Creating your first OAM 11g R2 domain

So you downloaded the Identity Management R2 release bits, spun up your little test environment and created a WebLogic domain. But the first time you sign in you get the error message “The policy store is not available; please see the log file for more details.” in a pop up.

 

like this:
Screen Shot

 

The logs aren’t particularly helpful:

####<Sep 13, 2012 6:19:42 PM EDT> <Error> <oracle.oam.engine.policy> <iamr2.oracleateam.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <e3b75e49ebb52881:-4d179e40:139c1939ab6:-8000-00000000000005a3> <1347574782661> <BEA-000000> The policy store is not available; please see the log file for more details.
oracle.security.am.common.policy.admin.store.PolicyStoreException: OAMSSA-06252: The policy store is not available; please see the log file for more details.
        at oracle.security.am.common.policy.util.OESUtils.checkAndThrowException(OESUtils.java:630)
        at oracle.security.am.common.policy.util.ResourceTypeHelper.setupHostIdentifierResourceType(ResourceTypeHelper.java:438)
        at oracle.security.am.common.policy.admin.provider.oes.DefaultApplicationDomain.createHostIdentifierPolicy(DefaultApplicationDomain.java:118)
        at oracle.security.am.common.policy.admin.provider.oes.DefaultApplicationDomain.&lt;init&gt;(DefaultApplicationDomain.java:93)
        at oracle.security.am.common.policy.admin.provider.oes.DefaultApplicationDomain.getGlobalDefault(DefaultApplicationDomain.java:461)
        at oracle.security.am.common.policy.admin.provider.oes.ApplicationManager.setupGlobalDefaultAppDomain(ApplicationManager.java:112)
        at oracle.security.am.common.policy.admin.provider.oes.ApplicationManager.&lt;init&gt;(ApplicationManager.java:61)
        at oracle.security.am.common.policy.admin.provider.oes.ApplicationManager.getApplicationManager(ApplicationManager.java:125)
        at oracle.security.am.common.policy.util.OESSetupHelper.loadOAMApplicationManager(OESSetupHelper.java:340)
        at oracle.security.am.common.policy.util.OESSetupHelper.loadOAMApplicationPolicies(OESSetupHelper.java:166)
        at oracle.security.am.common.policy.util.OESSetupHelper.loadApplicationPolicies(OESSetupHelper.java:154)
        at oracle.security.am.common.policy.admin.provider.oes.proxy.OESAdminProxy.init(OESAdminProxy.java:84)
        at oracle.security.am.common.policy.admin.provider.oes.OESPolicyAdminProvider.init(OESPolicyAdminProvider.java:130)
        at oracle.security.am.common.policy.admin.PolicyAdminFactory.getProvider(PolicyAdminFactory.java:241)
        at oracle.security.am.common.policy.admin.PolicyAdminFactory.init(PolicyAdminFactory.java:166)
        at oracle.security.am.common.policy.admin.PolicyAdminFactory.getPolicyAdmin(PolicyAdminFactory.java:334)
...

And in the -diagnostic log:

[2012-09-13T18:19:42.364-04:00] [AdminServer] [NOTIFICATION] [] [oracle.adfdt.model.mds.MDSApplicationService] [tid: [ACTIVE].ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: e3b75e49ebb52881:-4d179e40:139c1939ab6:-8000-00000000000005a3,0] [APP: oam_admin#11.1.2.0.0] [[
oracle.mds.exception.ReadOnlyStoreException: MDS-01273: The operation on the resource /oracle/oam/ui/adfm/DataBindings.cpx failed because source metadata store mapped to the namespace / DEFAULT is read only.
        at oracle.mds.core.MDSSession.checkAndSetWriteStoreInUse(MDSSession.java:2495)
        at oracle.mds.core.MDSSession.checkAndSetWriteStoreInUse(MDSSession.java:2548)
        at oracle.mds.core.MDSSession.getMutableMO(MDSSession.java:3493)
        at oracle.mds.core.MDSSession.getMutableMO(MDSSession.java:1660)
        at oracle.mds.core.MDSSession.getMutableMO(MDSSession.java:1546)
        at oracle.adfdt.model.mds.MDSApplicationService.findApplication(MDSApplicationService.java:57)
        at oracle.adfdt.model.mds.MDSModelDesignTimeContext.initServices(MDSModelDesignTimeContext.java:232)
        at oracle.adfdt.model.mds.MDSModelDesignTimeContext.&lt;init&gt;(MDSModelDesignTimeContext.java:82)
        at oracle.adfdt.mds.MDSDesignTimeContext.&lt;init&gt;(MDSDesignTimeContext.java:66)
        at oracle.adfinternal.view.page.editor.Page.getDesignTimeBindingContainer(Page.java:596)
        at oracle.adfinternal.view.page.editor.contextual.event.ContextualModelManager.getBindingContainerForView(ContextualModelManager.java:209)
        at oracle.adfinternal.view.page.editor.contextual.event.ContextualModelManager.getCurrentContextualResolver(ContextualModelManager.java:131)
        at oracle.adfinternal.view.page.editor.bean.ContextualWiringBean.getResolver(ContextualWiringBean.java:625)
        at oracle.adfinternal.view.page.editor.bean.ContextualWiringBean.clearSelection(ContextualWiringBean.java:594)
        at oracle.adfinternal.view.page.editor.bean.ContextualWiringBean.handlePageNavigation(ContextualWiringBean.java:130)
        at oracle.adfinternal.view.page.editor.contextual.event.EventHandler.processNavigation(EventHandler.java:92)
...

What did you do wrong?!
If you’re seeing this it means you’re just like me and you didn’t bother to read the Installation Guide.
In R2 there’s a tiny little extra step you need to do after creating the domain and before starting the AdminServer.

 

Basically it amounts to this:

$MW_HOME/oracle_common/common/bin/wlst.sh  \
    $ORACLE_HOME/common/tools/configureSecurityStore.py \
    -d $IAM_DOMAIN_LOCATION \
    -m create \
    -c IAM \
    -p $ORA_PASS

$MW_HOME/oracle_common/common/bin/wlst.sh  \
    $ORACLE_HOME/common/tools/configureSecurityStore.py \
    -d $IAM_DOMAIN_LOCATION \
    -m validate

Where

  • $MW_HOME is where you put the Middleware home (e.g. ~/Oracle/Middleware)
  • $ORACLE_HOME is the Oracle IAM home (e.g. ~/Oracle/Middleware/Oracle_IAM1)
  • $IAM_DOMAIN_LOCATION is the domain home (e.g. ~/Oracle/Middleware/user_projects/domains/OAMDomain)
  • $ORA_PASS is the password needed to talk to the database

 

It’s easy enough to recover if you didn’t take a snapshot in VirtualBox. Just stop the AdminServer and oam_server1, recreate the domain, rerun the RCU to drop and recreate the OAM schema. Then run the wlst commands above before you start it again.

 

I think you might actually be able to get away without recreating the domain but I haven’t tried it myself.

Add Your Comment