OBIEE 11g: Error: "Invalid username or password" when Authenticating OBIEE Users Against Iplanet (Sun Java System Directory Server) or a Similar Authentication Provider (Doc ID 1361862.1)

Last updated on AUGUST 12, 2014

Applies to:

Business Intelligence Server Enterprise Edition - Version 11.1.1.5.0 [1308] and later
Business Intelligence Suite Enterprise Edition - Version 11.1.1.5.0 [1308] and later
Information in this document applies to any platform.
***Checked for relevance 12-Aug-2014***

Symptoms

You have set up OBIEE 11.1.1.5 authentication using Sun Java System Directory Server (formerly known as Iplanet).  But it fails to authenticate the users.  You get the error:

Invalid username or password

The bi_server.log contains this error:

<Debug> <SecurityAtn> <t0i23x> <bi_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1315339541765> <BEA-000000> <javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User weblogic denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:229)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
etc

But bi_server1.log has a message that authentication succeeded.

This problem can occur with an LDAP provider other than Sun Java System Directory Server.

Steps to re-produce:

  1. Set up iPlanet (Sun Java System Directory Server) in WebLogic, set to SUFFICIENT.
  2. Default Authenticator is set to SUFFICIENT.
  3. Reordered such that iPlanet (Sun Java System Directory Server) Authenticator is the first in the list.
  4. Restarted WebLogic services.
  5. Logged into WebLogic, one could see the users from iPlanet (for example) in the WebLogic, that means users were retrieved from iPlanet or any other authenticator provider.
  6. Specified one of the users in the Global Admin roles (Roles and Policies). Saved the changes.
  7. Modified oracle.bi.system in EM to point to this new iPlanet (or any other provider used) user.
  8. Added user.login.attr and username.attr in EM and the value is uid.
  9. Added this new iPlanet ( or any other provider used) trusted user to BISystem role.


Restart all the services, includes WebLogic and OBIEE

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms