Unable to enable SAML based SSO using Weblogic 10.3.3

Similar Messages

• Unable to enable in web services using direct cable from my router

  LaserJet Pro printer is working.  Unable to enable in web tab error message: Connection error. Check Internet connection.
  I have internet connection and don't  use proxy server.  I have powered off both printer and router.  Thank you.

  Hello! Could you please provide more information regarding the issue, such as which laserjet you are using? Any additional information will be helpful in resolving your issue. Thanks!
  Help the community by marking this post as a solution if it solved your issue!.
  If my post helped you in any way, please click the blue KUDOS star under my name! It would mean a great deal.

• Unable to start Admin server by using weblogic.admin utility

  Hi,
  I stoped the admin server by using weblogic.admin utility command as bellow.
  java weblogic.Admin -url http://server1:8008 -username adminuser -password weblogic SHUTDOWN myserver
  It stopped successfully. But while starting as below i am getting error. Kindly help me out.
  java weblogic.Admin -url http://172.27.72.70:8008 -username adminuser -password weblogic START myserver
  <Warning> <Net> <BEA-000905> <Could not open connection with host: server1 and port: 8008.>
  Failed to connect to http://172.27.72.70:8008: Destination unreachable; nested exception is:
  java.net.ConnectException: Tried all: '1' addresses, but could not connect over HTTP to server: 'star', port: '8008'; No available router to destination
  Any suggestion is appreciated.
  Thanks,

  Hi,
  Thanks for your reply.
  Yes, Node Manager has configured on Managed Server's host machine.
  So can't we start admin server by using weblogic.admin utility if admin server is stopped?
  Thanks,

• OIM 11gR1 -- SSO using Weblogic negotiateIdentityasserter

  Hello Experts,
  I'm trying to have OIM 11.1.1.5 authenticate its Web-UI using kerberos.
  All the guides I found were based on OAM or third party SSO products.
  I know that the weblogic application server itself provides support for Kerberos based authentication, but I failed to locate a Weblogic Kerberos configuration guide specific to OIM.
  The part I'm missing is about mapping the AD authenticated identity to the OIM repository based identity, assuming the user's login in OIM is the same as its AD login.
  Will appreciate your help and happy new year
  Meni,

  Hi GK Goalla, thank you so much for trying to help me. Really appreaciate you time.
  Yes, I see xelsysadm account in the ldap.
  Just before integrating OIM with OAM (using oimitg.props), xelsysadm was working fine to login into OIM. After integrating, when I try to use weblogic_idm as per the deployment guide, I am not able to login neither into OIM or into OAM.
  All I see is below error messages :
  <Apr 29, 2012 9:59:58 AM EDT> <Error> <OIM Authentication Provider> <BEA-000000> <*oracle.iam.platform.auth.providers.wls.OIMSignatureLoginModule login() Invalid Input username/password*>
  <Apr 29, 2012 5:06:53 PM EDT> <Error> <OIM Authenticator> <BEA-000000> <*User weblogic_idm soft locked*>
  When I try to use xelsysadm, OAM server is throwing below error. This id is no more working.
  <Apr 30, 2012 5:38:49 PM EDT> <Error> <oracle.oam.user.identity.provider> <OAMSSA-20023> <Authentication Failure for user : xelsysadm.>
  Also, I am wondering how weblogic_idm will work for OIM and OAM. I do not understand the logic. I know it belongs to "IDM Administrators" group. but I am not sure just because of this
  OIM and OAM will let us to login with this id.
  thank you again for helping me.
  Edited by: Jyothi on Apr 30, 2012 2:00 PM
  Edited by: Jyothi on Apr 30, 2012 2:18 PM
  Edited by: Jyothi on Apr 30, 2012 2:19 PM
  Edited by: Jyothi on Apr 30, 2012 2:40 PM

• SSO using WebLogic app server and AD as the auth source

  Hi All,
  I am trying to setup SSO on 10gR3 using MS Active Directory as the auth source and WebLogic as the app server.
  Do I have to create a custom SSO or can this setup be configured using the basic SSO and config changes?
  Any help or guidance will be appreciated.
  Cheers
  Bob

  There are many ways. The generic answer is federation via SAML, look at the docs for Oracle Identity Federation.

• Error in Role Based security using weblogic 9

  Hi All,
  Currently I am working with Weblogic Server 9. I am trying to use role based security. Below is the entries for web.xml.
  <security-constraint>
       <web-resource-collection>
            <web-resource-name>Success</web-resource-name>
            <url-pattern>/form.jsp</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
            <role-name>admin</role-name>
       </auth-constraint>
       <user-data-constraint>
  <transport-guarantee>INTEGRAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>myrealm</realm-name>
  </login-config>
  <security-role>
       <role-name>admin</role-name>
  </security-role>
  When I am calling form.jsp from the browser it is asking for the username and password, but after giving the username and password it is showing the followig error:
  Error 403--Forbidden
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.4 403 Forbidden
  The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
  So can any one provide me the solution for the above problem.
  Thanks in advance.
  By,
  Sandip Pradhan

  Here is a blog post for the backend (WebLogic Admin GUI) http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-role.html and a blog post for the web.xml in your project http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-ear.html.

• Unable to invoke ADFBC based ws using client proxy

  Hie
  I created a custom am method and exposed it as a webservice and deployed it to my integrated wls.
  Then i generated the client proxy specifying the wsdl running at localhost.
  now when i am trying to call the service method from client proxy i get following exception. Not sure how to resolve..please advise..
  avax.xml.ws.WebServiceException: java.lang.IllegalArgumentException: prefix ns1 is not bound to a namespace
       at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:144)
       at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:125)
       at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
       at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:136)
       at $Proxy43.storePost(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:84)
       at $Proxy44.storePost(Unknown Source)
       at oracle.apps.crm.smm.view.service.proxy.SmmAMServiceSoapHttpPortClient.main(SmmAMServiceSoapHttpPortClient.java:42)
  Caused by: java.lang.IllegalArgumentException: prefix ns1 is not bound to a namespace
       at com.sun.xml.bind.DatatypeConverterImpl._parseQName(DatatypeConverterImpl.java:388)
       at com.sun.xml.bind.v2.runtime.unmarshaller.XsiTypeLoader.parseXsiType(XsiTypeLoader.java:92)
       at com.sun.xml.bind.v2.runtime.unmarshaller.XsiTypeLoader.startElement(XsiTypeLoader.java:70)
       at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallingContext._startElement(UnmarshallingContext.java:481)
       at com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallingContext.startElement(UnmarshallingContext.java:459)
       at com.sun.xml.bind.v2.runtime.unmarshaller.InterningXmlVisitor.startElement(InterningXmlVisitor.java:71)
       at com.sun.xml.bind.v2.runtime.unmarshaller.SAXConnector.startElement(SAXConnector.java:148)

  Hi Bora,
  I guess that you are having a username/password for directory manager on OUD proxy (let's say cn=proxymgr / proxypwd), and another username/password for directory manager your ODSEE servers (let's say cn=odseemgr / odseepwd).
  When you connect to OUD proxy using cn=proxymgr to perform a search on your backend, OUD proxy creates a connection to the ODSEE backend with the same credentials (because the proxy is configured in use-client-identity mode), i.e. cn=proxymgr / proxypwd. If this user does not exist on ODSEE (or has the same name with a different password), you get an error 49.
  To avoid this issue, OUD proxy offers configuration parameters in the proxy-workflow-element: the exclude-list and remote-ldap-server-bind-dn / remote-ldap-server-bind-password. You have to add cn=proxymgr to the exclude-list, and set remote-ldap-server-bind-dn to cn=odseemgr, remote-ldap-server-bind-password to odseepwd.
  This way, when connecting with cn=proxymgr, the proxy will know that he should not use the client credentials, but rather cn=odseemgr when discussing with ODSEE backend.
  This concept is explained in OUD admin guide, Configuring the Bind Mode.
  HTH,
  Flo.

• Web Server Filter Based SSO to Non-SAP Apps

  Hi,
  I am following SAP Note 442401 for configuring the Non-SAP App for Web Server Filter based SSO using SAP Logon Ticket. Also, I have downloaded the 5_0_2_8.zip file.
  The Readme doc of this zip file says:
  "<b>Changes in Web server filter plugins
  The Web server filter plug ins and the Ticket Toolkit now were separated.
  See subdirectories for further information:
  "C"          the Ticket Toolkit
  "filter"     the Web server filter plug ins
  This is the last released version (5.0.2.8) on SAPSERV.
  Pleaser refer for newer versions to SAP Service Marketplace (http://service.sap.com/patches)
  Technology Components-> SAP SSOEXT -> SAP SSOEXT</b>"
  Zip file has two folders named "C" and "filter".
  "C" folder has cpp code to varify the ticket.
  "Filter" folder has DLLs for the different web servers.
  So far so good . Now, what I want to know is that is placing the  DLL from the Filter folder onto the respective web server and doing some configs, as per the PDF provided with ZIP file, enough?
  Or do I need to do anything else, like writing any class to read and validate the Ticket?
  Thanks,
  Vivek

  See Web Server Filter Based SSO to Non-SAP Apps

• Problem in configuring SSO using SAML for applications hosted on diff m/c

  Hi Techies,
  I am stuck in a weird problem for past month or so without any resolution. Not much help by googling. So I hope i get the answer from the mouth of the horses -
  I am trying to use SSO using the sample application appA and appB as stated in the tutorial of SSO by BEA.
  I am summarizing the problem below -
  Steps followed for Configuring SSO using SAML
  1. Created 2 domains on 2 seperate machines namely domainA and domainB
  2. Source appliction is deployed on domainA and the target application is deployed on domaninB
  The steps mentioned in the following tutorial has been followed-
  http://dev2dev.bea.com/pub/a/2006/12/sso-with-saml.html
  3. As mentioned in the tutorial the certificate is generated using keytool utility. The same certificate is copied
  to WEBLOGIC_HOME/server/lib of destination machine.
  4. The certificate was successfully registered on desitnation or host 2 but while activating the configuration
  changes(SSL client Ientity Alias and SSL Client Identity Pass Phrase) for Federation services the following error
  is thrown -
  " SAMLBeanUpdateListener: SAMLKeyManager.prepareUpdate() failed with exception:
  weblogic.descriptor.BeanUpdateRejectedException: SAML key Manage failed to validate key (SSL Client) configuration
  in the FederationServicesMBean, key alias: testalias "
  The interesting bit of the problem is that the same configuration works on 2 domains created on same machine. The
  problem only occurs when domains are created on seperate machines.
  Alterative to the problem: when the certificate is generated seperately for domainB and copied to
  WEBLOGIC_HOME/server/lib, it works. However, the certificate generated in domainA should have been copied.
  Note: I am using Weblogic portal 9.2.1
  Any quick replies will be much appreciated. Thanks.
  Edited by saurabh.agrawal at 02/06/2008 2:01 PM

  Hi François,
  You are right about the use of the NameID format. But the issue here is/was that OIF at SP is integrated with OAM, and the authenticated user at OIF-SP and OAM will be the Anonymous user rather than the user who was identified at the IdP even though the remaining attributes sent are for the IdP user. I think these attributes can be used by with OAM for authorization using custom authorization plug-ins but haven't tried that one out.
  As for the attribute sharing profile, it's this one - http://www.oasis-open.org/committees/download.php/18058/sstc-saml-x509-authn-attrib-profile-cd-02.pdf, although for the life of me, I cannot remember why I suggested this in the first place!
  -Vinod

• Enabling SSO with Weblogic Server

  Hi,
  Can someone please forward some documention on enabling SSO with Weblogic server for different applications using the admin console.
  Is enabling SSO only possible programmatically??
  Is there an external server amongst the Weblogic Platform that maintains this SSO information??
  Regards,
  Mukta

  Pradeep,
  Here are some questions for you.
  1. what version of Weblogic App Server you are using?
  2. Is it a weblogic Portal or a Java application deployed
     on a Weblogic App Server?
  3. You have mentioned that the users are stored in a table. Is it a database table ?
  Anyway see the following link as a starting point?
  http://e-docs.bea.com/wls/docs81/jconnector/security.html#1216783
  If the customer has lot of other web applications that they want to integrate you can look at third party authentication solutions (Ex: Siteminder). But if it is a few or limited applications then custom solution would be more appropriate from the cost perspective.
  Hope this can be a starting point.
  -Regards
  -Venkat Malempati

• SSO using SAML2 in WebLogic Server 10.3 not working

  Dear all,
  I have tried all possible configuration to configure SSO but with no hope :(
  My requirement is to configure SSO using SAML2, weblogic 10.3 and 1 domain.
  I followed the following links in my configuration:
  1- http://biemond.blogspot.com/2009/09/sso-with-weblogic-1031-and-saml2.html
  2- http://blogbypuneeth.wordpress.com/2011/01/15/steps-to-configure-saml-2-on-weblogic-server-10-3-0/
  Please if anyone can send me any other tutorial or working sample application as maybe i am configuring the web/weblogic xmls in a wrong way
  Appreciate any help

  Hi,
  This is how my web.xml looks like :
       <display-name>SAML Destination Site Application</display-name>
       <welcome-file-list>
            <welcome-file>index.jsp</welcome-file>
       </welcome-file-list>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>SecurePages</web-resource-name>
                 <description>These pages are only accessible by authorized users.</description>
  <url-pattern>samldest01App/restricted01/*</url-pattern>
  <http-method>GET</http-method>
            </web-resource-collection>
            <auth-constraint>
                 <description>These are the roles who have access.</description>
                 <role-name>SamlUser</role-name>
            </auth-constraint>
            <user-data-constraint>
                 <description>This is how the user data must be transmitted.</description>
                 <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>myrealm</realm-name>
       </login-config>
       <security-role>
            <description>These are the roles who have access.</description>
            <role-name>SamlUser</role-name>
       </security-role>
  </web-app>
  weblogic.xml :
  <?xml version='1.0' encoding='UTF-8'?>
  <weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <security-role-assignment>
            <role-name>SamlUser</role-name>
            <principal-name>SAML_SSO_GRP</principal-name>          
       </security-role-assignment>
       <context-root>/samldest01App</context-root>
  </weblogic-web-app>

• SAML generation using weblogic

  Hi,
  I am using weblogic as an Identity Provider and Oracle Identity federation (OIF) as a service Provider. The federation will be IDP(weblogic) initiated.
  I have configured both the sides , published and exchanged metadata .
  Is any out of box feature of weblogic there by which we can use SAML after configuration only or we need to write a separate java code in order to create login page and using the entire configuration which I made in weblogic. (Will any application need to be deployped in weblogic?).
  What URL I need to hit for SAML if there is out of box feature in weblogic for using SAML(after configuring everything in weblogic).
  Thanks
  Piyush

  Maybe the example given here can help you out: http://biemond.blogspot.com/2009/05/sso-with-weblogic-103-and-saml.html and http://docs.oracle.com/cd/E21764_01/web.1111/e13707/saml.htm#i1112531
  and the whitepaper (tutorial) that is referenced in the latter: http://www.oracle.com/technetwork/articles/entarch/sso-with-saml-099684.html

• Unable to login using weblogic in sample tutorial page

  I am trying to login using "weblogic" and "weblogic1" credentials to the tutorial page at http://docs.oracle.com/cd/E23943_01/webcenter.1111/e10273/createapp.htm
  But after I click the link "login", nothing is happening. I mean no response is coming and progress bar shows still waiting. Neither its saying invalid credentials.
  But using the same credentials I am able to successfully login into the console page at http://127.0.0.1:7101/console
  I even tried to delete the DefaultDomain and started Integrated Weblogic server and it again automatically created the domain. But still same problem exists.
  Please let me know. Thanks.

  Hi,
  You need to run the setup once to register the administrator user for discussion server. Open /Oracle/Middleware/user_projects/domains/yourdomain/config/fmwconfig/servers/WC_Collaboration1/owc_discussions/jive_startup.xml file and change "true" to "false"
  <jive>
  <!-- When setup is false, you can access the setup tool. -->
  <setup>true</setup> // Change it to false
  <!-- Database settings -->
  <database>
  Now access the http://host:port/owc_discussions/admin/setup and make the configuration and on last step specify weblogic or any other user as admin. Then you will be able to access it.
  Thanks

• Unable to record Flex based Windows application using LR Vugen 12

  Hi,  I am facing issue with LR Vugen 12.0.2 version. when I try to record one  windows based application using flex protocol it does not get launched instead it is shown in  : Task manager process list. I can launch the same application manually and also I have admin privilege for the LR. The application I used to record with 11.52 sometime but with LR 12 I am not. Using : Prorocol: FlexRecording mode: WinInet  Thanks

  Hi
  Every thing was working fine till today and i just found out that the network guys has updated the Windows security and also the Service Pack on the Server and i think this is causing the whole issue.now my Question is that if i uninstall all the security updates and the SP2 will the issue be solved.
  also i need one confirmation that the Windows OS we need SP1 instead of SP2 please re-confirm this.
  Thanks
  Aleem

• Unable to start admin server service for weblogic (startWebLogic.sh) Linux

  I installed ECM 11g on Linux 64-bit , installed weblogic 12
  so when I try to start admin server service for weblogic (startWebLogic.sh) and following error its showing
  I found solution to give full access permeation for the user , but it's still same issue
  and i am triyng to start services from the users how installed the Weblogic and ECM
  bash-4.1$ '/home/ecm/Oracle/Middleware/user_projects/domains/ecm_domain/startWebLogic.sh' .
  JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m
  WLS Start Mode=Development
  CLASSPATH=/home/ecm/Oracle/Middleware/oracle_common/modules/oracle.jdbc_11.1.1/ojdbc6dms.jar:/home/ecm/Oracle/Middleware/patch_wls1211/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/home/ecm/Oracle/Middleware/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/usr/lib/jvm/jdk1.6.0_33/lib/tools.jar:/home/ecm/Oracle/Middleware/wlserver_12.1/server/lib/weblogic_sp.jar:/home/ecm/Oracle/Middleware/wlserver_12.1/server/lib/weblogic.jar:/home/ecm/Oracle/Middleware/modules/features/weblogic.server.modules_12.1.1.0.jar:/home/ecm/Oracle/Middleware/wlserver_12.1/server/lib/webservices.jar:/home/ecm/Oracle/Middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/home/ecm/Oracle/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:/home/ecm/Oracle/Middleware/oracle_common/soa/modules/commons-cli-1.1.jar:/home/ecm/Oracle/Middleware/oracle_common/soa/modules/oracle.soa.mgmt_11.1.1/soa-infra-mgmt.jar:/home/ecm/Oracle/Middleware/oracle_common/modules/oracle.jrf_11.1.1/jrf.jar:/home/ecm/Oracle/Middleware/wlserver_12.1/common/derby/lib/derbyclient.jar:/home/ecm/Oracle/Middleware/wlserver_12.1/server/lib/xqrl.jar:/home/ecm/Oracle/Middleware/Oracle_ECM1/ucm/idc/jlib/idcloader.jar:/home/ecm/Oracle/Middleware/Oracle_ECM1/ucm/idc/components/NativeOsUtils/classes-NativeOsUtils.jar
  PATH=/home/ecm/Oracle/Middleware/wlserver_12.1/server/bin:/home/ecm/Oracle/Middleware/modules/org.apache.ant_1.7.1/bin:/usr/lib/jvm/jdk1.6.0_33/jre/bin:/usr/lib/jvm/jdk1.6.0_33/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/ecm/bin
  * To start WebLogic Server, use a username and *
  * password assigned to an admin-level user. For *
  * server administration, use the WebLogic Server *
  * console at http://hostname:port/console *
  starting weblogic with Java version:
  java version "1.6.0_33"
  Java(TM) SE Runtime Environment (build 1.6.0_33-b04)
  Java HotSpot(TM) 64-Bit Server VM (build 20.8-b03, mixed mode)
  Starting WLS with line:
  /usr/lib/jvm/jdk1.6.0_33/bin/java -client -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m -Dweblogic.Name=AdminServer -Djava.security.policy=/home/ecm/Oracle/Middleware/wlserver_12.1/server/lib/weblogic.policy -Xverify:none -Djava.endorsed.dirs=/usr/lib/jvm/jdk1.6.0_33/jre/lib/endorsed:/home/ecm/Oracle/Middleware/wlserver_12.1/endorsed -da -Dplatform.home=/home/ecm/Oracle/Middleware/wlserver_12.1 -Dwls.home=/home/ecm/Oracle/Middleware/wlserver_12.1/server -Dweblogic.home=/home/ecm/Oracle/Middleware/wlserver_12.1/server -Dcommon.components.home=/home/ecm/Oracle/Middleware/oracle_common -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=/home/ecm/Oracle/Middleware/user_projects/domains/ecm_domain -Djrockit.optfile=/home/ecm/Oracle/Middleware/oracle_common/modules/oracle.jrf_11.1.1/jrocket_optfile.txt -Doracle.server.config.dir=/home/ecm/Oracle/Middleware/user_projects/domains/ecm_domain/config/fmwconfig/servers/AdminServer -Doracle.domain.config.dir=/home/ecm/Oracle/Middleware/user_projects/domains/ecm_domain/config/fmwconfig -Digf.arisidbeans.carmlloc=/home/ecm/Oracle/Middleware/user_projects/domains/ecm_domain/config/fmwconfig/carml -Digf.arisidstack.home=/home/ecm/Oracle/Middleware/user_projects/domains/ecm_domain/config/fmwconfig/arisidprovider -Doracle.security.jps.config=/home/ecm/Oracle/Middleware/user_projects/domains/ecm_domain/config/fmwconfig/jps-config.xml -Doracle.deployed.app.dir=/home/ecm/Oracle/Middleware/user_projects/domains/ecm_domain/servers/AdminServer/tmp/_WL_user -Doracle.deployed.app.ext=/- -Dweblogic.alternateTypesDirectory=/home/ecm/Oracle/Middleware/oracle_common/modules/oracle.ossoiap_11.1.1,/home/ecm/Oracle/Middleware/oracle_common/modules/oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.jdbc.remoteEnabled=false -Dipm.oracle.home=/home/ecm/Oracle/Middleware/Oracle_ECM1 -Ducm.oracle.home=/home/ecm/Oracle/Middleware/Oracle_ECM1 -Dem.oracle.home=/home/ecm/Oracle/Middleware/oracle_common -Djava.awt.headless=true -Dweblogic.management.discover=true -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=/home/ecm/Oracle/Middleware/patch_wls1211/profiles/default/sysext_manifest_classpath:/home/ecm/Oracle/Middleware/patch_ocp371/profiles/default/sysext_manifest_classpath weblogic.Server
  <Sep 12, 2012 12:08:02 PM EEST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
  <Sep 12, 2012 12:08:03 PM EEST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
  <Sep 12, 2012 12:08:03 PM EEST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) 64-Bit Server VM Version 20.8-b03 from Sun Microsystems Inc..>
  <Sep 12, 2012 12:08:04 PM EEST> <Info> <Management> <BEA-141107> <Version: WebLogic Server Temporary Patch for 13340309 Thu Feb 16 18:30:21 IST 2012
  WebLogic Server Temporary Patch for 13019800 Mon Jan 16 16:53:54 IST 2012
  WebLogic Server Temporary Patch for BUG13391585 Thu Feb 02 10:18:36 IST 2012
  WebLogic Server Temporary Patch for 13516712 Mon Jan 30 15:09:33 IST 2012
  WebLogic Server Temporary Patch for BUG13641115 Tue Jan 31 11:19:13 IST 2012
  WebLogic Server Temporary Patch for BUG13603813 Wed Feb 15 19:34:13 IST 2012
  WebLogic Server Temporary Patch for 13424251 Mon Jan 30 14:32:34 IST 2012
  WebLogic Server Temporary Patch for 13361720 Mon Jan 30 15:24:05 IST 2012
  WebLogic Server Temporary Patch for BUG13421471 Wed Feb 01 11:24:18 IST 2012
  WebLogic Server Temporary Patch for BUG13657792 Thu Feb 23 12:57:33 IST 2012
  WebLogic Server 12.1.1.0 Wed Dec 7 08:40:57 PST 2011 1445491 >
  <Sep 12, 2012 12:08:06 PM EEST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING.>
  <Sep 12, 2012 12:08:06 PM EEST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool.>
  <Sep 12, 2012 12:08:06 PM EEST> <Notice> <LoggingService> <BEA-320400> <The log file /home/ecm/Oracle/Middleware/user_projects/domains/ecm_domain/servers/AdminServer/logs/AdminServer.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms, such as Windows.>
  <Sep 12, 2012 12:08:06 PM EEST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to /home/ecm/Oracle/Middleware/user_projects/domains/ecm_domain/servers/AdminServer/logs/AdminServer.log00009. Log messages will continue to be logged in /home/ecm/Oracle/Middleware/user_projects/domains/ecm_domain/servers/AdminServer/logs/AdminServer.log.>
  <Sep 12, 2012 12:08:06 PM EEST> <Notice> <Log Management> <BEA-170019> <The server log file /home/ecm/Oracle/Middleware/user_projects/domains/ecm_domain/servers/AdminServer/logs/AdminServer.log is opened. All server side log events will be written to this file.>
  Sep 12, 2012 12:08:09 PM oracle.security.jps.internal.keystore.file.FileKeyStoreManager openKeyStore
  WARNING: Opening of file based keystore failed.
  <Sep 12, 2012 12:08:09 PM EEST> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06514: Opening of file based keystore failed.>
  <Sep 12, 2012 12:08:09 PM EEST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06514: Opening of file based keystore failed.
  weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06514: Opening of file based keystore failed.
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
       at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
       at weblogic.security.SecurityService.start(SecurityService.java:148)
       at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
       Truncated. see log file for complete stacktrace
  Caused By: oracle.security.jps.JpsRuntimeException: JPS-06514: Opening of file based keystore failed.
       at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:167)
       at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:369)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
       at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
       Truncated. see log file for complete stacktrace
  Caused By: oracle.security.jps.JpsException: JPS-06514: Opening of file based keystore failed.
       at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2855)
       at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3097)
       at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:164)
       at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:369)
       at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
       Truncated. see log file for complete stacktrace
  Caused By: oracle.security.jps.service.keystore.KeyStoreServiceException: JPS-06514: Opening of file based keystore failed.
       at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.openKeyStore(FileKeyStoreManager.java:374)
       at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.doInit(FileKeyStoreServiceImpl.java:104)
       at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:76)
       at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:66)
       at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:157)
       Truncated. see log file for complete stacktrace
  >
  <Sep 12, 2012 12:08:09 PM EEST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED.>
  <Sep 12, 2012 12:08:09 PM EEST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down.>
  <Sep 12, 2012 12:08:09 PM EEST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN.>
  bash-4.1$

  Looks to be a cert or keystore issue. How do you have that setup?