OAM Console Login Fails When OAM Managed Server Is Down - OAMSSA-20007: Unable to connect to the User Store. ...... Error initializing User/Role API : null..

(Doc ID 1550961.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Access Manager - Version 11.1.1.5.0 and later
Information in this document applies to any platform.

Symptoms

A new OVD Authenticator Provider has been configured in the OAM domain WebLogic Security Realm.

The control flag for the OVD provider has been set to SUFFICIENT and the provider has been moved to the top of the providers list, above the DefaultAuthenticator provider.

OVD users are displayed in the WebLogic Security Realm Users and Groups tab, showing that the OVD authentication provider is working.

OAM System Identity Store is still configured to use WebLogic Server (WLS) Embedded LDAP and the OAM Administrator (weblogic) user does not exist in OVD, it only exists in WLS embedded LDAP.

Now when the OAM Managed Server is down it is not possible to login to OAM Console using the "fallback" native OAM Console login page. Login fails with error "An incorrect Username or Password was specified" or the login page is simply re-displayed.

When login fails the following error is written to the AdminServer-diagnostic.log:

 



The problem does not occur if any of the following apply:
+ If the OVD Authenticator provider control flag is changed from SUFFICIENT to OPTIONAL
+ If the OVD Authenticator provider is moved lower in the WLS providers list than DefaultAuthenticator
+ If the OAM Managed Server is running and OAM SSO is used to login to OAM Console instead of the fallback application login page



Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms