OPSS - After set OUD authenticator Provider in Weblogic Console getting JPS-00056 and JPS-00027 error
(Doc ID 2097485.1)
Last updated on MARCH 01, 2023
Applies to:
Oracle Platform Security for Java - Version 11.1.1.7.0 and laterInformation in this document applies to any platform.
Symptoms
On : OPSS 12.1.3.0.0 version, Java Platform Security From Oracle WebLogic Server 12.1.3.0.0 setting up OUD as Identity Store
OUD Authenticator Security Provider order issue
When moving the OUDAuthenticator on top of DefaultAuthenticator it causing Weblogic admin startup failure with this JPS error message:
<Dec 18, 2015 12:43:37 PM EST> <Critical> <WebLogicServer> <AdminServer> <main> <
1. weblogic.security.SecurityInitializationException: The loading of an OPSS java security policy provider failed due to an exception. See the exception stack trace or the server log file for the root cause. If there is no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: null
2. java.lang.IllegalStateException: Unable to perform operation: post construct on weblogic.security.PreSecurityService
3. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.security.SecurityService errors were found
4. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.security.SecurityService
5. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.jndi.internal.RemoteNamingService errors were found
6. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.jndi.internal.RemoteNamingService
7. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.protocol.ProtocolHandlerService errors were found
8. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.protocol.ProtocolHandlerService
A MultiException has 8 exceptions. They are:
1. weblogic.security.SecurityInitializationException: The loading of an OPSS java security policy provider failed due to an exception. See the exception stack trace or the server log file for the root cause. If there is no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: null
2. java.lang.IllegalStateException: Unable to perform operation: post construct on weblogic.security.PreSecurityService
3. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.security.SecurityService errors were found
4. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.security.SecurityService
5. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.jndi.internal.RemoteNamingService errors were found
6. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.jndi.internal.RemoteNamingService
7. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.protocol.ProtocolHandlerService errors were found
8. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.protocol.ProtocolHandlerService
at org.jvnet.hk2.internal.Collector.throwIfErrors(Collector.java:88)
at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:269)
.......
Caused By: weblogic.security.SecurityInitializationException: The loading of an OPSS java security policy provider failed due to an exception. See the exception stack trace or the server log file for the root cause. If there is no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: null
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1487)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.preInitialize(CommonSecurityServiceManagerDelegateImpl.java:1090)
at weblogic.security.service.SecurityServiceManager.preInitialize(SecurityServiceManager.java:925)
at weblogic.security.PreSecurityService.start(PreSecurityService.java:139)
......
Caused By: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
......
Caused By: oracle.security.jps.JpsException: JPS-00056: Failed to create identity store service instance idstore.ldap.provider:idstore.ldap. Reason: oracle.security.jps.JpsRuntimeException: JPS-00027: internal error You configured a generic WLS LDAPAuthenticator.
The identity store type cannot be determined. Please choose an LDAP Authentication provider that matches your LDAP server.
at oracle.security.jps.internal.config.OpssCommonStartup.start(OpssCommonStartup.java:211)
at oracle.security.jps.wls.JpsWlsStartup.start(JpsWlsStartup.java:80)
at oracle.security.jps.JpsStartup.start(JpsStartup.java:186)
......
Caused By: oracle.security.jps.service.idstore.IdentityStoreException: JPS-00056: Failed to create identity store service instance idstore.ldap.provider:idstore.ldap. Reason: oracle.security.jps.JpsRuntimeException: JPS-00027: internal error You configured a generic WLS LDAPAuthenticator.
The identity store type cannot be determined. Please choose an LDAP Authentication provider that matches your LDAP server.
at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getIdStoreConfig(LdapIdentityStoreProvider.java:173)
at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.access$200(LdapIdentityStoreProvider.java:88)
at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider$NoLibOvd.getInstance(LdapIdentityStoreProvider.java:222)
at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getInstance(LdapIdentityStoreProvider.java:114)
at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getInstance(LdapIdentityStoreProvider.java:121)
...........
Caused By: oracle.security.jps.JpsRuntimeException: JPS-00027: internal error You configured a generic WLS LDAPAuthenticator.
The identity store type cannot be determined. Please choose an LDAP Authentication provider that matches your LDAP server
at oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider$WlsLdapIdStoreDescriptor.checkIdStoreType(WlsLdapIdStoreConfigProvider.java:371)
at oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider$WlsLdapIdStoreDescriptor.getProperties(WlsLdapIdStoreConfigProvider.java:171)
at oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider$WlsLdapIdStoreDescriptor.<init>(WlsLdapIdStoreConfigProvider.java:124)
at oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider.getIdentityStoreConfig(WlsLdapIdStoreConfigProvider.java:94)
..........
>
####<Dec 18, 2015 12:43:37 PM EST> <Notice> <WebLogicServer> <qa-wls-shared1.nslc.org> <AdminServer> <main> <
####<Dec 18, 2015 12:43:37 PM EST> <Error> <WebLogicServer> <qa-wls-shared1.nslc.org> <AdminServer> <main> <
####<Dec 18, 2015 12:43:37 PM EST> <Notice> <WebLogicServer> <qa-wls-shared1.nslc.org> <AdminServer> <main> <
The issue can be reproduced at will with the following steps:
1. In WLS Administration Console
2. Go to Security Realms -> Providers -> Authentication
3. Change the order of Authentication Provider, save changes
4. Restart
The issue has the following business impact:
Due to this issue, users cannot start successfully Admin Server after reorder the ATN providers in WLS console
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |