Create User and set Role in WLST

connect('weblogic','welcome1','t3://localhost:8001')

edit()

wls:/base_domain/serverConfig>startEdit(-1,-1,'false')

serverConfig()

easeSyntax()

wls:/base_domain/serverConfig/cd SecurityConfiguration/base_domain/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator

wls:/base_domain/serverConfig/SecurityConfiguration/base_domain/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator> cmo.createUser ('robin','welcome1','test')

wls:/base_domain/serverConfig/SecurityConfiguration/base_domain/Realms/myrealm/RoleMappers/XACMLRoleMapper> cmo.setRoleExpression ('','Anonymous','Usr(robin)')

wls:/base_domain/serverConfig/SecurityConfiguration/base_domain/Realms/myrealm/RoleMappers/XACMLRoleMapper> save
<function save 1>

wls:/base_domain/serverConfig/SecurityConfiguration/base_domain/Realms/myrealm/RoleMappers/XACMLRoleMapper> activate
<function activate 2>

Set the MaxRequestParamterCount Value

Error:
weblogic.utils.http.MaxRequestParameterExceedException
at weblogic.utils.http.QueryParams.checkLimit(QueryParams.java:52)
at weblogic.utils.http.QueryParams.getCurrentAndCheck(QueryParams.java:46)
at weblogic.utils.http.QueryParams.put(QueryParams.java:79)

Description:
The default value of MaxRequestParamterCount is 10,000, crossing which would cause a MaxRequestParameterExceedException

Solution:
1.We can apply patch 13656558 for version 10.3.6, but since it is a security patch it is not freely available
Instead we can upgrade our version to 10.3.6.0.4 by applying patch 16083651.
(patch 16083651already in itself includes the patch 13656558).

2. Follow Doc ID 1505598.1

The MaxRequestParamterCount can be set in 3 places:

    On the WebAppContainerMBean, which is under the DomainMBean and has domain wide effect.
    On the WebServerMBean, which is under ServerMBean and has effect on only JVM. 
    This overrides settings on the WebAppContainerMBean.
    On the VirtualHostMBean. Virtual hosts, like servers, are under DomainMBean. 
    This overrides settings on the WebAppContainerMBean.

Use WLST to set it
 
WebAppContainerMBean:

$ connect('<user>','<pwd>','<admin_url>')
$ edit()
$ startEdit()
$ cmo.getWebAppContainer().setMaxRequestParamterCount(1000)
$ save()
$ activate()
$ exit()

WebServerMBean:

$ connect('<user>','<pwd>','<admin_url>')
$ edit()
$ startEdit()
$ cd('Servers/<server-name>')
$ cmo.getWebServer().setMaxRequestParamterCount(1000)
$ save()
$ activate()
$ exit()

For VirtualHostMBean:
$ connect('<user>','<pwd>','<admin_url>')
$ edit()
$ startEdit()
$ cd('VirtualHosts/<virtualhost>')
$ cmo.setMaxRequestParamterCount(1000)
$ save()
$ activate()
$ exit()



I tried making the change in my 12.1.1.0.3 and it works fine.

Adminserver.log
####<Aug 21, 2013 10:45:03 AM IST> <Info> <Management> <****> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1377062103640> <BEA-000000> <Version: WebLogic Server 12.1.1.0.3 PSU Patch for BUG14736141 Mon Dec 17 02:10:51 MST 2012


cmd

D:\work\wls\wls12.1.1\user_projects\domains\base_domain\bin>setDomainEnv.cmd
D:\work\wls\wls12.1.1\user_projects\domains\base_domain>cd D:\work\wls\wls12.1.1
\wlserver_12.1\common\bin
D:\work\wls\wls12.1.1\wlserver_12.1\common\bin>
D:\work\wls\wls12.1.1\wlserver_12.1\common\bin>wlst.cmd
wls:/base_domain/config> connect('weblogic','welcome1','t3://localhost:8001')
wls:/base_domain/config> easeSyntax()
wls:/base_domain/serverConfig/Servers/m1/WebServer/m1>
wls:/base_domain/serverConfig/Servers/m1/WebServer/m1> edit
<function edit 3>
wls:/base_domain/edit> cd Servers
wls:/base_domain/edit/Servers> cd m1
wls:/base_domain/edit/Servers/m1> cd WebServer
wls:/base_domain/edit/Servers/m1/WebServer> cd m1
wls:/base_domain/edit/Servers/m1/WebServer/m1> startEdit ()  
Starting an edit session ...
Started edit session, please be sure to save and activate your
changes once you are done.
wls:/base_domain/edit/Servers/m1/WebServer/m1 !> cmo.getMaxRequestParamterCount()
10000
wls:/base_domain/edit/Servers/m1/WebServer/m1 !> cmo.setMaxRequestParamterCount(-1)
wls:/base_domain/edit/Servers/m1/WebServer/m1 !>ls
wls:/base_domain/edit/Servers/m1/WebServer/m1 !> ls
dr--   Targets
dr--   WebServerLog
-rw-   AcceptContextPathInGetRealPath               false
-rw-   AuthCookieEnabled                            true
-rw-   Charsets                                     null
-rw-   ChunkedTransferDisabled                      false
-rw-   ClientIpHeader                               null
-rw-   DefaultWebAppContextRoot                     null
-rw-   DeploymentOrder                              1000
-rw-   FrontendHTTPPort                             0
-rw-   FrontendHTTPSPort                            0
-rw-   FrontendHost                                 null
-rw-   HttpsKeepAliveSecs                           60
-rw-   KeepAliveEnabled                             true
-rw-   KeepAliveSecs                                30
-rw-   MaxPostSize                                  -1
-rw-   MaxPostTimeSecs                              -1
-rw-   MaxRequestParamterCount                      -1

wls:/base_domain/edit/Servers/m1/WebServer/m1 !> save
<function save 4>
wls:/base_domain/edit/Servers/m1/WebServer/m1 !> save ()
Saving all your changes ...
Saved all your changes successfully.  

Reference:

Doc ID 1505598.1

popup appears multilpe times

Problem : 
ADF application times out with message

"Page Expired The page has expired. Click OK to continue."

if this message is left for a while, sometimes the following message is displayed multiple times:

"Because of inactivity, your session has timed out and is no longer active.
Click OK to reload the page."

solution : patch 13366844 for WLS 10.3.6

JCA binding

error message : 
 <Error> <oracle.soa.adapter> <BEA-000000> <JCABinding=>  SCA_Oracle*_Aceva:Oracle*_FileWrite [ Write_ptt::Write(body) ]  Could not invoke operation 'Write' against the 'File Adapter' due to:
BINDING.JCA-11063
Unable to acquire mutex for interaction.
Unable to acquire mutex for interaction.
Unable to acquire lock on resource "/*/*/soa_nfs/data/*/file/*PAYMENT/output*.tmp" for "DatabaseMutex::acquireNoSave"

This is a SOA bug 13344070

Native Library(terminalio) not found

Error message :
<Mar 4, 2013 9:31:55 AM PST> <Info> <Security> <BEA-090065> <Getting boot identity from user.>
Enter username to boot WebLogic server:<Mar 4, 2013 9:31:55 AM PST> <Error> <Security> <BEA-090782> <Server is Running in Production Mode and Native Library(terminalio) to read the password securely from commandline is not found.>
<Mar 4, 2013 9:31:55 AM PST> <Notice> <WebLogicServer> <BEA-000388> <JVM called WLS shutdown hook. The server will force shutdown now

Soln:
Looks like  library "terminalio" is missing on your system, this is a OS related issue, however you can workaround this in weblogic by the following method.

Go to the domain / server / security folder for example :
user_projects\domains\base_domain\servers\AdminServer\security
if security folder is not found under adminserver, go ahead an create it. and provide it 777 permissions (chmod -r -R 777 security)
for unix system ->

cd user_projects\domains\base_domain\servers\AdminServer\
mkdir security
chmod 777 security/

under security folder create a new file called boot.properties and enter the values of weblogic username and password and save + exit.

for unix system ->

cd security/
vi boot.properties
esc + i
username=XXXX
password=XXXX

esc + :wq

for windows system ->

under security
right click -> New Text Document.txt
open it
username=XXXX
password=XXXX

file - save as -
file name : boot.properties
save as type : All files

save

repeat the same procedure for your managed server as well.

start your admin server

jdk1.6.0_37/bin/java: not found

Description : after installing wls 10.3.6 64 bit and jdk 1.6u37 64 bit sparc we are not able to start weblogic
Error message : jdk1.6.0_37/bin/java: not found

Solution : download the 64 bit jdk as well as 32 bit jdk from
http://www.oracle.com/technetwork/java/archive-139210.html

Place them on winSCP and upload using binary mode.

