My Oracle Support Banner

Login to FORMS Using an OID RAD through SSO Fails with: LDAP: error code 50 - Insufficient Access Rights (Doc ID 1400174.1)

Last updated on AUGUST 30, 2023

Applies to:

Oracle Internet Directory - Version 10.1.2.3 and later
Oracle Forms - Version 10.1.2 and later
Information in this document applies to any platform.

Symptoms

Users are unable to authenticate to FORMS through SSO with RAD.

The error thrown in Browser is:

500 Internal Server Error
java.lang.NullPointerException
at oracle.ldap.das.util.ExtPrefs.handleResourceViewers(ExtPrefs.java:1180)
at oracle.ldap.das.util.DASPageFlowEngine.getPage(DASPageFlowEngine.java:362)


If OID debugging is enabled with ACI plus Heavy (debug level 8193), then the OID server log error reported is:

gslfrsASendLdapResult2 RESULT = 50 (Access not allowed)

 

 

Potential Forms log error (formsapp-diagnostic.log; Forms 11.1.2.2.0 integrated with OID 11g):

...<snip>...
[2015-04-22T10:37:42.746-10:00] [WLS_FORMS] [WARNING] [FRM-93306] [oracle.forms.servlet] [tid: 13] [userId: <anonymous>] [ecid: <ECID#>,0:1] [APP: formsapp#11.1.2] [FORMS_SESSION_ID: WLS_FORMS.formsapp.2] [URI: /forms/frmservlet] [SRC_CLASS: oracle.forms.servlet.FormsOIDContext] [SRC_METHOD: getUserCredentials] Encountered oracle.ldap.util.UtilException: NamingException encountered when resolving subscriber - DN =dc=<COMPANY NAME>,dc=com[[
while attempting to retrieve database credentials from Oracle Internet Directory.
]]
...<snip>...
[2015-04-22T10:42:14.209-10:00] [WLS_FORMS] [WARNING] [FRM-93306] [oracle.forms.servlet] [tid: 13] [userId: <anonymous>] [ecid: <ECID#>,0:1] [APP: formsapp#11.1.2] [FORMS_SESSION_ID: WLS_FORMS.formsapp.4] [URI: /forms/frmservlet] [SRC_CLASS: oracle.forms.servlet.FormsOIDContext] [SRC_METHOD: getUserCredentials] Encountered oracle.ldap.util.GeneralErrorException: General Error when performing search: Unable to get Default RAD[[
while attempting to retrieve database credentials from Oracle Internet Directory.
]]
[2015-04-22T10:42:14.210-10:00] [WLS_FORMS] [NOTIFICATION] [FRM-93328] [oracle.forms.servlet] [tid: 13] [userId: <anonymous>] [ecid: <ECID#>,0:1] [APP: formsapp#11.1.2] [FORMS_SESSION_ID: WLS_FORMS.formsapp.4] [URI: /forms/frmservlet] [SRC_CLASS: oracle.forms.servlet.FormsServlet$Request] [SRC_METHOD: doRequest] User credentials not obtained; redirecting to the SSO error URL.
[2015-04-22T10:42:14.210-10:00] [WLS_FORMS] [ERROR] [FRM-93140] [oracle.forms.servlet] [tid: 13] [userId: <anonymous>] [ecid: <ECID#>,0:1] [APP: formsapp#11.1.2] [FORMS_SESSION_ID: WLS_FORMS.formsapp.4] [URI: /forms/frmservlet] [SRC_CLASS: oracle.forms.servlet.FormsServlet] [SRC_METHOD: logMissingConfigValue] Section [webutil] of Forms Servlet configuration file D:\oracle\Middleware\user_projects\domains\ClassicDomain\config\fmwconfig\servers\WLS_FORMS\applications\formsapp_11.1.2\config/formsweb.cfg[[
does not specify (or inherit) a value for the required parameter ssoErrorUrl.
]]
[2015-04-22T10:42:14.211-10:00] [WLS_FORMS] [ERROR] [FRM-93330] [oracle.forms.servlet] [tid: 13] [userId: <anonymous>] [ecid: <ECID#>,0:1] [APP: formsapp#11.1.2] [FORMS_SESSION_ID: WLS_FORMS.formsapp.4] [URI: /forms/frmservlet] [SRC_CLASS: oracle.forms.servlet.FormsServlet$Request] [SRC_METHOD: doRequest] Fatal authentication error:  User does not have proper credentials configured in Oracle Internet Directory.
...<snip>...

 

OR you may also experience the following error

 

[2017-05-23T15:09:14.575-03:00] [frm_server2] [NOTIFICATION] [FRM-60256] [oracle.forms.servlet] [tid: 119] [userId: <anonymous>] [ecid: <ECID#>,0:4] [APP: formsapp] [partition-name: DOMAIN] [tenant-name: GLOBAL] [FORMS_SESSION_ID: frm_server2.formsapp.35] [SRC_CLASS: oracle.forms.idstore.OIDIdentityStore] [SRC_METHOD: _grantPermissionAndGetConnStr] permission error reading the Resource Access Descriptor from Oracle Internet Directory
[2017-05-23T15:09:14.618-03:00] [frm_server2] [ERROR] [] [oracle.forms.servlet] [tid: 119] [userId: <anonymous>] [ecid: <ECID#>,0:4] [APP: formsapp] [partition-name: DOMAIN] [tenant-name: GLOBAL] [FORMS_SESSION_ID: frm_server2.formsapp.35] [SRC_CLASS: oracle.forms.idstore.OIDIdentityStore] [SRC_METHOD: _grantPermissionAndGetConnStr] FRM-60257 error reading Forms application ABC, Resource Access Descriptor for Single Sign-on User cn=<USERNAME>,cn=Users,dc=<COMPANY NAME,dc=com from Oracle Internet Directory[[
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 48 - Insufficient access to do Proxy Switch]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3127)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)

 

also

RESULT=50 appeared after OID debug level was increase: orcldebugflag: 8193

 

Another possible Issue:

If users exist outside the default cn=users, dc=<Company>,dc=com realm, follow this Document:

Forms with OID Fails for Users Outside Default Users Container Tree: FRM-93366: error creating Forms applications Resource Access Descriptor in Oracle Internet Directory / Forms Log: [LDAP: error code 48 - Insufficient access to do Proxy Switch] (Doc ID 2550002.1)

 

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.