LDAP issue — Oracle Analytics

Oracle Analytics Cloud and Server

Home Oracle Analytics Oracle Analytics Forums Oracle Analytics Cloud and Server Oracle Analytics Cloud and Server

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

LDAP issue

Received Response
2
Views
1
Comments
vai
vai Rank 4 - Community Specialist
edited Aug 13, 2024 7:05PM in Oracle Analytics Cloud and Server

I have a RPD where LDAP is configured, when i deploy the RPD, all the services are UP, i am able to open EM & Console, but i am not able open the analytics page.

I tried deploying Sampleapplite rpd, but still i am facing same issue.

Below are the log details of bi_server, not able to figure out what's wrong. itried googling the error, but didnt find any solution.

Can anyone please help me in resolving the same.

BIserver_1 logs:

Caused by: oracle.wsm.security.SecurityException: WSM-00008 : Web service authentication failed.

  at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:242)

  at oracle.wsm.security.jps.JpsManager.basicAuthenticate(JpsManager.java:319)

  at oracle.wsm.security.policy.scenario.executor.WssUsernameTokenScenarioExecutor.receiveRequest(WssUsernameTokenScenarioExecutor.java:159)

  ... 51 more

Caused by: javax.security.auth.login.LoginException: [Security:090304]Authentication Failed: User BISystemUser javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User BISystemUser denied

  at oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule.login(JpsUserAuthenticationLoginModule.java:71)

  at sun.reflect.GeneratedMethodAccessor414.invoke(Unknown Source)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

  at java.lang.reflect.Method.invoke(Method.java:606)

  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)

  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)

  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)

  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)

  at java.security.AccessController.doPrivileged(Native Method)

  at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)

  at javax.security.auth.login.LoginContext.login(LoginContext.java:595)

  at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:234)

  ... 53 more

Caused by: oracle.security.jps.internal.jaas.module.AuthenticationException: [Security:090304]Authentication Failed: User BISystemUser javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User BISystemUser denied

  at oracle.security.jps.wls.jaas.module.authentication.WlsUserAuthenticator.authenticate(WlsUserAuthenticator.java:64)

  at oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule.login(JpsUserAuthenticationLoginModule.java:62)

  ... 64 more

Caused by: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User BISystemUser javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User BISystemUser denied

  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)

  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)

  at java.security.AccessController.doPrivileged(Native Method)

  at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)

  at sun.reflect.GeneratedMethodAccessor409.invoke(Unknown Source)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

  at java.lang.reflect.Method.invoke(Method.java:606)

  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)

  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)

  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)

  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)

  at java.security.AccessController.doPrivileged(Native Method)

  at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)

  at javax.security.auth.login.LoginContext.login(LoginContext.java:595)

  at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)

  at sun.reflect.GeneratedMethodAccessor407.invoke(Unknown Source)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

  at java.lang.reflect.Method.invoke(Method.java:606)

  at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)

  at com.sun.proxy.$Proxy34.login(Unknown Source)

  at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)

  at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)

  at sun.reflect.GeneratedMethodAccessor411.invoke(Unknown Source)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

  at java.lang.reflect.Method.invoke(Method.java:606)

  at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)

  at com.sun.proxy.$Proxy52.authenticate(Unknown Source)

  at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)

  at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:338)

  at weblogic.security.services.Authentication.doLogin(Authentication.java:133)

  at weblogic.security.services.Authentication.login(Authentication.java:74)

  at weblogic.security.services.Authentication.login(Authentication.java:51)

  at oracle.security.jps.wls.jaas.module.authentication.WlsUserAuthenticator.authenticate(WlsUserAuthenticator.java:59)

  ... 65 more

]]

[2016-03-14T10:31:16.125+05:30] [bi_server1] [ERROR] [OWS-04115] [oracle.webservices.service] [tid: [ACTIVE].ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000LDnTkmN7q215zvWByW1Mt^AR000006,0:106] [APP: OracleRTD#11.1.1] An error occurred for port: {http://www.sigmadynamics.com/schema/services/RpcService}RpcPort: oracle.fabric.common.PolicyEnforcementException: FailedAuthentication : The security token cannot be authenticated..

[2016-03-14T10:31:16.128+05:30] [bi_server1] [ERROR] [WSM-00279] [oracle.wsm.resources.security] [tid: RTD_Worker_1] [userId: <anonymous>] [ecid: 0000LDnTkmN7q215zvWByW1Mt^AR000006,0] [APP: OracleRTD#11.1.1] [WSM_POLICY_NAME: oracle/wss_username_token_client_policy] The following Fault Message is received at the client side from the service:- [[

FailedAuthentication : The security token cannot be authenticated..

The client side policy is:-

oracle/wss_username_token_client_policy.

The service endpoint url is:-

http://10.10.10.10:9704/ws/rpc.

Keystore properties:-

{}.

Properties found in the message context (Partial list):-

{javax.xml.ws.security.auth.username=BISystemUser, javax.xml.rpc.security.auth.username=BISystemUser}.

PolicyReference OverrideProperty:

[]

Policy configuration properties (some of these may be overridden by the properties passed in the PolicyReference or message context, for details about the order of precedence of properties consult documentation):-

{csf-key=basic.credentials, role=ultimateReceiver}.

Other related information:-

{oracle.integration.platform.common.subject=Subject: NULL

}.

]]

[2016-03-14T10:31:16.130+05:30] [bi_server1] [ERROR] [] [oracle.webservices.jaxws] [tid: RTD_Worker_1] [userId: <anonymous>] [ecid: 0000LDnTkmN7q215zvWByW1Mt^AR000006,0] [APP: OracleRTD#11.1.1] Error while invoking endpoint "http://10.10.10.10:9704/ws/rpc" from client; Client side policies: [oracle/wss_username_token_client_policy]

Answers

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner 
    vai wrote:

[Security:090302]Authentication Failed: User BISystemUser denied

    ^... that's the core bit you should be worried about. And if you just google this you'll quickly see that you'll have to go back a bit in order to solve this. From the documentation:

    You must ensure that the OracleSystemUser is a member of the OracleSystemGroup group in your identity store and that the group has the WebLogic global role OracleSystemRole assigned to it. For more information, see Steps 3-6 in Section 3.4.7.1, "Configuring Oracle Internet Directory LDAP Authentication as the Only Authenticator" (these steps still apply for other LDAP servers):
Alternately, if the problem is that the OracleSystemUser account cannot not be authenticated or does not exist (for example, because you migrated to an LDAP identity store and removed DefaultAuthenticator without creating a new OracleSystemUser account in your new identity store), you see a log entry like this:
Caused by: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User OracleSystemUser javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User OracleSystemUser denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
This error message can be caused by several different issues:

 You have removed the DefaultAuthenticator and not created an account named OracleSystemUser in the new identity store you are using instead. 
 You have misconfigured the authenticator for your new identity store such that the OracleSystemUser account cannot be found. 
 The OracleSystemUser account has been locked or disabled in some way on your LDAP server.

    So basically: How was the system set up in terms of security - and I mean proper security, not any 10g-legacy RPD-based LDAP integration.

    Where did the RPD come from? etc.