5 Replies Latest reply on Apr 27, 2016 3:13 PM by SriniVEERAVALLI

    Error 403--Forbidden in OBIEE Analytics page after configuring SSO with SAML 2.0

    3200247

      Hi All ,

      I have Configured SSO in OBIEE with SAML and siteminder .

      SAML respose file is passing the Username (abc123) , of the entered EMAIL ID (miller.john@domain.com)  from Active Directory , to OBIEE .

      So , I created a user 'abc123' in OBIEE , assinged this to Administrators and BIAdministrators groups .


      It seems the SSO is working . After hitting OBIEE analytics URL (http://localhost:9704/analytics) , its redirecting to siteminder agent gateway (SSO login Page) .

      After Loggin in with EMAIL ID (miller.john@domain.com)and password , its getting redirected to the OBIEE analytics page .

      Which is throwing "Error 403--Forbidden" .


      sawlog0 and nqserver log files are giving below error :

      Error in getting roles from BI Security Service

      System user validation failed - the system user profile could not be found in the identity store.

      Error retrieving user/group data from Oracle BI Server's User Population API.

      Error searching roles in the backend to resolve GUIDs during user population manager initialization

      Error initializing/loading existing Catalog: /u01/app/obiee/instances/instance1/bifoundation/OracleBIPresentationServicesComponent/coreapplication_obips1/catalog/SampleAppLite.


      AND at the end its keep on logging below error in sawlog0.log :

       

      Unable to get a system user connection to BI Server (attempt 101 of 500). Sleeping for 4 seconds before trying again.


      I Performed the below troubleshooting's , nothing resolved the issue .

       

      1. Resetting BISytemUser password in console and EM .

      2. Providers - > defaultAuthenticator - > control flag … SUFFICIENT

      3. Added weblogic user under

      weblogic Domain -> bifoundaton_domain -> Security -> Applicaton Role -> BISystem

      4. Added custom property “virtualize=false” in Identity store configuration in EM

      5. Performed GUID refresh .

      6. Checked all services (Admin , managed servers and BI components are up and running)


      Please Help .