if it is critical, what I would do is :
- replace the jaas login module with an overriden one, that show with added logs what's going on when checking the identity.
- or try with MySQL, to see if it may come from the portal code, or from the oracle db.
I don't know enough about oracle db, but if it succeed some time, but not always, it look like it may be the database that does not provide the user record quickly enough, no ?
for replacing the jaas login module, look at the jaas module in the descriptor files (of portal in jboss).
The service is defined in /deploy/jboss-portal.sar/META-INF/jboss-service.xml
Hope it helps...