MSAD and WLS - can sign in as one, or the other, not both — Oracle Analytics

Oracle Analytics Cloud and Server

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

MSAD and WLS - can sign in as one, or the other, not both

Received Response
21
Views
4
Comments
Mark.Thompson
Mark.Thompson Rank 6 - Analytics Lead

I have configured Microsoft Active Directory (MSAD) as an authentication provider for my OBIEE 12c WLS.  The current order of my providers is:

Default Authenticator  (sufficient)

Microsoft Active Directory  (sufficient)

Trust Service Identity Asserter

DefaultIdentityAsserter

As noted, the Control Flag for both the Default Authenticator and MSAD is set to SUFFICIENT.

The problem: With the providers in this order, I can sign in using the users defined in WLS, but not in MSAD.  When I attempt to sign in using an MSAD user, the bi-server1-diagnostic.log contains the message "could not find user ann.baker in the identity store".

However, if I put the MSAD provider FIRST in the list, and then restart the services, I can sign in as a user from MSAD, but I cannot sign in as a user who is defined in WLS.  The log shows me "The specified user credentials could not be authenticated."

So at the present time, I can only sign in with users who are contained in whichever provider is listed first.

What am I missing?

Answers