Join Adapter Between MSAD And OID - User cannot login to the workspace after setting manager attribute (Doc ID 1668016.1)

Last updated on AUGUST 14, 2017

Applies to:

Oracle Business Process Management Suite - Version 11.1.1.5.0 to 11.1.1.7.0 [Release 11gR1]
Information in this document applies to any platform.

Symptoms

By using two LDAP servers and a joint adapter you can merge attributes from users in two different LDAP environments.  This can be done by adding the primary LDAP as a Sufficient LDAP provider, and the secondary LDAP provider as Optional.
Then, setup a join adapter using this documentation: http://docs.oracle.com/cd/E15586_01/webcenter.1111/e12405/wcadm_security_id_store.htm#CFHDBHCE

Once this is setup the attributes of users can be merged between the two LDAP servers.  The problem being faced in this scenario though was that once the manager attribute is merged the user cannot login to the workspace. They got an exception:

[2014-04-08T13:52:57.595-04:00] [soa_server1] [ERROR] [] [oracle.webservices.jaxws] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: hlevich] [ecid: d821806edaa07fff:-6a139b3:14541dc06e4:-8000-00000000000034a2,0] [APP: OracleBPMWorkspace] [DSID: 0000KL2U5kW6IRkpSwh8ic1JH0xT00000H] Error while invoking endpoint "http://xxxx.us.oracle.com:8001/integration/services/IdentityService/identity" from client; Client side policies: [oracle/no_authentication_client_policy]; Security Subject: Oracom_Wiki
[2014-04-08T13:52:57.626-04:00] [soa_server1] [NOTIFICATION] [] [oracle.bpm.common] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: hlevich] [ecid: d821806edaa07fff:-6a139b3:14541dc06e4:-8000-00000000000034a2,0] [APP: OracleBPMWorkspace] [DSID: 0000KL2U5kW6IRkpSwh8ic1JH0xT00000H] Operation exception.[[
javax.security.auth.login.LoginException: Operation exception.
at oracle.bpm.papi.ora.mgr.OrganizationManager.lookupParticipant(OrganizationManager.java:61)
at oracle.bpm.papi.ora.mgr.OrganizationManager.lookupParticipant(OrganizationManager.java:41)
at oracle.bpm.papi.ora.ProcessServiceSessionAdapter.(ProcessServiceSessionAdapter.java:183)
at oracle.bpm.papi.ora.ProcessServiceAdapter.createSession(ProcessServiceAdapter.java:146)
at oracle.bpm.workspace.adf.security.WorkspaceLoginBean.initPrincipal(WorkspaceLoginBean.java:126)
at oracle.bpm.web.security.LoginBean.initSSOSession(LoginBean.java:111)
at oracle.bpm.web.security.AuthenticationUtil.authenticateModule(AuthenticationUtil.java:194)
at oracle.bpm.web.security.faces.AuthenticationPhaseListener.authenticate(AuthenticationPhaseListener.java:73)
at oracle.bpm.web.security.faces.AuthenticationPhaseListener.authenticatePhase(AuthenticationPhaseListener.java:63)
at oracle.bpm.web.security.faces.AuthenticationPhaseListener.afterPhase(AuthenticationPhaseListener.java:53)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:520)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:207)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:128)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:527)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:253)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:159)
at jsp_servlet.__index._jspService(__index.java:79)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: fuego.papi.OperationException: Operation exception.
... 71 more
Caused by: ORABPEL-10592

Identity Service soap error.
BPMIdentityService encountered soap error in method invoke with fault "Manager name could not be resolved for "{0}" in configuration "{1}".
Error in resolving manager name for user "hlevich" in configuration "jazn.com".
Ensure that a user with the given name exists and has a manager. Contact Oracle Support Services if error is not fixable.
".
Ensure that the soap message is properly formed and has all necessary attributes and elements. Contact Oracle Support Services if error is not fixable.

at oracle.bpel.services.identity.client.IdentityServiceSOAPClient.convertSOAPFaultException(IdentityServiceSOAPClient.java:249)
at oracle.bpel.services.identity.client.IdentityServiceSOAPClient.invoke(IdentityServiceSOAPClient.java:214)
at oracle.bpel.services.identity.client.IdentityServiceSOAPClient.lookupUser(IdentityServiceSOAPClient.java:287)
at oracle.bpel.services.identity.client.AbstractIdentityServiceClient.lookupUser(AbstractIdentityServiceClient.java:187)
at oracle.bpm.papi.ora.mgr.OrganizationManager.lookupParticipant(OrganizationManager.java:51)
... 70 more

]]

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms