SSO / OC4J_SECURITY Does Not Start In Clustered / HA Environment (Doc ID 419543.1)

Last updated on FEBRUARY 06, 2017

Applies to:

Oracle Application Server Single Sign-On - Version 10.1.2.0.2 to 10.1.4.3 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.
***Checked for relevance on 06-Feb-2017***

Symptoms

OC4J_SECURITY is failing to start in a clustered High Availability (HA) environment with a load-balancer (LBR) serving Oracle Internet Directory (OID) connections.

Oracle Single Sign-On (SSO) is installed in the same ORACLE_HOME as OID.

When 'opmnctl startall' is run to start all the Identity Management processes, OC4J_SECURITY startup fails with 'OID dependency failed' error, e.g.:

ias-component/process-type/process-set:
OC4J/OC4J_SECURITY/default_island
Error
--> Process (pid=0)
failed to start a managed process because a dependency check failed
oid dependency failed ...

 

The following errors are logged in the ssoServer.log:

Thu Mar 15 15:38:07 EET 2007 [DEBUG] Orion Launcher Setting minimum number of connections to 5 in the OID cache pool 

Thu Mar 15 15:38:07 EET 2007 [ERROR] Orion Launcher Could not get OID connection
javax.naming.CommunicationException: oid.oracle.com:363 [Root exception is java.net.ConnectException: Connection refused]
at oracle.ldap.util.jndi.ConnectionUtil.returnInitialLdapContext(ConnectionUtil.java:492)
at oracle.ldap.util.jndi.ConnectionUtil.getDefaultDirCtx(ConnectionUtil.java:135)
at oracle.ldap.util.jndi.ConnectionUtil.getDefaultDirCtx(ConnectionUtil.java:157)
at oracle.security.sso.server.ldap.DirContextPool.makeNewConnection(DirContextPool.java:387)
at oracle.security.sso.server.ldap.DirContextPool.<init>(DirContextPool.java:113)
at oracle.security.sso.server.ldap.OIDUserRepository.initialize(OIDUserRepository.java:138)
at oracle.security.sso.server.auth.AuthUtil.init(AuthUtil.java:192)
at oracle.security.sso.server.ui.SSOLoginServlet.init(SSOLoginServlet.java:237)
at javax.servlet.GenericServlet.init(GenericServlet.java:258)
at com.evermind.server.http.HttpApplication.loadServlet(HttpApplication.java:2354)
at com.evermind.server.http.HttpApplication.findServlet(HttpApplication.java:4795)
at com.evermind.server.http.HttpApplication.initPreloadServlets(HttpApplication.java:4889)
at com.evermind.server.http.HttpApplication.initDynamic(HttpApplication.java:1015)
at com.evermind.server.http.HttpApplication.<init>(HttpApplication.java:549)
at com.evermind.server.Application.getHttpApplication(Application.java:890)
at com.evermind.server.http.HttpServer.getHttpApplication(HttpServer.java:707)
at com.evermind.server.http.HttpSite.initApplications(HttpSite.java:625)
at com.evermind.server.http.HttpSite.setConfig(HttpSite.java:278)
at com.evermind.server.http.HttpServer.setSites(HttpServer.java:278)
at com.evermind.server.http.HttpServer.setConfig(HttpServer.java:179)
at com.evermind.server.ApplicationServer.initializeHttp(ApplicationServer.java:2394)
at com.evermind.server.ApplicationServer.setConfig(ApplicationServer.java:1551)
at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:92)
at java.lang.Thread.run(Thread.java:534)
Caused by: java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
...

at oracle.ldap.util.jndi.ConnectionThread.run(ConnectionThread.java:61)
Thu Mar 15 15:38:07 EET 2007 [ERROR] Orion Launcher Naming Exception while creating LDAP connection pool:
javax.naming.NamingException: Communication error. Directory Server not reacheble
...

at java.lang.Thread.run(Thread.java:534)
Thu Mar 15 15:38:07 EET 2007 [ERROR] Orion Launcher Check the OID server, oid.oracle.com:636 availability
Thu Mar 15 15:38:07 EET 2007 [DEBUG] Orion Launcher Done creating OID connection pools
Thu Mar 15 15:38:07 EET 2007 [INFO] Orion Launcher Entered DBConnectionPool.getConnection method ...
Thu Mar 15 15:38:07 EET 2007 [INFO] Orion Launcher Leaving DBConnectionPool.getConnection method ...
Thu Mar 15 15:38:07 EET 2007 [INFO] Orion Launcher DBUtil: Entered setSubscriberConfig method ...
Thu Mar 15 15:38:07 EET 2007 [DEBUG] Orion Launcher Adding subscriber: VTT with ID: 1 in to the cache
Thu Mar 15 15:38:07 EET 2007 [INFO] Orion Launcher DBUtil: leaving setSubscriberConfig method ..

 

OID is available: ldapbind -h OIDHOST -p OIDSSLPORT -U 1 is successful.

If OC4J_SECURITY startup is retried using 'opmnctl startproc process-type=OC4J_SECURITY' the process starts successfully.

 

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms