Since last night the latest release of the Oracle WebLogic Server 12.2.1.3.0 is available.
I have already installed and configured the latest release, the installation process remains the same as in the previous release, so nothing really new.
The Configuration Wizard ($ORACLE_HOME/oracle_common/common/bin/config.sh) got a new cool neat feature. On the screen 2 of the Configuration Wizard (Templates), you will find a Filter Templates option. In this Filter Templates you can type in the Template you are searching for, which is really useful when you got a fully installed Oracle Fusion Middleware Product like SOA Suite and the Template list is really long.
When you apply a filter (it must only be a part of the string) like "Coher", you available Templates will be aligned accordingly.
The WebLogic Server Console remains the same as the previous releases, there are on the first look no changes and new sections.
Also a cool new feature is within the Data Sources (Active Grid Link AGL), that you can use now an alias from a referenced tnsnames.ora file.
You will need to the set the following system property "-Doracle.net.tns_directory=<path to your tnsnames.ora>" in which you point to the directory in which your tnsnames.ora is located. In the tnsnames.ora you just define as usual your tnsnames alias.
Furthermore you should have a closer look on the "What's New in Oracle WebLogic Server 12.2.1.3.0" documentation (http://docs.oracle.com/middleware/12213/wls/NOTES/whatsnew.htm#NOTES107), specially the Section "Patch Set 3". Under Deprecated Features you will find following:
JMS resource adapters will be removed in the next release of Oracle WebLogic Server, which might be 12.2.1.4.0 or 12.3.1.0.0 !
This Blog is discontinued, its only read-only
Pages - Menu
▼
Pages
▼
Thursday, August 31, 2017
Wednesday, August 30, 2017
Oracle Fusion Middleware 12.2.1.3.0 available
Since today the latest release of the Oracle Fusion Middleware Stack is available for download under Oracle Technology Network.
The latest release of the Fusion Middleware Stack 12.2.1.3.0 contains various products:
Oracle WebLogic Server 12.2.1.3.0 can be found under http://www.oracle.com/technetwork/middleware/weblogic/downloads/index.html
Oracle Forms & Reports 12.2.1.3.0 can be found under http://www.oracle.com/technetwork/developer-tools/forms/downloads/index.html
Oracle SOA Suite 12.2.1.3.0 can be found under http://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html
Oracle Traffic Director 12.2.1.3.0 can be found under http://www.oracle.com/technetwork/middleware/otd/downloads/index.html
JDeveloper 12.2.1.3.0 can be found under http://www.oracle.com/technetwork/middleware/otd/downloads/index.html
And there is a lot more ...
The complete documentation set for the latest Oracle Fusion Middleware 12.2.1.3.0 Release can be found under http://docs.oracle.com/en/middleware/fusion-middleware/index.html
Happy download and testing :-)
The latest release of the Fusion Middleware Stack 12.2.1.3.0 contains various products:
Oracle WebLogic Server 12.2.1.3.0 can be found under http://www.oracle.com/technetwork/middleware/weblogic/downloads/index.html
Oracle Forms & Reports 12.2.1.3.0 can be found under http://www.oracle.com/technetwork/developer-tools/forms/downloads/index.html
Oracle SOA Suite 12.2.1.3.0 can be found under http://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html
Oracle Traffic Director 12.2.1.3.0 can be found under http://www.oracle.com/technetwork/middleware/otd/downloads/index.html
JDeveloper 12.2.1.3.0 can be found under http://www.oracle.com/technetwork/middleware/otd/downloads/index.html
And there is a lot more ...
The complete documentation set for the latest Oracle Fusion Middleware 12.2.1.3.0 Release can be found under http://docs.oracle.com/en/middleware/fusion-middleware/index.html
Happy download and testing :-)
Internet Explorer under Mac OS X
In case, you are like me regularly working with Web environments, you will need to test from time to time your stuff with different browser, e.g. Safari, Chrome, Firefox and Internet Explorer.
Under Mac OS X many Users are using for example Safari and switching the User Agent to Internet Explorer 11 or something like that to simulate an Internet Explorer.
Microsoft is providing for free (YES, its for FREE !!!) a Virtual Machine for 90 days. The Downloads can be found here: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
You can choose between following Internet Explorer Versions:
And for all above Release combinations you have the choice between following VM-Types:
After you are done with the download of your desired combination, just import the VM into your Environment, modify the settings if necessary, e.g. MAC address of Network card and start the VM.
And now you can perform your tests with an real Internet Explorer . . .
Under Mac OS X many Users are using for example Safari and switching the User Agent to Internet Explorer 11 or something like that to simulate an Internet Explorer.
Microsoft is providing for free (YES, its for FREE !!!) a Virtual Machine for 90 days. The Downloads can be found here: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
You can choose between following Internet Explorer Versions:
- IE8 on Windows 7
- IE9 on Windows 7
- IE10 on Windows 7
- IE11 on Windows 7
- IE11 on Windows 81
- MSEdge on Windows 10 Stable 15.15063
- MSEdge on Windows 10 Preview 16.16257
And for all above Release combinations you have the choice between following VM-Types:
- VirtualBox
- Vagrant
- HyperV (Windows)
- VPC (Windows)
- VMware (Windows, Mac)
- Parallels (Mac)
After you are done with the download of your desired combination, just import the VM into your Environment, modify the settings if necessary, e.g. MAC address of Network card and start the VM.
And now you can perform your tests with an real Internet Explorer . . .
Friday, August 25, 2017
Display Oracle Forms 12c Sessions with WLST
Sometimes you want to get a quick overview of the current connected Forms Sessions in your Oracle Forms 12c environment and the Fusion Middleware Control (http://<servername>:7001/em) is sometimes really slow reacting.
Under the My Oracle Support (MOS) Note 1580517.1 you can find a small handy Python Script, which should display you all informations about your current Forms Sessions against a specific Managed Server hosting your Forms Application. But with Oracle Forms 12c this is not longer working out of box.
Under Oracle Forms 12c the DMS nouns are not converted to MBeans by default and the MOS Script is based on an access to "oracle.dms:type=FormsRuntimeInfo".
So at first you need to enable the DMS Nouns MBeans on your Managed Server hosting your Oracle Forms Application. For this simply connect with WLST to your Admin Server of your WebLogic Server and perform following steps:
After that restart your Managed Server and from now on you have the DMS nouns converted to MBeans which can be accessed via WLST.
In addition, I found from an unknown author a nice modification of the provided script from the MOS Note 1580517.1, which can be found here http://yong321.freeshell.org/oranotes/FormsServerSessionMonitor.txt (in case you are the author or you know the author, please drop me a comment here, merci)
This script, is quite nice, but I modified it on top, so that you get for each execution of the script a logfile with timestamp in the logfile name and I added a more secure way for the connect data to your Managed Server.
What you will need now are 2 file:
As next create the mon_frm_sessions.py
And now you can execute the above Python Script with WLST
Enjoy displaying your current Forms Sessions without connecting to the Fusion Middleware Control :-)
Under the My Oracle Support (MOS) Note 1580517.1 you can find a small handy Python Script, which should display you all informations about your current Forms Sessions against a specific Managed Server hosting your Forms Application. But with Oracle Forms 12c this is not longer working out of box.
Under Oracle Forms 12c the DMS nouns are not converted to MBeans by default and the MOS Script is based on an access to "oracle.dms:type=FormsRuntimeInfo".
So at first you need to enable the DMS Nouns MBeans on your Managed Server hosting your Oracle Forms Application. For this simply connect with WLST to your Admin Server of your WebLogic Server and perform following steps:
$ORACLE_HOME/oracle_common/common/bin/wlst.sh Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands # Replace Username, Password, Server plus Port with your settings wls:/offline> connect('weblogic','welcome1','localhost:7001') Connecting to t3://localhost:7001 with userid weblogic ... Successfully connected to Admin Server "FRTESTAdminServer" that belongs to domain "FRTEST". Warning: An insecure protocol was used to connect to the server. To ensure on-the-wire security, the SSL port or Admin port should be used instead. wls:/FRTEST/serverConfig/> updateDMSEventRoute(destinationid="mbeanCreationDestination", enable="true", server="<Servere Name>") # For example wls:/FRTEST/serverConfig/> updateDMSEventRoute(destinationid="mbeanCreationDestination", enable="true", server="WLS_FORMS;") wls:/FRTEST/serverConfig/> exit()
After that restart your Managed Server and from now on you have the DMS nouns converted to MBeans which can be accessed via WLST.
In addition, I found from an unknown author a nice modification of the provided script from the MOS Note 1580517.1, which can be found here http://yong321.freeshell.org/oranotes/FormsServerSessionMonitor.txt (in case you are the author or you know the author, please drop me a comment here, merci)
This script, is quite nice, but I modified it on top, so that you get for each execution of the script a logfile with timestamp in the logfile name and I added a more secure way for the connect data to your Managed Server.
What you will need now are 2 file:
- domain.properties: which contains your connection details to your Managed Server and the location of the logfile
- mon_frm_sessions.py: Python Script which retrieves the current running Forms Sessions including Client IP, DB Username, DB Session ID, Forms Session PID, Forms Section Name (from formsweb.cfg)
Create the property file named domain.properties and set the permission to 600 (chmod 600 domain.properties):
# Replace with your hostname and Port of Managed Server admin.url=localhost:9001 # Replace with your Password admin.password=welcome1 # Replace with your Username admin.username=weblogic # Replace with your preferred Logfile Location # Please note, the trailing slash at the end is needed ! logfile.location=/u00/app/oracle/logs/
As next create the mon_frm_sessions.py
import sys import re import os from datetime import datetime from java.io import File from java.io import FileOutputStream from java.io import FileInputStream # Load Connection Properties propInputStream = FileInputStream("domain.properties") configProps = Properties() configProps.load(propInputStream) adminURL=configProps.get("admin.url") adminPassword=configProps.get("admin.password") adminUser=configProps.get("admin.username") logFileLocation=configProps.get("logfile.location") # Construct the Logfile with Timestamp LogFileName = logFileLocation +'mon_frm_sessions-%s.log'%datetime.now().strftime('%Y_%m_%d_%H_%M_%S') redirect('/dev/null', 'false') # Perform connection to Managed Server hosting Forms App connect(adminUser,adminPassword,adminURL) custom() cd ('oracle.dms') children = ls() childList = children.split("\n"); f = open(LogFileName, 'a') f.write("\n" + datetime.now().strftime("%Y-%m-%d %H:%M:%S") + "\n") f.write("Config\tDBName\tDBSessID\tClientIP\tPID\tUser\n") # Printout for stdout print "Config\tDBName\tDBSessID\tClientIP\tPID\tUser" for child in childList: childInfo = child.split(' '); length = len(childInfo); if (len(childInfo) > 2 and re.match('oracle.dms:type=FormsRuntimeInfo,name=/frmDMS/\d',childInfo[3])): cd(childInfo[3]); attrs = ls(); attrList = attrs.split("\n"); for attr in attrList: if (attr.find("config_value") != -1 or attr.find("dbname_value") != -1 or attr.find("dbsessid_value") != -1 or attr.find("ip_value") != -1 or attr.find("pid_value") != -1 or attr.find("user_value") != -1): try: vl = attr.split()[2]+'\t' except IndexError: vl = '\t' f.write(vl) sys.stdout.write(vl) f.write("\n") print cd ('..') print " " print "Logfile are generated: " + LogFileName disconnect()
And now you can execute the above Python Script with WLST
$ORACLE_HOME/oracle_common/common/bin/wlst.sh mon_frm_sessions.py Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands Config DBName DBSessID ClientIP PID User test DB122 1145 172.18.46.11 10313 scott demo DB122 1234 172.18.46.11 21330 scott Logfile are generated: /u00/app/oracle/logs/mon_frm_sessions-2017_08_25_15_40_54.log
Enjoy displaying your current Forms Sessions without connecting to the Fusion Middleware Control :-)
Thursday, August 24, 2017
Oracle Forms 12c and FRM-93652
I am currently working on a huge migration project for Oracle Forms 11g to Oracle Forms 12c (12.2.1.2.0) and we experience some nice FRM-93652 errors in several Forms.
We had several Forms masks on which we executed a query over the menu, data is displayed in the Forms mask afterwards we clicked a button to exit the Forms and the complete Forms session crashed with FRM-93652 :-)
In the underlying formsapp-diagnostic.log in $DOMAIN_HOME/servers/<servername>/logs directory, I only could see following 3 lines:
The important parts are:
After some investigations in My Oracle Support (MOS), I only found a MOS Note for Oracle Forms 11g "Forms Crash With Error FRM-93652 After 11g Upgrade (Doc ID 1096125.1)". This MOS Note is providing a solution who to avoid the above mentioned FRM-93652 error by setting the menu property "Share Library with Form"= Yes or apply a Patch 9965029. But this MOS Note is exclusively for Oracle Forms 11g (11.1.1.2.0 to 11.1.2.2.0) and the referenced Patch is a One-Off-Patch Oracle Database 11g (11.1.0.70 to 11.2.0.3.7).
Every Oracle Forms & Reports Software Home is also containing Oracle Database Required Support Files, so I simply cross checked my ORACLE_HOME which Version are the Database Components in my Oracle Forms and Reports 12.2.1.2.0 Release:
I downloaded the Patch 9965029 for Linux and Oracle Release 11.2.0.3.0, stopped all processes from the Oracle Forms & Reports environment (Managed Servers, OHS, AdminServer and Node Manager) and applied the Patch 9965029 to my Oracle Forms & Reports Software Home with the opatch utility under $ORACLE_HOME/OPatch, started my complete Oracle Forms & Reports Environment and tested once again if the FRM-93652 error comes up again . . . and the problem was solved :-)
I hope that Oracle Support or Oracle Product Management for Forms & Reports will update the My Oracle Support Note 1096125.1, that the provided Patch can also be used for Oracle Forms & Reports 12c.
Update 25th August 2017: I received a confirmation from My Oracle Support, that the above mentioned patch can be used for Oracle Forms & Reports Release 12.2.1.2.0
We had several Forms masks on which we executed a query over the menu, data is displayed in the Forms mask afterwards we clicked a button to exit the Forms and the complete Forms session crashed with FRM-93652 :-)
In the underlying formsapp-diagnostic.log in $DOMAIN_HOME/servers/<servername>/logs directory, I only could see following 3 lines:
[2017-08-24T11:16:50.300+02:00] [MS_FORMS] [ERROR] [FRM-93546] [oracle.forms.servlet] [tid: 21] [userId: <anonymous>] [ecid: b629152b-5758-4998-8aac-f6d306179e0f-000000f0,0] [APP: formsapp] [partition-name: DOMAIN] [tenant-name: GLOBAL] [FORMS_SESSION_ID: MS_FORMS.formsapp.6] [SRC_CLASS: oracle.forms.servlet.RunformProcess] [SRC_METHOD: fromFrmwebToODL] external message from runtime process: In-flux value for a pin at 0x29d0290 [2017-08-24T11:16:50.300+02:00] [MS_FORMS] [ERROR] [FRM-93546] [oracle.forms.servlet] [tid: 21] [userId: <anonymous>] [ecid: b629152b-5758-4998-8aac-f6d306179e0f-000000f0,0] [APP: formsapp] [partition-name: DOMAIN] [tenant-name: GLOBAL] [FORMS_SESSION_ID: MS_FORMS.formsapp.6] [SRC_CLASS: oracle.forms.servlet.RunformProcess] [SRC_METHOD: fromFrmwebToODL] external message from runtime process: kgepop: no error frame to pop to for error 600 [2017-08-24T11:16:50.306+02:00] [MS_FORMS] [ERROR] [FRM-93652] [oracle.forms.servlet] [tid: 21] [userId: <anonymous>] [ecid: b629152b-5758-4998-8aac-f6d306179e0f-000000f0,0] [APP: formsapp] [partition-name: DOMAIN] [tenant-name: GLOBAL] [FORMS_SESSION_ID: MS_FORMS.formsapp.6] [SRC_CLASS: oracle.forms.servlet.BaseServlet] [SRC_METHOD: logConnectionException] The runtime process has terminated abnormally.
The important parts are:
. . . [FRM-93546] . . . external message from runtime process: In-flux value for a pin at 0x29d0290 . . . [FRM-93546] . . . external message from runtime process: kgepop: no error frame to pop to for error 600 . . . [FRM-93652] . . . logConnectionException] The runtime process has terminated abnormally.
After some investigations in My Oracle Support (MOS), I only found a MOS Note for Oracle Forms 11g "Forms Crash With Error FRM-93652 After 11g Upgrade (Doc ID 1096125.1)". This MOS Note is providing a solution who to avoid the above mentioned FRM-93652 error by setting the menu property "Share Library with Form"= Yes or apply a Patch 9965029. But this MOS Note is exclusively for Oracle Forms 11g (11.1.1.2.0 to 11.1.2.2.0) and the referenced Patch is a One-Off-Patch Oracle Database 11g (11.1.0.70 to 11.2.0.3.7).
Every Oracle Forms & Reports Software Home is also containing Oracle Database Required Support Files, so I simply cross checked my ORACLE_HOME which Version are the Database Components in my Oracle Forms and Reports 12.2.1.2.0 Release:
$ORACLE_HOME/oui/bin/viewInventory.sh | grep "FeatureSet: db_clientFR" FeatureSet: db_clientFR 11.2.0.3.0
I downloaded the Patch 9965029 for Linux and Oracle Release 11.2.0.3.0, stopped all processes from the Oracle Forms & Reports environment (Managed Servers, OHS, AdminServer and Node Manager) and applied the Patch 9965029 to my Oracle Forms & Reports Software Home with the opatch utility under $ORACLE_HOME/OPatch, started my complete Oracle Forms & Reports Environment and tested once again if the FRM-93652 error comes up again . . . and the problem was solved :-)
I hope that Oracle Support or Oracle Product Management for Forms & Reports will update the My Oracle Support Note 1096125.1, that the provided Patch can also be used for Oracle Forms & Reports 12c.
Update 25th August 2017: I received a confirmation from My Oracle Support, that the above mentioned patch can be used for Oracle Forms & Reports Release 12.2.1.2.0
Tuesday, August 22, 2017
Parsing Named Arguments into Python Scripts
If you are coming from the Shell Script World, you are used to parse Named Arguments into your Shell Script, e.g "-u" for Username, "-p" for Password and so on. With Python Scripts you normally pass ordered arguments into your Python Script, so you are bond with the arguments in a fixed order, while passing Named Arguments you can reshuffle them in any order.
A typical Shell Script Snippet would look like that:
The same you can achieve for your Python Scripts to be used with the Oracle WebLogic Server command line tool wlst.
A typical Shell Script Snippet would look like that:
export UserName="" export PassWord="" export URL="" while getopts u:p:c: CurOpt; do case ${CurOpt} in u) UserName="${OPTARG}" ;; p) PassWord="${OPTARG}" ;; c) URL="${OPTARG}" ;; ?) Usage ;; esac done shift $((${OPTIND}-1)) # Call a function for checking of given Parameter Values CheckInputParams
The same you can achieve for your Python Scripts to be used with the Oracle WebLogic Server command line tool wlst.
import sys uname='' pword='' url='' def helpUsage(): print 'Usage: test.py [-help]' print ' [-username] Username for the connect' print ' [-password] Password for the connect User' print ' [-url] URL for the connect' exit() for i in range(len(sys.argv)): if sys.argv[i] in ("-help"): helpUsage() elif sys.argv[i] in ("-url"): if i+1 < len(sys.argv): url = sys.argv[i+1] elif sys.argv[i] in ("-username"): if i+1 < len(sys.argv): uname = sys.argv[i+1] elif sys.argv[i] in ("-password"): if i+1 < len(sys.argv): pword = sys.argv[i+1] if len(uname)==0 or len(pword)==0 or len(url)==0: print 'Missing required arguments (-url, -username, -password)' print ' ' helpUsage() connect(uname,pword,url) # # Perform your Tasks # exit()Now you can call your Python Script with wlst and provide the required Named Arguments in any order you like, e.g.:
# Using Named Argument -help wlst.sh test.py -help Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands Usage: test.py [-help] [-username] Username for the connect [-password] Password for the connect User [-url] URL for the connect Exiting WebLogic Scripting Tool. # Using Named Arguments -username / -password / -URL wlst.sh test.py -username weblogic -url t3://localhost:7001 -password Welcome1 Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands Connecting to t3://localhost:7001 with userid weblogic ... . . . . . . Successfully connected to Admin Server "DEMOAdminServer" that belongs to domain "DEMODomain". Exiting WebLogic Scripting Tool. # Using Named Arguments, but forgot to pass a value for Argument -Password wlst.sh test2.py -username weblogic -url t3://localhost:7001 -password Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands Missing required arguments (-url, -username, -password) Usage: test.py [-help] [-uname] Username for the connect [-password] Password for the connect User [-url] URL for the connect Exiting WebLogic Scripting Tool.With a simple small Python Block you can easily pass Named Arguments into your Python Scripts in the same way you know it with Shell Scripts.
Monday, August 21, 2017
Configure Single Sign On for Cloud Control 13c against Active Directory
In many cases you want to use your Microsoft Active Directory Login to be authenticated against your Oracle Cloud Control 13c.
Here is a step by step solution how to implement Single Sign On for your Oracle Cloud Control against Microsoft Active Directory.
Lets assume following Environment:
Connect to the Windows Server Hosting your Active Directory and execute following steps
Name the to be created Service Account = your Cloud Control Server
Afterwards transfer the above created keytab file named krb5.keytab to your Cloud Control 13c Server.
Now connect to your Server which is Hosting your Oracle Cloud Control 13c and perform following steps.
After the restart of your OMS, connect to the WebLogic Server Console of your Oracle Cloud Control 13c, usually its the SSL Port 7101 (https://<CloudControlServer>:7101/console )
Select in the Domain Structure "Security Realms" and navigate to "Providers / Authentication"
Open the Authentication Provider EM_AD_Provider and navigate to "Configuration / Provider Specific"
Align following Attributes (activate at first in the Change Center the "Lock & Edit" Mode):
Original Attributes:
EXTRA_JAVA_PROPERTIES="-Djavax.management.builder.initial=weblogic.management.jmx.mbeanserver.WLSMBeanServerBuilder ${EXTRA_JAVA_PROPERTIES}"
export EXTRA_JAVA_PROPERTIES
and add below this 2 lines following block:
Now configure the SSO for the OMS
After that perform a restart of your OMS:
Now, when you are connecting the first time to the Cloud Control 13c and logging in with your AD-User, there will be automatically created the SSO User within your Cloud Control 13c and you can connect with your AD-User and corresponding AD-Password.
Here is a step by step solution how to implement Single Sign On for your Oracle Cloud Control against Microsoft Active Directory.
Lets assume following Environment:
- AD Domain = DEMO.COM
- Microsoft AD Server = adserver.demo.com
- AD LDAP Port = 389
- Cloud Control 13c Server = cloudcontrol13c.demo.com
Windows Steps
Connect to the Windows Server Hosting your Active Directory and execute following steps
1. Create a corresponding Service Account for the Oracle Management Server (OMS) in your Active Directory:
Name the to be created Service Account = your Cloud Control Server
dsadd user="cn=<ServiceAccountName>,cn=users,dc=<Domain>,dc=<TLD>" -disabled no -pwd <Password for ServiceAccountName> -canchpwd no -mustchpwd no -pwdneverexpirer yes # For Example dsadd user="cn=cloudcontrol13c,cn=users,dc=demo,dc=com" -disabled no -pwd Welcome1 -canchpwd no -mustchpwd no -pwdneverexpirer yes
2. Create a keytab file:
ktpass -princ HTTP/<ServiceAccountName>.<Domain>.<TLD>@;.<Domain>.<TLD> -mapuser <ServiceAccountName> -crypto all -ptype KRB5_NT_PRINCIPAL -out c:\temp\krb5.keytab # For Example: ktpass -princ HTTP/cloudcontrol13c.demo.com@DEMO.COM -mapuser cloudcontrol13c -crypto all -ptype KRB5_NT_PRINCIPAL -out c:\temp\krb5.keytab
Afterwards transfer the above created keytab file named krb5.keytab to your Cloud Control 13c Server.
Cloud Control Steps
Now connect to your Server which is Hosting your Oracle Cloud Control 13c and perform following steps.
1. Create the Active Directory Authentication Provider
emctl config auth ad -ldap_host "<AD-Servername>" -ldap_port "<LDAP-PORT>" \ ldap_principal "cn=<ServiceAccountName>,cn=users,dc=<Domain>,dc=<TLD>" -ldap_credential "<Password for ServiceAccountName>" \ -user_base_dn "cn=users,dc=<Domain>,dc=<TLD>" -Group_base_dn "cn=groups,dc=<Domain>,dc=<TLD>" \ -sysman_pwd "<SYSMAN Password>" # For Example: emctl config auth ad -ldap_host "adserver.demo.com" -ldap_port "389" \ ldap_principal "cn=cloudcontrol13c,cn=users,dc=demo,dc=com" -ldap_credential "Welcome1" \ -user_base_dn "cn=users,dc=demo,dc=com" -Group_base_dn "cn=groups,dc=demo,dc=com" \ -sysman_pwd "Welcome1" # Now restart your OMS emctl stop oms -all emctl start oms
After the restart of your OMS, connect to the WebLogic Server Console of your Oracle Cloud Control 13c, usually its the SSL Port 7101 (https://<CloudControlServer>:7101/console )
Select in the Domain Structure "Security Realms" and navigate to "Providers / Authentication"
Open the Authentication Provider EM_AD_Provider and navigate to "Configuration / Provider Specific"
Align following Attributes (activate at first in the Change Center the "Lock & Edit" Mode):
Original Attributes:
- All Users Filter: <empty>
- User From Name Filter: (&cn=%u) (objectclass=user))
- User Name Attribute: cn
- User Object Class: user
- All Users Filter: (&(sAMAccountName=*) (objectclass=user))
- User From Name Filter: (&(sAMAccountName=%u) (objectclass=user))
- User Name Attribute: sAMAccountName
- User Object Class: user
2. Create the JAAS Configuration File krb5Login.conf
The next step is to create the required JAAS Configuration File krb5Login.conf within the DOMAIN_HOME of your Cloud Control 13c.# for Oracle (SUN) JDK com.sun.security.jgss.krb5.initiate { com.sun.security.auth.module.Krb5LoginModule required principal="HTTP/cloudcontrol13c.demo.com@DEMO.COM" useKeyTab=true keyTab=/etc/krb5.keytab storeKey=true debug=true; }; com.sun.security.jgss.krb5.accept { com.sun.security.auth.module.Krb5LoginModule required principal="HTTP/cloudcontrol13c.demo.com@DEMO.COM" useKeyTab=true keyTab=/etc/krb5.keytab storeKey=true debug=true; }; # For IBM JDK (under AIX) com.ibm.security.jgss.krb5.initiate { com.ibm.security.auth.module.Krb5LoginModule REQUIRED principal="http/cloudcontrol13c.demo.com" useKeytab="FILE:/etc/krb5.keytab" credsType=initiator debug=true; }; com.ibm.security.jgss.krb5.accept { com.ibm.security.auth.module.Krb5LoginModule REQUIRED principal="http/cloudcontrol13c.demo.com" useKeytab="FILE:/etc/krb5.keytab" credsType=acceptor debug=true; };
3. Align setDomainEnv.sh
Now we need to align the setDomainEnv.sh in the DOMAIN_HOME/bin directory. Search for the 2 lines:EXTRA_JAVA_PROPERTIES="-Djavax.management.builder.initial=weblogic.management.jmx.mbeanserver.WLSMBeanServerBuilder ${EXTRA_JAVA_PROPERTIES}"
export EXTRA_JAVA_PROPERTIES
and add below this 2 lines following block:
if [ "${SERVER_NAME}" = "EMGC_OMS1" ] ; then EXTRA_JAVA_PROPERTIES="-Djava.security.krb5.realm=%lt;Domain>.<TLD> -Djava.security.krb5.kdc=<AD-Servername> -Djava.security.auth.login.config=<Path to krb5Login.conf>/krb5Login.conf -Djavax.security.auth.useSubjectCredsOnly=false -Dweblogic.security.enableNegotiate=true ${EXTRA_JAVA_PROPERTIES}" export EXTRA_JAVA_PROPERTIES fi # For Example: if [ "${SERVER_NAME}" = "EMGC_OMS1" ] ; then EXTRA_JAVA_PROPERTIES="-Djava.security.krb5.realm=DEMO.COM -Djava.security.krb5.kdc=adserver.demo.com -Djava.security.auth.login.config=/u00/app/oracle/product/gc_inst_13cR1/user_projects/domains/GCDomain/krb5Login.conf -Djavax.security.auth.useSubjectCredsOnly=false -Dweblogic.security.enableNegotiate=true ${EXTRA_JAVA_PROPERTIES}" export EXTRA_JAVA_PROPERTIES fi
5. Configure Single Sign On within OMS
The next step is to create an external role within OMS, this external role must be named exactly the same as your corresponding AD Group for the OMS Usersemcli create_role -name="oracle_dba" -type="EXTERNAL_ROLE" -desc="Active Directory Group for oracle_dba"
Now configure the SSO for the OMS
emctl set property -name oracle.sysman.core.security.sso.type -value "OTHER" emctl set property -name oracle.sysman.core.security.auth.is_external_authentication_enabled -value "true" emctl set property -name oracle.sysman.emSDK.sec.DirectoryAuthenticationType -value "SSO" emctl set property -name oracle.sysman.core.security.auth.autoprovisioning -value "true"
After that perform a restart of your OMS:
emctl stop oms -all emctl start oms
Now, when you are connecting the first time to the Cloud Control 13c and logging in with your AD-User, there will be automatically created the SSO User within your Cloud Control 13c and you can connect with your AD-User and corresponding AD-Password.