I came across this issue in previous installments however I was boggling for a couple of days without a solution. I did however manage to get this resolved on the 3rd day though never recorded what I changed in order to get this working. Now I'm in the same position, I am adamant to find the solution once more, and here it is. (Though I ended with a different result this time)
Basically, I altered the two xmlp-server-config.xml though I located these file by running from the root with the following command
[oracle@localhost logs]$ sudo find / -name xmlp-server-config.xml
I did get 5 of these files back though these are the files in question.
- /home/oracle/Oracle/Middleware/Oracle_BI1/clients/bipublisher/ repository/Admin/Configuration/xmlp-server-config.xml
- /home/oracle/Oracle/Middleware/user_projects/domains/bifoundation_domain/ config/bipublisher/repository/Admin/Configuration/xmlp-server-config.xml
Within both files, I REM'd out the ORACLE_AS_JPS and replaced with the value XDO
<!--property name="SECURITY_MODEL" value="ORACLE_AS_JPS"/--> <property name="SECURITY_MODEL" value="XDO"/>
Ignore some of the websites, because the XDO is actually the local BI repository, not the weblogic security realms
Restart everything, the database, the listeners and the Weblogic domain and managed domain
I noticed when I first altered the file that I was receiving the Please enter username and password, Login failed, please retry. error when trying to log into the bi publisher (/xmlpserver). I was also getting the following error, which could be located within em and within the Weblogic terminal:
Message javax.naming.NamingException: Unresolved naming: cn=weblogic, dc=user, dc=users, dc=principals at [cn=weblogic]
Supplemental Detail at oracle.xdo.security. naming. XdoSAXMLCommonFactory .getElementByDN(XdoSAXMLCommonFactory.java:252)
at oracle.xdo.security.naming.XdoSAXMLCommonFactory.validateCredentials (XdoSAXMLCommonFactory.java:285)
What I now discovered was that I could now login using Administrator/Administrator credentials (BI Publisher local repository) when both files were set to XDO. For what I read before, I was expecting to use my weblogic credentials.
I reverted the data files back to the original state and then bounced the database, listeners and WLS instances.
<property name="SECURITY_MODEL" value="ORACLE_AS_JPS"/> <!--property name="SECURITY_MODEL" value="XDO"/-->
I was now able to log into bi publisher by using the WLS credentials. It's very strange how this works out though when I log in initially, I was then able to change the settings and expect to know which credentials to use.
Strange blog and scenario, though I hope this helps
About the author
Daniel is a Technical Manager with over 10 years of consulting expertise in the Identity and Access Management space.Daniel has built from scratch this blog as well as technicalconfessions.com
Follow Daniel on twitter @nervouswiggles
Comments
Other Posts
AS I was migrating my environment into an S3 environment, I wanted to leverage off the SES services that AWS provide, more specifically, to leverage the off the SMTP functionality by sending an email via PHP
Read More...
The WeMos D1 is a ESP8266 WiFi based board is an extension to the current out-of-the-box library that comes with the Arduino installation. Because of this, you need to import in the libraries as well as acknowledging the specific board. This process is highly confusion with a number of different individuals talking about a number of different ways to integrate.
Read More...
NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration.
Read More...
For what I see, there's not too many supportive documentations out there that will demonstrate how provision AD group membership with the ICF connector using OpenIDM. The use of the special ldapGroups attribute is not explained anywhere in the Integrators guides to to the date of this blog. This quick blog identifies the tasks required to provision AD group membership from OpenIDM to AD using the LDAP ICF connector. However this doesn't really explain what ldapGroups actually does and there's no real worked example of how to go from an Assignment to ldapGroups to an assigned group in AD. I wrote up a wiki article for my own reference: AD group memberships automatically to users This is just my view, others may disagree, but I think the implementation experience could be improved with some more documentation and a more detailed example here.
Read More...
In the past, the similar error occurred though for the Oracle Identity Management solution. invalidcredentialexception remote framework key is invalid Because they all share the ICF connector framework, the error/solution would be the same.
Read More...
org.forgerock.script.exception.ScriptCompilationException: missing ; before statement
Read More...
ForgeRock IDM - org.forgerock.script.exception.ScriptCompilationException: missing ; before statement
Read More...
When performing the attempt of a reconciliation from ForgeRock IDM to Active Directory, I would get the following error
Read More...
In the past, the similar error occurred though for the Oracle Identity Management solution. invalidcredentialexception remote framework key is invalid Because they all share the ICF connector framework, the error/solution would be the same.
Read More...
During the reconcilation from OpenIDM to the ICF google apps connector, the following error response would occur. ERROR Caused by com.google.api.client.auth.oauth2.TokenResponseException 400 Bad Request - invalid_grant
Read More...