Login to oamconsole fails with error Invalid credentials and UCP errors
(Doc ID 2086565.1)
Last updated on MAY 09, 2023
Applies to:
Oracle Access Manager - Version 11.1.2.2.0 and laterInformation in this document applies to any platform.
Symptoms
Unable to login to oamconsole with error Invalid credentials and UCP errors. Login issue was only seen for oamconsole using embedded store.
<OAM_SERVER_NAME>-diagnostic.log generate below errors during login -
[2015-11-20T14:57:30.740+03:00] [<OAM_SERVER>] [NOTIFICATION] [] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <USERNAME>] [ecid: <ECID>] [APP: oam_server#11.1.2.0.0] [[oracle.security.am.engine.authn.api.exception.AuthenticationException
at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.checkAndThrowAuthenticationException(AuthenticationModuleExecutor.java:319)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20007: Unable to connect to the User Store. User Store <IDENTITY_STORE> with initParams {SECURITY_PRINCIPAL=cn=<ADMIN_ID>, GROUP_SEARCH_BASE=ou=<GROUP>,ou=<REALM_NAME>,dc=<DOMAIN>, Type=LDAP, USER_NAME_ATTRIBUTE=<UID>, IsSystem=true, IsPrimary=false, Name=<IDENTITY_STORE>, LDAP_PROVIDER=EMBEDDED_LDAP, RoleMappings={Role Security Admin={Groups=<GROUP>, Users=<USER>}, Role System Monitor=Monitors, Role Application Administrator=Operators, Role System Manager=Deployers}, USER_SEARCH_BASE=ou=<USER>,ou=<REALM_NAME>,dc=<DOMAIN>, LDAP_URL=ldap://<LDAP_HOST>:<LDAP_PORT>, UserIdentityProviderType=OracleUserRoleAPI} could not be initialized due to Error initializing User/Role API : null..
at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.init(IdentityProviderImpl.java:318)
at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.init(IdentityProviderImpl.java:240)
at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.execute(AuthenticationModuleExecutor.java:215)
... 44 more
Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20005: Error initializing User/Role API : null.
at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.initUserRoleAPI(LDAPConfigurator.java:436)
at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.configureIdentityStore(LDAPConfigurator.java:167)
at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.init(IdentityProviderImpl.java:288)
... 48 more
Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException
at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.getFactoryEnv(LDAPConfigurator.java:274)
at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.getIdStore(LDAPConfigurator.java:479)
at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.initUserRoleAPI(LDAPConfigurator.java:430)
... 50 more
Caused by: oracle.security.am.common.jndi.ldap.PoolingException [Root exception is oracle.ucp.UniversalConnectionPoolException: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]]
at oracle.security.am.common.jndi.ldap.config.LdapPoolConfig.start(LdapPoolConfig.java:421)
at oracle.security.am.common.jndi.ldap.config.LdapPoolPropertiesReader.processJndiProperties(LdapPoolPropertiesReader.java:129)
at oracle.security.am.engines.common.identity.provider.impl.UIDPUCPool.<init>(UIDPUCPool.java:66)
at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.getFactoryEnv(LDAPConfigurator.java:271)
... 52 more
Caused by: oracle.ucp.UniversalConnectionPoolException: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
at oracle.security.am.common.jndi.ldap.ucp.LdapConnectionFactoryAdapter.createConnection(LdapConnectionFactoryAdapter.java:441)
at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.createOnePooledConnectionInternal(UniversalConnectionPoolImpl.java:1604)
at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.access$600(UniversalConnectionPoolImpl.java:1440)
at oracle.ucp.common.UniversalConnectionPoolImpl.createOnePooledConnection(UniversalConnectionPoolImpl.java:514)
at oracle.ucp.common.UniversalConnectionPoolImpl.addNewConnections(UniversalConnectionPoolImpl.java:1000)
at oracle.ucp.common.UniversalConnectionPoolBase.getInitialConnections(UniversalConnectionPoolBase.java:549)
at oracle.ucp.common.UniversalConnectionPoolBase.start(UniversalConnectionPoolBase.java:657)
at oracle.security.am.common.jndi.ldap.config.LdapPoolConfig.start(LdapPoolConfig.java:415)
... 55 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at oracle.security.am.common.jndi.ldap.ucp.LdapConnectionFactoryAdapter$LdapContextFactoryServiceImpl.getPhysicalConnection(LdapConnectionFactoryAdapter.java:212)
at oracle.security.am.common.jndi.ldap.ucp.LdapConnectionFactoryAdapter.createConnection(LdapConnectionFactoryAdapter.java:423)
... 62 more
Changes
Customer added two Authentication providers in weblogic console.
OIDAuthenticator - SUFFCIENT
OAMIdentityAsserter - SUFFCIENT
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |