Hi All ,

I have Configured SSO in OBIEE with SAML and siteminder .

SAML respose file is passing the Username (abc123) , of the entered EMAIL ID (miller.john@domain.com)  from Active Directory , to OBIEE .

So , I created a user 'abc123' in OBIEE , assinged this to Administrators and BIAdministrators groups .

It seems the SSO is working . After hitting OBIEE analytics URL (http://localhost:9704/analytics) , its redirecting to siteminder agent gateway (SSO login Page) .

After Loggin in with EMAIL ID (miller.john@domain.com)and password , its getting redirected to the OBIEE analytics page .

Which is throwing "Error 403--Forbidden" .

sawlog0 and nqserver log files are giving below error :

Error in getting roles from BI Security Service

System user validation failed - the system user profile could not be found in the identity store.

Error retrieving user/group data from Oracle BI Server's User Population API.

Error searching roles in the backend to resolve GUIDs during user population manager initialization

Error initializing/loading existing Catalog: /u01/app/obiee/instances/instance1/bifoundation/OracleBIPresentationServicesComponent/coreapplication_obips1/catalog/SampleAppLite.

AND at the end its keep on logging below error in sawlog0.log :

Unable to get a system user connection to BI Server (attempt 101 of 500). Sleeping for 4 seconds before trying again.

I Performed the below troubleshooting's , nothing resolved the issue .

1. Resetting BISytemUser password in console and EM .

2. Providers - > defaultAuthenticator - > control flag … SUFFICIENT

3. Added weblogic user under

weblogic Domain -> bifoundaton_domain -> Security -> Applicaton Role -> BISystem

4. Added custom property “virtualize=false” in Identity store configuration in EM

5. Performed GUID refresh .

6. Checked all services (Admin , managed servers and BI components are up and running)

Please Help .