OracleVM 3.3.1 and External Authentication

Some of the customers (including my company Ratioware) has defined OracleVM Manager to use external authentication (like LDAP or Active Directory) to be used to authenticate the users when logging into OracleVM Manager console.

This used to work well with OracleVM 3.2.x.

When we upgraded OracleVM 3.2.8 to OracleVM 3.3.1 we noticed that all those custom authentication settings were lost. Well, that is “kind” of acceptable assuming Oracle perhaps doesn’t like us to tweak the underlying WebLogic.

After changing the authentication provider back to utilize our external authentication provider I noticed that I wasn’t any more able to login to OracleVM console. I was able to login to WebLogic Console but not into OracleVM Manager console. I got “Unexpected error during login”.

Error messages in the weblogic log files stated:

<2014-11-11T20:19:25.066+0200> <Error> <com.oracle.ovm.appfw.coreinterface.ConnectionManager> <BEA-000000> <AppFw session 1: Failed to connect to Web Service API.
com.oracle.ovm.mgr.ws.model.WsException: AUTH_000002:Connection to manager failed: AUTH_000002:Connection to manager failed: Certificate authentication failed: certificate unrecognized (CN=admin, OU=Oracle VM Manager, O=Oracle Corporation, C=US).
Tue Nov 11 20:19:25 EET 2014 (AUTH_000002)

Changing the order of authentication providers or the requried –attributes didn’t help in the issue.

There is Oracle Doc ID 1942473.1 related to this with solution suggestion:

Steps to fix this:

1. cd /u01/app/oracle/ovm-manager-3/bin/
2. ./configure_client_cert_login.sh

The configure_client_cert_login.sh will ask you the username and the password for the OVM manager. In my case I did have “admin” user but for some reason the password was not upgraded correctly and I needed to reset the “admin” user password in OVM WLS console before I could execute this script correctly.

You could potentially also use “weblogic” user to run the script.

After running this client certification script the OracleVM Manager login started working correctly and we were able to use our external authenticator with our OracleVM Manager console.

Connection to VirtualBox BPM 12c Project Access Manager (PAM) from Local JDeveloper

I attended Oracle BPM Suite 12c partner training in Finland and the labs had Oracle Virtual Box image that we used in the training.

Virtual Box had JDeveloper embedded but I wanted to use my local copy of BPM Quick Start JDeveloper running on my bare metal laptop.

When trying to set up Project Access Manager (PAM) and connect to the repository I would get errors like: Could not connect to repository endpoint: localhost:7323

The reason for this was that when the internal SVN server starts up it looks up the hostname (soabpm-vm in this case) and queries the IP address for this. In pre-built virtual box the /etc/hosts file looks like:

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
soabpm-vm soabpm-vm.site

When BPM Suite 12c is starting up all other components start listening for 0.0.0.0 address (all IP addresses) but SVN server starts listening for 127.0.0.1 address. This means we cannot access this SVN address outside the Virtual Box, even when using port forwarding.

I tried to find a way to configure the SVN server to listed for 0.0.0.0 addresses but I could not find that. That was somewhere deep inside the code that wasn’t easily discovered.

To workaround this issue it requires reconfiguring the network interfaces:

Step 1

Add second network interface to virtual machine that is attached to “Host-Only Adapter”.

This enables the connectivity to 192.168.56.0 network.

In my setup Host Only network details looks like this in the main Virtual Box preferences window:

As we can see the built-in DHCP server starts delivering the DHCP addresses starting from 192.168.56.101. It is safe to assign fixed addresses below 192.168.56.100, in this case I decided to assign my Virtual Box BPM 12c installation a fixed IP address of 192.168.56.50.

I still wanted to keep the NAT network interface in the virtual box because that enables me to use network resources outside the virtual box (like external YUM repositories etc).

Step 2

Configure the ethernet interface (either eth1 or eth2 depending on how you defined your virtual networks in VM settings):

cd /etc/sysconfig/network-scripts

ifcfg-eth2 or (ifcfg-eth1 if you changed the NAT’ed to Host-Only Adapter)
# Please read /usr/share/doc/initscripts-*/sysconfig.txt
# for the documentation of these parameters.
DEVICE=eth1
BOOTPROTO=static
TYPE=Ethernet
HWADDR=08:00:27:41:19:1a
NM_CONTROLLED=no
PEERDNS=yes
IPADDR=192.168.56.50
SUBNET=255.255.25.0

Remember to change the HWADDR to point to your virtual NIC Hardware address.

After changing the network adapter settings you can reset the network settings my issuing command “service network restart” as root.

Step 3

Changed the IP address in the /etc/hosts file like this:

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.56.50 soabpm-vm soabpm-vm.site

Step 4

After network settings has been changed restart the BPM Suite 12c installation. If running pre-build BPM 12c image, just bounce the AdminServer.

Step 5

Edit your workstartion hosts file to point to the fixed IP address. As Windows Administrator edit the file

C:\Windows\System32\drivers\etc\hosts

Add line:

192.168.56.50 soabpm-vm.site soabpm-vm

Step 6

Configure your BPM Studio PAM connection and test that it works:

OpenSSL Heartbleed Oracle Fixes

Some of the Oracle software is also affected by the Heartbleed vulnerability. Specifically if you are using Oracle Linux 6, you should update your operating system using ULN or Oracle Public YUM repository.

For more information please see:

http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

OracleVM 3.2.8 Downloadable

OracleVM 3.2.8 just got published in Oracle Support and Public Yum repository.

Use Patch 16410417 to download the OracleVM Manager 3.2.8 zipped ISO image. You can use Oracle yum repository to upgrade your OracleVM Servers.

Oracle BPM Suite 11.1.1.7.2 WebForms entryId is null

Ran into Oracle BPM Suite 11.1.1.7 Web Form issue after upgrading from 11.1.1.6 to 11.1.1.7. When trying to create web form in Oracle BPM composer, I get “entryId is null” error.

When looking at the log files I can see

[2014-02-06T13:54:03.233-08:00] [AdminServer] [ERROR] [] [com.frevvo.forms.web.ConfigurationResource] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: 11d1def534ea1be0:-4d925ede:14409288963:-8000-00000000000002a3,0] [APP: frevvo] Configuration error: Users database schema - ORA-00942: table or view does not exist[[]]

… 
[2014-02-06T13:54:03.245-08:00] [AdminServer] [WARNING] [] [com.frevvo.billing.database.UserDBUtil] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: 11d1def534ea1be0:-4d925ede:14409288963:-8000-00000000000002a3,0] [APP: frevvo] Could not get user ids for tenant d[[
java.sql.SQLSyntaxErrorException: ORA-00942: table or view does not exist      

Solution

Even though I had executed psa against the SOA infrastructure, looks like still some tables were not upgraded properly. Might have been because I extended the domain with Frevvo extensions later on.

Solution is to execute psa (once more) for soainfra. This will upgrade soa-infra to 11.1.1.7. so that those Frevvo tables are created properly and you can design your Web forms.