
Stores on NFS"
Section 13.16.6, "JMS Message Consumers Will Not Always Reconnect After a
Service Migration"
Oracle WebLogic Server
13-21
JMS Issues and Workarounds
■
Section 13.16.7, "Forcing Unicast Messages To Be Processed in Order"
13.16.1 Deployment Descriptor Validation Fails
Deployment descriptor validation fails when descriptor validation is enabled, and an
EAR file contains only JMS modules.
Workaround
Make sure that there is at least one J2EE specification-compliant module in the EAR.
13.16.2 Exception When Multiple Producers Use the Same Client SAF Instance
When multiple JMS producers use the same JMS Client SAF instance (within a single
JVM), depending on the timing of the JMS SAF client creation, you might receive the
following exception:
Error getting GXA resource [Root exception is weblogic.jms.common.JMSException:
weblogic.messaging.kernel.KernelException: Error getting GXA resource]
Workaround
When using multiple JMS SAF client producers, try introducing a small delay between
the creation of each new client.
13.16.3 Multi-byte Characters are not Supported in Store File and Directory Names
There is no support for multi-byte characters in WebLogic Store file and directory
names. For instance, when the WebLogic Server name has multi-byte characters, the
default store cannot be created, and WebLogic Server will not boot.
Workaround
Create WebLogic Server instances without multi-byte characters in the path name and
use that path name for the default store configuration. Do not use multi-byte
characters in the Weblogic Server name.
13.16.4 Generation of the Default UOO Name Has Changed
WebLogic Server 10.3.4 contains a fix for configurations that set a default unit-of-order
(UOO) on a JMS regular destination, distributed destination, or template. This fix
ensures that the default unit-of-order name stays the same even after a restart of the
destination's host JMS server. The default UOO name is now based on the domain,
JMS server, and destination names.
13.16.5 Testing Abrupt Failures of WebLogic Server When Using File Stores on NFS
Oracle strongly recommends verifying the behavior of a server restart after abrupt
machine failures when the JMS messages and transaction logs are stored on an NFS
mounted directory. Depending on the NFS implementation, different issues can arise
post failover/restart. For more information, see Section 6.3, "Testing Abrupt Failures of
WebLogic Server When Using File Stores on NFS."
13.16.6 JMS Message Consumers Will Not Always Reconnect After a Service Migration
JMS message consumers will not always reconnect after a service migration when an
application's WLConnection.getReconnectPolicy() attribute is set to all. If the
13-22 Release Notes
JSP and Servlet Issues and Workarounds
consumers do not get migrated, either an exception is thrown or onException will
occur to inform the application that the consumer is no longer valid.
Workaround
The application can refresh the consumer either in the exception handler or through
onException.
13.16.7 Forcing Unicast Messages To Be Processed in Order
Certain conditions can cause very frequent JNDI updates, and as a result, JMS
subscribers may encounter a java.naming.NameNotFoundException. For more
information, see Section 13.8.5, "Forcing Unicast Messages To Be Processed in Order."
13.17 JNDI Issues and Workarounds
There are no known JNDI issues in this release of WebLogic Server.
13.18 JSP and Servlet Issues and Workarounds
This section describes the following issues and workarounds:
■
■
■
Section 13.18.1, "Deployment Plans Cannot Be Used To Override Two Descriptors"
Section 13.18.2, "Spring Dependency Injection Not Supported on JSP Tag
Handlers"
Section 13.18.3, "503 Error When Accessing an Application With a Valid sessionid"
13.18.1 Deployment Plans Cannot Be Used To Override Two Descriptors
Deployment plans cannot be used to override the following two descriptors during
deployment of a Web application or a Web module:
WEB-INF/classes/META-INF/persistence.xml and
WEB-INF/classes/META-INF/persistence-configuration.xml. Deployment plans can
otherwise be used to override any descriptor.
Workaround
Package WEB-INF/classes/META-INF/persistence.xml and
WEB-INF/classes/META-INF/persistence-configuration.xml (if present) along with
related class files into a JAR file. The JAR file must then be placed in the WEB-INF/lib
directory of the Web application or Web module. A deployment plan can be used to
override the two descriptors in such a JAR file.
13.18.2 Spring Dependency Injection Not Supported on JSP Tag Handlers
With the Spring extension model enabled, WebLogic Server 10.3 or later does not
support Spring Dependency Injection (DI) on JSP tag handlers for performance
reasons.
Currently, WebLogic Server supports Spring DI on most Web components, for
example, servlets, filters and listeners. Spring DI is not, however, presently supported
on JSP tag handlers for performance reasons.
Oracle WebLogic Server
13-23
JTA Issues and Workarounds
13.18.3 503 Error When Accessing an Application With a Valid sessionid
When a session is persistent and an older version of a servlet context is retired,
accessing the application with a valid sessionid will cause a 503 error.
For example, the session-persistent type of a versioned Web application is 'file'. A user
can access the application successfully. Later, version 2 of the application is redeployed
and version 1 is retired. If the same user accesses the application, they will get a 503
error.
13.19 JTA Issues and Workarounds
There are no known JTA issues in this release of WebLogic Server.
13.20 Java Virtual Machine (JVM) Issues and Workarounds
This section describes the following issues and workarounds:
■
■
Section 13.20.1, "1.4 Thin Client Applet Cannot Contact WebLogic Server"
Section 13.20.2, "Applications Running on Some Processors May Experience
Intermittent Time Issues"
■
Section 13.20.3, "JRockit JVM Appears to Freeze When Doing Long Array Copies"
■
Section 13.20.4, "Serial Version UID Mismatch"
■
Section 13.20.5, "JVM Stack Overflow"
■
Section 13.20.6, "Using AWT libraries May Cause a JVM Crash"
13.20.1 1.4 Thin Client Applet Cannot Contact WebLogic Server
Due to a known Sun Microsystems VM bug (513552), a 1.4 Thin Client Applet cannot
contact WebLogic Server 9.0 or later. This is because the VM does not distinguish
correctly between a client and a server connection. The VM creates a server-type
connection and caches it. It then attempts to make a client-type connection, finds the
cached connection and tries to use that, but then encounters an error because clients
are not allowed to use server connections.
13.20.2 Applications Running on Some Processors May Experience Intermittent Time
Issues
Applications that run on RH Linux on Intel G5 processors and that also directly or
indirectly use system time calls may experience intermittent time issues if the
ClockSource is set to tsc (the default). The standard POSIX C gettimeofday() call,
and consequently also the Java System.currentTimeMillis() and java.util.Date()
calls can intermittently return a value that is approximately 4400 seconds in the future,
even in a single-threaded application.
This issue is not unique to WebLogic or Java, but applies to any application running on
RH Linux on Intel G5 processors. Issues can occur for applications that either explicitly
make a time call using standard Java, or explicitly by using any time-based application
server services.
Possible symptoms include, but are not limited to, premature transaction timeouts,
unexpected expiration of JMS messages, and incorrectly scheduled timers.
If you're interested in a standalone reproducer for this problem, contact Oracle and
reference bug number 8160147.
13-24 Release Notes
Java Virtual Machine (JVM) Issues and Workarounds
Workaround
There is no known official patch for Linux. Instead, change the clock source from tsc
to hpet. After making this modification on test systems, exceptions due to invalid
System.currentTimeMillis()/gettimeofday() return values were no longer seen. To
change the system clock from tsc to hpet on a trial basis, perform the following steps
as root:
1.
Disable ntpd (if running)
2.
Echo 'hpet' &gt; /sys/devices/system/clocksource/clocksource0/current_
clocksource
3.
Enable ntpd
Note that this change will not survive a reboot. For more information, please see:
http://www.gossamer-threads.com/lists/linux/kernel/813344
13.20.3 JRockit JVM Appears to Freeze When Doing Long Array Copies
The JRockit JVM appears to freeze when doing long array copies as part of unlimited
forward rolling. This can happen when multiple server reboots occur due to Out Of
Memory conditions.
Workaround
When booting the servers, include the following JRockit JVM flag:
-XXrollforwardretrylimit:-1
13.20.4 Serial Version UID Mismatch
A Serial Version UID Mismatch issue is encountered if you deploy an application on a
latest JVM, but compiled with previous Service Release of IBM Java 6 JDK.
Workaround
To be compatible with the serialization of previously compiled applications, modify
the BEA_HOME/wlserver_10.3/common/bin/commEnv.sh file to include the following
command:
JAVA_OPTIONS="$JAVA_OPTIONS
-Dcom.sun.xml.namespace.QName.useCompatibleSerialVersionUID=1.0"
Alternatively, you can use the command line option:
export IBM_JAVA_OPTIONS=
"-Dcom.sun.xml.namespace.QName.useCompatibleSerialVersionUID=1.0"
If you intend to deploy new applications with previously compiled applications, they
must be recompiled as necessary to have the same Serial Version UID.
13.20.5 JVM Stack Overflow
You might encounter a JVM stack overflow error or exception while running WebLogic
Server. This issue applies to Oracle Enterprise Linux 4, 5, 5.1 on AMD64 and 64-bit
Xeon platforms.
Workaround
Increase the stack size from the default 128k to 256k.
Oracle WebLogic Server
13-25
Monitoring Issues and Workarounds
13.20.6 Using AWT libraries May Cause a JVM Crash
You might encounter a JVM crash when using GUI libraries such as AWT or
javax.swing (which often delegates to AWT).
Workaround
Start the server using the following flag:
-Djava.awt.headless=true
13.21 Monitoring Issues and Workarounds
This section describes the following issue and workaround:
■
■
■
Section 13.21.1, "MBean Attributes Not Explicitly Marked as @unharvestable
Appear as Harvestable"
Section 13.21.2, "Events Generated By the JVM Level Are Not Generated at Low
Volume"
Section 13.21.3, "WLDF Performance Issues Can Occur When JVM Events Are
Enabled"
13.21.1 MBean Attributes Not Explicitly Marked as @unharvestable Appear as
Harvestable
The @unharvestable tag is not being honored at the interface level. If MBean attributes
are not explicitly marked as @unharvestable, they are considered to be harvestable
and will appear as harvestable in the WebLogic Administration Console.
Workaround
You can explicitly mark MBean attributes as @unharvestable.
13.21.2 Events Generated By the JVM Level Are Not Generated at Low Volume
In WebLogic Server 10.3.3, the default WLDF diagnostic volume setting was Off. As of
WebLogic Server 10.3.4, the default diagnostic volume setting is Low Volume, and
events generated by the JVM level are not being generated at the Low Volume setting
in WebLogic Server 10.3.4 (JVM-level events were generated at the Low Volume setting
in WebLogic Server 10.3.3). The JVM-level events are still generated at the High
Volume and Medium Volume settings in WebLogic Server 10.3.4.
Workaround
Use one of the following workarounds to cause the JVM-level events to be generated:
■
■
Increase the WLDF diagnostic volume to the Medium or High level.
Use JRMC, JRCMD, or the JRockit command line settings to activate a separate
flight recording in the WebLogic Server instance. By doing so, JVM will cause JVM
events to be present at all WLDF diagnostic volume settings (Off, Low, Medium,
and High).
13.21.3 WLDF Performance Issues Can Occur When JVM Events Are Enabled
When JVM events are enabled, WLDF performances issues may occur in the following
situations:
13-26 Release Notes
RMI-IIOP Issues and Workarounds
■
■
If there are no other JRockit flight recordings enabled, performance can degrade
when the WLDF diagnostic volume is set to Medium or High level.
If other JRockit flight recordings are enabled, performance can degrade at all
WLDF diagnostic volume levels (Off, Low, Medium, and High).
13.22 Node Manager Issues and Workarounds
There are no known Node Manager issues in this release of WebLogic Server.
13.23 Operations, Administration, and Management Issues and
Workarounds
There are no known Operations, Administration, and Management issues in this
release of WebLogic Server.
13.24 Oracle Kodo Issues and Workarounds
There are no known Oracle Kodo issues in this release of WebLogic Server.
13.25 Plug-ins Issues and Workarounds
This section describes the following issue for various WebLogic Server plug-ins:
■
Section 13.25.1, "apr_socket_connection Exception Occurs When Using the IIS
Plug-In"
13.25.1 apr_socket_connection Exception Occurs When Using the IIS Plug-In
Under the following circumstances, the IIS plug-in may not work, resulting in an apr_
socket_connection error:
1.
Both the IIS and Weblogic Server instances are on the same machine.
2.
IPv6 is enabled on the machine, but the machine is not in an IPv6 environment
(that is, the IPv6 interface is enabled but is not working).
3.
The listen address of the WebLogic Server instance is set to the simple host name.
4.
Either the directive WebLogicHost or WebLogicCluster is set to the simple host
name for the IIS instance.
13.26 Protocols Issues and Workarounds
There are no known Protocols issues in this release of WebLogic Server.
13.27 RMI-IIOP Issues and Workarounds
This section describes the following issue and workaround:
■
Section 13.27.1, "Ant 1.7 rmic Task Incompatibility"
13.27.1 Ant 1.7 rmic Task Incompatibility
Calls to the Ant version 1.7 rmic task automatically add a -vcompat flag, which is not
compatible with rmic for Oracle WebLogic Server.
Oracle WebLogic Server
13-27
Security Issues and Workarounds
Workaround
Use either of the following workarounds if your rmic call is of the form:
rmic classname="com.bea.crmsimulation.legacyra.LegacyAdapter"
base="${module_location}/core-legacy-ra/classes"
classpath="${core.classes}" compiler="weblogic" />
■
Add a stubversion
<rmic classname="com.bea.crmsimulation.legacyra.LegacyAdapter"
base="${module_location}/core-legacy-ra/classes"
classpath="${core.classes}" compiler="weblogic"
stubversion="1.2"/>
■
Remove the compiler flag
<rmic classname="com.bea.crmsimulation.legacyra.LegacyAdapter"
base="${module_location}/core-legacy-ra/classes"
classpath="${core.classes}"
13.28 Security Issues and Workarounds
This section describes the following issues and workarounds:
■
Section 13.28.1, "StoreBootIdentity Works Only if the Appropriate Server Security
Directory Exists"
■
Section 13.28.2, "Boot Time Failure Occurs With SecurityServiceException"
■
Section 13.28.3, "Authentication Failure After Upgrading a Domain From WLS 6.1"
■
Section 13.28.4, "InvalidParameterException Message Generated and Displayed"
■
■
■
Section 13.28.5, "Enabling Both the Authentication and Passive Attributes In SML
2.0 Service Provider Services Is an Invalid Configuration"
Section 13.28.6, "Running the WebLogic Full Client in a Non-Forked VM"
Section 13.28.7, "Random Number Generator May Be Slow on Machines With
Inadequate Entropy"
13.28.1 StoreBootIdentity Works Only if the Appropriate Server Security Directory
Exists
The option -Dweblogic.system.StoreBootIdentity works only if the appropriate
server security directory exists. This directory is usually created by the Configuration
Wizard or upgrade tool.
However, the appropriate server security directory could be absent in domains
checked into source-control systems.
13.28.2 Boot Time Failure Occurs With SecurityServiceException
A WebLogic Server instance can experience a boot time failure with a
SecurityServiceException when the RDBMS Security Data Store is configured for a
DB2 database using the DB2 driver supplied with WebLogic Server.
Workaround
When RDBMS Security Data Store is using the AlternateId connection property for a
DB2 database, you must also set the additional property
13-28 Release Notes
Security Issues and Workarounds
BatchPerformanceWorkaround as true when using the DB2 driver supplied with
WebLogic Server.
13.28.3 Authentication Failure After Upgrading a Domain From WLS 6.1
After upgrading a domain from WLS 6.1, the WebLogic Server instance will not boot
due to an authentication failure.
Workaround
A system user password must be set up in the WLS 6.1 domain before or after the
upgrade process in order for the WebLogic Server instance to boot properly.
13.28.4 InvalidParameterException Message Generated and Displayed
After you configure either the Identity Provider or Service Provider services for SAML
2.0 and attempt to publish the SAML 2.0 services metadata file, an
InvalidParameterException message may be generated and displayed in the
Administration Console.
Workaround
When configuring the SAML 2.0 federation services for a WebLogic Server instance, be
sure to enable all binding types that are available for the SAML role being configured.
For example, when configuring SAML 2.0 Identity Provider services, you should
enable the POST, Redirect, and Artifact bindings. When configuring SAML 2.0 Service
Provider services, enable the POST and Artifact bindings. Optionally, you may choose
a preferred binding.
13.28.5 Enabling Both the Authentication and Passive Attributes In SML 2.0 Service
Provider Services Is an Invalid Configuration
When configuring SAML 2.0 Service Provider services, enabling both the Force
Authentication and Passive attributes is an invalid configuration that WebLogic Server
is unable to detect. If both these attributes are enabled, and an unauthenticated user
attempts to access a resource that is hosted at the Service Provider site, an exception is
generated and the single sign-on session fails.
Note that the Force Authentication attribute has no effect because SAML logout is not
supported in WebLogic Server. So even if the user is already authenticated at the
Identity Provider site and Force Authentication is enabled, the user is not forced to
authenticate again at the Identity Provider site.
Avoid enabling both these attributes.
13.28.6 Running the WebLogic Full Client in a Non-Forked VM
If the WebLogic Full Client is running in a non-forked VM, for example by means of a
<java> task invoked from an Ant script without the fork=true attribute, the following
error might be generated:
java.lang.SecurityException: The provider self-integrity check failed.
This error is caused by the self-integrity check that is automatically performed when
the RSA Crypto-J library is loaded. (The Crypto-J library, cryptoj.jar, is in the
wlfullclient.jar manifest classpath.)
This self-integrity check failure occurs when the client is started in a non-forked VM
and it uses the Crypto-J API, either directly or indirectly, as in the following situations:
Oracle WebLogic Server
13-29
SNMP Issues and Workarounds
■
■
The client invokes the Crypto-J library directly.
The client attempts to make a T3S connection, which triggers the underlying client
SSL implementation to invoke the Crypto-J API.
When the self-integrity check fails, further invocations of the Crypto-J API fail.
Workaround
When running the full client in a <java> task that is invoked from an Ant script,
always set the fork attribute to true.
For more information about the self-integrity check, see "How a Provider Can Do
Self-Integrity Checking" in How to Implement a Provider in the Java™ Cryptography
Architecture, available at the following URL:
http://download.oracle.com/javase/6/docs/technotes/guides/securi
ty/crypto/HowToImplAProvider.html#integritycheck
13.28.7 Random Number Generator May Be Slow on Machines With Inadequate
Entropy
In order to generate random numbers that are not predictable, SSL security code relies
upon "entropy" on a machine. Entropy is activity such as mouse movement, disk IO, or
network traffic. If entropy is minimal or non-existent, then the random number
generator will be slow, and security operations may time out. This may disrupt
activities such as booting a Managed Server into a domain using a secure admin
channel. This issue generally occurs for a period after startup. Once sufficient entropy
has been achieved on a JVM, the random number generator should be satisfied for the
lifetime of the machine.
For further information, see Sun bugs 6202721 and 6521844 at:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6202721
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6521844
Workaround
On low-entropy systems, you can use a non-blocking random number generator,
providing your site can tolerate lessened security. To do this, add the
-Djava.security.egd=file:///dev/urandom switch or file:///dev/./urandom to the
command that starts the Java process. Note that this workaround should not be used
in production environments because it uses pseudo-random numbers instead of
genuine random numbers.
13.29 SNMP Issues and Workarounds
There are no known SNMP issues in this release of WebLogic Server.
13.30 Spring Framework on WebLogic Server Issues and Workarounds
This section describes the following issues and workarounds:
■
■
13-30 Release Notes
Section 13.30.1, "OpenJPA ClassFileTranformer Does Not Work When Running on
JRockit"
Section 13.30.2, "petclinic.ear Does Not Deploy on WebLogic Server"
Web Applications Issues and Workarounds
13.30.1 OpenJPA ClassFileTranformer Does Not Work When Running on JRockit
The OpenJPA ClassFileTranformer does not work when running WebLogic Server on
JRockit.
Workaround
Use an alternative method of applying enhancements at build time through an
OpenJPA enhancer compiler; do not use the LoadTimeWeaver.
13.30.2 petclinic.ear Does Not Deploy on WebLogic Server
For the SpringSource petclinic sample, the petclinic.war deploys without any
problems. The petclinic.ear will not deploy on WebLogic Server because it is not
packaged correctly. A request has been sent to SpringSource to fix the petclinic.ear
packaging.
13.31 System Component Architecture (SCA) Issues and Workarounds
There are no known SCA issues in this release of WebLogic Server.
13.32 Upgrade Issues and Workarounds
This section describes the following issue:
■
Section 13.32.1, "Domains Created on WebLogic Server 10.3.1 Cannot Be Run on
WebLogic Server 10.3"
13.32.1 Domains Created on WebLogic Server 10.3.1 Cannot Be Run on WebLogic
Server 10.3
If you create a domain using WebLogic Server 10.3.1, then roll back to WebLogic
Server 10.3, you will not be able to start the servers that you created in that domain.
This is a known restriction, as the config.xml file contains references to newer schema
definitions (xmlns.oracle.com) that did not exist in WebLogic Server 10.3.
13.33 Web Applications Issues and Workarounds
This section describes the following issues and workarounds:
■
■
■
■
Section 13.33.1, "Administration Console Fails to Implement session-timeout
Changes"
Section 13.33.2, "Connection Pool Connection Reserve Timeout Seconds Value is
Overridden"
Section 13.33.3, "Database Connections Become Unstable When a
PoolLimitSQLException Occurs"
Section 13.33.4, "Web Page Fails to Open When Accessing It Using the SSL Port"
13.33.1 Administration Console Fails to Implement session-timeout Changes
If the session-timeout is configured in the web.xml file, any changes made to change
the session-timeout using the Administration Console do not take effect.
Oracle WebLogic Server
13-31
WebLogic Server Scripting Tool (WLST) Issues and Workarounds
Workaround
Use a deployment plan to override the session-timeout setting.
13.33.2 Connection Pool Connection Reserve Timeout Seconds Value is Overridden
When using a JDBC session, the value of Connection Reserve Timeout Seconds for a
connection pool is changed to be one of the following:
■
■
the JDBC connection timeout seconds, which is defined in the session descriptor
(either in weblogic.xml or weblogic-application.xml)
the default value of 120 seconds
Workaround
Configure jdbc-connection-timeout-secs in the session descriptor.
13.33.3 Database Connections Become Unstable When a PoolLimitSQLException
Occurs
When a PoolLimitSQLException occurs during a JDBC persistence session,
connections to the database become unstable, and may fail with recovery or fail
without recovery. This results in the loss of session data. Either an older session or null
is returned.
13.33.4 Web Page Fails to Open When Accessing It Using the SSL Port
When accessing a Web page using the SSL port, the page fails to open and the
following error is reported:
Secure Connection Failed
An error occurred during a connection to <hostname>.
You have received an invalid certificate. Please contact the server
administrator or email correspondent and give them the following information:
Your certificate contains the same serial number as another certificate
issued by the certificate authority. Please get a new certificate containing a
unique serial number.
Workaround
The following workaround can be used for Firefox.
If you have received this error and are trying to access a web page that has a
self-signed certificate, perform the following steps in Firefox:
1.
Go to Tools > Options >Advanced > Encryption tab > View Certificates.
2.
On the Servers tab, remove the certificates.
3.
On the Authorities tab, find the Certificate Authority (CA) for the security device
that is causing the issue, and then delete it.
If you are using Internet Explorer or other web browsers, you can ignore the Warning
page that appears and continue to the web page.
13.34 WebLogic Server Scripting Tool (WLST) Issues and Workarounds
This section describes the following issues and workarounds:
13-32 Release Notes
WebLogic Server Scripting Tool (WLST) Issues and Workarounds
■
■
Section 13.34.1, "Permission Denied Error Occurs for WLST Offline Logging"
Section 13.34.2, "Property Names Containing '.' Characters Are Not Supported by
loadProperties"
■
Section 13.34.3, "Invalid cachedir Created by Jython Causes WLST to Error Out"
■
Section 13.34.4, "WLST returnType='a' Option Returns Child Management Objects"
13.34.1 Permission Denied Error Occurs for WLST Offline Logging
When there are multiple processes, owned by different filesystem users, that are
performing concurrent WLST offline operations, a FileNotFoundException,
Permission Denied error may occur.
Workaround
To avoid collisions on log file names, set the following property in the environment
prior to invoking wlst.sh script_name:
export WLST_PROPERTIES="-Dwlst.offline.log=./logs/filename.log"
Substitute a unique name for filename. You must you use a unique name for each log
file to ensure that there will be no log file name collisions.
13.34.2 Property Names Containing '.' Characters Are Not Supported by loadProperties
The WLST loadProperties command does not support loading a property with a
name that contains "." characters. For example, if the property myapp.db.default is
present in the property file, WLST throws a name exception:
Problem invoking WLST - Traceback (innermost last):
File "<iostream>", line 7, in ?
File "<iostream>", line 4, in readCustomProperty
NameError: myapp
This is a system limitation of Python and the loadProperties command. WLST reads
the variable names and values and sets them as variables in the Python interpreter.
The Python interpreter uses "." as a delimiter to indicate module scoping for the
namespace, or package naming, or both. Therefore, the properties file fails because
myapp.db.default.version=9i is expected to be in the myapp.db.default package.
This package does not exist.
Workaround
Use variable names that do not have periods. This will allow you to load the variables
from the property file and refer to them in WLST scripts. You could use another
character such as "_" or lowercase/uppercase character to delimit the namespace.
As an alternative, you can set variables from a properties files. When you use the
variables in your script, during execution, the variables are replaced with the actual
values from the properties file. For example:
myapp.py
var1=10
var2=20
import myapp
print myapp.var1
10
print myapp.var2
20
Oracle WebLogic Server
13-33
WebLogic Server Scripting Tool (WLST) Issues and Workarounds
This will work for one level of namespaces (myapp.var1, myapp.var2). It will not work
for top level variables that share the same name as the namespace (for example,
myapp=oracle and myapp.var1=10). Setting the myapp variable will override the myapp
namespace.
If you need multiple levels, then you can define a package namespace using
directories. Create a myapp/db/default directory with a vars.py file as follows:
var1=10
var2=20
Then import:
import myapp.db.default.vars
print myapp.db.default.vars.var1
10
You may need to add __init__.py files to the subdirectories. Refer to the Python
documentation for more information on packages:
http://docs.python.org/tut/node8.html
13.34.3 Invalid cachedir Created by Jython Causes WLST to Error Out
The default cachedir created by Jython 2.2 is not a valid directory. If you are using
Jython directly from weblogic.jar, this causes WLST to error out.
Workaround
There are two workarounds for this issue:
■
■
When invoking WLST, specify the -Dpython.cachedir=<valid_directory>
parameter, or
Install Jython 2.2.1 separately instead of using the partial Jython that is included in
weblogic.jar.
13.34.4 WLST returnType='a' Option Returns Child Management Objects
The WLST returnType='a' option should only return attributes from the specified
directory. Instead it also returns child management objects. For example:
ls('Server')
drwAdminServer
drwworker01
ls('Server', returnMap='true', returnType='a')
drwAdminServer
drwworker01
ls('Server', returnMap='true',returnType='c')
drwAdminServer
drwworker01
The ls with returnType='a' should not list any child management objects, but
AdminServer and worker01 are children.
Workaround
When processing the output from ls(returnType='a'), check to see if the returned
entry is a directory.
13-34 Release Notes
Web Services and XML Issues and Workarounds
13.35 Web Server Plug-Ins Issues and Workarounds
This section describes the following issue:
■
Section 13.35.1, "MOD_WLS_OHS Does Not Fail Over"
13.35.1 MOD_WLS_OHS Does Not Fail Over
Currently, mod_wl and mod_wl_ohs only support container level failover and not
application level failover. mod_wl_ohs continues to route requests to a down
application as long as the managed server is up and running. In the clustered case,
requests continue to go to the container where the original session started even when
the application is shutdown, typically resulting in the http error 404.
13.36 Web Services and XML Issues and Workarounds
This section describes the following issues and workarounds:
■
■
■
■
Section 13.36.1, "weblogic.wsee.jaxws.mdb.DispatchPolicy WorkManager Cannot
Be Found"
Section 13.36.2, "Multiple Resize Buffer Calls Occur"
Section 13.36.3, "Troubleshooting Problems When Applying the WebLogic
Advanced Web Services for JAX-WS Extension Template"
Section 13.36.4, "Sparse Arrays and Partially Transmitted Arrays Are Not
Supported"
■
Section 13.36.5, "WSDL Compiler Does Not Generate Serializable Data Types"
■
Section 13.36.6, "Use of Custom Exception on a Callback"
■
Section 13.36.7, "Cannot Use JMS Transport in an Environment That Also Uses a
Proxy Server"
■
Section 13.36.8, "clientgen Fails When Processing a WSDL"
■
Section 13.36.9, "JAX RPC Handlers in Callback Web Services Are Not Supported"
■
■
■
■
■
■
■
■
■
Section 13.36.10, "Message-level Security in Callback Web Services Is Not
Supported"
Section 13.36.11, "Handling of Java Method Arguments or Return Parameters That
Are JAX-RPC-style JavaBeans"
Section 13.36.12, "IllegalArgumentException When Using a Two-Dimensional
XML Object in a JWS Callback"
Section 13.36.13, "Using SoapElement[] Results in Empty Array"
Section 13.36.14, "FileNotFound Exception When a Web Service Invokes Another
Web Service"
Section 13.36.15, "Client Side Fails to Validate the Signature on the Server
Response Message"
Section 13.36.16, "xmlcatalog Element Entity Cannot Be a Remote File or a File in
an Archive"
Section 13.36.17, "Catalog File's public Element Is Not Supported When Using
XML Catalogs"
Section 13.36.18, "Local xmlcatalog Element Does Not Work Well"
Oracle WebLogic Server
13-35
Web Services and XML Issues and Workarounds
■
■
■
■
■
■
Section 13.36.19, "JAXRPC Client Does Not Encode the HTTP SOAPAction Header
With Multi-byte Characters"
Section 13.36.20, "External Catalog File Cannot Be Used in the xmlcatalog Element
of clientgen"
Section 13.36.21, "Exceptions When Running Reliable Messaging Under Heavy
Load"
Section 13.36.22, "ClassNotFound Exception Occurs When Using wseeclient.jar"
Section 13.36.23, "Incomplete Configuration When Adding Advanced Web
Services Component to SOA Domain"
Section 13.36.24, "WS-AT Interoperation Issues With WebSphere and WebLogic
Server"
13.36.1 weblogic.wsee.jaxws.mdb.DispatchPolicy WorkManager Cannot Be Found
In some situations, warning messages are logged indicating that the
weblogic.wsee.jaxws.mdb.DispatchPolicy WorkManager cannot be found, although
this WorkManager is targeted to one or more of the Managed Servers in the domain.
Workaround
Use one of the following workarounds to resolve this issue.
■
■
To prevent these warning messages, start the WebLogic Server instance with the
-Dweblogic.wsee.skip.async.response=true flag. See Programming Advanced
Features of JAX-RPC Web Services for Oracle WebLogic Server for more information on
this flag.
Manually target the weblogic.wsee.jaxws.mdb.DispatchPolicy WorkManager to
the Administration Server.
13.36.2 Multiple Resize Buffer Calls Occur
When executing Web services client calls where Message Transmission Optimization
Mechanism (MTOM) attachments are processed for send, multiple resize buffer calls
occur..
Workaround
There is a patch available to resolve this issue. This patch can be applied only to
WebLogic Server 10.3.4. It provides the system property jaxws.transport.streaming,
which enables or disables streaming at the transport layer for a Web services client. Set
this property to true for CPU-intensive applications that are running on a WebLogic
Server instance that is participating in Web services interactions as a client, and is
sending out large messages.
To obtain the patch, do one of the following:
■
■
Contact My Oracle Support and request the patch for bug 9956275, or
Download the patch from My Oracle Support and install it using Smart Update
per the instructions in the following My Oracle Support document:
1302053.1
Search for Oracle patch number 9956275 or Smart Update patch 7Z5H.
13-36 Release Notes
Web Services and XML Issues and Workarounds
13.36.3 Troubleshooting Problems When Applying the WebLogic Advanced Web
Services for JAX-WS Extension Template
After upgrading from WebLogic Server 10.3.4 to 10.3.5, when creating or extending a
domain using the WebLogic Advanced Web Services for JAX-WS Extension template
(wls_webservices_jaxws.jar), you may encounter an exception during the execution
of the final.py script. For complete details and a workaround, see "Troubleshooting
Problems When Applying the WebLogic Advanced Services for JAX-WS Extension
Template" in Getting Started With JAX-WS Web Services for Oracle WebLogic Server.
13.36.4 Sparse Arrays and Partially Transmitted Arrays Are Not Supported
WebLogic Server does not support Sparse Arrays and Partially Transmitted Arrays as
required by the JAX-RPC 1.1 Spec.
13.36.5 WSDL Compiler Does Not Generate Serializable Data Types
The Web Service Description Language (WSDL) compiler does not generate
serializable data types, so data cannot be passed to remote EJBs or stored in a JMS
destination.
13.36.6 Use of Custom Exception on a Callback
WebLogic Server does not support using a custom exception on a callback that has a
package that does not match the target namespace of the parent Web Service.
Workaround
Make sure that any custom exceptions that are used in callbacks are in a package that
matches the target namespace of the parent Web service.
13.36.7 Cannot Use JMS Transport in an Environment That Also Uses a Proxy Server
You cannot use JMS transport in an environment that also uses a proxy server. This is
because, in the case of JMS transport, the Web Service client always uses the t3
protocol to connect to the Web Service, and proxy servers accept only HTTP/HTTPS.
13.36.8 clientgen Fails When Processing a WSDL
clientgen fails when processing a WSDL that uses the complex type
http://www.w3.org/2001/XMLSchema{schema} as a Web Service parameter.
13.36.9 JAX RPC Handlers in Callback Web Services Are Not Supported
WebLogic Server 9.2 and later does not support JAX RPC handlers in callback Web
Services.
Workaround
If JAX RPC handlers were used with Web Services created with WebLogic Workshop
8.1, then such applications must be redesigned so that they do not use callback handler
functionality.
13.36.10 Message-level Security in Callback Web Services Is Not Supported
WebLogic Server 9.2 and later does not support message-level security in callback Web
Services.
Oracle WebLogic Server
13-37
Web Services and XML Issues and Workarounds
Workaround
Web Services created with WebLogic Workshop 8.1 that used WS-Security must be
redesigned to not use message-level security in callbacks.
13.36.11 Handling of Java Method Arguments or Return Parameters That Are
JAX-RPC-style JavaBeans
WebLogic Server does not support handling of Java method arguments or return
parameters that are JAX-RPC-style JavaBeans that contain an XmlBean property. For
example, applications cannot have a method with a signature like this:
void myMethod(myJavaBean bean);
where myJavaBean class is like:
public class MyJavaBean {
private String stringProperty;
private XmlObject xmlObjectProperty;
public MyJavaBean() {}
String getStringProperty() {
return stringProperty;
}
void
setStringProperty(String s) {
stringProperty = s;
}
XmlObject getXmlObjectProperty() {
return xmlObjectProperty;
}
void
getXmlObjectProperty(XmlObject x) {
xmlObjectProperty = x;
}
}
Workaround
Currently there is no known workaround for this issue.
13.36.12 IllegalArgumentException When Using a Two-Dimensional XML Object in a
JWS Callback
Using a two dimensional XmlObject parameter (XmlObject[][]) in a JWS callback
produces an IllegalArgumentException.
Workaround
Currently there is no known workaround for this issue.
13.36.13 Using SoapElement[] Results in Empty Array
Using SoapElement[] as a Web Service parameter with
@WildcardBinding(className="javax.xml.soap.SOAPElement[]",
binding=WildcardParticle.ANYTYPE) will always result in an empty array on the
client.
13-38 Release Notes
Web Services and XML Issues and Workarounds
Workaround
Do not use the @WildcardBinding annotation to change the default binding of
SOAPElement[] to WildcardParticle.ANYTYPE. The SOAPElement[] default binding is
set to WildcardParticle.ANY.
13.36.14 FileNotFound Exception When a Web Service Invokes Another Web Service
When Web Service A wants to invoke Web Service B, Web Service A should use the
@ServiceClient annotation to do this. If Web Service B needs a custom policy file that
is not attached to the WSDL for Web Service B, then Web Service A will fail to run.
Web Service A will look for the policy file at
/Web-Inf/classes/policies/filename.xml. Since no policy file exists at that location,
WebLogic Server will throw a 'file not found' exception.
Workaround
Attach the custom policy file to Web Service B, as in this example:
@Policy(uri="CustomPolicy.xml",
attachToWsdl=true)
public class B {
...
}
13.36.15 Client Side Fails to Validate the Signature on the Server Response Message
When the security policy has one of these Token Assertions, the client side may fail to
validate the signature on the server response message.
<sp:WssX509PkiPathV1Token11/>
<sp:WssX509Pkcs7Token11/>
<sp:WssX509PkiPathV1Token10/>
<sp:WssX509Pkcs7Token10/>
In addition, when there are more than two certifications in the chain for X509
certification for <sp:WssX509Pkcs7Token11/> or <sp:WssX509Pkcs7Token10/> Token
Assertion, the server side may fail to validate the signature on the incoming message.
A policy such as the following policy is not supported, unless the entire certificate
chain remains on the client side.
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken='. . ./IncludeToken/AlwaysToRecipient'>
<wsp:Policy>
<sp:WssX509Pkcs7Token11/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken='. . ./IncludeToken/Never'>
<wsp:Policy>
<sp:WssX509Pkcs7Token11/>
</wsp:Policy>
Oracle WebLogic Server
13-39
Web Services and XML Issues and Workarounds
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
. . .
</wsp:Policy>
</sp:AsymmetricBinding>
Workaround
Use either of the following two solutions:
1.
Configure the response with the <sp:WssX509V3Token10/> Token Assertion,
instead of WssX509PkiPathV1Token11/>. The policy will look like this:
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken='. . ./IncludeToken/AlwaysToRecipient'>
<wsp:Policy>
WssX509PkiPathV1Token11/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy> sp:IncludeToken='. . ./IncludeToken/Never'>
<sp:X509Token
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
. . .
</wsp:Policy>
</sp:AsymmetricBinding>
2.
Configure the response with the WssX509PkiPathV1Token11/> token assertion, but
include it in the message. The policy will look like this:
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken='. . ./IncludeToken/AlwaysToRecipient'>
<wsp:Policy>
WssX509PkiPathV1Token11/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken='. . ./IncludeToken/AlwaysToInitiator'>
<wsp:Policy>
WssX509PkiPathV1Token11/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
. . .
13-40 Release Notes
Web Services and XML Issues and Workarounds
</wsp:Policy>
</sp:AsymmetricBinding>
When there are multiple certifications in the X509 Certificate chain,
WssX509PkiPathV1Token11/> or <sp:WssX509PkiPathV1Token10/> should be used,
instead of <sp:WssX509Pkcs7Token11/> or <sp:WssX509Pkcs7Token10/>.
13.36.16 xmlcatalog Element Entity Cannot Be a Remote File or a File in an Archive
For the xmlcatalog element in build.xml, the location of an entity must be a file on
the local file system. It cannot be a remote file (for example, http:) or a file in an
archive (for example, jar:).
Workaround
If necessary, define the remote element as an entity in a catalog file instead.
13.36.17 Catalog File's public Element Is Not Supported When Using XML Catalogs
The public element in a catalog file is not supported when using the XML Catalogs
feature. It is not supported to be consistent with JAX-WS EntityResolver
implementation. WebLogic Server only supports defining the system element in a
catalog file.
13.36.18 Local xmlcatalog Element Does Not Work Well
The local xmlcatalog element does not work well due to an Ant limitation.
Workaround
In the ant build.xml file, you have to define a local element above a
clientgen(wsdlc) task when you are in the same target, or define the element out of
any targets.
13.36.19 JAXRPC Client Does Not Encode the HTTP SOAPAction Header With
Multi-byte Characters
The WebLogic Server Web Service JAXRPC client doesn't encode the HTTP
SOAPAction header with multi-byte characters, but WebLogic Server only supports
ASCII for HTTP headers.
Workaround
Change the SOAP action to ASCII in the WSDL.
13.36.20 External Catalog File Cannot Be Used in the xmlcatalog Element of clientgen
An external catalog file cannot be used in the xmlcatalog element of a clientgen task.
For example, this snippet of an ant build file will not work:
<clientgen ...
<xmlcatalog>
<catalogpath>
<pathelement location='wsdlcatalog.xml'/>
</catalogpath>
</xmlcatalog>
This is a limitation of the Ant XML Catalog.
Oracle WebLogic Server
13-41
Web Services and XML Issues and Workarounds
Workaround
Resource locations can be specified either in-line or in an external catalog file(s), or
both. In order to use an external catalog file, the xml-commons resolver library
(resolver.jar) must be in your classpath. External catalog files may be either plain
text format or XML format. If the xml-commons resolver library is not found in the
classpath, external catalog files, specified in <catalogpath> paths, will be ignored and
a warning will be logged. In this case, however, processing of inline entries will
proceed normally.
Currently, only <dtd> and <entity> elements may be specified inline. These
correspond to the OASIS catalog entry types PUBLIC and URI respectively.
13.36.21 Exceptions When Running Reliable Messaging Under Heavy Load
When running a Web services reliable messaging scenario under heavy load with file
based storage that has the Direct-Write synchronous write policy setting, you may
encounter IO exceptions similar to the following in the WebLogic Server log:
weblogic.store.PersistentStoreRuntimeException: [Store:280029]The
persistent store record <number> could not be found
or
Could not load conversation with id uuid:<some ID> -> Conversation read
failed:
...
weblogic.wsee.jws.conversation.StoreException:
Conversation read failed: id=uuid:<some ID>
weblogic.store.PersistentStoreException: [Store:280052]The
persistent store was not able to read a record.
java.io.OptionalDataException
These exceptions are known to occur only when using Web Services reliable
messaging. They indicate a failure to read a record from the file store and are
considered 'fatal' data access errors.
The underlying issue causing these errors will be addressed in a future release.
Workaround
The following workarounds are available for this issue:
■
Change the file store synchronous write policy to Direct-Write-With-Cache
or
■
Change the file store synchronous write policy to Cache-Flush.
or
■
Keep the Direct-Write synchronous write policy and add the following Java
system property to your WebLogic server startup scripts:
-Dweblogic.store.AvoidDirectIO=true
Note: The -Dweblogic.store.AvoidDirectIO system property has
been deprecated in WebLogic Server 10.3.4. Oracle recommends
configuring the store synchronous write policy to
Direct-Write-With-Cache instead.
13-42 Release Notes
Web Services and XML Issues and Workarounds
The Direct-Write-With-Cache option may improve performance; it creates additional
files in the operating system's temporary directory by default.
The Cache-Flush and AvoidDirectIO workarounds may lead to some performance
degradation; it may be possible to reduce or eliminate the degradation by configuring
a different block-size for the file store.
For important information about these settings and additional options, see "Tuning
File Stores" in Oracle Fusion Middleware Performance and Tuning for Oracle WebLogic
Server.
13.36.22 ClassNotFound Exception Occurs When Using wseeclient.jar
Stand-alone JAX-WS clients are not supported in this release.
Workaround
Use the client-side JAX-WS 2.1 that is integrated with the Java Standard Edition
Release 6 (JDK 1.6), Update 4 and later. This requires using the JAX-WS API instead of
any WebLogic Server specific APIS.
Current releases of JDK 1.6 are available for download at
http://java.sun.com/javase/downloads/index.jsp. For information about
writing a standalone JAX WS 2.1 client application, see the JAX-WS Users Guide on the
JAX-WS 2.1 Reference Implementation Web site at
https://jax-ws.dev.java.net/.
13.36.23 Incomplete Configuration When Adding Advanced Web Services Component
to SOA Domain
An incomplete configuration can result when you use the Configuration Wizard to
add the WebLogic Server Advanced Web Services component to a newly created SOA
domain. If you create a cluster that contains only the default 'out-of-the-box' soa_
server1 server definition, the resulting cluster does not include the resources needed to
run WebLogic Server Web Services in that cluster.
Workaround
Use either of the following workarounds for this issue:
1.
2.
While running Configuration Wizard, create a second server in the cluster:
a.
On the Select Optional Configuration screen, select Managed Servers,
Clusters, and Machines.
b.
On the Configure Managed Servers screen, add a managed server.
c.
On the Assign Servers to Clusters screen, add this server to the cluster in
which the default soa_server1 server resides.
On the Configuration Wizard Target Services to Servers or Clusters screen, target
Web Services resources (for example, WseeJmsServer, WseeJmsModule) to the
cluster.
Either of these workarounds will cause the Configuration Wizard to apply the
resources for the WebLogic Server Advanced Web Services component to the cluster.
13.36.24 WS-AT Interoperation Issues With WebSphere and WebLogic Server
Web Services Atomic Transactions (WS-AT) 1.1 interoperation using WebSphere as the
client and either WebLogic Server or JRF as the service does not work.
Oracle WebLogic Server
13-43
WebLogic Tuxedo Connector Issues and Workarounds
WS-AT 1.1 interoperation does work when WebSphere is the service and either
WebLogic Server or JRF is the client. In this case, interoperation works only if you have
WebSphere 7 with Fix/Feature Pack 7.
13.37 WebLogic Tuxedo Connector Issues and Workarounds
This section describes the following issue and workaround:
■
Section 13.37.1, "View Classes are not Set on a Per Connection Basis"
13.37.1 View Classes are not Set on a Per Connection Basis
View classes are not set on a per connection basis.
A shared WebLogic Tuxedo Connector hash table can cause unexpected behavior in
the server if two applications point to the same VIEW name with different definitions.
There should be a hash table for the view classes on the connection as well as for the
Resource section.
Workaround
Ensure that all VIEW classes defined across all your WebLogic Workshop applications
are consistent, meaning that you have the same VIEW name representing the same
VIEW class.
13.38 Documentation Errata
This section describes documentation errata:
■
■
■
■
■
Section 13.38.1, "Issues With Search Function in the Samples Viewer"
Section 13.38.2, "Japanese Text Displays in Some Search Results Topics Avitek
Medical Records"
Section 13.38.3, "HTML Pages For Downloaded Libraries Do Not Display
Properly"
Section 13.38.4, "Evaluation Database Component Is Not Listed For silent.xml"
Section 13.38.5, "Instructions for Reliable SOAP Messaging Code Example Are
Incorrect"
13.38.1 Issues With Search Function in the Samples Viewer
The Search function in the Samples viewer does not work when accessing the
Examples documentation by selecting Oracle Weblogic > Weblogic Server >
Examples > Documentation from the Windows Start menu.
Workaround
To search the Sample Applications and Code Examples, you must start the Examples
server and navigate to
http://localhost:7001/examplesWebApp/docs/core/index.html. Click Instructions
and then Search.
13.38.2 Japanese Text Displays in Some Search Results Topics Avitek Medical Records
The samples viewer Search function may sometimes return topics that display the
Japanese and English versions of some Avitek Medical Records topics simultaneously.
13-44 Release Notes
Documentation Errata
13.38.3 HTML Pages For Downloaded Libraries Do Not Display Properly
After extracting the WebLogic Server documentation library ZIP files that are available
from
http://www.oracle.com/technetwork/middleware/weblogic/documentat
ion/index.html, the HTML pages may not display properly in some cases for the
following libraries:
■
E12840_01 (WebLogic Server 10.3.0 documentation library)
■
E12839_01 (Weblogic Server 10.3.1 documentation library)
■
E14571_01 (WebLogic Server 10.3.3 documentation library)
Workarounds
For library E12840-01, after extracting the E12840_01.zip library file, if the HTML
pages are not formatting correctly, perform the following steps:
1.
Go to the directory in which you extracted the zip file.
2.
Locate the /global_resources directory in the directory structure.
3.
Copy the /global_resources directory to the root directory of the same drive.
For libraries E12839-01 and E14571-01, this issue occurs only on Windows operating
systems. If the HTML pages of the extracted library are not formatting correctly, try
extracting the ZIP file using another extraction option in your unzip utility. For
example, if you are using 7-Zip to extract the files, select the Full pathnames option.
Note that you cannot use the Windows decompression utility to extract the library ZIP
file.
13.38.4 Evaluation Database Component Is Not Listed For silent.xml
In the WebLogic Server Installation Guides for WebLogic Server 10.3.3 and 10.3.4, the
Evaluation Database is not listed as an installable component in Table 5-1 of Chapter 5,
"Running the Installation Program in Silent Mode.:" The following entry should be
included in the Component Paths row:
WebLogic Server/Evaluation Database
The Evaluation Database component is automatically installed if the Server Examples
component is included in silent.xml. Therefore, it does not have to be explicitly
included in silent.xml. If, however, you do not install the Server Examples, but you
want to install the Evaluation Database, you must include WebLogic
Server/Evaluation Database in silent.xml.
13.38.5 Instructions for Reliable SOAP Messaging Code Example Are Incorrect
The instructions for the "Configuring Secure and Reliable SOAP Messaging for JAXWS
Web Services" example are a copy of the instructions for the "Using Make Connection
and Reliable Messaging for JAX-WS Web Service" example.
The correct instructions for the "Configuring Secure and Reliable SOAP Messaging for
JAXWS Web Services" example are provided here.
13.38.5.1 About the Example
This example shows how to configure secure, reliable messaging for JAX-WS Web
services. The example includes the following WebLogic Web services:
Oracle WebLogic Server
13-45
Documentation Errata
■
■
Web service whose operations can be invoked using reliable and secure SOAP
messaging (destination endpoint).
Client Web service that invokes an operation of the first Web service in a reliable
and secure way (source endpoint).
Overview of Secure and Reliable SOAP Messaging
Web service reliable messaging is a framework that enables an application running on
one application server to reliably invoke a Web service running on another application
server, assuming that both servers implement the WS-RelicableMessaging
specification. Reliable is defined as the ability to guarantee message delivery between
the two endpoints (Web service and client) in the presence of software component,
system, or network failures.
WebLogic Web services conform to the WS-ReliableMessaging 1.2 specification
(February 2009) and support version 1.1. This specification describes how two
endpoints (Web service and client) on different application servers can communicate
reliably. In particular, the specification describes an interoperable protocol in which a
message sent from a source endpoint (or client Web service) to a destination endpoint (or
Web service whose operations can be invoked reliably) is guaranteed either to be
delivered, according to one or more delivery assurances, or to raise an error.
WebLogic Web services use WS-Policy files to enable a destination Web service to
describe and advertise its reliable SOAP messaging capabilities and requirements.
WS-Policy files are XML files that describe features such as the version of the
WS-ReliableMessaging specification that is supported, the source Web service
retransmission interval, the destination Web service acknowledgment interval, and so
on.
Overview of the Example
This example uses JWS annotations to specify the shape and behavior of the Web
services. It describes additional JWS annotations to enable reliable and secure SOAP
messaging in the destination Web service and to reliably invoke an operation from the
source Web service in a secure way.
The destination ReliableEchoService Web service has two operations that can be
invoked reliably and in a secure way: echo and echoOneway. The JWS file that
implements this Web service uses the @Policies and @Policy JWS annotations to
specify the WS-Policy file, which contains the reliable and secure SOAP messaging
assertions.
The source ClientService Web service has one operation for invoking the echo
operations of the ReliableEchoService Web service reliably and in a secure way
within one conversation: runTestEchoWithRes. The JWS file that implements the
ClientService Web service uses the @WebServiceRef JWS annotation to specify the
service name of the reliable Web service being invoked.
To generate the Web services, use the jwsc WebLogic Web service Ant task, as shown
in the build.xml file. The jwsc target generates the reliable and secure Web service and
the jwsc-client-app target creates the source Web service that invoke the echo
operations of the ReliableEchoService Web service. The jwsc Ant task compiles the
JWS files, and generates the additional files needed to implement a standard J2EE
Enterprise Web service, including the Web service deployment descriptors, the WSDL
file, data binding components, and so on. The Ant task automatically generates all the
components into an Enterprise Application directory structure that you can then
deploy to WebLogic Server. This example uses the wldeploy WebLogic Ant task to
deploy the Web service.
13-46 Release Notes
Documentation Errata
The jwsc-client-app target also shows how you must first execute the clientgen Ant
task to generate the JAX-WS stubs for the destination ReliableEchoService Web
service, compile the generated Java source files, and then use the classpath attribute
of jwsc to specify the directory that contains these classes so that the
ClientServiceImpl.java class can find them.
The WsrmJaxwsExampleRequest.java class is a standalone Java application that
invokes the echo operation of the source Web service. The client target of the
build.xml file shows how to run clientgen, and compile all the generated Java files
and the WsrmJaxwsExampleRequest.java application.
13.38.5.2 Files Used in This Example
Directory Location: MW_HOME/wlserver_
10.3/samples/server/examples/src/examples/webservices/wsrm_jaxws/wsrm_
jaxws_security
MW_HOME represents the Oracle Fusion Middleware home directory.
File
Description
ClientServiceImpl.java
JWS file that implements the source Web service that
reliably invokes the echo operation of the
ReliableEchoService Web service in a secure way.
ReliableEchoServiceImpl.java
JWS file that implements the reliable destination
Web service. This JWS file uses the @Policies and
@Policy annotation to specify a WS-Policy file that
contains reliable and secure SOAP messaging
assertions.
client/WsrmJaxwsExampleRequest.java Standalone Java client application that invokes the
source WebLogic Web service, that in turn invokes
an operation of the ReliableEchoervice Web
service in a reliable and secure way.
ws_rm_configuration.py
WLST script that configures the components
required for reliable SOAP messaging. Execute this
script for the WebLogic Server instance that hosts
the reliable destination Web service. The
out-of-the-box Examples server has already been
configured with the resources required for the
source Web service that invokes an operation
reliably.
configWss.py
WLST script that configures the components
required for secure SOAP messaging. Execute this
script for the WebLogic Server instance that hosts
the source Web service. Remember to restart the
source WebLogic Server after executing this script.
configWss_Service.py
WLST script that configures the components
required for secure SOAP messaging. Execute this
script for the WebLogic Server instance that hosts
the destination Web service. Remember to restart the
destination WebLogic Server after executing this
script.
certs/serverKeyStore.jks
Server-side key store used to create the server-side
BinarySecurityToken credential provider.
certs/clientKeyStore.jks
Client-side key store used to create the client-side
BinarySecurityToken credential provider.
Oracle WebLogic Server
13-47
Documentation Errata
File
Description
jaxws-binding.xml
XML file that describes the package name of the
generated code and indicate the client side code
needs to contain asynchronous invocation interface.
build.xml
Ant build file that contains targets for building and
running the example.
13.38.5.3 Prepare the Example
This section describes how to prepare the example.
Prerequisites
Before working with this example:
1.
Install Oracle WebLogic Server, including the examples.
2.
Start the Examples Server.
3.
Set up your environment.
Configure the Destination WebLogic Server Instance (Optional)
The default configuration for this example deploys both the source and destination
Web services to the Examples server. You can use this default configuration to see how
the example works, but it does not reflect a real life example of using reliable and
secure SOAP messaging in which the source Web service is deployed to a WebLogic
Server that is different from the one that hosts the destination Web service. This section
describes how to set up the real life example.
The example includes WebLogic Server Scripting Language (WLST) scripts that are
used to configure:
■
Store-and-forward (SAF) service agent
■
File store
■
JMS server
■
JMS module
■
JMS subdeployment
■
JMS queues
■
Logical store
■
Credential provider for Security Context Token
■
Credential provider for Derived Key
■
Credential provider for x.509
■
KeyStores for Confidentiality and Integrity
■
PKI CreditMapper
Follow these steps if you want to deploy the secure and reliable destination Web
service to a different WebLogic Server instance:
1.
If the managed WebLogic Server to which you want to deploy the reliable JAX-WS
Web service does not exist, create it.
2.
Change to the SAMPLES_
HOME\server\examples\src\examples\webservices\wsrm_jaxws\wsrm_
13-48 Release Notes
Documentation Errata
jaxws_security directory, where SAMPLES_HOME refers to the main WebLogic
Server examples directory, such as c:\Oracle\Middleware\wlserver_
10.3\samples.
3.
Edit the build.xml file and update the following property definitions to ensure that
the reliable JAX-WS Web service is deployed to the destination WebLogic Server:
<property
<property
<property
<property
<property
name="wls.service.server" value="destinationServerName" />
name="wls.service.hostname" value="destinationHost" />
name="wls.service.port" value="destinationPort" />
name="wls.service.username" value="destinationUser" />
name="wls.service.password" value="destinationPassword" />
Substitute the italicized terms in the preceding properties with the actual values
for your destination WebLogic Server. The default out-of-the-box build.xml sets
these properties to the Examples server.
Build and Deploy the Example
To build and deploy the example:
1.
Change to the SAMPLES_
HOME\server\examples\src\examples\webservices\wsrm_jaxws\wsrm_
jaxws_security directory, where SAMPLES_HOME refers to the main WebLogic
Server examples directory, such as c:\Oracle\Middleware\wlserver_
10.3\samples.
2.
Run the WLST script that configures the destination WebLogic Server by executing
the config.ws.reliable.service target of the build.xml file from the shell where you
set your environment:
prompt> ant config.ws.reliable.service
3.
Execute the following command to configure JAX-WS Web service Security from
the shell where you set your environment:
prompt> ant config.wss
4.
If you have configured a different destination WebLogic Server (that is, the
destination server is not the Examples server), copy the certs\serverKeyStore.jks
file to the domain directory of your destination server.
5.
Restart both your client and destination WebLogic Server to activate the MBean
changes.
6.
Execute the following command from the shell where you set your environment:
prompt> ant build
This command compiles and stages the example. Specifically, it compiles both the
source and destination Web services. It also compiles the standalone
WsrmJaxwsExampleRequest application that invokes the source Web service, which
in turn invokes the reliable destination Web service.
7.
Execute the following command from the shell where you set your environment:
prompt> ant deploy
This command deploys, by default, both the source and destination Web services
to the wl_server domain of your WebLogic Server installation. If you have
configured a different destination WebLogic Server and updated the build.xml file
accordingly, then the reliable JAX-WS Web service is deployed to the configured
destination server.
Oracle WebLogic Server
13-49
Documentation Errata
13.38.5.4 Run the Example
To run the example, follow these steps:
1.
Complete the steps in the Prepare the Example section.
2.
In your development shell, run the WsrmJaxwsExampleRequest Java application
using the following command from the main example directory (SAMPLES_
HOME\server\examples\src\examples\webservices\wsrm_jaxws\wsrm_
jaxws_security):
prompt> ant run
This command runs the standalone WsrmJaxwsExampleRequest application that
invokes the source Web service, which in turn invokes the reliable destination
JAX-WS Web service.
3.
To test the reliability of the Web service, stop the destination WebLogic Server, and
then rerun the WsrmJaxwsExampleRequest application. When you restart the
destination WebLogic Server and the reliable Web service is deployed, you should
see that the operation is also automatically invoked.
Check the Output
If your example runs successfully, the following messages display in the command
shell from which you ran the WsrmJaxwsExampleRequest application:
Trying to override old definition of task clientgen
run:
[java]
[java]
[java] ###########################################
[java]
In testEcho_AsyncOnServerClient_ServiceBuffered...
[java]
On-Server / Async / Buffered case
[java]
2011/06/160 03:30:29.938
[java] ###########################################
[java]
[java]
[java] Client addr:http://localhost:9001/wsrm_jaxws_sc_example_client/Clien
tService
[java] ---[HTTP request - http://localhost:9001/wsrm_jaxws_sc_example_clien
t/ClientService]--[java] Content-type: text/xml;charset=utf-8
[java] Soapaction: ""
[java] Accept: text/xml, multipart/related, text/html, image/gif, image/jpe
g, *; q=.2, */*; q=.2
[java] <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://sc
hemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:runTestEchoWithRes xmlns:ns2="htt
p://example.wsrm_jaxws/"><arg0>Foo bar</arg0><arg1>localhost</arg1>
<arg2>8001</arg2><arg3>C:\Oracle\Middleware\wlserver_10.3\samples\server\
examples\src\examples\webservices\wsrm_jaxws_security/certs</arg3>
</ns2:runTestEchoWithRes></S:Body></S:Envelope>-------------------[java]
[java] ---[HTTP response - http://localhost:9001/wsrm_jaxws_sc_example_clie
nt/ClientService - 200]--[java] Transfer-encoding: chunked
[java] null: HTTP/1.1 200 OK
[java] Content-type: text/xml;charset=utf-8
[java] X-powered-by: Servlet/2.5 JSP/2.1
[java] Date: Thu, 09 Jun 2011 07:30:33 GMT
[java] <?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://sc
hemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:runTestEchoWithResResponse xmlns:
13-50 Release Notes
Documentation Errata
ns2="http://example.wsrm_jaxws/"><return>[2011/06/160 03:30:33.953] ## Making Ec
ho Requests (ASYNC/BUFFERED) ##
[java] [2011/06/160 03:30:42.703] *** On first good invoke ***
[java] [2011/06/160 03:30:42.703] echo returned: Foo bar expected: Foo bar
[java] [2011/06/160 03:30:42.922] echo returned: foo bar 2 expected: foo ba
r 2
[java] [2011/06/160 03:30:43.031] echo returned: foo bar 3 expected: foo ba
r 3
[java] [2011/06/160 03:30:43.031] ## Done Making Echo Requests (ASYNC/BUFFE
RED) ##
[java] </return></ns2:runTestEchoWithResResponse></S:Body>
</S:Envelope>-------------------[java]
[java] [2011/06/160 03:30:33.953] ## Making Echo Requests (ASYNC/BUFFERED)
##
[java] [2011/06/160 03:30:42.703] *** On first good invoke ***
[java] [2011/06/160 03:30:42.703] echo returned: Foo bar expected: Foo bar
[java] [2011/06/160 03:30:42.922] echo returned: foo bar 2 expected: foo ba
r 2
[java] [2011/06/160 03:30:43.031] echo returned: foo bar 3 expected: foo ba
r 3
[java] [2011/06/160 03:30:43.031] ## Done Making Echo Requests (ASYNC/BUFFE
RED) ##
[java]
BUILD SUCCESSFUL
Total time: 2 minutes 33 seconds
The following messages display in the command window from which you started as
the client WebLogic Server (that hosts the reliable source Web service):
Service addr:http://localhost:7001/wsrm_jaxws_sc_example/ReliableEchoService
[2011/06/180 01:33:40.906] ## Making Echo Requests (ASYNC/BUFFERED) ##
[2011/06/180 01:33:40.906] In invokeEchoAsync, invoking echo with request: Foo
bar
[2011/06/180 01:33:40.906] In invokeEchoAsync, waiting for response to
request: Foo bar ...
SignInfo mismatch
Algo mismatch http://www.w3.org/2000/09/xmldsig#rsa-sha1
VS.
http://www.w3.org/2000/09/xmldsig#hmac-sha1 Refs: Msg size =1#Signature_
prfr5thF
y2vRPbpC, Policy size =3 #unt_w7HSTtcGcebXFWEr, #Timestamp_XIXttwj9Yq2XO7Tj,
#Bo
dy_81D2x3V7iTNyy1I5,
STR type mismatch Actual
KeyInfo:{http://docs.oasis-open.org/wss/2004/01/oasis-2
00401-wss-wssecurity-secext-1.0.xsd}KeyIdentifier|http://docs.oasis-open.org/wss
/oasis-wss-soap-message-security-1.1#ThumbprintSHA1, StrTypes size=1
:{http://d
ocs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Refere
nce||http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk,
Security Token mismatch, token type
=http://docs.oasis-open.org/ws-sx/ws-securec
onversation/200512/dk and actual
ishttp://docs.oasis-open.org/wss/2004/01/oasis200401-wss-x509-token-profile-1.0#X509v3
Oracle WebLogic Server
13-51
Documentation Errata
<WSEE:15>There is no information on the incoming SOAP message.
<SmartPolicySelect or.getSmartPolicyBlueprint:501>
testing...................
[2011/06/180 01:33:41.718] In ClientServiceImpl.onEchoResponse(request:
examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fb8)
[2011/06/180 01:33:41.718] Done with ClientServiceImpl.onEchoResponse(request:
examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fb8): Foo bar
[2011/06/180 01:33:41.718] *** On first good invoke ***
[2011/06/180 01:33:41.734] echo returned: Foo bar expected: Foo bar
[2011/06/180 01:33:41.734] In invokeEchoAsync, invoking echo with request: foo
bar 2
[2011/06/180 01:33:41.750] In invokeEchoAsync, waiting for response to
request: foo bar 2 ...
<WSEE:15>There is no information on the incoming SOAP message.
<SmartPolicySelect or.getSmartPolicyBlueprint:501>
testing...................
[2011/06/180 01:33:41.984] In ClientServiceImpl.onEchoResponse(request:
examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fae)
[2011/06/180 01:33:41.984] Done with ClientServiceImpl.onEchoResponse(request:
examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fae): foo bar 2
[2011/06/180 01:33:41.984] echo returned: foo bar 2 expected: foo bar 2
[2011/06/180 01:33:42.000] In invokeEchoAsync, invoking echo with request: foo
bar 3
[2011/06/180 01:33:42.015] In invokeEchoAsync, waiting for response to
request: foo bar 3 ...
<WSEE:31>There is no information on the incoming SOAP message.
<SmartPolicySelect or.getSmartPolicyBlueprint:501>
testing...................
[2011/06/180 01:33:42.187] In ClientServiceImpl.onEchoResponse(request:
examplesServer:4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fab)
[2011/06/180 01:33:42.328] Done with ClientServiceImpl.onEchoResponse(request:
examplesServer:4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fab): foo bar 3
[2011/06/180 01:33:42.328] echo returned: foo bar 3 expected: foo bar 3
[2011/06/180 01:33:42.328] ## Done Making Echo Requests (ASYNC/BUFFERED) ##
<WSEE:46>There is no information on the incoming SOAP message.
<SmartPolicySelect or.getSmartPolicyBlueprint:501>
The following messages display in the command window from which you started the
destination WebLogic Server (that hosts the reliable destination Web service):
%% Echoing: Foo bar %%
13-52 Release Notes
Documentation Errata
%% Echoing: foo bar 2 %%
%% Echoing: foo bar 3 %%
If you deploy both the source and destination Web services to the same Server, the
following messages display in the command window from which you started your
client and destination WebLogic Server:
Service addr:http://localhost:7001/wsrm_jaxws_sc_example/ReliableEchoService
[2011/06/180 01:33:40.906] ## Making Echo Requests (ASYNC/BUFFERED) ##
[2011/06/180 01:33:40.906] In invokeEchoAsync, invoking echo with request: Foo
bar
[2011/06/180 01:33:40.906] In invokeEchoAsync, waiting for response to
request: Foo bar ...
SignInfo mismatch
Algo mismatch http://www.w3.org/2000/09/xmldsig#rsa-sha1
VS.
http://www.w3.org/2000/09/xmldsig#hmac-sha1 Refs: Msg size =1#Signature_
prfr5thF
y2vRPbpC, Policy size =3 #unt_w7HSTtcGcebXFWEr, #Timestamp_XIXttwj9Yq2XO7Tj,
#Bo
dy_81D2x3V7iTNyy1I5,
STR type mismatch Actual
KeyInfo:{http://docs.oasis-open.org/wss/2004/01/oasis-2
00401-wss-wssecurity-secext-1.0.xsd}KeyIdentifier|http://docs.oasis-open.org/wss
/oasis-wss-soap-message-security-1.1#ThumbprintSHA1, StrTypes size=1
:{http://d
ocs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Refere
nce||http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk,
Security Token mismatch, token type
=http://docs.oasis-open.org/ws-sx/ws-securec
onversation/200512/dk and actual
ishttp://docs.oasis-open.org/wss/2004/01/oasis200401-wss-x509-token-profile-1.0#X509v3
%% Echoing: Foo bar %%
<WSEE:15>There is no information on the incoming SOAP message.
<SmartPolicySelect or.getSmartPolicyBlueprint:501>
testing...................
[2011/06/180 01:33:41.718] In ClientServiceImpl.onEchoResponse(request:
examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fb8)
[2011/06/180 01:33:41.718] Done with ClientServiceImpl.onEchoResponse(request:
examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fb8): Foo bar
[2011/06/180 01:33:41.718] *** On first good invoke ***
[2011/06/180 01:33:41.734] echo returned: Foo bar expected: Foo bar
[2011/06/180 01:33:41.734] In invokeEchoAsync, invoking echo with request: foo
bar 2
[2011/06/180 01:33:41.750] In invokeEchoAsync, waiting for response to
request: foo bar 2 ...
%% Echoing: foo bar 2 %%
Oracle WebLogic Server
13-53
Documentation Errata
<WSEE:15>There is no information on the incoming SOAP message.
<SmartPolicySelect or.getSmartPolicyBlueprint:501>
testing...................
[2011/06/180 01:33:41.984] In ClientServiceImpl.onEchoResponse(request:
examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fae)
[2011/06/180 01:33:41.984] Done with ClientServiceImpl.onEchoResponse(request:
examplesServer: 4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fae): foo bar 2
[2011/06/180 01:33:41.984] echo returned: foo bar 2 expected: foo bar 2
[2011/06/180 01:33:42.000] In invokeEchoAsync, invoking echo with request: foo
bar 3
[2011/06/180 01:33:42.015] In invokeEchoAsync, waiting for response to
request: foo bar 3 ...
%% Echoing: foo bar 3 %%
<WSEE:31>There is no information on the incoming SOAP message.
<SmartPolicySelect or.getSmartPolicyBlueprint:501>
testing...................
[2011/06/180 01:33:42.187] In ClientServiceImpl.onEchoResponse(request:
examplesServer:4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fab)
[2011/06/180 01:33:42.328] Done with ClientServiceImpl.onEchoResponse(request:
examplesServer:4b1c0f3e575dfa8c:7291c50f:130d9cbaace:-7fab): foo bar 3
[2011/06/180 01:33:42.328] echo returned: foo bar 3 expected: foo bar 3
[2011/06/180 01:33:42.328] ## Done Making Echo Requests (ASYNC/BUFFERED) ##
<WSEE:46>There is no information on the incoming SOAP message.
<SmartPolicySelect or.getSmartPolicyBlueprint:501>
13-54 Release Notes
Part VI
Part VI
Oracle WebCenter Portal
Part VI contains the following chapter:
■
Chapter 14, "Oracle WebCenter Portal"
14
Oracle WebCenter Portal
14
This chapter describes issues associated with Oracle WebCenter Portal. It includes the
following topics:
■
Section 14.1, "General Issues and Workarounds"
■
Section 14.2, "Documentation Errata"
For release notes related to WebCenter Portal installed on IBM
WebSphere, see Chapter 7, "Oracle Fusion Middleware on IBM
WebSphere."
Note:
14.1 General Issues and Workarounds
This section describes general issues and workarounds. It includes the following
topics:
■
Section 14.1.1, "Support for Discussions Server from Jive Software"
■
Section 14.1.2, "Oracle WebCenter Portal's Pagelet Producer Failover Support"
■
Section 14.1.3, "Option to Create a Portal Resource Displayed for Design-Time Task
Flows"
■
Section 14.1.4, "SQL Query with NCHAR Data Type Throws Exception"
■
Section 14.1.5, "Setting Up WNA-Based SSO Using JDK 1.6.22 Produces an Error"
■
Section 14.1.6, "Configuring the REST Server Post-Installation"
■
■
Section 14.1.7, "Resources in Framework Application Disappear after
Redeployment of Application"
Section 14.1.8, "Style Sheets Not Loaded Correctly for Sample WSRP Producer Test
Pages through Oracle HTTP Server"
■
Section 14.1.9, "Cannot Customize or Personalize a JSF Portlet"
■
Section 14.1.10, "Fallback Support for Custom Translations"
■
■
■
■
Section 14.1.11, "Spaces Do Not Display Correct Language When the Spaces
Application is Accessed Using OAM"
Section 14.1.12, "Announcement Publication Format can be Incorrect in Thai"
Section 14.1.13, "Favorite Based on Seeded Page Lost When Language Preference
Changed from en-US"
Section 14.1.14, "The Run as Servlet Link on Producer Test Page Does Not Work for
JSF Portlet"
Oracle WebCenter Portal 14-1
General Issues and Workarounds
■
■
■
Section 14.1.15, "Using OpenSocial Pagelets to Post Activities to User's Activity
Stream"
Section 14.1.16, "Accessing Owners' Profile Information Using the OpenSocial API"
Section 14.1.17, "Granting View Document Permissions to Public and
Authenticated Users for a Hierarchical Space"
■
Section 14.1.18, "Issues when Using the Russian or Swedish Language"
■
Section 14.1.19, "Conditions for Deleting Messages from the Activity Stream"
■
Section 14.1.20, "Configuring Web Services Security for Discussions Server"
■
Section 14.1.21, "Unable to View Entire Content on iPad as Scrollbars Not
Displayed"
■
Section 14.1.22, "RSS Links Not Working Properly on iPad"
■
Section 14.1.23, "Cannot Upload Content Using iPad"
■
Section 14.1.24, "Cannot Copy Text Displayed on Pages"
■
Section 14.1.25, "Embedded Images Not Rendered"
■
Section 14.1.26, "Unable to Check Out a Document When Using Firefox First Time"
■
■
■
■
■
■
Section 14.1.27, "Navigating in the Preferences Dialog in Internet Explorer 9
(Accessibility Issue)"
Section 14.1.28, "Web Clipping Portlet is Deprecated"
Section 14.1.29, "Messages Displayed During Import or Export Appear Incomplete
(Accessibility Issue)"
Section 14.1.30, "Deployment Fails Because Versioned Applications Are Not
Supported"
Section 14.1.31, "Some Formatting Lost in Rich Text Editor When Shifting from
Rich Text or HTML to Wiki Markup"
Section 14.1.32, "Unable to Access All Nodes in a Large Navigation Model"
14.1.1 Support for Discussions Server from Jive Software
Oracle supports the embedded discussions server from Jive Software. Use the supplied
task flows that come with WebCenter Portal to call this discussions server. Any custom
development against APIs in the Jive Web Service layer are subject to review by Oracle
and may not be supported.
There are a limited set of beta features that Jive Software delivers as part of the
discussions server that Oracle does not recommend and cannot yet support.
Documentation for Jive Forums is included for reference only. Jive software
installations and upgrades outside of the WebCenter Portal product installation are not
supported.
14.1.2 Oracle WebCenter Portal's Pagelet Producer Failover Support
Oracle WebCenter Portal's Pagelet Producer supports failover in a clustered
configuration. However, the in-flight data (unsaved or pending changes) is not
preserved. On failover, administrators must reestablish their administrative session.
End users may also need to reestablish the session if the proxy is required to have a
state. If SSO is configured, credentials are automatically provided, and the session is
reestablished.
14-2 Release Notes
General Issues and Workarounds
14.1.3 Option to Create a Portal Resource Displayed for Design-Time Task Flows
You can bring runtime task flows into JDeveloper, edit them, and export them back to
the deployed application. However, Oracle recommends that you not expose task
flows created in JDeveloper as portal resources. When you create an ADF task flow
inside the /oracle/webcenter/portalapp folder, the context menu on the task flow
definition file displays the Create Portal Resource option. Do not use this option to
expose a design-time task flow as a portal resource. Task flows typically involve
multiple files. When you export a new task flow from JDeveloper, all files may not be
exported properly, and this may result in the task flow being broken post-deployment.
14.1.4 SQL Query with NCHAR Data Type Throws Exception
When using a SQL data control, you may encounter an error if the query contains a
column with the NCHAR data type. As a workaround, you can use the to_char(NCHAR_
COLUMN NAME) function.
14.1.5 Setting Up WNA-Based SSO Using JDK 1.6.22 Produces an Error
Setting up Windows Native Authentication-based single sign-on using SUN JDK
1.6.22 produces an error. Use the jrockit JDK instead of the Sun JDK, or contact Oracle
Support to get a backport request for bug 10631797.
14.1.6 Configuring the REST Server Post-Installation
For certain features of the WebCenter Portal REST server to work correctly when using
a REST client like the Oracle WebCenter Portal iPhone application, the flag
WLForwardUriUnparsed must be set to ON for the Oracle WebLogic Server Plugin that
you are using.
■
■
If you are running Apache in front of WebLogic Server, add this flag to
weblogic.conf.
If you are running Oracle HTTP Server (OHS) in front of WebLogic Server, add
this flag to mod_wl_ohs.conf.
The examples below illustrate the possible configurations for both of these cases.
For more information about how to configure WebLogic Server Plugins, see Oracle
Fusion Middleware Using Web Server 1.1 Plug-Ins with Oracle WebLogic Server.
Example 1: Using <location /rest> to apply the flag only for /rest URIs
(recommended)
<Location /rest>
# the flag below MUST BE set to "On"
WLForwardUriUnparsed
On
# other settings, example: WebLogicCluster or WebLogicHost & WebLogicPort
# set the handler to be weblogic
SetHandler weblogic-handler
</Location>
Example 2: Applying the flag to all URIs served by Oracle WebLogic Server
<IfModule mod_weblogic.c>
# the flag below MUST BE set to "On"
WLForwardUriUnparsed
On
# other settings, example: WebLogicCluster or WebLogicHost & WebLogicPort
Oracle WebCenter Portal 14-3
General Issues and Workarounds
WebLogicCluster johndoe02:8005,johndoe:8006
Debug ON
WLLogFile
c:/tmp/global_proxy.log
WLTempDir
"c:/myTemp"
DebugConfigInfo
On
KeepAliveEnabled ON
KeepAliveSecs 15
</IfModule>
14.1.7 Resources in Framework Application Disappear after Redeployment of
Application
If a Framework application has been customized at runtime to add new resources
through the Resource Manager, those new resources are lost after a new deployment
or a redeployment of the same application.
Any new pages created at runtime that use the lost resources are still available even
though the resources themselves are no longer available in the Resource Manager.
This issue happens when the application version or the redeployment version is
changed during the redeployment of the application, either using Fusion Middleware
Control or WLST. It can also happen on redeployment when the
generic-site-resources.xml file has been changed at design time (for example, by
creating new resources).
This issue occurs because the generic-site-resources.xml file is overwritten on
redeployment.
To work around this issue, you must manually add the mds-transfer-config.xml file
to the application.
Any resources created at design time must be manually added
to the runtime application before redeploying the application.
Note:
1.
Download the mds-transfer-config.xml file from the following location:
https://support.oracle.com/oip/faces/secure/km/DownloadAttach
ment.jspx?attachid=1343209.1:mdstransferconfig
2.
Extract the MAR file (for example AutoGeneratedMar.mar) from the EAR file.
3.
In the extracted MAR file directory, create a new directory, called META-INF, and
copy the mds-transfer-config.xml file to the new directory.
4.
Update the MAR file with META-INF\mds-transfer-config.xml, for example:
jar -uvf AutoGeneratedMar.mar META-INF\mds-transfer-config.xml
5.
Update the EAR file with the updated MAR file:
jar -uvf YourApp.ear AutoGeneratedMar.mar
6.
Redeploy YourApp.mar.
14.1.8 Style Sheets Not Loaded Correctly for Sample WSRP Producer Test Pages
through Oracle HTTP Server
If Oracle HTTP Server is used as a front end for the Sample WSRP Portlets producer,
the style sheets for the WSRP Producer Test Pages of the WSRP Tools and Rich Text
14-4 Release Notes
General Issues and Workarounds
Editor portlet producers are not loaded properly in Mozilla Firefox or Google Chrome.
However, the style sheets do load properly in Internet Explorer. Functionality of the
portlets is not affected.
14.1.9 Cannot Customize or Personalize a JSF Portlet
When clicking OK after customizing or personalizing a JSF portlet (that is, a portlet
created using the Oracle JSF Portlet Bridge), the portlet does not respond and displays
a timeout message. This is caused by performing an edit action and changing the
portlet mode in a single operation. End users can work around this issue by clicking
Apply (instead of OK) to perform the edit action first, then clicking Return to change
the portlet mode back to View mode.Portlet developers can avoid the issue occurring
by editing the code for the generated Edit Defaults mode (in the edit_defaults.jspx
file) and Edit mode (in the edit.jspx file) and removing the code for the OK button so
that end users are forced to use the Apply button instead.
14.1.10 Fallback Support for Custom Translations
There is no fallback support for custom translations. For example, if you create a
custom translations file named scope-resource-bundle_fr.xlf and the space
language setting is country-specific (fr-FR), the custom translation file is not used
because Spaces is looking for scope-resource-bundle_fr-FR.xlf.As a workaround,
copy _fr xlf and include the country specification in the names of the custom
translation files (for example, scope-resource-bundle_fr-FR.xlf).
14.1.11 Spaces Do Not Display Correct Language When the Spaces Application is
Accessed Using OAM
When users access the Spaces application through OAM, spaces do not display the
language selected on the OAM login page. The Spaces application does not use the
same xlf file name standard as OAM.
14.1.12 Announcement Publication Format can be Incorrect in Thai
When the display language is set to Thai, the announcement publication format can be
incorrect. This happens when announcements are opened to edit and are then saved,
even if nothing in the announcement itself is updated.
14.1.13 Favorite Based on Seeded Page Lost When Language Preference Changed
from en-US
If you add a seeded page, such as the Activities page, to your list of Favorites, and
then change your preferred application language from en-US using Preferences, the
favorite seeded page cannot be found.
14.1.14 The Run as Servlet Link on Producer Test Page Does Not Work for JSF Portlet
You can create a JSF portlet (that is, a portlet that uses the Oracle JSF Portlet Bridge)
using the Create JSR 286 Java Portlet Wizard by selecting the Generate ADF-Faces
JSPX implementation method on the third step of the wizard.
If you create a JSF portlet in this way, you may find that clicking the Run as Servlet
link on the portlet's Producer Test Page produces an error. The portlet itself, however,
runs correctly.
Oracle WebCenter Portal 14-5
General Issues and Workarounds
To avoid this issue, add the ADF Page Flow scope to the project that contains the
portlet. For information, see the section "Adding and Removing Technology Scopes" in
Oracle Fusion Middleware Developer's Guide for Oracle WebCenter.
14.1.15 Using OpenSocial Pagelets to Post Activities to User's Activity Stream
Pagelets based on OpenSocial gadgets are not able to post activities to a user's activity
stream. To implement a temporary solution, grant User Profile 'edit' permission to
Oracle WebCenter Portal's Pagelet Producer using the following WLST/WSAdmin
command:
grantPermission(appStripe="pagelet-producer",
principalClass="oracle.security.jps.internal.core.principals.JpsAuthenticatedRoleI
mpl", principalName="authenticated-role",
permClass="oracle.webcenter.peopleconnections.profile.security.ProfilePermission",
permTarget="/oracle/webcenter/peopleconnections/profile/s8bba98ff_4cbb_40b8_beee_
296c916a23ed/.*", permActions="view,edit")
After running the command, restart the Pagelet Producer server.
14.1.16 Accessing Owners' Profile Information Using the OpenSocial API
To access owners' Profile/Activities/Friends information using the OpenSocial API
with Oracle WebCenter Portal's Pagelet Producer, you must target the WebCenterDS
data source to the WC_Portlet managed server as described in the Oracle Fusion
Middleware Administrator's Guide for Oracle WebCenter. After saving this configuration,
Activities and Friends information can be fetched, but Profile information is not
returned. To access Profile information, restart the WC_Portlet managed server.
14.1.17 Granting View Document Permissions to Public and Authenticated Users for a
Hierarchical Space
When you grant the View Document permission to the Public-User and
Authenticated-User roles on a hierarchical space, equivalent "Read" permissions are
not set correctly in Content Server. If you want public users and authenticated users to
have View Document permissions on a space, you do not need to grant the permission
to both the roles separately. When you grant the View Document permission to public
users, authenticated users inherit the View Document permission automatically.
If you want to revoke View Document permissions from public users but grant View
Document permissions to authenticated users, then revoke the permission from the
Public-User role and add it for the Authenticated-User role.
14.1.18 Issues when Using the Russian or Swedish Language
In the Spaces application when the language is set to Russian, you cannot perform
certain user management tasks for spaces, including adding a new user to a space,
inviting a registered user to a space, and modifying or revoking a user's role
assignment.
If the language is set to Swedish, the Roles page under Spaces Administration is not
accessible.
14.1.19 Conditions for Deleting Messages from the Activity Stream
Users can delete only messages from the Activity Stream that were entered from the
Publisher task flow and include a link. (In other words, messages in the Activity
14-6 Release Notes
General Issues and Workarounds
Stream that were not entered via the Publisher and do not include a link cannot be
deleted.)Users can delete only messages with a link from the Activity Stream. Other
activity stream entries, such as notifications of page creations, cannot be deleted.
14.1.20 Configuring Web Services Security for Discussions Server
In Release 11.1.1.7.0, discussions server is shipped with no message protection for Web
Service interaction between discussions server and Spaces; this allows you to use
discussions server without any further configuration. However, after patching your
Oracle WebCenter 11.1.1.4.0 or earlier version, if you encounter WS-Security-related
errors, you must reconfigure the discussions server security settings. For information,
see the "Configuring Security Policies for Spaces, Discussions, and Portlet Producer
Web Service End Points" section in Oracle Fusion Middleware Patching Guide.
14.1.21 Unable to View Entire Content on iPad as Scrollbars Not Displayed
The Apple iOS platform does not display scrollbars. When you view a page on an
iPad, content may appear truncated because scrollbars are not displayed. Also, iFrame
components ignore dimensions on iPad. To view the entire content area, use the
two-finger scroll gesture on your iPad.
14.1.22 RSS Links Not Working Properly on iPad
The Apple iOS platform renders RSS links by loading them through the site
reader.mac.com. If the WebCenter Portal instance is not accessible outside your
firewall, RSS links cannot be viewed.
14.1.23 Cannot Upload Content Using iPad
The Apple iOS platform does not support a native file system browser. Therefore, you
cannot upload content from an iPad. All upload actions, such as publish, upload, and
share are disabled or hidden when you access WebCenter Portal from an iPad.
14.1.24 Cannot Copy Text Displayed on Pages
If you access a page through an iPad, you cannot copy the text displayed on the page.
This is a limitation from the Apple iOS platform.
14.1.25 Embedded Images Not Rendered
The Mail task flow does not render embedded images. If an email contains inline
images, they are shown as attachments, and not within the message body.
14.1.26 Unable to Check Out a Document When Using Firefox First Time
The first time you access WebCenter Portal using the Mozilla Firefox browser, and
attempt to open a document using Desktop Integration over an SSL or HTTPS
connection, you will receive a warning that the certificate is not trusted, even if the
environment has a valid certificate. You can open the document, but cannot check in or
check out the document from within a Microsoft Office application. However,
subsequent use of Desktop Integration through the Firefox browser will work as
expected and you will be able to check documents in and out from within a Microsoft
Office application.
Oracle WebCenter Portal 14-7
General Issues and Workarounds
14.1.27 Navigating in the Preferences Dialog in Internet Explorer 9 (Accessibility Issue)
When using only the keyboard in WebCenter Portal in Internet Explorer 9, on the
General Preferences page in the Preferences dialog, the Expression Editor dialog loses
cursor focus after a value is changed using the down arrow key. The cursor focus goes
back to the General Preferences page instead of the Expression Editor dialog. To work
around this issue, use Internet Explorer 8 or any other supported browser like Safari
23.x or Firefox 10.x.
14.1.28 Web Clipping Portlet is Deprecated
The Web Clipping portlet is deprecated in Release 11g (11.1.1.7.0) and should not be
used. Instead, create a clipper pagelet using Oracle WebCenter Portal's Pagelet
Producer.
14.1.29 Messages Displayed During Import or Export Appear Incomplete (Accessibility
Issue)
While accessing WebCenter Portal: Spaces using Internet Explorer 10, progress
messages displayed during import or export space appear incomplete. To workaround
this issue, click the browser compatibility icon next to the address bar to enable
browser compatibility.
14.1.30 Deployment Fails Because Versioned Applications Are Not Supported
Application versioning is no longer supported by default for ADF applications. Upon
initial deployment, an existing 11.1.1.6.0 (or earlier) or new application (11.1.1.7.0 or
later) deploys successfully regardless of the application's versioning. However, when
redeploying an unversioned application from JDeveloper 11.1.1.7.0 to a WebLogic
Server where a versioned instance of that application is already running, deployment
will fail. This is because the server is already running a versioned instance and
WebLogic Server does not allow deploying an unversioned instance of the same
application. You will see an error message like this:
Weblogic Server Exception:
weblogic.management.ManagementException: [Deployer:149082]You cannot deploy
application 'Application1_application1' without version. The application was
previously deployed with version 'V2.0'.
To resolve this issue, undeploy the versioned application first and then deploy the
unversioned application.
14.1.31 Some Formatting Lost in Rich Text Editor When Shifting from Rich Text or
HTML to Wiki Markup
In the Rich Text Editor, if you switch from the Rich Text or HTML pane to the Wiki
Markup pane, you might encounter formatting issues. For example, only the image
source and title properties or attributes are saved when switching to Wiki Markup.
14.1.32 Unable to Access All Nodes in a Large Navigation Model
If you have a navigation model with many nodes, depending on the page template
used for your portal, you may not be able to access all those nodes when you render
that navigation model in a page. If there are more nodes than fit in the area of the page
template used for navigation, a >> icon provides access to a drop-down list of the
remaining nodes. However, if this drop-down list is longer than the available screen
14-8 Release Notes
Documentation Errata
size, you will not be able to access the nodes at the end of the list. For example, this
situation may arise if you are using a page template where the navigation is displayed
in a bar along the top of the page.
To work around this issue, consider using a different page template that displays
navigation down the side of the page. Alternatively, you can use folders in your
navigation model to group similar nodes together and reduce the number of nodes
displayed at any one level of the navigation model.
14.2 Documentation Errata
This section describes documentation errata. It includes the following topic:
■
Section 14.2.1, "Oracle SES Active Connection"
■
Section 14.2.2, "Extending the Spaces Application Using JDeveloper"
■
Section 14.2.3, "Using Spaces Extension Samples Whitepaper"
■
Section 14.2.4, "Microsoft Exchange Server 2010 Not Supported"
■
Section 14.2.5, "Presence Servers Supported for the IMP Service"
14.2.1 Oracle SES Active Connection
In Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter, in "Table 22-3
Oracle SES Connection - Name", the definition of Active Connection should read as
follows:
"Select to use the Oracle SES instance defined on this connection as your search
platform for your WebCenter Portal application. While you can register multiple
Oracle SES connections for an application, only one connection is used—the default (or
active) connection."
14.2.2 Extending the Spaces Application Using JDeveloper
If you want to develop custom resources or build custom shared libraries for the
Spaces application (11.1.1.7.0) you must use Oracle JDeveloper 11.1.1.7.0 to develop
your extensions.
In Oracle Fusion Middleware Developer's Guide for Oracle WebCenter, section
"Downloading a Workspace for Spaces Development" incorrectly states to use Oracle
JDeveloper 11.1.1.6.0. Specifically, step 2 should read as follows:
"Step 2 Download and install Oracle JDeveloper 11g (11.1.1.7.0).
Oracle JDeveloper 11g (11.1.1.7.0) is available for download from:
http://www.oracle.com/technetwork/developer-tools/jdev/downloads
/index.html"
14.2.3 Using Spaces Extension Samples Whitepaper
In Oracle Fusion Middleware Developer's Guide for Oracle WebCenter, section "Deploying
Your Own Custom Code and Task Flows in Shared Libraries" incorrectly refers to the
accompanying whitepaper as "Using Spaces Extension Samples (11.1.1.6.0)". For
WebCenter Portal 11.1.1.7.0, you must refer to the whitepaper "Using Spaces Extension
Samples (11.1.1.7.0)".
Oracle WebCenter Portal 14-9
Documentation Errata
14.2.4 Microsoft Exchange Server 2010 Not Supported
In Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter, the
"Configuring Microsoft Exchange Server 2007 or 2010 for WebCenter Portal" section
and the "Third-Party Product Integration" appendix incorrectly specify Microsoft
Exchange Server 2010 as a supported mail server. Microsoft Exchange Server 2010 is
not certified for use with Oracle WebCenter Portal.
14.2.5 Presence Servers Supported for the IMP Service
In Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter the "Microsoft
Live Communications Server (LCS) Prerequisites" section and the "Third-Party
Product Integration" appendix do not provide complete product details about the
presence servers supported by the Instant Messaging and Presence (IMP) service. You
can configure any of the following servers as the communication server for the IMP
service:
■
Microsoft Office Live Communications Server (LCS) 2005 R2
■
Microsoft Office Communications Server (OCS) 2007 SP1
■
Microsoft Lync 2010
14-10 Release Notes
Part VII
Part VII
Oracle SOA Suite and Business Process
Management Suite
Part VII contains the following chapters:
■
Chapter 15, "Oracle SOA Suite, Oracle BPM Suite, and Common Functionality"
■
Chapter 16, "Web Services Development, Security, and Administration"
15
Oracle SOA Suite, Oracle BPM Suite, and
Common Functionality
15
To view the latest known issues associated with Oracle SOA Suite, BPM Suite, and
related SOA technologies, go to Oracle Technology Network (OTN) at
http://www.oracle.com/technetwork/middleware/docs/soa-aiafp-know
nissuesindex-364630.html. These known issues documents include the
following products:
■
Oracle Adapter for Oracle Applications (Oracle E-Business Suite Adapter)
■
Oracle AIA Foundation Pack
■
Oracle Application Adapters for Oracle WebLogic Server
■
Oracle Application Server Legacy Adapters
■
Oracle B2B
■
Oracle BPEL Process Manager
■
Oracle Business Activity Monitoring
■
Oracle Business Process Management
■
Oracle Business Rules
■
Oracle Complex Event Processing
■
Oracle Enterprise Repository
■
Oracle Human Workflow
■
Oracle Mediator
■
Oracle Service Bus
■
Oracle SOA Suite and Oracle BPM Suite Common Functionality
■
Oracle Technology Adapters
Oracle SOA Suite, Oracle BPM Suite, and Common Functionality 15-1
15-2 Release Notes
16
Web Services Development, Security, and
Administration
16
This chapter describes issues associated with Web services development, security, and
administration, including Oracle Web Services Manager.
It includes the following topics:
■
Section 16.1, "Using Multibyte User Credentials with wss_http_token_* Policy"
■
Section 16.2, "Performing a Bulk Upload of Policies"
■
Section 16.3, "Reviewing Policy Configuration Override Values After Detaching a
Client Policy"
■
Section 16.4, "Removing Post-deployment Customizations"
■
Section 16.5, "Reviewing Localization Limitations"
■
■
■
■
■
■
Section 16.6, "When Using WLST to Import a Security Policy, the Same Policy May
Be Repeatedly Imported"
Section 16.7, "Identity in WSDLs Is Not Used for Enforcement with ADF DC
Applications"
Section 16.8, "Fusion Middleware Control Does Not List Policies When Two
Servers Are SSL Enabled (Two-way SSL)"
Section 16.9, "Web Service Test Page Cannot Test Input Arguments Bound to SOAP
Headers"
Section 16.10, "When Adding SAML Issuer From Fusion Middleware Control the
jps-config.xml File Is Incorrectly Updated"
Section 16.11, "Patching of Patch Set 1 WebLogic Server Web Services Attached to
Custom Polices With Patch Set 3 Oracle WSM Policy Manager"
■
Section 16.12, "Custom Policy Fails When an Empty Subject Is Passed"
■
Section 16.13, "Possible Limitation When Using Custom Exactly-one Policies"
■
■
Section 16.14, "Ignore "Services Compatibility" Error for Security Policies Used
Between Oracle WSM and WebLogic Server"
Section 16.15, "Compatible Policies Not Returned When Using JDeveloper Wizard
to Attach Oracle WSM Policies to Web Service Client"
■
Section 16.16, "SAML Bearer Token Policies Now Signed by Default"
■
Section 16.17, "Security Policies Do Not Work on Subscriber Mediator Component"
■
Section 16.18, "Policy Table Might Not Show Attached Policies for Some Locales"
Web Services Development, Security, and Administration 16-1
Using Multibyte User Credentials with wss_http_token_* Policy
■
Section 16.19, "Manual Step Required to Uptake Changes in Predefined Policy"
■
Section 16.20, "Usage Tracking Not Enabled for WebLogic Web Service Client"
■
■
■
Section 16.21, "Do Not Attach a Permitall and Denyall Policy to the Same Web
Service"
Section 16.22, "Additional Quotes in Fusion Middleware Control for Run-time
Constraint Input from WLST"
Section 16.23, "Scoped Configuration Override Persists for Subsequent References
to the Same Policy"
■
Section 16.24, "New Default Settings for Policies"
■
Section 16.25, "Restart Applications to Get an Accurate Policy Usage Count"
■
■
■
■
■
■
■
Section 16.26, "Kerberos Policy Enforcement Throws an "Unable to Obtain
Password from User" Error"
Section 16.27, "The migrateAttachments WLST Command Fails for WebLogic
JAX-WS Web Services"
Section 16.28, "A Null Pointer Exception Could be Thrown When Verifying a
SOAP Message Signature"
Section 16.29, "checkWSMstatus() WLST Command Fails Against a Domain When
wsm-pm Targets Multiple Servers"
Section 16.30, "Performance Improvements in Web Services Policy Pages"
Section 16.31, "Cross-Domain Policy Manager Configuration is Not Supported in
this Release"
Section 16.32, "The setWebServicePolicyOverride WLST Command Does Not
Apply to JAVA EE (WebLogic) Web Services"
Note: For WebLogic Web Services, see Section 13.36, "Web Services
and XML Issues and Workarounds."
16.1 Using Multibyte User Credentials with wss_http_token_* Policy
In this release, multibyte user credentials are not supported for the wss_http_token_*
policies. If multibyte user credentials are required, use a different policy, such as wss_
username_token_* policy. For more information about the available policies, see
Appendix B "Predefined Policies" in the Oracle Fusion Middleware Security and
Administrator's Guide for Web Services.
16.2 Performing a Bulk Upload of Policies
When performing a bulk import of policies to the MDS repository, if the operation
does not succeed initially, retry the operation until the bulk import succeeds.
For the most part, this can occur for an Oracle RAC database when the database is
switched during the metadata upload. If there are n databases in the Oracle RAC
database, then you may need to retry this operation n times.
For more information about bulk import of policies, see "Migrating Policies" in the
Oracle Fusion Middleware Security and Administrator's Guide for Web Services.
16-2 Release Notes
When Using WLST to Import a Security Policy, the Same Policy May Be Repeatedly Imported
16.3 Reviewing Policy Configuration Override Values After Detaching a
Client Policy
If you attach a policy to a client, override policy configuration values, and
subsequently detach the policy, the policy configuration override values are not
deleted. When attaching new policies to this client, ensure that you review the policy
configuration override values and update them appropriately.
16.4 Removing Post-deployment Customizations
When the connections.xml file is changed after deployment using the AdfConnection
MBean, the complete connection is saved as a customization. This means that changes
to the connection in a redeployed application are overwritten by the customization.
When you use Fusion Middleware Control to make changes to an application's
connections.xml file after deployment, a new connections.xml file is created as a
customization and stored in the MDS repository. This customization persists for the
life of the application. Therefore, if you redeploy the application, the customized
connections.xml file continues to be applied as a customization on the application.
To allow the redeployed application's connections.xml file to be applied without the
prior customization (from Fusion Middleware Control), you must explicitly remove
the connections.xml customizations from the MDS repository.
For example, if you deploy an application with a Web services data control, then use
Fusion Middleware Control to attach the 'username token client policy', and
subsequently detach the policy. Then, you return to JDeveloper to edit the application
and attach the 'http token client policy', and redeploy the application. When you view
the application using Fusion Middleware Control, you see that it is not using the 'http
token client policy' that you attached. That is because it is using the customized
connections.xml file that you previously created using Fusion Middleware Control.
If you remove the connections.xml customizations from the MDS repository, the
application will use the its own connections.xml file.
16.5 Reviewing Localization Limitations
The following information is supported in English only in this release of Oracle
Enterprise Manager:
■
■
■
All fields in the policy and assertion template except the orawsp:displayName
field.
If using the ?orawsdl browser address, the orawsp:description field.
In the System MBean browser, the Description field in the oracle.wsm.upgrade
Mbean.
16.6 When Using WLST to Import a Security Policy, the Same Policy May
Be Repeatedly Imported
When WLST is used to import a security policy, be aware that the same policy may be
repeatedly imported.
Web Services Development, Security, and Administration 16-3
Identity in WSDLs Is Not Used for Enforcement with ADF DC Applications
16.7 Identity in WSDLs Is Not Used for Enforcement with ADF DC
Applications
For ADF DC applications, the identity extension in a WSDL (for example, the
certificate published in the WSDL), cannot be used as a recipient certificate for
message protection policies. Instead, either the recipient key alias (declarative
configuration override) or the default recipient key alias specified in the policy are
used.
16.8 Fusion Middleware Control Does Not List Policies When Two
Servers Are SSL Enabled (Two-way SSL)
When a Managed Server is Two-way enabled SSL (for example, a SOA server hosting
Oracle WSM Policy Manager over Two-way SSL) and the Administration Server
hosting Fusion Middleware Control is correctly configured to access the Two-way
SSL-enabled Managed Server, Fusion Middleware Control still does not list the Oracle
WSM policies.
16.9 Web Service Test Page Cannot Test Input Arguments Bound to
SOAP Headers
For Web services that have any input arguments bound to SOAP headers, the Test Web
Service page in the Fusion Middleware Control console cannot show the message.
Therefore, such operations cannot be tested with the Test Web Service page.
For example, if the input for a multi-part WSDL is viewed through Fusion Middleware
Control, and one input argument is bound to a SOAP header, the composite instance
fails with the following exception because the other part of the message was missing in
the input:
ORAMED-01203:[No Part]No part exist with name "request1" in source message
To resolve such an issue, select XML View for Input Arguments and edit the payload
to pass input for both parts of the WSDL.
16.10 When Adding SAML Issuer From Fusion Middleware Control the
jps-config.xml File Is Incorrectly Updated
In release 11g R1 (11.1.1.1.0), when you try to add or edit a trusted issuer from the
Fusion Middleware Control console, then the jps-config.xml file is incorrectly
updated. As a workaround for this issue, Oracle recommends upgrading to 11g R1
Patch Set 2 (11.1.1.3.0).
16.11 Patching of Patch Set 1 WebLogic Server Web Services Attached to
Custom Polices With Patch Set 3 Oracle WSM Policy Manager
Due to a new feature in 11g R1 Patch Set 2 (11.1.1.3.0), the "Shared policy store for
Oracle Infrastructure Web services and WebLogic Server Web services", WebLogic
Server Web services now utilize the Policy Manager by default to retrieve policies from
the MDS repository. In Patch Set 1, WebLogic Server Web services used classpath mode
by default.
After patching your Oracle Fusion Middleware 11g R1 software installation to Patch
Set 2, if you have attached a custom Oracle WSM policy to a WebLogic Server Web
16-4 Release Notes
Ignore "Services Compatibility" Error for Security Policies Used Between Oracle WSM and WebLogic Server
service, you need to make sure your custom policy is stored in the MDS repository.
Note that only custom policies in use need to be migrated. All seed policies will be
available in the MDS repository out-of-the-box.
To migrate policies to the Metadata Services (MDS) repository, see "Maintaining the
MDS Repository" in the Security and Administrator's Guide for Web Services.
16.12 Custom Policy Fails When an Empty Subject Is Passed
If an empty subject is passed to a custom policy, it fails with a generic error. To work
around this issue, you can create and set an anonymousSubject inside the execute
method of the custom step. For example:
javax.security.auth.Subject subject =
oracle.security.jps.util.SubjectUtil.getAnonymousSubject();
context.setProperty(oracle.wsm.common.sdk.IMessageContext.SECURITY_
SUBJECT,subject)
Note that in this example the context is of Type oracle.wsm.common.sdk.IContext
16.13 Possible Limitation When Using Custom Exactly-one Policies
In some cases, there can be a limitation when using custom Exactly-one policies. For a
set of assertions within the exactly-one policy, if a request message satisfies the first
assertion, then the first assertion gets executed and a response is sent accordingly.
However, this may not be the desired behavior in some cases because the request may
be intended for the subsequent assertions.
For example, you may have a client policy that has Timestamp=ON and a service
exactly-one policy that has a wss11 username token with message protection
assertions: the first has Timestamp=OFF; the second has Timestamp=ON. Therefore, the
first assertion in the service exactly-one policy is not expecting the Timestamp in the
request, yet the second assertion does expect it. In this case, the first assertion gets
executed and the response is sent with no Timestamp. However, the client-side
processing then fails because it expects the Timestamp that was sent in the request.
This limitation can exist with any cases where a client policy expects a greater number
of elements to be signed and a service policy does not.
16.14 Ignore "Services Compatibility" Error for Security Policies Used
Between Oracle WSM and WebLogic Server
Fusion Middleware Control may display a false error message when verifying
compatibility of service policies. This incompatibility message is shown when using
Enterprise Manager to attach an Oracle WSM Security client policy. Upon clicking the
Check Services Compatibility, a message states that policies are incompatible despite
the fact that these might be compatible.
Workaround:
If WSM policies are attached at the Web service endpoint, use the corresponding client
policy. For example, if the service has wss11_saml_or_username_token_with_
message_protection_service_policy, wss11_saml_token_with_message_protection_
client_policy or wss11_username_token_with_message_protection_client_policy will
work at the client side. If non-WSM policies are attached to the Web Service, see the
Interoperability Guide for Oracle Web Services Manager for information about the
corresponding client policy and attach it.
Web Services Development, Security, and Administration 16-5
Compatible Policies Not Returned When Using JDeveloper Wizard to Attach Oracle WSM Policies to Web Service Client
16.15 Compatible Policies Not Returned When Using JDeveloper Wizard
to Attach Oracle WSM Policies to Web Service Client
During design time, the JDeveloper Wizard's option for Attaching Oracle WSM
Policies to Web Service Clients might not return any compatible policies. This can
occur due to one of the following reasons:
■
■
There are no compatible client policies corresponding to the service policies
published in the WSDL.
In some cases, when you are trying to determine the compatible client policies in
version 11.1.1.4 of JDeveloper running with Fusion Middleware Control Enterprise
Manager that correspond to the service policies published in the WSDL of the Web
service in version 11.1.1.3 or earlier.
Workaround:
Disable the Show only the compatible client policies for selection option in the
JDeveloper Wizard. This will list all the client policies.
If Oracle WSM policies are attached to the Web service, use the corresponding client
policy. For example, if the service has the policy wss11_saml_or_username_token_
with_message_protection_service_policy, it is safe to assume that wss11_saml_token_
with_message_protection_client_policy or wss11_username_token_with_message_
protection_client_policy will work at the client side.
If WSM policies are not attached to the Web service, refer to the Interoperability Guide for
Oracle Web Services Manager for instructions on determinant the corresponding client
policy and attaching it.
16.16 SAML Bearer Token Policies Now Signed by Default
A new property, saml.enveloped.signature.required, is available when configuring
wss_saml_token_bearer_over_ssl policies (both client and service). In releases prior to
11.1.1.4, the SAML bearer token was unsigned by default. In the 11.1.1.4 release and
later, the SAML bearer token is signed because the default value for the
saml.enveloped.signature.required property is true.
To retain the behavior of the releases prior to 11.1.1.4, set the
saml.enveloped.signature.required property to false in both the client and service
policies. The SAML bearer token is signed using the domain sign key, but it can be
overridden using the keystore.sig.csf.key property set in the bearer client policy.
The affected policies are:
■
wss_saml20_token_bearer_over_ssl_client_policy
■
wss_saml_token_bearer_over_ssl_client_policy
■
wss_saml20_token_bearer_over_ssl_service_policy
■
wss_saml_token_bearer_over_ssl_service_policy
16.17 Security Policies Do Not Work on Subscriber Mediator Component
Component Authorization denyall policy does not work at subscriber mediator
component. Authorization policy works for other normal mediator component cases.
16-6 Release Notes
Additional Quotes in Fusion Middleware Control for Run-time Constraint Input from WLST
16.18 Policy Table Might Not Show Attached Policies for Some Locales
Select the Web service application in Fusion Middleware Control and navigate to the
Web service endpoint. Attach a policy to the endpoint in the Attach/Detach page.
Sometimes the Directly Attached Polices table might not display the attached policies
for the following locales: zh-cn, zh-tw, ja, pt-br, es, fr, ko.
As a workaround, enlarge the columns.
16.19 Manual Step Required to Uptake Changes in Predefined Policy
The oracle/wss11_saml_or_username_token_with_message_protection_service_policy
now includes five assertions as described in "Configuring a Policy With an OR Group"
in Oracle Fusion Middleware Security and Administrator's Guide for Web Services:
■
wss_saml_token_bearer_over_ssl (new)
■
wss_username_token_over_ssl (new)
■
wss_http_token_over_ssl (new)
■
wss11_saml_token_with_message_protection (existing)
■
wss11_username_token_with_message_protection (existing)
To take advantage of these additional assertions, you need to upgrade the Oracle WSM
policies in the repository using the resetWSMPolicyRepository(false) WLST
command. Note that executing this command will upgrade all of the predefined
policies to the latest version provided in 11.1.1.6. For additional information, see
"Upgrading the Oracle WSM Policies in the Repository" in Oracle Fusion Middleware
Security and Administrator's Guide for Web Services.
16.20 Usage Tracking Not Enabled for WebLogic Web Service Client
In this release, usage tracking and analysis is not provided for WebLogic Java EE Web
service clients.
16.21 Do Not Attach a Permitall and Denyall Policy to the Same Web
Service
Although you can attach multiple authorization policies to the same Web service, you
should not attach both a permitall and denyall policy. If you do so, however, the
combination validates successfully in this release.
Workaround:
Do not attach a permitall and denyall policy to the same Web service. For more
information about authorization policies, see "Authorization Policies and
Configuration Steps" in Oracle Fusion Middleware Security and Administrator's
Guide for Web Services.
16.22 Additional Quotes in Fusion Middleware Control for Run-time
Constraint Input from WLST
When you specify a run-time constraint using WLST, as described in "Specifying
Run-time Constraints in Policy Sets" in Oracle Fusion Middleware Security and
Administrator's Guide for Web Services, you must specify the constraint using quotes, for
example setPolicySetConstraint('HTTPHeader("VIRTUAL_HOST_TYPE",
Web Services Development, Security, and Administration 16-7
Scoped Configuration Override Persists for Subsequent References to the Same Policy
"external")'). If you then use Fusion Middleware Control to view and edit the policy
set constraint, the constraint is shown with the quotes in the Constraint Name and
Constraint Value fields. You need to remove the quotes in these fields.
16.23 Scoped Configuration Override Persists for Subsequent
References to the Same Policy
When using a scoped configuration override for the server side identity/encryption
key (keystore.enc.csf.key) with a message protection policy, the override value is
stored in the policy. Because the policy is cached, any subsequent references to this
policy by other services will contain the override value. Therefore, the results will not
be as expected.
Two examples of this scenario are as follows:
■
■
An Oracle Infrastructure Web service has an attached message protection service
policy. Both the service identity (service public encryption key,
keystore.enc.csf.key) and the service message protection policy are advertised in
the service WSDL. If the service encryption key is overwritten, using the global
setPolicySetOverride command for example, then the scoped overwritten value
for the keystore.enc.csf.key property that was intended for the specific
attachment/reference of the initial service may affect other services
attachments/references to the same policy.
A SOA service composite has an attached message protection service policy and
both the service identity (server public encryption key keystore.enc.csf.key)
and the service message protection policy are advertised in the service WSDL. If
the service encryption key is overwritten, for example, using JDeveloper to
override keystore.enc.csf.key while building the service composite, then the
scoped overwritten value for the keystore.enc.csf.key property that was
intended for the specific attachment/reference of the initial service may affect
other services attachments/references to the same policy.
Workaround
The recommended workaround is to perform a cache refresh when possible. For
example, if a policy attachment/reference has a scoped override for the property
keystore.enc.csf.key and it has been enforced or advertised once, the cached policy
contains the override, however the original policy in the repository is not affected. To
clear the override you can refresh the cache using methods such as restarting the
server, redeploying the application, modifying the policy using Fusion Middleware
Control, and so on.
In some scenarios, however, a cache refresh is not feasible. For example, if a service
with a policy attachment/reference has a scoped override for the property
keystore.enc.csf.key and it is enforced before other services that reference the same
policy in a flow of execution that does not allow time for a manual cache refresh, then
the policy in the cache referenced by the subsequent services contains the
configuration override. For example, in an asynchronous service where the same
policy is attached to both the asynchronous request and the asynchronous callback
client, and only the asynchronous request attachment/reference has the override (the
asynchronous callback does not), the asynchronous callback policy enforcement
happens after the asynchronous request. In this case, the callback client accesses the
policy in the cache that contains the configuration override. Since there is no
opportunity to refresh the cache, there is no workaround available.
16-8 Release Notes
The migrateAttachments WLST Command Fails for WebLogic JAX-WS Web Services
16.24 New Default Settings for Policies
For the following predefined policies, the default values for the Nonce Required and
Creation Time Required settings are set to False in this release (these settings were
True in past releases):
■
wss_saml_or_username_token_over_ssl_service_policy
■
wss_username_token_over_ssl_service_policy
■
wss11_saml_or_username_token_with_message_protection_service_policy
Users should take into consideration that the nonce and created elements in the
username token will be ignored by the service policy. This change, however, will not
impact the security of your Web service. If you wish to maintain the old behavior,
create a copy of the policy and set the values to True, as described in "Creating a Web
Service Policy from an Existing Policy" in Oracle Fusion Middleware Security and
Administrator's Guide for Web Services.
For more information about the policies, see "Predefined Policies" in Oracle Fusion
Middleware Security and Administrator's Guide for Web Services.
If policy advertisement is configured to use WS-SecurityPolicy
version 1.3, as described in "Policy Advertisement" Oracle Fusion
Middleware Security and Administrator's Guide for Web Services, then no
compatible client policy will be returned, but the runtime will be
compatible. With default advertisement (for example, wssp1.1), client
compatibility will operate as expected.
Note:
16.25 Restart Applications to Get an Accurate Policy Usage Count
If a policy that is being referred to by a Web Service is deleted and then re-imported,
then its usage count will not be correct and application(s) must be restarted to obtain
an accurate usage count.
16.26 Kerberos Policy Enforcement Throws an "Unable to Obtain
Password from User" Error
This issue can occur if a Java EE client and service are using different keytabs, and
both the client and the service are in same server. In this case, When the client invokes
a Java EE service which is protected with Kerberos authentication policy, an "Unable to
Obtain Password from User" error can be thrown. The error is thrown because the
Krb5LoginModule implementation provided by the JDK caches only a single keytab.
To work around this issue, put the client and the service principal into a single keytab.
This issue is not limited only to client and service pairs, but also to two Java EE clients
running in same server. Thus, in all such cases, only a single keytab should be created
that contains all of the required principals.
16.27 The migrateAttachments WLST Command Fails for WebLogic
JAX-WS Web Services
The migrateAttachments WLST command migrates direct (local) policy attachments
that are identical to the external global policy attachments that would otherwise be
attached to each policy subject in the current domain.
Web Services Development, Security, and Administration 16-9
A Null Pointer Exception Could be Thrown When Verifying a SOAP Message Signature
In PS6, the migrateAttachments command will fail and throw an exception if the
WebLogic Server JAX-WS Web service is deployed into the current domain.
If the current domain does not have any deployed WebLogic
JAX-WS Web services, then this command will work correctly.
Note:
To work around this problem, follow these steps:
1.
Run the listWebServices(detail='true') command.
For more information about this command, see "listWebServices" in Oracle Fusion
Middleware WebLogic Scripting Tool Command Reference.
2.
From the output of the listWebServices command, determine which Web
services have the same directly attached policies as the global policy attachments.
3.
Run the detachWebServicePolicy command to remove the directly attached
policies for each Web service or Web service client identified in Step 2.
For more information about this command, see "detachWebServicePolicy" in
Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.
4.
Run the listWebServiceClients(detail='true') command.
For more information about this command, see "listWebServiceClients" in Oracle
Fusion Middleware WebLogic Scripting Tool Command Reference.
5.
From the output of the listWebServiceClients command, determine which Web
service clients have the same directly attached policies as the global policy
attachments.
6.
Run the detachWebServicePolicy command to remove the directly attached
policies for each Web service client identified in Step 5.
16.28 A Null Pointer Exception Could be Thrown When Verifying a SOAP
Message Signature
A Null Pointer Exception could be thrown when verifying the SOAP message
signature. This issue can be seen especially with message protection policies that use
higher algorithm suites, where the default XML namespace is defined in the SOAP
message. In the following example, http://www.oracle.com/sb/qa/config is the
default namespace:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns="http://www.oracle.com/sb/qa/config">
<soap:Header></soap:Header>
<soapenv:Body></soapenv:Body>
</soapenv:Envelope>
To work around this issue, do not use the default XML namespace in the SOAP
message.
16.29 checkWSMstatus() WLST Command Fails Against a Domain When
wsm-pm Targets Multiple Servers
The agent check does not perform correctly for scenarios where wsm-pm is targeted to
multiple servers or in a cluster. Also, the agent check does not perform correctly if the
t3 port and HTTP port are different.
16-10 Release Notes
The setWebServicePolicyOverride WLST Command Does Not Apply to JAVA EE (WebLogic) Web Services
To perform an agent check for these scenarios, you must explicitly provide the value of
the address argument. The address argument must be a valid HTTP URL with the
host name and the port name of the server on which wsm-pm is running.
16.30 Performance Improvements in Web Services Policy Pages
Performance improvements have been made to the Web Services Policy pages in
Fusion Middleware Control by removing the unnecessary role query.
16.31 Cross-Domain Policy Manager Configuration is Not Supported in
this Release
Configuration to a Policy Manager in a remote domain is not supported in this release.
Therefore, the procedures to connect to a remote Policy Manager, described in the
following topics in Oracle Fusion Middleware Security and Administrator's Guide for Web
Services, are not recommended in a production environment:
■
■
Configuring a Web Service on a Remote Policy Manager and Tuning the Policy
Cache
Configuring Web Service Policy Retrieval
16.32 The setWebServicePolicyOverride WLST Command Does Not
Apply to JAVA EE (WebLogic) Web Services
In this release, the setWebServicePolicyOverride command, as described in "Web
Services Custom WLST Commands" in Oracle Fusion Middleware WebLogic Scripting
Tool Command Reference, applies to Oracle Infrastructure Web Services and SOA
composites only. The wls module type is not supported.
Web Services Development, Security, and Administration 16-11
The setWebServicePolicyOverride WLST Command Does Not Apply to JAVA EE (WebLogic) Web Services
16-12 Release Notes
Part VIII
Part VIII
Communication Services
Part VIII contains the following chapters:
■
Chapter 17, "Oracle User Messaging Service"
■
Chapter 18, "Oracle WebLogic Communication Services"
17
Oracle User Messaging Service
17
This chapter describes issues associated with Oracle User Messaging Service. It
includes the following topics:
■
Section 17.1, "General Issues and Workarounds"
■
Section 17.2, "Configuration Issues and Workarounds"
17.1 General Issues and Workarounds
This section describes general issue and workarounds. It includes the following topics:
■
Section 17.1.1, "UMS Schema Purge Script Now Available"
■
Section 17.1.2, "Permission Grants for Upgraded Domains"
■
Section 17.1.3, "XML File Handle Left Open after Upload Fails"
■
Section 17.1.4, "Messages Metrics Rendered as Unavailable in the Performance
Page for User Messaging Server"
■
Section 17.1.5, "User Messaging Service URLs Unavailable After Restart"
■
Section 17.1.6, "User Preferences User Interface Renders Improperly"
■
Section 17.1.7, "UMS Cluster Failover May Lose Messages"
17.1.1 UMS Schema Purge Script Now Available
A UMS schema purge script is available for your download and use. You can access
the script and instructions for its use by contacting Oracle Support.
17.1.2 Permission Grants for Upgraded Domains
In order for Oracle User Messaging Service to run as a specific user, a code-based
permission grant is required. This grant is pre-seeded in WebLogic domains that are
created after the Fusion Middleware 11gR1 Patch Set 2 upgrade.
If you created a WebLogic domain prior to the Patch Set 2 upgrade, you must
manually add this grant by running the following Oracle Platform Security Services
(OPSS) WLST commands in online (connected) mode:
wls:/mydomain/serverConfig>
grantPermission(codeBaseURL="file:${ums.oracle.home}/communications/modules/oracle.sdp.client_
11.1.1/-",
permClass="oracle.security.jps.JpsPermission",permTarget="IdentityAssertion",
permActions="execute")
Oracle User Messaging Service 17-1
General Issues and Workarounds
wls:/mydomain/serverConfig>
grantPermission(codeBaseURL="file:${ums.oracle.home}/communications/modules/oracle.sdp.messaging_
11.1.1/-",
permClass="oracle.security.jps.JpsPermission",permTarget="IdentityAssertion",
permActions="execute")
See Oracle WebLogic Fusion Middleware Scripting Tool Command Reference for information
regarding grantPermission
17.1.3 XML File Handle Left Open after Upload Fails
If an error occurs when uploading a user messaging preferences XML file using the
WLST manageUserMessagingPrefs command, the XML file handle is left open. On the
Microsoft Windows platform, this file cannot be deleted until you exit the WLST shell.
17.1.4 Messages Metrics Rendered as Unavailable in the Performance Page for User
Messaging Server
When no metric data is found (for example when no messages have been sent or
received after server setup), the Metrics Performance page will display Unavailable.
This is not a problem with the software, and the Performance reporting is operating
properly. As soon as Send and Receive traffic exists, the Performance page will display
results normally.
17.1.5 User Messaging Service URLs Unavailable After Restart
Upon restarting the User Messaging Service server (usermessagingserver) from Oracle
Enterprise Manager Fusion Middleware Control or through Oracle WebLogic Console,
you may get an error: Error 503--Service Unavailable when attempting to access
any URLs served by the User Messaging Service server, such as the User Preferences
UI (/sdpmessaging/userprefs-ui) or the various Web Services endpoints. This error occurs
intermittently in cases when the Oracle WebLogic Server is heavily loaded (such as
with a SOA instance). To work around this issue:
■
■
Restart the User Messaging Service server again (two or more restarts may be
required).
If multiple User Messaging Service server restarts are not sufficient, then restart
the entire Oracle WebLogic Server instance.
17.1.6 User Preferences User Interface Renders Improperly
Intermittent UI rendering errors have been reported in some languages, due to the
generation of a corrupted .css file. If you experience problems, follow these steps to
work around the issue:
1.
Delete the cached, auto-generated .css file for the affected locale (or simply, all
locales) on the server located at DOMAIN_HOME/servers/<server_name>/tmp/_WL_
user/usermessagingserver/<random_name>/public/adf/styles/cache and
restart the usermessagingserver application using Oracle Enterprise Manager Fusion
Middleware Control. Have all users clear their browser caches.
The next time the UI is accessed from a browser, a new .css file will be generated
for the desired locale, and it is very likely that it will be a valid .css file. If not,
repeat this process a couple of times.
2.
17-2 Release Notes
If the previous solution does not work, disable content compression in the web.xml
file of the User Preferences Web Module located at DOMAIN_
Configuration Issues and Workarounds
HOME/servers/<server_name>/tmp/_WL_user/usermessagingserver/<random_
name>/sdpmessaginguserprefs-ui-web.war. In particular, extract web.xml, add
the following <context-param/> to it:
<context-param>
<param-name>org.apache.myfaces.trinidad.DISABLE_CONTENT_
COMPRESSION</param-name>
<param-value>true</param-value>
</context-param>
Then, re-archive it to the war module.
Finally, restart the usermessagingserver application using Oracle Enterprise
Manager Fusion Middleware Control.
17.1.7 UMS Cluster Failover May Lose Messages
Since XA is not supported for UMS in 11gR1PS6, UMS cluster failover may lose
messages.
17.2 Configuration Issues and Workarounds
This section describes configuration issues and their workarounds. It includes the
following topics:
■
■
Section 17.2.1, "Enable Extension Driver after Upgrade"
Section 17.2.2, "Preseeded Channel for Worklist and Pop-up Drivers Cannot be
Removed"
■
Section 17.2.3, "Worklist Driver Configuration"
■
Section 17.2.4, "Migrate Custom Business Terms After PS3 Patch"
■
Section 17.2.5, "Use Correct SSL Trust Store When Configuring Drivers"
■
■
Section 17.2.6, "User Messaging Service Driver Configuration Changes Not
Immediately Effective"
Section 17.2.7, "Email Notifications Sent Even if You Do Not Change Default
Parameters in driverconfig.xml"
17.2.1 Enable Extension Driver after Upgrade
When you upgrade to the current release, you must complete the following manual
configuration steps in order to enable use of the Extension driver:
1.
Stop all servers it the domain.
2.
Add this .jar file to the classpath of the domain:
$UMS_ORACLE_HOME/communications/modules/usermessaging-config_11.1.1.jar
This can be done by modifying the setDomainEnv.sh/setDomainEnv.cmd in the
domain's bin folder. That is, the POST_CLASSPATH variable is updated like this:
POST_CLASSPATH="${UMS_ORACLE_HOME}/communications/modules/usermessaging-config_
11.1.1.jar${CLASSPATHSEP}${POST_CLASSPATH}"export POST_CLASSPATH
3.
From the template .jar file at $UMS_ORACLE_
HOME/common/templates/applications/oracle.ums_template_11.1.1.jar
extract the .xml files:
Oracle User Messaging Service 17-3
Configuration Issues and Workarounds
/config/fmwconfig/usermessagingconfig.xml
/config/fmwconfig/mbeans/ums-mbeans.xml
4.
Copy these two .xml files into the domain's config and fmwconfig folders:
$DOMAIN_HOME/config/fmwconfig/usermessagingconfig.xml
$DOMAIN_HOME/config/fmwconfig/mbeans/ums-mbeans.xml
5.
Start the servers.
6.
Deploy the UMS Extension Driver by executing the WLST driver deployment
command. For example:
wls:/emsoa/serverConfig>
deployUserMessagingDriver(baseDriver='extension',appName='extension',
targets='soa_server1')
The UMS Extension Driver is now enabled.
17.2.2 Preseeded Channel for Worklist and Pop-up Drivers Cannot be Removed
If you deinstall the Worklist or Pop-up driver, the preseeded channel for these drivers
cannot be removed. The preseeded channel will remain available in your preference
list.
17.2.3 Worklist Driver Configuration
While following the Worklist Driver configuration instructions, you may see that
Oracle User Messaging Service for SOA in the Configuration Wizard is not selected,
leading you to think that it is not configured and that you must select and configure it.
This is not the case. The basic Oracle User Messaging Service is already configured,
along with a few UMS drivers.
Continue to follow the documented instructions, and disregard the fact that the Oracle
User Messaging Service for SOA option is unselected.
17.2.4 Migrate Custom Business Terms After PS3 Patch
After installing the PS3 patch, you must re-create any custom-built business terms
using Oracle Enterprise Manager Fusion Middleware Control. A copy of the
custom-built business terms is available at: $DOMAIN_
HOME/config/fmwconfig/servers/<ServerName>/applications/usermessagingserve
r/configuration/businessterms.xml.bak
Restart your servers after making any changes!
New, pre-seeded business terms have been introduced in this
release. Do not overwrite the upgraded (PS3) file with a PS1 backup
(the new terms will be lost, otherwise).
Note:
17.2.5 Use Correct SSL Trust Store When Configuring Drivers
Before configuring any User Messaging Service Driver (such as the Email Driver), to
connect to a remote gateway using SSL, ensure that the SSL Trust Store is properly
configured as described in "Configure Keystores" in Oracle Fusion Middleware Oracle
WebLogic Server Administration Console Online Help.
17-4 Release Notes
Configuration Issues and Workarounds
Ensure that the value of the JVM system property (javax.net.ssl.trustStore) set in
$DOMAIN_HOME/bin/setDomainEnv.sh (or Windows equivalent file) points to the
correct trust store that you want to use.The Java Standard Trust Store is located at:
$JAVA_HOME/jre/lib/security/cacerts or $BEA_JAVA_
HOME/jre/lib/security/cacerts
Note that with the default out-of-the-box configuration of SSL trust store, the UMS
driver will not be able to connect to the Oracle Beehive Email Server over SSL. To
resolve this issue, follow the instructions for using the correct SSL trust store.
Replacing the DemoTrust keystore in the setDomainEnv.sh file (or Windows equivalent
file) with the Java Standard SSL trust store will enable UMS email driver to connect
successfully over SSL to the Oracle Beehive Email Server.
17.2.6 User Messaging Service Driver Configuration Changes Not Immediately
Effective
When you change a driver's configuration and then restart the driver, the changes will
not take effect until all managed connections in the pool are destroyed (900 seconds [15
minutes] by default). Take one of these actions to ensure that the connections are
destroyed:
■
When performing driver configuration changes, stop the driver application and
wait for 15 minutes. Then re-start the driver application.
If you follow this recommendation and the wait time of 900
seconds (15 minutes) is too long, you can reduce the time using the
Oracle WebLogic Server Administration Console as follows:
Note:
1.
Click Deployments.
2.
Select the desired User Messaging Service Driver deployment.
3.
Click the Resource Adapter Type module.
4.
Click Configuration > Outbound Connection Pools.
5.
Click the DriverConnectionFactory group.
6.
Click Connection Pool.
7.
Edit the value of Shrink Frequency Seconds (for example, set to 120 seconds).
8.
Click Save, and save the changes to a deployment plan file when
prompted.
9.
Restart the User Messaging Service driver deployment to include the new
plan.
Remember that if Shrink Frequency is reduced to a short interval, it
may eventually have a negative impact on the performance of the
driver as idle connections will be recycled frequently.
OR
■
Restart the entire Oracle WebLogic Server after performing driver configuration
changes. The new changes will take effect immediately upon server re-start.
17.2.7 Email Notifications Sent Even if You Do Not Change Default Parameters in
driverconfig.xml
Instructions for notification configuration include setting your outgoing server
parameters. Please note that if you do not change the parameters (that is, if you leave
Oracle User Messaging Service 17-5
Configuration Issues and Workarounds
the default setting unchanged), notifications may still be sent. This is expected
behavior, but you should not rely on the default settings without verifying them. You
should set your parameters to ensure that they are correct.
17-6 Release Notes
18
Oracle WebLogic Communication Services
18
This chapter describes issues associated with Oracle WebLogic Communication
Services (OWLCS). It includes the following topics:
■
Section 18.1, "General Issues and Workarounds"
■
Section 18.2, "Configuration Issues and Workarounds"
■
Section 18.3, "Documentation Errata"
18.1 General Issues and Workarounds
This section describes general issue and workarounds. It includes the following topics:
■
■
■
■
Section 18.1.1, "Active SIP Session and APP Session Count Show as -1 in Clustered
Configuration"
Section 18.1.2, "Oracle WebLogic Server Pack/Unpack Tool Does Not Function in
OWLCS"
Section 18.1.3, "Oracle WebLogic Server Cloning Tool Does Not Function in
OWLCS"
Section 18.1.4, "Messages Metrics Rendered as Unavailable in the Performance
Page for User Messaging Server"
18.1.1 Active SIP Session and APP Session Count Show as -1 in Clustered
Configuration
In the Administration Console, the Monitoring -> General tab displays Undefined for
the Active SIP Session Count and Active Application Session Count attributes when
monitoring a replicated WebLogic SIP Server deployment. There is currently no
workaround for this problem.
18.1.2 Oracle WebLogic Server Pack/Unpack Tool Does Not Function in OWLCS
The Pack/Unpack tool in Oracle WebLogic Server does not work in this OWLCS
release. There is no workaround currently available.
18.1.3 Oracle WebLogic Server Cloning Tool Does Not Function in OWLCS
The Cloning tool in Oracle WebLogic Server does not work in this OWLCS release.
There is no workaround currently available.
Oracle WebLogic Communication Services 18-1
Configuration Issues and Workarounds
18.1.4 Messages Metrics Rendered as Unavailable in the Performance Page for User
Messaging Server
When no metric data is found, for example when no messages have been sent or
received after server setup, the Metrics Performance page will display Unavailable. This
is not a problem with the software, and the Performance reporting is operating
properly. As soon as Send and Receive traffic exists, the Performance page will display
results normally.
18.2 Configuration Issues and Workarounds
This section describes configuration issues and their workarounds. It includes the
following topics:
■
■
■
■
■
■
Section 18.2.1, "Launch_sash Option Error"
Section 18.2.2, "Same User Who Installed WLS/WLSS Product Must Perform
Uninstall"
Section 18.2.3, "Uppercase Usernames Cause Reregistration and Presence
Subscription Failures"
Section 18.2.4, "Running the uninstall.sh Script in Text Mode Does Not Uninstall
the Product"
Section 18.2.5, "SIP Monitor in F5 Networks BigIP Does Not Work in UDP Mode"
Section 18.2.6, "SIP Container Does Not Bind to IPV6 Interfaces for Listening on
Windows"
■
Section 18.2.7, "JAWS Unable to Read Some Install Screens"
■
Section 18.2.8, "Configure VoiceXML Driver Receive URLs Correctly"
18.2.1 Launch_sash Option Error
An error has been reported when using the launch_sash command with the -e option.
For example:
MW_HOME/user_projects/domains/base_domain/bin/launch_sash.sh -p 8001 -n
weblogic -w welcome1 -a presenceapplication -e "xcap appusage list"
does not properly process the xcap appusage list argument because the double
quote (") is mishandled.
To work around this problem, issue the command at the sash prompt directly.
18.2.2 Same User Who Installed WLS/WLSS Product Must Perform Uninstall
In order to perform a clean uninstall, ensure that the same user (privileges) who
accomplished the install also accomplishes the uninstall.
18.2.3 Uppercase Usernames Cause Reregistration and Presence Subscription Failures
When a user is created with an uppercase username, then the following occurs:
■
■
18-2 Release Notes
Initial registration progresses normally, resulting in successful registration with
Oracle Communicator.
Presence subscriptions fails.
Configuration Issues and Workarounds
■
■
After a few minutes, Oracle Communicator displays Server Refused
Registration (403).
User's account is locked and sign-in is blocked for 30 minutes.
To work around this issue, set Trusted Authentication Hosts for the SIP Container by
doing the following (from the Administration Console):
1.
Click SipServer in the left pane.
2.
Click the SIP Security tab.
3.
In Trusted Authentication Hosts, add the IP address of your server (that is running
OWLCS).
4.
Save and restart OWLCS.
Using this workaround, presence functionality will fail for
clients running on the same machine as the OWLCS server. Such cases
(both Oracle Communicator and server running on the same machine)
are mostly for demonstration and development environments. For
these cases, ensure you create users with lowercase usernames.
Note:
Reregistration and presence subscription failures can also occur when users are created
with privateId being different than the username part of the publicId.
For example, if privateId is test.user1 and publicId is sip:test.user1@example.com,
everything works because test.user1 is the username part of the publicId
sip:test.user1@example.com.
But if privateId is tuser1 and publicId is sip:test.user1@example.com, the username part
of the publicId is not the same as privateId. In this case, the first registration succeeds
with Oracle Communicator, but reregistrations and presence subscriptions fail. Apply
the same workaround (configure trusted host as described above) to resolve this issue.
18.2.4 Running the uninstall.sh Script in Text Mode Does Not Uninstall the Product
Perform uninstallation using the Administration Console to ensure that all
components are uninstalled. Ensure that you use the same user privilege as when you
installed.
18.2.5 SIP Monitor in F5 Networks BigIP Does Not Work in UDP Mode
When using the F5 Networks BigIP load balancer for a cluster of SIP engines and the
SIP monitor in BigIP is used for failure detection, it must be configured to operate
(sending OPTIONS requests) over TCP and not UDP. UDP mode will not work (the
pool will indicate that the servers are down).
18.2.6 SIP Container Does Not Bind to IPV6 Interfaces for Listening on Windows
Due to limitations in the Windows IPv6 stack, the SIP Container cannot bind to IPv6
sockets for listening.
18.2.7 JAWS Unable to Read Some Install Screens
Due to an issue with the OWLCS Core Platform CIE-based installer, the JAWS tool
cannot correctly read the installation screens. To work around this issue, you must run
Oracle WebLogic Communication Services 18-3
Documentation Errata
the installer in silent mode. For information on Silent Mode installation, see Oracle
WebLogic Communication Services Installation Guide.
18.2.8 Configure VoiceXML Driver Receive URLs Correctly
In a clustered (high-availability) environment with Oracle HTTP Server (OHS)
configured, do not use the OHS port to configure the VoiceXML Driver Receive URLs.
Using the OHS port to configure the VoiceXML Driver Receive URLs will cause a
conflict with the drivers.
Each Voice XML Driver must be configured with its own WLS server's port (as
described in the parameters' documentation).
18.3 Documentation Errata
This section details changes to the documentation since the last release. Topics include:
■
Section 18.3.1, "Create a Basic SIP Domain"
■
Section 18.3.2, "Create a Custom AUID with OCP (Presence)"
■
■
■
Section 18.3.3, "Cannot Create a SIP Server Domain Using Default WebLogic
Platform Components"
Section 18.3.4, "Broken Documentation Links in Some (SIP Server) Translated
Files"
Section 18.3.5, "Missing (SIP Server) Online Help Regarding Security Providers"
18.3.1 Create a Basic SIP Domain
Directions for creating a basic SIP Domain have changed slightly in this release. Please
ensure that you follow these steps:
1.
Start the configuration wizard located at WLS_HOME/wlserver_
10.3/common/bin/config.sh. This location has changed since the last release.
2.
Select Create a New WebLogic Domain, and click Next.
3.
Select Basic WebLogic SIP Server Domain, and click Next.
The rest of the process remains the same as before when creating a WLS Domain.
18.3.2 Create a Custom AUID with OCP (Presence)
Follow these steps to create custom AUIDs:
1.
View the XML file for presence rules (presrules_au.xml). It is found in one of the
following locations, depending on your installation:
$ORACLE_HOME/j2ee/ocms/config/sdp/xcap
$ORACLE_HOME/j2ee/home/config/sdp/xcap
The file contains the following:
2.
18-4 Release Notes
–
Name of the application (pres-rules)
–
Mime type
–
User Quota
–
List of schemas associated with the application's XML files
Create a similar file for the new application usage
Documentation Errata
3.
For all the XSD files listed in the XML file above, create the XSD files and copy
them to the XCAP config location mentioned in Step 1 above.
4.
cd $ORACLE_HOME/sdp/bin
5.
./launch_sash.sh -a presenceapplication
6.
Provide admin credentials. At the sash prompt enter:
xcap appusage create applicationUsage=<new application usage name>
configurationFilename=<name of application usage XML file>
For instance, this command was run to create the pres-rules application usage:
xcap appusage create applicationUsage=pres-rules
configurationFilename=presrules_au.xml
7.
To provision users for the new application usage, at the sash prompt enter:
xcap user add userName=<string> applicationUsage=<new application usage name>
.
<string> is of the form username@example.com (replace example.com with domain
for the deployment)
18.3.3 Cannot Create a SIP Server Domain Using Default WebLogic Platform
Components
When running config.sh for SIP Server domain configuration, you can choose
whether to use WebLogic Platform Components or a Custom Template. The default for
Select Domain Source is to use WebLogic Platform Components. In previous releases, this
selection worked, but does not in this release. You must select Custom Template in order
to create a SIP Server domain.
18.3.4 Broken Documentation Links in Some (SIP Server) Translated Files
Some links to additional documentation were removed in the English language
version, but broken links in translated (languages other than English) have been
reported. These broken links are being addressed.
18.3.5 Missing (SIP Server) Online Help Regarding Security Providers
Online Help regarding Security Providers is not included. Oracle SIP Server, including
information about security providers, is licensed and documented through OCCAS.
Please consult your OCCAS documentation for more information.
Oracle WebLogic Communication Services 18-5
Documentation Errata
18-6 Release Notes
Part IX
Part IX
Oracle Identity Management
Part IX contains the following chapters:
■
Chapter 20, "Oracle Access Manager"
■
Chapter 19, "Oracle Adaptive Access Manager"
■
Chapter 30, "Oracle Authentication Services for Operating Systems"
■
Chapter 28, "Oracle Directory Integration Platform"
■
Chapter 21, "Oracle Entitlements Server"
■
Chapter 22, "Oracle Identity Federation"
■
Chapter 23, "Oracle Identity Manager"
■
Chapter 24, "Oracle Identity Navigator"
■
Chapter 25, "Oracle Internet Directory"
■
Chapter 26, "Oracle Platform Security Services"
■
Chapter 27, "SSL Configuration in Oracle Fusion Middleware"
■
Chapter 29, "Oracle Virtual Directory"
19
Oracle Adaptive Access Manager
19
This chapter describes issues associated with Oracle Adaptive Access Manager. It
includes the following topics:
■
General Issues and Workarounds
■
Policy Management Issues and Workarounds
■
Transaction Issues and Workarounds
■
Knowledge-Based Authentication Issues and Workarounds
■
Integration Issues and Workarounds
■
Reporting Issues and Workarounds
■
Configuration Issues and Workarounds
■
Customer Care Issues and Workarounds
■
Performance Issues and Workarounds
■
Device Fingerprinting Issues and Workarounds
■
Geolocation Data Loader Issues and Workarounds
■
Multi-Language Support Issues and Workarounds
19.1 General Issues and Workarounds
This section describes general issues. It includes the following topics:
■
OAAM Sessions is Not Recorded When IP Address from Header is an Invalid IP
Address
■
Checkpoint Boxes in Session are Displayed with Same Timestamp
■
Autogenerated Agent Cases Display User Specific Data
19.1.1 OAAM Sessions is Not Recorded When IP Address from Header is an Invalid IP
Address
OAAM sessions were not recorded for some header-based IP addresses.
Header based IP addresses are not accepted by default. To enabled the reading of IP
addresses from the header, set vcrypt.tracker.ip.detectProxiedIP to true. When
header IP addresses are enabled, only valid IP addresses are used. If the header
contains an invalid IP address, the actual request IP address is used.
Oracle Adaptive Access Manager 19-1
Policy Management Issues and Workarounds
19.1.2 Checkpoint Boxes in Session are Displayed with Same Timestamp
The same timestamp is displayed in Checkpoint boxes in the Session Details page
when multiple transactions are triggered in the same session. This bug has been fixed
for OAAM Online.
19.1.3 Autogenerated Agent Cases Display User Specific Data
When an OAAM Agent Case is autogenerated from a Configurable Action, the User
Details pane is populated with details of the user for the session where the case was
created. An autogenerated Agent case should not contain user-specific data. Only
Escalated Agent cases should display user details since they are the only cases specific
to a single end user.
19.2 Policy Management Issues and Workarounds
This section describes policy management issues and workarounds. It includes the
following topics:
■
Rule Condition Check Current Transaction Using the Filter Conditions Cannot Be
Configured for Corresponding Attributes of Two Entity Instances
■
Rule Condition to Check Consecutive Transactions Fails Entity Check
■
Exclude IP List Parameter for User and Device Velocity Rule Conditions
■
OAAM Offline Displays Only the Last Rule Executed Overwriting Previous
■
User: Check First Login Time Rule Condition Always Triggers
19.2.1 Rule Condition Check Current Transaction Using the Filter Conditions Cannot
Be Configured for Corresponding Attributes of Two Entity Instances
When two instances of an entity are associated to an OAAM Transaction and a filter
condition is set up to compare an attribute of one entity instance with the
corresponding attribute of the other entity instance, the OAAM Administration
Console can only configure a comparison between the same attribute instead of a
comparison between the different attributes.
For example:
Two instances of the Address entity are associated with a Transaction, one with the
instance name BillingAddr and another with the instance name ShippingAddr. If the
user configures Check Current Transaction using the filter condition to
compare Billing.line1 with ShippingAddr.line1, after saving the rule, the OAAM
Administration Console always shows the instance --- line1 of BillingAddr in the
dropdown for the attribute the user wants to compare and the dropdown for the
attribute the user is comparing to.
19.2.2 Rule Condition to Check Consecutive Transactions Fails Entity Check
The rule condition TRANSACTION: Check if consecutive Transactions in given
duration satisfies the filter conditions does not trigger. The condition returns
False and the entity check fails with exceptions in the debug log.
19.2.3 Exclude IP List Parameter for User and Device Velocity Rule Conditions
The Exclude IP List parameter was added to the following conditions:
19-2 Release Notes
Transaction Issues and Workarounds
■
Device: Velocity from last login
■
User: Velocity from last login
This parameter allows you to specify a list of IP addresses to ignore. If the user's IP
address belongs to that list, then this condition always evaluates to false and no
action and/or alert is triggered. If the user's IP address is not in that list or if the list is
null or empty, then the condition evaluates the velocity of the user or the device from
the last login. If the velocity of the user or the device from the last login is more than
the configured value in the rule, the condition evaluates to true and the condition is
triggered.
19.2.4 OAAM Offline Displays Only the Last Rule Executed Overwriting Previous
When multiple transactions are run in the same session, only the rule triggered for the
last transaction is displayed in OAAM offline. The rules from the previous transactions
are overwritten. To fix this bug, you must apply the patch and update the database
schema.
19.2.5 User: Check First Login Time Rule Condition Always Triggers
The User: Check first login time condition returned the same value regardless of
when the user logged in.
19.3 Transaction Issues and Workarounds
This section describes OAAM Transaction issues. It includes the following topics:
■
OAAM Displays Only the Last Rule Executed and Overwrites Previous Rules
■
OAAM Shows Only 25 Transactions in Session Details
■
Alerts Are Not Displayed Beyond 25 Transactions
■
OAAM Transaction Cannot Be Created with Numeric Parameter of More than 16
Digits
■
Transactions in Session Details Duplicated After 25
■
Transaction ID Association with Alert Does Not Work
■
OAAM Console Does Not Display Transaction Status
■
Transaction Mapping Substring Error for First Character Value
■
Update Time for Entity Is Updated Without Any Change in Entity Data
19.3.1 OAAM Displays Only the Last Rule Executed and Overwrites Previous Rules
When multiple transactions are triggered in the same session which result in multiple
alerts and policies execution, OAAM displays only the most recent alerts and policies
triggered and overwrites the alerts and policies from previous transactions.
19.3.2 OAAM Shows Only 25 Transactions in Session Details
When there are more than 25 data elements configured for a transaction, the Session
Details displays only transaction details for the first 25 items. The page has no scroll
bars for scrolling.
Oracle Adaptive Access Manager 19-3
Knowledge-Based Authentication Issues and Workarounds
19.3.3 Alerts Are Not Displayed Beyond 25 Transactions
Alerts are not visible for transactions beyond the 25th. If there are more than 25
checkpoint boxes containing alerts, they are not visible in the Session Details, although
the data is seen in the database.
19.3.4 OAAM Transaction Cannot Be Created with Numeric Parameter of More than 16
Digits
If a user defines any numeric value more than 16 digits in a transaction field, the
transaction creation fails with the error on the server of ORA-01438: value larger than
specified precision allowed for this column.
19.3.5 Transactions in Session Details Duplicated After 25
Transactions listed in Session Transactions section of Session Details are duplicated
after 25 transactions in a session.
19.3.6 Transaction ID Association with Alert Does Not Work
Transaction ID association with Alert is not working even after passing transactionId
in processRules API. The bug has been fixed for the server-side.
19.3.7 OAAM Console Does Not Display Transaction Status
Transaction status needs to be displayed in the Transaction Details page so that the
Fraud team will be able to see if a transaction was attempted but did not complete.
This provides information on both the behavior of customers and fraudsters and also
of the functioning of the rules. The Fraud team does not believe they can do their job
effectively if they cannot tell the transaction status. The workaround is to display the
status value for each transaction on the Session Transactions panel along with Name,
Transaction Id, Description, and Timestamp. The value displayed would be mapped
from the property tracker.transaction.status.enum (e.g. 1=Success, 99=Pending).
19.3.8 Transaction Mapping Substring Error for First Character Value
When the user performs a transaction mapping of the type SubString, the first
character of the value is missing from the mapping result because the
oaam.transaction.mapping.startindex.min property was set to 1. Setting the
property to 1 starts the substring operation from the second character of the string. A
fix has been made so that this property is assigned to 0 so that the substring operation
starts from the first character of the string.
19.3.9 Update Time for Entity Is Updated Without Any Change in Entity Data
When using an entity that is mapped to a Transaction Definition in a transaction, the
entity's update time is updated by the OAAM Server even if no changes were made to
the entity data (other fields are not updated). Database performance is impacted when
this occurs.
19.4 Knowledge-Based Authentication Issues and Workarounds
This section describes Knowledge-Based Authentication issues. It includes the
following topics:
■
19-4 Release Notes
Registration Logic Page Does Not Display KBA Logic
Knowledge-Based Authentication Issues and Workarounds
■
Answer Logic Abbreviation Resource Was Not Used
■
Update KBA for FFIEC Compliance
■
Closing Browser on Image and Security Phrase Registration Page
■
OAAM Change Password Does Not Display Any Validation for Password Fields
■
ORA-01722 Occurs During KBA Update
■
Registered Questions Are Deleted and Subsequent Challenge Does Not Succeed
19.4.1 Registration Logic Page Does Not Display KBA Logic
The KBA Registration Logic page does not display KBA Logic (Question per menu,
Categories per menu, Number of questions the user will register) because the previous
out of the box snapshot did not contain the properties for the KBA Registration Logic
page. The patch fixes this problem. To effect this fix, the new out of the box snapshot
file (oaam_base_snapshot.zip) needs to be imported. Note that importing this file will
overwrite the existing content in the server.
If you do not want to import the snapshot file, but want to fix the registration logic
related issue, you can create the following properties (with default values as shown):
challenge.question.registration.groups.categories.count=5
challenge.question.registration.groups.count=3
challenge.question.registration.groups.minimum.questions.per.category.count=1
challenge.question.registration.groups.questions.count=5
The patch also fixes the policy overrides in such a way that when the user fails the
OTP challenge, the challenge does use KBA as a fallback. If you do not want to
overwrite the contents but just import the newer policies, you can import oaam_
policies.zip as a policies import. Importing the policies does not fix the registration
logic related bug.
19.4.2 Answer Logic Abbreviation Resource Was Not Used
Answer Logic checks if the answer provided by the user matches closely to the ones
provided during registration. Answer Logic relies abbreviations.
An updated Answer Logic abbreviations resource bundle is available in OAAM
11.1.1.5. In the new resource bundle, the following are considered a match:
Registered Answer
Given Answer
Missus
Mrs
Mister
Mr
Sergeant
Sgt
Mrs
Missus
Mr
Mister
Sgt
Sergeant
19.4.3 Update KBA for FFIEC Compliance
The following KBA questions from previous releases were deleted from the kba_
questions.zip (English) file and oaam_base_snapshot.zip file for Federal Financial
Institutions Examination Council (FFIEC) compliance:
Oracle Adaptive Access Manager 19-5
Knowledge-Based Authentication Issues and Workarounds
Children Category
Delete or deactivate the following 10 questions:
■
What year was your oldest child born?
■
What year did your oldest child start school?
■
What year did your youngest child start school?
■
What is your eldest child's middle name?
■
What is the first name of your youngest child?
■
What year was your youngest child born?
■
What is the first name of your oldest child?
■
What is your youngest child's birthday?
■
What is your youngest child's middle name?
■
What is your oldest child's birthday?
Education Category
Delete or deactivate the following 18 questions:
■
What year did you graduate from high school?
■
What year did you graduate from junior high school?
■
What city was your high school in?
■
What were your college colors?
■
What year did you graduate from grade school?
■
What was the mascot of your college?
■
What were your high school colors?
■
What was the mascot of your high school?
■
What is the name of a college you applied to but did not attend?
■
In what city was your first elementary school?
■
What year did you start high school?
■
What year did you start junior high school?
■
What year did you start grade school?
■
What year did you graduate from college?
■
What year did you start college?
■
What was your major in college?
■
What was the first school you ever attended?
■
What city was your college in?
Miscellaneous Category
Delete or deactivate the following 2 questions:
■
What is the first name of your closest childhood friend?
■
What is your height?
19-6 Release Notes
Knowledge-Based Authentication Issues and Workarounds
Parents, Grandparents, Siblings Category
Delete or deactivate the following 17 questions:
■
What year was your father born?
■
What is your father's birthday?
■
What is your oldest sibling's nickname?
■
In which city was your father born?
■
In which city was your mother born?
■
What is your parent's current street address number?
■
What is your parent's current street name?
■
What is your youngest sibling's nickname?
■
What is your parent's current ZIP code?
■
What year was your mother born?
■
What are the last 4 digits of your parent's phone number?
■
What is your maternal grandmother's first name?
■
What is your paternal grandmother's first name?
■
What is the first name of your youngest sibling?
■
What is your paternal grandfather's first name?
■
What is your mother's birthday?
■
What is the first name of your eldest sibling?
Significant Other Category
Delete or deactivate the following 18 questions:
■
Where did you go on your honeymoon?
■
What year did you get married?
■
What year was your significant other born?
■
What is your significant other's birthday?
■
What date is your wedding anniversary?
■
In what city did you meet your spouse for the first time?
■
What city was your significant other born in?
■
What is the first name of your significant other's mother?
■
What is the first name of your significant other's father?
■
What is the last name of your significant other's eldest sibling?
■
What is the first name of your significant other's youngest sibling?
■
What high school did your significant other attend?
■
What was the last name of your best man or maid of honor?
■
What was the first name of your best man or maid of honor?
■
Name of the place where your wedding reception was held.
■
What is your spouse's nickname?
Oracle Adaptive Access Manager 19-7
Knowledge-Based Authentication Issues and Workarounds
■
What state was your significant other born in?
■
What is the last name of your significant other's youngest sibling?
Sports Category
Delete or deactivate the following 4 questions:
■
What is the mascot of your favorite sports team?
■
What are the colors of your favorite sports team?
■
What team is the biggest rival of your favorite sports team?
■
What is your all time favorite sports team?
Your Birth Category
Delete or deactivate the following 9 questions:
■
What is the ZIP code where you grew up?
■
Who was the US President when you were born?
■
How old was your father when you were born?
■
How old was your mother when you were born?
■
What is the name of the hospital you were born in?
■
What is the ZIP code of your birthplace?
■
What is the holiday closest to your birthday?
■
What state were you born in?
■
What city were you born in?
19.4.4 Closing Browser on Image and Security Phrase Registration Page
If the user tries to register his security image and phrase for the first time and during
the process, he closes his browser window on the registration and user preferences
pages or returns to the login page, the last image and phrase presented are accepted as
the default even if he has not explicitly chosen them by clicking the Continue button.
A fix has been made so that the image and phrase registration only saves the image
and phrase after the user clicks Continue on the registration and user preferences
pages.
19.4.5 OAAM Change Password Does Not Display Any Validation for Password Fields
The OAAM Change Password page in an OAAM and OIM integration does not
display any validation for the Password field. The issues are as follows:
■
■
■
If the user does not enter a password, but clicks Submit, there is no validation that
the fields are empty
If the user enters a new password and then the confirmation password, the
password is accepted regardless of whether they are the same or different
If the user changes his password, the old password is not validated to confirm that
it is correct
19.4.6 ORA-01722 Occurs During KBA Update
An ORA-01722 error can occur when adding a new challenge question.
19-8 Release Notes
Integration Issues and Workarounds
19.4.7 Registered Questions Are Deleted and Subsequent Challenge Does Not Succeed
If a user's question set contains a deleted question and/or if a user's registered
questions contain a deleted question and/or if the KBA registration logic is out of
alignment with the user's registered questions and question set (the number of
questions/categories and so on), when the user tries to update his question set but
cancels or closes the browser window or the session times out without saving, that
user's existing questions are deleted from the database. The subsequent challenge does
not succeed as the existing questions have been deleted.
This issue has been fixed so that now if a user's registered questions have been deleted
in the process of resetting the questions, the user will be asked to re-register new ones
on the next login.
19.5 Integration Issues and Workarounds
This section describes OAAM integration issues. It includes the following topics:
■
■
setupOAMTapIntegration.sh Does Not Set oaam.uio.oam.secondary.host.port
OAAM Does Not Support Juniper Single Sign-On for Authentication and Forgot
Password Flow
■
Step Up Authentication Changes
■
TAP: Incorrect Error Message
■
OAAM 11g SOAP Timeout Exception Handling
■
OAAM Should Call UserManager.Unlock() in the Forgot Password Workflow
19.5.1 setupOAMTapIntegration.sh Does Not Set oaam.uio.oam.secondary.host.port
The setupOAMTapIntegration.sh script does not set the secondary OAM host
information (oaam.uio.oam.secondary.host.port value) during the configuration of
Oracle Adaptive Access Manager for the Oracle Access Manager and Oracle Adaptive
Access Manager integration. The workaround is to set the property value through the
property editor.
19.5.2 OAAM Does Not Support Juniper Single Sign-On for Authentication and Forgot
Password Flow
The OAAM Authentication flow is not invoked when integrated with Juniper SSL.
With invoking OAAM, the integration can detect fraud and determine risk during the
authentication flow and accordingly strongly authenticate the user using OAAM
capabilities like Challenge, Block, and other actions. The Juniper SSL and OAAM
integration flow should be as follows:
1.
The user tries to access a web application or URL that is secured by Juniper SSL,
and Juniper SSL detects whether the user is authenticated or not.
2.
If the user is authenticated then he is allowed to proceed to the web application.
3.
If the user is not authenticated, he is redirected to the OAAM Server. The OAAM
Server displays the User ID page and prompts the user to enter his User ID. Once
the user enters his User ID, OAAM evaluates the Pre-Authentication checkpoint
policies and checks to see if the user has to be blocked.
4.
OAAM then checks to see if the user has registered for an Authentication Pad. If
so, it displays the registered Authentication Pad, otherwise it displays a generic
text pad.
Oracle Adaptive Access Manager 19-9
Integration Issues and Workarounds
5.
OAAM Server displays the Password page with the Authentication Pad and
prompts the user to enter his password. Once the password is entered, it is
validated against the user store (the user store can be LDAP, Active Directory, or
any active user store). It also identifies the device by running the device
identification process.
6.
If the credentials are incorrect then OAAM displays an error page and asks the
user to enter his credentials again.
7.
If the credentials are correct then OAAM evaluates Post-Authentication
checkpoint policies. Based on the outcome of the policy OAAM might challenge or
block the user.
8.
If the outcome of Post-Authentication is ALLOW then OAAM determines if the
user has to be registered. Based on the types of registration, OAAM takes the user
through registration pages.
9.
If the outcome of Post-Authentication is CHALLENGE and if the user is already
registered for at least one of the challenge mechanisms, OAAM challenges the
user. If the user is able to answer the challenge then he would be allowed to
continue to the next step. As the next step OAAM fetches the user attributes from
the user store and then creates the SAML response, signs it and then it posts to the
Juniper SSL redirection URL. Juniper SSL then takes control, validates the SAML
payload, and lets the user access the web application.
10. If the outcome of Post-Authentication is BLOCK then user would be blocked and
he would not be able to access the web application.
19.5.3 Step Up Authentication Changes
The Step Up Authentication feature is available with OAAM. Step Up Authentication
allows users who have been authenticated by OAM at a lower level to access resources
protected by OAAMTAPScheme configured at a relatively higher authentication level.
When the user tries to access a protected resource that is configured at a higher level,
OAAM runs policies to determine how to further authenticate the user so as to gain
the required level of authentication needed for access to the protected resource. The
user is not taken to the normal login flow since he is already authenticated.
The property to disable/enable Step Up Authentication mode in TAP Integration: By
default the Step Up Authentication mode is enabled. However if you want to disable
this feature, then set property oaam.uio.oam.integration.stepup.enabled as false.
Change in behavior for the end user: For an end user using the Access
Manager-OAAM TAP Integration, the change in behavior is as follows:
If a user has already been authenticated by Access Manager and he tries to access a
resource protected under TAPScheme with OAAM as the TAP partner, the user is not
taken to the OAAM login flow (since the user is already authenticated). However,
OAAM runs its fraud detection policies and might ask challenge questions or block
the user depending on the risk evaluated by the policies.
19.5.4 TAP: Incorrect Error Message
In Access Manager-OAAM TAP integration, when an incorrect user name or password
is supplied, OAAM shows following error:
There was some technical error processing your request.
19-10 Release Notes
Please try again
Reporting Issues and Workarounds
The patch fixes this problem: the error message now indicates an invalid user name or
password error instead of a technical error.
19.5.5 OAAM 11g SOAP Timeout Exception Handling
The client calling Web services is not getting exceptions for timeouts. As a result the
client cannot handle SOAP timeouts in a proper way because it cannot determine
whether the exception is a SOAP timeout or any other faults. A fix has been
implemented so that a specific error code for timeouts is passed to the client. The client
can therefore handle the fault per the information contained in the exception.
The method handleException() has introduced a class VCryptSOAPGenericImpl
which can be overridden to include more error codes based on business requirements.
Currently it has been set for soaptimeout errors:
protected String handleException(String requestName, Exception ex, String
resultXml) {
19.5.6 OAAM Should Call UserManager.Unlock() in the Forgot Password Workflow
In the Forgot Password flow executed by OAAM in an Oracle Identity Manager and
Access Manager integration, the user is not unlocked when he changes his password.
When OAAM executes the changePassword() API, Oracle Identity Manager does not
automatically unlock the user.
The following steps are needed to enable automatic unlocking of the user on the
Oracle Identity Manager side when OAAM executes the changePassword () API
during the Forgot Password flow:
1.
Log in to the OAAM Administration Console.
2.
In the navigation pane, click Environment and double-click Properties. The
Properties search page is displayed.
3.
Set oaam.oim.passwordflow.unlockuser to true.
By default this property value is set to false. By setting this property to true
OAAM will call the unlock API of Oracle Identity Manager in the Change
Password task flow.
19.6 Reporting Issues and Workarounds
This section describes OAAM BI Publisher reports and Sessions issues and
workarounds. It includes the following topics:
■
Alert Message Link in Session Details Page Does Not Open the Alert Details
■
OAAM Rules Breakdown Report Does Not Provide Correct Information
19.6.1 Alert Message Link in Session Details Page Does Not Open the Alert Details
When the user tries to access an alert details page from an alert message link in the
Session Details page, the page fails to open.
To work around this issue, use the alert message link on the Session Search page.
Oracle Adaptive Access Manager 19-11
Reporting Issues and Workarounds
19.6.2 OAAM Rules Breakdown Report Does Not Provide Correct Information
The BI Publisher Rules Breakdown report does not give a summary of the rules
which have been triggered by the checkpoint and policy. The values given are not
complete or accurate.
For the report to work, run the following script:
create or replace view OAAM_FIRED_RULES_VIEW as (
select actionMap.create_time, ruleMaps.rule_map_id, actionMap.request_id,
actionMap.runtime_type,
sessions.user_id, sessions.node_id, actionMap.action_list
from (select substr(attr_name, 7) ruleInstanceId, case when
length(trim(translate(attr_value, '+-.0123456789', ' '))) is null then
CAST(attr_value AS NUMBER(16)) else null end rule_map_id, fprint_id from
v_fp_map where attr_name like 'RLD_ID%') ruleMaps
inner join vt_session_action_map actionMap on actionMap.rule_trace_fp_id
=
ruleMaps.fprint_id
inner join vcrypt_tracker_usernode_logs sessions on sessions.request_id =
actionMap.request_id
inner join (select substr(attr_name, 11) ruleInstanceId, case when
length(trim(translate(attr_value, '+-.0123456789', ' '))) is null then
CAST(attr_value AS NUMBER(16)) else null end attr_value, fprint_id from
v_fp_map where attr_name like 'RLD_STATUS%') ruleStatus
on ruleStatus.ruleInstanceId = ruleMaps.ruleInstanceId and
ruleStatus.fprint_id = ruleMaps.fprint_id
where ruleStatus.attr_value=1
union select ruleLogs.create_time, ruleLogs.rule_map_id,
policySetLogs.request_id, policySetLogs.runtime_type,
userNodeLogs.user_id, userNodeLogs.node_id, ruleLogs.action_list
from VR_RULE_LOGS ruleLogs
inner join VR_MODEL_LOGS modelLogs on ruleLogs.MODEL_LOG_ID =
modelLogs.MODEL_LOG_ID
inner join VR_POLICY_LOGS policyLogs on modelLogs.POLICY_LOG_ID =
policyLogs.POLICY_LOG_ID
inner join VR_POLICYSET_LOGS policySetLogs on policyLogs.POLICYSET_LOG_ID
=
policySetLogs.POLICYSET_LOG_ID
inner join VCRYPT_TRACKER_USERNODE_LOGS userNodeLogs on
policySetLogs.REQUEST_ID = userNodeLogs.REQUEST_ID
19-12 Release Notes
Configuration Issues and Workarounds
where ruleLogs.status=1);
commit;
19.7 Configuration Issues and Workarounds
This section describes the following configuration issues and workarounds:
■
■
■
Oracle Linux 6 (OEL6) with the Unbreakable Enterprise Kernel (UEK), Oracle
Linux 6 (OEL6) with the Red Hat Compatible Kernel, and Red Hat Enterprise
Linux 6 (RHEL6) Certification
Database Archive and Purge Scripts Missing from Installation
Juniper Login Fails Due to Incorrect CN Value and No UID Attribute in SAML
Response
19.7.1 Oracle Linux 6 (OEL6) with the Unbreakable Enterprise Kernel (UEK), Oracle
Linux 6 (OEL6) with the Red Hat Compatible Kernel, and Red Hat Enterprise Linux 6
(RHEL6) Certification
OAAM is certified on Oracle Linux 6 (OEL6) with the Unbreakable Enterprise Kernel
(UEK), Oracle Linux 6 (OEL6) with the Red Hat Compatible Kernel, and Red Hat
Enterprise Linux 6 (RHEL6). Note that OAAM 11g is certified on Oracle Linux 6 but
during the installation of Oracle Identity Management (Oracle IdM), the user will see
an alert message during the pre-requisite check. This error does not impact the
installation and can be ignored. The user can click OK to continue the installation.
Bug 15833450 OAAM 11.1.1.5 is certified on Oracle Linux 6 (OEL6) with the
Unbreakable Enterprise Kernel (UEK), Oracle Linux 6 (OEL6) with the Red Hat
Compatible Kernel, and Red Hat Enterprise Linux 6 (RHEL6).
19.7.2 Database Archive and Purge Scripts Missing from Installation
Case and monitor data purge scripts are missing from the oaam_db_purging_
scripts.zip file.
For purging case data, the following scripts need to be included:
■
create_case_purge_proc.sql
The create_case_purge_proc.sql script is required to set up the archive and
purge routines for the Oracle database.
■
exec_sp_purge_case_data.sql
The exec_sp_purge_case_data.sql is required to perform the archive and purge
of case data.
For purging monitor data, the following scripts need to be included:
■
drop_monitor_partition.sql
Customers who are using the Oracle table partitioning option and have no
reporting database should run the drop_monitor_partition.sql script before
setting up purging routine for monitor data.
■
exec_v_monitor_purge_proc.sql
The exec_v_monitor_purge_proc.sql script calls the stored procedures to archive
and purge data from device fingerprinting tables.
Oracle Adaptive Access Manager 19-13
Customer Care Issues and Workarounds
■
create_v_monitor_purge_proc.sql
The create_v_monitor_purge_proc.sql script creates the V_MONITOR_DATA_PURGE
table and the stored procedure SP_V_MON_DATA_PURGE_PROC to archive and purge
data from the transaction table.
19.7.3 Juniper Login Fails Due to Incorrect CN Value and No UID Attribute in SAML
Response
After successful authentication, OAAM obtains the user attributes from the user store
and sends user attributes in a SAML assertion to Juniper. Juniper is set up to look for
attributes to read from the SAML assertion to match the user in its repository. Then it
logs the user in to the requested target page or web application.
In this bug, the user is unable to log in to Juniper via OAAM because Juniper fails to
identify the user. OAAM did not fetch the correct cn (common name) value and it did
not set the uid (User ID) attribute in the SAML response.
19.8 Customer Care Issues and Workarounds
This section describes customer care and investigation issues. It includes the following
topics:
■
Investigator Role Overrides CSR Role When Both Roles Are Given to a User
■
Scroll Bars Missing from Some Case Management Screens
■
Case Search and Case Details Do Not Display Case Disposition
■
■
Wrong User Attributed for Last Notes Added If Two Users Concurrently Update
Case Notes
Manually Created OAAM Agent Cases Cannot Be Searched by Username or User
ID
■
OAAM Allows Case Ownership Change and Add Notes Actions to Closed Case
■
Create Agent Case Configurable Action Displays Wrong Name for Action
■
KBA and OTP Failure Counter Reset and Unlock
19.8.1 Investigator Role Overrides CSR Role When Both Roles Are Given to a User
When a user is given both the Investigator and CSR Access roles, the former overrides
the access permissions of the latter and the user has only Investigator access and no
CSR access. Expected behavior is that a user having both Investigator and CSR access,
should be able to perform Investigator and CSR tasks.
19.8.2 Scroll Bars Missing from Some Case Management Screens
Users with low resolution monitors are not able to see details in full in the Case Details
page. Details refer to those available based on a user's role. The Case Details page
required scroll bars so that a users with low resolution monitors can see all details.
19.8.3 Case Search and Case Details Do Not Display Case Disposition
After an OAAM Agent case is closed with a disposition of Confirmed Fraud, the agent
can locate the case by searching by deposition but Confirmed Fraud is not displayed in
the Case search page even after adding Disposition as a column to display. When the
Case Details page of the same case is opened, the field is empty for Disposition.
19-14 Release Notes
Customer Care Issues and Workarounds
19.8.4 Wrong User Attributed for Last Notes Added If Two Users Concurrently Update
Case Notes
OAAM allows two agents to concurrently access a case, but if the two agents add
notes to the case, OAAM saves both agents' notes; however, the second agent's notes
are displayed as having been added by the first agent. Concurrent write access to cases
is supported: if two agents are accessing the case at the same time, the second agent is
made aware that the case is being worked on by another agent with a warning
message. When the second agent continues, he is made the owner of the case. Notes
are attributed to the correct agent.
19.8.5 Manually Created OAAM Agent Cases Cannot Be Searched by Username or User
ID
When an OAAM Agent Case is autogenerated from the Configurable Action, the User
Details panel is populated with user details for the session for which the case was
created. When manually creating a case and linking to a session, user details are not
populated. Subsequent searches of cases by Username or User ID only locate
automatically created cases.
An enhancement has been made so that the Agent case creation page can optionally
accept entry of a valid Username and/or User ID if the
oaam.customercare.agent.case.allow.userinfo property is set to true. If a
Username and/or User ID is entered it is mapped to the Agent case. Agent cases with a
mapped Username and/or User ID are searchable by Username and/or User ID. These
cases display the mapped user identifier in the Username and/or User ID column on
the Cases search page. Only an Agent case that has been escalated from a CSR case
displays the User Details section under the Case Details Summary tab.
19.8.6 OAAM Allows Case Ownership Change and Add Notes Actions to Closed Case
After an Agent case is closed, case ownership can still change when accessed by
another user. The case owner is changed to the user who accessed the case. OAAM
also allows the adding and editing of notes after a case is closed. After an Agent case is
closed, no changes should be allowed.
19.8.7 Create Agent Case Configurable Action Displays Wrong Name for Action
When a Configurable Action triggers the Create Agent Case action, it is displayed as
Add to IP Watch list for both the Name and Description of the action when it is
added to an Action group.
19.8.8 KBA and OTP Failure Counter Reset and Unlock
Challenge failure counters are not displayed on the CSR Case Details as in the details
pages. Failure counters should be displayed for KBA and OTP as well as for new or
custom challenge processors. Also, the Reset action does not reset all the counters. An
Unlock action should reset all counters (KBA and OTP). The following should occur
for counters when the Unlock action is performed:
■
Unlocking KBA resets the KBA and OTP failure counters to 0
■
Unlocking OTP resets the KBA and OTP failure counters to 0
The following actions should occur for failure counters when the Reset action is
performed:
Oracle Adaptive Access Manager 19-15
Performance Issues and Workarounds
■
■
■
Resetting KBA resets KBA and OTP failure counters to 0. The user will be required
to register challenge questions again
Resetting CSR KBA resets KBA and OTP failure counters to 0. The user will be
required to register challenge questions again
Resetting OTP resets KBA and OTP failure counters to 0. The user will be required
to register OTP again
The following enhancements have been made:
■
■
■
■
■
■
OAAM Admin Console Case detail and details pages display failure counter,
registration, and other information for KBA, OTP, and other custom challenge
mechanisms
OTP failure counters from different channels consolidate failures. For example, if
multiple channels are used, the OTP status displays Locked if the combined OTP
counters are above the threshold. So, if the user fails SMS twice and Email once
and threshold is 3, they are locked using the consolidated OTP counter
The Reset action resets all challenge failure counters
The Unlock action is consolidated into an Unlock User action instead of separate
actions for unlocking KBA and OTP. The Unlock User action resets all failure
counters
User name is displayed on the Case Details tab instead of or along with Case ID
The Threshold value for failure counter can be set in the rule condition, User:
Challenge Channel Failure.
19.9 Performance Issues and Workarounds
This section describes performance issues. It includes the following topic:
■
Out of Memory Error Occurs Scrolling through Sessions Search in OAAM Admin
19.9.1 Out of Memory Error Occurs Scrolling through Sessions Search in OAAM Admin
Scrolling up and down on the Session search page may pass an empty or null input
list, which may result in retrieving millions of rows from the database, causing the
error, java.lang.OutOfMemoryError:GC overhead limit exceeded.
19.10 Device Fingerprinting Issues and Workarounds
This section describes device fingerprinting issues. It includes the following topic:
■
Errors Occur When Custom Locale is Used in OAAM .NET
19.10.1 Errors Occur When Custom Locale is Used in OAAM .NET
When the .Net API is used to generate a browser fingerprint that uses a custom locale
as part of the login flow, an error occurs: Culture ID 4096 (0x1000) is not a
supported culture.\r\nParameter name: culture. The issue occurs when the
application is using a custom culture because locale is registered with the Microsoft
.NET framework and when the OAAM .NET API classes try to construct the
CultureInfo from the LCID that came into the HttpSession, an exception occurs
because of the Microsoft .NET framework. The workaround is to change the
oaam/src/dotNET/Bharosa/vCrypt/Common/Util/HttpUtil.cs line 162 from
19-16 Release Notes
Multi-Language Support Issues and Workarounds
CultureInfo ci = new CultureInfo(context.Session.LCID); to CultureInfo ci =
new CultureInfo(context.Current.Request.UserLanguages[0]);
This causes .NET to look up the locale by the name of the locale instead of by the
LCID.
19.11 Geolocation Data Loader Issues and Workarounds
This section describes geolocation loader issues. It includes the following topics:
■
Upload of Geolocation Data Causes Unique Constraint Violation
■
IP Location Data Loader Fails If There is a Blank Line in the File
19.11.1 Upload of Geolocation Data Causes Unique Constraint Violation
When reloading the same location data file, or loading an updated location data file,
the data would be loaded correctly, but the log file would show numerous warnings
about unique constraint violations which degrades performance.
19.11.2 IP Location Data Loader Fails If There is a Blank Line in the File
The OAAM data loader fails to load IP location data if a blank line is in the data file
and does not report the line number. The expected result is for the OAAM data loader
to skip the blank line and display a warning message that include the line number.
You can work around this issue by opening the IP location data file, removing the
blank line, and saving the file. This issue will be fixed in a future release.
19.12 Multi-Language Support Issues and Workarounds
This section describes multi-language support issues and limitations. It includes the
following topics:
■
■
Session or Cases Page Cannot Open if Browser Language is Italian
Session Search and Case Search By Date Range Does Not Work in OAAM Admin
Console When Browser Language is Brazilian Portuguese or Spanish
19.12.1 Session or Cases Page Cannot Open if Browser Language is Italian
When the browser language is set to Italian, the user cannot open pages with calendars
in the OAAM Administration Console, such as the Session or Cases page. A pop-up
window with the following error message is displayed:
java.lang.IllegalArgumentException:
Illegal pattern character 'g'
19.12.2 Session Search and Case Search By Date Range Does Not Work in OAAM
Admin Console When Browser Language is Brazilian Portuguese or Spanish
Searching sessions and cases by date range does not work in the OAAM
Administration Console when the browser language is set to Brazilian Portuguese or
Spanish. When the user opens the calendar in the Session or Cases page in the Spanish
or Brazilian Portuguese locale, the year value is always shown as 1970 and cannot be
modified to the correct year. As a result, the search does not work and the expected
data cannot be returned in the search results.
Oracle Adaptive Access Manager 19-17
Multi-Language Support Issues and Workarounds
19-18 Release Notes
20
Oracle Access Manager
20
This chapter describes issues associated with Oracle Access Manager 11g Release 1
(11.1.1). It includes the following topics:
■
Section 20.1, "Patch Requirements"
■
Section 20.2, "General Issues and Workarounds"
■
Section 20.3, "Configuration Issues and Workarounds"
■
Section 20.4, "Oracle Security Token Service Issues and Workarounds"
■
Section 20.5, "Integration and Inter-operability Issues and Workarounds"
■
Section 20.6, "Oracle Access Manager with Impersonation Workarounds"
■
Section 20.7, "Documentation Errata"
20.1 Patch Requirements
This section describes patch requirements for Oracle Access Manager 11g Release 1
(11.1.1). It includes the following sections:
■
Section 20.1.1, "Plain Text Credentials Exposed in Diagnostic Logs when Creating
an Identity Store"
See Also:
■
Oracle Technology Network for details about the latest supported
versions and platforms:
http://www.oracle.com/technetwork/middleware/ias/downl
oads/fusion-certification-100350.html
■
■
Oracle Fusion Middleware Patching Guide for details about the latest
patch set
My Oracle Support at the following URL for the latest Oracle
Access Manager 11g Release 1 (11.1.1) bundle patches and related
release notes:
https://support.oracle.com/
20.1.1 Plain Text Credentials Exposed in Diagnostic Logs when Creating an Identity
Store
To work around this issue:
1.
Go to My Oracle Support at
Oracle Access Manager 20-1
General Issues and Workarounds
http://support.oracle.com
2.
Click the Patches & Updates tab, and search for bug 9824531.Download the
associated patch and install it by following the instructions in the README file
included with the patch.
3.
On the Patches & Updates tab, search for bug 9882205. Download the associated
patch and install it by following the instructions in the README file included with
the patch.
20.2 General Issues and Workarounds
This section describes general issue and workarounds. It includes the following topic:
■
■
■
■
■
Section 20.2.1, "Resource Protected By Federation Shown Without Authentication"
Section 20.2.2, "SSO Authentication Screen Does Does Not Appear If Using Oracle
Traffic Director"
Section 20.2.3, "Issues Registering the OSSO Plugin"
Section 20.2.4, "Modify Authentication Scheme When Upgrading OAM 11.1.1.5 to
OAM 11.1.1.7"
Section 20.2.5, "RemoteRegistrationServerException Seen After PasteConfig IDM
(T2P)"
■
Section 20.2.6, "System Error Page Displayed After Login"
■
Section 20.2.7, "T2P Paste Config Operation Fails With Exception"
■
Section 20.2.8, "Creating Policies For Webgate 11g"
■
Section 20.2.9, "Sending Valid Cookie For Embedded BI Content"
■
Section 20.2.10, "Incorrect SSO Agent Date/Time Shown to User"
■
■
■
■
■
Section 20.2.11, "Initial Messages After Webgate Registration Are Not Shown in the
User's Locale"
Section 20.2.12, "Single-Click to Open Child Node is Not Supported in the
Navigation Tree"
Section 20.2.13, "User Credential for Registration Tool Does Not Support
Non-ASCII Characters on Native Server Locale"
Section 20.2.14, "Turkish and Greek Character Issues on Oracle Access Manager
Authentication Page"
Section 20.2.15, "Oracle Access Manager Authentication Does Not Support
Non-ASCII Passwords on Locales Other than UTF8"
■
Section 20.2.16, "Error Message of Create Agent Shows as Server Locale"
■
Section 20.2.17, "Referrals in LDAP Searches"
■
■
■
■
20-2 Release Notes
Section 20.2.18, "Non-ASCII Resources Require OHS To Restart To Make Protection
Take Effect"
Section 20.2.19, "Non-ASCII Characters on Success/Failure URL Results in
Garbled Redirect URL"
Section 20.2.20, "Resource with Non-ASCII Characters Cannot Be Protected by an
OSSO Agent"
Section 20.2.21, "Error in Administration Server Log from Console Logins"
General Issues and Workarounds
■
■
■
■
Section 20.2.22, "Application Domain Subtree in the Navigation Tree Is Not
Rendered and Does Not Respond to User Actions"
Section 20.2.23, "editWebgateAgent Command Does Not Give An Error If Invalid
Value is Entered"
Section 20.2.24, "WLST Command displayWebgate11gAgent In Offline Mode
Displays the Webgate Agent Entry Twice"
Section 20.2.25, "Message Logged at Error Level Instead of at INFO When Servers
in Cluster Start"
■
Section 20.2.26, "Help Is Not Available for WLST Command registeroifdappartner"
■
Section 20.2.27, "User Must Click Continue to Advance in Authentication Flow"
■
Section 20.2.28, "OCSP-Related Fields are Not Mandatory"
■
Section 20.2.29, "Database Node is Absent in the Console"
■
Section 20.2.30, "Online Help Provided Might Not Be Up To Date"
■
■
■
■
■
■
Section 20.2.31, "Oracle Access Manager Audit Report
AUTHENTICATIONFROMIPBYUSER Throws a FROM Keyword Not Found
Where Expected Error."
Section 20.2.32, "Disabled: Custom Resource Types Cannot be Created"
Section 20.2.33, "Use of a Non-ASCII Name for a Webgate Might Impact SSO
Redirection Flows"
Section 20.2.34, "Authentication Module Lists Non-Primary Identity Stores"
Section 20.2.35, "Unable to Stop and Start OAM Server Through Identity and
Access Node in Fusion Middleware Control"
Section 20.2.36, "AdminServer Won't Start if the Wrong Java Path Given with
WebLogic Server Installation"
■
Section 20.2.37, "Changing UserIdentityStore1 Type Can Lock Out Administrators"
■
Section 20.2.38, "Page Layouts and Locales"
■
Section 20.2.39, "Some Pages Are Not Correctly Localized"
■
Section 20.2.40, "Non-ASCII Query String Issues with Internet Explorer v 7, 8, 9"
■
Section 20.2.41, "Oracle Virtual Directory with SSL Enabled"
■
Section 20.2.42, "Query String Not Properly Encoded"
20.2.1 Resource Protected By Federation Shown Without Authentication
When accessing a page protected by the new Oracle Access Manager integrated
Federation feature with the Internet Explorer browser, the browser's delete cookies
option does not delete cookies and, therefore, authentication will not be requested.
This is a browser specific issue.
Workaround: Delete the browsing history using Tools-> Internet Options-> Browsing
History (make sure Cookies is selected) and close all instances of Internet Explorer.
When accessing the OAM protected page again; authentication will be requested.
Oracle Access Manager 20-3
General Issues and Workarounds
20.2.2 SSO Authentication Screen Does Does Not Appear If Using Oracle Traffic
Director
The Host Identifier attribute takes a value equal to the name of the resource being
protected when a policy is defined. When a WebGate intercepts a request for access to
the resource, it checks the request for an address. If the address is on the Host
Identifiers list, it is mapped to the Host Identifier name and all policies and rules
applicable to it can be applied. In this situation, if Oracle HTTP Server is fronted by
Oracle Traffic Director (load balancer), an exception acknowledging that all required
hosts and ports have not been added to the list is thrown. Use the following steps to
update the Host Identifier list.
1.
Launch the Oracle Access Manager Conosle.
2.
Click the Policy Configuration tab on the left.
3.
Click Host Identifiers in the Policy Configuration pane.
The Host Identifiers page appears.
4.
Find the appropriate host identifier using the search functionality.
5.
Select the appropriate host identifier from the search results and click Edit.
6.
Type the name of the host in the Name field.
7.
(Optional) Type a short description in the Description field.
8.
Enter all variations for identifying this host in the Host Name Variations field.
A default port number will not be added if one is not provided.
9.
Click Save and restart the Oracle Access Manager administration and managed
servers.
20.2.3 Issues Registering the OSSO Plugin
The OSSO Plugin is for iPlanet and IIS when a customer does not wish to use OHS. It
must be registered with OID/SSO 10.1.2.3 or 10.1.4.3 which have been discontinued as
of 2011.
20.2.4 Modify Authentication Scheme When Upgrading OAM 11.1.1.5 to OAM 11.1.1.7
For any Oracle Access Manager customer that upgrades from OAM 11.1.1.5 to OAM
11.1.1.7 and uses a custom login page, remove the redirect=true entry from
Challenge Parameters in the AnonymousScheme authentication scheme or the Login
Page will not work. Details are in MOS Note 1548551.1.
20.2.5 RemoteRegistrationServerException Seen After PasteConfig IDM (T2P)
Even when pasteConfig goes through successfully, a
RemoteRegistrationServerException is logged. If you can access the Oracle Access
Manager console and see all the agents, this exception is benign and can be ignored.
20.2.6 System Error Page Displayed After Login
After successfully logging in to a page with a longer URL, an Oracle Access Manager
system error page might be displayed; access to the same page would not have
resulted in this in previous releases. Accessing the page with a longer URL a second
time may clear this condition.
20-4 Release Notes
General Issues and Workarounds
20.2.7 T2P Paste Config Operation Fails With Exception
When trying to complete the paste config portion of the Test to Production procedure,
the following exception may occur:
javax.management.RuntimeMBeanException:
javax.management.RuntimeMBeanException: Configuration MBean not initialized.
There is currently no workaround for this issue.
20.2.8 Creating Policies For Webgate 11g
Oracle Identity Manager and Oracle Access Manager integrations support Webgate
11g. Follow this procedure to create policies for Webgate 11g.
1.
Modify the value for WEBGATE_TYPE in the idmConfigTool configOAM and
idmConfigTool configOIM property files.
■
ohsWebgate11g (for Webgate 11)
■
ohsWebgate10g (for Webgate 10)
2.
Log in to the Oracle Access Manager console.
3.
Select the Policy Configuration tab.
4.
Expand Application Domains - IAM Suite
5.
Click Resources.
6.
Click Open.
7.
Click New resource.
8.
Provide values for the following:
9.
■
Type: HTTP
■
Description: OAM Credential Collector
■
Host Identifier: IAMSuiteAgent
■
Resource URL: /oam
■
Protection Level: Unprotected
■
Authentication Policy: Public Policy
Click Apply.
20.2.9 Sending Valid Cookie For Embedded BI Content
When embedded BI content and Oracle Access Manager are on different physical
machines or accessed from different ports on the same machine, the BI proxy on the
application's container needs to authenticate itself to the Oracle Access Manager server
in order to access the protected BI content. To ensure that the valid OAMAuthnCookie
is sent to the Webgate, filterOAMAuthnCookie=false should be set in the User
Defined Parameters section of the Webgate's configuration profile. Restart the server
after the modification for the new parameter value to take effect.
20.2.10 Incorrect SSO Agent Date/Time Shown to User
The default start date on the Create OAM Agent page is based on the Oracle Access
Manager server date/time. The date/time shown to the end user is based on the
Oracle Access Manager server time zone rather than on the user's machine.
Oracle Access Manager 20-5
General Issues and Workarounds
20.2.11 Initial Messages After Webgate Registration Are Not Shown in the User's
Locale
After Webgate registration, the description fields in the initial messages for related
components are not shown in the user's locale.
The description field does not support Multilingual Support (MLS).
20.2.12 Single-Click to Open Child Node is Not Supported in the Navigation Tree
Single-click to open a child node in the navigation tree is not supported, but
double-click is supported.
20.2.13 User Credential for Registration Tool Does Not Support Non-ASCII Characters
on Native Server Locale
The user credential for the Oracle Access Manager registration tool
oamreg.sh/oamreg.bat does not support non-ASCII characters on the Linux
Non-UTF8 server locale and the Windows native server.
20.2.14 Turkish and Greek Character Issues on Oracle Access Manager Authentication
Page
In some cases if a user has Turkish, German, or Greek special characters in the user
name and the login name only differs in the special characters, he might pass
authentication because of case mappings and case-insensitivity.
Some internationalization characters should have special capitalization rule so that
characters do not convert back to the lower case.
For example, there is the case with SS and ß in German, where ß only exists as a lower
case character. When performing "to Upper" against ß, ß will be changed to SS. And if
the upper case text is then converted back to lower case, the SS becomes ss and not the
original ß.
20.2.15 Oracle Access Manager Authentication Does Not Support Non-ASCII
Passwords on Locales Other than UTF8
When the server locale is not UTF-8 and using WebLogic Server embedded LDAP as
an identity store, the SSO Authentication page does not support Non-ASCII
passwords.
20.2.16 Error Message of Create Agent Shows as Server Locale
When an administrator creates an agent with the same name as one that already exists,
the language of the error message displayed is based on the server locale rather than
on the browser locale.
20.2.17 Referrals in LDAP Searches
Oracle Access Manager 11g Release 1 (11.1.1) cannot operate directly with LDAP
servers returning referrals.
The workaround is to use Oracle Virtual Directory.
20-6 Release Notes
General Issues and Workarounds
20.2.18 Non-ASCII Resources Require OHS To Restart To Make Protection Take Effect
When you add a resource with a non-ASCII name to the protected authentication
policy, it will require the 11g OHS Server to restart to make the protection take effect,
whereas in adding resources with English characters, protection takes effect in real
time without having to restarting the OHS Server.
20.2.19 Non-ASCII Characters on Success/Failure URL Results in Garbled Redirect
URL
If an on success or on failure URL configured for an authentication policy contains
non-ASCII characters in the URL specified, then the URL specified will be garbled
when it is used during a user authentication. This will happen only when the
authentication scheme is Basic Authentication and the end user's browser is the
Simplified Chinese version of IE8 running on the Chinese version of Windows.
20.2.20 Resource with Non-ASCII Characters Cannot Be Protected by an OSSO Agent
The OSSO Agent cannot protect a resource because it does not encode the entire
resource URL to UTF-8 format.
To work around this issue, use the Webgate Agent instead of the SSO Agent.
Webgate is able to convert the entire resource URL to UTF-8 format.
20.2.21 Error in Administration Server Log from Console Logins
If you log in to the Oracle Access Manager Console as an administrator and then log in
to the Console as an administrator in a new browser tab, the following error appears in
the administration logs:
-----------------------------------------------------------<May 20, 2010 10:12:47 AM PDT> <Error>
<oracle.adfinternal.view.page.editor.utils.ReflectionUtility> <WCS-16178>
<Error instantiating class oracle.adfdtinternal.view.faces.portlet.PortletDefinitionDTFactory>
------------------------------------------------------------
The error message does not impact functionality.
20.2.22 Application Domain Subtree in the Navigation Tree Is Not Rendered and Does
Not Respond to User Actions
If the Application Domain subtree on the navigation tree does not render or respond to
user interface actions over a period of time, it may be the result of multiple refreshes.
To work around these issues, restart the administration server and log in to the Oracle
Access Manager Console again.
20.2.23 editWebgateAgent Command Does Not Give An Error If Invalid Value is Entered
The WLST command editWebgateAgent does not give an error when a invalid value is
entered for the state field in both online and offline mode. The Oracle Access Manager
Console does show the state field value as neither enabled nor disabled, though it is a
mandatory field.
Oracle Access Manager 20-7
General Issues and Workarounds
20.2.24 WLST Command displayWebgate11gAgent In Offline Mode Displays the
Webgate Agent Entry Twice
In the offline mode, the WLST command, displayWebgate11gAgent, displays the 11g
Webgate Agent entry in the System Configuration tab twice.
20.2.25 Message Logged at Error Level Instead of at INFO When Servers in Cluster
Start
When starting Oracle Access Manager servers in a cluster, the following message is
displayed:
<Jun 22, 2010 3:59:41 AM PDT> <Error> <oracle.jps.authorization.provider.pd>
<JPS-10774> <arme can not find state.chk file.>
The correct level of the message is INFO, rather than Error.
20.2.26 Help Is Not Available for WLST Command registeroifdappartner
The Help command is not available for the WLST command, registeroifdappartner.
The online and offline command registers Oracle Identity Federation as a Delegated
Authentication Protocol (DAP) Partner.
For information, refer to "registerOIFDAPPartner" in the Oracle Fusion Middleware
WebLogic Scripting Tool Command Reference.
Syntax
registerOIFDAPPartner(keystoreLocation="/scratch/keystore"
logoutURL="http://<oifhost>:<oifport>/fed/user/sploosso?doneURL=
http://<oamhost>:< oam port>/ngam/server/pages/logout.jsp",
rolloverTime="526")
Parameter Name
Definition
keystoreLocation
Location of the Keystore file. The file generated at the OIF Server. (mandatory)
logoutURL
The OIF Server's logout URL. <mandatory>
rolloverInterval
The Rollover Interval for the keys used to enc/decrypt SASSO Tokens (optional)
Example
The following invocation illustrates use of all parameters.
registerOIFDAPPartner(keystoreLocation="/scratch/keystore",
logoutURL="http://<oifhost>:<oifport>/fed/user/sploosso?doneURL=http://<oamhost>:
<oam port>/ngam/server/pages/logout.jsp", rolloverTime="526")
20.2.27 User Must Click Continue to Advance in Authentication Flow
In a native integration with Oracle Adaptive Access Manager, the resource is protected
by an Oracle Access Manager policy that uses the Basic Oracle Adaptive Access
Manager authentication scheme.
When a user tries to access a resource, he is presented with the username page.
After he enters his username, he must click Continue before he can proceed to the
password page. He is not taken to this page automatically.
20-8 Release Notes
General Issues and Workarounds
The workaround is for the user to click Continue, which might allow him to proceed
to the password page.
20.2.28 OCSP-Related Fields are Not Mandatory
In the X509 authentication modules, the following OCSP-related fields are no longer
mandatory:
■
OCSP Server Alias
■
OCSP Responder URL
■
OCSP Responder Timeout
If OCSP is enabled
The OCSP-related fields should be filled in by the administrator. If they are not filled,
there will not be an error from the Console side.
It is the responsibility of the administrator to provide these values.
If OCSP is not enabled
The OCSP-related fields need not be filled in this case. If there are values for these
fields, they will be of no consequence/significance, as OCSP itself is not enabled.
In the default out of the box configuration, the OCSP responder URL is
http://ocspresponderhost:port. If you make changes to other fields and leave this
as is, you will see a validation error, since this value is still submitted to the back end
and at the Console, the layer port should be a numeric field. You can either modify the
field, with the port being a numeric field or delete the entire value.
20.2.29 Database Node is Absent in the Console
Under the Data Sources node of the System Configuration tab, Common
Configuration section, there is no Databases node in Oracle Access Manager 11g
(11.1.1.5).
20.2.30 Online Help Provided Might Not Be Up To Date
Online help is available in the Oracle Access Manager Console, but you should check
OTN to ensure you have the latest information.
20.2.31 Oracle Access Manager Audit Report AUTHENTICATIONFROMIPBYUSER
Throws a FROM Keyword Not Found Where Expected Error
The Oracle Access Manager audit report AuthenticationFromIPByUser uses an Oracle
Database 11.2.0 feature and will not work with older versions of database. The
following error is displayed if an older version is used:
ORA-00923: FROM keyword not found where expected
20.2.32 Disabled: Custom Resource Types Cannot be Created
For Oracle Access Manager 11g, creating custom resource types should not be
attempted. In the initial release, the buttons to create/edit/delete resource types were
available.
With Oracle Access Manager 11g (11.1.1.7) these command buttons are disabled.
Oracle provided resource types include:
Oracle Access Manager 20-9
General Issues and Workarounds
■
HTTP (includes HTTPS)
■
TokenServiceRP (Resources for representing Token Service Relying Party)
■
wl_authen (Resources for representing WebLogic Authentication schemes)
20.2.33 Use of a Non-ASCII Name for a Webgate Might Impact SSO Redirection Flows
When using the OAM Server with WebGates and when the Webgate ID is registered
with a non-ASCII name, the OAM Server may reject that authentication redirect as an
invalid request.
To work around this redirection issue, use an ASCII name for the Webgate.
Resources are protected and error messages do not occur when
the administration server and oracle access servers are started on
UTF-8 locales.
Note:
The redirection issue only occurs on native server locales (Windows
and Non-UTF8 Linux server locales)
20.2.34 Authentication Module Lists Non-Primary Identity Stores
In the user interface under the Authentication Module, only the primary identity store
should be selected in the list since only primary identity stores can be used for
authentication/authorization. Currently, the Oracle Access Manager Console allows
you to select identity stores that are not primary.
20.2.35 Unable to Stop and Start OAM Server Through Identity and Access Node in
Fusion Middleware Control
The following Oracle Access Manager operations are not supported through using the
oam_server node under Identity and Access in Fusion Middleware Control:
■
Start up
■
Shut down
■
View Log Messages
However, these operations are supported per the Oracle Access Manager managed
server instance through using the oam_server node (for the specific server) under
Application Deployments in Fusion Middleware Control.
20.2.36 AdminServer Won't Start if the Wrong Java Path Given with WebLogic Server
Installation
WebLogic Server installation on Windows 64-bit platform can be successful with 32-bit
JAVA_HOME (jdk1.6.0_23). On Windows 64-bit platform, the path to 32-bit JAVA_
HOME (c:\program files (x86)\java\jdkxxx) is not correctly handled by the
startWeblogic.cmd.
■
■
20-10 Release Notes
If you launch the install shield with setup.exe, you are asked for the path of the
64-bit JAVA_HOME. If you provide the 32-bit JAVA_HOME (jdk1.6.0_24) path, the
install shield is not launched.
If you execute config.cmd from \Middleware\Oracle_IDM1\common\bin, the
path to the 32-bit JAVA_HOME (jdk1.6.0_24) is used. Following successful
installation, however, you cannot start AdminServer.
General Issues and Workarounds
Workaround: Oracle recommends replacing SUN_JAVA_HOME to use the path with
the shorter name (c:\progra~2\java\jdkxxxx).
■
■
On Windows, the shorter names can be seen by executing "dir /X".
Alternatively, you can set Windows command shell variable JAVA_HOME to path
with shorter name and execute startWeblogic.cmd within that. For example:
>set JAVA_HOME=c:\progra~2\java\jdkXXX
>startweblogic.cmd
20.2.37 Changing UserIdentityStore1 Type Can Lock Out Administrators
An Identity Store that is designated as the System Store should not be edited to change
the store type (from Embedded LDAP to OID, for instance) nor the connection URLs.
If you do need to change the Identity Store that is designated as the System Store
should not be edited to change the store type, Oracle recommends that you create a
new Identity Store and then edit that registration to mark it as your System Store.
20.2.38 Page Layouts and Locales
The layout of the single sign-on (SSO) Login Page, Impersonation Consent page,
Logout Page, Impersonation Error page, and Login Error Page do not change for
Arabic and Hebrew locales.
20.2.39 Some Pages Are Not Correctly Localized
The date formats of "Creation Instant" and "Last Access Time" on the Session
Management Search page are not correctly localized.
20.2.40 Non-ASCII Query String Issues with Internet Explorer v 7, 8, 9
Due to a limitation with the Internet Explorer browser, resources with Non-ASCII
query string when if you directly type or paste the resource URL.
20.2.41 Oracle Virtual Directory with SSL Enabled
With Oracle Virtual Directory as the user identity store, no errors are seen after
changing its registration to use the SSL port, checking the SSL box, and testing the
connection (Test Connection button). However, authentication fails (even though
non-SSL port is fine). The first time Test Connection goes through and any subsequent
time it results in Socket Timeout exception from the Oracle Virtual Directory side.
Workaround: Disable NIO for the SSL port as follows:
1.
Stop Oracle Virtual Directory. For example:
$ORACLE_INSTANCE/bin/opmnctl stopproc ias-component=ovd1
2.
Edit the a LDAP SSL listener section of listener.os_xml to add
<useNIO>false</useNIO>, as follows:
$ORACLE_INSTANCE/config/OVD/ovd1/listener.os_xml
<ldap version="20" id="LDAP SSL Endpoint">
<port>7501</port>
<host>0.0.0.0</host>
.........
.........
Oracle Access Manager 20-11
Configuration Issues and Workarounds
<tcpNoDelay>true</tcpNoDelay>
<readTimeout>180000</readTimeout>
</socketOptions>
<useNIO>false</useNIO>
</ldap>
3.
Save the file.
4.
Test the connection several times to confirm this is working.
20.2.42 Query String Not Properly Encoded
There is no encoding on the query string from Webgate when % is not followed by a
sequence of characters that form a valid URL escape sequence. In this case, Oracle
Access Manager etains % as % in the decoded string and the following error occurs:
No message for The Access Server has returned a status that is unknown to the
Access Gate .Contact your website administrator to remedy this problem.
Workaround:
11g Webgate: To specify the '%' character in a query string, you must specify '%25'
instead of '%'.
10g Webgate: The 11g Webgate workaround applies to only the anonymous scheme.
For other authentication schemes, there is currently no workaround.
20.3 Configuration Issues and Workarounds
This section describes configuration issues and their workarounds. It includes the
following topics:
■
■
■
■
■
■
Section 20.3.1, "For mod-osso Value for RedirectMethod Should be "POST""
Section 20.3.2, "User Wrongly Directed to the Self-User Login after Logging Out of
the Oracle Identity Manager Administration Console"
Section 20.3.3, "11g Webgate Fails to Install with Compact Configuration."
Section 20.3.4, "Download IBM JDK to Fix Issue with Configuring Remote
Administrators"
Section 20.3.5, "Auditing Does Not Capture the Information Related to
Authentication Failures if a Resource is Protected Using Basic Authentication
Scheme"
Section 20.3.6, "Unable to Access Partner Information on the Production
Environment"
■
Section 20.3.7, "Incompatible Msvcirt.dll Files"
■
Section 20.3.8, "IPv6 Support"
■
Section 20.3.9, "What to Avoid or Note in Oracle Access Manager Configuration"
■
■
■
20-12 Release Notes
Section 20.3.10, "Install Guides Do Not Include Centralized Logout Configuration
Steps"
Section 20.3.11, "NULL Pointer Exception Shown in Administration Server
Console During Upgrade"
Section 20.3.12, "Using Access SDK Version 10.1.4.3.0 with Oracle Access Manager
11g Servers"
Configuration Issues and Workarounds
■
■
Section 20.3.13, "Finding and Deleting Sessions Using the Console"
Section 20.3.14, "Non-ASCII Users with Resource Protected by Kerberos
Authentication Scheme"
20.3.1 For mod-osso Value for RedirectMethod Should be "POST"
For Webgate to support long URLs, the following code sample was added under
oam-config.xml:
<Setting Name="AgentConfig" Type="htf:map">
<Setting Name="OSSO" Type="htf:map">
<Setting Name="RedirectMethod"Type="xsd:string">GET</Setting>
<Setting Name="Delimiter" Type="xsd:string">AND</Setting>
</Setting>
For mod-osso, the value for RedirectMethod should be POST, however, the values
shipped out of the box is GET. Follow these steps to perform the modification, as this
change needs to be performed manually and there is no user interface or WLST
commands available to do so.
1.
Stop the Oracle Access Manager Console and managed servers.
2.
Enter cd DOMAIN_HOME/config/fmwconfig
3.
Enter vi oam-config.xml
4.
Go to the following line in oam-config.xml:
<Setting Name="AgentConfig" Type="htf:map">
<Setting Name="OSSO" Type="htf:map">
<Setting Name="RedirectMethod"Type="xsd:string">GET</Setting>
Modify GET to POST as follows:
<Setting Name="RedirectMethod"Type="xsd:string">POST</Setting>
5.
Save the changes and start the AdminServer and managed servers.
20.3.2 User Wrongly Directed to the Self-User Login after Logging Out of the Oracle
Identity Manager Administration Console
The user is directed to the self-user login after logging out of the Oracle Identity
Manager Administration Console.
To be redirected correctly, the logout must work properly.
The workaround for logout with 10g Webgate is to:
1.
Copy logout.html (for example, from Oracle_
IDM1/oam/server/oamsso/logout.html) to webgate_install_dir/oamsso.
2.
Update logout URL in the file to http://oam_server:oam_
server/ngam/server/logout.
3.
If redirection to specific page has to occur after logout, change the logout URL to
http://oam_server:oam_
server/ngam/server/logout?doneURL=http://host:port/specifipage.html.
20.3.3 11g Webgate Fails to Install with Compact Configuration
A compact configuration is an installation with all identity management components
on a machine with limited hardware capacity.
Oracle Access Manager 20-13
Configuration Issues and Workarounds
On trying to install the 11g Webgate with compact configuration, the following error
occurs during the configure step:
Configuring WebGate...
There is an error. Please try again.
Preparing to connect to Access Server. Please wait.
Client authentication failed, please verify your WebGate ID.
cp: cannot stat
`$ORACLE_HOME/ohs/conf/aaa_key.pem':
No such file or directory
cp: cannot stat
`$ORACLE_HOME/ohs/conf/aaa_cert.pem':
No such file or directory
cp: cannot stat
`$ORACLE_HOME/ohs/conf/aaa_chain.pem':
The error occurs because the following entries were not initialized in oam-config.xml
during the installation:
<Setting Name="oamproxy" Type="htf:map">
<Setting Name="sslGlobalPassphrase" Type="xsd:string">changeit</Setting>
<Setting Name="SharedSecret" Type="xsd:string">1234567812345678</Setting>
</Setting>
To initialize oam-config.xml properly:
1.
Delete the OAM entry from CSF repository by performing the following steps:
a.
Start the WebLogic Scripting Tool:
oracle_common/oracle_common/common/bin/wlst.sh
b.
In the WLST shell, enter the command to connect to the domain and then
enter the requested information.
A sample is given below.
wls:/offline> connect ()
Please enter your username [weblogic] :
Please enter your password [welcome1] :
Please enter your server URL [t3://localhost:7001] :
Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain
'imdomain86'.
c.
Change to domainRuntime.
A sample is given below.
wls:/imdomain86/serverConfig> domainRuntime ()
Location changed to domainRuntime tree. This is a read-only tree with
DomainMBean as the root.
d.
Check whether an entry exists in the CSF repository with the map name as OAM
and key as jks.
A sample is given below.
wls:/imdomain86/domainRuntime> listCred(map="OAM_STORE",key="jks")
{map=OAM_STORE, key=jks}
Already in Domain Runtime Tree
.
[Name : jks, Description : null, expiry Date : null]
PASSWORD:1qaldrk3eoulhlcmfcqasufgj2
20-14 Release Notes
Configuration Issues and Workarounds
.
e.
Delete the OAM map entry from the CSF repository.
wls:/imdomain86/domainRuntime> deleteCred(map="OAM_STORE",key="jks")
{map=OAM_STORE, key=jks}
Already in Domain Runtime Tree
.
f.
Exit from wlst shell.
A sample is given below.
wls:/imdomain86/domainRuntime> exit ()
.
.
.
2.
Go to DOMAIN_HOME/config/fmwconfig and delete the file .oamkeystore.
A sample [on linux] is given below.
[aime@pdrac09-5 fmwconfig]$ rm .oamkeystore
.
3.
Stop the Managed Server and Admin Server.
4.
Start the AdminServer.
5.
Verify oam-config.xml.
6.
Start Managed Server.
Steps to verify oam-config.xml:
1.
Go to DOMAIN_HOME/config/fmwconfig/oam-config.xml.
2.
Verify that all the WebLogic Server server instances are configured under
DeployedComponent > Server > NGAMServer > Instance
3.
Verify that the OAM Managed Server protocol, host and port are available at:
DeployedComponent > Server > NGAMServer > Profile > OAMServerProfile >
OAMSERVER
4.
Verify that the SSO CipherKey is generated and available at:
DeployedComponent > Server > NGAMServer > Profile > ssoengine >
CipherKey
5.
Verify that the oamproxy entries for SharedSecret and sslGlobalPassphrase is
generated and available at:
DeployedComponent > Server > NGAMServer > Profile > oamproxy
SharedSecret should have a value different from 1234567812345678 and
sslGlobalPassphrase different from changeit.
20.3.4 Download IBM JDK to Fix Issue with Configuring Remote Administrators
If Oracle Access Manager remote registration of administrators is failing on AIX,
download IBM JDK 1.6 SR7 with Interim Fixes (iFix) for Oracle.
These instructions are to be followed only for IBM JDK 1.6
SR7+ifixes. They are not applicable for SR7.
Note:
Oracle Access Manager 20-15
Configuration Issues and Workarounds
If you do not have a universal IBM user ID, you can register by following the
instructions on the IBM Web site. If there are any registration related issues, contact
IBM as instructed on their Web site.
1.
Go to
https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?s
ource=swg-ibmjavaisv&S_TACT=IBMJavaISV%E2%8C%A9=en_US
2.
Click Downloads.
You are taken to the IBM software downloads page.
3.
Enter the Access Key, MJ3D7TQGMK.
4.
Select to use the Download Director (recommended for Windows) or HTTP
(recommended for UNIX).
The builds will appear under the product name: IBM SDK's for Oracle Fusion
Middleware 11g.
As noted earlier, the version that should be downloaded and used is:
pap6460sr7ifix-20100512_01(JDK 6 SR7 +IZ70326+IZ68993+IZ74399)
20.3.5 Auditing Does Not Capture the Information Related to Authentication Failures if
a Resource is Protected Using Basic Authentication Scheme
Although a resource can be protected using the BASIC scheme, the WebLogic server
has a feature by which it first authenticates the user and then sends it to the server.
If you add the following flag under <security-configuration> in config.xml and
restart the server, you will be able to bypass WebLogic server's authentication
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-cred
entials>. Once the credentials are submitted back to the OAM Server, it will be
audited.
The WebLogic Server Administration Console does not display or log the
enforce-valid-basic-auth-credentials setting. However, you can use WLST to
check the value in a running server. You must modify this value by setting this in
config.xml.
To do so, refer to "Developing Secure Web Applications" at:
http://download.oracle.com/docs/cd/E13222_
01/wls/docs103/security/thin_client.html#wp1037337
20.3.6 Unable to Access Partner Information on the Production Environment
After test-to-production migration, the following steps must be performed:
1.
Ensure that the production OAM Server(s) are down when the policy is imported
from the test system.
2.
Log in to the Oracle Access Manager Console and modify the primary /secondary
server list for all agents in the production system (including the IAMSuiteAgent).
3.
Copy the generated artifacts for Webgate generated for each of the Webgate agents
(excluding IAMSuiteAgent).
4.
Start the production OAM managed server(s).
5.
Restart all the Webgate agents' OHS.
20-16 Release Notes
Configuration Issues and Workarounds
In migrating partner information from a test environment to a production one, you
will not be able to access partner information if
■
The migratePartnersToProd command was used. It is outdated. The following set
of commands should be used instead:
–
exportPartners- This command is used to export the partners from the test
environment. It needs to be run from the OAM Server, from where the
partners needs to be exported. This command takes the path to the temporary
oam-partners file as a parameter.
exportPartners(pathTempOAMPartnerFile=', <pathTempOAMPartnerFile>')
–
importPartners- This command is used to import the partners to the
production environment. It needs to be run from the OAM Server to which the
partners needs to be imported. This command takes the path to the temporary
oam-partners file as a parameter.
importPartners(pathTempOAMPartnerFile=', <pathTempOAMPartnerFile>')
■
The agent profiles were not edited after the migration to match the production
system.
A Webgate Agent might be configured with a list of primary/secondary server
hosts and nap ports available in the test system. The production system may not
contain server instances with the same hosts and ports as configured in the test
system. Since the SysConfig Agent Profile user interface obtains the server name
by picking up the servers matching the host and port details of the
primary/secondary server list, the server names may not be displayed in the user
interface after migration. Since the primary/secondary server lists could be a
subset of the list of available server instances in the production system, the agent
profiles need to be edited after migration to match the production system.
20.3.7 Incompatible Msvcirt.dll Files
When you install the Oracle Access Manager 10g Webgate, do not replace the current
version of msvcirt.dll with a newer version when prompted. If you do so, there may
be incompatibility issues. Later, when you try to install OSSO 10g (10.1.4.3), the
opmn.exe command might fail to start and the OracleCSService might time out
because the required .dll file is missing.
20.3.8 IPv6 Support
The supported topology for Oracle Access Manager 11g is shown below.
Supported Topology
■
WebGate10g or Webgate 11g and protected applications on IPv4 (Internet Protocol
Version 4) protocol host
■
OHS (Oracle HTTP Server) reverse proxy on dual-stack host
■
Client on IPv6 (Internet Protocol Version 6) protocol host
Dual-stack is the presence of two Internet Protocol software implementations in an
operating system, one for IPv4 and another for IPv6.
The IPv6 client can access Webgate (10g or 11g) through the reverse proxy on
IPv4/IPv6 dual-stack.
Oracle Access Manager 20-17
Configuration Issues and Workarounds
20.3.9 What to Avoid or Note in Oracle Access Manager Configuration
This section contains scenarios and items to note in Oracle Access Manager
Configuration
20.3.9.1 Unsupported Operations for WLST Scripts
WLST scripts for Oracle Access Manager 10g and Oracle Access Manager 11g
WebGates do not support changing Agent security modes.
20.3.9.2 Unsupported Operations for Oracle Access Manager Console and WLST
Unsupported operations for the Oracle Access Manager Console and WLST are
described in the following subsections.
20.3.9.2.1
OAM Server
Use Case: Concurrent Deletion and Updating
Description
1.
Open an OAM Server instance in edit mode in Browser 1.
2.
Using the Oracle Access Manager Console in another browser (Browser 2) or using
a WLST script, delete this server instance.
3.
Return to Browser 1 where the server instance is opened in edit mode.
4.
In Browser 1, click the Apply button.
Current Behavior
The Oracle Access Manager Console displays the message, "Server instance server_
name might be in use, are you sure you want to edit it?" along with the confirmation
that the update succeeded.
On clicking Yes, the following error message pops up, as expected, and the OAM
Server instance page is closed (correct behavior):
"Error while reading your_server-name OAM Server Instance Configuration."
However, the navigation tree node might continue to display the OAM Server instance
until you click the Refresh command button for the navigation tree.
Use Case: Two OAM Server Instances with Same Host Cannot have the Same
Proxy Port.
Description
For this use case, there are two instances of the OAM Server: oam_server1 and oam_
server2.
1.
Open oam_server1 in edit mode and specify a host and OAM proxy port.
2.
Now open oam_server2 in edit mode and specify the same host and proxy port as
oam_server1.
The changes are saved without any error message.
Current Behavior
The Oracle Access Manager Console does not display any error and allows the update.
The behavior is incorrect.
20-18 Release Notes
Configuration Issues and Workarounds
Use Case: Log Statements Detailing the Server Instance Creation, Update and
Delete are not Present on the Oracle Access Manager Console
Description
If you create, edit, or delete an OAM Server instance from the Oracle Access Manager
Console, the log statements corresponding to create, edit and delete are not displayed
by the Console.
20.3.9.2.2
LDAP Authentication Module:
Use Case: Concurrent Deletion/Creation of User Identity Store does not Reflect
in the List of Identity Stores in the LDAP Authentication Module Create and Edit
Description
1.
Open create/ edit for the LDAP authentication module.
A list displays the identity stores present in the system.
2.
Now create a user identity store using another tab.
3.
Return to the create/edit tab for the LDAP authentication module and check the
list for user identity stores.
Current Behavior
The Oracle Access Manager Console displays the error message, as expected, and
closes the Authentication Module page (correct behavior):
"Error while reading module-name Authentication Module Configuration."
However, the navigation tree node might continue to display the Authentication
Module node until you click the Refresh command button for the navigation tree.
20.3.9.2.3
LDAP, Kerberos and X509 Authentication Module
Use Case: Concurrent deletion and updating
Description
1.
Open an LDAP/Kerberos/X509 authentication module in edit mode in Oracle
Access Manager Console in Browser 1.
2.
Using Oracle Access Manager Console in another browser (Browser 2) or using a
WLST script, delete this authentication module.
3.
Now return to Browser 1 where the authentication module is opened in edit mode.
4.
Click the Apply button.
Current Behavior
The Oracle Access Manager Console updates this authentication module configuration
and writes it to back end.
The behavior is incorrect.
Use Case: Log Statements Detailing the Server Instance Creation, Update and
Delete are Not present on Oracle Access Manager Console side.
Description
When you create, edit or delete an authentication module from Oracle Access Manager
Console, the log statements corresponding to create, edit and delete are not written by
the Console.
Oracle Access Manager 20-19
Configuration Issues and Workarounds
20.3.9.2.4
OAM 11G Webgate
Use Case: Concurrent Deletion and Update
Description
1.
Open an OAM 11g Webgate instance in edit mode in Oracle Access Manager
Console in Browser 1.
2.
Using the Oracle Access Manager Console in another browser (Browser 2) or using
a WLST script, delete this OAM 11g Webgate.
3.
Now return to the Browser1 where the server instance is opened in edit mode.
4.
Click on the Apply button.
Current Behavior
The Oracle Access Manager Console for edit OAM11g Webgate does not change and
the tab does not close.
A OAM11g Webgate configuration not found error dialog is displayed by the Oracle
Access Manager Console.
However, the navigation tree is blank and attempts to perform any operation results in
a javax.faces.model.NoRowAvailableException".
The behavior is incorrect.
20.3.9.2.5
OSSO Agent
Use Case: Concurrent Deletion and Update
Description
1.
Open an OSSO Agent instance in edit mode in the Oracle Access Manager Console
in Browser 1.
2.
Using the Oracle Access Manager Console in another browser (Browser 2) or using
a WLST script, delete this OSSO Agent.
3.
Now return to the Browser 1 where the OSSO Agent instance is opened in edit
mode.
4.
Click on Apply button.
Current Behavior
Editing the OSSO Agent in the Oracle Access Manager Console results in a null
pointer exception.
The behavior is incorrect.
20.3.10 Install Guides Do Not Include Centralized Logout Configuration Steps
Single-Sign On is enabled after Oracle Access Manager is installed; to complete
configuration of Single-Sign On out of the box, centralized log out must be configured
post-install. Configure centralized log out by following direction from these sections:
■
Configuring Centralized Logout for ADF-Coded Applications with Oracle Access
Manager 11g
In order for the ADF logout to work correctly, Single Sign-On Server Patch 9824531
is required. Install this patch, as described in the readme file that is included in the
patch.
20-20 Release Notes
Oracle Security Token Service Issues and Workarounds
■
Configuring Centralized Logout for the IDM Domain Agent (in the patch set this
is now the IAMSuiteAgent)
20.3.11 NULL Pointer Exception Shown in Administration Server Console During
Upgrade
A NULL pointer exception occurs because of the configuration events trigger when the
identity store shuts down. The upgrade is successful, however, and error messages are
seen in administration server console. There is no loss of service.
If the NULL pointer is seen during upgrade, there is no loss of service, you can ignore
the error.
If the NULL pointer is seen during WLST command execution, you must restart the
administration server.
20.3.12 Using Access SDK Version 10.1.4.3.0 with Oracle Access Manager 11g Servers
In general, the Sun Microsystems JDK 1.4.x compiler is the JDK version used with the
Java interfaces of Access SDK Version 10.1.4.3.0.
As an exception, the Java interfaces of the 64-bit Access SDK Version 10.1.4.3.0,
specifically for the Linux operating system platform, requires the use of Sun
Microsystems JDK 1.5.x compiler.
The new Session Management Engine capability within Oracle Access Manager 11g
will create a session for every Access SDK version 10.1.4.3.0 call for authentication.
This may cause issues for customers that use Access SDK to programmatically
authenticate an automated process. The issue is the number of sessions in the system
that is generated within Access SDK will increase dramatically and cause high
memory consumption.
20.3.13 Finding and Deleting Sessions Using the Console
When session search criteria is generic (using just a wild card (*), for example), there is
a limitation on deleting a session from a large list of sessions.
Oracle recommends that your session search criteria is fine-grained enough to obtain a
relatively small set of results (ideally 20 or less).
20.3.14 Non-ASCII Users with Resource Protected by Kerberos Authentication Scheme
Non-ASCII users fail to access a resource protected by a Kerberos authentication
scheme using WNA as a challenge method.
The exception occurs when trying to get user details to populate the subject with the
user DN and GUID attributes.
20.4 Oracle Security Token Service Issues and Workarounds
This section provides the following topics:
■
Section 20.4.1, "No Warnings Given If Required Details are Omitted"
■
Section 20.4.2, "New Requester Pages, Internet Explorer v7, and Japanese Locale"
■
Section 20.4.3, "Delete Button Not Disabled When Tables Have No Rows"
■
Section 20.4.4, "Copying an Issuance Template Does Not Copy All Child Elements"
Oracle Access Manager 20-21
Oracle Security Token Service Issues and Workarounds
■
Section 20.4.5, "Apply and Revert Buttons are Enabled"
■
Section 20.4.6, "Only Generic Fault Errors Written to Oracle WSM Agent Logs"
■
Section 20.4.7, "Server and Client Key Tab Files Must be the Same Version"
■
Section 20.4.8, "Default Partner Profile Required for WS-Security"
■
Section 20.4.9, "SAML Token Issued When NameID is Not Found"
20.4.1 No Warnings Given If Required Details are Omitted
On the Token Mapping page of a new Validation Template with the following
characteristics:
■
WS-Security
■
Token Type SAML 1.1
■
Default Partner Profile: requester profile
No warnings are given:
■
If you check the box to Enable Attribute Based User Mapping if you leave empty
the required User Attributes field
A new row is not saved if the User Attribute field is empty. However, it is saved if
both fields are filled. Removing the value of the User Attribute field in a
user-added row causes the row to be deleted when you Apply changes
■
If you attempt to delete built-in Name Identifier Mapping rows
Built-in Name Identifier Mapping rows cannot be deleted.
20.4.2 New Requester Pages, Internet Explorer v7, and Japanese Locale
When using the Japanese Locale with Internet Explorer v7, the title "New Requester" is
not displayed in one line on the page. The Partner, Name, Partner Type, and Partner
Profile fields might wrap on the page.
This can occur whether you are creating or modifying the Partner (Requester, Relying
Party, and Issuing Authority).
20.4.3 Delete Button Not Disabled When Tables Have No Rows
The Delete button is enabled even though there are no rows to be deleted in the
following tables:
■
■
The Attribute Name Mapping table (Token and Attributes page for Partner
Profiles (Requester, Relying Party, Issuing Authority Profiles).
The Value Mapping table in Issuing Authority Partner Profiles
When there are no rows in a table, the Delete button should be disabled by default.
20.4.4 Copying an Issuance Template Does Not Copy All Child Elements
Issuance Template Copy Like function does not copy nested tables (attribute mapping
and filtering tables, and the custom token attribute table).
Workaround: Navigate to the desired Issuance Template, click the name in the
navigation tree and click the Copy Like button. Manually enter missing information
from the original: Attribute Mappings or custom attribute tables.
20-22 Release Notes
Oracle Security Token Service Issues and Workarounds
20.4.5 Apply and Revert Buttons are Enabled
The Apply and Revert buttons are enabled on Oracle Security Token Service pages
even if there are no changes to apply or saved changes to revert to the previous
version.
20.4.6 Only Generic Fault Errors Written to Oracle WSM Agent Logs
No content is written logs for the Oracle WSM agent errors. There is only a generic
fault error.
Workaround: Enable message logging for the Oracle WSM agent on the host OAM
Server.
1.
Locate the logging.xml file in $DOMAIN/config/fmwconfig/server/oam_
server1/logging.xml file.
2.
Change the WSM block of the logging.xml file, to:
<logger name="oracle.wsm" level="TRACE:32" useParentHandlers="false">
<handler name="odl-handler"/>
</logger>
<logger name="oracle.wsm.msg.logging" level="TRACE:32"
useParentHandlers="false">
<handler name="owsm-message-handler"/>
<handler name="wls-domain"/>
</logger>
3.
OSTS Policies: When Oracle Security Token Service policies are used (instead of
Oracle-provided WSM policies) perform the following steps:
a.
Locate: Oracle_IDM1/oam/server/policy
b.
Unjar sts-policies.jar.
c.
Change all the polices to set Enforced to true: META-INF/polices/sts.
<oralgp:Logging orawsp:name="Log Message1" orawsp:Silent="true
orawsp:Enforced="true" orawsp:category="security/logging">
<oralgp:msg-log>
<oralgp:request>all</oralgp:request>
<oralgp:response>all</oralgp:response>
<oralgp:fault>all</oralgp:fault>
</oralgp:msg-log>
</oralgp:Logging>
4.
Re-jar the updated sts-policies.jar.
5.
Restart the AdminServer and managed servers.
20.4.7 Server and Client Key Tab Files Must be the Same Version
An exception to authenticate the Kerberos token occurs if WebLogic 10.3.5 is
configured with Sun JDK6 greater than u18.
When using the Kerberos token as an authentication token requesting the security
token from Oracle Security Token Service:
■
■
The keytab file configured in the validation template should always be the latest
version from the KDC server
The KVNO should always be the latest that is available on the server:
Oracle Access Manager 20-23
Integration and Inter-operability Issues and Workarounds
20.4.8 Default Partner Profile Required for WS-Security
The Oracle Access Manager Access Administration Guide states "When you toggle the
Token Protocol from WS-Trust to WS-Security, options in the Token Type list do not
change. However, the required "Default Partner Profile" list appears from which you
must choose one profile for WS-Security."
Correction: When you toggle the Token Protocol from WS-Trust to WS-Security a
required field "Default Partner Profile" will appear. You must choose a value for this
field. If you again toggle back to WS-Trust without choosing a value for this field The
options in the Token Type list are not updated correctly to have the WS-Trust Token
Type values.
20.4.9 SAML Token Issued When NameID is Not Found
Rather than returning an error response, an assertion issued with an empty
NameIdentifier field can be issued even when the NameIdentifier user attribute has a
null or empty value. For example:
<saml:NameIdentifier
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
Workaround: The "Name Identifier User Attribute" Field in the Issuance Template
requires a value for the Userstore.
20.5 Integration and Inter-operability Issues and Workarounds
This section provides the following topics:
■
Section 20.5.1, "WNA Authentication Does Not Function on Windows 2008"
■
Section 20.5.2, "JVM Plug-in Ignores Cookies Marked 'httponly'"
20.5.1 WNA Authentication Does Not Function on Windows 2008
The default Kerberos encryption supported by Windows 2008 Server and Windows
2007 machines are "AES256-CTS-HMAC-SHA1-96", "AES128-CTS-HMAC-SHA1-96"
and "RC4-HMAC".
If the clients are configured to use DES only encryption, users will not be able to access
protected resources with Kerberos authentication. The error message, An incorrect
username and password was specified might be displayed.
Because the initial Kerberos tokens are not present, the browser sends NTLM tokens,
which the OAM Server does not recognize; therefore, the user authentication fails.
The workaround is to enable the encryption mechanisms, and follow the procedure
mentioned in:
http://technet.microsoft.com/en-us/library/dd560670%28WS.10%29.a
spx
20.5.2 JVM Plug-in Ignores Cookies Marked 'httponly'
Cookies set with the httponly flag are not available to Browser Side Scripts and Java
Applets. The JVM plugin ignores cookies marked 'httponly.'
To resolve the issue
1. In mod_sso.conf, disable the OssoHTTPOnly off parameter.
20-24 Release Notes
Oracle Access Manager with Impersonation Workarounds
2.
Add the required OSSO cookies to the list of possible applet parameters to pass for
authentication.
20.6 Oracle Access Manager with Impersonation Workarounds
This section provides the following topics:
■
■
Section 20.6.1, "Impersonation Can Fail on Internet Explorer v 7, 8, 9"
Section 20.6.2, "With Oracle Access Manager 11g ORA_FUSION_PREFS Cookie
Domain is Three Dots"
20.6.1 Impersonation Can Fail on Internet Explorer v 7, 8, 9
Due to a limitation with the Internet Explorer browser, Impersonation can fail to go to
the Consent page when the Impersonatee's userid contains Non-ASCII characters.
Impersonation goes instead to the failure_url if you directly type or paste the starting
impersonation URL in the browser.
20.6.2 With Oracle Access Manager 11g ORA_FUSION_PREFS Cookie Domain is Three
Dots
With Oracle Access Manager 10g the ORA_FUSION_PREFS cookie domain used the
following form (2 dots):
10g Form .example.com
However, Oracle Access Manager 11g localized login accepts only the following
format for the ORA_FUSION_PREFS cookie domain (3 dots):
11g Form .us.example.com
For example, if the host name is ruby.us.example.com, Oracle Access Manager 11g
creates a cookie with the domain name .us.example.com.
However, the application session creates a cookie with the domain name
.example.com, which causes inter-operability failure between Fusion Middleware and
the application session using this cookie.
Workaround: Update the FACookieDomain parameter to correspond to 11g
requirements, and increment the Version xsd:integer in the oam-config.xml, as
shown in this example:
1.
Back up DOMAIN_HOME/config/fmwconfig/oam-config.xml.
2.
Open the file for editing and pay close attention to your changes.
3.
Set FACookieDomain to your domain (with 3 dot separators):
<Setting Name="FAAppsConfig" Type="htf:map">
<Setting Name="FACookieDomain" Type="xsd:string">.us.example.com</Setting>
<Setting Name="FAAuthnLevel" Type="xsd:integer">2</Setting>
<Setting Name="consentPage" Type="xsd:string">/oam/pages/impconsent.jsp
</Setting>
</Setting>
4.
Configuration Version: Increment the Version xsd:integer as shown in the next
to last line of this example (existing value (26, here) + 1):
Example:
<Setting Name="Version" Type="xsd:integer">
Oracle Access Manager 20-25
Documentation Errata
<Setting xmlns="http://www.w3.org/2001/XMLSchema"
Name="NGAMConfiguration" Type="htf:map:>
<Setting Name="ProductRelease" Type="xsd:string">11.1.1.3</Setting>
<Setting Name="Version" Type="xsd:integer">26</Setting>
</Setting>
5.
Save oam-config.xml.
20.7 Documentation Errata
This section provides documentation errata for the following guides:
■
■
■
Section 20.7.1, "Oracle Fusion Middleware Administrator's Guide for Oracle
Access Manager with Oracle Security Token Service"
Section 20.7.2, "Oracle Fusion Middleware Developer's Guide for Oracle Access
Manager and Oracle Security Token Service"
Section 20.7.3, "Oracle Fusion Middleware Integration Guide for Oracle Access
Manager"
20.7.1 Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager
with Oracle Security Token Service
There is no documentation errata for this guide.
20.7.2 Oracle Fusion Middleware Developer's Guide for Oracle Access Manager and
Oracle Security Token Service
There is no documentation errata for this guide.
20.7.3 Oracle Fusion Middleware Integration Guide for Oracle Access Manager
This section contains documentation errata applicable to the Oracle Fusion Middleware
Integration Guide for Oracle Access Manager, part number E15740-04 only.
The following documentation errata are included for this guide:
■
Section 20.7.3.1, "Updates to Prerequisites for OAM-OIM Integration"
■
Section 20.7.3.2, "Properties for configOIM Command"
■
Section 20.7.3.3, "Updated Example for Integrating OIF/SP"
20.7.3.1 Updates to Prerequisites for OAM-OIM Integration
In the Oracle Fusion Middleware Integration Guide for Oracle Access Manager, part number
E15740-04, Chapter 5 Integrating Oracle Access Manager and Oracle Identity Manager,
Section 5.2 Prerequisites, Step 8a instructs you to prepare to configure LDAP
synchronization (LDAP sync) in the domain where Oracle Identity Manager runs.
Step 8a directs you to Section 14.8.5 Completing the Prerequisites for Enabling LDAP
Synchronization of the Oracle Fusion Middleware Installation Guide for Oracle Identity
Management, Part Number E12002-09. This may be confusing as some steps of that
section (such as creating the OIM user and group) are already complete.
Instead, Step 8a should direct you to Section 14.8.5.2 Creating Adapters in Oracle
Virtual Directory of the Oracle Fusion Middleware Installation Guide for Oracle Identity
Management, so that you can configure the Oracle Virtual Directory adapter for Oracle
Internet Directory.
20-26 Release Notes
Documentation Errata
Also in Section 5.2 Prerequisites, Step 8c instructs you to run a configuration wizard to
configure LDAP synchronization (LDAP sync) in the domain where Oracle Identity
Manager runs. This step does not work if Oracle Identity Manager was installed
without LDAP synchronization enabled.
Instead, Step 8c should direct you to Section 10.1 Enabling Postinstallation LDAP
Synchronization of the Oracle Fusion Middleware Administrator's Guide for Oracle Identity
Manager, Part Number E14308-08, for the correct procedure to enable LDAP
synchronization post-installation.
20.7.3.2 Properties for configOIM Command
Section 5.4, Perform Integration Tasks in Oracle Identity Manager, does not provide
definitions of all the properties to be specified in the properties file when executing the
-configOIM command in Step 3.
Use the following property definitions to assist you in configuring the properties file
of the procedure:
Table 20–1
Properties for configOIM Command
Property
Definition
LOGINURI
URI required by OPSS. Default value is
/${app.context}/adfAuthentication
LOGOUTURI
URI required by OPSS. Default value is /oamsso/logout.html
AUTOLOGINURI
URI required by OPSS. Default value is /obrar.cgi
ACCESS_SERVER_HOST
Oracle Access Manager hostname.
ACCESS_SERVER_PORT
Oracle Access Manager NAP port.
ACCESS_GATE_ID
The OAM access gate ID to which OIM needs to communicate.
OIM_MANAGED_
SERVER_NAME
The name of the Oracle Identity Manager managed server. If
clustered, any of the managed servers can be specified.
COOKIE_DOMAIN
Web domain on which the OIM application resides. Specify the
domain in the format .cc.example.com.
COOKIE_EXPIRY_
INTERVAL
Cookie expiration period. Set to -1.
OAM_TRANSFER_MODE
The security model in which the Access Servers function.
Choices are OPEN or SIMPLE.
WEBGATE_TYPE
The type of WebGate agent you want to create. Set to
javaWebgate if using a domain agent; set it to ohsWebgate10g if
using a 10g WebGate.
SSO_ENABLED_FLAG
Flag to determine if SSO should be enabled. Set to true or false.
IDSTORE_PORT
The port number for the identity store (corresponding to the
IDSTORE_DIRECTORYTYPE).
IDSTORE_HOST
The hostname of the identity store (corresponding to the
IDSTORE_DIRECTORYTYPE).
IDSTORE_
DIRECTORYTYPE
The type of directory for which the authenticator must be
created. OID for Oracle Internet Directory; OVD for all other
directories.
IDSTORE_ADMIN_USER
User with admin privileges. Note that the entry must contain the
complete LDAP DN of the user.
IDSTORE_
USERSEARCHBASE
The location in the directory where users are stored.
Oracle Access Manager 20-27
Documentation Errata
Table 20–1 (Cont.) Properties for configOIM Command
Property
Definition
IDSTORE_
GROUPSEARCHBASE
The location in the directory where groups are stored
MDS_DB_URL
The URL for the MDS database.
MDS_DB_SCHEMA_
USERNAME
The schema name for the MDS database.
WLSHOST
The WebLogic server hostname.
WLSPORT
The WebLogic server port number.
WLSADMIN
The WebLogic server administrator.
DOMAIN_NAME
The Oracle Identity Manager domain name.
DOMAIN_LOCATION
The Oracle Identity Manager domain location.
20.7.3.3 Updated Example for Integrating OIF/SP
In Section 4.3 Integrate Oracle Identity Federation in SP Mode, under sub-section 4.3.2
Delegate Authentication to Oracle Identity Federation, Step 7c contains an incorrect
example of how to update the OIFDAP partner block in the oam-config.xml
configuration file. The correct example should be:
registerOIFDAPPartner(keystoreLocation="/scratch/keystore",
logoutURL="http(s)://oifhost:oifport/fed/user/splooam11g?doneURL=
http(s)://oamhost:oamport/oam/server/pages/logout.jsp", rolloverTime="500")
Note that oifhost and oifport refer to the Oracle Identity Federation server host and
port respectively; and oamhost and oamport refer to the Oracle Access Manager server
host and port respectively.
20-28 Release Notes
21
Oracle Entitlements Server
21
This chapter describes issues associated with Oracle Entitlements Server. It includes
the following topics:
■
Section 21.1, "General Issues and Workarounds"
■
Section 21.2, "Configuration Issues and Workarounds"
■
Section 21.3, "Documentation Errata"
21.1 General Issues and Workarounds
This section describes general issues and workarounds. It includes the following topic:
■
Using Backslash on Oracle Internet Directory Policy Store
■
Performance Tuning the Oracle Database Policy Store
■
Action Bar Disappears When Using Internet Explorer 7
■
Re-created Application May Not Be Distributed in Controlled Mode
■
Enterprise Manager Doesn't Pick Up Newly Added Audit Events
■
Attributes Passed to Authorization Request Are Treated as Case Sensitive
■
Audit Schema Definitions are Incomplete
■
Java Security Module on IPv6 Client Not Supported on Windows
■
■
WebLogic Security Module Policy Distribution Configuration Issue on Windows
IPv6 Hosts
Validating Attribute Names in Custom Functions
21.1.1 Using Backslash on Oracle Internet Directory Policy Store
When a backslash (\) is used in a policy object name and the backslash is followed by
either a pound sign (#) or two hex characters ([a-fA-f_0-9][a-fA-f_0-9]), searches
for the object may not work as expected. The issue has been observed when one of
either a Resource Type name or a Resource name and action association has such a
value causing the query of permission sets by Resource Type, Resource name or action
to fail.
WORKAROUND:
Avoid using these values in policy object names.
Oracle Entitlements Server 21-1
General Issues and Workarounds
21.1.2 Performance Tuning the Oracle Database Policy Store
The Oracle dbms_stats package can be used to improve data migration performance
on an Oracle database policy store. The exact SQL command to be executed is:
*EXEC DBMS_STATS.gather_schema_stats
('DEV_OPSS',DBMS_STATS.AUTO_SAMPLE_SIZE,no_invalidate=>FALSE);*
where DEV_OPSS is the schema owner being used for the database policy store. You can
use the other two parameters as illustrated.
WORKAROUND:
You can run this DBMS_STATS call periodically using either of the options below:
■
Use DBMS_JOB.
1.
Copy and paste the following code to a SQL script.
In this example, the job will be executed every 10 minutes.
variable jobno number;
BEGIN
DBMS_JOB.submit
(job => :jobno,
what =>
'DBMS_STATS.gather_schema_stats(''DEV_OPSS'',DBMS_STATS.AUTO_SAMPLE_SIZE,
no_invalidate=>FALSE);',
interval => 'SYSDATE+(10/24/60)');
COMMIT;
END;
/
#end of sql script
2.
Login to sqlplus as the schema owner; for example, 'DEV_OPSS' not sys_user.
3.
Run the SQL script.
To find the job ID from the script you ran, execute the following:
sqlplus '/as sysdba'
SELECT job FROM dba_jobs WHERE schema_user = 'DEV_OPSS' AND what =
'DBMS_STATS.gather_schema_stats(''DEV_OPSS'',DBMS_STATS.AUTO_SAMPLE_SIZE,
no_invalidate=>FALSE);';
To remove the job, login to sqlplus as the schema owner (for example, 'DEV_
OPSS' not sys_user) and run the following SQL command:
EXEC DBMS_JOB.remove(27);
■
Use cron job or shell script to execute the SQL command.
# run dbms_stats periodically
./runopssstats.sh
# runopssstats.sh content is below:
# In this example, we will execute the command in every 10 minutes
#!/bin/sh
i=1
while [ $i -le 1000 ]
do
echo $i
sqlplus dev_opss/welcome1@inst1 @opssstats.sql
sleep 600
21-2 Release Notes
General Issues and Workarounds
i=`expr $i + 1`
done
# end of sh
# opssstats.sql
EXEC DBMS_STATS.gather_schema_stats('DEV_OPSS',
DBMS_STATS.AUTO_SAMPLE_SIZE,no_invalidate=>FALSE);
QUIT;
# end of sql
21.1.3 Action Bar Disappears When Using Internet Explorer 7
If you are using Internet Explorer 7 and select a role or user from an Administrator
Role under System Configuration -> System Administrators, the action bar disappears
thus, External Role Mappings and External User Mappings can not be deleted.
WORKAROUND:
This issue is specific to Internet Explorer 7. Use Firefox 3.
21.1.4 Re-created Application May Not Be Distributed in Controlled Mode
In some cases, when the PDP Service is running in controlled mode, if one Application
object is deleted from the policy store and re-created using the same name, the change
may not be distributed to the PDP Service. This is because the Application in the local
cache has a higher version than the one in the policy store.
WORKAROUND:
Remove the local cache files for the PDP service and restart the PDP Service instance.
The oracle.security.jps.runtime.pd.client.localpolicy.work_folder
configuration parameter defines the path to the cache. The default value is <SM_
INSTANCE>/config/work/.
21.1.5 Enterprise Manager Doesn't Pick Up Newly Added Audit Events
component_events.xml is the audit event definition file used by configuration tools
(like Enterprise Manager and WebLogic Scripting Tool) and by the audit runtime and
database loader. You need to modify the component_events.xml file to insure that
Enterprise Manager picks up all newly added events in the Low/Medium list.
WORKAROUND:
1. Log out of Enterprise Manager.
2.
Open the component_events.xml file.
This file is located in the $IDM_OPSS_ORACLE_HOME/modules/oracle.iau_
11.1.1/components/JPS/ directory.
3.
Search for <FilterPresetDefinition name="Low">.
4.
In the event list, change purgeDistributionStatus to PurgeDistributionStatus.
Note the capitalization.
5.
Search for <FilterPresetDefinition name="Medium">.
6.
In the event list, change purgeDistributionStatus to PurgeDistributionStatus.
Note the capitalization.
Oracle Entitlements Server 21-3
General Issues and Workarounds
7.
Save the file and close it.
8.
Start Enterprise Manager.
21.1.6 Attributes Passed to Authorization Request Are Treated as Case Sensitive
When using the PEP API names of passed attributes, they must be in the same case as
those mentioned in the policies.
21.1.7 Audit Schema Definitions are Incomplete
The IAUOES audit schema is not synchronized with Oracle Entitlements Server event
definitions, so it does not contain the necessary columns for this component.
Consequently, data cannot be stored in the appropriate columns and audit reports
cannot be run against Oracle Entitlements Server data.
WORKAROUND - Option 1
Use this option if RCU has not yet been run. The steps are:
1.
Locate JPS.sql at this location:
$RCU_HOME/rcu/integration/iauoes/scripts/JPS.sql
Modify the file permission, making the file writable.
2.
Copy over the file:
$IDM_OPSS_ORACLE_HOME/modules/oracle.iau_11.1.1/sql/scripts/JPS.sql
to:
$RCU_HOME/rcu/integration/iauoes/scripts/JPS.sql
3.
Run RCU to create the IAUOES schema.
WORKAROUND - Option 2
Use this option if RCU has already been run. The steps are:
1.
Copy over the file:
$IDM_OPSS_ORACLE_HOME/modules/oracle.iau_11.1.1/sql/scripts/JPS.sql
to the directory from which you run sqlplus.
2.
Connect to sqlplus as sysdba.
3.
Run the following commands at the SQL prompt:
a.
alter session set current_schema=audit_schema_user
b.
drop table JPS;
c.
@@JPS.sql audit_schema_user audit_schema_user_Append audit_schema_user_
Viewer;
21.1.8 Java Security Module on IPv6 Client Not Supported on Windows
Because of an issue with the JDK 1.6, the Java Security Module is not supported when
using a Windows IPv6 client. We are working with the JDK development team for a
resolution.
21-4 Release Notes
Documentation Errata
21.1.9 WebLogic Security Module Policy Distribution Configuration Issue on Windows
IPv6 Hosts
The Policy Distribution URL may not be correctly generated on some Windows IPv6
hosts. Specifically, in jps-config.xml you might see the following line:
@ <property value="https://127.0.0.1:8002/pd-client"
name="oracle.security.jps.runtime.pd.client.DistributionServiceURL"/>
WORKAROUND:
Edit jps-config.xml (located in <domain_home>/config/oeswlssmconfig/) so it
contains the correct policy distribution client URL. In the following example,
<WLS-SM-client-host> is the hostname on which the WebLogic Server Security Module
is running and <Pd-client-port> is the port on which the client is listening for policy
distribution.
@ <property value="https://<WLS-SM-client-host>:<Pd-client-port>/pd-client"
name="oracle.security.jps.runtime.pd.client.DistributionServiceURL"/>
21.1.10 Validating Attribute Names in Custom Functions
When using custom function implementations, if the attribute name is invalid, the
result of the authorization request could be wrong. Thus, attribute names must be
validated before retrieving their values.
WORKAROUND:
Use the following code in custom function implementations to validate attribute
names.
boolean isValidAttributeName(String name) {
if (name == null) return false;
return name.matches("[A-Za-z_][A-Za-z0-9_]*");
}
21.2 Configuration Issues and Workarounds
There are no configuration issues at this time.
21.3 Documentation Errata
There are no documentation errata at this time.
Oracle Entitlements Server 21-5
Documentation Errata
21-6 Release Notes
22
22
Oracle Identity Federation
This chapter describes issues associated with Oracle Identity Federation. It includes
the following topics:
■
Section 22.1, "General Issues and Workarounds"
■
Section 22.2, "Configuration Issues and Workarounds"
■
Section 22.3, "Documentation Errata"
22.1 General Issues and Workarounds
This section describes general issues and workarounds. It includes the following
topics:
■
■
■
Section 22.1.1, "Database Table for Authentication Engine must be in Base64
Format"
Section 22.1.2, "Considerations for Oracle Identity Federation HA in SSL mode"
Section 22.1.3, "Database Column Too Short error for
IDPPROVIDEDNAMEIDVALUE"
22.1.1 Database Table for Authentication Engine must be in Base64 Format
When using a database table as the authentication engine, and the password is stored
hashed as either MD5 or SHA, it must be in base64 format.
The hashed password can be either in the base64-encoded format or with a prefix of
{SHA} or {MD5}. For example:
{SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=
22.1.2 Considerations for Oracle Identity Federation HA in SSL mode
In a high availability environment with two (or more) Oracle Identity Federation
servers mirroring one another and a load balancer at the front-end, there are two ways
to set up SSL:
■
Configure SSL on the load balancer, so that the SSL connection is between the user
and the load balancer. In that case, the keystore/certificate used by the load
balancer has a CN referencing the address of the load balancer.
The communication between the load balancer and the WLS/Oracle Identity
Federation can be clear or SSL (and in the latter case, Oracle WebLogic Server can
use any keystore/certificates, as long as these are trusted by the load balancer).
Oracle Identity Federation 22-1
Configuration Issues and Workarounds
■
SSL is configured on the Oracle Identity Federation servers, so that the SSL
connection is between the user and the Oracle Identity Federation server. In this
case, the CN of the keystore/certificate from the Oracle WebLogic Server/Oracle
Identity Federation installation needs to reference the address of the load balancer,
as the user will connect using the hostname of the load balancer, and the
Certificate CN needs to match the load balancer's address.
In short, the keystore/certificate of the SSL endpoint connected to the user (load
balancer or Oracle WebLogic Server/Oracle Identity Federation) needs to have its
CN set to the hostname of the load balancer, since it is the address that the user
will use to connect to Oracle Identity Federation.
22.1.3 Database Column Too Short error for IDPPROVIDEDNAMEIDVALUE
Problem
When Oracle Identity Federation is configured to use a database store for session and
message data store, the following error is seen if data for IDPPROVIDEDNAMEID is over
200 characters long:
ORA-12899: value too large for column
"WDO_OIF"."ORAFEDTMPPROVIDERFED"."IDPPROVIDEDNAMEIDVALUE" (actual: 240,
maximum: 200)\n]
Workaround
Alter table ORAFEDTMPPROVIDERFED to increase the column size for
"idpProvidedNameIDValue" to 240.
22.2 Configuration Issues and Workarounds
This section describes configuration issues and their workarounds. It includes the
following topics:
■
Section 22.2.1, "WLST Environment Setup when SOA and OIF are in Same
Domain"
■
Section 22.2.2, "Oracle Virtual Directory Requires LSA Adapter"
■
Section 22.2.3, "Settings for Remote WS-Fed SP Must be Changed Dynamically"
■
Section 22.2.4, "Required Property when Creating a WS-Fed Trusted Service
Provider"
■
Section 22.2.5, "Federated Identities Table not Refreshed After Record Deletion"
■
Section 22.2.6, "Default Authentication Scheme is not Saved"
■
■
Section 22.2.7, "Configuring 10g to Work with 11g Oracle Identity Federation using
Artifact Profile"
Section 22.2.8, "Regenerating OAM 11g Key Requires Oracle Identity Federation
Upgrade Script"
22.2.1 WLST Environment Setup when SOA and OIF are in Same Domain
If your site contains Oracle SOA Suite and Oracle Identity Federation in the same
domain, the WLST setup instructions in the Oracle Fusion Middleware Administrator's
Guide for Oracle Identity Federation are insufficient for WLST to correctly execute Oracle
Identity Federation commands.
22-2 Release Notes
Configuration Issues and Workarounds
This can happen if you install an IdM domain, then extend it with an Oracle SOA
install; the SOA installer changes the ORACLE_HOME environment variable. This breaks
the Oracle Identity Federation WLST environment, as it relies on the IdM value for
ORACLE_HOME.
Take these steps to enable the use of WLST commands:
1.
Execute the instructions described in Section 9.1.1, Setting up the WLST
Environment, in the Oracle Fusion Middleware Administrator's Guide for Oracle
Identity Federation.
2.
Copy OIF-ORACLE_HOME/fed/script/*.py to WL_HOME/common/wlst.
3.
Append the CLASSPATH environment variable with OIF-ORACLE_
HOME/fed/scripts.
22.2.2 Oracle Virtual Directory Requires LSA Adapter
To use Oracle Virtual Directory as an Oracle Identity Federation user store or an
authentication engine, you must configure a Local Storage Adapter, and the context
root must be created as required at installation or post-install configuration time.
For details about this task, see the chapter Creating and Configuring Oracle Virtual
Directory Adapters in the Oracle Fusion Middleware Administrator's Guide for Oracle
Virtual Directory.
22.2.3 Settings for Remote WS-Fed SP Must be Changed Dynamically
On the Edit Federations page, the Oracle Identity Federation (OIF) settings for remote
WS-Fed service provider contain a property called SSO Token Type; you can choose
to either inherit the value from the IdP Common Settings page or override it here. The
number of properties shown in 'OIF Settings' depends on the value of SSO Token
Type.
If you choose to override SSO Token Type with a different value (for example, by
changing from SAML2.0 to SAML1.1), the number of properties shown in 'OIF
Settings' does not change until you click the Apply button.
Also, if you have overridden the value for Default NameID Format to 'Persistent
Identifier' or 'Transient/One-Time Identifier', then changed the SSO Token Type value
from 'SAML2.0' to 'SAML1.1' or 'SAML1.0', you will notice that the value for Default
NameID Format is now blank. To proceed, you must reset this property to a valid
value from the list.
22.2.4 Required Property when Creating a WS-Fed Trusted Service Provider
When you create a WS-Fed Trusted Service Provider, you must set the value for the
'Use Microsoft Web Browser Federated Sign-On' property with these steps:
1.
In Fusion Middleware Control, navigate to Federations, then Edit Federations.
2.
Choose the newly create WS-Fed Trusted Service Provider and click Edit.
3.
In the 'Trusted Provider Settings' section, set the value for Use Microsoft Web
Browser Federated Sign-On by checking or unchecking the check-box.
4.
Click Apply.
Oracle Identity Federation 22-3
Configuration Issues and Workarounds
22.2.5 Federated Identities Table not Refreshed After Record Deletion
When the federation store is XML-based, a record continues to be displayed in the
federated identities table after it is deleted.
The following scenario illustrates the issue:
1.
The federation data store is XML.
2.
Perform federated SSO, using "map user via federated identity".
3.
In Fusion Middleware Control, locate the Oracle Identity Federation instance, and
navigate to Administration, then Identities, then Federated Identities.
4.
Click on the created federation record and delete it.
After deletion, the federated record is still in the table. Further attempts at deleting the
record result in an error.
The workaround is to manually refresh the table by clicking Search.
22.2.6 Default Authentication Scheme is not Saved
Problem
This problem is seen when you configure Oracle Access Manager in Fusion
Middleware Control as a Service Provider Integration Module. It is not possible to set
a default authentication scheme since the default is set to a certain scheme (say
OIF-password-protected) but the radio button is disabled.
Solution
Take these steps to set the preferred default authentication scheme:
1.
Check the Create check-box for the scheme that is currently set as the default but
disabled.
2.
Check the Create check-box(es) for the authentication scheme(s) that you would
like to create.
3.
Click the radio button of the scheme that you wish to set as the default.
4.
Uncheck the Create check-box of the scheme in Step 1 only if you do not want to
create the scheme.
5.
Provide all the required properties in the page.
6.
Click the Configure Oracle Access Manager button to apply the changes.
The default authentication scheme is now set to the one that you selected.
In addition, when trying to remove any authentication
scheme, ensure that you do not remove the default scheme; if you
must remove the scheme, change the default to another authentication
scheme before you remove the scheme.
Note:
22.2.7 Configuring 10g to Work with 11g Oracle Identity Federation using Artifact
Profile
In the SAML 1.x protocol, for a 10g Oracle Identity Federation server to work with an
11g Oracle Identity Federation server using the Artifact profile, you need to set up
either basic authentication or client cert authentication between the two servers.
22-4 Release Notes
Documentation Errata
For instructions, see:
■
■
Section 6.9 Protecting the SOAP Endpoint, in the Oracle Fusion Middleware
Administrator's Guide for Oracle Identity Federation, 11g Release 1 (11.1.1)
Section 6.5.13.2 When Oracle Identity Federation is an SP, in the Oracle Identity
Federation Administrator's Guide, 10g (10.1.4.0.1)
22.2.8 Regenerating OAM 11g Key Requires Oracle Identity Federation Upgrade Script
In Oracle Enterprise Manager Fusion Middleware Control, when you configure the SP
Integration Module for Oracle Access Manager 11g, you can regenerate the secret key
by clicking the Regenerate button (Service Provider Integration Modules page, Oracle
Access Manager 11g tab).
In an upgraded 11.1.1.7.0 environment, it is necessary to execute the Oracle Identity
Federation upgrade script before you regenerate the OAM 11g secret key from this
page. For details about how to run the script, see the Oracle Fusion Middleware Patching
Guide.
22.3 Documentation Errata
This section contains documentation errata for the Oracle Fusion Middleware
Administrator's Guide for Oracle Identity Federation.
For documentation errata and other release notes relating to
the integration of Oracle Identity Federation with Oracle Access
Manager 11g , see the chapter for "Oracle Access Manager."
Note:
This section contains these topics:
■
Section 22.3.1, "Incorrect Command Cited for BAE Configuration Procedure"
■
Section 22.3.2, "SP Post-Processing Plug-in Properties for OAM 11g"
■
Section 22.3.3, "Short Hostname Redirect Using mod_rewrite Configuration"
22.3.1 Incorrect Command Cited for BAE Configuration Procedure
In the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation, Part
Number E13400-06, Section 6.8.2 Configuring the BAE Direct Attribute Exchange
Profile, subsection "Set the BAE Direct Attribute Exchange Profile for a Partner", the
procedure incorrectly documents the WLST command setPartnerProperty instead of
the correct setFederationProperty command.
Replace the two commands mentioned in that subsection with:
setFederationProperty("PARTNER_PROVIDER_ID", "attributebaeenabled" ,
"true","boolean")
setFederationProperty("PARTNER_PROVIDER_ID", "attributebaeenabled" ,
"false","boolean")
to set and unset the BAE property, respectively.
Oracle Identity Federation 22-5
Documentation Errata
22.3.2 SP Post-Processing Plug-in Properties for OAM 11g
In the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation, Part
Number E13400-06, Section 12.5.2 Configuring Oracle Identity Federation for the
Plug-in is missing the properties needed to configure Oracle Access Manager 11g.
Add the following row to the end of Table 12-3 SP Engine Configuration for
Post-processing Plug-in; this row shows the properties needed for Oracle Access
Manager 11g:
SP Engine
web context
property
relative path
property
OAM 11g
oam11g-login-context oam11g-login
22.3.3 Short Hostname Redirect Using mod_rewrite Configuration
In the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation, Part
Number E13400-06, Section 3.2.2.2 Integrate Oracle Single Sign-On with OHS (as well
as earlier editions with the same section), the code in comments (lines starting with #)
at the end of the section should be revised to use a mod_rewrite configuration.
Replace the text:
#
# If you would like to have short hostnames redirected to
# fully qualified hostnames to allow clients that need
# authentication via mod_osso to be able to enter short
# hostnames into their browsers uncomment out the following
# lines
#
#PerlModule Apache::ShortHostnameRedirect
#PerlHeaderParserHandler Apache::ShortHostnameRedirect
with the text:
#
# To have short hostnames redirected to fully qualified
# hostnames for clients that need authentication via
# mod_osso to be able to enter short hostnames into their
# browsers use a mod_rewrite configuration such as the following.
#
# e.g
#RewriteEngine On
#RewriteCond %{HTTP_HOST} !www.example.com
#RewriteRule ^.*$ http://%{SERVER_NAME}%{REQUEST_URI} [R]
#where www.example.com is the fully qualified domain name.
22-6 Release Notes
23
Oracle Identity Manager
23
This chapter describes issues associated with Oracle Identity Manager. It includes the
following topics:
■
Section 23.1, "Patch Requirements"
■
Section 23.2, "General Issues and Workarounds"
■
Section 23.3, "Configuration Issues and Workarounds"
■
Section 23.4, "Multi-Language Support Issues and Limitations"
■
Section 23.5, "Documentation Errata"
23.1 Patch Requirements
This section describes patch requirements for Oracle Identity Manager 11g Release 1
(11.1.1). It includes the following sections:
■
Obtaining Patches From My Oracle Support (Formerly OracleMetaLink)
■
Patch Requirements for Oracle Database 11g (11.1.0.7)
■
Patch Requirements for Oracle Database 11g (11.2.0.2.0)
■
Patch Requirements for Segregation of Duties (SoD)
■
Patch Upgrade Requirement
23.1.1 Obtaining Patches From My Oracle Support (Formerly OracleMetaLink)
To obtain a patch from My Oracle Support (formerly OracleMetaLink), go to following
URL, click Patches and Updates, and search for the patch number:
https://support.oracle.com/
23.1.2 Patch Requirements for Oracle Database 11g (11.1.0.7)
Table 23–1 lists patches required for Oracle Identity Manager 11g Release 1 (11.1.1)
configurations that use Oracle Database 11g (11.1.0.7). Before you configure Oracle
Identity Manager 11g, be sure to apply the patches to your Oracle Database 11g
(11.1.0.7) database.
Table 23–1
Required Patches for Oracle Database 11g (11.1.0.7)
Platform
Patch Number and Description on My Oracle Support
UNIX / Linux
7614692: BULK FEATURE WITH 'SAVE EXCEPTIONS' DOES NOT
WORK IN ORACLE 11G
Oracle Identity Manager 23-1
Patch Requirements
Table 23–1 (Cont.) Required Patches for Oracle Database 11g (11.1.0.7)
Platform
Patch Number and Description on My Oracle Support
7000281: DIFFERENCE IN FORALL STATEMENT BEHAVIOR IN 11G
8327137: WRONG RESULTS WITH INLINE VIEW AND AGGREGATION
FUNCTION
8617824: MERGE LABEL REQUEST ON TOP OF 11.1.0.7 FOR BUGS
7628358 7598314
Windows 32 bit
8689191: ORACLE 11G 11.1.0.7 PATCH 16 BUG FOR WINDOWS 32 BIT
Windows 64 bit
8689199: ORACLE 11G 11.1.0.7 PATCH 16 BUG FOR WINDOWS (64-BIT
AMD64 AND INTEL EM64T)
Note: The patches listed for UNIX/Linux in Table 23–1 are also
available by the same names for Solaris SPARC 64 bit.
23.1.3 Patch Requirements for Oracle Database 11g (11.2.0.2.0)
If you are using Oracle Database 11g (11.2.0.2.0), make sure that you download and
install the appropriate version (based on the platform) for the RDBMS Patch Number
9776940. This is a prerequisite for installing the Oracle Identity Manager schemas.
Table 23–2 lists the patches required for Oracle Identity Manager 11g Release 1 (11.1.1)
configurations that use Oracle Database 11g Release 2 (11.2.0.2.0). Make sure that you
download and install the following patches before creating Oracle Identity Manager
schemas.
Table 23–2
Required Patches for Oracle Database 11g (11.2.0.2.0)
Platform
Patch Number and Description on My Oracle Support
Linux x86 (32-bit)
RDBMS Interim Patch#9776940.
Linux x86 (64-bit)
Oracle Solaris on SPARC (64-bit)
Oracle Solaris on x86-64 (64-bit)
Microsoft Windows x86 (32-bit)
Bundle Patch 2 [Patch#11669994] or later. The latest Bundle
Patch is 4 [Patch# 11896290].
Microsoft Windows x86 (64-bit)
Bundle Patch 2 [Patch# 11669995] or later. The latest Bundle
Patch is 4 [Patch# 11896292].
If this patch is not applied, then problems might occur in user and role search and
manager lookup. In addition, search results might return empty result.
23-2 Release Notes
Patch Requirements
Note:
■
■
Apply this patch in ONLINE mode. Refer to the readme.txt file
bundled with the patch for the steps to be followed.
In some environments, the RDBMS Interim Patch has been unable
to resolve the issue, but the published workaround works. Refer
to the metalink note "Wrong Results on 11.2.0.2 with
Function-Based Index and OR Expansion due to fix for
Bug:8352378 [Metalink Note ID 1264550.1]" for the workaround.
This note can be followed to set the parameters accordingly with
the only exception that they need to be altered at the Database
Instance level by using ALTER SYSTEM SET <param>=<value>
scope=<memory> or <both>.
23.1.4 Patch Requirements for Segregation of Duties (SoD)
Table 23–3 lists patches that resolve known issues with Segregation of Duties (SoD)
functionality:
Table 23–3
SoD Patches
Patch Number / ID
Description and Purpose
Patch number 9819201 on
My Oracle Support
Apply this patch on the SOA Server to resolve the known issue
described in "SoD Check During Request Provisioning Fails
While Using SAML Token Client Policy When Default SoD
Composite is Used".
The description of this patch on My Oracle Support is "ERROR
WHILE USING SAML TOKEN CLIENT POLICY FOR
CALLBACK."
Patch ID 3M68 using the
Oracle Smart Update utility.
Requires passcode:
6LUNDUC7.
Using the Oracle Smart Update utility, apply this patch on the
Oracle WebLogic Server to resolve the known issue described in
"SoD Check Fails While Using Client-Side Policy in Callback
Invocation During Request Provisioning".
The SoD patches are required to resolve the known issues in
Oracle Identity Manager 11g Release 1 (11.1.1.3), but these patches are
not required in 11g Release 1 (11.1.1.5).
Note:
23.1.5 Patch Upgrade Requirement
While applying the patch provided by Oracle Identity Manager, the following error is
generated:
ApplySession failed: ApplySession failed to prepare the system.
OPatch version 11.1.0.8.1 must be upgraded to version 11.1.0.8.2 to meet the version
requirement.
See "Obtaining Patches From My Oracle Support (Formerly OracleMetaLink)" on
page 23-1 for information about downloading OPatch from My Oracle Support.
Oracle Identity Manager 23-3
General Issues and Workarounds
23.2 General Issues and Workarounds
This section describes general issues and workarounds. It includes the following
topics:
■
Do Not Use Platform Archival Utility
■
SPML-DSML Service is Unsupported
■
Resource Object Names Longer than 100 Characters Cause Import Failure
■
Status of Users Created Through the Create and Modify User APIs
■
Status of Locked Users in Oracle Access Manager Integrations
■
Generating an Audit Snapshot after Bulk-Loading Users or Accounts
■
Browser Timezone Not Displayed
■
Date Format Change in the SoD Timestamp Field Not Supported
■
Bulk Loading CSV Files with UTF-8 BOM Encoding Not Supported
■
Date Type Attributes are Not Supported for the Default Scheduler Job, "Job
History Archival"
■
Low File Limits Prevent Adapters from Compiling
■
Reconciliation Engine Requires Matching Rules
■
SPML Requests Do Not Report When Any Date is Specified in Wrong Format
■
Logs Populated with SoD Exceptions When the SoD Message Fails and Gets Stuck
in the Queue
■
Underscore Character Cannot Be Used When Searching for Resources
■
Assign to Administrator Action Rule is Not Supported by Reconciliation
■
Some Buttons on Attestation Screens Do Not Work in Mozilla Firefox
■
■
The maxloginattempts System Property Causes Autologin to Fail When User Tries
to Unlock
"<User not found>" Error Message Appears in AdminServer Console While
Setting-Up an Oracle Identity Manager-Oracle Access Manager Integration
■
Do Not Use Single Quote Character in Reconciliation Matching Rule
■
Do Not Use Special Characters When Reconciling Roles from LDAP
■
■
■
■
■
■
■
23-4 Release Notes
SoD Check During Request Provisioning Fails While Using SAML Token Client
Policy When Default SoD Composite is Used
SoD Check Fails While Using Client-Side Policy in Callback Invocation During
Request Provisioning
Error May Appear During Provisioning when Generic Technology Connector
Framework Uses SPML
Cannot Click Buttons in TransUI When Using Mozilla Firefox
LDAP Handler May Cause Invalid Exception While Creating, Deleting, or
Modifying a Role
Cannot Reset User Password Comprised of Non-ASCII Characters
Benign Exception and Error Message May Appear While Patching Authorization
Policies
General Issues and Workarounds
■
■
The DateTime Pick in the Trans UI Does Not Work Correctly in the Thai Locale
User Without Access Policy Administrators Role Cannot View Data in Access
Policy Reports
■
Archival Utility Throws an Error for Empty Date
■
TransUI Closes with Direct Provisioning of a Resource
■
■
■
■
Scheduler Throws "ParameterValueTypeNotSupportedException" Instead of
"RequiredParameterNotSetException"
All New User Attributes Are Not Supported for Attestation in Oracle Identity
Manager 11g
LDAP GUID Mapping to Any Field of Trusted Resource Not Supported
User Details for Design Console Access Field Must Be Mapped to Correct Values
When Reading Modify Request Results
■
Cannot Create a User Containing Asterisks if a Similar User Exists
■
Blank Status Column Displayed for Past Proxies
■
Mapping the Password Field in a Reconciliation Profile Prevents Users from Being
Created
■
UID Displayed as User Login in User Search Results
■
Roles/Organizations Browse Trees Disappear
■
Entitlement Selection Is Not Optional for Data Gathering
■
■
Oracle Identity Manager Server Throws Generic Exception While Deploying a
Connector
Create User API Allows Any Value for the "Users.Password Never Expires",
"Users.Password Cannot Change", and "Users.Password Must Change" Fields
■
Incorrect Label in JGraph Screen for the GTC
■
Running the Workflow Registration Utility Generates an Error
■
Native Performance Pack is Not Enabled On Solaris 64-bit JVM Install
■
Error in the Create Generic Technology Connector Wizard
■
DSML Profile for the SPML Web Service is Not Deployed With Oracle Identity
Manager
■
New Human Tasks Must Be Copied in SOA Composites
■
Modify Provisioned Resource Request Does Not Support Service Account Flag
■
Erroneous "Query by Example" Icon in Identity Administration Console
■
The XL.ForcePasswordChangeAtFirstLogin System Property Is No Longer Used
■
■
■
■
■
The tcExportOperationsIntf.findObjects(type,name) API Does Not Accept the
Asterisk (*) Wilcard Character in Both Parameters
Disabled Links on the Access Policy Summary Page Opened in Mozilla FireFox
Benign Error is Generated on Editing the IT Resource Form in Advanced
Administration
User Account is Not Locked in iPlanet Directory Server After it is Locked in Oracle
Identity Manager
Oracle Identity Manager Does Not Support Autologin With JavaAgent
Oracle Identity Manager 23-5
General Issues and Workarounds
■
■
■
Benign Error Logged on Opening Access Policies, Resources, or Attestation
Processes
User Locked in Oracle Identity Manager But Not in LDAP
Reconciliation Profile Must Not Be Regenerated Via Design Console for Xellerate
Organization Resource Object
■
Benign Error Logged on Clicking Administration After Upgrade
■
Provisioning Fails Through Access Policy for Provisioned User
■
■
■
■
■
■
■
■
■
■
■
■
■
■
■
■
■
■
Benign Warning Messages Displayed During Oracle Identity Manager Managed
Server Startup
Benign Message Displayed When Running the Deployment Manager
Deployment Manager Export Fails When Started Using Microsoft Internet
Explorer 7 With JRE Plugin 1.6_23
User Creation Fails in Microsoft Active Directory When Value of Country
Attribute Exceeds Two Characters
Permission on Target User Required to Revoke Resource
Reconciliation Event Fails for Trusted Source Reconciliation Because of Missing
Reconciliation Rule in Upgraded Version of Oracle Identity Manager
XML Validation Error on Oracle Identity Manager Managed Server Startup
Cannot View or Edit Adapter Mapping in the Data Object Manager Form of the
Design Console
Role Memberships for Assign or Revoke Operations Not Updated on Enabling or
Disabling Referential Integrity Plug-in
Reconciliation Data Displays Attributes That Are Not Modified
Benign Errors Displayed on Starting the Scheduler Service When There are
Scheduled Jobs to be Recovered
Trusted Source GTC Reconciliation Mapping Cannot Display Complete Attribute
Names
Benign Error Logged for Database Connectivity Test
MDS Validation Error When Importing GTC Provider Through the Deployment
Manager
Encrypted User-Defined Field (UDF) Cannot be Stored with Size of 4000
Characters or More
Request Approval Fails With Callback Service Failure
Localized Display Name is Not Reconciled Via User/Role Incremental
Reconciliation with iPlanet Directory Server
LDAP Role Hierarchy and Role Membership Reconciliation With Non-ASCII
Characters Does Not Reconcile Changes in Oracle Identity Manager
■
Import of Objects Fails When All Objects Are Selected for Export
■
Benign Audit Errors Logged After Upgrade
■
23-6 Release Notes
Connector Upgrade Fails if Existing Data is Bigger in Size Than New Column
Length
General Issues and Workarounds
■
■
■
■
■
■
■
Connector Artifacts Count Increases in the Deployment Manager When File is Not
Imported
Uploading JAR Files By Using the Upload JAR Utility Fails
Oracle Identity Manager Data and MT Upgrade Fails Because Change of Database
User Password
Reverting Unsaved UDFs Are Not Supported in the Administration Details Page
for Roles and Organizations
Resources Provisioned to User Without Checking Changes in User Status After
Request is Submitted
Starting UCP Connection Pool Fails When Trying to Create User on 64-Bit
Microsoft Windows With JDK 6
Config.sh Command Fails When JRockit is Installed With Data Samples and
Source
■
Unexpected Memory Usage in Oracle Identity Manager 11g Release 1(11.1.1)
■
Reports Link No Longer Exists in the Administrative and User Console
■
Not Allowing to Delete a Role Whose Assigned User Members are Deleted
■
Roles and Organizations Do Not Support String UDFs of Password Type
■
Error on Importing Connector By Using the Deployment Manager
■
Manage Localizations Dialog Box Does Not Open After Modifying Roles
■
Not Allowing to Create User With Language-Specific Display Name Values
■
■
■
■
■
■
■
■
■
SoD Check Results Not Displayed for Requests Created by Users for the
PeopleSoft Resource
The XL.UnlockAfter System Property and the Automatically Unlock User
Scheduled Job Do Not Take Effect
Resetting Password on Account Lockout Does Not Unlock User
Starting Oracle Identity Manager and SOA Server on Some 64-bit Microsoft
Windows Computers for the First Time Takes Time
Incremental and Full Reconciliation Jobs Cannot Be Run Together
Incorrect Content in the ScheduleTask Jars Loaded and Third Party Jars Tables in
the MT Upgrade Report
Scroll Bar Not Available on the Select Connector Objects to Be Upgraded Page of
the Connector Management - Upgrading Wizard
Adapter Import Might Display Adapter Logic if Compilation Fails Because of
Incorrect Data
XIMDD Tests Fail in Oracle Identity Manager
23.2.1 Do Not Use Platform Archival Utility
Currently, the Platform Archival Utility is not supported and should not be used.
To work around this issue, use the predefined scheduled task named Orchestration
Process Cleanup Task to delete all completed orchestration processes and related data.
Oracle Identity Manager 23-7
General Issues and Workarounds
23.2.2 SPML-DSML Service is Unsupported
Oracle Identity Manager's SPML-DSML Service is currently unsupported in 11g
Release 1 (11.1.1). However, you can manually deploy the spml-dsml.ear archive file
for Microsoft Active Directory password synchronization.
23.2.3 Resource Object Names Longer than 100 Characters Cause Import Failure
If a resource object name is more than 100 characters, an error occurs in the database
and the resource object is not imported. To work around this issue, change the resource
object's name in the XML file so the name is less than 100 characters.
23.2.4 Status of Users Created Through the Create and Modify User APIs
You cannot create users in Disabled State. Users are always created in Active State.
The Create and Modify User APIs do not honor the Users.Disable User attribute value.
If you pass a value to the Users.Disable User attribute when calling the Create API,
Oracle Identity Manager ignores this value and the USR table is always populated
with a value of 0, which indicates the user's state is Active.
Use the Disable API to disable a user.
23.2.5 Status of Locked Users in Oracle Access Manager Integrations
When Oracle Access Manager locks a user account in an Oracle Identity
Manager-Oracle Access Manager integration, it may take approximately five minutes,
or the amount of time defined by the incremental reconciliation scheduled interval, for
the status of the locked account to be reconciled and appear in Oracle Identity
Manager. However, if a user account is locked or unlocked in Oracle Identity Manager,
the status appears immediately.
23.2.6 Generating an Audit Snapshot after Bulk-Loading Users or Accounts
The GenerateSnapshot.[sh|bat] option does not work correctly when invoked from the
Bulk Load utility. To work around this issue and generate a snapshot of the initial
audit after bulk loading users or accounts, you must run GenerateSnapshot.[sh|bat]
from the $OIM_HOME/bin/ directory.
23.2.7 Browser Timezone Not Displayed
Due to an ADF limitation, the browser timezone is currently not accessible to Oracle
Identity Manager. Oracle Identity Manager bases the timezone information in all date
values on the server's timezone. Consequently, end users will see timezone
information in the date values, but the timezone value will display the server's
timezone.
23.2.8 Date Format Change in the SoD Timestamp Field Not Supported
23-8 Release Notes
General Issues and Workarounds
The date-time value that end users see in the Segregation of Duties (SoD) Check
Timestamp field on the SoD Check page will always display as "YYYY-MM-DD
hh:mm:ss" and this format cannot be localized.
To work around this localization issue, perform the following steps:
1.
Open the "Oracle_eBusiness_User_Management_
9.1.0.1.0/xml/Oracle-eBusinessSuite-TCA-Main-ConnectorConfig.xml" file.
2.
In the EBS Connector import xml, locate the SoDCheckTimeStamp field for the
Process Form. Change <SDC_FIELD_TYPE> to 'DateFieldDlg' and change <SDC_
VARIANT_TYPE> to 'Date' as shown in the following example:
<FormField name = "UD_EBST_USR_SODCHECKTIMESTAMP">
<SDC_UPDATE>!Do not change this field!</SDC_UPDATE>
<SDC_LABEL>SoDCheckTimestamp</SDC_LABEL>
<SDC_VERSION>1</SDC_VERSION>
<SDC_ORDER>23</SDC_ORDER>
<SDC_FIELD_TYPE>DateFieldDlg</SDC_FIELD_TYPE>
<SDC_DEFAULT>0</SDC_DEFAULT>
<SDC_ENCRYPTED>0</SDC_ENCRYPTED>
<!--SDC_SQL_LENGTH>50</SDC_SQL_LENGTH-->
<SDC_VARIANT_TYPE>Date</SDC_VARIANT_TYPE>
</FormField>
3.
Import the Connector.
4.
Enable SoD Check.
5.
Provision the EBS Resource with entitlements to trigger an SoD Check.
6.
Check the SoDCheckTimeStamp field in Process Form to confirm it is localized
like the other date fields in the form.
23.2.9 Bulk Loading CSV Files with UTF-8 BOM Encoding Not Supported
Bulk loading a CSV file for which UTF-8 BOM (byte order mark) encoding is specified
causes an error. However, bulk-loading UTF-8 encoded CSV files works as expected if
you specify "no BOM" encoding.
To work around this issue,
■
■
If you want to load non-ASCII data, you must change your CSV file encoding to
"UTF-8 no BOM" before loading the CSV file.
If your data is stored in CSV files with "UTF-8 BOM" encoding, you must change
them to "UTF-8 no BOM" encoding before running the bulkload script.
23.2.10 Date Type Attributes are Not Supported for the Default Scheduler Job, "Job
History Archival"
The default Scheduler job, "Job History Archival," does not support date type
attributes.
The "Archival Date" attribute parameter in "Job History Archival" only accepts string
patterns such as "ddMMyyyy" and "MMM DD, yyyy."
Oracle Identity Manager 23-9
General Issues and Workarounds
When you run a Scheduler job, the code checks the date format. If you enter the wrong
format, an error similar to the following example, displays in the execution status list
and in the log console:
<IAM-1020063> <Incorrect format of Archival Date parameter. Archival Date is
expected in DDMMYYYY or UI Date format.>
The job cannot run successfully until you input the correct Archival Date information.
23.2.11 Low File Limits Prevent Adapters from Compiling
On machines where the file limits are set too low, trying to create and compile an
entity adapter causes a "Too many open files" error and the adapter will not compile.
To work around this issue, change the file limits on your machine to the following
(located in /etc/security/limits.conf) and then restart the machine:
■
softnofile 4096
■
hardnofile 4096
23.2.12 Reconciliation Engine Requires Matching Rules
Currently, Oracle Identity Manager's Reconciliation Engine in 11g Release 1 (11.1.1)
requires you to define a matching rule to identify the users for every connector in
reconciliation. Errors will occur during reconciliation if you do not define a matching
rule to identify users.
23.2.13 SPML Requests Do Not Report When Any Date is Specified in Wrong Format
When any date, such as activeStartDate, hireDate, and so on, is specified in an
incorrect format, the Web server does not pass those values to the SPML layer. Only
valid dates are parsed and made available to SPML. Consequently, when any SPML
request that contains an invalid date format, the invalid date format from the request
is ignored and is not available for that operation. For example, if you specify the
HireDate month as "8" instead of "08," the HireDate will not be populated after the
Create request is completed and no error message is displayed.
The supported date format is:
yyyy-MM-dd hh:mm:ss.fffffffff
No other date format is supported.
23.2.14 Logs Populated with SoD Exceptions When the SoD Message Fails and Gets
Stuck in the Queue
SoD functionality uses JMS-based processing. Oracle Identity Manager submits a
message to the oimSODQueue for each SoD request. If for some reason an SoD
message always results in an error, Oracle Identity Manager never processes the next
23-10 Release Notes
General Issues and Workarounds
message in the oimSODQueue. Oracle Identity Manager always picks the same error
message for processing until you delete that message from the oimSODQueue.
To work around this issue, use the following steps to edit the queue properties and to
delete the SoD message in oimSODQueue:
1.
Log on to the WebLogic Admin Console at http://<hostname>:<port>/console
2.
From the Console, select Services, Messaging, JMS Modules.
3.
Click OIMJMSModule. All queues will be displayed.
4.
Click oimSODQueue.
5.
Select the Configurations, Delivery Failure tabs.
6.
Change the retry count so that the message can only be submitted a specified
number of times.
7.
Change the default Redelivery Limit value from -1 (which means infinite) to a
specific value. For example, if you specify 1, the message will be submitted only
once.
8.
To review and delete the SoD error message, go to the Monitoring tab, select the
message, and delete it.
23.2.15 A Backslash (\) Cannot Be Used in a weblogic.properties File
If you are using the WeblogicImportMetadata.cmd utility to import data to MDS, then
do not use a backslash (\) character in a path in the weblogic.properties file, or an
exception will occur.
To work around this issue, you must use a double backslash (\\) or a forward slash
(/) on Microsoft Windows. For example, change metadata_from_loc=C:\metadata\file
to metadata_from_loc=C:\\metadata\\file in the weblogic.properties file.
23.2.16 Underscore Character Cannot Be Used When Searching for Resources
When you are searching for a resource object, do not use an underscore character (_) in
the resource name. The search feature ignores the underscore and consequently does
not return the expected results.
23.2.17 Assign to Administrator Action Rule is Not Supported by Reconciliation
Reconciliation does not support the Assign to Administrator Action rule.
To work around this issue, change the Assign to Administrator to None in the
connector XML before importing the connector. However, after changing the value to
None, you cannot revert to Assign to Administrator.
23.2.18 Some Buttons on Attestation Screens Do Not Work in Mozilla Firefox
If you are creating attestations in a Mozilla Firefox Web browser and you click certain
buttons, nothing happens.
To work around this issue, click the Refresh button to refresh the page.
Oracle Identity Manager 23-11
General Issues and Workarounds
23.2.19 The maxloginattempts System Property Causes Autologin to Fail When User
Tries to Unlock
WLS Security Realm has a default lock-out policy that locks out users for some time
after several unsuccessful login attempts. This policy can interfere with the locking
and unlocking functionality of Oracle Identity Manager.
To prevent the WLS Security Realm lock-out policy from affecting the lock/unlock
functionality of Oracle Identity Manager, you must set the 'Lockout Threshold' value
in the WLS 'User Lockout Policy' to at least 5 more than the value in Oracle Identity
Manager. For example, if the value in Oracle Identity Manager is set to 10, you must
set the WLS 'Lockout Threshold' value to 15.
To change the default values for the 'User lockout Policy,' perform the following steps:
1.
Open the WebLogic Server Administrative Console.
2.
Select Security Realms, REALM_NAME.
3.
Select the User Lockout tab.
4.
If configuration editing is not enabled, then click the Lock and Edit button to
enable configuration editing.
5.
Change the value of lockout threshold to the required value.
6.
Click Save to save the changes.
7.
Click Activate to activate your changes.
8.
Restart all the servers in the domain.
23.2.20 "<User not found>" Error Message Appears in AdminServer Console While
Setting-Up an Oracle Identity Manager-Oracle Access Manager Integration
When you set up Oracle Identity Manager-Oracle Access Manager Integration with a
JAVA agent and log into the Admin Server Console, a "<User not found>" error
message is displayed. This message displays even when the login is successful.
23.2.21 Do Not Use Single Quote Character in Reconciliation Matching Rule
If the single quote character (') is used in reconciliation data (for example, 'B'1USER1'),
then target reconciliation will fail with an exception.
23.2.22 Do Not Use Special Characters When Reconciling Roles from LDAP
Due to a limitation in the Oracle SOA Infrastructure, do not use special characters such
as commas (,) in role names, group names, or container descriptions when reconciling
roles from LDAP. Oracle Identity Manager's internal code uses special characters as
delimiters. For example, Oracle Identity Manager uses commas (,) as approver
delimiters and the SOA HWF-level global configuration uses commas as assignee
delimiters.
23-12 Release Notes
General Issues and Workarounds
23.2.23 SoD Check During Request Provisioning Fails While Using SAML Token Client
Policy When Default SoD Composite is Used
SoD check fails and the following error is displayed on the SOA console when SoD
check is performed during request provisioning only when the Default SoD Check
composite is used:
SEVERE: FabricProviderServlet.handleException Error during retrieval of test page
or composite resourcejavax.servlet.ServletException:
java.lang.NullPointerException
This happens when Callback is made from Oracle Identity Manager to SOA with the
SoDCheck Results.
To resolve this issue, apply patch 9819201 on the SOA server. You can obtain patch
9819201 from My Oracle Support. The description of this patch on My Oracle Support
is "ERROR WHILE USING SAML TOKEN CLIENT POLICY FOR CALLBACK."
For more information, refer to:
■
Obtaining Patches From My Oracle Support (Formerly OracleMetaLink).
■
Patch Requirements for Segregation of Duties (SoD)
23.2.24 SoD Check Fails While Using Client-Side Policy in Callback Invocation During
Request Provisioning
SoD check fails and following error is displayed on the Oracle Identity Manager
Administrative and User Console when SoD check is performed during request
provisioning only when the Default SoD Check composite is used:
<Error> <oracle.wsm.resources.policymanager><WSM-02264> <"/base_domain/oim_
server1/oim/unknown/iam-ejb.jar/WEBSERVICECLIENTs/SoDCheckResultService/PORTs/Resu
ltPort" is not a recognized resource pattern.>
<Error> <oracle.iam.sod.impl> <IAM-4040002><Error getting Request Service :
java.lang.IllegalArgumentException: WSM-02264 "/base_domain/oim_
server1/oim/unknown/iam-ejb.jar/WEBSERVICECLIENTs/SoDCheckResultService/PORTs/Resu
ltPort" is not a recognized resource pattern.>
To resolve this issue, use the Oracle Smart Update utility to apply patch ID 3M68,
which requires passcode of 6LUNDUC7, on Oracle WebLogic Server. For more
information, refer to:
■
The Oracle Smart Update Installing Patches and Maintenance Packs documentation.
■
Patch Requirements for Segregation of Duties (SoD)
23.2.25 Error May Appear During Provisioning when Generic Technology Connector
Framework Uses SPML
When using the generic technology connector framework uses SPML, during
provisioning, the following error may appear:
<SPMLProvisioningFormatProvider.formatData :problem with Velocity Template Unable
to find resource 'com/thortech/xl/gc/impl/prov/SpmlRequest.vm'>
If the error occurs, it blocks provisioning by using the predefined SPML GTC
provisioning format provider. Restarting the Oracle Identity Manager server prevents
the error from appearing again.
Oracle Identity Manager 23-13
General Issues and Workarounds
23.2.26 Cannot Click Buttons in TransUI When Using Mozilla Firefox
When using the Mozilla Firefox browser, in certain situations, some buttons in the
legacy user interface, also known as TransUI, cannot be clicked. This issue occurs
intermittently and can be resolved by using Firefox's reload (refresh) function.
23.2.27 LDAP Handler May Cause Invalid Exception While Creating, Deleting, or
Modifying a Role
If an LDAP handler causes an exception when you create, modify, or delete a role, an
invalid error message, such as System Error or Role does not exist, may appear.
To work around this issue, look in the log files, which will display the correct error
message.
23.2.28 Cannot Reset User Password Comprised of Non-ASCII Characters
If a user's password is comprised of non-ASCII characters, and that user tries to reset
the password from either the My Profile or initial login screens in the Oracle Identity
Manager Self Service interface, the reset will fail with the following error message:
Failed to change password during the validation of the old password
This error does not occur with user passwords comprised of
only ASCII characters.
Note:
To work around this issue, perform the following steps:
1.
Set the JVM file encoding to UTF8, for example: -Dfile.encoding=UTF-8
On Windows systems, this may cause the console output to
appear distorted, though output in the log files appear correctly.
Note:
2.
Restart the Oracle WebLogic Server.
23.2.29 Benign Exception and Error Message May Appear While Patching Authorization
Policies
When patches are applied to the Authorization Polices that are included with Oracle
Identity manager and the JavaSE environment registers the Oracle JDBC driver,
java.security.AccessControlException is reported and the following error message
appears:
Error while registering Oracle JDBC Diagnosability MBean
You can ignore this benign exception, as the Authorization Policies are seeded
successfully, despite the exception and error messages.
23.2.30 The DateTime Pick in the Trans UI Does Not Work Correctly in the Thai Locale
When locale is set to th_TH in Microsoft Windows Internet Explorer Web browser, the
datetime in Oracle Identity Manager follows the Thai Buddhist calendar. In the Create
Attestation page of the Administrative and User Console, when you select a date for
start time, the year is displayed according to the Thai Buddhist calendar, for example,
23-14 Release Notes
General Issues and Workarounds
2553. After you click OK, the equivalent year according to the Gregorian calendar,
which is 2010, is displayed in the start time field. But when you click Next to continue
creating the attestation, an error message is displayed stating that the start time of the
process must not belong to the past.
To workaround this issue, perform any one of the following:
■
Specify the datetime manually.
■
Use Mozilla Firefox Web browser, which uses the Gregorian calendar.
23.2.31 User Without Access Policy Administrators Role Cannot View Data in Access
Policy Reports
OIM user without the ACCESS POLICY ADMINISTRATORS role cannot view data in
the following reports:
■
Access Policy Details
■
Access Policy List by Role
To workaround this issue:
1.
Assign the ACCESS POLICY ADMINISTRATORS role to an OIM user.
2.
Create a BI Publisher user with the same username in Step 1. Assign appropriated
BI Publisher role to view reports.
3.
Login as the BI Publisher user mentioned in step 2. View the Access Policy Details
and Access Policy List by Role reports. All access policies are displayed.
23.2.32 Archival Utility Throws an Error for Empty Date
In case of empty date, archival utility throws an error message, but proceeds to archive
data by mapping to the current date. Currently, no workaround exists for this issue.
23.2.33 TransUI Closes with Direct Provisioning of a Resource
TransUI closes while doing a direct provisioning if user defined field (UDF) is created
with the default values. To work around this issue, you need to create a Lookup Code
for the INTEGER/DOUBLE type UDF in the LKU/LKV table.
23.2.34 Scheduler Throws "ParameterValueTypeNotSupportedException" Instead of
"RequiredParameterNotSetException"
On AIX platform, when a required parameter is missing during the creation of a
scheduler job, instead of throwing "RequiredParameterNotSetException" with the
error message "The value is not set for required parameters of a scheduled task.", it
throws "ParameterValueTypeNotSupportedException" with the error message
"Parameter value is not set properly". Currently, no workaround exists for this issue.
Oracle Identity Manager 23-15
General Issues and Workarounds
23.2.35 All New User Attributes Are Not Supported for Attestation in Oracle Identity
Manager 11g
New user attributes are added in Oracle Identity Manager 11g. Not all of them are
available for Attestation while defining user-scope. However, Attestation has been
enhanced to include the following user attributes:
■
USR_COUNTRY
■
USR_LDAP_ORGANIZATION
■
USR_LDAP_ORGANIZATION_UNIT
■
USR_LDAP_GUID
Currently, no workaround exists for this issue.
23.2.36 LDAP GUID Mapping to Any Field of Trusted Resource Not Supported
Update fails in LDAP, if LDAP GUID is mapped to any field of trusted resource in
LDAP-SYNC enabled installation. To work around this issue, Oracle does not
recommend mapping for LDAP GUID field while creating reconciliation field
mapping for a trusted resource.
23.2.37 User Details for Design Console Access Field Must Be Mapped to Correct
Values When Reading Modify Request Results
When a Modify Request is raised, "End-User" and "End-User Administrator" values
are displayed for the "Design Console Access" field. These values must be mapped to
False/True while interpreting the user details.
23.2.38 Cannot Create a User Containing Asterisks if a Similar User Exists
If you try to create a user that contains an asterisk (*) after creating a user with a
similar name, the attempt will fail. For example, if you create user test1test, followed
by test*test, test*test will not be created.
It is recommended to not create users with asterisks in the User Login field.
23.2.39 Blank Status Column Displayed for Past Proxies
The Status field on the Post Proxies page is blank. However, active proxies are
displayed correctly on Current Proxies page.
Currently, no workaround exists for this issue.
23.2.40 Mapping the Password Field in a Reconciliation Profile Prevents Users from
Being Created
The Password field is available to be mapped with a reconciliation profile, but it
should not be used. Attempting to map this field will generate a reconciliation event
23-16 Release Notes
General Issues and Workarounds
that will not create users. (The event ends in "No Match Found State".) In addition, you
will not be able to re-evaluate or manually link this event.
23.2.41 UID Displayed as User Login in User Search Results
Although you can select the UID attribute from the Search Results Table Configuration
list on the Search Configuration page of the Advanced Administration, the search
results table for advanced search for users displays the User Login field instead of the
UID field.
23.2.42 Roles/Organizations Browse Trees Disappear
After you delete an organization, the Browse trees for organizations and roles might
not be displayed.
To work around this issue, click the Search Results tab, then click the Browse tab. The
roles and organizations browse trees display correctly.
23.2.43 Entitlement Selection Is Not Optional for Data Gathering
Entitlement (Child Table) selection during data gathering on the process form, for the
"Depends On (Depended)" attribute is not optional. During data gathering, if
dependent lookups are configured, then the user has to select the parent lookup value
so that filtering happens on the child lookup and thus user gets a final list of
entitlements to select . Currently, no workaround exists to directly filter the values
based on the child lookup.
23.2.44 Oracle Identity Manager Server Throws Generic Exception While Deploying a
Connector
Generic exceptions are shown in server logs every time deployment manager import
happens or profile changes manually or profile changes via design console. This is
because "WLSINTERNAL" is not an authorized user of Oracle Identity Manager.
"WLSINTERNAL" is an internal user of WebLogic Server, and MDS uses it to invoke
MDS listeners if there is a change in XMLs stored in MDS. Currently, no workaround
exists for this issue.
23.2.45 Create User API Allows Any Value for the "Users.Password Never Expires",
"Users.Password Cannot Change", and "Users.Password Must Change" Fields
Create User API allows the user to set any value between 0 and 9 instead of 0 or 1 for
"Users.Password Never Expires", "Users.Password Cannot Change" and
"Users.Password Must Change" fields. However, any value other than 0 is considered
as TRUE and 0 is considered as FALSE, and the flag is set accordingly for the user
being created. Currently, no workaround exists for this issue.
Oracle Identity Manager 23-17
General Issues and Workarounds
23.2.46 Incorrect Label in JGraph Screen for the GTC
The User Type label on the JGraph screen is displayed incorrectly as Design Console
Access. To display User Type, add the line Xellerate_Type=User Type to the OIM_
HOME/server/customResources/customResources.properties file.
23.2.47 Running the Workflow Registration Utility Generates an Error
When the workflow registration utility is run in a clustered deployment of Oracle
Identity Manager, the following error is generated:
[java] oracle.iam.platform.utils.NoSuchServiceException:
java.lang.reflect.InvocationTargetException
Ignore the error message.
23.2.48 Native Performance Pack is Not Enabled On Solaris 64-bit JVM Install
For Oracle Identity Manager JVM install on a Solaris 64-bit computer, Oracle WebLogic
log displays the following error:
Unable to load performance pack. Using Java I/O instead. Please ensure that a
native performance library is in:
To workaround this issue, perform the following to ensure that JDK picks up the 64-bit
native performance:
1.
In a text editor, open the MIDDLEWARE_HOME/wlserver_
10.3/common/bin/commEnv.sh file.
2.
Replace the following:
SUN_ARCH_DATA_MODEL="32"
With:
SUN_ARCH_DATA_MODEL="64"
3.
Save and close the commEnv.sh file.
4.
Restart the application server.
23.2.49 Error in the Create Generic Technology Connector Wizard
If you enter incorrect credentials for the database on the Create Generic Technology
Connector wizard, a system error window is displayed. You must close this window
and run the wizard again.
23.2.50 DSML Profile for the SPML Web Service is Not Deployed With Oracle Identity
Manager
The DSML profile for the SPML Web service is not deployed by default with Oracle
Identity Manager 11g Release 1 (11.1.1). SPML-DSML binaries are bundled with the
Oracle Identity Manager installer to support Microsoft Active Directory Password
Synchronization. You must deploy the spml-dsml.ear file manually.
23.2.51 New Human Tasks Must Be Copied in SOA Composites
When you add a new human task to an existing SOA composite, you must ensure that
all the copy operations for the attributes in the original human task are added to the
23-18 Release Notes
General Issues and Workarounds
new human task. Otherwise, an error could be displayed on the View Task Details
page.
23.2.52 Modify Provisioned Resource Request Does Not Support Service Account Flag
A regular account cannot be changed to a service account, and similarly, a service
account cannot be changed to a regular account through a Modify Provisioned
Resource request.
23.2.53 Erroneous "Query by Example" Icon in Identity Administration Console
In the Identity Administration console, when viewing role details from the Members
tab, an erroneous icon with the "tooltip" (mouse-over text) of "Query By Example"
appears. This "Query By Example" icon is non-functional and should be ignored.
23.2.54 The XL.ForcePasswordChangeAtFirstLogin System Property Is No Longer
Used
The XL.ForcePasswordChangeAtFirstLogin system property is no longer used in
Oracle Identity Manager 11g Release 1 (11.1.1.1). Therefore, forcing the user to change
the password at first login cannot be configured. By default, the user must change the
password:
■
■
When the new user, other than self-registered users, is logging in to Oracle
Identity Manager for the first time
When the user is logging in to Oracle Identity Manager for the first time after the
password has been reset
23.2.55 The tcExportOperationsIntf.findObjects(type,name) API Does Not Accept the
Asterisk (*) Wilcard Character in Both Parameters
The tcExportOperationsIntf.findObjects(type,name) API accepts the asterisk (*)
wildcard character only for the second parameter, which is name. For type, a category
must be specified. For example, findObjects("Resource","*") is a valid call, but
findObjects("*","*") is not valid.
23.2.56 Disabled Links on the Access Policy Summary Page Opened in Mozilla FireFox
In the Verify Information for this Access Policy page of the Create/Modify Access
Policy wizards opened in Mozilla Firefox Web browser, you click Change for resource
to be provisioned by the access policy, and then click Edit to edit the process form data
for the resources to be provisioned. If you click the Close button on the Edit form, then
the change links for any one of the access policy information sections, such as
resources to be provisioned by the access policy, resources to be denied by the access
policy, or roles for the access policy, do not work.
To workaround this issue, click Refresh. All the links in the Verify Information for this
Access Policy page are enabled.
23.2.57 Benign Error is Generated on Editing the IT Resource Form in Advanced
Administration
When you click the Edit link on the IT Resource form in the Advanced Administration,
the following error message is logged:
<Error> <XELLERATE.APIS> <BEA-000000>
Oracle Identity Manager 23-19
General Issues and Workarounds
<Class/Method: tcFormDefinitionOperationsBean/getFormFieldPropertyValue encounter
some problems: Property 'Column Names' has not defined for the form field '-82'>
The error message is benign and can be ignored because there is no loss of
functionality.
23.2.58 User Account is Not Locked in iPlanet Directory Server After it is Locked in
Oracle Identity Manager
After reaching the maximum login attempts, a user is locked in Oracle Identity
Manager. But in iPlanet DS/ODSEE, the user is not locked. The orclAccountLocked
feature is not supported because the backend iPlanet DS/ODSEE does not support
account unlock by setting the Operational attribute. Account is unlocked only with a
password reset. The nsaccountlock attribute is available for administrative lockout.
The password policies do not use this attribute, but you can use this attribute to
independently lock an account. If the password policy locks the account, then
nsaccountlock locks the user even after the password policy lockout is gone.
23.2.59 Oracle Identity Manager Does Not Support Autologin With JavaAgent
In an Oracle Access Manager (OAM) integrated deployment of Oracle Identity
Manager with JavaAgent, when a user created in Oracle Identity Manager tries to
login to the Oracle Identity Manager Administrative and User Console for the first
time, the user is forced to reset password and set challenge questions. After this, the
user is not logged in to Oracle Identity Manager automatically, but is redirected to the
OAM login page. This is because Oracle Identity Manager does not support autologin
when JavaAgent is used.
23.2.60 Benign Error Logged on Opening Access Policies, Resources, or Attestation
Processes
As a delegated administrator, when you open the page to display the details of an
access policy, resource, or attestation process, the following error is logged:
Error> <org.apache.struts.tiles.taglib.InsertTag> <BEA-000000>
<Can't insert page '/gc/EmptyTiles.jsp' : Write failed: Broken pipe
java.net.SocketException: Write failed: Broken pipe
The error is benign and can be ignored because there is no loss of functionality.
23.2.61 User Locked in Oracle Identity Manager But Not in LDAP
In a LDAP-enabled deployment of Oracle Identity Manager in which the directory
servers are Microsoft Active Directory (AD) or Oracle Internet Directory (OID), when a
user is manually locked in Oracle Identity Manager by the administrator, the user is
not locked in LDAP if a password policy is not configured in LDAP. The configurable
password policy in LDAP can either be the default password policy that is applicable
to all the LDAP users, or it can be a user-specific Password Setting Object (PSO).
23.2.62 Reconciliation Profile Must Not Be Regenerated Via Design Console for
Xellerate Organization Resource Object
By default, the Xellerate Organization resource object does not have reconciliation to
Oracle Identity Manager field mappings and any matching/action rule information.
As a result, when reconciliation profile for Xellerate Organization resource object is
23-20 Release Notes
General Issues and Workarounds
updated via Design Console, it corrupts the existing reconciliation configuration for
that resource object, and reconciliation fails with empty status.
To workaround this issue, do not generate the reconciliation profile/configuration via
the Design Console. Instead, export the Xellerate Organization profile from Meta Data
Store (MDS) and edit it manually, and import it back into Oracle Identity Manager. If
the profile changes include modification of the reconciliation fields, then the
corresponding changes must be made in the horizontal table schema and its entity
definition as well.
23.2.63 Benign Error Logged on Clicking Administration After Upgrade
After upgrading Oracle Identity Manager from Release 9.1.0.1 to 11g Release 1 (11.1.1),
on clicking the Administration link on the Administrative and User Console, the
following error is logged:
<Error> <oracle.adfinternal.view.page.editor.utils.ReflectionUtility>
<WCS-16178> <Error instantiating class oracle.adfdtinternal.view.faces.portlet.PortletDefinitionDTFactory>
This error is benign and can be ignored because there is no loss of functionality.
23.2.64 Provisioning Fails Through Access Policy for Provisioned User
When a user is already provisioned and you try to assign a role to the user that
triggers provisioning to the target domain, the provisioning is not started. However, if
the user is not provisioned already and you assign a role to the user, then the
provisioning occurs successfully.
To workaround this issue:
1.
Open the connector-specific user form in the Design Console.
2.
Create a new version of the connector, and select Edit.
3.
Click the Properties tab, and then click server (ITResourceLookupField). Click
Add Property.
4.
Add Required for the property and specify true. Click Make Version Active, and
then click Save.
5.
Login to Oracle Identity Manager Administrative and User Console.
6.
Navigate to System Property. Search for the 'Allows access policy based
provisioning of multiple instances of a resource' system property. Change the
value of this property to TRUE.
7.
Restart Oracle Identity Manager.
Try provisioning a provisioned user to provision through access policy of the same IT
Resource Type, and the provisioning is successful.
23.2.65 Benign Warning Messages Displayed During Oracle Identity Manager Managed
Server Startup
Several messages resembling the following are logged during Oracle Identity Manager
managed server startup:
<Mar 30, 2011 6:51:01 PM PDT> <Warning> <oracle.iam.platform.kernel.impl>
<IAM-0080071>
<Preview stage is not supported in kernel and found an event handler with name
ProvisionAccountPreviewHandler implemented by the class
Oracle Identity Manager 23-21
General Issues and Workarounds
oracle.iam.accesspolicy.impl.handlers.provisioning.ProvisionAccountPreviewHandlerf
or this stage. It will be ignored.>
These warning messages are benign and can be ignored because there is no loss of
functionality.
23.2.66 Benign Message Displayed When Running the Deployment Manager
When running the Deployment Manager, a message with header ' XUL SYNTAX: ID
Conflict' is displayed.
This message is benign and can be ignored because there is no loss of functionality.
Close the message and continue.
23.2.67 Deployment Manager Export Fails When Started Using Microsoft Internet
Explorer 7 With JRE Plugin 1.6_23
After upgrading Oracle Identity Manager from an earlier release to 11g Release 1
(11.1.1), when you use the Microsoft Internet Explorer 7 Web browser with JRE plugin
1.6_23 to open the Administrative and User Console and try to export files by using
the Deployment Manager, an error is generated and you cannot proceed with the
export.
To workaround this issue, use a combination of the following Web browsers and
plugins:
■
Mozilla Firefox 3.6 and JRE version 1.6_23 on 64-bit computer
■
Microsoft Internet Explorer 7 and JRE version 1.5
■
Microsoft Internet Explorer 8 and JRE version 1.6_18
■
Microsoft Internet Explorer 7 and JRE version 1.6_24
23.2.68 User Creation Fails in Microsoft Active Directory When Value of Country
Attribute Exceeds Two Characters
In a LDAP-enabled deployment of Oracle Identity Manager, user creation fails in the
Microsoft Active Directory (AD) server if the value of the Country attribute exceeds
two characters. AD mandates two characters for the Country attribute, for example
US, based on the ISO 3166 standards.
23.2.69 Deployment Manager Import Fails if Scheduled Job Entries Are Present Prior
To Scheduled Task Entries in the XML File
In Oracle Identity Manager 11g Release 1 (11.1.1), schedules job has a dependency on
scheduled task. Therefore, scheduled task must be imported prior to scheduled job.
As a result, if a XML file has scheduled job entries prior to scheduled task entries, then
importing the XML file using Deployment Manager fails with the following error
message:
[exec] Caused By: oracle.iam.scheduler.exception.SchedulerException: Invalid
ScheduleTask definition
[exec] com.thortech.xl.ddm.exception.DDMException
To workaround this issue, open the XML file and move all scheduled task entries
above the scheduled job entries.
23-22 Release Notes
General Issues and Workarounds
23.2.70 Permission on Target User Required to Revoke Resource
When you login to the Administrative and User Console with Identity User
Administrators and Resource Administrators roles, direct provision a resource to a
user, and attempt to revoke the resource from the user, an error message is displayed.
To workaround this issue, you (logged-in user) must have the write permission on the
target user (such as user1). To achieve this:
1.
Create a role, such as role1, and assign self to this role.
2.
Create an organization, such as org1, and assign role1 as administrative group.
3.
Modify the user user1 and change its organization to org1. You can now revoke
the resource from user1.
23.2.71 Reconciliation Event Fails for Trusted Source Reconciliation Because of
Missing Reconciliation Rule in Upgraded Version of Oracle Identity Manager
When Oracle Identity Manager is upgraded from an earlier release to 11g Release 1
(11.1.1), for trusted source reconciliation, such as trusted source reconciliation using
GTC, the reconciliation event fails with the following error message because of a
missing reconciliation rule:
<Mar 31, 2011 6:27:41 PM CDT> <Info> <oracle.iam.reconciliation.impl>
<IAM-5010006> <The following exception occurred: {0}
oracle.iam.platform.utils.SuperRuntimeException:
Error occurred in XL_SP_RECONEVALUATEUSER while processing Event No 3
Error occurred in XL_SP_RECONUSERMATCH while processing Event No 3
One or more input parameter passed as null
To workaround this issue:
1.
Create a reconciliation rule for the resource object.
2.
In the Resource Object form of the Design Console, click Create Reconciliation
Profile.
23.2.72 XML Validation Error on Oracle Identity Manager Managed Server Startup
The following error message is logged at the time of Oracle Identity Manager
Managed Server startup:
<Mar 29, 2011 2:49:31 PM PDT> <Error> <oracle.iam.platform.kernel.impl>
<IAM-0080075> <XML schema validation failed for
XML/metadata/iam-features-callbacks/event_configuration/EventHandlers.xml and it
will not be loaded by kernel. >
<Mar 29, 2011 2:49:32 PM PDT> <Error> <oracle.iam.platform.kernel.impl>
<IAM-0080075> <XML schema validation failed for
XML/metadata/iam-features-OIMMigration/EventHandlers.xml and it will not be loaded
by kernel. >
This error message is benign and can be ignored because there is no loss of
functionality.
23.2.73 Cannot View or Edit Adapter Mapping in the Data Object Manager Form of the
Design Console
When you click Map on the Map Adapters tab in the Data Object Manager form of the
Design Console, a dialog box is displayed that allows you to edit the individual entity
Oracle Identity Manager 23-23
General Issues and Workarounds
adapter mappings. But the list with fields on the user object to map is displayed as
empty. As a result, you cannot view or edit the individual entity adapter mappings.
Use of entity adapters is deprecated in Oracle Identity Manager 11g Release 1 (11.1.1),
although limited support is still provided for backward compatibility only. Event
handlers must be used for all new or changed scenarios.
23.2.74 Role Memberships for Assign or Revoke Operations Not Updated on Enabling
or Disabling Referential Integrity Plug-in
In a multi-directory deployment, the secondary server must be OID. The primary
server can be OID or AD. For example, users can be stored in the OID or AD primary
server, and roles can be stored in the OID secondary server. Enabling of disabling the
referential integrity plug-in does not update the role memberships for assign or revoke
operations.
23.2.75 Deployment Manager Import Fails if Data Level for Rules is Set to 1
An entry in the Oracle Identity Manager database cannot be updated if data level is set
to 1. When you try to import a Deployment Manager XML, the following error is
displayed:
Class/Method: tcTableDataObj/updateImplementation Error :The row cannot be
updated.
[2011-04-06T07:25:36.583-05:00] [oim_server1] [ERROR] []
[XELLERATE.DDM.IMPORT] [tid: [ACTIVE].ExecuteThread: '6' for queue:
'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid:
cad00d8aeed4d8fc:-67a4db1a:12f2abbac4b:-8000-000000000000018e,0] [APP:
oim#11.1.1.3.0] The security level for this data item indicates that it cannot be
updated.
To workaround this issue, open the XML file and change the data level for rules from 1
to 0, as shown:
<RUL_DATA_LEVEL>0</RUL_DATA_LEVEL>
23.2.76 Reconciliation Data Displays Attributes That Are Not Modified
In an Oracle Identity Manager deployment with LDAP synchronization enabled and
Microsoft Active Directory (AD) as the directory server, the Reconciliation Data tab of
the Event Management page in the Administrative and User Console displays all the
attributes of the reconciled user instead of displaying only the modified attributes.
This is because of the way AD changelogs are processed, in which the entire entry is
marked as updated when any attribute is changed. Therefore, Oracle Virtual Directory
(OVD) returns the full entry. There is no way to figure out which attribute has been
modified as a result of reconciliation.
23.2.77 Benign Errors Displayed on Starting the Scheduler Service When There are
Scheduled Jobs to be Recovered
When the Scheduler service is started and there are some scheduled jobs that have not
been recovered, the following error might be logged in the oim_diagnostic log:
Caused by: java.lang.NullPointerException
at
org.quartz.SimpleTrigger.computeNumTimesFiredBetween(SimpleTrigger.java:800)
at org.quartz.SimpleTrigger.updateAfterMisfire(SimpleTrigger.java:514)
23-24 Release Notes
General Issues and Workarounds
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.doUpdateOfMisfiredTrigger(JobStor
eSupport.java:944)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.recoverMisfiredJobs(JobStoreSuppo
rt.java:898)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.recoverJobs(JobStoreSupport.java:
780)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport$2.execute(JobStoreSupport.java:75
2)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport$40.execute(JobStoreSupport.java:3
628)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.executeInNonManagedTXLock(JobStor
eSupport.java:3662)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.executeInNonManagedTXLock(JobStor
eSupport.java:3624)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.recoverJobs(JobStoreSupport.java:
748)
at
org.quartz.impl.jdbcjobstore.JobStoreSupport.schedulerStarted(JobStoreSupport.
java:573)
This error is benign and can be ignored because there is no loss of functionality.
In an upgrade environment, the next time when some scheduled jobs will be triggered
is not defined. This results in a null input for Quartz code, which is not handled
gracefully in earlier versions of Quartz. This has been fixed in Quartz version 1.6.3,
and therefore, this error is not generated when you upgrade to that version of Quartz.
23.2.78 Trusted Source GTC Reconciliation Mapping Cannot Display Complete
Attribute Names
When creating a trusted GTC (for example, flat file), the right-hand column under
OIM User is not wide enough to display the complete names for many attributes. For
example, two entries are displayed as 'LDAP Organizati', whereas the attribute names
are 'LDAP Organization' and 'LDAP Organization Unit'.
To workaround this issue, click the Mapping button for the attribute. The Provide
Field Information dialog box is displayed with the complete attribute name.
23.2.79 Benign Error Logged for Database Connectivity Test
When running the database connectivity test in XIMDD, the following error is logged
multiple times:
<Apr 10, 2011 7:45:20 PM PDT> <Error> <Default> <J2EE JMX-46335> <MBean attribute
access denied.
MBean: oracle.logging:type=LogRegistration
Getter for attribute Application
Detail: Access denied. Required roles: Admin, Operator, Monitor, executing
subject: principals=[REQUEST TEMPLATE ADMINISTRATORS, SYSTEM ADMINISTRATORS,
APPROVAL POLICY ADMINISTRATORS, oimusers, xelsysadm, PLUGIN ADMINISTRATORS]
java.lang.SecurityException: Access denied. Required roles: Admin, Operator,
Monitor, executing subject: principals=[REQUEST TEMPLATE ADMINISTRATORS, SYSTEM
Oracle Identity Manager 23-25
General Issues and Workarounds
ADMINISTRATORS, APPROVAL POLICY ADMINISTRATORS, oim users, xelsysadm, PLUGIN
ADMINISTRATORS]
Each time the error occurs in the log, the name of the bean is different, but the error is
same. In spite of these errors, the test passes. These errors are benign and can be
ignored because there is no loss of functionality.
23.2.80 MDS Validation Error When Importing GTC Provider Through the Deployment
Manager
An MDS validation error is generated when you import the GTC provider by using
the Deployment Manager.
To workaround this issue, do not import the GTC provider through the Deployment
Manager. If the Deployment Manager XML file contains tags for GTC provider, then
remove it and import the rest of the XML by using the Deployment Manager. Import
the XML file with the GTC provider tags separately by using the MDS import utility.
To do so:
1.
If the XML file being imported through the Deployment Manager contains
<GTCProvider> tags, then remove these tags along with everything under them.
The following is an example of the original XML file to be imported:
<?xml version = '1.0' encoding = 'UTF-8'?>
<xl-ddm-data version="2.0.1.0" user="XELSYSADM"
database="jdbc:oracle:thin:@localhost:5521:myps12"
exported-date="1302888552341" description="sampleGTC"><GTCProvider
repo-type="MDS" name="InsertIntoTargetList"
mds-path="/db/GTC/ProviderDefinitions"
mds-file="InsertIntoTargetListProvTransport.xml"><completeXml><Provider><Provi
der>
<Provisioning>
<ProvTransportProvider
class="provisioningTransportProvider.InsertIntoTargetList"
name="InsertIntoTargetList">
<Configuration>
<Parameter datatype="String" name="targetServerName"
type="Runtime" encrypted="NO" required="YES"/>
<Response code="FUNCTIONALITY_NOT_SUPPORTED"
description="Functionality not supported"/>
<Response code="TARGET_SERVER_NAME_MISSING" description="Target
server name is missing"/>
<Response code="TARGET_SERVER_NAME_STARTSWITH_A"
description="Target server name starts with A, from XML"/>
<Response code="PROBLEM_WHILE_INITIALIZAING" description="Problem
occured while intializing Provider instance"/>
</Configuration>
</ProvTransportProvider>
</Provisioning>
</Provider></Provider></completeXml></GTCProvider><GTCProvider
repo-type="MDS" name="PrepareDataHMap" mds-path="/db/GTC/ProviderDefinitions"
mds-file="PrepareDataHMapProvFormat.xml"><completeXml><Provider><Provider>
<Provisioning>
<ProvFormatProvider class="provisioningFormatProvider.PrepareDataHMap"
name="PrepareDataHMap">
<Configuration>
<DefaultAttribute datatype="String" name="testField" size="40"