OBIEE 11g - After Configuring Active Directory as Authentication Provider Users that are NOT Listed in Active Directory Get Access. (Doc ID 1957475.1)

Last updated on SEPTEMBER 24, 2015

Applies to:

Business Intelligence Suite Enterprise Edition - Version 11.1.1.7.1 and later
Information in this document applies to any platform.

Symptoms

OBIEE 11.1.1.7.x version, Analytics

Try to login to OBIEE.

Enter with the user "abast" and the correct password, it is validated against the AD and retrieves the groups.
Enter with the user "abast" and a wrong password, it is validated without the correct permissions
Enter with the user "AbAsT" with a wrong case sensitivity, it is validated without the correct permissions
Enter with the user "dfs3$·"$45~#€~€325%$" it works !! and of course this user doesn't exist in any authenticator.


In bi-server log file there are some errors at startup time like:

"BI Security Service Access Denied - credentials supplied in SOAP Message header failed authentication"

ERROR
-----------------------
 [nQSError: 13049] User 'ADBISystemUser' with 'empty' permission can not query user population.

Changes

 Configure Active Directory as authentication provider

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms