The boot identity may have been changed since the b oot identity file was created

1) Boot.properties  :   key file to start the node manager/ weblogic 

weblogic.security.SecurityInitializationException: Authentication denied: Boot i

dentity not valid; The user name and/or password from the boot identity file (bo

ot.properties) is not valid. The boot identity may have been changed since the b

oot identity file was created. Please edit and update the boot identity file wit

h the proper values of username and password. The first time the updated boot id

entity file is used to start the server, these new values are encrypted.

entity file is used to start the server, these new values are encrypted.

        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.do

BootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:959)

        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.in

itialize(CommonSecurityServiceManagerDelegateImpl.java:1050)

        at weblogic.security.service.SecurityServiceManager.initialize(SecurityS

erviceManager.java:873)

        at weblogic.security.SecurityService.start(SecurityService.java:141)

        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)

        Truncated. see log file for complete stacktrace

Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Auth

entication Failed: User weblogic123 javax.security.auth.login.FailedLoginExcepti

on: [Security:090302]Authentication Failed: User weblogic123 denied

        at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.log

in(LDAPAtnLoginModuleImpl.java:261)

        at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(Log

inModuleWrapper.java:110)

        at java.security.AccessController.doPrivileged(Native Method)

        at com.bea.common.security.internal.service.LoginModuleWrapper.login(Log

inModuleWrapper.java:106)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        Truncated. see log file for complete stacktrace

If you read the bold text your problem/solution is clearly explained at the time of starting BI Services the credentials you entered will store in boot.properties file located at 

\middleware\user_projects\domains\bifoundation_domain\servers\AdminServer\security

when the credentials are wrong then it will throw above error message next time it wont ask again for the password because it already stored at boot.properties file so solution is to delete the file and start the BI Services again this time enter the right credentials without fail and the console should display below message

<Storing boot ide

ntity in the file: \middleware\user_projects\domains\bifoundation_domain\serve

rs\AdminServer\security\boot.properties>

Embedded LDAP Data : Default LDAP server

2)  Weblogic Server’s default security providers use an  embedded LDAP server to persist all security-related data. Each server stores this data locally,including all of the user,group,role,access control policy,and credential information.For each domain,the admin server acts as the master LDAP server and replicates new information to the embedded LDAP running on each of the managed servers.

All the data of the embedded LDAP server will store into a directory 

\middleware\user_projects\domains\bifoundation_domain\servers\AdminServer\data

Whenever a WebLogic Server is started, it places all of its internal files in a server instance-specific directory. By default, the server’s directory is located in the directory it was started from and has the same name as the server instance (for example,

user_projects/bifoundation_domain/AdminServer/data).

 Inside this server directory is an ldap sub directory where you will find the LDAP server’s files.  shows the full directory structure and description of the embedded LDAP server directory contents.

LDAP folder has below details

backup - Zipped backup files created once a day from the ldapfiles directory 

conf - Configuration files that are generated on the first server start

ldapfiles - LDAP server data files

log  - LDAP server log files

replicadata - Managed server replicated data

backup time can be manged from console 

If you ever encounter a problem where a managed server won’t start and you suspect that its LDAP data may be corrupt, you can either try to use one of the backup zip files from the backup directory to revert the contents of the ldap files directory or simply remove the entire ldap directory and let it be recreated when the managed server starts up and connects to the admin server

where ldap_bkp is backup file and ldap  - is newly created one when I start ' Start BI Services' - weblogic

\middleware\user_projects\domains\bifoundation_domain\servers\AdminServer\data\ldap\ldapfiles  has different files but below are key files to know 

EmbeddedLDAP.data - is the main data file where all the users, groups, roles, and policies are stored

EmbeddedLDAP.delete - contains information about deleted entries

EmbeddedLDAP.lok  - 

file is used to ensure access consistency to the LDAP information. In some cases, a Weblogic Server might shutdown without allowing the embedded LDAP server to unlock the data. If this hap-pens, the server will go into a loop, waiting for the file to be removed and printing out a warning message:

<Could not obtain an exclusive lock for directory: \middleware\user_projects\domains\bifoundation_domain\servers\AdminServer\data\ldap\ldapfiles Waiting for 10 seconds and then retrying in case existing Weblogic Server is still shutting down.>

Typically, deleting the EmbeddedLDAP.lok file will resolve this issue

3) Authentication Provider : Control Flag which wont allow you to login analytics 

Authentication Providers are used to derive  login credentials, certificate or custom headers, using some form of LDAP, or other identity store

When a user has configured their custom provider and changed the control flag to required for both the providers (custom and Default Authenticator) 

The Control Flag governs whether authentication from a provider is required. If 

multiple providers are present, then at least one of them must be set to REQUIRED(but not both) You can mess up your domain resulting in not being able to start your server 

anymore (if you use two Authentication Providers, define the Weblogic user in both 

of them and set one to REQUIRED resulting in not being able to access the domain 

anymore). In fact, you should always set the Default Authenticator to REQUIRED.