Total Pageviews

Monday, October 20, 2014

after implementing Chain Authentication, error IdentityProviderException: OAMSSA-20027: Could not get user "


Oracle Access Manager  11.1.1.5.0

Implemented chain authentication in OAM 11gR1. After that, you observed OAMSSA-20027 error in oam-diagnostic log eventhough users can login without issue. you are just seeing these errors at the diagnostic logs.

[2012-09-09T12:11:03.410-07:00] [OAM_Server2] [ERROR] [] [oracle.oam.plugin] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 004mKaQ7yjcBp2e_p_d9iY0002dv00000e,0:1] [APP: oam_server] [URI: /oam/server/auth_cred_submit] Exception occurred when authenticating the user against UserIdentityStore - [[
oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20027: Could not get user : <Username>.
at oracle.security.am.engines.common.identity.provider.impl.UserProviderImpl.getUser(UserProviderImpl.java:1309)
at oracle.security.am.engines.common.identity.provider.impl.UserProviderImpl.locateUser(UserProviderImpl.java:1093)
at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.locateUser(IdentityProviderImpl.java:893)
at oracle.security.am.engines.common.identity.provider.impl.OracleUserIdentityProvider.locateUser(OracleUserIdentityProvider.java:465)
at oracle.security.am.plugin.authn.UserIdentificationPlugIn.process(UserIdentificationPlugIn.java:477)
at oracle.security.am.engine.authn.internal.executor.PlugInExecutor.execute(PlugInExecutor.java:179)
at oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor.execute(AuthenticationSchemeExecutor.java:102)
at 


Reason


The chain authentication has 2 steps:
    Step1 - verified against ID Store 1 
    Step2 - verified against ID Store 2
In the event where the user only exist in ID Store2, the error will be thrown after executing step1, before moving to step2. 
Solution:
 
this error can be ignored because if user doest exists in one ID store it is present at other ID Store. it is just an information message.

 
 

No comments:

Post a Comment