OAM 11g Access Tester

Introduction

Oracle Access Manager 11g has an inbuilt Access Tester which we can use to test the connectivity and troubleshoot issues between agent and OAM server.
The beauty of Access Tester is that we can simulate interactions between registered OAM Agent and OAM 11g Servers and it can be run from any computer.

How it works

1) Go to this directory $ORACLE_HOME/oam/server/tester
2) java -jar oamtest.jar

3) GUI window of Access Tester will open up :

4) Enter the below parameters as shown and see the respected output:

1. Server Connection:

IPAddress: IP address where OAM server is running

Port: OAM server port, default is 5575

AgentID: Webgate profile ID, which was given to register the webgate

Click on Connect

2. Protected Resource URI:

Host: It should be same as present in host identifier in oamconsole

Port: It should be same as present in host identifier in oamconsole

Resource: Resource URI which is protected.

Click on Validate

3. User Identity:

Enter the username and password to authenticate the user for the above given resource URI.

4. Test the Authorization of the resource by clicking on Authorize button

In this way you can simulate the access flow from Webgate to OAM server and troubleshoot for any errors.

Do post for any queries !

OWSM policies in SOA 11g

What is OWSM ?

Oracle Web Service Manager is a security framework, which provides security for web application. It can be implemented at runtime(using EM) as well as at design time(using Jdeveloper).
By applying the policies at run time, it gives the advantage to devlopers as they can now focus on developing the service rather then worrying about security.

Configuring OWSM Policies in SOA 11g from EM console:

1) Login to EM with administrator user.
2) Deploy a simple health check composite or any composite you want to secure.
3) Go to 'Polices' Tab(under Dashboard) of the composite.

 4) Attach the basic security policy (oracle/wss_username_token_service_policy)

5) This policy enforces security by requesting for username and password in soap message.

How to test:

1) Once the security policy is applied successfully, go to 'Test' tab of the composite.
2) On the Request Tab, under Security, select 'OWSM Security Policies'.
3) Click on oracle/wss_username_token_client_policy. Enter the username/password (weblogic/welcome1)
4) Give the input and click on Test Button.

Successful invocation shows policy is attached successfully like this:

Else you will get the OWSM error (WSM-00006) as below :

<May 14, 2014 5:15:40 PM IST> <Error> <oracle.wsm.resources.security> <WSM-00006> <Error in receiving the request: oracle.wsm.security.SecurityException
: WSM-00069 : The security header is missing. Ensure that there is a valid security policy attached at the client side, and the policy is enabled..>
<May 14, 2014 5:15:40 PM IST> <Error> <oracle.wsm.resources.enforcement> <WSM-07607> <Failure in execution of assertion {http://schemas.oracle.com/ws/20
06/01/securitypolicy}wss-username-token executor class oracle.wsm.security.policy.scenario.executor.WssUsernameTokenScenarioExecutor.>
<May 14, 2014 5:15:40 PM IST> <Error> <oracle.wsm.resources.enforcement> <WSM-07602> <Failure in WS-Policy Execution due to exception.>
<May 14, 2014 5:15:40 PM IST> <Error> <oracle.wsm.resources.enforcement> <WSM-07501> <Failure in Oracle WSM Agent processRequest, category=security, fun
ction=agent.function.service, application=soa-infra, composite=DeployHealthCheck, modelObj=synchbpel_client_ep, policy=oracle/wss_username_token_service
_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss-username-token.>
<May 14, 2014 5:15:40 PM IST> <Error> <oracle.webservices.service> <OWS-04086> <oracle.fabric.common.PolicyEnforcementException: InvalidSecurity : error
 in processing the WS-Security security header

Unable to start Admin server BEA-000386 (Server subsystem failed. Reason: java.lang.AssertionError: java.lang.reflect.InvocationTargetException)

Problem: Not able to start Admin server with BEA-000386 Error.

Symptom:
Weblogic Server fail with below error:

<Apr 30, 2014 5:50:48 PM IST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: java.lang.AssertionError: java.lang.reflect.In
ocationTargetException
java.lang.AssertionError: java.lang.reflect.InvocationTargetException
        at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:175)
        at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
        at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
        at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:1092)
        at weblogic.management.configuration.SecurityConfigurationMBeanImpl.getCredential(SecurityConfigurationMBeanImpl.java:737)
        Truncated. see log file for complete stacktrace
Caused By: java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:173)
        Truncated. see log file for complete stacktrace
Caused By: weblogic.security.internal.encryption.EncryptionServiceException
        at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:139)
        at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:187)
        at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        Truncated. see log file for complete stacktrace
>

Solution:
The file SerializedSystemIni.dat has become corrupted. Admin Server will not start because it is not able to decrypt the credential and perform authentication properly.

Take backup of config.xml file and replace all the encrypted values with plain text, like below:

<credential-encrypted>{AES}HLsT8dQxvGB0z6NBItIlMaiX/kYyI/d7SNqhwnqL/xot2gUAj7EglBJeM2mkynJDZUbwCe7cN6hwVRU5jZkLOZLA3C/WUqlc6voRI9mKiPTfaqMvqNSJsny+gas8V8cO</credential-encrypted>

<credential-encrypted>SimpleText</credential-encrypted>

Once you restart the Admin Server, all the plain text values will get encrypted again.

Weblogic Startup Error: weblogic.store.PersistentStoreException: java.io.IOException

Problem : WebLogic Server(Admin or manged ) Fail During Startup with NullPointerException

Symptom:
Weblogic fails to startup with the below error:

<Jun 29, 2013 9:48:20 AM CDT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: java.lang.NullPointerException
java.lang.NullPointerException
        at weblogic.store.io.file.StoreFile.close(StoreFile.java:440)
        at weblogic.store.io.file.Heap.open(Heap.java:320)
        at weblogic.store.io.file.FileStoreIO.open(FileStoreIO.java:104)
        at weblogic.store.internal.PersistentStoreImpl.recoverStoreConnections(PersistentStoreImpl.java:431)
        at weblogic.store.internal.PersistentStoreImpl.open(PersistentStoreImpl.java:422)
        Truncated. see log file for complete stacktrace
>
<Jun 29, 2013 9:48:20 AM CDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Jun 29, 2013 9:48:20 AM CDT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Jun 29, 2013 9:48:20 AM CDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>

Solution:

The persistent store file somehow got corrupted. Take the backup of it and delete it.

Go to $DOMAIN_HOME/servers/<server_name>/data/store/diagnostics/WLS_DIAGNOSTICS000000.DAT

Take the backup of this WLS_DIAGNOSTICS000000.DAT file and delete it. Now restart the server, it should solve the issue.

Weblogic startup error: ERROR: transport error 202: bind failed: Address already in use

Introduction

When we have multiple managed server's configured in a single domain running on same debug port, it gives the below error while starting a managed server


ERROR: transport error 202: bind failed: Address already in use
ERROR: JDWP Transport dt_socket failed to initialize, TRANSPORT_INIT(510)
JDWP exit error AGENT_ERROR_TRANSPORT_INIT(197): No transports initialized [../../../src/share/back/debugInit.c:690]
FATAL ERROR in native method: JDWP No transports initialized, jvmtiError=AGENT_ERROR_TRANSPORT_INIT(197)

This error occurs when you have configured your Node Manager and trying to start the server using Node Manager.

Solution

1) Disable the debugFlag in setDomainEnv.sh file

• Take backup of  <DOMAIN_HOME>/<DOMAIN_NAME>/bin/setDomainEnv.sh
• Modify the debugFlag="true" to debugFlag="false" in setDomainEnv.sh

This will disable the debug and will solve the issue. Else if you want to enable debug, you can follow second option.

2) Give different debug port for all the managed servers

• Take backup of  <DOMAIN_HOME>/<DOMAIN_NAME>/bin/setDomainEnv.sh
• Add the below lines for all the managed server in setDomainEnv.sh

if [ "${SERVER_NAME}" = "soa_server1" ] ; then

   DEBUG_PORT="7453"

   export DEBUG_PORT

   

 if [ "${SERVER_NAME}" = "osb_server1" ] ; then

   DEBUG_PORT="7454"

   export DEBUG_PORT

Here it will take different value of debug ports while starting, hence will not give the address already in use error.

After the changes restart the domain. This should solve the issue !!

How to Integrate Salesforce services with Oracle Fusion Middleware ?

Introduction

Recently there was a requirement of a customer to integrate Salesforce.com web-services with Oracle Fusion Middleware/Oracle SOA.
Scenario was, a SOA composite will try to access Salesforce services. We need to configure Oracle Fusion Middleware to access the Salesforce services (external web-services) outside the firewall.

To achieve this we need to perform two steps:

Install the salesforce web services certificate in the Weblogic Trust store (DemoTrust.jks or cacerts)

Download the certificates by accessing the web-service and then import the certificates using Java Keytool

• keytool -keystore "DemoTrust.jks" -import -alias "test.salesforce.com" -file "test.salesforce.com.crt"

Verify if the certificates are added or not by giving the following command:

• Keytool -list -keystore DemoTrust.jks

Second Step is to configure the proxy in SOA Domain to access the remote SalesForce services

For SOA services to communicate to external web-services we need to configure proxy in SOA Server/Weblogic.

Following changes need to be made in setSOADomainEnv.sh (Linux Environment)

The EXTRA_JAVA_PROPERTIES variables needs to be modified as follows

EXTRA_JAVA_PROPERTIES="${EXTRA_JAVA_PROPERTIES} -Dhttps.proxySet=true -Dhttps.proxyHost=proxy.aj.com -Dhttps.proxyPort=443 -Dhttp.nonProxyHosts=localhost|127.0.0.1"

export EXTRA_JAVA_PROPERTIES

https.proxyHost: Your proxy Host
https.proxyPort: Your proxy port, 443 is the default port for https
http.nonProxyHosts: Your non proxy servers, the list can be separated with a "|"

After all the changes are done, restart the complete domain.

How to develop a SOA Composite using JDeveloper ?

Introduction

Starting point of any new technology or language is to make it say 'Hello'. Personally, for me to get acquainted to a new programming language is to write a 'hello world' program. Same I would like to do today by showing you how to develop a Simple Hello World Composite.

Before Starting with SOA development, make sure you have:

• SOA installed
• Jdeveloper with SOA Extension Enabled

Let us get Started.

Overview:

We will create a SOA Composite which will take input as a String(your name) and return the output as Hello <String Entered>.

Developing a Composite:

Open Jdeveloper and create a New Application by Navigating to File->New->Application->SOA Application. Click on Ok.

Enter the name of the Application in the next screen:

Enter name of the Project (HelloWorld) and make sure SOA is selected as shown.Click on Next.

 Now select the option 'Composite with BPEL Process'. Click on Finish.

Select 'Synchronous BPEL Process' from the drop down. Click on Ok.

Now you have successfully created a basic composite with a Synchronous BPEL process. It should look something like this:

Next step is to do some configurations in our BPEL Process so that it can understand what it needs to do.

Double click on the BPEL Process. You will see the below screen. 

Now you can make out easily what we are trying to do. It is same Java Programming. Some Input/Output variables.Some transformations, assignments, connection. 

Here we have a client, which will send a request (so it has a receive activity). It also has the power to give Output (hence replyOutput activity). So what is missing ???

We need to concatenate the input with 'Hello' and assign it to the output variable.

To achieve this, add the assign activity by dragging it from BPEL Constructs(see the right side of the pane)

Now the assign activity is added, we are ready to concatenate. 

Double click on Assign Activity.

We want to assign input to the process to the result, after concatenating 'Hello' to the front.

Drag the function (highlighted) on the result variable.

In this screen, Select String Function from the drop down, double click on concat, you can see the format/description of the function.
It accepts arguments in quotes separated by comma.
Give the First argument as 'hello'.
For second argument, double click on client input string after expanding input variable.

Click on Ok and Apply and save it.

Now you are ready to deploy your first BPEL Project on your SOA Server.

Start your SOA server if not already started.

Steps to create an Application Server connection in Jdevloper:

Click on File->New->Connection->Application Server Connection.

Give the connection name and click on Next.

Give the Username and password to connect to Admin Server.

Give the Hostname,  Port number of Admin Server and name of your domain. Click on Next

Give Test Connection. If all the test are successful. Click on Next and then Finish.

Deploying the Composite:

Right click on the project and select deploy as shown:

Select the Application Server connection you created in the next couple of screen and at the end click on Finish.

If you see the above screen, it means you have successfully deployed the composite on the SOA Server.

Now time to test our HelloWorld composite :)

Login to EM Console. Click on your composite. Click on Test Button. Enter the input as shown:

Click on Test Web Service Button. You will see the output as below !

Voila :) 

You have successfully created, deployed and tested a SOA Composite !!!

Welcome to SOA Development with JDEVELOPER

Explore and learn from here ;)

Cheers