Oracle Identity Federation 11g (OIF 11.1.1.2.0) Login to Salesforce and Spark are Failing Intermittently "error while interacting with an LDAP server or JNDI module"

(Doc ID 2306404.1)

Last updated on SEPTEMBER 19, 2017

Applies to:

Oracle Identity Federation - Version 11.1.1.2.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Identity Federation 11g (OIF 11.1.1.2.0) Login to Salesforce and Spark are Failing Intermittently

1. Customer did OS patching one one of the nodes of OIF servers and restarted OIF applications on both nodes i.e. node1 and node2
2. Applications didn't started successfully and OIF deployment was in failed status.
3. Issue was fixed later by Disabling the configuration (configrdbmsenabled = false) pulling from database. OIF servers came back after that. We reset the parameter back to true and there was no issue post that too.
4. After this all applications were working fine except Salesforce and Spark.
5. When the appliation on node1 (patched server) is shut down, then all the applications are working as expected.
6. Temporary run on a single node on that time.

Errors from OIF diagnostic logs:

[2017-07-29T00:07:28.583+10:00] [wls_oif1] [WARNING] [DFW-40125] [oracle.dfw.incident] [tid: [ACTIVE].ExecuteThread: '0' for queue:
'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 005LM4nYsc1EkJGLqyp2iY0001Vf0004Qh,0:3] [APP: OIF#11.1.1.2.0] [URI:
/fed/idp/initiatesso] [arg: FED-10152 [wls_oif1][oracle.security.fed.model.util.ldap.LDAPConnectionFactory]]
incident flood controlled with Problem Key "FED-10152 [wls_oif1][oracle.security.fed.model.util.ldap.LDAPConnectionFactory]"

[2017-07-29T00:07:28.582+10:00] [wls_oif1] [INCIDENT_ERROR] [FED-10152] [oracle.security.fed.model.util.ldap.LDAPConnectionFactory] [tid:
[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid:
005LM4nYsc1EkJGLqyp2iY0001Vf0004Qh,0:3] [APP: OIF#11.1.1.2.0] [URI: /fed/idp/initiatesso] LDAP BindDN or password is incorrect.

[2017-07-29T00:07:28.584+10:00] [wls_oif1] [TRACE] [] [oracle.security.fed.plugins.audit.AuditListener] [tid:
[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid:
005LM4nYsc1EkJGLqyp2iY0001Vf0004Qh,0:3] [SRC_CLASS: oracle.security.fed.plugins.audit.AuditListener] [APP: OIF#11.1.1.2.0]
[SRC_METHOD: process] [URI: /fed/idp/initiatesso] action=0

[2017-07-29T00:07:28.585+10:00] [wls_oif1] [ERROR] [FED-12031] [oracle.security.fed.model.user.ldap.LDAPUserJVT] [tid:
[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid:
005LM4nYsc1EkJGLqyp2iY0001Vf0004Qh,0:3] [APP: OIF#11.1.1.2.0] [URI: /fed/idp/initiatesso] NamingException: error while interacting with an LDAP
server or JNDI module[[
javax.naming.NamingException: bindDN or bind Password is incorrect
at oracle.security.fed.model.util.ldap.LDAPConnectionFactory.openConnection(Unknown Source)
at oracle.security.fed.model.util.ldap.LDAPConnectionFactory.checkOutConnection(Unknown Source)
at oracle.security.fed.model.util.ldap.LDAPConnectionManager.getConnection(Unknown Source)
at oracle.security.fed.model.user.ldap.LDAPUserJVT.getAttributes(Unknown Source)

 

Make some troubleshooting steps, some of them:

- We tried to change authentication engine ldappassword with updatecred
updateCred(map="OIF", key="ldappassword", user="cn=orcladmin", password="password", desc="user ldap password for Auth Engine")
password used is correct, we tested before ldapbind to oid and it is successful

- Verify by running on OIF AdminServer,
listCred(map="OIF", key="userldappassword")
listCred(map="OIF", key="ldappassword")
and confirm it display actual password.

- Still LDAP password issue is seen while fetching attributes for the authenticated user

Changes

 OS patching on one of the node 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms