Security Software

Hey guys,

Could you please suggest what to check for my issue?

I'm doing some labs on OAM (ps3, no OIM, ID store is in OUD), and it has webgate configured with DCC with password policy. Authentication works fine, account lock works fine as well. But when I set a flag in OUD for an account to change its password, DCC displays password change page, but on submit it fails with the following error (Oracle Access Manager Error Unable to process the request due to unexpected error.)

I checked oblog.log and it has following lines for the password change request. It's definitely an indication of the problem. I just have no clue how to proceed in debugging from this point

2016/05/15@17:37:23.63154       4853    4878    ACCESS_GATE     WARNING 0x0000151E      /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/redirect.cpp:2110      ecid^005CiJpvzd1Fw00Fzzx0g00001BQ000005 rid^0   "Invalid authn token, OAMAuthnCookie, or DCCCtxCookie"  pszMap^salt=WqFNU/MAtkRRLDr/HkZdiA== wh=webgate_2 wu=%252Findex.html wo=1 rh=http://identity.oracleads.com:7778 ru=%252Findex.html if=1 svrhandle= affn=false validate=DzFBhB6btbDVob0dVKgbNA== crmethod=0 svrctx=EA6 .... <skipped for brevity> .....2DE7      validate^DzFBhB6btbDVob0dVKgbNA==       calcHash^4b+lqI3PdNi8vaQSSdS7KQ==       _criterion^MAC Hash    

2016/05/15@17:37:23.63173       4853    4878    ACCESS_GATE     ERROR   0x00001531      /ade/aime_ngamac_110154/ngamac/src/palantir/webgate2/src/redirect.cpp:1720      ecid^005CiJpvzd1Fw00Fzzx0g00001BQ000005 rid^0   "The obrareq.cgi, obrar.cgi, DCCCtxCookie, logout redirect message, or any other encrypted string has failed integrity check."  HTTPStatus^400  reqInfo.GetRequestUrl()^/oam/server/auth_cred_submit   

2016/05/15@17:37:23.65379       4853    4878    WEB     ERROR   0x0000151F      /ade/aime_ngamac_110154/ngamac/src/palantir/commonlib/src/apache2_req_info.cpp:285      ecid^005CiJpvzd1Fw00Fzzx0g00001BQ000005 rid^0   "WebGate Error Report"  Message^Unable to process the request due to unexpected error.  ReqReq^POST /oam/server/auth_cred_submit HTTP/1.1       ReqProto^HTTP/1.1       ReqHost^identity.oracleads.com  ReqStatLine^    ReqStatus^200   ReqRawUri^/oam/server/auth_cred_submit  ReqUri^/oam/server/auth_cred_submit     ReqFilename^/app/Middleware/Oracle_WT1/instances/instance2/config/OHS/ohs1/htdocs/oam   ReqPath^/server/auth_cred_submit        ReqArgs^       

ohs.log contains the following

[2016-05-15T10:37:23.6341-07:00] [OHS] [ERROR:32] [OHS-9999] [core.c] [client_id: 192.168.56.101] [host_id: identity.oracleads.com] [host_addr: 192.168.56.101] [tid: 1083734336] [user: oracle] [ecid: 005CiJpvzd1Fw00Fzzx0g00001BQ000005] [rid: 0] [VirtualHost: main]  Unable to process the request due to unexpected error., referer: http://identity.oracleads.com:7778/oamsso-bin/login.pl?type=PSWDMUSTCHANGE&ruleDesc=PSWD-21%7E%7EPSWD-1%3A%3A1%7E%7EPSWD-6%3A%3A1%7E%7EPSWD-18%7E%7EPSWD-19%7E%7E&mayChange=false&alreadyChallenged=false

and finally oam-diagnostic contains

[2016-05-15T10:37:07.976-07:00] [oam_server] [NOTIFICATION] [] [oracle.oam.pswd.service.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 024170c1c59452c4:-4efa23da:154b5715355:-8000-0000000000000546,0] [APP: oam_server#11.1.2.0.0] User pswd plugin status result: User: JKRAUSE, idstore OUDStore1, outcome : PAUSE

Can't figure out what to check else. Any ideas are appreciated.

TIA,

Philipp