So you downloaded the Identity Management R2 release bits, spun up your little test environment and created a WebLogic domain. But the first time you sign in you get the error message “The policy store is not available; please see the log file for more details.” in a pop up.
like this:
The logs aren’t particularly helpful:
####<Sep 13, 2012 6:19:42 PM EDT> <Error> <oracle.oam.engine.policy> <iamr2.oracleateam.com> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <e3b75e49ebb52881:-4d179e40:139c1939ab6:-8000-00000000000005a3> <1347574782661> <BEA-000000> The policy store is not available; please see the log file for more details.
oracle.security.am.common.policy.admin.store.PolicyStoreException: OAMSSA-06252: The policy store is not available; please see the log file for more details.
at oracle.security.am.common.policy.util.OESUtils.checkAndThrowException(OESUtils.java:630)
at oracle.security.am.common.policy.util.ResourceTypeHelper.setupHostIdentifierResourceType(ResourceTypeHelper.java:438)
at oracle.security.am.common.policy.admin.provider.oes.DefaultApplicationDomain.createHostIdentifierPolicy(DefaultApplicationDomain.java:118)
at oracle.security.am.common.policy.admin.provider.oes.DefaultApplicationDomain.<init>(DefaultApplicationDomain.java:93)
at oracle.security.am.common.policy.admin.provider.oes.DefaultApplicationDomain.getGlobalDefault(DefaultApplicationDomain.java:461)
at oracle.security.am.common.policy.admin.provider.oes.ApplicationManager.setupGlobalDefaultAppDomain(ApplicationManager.java:112)
at oracle.security.am.common.policy.admin.provider.oes.ApplicationManager.<init>(ApplicationManager.java:61)
at oracle.security.am.common.policy.admin.provider.oes.ApplicationManager.getApplicationManager(ApplicationManager.java:125)
at oracle.security.am.common.policy.util.OESSetupHelper.loadOAMApplicationManager(OESSetupHelper.java:340)
at oracle.security.am.common.policy.util.OESSetupHelper.loadOAMApplicationPolicies(OESSetupHelper.java:166)
at oracle.security.am.common.policy.util.OESSetupHelper.loadApplicationPolicies(OESSetupHelper.java:154)
at oracle.security.am.common.policy.admin.provider.oes.proxy.OESAdminProxy.init(OESAdminProxy.java:84)
at oracle.security.am.common.policy.admin.provider.oes.OESPolicyAdminProvider.init(OESPolicyAdminProvider.java:130)
at oracle.security.am.common.policy.admin.PolicyAdminFactory.getProvider(PolicyAdminFactory.java:241)
at oracle.security.am.common.policy.admin.PolicyAdminFactory.init(PolicyAdminFactory.java:166)
at oracle.security.am.common.policy.admin.PolicyAdminFactory.getPolicyAdmin(PolicyAdminFactory.java:334)
...
And in the -diagnostic log:
[2012-09-13T18:19:42.364-04:00] [AdminServer] [NOTIFICATION] [] [oracle.adfdt.model.mds.MDSApplicationService] [tid: [ACTIVE].ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: e3b75e49ebb52881:-4d179e40:139c1939ab6:-8000-00000000000005a3,0] [APP: oam_admin#11.1.2.0.0] [[
oracle.mds.exception.ReadOnlyStoreException: MDS-01273: The operation on the resource /oracle/oam/ui/adfm/DataBindings.cpx failed because source metadata store mapped to the namespace / DEFAULT is read only.
at oracle.mds.core.MDSSession.checkAndSetWriteStoreInUse(MDSSession.java:2495)
at oracle.mds.core.MDSSession.checkAndSetWriteStoreInUse(MDSSession.java:2548)
at oracle.mds.core.MDSSession.getMutableMO(MDSSession.java:3493)
at oracle.mds.core.MDSSession.getMutableMO(MDSSession.java:1660)
at oracle.mds.core.MDSSession.getMutableMO(MDSSession.java:1546)
at oracle.adfdt.model.mds.MDSApplicationService.findApplication(MDSApplicationService.java:57)
at oracle.adfdt.model.mds.MDSModelDesignTimeContext.initServices(MDSModelDesignTimeContext.java:232)
at oracle.adfdt.model.mds.MDSModelDesignTimeContext.<init>(MDSModelDesignTimeContext.java:82)
at oracle.adfdt.mds.MDSDesignTimeContext.<init>(MDSDesignTimeContext.java:66)
at oracle.adfinternal.view.page.editor.Page.getDesignTimeBindingContainer(Page.java:596)
at oracle.adfinternal.view.page.editor.contextual.event.ContextualModelManager.getBindingContainerForView(ContextualModelManager.java:209)
at oracle.adfinternal.view.page.editor.contextual.event.ContextualModelManager.getCurrentContextualResolver(ContextualModelManager.java:131)
at oracle.adfinternal.view.page.editor.bean.ContextualWiringBean.getResolver(ContextualWiringBean.java:625)
at oracle.adfinternal.view.page.editor.bean.ContextualWiringBean.clearSelection(ContextualWiringBean.java:594)
at oracle.adfinternal.view.page.editor.bean.ContextualWiringBean.handlePageNavigation(ContextualWiringBean.java:130)
at oracle.adfinternal.view.page.editor.contextual.event.EventHandler.processNavigation(EventHandler.java:92)
...
What did you do wrong?!
If you’re seeing this it means you’re just like me and you didn’t bother to read the Installation Guide.
In R2 there’s a tiny little extra step you need to do after creating the domain and before starting the AdminServer.
Basically it amounts to this:
$MW_HOME/oracle_common/common/bin/wlst.sh \
$ORACLE_HOME/common/tools/configureSecurityStore.py \
-d $IAM_DOMAIN_LOCATION \
-m create \
-c IAM \
-p $ORA_PASS
$MW_HOME/oracle_common/common/bin/wlst.sh \
$ORACLE_HOME/common/tools/configureSecurityStore.py \
-d $IAM_DOMAIN_LOCATION \
-m validate
Where
- $MW_HOME is where you put the Middleware home (e.g. ~/Oracle/Middleware)
- $ORACLE_HOME is the Oracle IAM home (e.g. ~/Oracle/Middleware/Oracle_IAM1)
- $IAM_DOMAIN_LOCATION is the domain home (e.g. ~/Oracle/Middleware/user_projects/domains/OAMDomain)
- $ORA_PASS is the password needed to talk to the database
It’s easy enough to recover if you didn’t take a snapshot in VirtualBox. Just stop the AdminServer and oam_server1, recreate the domain, rerun the RCU to drop and recreate the OAM schema. Then run the wlst commands above before you start it again.
I think you might actually be able to get away without recreating the domain but I haven’t tried it myself.
All content listed on this page is the property of Oracle Corp. Redistribution not allowed without written permission