My Oracle Support Banner

OBIEE 11g: Error: "[nQSError: 43126] Authentication failed: invalid user/password." Authentication of AD (LDAP) Users Fails when the User Is a Member of Specific Groups (Doc ID 1451542.1)

Last updated on JUNE 26, 2019

Applies to:

Business Intelligence Server Enterprise Edition - Version 11.1.1.3.0 [1905] and later
Business Intelligence Suite Enterprise Edition - Version 11.1.1.3.0 [1905] and later
Information in this document applies to any platform.
***Checked for relevance on 15-Jan-2019***

Symptoms

Authentication of AD (LDAP) users fails when the user is a member of certain/specific groups.
When the LDAP user is added as a member of such problematic groups via AD Admin utility, the following error can be seen in the logs while attempting to log in to OBIEE:

[2012-03-26T09:06:12.000+00:00] [OracleBIServerComponent] [ERROR:1] Error Message From BI Security Service: SecurityService::authenticateUserWithLanguage [OBI-SEC-00022] Identity found bitesterror but could not be authenticated
[2012-03-26T09:06:12.000+00:00] [OracleBIServerComponent] [ERROR:1] [nQSError: 43126] Authentication failed: invalid user/password.



Once the problematic group membership is revoked from the LDAP user, you are able log in without a problem.  If the same problematic group is granted to a working LDAP user, you are then no longer able to log in to OBIEE with the same error.  Some of the problematic groups have characters like exclamation marks in the name. For example:

!Gruppe perdata GB AB

but others without any special characters also cause the problem.


Error details:

[2012-03-26T09:06:12.000+00:00] [OracleBIServerComponent] [ERROR:1] Error Message From BI Security Service: SecurityService::authenticateUserWithLanguage [OBI-SEC-00022] Identity found bitesterror but could not be authenticated
[2012-03-26T09:06:12.000+00:00] [OracleBIServerComponent] [ERROR:1] [nQSError: 43126] Authentication failed: invalid user/password.
oracle.bi.security.service.SecurityServiceException: SecurityService::authenticateUserWithLanguage [OBI-SEC-00022] Identity found bitesterror but could not be authenticated
at oracle.bi.security.service.URServiceBean.authenticateUserWithLanguage(URServiceBean.java:146)
at oracle.security.jps.internal.jaas.CascadeActionExecutor$SubjectPrivilegedExceptionAction.run(CascadeActionExecutor.java:83)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: javax.security.auth.login.LoginException: [Security:090305]Authentication Failed Getting Groups for User bitesterror weblogic.management.utils.NotFoundException: [Security:090255]User or Group !Gruppe perdata GB AB
at oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule.login(JpsUserAuthenticationLoginModule.java:71)
at sun.reflect.GeneratedMethodAccessor296.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at oracle.bi.security.service.SecurityServiceBean.authenticateUserCredentials(SecurityServiceBean.java:842)
at oracle.bi.security.service.URServiceBean.authenticateUserWithLanguage(URServiceBean.java:141)
... 54 more
Caused by: oracle.security.jps.internal.jaas.module.AuthenticationException: [Security:090305]Authentication Failed Getting Groups for User bitesterror weblogic.management.utils.NotFoundException: [Security:090255]User or Group !Gruppe perdata GB AB
at oracle.security.jps.wls.jaas.module.authentication.WlsUserAuthenticator.authenticate(WlsUserAuthenticator.java:61)
at oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule.login(JpsUserAuthenticationLoginModule.java:62)
... 65 more
Caused by: javax.security.auth.login.FailedLoginException: [Security:090305]Authentication Failed Getting Groups for User bitesterror weblogic.management.utils.NotFoundException: [Security:090255]User or Group !Gruppe perdata GB AB
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:284)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
   ... 12 more
at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
at weblogic.security.services.Authentication.doLogin(Authentication.java:133)
at weblogic.security.services.Authentication.login(Authentication.java:51)
at oracle.security.jps.wls.jaas.module.authentication.WlsUserAuthenticator.authenticate(WlsUserAuthenticator.java:56)

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.