X

Best Practices from Oracle Development's A‑Team

Creating your first OAM 11g R2 domain

So you downloaded the Identity Management R2 release bits, spun up your little test environment and created a WebLogic domain. But the first time you sign in you get the error message "The policy store is not available; please see the log file for more details." in a pop up.

 

like this:
Screen Shot

 

The logs aren't particularly helpful:

####<Sep 13, 2012 6:19:42 PM EDT> <Error> <oracle.oam.engine.policy> <iamr2.oracleateam.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <e3b75e49ebb52881:-4d179e40:139c1939ab6:-8000-00000000000005a3> <1347574782661> <BEA-000000> The policy store is not available; please see the log file for more details. oracle.security.am.common.policy.admin.store.PolicyStoreException: OAMSSA-06252: The policy store is not available; please see the log file for more details.         at oracle.security.am.common.policy.util.OESUtils.checkAndThrowException(OESUtils.java:630)         at oracle.security.am.common.policy.util.ResourceTypeHelper.setupHostIdentifierResourceType(ResourceTypeHelper.java:438)         at oracle.security.am.common.policy.admin.provider.oes.DefaultApplicationDomain.createHostIdentifierPolicy(DefaultApplicationDomain.java:118)         at oracle.security.am.common.policy.admin.provider.oes.DefaultApplicationDomain.&lt;init&gt;(DefaultApplicationDomain.java:93)         at oracle.security.am.common.policy.admin.provider.oes.DefaultApplicationDomain.getGlobalDefault(DefaultApplicationDomain.java:461)         at oracle.security.am.common.policy.admin.provider.oes.ApplicationManager.setupGlobalDefaultAppDomain(ApplicationManager.java:112)         at oracle.security.am.common.policy.admin.provider.oes.ApplicationManager.&lt;init&gt;(ApplicationManager.java:61)         at oracle.security.am.common.policy.admin.provider.oes.ApplicationManager.getApplicationManager(ApplicationManager.java:125)         at oracle.security.am.common.policy.util.OESSetupHelper.loadOAMApplicationManager(OESSetupHelper.java:340)         at oracle.security.am.common.policy.util.OESSetupHelper.loadOAMApplicationPolicies(OESSetupHelper.java:166)         at oracle.security.am.common.policy.util.OESSetupHelper.loadApplicationPolicies(OESSetupHelper.java:154)         at oracle.security.am.common.policy.admin.provider.oes.proxy.OESAdminProxy.init(OESAdminProxy.java:84)         at oracle.security.am.common.policy.admin.provider.oes.OESPolicyAdminProvider.init(OESPolicyAdminProvider.java:130)         at oracle.security.am.common.policy.admin.PolicyAdminFactory.getProvider(PolicyAdminFactory.java:241)         at oracle.security.am.common.policy.admin.PolicyAdminFactory.init(PolicyAdminFactory.java:166)         at oracle.security.am.common.policy.admin.PolicyAdminFactory.getPolicyAdmin(PolicyAdminFactory.java:334) ...

And in the -diagnostic log:

[2012-09-13T18:19:42.364-04:00] [AdminServer] [NOTIFICATION] [] [oracle.adfdt.model.mds.MDSApplicationService] [tid: [ACTIVE].ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: e3b75e49ebb52881:-4d179e40:139c1939ab6:-8000-00000000000005a3,0] [APP: oam_admin#11.1.2.0.0] [[ oracle.mds.exception.ReadOnlyStoreException: MDS-01273: The operation on the resource /oracle/oam/ui/adfm/DataBindings.cpx failed because source metadata store mapped to the namespace / DEFAULT is read only.         at oracle.mds.core.MDSSession.checkAndSetWriteStoreInUse(MDSSession.java:2495)         at oracle.mds.core.MDSSession.checkAndSetWriteStoreInUse(MDSSession.java:2548)         at oracle.mds.core.MDSSession.getMutableMO(MDSSession.java:3493)         at oracle.mds.core.MDSSession.getMutableMO(MDSSession.java:1660)         at oracle.mds.core.MDSSession.getMutableMO(MDSSession.java:1546)         at oracle.adfdt.model.mds.MDSApplicationService.findApplication(MDSApplicationService.java:57)         at oracle.adfdt.model.mds.MDSModelDesignTimeContext.initServices(MDSModelDesignTimeContext.java:232)         at oracle.adfdt.model.mds.MDSModelDesignTimeContext.&lt;init&gt;(MDSModelDesignTimeContext.java:82)         at oracle.adfdt.mds.MDSDesignTimeContext.&lt;init&gt;(MDSDesignTimeContext.java:66)         at oracle.adfinternal.view.page.editor.Page.getDesignTimeBindingContainer(Page.java:596)         at oracle.adfinternal.view.page.editor.contextual.event.ContextualModelManager.getBindingContainerForView(ContextualModelManager.java:209)         at oracle.adfinternal.view.page.editor.contextual.event.ContextualModelManager.getCurrentContextualResolver(ContextualModelManager.java:131)         at oracle.adfinternal.view.page.editor.bean.ContextualWiringBean.getResolver(ContextualWiringBean.java:625)         at oracle.adfinternal.view.page.editor.bean.ContextualWiringBean.clearSelection(ContextualWiringBean.java:594)         at oracle.adfinternal.view.page.editor.bean.ContextualWiringBean.handlePageNavigation(ContextualWiringBean.java:130)         at oracle.adfinternal.view.page.editor.contextual.event.EventHandler.processNavigation(EventHandler.java:92) ...

What did you do wrong?!
If you're seeing this it means you're just like me and you didn't bother to read the Installation Guide.
In R2 there's a tiny little extra step you need to do after creating the domain and before starting the AdminServer.

 

Basically it amounts to this:

$MW_HOME/oracle_common/common/bin/wlst.sh  \     $ORACLE_HOME/common/tools/configureSecurityStore.py \     -d $IAM_DOMAIN_LOCATION \     -m create \     -c IAM \     -p $ORA_PASS $MW_HOME/oracle_common/common/bin/wlst.sh  \     $ORACLE_HOME/common/tools/configureSecurityStore.py \     -d $IAM_DOMAIN_LOCATION \     -m validate

Where

  • $MW_HOME is where you put the Middleware home (e.g. ~/Oracle/Middleware)
  • $ORACLE_HOME is the Oracle IAM home (e.g. ~/Oracle/Middleware/Oracle_IAM1)
  • $IAM_DOMAIN_LOCATION is the domain home (e.g. ~/Oracle/Middleware/user_projects/domains/OAMDomain)
  • $ORA_PASS is the password needed to talk to the database

 

It's easy enough to recover if you didn't take a snapshot in VirtualBox. Just stop the AdminServer and oam_server1, recreate the domain, rerun the RCU to drop and recreate the OAM schema. Then run the wlst commands above before you start it again.

 

I think you might actually be able to get away without recreating the domain but I haven't tried it myself.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha