MSAD Users Cannot Login to OBIEE If They Belong To A Group With Hyphen In CN
Last updated on FEBRUARY 26, 2017
Applies to:Business Intelligence Suite Enterprise Edition - Version 220.127.116.11.5 and later
Information in this document applies to any platform.
On : 18.104.22.168.5 version, Analytics
OBIEE is configured with organizational Active Directory and SSO (using OAM) for authentication. Most users have no issues logging in but some users are unable to login to OBIEE. The following error occurs in the nqserver.log:
oracle.webservices.provider.ProviderException: javax.xml.ws.WebServiceException: BI Security Service Access Denied - credentials supplied in SOAP Message header failed authentication
[2017-02-01T20:27:09.000+01:00] [OracleBIServerComponent] [ERROR:1]   [ecid: 005Hro6y5DDDg^45VV1Fic00056r003sf3,0:2:1:1:6] [tid: 1344] [nQSError: 43126] Authentication failed: invalid user/password.
This happens to users who are members of groups that have hyphen in their CN. As soon these groups are removed, the user can log in. But, these groups cannot be removed from the user as this is a organization wide Active Directory, the group memberships are used by other applications.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms