"User name and password do not match" Error Using WebCenter Spaces With Windows Native Authentication (Doc ID 1380175.1)

Last updated on OCTOBER 03, 2022

Applies to:

Symptoms

Windows Integrated (Native) Authentication (WNA) has been configured according with the documentation at:

Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter11g Release 1 (11.1.1.5.0)
30.5 Configuring SSO for Microsoft Clients

There are "external" and "internal" users. The internal users are authenticated automatically with Kerberos without any extra authentication, once they are already logged on to Windows. The external users cannot be authenticated automatically, they need to be authenticated manually by Active Directory.

Once the providers were reordered like this, the internal users were able to login seamlessly:

1. Negotiate Identity Asserter
2. ActiveDirectoryAuthenticator (SUFFICIENT)
3. DefaultAuthenticator (SUFFICIENT)
4. Other authenticators.

However, external users have the following problem:

Internet Explorer (IE):
When trying to login from the WebCenter standard login page, the login page is re-displayed immediately,  with the following error displayed on the top:

"User name and password do not match"

HTTP Server log shows:

"
<ip_address> - - [13/Oct/2011:10:03:57 +0100] "POST /webcenter/j_security_check HTTP/1.1" 403 5028
<ip_address> - - [13/Oct/2011:10:03:58 +0100] "GET /webcenter/afr/error.png HTTP/1.1" 200 966
<ip_address> - - [13/Oct/2011:10:04:08 +0100] "POST /webcenter/j_security_check HTTP/1.1" 403 5035
::1 - - [13/Oct/2011:10:04:15 +0100] "HEAD /index.html HTTP/1.1" 200 -
"
which is also confirmed by HTTP Headers:

"
POST /webcenter/j_security_check HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Referer: http://<HOSTNAME>/webcenter/j_security_check
Accept-Language: en-IE
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: dub-webcntr-01
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=<JSESSIONID>; IdcLocale=English-US
Authorization: Negotiate <ID>

HTTP/1.1 403 Forbidden
Date: Tue, 11 Oct 2011 08:56:51 GMT
Server: Oracle-Application-Server-11g
Content-Language: en,en-ie
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html;charset=utf-8"

This indicates that the HTTP Server returns 403 Forbidden error for the authentication challenge.
After restarting Spaces, it may work once or twice, but from then on it consistently fails.

Firefox:
The login works fine. However, before logging in, the 1st access to WebCenter shows an HTTP 401 error.
Refreshing the page fixes that problem.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.