My Oracle Support Banner

ODI-14177 "The external user: <NAME> does not exist in ODI repository and also has no ODI role granted" Error When Using Enterprise Roles in ODI 12c (Doc ID 2287875.1)

Last updated on FEBRUARY 21, 2019

Applies to:

Oracle Data Integrator - Version 12.1.2.0.0 and later
Information in this document applies to any platform.

Symptoms

External Authentication has been successfully enabled for Oracle Data Integrator (ODI) 12c.

When trying to map Enterprise Roles defined in the authentication LDAP to ODI Roles, the following error is received:

oracle.odi.core.security.BadCredentialsException:
ODI-14177: The external user: <NAME> does not exist in ODI repository and also has no ODI role granted.
The GUID of the user : <GUID>
  at oracle.odi.core.security.SecurityManager.createAuthentication(SecurityManager.java:953)
  at oracle.odi.core.security.SecurityManager.createAuthentication(SecurityManager.java:385)
  at oracle.odi.ui.docking.panes.OdiCnxFactory$2.run(OdiCnxFactory.java:256)
  at oracle.ide.dialogs.ProgressBar.run(ProgressBar.java:961)
  at java.lang.Thread.run(Thread.java:745)

Note the error stack above is extracted from ODI 12.2.1.3.

The issue however is reproduced with previous ODI 12c releases. The single difference being the line number in the error message.

Steps to reproduce the behavior:

  1. Configure ODI to use Microsoft Active Directory (AD) for user authentication.
  2. Create an user in ODI Studio to match the Microsoft AD user, and successfully authenticate the user via AD.
  3. Define a GROUP in AD called "ODI-AD1" and assign user "A" to this group.
  4. Create a role in ODI called "ODI -AD1– ROLE"” and associate AD Group "ODI-AD1" and set Role Profiles.
  5. Login to ODI client with User "A". Observe the error message.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
 Solution 1 - Map every user in AD to the ODI Role in External Authentication Principals > "Add Principals to Role" panel
 Solution 2 - Change the group.filter.object.classes property to group inside the JPS configuration file
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.