Error: "401 Unauthorized Your account has been disabled, Please contact the system administrator" while accessing OIDDAS or OSSO consoles

Error: “401 Unauthorized Your account has been disabled, Please contact the system administrator” while accessing OIDDAS or OSSO consoles

The Oracle Access Manager and Oracle Single Sign-on Server has been integration and I had no problems while accessing OIDDAS and OSSO consoles until yesterday. Soon after deleting some users and unnecessary containers from OID using OIDADMIN tool, I am getting the following error when I access the OIDDAS and OSSO consoles:

401 Unauthorized Your account has been disabled, Please contact the system administrator.

The ssoServer.log file shows the below error:

Tue Sep 21 17:21:38 IST 2010 [ERROR] AJPRequestHandler-ApplicationServerThread-8 Could not get attributes for user, orcladmin

oracle.ldap.util.UtilException: NamingException encountered when resolving user – SIMPLE NAME = orcladmin [LDAP: error code 32 – No Such Object]

at oracle.ldap.util.Subscriber.getUser_NICKNAME(Subscriber.java:1215)

at oracle.ldap.util.Subscriber.getUser(Subscriber.java:923)

at oracle.ldap.util.Subscriber.getUser(Subscriber.java:870)

at oracle.security.sso.server.ldap.OIDUserRepository.getUserProperties(OIDUserRepository.java:537)

at oracle.security.sso.server.auth.AuthUtil.getUserMapping(AuthUtil.java:1473)

at oracle.security.sso.server.ui.SSOLoginServlet.processSSOPartnerRequest(SSOLoginServlet.java:1288)

at oracle.security.sso.server.ui.SSOLoginServlet.doPost(SSOLoginServlet.java:547)

at oracle.security.sso.server.ui.SSOLoginServlet.doGet(SSOLoginServlet.java:390)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:826)

at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:332)

at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)

at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)

at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)

at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)

at java.lang.Thread.run(Thread.java:534)

Tue Sep 21 17:21:38 IST 2010 [ERROR] AJPRequestHandler-ApplicationServerThread-8 Authorization failed for user: orcladmin

The workaround I did to get rid of this error is to compile the SSOOblixAuth.java and restart the OC4J_SECURITY and HTTP_Server processes. (Please remember that the plugin is already configured and policy.properties file was already changed when I integrated OSSO and OAM initially).

When I accessed the OIDDAS and OSSO consoles, it started working like a CHARM!!!!!

However, I would like to quote the other possible cause for this error as below:

Deleting any containers in OID after integrating OAM with OSSO and references of container name still existing either in User Search Base, User Creation Base etc., of OID.

Helpful Docs:

Metalink Article: 987877.1

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Error: “401 Unauthorized Your account has been disabled, Please contact the system administrator” while accessing OIDDAS or OSSO consoles

About the Author Mahendra

Leave a Comment:

1 comments