BI Publisher Cluster Environment 12.2.1.3 Fails To Open Reports "The report can not be rendered because of an error, please check with Administrator Unauthorized Access either you do not have the privilege or you have not assigned in" (Doc ID 2741698.1)

Last updated on MARCH 25, 2022

Applies to:

Symptoms

BI Publisher application was migrated from 11g to BI Publisher 12.2.1.3.0 standalone installation.

BI Publisher 12c is a cluster environment having two application nodes.

BIP is configured with SSO Authentication (setup OAM) and LDAP Authenticator ProviderOracle Fusion Middleware Security Model is used.

BIP cluster instance with two managed servers. From SSO Login schedule requests works fine from bi_server1 if bi_server_2 down and works fine from bi_server2 if bi_server1 is down.

The same behavior is reported if the reports are run directly.

Instead if both bi nodes are up and running when trying to render the reports the following error is retrieved: "The report can not be rendered because of an error, please check with Administrator Unauthorized Access either you do not have the privilege or you have not assigned in"

From architecture point of view OHS node is being used in front of the Load Balancer.

From the bipublisher log the following error was retrieved

[2020-09-09T18:11:31.308+02:00] [bi_server1] [WARNING] [] [oracle.xdo] [tid: 32] [userId: d578f357e75ac6c4] [ecid: 005fiEmU739Fw0WFLzUKOA0007on0003ce,0:4] [APP: bipublisher] [partition-name: DOMAIN] [tenant-name: GLOBAL] [SI-Key: ssi] Unauthorized Access: Either you do not have the privilege, or you have not signed in.
[2020-09-09T18:11:44.331+02:00] [bi_server1] [ERROR] [] [oracle.xdo] [tid: 32] [userId: d578f357e75ac6c4] [ecid: 005fiEnFy80Fw0WFLzUKOA0007on0003d6,0:2] [APP: bipublisher] [partition-name: DOMAIN] [tenant-name: GLOBAL] [SI-Key: ssi] oracle.igf.ids.EntityNotFoundException: Entity not found for the search filter (&(objectclass=person)(uid=d578f357e75ac6c4)).[[
at oracle.igf.ids.arisid.ArisIdServiceManager.findEntity(ArisIdServiceManager.java:1721)
at oracle.igf.ids.UserManager.searchUser(UserManager.java:236)
at oracle.xdo.security.jps.JPSManager.getUser(JPSManager.java:427)
at oracle.xdo.security.jps.JPSManager.getUserEmail(JPSManager.java:409)
at oracle.xdo.security.JPSValidator.getUserEmailAddress(JPSValidator.java:475)
at oracle.xdo.servlet.security.JPSSecurityHandler.handleUserPreferences(JPSSecurityHandler.java:126)
at oracle.xdo.servlet.security.JPSSecurityHandler.getPrincipalWithSubject(JPSSecurityHandler.java:195)
at oracle.xdo.servlet.security.SecurityFilter.handleContainerSecurity(SecurityFilter.java:1123)
at oracle.xdo.servlet.security.SecurityFilter.handleSSO(SecurityFilter.java:886)
at oracle.xdo.servlet.security.SecurityFilter.doFilter(SecurityFilter.java:262)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.bi.security.filter.BISecurityFilter.lambda$chainToNext$28(BISecurityFilter.java:322)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at oracle.bi.security.filter.BISecurityFilter.chainToNext(BISecurityFilter.java:326)
at oracle.bi.security.filter.BISecurityFilter.handleContainerSubject(BISecurityFilter.java:203)
at oracle.bi.security.filter.BISecurityFilter.doFilter(BISecurityFilter.java:142)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.xdo.servlet.init.InitCheckingFilter.doFilter(InitCheckingFilter.java:63)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.security.jps.ee.http.JpsAbsFilter$3.run(JpsAbsFilter.java:172)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:650)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:110)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilterInternal(JpsAbsFilter.java:273)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:147)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:94)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.security.wls.filter.SSOSessionSynchronizationFilter.doFilter(SSOSessionSynchronizationFilter.java:417)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:248)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at oracle.security.jps.ee.http.JpsAbsFilter$3.run(JpsAbsFilter.java:172)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:650)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:110)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilterInternal(JpsAbsFilter.java:273)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:147)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:94)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:32)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3701)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3667)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:326)
at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197)
at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2443)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2291)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2269)
at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1703)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1663)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:272)
at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352)
at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337)
at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57)
at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:644)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:415)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:355)
Caused by: oracle.igf.ids.arisid.ArisIdNoSuchSubjectException: Entity not found for the search filter (&(objectclass=person)(uid=d578f357e75ac6c4)).
at com.oracle.ovd.arisid.OvdIdsStackProvider.doFind(OvdIdsStackProvider.java:1367)
at com.oracle.ovd.arisid.ArisIdStackProvider.doFind(ArisIdStackProvider.java:172)
at org.openliberty.arisid.Interaction.doFind(Interaction.java:1022)
at oracle.igf.ids.arisid.ArisIdServiceManager.findEntity(ArisIdServiceManager.java:1628)
... 62 more

When connecting directly to BI Publisher (without using SSO) and using the weblogic account all the reports can be successfully visualized.

So the issue is present only if the requests are passing through the Load Balancer

Changes

N.A

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.