Tag: weblogic

Integrate Weblogic With Active Directory Using LDAPS

Posted on by Osama Mustafa in Fusion Middleware
In this post i will show how to integrate weblogic with active directory under LDAPS Port 636 and now using the 389, This is usually will work on different version of weblogic in my case i am using weblogic 12C.

I tried to make this article as simple as it’s, since i faced different issue during this and couldn’t find any articles or Oracle Support document that related to any of the issue i faced so i am writing this blog to share it and could be useful for people.

Weblogic Server comes with an Embedded LDAP Server which acts as the Default Provider for authentication, authorization and role mapping .Since authentication is based on JAAS ( Java Authentication and Authorization Service), we can have external providers as well one of these external provider is Active directory authentication. 

Important note :- Before start any of these steps you should ask your system administrator to create active directory user the purpose of this use only to read active directory information and system administrator should provide you with distinguished name (DN) for this user, and Assign it to Administrator Group. This is required as Active Directory gives connection only to Admin User.

Steps:



  • to enable the port you have to do different things before start doing the configuration from weblogic side, since we are using SSL Port and not the unsecured one you have to import the certificate first, the certificate could be provided to you by the system administrator, in my case to avoid any wasting of time i used Jdeveloper to import the certificate because the Jdeveloper having the capability to connect to the LDAP server in both way (636 or 389 ) once you are connected you can import the certificate.
  •  Now after importing the certificate go the weblogic server and run the below command i choose to save my certificate under #WLS_HOME/wlserver/server/lib :

keytool -import -trustcacerts -alias NEWAD -file Certifcate_name  -keystore NEWAD.jks -storepass Oracle123

    •  Alias  : the alternative name for the certificate you can choose yours but make it clear.
    • file : the certificate location where you imported from Jdeveloper or by system admin.
    • keystore : the output file and should be JKS format.
    • storepass : the password for the imported certificate.
  • once you are done from the above steps, shutdown the adminserver and managed server using the console of the weblogic and edit the setDomainEnv.sh or setDomainEnv.cmd depend on your operating system then add the below lines ( the location of the JKS file)

JAVA_OPTIONS=”${JAVA_OPTIONS} -Djavax.net.ssl.trustStore=/u01/Oracle/Middleware/fmw_soa/wlserver/server/lib/NEWAD.jks

  • Now start the AdminServer, the following steps should be done before testing anything.
  • as you see from the below picture choose custom keystore and start fill the information which is the location for the JKS without putting the file, the password for the certificate that you choose it while importing. 
  • After that you should modify the SSL part, this time you have to remember the alias and the password like the below :-
  • Under Security Realms on the left panel choose providers > New providers 
  • Weblogic having different external provider > but we want Active Directory, make sure to choose the right one.
  • Some changes should be done after the provider created which is the order and flag of the  provider , for the order the Active directory provider should come first and flag should be SUFFICIENT.
  • Start fill the information like the below which AD Host, Active directory user ( Should be created first ), Password for the user, User Base DN and in the last Group Base DN ” Don’t change anything else” and check on SSL enabled.
  • For testing and if the provider working or not, under user and groups you should be able to see the AD users and groups now in the weblogic.
Some of the errors that i face during the configuration which is related to certificate in general, i shared these error to allow people to understand what kind of errors they will face and how to solve it:


  • Error [Security:090834]No LDAP connection could be established. ldaps://HOST:636 Cannot connect to the LDAP server 

  • weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection

  • Caused by: java.lang.reflect.InvocationTargetException

  • Caused by: netscape.ldap.LDAPException: General SSLEngine problem (91); Cannot connect to the LDAP server
  • Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
  • Caused by: sun.security.validator.ValidatorException: PKIX path building failed
  • Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Thank you
Osama 

Apply Weblogic Patch Offline mode

Posted on by Osama Mustafa in Fusion Middleware

  1. Shutdown all the services for weblogic.
  2. unzip the patch under $MW_HOME/utils/bsu/cache_dir
  3. run the following command :-

./bsu.sh -prod_dir=$weblogic_home  -patch_download_dir=Patch_location -patchlist=patch_id -verbose -install

The final Result 

Or you can apply the weblogic patch using smart update

Thanks
Osama Mustafa

java.lang.securityexception access denied. required roles admin

Posted on by Osama Mustafa in Fusion Middleware
Weblogic Adminserver logs indicated to the below error :-

java.lang.securityexception access denied. required roles admin

To solve the above error, Follow the below steps :-

From the Navigation Tree –> Security Realms :-

New Page Will be Opened click on my Realms :-

From the configuration –> General 

Thank you 
Osama Mustafa

weblogic.socket.MaxMessageSizeExceededException

Posted on by Osama Mustafa in Fusion Middleware
I recently encountered below error,Adminserver.log Indicate to :-

weblogic.socket.MaxMessageSizeExceededException: Incoming message of size: ‘10000080’ bytes exceeds the configured maximum of: ‘10000000’ bytes for protocol: ‘t3’.
weblogic.socket.MaxMessageSizeExceededException: Incoming message of size: ‘10000080’ bytes exceeds the configured maximum of: ‘10000000’ bytes for protocol: ‘t3’
        at weblogic.socket.BaseAbstractMuxableSocket.incrementBufferOffset(BaseAbstractMuxableSocket.java:230)
        at weblogic.rjvm.t3.MuxableSocketT3.incrementBufferOffset(MuxableSocketT3.java:351)
        at weblogic.socket.SocketMuxer.readFromSocket(SocketMuxer.java:989)
        at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:920)
        at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:897)
        at weblogic.socket.EPollSocketMuxer.dataReceived(EPollSocketMuxer.java:215)
        at weblogic.socket.EPollSocketMuxer.processSockets(EPollSocketMuxer.java:177)
        at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
        at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:43)
        at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
        at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)

to fix this error follow the following steps :-

From Environment, Press on Adminserver  :-

Chose the tab like the below picture :-

Add the following parameter in arguments box, Save usually there is no need to restart :- 
Or if you would like change MaxMessageSize Directly from the console follow the below screen :-

Option #2 :- 
From the navigation tree :- 

Click on Module-FMWDFW

After choose the above tab, 3 options will be appear, press on each of them and Uncheck on Enable Watch  :-

SOA_SERVER ( Managed Server ) Take too Long time to Start/Restart

Posted on by Osama Mustafa in Fusion Middleware
On the weblogic console when trying to start managed Server it’s take too long time to start in my case it’s SOA_SERVER, almost 25 min only to start, which is not correct . to avoid this problem you need to follow the below steps simple but effective :-

Under Java Home ( That Used by Weblogic ) :-

cd /u01/app/fmw/jdk/jre/lib/security 

There’s file called Java.Security 

Edit this File using any Editor ( vi for example ).

Search for the following line :-

securerandom.source=file:/dev/urandom

And Change it to :-

securerandom.source=file:/dev/./urandom

Or Another way add the below line to startup script in weblogic :-

-Djava.security.egd=file:/dev/./urandom

Hope this will solve your problem.

Thank you
Osama Mustafa

[Security:090482]BAD_CERTIFICATE alert was received from Hostname

Posted on by Osama Mustafa in Fusion Middleware
[Security:090482]BAD_CERTIFICATE alert was received from Hostname. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.>
javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was received from Hostname. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertReceived(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handle(Unknown Source)
at com.certicom.tls.record.alert.AlertHandler.handleAlertMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.ReadHandler.read(Unknown Source)
at com.certicom.io.InputSSLIOStreamWrapper.read(Unknown Source)
at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:264)
at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:306)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:158)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.readLine(BufferedReader.java:299)
at java.io.BufferedReader.readLine(BufferedReader.java:362)
at weblogic.nodemanager.server.Handler.run(Handler.java:71)
at java.lang.Thread.run(Thread.java:662)

You need to recreate the certification again :-
Depend on your Operating system :-

$WL_HOME/server/bin/setWLSEnv.sh Or setWLSEnv.cmd

cd $WL_HOME/server/lib

 Copy DemoIdentity.jks to another directory as backup.

then inside the WLS_HOME/server/lib run:-

Generate the private key.

java utils.CertGen -keyfilepass DemoIdentityPassPhrase -certfile newcert -keyfile newkey 

Import the key generated

java utils.ImportPrivateKey -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -keyfile newkey.pem -keyfilepass DemoIdentityPassPhrase -certfile newcert.pem -alias demoidentity 

 Restart AdminConsole and Nodemanager and try to start managed server.

Thank you
Osama mustafa

java.lang.ClassNotFoundException: oracle.dms.wls.DMSServletFilter

Posted on by Osama Mustafa in Fusion Middleware
This Error Appeared while trying to start managed Server “edq_server1” , The starting results it’s completed with successfully status but some deployment end with Failed status , which mean edq_server will not work correctly, therefore i checked the logs which the below error :-

Caused By: java.lang.ClassNotFoundException: oracle.dms.wls.DMSServletFilter
        at weblogic.utils.classloaders.GenericClassLoader.findLocalClass(GenericClassLoader.java:297)
        at weblogic.utils.classloaders.GenericClassLoader.findClass(GenericClassLoader.java:270)
        at weblogic.utils.classloaders.ChangeAwareClassLoader.findClass(ChangeAwareClassLoader.java:64)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
        at weblogic.utils.classloaders.GenericClassLoader.loadClass(GenericClassLoader.java:179)
        at weblogic.utils.classloaders.ChangeAwareClassLoader.loadClass(ChangeAwareClassLoader.java:43)
        at weblogic.servlet.internal.WebComponentContributor.getNewInstance(WebComponentContributor.java:224)

To solve this error :-

cd /u01/app/oracle/product/fmw/wlserver_10.3/common/nodemanager
vi nodemanager.properties

And search for 

StartScriptEnabled=false

change it to

StartScriptEnabled=true

Restart Node manager and try again.
Thank you
Osama Mustafa

Weblogic 12c installation

Posted on by Osama Mustafa in Fusion Middleware
there are over 200 new features in weblogic 12c, some of this features
are:-

 Simplified Deployment and Management with Virtualization
 Integrated Traffic Management
 Integrated WebLogic/RAC Clusters
 Seamless Upgrade From WebLogic, iAS and Others

This Document Describe steps to install Oracle weblogic 12c, operating system Oracle Linux 6.4, You can Download Document here

Thank you
Osama Mustafa