My Oracle Support Banner

Login to oamconsole fails with error Invalid credentials and UCP errors (Doc ID 2086565.1)

Last updated on NOVEMBER 05, 2019

Applies to:

Oracle Access Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Symptoms

Unable to login to oamconsole  with  error Invalid credentials and UCP errors. Login issue was only seen for oamconsole using embedded store.

<OAM_SERVER_NAME>-diagnostic.log generate below errors during login -

[2015-11-20T14:57:30.740+03:00] [<OAM_SERVER>] [NOTIFICATION] [] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <USERNAME>] [ecid: <ECID>] [APP: oam_server#11.1.2.0.0] [[oracle.security.am.engine.authn.api.exception.AuthenticationException
       at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.checkAndThrowAuthenticationException(AuthenticationModuleExecutor.java:319)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20007: Unable to connect to the User Store. User Store <IDENTITY_STORE> with initParams {SECURITY_PRINCIPAL=cn=<ADMIN_ID>, GROUP_SEARCH_BASE=ou=<GROUP>,ou=<REALM_NAME>,dc=<DOMAIN>, Type=LDAP, USER_NAME_ATTRIBUTE=<UID>, IsSystem=true, IsPrimary=false, Name=<IDENTITY_STORE>, LDAP_PROVIDER=EMBEDDED_LDAP, RoleMappings={Role Security Admin={Groups=<GROUP>, Users=<USER>}, Role System Monitor=Monitors, Role Application Administrator=Operators, Role System Manager=Deployers}, USER_SEARCH_BASE=ou=<USER>,ou=<REALM_NAME>,dc=<DOMAIN>, LDAP_URL=ldap://<LDAP_HOST>:<LDAP_PORT>, UserIdentityProviderType=OracleUserRoleAPI} could not be initialized due to Error initializing User/Role API : null..
       at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.init(IdentityProviderImpl.java:318)
       at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.init(IdentityProviderImpl.java:240)
       at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.execute(AuthenticationModuleExecutor.java:215)
       ... 44 more
Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20005: Error initializing User/Role API : null.
       at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.initUserRoleAPI(LDAPConfigurator.java:436)
       at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.configureIdentityStore(LDAPConfigurator.java:167)
       at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.init(IdentityProviderImpl.java:288)
       ... 48 more
Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException
       at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.getFactoryEnv(LDAPConfigurator.java:274)
       at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.getIdStore(LDAPConfigurator.java:479)
       at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.initUserRoleAPI(LDAPConfigurator.java:430)
        ... 50 more
Caused by: oracle.security.am.common.jndi.ldap.PoolingException [Root exception is oracle.ucp.UniversalConnectionPoolException: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]]
       at oracle.security.am.common.jndi.ldap.config.LdapPoolConfig.start(LdapPoolConfig.java:421)
       at oracle.security.am.common.jndi.ldap.config.LdapPoolPropertiesReader.processJndiProperties(LdapPoolPropertiesReader.java:129)
       at oracle.security.am.engines.common.identity.provider.impl.UIDPUCPool.<init>(UIDPUCPool.java:66)
       at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.getFactoryEnv(LDAPConfigurator.java:271)
       ... 52 more
Caused by: oracle.ucp.UniversalConnectionPoolException: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
       at oracle.security.am.common.jndi.ldap.ucp.LdapConnectionFactoryAdapter.createConnection(LdapConnectionFactoryAdapter.java:441)
       at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.createOnePooledConnectionInternal(UniversalConnectionPoolImpl.java:1604)
       at oracle.ucp.common.UniversalConnectionPoolImpl$UniversalConnectionPoolInternal.access$600(UniversalConnectionPoolImpl.java:1440)
       at oracle.ucp.common.UniversalConnectionPoolImpl.createOnePooledConnection(UniversalConnectionPoolImpl.java:514)
       at oracle.ucp.common.UniversalConnectionPoolImpl.addNewConnections(UniversalConnectionPoolImpl.java:1000)
       at oracle.ucp.common.UniversalConnectionPoolBase.getInitialConnections(UniversalConnectionPoolBase.java:549)
       at oracle.ucp.common.UniversalConnectionPoolBase.start(UniversalConnectionPoolBase.java:657)
       at oracle.security.am.common.jndi.ldap.config.LdapPoolConfig.start(LdapPoolConfig.java:415)
       ... 55 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
       at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
       at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
       at oracle.security.am.common.jndi.ldap.ucp.LdapConnectionFactoryAdapter$LdapContextFactoryServiceImpl.getPhysicalConnection(LdapConnectionFactoryAdapter.java:212)
       at oracle.security.am.common.jndi.ldap.ucp.LdapConnectionFactoryAdapter.createConnection(LdapConnectionFactoryAdapter.java:423)
       ... 62 more

Changes

Customer added two Authentication providers in weblogic console.

OIDAuthenticator           - SUFFCIENT
OAMIdentityAsserter      - SUFFCIENT

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.