However, if you still cannot identify the causes of login failure after using the above diagram, contact Oracle Support at:
The above diagram helps you identify alternative causes of login failure if you cannot identify them using the first diagram. The following diagram shows: Causes of User Login Failure - Part 2ĭescription of the illustration GUID-1849B6D6-FCB7-47BB-B7D2-A1A0819C12B0-default.gif The description for the above diagram is as follows:Įnsure that the correct Oracle Business Intelligence certified authenticator is configured for the identity store.Įnsure that users are visible in the Oracle WebLogic Server Administration Console.Įnsure that groups are visible in the Oracle WebLogic Server Administration Console.Įnsure that a user with appropriate permissions can log in to Oracle WebLogic Server Administration Console.Įnsure that the ordering and control flags on authenticators are correct.Īuthenticator misconfigured (second-level issues).Įnsure that WebLogic Server has been re-started after any configuration changes.Įnsure that the WebLogic Server administrator user is correctly moved to LDAP, if WebLogic Server does not start.Įnsure that the attributes specified match what is in your LDAP store.Įnsure that 'from Name Filter' queries are correct.Įnsure that user and group Base DN settings are correct.Įnsure that the account used for LDAP connection has sufficient privileges.Įnsure that correct credentials are used.Įnsure that the user account is not locked or expired.Įnsure that the identity store is available.Įnsure that all BI System processes are running.Įnsure that all JEE applications are running. The call requires the BI Serverto authenticate itself to Oracle Web Services Manager, before it can be received by the BI Security Service.ĭescription of the illustration GUID-7D948FD1-1FA9-4198-B488-BE82CCBDFDAF-default.gif The BI Serverattempts to authenticate the user credentials by calling the BI Security web service (deployed in the WebLogic Managed Server, and protected by a web service security policy). The login process flow begins with the user credentials entered in the login screen, being sent to Presentation Services, and then to the BI Server. For more information, see Configuring Oracle Business Intelligence to Use Alternative Authentication Providers. Successful login to Oracle Business Intelligence requires that the first configured authentication provider contains your user population. The user profile is looked up within the Identity Store to retrieve various attributes, such as email, display name, description, language etc. In a Single Sign-On (SSO) environment, authentication is performed outside the Oracle Business Intelligence system, and identity is asserted instead, but user profile lookup still occurs.Īuthentication and identity assertion is performed by authentication providers and asserters respectively, and is configured using Oracle WebLogic Server Administration Console. If you are looking for alternative way to detect bad log on attempts, take a look at our Netwrix Lockout Account Examiner freeware tool.When a user logs in to Oracle Business Intelligence without Single Sign-On, authentication and user profile lookup occurs. If Kerberos authentication fails between the client and DC, it never gets the point that the log on fails on the server. That is one of the difficulties with Kerberos events - they can't tell you what log on type is taking place back on the system being logged on to.
In Kerberos, the client has to first successfully obtain a ticket from the domain controller before the actual log on session at the initiated server. So you cant see Event ID 4625 on a target server, here's why. If the attempt is with a domain account, you will see an authentication failure event such as 4771 or 4776 on your domain controller.
Event ID 4625 is generated on the computer where access was attempted.
0 kommentar(er)
