Showing posts with label plugin. Show all posts
Showing posts with label plugin. Show all posts

Sunday, January 15, 2017

Adaptive Authentication Plugin fails with java.lang.NullPointerException

Out of the box Adaptive Authentication Plugin in OAM fails with java.lang.NullPointerException during the execution. As a result, multi factor authentication fails due to failure of Plugin initialization.

 Environment:
  • OAM 11.1.2.3 BP07 (11.1.2.3.160719)
  • RHEL6/OEL 6
Error:

 OAM Logs complaining  java.lang.NullPointerException during the initialization of Adaptive authentication Plugin.  Below is the full stack trace of exception reported in OAM Logs.

 <Jan 15, 2017 12:40:59 AM EDT> <Error> <oracle.oam.plugin> <BEA-000000> <oracle.security.am.sfa.plugin.AbstractOAMSFAPluginprocess
java.lang.NullPointerException        at java.lang.String.<init>(String.java:168)
        at oracle.security.am.sfa.messenger.UMSMessengerBase.getMessagingClient(UMSMessengerBase.java:227)
        at oracle.security.am.sfa.messenger.UMSMessengerBase.sendMessage(UMSMessengerBase.java:287)
        at oracle.security.am.sfa.messenger.UMSMessengerBase.send(UMSMessengerBase.java:259)
        at oracle.security.am.sfa.processor.SFAEmailProcessor.send(SFAEmailProcessor.java:194)
        at oracle.security.am.sfa.plugin.AbstractOAMSFAPlugin.process(AbstractOAMSFAPlugin.java:287)
        at oracle.security.am.engine.authn.internal.executor.PlugInExecutor.execute(PlugInExecutor.java:204)
        at oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor.execute(AuthenticationSchemeExecutor.java:113)
        at oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl.validateUser(AuthenticationEngineControllerImpl.java:269)
        at oracle.security.am.engines.enginecontroller.AuthnEngineController.authenticateUser(AuthnEngineController.java:986)
        at oracle.security.am.engines.enginecontroller.AuthnEngineController.processEvent(AuthnEngineController.java:341)
        at oracle.security.am.controller.MasterController.processEvent(MasterController.java:596)
        at oracle.security.am.controller.MasterController.processRequest(MasterController.java:788)
        at oracle.security.am.controller.MasterController.process(MasterController.java:708)
        at oracle.security.am.pbl.PBLFlowManager.delegateToMasterController(PBLFlowManager.java:209)
        at oracle.security.am.pbl.PBLFlowManager.handleBaseEvent(PBLFlowManager.java:147)
        at oracle.security.am.pbl.PBLFlowManager.processRequest(PBLFlowManager.java:107)
        at oracle.security.am.pbl.transport.http.AMServlet.handleRequest(AMServlet.java:222)
        at oracle.security.am.pbl.transport.http.AMServlet.doPost(AMServlet.java:178)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
        at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
......................

Cause:

This is due to failure during initialization of Plugin. If you observe the log message carefully, it actually failed during the message client initialization because of missing umsKey configuration which is used for establishing connection with SOA UMS server. This message client is required for sending the One Time Pin through email/sms.

Solution: 

Add the umsKey credentials in OAM credential store using the below WLST command.  Follow the below steps to add umsKey to credential store.
  • On OAM server, change directory to <Oralce_IDM>/common/bin 
  • Execute ./wlst.sh as shown in below screenshot
  • Run the following command to add umsKey to OAM crednetial store as shown in screenshot. Provide the 'weblogic' password of SOA domain according to your environment
    • createCred(map="OAM_CONFIG", key="umsKey", user="weblogic", password="password")


  • Once the above command is executed, you should see the umsKey credentials added in OAM Credential store through EM console of OAM domain.
That't it guys. Now this should be able to establish connection with SOA UMS server successfully and initialize the plugin withtout any issues.

For more information about configurations and issues related to AdaptiveAuthenticationPlugin in OAM, you can also refer to following links.
Thank you for visiting.
Posted by at
Labels: , , , , , , , , , , , , , , , ,

Tuesday, January 3, 2017

OAM Plugin activation failed

Hello friends - Recently while I am working on the OOB plugin configurations in OAM, I came across the following error complaining that the Plugin is in inconsistent state. After some troubleshooting on how to activate this plugin, I found a fix to resolve plugin activation failure issue. You can find the details below:

 Environment:
  • OAM 11.1.2.3BP07(11.1.2.3.160719)
  • RHEL6/OEL6

Error:
  • Login to OAM Console and navigate to Application security -> Authentication Plugins 
  • Select any out of the box plugin
  • scroll down and click on 'Activation status'. You will see the following error message as shown in screenshot
 
  • Also you will see the same error message reported in AdminServer logs in OAMDomain
<Aug 15, 2016 7:41:27 PM EDT> <Error> <oracle.oam.extensibility.lifecycle> <BEA-000000> <Action failed due to inconsistent status of plugin in different managed servers.>

Cause :

 This is due to the improper loading  of the configuration of plugin information from oam-config.xml while starting the server.

Fix:

All we need to do is just make an update to existing configuration which will load the latest plugin information. Follow the below steps to validate the configuration and to fix it. 
  • Go to <OAMDomain_Home>/config/fmwconfig/
  • Edit oam-config.xml 
  • Search for failed plugin name in oam-config.xml file. In my case, it is 'AdaptiveAuthenticationPlugin'. you will find the below section
  • Now make sure the 'activated' status is 'true'.
  • Update the 'activate' date to some latest date as shown below.
  
  •  Now increment the oam-config.xml version number by 1 in the below section. This should be in the beginning sections of oam-config.xml
  • Save the file and restart following components in OAM domain
    • AdminServer
  • Once the AdminServer is up and running, Log back into console and click on Activation status of the plugin.
  • It should be now load properly and will show the managed servernames as given below.

 For more information related to AdaptiveAuthenticationPlugin in OAM, Please refer to following links.
Thank you for visiting.
Posted by at
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)