Wednesday, August 28, 2013

ADF: PS5 to PS6 upgrade which turned into a PS7 11.1.1.8 webcenter and 11.1.1.7 adf upgrade

First thing I noticed is that clicking a link on a tab or menu disabled the link, had to style my tabs for this as the tab would vanish while loading -

af|panelTabbed::header af|panelTabbed::tab:disabled af|panelTabbed::tab-start { background-image: url("/skins/images/my_tab_start_d.png"); }
af|panelTabbed::header af|panelTabbed::tab:disabled af|panelTabbed::tab-content { background-image: url("/skins/images/my_tab_mid_d.png"); }
af|panelTabbed::header af|panelTabbed::tab:disabled af|panelTabbed::tab-end { background-image: url("/skins/images/my_tab_end_d.png"); }


The other problem was with some really old code that had only transient attributes in a vo - after 5 minutes on a screen and reclicking we would get a null pointer exception. Fixed this by marking passivate transient objects on the vo and cleaning up some old code.

Also had a few navigation with web center menu errors.



Skyros upgrade will take a lot of work to integrate with our styles sooooo this will have to wait we are on a tight deadline.


UPDATE : Not a smooth upgrade, problems include transients in view objects getting passivated more frequently, refresh issues, etc. (Mostly troubles with old code not functioning as it did).

Wednesday, August 21, 2013

Shibboleth Weblogic SAML2 identity provider making it work [Work in progress...]

I am busy configuring a Weblogic Service Provider that talks to a Shibboleth implementation using SAML2 and this is a log of the problems (mostly with me) I have encountered:

Problem number 1) Unsupported binding type received: urn:mace:shibboleth:1.0:profiles:AuthnRequest

For this I had to remove the entry <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://server/idp/profile/Shibboleth/SSO"/> in the metadata file I received from my idp and re upload to the  Identity Provider Partners  section in weblogic.

This was the stack trace:
SecuritySAML2Service  exception info
com.bea.security.saml2.binding.BindingHandlerException: Unsupported binding type received: urn:mace:shibboleth:1.0:profiles:AuthnRequest
at com.bea.security.saml2.binding.BindingHandlerFactory.newBindingSender(BindingHandlerFactory.java:53)
at com.bea.security.saml2.service.AbstractService.getSender(AbstractService.java:75)
at com.bea.security.saml2.service.spinitiator.SPInitiatorImpl.process(SPInitiatorImpl.java:170)
at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:26)
at $Proxy51.process(Unknown Source)
at com.bea.security.saml2.servlet.SAML2Filter.doFilter(SAML2Filter.java:49)
at weblogic.servlet.security.internal.AuthFilterChain.doFilter(AuthFilterChain.java:37)
at weblogic.servlet.security.internal.SecurityModule$ServletAuthenticationFilterAction.run(SecurityModule.java:645)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.security.internal.SecurityModule.invokeAuthFilterChain(SecurityModule.java:534)
at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:224)
at weblogic.servlet.security.internal.FormSecurityModule.checkAccess(FormSecurityModule.java:96)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:82)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2213)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

Solaris 11 : Web Center installation problem

We ran into a problem running the web center installation on Solaris 11 yesterday and I need to document this for my own sake.

The installation would fail all prerequisite checks randomly on different environments. We could just click continue and the install would be fine or run with ./runInstaller -ignoreSysPreReqs.

Our sys admin ran a trace and we tracked the problem down to a file being generated a run time using the sysdef -i command. This showed us that IPC Semaphores module is not loaded.

Just running the ipcs -a command before we install fixed the error for us and generated the correct size of file and made everything work - amazing.

Wednesday, August 14, 2013

Adventures in F5, OHS and weblogic

http://fusionsecurity.blogspot.com/2011/04/ssl-offloading-and-weblogic-server.html
https://blogs.oracle.com/ateamsoab2b/entry/configuration_notes_for_offloading_of

So I wanted to enable ssl between my F5 and ohs and between ohs and my weblogic.
I needed to do this because we redirect 80 to https on the F5 and I had a couple of external web services deployed. When you deploy the web service and are using https only on the F5 and http pass through to the rest your wsdl url will be secure but you may not be able to easily generate services from the wsdl (because the content of the wsdl will all point to http which we blocked).

IMPORT your certificates into a new wallet - using orapki - http://docs.oracle.com/cd/E11882_01/network.112/e10746/asoappf.htm

So on your F5
  Make sure you point to the ohs on the secure socket port (4443 by default).
  Easiest way to block http is with a https redirect iRule (http://fixmyitsystem.com/2012/11/handy-simple-f5-redirect-irules.html)

OHS

mod_wl_ohs I added on my web service location
  WLProxySSLPassThrough ON
I also pointer to the SSL ports

ssl.conf I added   

  RequestHeader set IS_SSL ssl 
  RequestHeader set WL-Proxy-SSL true
  SSLEngine on 





Weblogic

Set WebLogic Plugin Enabled (see initial link)
Enable SSL (enviroment>servers>yourserver> tick ssl listen port enabled)



*Shortcut for slackers*

Fool ohs into thinking you have a secure connection instead of setting up ssl everwhere (8892 is webcenter http port):


    WebLogicCluster serverName:8892,serverName:8892
    SetHandler weblogic-handler
    WLProxySSLPassThrough ON
    RequestHeader set IS_SSL ssl
    RequestHeader set WL-Proxy-SSL true



Friday, August 9, 2013

Webcenter BI integration

I followed this document:
http://www.oracle.com/technetwork/middleware/webcenter/portal/learnmore/wc-biappsconfig-396418.pdf

The only to comment (FRUSTRATED the hell out of me)

1) Add the bi libraries to your portal before you embark on the above guide : http://rsriv.blogspot.com/2011/10/obiee-11g-integration-with-webcenter.html

2) I kept getting an error:

Caused by: javax.naming.NamingException [Root exception is oracle.bi.presentation.soap.connection.BISoapException: javax.xml.ws.soap.SOAPFaultException: Authentication error. An invalid User Name or Password was entered.]

For some reason (I still need to investigate) the security does NOT work without impersonation for me. So I had to create my users on the bi server before everything could work.