Libovd 11g Log with OAM Integrated Does Not Keep the Same ECID Number from Front End Application
(Doc ID 2064915.1)
Last updated on MARCH 15, 2019
Applies to:
Oracle Virtual Directory - Version 11.1.1.7.0 and laterInformation in this document applies to any platform.
Symptoms
Oracle Virtual Directory / Library OVD (libOVD) 11g 11.1.1.7.0 integrated with Oracle Access Manager (OAM) 11g 11.1.2.2.
OAM to OVD logs one Execution Context ID (ECID) for authentication, but OVD to backend directories logs a different ECID number.
For example, OAM is getting the username and password to send authentication to OVD; see the ECID in OAM log:
[2015-06-15T15:58:37.992+00:00] [oam_server1] [TRACE] [OAMSSA-20097] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: ECIDVALUE1] [APP: oam_server#11.1.2.0.0] [SRC_CLASS: oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl] [SRC_METHOD: authenticateUserByName] User my.user in idstore OVDStore authenticated successfully
The OVD diagnostic log shows for OAM to OVD:
[2015-06-15T15:58:37.612+00:00] [octetstring] [TRACE] [OVD-00023] [com.octetstring.vde.backend.jndi.OID Adapter.BackendJNDI] [tid: 83] [ecid: ECIDVALUE1:3] [SRC_CLASS: com.octetstring.vde.util.VDELogger] [SRC_METHOD: debug] [#OID Adapter] JNDI Adapter Search using:[[
BindDN: cn=orcladmin
Base: dc=mycompnay,dc=com
Scope: 2
Attributes: [uid, wirelessacctnumber, postalcode, manager, street, orclguid, obresponsetries, dateofbirth, defaultgroup, uniquename, telephonenumber, obresponsetimeout, orgunit, timezone, employeenumber, obYetToBeAnsweredChallenge, initials, activestartdate, description, maidenname, localityname, gender, objectclass, sn, oblastloginattemptdate, fax, middlename, homeaddress, country, obpasswordhistory, cn, oblastfailedlogin, oblastsuccessfullogin, preferredlanguage, pobox, mobile, hiredate, uiaccessmode, oblastresponseattemptdate, department, state, givenname, lastname, org, employeetype, title, obfirstlogin, name, obpasswordcreationdate, homephone, pager, mail, activeenddate, oblockouttime, obAnsweredChallenges, firstname, loginid, obpasswordexpmail, obpasswordchangeflag, postaladdress, obuseraccountcontrol, telephone, displayname, oblogintrycount]
Filter: (&(objectclass=inetorgperson)(uid=my.user))
]]
And for OVD to backend end (i.e., Oracle Internet Directory / OID):
Entries in OVD access.log:
[2015-06-15T15:58:37.889+00:00] [octetstring] [NOTIFICATION] [OVD-20044] [com.octetstring.accesslog] [tid: 83] [ecid: ECIDVALUE1:3] conn=1,111 op=17 RESULT err=0 tag=0 nentries=1 etime=291 dbtime=0 mem=212,590,216/259,522,560
[2015-06-15T15:58:37.891+00:00] [octetstring] [NOTIFICATION] [OVD-20038] [com.octetstring.accesslog] [tid: 83] [ecid: ECIDVALUE2] conn=1,119 op=1 BIND dn=cn=My User,cn=users,cn=oid,dc=mycompany,dc=com method=0 version=3
[2015-06-15T15:58:37.948+00:00] [octetstring] [NOTIFICATION] [OVD-20039] [com.octetstring.accesslog] [tid: 83] [ecid: ECIDVALUE2] conn=1,119 op=1 RESULT err=0 tag=0 nentries=0 etime={3}
Need OVD to maintain the same ECID number from the front end application request.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |