ORABPEL-10549 Accessing Worklist Application Configured with OpenLDAP Using SSL (Doc ID 956802.1)

Last updated on NOVEMBER 03, 2016

Applies to:

Oracle(R) BPEL Process Manager - Version: 10.1.3.1 to 10.1.3.4 - Release: AS10gR3 to AS10gR3
Information in this document applies to any platform.

Symptoms

You have configured BPEL/Workflow Services with OpenLDAP, using the instructions
in the following documents:

Oracle BPEL Process Manager Administrator's Guide
10g (10.1.3.1.0)
Part Number B28982-03
2.1.3.4 Task 4: Configure the Middle Tier to use the LDAP-based JAZN provider with Secure Socket
Layer (SSL)
http://download.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/service_config.htm#BABGEHFC

and

<Note 785313.1> Unable to Login to BPEL Console, and Worklist Console when using OID With SSL

When connecting to Worklist, the following errors are written to the container log files in the $ORACLE_HOME/opmn/logs folder:

BPEL-10519

Identity service system error.
Error while invoking Identity service. Service cannot resolve identity in realm "{0}"
Check the error stack and fix the cause of the error. Contact oracle support if error is not
fixable.
at
oracle.tip.pc.services.common.ServiceFactory.getAuthenticationServiceInstance(ServiceFactory.java:201)at
oracle.bpel.services.workflow.verification.impl.VerificationService.getAuthenticationService(VerificationService.java:397)
...
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:313)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:199)
at
oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at
com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.jav
a:303)
at java.lang.Thread.run(Thread.java:595)
Caused by: ORABPEL-00000

Exception not handled by the Collaxa Cube system.
An unhandled exception has been thrown in the Collaxa Cube system. The exception reported is:
"ORABPEL-10549

Identity Service cannot access a repository.
Identity Service cannot communicate with directory .
Check whether the directory server is running. Contact oracle support if error is not fixable.
...

After investigating the issue, using a tool such as Wireshark, it appears that the following error is received when the SSL connection is trying to be established between server and client. The error is seen in the OpenLDAP server-side logs:

SSL3_GET_CLIENT_HELLO:no shared cipher.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms