Unable To See OVD Groups as Roles in WebCenter Content; JPS User Provider Shows Connection State as "down" (Doc ID 1377791.1)

Last updated on MARCH 21, 2017

Applies to:

Oracle WebCenter Content - Version 11.1.1.2.0 and later
Information in this document applies to any platform.

Symptoms

You integrated Oracle WebCenter Content version 11g with Oracle Virtual Directory (OVD) using SSL following the steps in this Note:

<Note 1318587.1>: How To Setup UCM 11g with Oracle Virtual Directory 11g (OVD)

When a user logins in to WebCenter Content, the only roles that get assigned to the user are "guest" and "authenticated".

Looking at the Providers page in the WebCenter Content browser interface, the Default JPS User Provider (JpsUserProvider) shows a Connection State as "down".  Clicking Test for this Provider gives the following error:

Connection Error: JPS IdentityStore not configured correctly



The log file shows the following exception:

(internal)/3 07.22 15:49:28.336 IdcServer-110 !csProviderError,JpsUserProvider intradoc.common.ServiceException: !csJpsIdentityStoreNotConfigured
(internal)/3 07.22 15:49:28.336 IdcServer-110 at idc.provider.jps.JpsUserProvider.testConnection(JpsUserProvider.java:850)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.server.proxy.ProviderStateUtils.testConnection(ProviderStateUtils.java:66)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.server.ProviderManagerService.testProvider(ProviderManagerService.java:127)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at java.lang.reflect.Method.invoke(Method.java:597)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.common.IdcMethodHolder.invokeMethod(IdcMethodHolder.java:86)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.common.ClassHelperUtils.executeMethodEx(ClassHelperUtils.java:310)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.common.ClassHelperUtils.executeMethod(ClassHelperUtils.java:295)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.server.Service.doCodeEx(Service.java:550)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.server.Service.doCode(Service.java:505)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.server.ServiceRequestImplementor.doAction(ServiceRequestImplementor.java:1643)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.server.Service.doAction(Service.java:477)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.server.ServiceRequestImplementor.doActions(ServiceRequestImplementor.java:1458)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.server.Service.doActions(Service.java:472)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.server.ServiceRequestImplementor.executeActions(ServiceRequestImplementor.java:1391)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.server.Service.executeActions(Service.java:458)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.server.ServiceRequestImplementor.doRequest(ServiceRequestImplementor.java:737)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.server.Service.doRequest(Service.java:1890)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.server.ServiceManager.processCommand(ServiceManager.java:435)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.server.IdcServerThread.processRequest(IdcServerThread.java:265)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.idcwls.IdcServletRequestUtils.doRequest(IdcServletRequestUtils.java:1343)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.idcwls.IdcServletRequestUtils.processFilterEvent(IdcServletRequestUtils.java:1715)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at intradoc.idcwls.IdcIntegrateWrapper.processFilterEvent(IdcIntegrateWrapper.java:222)
(internal)/3 07.22 15:49:28.336 IdcServer-110 at sun.reflect.GeneratedMethodAccessor146.invoke(Unknown Source)
(internal)/3 07.22 15:49:28.336 IdcServer-110 ... 35 more


Both the DefaultAuthenticator provider and the OVD provider are set to Sufficient in WLS.

The OVD provider is listed above the DefaultAuthenticator provider in WLS.

When OPSS logging is enabled by following the steps in <Note 1324682.1>: How to turn on Logging for the OPSS User and Role API for UCM, the following errors are logged:


[2011-08-30T10:16:46.475+01:00] [UCM_server1] [TRACE] [] [oracle.idm.userroleapi] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000J8PyR1bFCC55rRXBiY1ENAd_000002,0] [SRC_CLASS: oracle.security.idm.providers.stdldap.LDIdentityStoreFactory] [APP: Oracle Universal Content Management - Content Server] [SRC_METHOD: setupConnPool()] Connection Pool creation failed: javax.naming.CommunicationException: prdiam.portais.local:7501 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

[2011-08-30T10:16:46.476+01:00] [UCM_server1] [WARNING] [JPS-01520] [oracle.jps.idmgmt] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000J8PyR1bFCC55rRXBiY1ENAd_000002,0] [APP: Oracle Universal Content Management - Content Server] Cannot initialize identity store.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms