Join Adapter Between MSAD And OID - User cannot login to the workspace after setting manager attribute
(Doc ID 1668016.1)
Last updated on SEPTEMBER 09, 2022
Applies to:
Oracle Business Process Management Suite - Version 11.1.1.5.0 to 11.1.1.7.0 [Release 11gR1]Information in this document applies to any platform.
Symptoms
By using two LDAP servers and a joint adapter you can merge attributes from users in two different LDAP environments. This can be done by adding the primary LDAP as a Sufficient LDAP provider, and the secondary LDAP provider as Optional. Then, setup a join adapter using this documentation: http://docs.oracle.com/cd/E15586_01/webcenter.1111/e12405/wcadm_security_id_store.htm#CFHDBHCE. Once this is setup the attributes of users can be merged between the two LDAP servers. A problem that can be faced is that once the manager attributes are merged the user cannot login to the workspace. An exception could occur:
[2014-04-08T13:52:57.595-04:00] [soa_server1] [ERROR] [] [oracle.webservices.jaxws] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: jcooper] [ecid: x:-6a139b3:14541dc06e4:-8000-00000000000034a2,0] [APP: OracleBPMWorkspace] [DSID: x] Error while invoking endpoint "http://<hostname>:8001/integration/services/IdentityService/identity" from client; Client side policies: [oracle/no_authentication_client_policy]; Security Subject: Oracom_Wiki
[2014-04-08T13:52:57.626-04:00] [soa_server1] [NOTIFICATION] [] [oracle.bpm.common] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: jcooper] [ecid: d821806edaa07fff:-6a139b3:14541dc06e4:-8000-00000000000034a2,0] [APP: OracleBPMWorkspace] [DSID: 0000KL2U5kW6IRkpSwh8ic1JH0xT00000H] Operation exception.[[
javax.security.auth.login.LoginException: Operation exception.
at oracle.bpm.papi.ora.mgr.OrganizationManager.lookupParticipant(OrganizationManager.java:61)
at oracle.bpm.papi.ora.mgr.OrganizationManager.lookupParticipant(OrganizationManager.java:41)
at oracle.bpm.papi.ora.ProcessServiceSessionAdapter.(ProcessServiceSessionAdapter.java:183)
at oracle.bpm.papi.ora.ProcessServiceAdapter.createSession(ProcessServiceAdapter.java:146)
at oracle.bpm.workspace.adf.security.WorkspaceLoginBean.initPrincipal(WorkspaceLoginBean.java:126)
at oracle.bpm.web.security.LoginBean.initSSOSession(LoginBean.java:111)
at oracle.bpm.web.security.AuthenticationUtil.authenticateModule(AuthenticationUtil.java:194)
at oracle.bpm.web.security.faces.AuthenticationPhaseListener.authenticate(AuthenticationPhaseListener.java:73)
at oracle.bpm.web.security.faces.AuthenticationPhaseListener.authenticatePhase(AuthenticationPhaseListener.java:63)
at oracle.bpm.web.security.faces.AuthenticationPhaseListener.afterPhase(AuthenticationPhaseListener.java:53)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:520)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:207)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:128)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:527)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:253)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:159)
at jsp_servlet.__index._jspService(__index.java:79)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: fuego.papi.OperationException: Operation exception.
... 71 more
Caused by: ORABPEL-10592
Identity Service soap error.
BPMIdentityService encountered soap error in method invoke with fault "Manager name could not be resolved for "{0}" in configuration "{1}".
Error in resolving manager name for user "xx" in configuration "jazn.com".
Ensure that a user with the given name exists and has a manager. Contact Oracle Support Services if error is not fixable.
".
Ensure that the soap message is properly formed and has all necessary attributes and elements. Contact Oracle Support Services if error is not fixable.
at oracle.bpel.services.identity.client.IdentityServiceSOAPClient.convertSOAPFaultException(IdentityServiceSOAPClient.java:249)
at oracle.bpel.services.identity.client.IdentityServiceSOAPClient.invoke(IdentityServiceSOAPClient.java:214)
at oracle.bpel.services.identity.client.IdentityServiceSOAPClient.lookupUser(IdentityServiceSOAPClient.java:287)
at oracle.bpel.services.identity.client.AbstractIdentityServiceClient.lookupUser(AbstractIdentityServiceClient.java:187)
at oracle.bpm.papi.ora.mgr.OrganizationManager.lookupParticipant(OrganizationManager.java:51)
... 70 more
]]
[2014-04-08T13:52:57.626-04:00] [soa_server1] [NOTIFICATION] [] [oracle.bpm.common] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: jcooper] [ecid: d821806edaa07fff:-6a139b3:14541dc06e4:-8000-00000000000034a2,0] [APP: OracleBPMWorkspace] [DSID: 0000KL2U5kW6IRkpSwh8ic1JH0xT00000H] Operation exception.[[
javax.security.auth.login.LoginException: Operation exception.
at oracle.bpm.papi.ora.mgr.OrganizationManager.lookupParticipant(OrganizationManager.java:61)
at oracle.bpm.papi.ora.mgr.OrganizationManager.lookupParticipant(OrganizationManager.java:41)
at oracle.bpm.papi.ora.ProcessServiceSessionAdapter.(ProcessServiceSessionAdapter.java:183)
at oracle.bpm.papi.ora.ProcessServiceAdapter.createSession(ProcessServiceAdapter.java:146)
at oracle.bpm.workspace.adf.security.WorkspaceLoginBean.initPrincipal(WorkspaceLoginBean.java:126)
at oracle.bpm.web.security.LoginBean.initSSOSession(LoginBean.java:111)
at oracle.bpm.web.security.AuthenticationUtil.authenticateModule(AuthenticationUtil.java:194)
at oracle.bpm.web.security.faces.AuthenticationPhaseListener.authenticate(AuthenticationPhaseListener.java:73)
at oracle.bpm.web.security.faces.AuthenticationPhaseListener.authenticatePhase(AuthenticationPhaseListener.java:63)
at oracle.bpm.web.security.faces.AuthenticationPhaseListener.afterPhase(AuthenticationPhaseListener.java:53)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:520)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:207)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:128)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:527)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:253)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:159)
at jsp_servlet.__index._jspService(__index.java:79)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: fuego.papi.OperationException: Operation exception.
... 71 more
Caused by: ORABPEL-10592
Identity Service soap error.
BPMIdentityService encountered soap error in method invoke with fault "Manager name could not be resolved for "{0}" in configuration "{1}".
Error in resolving manager name for user "xx" in configuration "jazn.com".
Ensure that a user with the given name exists and has a manager. Contact Oracle Support Services if error is not fixable.
".
Ensure that the soap message is properly formed and has all necessary attributes and elements. Contact Oracle Support Services if error is not fixable.
at oracle.bpel.services.identity.client.IdentityServiceSOAPClient.convertSOAPFaultException(IdentityServiceSOAPClient.java:249)
at oracle.bpel.services.identity.client.IdentityServiceSOAPClient.invoke(IdentityServiceSOAPClient.java:214)
at oracle.bpel.services.identity.client.IdentityServiceSOAPClient.lookupUser(IdentityServiceSOAPClient.java:287)
at oracle.bpel.services.identity.client.AbstractIdentityServiceClient.lookupUser(AbstractIdentityServiceClient.java:187)
at oracle.bpm.papi.ora.mgr.OrganizationManager.lookupParticipant(OrganizationManager.java:51)
... 70 more
]]
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |