Login to FORMS Using an OID RAD through SSO Fails with: LDAP: error code 50 - Insufficient Access Rights
(Doc ID 1400174.1)
Last updated on AUGUST 30, 2023
Applies to:
Oracle Internet Directory - Version 10.1.2.3 and laterOracle Forms - Version 10.1.2 and later
Information in this document applies to any platform.
Symptoms
Users are unable to authenticate to FORMS through SSO with RAD.
The error thrown in Browser is:
java.lang.NullPointerException
at oracle.ldap.das.util.ExtPrefs.handleResourceViewers(ExtPrefs.java:1180)
at oracle.ldap.das.util.DASPageFlowEngine.getPage(DASPageFlowEngine.java:362)
If OID debugging is enabled with ACI plus Heavy (debug level 8193), then the OID server log error reported is:
Potential Forms log error (formsapp-diagnostic.log; Forms 11.1.2.2.0 integrated with OID 11g):
...<snip>...
[2015-04-22T10:37:42.746-10:00] [WLS_FORMS] [WARNING] [FRM-93306] [oracle.forms.servlet] [tid: 13] [userId: <anonymous>] [ecid: <ECID#>,0:1] [APP: formsapp#11.1.2] [FORMS_SESSION_ID: WLS_FORMS.formsapp.2] [URI: /forms/frmservlet] [SRC_CLASS: oracle.forms.servlet.FormsOIDContext] [SRC_METHOD: getUserCredentials] Encountered oracle.ldap.util.UtilException: NamingException encountered when resolving subscriber - DN =dc=<COMPANY NAME>,dc=com[[
while attempting to retrieve database credentials from Oracle Internet Directory.
]]
...<snip>...
[2015-04-22T10:42:14.209-10:00] [WLS_FORMS] [WARNING] [FRM-93306] [oracle.forms.servlet] [tid: 13] [userId: <anonymous>] [ecid: <ECID#>,0:1] [APP: formsapp#11.1.2] [FORMS_SESSION_ID: WLS_FORMS.formsapp.4] [URI: /forms/frmservlet] [SRC_CLASS: oracle.forms.servlet.FormsOIDContext] [SRC_METHOD: getUserCredentials] Encountered oracle.ldap.util.GeneralErrorException: General Error when performing search: Unable to get Default RAD[[
while attempting to retrieve database credentials from Oracle Internet Directory.
]]
[2015-04-22T10:42:14.210-10:00] [WLS_FORMS] [NOTIFICATION] [FRM-93328] [oracle.forms.servlet] [tid: 13] [userId: <anonymous>] [ecid: <ECID#>,0:1] [APP: formsapp#11.1.2] [FORMS_SESSION_ID: WLS_FORMS.formsapp.4] [URI: /forms/frmservlet] [SRC_CLASS: oracle.forms.servlet.FormsServlet$Request] [SRC_METHOD: doRequest] User credentials not obtained; redirecting to the SSO error URL.
[2015-04-22T10:42:14.210-10:00] [WLS_FORMS] [ERROR] [FRM-93140] [oracle.forms.servlet] [tid: 13] [userId: <anonymous>] [ecid: <ECID#>,0:1] [APP: formsapp#11.1.2] [FORMS_SESSION_ID: WLS_FORMS.formsapp.4] [URI: /forms/frmservlet] [SRC_CLASS: oracle.forms.servlet.FormsServlet] [SRC_METHOD: logMissingConfigValue] Section [webutil] of Forms Servlet configuration file D:\oracle\Middleware\user_projects\domains\ClassicDomain\config\fmwconfig\servers\WLS_FORMS\applications\formsapp_11.1.2\config/formsweb.cfg[[
does not specify (or inherit) a value for the required parameter ssoErrorUrl.
]]
[2015-04-22T10:42:14.211-10:00] [WLS_FORMS] [ERROR] [FRM-93330] [oracle.forms.servlet] [tid: 13] [userId: <anonymous>] [ecid: <ECID#>,0:1] [APP: formsapp#11.1.2] [FORMS_SESSION_ID: WLS_FORMS.formsapp.4] [URI: /forms/frmservlet] [SRC_CLASS: oracle.forms.servlet.FormsServlet$Request] [SRC_METHOD: doRequest] Fatal authentication error: User does not have proper credentials configured in Oracle Internet Directory.
...<snip>...
OR you may also experience the following error
[2017-05-23T15:09:14.575-03:00] [frm_server2] [NOTIFICATION] [FRM-60256] [oracle.forms.servlet] [tid: 119] [userId: <anonymous>] [ecid: <ECID#>,0:4] [APP: formsapp] [partition-name: DOMAIN] [tenant-name: GLOBAL] [FORMS_SESSION_ID: frm_server2.formsapp.35] [SRC_CLASS: oracle.forms.idstore.OIDIdentityStore] [SRC_METHOD: _grantPermissionAndGetConnStr] permission error reading the Resource Access Descriptor from Oracle Internet Directory
[2017-05-23T15:09:14.618-03:00] [frm_server2] [ERROR] [] [oracle.forms.servlet] [tid: 119] [userId: <anonymous>] [ecid: <ECID#>,0:4] [APP: formsapp] [partition-name: DOMAIN] [tenant-name: GLOBAL] [FORMS_SESSION_ID: frm_server2.formsapp.35] [SRC_CLASS: oracle.forms.idstore.OIDIdentityStore] [SRC_METHOD: _grantPermissionAndGetConnStr] FRM-60257 error reading Forms application ABC, Resource Access Descriptor for Single Sign-on User cn=<USERNAME>,cn=Users,dc=<COMPANY NAME,dc=com from Oracle Internet Directory[[
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 48 - Insufficient access to do Proxy Switch]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3127)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)
also
RESULT=50 appeared after OID debug level was increase: orcldebugflag: 8193
Another possible Issue:
If users exist outside the default cn=users, dc=<Company>,dc=com realm, follow this Document:
Forms with OID Fails for Users Outside Default Users Container Tree: FRM-93366: error creating Forms applications Resource Access Descriptor in Oracle Internet Directory / Forms Log: [LDAP: error code 48 - Insufficient access to do Proxy Switch] (Doc ID 2550002.1)
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |