OBIEE 11g: Error: "[nQSError: 43126] Authentication failed: invalid user/password." Authentication of AD (LDAP) Users Fails when the User Is a Member of Specific Groups (Doc ID 1451542.1)

Last updated on JUNE 23, 2016

Applies to:

Business Intelligence Server Enterprise Edition - Version 11.1.1.3.0 [1905] and later
Business Intelligence Suite Enterprise Edition - Version 11.1.1.3.0 [1905] and later
Information in this document applies to any platform.

Symptoms

Authentication of AD (LDAP) users fails when the user is a member of certain/specific groups.
When the LDAP user is added as a member of such problematic groups via AD Admin utility, the following error can be seen in the logs while attempting to log in to OBIEE:

[2012-03-26T09:06:12.000+00:00] [OracleBIServerComponent] [ERROR:1] Error Message From BI Security Service: SecurityService::authenticateUserWithLanguage [OBI-SEC-00022] Identity found bitesterror but could not be authenticated
[2012-03-26T09:06:12.000+00:00] [OracleBIServerComponent] [ERROR:1] [nQSError: 43126] Authentication failed: invalid user/password.



Once the problematic group membership is revoked from the LDAP user, you are able log in without a problem.  If the same problematic group is granted to a working LDAP user, you are then no longer able to log in to OBIEE with the same error.  Some of the problematic groups have characters like exclamation marks in the name. For example:

!Gruppe perdata GB AB

but others without any special characters also cause the problem.


Error details:

[2012-03-26T09:06:12.000+00:00] [OracleBIServerComponent] [ERROR:1] Error Message From BI Security Service: SecurityService::authenticateUserWithLanguage [OBI-SEC-00022] Identity found bitesterror but could not be authenticated
[2012-03-26T09:06:12.000+00:00] [OracleBIServerComponent] [ERROR:1] [nQSError: 43126] Authentication failed: invalid user/password.
oracle.bi.security.service.SecurityServiceException: SecurityService::authenticateUserWithLanguage [OBI-SEC-00022] Identity found bitesterror but could not be authenticated
at oracle.bi.security.service.URServiceBean.authenticateUserWithLanguage(URServiceBean.java:146)
at oracle.security.jps.internal.jaas.CascadeActionExecutor$SubjectPrivilegedExceptionAction.run(CascadeActionExecutor.java:83)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: javax.security.auth.login.LoginException: [Security:090305]Authentication Failed Getting Groups for User bitesterror weblogic.management.utils.NotFoundException: [Security:090255]User or Group !Gruppe perdata GB AB
at oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule.login(JpsUserAuthenticationLoginModule.java:71)
at sun.reflect.GeneratedMethodAccessor296.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at oracle.bi.security.service.SecurityServiceBean.authenticateUserCredentials(SecurityServiceBean.java:842)
at oracle.bi.security.service.URServiceBean.authenticateUserWithLanguage(URServiceBean.java:141)
... 54 more
Caused by: oracle.security.jps.internal.jaas.module.AuthenticationException: [Security:090305]Authentication Failed Getting Groups for User bitesterror weblogic.management.utils.NotFoundException: [Security:090255]User or Group !Gruppe perdata GB AB
at oracle.security.jps.wls.jaas.module.authentication.WlsUserAuthenticator.authenticate(WlsUserAuthenticator.java:61)
at oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule.login(JpsUserAuthenticationLoginModule.java:62)
... 65 more
Caused by: javax.security.auth.login.FailedLoginException: [Security:090305]Authentication Failed Getting Groups for User bitesterror weblogic.management.utils.NotFoundException: [Security:090255]User or Group !Gruppe perdata GB AB
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:284)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
   ... 12 more
at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
at weblogic.security.services.Authentication.doLogin(Authentication.java:133)
at weblogic.security.services.Authentication.login(Authentication.java:51)
at oracle.security.jps.wls.jaas.module.authentication.WlsUserAuthenticator.authenticate(WlsUserAuthenticator.java:56)

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms