WebCenter Portal: After Reassociating the Policy Store To OID, Getting Error At Logon: "URL Typed By Current User Is Not Accessible" (Doc ID 1532353.1)

Last updated on NOVEMBER 08, 2022

Applies to:

Symptoms

After reassociating the WebCenter Portal Credential and Policy store to Oracle Internet Directory (OID), users cannot use the portal and encounter this error at logon:

URL Typed By Current User Is Not Accessible.

The WC_Spaces-diagnostic.log shows: 

<Jan 28, 2013 9:01:14 PM UTC> <Error> <oracle.webcenter.webcenterapp.internal.view.webapp> <BEA-000000> <
oracle.adf.share.security.ADFSecurityRuntimeException: The URL typed by current user is not accessible, so redirecting to the unAuthorized page
       at oracle.webcenter.webcenterapp.internal.view.security.WCAuthorizationHandler.handleAuthorizationFailure(WCAuthorizationHandler.java:62)
       at oracle.adf.model.BindingRequestHandler.beginRequest(BindingRequestHandler.java:292)
       at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:203)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
       at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterShellFilter.doFilter(WebCenterShellFilter.java:724)

Changes

A problem with OID or Oracle Access Manager (OAM) prevented the reassociateSecurityStore WLST command from correctly populating the policy store in OID. Here are some details:

1. It was found that the Spaces administrator role was not created in OID. When attempting to search for the "s8bba98ff_4cbb_40b8_beee_296c916a23ed#-#Administrator" role in the Fusion Middleware Control, it could not be found.
2. It was found that in Oracle Directory Services Manager (ODSM) no roles were created in OID at this path: cn=Roles,cn=webcenter,cn=wc_domain,cn=JPSContext,cn=jpsroot_wc35.
3. Attempting to grant the Administrator role in WLST returns the following error:

wls:/wc_domain/serverConfig> grantAppRole(appStripe="webcenter", appRoleName="s8bba98ff_4cbb_40b8_beee_296c916a23ed#-#Administrator",principalClass="weblogic.security.principal.WLSUserImpl",principalName="weblogic_wc")
Location changed to domainRuntime tree. This is a read-only tree with DomainMBean as the root.
For more help, use help(domainRuntime)

Command FAILED, Reason: JPS-10151: Application role s8bba98ff_4cbb_40b8_beee_296c916a23ed#-#Administrator does not exist

Traceback (innermost last):
File "<console>", line 1, in ?
File "/s03/app/prtdb35/FMW_WC/oracle_common/common/wlst/jpsWlstCmd.py", line 670, in grantAppRole
File "/s03/app/prtdb35/FMW_WC/oracle_common/common/wlst/jpsWlstCmd.py", line 657, in grantAppRoleImpl
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:237)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:223)
at javax.management.remote.rmi.RMIConnectionImpl_1036_WLStub.invoke(Unknown Source)
at weblogic.management.remote.common.RMIConnectionWrapper$16.run(ClientProviderBase.java:918)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.security.Security.runAs(Security.java:61)
at weblogic.management.remote.common.RMIConnectionWrapper.invoke(ClientProviderBase.java:916)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:993)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)

javax.management.MBeanException: javax.management.MBeanException: JPS-10151: Application role s8bba98ff_4cbb_40b8_beee_296c916a23ed#-#Administrator does not exist

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.