Webgate Artifacts Unable To Resolve When Primary Servers Are Configured To Clone

(Doc ID 2387013.1)

Last updated on APRIL 18, 2018

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

On : 11.1.2.3.0 version, OAM SERVER

1. Oam Multi-data center (MDC) is used.

2. Add new Webgate to OamConsole of Master Data Center (DC). Set primary server to this new webgate to Oam server in clone DC. OamConsole of master and clone AdminConsole shows the changes correctly. Access protected url and it shows "Oracle Access Manager Operation Error" in browser.

3. When webgate is using master DC as primary server then it reports url protected.

4. Using Oam tester tool connects to Oam in Master DC with old webgate. It shows new webgate resources protected correctly but Oam server in clone DC shows fatal error.

5. Last change was new Bundle patch and one off patch was installed.

6. Restart of Clone DC did not help fix the issue.


ERROR
-----------------------

================

> Error noticed in Browser

Oracle Access Manager Operation Error

The Access Server has returned a fatal error with no detailed information.
Contact your website administrator to remedy this problem.

================

> Error in Oam diagnostic logs

[20xx-04-12T22:21:37.787-04:00] [xxxx] [ERROR] [OAM-04029] [oracle.oam.proxy.oam] [host: xxxxx] [nwaddr: xxxxxx] [tid: [ACTIVE].ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: a9cd153f14862a2e:-623181f0:1626fd7cd22:-8000-000000000325b855,0] [APP: oam_server#11.1.2.0.0] [TARGET: /domain/oam1/oam_server(11.1.2.0.0)] [TARGET_TYPE: oracle_oam] Error in generating AMEvent. Details Event Response status is STATUS_FAIL for GET_AUTHN_SCHEME event. Error code OAM-02073 status fail isExcluded false
[20xx-04-12T22:21:37.787-04:00] [xxxxx] [ERROR] [OAM-04020] [oracle.oam.proxy.oam] [host: xxxx] [nwaddr: xxx] [tid: [ACTIVE].ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: a9cd153f14862a2e:-623181f0:1626fd7cd22:-8000-000000000325b855,0] [APP: oam_server#11.1.2.0.0] [TARGET: /oamdomain/oam1/oam_server(11.1.2.0.0)] [TARGET_TYPE: oracle_oam] Exception encountered while processing the request: oracle.security.am.proxy.oam.requesthandler.OAMProxyException: Event Response status is STATUS_FAIL for GET_AUTHN_SCHEME event. Error code OAM-02073 status fail isExcluded false[[
at oracle.security.am.proxy.oam.requesthandler.NGProvider.checkProtected(NGProvider.java:5400)
at oracle.security.am.proxy.oam.requesthandler.NGProvider.getIsRescProtectedResponse(NGProvider.java:1868)
at oracle.security.am.proxy.oam.requesthandler.NGProvider.getResponse(NGProvider.java:451)
at oracle.security.am.proxy.oam.requesthandler.RequestHandler.handleRequest(RequestHandler.java:378)
at oracle.security.am.proxy.oam.requesthandler.RequestHandler.handleMessage(RequestHandler.java:182)
at oracle.security.am.proxy.oam.requesthandler.ControllerMessageBean.getResponseMessage(ControllerMessageBean.java:122)
at oracle.security.am.proxy.oam.requesthandler.ControllerMessageBean_eo7ylc_MDOImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.MDOMethodInvoker.invoke(MDOMethodInvoker.java:35)
at oracle.security.am.proxy.oam.requesthandler.ControllerMessageBean_eo7ylc_MDOImpl.getResponseMessage(Unknown Source)
at oracle.security.am.proxy.oam.mina.ObClientToProxyHandler.messageReceived(ObClientToProxyHandler.java:256)
at org.apache.mina.common.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:743)
at org.apache.mina.common.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:405)
at org.apache.mina.common.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:40)
at org.apache.mina.common.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:823)
at org.apache.mina.common.IoFilterEvent.fire(IoFilterEvent.java:54)
at org.apache.mina.common.IoEvent.run(IoEvent.java:62)
at oracle.security.am.proxy.oam.mina.CommonJWorkImpl.run(CommonJWorkImpl.java:41)
at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:184)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
. Message : OpCode = 1 [IsResrcOpProtected], SeqNo = 0 Message = ro=t=0 o= no= r= nr= wu=/xxxx/test.html wh=wg wo=1 wa=0 ws= st=ma=2 mi=2 sg=0 sm= version=4 pd=
]]

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Create new webgate.
2. Set Oam server in clone DC as primary.
3. Make sure ObAccessClient.xml has new server updated.
4. Access protected resource.

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms