Hi I’m having an issue to call the SecurityService, impersonate.
I’m using a valid Administrator ID and a valid account (e1proxy). I can connect independently with each one of those accounts to BIP.
But when using impersonate method
getting the following error message:
oracle.xdo.webservice.exception.AccessDeniedException: java.lang.SecurityException: Failed to log into BI Publisher: invalid username or password.
<faultstring>oracle.xdo.webservice.exception.AccessDeniedException: java.lang.SecurityException: Failed to log into BI Publisher: invalid username or password.</faultstring>
Could anyone tell me what i should check?
II have this working before implementing SSO and by the way I'm in 18.104.22.168.6 version.
The security model is:
install Oracle BI Security Diagnostics Helper
and check what is happening to user when logs in.
The error seems as if the identity store is not able to get the roles from user.
also check bi security deployment is up and running in console. if not start the bisecurity app and set is as service all requests when you start.
is the user able to login to OBIEE?
The user is able to login to BI Publisher ...
so if you put http://host:port/xmlserver ...
the user is not able to connect to BI since BI is using SSO with LDAP and the user i have created is a weblogic user not LDAP / AD user.
But I'm able to connect using the login services or through web directly with these users.
check the control flag in your provider. set default authenticator as sufficient and LDAP as optional/sufficient.
order, default authenticator first and then LDAP.
check in EM for security Provider configuration > Identity store
this treats users from multiple authentication providers as same.
do a image backup before you start any changes as these changes need restart of weblogic and there is a very good possibility that you may not be able to revert it back if something gets messed up.
try the security diagnostic helper to check whether you get the right roles when you give user/pwd.
But if i change the order of the providers i might loose SSO capability, right? Since my users are in LDAP,
I don't want that to happen.
And regarding the roles ...when i put usename and password i can see that in "My Account" connecting with that user...and looks good.