Tuesday, May 22, 2018

This server is being started in managed server independence mode in the absence of the admin server


Error:-

<Mar 14, 2018 9:05:45 AM IST> <Emergency> <Management> <BEA-141151> <The admin server could not be reached at http://192.168.65.153:7001.>
<Mar 14, 2018 9:05:45 AM IST> <Info> <Configuration Management> <BEA-150018> <This server is being started in managed server independence mode in the absence of the admin server.>
<Mar 14, 2018 9:05:45 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Mar 14, 2018 9:05:45 AM IST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Mar 14, 2018 9:05:45 AM IST> <Notice> <Log Management> <BEA-170019> <The server log file /u03/user_projects/domains/oimdomain/servers/oim_server1/logs/oim_server1.log is opened. All server side log events will be written to this file.>
<Mar 14, 2018 9:05:53 AM oracle.security.jps.internal.idstore.util.LibOvdUtil pushLdapNamesToLibOvd
INFO: Pushed ldap name and types info to libOvd. Ldaps : DefaultAuthenticator:idstore.ldap.provideridstore.ldap.
Mar 14, 2018 9:05:53 AM oracle.security.jps.az.internal.runtime.pd.register.PDPRegister run
INFO: PDP registration succeeded.
Mar 14, 2018 9:05:54 AM oracle.iam.platform.auth.providers.wls.OIMAuthenticationProvider initialize
INFO: Authentication module initialized
<Mar 14, 2018 9:05:56 AM IST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Mar 14, 2018 9:05:56 AM IST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: java.lang.SecurityException: Method 'getAdministrationURL' cannot be invoked without administrator access
java.lang.SecurityException: Method 'getAdministrationURL' cannot be invoked without administrator acces at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:223) at weblogic.server.channels.RemoteChannelServiceImpl_1036_WLStub.getAdministrationURL(Unknown Source)  at weblogic.server.channels.RemoteChannelServiceImpl.registerInternal(RemoteChannelServiceImpl.java:184)at weblogic.server.channels.RemoteChannelServiceImpl.registerForever(RemoteChannelServiceImpl.java:147)Truncated. see log file for complete stacktrace
Caused By: java.lang.SecurityException: Method 'getAdministrationURL' cannot be invoked without administrator access at weblogic.rmi.internal.AdminAccessOnlyServerRef.getWorkManager (AdminAccessOnlyServerRef.java:29)at weblogic.rmi.internal.BasicServerRef.getWorkManager(BasicServerRef.java:442) at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:358 at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:1022)at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1173)
        Truncated. see log file for complete stacktrace
<Mar 14, 2018 9:05:56 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Mar 14, 2018 9:05:56 AM IST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Mar 14, 2018 9:05:56 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>


Resolution:-

In my case we are troubleshooting issues in DR OIM 11.1.2.3 and server went to hung state
after server was rebooted Weblogic Amin URL is pointing to different IP address.

Note:-We need to point Weblogic Admin URL to correct IPAddress ie:-192.168.65.153:7001.
            Then take backup and remove tmp and cache and start Admin and Managed servers.




Thanks,
Aditya.

Wednesday, May 2, 2018

OHS Security Header prevents images loading

Readers,

Did you ever add security header X-Content-Type-Options in OHS server configuration to prevent mime based attacks? Since IAM involves lot of security, lot of these security headers are required to be configured at OHS layer to prevent cross site scripting and mime etc.,
Some of the security headers comes with compatibility issues with few browsers for eg., X-Content-Type-Options. We had to deploy custom OAM form pages into OAM servers and proxy it through OHS for general requirements. Since this header was coming in HTTP request headers, it is preventing to load images on Custom OAM form page.
Form page is accessible through direct OAM server URL however it is failing to load via OHS. Thus we had to comment out below line for images to render on custom OAM form jsp page.

#Header always set X-Content-Type-Options "nosniff"

Hope this helps.