Saturday, December 18, 2010

User is not authorized to login to Middleware Administration Server farm. User should be part of one or more Administrative roles to be able to login.

This issue mainly occurs when you have configured your SOA Suite with external ldap and you are tying to log in to the console with the users in your ldap.

There are lot of issues related to this.I will try to cover all the issue and try to explain this issue in detail.


I am covering this for SOA Suite 11g

When ever you create an authentication provider there are few things which you have to keep in mind.

1>The LDAP authentication provider should be first in the list of providers.
2>The control flag for LDAP and default authentication provider should be set to sufficient.

Once you do all these changes you should restart your server.

After restart you should be able to see all the users and groups in the weblogic console provided you have given the correct details for user and groups in configuration.


Now lets consider few error scenario and try to understand this.

Before that we will try to understand two terms

1>Authentication.
2>Autharization.

Authentication-Authentication is any process by which a system verifies the identity of a User who wishes to access it.

Now let suppose you will try to log in to the console with some unknown user and password so the system will not be able to authenticate it because it doesn't have any information on this user ,In that case you might receive an error like

Invalid User Name and/or Password.

This same error will occur even if you will try to use the LDAP user to login and use some different password as the user and password details provided in the ldap will not match the one provided by you that is authentication error.


Now next condition is that you will use the LDAP user which is shown up in weblogic console and you are also providing correct password but you are getting some different error

User is not authorized to login to Middleware Administration Server farm. User should be part of one or more Administrative roles to be able to login.

This is authorization error.

Authorization is the process of giving someone permission to do or have something.

In this case the user is authenticated but the user does not have the privilege to log in to the console this can be resolved by giving the user the roles to access the page.


Further there can be issue like

"@ User "weblogic" is not found in configuration "jazn.com" Check if the user
exists in the repository specified by the configurations. Check the error stack
and fix the cause of the error. Contact oracle support if error is not fixable."


this is a very known issue as been documented in following


It clearly says that if you have provider in this order

1>LDAP
2>Default

you will not be able to log in to the console using weblogic as provider.

These are the main issue which are being faced when ever we integrate our SOA with external ldap.

1 comment:

Anonymous said...

Nice article