Wednesday, September 14, 2016

oracle.security.idaas.rest.provider.cruds.ResourceNameNotFoundException: Failed to get an user from principal for UID

Receiving "oracle.security.idaas.rest.provider.cruds.ResourceNameNotFoundException"  in OAM logs during the user search operations with IDS Profile services and hence unable to find the user profile from the identity store.

Environment:
  • OAM 11.1.2.3BP07
  • OUD 11.1.2.3
  • RHEL6/OEL6 
Error:

<Aug 29, 2016 10:03:59 PM EDT> <Warning> <oracle.idaas.oauth.resourceserver> <BEA-000000> <Resource is not found :: Resource Name "/ms_oauth/resources/userprofile/me/testuser1" >
<Aug 29, 2016 10:03:59 PM EDT> <Error> <oracle.security.idaas.rest.provider.cruds.ids.IDSUtil> <BEA-000000> <Failed to get an user from principal for UID : testuser1
oracle.security.idaas.rest.provider.cruds.ResourceNameNotFoundException: Failed to get an user from principal for UID : testuser1
    at oracle.security.idaas.rest.provider.cruds.ids.IDSUtil.getUserFromUID(IDSUtil.java:748)
    at oracle.security.idaas.rest.provider.cruds.ids.IDSUtil.getAuthPrincipal(IDSUtil.java:234)
    at oracle.security.idaas.rest.provider.cruds.ids.IDSPersonService.readPerson(IDSPersonService.java:282)
    at oracle.security.idaas.oauth.resourceserver.jaxrs.userprofile.UserProviderFacade.getUser(UserProviderFacade.java:115)
    at oracle.security.idaas.oauth.resourceserver.jaxrs.userprofile.Me.getMyProfile(Me.java:133)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
................
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: oracle.igf.ids.EntityNotFoundException: Entity not found for the search filter (&(objectclass=top)(CN=testuser1)).
    at oracle.igf.ids.arisid.ArisIdServiceManager.findEntity(ArisIdServiceManager.java:1709)
    at oracle.igf.ids.UserManager.searchUser(UserManager.java:169)
    at oracle.security.idaas.rest.provider.cruds.ids.IDSUtil.getUserFromUID(IDSUtil.java:744)
    at oracle.security.idaas.rest.provider.cruds.ids.IDSUtil.getAuthPrincipal(IDSUtil.java:234)
    at oracle.security.idaas.rest.provider.cruds.ids.IDSPersonService.readPerson(IDSPersonService.java:282)
    at oracle.security.idaas.oauth.resourceserver.jaxrs.userprofile.UserProviderFacade.getUser(UserProviderFacade.java:115)
    at oracle.security.idaas.oauth.resourceserver.jaxrs.userprofile.Me.getMyProfile(Me.java:133)
........................................
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: oracle.igf.ids.arisid.ArisIdNoSuchSubjectException: Entity not found for the search filter (&(objectclass=top)(CN=testuser1)).
    at com.oracle.ovd.arisid.OvdIdsStackProvider.doFind(OvdIdsStackProvider.java:1287)
    at com.oracle.ovd.arisid.ArisIdStackProvider.doFind(ArisIdStackProvider.java:175)
    at org.openliberty.arisid.Interaction.doFind(Interaction.java:1022)
    at oracle.igf.ids.arisid.ArisIdServiceManager.findEntity(ArisIdServiceManager.java:1616)
    at oracle.igf.ids.UserManager.searchUser(UserManager.java:169)
    at oracle.security.idaas.rest.provider.cruds.ids.IDSUtil.getUserFromUID(IDSUtil.java:744) 


Cause: 

This might be due to the incorrect search filter configuration in IDS profile that is enabled in OAuth Service provider configuration. It is configured to CN as RDN attribute in my scanrio. Make sure the steps mentioned in the solution and correct the configuration.

Solution:




Make sure the following two services in OAuth default domain are pointed to correct IDS profile(In my case, it is OUDIDSProfile) where your user data is stored.
  • OAuthDomain -> Resources Servers -> UserProfileServices -> Identity Store name -> OUDIDSProfile
 
  • OAuthDomain -> Service Profiles -> User Store -> OUDIDSProfile
  
Also verify the Attribute configurations in IDS Profile settings are configured properly reflecting the correct ldap attributes.
  • Navigate to Configuration -> UserIdentityStores -> IDS Profiles -> OUDIDSProfile -> Entities. Correct your RDN/login attribute settings as shown below.



After making required corrections according to your LDAPStore IDSProfile settings, It should be able to search the user now from your directory store.

Thank you for visiting.
Posted by at
Labels: , , , , , , , , , ,