I have configured Microsoft Active Directory (MSAD) as an authentication provider for my OBIEE 12c WLS. The current order of my providers is:
Default Authenticator (sufficient)
Microsoft Active Directory (sufficient)
Trust Service Identity Asserter
DefaultIdentityAsserter
As noted, the Control Flag for both the Default Authenticator and MSAD is set to SUFFICIENT.
The problem: With the providers in this order, I can sign in using the users defined in WLS, but not in MSAD. When I attempt to sign in using an MSAD user, the bi-server1-diagnostic.log contains the message "could not find user ann.baker in the identity store".
However, if I put the MSAD provider FIRST in the list, and then restart the services, I can sign in as a user from MSAD, but I cannot sign in as a user who is defined in WLS. The log shows me "The specified user credentials could not be authenticated."
So at the present time, I can only sign in with users who are contained in whichever provider is listed first.
What am I missing?
