Login to oamconsole fails with error Invalid credentials and UCP errors (Doc ID 2086565.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Symptoms

Unable to login to oamconsole  with  error Invalid credentials and UCP errors. Login issue was only seen for oamconsole using embedded store.

oam_server1-diagnostic.log generate below errors during login -

[2015-11-20T14:57:30.740+03:00] [oam_server1] [NOTIFICATION] [] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblog
ic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 9bd79f0cfa369a52:-a53d93d:15124bfee0c:-8000-0000000000000014,0] [APP: oam_serve
r#11.1.2.0.0] [[
oracle.security.am.engine.authn.api.exception.AuthenticationException
       at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.checkAndThrowAuthenticationException(AuthenticationM
oduleExecutor.java:319)



       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20007: Unable to connect to the User Store. User Store UserIdentityStore1 with initParams {SECURITY_PRINCIPAL=cn=Admin, GROUP_SEARCH_BASE=ou=groups,ou=myrealm,dc=base_domain, Type=LDAP, USER_NAME_ATTRIBUTE=uid, IsSystem=true, IsPrimary=false, Name=UserIdentityStore1, LDAP_PROVIDER=EMBEDDED_LDAP, RoleMappings={Role Security Admin={Groups=Administrators, Users=weblogic}, Role System Monitor=Monitors, Role Application Administrator=Operators, Role System Manager=Deployers}, USER_SEARCH_BASE=ou=people,ou=myrealm,dc=base_domain, LDAP_URL=ldap://ldap-host:7001, UserIdentityProviderType=OracleUserRoleAPI} could not be initialized due to Error initializing User/Role API : null..
       at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.init(IdentityProviderImpl.java:318)
       at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.init(IdentityProviderImpl.java:240)



       at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.execute(AuthenticationModuleExecutor.java:215)
       ... 44 more
Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20005: Error initializing User/Role API : null.
       at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.initUserRoleAPI(LDAPConfigurator.java:436)
       at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.configureIdentityStore(LDAPConfigurator.java:167)
       at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.init(IdentityProviderImpl.java:288)
       ... 48 more
Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException
       at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.getFactoryEnv(LDAPConfigurator.java:274)
       at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.getIdStore(LDAPConfigurator.java:479)
       at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.initUserRoleAPI(LDAPConfigurator.java:430)


        ... 50 more
Caused by: oracle.security.am.common.jndi.ldap.PoolingException [Root exception is oracle.ucp.UniversalConnectionPoolException: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]]
       at oracle.security.am.common.jndi.ldap.config.LdapPoolConfig.start(LdapPoolConfig.java:421)
       at oracle.security.am.common.jndi.ldap.config.LdapPoolPropertiesReader.processJndiProperties(LdapPoolPropertiesReader.java:129)
       at oracle.security.am.engines.common.identity.provider.impl.UIDPUCPool.<init>(UIDPUCPool.java:66)
       at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.getFactoryEnv(LDAPConfigurator.java:271)
       ... 52 more
Caused by: oracle.ucp.UniversalConnectionPoolException: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
       at oracle.security.am.common.jndi.ldap.ucp.LdapConnectionFactoryAdapter.createConnection(LdapConnectionFactoryAdapter.java:441)
       at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.createOnePooledConnectionInternal(UniversalConnectionPoolImpl.java:1604)
       at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.access$600(UniversalConnectionPoolImpl.java:1440)
       at oracle.ucp.common.UniversalConnectionPoolImpl.createOnePooledConnection(UniversalConnectionPoolImpl.java:514)
       at oracle.ucp.common.UniversalConnectionPoolImpl.addNewConnections(UniversalConnectionPoolImpl.java:1000)
       at oracle.ucp.common.UniversalConnectionPoolBase.getInitialConnections(UniversalConnectionPoolBase.java:549)
       at oracle.ucp.common.UniversalConnectionPoolBase.start(UniversalConnectionPoolBase.java:657)
       at oracle.security.am.common.jndi.ldap.config.LdapPoolConfig.start(LdapPoolConfig.java:415)
       ... 55 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
       at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
       at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
       at oracle.security.am.common.jndi.ldap.ucp.LdapConnectionFactoryAdapter$LdapContextFactoryServiceImpl.getPhysicalConnection(LdapConnectionFactoryAdapter.java:212)
       at oracle.security.am.common.jndi.ldap.ucp.LdapConnectionFactoryAdapter.createConnection(LdapConnectionFactoryAdapter.java:423)
       ... 62 more

Changes

Customer added two Authentication providers in weblogic console.

OIDAuthenticator           - SUFFCIENT
OAMIdentityAsserter      - SUFFCIENT

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms