#Issue: Weblogic admin server is not coming up due to incorrect
orcladmin LDAP password.
This issue occurs when you have enabled SSO auth in weblogic and
moved SSO Providers to be first.
Error Message:
weblogic.security.providers.authentication.LDAPAtnDelegateException:
[Security:090294]could not get connection
at
weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3483)
at
weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3470)
at
weblogic.security.providers.authentication.LDAPAtnDelegate.userExists(LDAPAtnDelegate.java:2314)
at
weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:193)
at
com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at
java.security.AccessController.doPrivileged(Native Method)
at
com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy25.login(Unknown Source)
at
weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
at
com.bea.common.security.internal.service.IdentityImpersonationServiceImpl.impersonateIdentity(IdentityImpersonationServiceImpl.j
ava:128)
at
weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused by:
java.lang.reflect.InvocationTargetException
at
weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4157)
at
weblogic.security.utils.Pool.newInstance(Pool.java:37)
at
weblogic.security.utils.Pool.getInstance(Pool.java:33)
at
weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3478)
... 39 more
Caused by:
netscape.ldap.LDAPException: error result (49); Invalid credentials
at
netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4871)
at
netscape.ldap.LDAPConnection.simpleBind(LDAPConnection.java:1766)
at
netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1264)
at
netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1273)
at
netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1562)
at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4134)
... 42 more
Caused by:
java.lang.reflect.InvocationTargetException
at
weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4157)
at weblogic.security.utils.Pool.newInstance(Pool.java:37)
at
weblogic.security.utils.Pool.getInstance(Pool.java:33)
at
weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3478)
... 64 more
Caused by:
netscape.ldap.LDAPException: error result (49); Invalid credentials
at
netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4871)
at
netscape.ldap.LDAPConnection.simpleBind(LDAPConnection.java:1766)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1264)
Solution:
Take backup of existing config file and update.
$WL_HOME/user_projects/domains/SOAOSBDevDomain/config/config.xml
and update correct password in clean text
<realm>
<sec:authentication-provider
xsi:type="wls:oracle-internet-directory-authenticatorType">
<sec:name>OID_AUTH</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:host>pvttap03</wls:host>
<wls:principal>cn=orcladmin</wls:principal>
<wls:user-base-dn>cn=users,dc=Mytestserver,dc=ae</wls:user-base-dn>
<wls:credential-encrypted>PWD123**</wls:credential-encrypted>
<wls:group-base-dn>cn=WLS_ADMIN,cn=Groups,dc=Mytestserver,dc=ae</wls:group-base-dn>
</sec:authentication-provider>
<sec:authentication-provider
xsi:type="wls:default-authenticatorType">
<wls:use-retrieved-user-name-as-principal>true</wls:use-retrieved-user-name-as-principal>
</sec:authentication-provider>
<sec:authentication-provider
xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper
xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml"
xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer
xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml"
xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator
xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper
xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider
xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
<sec:password-validator
xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator"
xsi:type="pas:system-passwo
rd-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
No comments:
Post a Comment