Oracle Security - External Authentication

The requirement is to enable the user to allow access to DB by making the user enter the user name and password only once while accessing the Cognos reports. (Cognos is a BI tool). So the user will enter the username and password at the time he accesses the Cognos application, after this there should not be any logons to access DB.
Cognos stores the user name and password in a LDAP store (in NDS residing on Windows 2000 Advanced Server). So, the question is, can Oracle leverage on the user information stored in the LDAP for Cognos? The external authentication provided by Oracle suggests that if the user info store can be in LDAP provided it is in OID.
Please let me know if this can be achieved and if so, where can I get details about the same.

According to the 8.1.7 documentation:
"Enterprise user security provides single sign-on to Oracle8i using interoperable X.509 v3 certificates over Secure Sockets Layer (SSL) v3, and supports the following LDAP-compliant directory services:
Oracle Internet Directory Release 2.0.5 or later
Microsoft Active Directory "
So it sounds like they do not support Novell's LDAP implementation.
Here's a page on managing Enterprise Users http://technet.oracle.com/docs/products/oracle8i/doc_library/817_doc/network.817/a85430/asomeus.htm
Here's a page on managing OS Authentication -http://technet.oracle.com/doc/windows/server.815/a68694/output/ch10.htm
I just finished writing a chapter on OS Authentication in my Oracle security book. I would stay away from OS Authentication unless you have a small number of users. I have not yet researched Enterprise Users, but the concensus seems to be that they provide a much more robust solution.

Similar Messages

External Authentication general-type questions

Greetings all,
I was recently shown how to get Oracle to allow Windows NT Authentication the way SQL 2005 etc. can. I was able to get it working. It's actually simple, you just have to have this line in your SQLNET.ORA file:
SQLNET.AUTHENTICATION_SERVICES = (NTS)
and make sure a couple initialization parameters are set (OS_AUTHENT_PREFIX to NULL and REMOTE_OS_AUTHENT to TRUE - the first can't be changed once the database is built!).
My first question is does Oracle support external authentications to operating systems other than NT, i.e. SUN, UNIX, LDAP etc? And is it a similar architecture?
Secondly, the only ways I've ever connected to Oracle are 1) through SQL*Plus, 2) Using OLE DB from Windows and 3) Using ODBC.
Is external authentication supported when logging in any way other than through OLE DB? If so, how?
Appreciating any general information!
Thanks
Joe

1. The name of the product is SQL Server not SQL. SQL is a language.
2. Oracle supports all major forms of internal and external authentication. The ones you listed and many more. The docs are at http://tahiti.oracle.com
3. External authentication is support across the board. But you've got to be working with a database holding nothing more important than your mother's cookie recipes to think that operating system authentication in a Windows environment is secure: It is not.
Your first responsibility, unless you are just playing games at home or in school, is to secure the data and that means an environment more secure than the one you've chosen.

Windows domain authentication on Oracle Secure Global Desktop

Hello,
I made an upgrade of my oracle secure global desktop 4.62 version to 5.1 version.
The problem is, I was using Windows Domain Authentication in 4.62 and this kind of authentication is not available in the 5.1 version.
So now, my users cannot log in the application.
Do you have a solution ?
Thanks

What are you authenticating to specifically? An AD server? Are you using any of the supported authentication mechanisms now supported?
http://docs.oracle.com/cd/E41492_01/E41495/html/sgd-authentication.html#system-authentication-mechanisms-table

Essbase security Migration from native mode to external authentication

Hi!!
I want some guidance on setting up security, all the users are currently in Native user mode and Native groups.
Now we want to migrate to external mode, current version of hyperion is 11.1.1.3, any steps to follow in
this direction would be really helpful.
What is the best way of migrating huge user base from native directory to setting up for external authentication,
this is the first time move from native to external authentication, If anyone who has done this will be helpful.
steps to setup , maxl based migration will be helpful or utility based.
Thanks

When you say native mode do you mean that that essbase security is in native mode and you want to convert to shared services security mode,or do you mean you are using shared services securtiy with native users and you want to use an external directory like MSAD.
For your question ::
Yes the first piece is correct, our security is in native mode.
and we want to convert to shared services security mode,
The request involves moving from essbase native mode to Shared services native user mode (moving all the existing users, groups and existing provisioning)
The next stage is moving from Shared services native user mode to external directory. (moving all the existing users, groups and existing provisioning)
Your input will guide me in the direction.
Thanks

Oracle Virtual Directory vs. Oracle External Authentication Plug-in

I am working in Windows 2003 Server platform and I have Oracle Portal 10g R2 with Oracle Single Sign On 10g R2 setup. I also have Microsoft Active Directory setup. I want to use Microsoft Active Directory users from Oracle Portal and as per my understanding I could use Oracle External Authentication Plug-in or Oracle Virtual Directory for this purpose. I would like to use Oracle Virtual Directory if possible. Could someone please tell me if I could use Oracle Virtual Directory or not?
Thanks.

Yeah, I could use Oracle External Authentication Plug-in, but I am having issues with running the oidspadi.sh script on my Windows 2003 server environment. I am running this script using Cygwin's latest software, but for some reason I get the following error message.
: command not found8:
: command not found8:
: command not found3:
: command not found7:
: command not found1:
: command not found8:
: command not found9:
: command not found0: clear
OID Active Directory Plug-in Configuration
Please make sure Database and OID are up and running.
: command not found7:
: command not found0:
oidspadi.sh: line 103: syntax error near unexpected token 'fi'
'idspadi.sh: line 103:' fi
Therefore, I was trying to find an alternative solution, which will be using Virtual Directory. Right now, I have installed Oracle Virtual Directory on my testing system and I have both Active Directory server and OID server part of LDAP Browser. My goal is to using Oracle Portal to log-in and first look for the user in OID if not found then look in Active Directory. Can this be accomplished using Oracle Virtual Directory?
Please let me know.

OracleAS SSO - Microsoft Active Directory External Authentication Plug-in

hi ,
I recently inherited support of a Oracle SSO/OID environment where we use AD and a external Authentication Plug-
in to talk to it as user credentials are managed in AD,
We have a lot of domain controllers for AD in our env , so my questions is
1) How do I find out which AD server is the plugin currently referring to ,
I need to know this info ASAP as lot of AD servers are getting decomissioned and I want to make sure the SSO env
is not talking to a AD server that would get decomissioned soon

hi,
Look in the integration part in oidadmin. ActiveChgImp
$ORACLE_HOME/bin/oidadmin
or look for ad2oid.properties
or look at this URL http://www.oracle.com/technology/obe/obe_as_10g/im/ads_import/import.htm
is what I used to configure ours
Regards

Oracle Identity Server Authenticator as Security Provider for Weblogic 10.3

Hi,
I am getting the following exception on weblogic server 10.1.3 console when accessing users and groups in security realm. This can be reproduced using the following steps.
1. I have installed Oracle Identity Management 10.1.4 (Oracle SSO). I have installed Oracle SSO using the default port options. I tested accessing the Internet directory using orcladmin user and it is working with out any problems.
2. Installed Oracle weblogic Server 10.1.3 and then installed ADF runtime. I verified the installation by accessing the admin server console and did not find any issues.
3. Opened the Admin Console and then accessed the Security Realms and then selected myrealm. Then selected Providers and added Oracle Internet directory Authentication provider.
4. configured the provider specific parameters like the host name and port number (389).
Now when I select user and groups tab I am getting the following exception on weblogic adminserver command prompt console.
Am I missing any steps in configuring Oracle Internet directory authenitcaiton provider for weblogic 10.3.1
<Oct 13, 2009 8:33:21 PM EDT> <Error> <Console> <BEA-240003> <Console encountere
d the following error weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection
at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3224)
at weblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtnDelegate.java:2248)
at weblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(LDAPAuthenticatorImpl.java:178)
at weblogic.security.providers.authentication.OracleInternetDirectoryAuthenticatorMBeanImpl.listUsers(OracleInternetDirectoryAuthenticatorMBeanImpl.java:221)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:443)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:314)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
at java.security.AccessController.doPrivileged(Native Method)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
at javax.management.remote.rmi.RMIConnectionImpl_1031_WLStub.invoke(Unknown Source)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:978)
at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
at $Proxy106.listUsers(Unknown Source)
at com.bea.console.utils.security.UserUtils.getUsers(UserUtils.java:78)
at com.bea.console.actions.security.users.UserTableAction.getCollection(UserTableAction.java:100)
at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:83)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:262)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:256)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:133)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388)
at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:211)
at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.lang.reflect.InvocationTargetException
at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:3890)
at weblogic.security.utils.Pool.newInstance(Pool.java:37)
at weblogic.security.utils.Pool.getInstance(Pool.java:33)
at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3219)
... 119 more
Caused by: netscape.ldap.LDAPException: error result (49)
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4871)
at netscape.ldap.LDAPConnection.simpleBind(LDAPConnection.java:1766)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1264)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1273)
at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1562)
at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:3860)
... 122 more
Thanks and Regards,
S R Prasad

The problem has been resolved after providing OID admin user creadential with cn=orcladmin instead of orcladmin. The Security:090294 is related to OID credentials.
Regards,
S R Prasad

Com.oracle.cie.domain.security.external.ConfigSecurityException: oracle.security.opss.tools.lifecycle.LifecycleException: JPS-06514

2014-08-08 08:51:41,053 信息    [AWT-EventQueue-0] com.oracle.cie.wizard.help.DefaultHelpProvider - Initializing help implementation....
2014-08-08 08:51:41,412 信息    [AWT-EventQueue-0] com.oracle.cie.domain.info.DomainInformationImpl - initializing domaininformation object.
2014-08-08 08:51:41,490 信息    [AWT-EventQueue-0] com.oracle.cie.domain.DomainRegistryWrapper - need to initialize domainRegistrydocument object
2014-08-08 08:51:48,880 信息    [AWT-EventQueue-0] com.oracle.cie.domain.info.DomainInformationImpl - initializing domaininformation object.
2014-08-08 08:52:08,811 信息    [AWT-EventQueue-0] com.oracle.cie.domain.WLSTemplateBuilder - No config groups xml found in template
2014-08-08 08:52:09,092 信息    [AWT-EventQueue-0] com.oracle.cie.domain.WLSTemplateBuilder - No config groups xml found in template
2014-08-08 08:52:09,482 信息    [AWT-EventQueue-0] com.oracle.cie.domain.AbstractTemplate - Setting symbol for component oracle.wsm.jrf version 12.1.2.0.0 to oracle.wsm.jrf_12.1.2.0.0/oracle_common_ORACLE_HOME
2014-08-08 08:52:09,622 信息    [AWT-EventQueue-0] com.oracle.cie.domain.AbstractTemplate - Setting symbol for component oracle.webservices.base version 12.1.2.0.0 to oracle.webservices.base_12.1.2.0.0/oracle_common_ORACLE_HOME
2014-08-08 08:52:09,669 信息    [AWT-EventQueue-0] com.oracle.cie.domain.AbstractTemplate - Adding component reference
2014-08-08 08:52:09,872 信息    [AWT-EventQueue-0] com.oracle.cie.domain.AbstractTemplate - Setting symbol for component oracle.sdp.messaging version 12.1.2.0.0 to oracle.sdp.messaging_12.1.2.0.0/oracle_common_ORACLE_HOME
2014-08-08 08:52:09,903 信息    [AWT-EventQueue-0] com.oracle.cie.domain.AbstractTemplate - Adding component reference
2014-08-08 08:52:09,950 信息    [AWT-EventQueue-0] com.oracle.cie.domain.AbstractTemplate - Setting symbol for component oracle.wsm.jrf version 12.1.2.0.0 to oracle.wsm.jrf_12.1.2.0.0/oracle_common_ORACLE_HOME
2014-08-08 08:52:09,997 信息    [AWT-EventQueue-0] com.oracle.cie.domain.AbstractTemplate - Setting symbol for component oracle.wls.core.app.server version 12.1.2.0.0 to oracle.wls.core.app.server_12.1.2.0.0/wlserver_ORACLE_HOME
2014-08-08 08:52:10,121 信息    [AWT-EventQueue-0] com.oracle.cie.domain.AbstractTemplate - Setting symbol for component oracle.jrf.dms version 12.1.2.0.0 to oracle.jrf.dms_12.1.2.0.0/oracle_common_ORACLE_HOME
2014-08-08 08:52:10,231 信息    [AWT-EventQueue-0] com.oracle.cie.domain.AbstractTemplate - Setting symbol for component oracle.jrf.infra.fmw.wls version 12.1.2.0.0 to oracle.jrf.infra.fmw.wls_12.1.2.0.0/oracle_common_ORACLE_HOME
2014-08-08 08:52:10,293 信息    [AWT-EventQueue-0] com.oracle.cie.domain.AbstractTemplate - Adding component reference
2014-08-08 08:52:10,496 信息    [AWT-EventQueue-0] com.oracle.cie.domain.AbstractTemplate - Setting symbol for component oracle.wsm.console.core version 12.1.2.0.0 to oracle.wsm.console.core_12.1.2.0.0/oracle_common_ORACLE_HOME
2014-08-08 08:52:10,621 信息    [AWT-EventQueue-0] com.oracle.cie.domain.AbstractTemplate - Setting symbol for component oracle.webcenter.skin version 12.1.2.0.0 to oracle.webcenter.skin_12.1.2.0.0/oracle_common_ORACLE_HOME
2014-08-08 08:52:10,761 信息    [AWT-EventQueue-0] com.oracle.cie.domain.AbstractTemplate - Setting symbol for component oracle.webcenter.pageeditor version 12.1.2.0.0 to oracle.webcenter.pageeditor_12.1.2.0.0/oracle_common_ORACLE_HOME
2014-08-08 08:52:10,870 信息    [AWT-EventQueue-0] com.oracle.cie.domain.AbstractTemplate - Setting symbol for component oracle.sysman.fmw.as version 12.1.2.0.0 to oracle.sysman.fmw.as_12.1.2.0.0/em_ORACLE_HOME
2014-08-08 08:52:10,979 信息    [AWT-EventQueue-0] com.oracle.cie.domain.AbstractTemplate - Setting symbol for component oracle.sysman.fmw.core version 12.1.2.0.0 to oracle.sysman.fmw.core_12.1.2.0.0/em_ORACLE_HOME
2014-08-08 08:52:11,073 警告    [AWT-EventQueue-0] com.oracle.cie.domain.ConfigGroupsDeployer - Unable to locate JDBCSystemResource with the name DerbyLocalSvcTblDataSource
2014-08-08 08:57:06,092 信息    [59] oracle.security.jps.util.JpsUtil - JpsUtil: isAuditDisabled set to true
2014-08-08 08:57:07,980 警告    [59] oracle.security.jps.internal.keystore.file.FileKeyStoreManager - 未能打开基于文件的密钥库。原因是oracle.security.jps.service.keystore.KeyStoreServiceException: 无法执行加密操作
2014-08-08 08:57:07,980 严重    [59] oracle.security.opss.tools.lifecycle.OpssDomainConfigImpl - Error during configureOpssInDomain. Exception oracle.security.jps.service.keystore.KeyStoreServiceException: JPS-06514: 未能打开基于文件的密钥库。原因是oracle.security.jps.service.keystore.KeyStoreServiceException: 无法执行加密操作
2014-08-08 08:57:07,980 严重    [59] oracle.security.opss.tools.lifecycle.cie.OpssSecurityConfiguration - Error while processing initializeSubsystem. Exception oracle.security.opss.tools.lifecycle.LifecycleException: JPS-06514: 未能打开基于文件的密钥库。原因是oracle.security.jps.service.keystore.KeyStoreServiceException: 无法执行加密操作
2014-08-08 08:57:07,980 严重    [Thread-17] com.oracle.cie.domain.TemplateImporter - 域扩展应用失败!
域位置: D:\Weblogic12.1.2\user_projects\domains\base_domain
原因: oracle.security.opss.tools.lifecycle.LifecycleException: JPS-06514: 未能打开基于文件的密钥库。原因是oracle.security.jps.service.keystore.KeyStoreServiceException: 无法执行加密操作
异常错误:
oracle.security.opss.tools.lifecycle.LifecycleException: JPS-06514: 未能打开基于文件的密钥库。原因是oracle.security.jps.service.keystore.KeyStoreServiceException: 无法执行加密操作
com.oracle.cie.domain.security.external.ConfigSecurityException: oracle.security.opss.tools.lifecycle.LifecycleException: JPS-06514: 未能打开基于文件的密钥库。原因是oracle.security.jps.service.keystore.KeyStoreServiceException: 无法执行加密操作
at oracle.security.opss.tools.lifecycle.cie.OpssSecurityConfiguration.initializeSubsystem(OpssSecurityConfiguration.java:129)
at com.oracle.cie.domain.TemplateImporter.run(TemplateImporter.java:334)
at java.lang.Thread.run(Thread.java:745)
Caused by: oracle.security.opss.tools.lifecycle.LifecycleException: JPS-06514: 未能打开基于文件的密钥库。原因是oracle.security.jps.service.keystore.KeyStoreServiceException: 无法执行加密操作
at oracle.security.opss.tools.lifecycle.OpssDomainConfigImpl.configureOpssInDomain(OpssDomainConfigImpl.java:316)
at oracle.security.opss.tools.lifecycle.OpssDomainConfigImpl.initializeSubsystem(OpssDomainConfigImpl.java:164)
at oracle.security.opss.tools.lifecycle.cie.OpssSecurityConfiguration.initializeSubsystem(OpssSecurityConfiguration.java:126)
... 2 more
Caused by: oracle.security.jps.service.keystore.KeyStoreServiceException: JPS-06514: 未能打开基于文件的密钥库。原因是oracle.security.jps.service.keystore.KeyStoreServiceException: 无法执行加密操作
at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.openKeyStore(FileKeyStoreManager.java:430)
at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.openKeyStore(FileKeyStoreManager.java:375)
at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.doInit(FileKeyStoreServiceImpl.java:121)
at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.start(FileKeyStoreServiceImpl.java:899)
at oracle.security.jps.internal.keystore.FarmKeyStoreServiceImpl.initialize(FarmKeyStoreServiceImpl.java:115)
at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:175)
at oracle.security.jps.internal.tools.utility.keystore.JpsUtilKeyStoreImpl.initializeKeyStore(JpsUtilKeyStoreImpl.java:102)
at oracle.security.jps.internal.tools.utility.keystore.JpsUtilKeyStoreImpl.createKeyStore(JpsUtilKeyStoreImpl.java:116)
at oracle.security.jps.tools.utility.JpsUtilConfigurationTool.configureOpssInDomain(JpsUtilConfigurationTool.java:165)
at oracle.security.opss.tools.lifecycle.OpssDomainConfigImpl.configureOpssInDomain(OpssDomainConfigImpl.java:312)
... 4 more
Caused by: oracle.security.jps.service.keystore.KeyStoreServiceException: 无法执行加密操作
at oracle.security.jps.internal.keystore.util.CryptoUtil.decrypt(CryptoUtil.java:483)
at oracle.security.jps.internal.keystore.util.CryptoUtil.decodeAliasWithEncryptedContent(CryptoUtil.java:560)
at oracle.security.jps.internal.keystore.util.CryptoUtil.decryptPrivateKey(CryptoUtil.java:740)
at oracle.security.jps.internal.keystore.config.jaxb.adapters.PrivateKeyAdapter.unmarshal(PrivateKeyAdapter.java:63)
at oracle.security.jps.internal.keystore.config.jaxb.KeyPair.retrievePrivateKey(KeyPair.java:101)
at oracle.security.jps.internal.keystore.util.KeyStoreServiceUtil.getDemoCAKey(KeyStoreServiceUtil.java:570)
at oracle.security.jps.internal.keystore.util.KeyStoreServiceUtil.getDemoCAKey(KeyStoreServiceUtil.java:542)
at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.openKeyStore(FileKeyStoreManager.java:418)
... 13 more
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313)
at javax.crypto.Cipher.doFinal(Cipher.java:2087)
at oracle.security.jps.internal.keystore.util.CryptoUtil.decrypt(CryptoUtil.java:463)
... 20 more

Hi,
I want to check did you start the any service before running the security store? Go with create option as you are created different domain for OPAM.
Let me know.
Regards,
Ari

External authentication with 9.0.1.0.0

I cannot get external authentication to work over Oracle Net
with 9i …
e.g.,
sqlplus /@s2b …
ERROR:
ORA-01004: default username feature not supported; logon denied
[Cause: An attempt was made to use automatic logon on a system
not supporting this feature.
Action: Provide the complete username and password to log on to
Oracle.
<http://download-
east.oracle.com/otndoc/oracle9i/901_doc/network.901/a90150.pdf>
advanced security guide
This error indicates that the connection was not over SSL. Look
at the tnmsnames.ora file to verify the protocol value of the
net service name that youi are using. The value must be TCPS and
not TCP.]
The error messages imply that I have Advanced Security turned
on, but I do not. .. it's not even part of the installation.
sqlplus username/passwd@s2 does work
as does
sqlplus / [using ORACLE_SID]
REMOTE_OS_AUTHENT is set to TRUE in the init<SID>.ora file.
Does anyone know if this feature has been decremented in 9i? It
definitely does work on our 8.1.7 installations.
Thanks,
Dick Wieland

Yes, I have done that (i.e., edited the initSID.ora file and
done a shutdown then startup). I can use external authentication
when I bypass the tnsnames.ora file by going in directly with
the ORACLE_SID parameter.
Dick

Creating Externally Authenticated users

Greetings,
We recently migrated our Security team from Windows XP to Windows 7. With this upgrade, they were forced to stop using the java Oracle 9i Enterprise Manager to manage security and database users. I was able to find the View->DBA tab in Oracle SQL Developer which allows for things like CREATE LIKE, CREATE, etc, but under the CREATE USER, I see nowhere where the tool allows for a user other than a normal database authenticated account. We have a few key databases where we must create externally authenticated users (EXTERNAL) and this just isn't an option. Is this functionality anywhere in the tool?
Thanks
Bradd

We recently migrated our Security team from Windows XP to Windows 7. With this upgrade, they were forced to stop using the java Oracle 9i Enterprise Manager to manage security and database users. I was able to find the View->DBA tab in Oracle SQL Developer which allows for things like CREATE LIKE, CREATE, etc, but under the CREATE USER, I see nowhere where the tool allows for a user other than a normal database authenticated account. We have a few key databases where we must create externally authenticated users (EXTERNAL) and this just isn't an option. Is this functionality anywhere in the tool?
I don't understand what you are trying to do.
Post your full sql developer info and explain in detail what you mean; with an example if possible.
You can create users in the DB the way you do with any tool: write the appropriate DDL for CREATE USER. For OS authentication you add the OS_AUTHENT_PREFIX to the user name.
In sql developer create connections for those users using the connections dialog that you use for any other user. On that dialog there is a checkbox for OS authentication.
See this article by Sue Harper and see if the example for local OS authentication she provides answers your question:
http://www.oracle.com/technetwork/issue-archive/2008/08-may/o38sql-102034.html
To configure local OS authentication for a new user, first find the value of the OS_AUTHENT_PREFIX database initialization parameter in your system's init.ora file. When you create this new user in the database, you must add this parameter value as a prefix to the OS username. The default value is OPS$, for backward compatibility with earlier database releases. (If the value is "", the OS username and the database username are the same, so you don't need to add a prefix to create the Oracle usernames.)
Establish a basic connection with the HR schema as the SYSTEM user. Execute the following from the SQL worksheet, using your database's OS_AUTHENT_PREFIX prefix and substituting your own OS username for "sue":
CREATE USER ops$sue IDENTIFIED EXTERNALLY; GRANT Connect, resource to sue;
Now create a basic connection for this user from the New / Select Database Connection dialog box. Enter a connection name; select Basic for Connection Type ; fill in the Hostname and Port fields; select OS Authentication ; and provide a SID or Service name . Click Test and Connect as before.

Oracle Security Audit Advisory Q2

Hi All,
My boss give me the security audit check, review guidelines from Oracle.
He wants me to validate it with our existing PROD database setup.
Have you done this security check in your PROD databases?
1.
1.1.1 Ensure the following are not installed by default
1.1.1.1 Spatial
1.1.1.2 OLAP
1.1.1.3 Data Mining
1.1.1.4 Real Application Testing
1.1.2 Do not install sample schemas
How do I know if they were installed by defualt? And how do I deinstall them?
2.
1.1 Disallow remote OS authentication
Does this mean I can allow local OS authentication?
By the way, we have an issue of hiding the passwords in batch job scripts.
And I suggested to the security officer to use the OS authentication ( I mean local)
But he disapproved it because for the reason mentioned item above.
So, can I reason with him that he misunderstood it?
Thanks,
zxy

Thanks Justin Sir, your ideas has been so sensible.
The docs Im referring to is > ORACLE-BASE - OS Authentication
I am sure the IT security officer is just referring the guidelines as he is not good in oracle as he is a network guy.
One thing he insist is, the batch operator who handles running of batch scripts every night must not have access to the database? or he/she has no database login?
What he means is in OS Aix he has only "oper01" login id, but it does not have a counterpart of "oper01" in the database. So he will run batch scripts the has connection
to "appadmin" database user, and the the password for this db userid is hidden or encrypted. Of which I suggest to be identified externally.
Can this setup be done for security compliance? I mean can an operator run a batch job that is connecting to the database of which he does not know what userid&password is,
and can not be seen in the shell script even if he opens it? I know if it is a compiled perl It is possible. But using perl for batch need deep expertise.
Can you share me how do u secure your prod database from operators that handles the batch jobs?
Thanks a lot

Granting exp/imp privilege to externally authenticated user

DB version:11.2.0.2
OS : AIX 6.1
We have a DB User(schema) called OPS$appuser who is externally authenticated.
This user should be granted privilege to perform import of scott schema's dumpfile to another schema called appschema2.
This is what appuser will be doing at the unix command line
$ su - appuser
$ exp / owner=scott file=scott.dmp
$ imp / file=scott.dmp fromuser=scott touser=appschema2in short these are the DB schemas involved
OPS$appuser -- The user performing the exp and imp
scott -- The schema which is being exported
appschema2 -- The schema which OPS$appuser imports the contents in scott.dmp to.Due to security reasons, we can't grant IMP_FULL_DATABASE privilege to OPS$appuser. So, what privilege can I give to OPS$appuser to perform the above exp and imp tasks?
Hope the exp and imp sytax i've mentioned above are correct

None,as imp_full_database is required for this.
Also you would better use expdp and impdp using the network_link parameter.
Doing so, you could write a pl/sql procedure using the dbms_data_pump API to replace the command line cr*p and there will be no commandline access required anymore.
Sybrand Bakker
Senior Oracle DBA

Error while Configuring AD external authentication plug in

Hi
While configuring Active directory external authentication plug I am getting following error
OID Active Directory Plug-in Configuration
Please make sure Database and OID are up and running.
Please enter Active Directory host name: clmad101.ad.company.com
Do you want to use SSL to connect to Active Directory? (y/n) n
Please enter Active Directory port number [389]: 389
Please enter DB connect string:SQLPLUS sys/manager1 @infradb.ad.company-.com @md61nthiims1.ad.company.com:1521
Please enter ODS password:
Please enter confirmed ODS password:
Please enter OID host name: md61nthiims1.ad.company.com
Please enter OID port number [389]: 389
Please enter orcladmin password:
Please enter confirmed orcladmin password:
Please enter the subscriber common user search base [orclcommonusersearchbase]:
CN=Users,dc=ad,dc=company,dc=com
Please enter the Plug-in Request Group DN:
Please enter the exception entry property [(!(objectclass=orcladuser))]: (|(!obj
ectclass=orcladuser))(cn=orcladmin))
Do you want to setup the backup Active Directory for failover? (y/n) n
Installing Plug-in Packages ...
Usage: SQLPLUS [ [<option>] [<logon>] [<start>] ]
where <option> ::= -H | -V | [ [-C <v>] [-L] [-M <o>] [-R <n>] [-S] ]
<logon> ::= <username>[<password>][@<connect_identifier>] | / | /NOLOG
<start> ::= @<URL>|<filename>[.<ext>] [<parameter> ...]
"-H" displays the SQL*Plus version banner and usage syntax
"-V" displays the SQL*Plus version banner
"-C" sets SQL*Plus compatibility version <v>
"-L" attempts log on just once
"-M <o>" uses HTML markup options <o>
"-R <n>" uses restricted mode <n>
"-S" uses silent mode
Usage: SQLPLUS [ [<option>] [<logon>] [<start>] ]
where <option> ::= -H | -V | [ [-C <v>] [-L] [-M <o>] [-R <n>] [-S] ]
<logon> ::= <username>[<password>][@<connect_identifier>] | / | /NOLOG
<start> ::= @<URL>|<filename>[.<ext>] [<parameter> ...]
"-H" displays the SQL*Plus version banner and usage syntax
"-V" displays the SQL*Plus version banner
"-C" sets SQL*Plus compatibility version <v>
"-L" attempts log on just once
"-M <o>" uses HTML markup options <o>
"-R <n>" uses restricted mode <n>
"-S" uses silent mode
Usage: SQLPLUS [ [<option>] [<logon>] [<start>] ]
where <option> ::= -H | -V | [ [-C <v>] [-L] [-M <o>] [-R <n>] [-S] ]
<logon> ::= <username>[<password>][@<connect_identifier>] | / | /NOLOG
<start> ::= @<URL>|<filename>[.<ext>] [<parameter> ...]
"-H" displays the SQL*Plus version banner and usage syntax
"-V" displays the SQL*Plus version banner
"-C" sets SQL*Plus compatibility version <v>
"-L" attempts log on just once
"-M <o>" uses HTML markup options <o>
"-R <n>" uses restricted mode <n>
"-S" uses silent mode
Registering Plug-ins ...
adding new entry cn=adwhencompare,cn=plugin,cn=subconfigsubentry
adding new entry cn=adwhenbind,cn=plugin,cn=subconfigsubentry
Done.
Is there anythign wrong in the DB connect string??
Thanks

Did you check the debug information from the external auth plugin.?
This is mentioned in metalink note https://metalink.oracle.com/metalink/plsql/showdoc?db=NOT&id=277382.1
here an excerpt:
D) Enabled plug in debugging at the database level. Reference documentation: Oracle Internet Directory Administrator's Guide 10g (9.0.4) Chapter 43 Integration with the Microsoft Windows Environment - Troubleshooting Integration with Microsoft Windows Under section "Debugging the Microsoft Active Directory External Authentication Plug-in"
...enable the plug-in debugging. To do this, enter:
> sqlplus ods/odspassword @$ORACLE_HOME/ldap/admin/oidspdon.pls
To check the plug-in debugging log, enter:
> sqlplus system/manager
SQL> select * from ods.plg_debug_log order by id;
(To delete the plug-in debugging log:
> sqlplus system/manager
SQL> truncate table ods.plg_debug_log
To disable the plug-in debugging:
> sqlplus ods/ods @$ORACLE_HOME/ldap/admin/oidspdof.pls
E) Dump the plug-in profile to make sure it is enabled and configured correctly:
> ldapsearch -h <OID host> -p <OID port> -D "cn=orcladmin" -w <orcladmin password> -b "cn=plugin,cn=subconfigsubentry" -L -s sub "(objectclass=*)" "*"
please take also a look into the DIPTESTER tool available in
http://www.oracle.com/technology/sample_code/products/oid/java_diptester.tar
regards
--Olaf

External Authentication on Windows

Guys, this is driving me crazy.
I had an external user configured on my Oracle 9.2.0.5 database on a Windows 2003 Server.
It was working, I use it to make dump backups.
Now, without any change on any oracle param or bounce it just stoped working.
I have two instances, for one it's working, for the other it's not.
Both instances are on the same server (so I'm using the same sqlnet.ora file with NTS authentication).
Today I removed and recreate the user on both instances, but I keep getting the same problem.
create user "OPS$DOMAIN\ORABACKUP" identified externally
default tablespace users
temporary tablespace temp
The parameters are the same on both instances:
os_authent_prefix string OPS$
os_roles boolean FALSE
remote_login_passwordfile string EXCLUSIVE
remote_os_authent boolean FALSE
remote_os_roles boolean FALSE
Do you have any ideas of why this could happen??
Is there another parameter related to external authentication that I don't know?
Thanks!

Was there ever an answer on this, having problems with setup using same versions

Error:- weblogic.security.SecurityInitializationException: Authentication

Hi,
I am getting below error when ever i am trying to start the Managed server in cluster environment(unix).
I am able to start the server on local machine but in case of remote machine its not gettig started.
I have tried most of the steps as mentioned below:-
1) Changed the weblogic passowrd.
2) Delete boot.properties.
3) deleted $DOMAIN_DIR\servers\<admin-server-name>\data\ldap
4) Followed below post also but nothing worked:-
https://forums.oracle.com/forums/thread.jspa?threadID=956750&start=30&tstart=0
####<Nov 14, 2011 7:41:28 PM IST> <Info> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888310> <BEA-000000> <WebLogic Server "soa_server2" version:
WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 Copyright (c) 1995, 2009, Oracle and/or its affiliates. All rights reserved.>
####<Nov 14, 2011 7:41:28 PM IST> <Notice> <Log Management> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888419> <BEA-170019> <The server log file /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/logs/soa_server2.log is opened. All server side log events will be written to this file.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Log Management> <infva05177.vshodc.lntinfotech.com> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1321279888426> <BEA-170023> <The Server Logging is initialized with Java Logging API implementation.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Diagnostics> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888494> <BEA-320001> <The ServerDebug service initialized successfully.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "t3" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "t3s" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "http" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888560> <BEA-002622> <The protocol "https" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888561> <BEA-002622> <The protocol "iiop" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "iiops" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "ldap" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888562> <BEA-002622> <The protocol "ldaps" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888564> <BEA-002622> <The protocol "cluster" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888565> <BEA-002622> <The protocol "clusters" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888568> <BEA-002622> <The protocol "snmp" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888568> <BEA-002622> <The protocol "admin" is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888569> <BEA-002624> <The administration protocol is "t3s" and is now configured.>
####<Nov 14, 2011 7:41:28 PM IST> <Info> <RJVM> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279888583> <BEA-000570> <Network Configuration for Channel "soa_server2"
Listen Address          172.17.103.42:8101
Public Address          N/A
Http Enabled          true
Tunneling Enabled     false
Outbound Enabled     false
Admin Traffic Enabled     true>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Server> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889336> <BEA-002609> <Channel Service initialized.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Socket> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889410> <BEA-000436> <Allocating 4 reader threads.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <Socket> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889412> <BEA-000446> <Native IO Enabled.>
####<Nov 14, 2011 7:41:29 PM IST> <Info> <IIOP> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279889612> <BEA-002014> <IIOP subsystem enabled.>
####<Nov 14, 2011 7:41:32 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279892649> <BEA-090894> <Successfully loaded the OPSS Policy Provider using oracle.security.jps.internal.policystore.JavaPolicyProvider.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893102> <BEA-000000> <Starting OpenJPA 1.1.1-SNAPSHOT>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893224> <BEA-000000> <StoreServiceImpl.initJDO - StoreService is initialized with Id = ldap_qMT60FRl3kIPYftFoWhBFbhSxuY=>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893501> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/XACMLAuthorizermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893509> <BEA-090074> <Initializing Authorizer provider using LDIF template file /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift.>
####<Nov 14, 2011 7:41:33 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279893921> <BEA-090075> <The Authorizer provider has had its LDIF information loaded from: /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894240> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/DefaultCredentialMappermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894240> <BEA-090827> <LDIF template file /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/DefaultCredentialMapperInit.ldift was empty. The WebLogic provider CredentialMapper has been bootstrapped but has not been initialized with any LDIF data.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894250> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/servers/soa_server2/data/ldap/XACMLRoleMappermyrealmInit.initialized, will load full LDIFT.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894251> <BEA-090074> <Initializing RoleMapper provider using LDIF template file /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/security/XACMLRoleMapperInit.ldift.>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894265> <BEA-090075> <The RoleMapper provider has had its LDIF information loaded from: /home/oracle/Oracle/Middleware/user_projects/domains/domain_cluster/security/XACMLRoleMapperInit.ldift>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894442> <BEA-090093> <No pre-WLS 8.1 Keystore providers are configured for server soa_server2 for security realm myrealm.>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894442> <BEA-090082> <Security initializing using security realm myrealm.>
####<Nov 14, 2011 7:41:34 PM IST> <Critical> <Security> <infva05177.vshodc.lntinfotech.com> <soa_server2> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1321279894594> <BEA-090403> <Authentication for user weblogic denied>
####<Nov 14, 2011 7:41:34 PM IST> <Critical> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894596> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
     at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:251)
     at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
     at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
     at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
     at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
     at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
     at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
     at $Proxy28.login(Unknown Source)
     at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
     at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
     at $Proxy46.authenticate(Unknown Source)
     at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
     at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:929)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894605> <BEA-000365> <Server state changed to FAILED>
####<Nov 14, 2011 7:41:34 PM IST> <Error> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894605> <BEA-000383> <A critical service failed. The server will shut itself down>
####<Nov 14, 2011 7:41:34 PM IST> <Notice> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894608> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<Nov 14, 2011 7:41:34 PM IST> <Info> <WebLogicServer> <infva05177.vshodc.lntinfotech.com> <soa_server2> <Main Thread> <<WLS Kernel>> <> <> <1321279894618> <BEA-000236> <Stopping execute threads.>
Please help.
thanks in advance

I've tried every trick in the book but no luck and finally I found a solution for this problem. Maybe it is not the best practice but it works:
1-Uninstall JDeveloper.
2-Delete Oracle Middleware file located in C:\Oracle
3-Delete the JDeveloper file located in C:\Users\MyUser\AppData\Roaming (Because the integrated Weblogic server is actually there)
4-Reinstall JDeveloper
That solved the issue.
Thanks

Oracle Security - External Authentication

Similar Messages

Maybe you are looking for