Upgrade JDK Used by Oracle WebLogic Server 11g

There may be multiple ways for achieving this, in this post I will be upgrading by installing new JDK home directory and replacing all the JAVA_HOME references from weblogic scripts to new JDK directory.

In this post I will upgrade JDK 1.7 Update 40 used by Weblogic server to JDK 1.7 Update 171

Check existing JDK version, for me its installed in /usr/java/jdk1.7.0_40

[oracle@oel1]$ /usr/java/jdk1.7.0_40/bin/java -fullversion

java full version “1.7.0_40-b43”

Download and unzip JDK 1.7 Update 171 : Patch 27334355

[oracle@oel1]$  mkdir /u01/java
[oracle@oel1]$  unzip p27334355_170171_Linux-x86-64.zip
[oracle@oel1]$ tar -xvf jdk-7u171-linux-x64.tar.gz
[oracle@oel1]$ /u01/java/jdk1.7.0_171/bin/java –fullversion

java full version “1.7.0_171-b31”

Stop all FMW processes from the current FMW home

Find all the files required change of JAVA_HOME (where /usr/java/jdk1.7.0_40 is my existing JAVA_HOME)

[oracle@oel1]$ cd $MW_HOME

[oracle@oel1]$ find . -type f -name “*.sh” -exec grep -il /usr/java/jdk1.7.0_40 {} \;
./utils/quickstart/quickstart.sh
./utils/bsu/bsu.sh
./utils/uninstall/uninstall.sh
./user_projects/domains/IDMDomain/bin/setDomainEnv.sh
./wlserver_10.3/common/bin/commEnv.sh

[oracle@oel1]$ find . -type f -name “*.properties” -exec grep -il /usr/java/jdk1.7.0_40 {} \;
./wlserver_10.3/.product.properties
./wlserver_10.3/common/nodemanager/nodemanager.properties
./coherence_3.7/.product.properties

Back up all above files and edit/replace the JAVA_HOME from old to new directory i.e from /usr/java/jdk1.7.0_40 to /u01/java/jdk1.7.0_171

In the case that you are using WLS 10.3.6 and the targetJDK is using a certified version of JAVA 7 (version 1.7.0_x) , you will need to copy manually some jar files:

[oracle@oel1]$ cd /u01/java/jdk1.7.0_171/jre/lib
[oracle@oel1]$ mkdir endorsed
[oracle@oel1]$ cd endorsed
[oracle@oel1]$ cp $MW_HOME/modules/javax.annotation_1.0.0.0_1-0.jar .
[oracle@oel1]$ cp $MW_HOME/modules/javax.xml.bind_2.1.1.jar .
[oracle@oel1]$ cp $MW_HOME/modules/javax.xml.ws_2.1.1.jar .

Start the processes

Advertisements

How to Indent XML String in Java (Pretty)

Victor Jabur's Blog

Hello Guys,

This is a cool way to prettify your XML (String format) in Java Language:

View original post

Avoid password prompt when using startComponent.sh–12c

With 12c release, identity management components like OID, OUD, OHS when installed and configured in collocated mode are started using startComponent.sh and stoped using stopComponent.sh scripts located in $DOMAIN_HOME/bin

However, when starting or stopping script prompts for node manager password.

image

Above prompt can be avoided by adding storeUserConfig option. This stores the password.

[oracle@oel1 bin]$ ./startComponent.sh oid1 storeUserConfig

image

Once the password is stored, you can execute start or stop without password prompt.

[oracle@oel1 bin]$ ./stopComponent.sh oid1
[oracle@oel1 bin]$ ./startComponent.sh oid1

image

Oracle Unified Directory 12c 12.2.1.3 (as Directory Server)

Oracle Unified Directory as a directory server, the server acts as an LDAP directory server that contains directory data.

In this post I will be configuring OUD and OUDSM in single domain (Collocated Mode)

Directory Structure
Refer below post section “Directory Structure”
https://oraidam.wordpress.com/2018/03/08/oracle-internet-directory-12c-12-2-1-3-in-collocated-mode/

Install Infrastructure 12c
Refer below post section “Install Infrastructure 12c”
https://oraidam.wordpress.com/2018/03/08/oracle-internet-directory-12c-12-2-1-3-in-collocated-mode/

Install Oracle Unified Directory 12c

Set Variables

[oracle@oel1 OUD12c]$ export JAVA_HOME=/u02/java/jdk1.8.0_141
[oracle@oel1 OUD12c]$ export PATH=$JAVA_HOME/bin:$PATH

[oracle@oel1 OUD12c]$ unzip fmw_12.2.1.3.0_oud_Disk1_1of1.zip
[oracle@oel1 OUD12c]$ java -jar fmw_12.2.1.3.0_oud.jar

Navigate through installation screens clicking Next, select or browse to correct Oracle Home on Installation Location screen.
image
image
image
image

Configure OUD Domain
You can either create new or extend existing domain.
Note: If creating new domain you must first create schemas for domain. Run rcu from $ORACLE_HOME/oracle_common/bin/rcu and select “Oracle Platform Security Services” schema (all dependent components will be automatically selected) and proceed with other screens for schema creation.

In this post I am going to extend existing domain which I created earlier in below post
https://oraidam.wordpress.com/2018/03/08/oracle-internet-directory-12c-12-2-1-3-in-collocated-mode/

[oracle@oel1 OUD12c]$ cd /u01/oracle/product/Oracle_Home/oracle_common/common/bin/
[oracle@oel1 bin]$ ./config.sh

image
Select the following templates:
• Oracle Unified Directory – 12.2.1.3.0 [oud]
• Oracle Unified Directory Services Manager – 12.2.1.3.0 [oud]
When you select OUDSM, Oracle JRF – 12.2.1.3.0 [oracle_common] is automatically selected.
image
image
image
XWin_MobaX_2018-03-14_11-13-47
image
image
image
image
image
image
image
imageXWin_MobaX_2018-03-14_10-59-23XWin_MobaX_2018-03-14_11-04-31XWin_MobaX_2018-03-14_11-16-31XWin_MobaX_2018-03-14_11-17-07XWin_MobaX_2018-03-14_11-17-27

Setting up Directory Server

[oracle@oel1 Oracle_Home]$ cd /u01/oracle/product/Oracle_Home/oud
[oracle@oel1 oud]$ ./oud-setup

image
image
image
image
image
image
image
Note: Allocate memory as per your requirement
image
image

Start Servers

OUD server will be automatically started if you select check box “Start server when configuration has completed” in directory setup.

If you want to start OUD from startComponent.sh script in domain, follow below

[oracle@oel1 bin]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/system_components/OUD/oud1/bin
[oracle@oel1 bin]$ ./stop-ds

[oracle@oel1 lib]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/bin/
[oracle@oel1 bin]$ nohup ./startWebLogic.sh &
[oracle@oel1 bin]$ nohup ./startNodeManager.sh &
[oracle@oel1 bin]$ ./startComponent.sh oud1

image

OUDSM: http://oel1.mylab.com:7001/oudsm
image
There will a prompt to accept the certificate, accept it.
image

SOA Suite 12c – Gmail as mail provider

Get the certificate for smtp.gmail.com

openssl s_client -connect smtp.gmail.com:465 | sed -n ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’

MobaXterm_Personal_10.5_2018-03-15_12-17-33

Copy the above highlighted into a text file.

Login to Enterprise Manager, got o keystore
firefox_2018-03-15_12-21-13
Select trust under system and click manage
firefox_2018-03-15_12-22-04
Click on import
firefox_2018-03-15_12-23-01
Enter the details as below, paste the earlier copied certificate text and click ok.
firefox_2018-03-15_12-25-47firefox_2018-03-15_12-26-33

Edit Set Domain Environment Script
Modifying the $DOMAIN_HOME/bin/setDomainEnv.sh script, remove the following from EXTRA_JAVA_PROPERTIES
-Djavax.net.ssl.trustStore=${WL_HOME}/server/lib/DemoTrust.jks

Below is edited EXTRA_JAVA_PROPERTIES

EXTRA_JAVA_PROPERTIES=”${EXTRA_JAVA_PROPERTIES} -Dsoa.archives.dir=${SOA_ORACLE_HOME}/soa -Dsoa.oracle.home=${SOA_ORACLE_HOME} -Dsoa.instance.home=${DOMAIN_HOME} -Dtangosol.coherence.log=jdk -Djavax.xml.soap.MessageFactory=oracle.j2ee.ws.saaj.soap.MessageFactoryImpl -Dweblogic.transaction.blocking.commit=true -Dweblogic.transaction.blocking.rollback=true -Doracle.xml.schema/Ignore_Duplicate_Components=true -Doracle.xdkjava.compatibility.version=11.1.1 -Doracle.soa.compatibility.version=11.1.1 -Ddisable-implicit-bean-discovery=true”
export EXTRA_JAVA_PROPERTIES

Restart WebLogic servers.

Configure UMS mail driver
Login to Enterprise Manager, got
firefox_2018-03-15_12-40-41
firefox_2018-03-15_12-41-09
firefox_2018-03-15_12-41-37
firefox_2018-03-15_12-44-24
Specify sender email. (Format “EMAIL:sender@example.com”)firefox_2018-03-15_12-51-29
firefox_2018-03-15_12-50-29
firefox_2018-03-15_14-45-32firefox_2018-03-15_14-46-21
You can also verify from SOA server log
image

Set workflow properties
firefox_2018-03-15_14-47-01
firefox_2018-03-15_14-47-42

Test
firefox_2018-03-15_14-50-25
firefox_2018-03-15_14-50-55
firefox_2018-03-15_14-51-37
You can verify SOA server log
image
Check mailbox
image

Oracle Identity Manager 12c 12.2.1.3 in collocated mode

To install OIM in collocated mode, we must first install Oracle Fusion Middleware Infrastructure 12c followed by Oracle identity Manager 12c. Infrastructure and and OIM must be installed in same Oracle Home.

Directory Structure

[oracle@oel1 /]$ cd /u02/
[oracle@oel1 u02]$ mkdir -p oracle/product/Oracle_Home
[oracle@oel1 u02]$ mkdir -p oracle/config/Domain_Home
[oracle@oel1 u02]$ mkdir -p oracle/config/Application_Home

[oracle@oel1 u02]$ tree oracle/
oracle/
├── config
│   ├── Application_Home
│   └── Domain_Home
└── product
     └── Oracle_Home

Install Infrastructure 12c
Refer below post section “Install Infrastructure 12c”
https://oraidam.wordpress.com/2018/03/10/oracle-access-manager-12c-12-2-1-3-in-collocated-mode/

Install Oracle Identity Manager 12c
Refer below post section “Install Oracle Access Manager 12c”
https://oraidam.wordpress.com/2018/03/10/oracle-access-manager-12c-12-2-1-3-in-collocated-mode/

Install SOA 12c

[oracle@oel1 SOA12c]$ java -jar fmw_12.2.1.3.0_soa_quickstart.jar

Navigate through installation screens clicking Next, select or browse to correct Oracle Home on Installation Location screen.image
image
image

Verify Memory Settings

Edit /etc/security/limits.conf

#OIM Memory Settings
oracle soft nofile 32767
oracle hard nofile 327679

Ensure that you set UsePAM to Yes in the /etc/ssh/sshd_config file.

Note: Before you start the Oracle Identity Governance 12c Server, post configuration, run the following command to increase the limit of open files, so that you do not run into memory issues: limit maxproc 16384

Oracle Database 12c Pre requisite

The following packages must be installed as SYS user on Oracle databases prior to creating Oracle Identity Management schemas:
DBMS_SHARED_POOL
XAVIEWS

To create the above packages, run the below SQL files from the $ORACLE_HOME/rdbms/admin directory as the SYS user for the connected database (regular or PDB).
dbmspool.sql
prvtpool.plb
xaview.sql

[oracle@oel1 ~]$ cd /u01/app/oracle/product/12.1.0.2/db_1/rdbms/admin/
[oracle@oel1 admin]$ sqlplus
SQL> conn sys@pdb as sysdba

SQL> @/u01/app/oracle/product/12.1.0.2/db_1/rdbms/admin/dbmspool.sql
SQL> @/u01/app/oracle/product/12.1.0.2/db_1/rdbms/admin/prvtpool.plb
SQL> @/u01/app/oracle/product/12.1.0.2/db_1/rdbms/admin/xaview.sql

Note:
For Database12c CDB config: execute xaview.sql from PDB SYS user
For Database12c NON-CDB config: execute xaview.sql from CDB SYS user

Create Schemas

[oracle@oel1 Oracle_Home]$ cd /u02/oracle/product/Oracle_Home/oracle_common/bin/
[oracle@oel1 bin]$ ./rcu

image
image
select the Oracle Identity Governance schema. This action automatically selects the following schemas as dependencies:
• User Messaging Service (UMS)
• Metadata Services (MDS)
• Oracle Platform Security Services (OPSS)
• Audit Services (IAU)
• Audit Services Append (IAU_Append)
• Audit Services Viewer (IAU_Viewer)
• WebLogic Services (WLS)
• Common Infrastructure Services (STB)
• SOA Infrastructure (SOAINFRA)
image
image
image
image
image
image

Configure Oracle Identity Governance Domain

[oracle@oel1 bin]$ cd /u02/oracle/product/Oracle_Home/oracle_common/common/bin/
[oracle@oel1 bin]$ ./config.sh

image
select the Oracle Identity Manager — 12.2.1.3.0 [idm] template, along with the following dependencies:
• Basic WebLogic Server Domain
• Oracle SOA Suite — 12.2.1.3.0
• Oracle Enterprise Manager — 12.2.1.3.0 [em]
• Oracle WSM Policy Manager — 12.2.1.3 [oracle_common]
• Oracle JRF — 12.2.1.3.0 [oracle_common]
• WebLogic Coherence Cluster Extension — 12.2.1.3.0
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image

Post Configuration
After you configure the Oracle Identity Governance domain, run the offlineConfigManager script to perform post configuration tasks.

Set the following environment variables to the right values:

[oracle@oel1 bin]$ export JAVA_HOME=/u02/java/jdk1.8.0_141
[oracle@oel1 bin]$ export DOMAIN_HOME=/u02/oracle/config/Domain_Home/OIG_Domain

Ensure that you have execute permissions for the file OIM_HOME/server/bin/ offlineConfigManager.sh

[oracle@oel1 bin]$ ls -alrt | grep offlineConfigManager
-rw-r—–.  1 oracle oracle  3739 Aug 21  2017 offlineConfigManager.sh
-rw-r—–.  1 oracle oracle  2569 Aug 21  2017 offlineConfigManager.bat
[oracle@oel1 bin]$ chmod +x offlineConfigManager.sh
[oracle@oel1 bin]$ ls -alrt | grep offlineConfigManager
-rwxr-x–x.  1 oracle oracle  3739 Aug 21  2017 offlineConfigManager.sh
-rw-r—–.  1 oracle oracle  2569 Aug 21  2017 offlineConfigManager.bat
[oracle@oel1 bin]$

Execute

[oracle@oel1 bin]$ ./offlineConfigManager.sh

Start Server

[oracle@oel1 bin]$ cd /u02/oracle/config/Domain_Home/OIG_Domain/bin
[oracle@oel1 bin]$ nohup ./startNodeManager.sh &
[oracle@oel1 bin]$ nohup ./startWebLogic.sh &

Start Managed servers from Weblogic Console: http://oel1.mylab.com:7021/console
image

Integrate Oracle Identity Governance with SOA
Go to enterprise manager
http://oel1.mylab.com:7021/em

firefox_2018-03-13_15-55-52
In the search box, enter OIMSOAIntegrationMBean, and click Search
firefox_2018-03-13_15-56-53
Go to the Operations tab of mbean, and select integrateWithSOAServer.
firefox_2018-03-13_15-58-02
Enter the required attributes and click Invoke.
XWin_MobaX_2018-03-13_16-06-46

Consoles
Identity Console: http://oel1.mylab.com:14000
XWin_MobaX_2018-03-13_16-08-08

Sysadmin Console: http://oel1.mylab.com:14000/sysadmin/
XWin_MobaX_2018-03-13_16-09-15

Troubleshoot:
If you face below error while creating schemas

ERROR – RCU-6107 The database initialization parameter prerequisite check failed.
CAUSE – RCU-6107 The database initialization parameter prerequisite check failed for open_cursors.
Current Value is 500. It should be greater than or equal to 800.

Check with DB Team to set the processes and open_cursors to 500 at database and restart

SQL> alter system set open_cursors=800 scope=spfile;

Oracle Access Management WebGate on OHS 12c

Pre- Requisite:
– OAM 12c installed and configured : https://oraidam.wordpress.com/2018/03/10/oracle-access-manager-12c-12-2-1-3-in-collocated-mode/
– OHS 12c installed and configured : https://oraidam.wordpress.com/2018/03/10/oracle-http-server-12c-12-2-1-3-in-collocated-mode/

Configure WebGate on OHS 12c

[oracle@oel1 deployWebGate]$ cd /u01/oracle/product/Oracle_Home/webgate/ohs/tools/deployWebGate

[oracle@oel1 deployWebGate]$ ./deployWebGateInstance.sh -w /u01/oracle/config/Domain_Home/ODS_Domain/config/fmwconfig/components/OHS/ohs1 -oh /u01/oracle/product/Oracle_Home

image

Verify webgate directory

[oracle@oel1 deployWebGate]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/config/fmwconfig/components/OHS/ohs1
[oracle@oel1 ohs1]$ ll

image

Edit HTTP conf file

[oracle@oel1 InstallTools]$ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/u01/oracle/product/Oracle_Home/lib

[oracle@oel1 InstallTools]$ cd /u01/oracle/product/Oracle_Home/webgate/ohs/tools/setup/InstallTools/

[oracle@oel1 InstallTools]$ ./EditHttpConf -w /u01/oracle/config/Domain_Home/ODS_Domain/config/fmwconfig/components/OHS/ohs1 -oh /u01/oracle/product/Oracle_Home

image

Register the WebGate with OAM

Login to OAM console
http://oel1.mylab.com:7011/oamconsole

Click on SSO Agent Registration

XWin_MobaX_2018-03-06_15-12-08
Specify Agent Type as Webgate and click Next.
Fill in the details for webgate as shown below
image
Click Finish.
Then click on download and save the file.
XWin_MobaX_2018-03-06_15-15-51

Copy the zip file to ohs_instance/webgate/config and unzip

[oracle@oel1 Downloads]$ cp OHS12c_WebGate.zip /u01/oracle/config/Domain_Home/ODS_Domain/config/fmwconfig/components/OHS/ohs1/webgate/config/
[oracle@oel1 Downloads]$ unzip OHS12c_WebGate.zip

Restart Servers

[oracle@oel1 Downloads]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/bin/
[oracle@oel1 bin]$ ./stopComponent.sh ohs1
[oracle@oel1 bin]$ ./stopManagedWebLogic.sh oam_policy_mgr1
[oracle@oel1 bin]$ ./stopManagedWebLogic.sh oam_server1
[oracle@oel1 bin]$ ./stopWeblogic.sh

[oracle@oel1 bin]$ ./startWeblogic.sh
[oracle@oel1 bin]$ ./startManagedWebLogic.sh oam_server1
[oracle@oel1 bin]$ ./startManagedWebLogic.sh oam_policy_mgr1
[oracle@oel1 bin]$ ./startComponent.sh ohs1

Test
Access OHS : http://oel1.mylab.com:7777
User will be redirected to OAM login page

XWin_MobaX_2018-03-06_15-59-05XWin_MobaX_2018-03-06_15-59-31