This issue is simple but good to know the root cause. There is a container in OID cn=Employee,cn=users,dc=oracle,dc=com apart from cn=users,dc=oracle,dc=com. I was trying to login to OIDDAS console as an Employee container user and it was throwing an error 401 Unauthorized.
By the way, the OSSO (OID) was integrated with OAM already. When I searched the ssoServer.log (present under $ORACLE_HOME/sso/log), I found the below exception trace.
Tue Mar 15 11:09:04 IST 2011 [ERROR] AJPRequestHandler-ApplicationServerThread-43 Could not get attributes for user, 11061
oracle.ldap.util.UtilException: Multiple Users found with Simple Name = 11061
at oracle.ldap.util.Subscriber.getUser_NICKNAME(Subscriber.java:1173)
at oracle.ldap.util.Subscriber.getUser(Subscriber.java:923)
at oracle.ldap.util.Subscriber.getUser(Subscriber.java:870)
at oracle.security.sso.server.ldap.OIDUserRepository.getUserProperties(OIDUserRepository.java:537)
at oracle.security.sso.server.auth.AuthUtil.getUserMapping(AuthUtil.java:1473)
at oracle.security.sso.server.ui.SSOLoginServlet.processSSOPartnerRequest(SSOLoginServlet.java:1288)
at oracle.security.sso.server.ui.SSOLoginServlet.doPost(SSOLoginServlet.java:547)
at oracle.security.sso.server.ui.SSOLoginServlet.doGet(SSOLoginServlet.java:390)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:826)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:332)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:224)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
at java.lang.Thread.run(Thread.java:534)
Tue Mar 15 11:09:04 IST 2011 [ERROR] AJPRequestHandler-ApplicationServerThread-43 Authorization failed for user: 11061
This metalink article 297059.1 was helpful for me in troubleshooting. The root cause is that the search base in OIDDAS console is specified for 2 containers i.e., cn=Employee, cn=users, dc=oracle,dc=com and cn=users,dc=oracle,dc=com. See the below screenshot.
Hence, while searching for a user say 11061, it is returning 1 record in cn=Employee,cn=users,dc=oracle, dc=com container and another record from cn=users,dc=oracle,dc=com container.
I removed the cn=Employee,cn=users,dc=oracle,dc=com from Search Base as shown below.
Bounced the OC4J process of OID. The error vanished after that.