Libovd 11g Log with OAM Integrated Does Not Keep the Same ECID Number from Front End Application

(Doc ID 2064915.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Virtual Directory - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Virtual Directory / Library OVD (libOVD) 11g 11.1.1.7.0 integrated with Oracle Access Manager (OAM) 11g 11.1.2.2.

OAM to OVD logs one Execution Context ID (ECID) for authentication, but OVD to backend directories logs a different ECID number.

For example, OAM is getting the username and password to send authentication to OVD; see the ECID in OAM log:

[2015-06-15T15:58:37.990+00:00] [oam_server1] [TRACE] [OAMSSA-20130] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 8efc59e4299d9513:178060e6:14decc1d0e9:-8000-0000000000013b84,0] [APP: oam_server#11.1.2.0.0] [SRC_CLASS: oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl] [SRC_METHOD: authenticateUserByName] The userIDAttribute = uid and userIDAttributeValue = my.user
[2015-06-15T15:58:37.992+00:00] [oam_server1] [TRACE] [OAMSSA-20097] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 8efc59e4299d9513:178060e6:14decc1d0e9:-8000-0000000000013b84,0] [APP: oam_server#11.1.2.0.0] [SRC_CLASS: oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl] [SRC_METHOD: authenticateUserByName] User my.user in idstore OVDStore authenticated successfully


The OVD diagnostic log shows for OAM to OVD:

[2015-06-15T15:58:37.612+00:00] [octetstring] [TRACE] [OVD-00023] [com.octetstring.vde.backend.jndi.OID Adapter.BackendJNDI] [tid: 83] [ecid: 8efc59e4299d9513:178060e6:14decc1d0e9:-8000-0000000000013b84,0:3] [SRC_CLASS: com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] [#OID Adapter] JNDI Adapter Search using:[[
 BindDN: cn=orcladmin
 Base: dc=mycompnay,dc=com
 Scope: 2
 Attributes: [uid, wirelessacctnumber, postalcode, manager, street, orclguid, obresponsetries, dateofbirth, defaultgroup, uniquename, telephonenumber, obresponsetimeout, orgunit, timezone, employeenumber, obYetToBeAnsweredChallenge, initials, activestartdate, description, maidenname, localityname, gender, objectclass, sn, oblastloginattemptdate, fax, middlename, homeaddress, country, obpasswordhistory, cn, oblastfailedlogin, oblastsuccessfullogin, preferredlanguage, pobox, mobile, hiredate, uiaccessmode, oblastresponseattemptdate, department, state, givenname, lastname, org, employeetype, title, obfirstlogin, name, obpasswordcreationdate, homephone, pager, mail, activeenddate, oblockouttime, obAnsweredChallenges, firstname, loginid, obpasswordexpmail, obpasswordchangeflag, postaladdress, obuseraccountcontrol, telephone, displayname, oblogintrycount]
 Filter: (&(objectclass=inetorgperson)(uid=my.user))
]]

And for OVD to backend end (i.e., Oracle Internet Directory / OID):

2015-06-15T15:58:37.948+00:00] [octetstring] [TRACE] [] [com.octetstring.vde.operation.BindOperation] [tid: 83] [ecid: 0000KrrwQD1D4i2_vpK6yX1LUllg00002Z,0] [SRC_CLASS: com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] BIND: Success [cn=my user,cn=users,cn=oid,dc=mycompany,dc=com/<IP address>]


Entries in OVD access.log:

[2015-06-15T15:58:37.598+00:00] [octetstring] [NOTIFICATION] [OVD-20043] [com.octetstring.accesslog] [tid: 83] [ecid: 8efc59e4299d9513:178060e6:14decc1d0e9:-8000-0000000000013b84,0:3] conn=1,111 op=17 SRCH base=dc=mycompany,dc=com scope=2 filter=(&(objectclass=inetorgperson)(uid=my.user)) requestedAttributes=[uid, wirelessacctnumber, postalcode, manager, street, orclguid, obresponsetries, dateofbirth, defaultgroup, uniquename, telephonenumber, obresponsetimeout, orgunit, timezone, employeenumber, obYetToBeAnsweredChallenge, initials, activestartdate, description, maidenname, localityname, gender, objectclass, sn, oblastloginattemptdate, fax, middlename, homeaddress, country, obpasswordhistory, cn, oblastfailedlogin, oblastsuccessfullogin, preferredlanguage, pobox, mobile, hiredate, uiaccessmode, oblastresponseattemptdate, department, state, givenname, lastname, org, employeetype, title, obfirstlogin, name, obpasswordcreationdate, homephone, pager, mail, activeenddate, oblockouttime, obAnsweredChallenges, firstname, loginid, obpasswordexpmail, obpasswordchangeflag, postaladdress, obuseraccountcontrol, telephone, displayname, oblogintrycount] sizelimit=0 timelimit=0 typesOnly=FALSE
[2015-06-15T15:58:37.889+00:00] [octetstring] [NOTIFICATION] [OVD-20044] [com.octetstring.accesslog] [tid: 83] [ecid: 8efc59e4299d9513:178060e6:14decc1d0e9:-8000-0000000000013b84,0:3] conn=1,111 op=17 RESULT err=0 tag=0 nentries=1 etime=291 dbtime=0 mem=212,590,216/259,522,560
[2015-06-15T15:58:37.891+00:00] [octetstring] [NOTIFICATION] [OVD-20038] [com.octetstring.accesslog] [tid: 83] [ecid: 0000KrrwQD1D4i2_vpK6yX1LUllg00002Z,0] conn=1,119 op=1 BIND dn=cn=My User,cn=users,cn=oid,dc=mycompany,dc=com method=0 version=3
[2015-06-15T15:58:37.948+00:00] [octetstring] [NOTIFICATION] [OVD-20039] [com.octetstring.accesslog] [tid: 83] [ecid: 0000KrrwQD1D4i2_vpK6yX1LUllg00002Z,0] conn=1,119 op=1 RESULT err=0 tag=0 nentries=0 etime={3}


Need OVD to maintain the same ECID number from the front end application request.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms