• Find us:
    +1 415 655 1723   |   +91-844-844-8901
  • Free Newsletter

     
     

  • Archive

  • Categories


  • No High Availability support for OAM Access SDK

    Posted by "" in "OAM" on 2014-12-04

    If you are planning to go ahead with high availability with Oracle Access Manager and custom Access gates, then you should be aware of a limitation that you may encounter when you are ready to test the integrated application.

    As of the latest release of Oracle Access Manager 11.1.2.2.0 (Dec 2014), there is no high availability support for Access Gates.

    Following are the two ERs related to the limitation:

    12323879 – JAVA ASDK DOES NOT SUPPORT MULTIPLE PRIMARY AND SECONDARY SERVERS

    11740918 – TRACKING BUG: NAP LIBRARY SUPPORT FOR MULTIPLE PRIMARY AND SECONDARY SERVERS

     

    You can also have a look at the following note on Oracle Support :

      Doc ID 1562817.1 

    When you create OAM Agents for highly available OAM deployment, you can find the multiple server entries Primary Server List on OAM Agent page. You then copy these artefacts including ObAccessClient.xml to the appropriate access gate agent client. On initializing the access gate client, you will find the following error in the logs:

     

    14:20:03,775 SEVERE [oracle.security.am.asdk] (ajp-/0.0.0.0:8009-2) Internal error.: java.lang.Exception: No Entry found for Primary server.

    at oracle.security.am.common.aaaclient.ObAAAServiceClient.initialize(ObAAAServiceClient.java:1197) [oamsdk-11.1.2.1.0.jar:11.1.2.0.0]

    at oracle.security.am.common.aaaclient.ObAAAServiceClient.<init>(ObAAAServiceClient.java:888) [oamsdk-11.1.2.1.0.jar:11.1.2.0.0]

    at oracle.security.am.asdk.AccessClient.createClient(AccessClient.java:1546) [oamsdk-11.1.2.1.0.jar:11.1.2.0.0]

    at oracle.security.am.asdk.AccessClient.initializeHelper(AccessClient.java:1230) [oamsdk-11.1.2.1.0.jar:11.1.2.0.0]

    at oracle.security.am.asdk.AccessClient.initialize(AccessClient.java:1369) [oamsdk-11.1.2.1.0.jar:11.1.2.0.0]

    at oracle.security.am.asdk.AccessClient.<init>(AccessClient.java:928) [oamsdk-11.1.2.1.0.jar:11.1.2.0.0]

    at oracle.security.am.asdk.AccessClient.createDefaultInstance(AccessClient.java:349) [oamsdk-11.1.2.1.0.jar:11.1.2.0.0]

    at com.k21.oamclient.OAMAgent.getAccessClient(OAMAgent.java:286) [oam-integration.jar:]

    at com.k21.oamclient.OAMAgent.process(OAMAgent.java:152) [oam-integration.jar:]

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:734) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]

    at org.exoplatform.container.web.AbstractHttpServlet.onService(AbstractHttpServlet.java:183) [exo.kernel.container-2.4.7-GA-redhat-1.jar:2.4.7-GA-redhat-1]

    at org.exoplatform.container.web.AbstractHttpServlet.service(AbstractHttpServlet.java:132) [exo.kernel.container-2.4.7-GA-redhat-1.jar:2.4.7-GA-redhat-1]

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:832) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:620) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:553) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:482) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage(FormAuthenticator.java:372) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:265) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.2.1.Final-redhat-10.jar:7.2.1.Final-redhat-10]

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:488) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:420) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

    at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_30]

     

    14:20:03,783 SEVERE [oracle.security.am.asdk] (ajp-/0.0.0.0:8009-2) Oracle Access SDK initialization failed. : oracle.security.am.asdk.AccessException: OAMAGENT-02072: Failed to perform create access client operation.

    at oracle.security.am.asdk.AccessClient.createClient(AccessClient.java:1565) [oamsdk-11.1.2.1.0.jar:11.1.2.0.0]

    at oracle.security.am.asdk.AccessClient.initializeHelper(AccessClient.java:1230) [oamsdk-11.1.2.1.0.jar:11.1.2.0.0]

     

    To get rid of this you can use one OAM server as the primary and another as secondary. In this case, the primary OAM server serves all OAM requests. On event of failure, the secondary server starts serving the requests.

    Another solution would be to add a TCP based load balancer to front-end the server NAP/OAP endpoints. But I have not tested this option. Tell us if you try this out.

    Please leave comments if you have any other workarounds. Thanks.

     

    Leave a Reply

    Your email address will not be published. Required fields are marked *



  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.
  • CONTACTS

    K21 Technologies
    128 Uxbridge Road, Hatchend,,
    London, HA5 4DS

    US: +1 415 655 1723
    India: +91-844-844-8901

  • Copyright 2019, K21 Technologies. All rights reserved
  • TOP
    TOP