Approved Tasks are Not Completed Due to "Error While Invoking ..workflowservice/CallbackService" with "WSM-07604 : Internal error during policy enforcement." and "WSM-07501" ERROR "Caused by: oracle.wsm.security.SecurityException: no protocol: localhost" (Doc ID 2272957.1)

Last updated on JUNE 01, 2017

Applies to:

Identity Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Symptoms

Completed Approval Tasks are not shown as completed in OIM.

The SOA logs show an error invoking OIMs Callback service like Error while invoking endpoint "http(s)://oimExternalFrontendURL/workflowservice/CallbackService" from client
The SOA managed server diagnostic logs show several Warnings and Errors, including Warning WSM-07604 : Internal error during policy enforcement, and an WSM-07501 ERROR with "Caused by: oracle.wsm.security.SecurityException: no protocol: localhost" and "Caused by: java.net.MalformedURLException: no protocol: localhost" (even through the value of the <oimExternalFrontendURL> in the log was not "localhost"):

[2017-04-18T20:24:19.672-05:00] [soa_server3] [ERROR] [] [oracle.webservices.jaxws] [tid: orabpel.engine.pool-6.thread-16] [userId: weblogic] [ecid: 0000Li3naXO6UOIMyqrY6G1OxfYz00001S,1:28100] [APP: soa-infra] [composite_instance_id: 5540001] [composite_name: anyOIMApprovalComposite] [component_name: CallbackService_2] Error while invoking endpoint "<oimExternalFrontendURL>/workflowservice/CallbackService" from client; Security Subject: Administrators

[2017-04-18T20:24:19.711-05:00] [soa_server3] [WARNING] [] [oracle.integration.platform.blocks.soap] [tid: orabpel.engine.pool-6.thread-16] [userId: weblogic] [ecid: 0000Li3naXO6UOIMyqrY6G1OxfYz00001S,1:28100] [APP: soa-infra] [composite_instance_id: 5540001] [composite_name: anyOIMApprovalComposite] [component_name: CallbackService_2] Unable to invoke endpoint URI "<oimExternalFrontendURL>/workflowservice/CallbackService" successfully due to: oracle.j2ee.ws.client.jaxws.JRFSOAPFaultException: Client received SOAP Fault from server : WSM-07604 : Internal error during policy enforcement.

[2017-04-18T20:24:19.721-05:00] [soa_server3] [ERROR] [WSM-07501] [oracle.wsm.resources.enforcement] [tid: orabpel.engine.pool-6.thread-16] [userId: weblogic] [ecid: 0000Li3naXO6UOIMyqrY6G1OxfYz00001S,1:28100] [APP: soa-infra] [composite_instance_id: 5540001] [composite_name: anyOIMApprovalComposite] [component_name: CallbackService_2] [WSM_POLICY_NAME: oracle/wss11_saml_token_with_message_protection_client_policy] Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=default, composite=anyOIMApprovalComposite, modelObj=CallbackService_2, policy=null, policyVersion=null, assertionName=null.[[
oracle.wsm.common.sdk.WSMException: no protocol: localhost
Caused by: oracle.wsm.security.SecurityException: no protocol: localhost
... 122 more
Caused by: java.net.MalformedURLException: no protocol: localhost
... 125 more

]]
[2017-04-18T20:24:19.743-05:00] [soa_server3] [WARNING] [] [oracle.integration.platform.blocks.soap] [tid: orabpel.engine.pool-6.thread-16] [userId: weblogic] [ecid: 0000Li3naXO6UOIMyqrY6G1OxfYz00001S,1:28100] [APP: soa-infra] [composite_instance_id: 5540001] [composite_name: anyOIMApprovalComposite] [component_name: CallbackService_2] Unable to invoke endpoint URI "localhost" successfully due to: Unable to invoke endpoint URI "localhost" successfully due to: oracle.fabric.common.PolicyEnforcementException: no protocol: localhost

[2017-04-18T20:24:19.744-05:00] [soa_server3] [ERROR] [] [oracle.soa.bpel.engine.ws] [tid: orabpel.engine.pool-6.thread-16] [userId: weblogic] [ecid: 0000Li3naXO6UOIMyqrY6G1OxfYz00001S,1:28100] [APP: soa-infra] [composite_instance_id: 5540001] [component_instance_id: 5540001] [composite_name: anyOIMApprovalComposite] [component_name: ApprovalProcess] got FabricInvocationException[[
java.net.MalformedURLException: no protocol: localhost
..
]]

 

Changes

There was an 11.1.1.6.0 BI Publisher installation and an 11.1.2.1.0 OIM installation which used to have a shared Middleware home. At some point, the 11.1.2.1.x OIM installation was moved to a different machine by expanding the OIM domains cluster to include the new node, migrating the AdminServer to the new node - then updating the ORACLE_HOMES and other configuration files to point to the install bits on the new machine (paraphrasing here, not endorsing this method).

Then a new domain was created for the 11.1.1.6.0 BI Publisher installation but was pointed to the existing DB repositories from the old domain. After this, the OIM installation (on the new machine and in a separate domain) was upgraded from 11.1.2.1.x to 11.1.2.2.9 and the related MDS repository (which was still in use by the 11.1.1.1.6.0 BI Publisher domain) was also upgraded from 11.1.1.6.0 to 11.1.1.7.0 as part of the upgrade process.  Then later, BI Publisher 11.1.1.7.0 was also installed on a third machine and another new domain was created for this installation which ALSO pointed to the 11.1.1.7.0 MDS repository on the existing DB.

These activities in and of themselves did not seem to result in the issue, as OIMs Request Approval functionality worked for several months later.  However, at some point after this, it is possible that human error resulted in issuing the reset policy store command from the 11.1.1.6.0 BI Publishers' EM Console.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms