RSS

Author Archives: jvzoggel

About jvzoggel

Middleware Consultant / the Netherlands / 's-Hertogenbosch / RUBIX.nl

Error in getting XML input stream with Oracle Business Rules 12.2.1

When trying to compile a Oracle ACM/BPM 12.2.1 project (with Oracle Business Rules) the following message throws up: “Error in getting XML input stream”

Jdev_Error

When Oracle Business Rules 12.2.1 generates it’s default XSD it uses the full system path instead of a relative path for it’s imports. So make sure to manually change the import configuration.

XSD_file

 
1 Comment

Posted by on 12-02-2016 in Oracle

 

Tags: , , ,

Oracle Service Bus 11g – Another session operation is in progress. Please retry later.

Since our Bamboo pipeline uses the same account for deployments we sometimes get this error “Another session operation is in progress. Please retry later.” during deployment.
So 1st of all, don’t use the same user (like weblogic) to deploy when your with a lot of developers / build pipelines / etc.
Time for us to use multiple users for each agent (or think of something else really smart), but in the meanwhile we sometimes have to discard the changes from an open session.

sbconsole -> View all Sessions -> Select session -> Discard all changes

2

1

However sometimes the sbconsole does not allow this action and we need to restart the Admin + Managed server.
Usually this fixes the issue, however this time it didn’t.

Luckily for us the great Pierluigi has a blog which tells us to clear the OSB domain session folder, so:

  • shutdown the Admin + Managed servers
  • clear all the SessionXXX folders in the ${DOMAIN_HOME}/osb/config/sessions
  • start the environment

The content of

[oracle@server sessions]$ ls -l
drwxr—–. 5 oracle oinstall 4096 Jan 13 13:22 SessionScript1452682586592
drwxr—–. 5 oracle oinstall 4096 Jan 13 13:22 SessionScript1452687725653
[oracle@server sessions]$ rm * -rf

References

 
Leave a comment

Posted by on 13-01-2016 in OSB

 

Tags: , ,

Using the Weblogic External Listen Address to support Network Address Translation (NAT) firewalls

When trying to connect or deploy from JDeveloper 12.2.2 to our Oracle Fusion Middleware 12.2.1 domain in the Amazon EC cloud I keep having connection problems. Contacting the consoles is not a problem, however extending the IDE Connection results in this error:

Pic0

t3://127.0.0.1:7011: [RJVM:000575]Destination 127.0.0.1, 7011 unreachable.; nested exception is:
java.net.ConnectException: Connection refused: connect; [RJVM:000576]No available router to destination.; nested exception is: java.rmi.ConnectException: [RJVM:000576]No available router to destination.Dec 08, 2015 9:50:35 AM oracle.tip.tools.ide.soabrowser.LogUtil logStackTrace

And deploying an artifact to the server results the same

PicError

Weblogic configuration

I couldn’t find anything regarding the error on Oracle Support, but luckily my collegue Daljit Singh had the answer. Since the Amazon EC2 uses a public IP (which we use to connect to the admin server) the internal passthrough to the Managed Servers fails. To solve this we should use the Weblogic “external listen address” configuration. The external listen address and port are used to support Network Address Translation (NAT) firewalls. These should match the IP address or DNS name that clients use to access application on the server.

Go to the Weblogic console -> Environment -> Servers -> Managed Server -> Configuration -> General -> Advanced

Make sure the public ip-adres is stored in the External Listen Address here

Pic2

Your managed server requires a restart afterwards. But then the connection issue is solved.

restart

 
1 Comment

Posted by on 08-12-2015 in Weblogic

 

Tags: , , ,

JPS-01050: Opening of wallet based credential store failed

After installing a new Oracle Fusion Middleware 12.2.1 domain on a Ubuntu server (for development purposes) and starting the AdminServer I get the following error:

<Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: There are 1 nested errors: oracle.security.jps.JpsException: JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException at oracle.security.jps.internal.config.OpssCommonStartup.preStart(OpssCommonStartup.java:334)
at oracle.security.jps.JpsStartup.preStart(JpsStartup.java:286) at oracle.security.jps.wls.JpsBootStrapService.start(JpsBootStrapService.java:80)

However, when checking the cwallet file it is there with proper access rights

ubuntu@ip-10-0-1-170:/opt/oracle/config/domains/rbx_dev/config/fmwconfig$ ls -l cwallet.sso
-rw——- 1 ubuntu ubuntu 194 Dec 1 13:11 cwallet.sso

So when searching we found this Oracle Support Doc ID 1923395.1

Unable Start AdminServer: JPS-01050: Opening of wallet based credential store failed. The FMW WebLogic Server (WLS) installation has been configured to use a non-default Java temporary files directory, i.e. the following has been set in the WebLogic startup or setDomainEnv.sh script:

EXTRA_JAVA_PROPERTIES=”-Djava.io.tmpdir=/appl/oracle/temp_java_files ${EXTRA_JAVA_PROPERTIES}”

Reference: How to Change the WebLogic Server Location for Temporary Files (Doc ID 1336002.1)
When the Middleware home was restored the directory specified by java.io.tmpdir parameter was missing,
Therefore an IOException occurred when opening the wallet and WLS was unable to initialize the OPSS successfully.

The description however is not completely accurate for our specific problem, but pointed us in the right direction. Since in our case the default /tmp folder is owned by root on Ubuntu and the “normal” ubuntu:ubuntu user/group running the Weblogic scripts has no access.

So we could fix the issue in 2 ways:

    1. Using a custom tmp folder in our setDomainEnv.sh script which the ubuntu user had access
      ## CUSTOM FOR RBX_DEV ##
      EXTRA_JAVA_PROPERTIES=”-Djava.io.tmpdir=/opt/oracle/tmp -Djava.security.egd=file:/dev/./urandom ${EXTRA_JAVA_PROPERTIES}”
      export EXTRA_JAVA_PROPERTIES
      ## CUSTOM FOR RBX_DEV ##
    2. Giving access to the default /tmp folder for our ubuntu user
      sudo chmod o+rwx /tmp
 
Leave a comment

Posted by on 08-12-2015 in Weblogic

 

Tags: , ,

Cloud integration using federation between Microsoft Office 365 Azure Active Directory (AAD) and Amazon Web Service (AWS)

Not an Oracle blog for a change, but when an organization uses both Amazon Web Services (AWS) and Microsoft Office 365 it is possible to allow single sign-on with the internal LDAP Microsoft uses (Azure AD). Since RubiX uses both cloud products since day 1, I decided to look into integration between both products when Microsoft recently allowed SAML federation.

In this blog I will demonstrate how to connect Amazon Web Services (AWS) to the internal Azure Active Directory (AAD) that is used by Microsoft. As a result of this blog your users should be able to login to AWS from the Office 365 menu.

RESULT

1. Configure Microsoft Office 365 / Azure Active Directory (AAD)

Go to your Administration console and select Azure AD from ADMIN

AZURE000_01

In the Azure AD console select “Active Direcory”, click on your Office 365 domain name and the AD menu should open. Click on “Applications” from the top menu

AZURE000

By defaut you will see a lot of Microsoft web applications, so we click on “Add+” on the bottom menu. Then select “Add application from the gallery”

AZURE000-2

The AWS application will be added to your list. Select Configure Single Sign-On next.

AZURE001

We will select the 1st option (MS AAD SSO) to establish federation between AAD & AWS. The Federated Single Sign-On enables the users in your organization to be automatically signed in to a third-party application like AWS by using the AAD user account information. In this scenario, when you have already been logged into Office 365 the federation eliminates the need for you to login again to AWS.

AZURE002

In this case, we don’t need to perform any extra advanced settings. So NEXT

AZURE003

Download the metadata XML and store it for future use and make sure to accept the checkbox

AZURE004

Go to the users tab and assign (bottom button) your users that are allowed to login to AWS

AZURE011

Before we can finalize our SSO from AAD, we first need to setup AWS.

2. Configure Amazon Web Service (AWS)

Login to your AWS account and select the Identity & Access Management

EC2001

First we will create an Identity Provider for AAD.
Select SAML as Provider Type and choose a logical name (I use “Office365” in my example).
Browse to the exported metadata we downloaded from the AAD console earlier.

Important: check your metadata xml file

  • The exported metadata XML file from Azure might be encoded as UTF-8 with byte order mark (BOM). Make sure to convert it to UTF-8 without BOM otherwise the AWS console will not be able to import it.
  • Make sure to remove the <?xml version=”1.0″?> on line 1, otherwise AWS will not be able to parse the file

EC2001_provider

As a result we now have a SAML provider configured, so time to set some roles.
Select Roles in the IAM menu, select “Create New Role” and give your role a logical name (I use “RubixUsers” here)
In the Role Type select “Grant Web Single Sign-On (WebSSO) access to SAML providers“.

EC2004

  • Select the SAML provider we trust, so we use the earlier created “Office365” provider here.
  • Next step we can customize the policy, which we won’t do so next.
  • In the next step we can select the policy you want to attach to your SSO users.
    You can go fine grained with policies, but for now I will use the default PowerUser policy
  • The last screen you will receive a review of the configuration, make sure to note down the Role ARN and Thrusted Entities
    Role ARN = arn:aws:iam::[customerID]:role/[RoleName]
    Trust = arn:aws:iam::[customerID]:saml-provider/[ProviderName]

EC2001_review

 

3. Configure Microsoft Office 365 / Azure Active Directory (AAD) – part 2

Go back to the AAD management console (https://manage.windowsazure.com).
Select applications -> Amazon Web Services (AWS) -> Attributes

Add the following 2 attributes:

EC2_attributes

 

4. Result

With these configuration steps you are now able to login to AWS from your Office 365 apps tile.

