1 Reply Latest reply on Mar 14, 2016 10:12 AM by Christian Berg

    LDAP issue

    vai

      I have a RPD where LDAP is configured, when i deploy the RPD, all the services are UP, i am able to open EM & Console, but i am not able open the analytics page.

      I tried deploying Sampleapplite rpd, but still i am facing same issue.

      Below are the log details of bi_server, not able to figure out what's wrong. itried googling the error, but didnt find any solution.

      Can anyone please help me in resolving the same.

       

      BIserver_1 logs:

       

      Caused by: oracle.wsm.security.SecurityException: WSM-00008 : Web service authentication failed.

        at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:242)

        at oracle.wsm.security.jps.JpsManager.basicAuthenticate(JpsManager.java:319)

        at oracle.wsm.security.policy.scenario.executor.WssUsernameTokenScenarioExecutor.receiveRequest(WssUsernameTokenScenarioExecutor.java:159)

        ... 51 more

      Caused by: javax.security.auth.login.LoginException: [Security:090304]Authentication Failed: User BISystemUser javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User BISystemUser denied

        at oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule.login(JpsUserAuthenticationLoginModule.java:71)

        at sun.reflect.GeneratedMethodAccessor414.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:606)

        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)

        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)

        at javax.security.auth.login.LoginContext.login(LoginContext.java:595)

        at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:234)

        ... 53 more

      Caused by: oracle.security.jps.internal.jaas.module.AuthenticationException: [Security:090304]Authentication Failed: User BISystemUser javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User BISystemUser denied

        at oracle.security.jps.wls.jaas.module.authentication.WlsUserAuthenticator.authenticate(WlsUserAuthenticator.java:64)

        at oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule.login(JpsUserAuthenticationLoginModule.java:62)

        ... 64 more

      Caused by: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User BISystemUser javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User BISystemUser denied

        at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)

        at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)

        at java.security.AccessController.doPrivileged(Native Method)

        at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)

        at sun.reflect.GeneratedMethodAccessor409.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:606)

        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)

        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)

        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)

        at javax.security.auth.login.LoginContext.login(LoginContext.java:595)

        at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)

        at sun.reflect.GeneratedMethodAccessor407.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:606)

        at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)

        at com.sun.proxy.$Proxy34.login(Unknown Source)

        at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)

        at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)

        at sun.reflect.GeneratedMethodAccessor411.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:606)

        at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)

        at com.sun.proxy.$Proxy52.authenticate(Unknown Source)

        at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)

        at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:338)

        at weblogic.security.services.Authentication.doLogin(Authentication.java:133)

        at weblogic.security.services.Authentication.login(Authentication.java:74)

        at weblogic.security.services.Authentication.login(Authentication.java:51)

        at oracle.security.jps.wls.jaas.module.authentication.WlsUserAuthenticator.authenticate(WlsUserAuthenticator.java:59)

        ... 65 more

       

       

      ]]

      [2016-03-14T10:31:16.125+05:30] [bi_server1] [ERROR] [OWS-04115] [oracle.webservices.service] [tid: [ACTIVE].ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000LDnTkmN7q215zvWByW1Mt^AR000006,0:106] [APP: OracleRTD#11.1.1] An error occurred for port: {http://www.sigmadynamics.com/schema/services/RpcService}RpcPort: oracle.fabric.common.PolicyEnforcementException: FailedAuthentication : The security token cannot be authenticated..

      [2016-03-14T10:31:16.128+05:30] [bi_server1] [ERROR] [WSM-00279] [oracle.wsm.resources.security] [tid: RTD_Worker_1] [userId: <anonymous>] [ecid: 0000LDnTkmN7q215zvWByW1Mt^AR000006,0] [APP: OracleRTD#11.1.1] [WSM_POLICY_NAME: oracle/wss_username_token_client_policy] The following Fault Message is received at the client side from the service:- [[

      FailedAuthentication : The security token cannot be authenticated..

       

       

      The client side policy is:-

      oracle/wss_username_token_client_policy.

       

       

      The service endpoint url is:-

      http://10.10.10.10:9704/ws/rpc.

       

       

      Keystore properties:-

      {}.

       

       

      Properties found in the message context (Partial list):-

      {javax.xml.ws.security.auth.username=BISystemUser, javax.xml.rpc.security.auth.username=BISystemUser}.

       

       

      PolicyReference OverrideProperty:

      []

       

       

      Policy configuration properties (some of these may be overridden by the properties passed in the PolicyReference or message context, for details about the order of precedence of properties consult documentation):-

      {csf-key=basic.credentials, role=ultimateReceiver}.

       

       

      Other related information:-

      {oracle.integration.platform.common.subject=Subject: NULL

      }.

      ]]

      [2016-03-14T10:31:16.130+05:30] [bi_server1] [ERROR] [] [oracle.webservices.jaxws] [tid: RTD_Worker_1] [userId: <anonymous>] [ecid: 0000LDnTkmN7q215zvWByW1Mt^AR000006,0] [APP: OracleRTD#11.1.1] Error while invoking endpoint "http://10.10.10.10:9704/ws/rpc" from client; Client side policies: [oracle/wss_username_token_client_policy]

        • 1. Re: LDAP issue
          Christian Berg

          vai wrote:

           

          [Security:090302]Authentication Failed: User BISystemUser denied

           

          ^... that's the core bit you should be worried about. And if you just google this you'll quickly see that you'll have to go back a bit in order to solve this. From the documentation:

           

          You must ensure that the OracleSystemUser is a member of the OracleSystemGroup group in your identity store and that the group has the WebLogic global role OracleSystemRole assigned to it. For more information, see Steps 3-6 in Section 3.4.7.1, "Configuring Oracle Internet Directory LDAP Authentication as the Only Authenticator" (these steps still apply for other LDAP servers):

          Alternately, if the problem is that the OracleSystemUser account cannot not be authenticated or does not exist (for example, because you migrated to an LDAP identity store and removed DefaultAuthenticator without creating a new OracleSystemUser account in your new identity store), you see a log entry like this:

          Caused by: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User OracleSystemUser javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User OracleSystemUser denied

          at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)

          This error message can be caused by several different issues:

          • You have removed the DefaultAuthenticator and not created an account named OracleSystemUser in the new identity store you are using instead.
          • You have misconfigured the authenticator for your new identity store such that the OracleSystemUser account cannot be found.
          • The OracleSystemUser account has been locked or disabled in some way on your LDAP server.

           

          So basically: How was the system set up in terms of security - and I mean proper security, not any 10g-legacy RPD-based LDAP integration.

          Where did the RPD come from? etc.