OAS Authorization with Microsoft AD Provider Is Getting OBI-SEC-00020

userva

We have installed OAS 2024 imported a bar file from OBIEE 12.2.1.3 and excluded (Application Roles and Credentials) during import.

Now trying to enable AD Authentication, tried the below steps:

1. Under myrealm, Provider tab > Added new Auth Provider named ADAuthProvider_1.
2. Provided all the necessary details for Provider Specific settings, including Group Membership Searching: Set to Limited.
3. Set the Control Flag of the DefaultAuthenticator & new ADAuthProvider_1 as "SUFFICIENT".
4. Reorder Provider and keep ADAuthProvider_1 at the top.
5. Restarted Server, and tested AD user lookup using the User and Groups tab under myrelam.
6. Added below two properties (virtualize = true, OPTIMIZE_SEARCH = true) under Identity Service Provider in EM
7. Restarted Server

When I try to log in using AD Credentials, I get this error The specified credentials could not be authenticated, please try again on the login screen, and the below error on bi_server1-diagnostic.log

[bi_server1] [ERROR] [] [oracle.bi.majel.dxd.svs] [tid: pool-34-thread-1] [userId: <anonymous>] [ecid: cbc27fbb-ab38-482a-a3a7-be819846a618-000000f3,0] [APP: bi-majel-application] [partition-name: DOMAIN] [tenant-name: GLOBAL] DATAWATCH TRIGGER HAS FAILED BECAUSE OF: java.lang.NullPointerException[[
at oracle.bi.majel.dxd.svs.DataWatchTrigger.getCPUsPerNode(DataWatchTrigger.java:86)
at oracle.bi.majel.dxd.svs.DataWatchTrigger.run(DataWatchTrigger.java:36)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

[bi_server1] [ERROR] [OBI-SEC-00020] [oracle.bi.security.authentication] [tid: [ACTIVE].ExecuteThread: '50' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: cbc27fbb-ab38-482a-a3a7-be819846a618-0000078e,0] [APP: bi-security-login] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: 0000Oy4adw77U8T_U9WByc1aHgw7000002] [SI-Key: ssi] The specified user credentials could not be authenticated.[[
javax.security.auth.login.LoginException: OBI-SEC-00020
at oracle.bi.security.subject.SubjectAuthenticator.authenticateUserCredentials(SubjectAuthenticator.java:64)

Could someone please help me how to resolve this issue, i am trying to set up AD Authentication for the first time.

Sumanth V -Oracle

@userva - Configuration steps listed out seems correct. Please let us know if you can see the users and groups in EM as well. You can verify the same by trying to assign them to an application role. Also, please check if login issue is only with users coming from AD alone or even with default authenticator users as well. Also, verify if the jdk related patches mentioned in the below document is applied in your environment.

Critical Patch Update (CPU) Advisor For Oracle Analytics Server and Oracle Business Intelligence - Updated for April 2024 (Doc ID 2832967.2)

Mallikarjuna Kuppauru-Oracle

Hi @userva

Refer below MOS docs -

External LDAP User Login Fails Analytics -The Specified User Credentials Could Not Be Authenticated (Doc ID 2846844.1)

AD Users Are Failing Analytics Login With Error "The Specified User Credentials Could Not Be Authenticated" (Doc ID 2942490.1)

Regards,

Arjun

KhaderBelgoud-Oracle

@userva

In this thread, 2 errors are reported and they are not related to eachother.

Error 1 : DATAWATCH TRIGGER HAS FAILED BECAUSE OF: java.lang.NullPointerException

Error 2: The specified user credentials could not be authenticated

Error 1 can be addressed by applying the Patch 36630689 . Whereas Error 2 is related to misconfiguration in AD provider. Restore the domain files and try configuring the AD provider on the OAS 2024 before imported a bar file.

apastuhov

Just wanted to mention that ESI JDE SSO solution now also supports SAML2 SSO into Oracle Analytics Server - this can be deployed in just a couple of hours, it's a free service too.

SteveF-Oracle

Closing this thread, original poster never responded back with solution.