This discussion is archived
7 Replies Latest reply: May 13, 2013 2:04 AM by metalray RSS

Enterprise Manager BI application roles and login problem.

metalray Newbie
Currently Being Moderated
Hello,

When I add a new LDAP group/role to the BIAdministrator role
in the Enterprise Manager (Business Intelligence) do I
then need to restart web logic each time?

I added the user, its group and even the whole authenticated-role
to the BIAdministrator role but I still cant login.
Why is that?

Have a nice weekend ahead.
  • 1. Re: Enterprise Manager BI application roles and login problem.
    metalray Newbie
    Currently Being Moderated
    the log says "OBI-SEC-00015" unable to find user in identity store.
    I read the following on a blog regarding this error.
    "Make the BISystemUser password in your default authenticator the same password as BISystemUser in your OID authenticator"
    I dont have any user that is named the same in the LDAP as well as in the DefaultAuthenticationProvider :/
  • 2. Re: Enterprise Manager BI application roles and login problem.
    metalray Newbie
    Currently Being Moderated
    Name:user.login.attr value: cn
    Name:username.attr value: cn
    Name:virtualize value: true

    When I added those, the BI Admin server did not start anymore but
    presented me the error:

    JPS-02597: You configured a custom Authentication Provider or WLS generic LDAPAuthenticator, which the li
    bOvd can not recognize. Supply the idstore.type property in jps-config.xml file, or use a specific WLS LDAP Authentication provider that matches your LDAP server instead of a generic one.>

    now, I wonder why those three attribute stop the whole admin
    server to start.????

    Edited by: metalray on 27.04.2013 06:08
  • 3. Re: Enterprise Manager BI application roles and login problem.
    metalray Newbie
    Currently Being Moderated
    Hi,
    I isolated the problem.
    Its the virtualize value: true that causes
    the error and the server to not start anymore.
    Why is that?
  • 4. Re: Enterprise Manager BI application roles and login problem.
    metalray Newbie
    Currently Being Moderated
    The problem was the following:

    I had "OracleVirtualDirectory" instead of "OracleInternetDirectory" selected in the provider creation
    phase.

    Now I have a different problem:

    Failure in WS-Policy Execution due to exception.
    ...
    Caused by: javax.security.auth.login.LoginException: [Security:090304]Authentication Failed: User BISystemUser javax.security.auth.login.FailedLoginException: [Security:090302]*Authentication Failed: User BISystemUser denied* ..
    An error occurred for port: {http://oracle/bi/security/}SecurityServicePort: oracle.fabric.common.PolicyEnforcementException: FailedAuthentication : The security token cannot be authenticated..
    ..

    I got the user.login.attr, username.attr and virtualize=true. I see ALL the ldap user and
    groups in web logic (mysecurityrealm->user and groups). The BISystemUser can log into weblogic , so I dont think the user is "corrupted" or something.

    I checked that the BISystemUser passwords are the same:
    1) in WLS Console / Home >Summary of Security Realms > myrealm > Users and Groups > BISystemUser
    And
    2) in em, weblogic domain > bifoundation_domain > Security > Credentials > oracle.bi.system � system.user
  • 5. Re: Enterprise Manager BI application roles and login problem.
    metalray Newbie
    Currently Being Moderated
    I read the following
    "..If this is already set to the same setting may be there is an issue with the BISystemUser itself try creating this system user again and see if it works. This BISystemUser should also exist in your LDAP as a user capable of searching for users and groups."
    This is not the case in my LDAP. I dont create technical users. Is that really necessary?
    After all, I have provided the LDAP login details in the web logic ldap provider configuration and
    those should be used to access the ldap, not BISystemUser.
  • 6. Re: Enterprise Manager BI application roles and login problem.
    metalray Newbie
    Currently Being Moderated
    altough BISystemUser was part of the DefaultAuthentication provider (and the documentation* says
    having a system user in one provider is enough) I deleted it and created a new trusted user, this
    time an existing user in the custom LDAP provider.

    that did not work either, I still get the same error even mentioning BI system user, but I deleted BI
    system user...crazy.


    *
    http://docs.oracle.com/cd/E21764_01/bi.1111/e10543/privileges.htm#BABDCJBH
    3.2.6 Configuring a New Trusted User (BISystemUser)
  • 7. Re: Enterprise Manager BI application roles and login problem.
    metalray Newbie
    Currently Being Moderated
    the problem was the missing attribute PROPERTY_ATTRIBUTE_MAPPING | GUID=ourGuid
    in the enterprise manager provider settings.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points