Provide chmod 777 *.sh to both the files.

-rwxrwxrwx   1 slcruser other    12721088 Jan 31 00:16 jdk-6u37-solaris-sparcv9.sh
-rwxrwxrwx   1 slcruser other    76926483 Jan 31 00:17 jdk-6u37-solaris-sparc.sh

install the 32 bit version first ( jdk-6u37-solaris-sparc.sh) and later the 64 bit version (jdk-6u37-solaris-sparcv9.sh) on the same path as 32 bit version and provide this new path of jdk in setdomainenv.sh

refer my earlier blog
"http://robin4444.blogspot.in/2011/05/change-java-version-jdk-of-weblogic.html"
on how to update setdomainenv.sh with the new jdk path.

GSSException No valid credentials provided Mechanism level Failed to find any Kerberos Ticket Key

Error message :
Caused By: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Key)

    Cause:
This may occur if no valid Kerberos credentials are obtained. In particular, this occurs if you want the underlying mechanism to obtain credentials but you forgot to indicate this by setting the javax.security.auth.useSubjectCredsOnly system property value to false (for example via -Djavax.security.auth.useSubjectCredsOnly=false in your execution command).

    Solution:
Be sure to set the javax.security.auth.useSubjectCredsOnly system property value to false if you want the underlying mechanism to obtain credentials, rather than your application or a wrapper program (such as the Login utility used by some of the tutorials) performing authentication using JAAS.

Stop the admin server
Modify the startWebLogic.sh file located in DOMAIN_HOME/bin
add the flag -Djavax.security.auth.useSubjectCredsOnly=false in java_options
save and start your admin server

below is a typical example assuming your weblogic is on linux box

Modify the startWebLogic.sh file located in DOMAIN_HOME/bin

Locate the following line:
# Start WebLogic

Below this line, add the following, replacing the correct path to krb5Login.conf:
JAVA_OPTIONS=”${JAVA_OPTIONS} -Djava.security.auth.login.config=/opt/Oracle/Middleware/user_projects/domains/base_domain/krb5Login.conf –Djavax.security.auth.useSubjectCredsOnly=false –Dweblogic.security.enableNegotiate=true”
export JAVA_OPTIONS

Save the file. Start the Administration Server


For Windows
Modify the startWebLogic.cmd file located in DOMAIN_HOME\bin (default is c:\Oracle\Middleware\user_projects\domains\base_domain\bin\startWebLogic.cmd)

Locate the following line:
@REM START WEBLOGIC

Below this line, add the following:

set JAVA_OPTIONS=%JAVA_OPTIONS% -Djava.security.auth.login.config=%DOMAIN_HOME%\krb5Login.conf –Djavax.security.auth.useSubjectCredsOnly=false –Dweblogic.security.enableNegotiate=true

Ref : http://docs.oracle.com/javase/1.5.0/docs/guide/security/jgss/tutorials/Troubleshooting.html

webserver ip address is being recorded instead of client ip address after enabling WebLogic Plug-In Enabled option in console

webserver ip address is being recorded instead of client ip address after enabling WebLogic Plug-In Enabled option in console (<weblogic-plugin-enabled>true</weblogic-plugin-enabled>)


1. Checked the plugin version by hitting the url
http://<host>:<port>/?__WebLogicBridgeConfig  (console ip and port)
found it to be 1.1

WebLogic Server Plugin version 1.1,
<WLSPLUGINS_11.1.1.6.0_WINDOWS.X64_RELEASE>

Ref : Doc id 1285304.1

2. Made sure that the customer has enabled WebLogic Plug-In Enabled option at the below places

Environment >>> clusters >>  CLUSTER NAME > configuration -> general tab -> WebLogic Plug-In  Enabled (checked)
Environment >>> SERVER >> SERVER NAME > General -> Advanced -> WebLogic Plug-In Enabled (checked)
Domain_Name >>> Configuration Tab > Web Applications Tab  -> WebLogic Plug-In Enabled (checked)

3. Enabled debugs in webserver config file
Debug ALL
DebugConfigInfo ON

Ref : Doc ID 780007.1

Later realized that customer has installed  Microsoft TMG server in the same machine as that of webserver which is masking the client ip.