Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
OBI 12c Publisher with SSO fails for uppercase usernames
Dears,
Facing a strange issue with Publisher login for usernames with uppercase.
OBIEE (12.2.1.2) has been configured for SSO using OAM (11.1.2.3).
We don't face any issues with Analysis/Answers but fails only in Publisher login
If someone has faced this issue and found solution, please reply.
Regards,
Mirza
Answers
-
Did you follow this MOS Doc? https://support.oracle.com/epmos/faces/DocContentDisplay?id=2313210.1
Is /xmlpserver covered by your mod_wl_ohs.conf?
0 -
Hi Christian,
Thanks for your inputs.
Yes, we've followed the document and Publisher is covered by OHS.
We are using Kerberos authentication by having Network ID (UID) for means of authentication.
The strange thing is that All users can use Analysis but when it comes to Publisher, only Users whose Network ID is in lowercase in AD can access.
BI role is same for them.
The rest get error 500 in UI and in background below is the message,
[2020-08-12T13:50:53.638+03:00] [bi_server1] [WARNING] [] [oracle.xdo] [tid: 122] [userId: ABC] [ecid: 00j2o8ygMsEFw0zlzt03Vz61nvE2z_2z30001880000kD,0:4] [APP: bipublisher] [partition-name: DOMAIN] [tenant-name: GLOBAL] SawUtil.impersonate: [saw user name:j8la7vunkgspoibw56cytq3xferzhmd2, impersonate id: abc]
[2020-08-12T13:50:53.638+03:00] [bi_server1] [WARNING] [] [oracle.xdo] [tid: 122] [userId: ABC] [ecid: 00j2o8ygMsEFw0zlzt03Vz61nvE2z_2z30001880000kD,0:4] [APP: bipublisher] [partition-name: DOMAIN] [tenant-name: GLOBAL] java.rmi.RemoteException: User name: j8la7vunkgspoibw56cytq3xferzhmd2, Impersonate id: abc; Access denied. Check "Access SOAP" privilege.; nested exception is: [[
javax.xml.ws.soap.SOAPFaultException: Access denied. Check "Access SOAP" privilege.
Any thoughts please.
Thanks,
Mirza
0 -
"Access denied. Check "Access SOAP" privilege."
^---- That's something completely different. It seems that some users aren't members of Application Roles which grant them the "Access SOAP" privilege in the first place.
0 -
Hi Christian,
Yes the message is misleading but as informed earlier too, the Application role is same for abc and XYZ user.
But only abc can access the Publisher and XYZ gets http error 500.
Appears that publisher changes it to lowercase and hence cannot find the User ID.
Don't know how we can program it as we are using only one attribute OAM_REMOTE_USER.
Thanks,
Mirza
0 -
Hi Mirza,
Log in to OBIEE with Administrator credentials -> Click on Administration -> Manage Privileges -> go to SOAP Section ->Check if the following roles are assigned.
- Assign the "BIConsumer" and "BISystem" roles to the "Access to SOAP" privilege.
- Assign the "BIAdministrator" and "BISystem" roles to the "Impersonate as system user" privilege.
Thanks,
Sareesh
0 - Assign the "BIConsumer" and "BISystem" roles to the "Access to SOAP" privilege.
-
Hello Saresh,
Already tried that with no luck.
Hopefully from the above explanation it is clear what we are facing with BI Publisher only.
Same Application role but different case with UserID aka Network ID (lower vs upper).
Many thanks again for any relevant information.
Will see if I can change any other attribute to make it work.
Regards,
Mirza
0 -
Hi Guys,
Finally able to fix the login of Publisher after checking the box for
Domain->Security->Advanced->Principle equals case insensitive
Note: In Providers, the check box is not selected for "Use Retrieved user Name as Principal", will try later to see the behavior.
Hope it helps others incase they stumble on this block.
Regards,
Mirza
0
![[Deleted User]](https://us.v-cdn.net/6037859/uploads/defaultavatar/nT2GKTLRQJ3P1.jpg)