MSAD Users Cannot Login to OBIEE If They Belong To A Group With Hyphen In CN (Doc ID 2237891.1)

Last updated on FEBRUARY 26, 2017

Applies to:

Business Intelligence Suite Enterprise Edition - Version 11.1.1.9.5 and later
Information in this document applies to any platform.

Symptoms

On :  11.1.1.9.5 version, Analytics
OBIEE is configured with organizational Active Directory and SSO (using OAM) for authentication. Most users have no issues logging in but some users are unable to login to OBIEE. The following error occurs in the nqserver.log:

ERROR
------------------------

oracle.webservices.provider.ProviderException: javax.xml.ws.WebServiceException: BI Security Service Access Denied - credentials supplied in SOAP Message header failed authentication
[2017-02-01T20:27:09.000+01:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 005Hro6y5DDDg^45VV1Fic00056r003sf3,0:2:1:1:6] [tid: 1344] [nQSError: 43126] Authentication failed: invalid user/password.


This happens to users who are members of groups that have hyphen in their CN. As soon these groups are removed, the user can log in. But, these groups cannot be removed from the user as this is a organization wide Active Directory, the group memberships are used by other applications.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms