My Oracle Support Banner

OAM 11g: Using OVD as User Identity Store and Connect to backend AD server fail with Kerberos Authentication (Doc ID 1471809.1)

Last updated on MARCH 09, 2018

Applies to:

Oracle Access Manager - Version 11.1.1.5.0 and later
Information in this document applies to any platform.

Symptoms

Kerberos is working properly if we use AD as direct User Identity Store. However if OVD as User Identity Store and connect to AD server as backend LDAP server, then users are not able to authenticate using kerberos. The following below error will appear in OAM Diagnostics log:

[2012-06-25T12:59:22.197-03:00] [oam_server1] [ERROR] [] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 60692d8b885f93aa:72f7f4fd:1382456d35c:-8000-000000000000003b,0] [APP: oam_server] Failure getting users by attribute: sAMAccountName, value : Administrator.[[
oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20016: Failure getting users by attribute : sAMAccountName,value : Administrator.
       at oracle.security.am.engines.common.identity.provider.impl.UserProviderImpl.getUsersByAttribute(UserProviderImpl.java:342)
       at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.getUsersByAttribute(IdentityProviderImpl.java:656)
       at oracle.security.am.engines.common.identity.provider.impl.OracleUserIdentityProvider.getUsersByAttribute(OracleUserIdentityProvider.java:288)
       at oracle.security.am.engine.authn.internal.executor.KerberosModuleExecutor.execute(KerberosModuleExecutor.java:254)

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.