While attempting to deploy a sbconfig.jar in a new Oracle Fusion Middleware domain with SOA/OSB the deployment could not be activated due to the fact that the OSB SBConsole could not connect to the OWSM Policy framework.
The error message was: [OSB Security OWSM:387177] OWSM Policy oracle/wss_username_token_service_policy is not supported
And sbconsole and logfile showd:
SubSystem: ALSB Console
Message: Internal error occured in OSBConsole : oracle.wsm.policymanager.PolicyManagerException: WSM-02120 : Unable to connect to the policy access service. [Possible Cause : Destination unreachable; nested exception is: java.net.ConnectException: Connection refused: connect; No available router to destination]
Message: Error initializing the Oracle WSM Policy Resolver because incorrect configuration is passed
Not fully clear what was wrong so the following checklist was performed:
- Restarting the Admin / Managed Servers did not resolve the issue.
- None of the loggings showed any connectivy problems between Admin and the Managed Servers.
- Network ip configuration was correct for all machines
- Network communication looked OK for all machines (ping)
- The ”OWSM Policy Support in OSB Initializer Aplication”deployment was Active and correctly targeted (OSB cluster & Admin).
- The wsm-pm deployment was Active and correctly targeted (OSB & SOA cluster).
- The mds-owsm datasource was tested and correctly targeted (all)
So as a final I compared the config.xml between a working domain and the domain with the problem.
I expected a difference in one of the OWSM deployments but discovered that the only difference was that the problem-domain had missing Listen Addresses for both Admin and all of the the Managed Servers.
<server> <name>rbx_tst_admin</name> <machine>server01</machine> <listen-address></listen-address> <server-diagnostic-config> <name>rbx_tst_admin</name> <diagnostic-context-enabled>true</diagnostic-context-enabled> </server-diagnostic-config> </server>
So in Weblogic Console this was fixed by adding the DNS name of the correct hostname to each Listen Address. (this can be done under Environment -> Servers -> servername -> Configuration -> General -> Listen Address).
Restarting all machines and finally the sbconfig.jar deployment succeeded through the SBConsole.
- Apparently the OWSM Framework requires a Listen Address configured for communication between the OSB managed servers and the Admin instance. Other Weblogic and OSB deployments (without OWSM policies) did succeed earlier.
- Weblogic documentation states: Do not leave the listen address undefined on a Windows computer that uses multiple IP address (a multihomed computer). On such a computer, the server will bind to all available IP addresses.
- In our case our servers where not multihomed, but we do use VMWare instances with Windows.