Login to FORMS Using an OID RAD through SSO Fails with: LDAP: error code 50 - Insufficient Access Rights

(Doc ID 1400174.1)

Last updated on JUNE 09, 2017

Applies to:

Oracle Internet Directory - Version 10.1.2.3 and later
Oracle Forms - Version 10.1.2 and later
Information in this document applies to any platform.
**** Checked for Currency 16 Feb 2015 ****

Symptoms

Users are unable to authenticate to FORMS through SSO with RAD.

The error thrown in Browser is:

500 Internal Server Error
java.lang.NullPointerException
at oracle.ldap.das.util.ExtPrefs.handleResourceViewers(ExtPrefs.java:1180)
at oracle.ldap.das.util.DASPageFlowEngine.getPage(DASPageFlowEngine.java:362)


If OID debugging is enabled with ACI plus Heavy (debug level 8193), then the OID server log error reported is:

gslfrsASendLdapResult2 RESULT = 50 (Access not allowed)

 

 

Potential Forms log error (formsapp-diagnostic.log; Forms 11.1.2.2.0 integrated with OID 11g):

...<snip>...
[2015-04-22T10:37:42.746-10:00] [WLS_FORMS] [WARNING] [FRM-93306] [oracle.forms.servlet] [tid: 13] [userId: <anonymous>] [ecid: 00iSilf3aGjFW7^5xVs1yW00010800000D,0:1] [APP: formsapp#11.1.2] [FORMS_SESSION_ID: WLS_FORMS.formsapp.2] [URI: /forms/frmservlet] [SRC_CLASS: oracle.forms.servlet.FormsOIDContext] [SRC_METHOD: getUserCredentials] Encountered oracle.ldap.util.UtilException: NamingException encountered when resolving subscriber - DN =dc=example,dc=com[[
while attempting to retrieve database credentials from Oracle Internet Directory.
]]
...<snip>...
[2015-04-22T10:42:14.209-10:00] [WLS_FORMS] [WARNING] [FRM-93306] [oracle.forms.servlet] [tid: 13] [userId: <anonymous>] [ecid: 00iSilvCbeOFW7^5xVs1yW00010800000W,0:1] [APP: formsapp#11.1.2] [FORMS_SESSION_ID: WLS_FORMS.formsapp.4] [URI: /forms/frmservlet] [SRC_CLASS: oracle.forms.servlet.FormsOIDContext] [SRC_METHOD: getUserCredentials] Encountered oracle.ldap.util.GeneralErrorException: General Error when performing search: Unable to get Default RAD[[
while attempting to retrieve database credentials from Oracle Internet Directory.
]]
[2015-04-22T10:42:14.210-10:00] [WLS_FORMS] [NOTIFICATION] [FRM-93328] [oracle.forms.servlet] [tid: 13] [userId: <anonymous>] [ecid: 00iSilvCbeOFW7^5xVs1yW00010800000W,0:1] [APP: formsapp#11.1.2] [FORMS_SESSION_ID: WLS_FORMS.formsapp.4] [URI: /forms/frmservlet] [SRC_CLASS: oracle.forms.servlet.FormsServlet$Request] [SRC_METHOD: doRequest] User credentials not obtained; redirecting to the SSO error URL.
[2015-04-22T10:42:14.210-10:00] [WLS_FORMS] [ERROR] [FRM-93140] [oracle.forms.servlet] [tid: 13] [userId: <anonymous>] [ecid: 00iSilvCbeOFW7^5xVs1yW00010800000W,0:1] [APP: formsapp#11.1.2] [FORMS_SESSION_ID: WLS_FORMS.formsapp.4] [URI: /forms/frmservlet] [SRC_CLASS: oracle.forms.servlet.FormsServlet] [SRC_METHOD: logMissingConfigValue] Section [webutil] of Forms Servlet configuration file D:\oracle\Middleware\user_projects\domains\ClassicDomain\config\fmwconfig\servers\WLS_FORMS\applications\formsapp_11.1.2\config/formsweb.cfg[[
does not specify (or inherit) a value for the required parameter ssoErrorUrl.
]]
[2015-04-22T10:42:14.211-10:00] [WLS_FORMS] [ERROR] [FRM-93330] [oracle.forms.servlet] [tid: 13] [userId: <anonymous>] [ecid: 00iSilvCbeOFW7^5xVs1yW00010800000W,0:1] [APP: formsapp#11.1.2] [FORMS_SESSION_ID: WLS_FORMS.formsapp.4] [URI: /forms/frmservlet] [SRC_CLASS: oracle.forms.servlet.FormsServlet$Request] [SRC_METHOD: doRequest] Fatal authentication error:  User does not have proper credentials configured in Oracle Internet Directory.
...<snip>...

 

OR you may also experience the following error

 

[2017-05-23T15:09:14.575-03:00] [frm_server2] [NOTIFICATION] [FRM-60256] [oracle.forms.servlet] [tid: 119] [userId: <anonymous>] [ecid: 005K3JYPe83CwkG6yzJb6G0003EC0000Qo,0:4] [APP: formsapp] [partition-name: DOMAIN] [tenant-name: GLOBAL] [FORMS_SESSION_ID: frm_server2.formsapp.35] [SRC_CLASS: oracle.forms.idstore.OIDIdentityStore] [SRC_METHOD: _grantPermissionAndGetConnStr] permission error reading the Resource Access Descriptor from Oracle Internet Directory
[2017-05-23T15:09:14.618-03:00] [frm_server2] [ERROR] [] [oracle.forms.servlet] [tid: 119] [userId: <anonymous>] [ecid: 005K3JYPe83CwkG6yzJb6G0003EC0000Qo,0:4] [APP: formsapp] [partition-name: DOMAIN] [tenant-name: GLOBAL] [FORMS_SESSION_ID: frm_server2.formsapp.35] [SRC_CLASS: oracle.forms.idstore.OIDIdentityStore] [SRC_METHOD: _grantPermissionAndGetConnStr] FRM-60257 error reading Forms application zeus, Resource Access Descriptor for Single Sign-on User cn=User111,cn=Users,dc=oracle,dc=com,dc=ar from Oracle Internet Directory[[
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 48 - Insufficient access to do Proxy Switch]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3127)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)

 

also

RESULT=50 appeared after OID debug level was increase: orcldebugflag: 8193

 

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms