Error 403 forbidden with SSO SAML 2.0 when deploying two Analytics ear files

(Doc ID 1991070.1)

Last updated on MARCH 08, 2017

Applies to:

Business Intelligence Server Enterprise Edition - Version and later
Information in this document applies to any platform.


Customer had  configured the environment with SSO (ADFS + SAML 2.0) according this document:

When logging in to Analytics encountered the following error:

Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden

It appeared as though server understood the request, but is refusing to fulfill it. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.

Customer had also followed OBIEE 11g "Error 403--Forbidden" Accessing OBIEE Through SAML SSO(Doc ID 1928807.1)

Checking the logs for BI servers and ADFS servers and following errors were noticed:

1. On ADFS servers site Error ID 364:

Encountered error during federation passive request.

Additional Data

Exception details:
Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '2' seconds. Contact your administrator for details.
  at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.UpdateLoopDetectionCookie()
  at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SendSignInResponse(MSISSignInResponse response)


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms