Passed Oracle Mobile Security Suite 11g Essentials Exam

I am glad to share that I passed the Oracle Mobile Security Suite(OMSS) 11g Essentials Exam. OMSS leverages the technology acquired from the acquisition of Bitzer Mobile. It's a new Mobile Application Management(MAM) solution that comes with many cool features like App Containerization and simplify enterprise mobility. This is going to address BYOD(Bring your own device) initiative that many corporate started following and many more to join.

When I started preparing for exam, I didn't find much documentation other than the Oracle documents. To pass in the exam, just going through the Oracle documentation is enough. Most of the questions are straight forward and directly from the documents. Unlike Oracle other exams, none of the questions asked based on real implementation experience.

Some Useful Links -

OMSS Documentation - http://docs.oracle.com/cd/E52357_01/index.htm
Oracle Webcast - http://medianetwork.oracle.com/video/player/3442504861001
Blogs - http://ptotech.blogspot.com/2014/05/oracle-mobile-and-security-suite-omss.html

Weblogic Security Exception : Invalid Subject Principals

If you are seeing "Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals" error in weblogic server logs on RMI invocation of EJB(deployed on different Weblogic domain), this means the issue is in domain trust security settings.

Stack trace

Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals
at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:833)
at weblogic.security.service.SecurityServiceManager.getSealedSubjectFromWire(SecurityServiceManager.java:522)
at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:352)
at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:953)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:351)

To solve the above issues, enable trust between multiple Weblogic Server Domains and specify same credential in both the weblogic server domains. It can be fixed by -

• Enabling Cross Domain Security between Weblogic Server Domains
• Enabling Global Trust

I fixed it by enabling global trust between the weblogic server domains. By default, domain credentials are randomly generated and no two domains will have the same Domain credential. So, replace the generated credential and specify the same domain credential for each of the domains. In this way, identity is passed between WLS domains over an RMI connection without requiring authentication in the second domain.

Note: Don't confuse Domain credential with the credential for login to WLS console

Configuration Steps 

1. Log in to WLS console and click on Lock and Edit (top left pane)

2. In the left pane click on Domain name.

3. Select Security > General on the center pane. Click Advanced link.

4. Enter password in Credential and Confirm Credential fields.

5. Click on Activate Changes in the top left pane.