EM 13.5: SAML SSO Login Fails with 403--Forbidden Error, [Security:090302]Authentication Failed: User specified user denied
(Doc ID 2969154.1)
Last updated on OCTOBER 11, 2023
Applies to:
Enterprise Manager Base Platform - Version 13.5.0.0.0 and laterInformation in this document applies to any platform.
Symptoms
Follow SAML integration document <Note: 2882744.1>
After providing SSO credentials, EM Console login results below error:
Browser error:
Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
Enable Weblogic DEBUG as per: Note 2969213.1
This document considers sample username as:
Short name - ScottT
Full name - Scott Tiger
<gc_inst>/user_projects/domains/GCDomain/servers/EMGC_OMS1/logs/EMGC_OMS1.out
<Jul 14, 2023 5:56:05,548 PM UTC> <Debug> <SecuritySAML2Atn> <BEA-000000> <SAMLIACallbackHandler: callback[0]: NameCallback: setName(ScottT)>
<Jul 14, 2023 5:56:05,548 PM UTC> <Debug> <SecuritySAML2Atn> <BEA-000000> <SAMLIACallbackHandler: callback[1]: Throwing exception: Unsupported callback: javax.security.auth.callback.PasswordCallback>
<Jul 14, 2023 5:56:05,548 PM UTC> <Debug> <SecuritySAML2Atn> <BEA-000000> <SAMLIACallbackHandler: callback[0]: NameCallback: setName(ScottT)>
<Jul 14, 2023 5:56:06,239 PM UTC> <Debug> <SecuritySAML2Service> <BEA-000000> <[Security:090938]Authentication failure: The specified user failed to log in. javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User specified user denied>
<Jul 14, 2023 5:56:06,239 PM UTC> <Debug> <SecuritySAML2Service> <BEA-000000> <exception info
javax.security.auth.login.FailedLoginException: [Security:090938]Authentication failure: The specified user failed to log in. javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User specified user denied
at com.bea.common.security.utils.ExceptionHandler.throwFailedLoginException(ExceptionHandler.java:62)
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:381)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:117)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:114)
at sun.reflect.GeneratedMethodAccessor677.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
<Jul 14, 2023 5:56:05,548 PM UTC> <Debug> <SecuritySAML2Atn> <BEA-000000> <SAMLIACallbackHandler: callback[1]: Throwing exception: Unsupported callback: javax.security.auth.callback.PasswordCallback>
<Jul 14, 2023 5:56:05,548 PM UTC> <Debug> <SecuritySAML2Atn> <BEA-000000> <SAMLIACallbackHandler: callback[0]: NameCallback: setName(ScottT)>
<Jul 14, 2023 5:56:06,239 PM UTC> <Debug> <SecuritySAML2Service> <BEA-000000> <[Security:090938]Authentication failure: The specified user failed to log in. javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User specified user denied>
<Jul 14, 2023 5:56:06,239 PM UTC> <Debug> <SecuritySAML2Service> <BEA-000000> <exception info
javax.security.auth.login.FailedLoginException: [Security:090938]Authentication failure: The specified user failed to log in. javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User specified user denied
at com.bea.common.security.utils.ExceptionHandler.throwFailedLoginException(ExceptionHandler.java:62)
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:381)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:117)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:114)
at sun.reflect.GeneratedMethodAccessor677.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |