OBIEE 11g users still able to login even with invalid password
Scenario
I have OBIEE 11.1.1.6 installed on a windows 7 64 bit machine for a proof of concept using OID as the authentication source w/ groups being stored in an external database. I followed the directions EXACTLY as request on Oracle's Fusion Middleware Security Guide for OBIEE ( http://docs.oracle.com/cd/E23943_01/bi.1111/e10543/privileges.htm#CJAJBIBG ) . The users are able to log into OBIEE and groups are correctly mapping to the OID users & weblogic application roles. BUT there is a problem:
When I log into OBIEE 11g answers with a VALID username but INVALID password , the system STILL alllows the user to log in.
For example:
user 'member1' has password 'abcd' and is a member of Application Role 'BIAuthor'
scenario 1)
I log into OBIEE 11g with the correct username/password , the user authenticates, the correct application role (BIAuthor) are assigned to the user and there are no issues.
scenario 2)
I log into OBIEE 11g with 'member1' as the username, and 'abcdefgh' as the password (invalid password). The user is able to access Answers, but the application role BIAuthor is not applied to the user (only the authenticated-role is).
The following message is displayed on the bi_server1-diagnostic.log:
message 1:
Message ID OBI-SEC-00046
Message Level 1
WEBSERVICE_PORT.name SecurityServicePort
J2EE_MODULE.name bimiddleware/security
J2EE_APP.name bimiddleware_11.1.1
WEBSERVICE.name SecurityService
Relationship ID 0:1:1:8:11
Component bi_server1
Module oracle.bi.security.service
Host
Host IP Address
User BISystemUser
Thread ID [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'
ECID 2ac0a03caa926090:-77e91c0e:1397d8dc657:-8000-0000000000000029
message 2:
Aug 31, 2012 9:42:30 AM PDT (Warning) … /Farm_bifoundation_domain/bifoundation_domain/bi_server1/bimiddleware(11.1.1) (Application Deployment)
Message Level 1
WEBSERVICE_PORT.name SecurityServicePort
J2EE_MODULE.name bimiddleware/security
J2EE_APP.name bimiddleware_11.1.1
WEBSERVICE.name SecurityService
Relationship ID 0:1:1:6:1
Component bi_server1
Module oracle.j2ee.ws.common.jaxws.JAXWSMessages
Host
Host IP Address
User BISystemUser
Thread ID [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'
ECID 2ac0a03caa926090:-77e91c0e:1397d8dc657:-8000-0000000000000051
Message Exception while executing the business logic: SecurityService::authenticateUserWithLanguage [OBI-SEC-00015] Unable to find user in identity store.
scenario 3)
If an invalid username and password is entered, access is denied (this is correct)._
Can anyone explain why this is happening (scenario 2) and how to resolve it?
my provider list is in the following order:
1) mysqlgroupprovider (control flag = optional)
2)myOIDDirectory (control flag = sufficient)
3)Defaultauthenticator (control flag = sufficient)
Solution:
that was the issue! I had an init block populating USER. When I removed the USER system variable went away.
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/10009036/viewspace-1249985/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- REMOTE_LOGIN_PASSWORDREM
- Clear Windows XP login passwordWindows
- NETAPP - LOGIN TOO MANY USERSAPP
- Automatically Map Network Drives on Domain Login for All Users, Certain Users, or Certain GroupsAI
- Login Oracle Instance Even When sysdba Cannot Do SoOracle
- Creating a Password File and Adding New Users to It (47)
- VMware infrastructure web access 的login name和passwordASTStructWeb
- vmware server web access的login name和passwordServerWeb
- Important directory for OBIEE 11g for system component and java componentImportJava
- nagios監控windows 報NSClient - ERROR: Invalid passwordiOSWindowsclientError
- 用sp_change_users_login消除Sql Server的孤立使用者SQLServer
- 測試oracle 11.2.0.4的remote_login_password引數含義OracleREM
- 無法使用SQL login去登陸SQL Server - 'Password did not match'SQLServer
- 無法使用SQL login去登陸SQL Server - 'Password did not match'SQLServer
- 因login-path導致MySQL 啟動[ERROR]unknown variable 'password=*****'MySqlError
- ORA-01017:invalid username/password; logon deniedGo
- High 'library cache lock' Wait Time Due to Invalid Login AttemptsAI
- jQuery :evenjQuery
- Types of Oracle Database Users : Database Users (6)OracleDatabase
- ConfigureGC.pl Reports - Invalid Username/Password. (文件 ID 602750.1)GC
- Flutter(able) 的單例模式Flutter單例模式
- OBIEE AdminTool Log目錄
- ORA-04098: trigger 'SYS.TR_LOGIN' is invalid and failed re-validationAI
- RMAN-04006: error from auxiliary database: ORA-01017: invalid username/password;ErrorUXDatabase
- 3 Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-idORM
- Oracle default usersOracle
- Not Able To Open Forms Session After Cloning.ORMSession
- AD Administration error:ORA-01017: invalid username/password; logon deniedErrorGo
- Oracle Doc list involved with discoverer/OBIEEOracle
- sqlplus / as sysdba報錯ORA-01017: invalid username/password; logon deniedSQLGo
- EBS在測試時報 APP-FND-01516: Invalid application username,password,or database.APPDatabase
- 【DG】搭建DG時報錯:ORA-01017、ORA-17627、ORA-17629 invalid username/password
- OBIEE11g Deploying an new RPD
- It's not even the whole quest. In this article
- Oracle WebLogic Default Password & Change PasswordOracleWeb
- oracle users 表空間Oracle
- Move users between domainsAI
- Oracle Created (Default) Database UsersOracleDatabase