My Oracle Support Banner

MSAD Users Cannot Login to OBIEE If They Belong To A Group With Hyphen In CN (Doc ID 2237891.1)

Last updated on FEBRUARY 26, 2017

Applies to:

Business Intelligence Suite Enterprise Edition - Version and later
Information in this document applies to any platform.


On : version, Analytics
OBIEE is configured with organizational Active Directory and SSO (using OAM) for authentication. Most users have no issues logging in but some users are unable to login to OBIEE. The following error occurs in the nqserver.log:


oracle.webservices.provider.ProviderException: BI Security Service Access Denied - credentials supplied in SOAP Message header failed authentication
[2017-02-01T20:27:09.000+01:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 005Hro6y5DDDg^45VV1Fic00056r003sf3,0:2:1:1:6] [tid: 1344] [nQSError: 43126] Authentication failed: invalid user/password.

This happens to users who are members of groups that have hyphen in their CN. As soon these groups are removed, the user can log in. But, these groups cannot be removed from the user as this is a organization wide Active Directory, the group memberships are used by other applications.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.