ITPub博客

首页 > 大数据 > 数据挖掘 > OBIEE 11g users still able to login even with invalid password

OBIEE 11g users still able to login even with invalid password

数据挖掘 作者:newknight 时间:2014-08-12 16:28:15 0 删除 编辑

 

Scenario


I have OBIEE 11.1.1.6 installed on a windows 7 64 bit machine for a proof of concept using OID as the authentication source w/ groups being stored in an external database. I followed the directions EXACTLY as request on Oracle's Fusion Middleware Security Guide for OBIEE ( http://docs.oracle.com/cd/E23943_01/bi.1111/e10543/privileges.htm#CJAJBIBG ) . The users are able to log into OBIEE and groups are correctly mapping to the OID users & weblogic application roles. BUT there is a problem:

When I log into OBIEE 11g answers with a VALID username but INVALID password , the system STILL alllows the user to log in.

For example:

user 'member1' has password 'abcd' and is a member of Application Role 'BIAuthor'

scenario 1)
I log into OBIEE 11g with the correct username/password , the user authenticates, the correct application role (BIAuthor) are assigned to the user and there are no issues.

scenario 2)
I log into OBIEE 11g with 'member1' as the username, and 'abcdefgh' as the password (invalid password). The user is able to access Answers, but the application role BIAuthor is not applied to the user (only the authenticated-role is). 

The following message is displayed on the bi_server1-diagnostic.log:

message 1:
Message ID OBI-SEC-00046 
Message Level 1 
WEBSERVICE_PORT.name SecurityServicePort 
J2EE_MODULE.name bimiddleware/security 
J2EE_APP.name bimiddleware_11.1.1 
WEBSERVICE.name SecurityService 
Relationship ID 0:1:1:8:11 

Component bi_server1 
Module oracle.bi.security.service 
Host 
Host IP Address 
User BISystemUser 
Thread ID [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)' 
ECID 2ac0a03caa926090:-77e91c0e:1397d8dc657:-8000-0000000000000029 


message 2: 

Aug 31, 2012 9:42:30 AM PDT (Warning) … /Farm_bifoundation_domain/bifoundation_domain/bi_server1/bimiddleware(11.1.1) (Application Deployment) 




Message Level 1 
WEBSERVICE_PORT.name SecurityServicePort 
J2EE_MODULE.name bimiddleware/security 
J2EE_APP.name bimiddleware_11.1.1 
WEBSERVICE.name SecurityService 
Relationship ID 0:1:1:6:1 
Component bi_server1 

Module oracle.j2ee.ws.common.jaxws.JAXWSMessages 
Host 
Host IP Address 
User BISystemUser 
Thread ID [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)' 
ECID 2ac0a03caa926090:-77e91c0e:1397d8dc657:-8000-0000000000000051 


Message Exception while executing the business logic: SecurityService::authenticateUserWithLanguage [OBI-SEC-00015] Unable to find user in identity store.


scenario 3)
If an invalid username and password is entered, access is denied (this is correct)._



Can anyone explain why this is happening (scenario 2) and how to resolve it?


my provider list is in the following order:


1) mysqlgroupprovider (control flag = optional)
2)myOIDDirectory (control flag = sufficient)
3)Defaultauthenticator (control flag = sufficient)

 

 

Solution


that was the issue! I had an init block populating USER. When I removed the USER system variable went away.

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/10009036/viewspace-1249985/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论
希望各位朋友多多指点,QQ:1125819792

注册时间:2013-11-27

  • 博文量
    84
  • 访问量
    1842110