My Oracle Support Banner

Error 403 forbidden with SSO SAML 2.0 when deploying two Analytics ear files (Doc ID 1991070.1)

Last updated on MARCH 08, 2017

Applies to:

Business Intelligence Server Enterprise Edition - Version and later
Information in this document applies to any platform.


Customer had  configured the environment with SSO (ADFS + SAML 2.0) according this document:

When logging in to Analytics encountered the following error:

Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden

It appeared as though server understood the request, but is refusing to fulfill it. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.

Customer had also followed OBIEE 11g "Error 403--Forbidden" Accessing OBIEE Through SAML SSO(Doc ID 1928807.1)

Checking the logs for BI servers and ADFS servers and following errors were noticed:

1. On ADFS servers site Error ID 364:

Encountered error during federation passive request.

Additional Data

Exception details:
Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '2' seconds. Contact your administrator for details.
  at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.UpdateLoopDetectionCookie()
  at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SendSignInResponse(MSISSignInResponse response)


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.