5 Replies Latest reply on Feb 22, 2017 7:43 PM by chillychin

    OBIEE 11.1.1.7.140225 - User logs in at home on iPad and hits error [Insufficient Privileges. "Access Home Page"] BUT can log in at work desktop?

    chillychin

      Apologies for the long thread title but I am a bit stumped at this issue.

       

      I have an end user that is saying that when they log into OBIEE while at work on their work desktop - no issues.

       

      BUT

       

      When they try to log into OBIEE when they get HOME on their personal iPad that they are hitting an error [Insufficient Privileges. "Access Home Page"]

       

      If it was something with our OBIEE security set up, I would assume that they would not be able to log in either at home OR at work.

       

      Since they can log in at work but NOT at home, it leads me to believe that it is their home set up that there is an issue, but I am not sure what could be the issue?

       

      Could it be their cache? Network settings?

       

      Outside of going to their house during off hours to test their iPad I am not sure what to say to this user.

       

      Any possible ideas greatly appreciated

        • 1. Re: OBIEE 11.1.1.7.140225 - User logs in at home on iPad and hits error [Insufficient Privileges. "Access Home Page"] BUT can log in at work desktop?
          Gianni Ceresa

          Does the user have access to the OBIEE homepage?

          If not give him access and ask to test again when at home.

           

          The OBIEE homepage privilege is required for few things (act as if I'm not wrong for example) and it's possible that the iPad app also require it. (I guess the user uses the OBIEE app and not the browser as 11.1.1.7 doesn't work well on mobile devices, that's why they added MAD at that time.)

          • 2. Re: OBIEE 11.1.1.7.140225 - User logs in at home on iPad and hits error [Insufficient Privileges. "Access Home Page"] BUT can log in at work desktop?
            Christian Berg

            More general: "accesses the home page"...

             

            ...like how? Just through a browser? No use of the OBI app? Using BIMAD or just plain OBI?

            • 3. Re: OBIEE 11.1.1.7.140225 - User logs in at home on iPad and hits error [Insufficient Privileges. "Access Home Page"] BUT can log in at work desktop?
              chillychin

              The user does have access to the OBIEE home page, or at least the security group that we put them in maps to it.

               

              I checked Administration -> Manage Privileges -> Home and Header -> "Access Home Page" has the BI Consumer Role mapped to it.

               

              When the user is able to successfully log in at work, I checked their [My Account->Roles and Catalog Groups] and see BI Consumer.

               

              I had to do a lot of digging and rummaging around to see what the issue could be with this.

               

              I tried to refresh the GUID and validate the catalog but the same issue persisted with the user.

               

              I finally told them to just bring their iPad into work and have them log in so I could see exactly what was happening (it was quite a fight to even get this user to do this).

               

              So it looks like they are using a plain old internet browser (Chrome I believe on their iPad).

               

              When they logged in, I noticed that by default the [User ID] field on the default OBIEE home page capatilized their user id.

               

              So

               

              User ID = Charles

               

              When they were able to log in at work I saw that they had

               

              User ID = charles

               

              I was doing some searching around and it sounds like it is possible that there is some case sensitivity.

               

              We use LDAP as our authenticator - so when someone logs in they need to be part of our directory - otherwise they would get the error "Unable to sign in"

               

              Since my end user is able to log in but then hits the error "Insufficient privileges" its almost as if he does not have his role mapped to the privilege [Access Home Page].

               

              Is it possible that if he logs in with a capatilized user id that our LDAP is case INsensitive - but when OBIEE tries to map his user id to his groups/roles that it gets confused because it is case sensitive?

               

              We have for authentication

               

              LDAP

              Weblogic Authentication Provider

              Weblogic Identity Assertion Provider

               

              Is there some case sensitivity happening some where?

              • 4. Re: OBIEE 11.1.1.7.140225 - User logs in at home on iPad and hits error [Insufficient Privileges. "Access Home Page"] BUT can log in at work desktop?
                chillychin

                I am pretty sure there is something funny going on when we have a user log in using non lower case user id's

                 

                So if someone with the login of

                 

                charles

                 

                Typed in ChArLeS - OBIEE seems to not recognize this and can not map them to the security groups we put them into.

                 

                Is there anyway I can enforce all lower case to be POST from the OBIEE login page?

                • 5. Re: OBIEE 11.1.1.7.140225 - User logs in at home on iPad and hits error [Insufficient Privileges. "Access Home Page"] BUT can log in at work desktop?
                  chillychin

                  I finally found an answer here

                   

                  Understanding Users and Roles

                   

                  A lot of googling around and found the above link

                   

                  Theres basically two places to make a change.

                   

                  I am on active directory - and was having issues with end users and their login ID being case sensitive.

                   

                  To turn off, or to make it case insensitive you can follow the above document.

                   

                  You just need to set PrincipalEqualsCaseInsensitive to True

                   

                  Log into Weblogic console - click on bifoundation_domain -> Security -> Click on the [Advanced] link to open up more options and check the box for Principa lEquals Case Insensitive to True

                   

                  Another way is to do this

                   

                  bifoundation_domain > Security Realms > myrealm > Providers > (Name of your ADSI provider) > Provider Specific >
                  Use Retrieved User Name As Principal (ticked/checked)

                   

                  Specifies whether we should use the user name retrieved from the embedded LDAP server as the Principal in the Subject.

                   

                  This option basically takes what the log in is from Active Directory that it gets and uses this to feed into OBIEE and match the ID with the users assigned groups.

                   

                  Either option will work, just need to do one or the other

                   

                  Hope that helps anyone else with this same issue