SSO login fails with Error: Authentication failed. Please try again. (Doc ID 1260514.1)

Last updated on MARCH 01, 2017

Applies to:

Oracle Application Server Single Sign-On - Version 10.1.2 to 10.1.4 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.
***Checked for relevance on 01-Mar-2017***

Symptoms

SSO login is failing with "Error: Authentication failed. Please try again." for all users.

$ORACLE_HOME/sso/log/ssoServer.log shows 'LDAP: error code 32 - No Such Object' error e.g.:
Wed Oct 06 17:50:36 GMT-05:30 2010 [ERROR] AJPRequestHandler-ApplicationServerThread-7 Could not get attributes for user, orcladmin
oracle.ldap.util.UtilException: NamingException encountered when resolving user - SIMPLE NAME = orcladmin [LDAP: error code 32 - No Such Object]
at oracle.ldap.util.Subscriber.getUser_NICKNAME(Subscriber.java:1215)
at oracle.ldap.util.Subscriber.getUser(Subscriber.java:923)
at oracle.ldap.util.Subscriber.getUser(Subscriber.java:870)
at oracle.security.sso.server.ldap.OIDUserRepository.getUserProperties(OIDUserRepository.java:537)
at oracle.security.sso.server.auth.SSOServerAuth.authenticate(SSOServerAuth.java:508)
at oracle.security.sso.server.ui.SSOLoginServlet.processSSOPartnerRequest(SSOLoginServlet.java:1076)
at oracle.security.sso.server.ui.SSOLoginServlet.doPost(SSOLoginServlet.java:547)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
....................
Wed Oct 06 17:50:36 GMT-05:30 2010 [DEBUG] AJPRequestHandler-ApplicationServerThread-7 Directory Exception while getting the user attributes: auth_fail_exception
oracle.security.sso.server.ldap.DirectoryException: auth_fail_exception
at oracle.security.sso.server.ldap.OIDUserRepository.getUserProperties(OIDUserRepository.java:642)
at oracle.security.sso.server.auth.SSOServerAuth.authenticate(SSOServerAuth.java:508)
at oracle.security.sso.server.ui.SSOLoginServlet.processSSOPartnerRequest(SSOLoginServlet.java:1076)
...........
In OID (with heavy trace debugging enabled) the log file $ORACLE_HOME/oid/ldap/oidldapd01s<PID>.log shows a search performed by orclapplicationcommonname=orasso_ssoserver,cn=sso,cn=products,cn=oraclecontext failing with ldap error code 32. For example:
BEGIN
2010/10/06:17:50:36 * ServerWorker (REG):8
 ConnID:6740 * mesgID:8 * OpID:7 * OpName:search         
 ConnIP:192.168.11.11 ConnDN: orclapplicationcommonname=orasso_ssoserver,cn=sso,cn=products,cn=oraclecontext
INFO :gslfseADoSearch BASE = cn=Employee,dc=us,dc=oracle,dc=com FILTER = (uid=orcladmin) #REQDATTR = 7 scope =2
17:50:36 * => gsldbBuildFilterList
17:50:36 * INFO : gsleswrASndResult2 RESULT = 32 nentries=0 
END

Changes

The value for Common User Search Base (orclcommonusersearchbase attribute) was modified or new values were added. 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms