Oracle Analytics Cloud and Server

Home Oracle Analytics Oracle Analytics Forums Oracle Analytics Cloud and Server Oracle Analytics Cloud and Server

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

weblogic user not able to login to Analytics, EM and Admin are fine

Received Response
21
Views
21
Comments
Hesh
Hesh Rank 5 - Community Champion
edited Aug 13, 2024 5:56PM in Oracle Analytics Cloud and Server

Hi,

OBIEE 12c

There was some issue with AD users, I have created one temporary weblgoic user in Admin. Thereafter I can not login even with weblogic user! before this temp user creation weblogic user was fine.

[2017-10-04T11:14:05+01:00] [OBIPS] [NOTIFICATION:1] [] [saw.securitysubsystem.checkauthentication.runimpl] [ecid: 32947c87-101b-4185-9c5b-21eb29e52820-000000e3,0:1:1] [tid: 1769338624] [SI-Name: ]

[IDD-Name: ] [IDD-GUID: ] [userId: ] Authentication Failure.

Odbc driver returned an error (SQLDriverConnectW).

State: 08004.  Code: 10018.  [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.

(08004)

State: HY000.  Code: 43113.  [nQSError: 43113] Message returned from OBIS.

(HY000)

State: HY000.  Code: 43126.  [nQSError: 43126] Authentication failed: invalid user/password. (HY000)[[

File:checkauthentication.cpp

Line:1534

Location:

saw.securitysubsystem.checkauthentication.runimpl

saw.threadpool.asynclogon

saw.threads

]]

Thanks

Hesh

«13

Answers

  • asim cholas
    asim cholas Rank 6 - Analytics Lead

    Did you try configuring SSL?

  • Hesh
    Hesh Rank 5 - Community Champion

    Thanks Asim ,

    we are not using SSL, we are using Active Directory.

    Users were reporting that they are not able to login, then I was trying to create on weblogic user, but all of a sudden , even weblogic user is also not connecting!

    Regards

    Hesh

  • asim cholas
    asim cholas Rank 6 - Analytics Lead

    Make the control flag to required and restart(complete) and check if you can login with weblogic

    pastedImage_0.png

  • Gianni Ceresa
    Gianni Ceresa Mod

    Sorry but I would avoid setting "REQUIRED" there or the users from AD will never be able to login.

    It's actually more to make sure the AD provider isn't set as required ...

    A quick reminder of what the values in the "control flag" means:

    REQUIRED—The Authentication provider is always called, and the user must always pass its authentication test. If authentication succeeds or fails, authentication still continues down the list of providers.REQUISITE—The user is required to pass the authentication test of the Authentication provider. If the user passes the authentication test of this Authentication provider, subsequent providers are executed but can fail (except for Authentication providers with the JAAS Control Flag set to REQUIRED).SUFFICIENT—The user is not required to pass the authentication test of the Authentication provider. If authentication succeeds, no subsequent Authentication providers are executed. If authentication fails, authentication continues down the list of providers.OPTIONAL—The user is allowed to pass or fail the authentication test of this Authentication provider. However, if all Authentication providers configured in a security realm have the JAAS Control Flag set to OPTIONAL, the user must pass the authentication test of one of the configured providers.

    So when configuring AD or any other additional provider it's all about defining the control flag of the various providers in a way they can all work together and not making one mandatory over the others etc.

  • Hesh
    Hesh Rank 5 - Community Champion

    Thanks Asim,

    Currently this is SUFFICIENT for my OBIEE ,  REQUIRED means the user should be from AD only? no weblogic user will be permitted?

    A REQUIRED value specifies this LoginModule must succeed. Even if it fails, authentication proceeds down the list of LoginModules for the configured Authentication providers. This setting is the default.

    A REQUISITE value specifies this LoginModule must succeed. If other Authentication providers are configured and this LoginModule succeeds, authentication proceeds down the list of LoginModules. Otherwise, control is return to the application.

    A SUFFICIENT value specifies this LoginModule need not succeed. If it does succeed, return control to the application. If it fails and other Authentication providers are configured, authentication proceeds down the LoginModule list.

    An OPTIONAL value specifies this LoginModule need not succeed. Whether it succeeds or fails, authentication proceeds down the LoginModule list.

    Regards

    Hesh

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    Beaten to it by Gianni but this is really bad advice.

  • Hesh
    Hesh Rank 5 - Community Champion

    Thanks Gianni Ceresa, Christian Berg

    Can you please suggest me on how can I get back my Weblogic user?

    Regards

    Hesh

  • asim cholas
    asim cholas Rank 6 - Analytics Lead

    What i meant is to check if atleast he can login with weblogic user. Currently he is unable to login with Both LDAP and default. If he can login with the default, mostly it could be an issue from LDAP.

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    Didi you get rid of the WLS-embedded LDAP users and move all to Acitve Directory???

  • Hesh
    Hesh Rank 5 - Community Champion

    Hi Christian,

    What I know is we are using AD, not sure if any other providers are still active. But what we really need is all LDAP users and also Weblogic users to able to login.

    At the moment, no one can login to Answers. Weblogic user can login to Admin and EM but not able to login Answers.

    Regards

    Hesh