Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Using MFA with OAM and OUD LDAP Server - Getting "User doesn't exist." error when retrieving user em

Mike Anderson-OracleDec 7 2017 — edited Dec 12 2017

Hi all,

I am trying to implement Multi Factor Authentication (MFA) in OAM. I am using OIM and the OUD LDAP server. I have configured everything according to these docs:

  1. Protecting an Application Deployed in WebLogic Server
  2. Configuring the Adaptive Authentication Plug-in in the Oracle Access Management Console
  3. OAMSSA-20027: Could not get user : null, idstore using Adaptive Authentication Service (Doc ID 2152202.1)
  4. How to Configure OAM for One-Time Passwords for Use with the Oracle Mobile Authenticator Application (Doc ID 2307570.1)

Here is what happens:

  1. The user requests a protected resource.
  2. OAM redirects the user to the login screen.
  3. The user enters their LDAP user ID & password.
  4. OAM successfully authenticates the user against the LDAP server
  5. OAM then attempts to lookup the user's email and SMS number from the OUD LDAP server
  6. This is where it fails.
  7. I see the exception below in the OAM server log

1
0
wls_oam1
oracle.oam.plugin
idm.us.oracle.com
172.17.0.3
<anonymous>
[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'
0000M0mIkgaFw0H6yvqYMG1QA0Rk0005l3
oracle.security.am.sfa.SFAUDMStoragegetFieldNamesAndValues
oracle.security.am.foundation.udmrtstore.UDMRuntimeStoreException: User doesn't exist.
at oracle.security.am.foundation.udmrtstore.impl.UDMRuntimeStoreImpl.getUserProfile(UDMRuntimeStoreImpl.java:963)
at oracle.security.am.sfa.SFAUDMStorage.getFieldNamesAndValues(SFAUDMStorage.java:267)
at oracle.security.am.sfa.processor.SFASMSProcessor.getAvailableRecepients(SFASMSProcessor.java:226)
at oracle.security.am.sfa.plugin.AbstractOAMSFAPlugin.initPluginClientResponse(AbstractOAMSFAPlugin.java:622)
at oracle.security.am.sfa.plugin.AbstractOAMSFAPlugin.process(AbstractOAMSFAPlugin.java:208)
at oracle.security.am.engine.authn.internal.executor.PlugInExecutor.execute(PlugInExecutor.java:204)
at oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor.execute(AuthenticationSchemeExecutor.java:113)
at oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl.validateUser(AuthenticationEngineControllerImpl.java:269)
at oracle.security.am.engines.enginecontroller.AuthnEngineController.authenticateUser(AuthnEngineController.java:986)
at oracle.security.am.engines.enginecontroller.AuthnEngineController.processEvent(AuthnEngineController.java:341)
at oracle.security.am.controller.MasterController.processEvent(MasterController.java:596)
at oracle.security.am.controller.MasterController.processRequest(MasterController.java:788)
at oracle.security.am.controller.MasterController.process(MasterController.java:708)
at oracle.security.am.pbl.PBLFlowManager.delegateToMasterController(PBLFlowManager.java:209)
at oracle.security.am.pbl.PBLFlowManager.handleBaseEvent(PBLFlowManager.java:147)
at oracle.security.am.pbl.PBLFlowManager.processRequest(PBLFlowManager.java:107)
at oracle.security.am.pbl.transport.http.AMServlet.handleRequest(AMServlet.java:217)
at oracle.security.am.pbl.transport.http.AMServlet.doPost(AMServlet.java:173)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:138)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:464)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:121)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:211)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.security.wls.filter.SSOSessionSynchronizationFilter.doFilter(SSOSessionSynchronizationFilter.java:296)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3748)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3714)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2283)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2182)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1491)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

Any idea what can cause this problem?

Cheers,

Mike
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jan 9 2018
Added on Dec 7 2017
#identity-management, #identity-manager
4 comments
857 views