WebCenter Portal: After Reassociating the Policy Store To OID, Getting Error At Logon: "URL Typed By Current User Is Not Accessible" (Doc ID 1532353.1)

Last updated on NOVEMBER 19, 2016

Applies to:

Oracle WebCenter Portal - Version 11.1.1.6.0 and later
Information in this document applies to any platform.
Checked for relevance on 29-Dec-2014

Symptoms

After reassociating the WebCenter Portal Credential and Policy store to Oracle Internet Directory (OID), users cannot use the portal and encounter this error at logon:

URL Typed By Current User Is Not Accessible.

The WC_Spaces-diagnostic.log shows: 

<Jan 28, 2013 9:01:14 PM UTC> <Error> <oracle.webcenter.webcenterapp.internal.view.webapp> <BEA-000000> <
oracle.adf.share.security.ADFSecurityRuntimeException: The URL typed by current user is not accessible, so redirecting to the unAuthorized page
       at oracle.webcenter.webcenterapp.internal.view.security.WCAuthorizationHandler.handleAuthorizationFailure(WCAuthorizationHandler.java:62)
       at oracle.adf.model.BindingRequestHandler.beginRequest(BindingRequestHandler.java:292)
       at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:203)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
       at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterShellFilter.doFilter(WebCenterShellFilter.java:724)

Changes

A problem with OID or Oracle Access Manager (OAM) prevented the reassociateSecurityStore WLST command from correctly populating the policy store in OID. Here are some details:

  1. It was found that the Spaces administrator role was not created in OID. When attempting to search for the "s8bba98ff_4cbb_40b8_beee_296c916a23ed#-#Administrator" role in the Fusion Middleware Control, it could not be found.
  2. It was found that in Oracle Directory Services Manager (ODSM) no roles were created in OID at this path: cn=Roles,cn=webcenter,cn=wc_domain,cn=JPSContext,cn=jpsroot_wc35.
  3. Attempting to grant the Administrator role in WLST returns the following error:
wls:/wc_domain/serverConfig> grantAppRole(appStripe="webcenter", appRoleName="s8bba98ff_4cbb_40b8_beee_296c916a23ed#-#Administrator",principalClass="weblogic.security.principal.WLSUserImpl",principalName="weblogic_wc")
Location changed to domainRuntime tree. This is a read-only tree with DomainMBean as the root.
For more help, use help(domainRuntime)

Command FAILED, Reason: JPS-10151: Application role s8bba98ff_4cbb_40b8_beee_296c916a23ed#-#Administrator does not exist

Traceback (innermost last):
File "<console>", line 1, in ?
File "/s03/app/prtdb35/FMW_WC/oracle_common/common/wlst/jpsWlstCmd.py", line 670, in grantAppRole
File "/s03/app/prtdb35/FMW_WC/oracle_common/common/wlst/jpsWlstCmd.py", line 657, in grantAppRoleImpl
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:223)
at javax.management.remote.rmi.RMIConnectionImpl_1036_WLStub.invoke(Unknown Source)
at weblogic.management.remote.common.RMIConnectionWrapper$16.run(ClientProviderBase.java:918)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.security.Security.runAs(Security.java:61)
at weblogic.management.remote.common.RMIConnectionWrapper.invoke(ClientProviderBase.java:916)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:993)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)

javax.management.MBeanException: javax.management.MBeanException: JPS-10151: Application role s8bba98ff_4cbb_40b8_beee_296c916a23ed#-#Administrator does not exist

 

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms