Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

How to resolve the "LDAP: error code 49 - Invalid Credentials" error for ODSEE user directory in OAM

3172109Mar 23 2016 — edited Mar 31 2016

Hi All,

I have installed OAM 11g R2 PS3 and using ODSEE as the  backend user directory.

The setup is working fine when i give the correct password for the user.

But when i give the wrong password the "Failure URL" configured in Authentication Scheme is not triggered.
I am again redirected to the login page.

Also i am seeing the below error logs in the OAM Diagnostic logs.

-----------------------------------------------------

[2016-03-23T00:37:20.698-07:00] [oam_server1] [NOTIFICATION] [LIBOVD-20043] [oracle.ods.virtualization.accesslog] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 87752ac7050c759e:-5570a7e2:153a239d74f:-8000-00000000000013f1,0] [APP: oam_server#11.1.2.0.0] conn=1 op=13 SRCH base=ou=People,dc=home,dc=com scope=sub filter=(&(objectclass=inetorgperson)(uid=cnewport)) requestedAttributes=[uid, mail, sn, cn, description, orclguid, givenname, telephonenumber, objectclass, displayname] sizelimit=0 timelimit=0 typesOnly=false

[2016-03-23T00:37:20.703-07:00] [oam_server1] [NOTIFICATION] [LIBOVD-20044] [oracle.ods.virtualization.accesslog] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 87752ac7050c759e:-5570a7e2:153a239d74f:-8000-00000000000013f1,0] [APP: oam_server#11.1.2.0.0] conn=1 op=13 RESULT err=0 tag=0 nentries=1 etime=4 dbtime=0 mem=552,897,664/1,073,741,824

[2016-03-23T00:37:20.703-07:00] [oam_server1] [NOTIFICATION] [LIBOVD-20038] [oracle.ods.virtualization.accesslog] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 87752ac7050c759e:-5570a7e2:153a239d74f:-8000-00000000000013f1,0] [APP: oam_server#11.1.2.0.0] conn=11 op=1 BIND dn=uid=cnewport,ou=People,dc=home,dc=com method=0 version=3

[2016-03-23T00:37:20.703-07:00] [oam_server1] [NOTIFICATION] [LIBOVD-20039] [oracle.ods.virtualization.accesslog] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 87752ac7050c759e:-5570a7e2:153a239d74f:-8000-00000000000013f1,0] [APP: oam_server#11.1.2.0.0] conn=11 op=1 RESULT err=49 tag=0 nentries=0 etime=0

[2016-03-23T00:37:20.709-07:00] [oam_server1] [ERROR] [OAMSSA-20023] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 87752ac7050c759e:-5570a7e2:153a239d74f:-8000-00000000000013f3,0] [APP: oam_server#11.1.2.0.0] Authentication Failure for user : cnewport, for idstore ODSEEInst2 with exception oracle.igf.ids.AuthenticationException: Authentication failed for user uid=cnewport,ou=People,dc=home,dc=com. AdditionalInfo: LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials] with primary error message LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]

[2016-03-23T00:37:20.709-07:00] [oam_server1] [NOTIFICATION] [] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 87752ac7050c759e:-5570a7e2:153a239d74f:-8000-00000000000013f3,0] [APP: oam_server#11.1.2.0.0] [[

oracle.security.am.engine.authn.api.exception.AuthenticationException

        at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.checkAndThrowAuthenticationException(AuthenticationModuleExecutor.java:375)

        at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.execute(AuthenticationModuleExecutor.java:297)

        at oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor.execute(AuthenticationSchemeExecutor.java:110)

        at oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl.validateUser(AuthenticationEngineControllerImpl.java:269)

        at oracle.security.am.engines.enginecontroller.AuthnEngineController.authenticateUser(AuthnEngineController.java:986)

        at oracle.security.am.engines.enginecontroller.AuthnEngineController.processEvent(AuthnEngineController.java:341)

        at oracle.security.am.controller.MasterController.processEvent(MasterController.java:596)

        at oracle.security.am.controller.MasterController.processRequest(MasterController.java:788)

        at oracle.security.am.controller.MasterController.process(MasterController.java:708)

        at oracle.security.am.pbl.PBLFlowManager.delegateToMasterController(PBLFlowManager.java:209)

        at oracle.security.am.pbl.PBLFlowManager.handleBaseEvent(PBLFlowManager.java:147)

        at oracle.security.am.pbl.PBLFlowManager.processRequest(PBLFlowManager.java:107)

        at oracle.security.am.pbl.transport.http.AMServlet.handleRequest(AMServlet.java:217)

        at oracle.security.am.pbl.transport.http.AMServlet.doPost(AMServlet.java:173)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)

        at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)

        at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)

        at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)

        at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)

        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)

        at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:138)

        at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)

        at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:464)

        at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:121)

        at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:211)

        at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)

        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)

        at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:265)

        at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:133)

        at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:120)

        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)

        at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)

        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)

        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)

        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)

        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)

        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)

        at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)

        at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)

        at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)

        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)

        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20023: Authentication Failure for user : cnewport, for idstore ODSEEInst2 with exception oracle.igf.ids.AuthenticationException: Authentication failed for user uid=cnewport,ou=People,dc=home,dc=com. AdditionalInfo: LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials] with primary error message LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]

        at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.getIDSSpecificException(IDSUserProviderImpl.java:820)

        at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.authenticateUserByName(IDSUserProviderImpl.java:803)

        at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.authenticateUserByName(IdentityProviderImpl.java:1305)

        at oracle.security.am.engines.common.identity.provider.impl.OracleUserIdentityProvider.authenticateUserByName(OracleUserIdentityProvider.java:482)

        at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.execute(AuthenticationModuleExecutor.java:228)

        ... 41 more

Caused by: oracle.igf.ids.AuthenticationException: Authentication failed for user uid=cnewport,ou=People,dc=home,dc=com. AdditionalInfo: LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]

        at oracle.igf.ids.arisid.ArisIdServiceManager.findEntity(ArisIdServiceManager.java:1684)

        at oracle.igf.ids.UserManager.authenticateUser(UserManager.java:510)

        at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.authenticateUserByName(IDSUserProviderImpl.java:792)

        ... 44 more

Caused by: oracle.igf.ids.arisid.ArisIdAuthException: Authentication failed for user uid=cnewport,ou=People,dc=home,dc=com. AdditionalInfo: LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]

        at com.oracle.ovd.arisid.OvdIdsStackProvider.doFind(OvdIdsStackProvider.java:1366)

        at com.oracle.ovd.arisid.ArisIdStackProvider.doFind(ArisIdStackProvider.java:175)

        at org.openliberty.arisid.Interaction.doFind(Interaction.java:1022)

        at oracle.igf.ids.arisid.ArisIdServiceManager.findEntity(ArisIdServiceManager.java:1616)

        ... 46 more

Caused by: oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]

        at oracle.ods.virtualization.operation.BindOperation.process(BindOperation.java:128)

        at oracle.ods.virtualization.service.DefaultVirtualizationSession.processOperation(DefaultVirtualizationSession.java:394)

        at oracle.ods.virtualization.service.DefaultVirtualizationSession.bind(DefaultVirtualizationSession.java:137)

        at com.oracle.ovd.arisid.OvdIdsStackProvider.doFind(OvdIdsStackProvider.java:1302)

        ... 49 more

Caused by: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]

        at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.rebind(JNDIConnectionPool.java:491)

        at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.getLdapContext(JNDIConnectionPool.java:305)

        at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.checkOutContext(JNDIConnectionPool.java:229)

        at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:1088)

        at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:989)

        at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:439)

        at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.bind(ConnectionHandle.java:183)

        at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.bind(BackendJNDI.java:524)

        at oracle.ods.virtualization.engine.chain.Chain.nextBind(Chain.java:228)

        at oracle.ods.virtualization.engine.chain.BasePlugin.bind(BasePlugin.java:74)

        at oracle.ods.virtualization.engine.chain.plugins.usermanagement.UserManagement.bind(UserManagement.java:781)

        at oracle.ods.virtualization.engine.chain.Chain.nextBind(Chain.java:238)

        at oracle.ods.virtualization.engine.chain.PluginChain.runBind(PluginChain.java:175)

        at oracle.ods.virtualization.engine.chain.PluginManager.runBind(PluginManager.java:288)

        at oracle.ods.virtualization.engine.chain.PluginManager.runBind(PluginManager.java:274)

        at oracle.ods.virtualization.engine.backend.AdapterServiceInterface.bind(AdapterServiceInterface.java:293)

        at oracle.ods.virtualization.engine.backend.BackendHandler.bind(BackendHandler.java:363)

        at oracle.ods.virtualization.engine.chain.Chain.nextBind(Chain.java:220)

        at oracle.ods.virtualization.engine.chain.plugins.genericmapping.GenericMapper.bind(GenericMapper.java:196)

        at oracle.ods.virtualization.engine.chain.Chain.nextBind(Chain.java:238)

        at oracle.ods.virtualization.engine.chain.BasePlugin.bind(BasePlugin.java:74)

        at oracle.ods.virtualization.engine.chain.Chain.nextBind(Chain.java:238)

        at oracle.ods.virtualization.engine.chain.PluginChain.runBind(PluginChain.java:175)

        at oracle.ods.virtualization.engine.chain.PluginManager.runBind(PluginManager.java:288)

        at oracle.ods.virtualization.engine.chain.PluginManager.runBind(PluginManager.java:274)

        at oracle.ods.virtualization.engine.chain.GlobalServicesInterface.runBind(GlobalServicesInterface.java:115)

        at oracle.ods.virtualization.operation.BindOperation.process(BindOperation.java:113)

        ... 52 more

Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]

        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3067)

        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)

        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815)

        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729)

        at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2628)

        at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2602)

        at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2598)

        at javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:173)

        at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.rebind(JNDIConnectionPool.java:465)

        ... 78 more

]]

[2016-03-23T00:37:20.712-07:00] [oam_server1] [WARNING] [DMS-57008] [oracle.dms.context] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [APP: oam_server#11.1.2.0.0] The execution context put in place at the start of the request, 87752ac7050c759e:-5570a7e2:153a239d74f:-8000-00000000000013f1,0, is not the execution context in place at the end of the request, 87752ac7050c759e:-5570a7e2:153a239d74f:-8000-00000000000013f3,0. The request is as follows: Request URI:[[

  /oam/server/auth_cred_submit

Request URL:

  http://localhost:14100/oam/server/auth_cred_submit

(No Query String)

All Headers Names:

  Host, Connection, Content-Length, Cache-Control, Accept, Origin, Upgrade-Insecure-Requests, User-Agent, Content-Type, Referer, Accept-Encoding, Accept-Language, Cookie

Selected Header Values:

  Accept-Language : en-US,en;q=0.8

  Host : localhost:14100

  Content-Length : 1893

  Accept-Encoding : gzip, deflate

  Referer : http://192.168.124.130:26001/testlogin/loginform.jsp

  User-Agent : Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36

  Origin : http://192.168.124.130:26001

  Content-Type : application/x-www-form-urlencoded

  Accept : text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

  Connection : keep-alive

]]

--------------------------------------------------------------

Please let me know the steps to resolve the issue.

Also the oblogintrycount is not getting incremented.

Thanks
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Apr 20 2016
Added on Mar 23 2016
#identity-management, #identity-manager
0 comments
3,018 views