Pages

Friday, October 23, 2015

Policy store is unavailable in /oamconsole

ISSUE:


After logging  into /oamconsole, it says:
"The policy store is not available; please see the log files for more details ".
Also is not possible to see any menu item listed in Policy Configuration tab.


ERROR OBSERVED:


Logs @ $DOMAIN_HOME/servers/oam_server1/oam_server1-diagnostics.log

<<
[AdminServer] [ERROR] [] [oracle.oam.admin.console.policy] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: 761262586b2d0012:58e2736e:13d3f069d76:-8000-000000000000031c,0] [APP: oam_admin#11.1.2.0.0] The policy store is not available; please see the log file for more details.[[
oracle.security.am.common.policy.admin.PolicyManagerException: oracle.security.am.common.policy.admin.store.PolicyStoreException: OAMSSA-06252: The policy store is not available; please see the log file for more details.

at oracle.security.am.common.policy.admin.provider.oes.proxy.OESAdminProxy.getAuthenticationSchemeStore(OESAdminProxy.java:161)
at oracle.security.am.common.policy.admin.provider.oes.OESPolicyAdminProvider.getAuthnSchemeStore(OESPolicyAdminProvider.java:217)
at oracle.security.am.common.policy.admin.impl.AuthenticationSchemeManagerImpl.getStore(AuthenticationSchemeManagerImpl.java:532)
at oracle.security.am.common.policy.admin.impl.AuthenticationSchemeManagerImpl.getAllAuthnSchemes(AuthenticationSchemeManagerImpl.java:344)
Caused by: oracle.security.am.common.policy.admin.store.PolicyStoreException: OAMSSA-06252: The policy store is not available; please see the log file for more details.at oracle.security.am.common.policy.util.OESUtils.checkAndThrowException(OESUtils.java:630)
at oracle.security.am.common.policy.util.ResourceTypeHelper.getAuthnSchemeResourceType(ResourceTypeHelper.java:527)
at oracle.security.am.common.policy.admin.provider.oes.proxy.OESAdminProxy.getAuthenticationSchemeStore(OESAdminProxy.java:147)
at oracle.security.am.common.policy.admin.provider.oes.OESPolicyAdminProvider.getAuthnSchemeStore(OESPolicyAdminProvider.java:217)
at oracle.security.am.common.policy.admin.impl.AuthenticationSchemeManagerImpl.getStore(AuthenticationSchemeManagerImpl.java:532)
at oracle.security.am.common.policy.admin.impl.AuthenticationSchemeManagerImpl.getAllAuthnSchemes(AuthenticationSchemeManagerImpl.java:344)
at model.TreeVOImpl.buildTree(TreeVOImpl.java:412)
Caused by: java.lang.NullPointerException
at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.addActiveApplication(PDPServiceImpl.java:1983)
at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.getAdminPermissions(PDPServiceImpl.java:1571)
at oracle.security.jps.internal.policystore.PolicyDelegationController.getAdminPermissions(PolicyDelegationController.java:256)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.impliesAdminPermission(JavaPolicyProvider.java:598)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.implies_NotPrivileged(JavaPolicyProvider.java:582)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.implies(JavaPolicyProvider.java:562)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.implies(JavaPolicyProvider.java:546)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:224)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:352)
at java.security.AccessController.checkPermission(AccessController.java:549)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:458)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:518)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:544)
at oracle.security.jps.internal.policystore.util.OpssAuth.checkAdminPermission(OpssAuth.java:69)
at oracle.security.jps.internal.policystore.entitymanager.impl.ResourceTypeManagerImpl.checkPermission(ResourceTypeManagerImpl.java:3036)
at oracle.security.jps.internal.policystore.entitymanager.impl.ResourceTypeManagerImpl.getResourceType(ResourceTypeManagerImpl.java:868)
at oracle.security.am.common.policy.util.ResourceTypeHelper.getAuthnSchemeResourceType(ResourceTypeHelper.java:524)
... 144 more
>>


REASON:


There is a corruption in the OAM Policy/Security store, perhaps caused by premature startup of AdminServer before the Security Store was configured, or perhaps due to an unnoticed error when configureSecurityStore.py -m create was run, such that all policy / security data were not  fully created.


SOLUTION:



Step 1)  Delete the oam_domain
(deleting $DOMAIN_HOME folder and, if exist, folder $MW_HOME\user_projects\applications\<domain-name>)


Step 2) Re-run the config.sh to create domain and oam managed server. Click Here

NOTEDO NOT START ADMIN/OAM SERVERS

Step 3) Configure the DB policy store first. Click Here.

Step 4) Start servers 1) Admin Server 2) Oam Server.

No comments:

Post a Comment