OID 11g With SunLDAP And OAM / OAM Login Fails With Invalid Username/Password / OAM Log Exception: OAMSSA-20023: Authentication Failure for user : my_username, for idstore ID_Store with exception invalid username/password with primary error message null (Doc ID 1552628.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.0.0 and later
Oracle Internet Directory - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Internet Directory (OID) 11.1.1.7.0.

Originally used OAM 10g and now using Oracle Access Manager (OAM) 11.1.2.

Migrated users from a working OID 11.1.1.3 to 11.1.1.7.

After configuring new OID 11.1.1.7 just like the previous working OID, migrating users, and configuring OID java-based External Authentication Plugin (for bind authentication only to be forwarded to a Sun LDAP, as in the previous working OID), ldapbinds to OID work, but OAM logins fail with Invalid username/password log errors:

...<snip>...
[2013-05-10T13:59:34.926-04:00] [oam_server1] [ERROR] [OAMSSA-20023] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: a14a90cee4fa73da:-565f1e3d:13e8f96f2be:-8000-0000000000000039,0] [APP: oam_server#11.1.2.0.0] Authentication Failure for user : my_username, for idstore ID_Store with exception invalid username/password with primary error message null
[2013-05-10T13:59:34.926-04:00] [oam_server1] [NOTIFICATION] [] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: a14a90cee4fa73da:-565f1e3d:13e8f96f2be:-8000-0000000000000039,0] [APP: oam_server#11.1.2.0.0] [[
oracle.security.am.engine.authn.api.exception.AuthenticationException
...<etc>...
Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20023: Authentication Failure for user : my_username, for idstore ID_Store with exception invalid username/password with primary error message null
at oracle.security.am.engines.common.identity.provider.impl.UserProviderImpl.authenticateUserByName(UserProviderImpl.java:1048)
at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.authenticateUserByName(IdentityProviderImpl.java:956)
at oracle.security.am.engines.common.identity.provider.impl.OracleUserIdentityProvider.authenticateUserByName(OracleUserIdentityProvider.java:464)
at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.execute(AuthenticationModuleExecutor.java:215)
... 41 more
Caused by: oracle.security.idm.AuthenticationException: invalid username/password
...<snip>...

 
STEPS
-----------------------
The issue can be reproduced with the following steps:
1. Install/Configure new OID.
2. Migrate users using ldapsearch from source and ldapadd to destination.
3. Configure OID external auth plugin for bind as in the working OID, and verify ldapbinds work.
4. Log into OAM to see the log failure above.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms