The reconfigure script to upgrade a WebLogic Server domain from version 12.1.1 to version 12.1.2 exits with an error. The issue seems to be with a custom Identity Asserter, in this case "Oracle Access Manager Identity Asserter." The error message is:
2014-02-11 09:12:44,752 INFO [AWT-EventQueue-0] com.oracle.cie.wizard.help.DefaultHelpProvider - Initializing help implementation....
2014-02-11 09:12:45,605 INFO [AWT-EventQueue-0] com.oracle.cie.domain.DomainRegistryWrapper - need to initialize domainRegistrydocument object
2014-02-11 09:13:35,547 WARNING [44] weblogic.upgrade.Upgrade - /web/oracle/Middleware/oracle_common/common/lib/:10:7: error: failed to load java type corresponding to t=oam-identity-asserterType@http://www.bea.com/ns/weblogic/90/security/extension
2014-02-11 09:13:35,550 SEVERE [Thread-4] com.oracle.cie.domain.WLSCoreReconfigurator - Reconfiguration failed
java.lang.reflect.InvocationTargetException
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:601)
  at com.oracle.cie.common.ReflectionHelper.process(ReflectionHelper.java:48)
  at com.oracle.cie.domain.WLSCoreReconfigurator.run(WLSCoreReconfigurator.java:150)
  at java.lang.Thread.run(Thread.java:722)
Caused by: weblogic.upgrade.UpgradeException: UPGWLS-03503: The domain configuration file {0} is not valid.
  at weblogic.upgrade.Upgrade.parseConfig(Upgrade.java:172)
  at weblogic.upgrade.Upgrade.upgradeDomain(Upgrade.java:118)
  ... 7 more
2014-02-11 09:13:35,551 SEVERE [Thread-4] com.oracle.cie.domain.WLSCoreReconfigurator - Reconfiguration Failed!

 

Cause

Reconfiguring a domain to 12.1.2 fails if a custom authenticator provider is configured in the 11g domain. Unpublished defect 16881772 examined this issue.

Solution

To work around the issue, please perform these steps:

  1. Back up the complete 12.1.1 domain directory, and note the details for the custom authentication provider: these can be found in the DOMAIN_HOME/config/config.xml file for the 12.1.1 domain. For example:
    <sec:authentication-provider xmlns:ext="http://www.bea.com/ns/weblogic/90/security/extension" xsi:type="ext:oam-identity-asserterType">
      <n1:name xmlns:n1="http://www.bea.com/ns/weblogic/90/security">OAM Identity Asserter</n1:name>
      <n2:control-flag xmlns:n2="http://www.bea.com/ns/weblogic/90/security">REQUIRED</n2:control-flag>
    </sec:authentication-provider>
  2. In the 12.1.1 domain, delete the custom authentication provider entirely.
  3. Run the reconfig.sh script -- it should complete successfully.
  4. In the 12.1.2 (reconfigured) domain, start the admin server and navigate to the WLS admin console.
  5. Configure the custom authentication provider in the new domain, using the parameters you saved in step 1.
  6. Restart the admin server. You should now have a 12.1.2 domain using your custom authentication provider.
A more flexible solution is planned for WLS 12.1.3.

 NOTE: It is also possible to cut the XML stanza for the authentication provider from the 12.1.1 config.xml file and paste it into the 12.1.2 config.xml file after the upgrade. However, Oracle does not recommend this approach because it can be error-prone and lead to XML problems which would prevent the server from starting successfully. Setting up the custom authentication provider in the admin console will also ensure that the setup is clean and uses current settings.

0 Comments