How to Run OAM 11g Audit Reports in BI Publisher 11g
A common requirement for enterprises that implement the Oracle Identity Management 11g solution is to have the ability to report all authentication and authorization operations in their applications. Assuming that the the applications have already been secured by Oracle Access Manager 11g, and that a Bussiness Intelligence 11g solution is in place, there are several configurations that need to be made in order to have reports on authentication operations, failed authentications etc from OAM.
At the time this post was written, OAM reports are only available for BI 10g (10.1.3.4) and so the OAM reports need to be upgraded to 11g using the BI Upgrade Assistant in order to be used in a 11g BI environment.
This post will go through all the steps required to upgrade and set up these reports. Although the post discusses the OAM reports, the same steps apply for the Identity Manager 11g reports as well.
Here is a list of the main steps to be followed:
How to find Weblogic patches in Oracle Support site?
After the Oracle’s aquisition of BEA all Weblogic server legacy patches have been included in the new My Oracle Support site, Oracle’s former Metalink. Due to this change, all Weblogic patches are now identified by a patch number of 7 digits (e.g. Patch 8206442). However, there are many resources out there such as blogs or even notes in the Oracle support site that still refer to the Weblogic patches by the old identification code, formed of 4 alpha numeric characters (e.g. Patch PKJ1)
To locate and download these patches from the MOS site (support.oracle.com or supporthtml.oracle.com) you need to:
Unable to start Weblogic: PasswordEncrypted of ServerStartMBean
The Weblogic administration server is not starting and the complete error message is:
“In production mode, it’s not allowed to set a clear text value to the property: PasswordEncrypted of ServerStartMBean”
If this is occurring in Weblogic versions 10.3.1 or earlier, then it is a known bug with the administration console. The bug will cause a <password-encrypted> tag of a certain weblogic instance in your domain to be set to a null value in the config.xml. This will happen if you modify some startup arguments of that instance in the administration console. Weblogic will interpret the null value as a plain text password, which is not allowed in a production domain, thus the error in starting the server.
There is a patch that you can apply for this issue, but there are also some quick workarounds that might prove very useful if there is a time constraint for starting the administration service.
Installing and configuring Oracle Traffic Director 11g
Oracle Traffic Director is a new product with Proxy and Load Balancing functionalities used for fronting Fusion Middleware servers. It is a lightweight, high performance proxy server taking only 150Mb of disk space, with extensive High Availability features. You can find more on the OTD’s features in this Oracle Traffic Director white paper.
OTD is currently released only for the Exalogic platform, so for operating systems other than OEL 64bit you will still have to use the Weblogic plugin for web servers, but OTD will be available for all platforms in the future.
This post will describe the installation and a basic configuration fronting a Weblogic cluster:
‘Broken Pipe’ error in Application Server Logs While Connecting to the Database
I have encountered this problem at several customer sites, where the symptoms are the following:
In the application server logs the following error shows up while attempting a connection to the database:
Caused by: java.net.SocketException: Broken pipe
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:103)
How to Simulate an Exalogic Machine for Training
In the new “Cloud Computing” era, Oracle is leading it’s private cloud offering with the new complete hardware and software platform for Enterprise applications, Oracle Exalogic. However, even within Oracle it can be quite difficult to gain access to an Exalogic machine, and getting to know the system just by reading the documentation is a daunting task. So this post will walk you through the steps of setting up a simulated Exalogic machine, in a virtual environment, that you can use for training purposes.
After completing these steps, you will have an environment where you will be able to make the same storage, network, operating system and software configurations as on the actual Exalogic machine. Of course, this will not be suitable for production, nor will any benchmarks have any relevance. It’s just something that you can use to get yourself familiarized with the machine. If you are new to the Exalogic machine, I suggest going over the Oracle Exalogic White Paper before continuing with the steps.
So, in order to build the system, you will need:
Instrumenting Weblogic Applications with WLDF: Where Does The Application Spend Time?
The WebLogic Diagnostic Framework is a very powerful tool complementing the WebLogic server that offers virtually unlimited possibilities to monitor, tune and troubleshoot your deployed applications. In this post I will describe how to use WLDF in order to get a better idea on where does an application spend it’s time, broken down by components. This is achieved by using the WLDF application-scoped instrumentation. The main steps for setting it up are:
- Enable the Diagnostic Context to track down a request throughout the system;
- Enable server-scoped instrumentation;
- Enable application-scoped instrumentation;
- Define specific Diagnostic Monitors and assign them specific Actions;
- Update the application with the new settings;
- Access the instrumented application and analyze the collected data;
Let’s get into details with each of these steps…
Starting Coherence servers using Node Manager
Once you have created the Coherence servers in your domain, you should be able to manage their lifecycle using the Node Manager, just like with Weblogic managed servers. Of course, for this to work a Coherence server must be assigned to a machine within the Weblogic domain. The Coherence servers can then be started:
- from the Administration console, by navigating to the “Control” tab and clicking “Start” for the selected servers
- from WLST, by the following command:
nmConnect(‘weblogic’,’welcome1′,’localhost’,’5556′,’FMW_XPS’,’/shared/oracle/FMW_Home/user_projects/domains/FMW_XPS’,’plain’)
nmStart(‘coh_server1′,serverType=’Coherence’)
WebLogic AdminServer startup and shutdown scripts
Right after creating a WebLogic domain, you can navigate to the domain directory and start the administration server using the startWebLogic.sh script. However, for easier control over the administration server of your domain, you can create some WLST startup and shutdown scripts that manage your admin server via the Node Manager.
The solution below describes two WLST scripts (startAdmin.jy and stopAdmin.jy ) and two platform dependent scripts that you use to call the Jython ones. (startAdmin.sh and stopAdmin.sh for Unix or startAdmin.bat and stopAdmin.bat for Windows)
Cannot connect to Node Manager. : Access to domain for user ‘weblogic’ denied
If you’ve hit this error you are probably trying to control your Weblogic servers via WLST, but you are unable to connect to the Node Manager.
nmConnect(‘weblogic’,’welcome1′,’localhost’,’5556′,’FMW_XPS’,’/shared/oracle/FMW_Home/user_projects/domains/FMW_XPS’,’plain’)
Connecting to Node Manager …
Traceback (innermost last):
File “”, line 1, in ?
File “”, line 123, in nmConnect
File “”, line 648, in raiseWLSTException
WLSTException: Error occured while performing nmConnect : Cannot connect to Node Manager. : Access to domain ‘FMW_XPS’ for user ‘weblogic’ denied.
Use dumpStack() to view the full stacktrace
Assuming you’ve already made sure all the parameters in the nmConnect command are correct and the NM process is up and running, there is actually one more thing to check: has your domain been set up in Production Mode? If so, then the Node Manager credentials have been generated by the Configuration Wizard at domain creation time. While the AdminServer will be aware of these credentials by default (you are able to connect to the NM via de admin console, after all), you will not be able to connect via WLST since you have to provide this random username and password. The solution is to reset the credentials in the Administration Console.
Oracle Fusion Middleware