RESULT

 
Leave a comment

Posted by on 16-10-2015 in Uncategorized

 

Tags: , , , , , , ,

Using Upstart to automatically start Weblogic on Linux

upstart80

Recent releases of Ubuntu & RedHat both support Upstart which is a new way to automatically turn programs into daemons so you are able execute them on system start-up. I tried to make my Weblogic domain start automatically on a development Ubuntu server and this is the result.

It only required me to create a few configuration files.

Ubuntu:

For Ubuntu 14.04 the following config files should be placed:

/etc/init/ofmw_admin.conf

start on runlevel [2345]
exec start-stop-daemon --start -u ubuntu -c ubuntu:ubuntu --exec /opt/oracle/config/domains/rbx_dev/bin/startWebLogic.sh

/etc/init/ofmw_nodemgr.conf

start on runlevel [2345]
exec start-stop-daemon --start -u ubuntu -c ubuntu:ubuntu --exec /opt/oracle/config/domains/rbx_dev/nodemanager/startNodeManager.sh

And for each 1-n managed server: /etc/init/ofmw_<managedserver>.conf

start on runlevel [2345]
exec start-stop-daemon --start -u ubuntu -c ubuntu:ubuntu --exec /opt/oracle/config/domains/rbx_dev/bin/startManagedWebLogic.sh soa_server1

RedHat:

RedHat works a little bit different. I couldn’t test it, but it is explained here by Fusion Security:

/etc/init/ofmw_admin.conf

start on runlevel [345]
exec /bin/su - oracle -- /opt/oracle/config/domains/rbx_dev/bin/startWebLogic.sh

/etc/init/ofmw_nodemgr.conf

start on runlevel [345]
exec /bin/su - oracle --/opt/oracle/config/domains/rbx_dev/nodemanager/startNodeManager.sh

 

And for each 1-n managed server: /etc/init/ofmw_<managedserver>.conf

start on runlevel [345]
exec /bin/su - oracle -- /opt/oracle/config/domains/rbx_dev/bin/startManagedWebLogic.sh soa_server1

Commands

With the following commands I’m now able to start, stop and get the status of my daemon:

[ubuntu@rbxdev]# start ofmw_bamserver1
ofmw_bamserver1 start/running, process 9464

[ubuntu@rbxdev]# status ofmw_bamserver1
ofmw_bamserver1 start/running, process 9464

[ubuntu@rbxdev]# stop ofmw_bamserver1
ofmw_bamserver1 stop/waiting

references:

Updates:

  • 2015-12-08: Added nodemanager configuration
 
2 Comments

Posted by on 18-09-2015 in Oracle

 

Tags: ,

Patching your JDeveloper 12.1.3 with SOA Bundle Patch 12.1.3.0.3

The SOA Bundle Patch 12.1.3.0.3 is available for download from Oracle Support (http://support.oracle.com)
Just use the search on patch number ‘20900599’ and it will bring you the patch details page with the download (approx. 765MB).
You can deploy the patch on top of your basic 12.1.3.0.0 or the earlier released SOA/BPM Bundle Patch 12.1.3.0.1 or SOA/BPM Bundle Patch 12.1.3.0.2

Note: For some reason Oracle no longer seems to use 1 bundle patch for both Oracle SOA 12.1.3 & BPM 12.1.3
The 12.1.3.0.3 patches 20900599 (SOA) and 20645340 (BPM) are also conflicting according to OPatch.
So you can either patch your environment (server runtime or local JDev) for BPM or SOA.

Patch 19707784: SOA/BPM Bundle Patch 12.1.3.0.1
Patch 20423408: SOA/BPM Bundle Patch 12.1.3.0.2
Patch 20900599: SOA Bundle Patch 12.1.3.0.3
Patch 20645340: BPM Bundle Patch 12.1.3.0.3


So (again) I patched my own JDeveloper 12.1.3 environment with the OPATCH tool.
Extract the downloaded patch, I’ll use C:\temp\p20900599_121300_Generic\20900599
This folder is called ‘patch_TOP’ in opatch terminology.

Since I use Windows as local OS you will need to First open a command prompt with Administrator rights (right-click, run as Administrator).
If we don’t use the right permissions we will get the error: Unable to lock Central Inventory. OPatch will attempt to re-lock

Naamloos

First we set our ORACLE_HOME to the Jdeveloper 12.1.3 folder:
SET ORACLE_HOME=C:\ORACLE\middleware\12.1.3
And make sure opatch is in our path:
SET PATH=%PATH%;C:\ORACLE\middleware\12.1.3\OPatch
We browse to the patch_top folder:
cd C:\temp\p20900599_121300_Generic\20900599
And run opatch:
opatch apply


Oracle Interim Patch Installer version 13.2.0.0.0
Copyright (c) 2014, Oracle Corporation. All rights reserved.

Oracle Home : C:\ORACLE\middleware\12.1.3
Central Inventory : C:\Program Files\Oracle\Inventory
 from : n/a
OPatch version : 13.2.0.0.0
OUI version : 13.2.0.0.0
Log file location : C:\ORACLE\middleware\12.1.3\cfgtoollogs\opatch\20900599_Aug_14_2015_09_29_34\apply2015-08-14_09-29-13AM_1.log


OPatch detects the Middleware Home as C:\ORACLE\middleware_12.1.3

aug 14, 2015 9:29:35 AM oracle.sysman.oii.oiii.OiiiInstallAreaControl initAreaControl
INFO: Install area Control created with access level 0
Applying interim patch '20900599' to OH 'C:\ORACLE\middleware\12.1.3'
Verifying environment and performing prerequisite checks...
Patch 20900599: Optional component(s) missing : [ oracle.integration.bpm, 12.1.3.0.0 ] , [ oracle.mft.apache, 12.1.3.0.0 ] , [ oracle.bpm.mgmt, 12.1.3.0.0 ] , [ oracle.hwf.standalone, 12.1.3.0.0 ] , [ oracle.soa.b2b.client, 12.1.3.0.0 ] , [ oracle.mft, 12.1.3.0.0 ] , [ oracle.bpm.processspaces, 12.1.3.0.0 ] , [ oracle.soa.workflow.wc, 12.1.3.0.0 ] , [ oracle.oep.examples, 12.1.3.0.0 ]

Patch [ 20900599 ] conflict with patch(es) [ 19707784 ] in the Oracle Home.

To resolve patch conflicts please contact Oracle Support Services.
If you continue, patch(es) [ 19707784 ] will be rolled back and the new Patch [ 20900599 ] will be installed.


Do you want to proceed? [y|n] y
User Responded with: Y
OPatch will roll back the subset patches and apply the given patch.
All checks passed.

Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.
(Oracle Home = 'C:\ORACLE\middleware\12.1.3')

Is the local system ready for patching? [y|n] y
User Responded with: Y
Backing up files...
Rolling back interim patch '19707784' from OH 'C:\ORACLE\middleware\12.1.3'

Patching component oracle.bpm.addon, 12.1.3.0.0...
Patching component oracle.rules, 12.1.3.0.0...
Patching component oracle.bpm.plugins, 12.1.3.0.0...
Patching component oracle.soa.mgmt, 12.1.3.0.0...
Patching component oracle.integration.bam, 12.1.3.0.0...
Patching component oracle.soa.common.adapters, 12.1.3.0.0...
Patching component oracle.soacommon.plugins, 12.1.3.0.0...
Patching component oracle.integration.soainfra, 12.1.3.0.0...
RollbackSession removing interim patch '19707784' from inventory

OPatch back to application of the patch '20900599' after auto-rollback.

Patching component oracle.oep, 12.1.3.0.0...
Patching component oracle.bpm.addon, 12.1.3.0.0...
Patching component oracle.rules, 12.1.3.0.0...
Patching component oracle.mft.client, 12.1.3.0.0...
Patching component oracle.rcu.soainfra, 12.1.3.0.0...
Patching component oracle.oep.plugins, 12.1.3.0.0...
Patching component oracle.bpm.plugins, 12.1.3.0.0...
Patching component oracle.soa.mgmt, 12.1.3.0.0...
Patching component oracle.integration.bam, 12.1.3.0.0...
Patching component oracle.soa.common.adapters, 12.1.3.0.0...
Patching component oracle.soacommon.plugins, 12.1.3.0.0...
Patching component oracle.integration.soainfra, 12.1.3.0.0...

Verifying the update...
Patch 20900599 successfully applied
Log file location: C:\ORACLE\middleware\12.1.3\cfgtoollogs\opatch\20900599_Aug_14_2015_09_29_34\apply2015-08-14_09-29-13AM_1.log

OPatch succeeded.

Note:

Dave Shaffer gave me a good tip. When he patched his JDeveloper it became unstable and did not resolve any of the performance issues. However, he used jdev -clean once to fix it.

 
2 Comments

Posted by on 14-08-2015 in Uncategorized

 
 
Follow

Get every new post delivered to your Inbox.

Join 441 other followers