Saturday, April 16, 2016

My Slides from Collaborate 2016

Geeks,

Following are my slides from Collaborate 2016 in Las Vegas.

My first session 'Architecting for the Cloud' was full house and it was great to see audience response as many of them asked me about the slides after the session. Unfortunately the OES session got low attendance as it was scheduled to be last session on Wednesday and many people left for the party.

Here are my slides from the it. See you sometime in future.

Architecting for the Cloud: Best Practices







Build Fine-Grained Authorization for WebCenter Using Oracle Entitlements Server (OES)




Wednesday, April 6, 2016

My Sessions at Collaborate 2016 in Las Vegas

Hello Geeks,

I will be presenting 2 topics at IOUG Collaborate 2016 in Las Vegas. I will be talking about Architecting for the Cloud and Oracle Entitlement Server Integration with WebCenter.

The special thing about these 2 sessions that these sessions are selected for IOUGenius Certificate...what it is ? I will copy some exerts from IOUG website for more details visit http://collaborate.ioug.org/certificates

So make sure you mark you calendars to attend my session Learn and Earn.. see my session details below.

  1. 1380 - Architecting For the Cloud: Best Practices
  2. 1351 - Build Fine-Grained Authorization for WebCenter Using Oracle Entitlements Server


#IOUGenius Certificates
Looking for an easy way to demonstrate the skills you'll gain by attending COLLABORATE 16? Earn an #IOUGenius Certificate!
Each set of certificate sessions has been selected by the IOUG Conference Committee to provide a comprehensive overview of skills, techniques and insights that will be critical for Oracle database and technology professionals.

How to Earn Your Certificate
  • Choose a certificate that benefits you and your company the most.
  • Find eligible sessions on your mobile app device by using the hashtags below.
  • “Check-in” to 4+ sessions on your mobile app.
  • Email us at speakers@ioug.org to receive your #IOUGenius e-certificate(s).
  • Display your certificate(s) and make sure your co-workers and supervisors know you are an #IOUGenius! 

My sessions at Collaborate 2016 in Las Vegas



Happy Learning,
Zeeshan Baig

Tuesday, March 8, 2016

Quick Tip: Linux How to Enable X11 Forwarding in a SSH sudo Session

Hi,

Recently I had to install some Oracle products for a customer. I provided my list of pre-requisites to them as per Oracle docs. We usually create a user called 'oracle' as Linux software owner but due to security reasons we didn't had access to 'oracle' user directly. Instead everyone have their own ID (For example zbaig) and then you run the sudo command to switch user.

Tools:


  • You need X server running on your desktop. I use Xming because it is lightweight. 
  • Make sure you have X11 Forwarding enabled in SSH utility like PuTTY or Secure Shell
  • Make sure X11 is enabled on the Linux server by root 


Problem:


The X11 was working when you log in directly in SSH (like with zbaig) but it wasn't working when I issue sudo command as follows

[zbaig@server1] sudo -i -u oracle

[sudo] password for zbaig:
[zbaig@server1] xclock

Error: Can't open display:

Solution:


You need to enable X11 for the other user as well, run the following commands

[zbaig@server1] /home/home01/zbaig $ xauth list
server2/unix:10  MIT-MAGIC-COOKIE-1  d3ce0c405b6ed8991916e47f8d532aef
server1/unix:10  MIT-MAGIC-COOKIE-1  a7c707e46943228264045845244d5c3c

[zbaig@server1] /home/home01/zbaig $ sudo -i -u oracle
[sudo] password for zbaig:


In the following "xauth add" command paste the output of above command of 'server1' (you might see other COOKIE list as well, but use the server you are working on)

[oracle@server1] /usr/home/oracle $ xauth add server1/unix:10  MIT-MAGIC-COOKIE-1  a7c707e46943228264045845244d5c3c
xauth:  creating new authority file /usr/appl/nes/home/oracleuser/.Xauthority

[oracle@server1] /usr/home/oracle $ xclock


All should be good.

Hope you find this useful,

@IamZeeshanBaig

Friday, February 26, 2016

Resolving : BEA-090892 - The loading of OPSS java security policy provider failed due to exception

Hi,

A quick tip here this error could occur for many reasons I am documenting only one of the cases here. Sometimes when you create WebLogic cluster and after pack and unpack your domain files some Java security policies does not get updated on second node.

Problem:


When you try to start a Managed server you might see the following error in the logs and it will fail to start a server. In my case I was installing Oracle Entitlement Server (OES) in a cluster environment. (I have seen this exception on other occasions as well so its good to get it documented).

(For Solution scroll down after error log)   

<Feb 22, 2016 3:30:35 PM CST> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OES_SYMMETRIC_KEY_MAP,keyName=OES_SYMMETRIC_KEY_alias" "read")>
<Feb 22, 2016 3:30:35 PM CST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OES_SYMMETRIC_KEY_MAP,keyName=OES_SYMMETRIC_KEY_alias" "read")
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OES_SYMMETRIC_KEY_MAP,keyName=OES_SYMMETRIC_KEY_alias" "read")
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
        at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:888)
        at weblogic.security.SecurityService.start(SecurityService.java:141)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        Truncated. see log file for complete stacktrace
Caused By: java.lang.RuntimeException: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OES_SYMMETRIC_KEY_MAP,keyName=OES_SYMMETRIC_KEY_alias" "read")
        at oracle.security.jps.az.internal.runtime.encryption.CipherServiceFactory.getService(CipherServiceFactory.java:86)
        at oracle.security.jps.az.internal.runtime.pd.receiver.UpdatePolicySet.initCipherService(UpdatePolicySet.java:261)
        at oracle.security.jps.az.internal.runtime.pd.receiver.UpdatePolicySet.<init>(UpdatePolicySet.java:189)
        at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initializeControlledPD(PDPServiceImpl.java:590)
        at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initial(PDPServiceImpl.java:682)
        Truncated. see log file for complete stacktrace
Caused By: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OES_SYMMETRIC_KEY_MAP,keyName=OES_SYMMETRIC_KEY_alias" "read")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:395)
        at java.security.AccessController.checkPermission(AccessController.java:559)
        at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:478)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:538)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:564)
        Truncated. see log file for complete stacktrace
>
<Feb 22, 2016 3:30:35 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Feb 22, 2016 3:30:35 PM CST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Feb 22, 2016 3:30:35 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>


Solution:


Solution is grant permissions to Java Security on WebLogic resources, In my case it was Oracle entitlement server (OES) so I had to add following to weblogic.policy file where all the security policies are defined for WLS resources.

1. Add the following to weblogic.policy file located at $MIDDLEWARE_HOME/wlserver_10.3/server/lib 

grant codeBase "file:${oes.client.home}/-" {
        permission java.security.AllPermission;
};
 2. Start the Managed server again 

Hope it helps

Cheers,
Zeeshan Baig

Thursday, February 18, 2016

Presentation Slide: Cloud Explorations - Patterns and Practices

Hi,

Last week I presented a topic on Architecture for the Cloud Platform at RMOUG. The session went well I had around 20-25 people at 8:30 AM so no complains.

Here are the slides from the session.