OAM Not Working With OUD Proxy DN Renaming Base (Doc ID 2074463.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Symptoms

The ID store is accessed via OUD proxy. OUD proxy has a DN renaming workflow element which renames the existing base DN in OUD and exposes the DN as a separate base.

Configure the ID store in OAM with this base and a virtual attribute as the logon ID attribute. With this setup, the login does not work. in OAM diagnostic loge below mentioned error appears.

Expose the base DN in OUD directly via OUD proxy without the renaming, and configure OAM ID store to use the OUD base DN, it works fine even with the virtual attribute in place.

 


[2015-10-20T15:26:26.559+11:00] [oam_server1] [ERROR] [OAMSSA-20023] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 0000L23Vsxm37EK5MVh8ie1LryiB000Vyd,0] [APP: oam_server#11.1.2.0.0] Authentication Failure for user : mk008, for idstore OUD with exception oracle.igf.ids.AuthenticationException: Authentication failed for user myUid=test1,ou=test,cn=users,dc=my,dc=com. AdditionalInfo: null with primary error message {3}
[2015-10-20T15:26:26.564+11:00] [oam_server1] [NOTIFICATION] [] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: 0000L23Vsxm37EK5MVh8ie1LryiB000Vyd,0] [APP: oam_server#11.1.2.0.0] [[
oracle.security.am.engine.authn.api.exception.AuthenticationException
  at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.checkAndThrowAuthenticationException(AuthenticationModuleExecutor.java:386)
  at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.execute(AuthenticationModuleExecutor.java:308)
  at oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor.execute(AuthenticationSchemeExecutor.java:106)
  at oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl.validateUser(AuthenticationEngineControllerImpl.java:269)
  at oracle.security.am.engines.enginecontroller.AuthnEngineController.authenticateUser(AuthnEngineController.java:890)
  at oracle.security.am.engines.enginecontroller.AuthnEngineController.processEvent(AuthnEngineController.java:326)
  at oracle.security.am.controller.MasterController.processEvent(MasterController.java:596)
  at oracle.security.am.controller.MasterController.processRequest(MasterController.java:788)
  at oracle.security.am.proxy.oam.requesthandler.NGProvider.authenticate(NGProvider.java:778)
  at oracle.security.am.proxy.oam.requesthandler.NGProvider.getAuthenticateForDccResponse(NGProvider.java:536)
  at oracle.security.am.proxy.oam.requesthandler.NGProvider.getResponse(NGProvider.java:443)
  at oracle.security.am.proxy.oam.requesthandler.RequestHandler.handleRequest(RequestHandler.java:366)
  at oracle.security.am.proxy.oam.requesthandler.RequestHandler.handleMessage(RequestHandler.java:170)
  at oracle.security.am.proxy.oam.requesthandler.ControllerMessageBean.getResponseMessage(ControllerMessageBean.java:122)
  at oracle.security.am.proxy.oam.requesthandler.ControllerMessageBean_eo7ylc_MDOImpl.__WL_invoke(Unknown Source)
  at weblogic.ejb.container.internal.MDOMethodInvoker.invoke(MDOMethodInvoker.java:35)
  at oracle.security.am.proxy.oam.requesthandler.ControllerMessageBean_eo7ylc_MDOImpl.getResponseMessage(Unknown Source)
  at oracle.security.am.proxy.oam.mina.ObClientToProxyHandler.messageReceived(ObClientToProxyHandler.java:232)
  at org.apache.mina.common.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:743)
  at org.apache.mina.common.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:405)
  at org.apache.mina.common.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:40)
  at org.apache.mina.common.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:823)
  at org.apache.mina.common.IoFilterEvent.fire(IoFilterEvent.java:54)
  at org.apache.mina.common.IoEvent.run(IoEvent.java:62)
  at oracle.security.am.proxy.oam.mina.CommonJWorkImpl.run(CommonJWorkImpl.java:41)
  at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:184)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20023: Authentication Failure for user : test1, for idstore OUD with exception oracle.igf.ids.AuthenticationException: Authentication failed for user myUid=test1,ou=test,cn=users,dc=my,dc=com. AdditionalInfo: null with primary error message {3}
  at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.authenticateUserByName(IDSUserProviderImpl.java:811)
  at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.authenticateUserByName(IdentityProviderImpl.java:1299)
  at oracle.security.am.engines.common.identity.provider.impl.OracleUserIdentityProvider.authenticateUserByName(OracleUserIdentityProvider.java:478)
  at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.execute(AuthenticationModuleExecutor.java:234)
  ... 26 more
Caused by: oracle.igf.ids.AuthenticationException: Authentication failed for user myUid=test1,ou=test,cn=users,dc=my,dc=com. AdditionalInfo: null
  at oracle.igf.ids.arisid.ArisIdServiceManager.findEntity(ArisIdServiceManager.java:1619)
  at oracle.igf.ids.UserManager.authenticateUser(UserManager.java:471)
  at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.authenticateUserByName(IDSUserProviderImpl.java:768)
  ... 29 more
Caused by: oracle.igf.ids.arisid.ArisIdAuthException: Authentication failed for user myUid=test1,ou=test,cn=users,dc=my,dc=com. AdditionalInfo: null
  at com.oracle.ovd.arisid.OvdIdsStackProvider.doFind(OvdIdsStackProvider.java:1319)
  at com.oracle.ovd.arisid.ArisIdStackProvider.doFind(ArisIdStackProvider.java:175)
  at org.openliberty.arisid.Interaction.doFind(Interaction.java:1022)
  at oracle.igf.ids.arisid.ArisIdServiceManager.findEntity(ArisIdServiceManager.java:1551)
  ... 31 more
Caused by: oracle.ods.virtualization.service.VirtualizationException
  at oracle.ods.virtualization.operation.AbstractOperation.checkResult(AbstractOperation.java:196)
  at oracle.ods.virtualization.operation.BindOperation.process(BindOperation.java:127)
  at oracle.ods.virtualization.service.DefaultVirtualizationSession.processOperation(DefaultVirtualizationSession.java:384)
  at oracle.ods.virtualization.service.DefaultVirtualizationSession.bind(DefaultVirtualizationSession.java:129)
  at com.oracle.ovd.arisid.OvdIdsStackProvider.doFind(OvdIdsStackProvider.java:1254)
  ... 34 more

]]

Changes

 The ID store is accessed via OUD proxy. OUD proxy has a DN renaming workflow element which renames the existing base DN in OUD and exposes the DN as a separate base.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms