0 Replies Latest reply on Feb 21, 2015 3:55 PM by 2804349

    ADFS SSO with OBIEE weblogic 403 - forbidden

    2804349

      Hello everyone!

       

      I have deployed an environment in two locations.

       

      The first one contains:

      2 x Domain Controllers (let's name it DC1 and DC2)- both are connected through vpn to the 3rd domain controler( DC3) in second location

      5 x ADFS Servers connected to the load balancer  - there is no connection between ADFS servers and 3rd domain controler(DC3) in second location

       

      The second contains:

      1 x Domain Controller (DC3)

      2 x Clustered OBIEE servers connected to the DC3's AD LDAP. Also these servers are connected to the LB and are accessible from the internet

       

      If I had test environment containing OBIEE servers in first location everything was ok. I could log into OBIEE weblogic servers through SSO (ADFS).

       

      Now there is a problem. I can't log in to OBIEE becouse I am getting on OBIEE site 403 - forbidden.

      In ADFS logs all the time I am getting  when I am trying to connect OBIEE following error:

      Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '2' seconds.

       

      I read many articles in oracle support and microsoft sites wchich indicated on:

      1. differences between network time servers - I synchronized the time between all servers.
      2. permissions for users and groups who can access to the obiee - I did it

      The main question is: Is it possible the problem persists becouse my DC3 is not connected to the ADFS servers?