Oracle Identity Governance (2023)

Issue

When you click the Request Access tile in the Self Service tab of Oracle Identity Self Service, the Request for Others option should be enabled only for authorized users and managers. However, the Request for Others option is enabled for all users irrespective of authorization.

Issue

When using the Deployment Manager, session time-out warning message is displayed although the system is not idle.

Currently, there is no workaround for this issue. Click OK on the warning message box and continue.

Issue

In an Oracle Identity Governance deployment that has been upgraded from an earlier release, when you click Release Configuration in Oracle WebLogic Console, the following error is generated:

weblogic.management.provider.EditFailedException: Error loading jdbc/oimMDS-jdbc.xml

This error does not have any functional impact on the WebLogic configuration.

Workaround

To workaround this issue, open the following DataSource configurations, make any changes, and then save and activate the changes:

• ApplicationDB

• mds-oim

• oimJMSStoreDS

• oimOperationsDB

• soaOIMLookupDB

Issue

LDAP synchronization, or integration between Oracle Identity Governance (OIG) and Oracle Access Manager (OAM) by using the IDMConfigTool is not supported in Oracle Identity Governance 12c (12.2.1.3.0) or Oracle Identity Governance 12c (12.2.1.4.0).

Oracle Identity Governance 12c (12.2.1.3.1) release onwards, OAM-OIG integration using LDAP Connectors is supported. For more information, see What's New in Oracle Identity Management Integration.

Workaround

If you have upgraded from Release 11.1.2.3 to Release 12.2.1.3, then you can continue with LDAP synchronization, as described in Enabling LDAP Synchronization in Oracle Identity Manager in Integration Guide for Oracle Identity Management Suite for Release 11.1.2.3.

Issue

During heavy loads, Oracle Identity Governance servers throw error due to PS_TXN table space issue.

Workaround

For instructions on how to resolve this issue, see My Oracle Support document ID 1444959.1

Issue

When Internet Explorer is used, OJET Web Context does not show browser URL in the Organization Provisioning and Resource History pages.

Issue

After installing and configuring Oracle Identity Governance and starting all servers, an unusual build up of diagnostic logs is shown in the $DOMAIN_HOME/servers/oim_server/logs/ directory of the Oracle Identity Governance managed server. The logs show the following:

[tenant-name: GLOBAL] Exception info[[oracle.jbo.ReadOnlyDefObjectException: JBO-25075: DefinitionAvailableServicesVO of type ViewObject is read-only. Cannot modify itat oracle.jbo.server.MetaObject.checkEditable(MetaObject.java:328)at oracle.jbo.server.ViewDefImpl.setSelectClause(ViewDefImpl.java:3864)at

Workaround

To fix this issue:

Issue

When you log in to Oracle Identity Self Service and view certification reports, the logo is displayed in the PDF, HTML, and RTF formats of the report. However, the logo is not displayed in the RTF, Excel, Excel 2000, and CSV formats of the report.

Similarly, when you log in to Oracle BI Publisher Enterprise and view certification reports, the logo is displayed in the PDF, HTML, and RTF formats. However, the logo is not displayed in the Excel (mhtml), Excel (html), and CSV formats of the report.

Issue

In a clustered deployment of Oracle Identity Governance, when a node fail over occurs, clicking Approve on the Request Approval page throws an exception, and displays 404 Page Not Found on the page. The exception is:

<Mar 11, 2019 3:03:49,288 AM PDT> <Error> <Cluster> <BEA-003144> <All sessionobjects should be serializable to replicate. Check the objects in thesession. Failed to replicate a non-serializable object in context /identity.java.rmi.UnmarshalException: error unmarshalling arguments; nested exceptionis:java.io.InvalidClassException: filter status: REJECTEDat weblogic.utils.StackTraceDisabled.unknownMethod()Caused By: java.io.InvalidClassException: filter status: REJECTEDat weblogic.utils.StackTraceDisabled.unknownMethod()> <Mar 11, 2019 3:03:49,909 AM PDT> <Warning><oracle.adfinternal.view.faces.renderkit.rich.RegionRenderer><ADF_FACES-60099> <The region component with id: pt1:_d_reg:region2 hasdetected a page fragment with multiple root components. Fragments with morethan one root component may not display correctly in a region and may have anegative impact on performance. It is recommended that you restructure thepage fragment to have a single root component.><Mar 11, 2019 3:03:50,175 AM PDT> <Error> <Cluster> <BEA-003144> <All sessionobjects should be serializable to replicate. Check the objects in thesession. Failed to replicate a non-serializable object in context /identity.java.rmi.UnmarshalException: error unmarshalling arguments; nested exceptionis:java.io.InvalidClassException: filter status: REJECTEDat weblogic.utils.StackTraceDisabled.unknownMethod()Caused By: java.io.InvalidClassException: filter status: REJECTEDat weblogic.utils.StackTraceDisabled.unknownMethod()

Workaround

The issue can be resolved by updating the setDomainEnv.sh file with the following Java property in each node of the cluster, and then starting the WebLogic server:

-Dweblogic.oif.serialFilter=maxdepth=250

Issue

You can add duplicate entries in Lookups by using the Design Console without encountering any errors. But when duplicate entries are added to Lookups by using the Identity System Administration, then the following error is logged:

[2019-07-02T01:12:18.848-07:00] [oim_server1] [WARNING] [][oracle.adf.controller.faces.lifecycle.Utils] [tid: [ACTIVE].ExecuteThread:'11' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm][ecid: 3a5b75b9-1f43-49ac-adac-ee9126ffbf38-00021c4b,0] [APP:oracle.iam.console.identity.sysadmin.ear] [partition-name: DOMAIN][tenant-name: GLOBAL] [DSID: 0000MilixkrBLA85RjP5id1T4nxP00006z] ADF: Addingthe following JSF error message: IAM-0120030:A system error #1562055138838has occurred. Please contact System Administrator.[[oracle.iam.ui.platform.exception.OIMRuntimeException: IAM-0120030:A systemerror #1562055138838 has occurred. Please contact System Administrator.

The error is generated because duplicate entries are not allowed in Lookups.

In the Certification Dashboard in Identity Self Service:

• A label is missing for the table that lists the certifications
• Alt texts are missing for the values in the Percent Complete column

These are violations of the accessibility guidelines but do not lead to any loss of functionality.

Issue

In the Reassign Task dialog box, if you select the Transfer ownership to another user or group option and search for a specific user by selecting All, then the following error is displayed:

Search failed with an error. Queried participants exceeds limit.. Use a better search query, which returns allowed number of participants

The following error is logged:

[2019-01-17T21:12:48.807-08:00] [oim_server1] [WARNING] [] [org.apache.myfaces.trinidad.util.ComponentUtils] [tid: [ACTIVE].ExecuteThread: '25' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 5f2d732c-eb4e-410d-91ca-d56dc3deaa71-0000d9a7,0] [APP: oracle.iam.console.identity.self-service.ear] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: 0000MXVKjvQ3b6kpGwK6yf1SG3ph00007Q] Could not find the component with scopedId ::idSearchButton1 from RichInputText[UIXEditableFacesBeanImpl, id=idSearchStringField] with the supported syntax. The component was found with the deprecated syntax. Please use the supported syntax. [2019-01-17T21:12:48.808-08:00] [oim_server1] [WARNING] [] [org.apache.myfaces.trinidad.util.ComponentUtils] [tid: [ACTIVE].ExecuteThread: '25' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 5f2d732c-eb4e-410d-91ca-d56dc3deaa71-0000d9a7,0] [APP: oracle.iam.console.identity.self-service.ear] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: 0000MXVKjvQ3b6kpGwK6yf1SG3ph00007Q] Could not find the component with scopedId ::idSearchButton1 from RichInputText[UIXEditableFacesBeanImpl, id=idSearchStringField] with the supported syntax. The component was found with the deprecated syntax. Please use the supported syntax. [2019-01-17T21:12:48.811-08:00] [oim_server1] [WARNING] [] [org.apache.myfaces.trinidad.util.ComponentUtils] [tid: [ACTIVE].ExecuteThread: '25' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 5f2d732c-eb4e-410d-91ca-d56dc3deaa71-0000d9a7,0] [APP: oracle.iam.console.identity.self-service.ear] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: 0000MXVKjvQ3b6kpGwK6yf1SG3ph00007Q] Could not find the component with scopedId ::idSearchButton1 from RichInputText[UIXEditableFacesBeanImpl, id=idSearchStringField] with the supported syntax. The component was found with the deprecated syntax. Please use the supported syntax. [2019-01-17T21:12:48.834-08:00] [oim_server1] [ERROR] [] [oracle.soa.services.workflow.worklist] [tid: [ACTIVE].ExecuteThread: '25' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 5f2d732c-eb4e-410d-91ca-d56dc3deaa71-0000d9a7,0] [APP: oracle.iam.console.identity.self-service.ear] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: 0000MXVKjvQ3b6kpGwK6yf1SG3ph00007Q] <oracle.bpel.worklistapp.dc.idbrowser.beans.controller.IdentityBrowserControll er.executeSearch> Search failed with an error [2019-01-17T21:12:48.863-08:00] [oim_server1] [WARNING] [] [org.apache.myfaces.trinidad.component.UIXComponentBase] [tid: [ACTIVE].ExecuteThread: '25' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 5f2d732c-eb4e-410d-91ca-d56dc3deaa71-0000d9a7,0] [APP: oracle.iam.console.identity.self-service.ear] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: 0000MXVKjvQ3b6kpGwK6yf1SG3ph00007Q] getClientId should not be called while the view is being constructed. Component ID: j_id110

Workaround

To avoid this issue, if you search by selecting All, then perform a blank search and do not provide a search value. If you want to search for a specific user, then select the User option.

Sometimes the following error is logged when starting the server or clicking a user:

ADFCONTEXT LEAK DETECTED. JAVA.LANG.THROWABLE: DIAGNOSTIC AID

This is a benign error message and does not cause any loss of functionality.

When you access the Identity Self Service by using the Edge web browser, while creating an application, when you open the Advanced Settings dialog box from the Schema page, the Account Discriminator checkbox is displayed as dotted.

However, this does not result to any functional loss.

Issue

Running the bulk load utility on a Windows host fails with the following error:

Error:Error:Compiling Procedures ....Compilation done...Enter password for OIM database user again :Exception in thread "main" java.lang.ClassNotFoundException:oracle.jdbc.driver.OracleDriver at java.net.URLClassLoader.findClass(URLClassLoader.java:382) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:264) at bulkload.BulkloadUtil.getConnection(BulkloadUtil.java:163) at bulkload.UserLoad.main(UserLoad.java:996)

Workaround

To workaround this issue:

1. Search and download the ojdbc8.jar file from Oracle Technology Network web site at:

   https://www.oracle.com/technical-resources/

2. Place the ojdbc8.jar file in the OIG database $ORACLE_HOME/jdbc/lib/ directory.
3. Re-run the bulk load utility.

Issue

In Oracle Identity Governance 12c (12.2.1.3.0) and 12c (12.2.1.4.0), the default session timeout for Identity Self Service and Identity System Administration is 10 minutes.

The default session timeout is set by the following entry in the web.xml file:

<session-config> <session-timeout>10</session-timeout></session-config>

For Identity Self Service: $FMW_HOME/Oracle_IDM1/server/apps/oracle.iam.console.identity.self-service.ear /oracle.iam.console.identity.self-service.war/WEB-INF/web.xml

For Identity System Administration: $FMW_HOME/Oracle_IDM1/server/apps/oracle.iam.console.identity.sysadmin.ear/ora cle.iam.console.identity.sysadmin.war/WEB-INF/web.xml

However, changing the default session timeout value is not supported.

Issue

When you configure the Oracle Identity Governance domain, run the offlineconfig manager.sh script, and start all servers, and then invoke the OIM-SOA integration MBean, the following error is logged in the server logs:

<May 6, 2019 12:50:29,701 AM PDT> <Error> <com.oracle.coherence> <BEA-000000><2019-05-06 00:50:29.701/217214.494 Oracle Coherence GE 12.2.1.4.0 <Error>(thread=Cluster, member=3): Received cluster heartbeat from the seniorMember(Id=1, Timestamp=2019-05-03 12:25:22.783, Address=10.248.121.88:25538,MachineId=42905,Location=site:example.com,machine:slc16oqj,process:30630,member:AdminServer, Role=WeblogicServer) that does not contain this Member(Id=3,Timestamp=2019-05-03 12:30:58.275, Address=10.248.121.88:14080,MachineId=42905,Location=site:example.com,machine:slc16oqj,process:31978,member:oim_server1, Role=WeblogicServer); stopping cluster service.><May 6, 2019 12:50:29,753 AM PDT> <Warning> <Log Management> <BEA-170011><The LogBroadcaster on this server failed to broadcast log messages to theAdministration Server. The Administration Server may not be running. Messagebroadcasts to the Administration Server will be disabled.>

Workaround

Make sure that date and time on the WebLogic host and database host are in sync. After making sure date and time are in sync, invoke oimsoaintegrationmbean again.

Issue

When you start the admin server, soa_server1, and oim_server1 after installing and configuring the Oracle Identity Governance domain, and then log into the Administrative Console and Enterprise Manager, you can find the following stack trace in the Admin Server logs:

[2019-01-28T22:50:03.042-08:00] [AdminServer] [NOTIFICATION] [J2EE JSP-00068][oracle.j2ee.jsp] [tid: [ACTIVE].ExecuteThread: '92' for queue:'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid:8dfa55d0-c5cd-4b02-8a96-7b9106ed0437-00000150,0] [APP: em] [partition-name:DOMAIN] [tenant-name: GLOBAL] [DSID: 0000MYONlm03f5kpGwDCif1SJzSH000002]invalid taglib uri: http://www.w3.org/2001/XMLSchema, unless non taglibnamespace was intended in a JSP document.[2019-01-28T22:50:03.070-08:00] [AdminServer] [NOTIFICATION] [J2EE JSP-00068][oracle.j2ee.jsp] [tid: [ACTIVE].ExecuteThread: '92' for queue:'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid:8dfa55d0-c5cd-4b02-8a96-7b9106ed0437-00000150,0] [APP: em] [partition-name:DOMAIN] [tenant-name: GLOBAL] [DSID: 0000MYONlm03f5kpGwDCif1SJzSH000002]invalid taglib uri: http://www.w3.org/2001/XMLSchema, unless non taglibnamespace was intended in a JSP document.[2019-01-28T22:50:03.274-08:00] [AdminServer] [ERROR] [][org.apache.myfaces.trinidadinternal.menu.MenuContentHandlerImpl] [tid:[ACTIVE].ExecuteThread: '92' for queue: 'weblogic.kernel.Default(self-tuning)'] [userId: weblogic] [ecid:8dfa55d0-c5cd-4b02-8a96-7b9106ed0437-00000150,0] [APP: em] [partition-name:DOMAIN] [tenant-name: GLOBAL] [DSID: 0000MYONlm03f5kpGwDCif1SJzSH000002]Shared Node Model not created for emas_wlsc_envCluster_breadcrumb. Check forthe existence of the corresponding managed bean in your config files.[[java.lang.NullPointerException: Shared Node Model not created foremas_wlsc_envCluster_breadcrumb. Check for the existence of the correspondingmanaged bean in your config files.atorg.apache.myfaces.trinidadinternal.menu.MenuContentHandlerImpl.startElement(MenuContentHandlerImpl.java:353)atcom.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:509)atcom.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(AbstractXMLDocumentParser.java:182)atcom.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:1339)atcom.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2784)atcom.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:602)atcom.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:505)atcom.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:842)atcom.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)atcom.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)atcom.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)atcom.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)at weblogic.xml.jaxp.WebLogicXMLReader.parse(WebLogicXMLReader.java:133)at weblogic.xml.jaxp.RegistryXMLReader.parse(RegistryXMLReader.java:170)at javax.xml.parsers.SAXParser.parse(SAXParser.java:392)at javax.xml.parsers.SAXParser.parse(SAXParser.java:195) 

This error message is benign and does not have any impact on the functionality.

The following error stack is shown in OIM managed server logs:

Jul 17, 2019 12:35:03,548 AM PDT> <Error><oracle.adfinternal.view.page.editor.utils.ReflectionUtility> <WCS-16178><Error instantiating class -oracle.adfdtinternal.view.faces.portlet.PortletDefinitionDTFactory><Jul 17, 2019 12:35:03,584 AM PDT> <Warning><oracle.adfinternal.view.faces.renderkit.rich.NavigationPaneRenderer><BEA-000000> <Warning: There are no items to render for this level><Jul 17, 2019 12:35:19,440 AM PDT> <Error> <oracle.iam.platform.kernel.impl><IAM-0080075> <XML schema validation failed for XML/metadata/iam-features-OIMMigration/EventHandlers.xml : eventhandlers and itwill not be loaded by kernel. ><Jul 17, 2019 12:35:20,261 AM PDT> <Error> <oracle.iam.platform.kernel.impl><IAM-0080075> <XML schema validation failed for XML/metadata/iam-features-sso-integration/event-definition/EventHandlers.xml :eventhandlers and it will not be loaded by kernel. ><Jul 17, 2019 12:35:20,490 AM PDT> <Warning><oracle.iam.platform.kernel.impl> <IAM-0089999> <Kernel Information:

This is a benign error without any functional impact and can be ignored.

The following error is shown in the OIM managed server logs:

"<Aug 7, 2019 5:04:50,334 AM PDT> <Error> <XELLERATE.APIS> <BEA-000000><Class/Method:tcITResourceInstanceOperationsBean/updateWithCredentialStoreData encountersome problems: Parameter User Reservation Container not present incredential store. pls check for svr_key:1>returning the ovd url value :

This is a benign error without any functional impact and can be ignored.

Issue

After you upgrade Oracle Identity Governance 12c (12.2.1.3.0) to 12c (12.2.1.4.0), the User Profile Audit Compression scheduled job does not open in Identity System Administration, and the following error is shown in the server logs:

Caused By: java.lang.NullPointerExceptionatoracle.iam.features.scheduler.agentry.operations.LookupActor.prepare(LookupActor.java:1551)atoracle.iam.consoles.faces.utils.CanonicUtils.prepareOperation(CanonicUtils.java:169)

This is because the User Profile Audit Compression scheduled task is not seeded in MDS after upgrade.

Workaround

To workaround this issue, seed the scheduled task definition in MDS. To do so:

Issue

The Locale list in the My Information page and Modify User page of Identity Self Service are not translated if the browser language is set to any one of the following:

• Arabic (ar)

• Hebrew (he)

• Danish (da)

• Czech (cs)

• Dutch (nl)

• Romanian (ro)

• Slovak (sk)

• Norwegian (no)

• Hungarian (hu)

Issue

When you perform a default search in the Export Configuration page of the Deployment Manager, the search result message is displayed only in English, and is not translated to other languages.

Issue

The following text in the application onboarding pages in Identity Self Service are not translated in German:

• Connector Package: The Connector Package option in the Basic Information page of the Create Application wizard and the Create Authoritative Application wizard

• Schema: The Schema page of the Create Application wizard and the Create Authoritative Application wizard

• Name and Connector Name: The Name and Connector Name options in the search list of the Applications page

• Organization: The Organization tab in the Settings page of the Create Application wizard and the Create Authoritative Application wizard

• Account Name: The Account Name drop down in the Applications page

• Provisioning Field: The Provisioning Field column name in the Schema tab of the Create Application wizard and the Create Authoritative Application wizard

• Action Script: The Action Script buttons in the Applications page

Issue

Under the cart details in the Access Request Catalog, translation to other languages is not available for the following text:

You must click Update or Fulfill to apply any changes made in this section.

Issue

In the Export Configuration page of Oracle Identity System Administration, translation to other languages is not available for some text in the options of the Type drop-down list. The text GTC, IT, JAR, and Plugin are displayed in English.