"User name and password do not match" Error Using WebCenter Spaces With Windows Native Authentication (Doc ID 1380175.1)

Last updated on AUGUST 25, 2017

Applies to:

Oracle WebCenter Portal - Version 11.1.1.5.0 and later
Information in this document applies to any platform.

Symptoms

Windows integrated (native) authentication (WNA) has been configured according with the documentation at:

Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter11g Release 1 (11.1.1.5.0)
30.5 Configuring SSO for Microsoft Clients


There are "external" and "internal" users. The internal users are authenticated automatically with Kerberos without any extra authentication, once they are already logged on to Windows. The external users cannot be authenticated automatically, they need to be authenticated manually by Active Directory.

Once the providers were reordered like this, the internal users were able to login seamlessly:

  1. Negotiate Identity Asserter
  2. ActiveDirectoryAuthenticator (SUFFICIENT)
  3. DefaultAuthenticator (SUFFICIENT)
  4. Other authenticators.

However, external users have the following problem:

Internet Explorer (IE):
When trying to login from the WebCenter standard login page, the login page is re-displayed immediately,  with the following error displayed on the top:

"User name and password do not match"

HTTP Server log shows:

"
<ip_address> - - [13/Oct/2011:10:03:57 +0100] "POST /webcenter/j_security_check HTTP/1.1" 403 5028
<ip_address> - - [13/Oct/2011:10:03:58 +0100] "GET /webcenter/afr/error.png HTTP/1.1" 200 966
<ip_address> - - [13/Oct/2011:10:04:08 +0100] "POST /webcenter/j_security_check HTTP/1.1" 403 5035
::1 - - [13/Oct/2011:10:04:15 +0100] "HEAD /index.html HTTP/1.1" 200 -
"
which is also confirmed by HTTP Headers:

"
POST /webcenter/j_security_check HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Referer: http://<servername>/webcenter/j_security_check
Accept-Language: en-IE
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: dub-webcntr-01
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=8CDfTJQJHg73nLPznvGK0QHGfJrDPB9m55vJpYgz6b43pGfnyltZ!-1718698081; IdcLocale=English-US
Authorization: Negotiate YH4GBisGAQUFAqB0MHKgMDAuBgorBgEEAYI3AgIKBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHqI+BDxOVExNU1NQAAEAAACXsgjiBgAGADYAAAAOAA4AKAAAAAYBsB0AAAAPRFVCLVdFQkNOVFItMDFJQ09OQ1I=

HTTP/1.1 403 Forbidden
Date: Tue, 11 Oct 2011 08:56:51 GMT
Server: Oracle-Application-Server-11g
Content-Language: en,en-ie
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html;charset=utf-8"

This indicates that the HTTP Server returns 403 Forbidden error for the authentication challenge.
After restarting Spaces, it may work once or twice, but from then on it consistently fails.

Firefox:
The login works fine. However, before logging in, the 1st access to WebCenter shows an HTTP 401 error.
Refreshing the page fixes that problem.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms