OAM11g : How To Recover From Coherence Keystore Corruption (Doc ID 1632589.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle Access Manager - Version 11.1.1.5.0 to 11.1.2.2.0 [Release 11g]
Information in this document applies to any platform.
Note: In OAM PS3 release, the WLS listCred command was removed so this issue applies up to release 11.1.2.2.0 PS2

Identify the coherence keystore corruption by looking for below error messages in OAM logs


Caused by: java.security.UnrecoverableKeyException: Password must not be null
or
Caused By: java.io.IOException: Keystore was tampered with, or password was incorrect

Try below wlst command to retrieve coherence keystore password

wls:/OAM-Domain/domainRuntime> listCred(map="OAM_STORE",key="coh")

If you see below output then it means that coherence keystore credentials are missing in OPSS

Credential either does not exist or cannot be listed if it is of type "generic"

If you can retrieve credentials for coherence keystore then run below keytool command

keytool -list -v -keystore /config/fmwconfig/.cohstore.jks -storepass -storetype JCEKS

if above command results in below error then coherence keystore got corrupted, else the keystore is fine and this article is not valid for your case

java.io.IOException: Keystore was tampered with, or password was incorrect

Goal

This article explains the procedure to recover from corrupted coherence keystore issue using data from other working environment.

 

             If you have DB and filesystem backups then restore OPSS schema and .cohstore.jks keystore from backups instead of following this procedure. 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms